News

Comparison of EMV-compatible applications

The purpose of this section is to compare the functionality, security, and implementation features of the most popular EMV-compatible applications on the market. These applications primarily include applications of the leading payment systems VISA and MasterCard, known under the brands VSDC and M/Chip, respectively.The previous version of the EMV standard (version 4.1, approved in may 2004) introduced the Common Core Definition (CCD) specification and introduced the concept of a CCD application.The CCD specification specifies the set and...

read more

Security issues for EMV payments

For contactless cards, along with the standard set of security threats typical for contact microprocessor cards, there are special threats associated with the use of a radio channel for data exchange between the reader and the card. Here we can start with the fact that today’s contactless card technology violates certain provisions of the PCI Data Security Standard (PCI DSS). Since the terminal and card dialog data are not encrypted (asymmetric encryption is too slow to meet the requirements for contactless payments), the PCI DSS...

read more

Stage of card manufacturing

To manage SIM/UICC card content, two refinements are required in part of the GlobalPlatform Messaging Specification. The first refinement is related to adding the Controlling Authority role with two functions:controlling the Controlling Authority Security Domain (CASD), which provides secure loading of the initial keys of the card security domains;control of a special security domain that performs the function of mandatory verification of the signature of the downloaded code of the Mandated DAP application.In practice, the role of Controlling...

read more

The Standard of EMV Entry Point Specification

As noted earlier, EMVCo has taken over the rights to support and develop the EMV Contactless Communication Protocol Specification developed by MasterCard. The issue of creating a single contactless application EMV Contactless Application — an analog of the Common Payment Application for contact cards-is on the agenda of EMVCo. This issue is actively raised by major European banks. However, EMVCo is in no hurry to develop a standard for EMV Contactless Application. The reason given by EMVCo is the lack of experience in using contactless cards,...

read more

MasterCard PayPass and VISA Contactless Payment Specification

MasterCard PayPassAs noted above, contactless MasterCard PayPass cards can support the magnetic stripe mode (MasterCard PayPass MagStripe) and the chip card mode (MasterCard PayPass M/Chip).The magnetic stripe mode is implemented on contactless cards without a contact interface. The mod is described in The MasterCard PayPass MagStripe V. 3.2 specification. the main distinctive features of the MasterCard PayPass MagStripe mod are listed Below:the card stores track 2 magnetic stripe data, and in the case of a credit card, it can store Track 1...

read more

EMV Contactless Communication Protocol

Standards usedAll payment systems ‘ specifications for contactless cards are based on ISO/IEC 14443 “Identification Cards — Contactless integrated circuit(s) cards — Proximity cards”. The standard consists of four parts that appeared at different times between April 2000 and July 2001:Part 1. Physical Characteristics.Part 2. Radio Frequency Power and signal interface.Part 3. Initialization and anti-collision.Part 4. Transmission protocols.The first part of the standard (ISO 14443-Part 1. Physical characteristics) defines the physical...

read more

Biometric technologies of the emv standard

Biometric technologies are characterized by ease of use and accuracy of results. At the same time, they all use a common approach, according to which biometric identification/authentication of an object is performed in several stages:scanning an object in accordance with the biometric technology used and obtaining its image;retrieves the characteristic features of an object image that form the current object template;comparison of the current template with the verification template — a reference image of an object stored in the biometric...

read more

Preventive and radical measures to protect against fraud

Despite all the anti-fraud measures taken by the participants of the global card market, today it still poses a serious threat to the stability of the electronic payments industry. The market for plastic cards in Russia has increased several times in recent years. With the increase of issue volumes of cards and the growing number of fraudulent transactions. At the same time, criminals are using more and more sophisticated methods of stealing money: phishing and phone fraud (vishing), interception of cards during shipment and skimming, fraud...

read more

The problem of security of card payments

Card fraud refers to deliberate deceptive actions of a certain party based on the use of Bank card technology and aimed at unauthorized acquisition of financial funds placed on the “card” accounts of Bank card holders or due to a merchant for card transactions. Card fraud is often called fraud (from the English. fraud — fraud, deception).Fraud is usually divided into two groups: fraud on the part of issuing cards and fraud on the part of servicing them. The first group includes fraud related to unauthorized use of the...

read more

EMV standard for microchip cards

Smart cards are bursting into our lives more and more decisively. Mobile phones, access control systems, e – tickets, information security systems, voting systems, electronic passports and various identity cards, Bank cards, mobile phones and satellite television are just some examples of their use. Today, several billion smart cards are circulating in the world. These are mainly SIM / UICC cards (Subscriber Identification Module/Universal Integrated Circuit Card) for cell phones, Bank cards, cards for paying for transport, telephone...

read more