News

Implementation of the technological chain for EMV card production

MasterCard International presents MasterCard PayPass. This is a new “contactless” card solution that offers holders a simple and reliable payment method. MasterCard MasterCard PayPass the cardholder does not need to insert it into the terminal or pass it through a reader. To make a payment, you just need to bring your card to a special wireless terminal with PayPass. The product is convenient to use in places where the speed of service is especially important, but it is traditionally paid in cash: in restaurants, cinemas, and gas...

read more

Methods for evaluating cryptographic strength

Let’s now focus on evaluating the cryptographic strength of today’s cryptographic algorithms. Let’s start with a description of the secret key opening model. The model is based on the following assumptions.Moore’s law, according to which the computing performance of microprocessors increases 2 times every 18 months or, what is the same, about 100 times every 10 years. In 2005, a typical personal computer connected to the Internet has a performance of about 1000 MIPS (1 MIPS refers to the performance of the old DEC...

read more

Overview of asymmetric EMV encryption algorithms

Most of the asymmetric encryption algorithms used in practice are based on the complexity of solving one of the following mathematical problems:factorization (factorization) problems of a large number: multiplication of two large numbers is a polynomial problem with respect to the size of the multipliers in terms of complexity. At the same time, the inverse problem— decomposing into multipliers — is extremely difficult. The RSA algorithm is based on the complexity of solving the factorization problem;problems of finding a discrete logarithm....

read more

Introduction to EMV cryptography

Introduction to cryptography General conceptCryptography plays a Central role in the development of card technologies. In applications related to transaction processing, typical tasks for various fields of technology are solved to protect information from unauthorized access, which include:ensuring the integrity of information (it is impossible for a third party located between the participants of the information exchange to modify the transmitted information in such a way that the receiving party does not notice it);ensuring the...

read more

Impact of migration on the system of the servicing Bank

Migration of the Bank to the IPC has a smaller impact on the host of the servicing Bank compared to the host of the Issuer. The servicing Bank must upgrade the software modules for managing devices of its host application in order to ensure that chip related data is received from the terminal and sent to the Issuer’s host without meaningful processing of this data. Two options are usually used for transmitting chip related data to the Issuer’s host: a composite data element 055 that is specifically designed for the purposes in...

read more

Choosing the IPC hardware and software platform

The choice of the hardware and software platform of the microprocessor card and the configuration of its application is largely determined by the tasks formulated by the Bank in its card programs. Here are a few examples to illustrate this.If the Bank plans to use prepaid cards, it is obvious that most operations on such cards will be performed offline. Therefore, to avoid the possibility of fraudsters cloning SDA cards, it is advisable to use chips that support dynamic authentication methods for a prepaid card. Despite the fact that a card...

read more

Possible schemes for forging a magnetic stripe

In the right hand, we only have a card with a magnetic stripe, which is transferred to the information from the magnetic stripe of the card located in the left hand. We are trying to use the card in a hybrid terminal that accepts microprocessor cards and magnetic stripe cards. The terminal must check the value of the service Code on the magnetic stripe, and if it is equal to 2xx, it must require the transaction to be performed using the chip.The terminal must not allow magnetic stripe operations if the service code value is 2xx and the...

read more

Terminals with EMV specifications

Today, most terminals except ATMs, SAT1 – and SAT2-terminals support the ability to perform transactions in offline mode, i.e. they belong to the second class of terminals. The offline mode of the terminal includes support for offline card authentication methods (SDA support is mandatory everywhere, DDA support is mandatory in Europe, and CDA is recommended), risk management procedures (checking the value of Terminal Floor Limit stop lists, Random Transaction Selection, and Velocity Checking procedures), and storing and uploading...

read more

EMV technology implementation

In addition to dynamic card authentication, the CDA method also ensures the integrity of the most critical information exchange data in the “card — terminal” dialog (CID and transaction details). This is achieved by combining the card authentication procedure with the GENERATE AC command, during which the most important data is exchanged between the card and the terminal.The offline authentication method is selected by the terminal based on the AIP data and the terminal capabilities defined by the value of the third byte of the...

read more

Features of migration to microprocessor cards

Migration of a Bank to issue and service MPC is an expensive and technically complex task that falls into several subtasks. These include: setting the migration task for the IPC; selecting the IPC hardware and software platform, card provider, and application configuration; upgrading the application software of the Central transaction processing system (both online and clearing messages); upgrading the card personalization system; upgrade of terminal equipment; the modernization of cryptographic hardware (Hardware Security Module or HSM)....

read more