-
www.thales-esecurity.com
THALES e-SECURITY
An impartial guide for Issuers and Acquirers lookingto migrate
to EMV.
The key issues and technologies. Some questions that must
be answered. A reference for further information. Produced in
collaboration with other smart card
industry leaders.
EMV EASY MIGRATION GUIDEVersion 2
-
1EMV Easy migration guideHow to use this guideMigration from
magnetic stripe cards to EMV smart cards may look daunting. It is a
complex task.However, broken down into a series of logical elements
it becomes much less problematical.
Whether the reader is tasked with managing the whole project, or
perhaps just discrete parts, thisdocument aims to provide a useful
introduction to the headline issues arising from migration.
The guide has been divided into three main sections:
Introduction
Card Issuer challenges
Acquiring and terminal network challenges
The second and third sections follow the same format:
An Overview of the subject area
An exploration of the Essential Issues upon which decisions must
be made
A list of Critical Questions that the reader should ask
Suggestions on where the reader can obtain Further Information
to support the decision-makingprocess including providers of
relevant products and services
At the end of the document, the Critical Questions are then
repeated in checklist format for clarity of planning. Finally,
overviews and contact details of the technology and service
providers named in theguide are provided.
-
2
-
Introduction to
EMV
3
-
Introduction to EMVThe development of the smart card may well
turnout to be one of the most fundamental changesyet seen by the
global payments industry.Despite concerted development, magnetic
stripe card technology has reached a technical dead-end. A magnetic
stripe simply cannot carry the strong security needed to keep
cardholder details secret.Once criminals found out how easy it was
to make copies, fraud grew rapidly and according toEuropean Card
Review magazine now costs the EU alone over 3.5 million a day.
But the limited security does more than leave private
information vulnerable. It also means magneticstripe cards have
little scope for more than one or two simple financial applications
on a single card.
Against this background the smart card is revolutionary. The
smart card works by storing informationsecurely for use during a
transaction and by performing checks and processes using its
internalmicroprocessor. Very much larger memory capacity enables it
to hold multiple applications forexample an anchor debit card
application, plus a number of others which do not have to be
financial.
Early movers in the market have shown that smart cards reduce
losses due to fraud while generatingnew revenues and
differentiation.
The move to smart cards is not a free-for-all. The major card
associations have collaborated to develop the EMV (Europay,
MasterCard, Visa) standard, a mechanism by which the
paymentsindustry is seeking to ensure that cards, terminals and
other systems will successfully interact, for debit and credit
applications at least, wherever they are in the world.
The EMV specifications describe core attributes including
physical and electrical characteristics, howdata and functions on
the card are to be accessed, and how card security is structured,
but they leavethe detail of individual financial applications to
card associations to define.
For all card Issuers, the question is not: should we migrate to
smart cards, but: when should wemigrate to smart cards? This is
because the major card associations are setting dates by
whichregions around the world must have completed migration to EMV
cards. Beyond these dates liability forfraudulent transactions will
lie with magnetic stripe card issuers or acquirers, if it can be
shown thatthe use of smart card technology would have prevented the
fraud.
Issuers need to bear in mind that the date appropriate to their
region is not the starting gun formigration it is the date by which
the whole of their card base and its supporting infrastructure
shouldbe EMV compliant. Testing and any pilot scheme should be
completed well before this date.
Typical schemes with three-year replacement cycles mean that
cards issued in February 2002 will stillbe in circulation past the
European January 2005 deadline.
Given this effective count down to EMV, it is likely that there
will be a rush as the date looms nearer,squeezing the amount of
time technology vendors can devote to each Issuer. Better service
and morecomprehensive support may be available to the early
adopters.
There are, anyway, compelling differentiation and fraud
prevention reasons why all Issuers shouldconsider moving quickly.
American Express found that new customers in the US and the UK
wereattracted by promised extra security and the novelty value of
EMV smart cards. Early adopter marketadvantage is therefore a
reality.
Also a reality is the certainty that the last card Issuers to
migrate will inevitably be the concentratedtarget of fraudsters as
the strong security of EMV smart cards closes the window of
opportunity for crime.
4
-
What is the date of the EMV migration for my country or region
set by the cardassociations of which I am a member?
What level of testing period do I want to allow myself before
going live with my EMV cardbase/infrastructure?
Which vendors will I select to help facilitate my move to
EMV?
When do I start migrating my card base to EMV cards, bearing in
mind that the cards I am issuing today might still be in
circulation after the EMV migration date?
What extra business can I generate by achieving first mover
advantage in my markets by moving to smart cards?
Am I actually losing business by not moving more rapidly to
smart cards?
Am I being targeted by fraudsters because competitors have
already migrated?
5
Critical questions about EMV
EMVco
MasterCard
JCB
Visa
Further information
-
6
-
Card
ISSUERChallenges
7
-
Card Issuer challengesOverviewAs a card Issuer, there are many
challenges that need to be considered when moving to EMV.
A smart card must be programmed with an operating system (often
called a mask) before it can beloaded with applications, in much
the same way as a PC needs Windows or Linux before it can
runapplications and have any utility for users.
Then, when an application such as Visas VSDC (Visa Smart Debit
Credit), MasterCards M/Chip orJCBs J/Smart is loaded onto a smart
card, together with unique data that personalises theapplication to
an authorised cardholder, the card can interact with payment
terminals to performsecure transactions.
One further major advantage is that smart cards can be securely
up-dated or re-programmed in thefield. An Issuer can update risk
management parameters contained within an EMV banking
applicationremotely during an on-line transaction at a
terminal.
Some types of multi-application cards support the download of
new applications and the deletion of oldones remotely at dedicated
terminals or over the Internet.
The winners in the move to smart cards are likely to be those
Issuers who most successfully exploitsuch flexibility to offer the
most compelling proposition at the lowest cost.
The following Essential Issues section is further sub-divided
into the following areas where readersmay need to make
decisions:
Financial applications
Non-financial applications
Application security
Smart card selection
Upgrading the existing back office systems
Data preparation and card personalisation overview
Data preparation
Card personalisation
8
-
Essential IssuesFinancial Applications
EMV credit/debit applicationsThe EMV specifications are a
framework of basic risk reduction measures. Issuers have the
freedom toselect the strength of the further security parameters
they apply to smart cards and this has led tothe development of
different EMV banking applications by the global card associations.
Theseapplications cover everything needed to produce a card,
including functionality, card association specificfeatures as well
as EMV risk management.
JCB (J/Smart)
MasterCard (M/Chip)
Visa (VSDC)
All of these are EMV-Compliant, but use slightly different
additional risk parameters to manage the riskof off-line
transactions.
Most card associations offer SDA (Static Data Authentication),
DDA (Dynamic Data Authentication)and CDA (Combined Dynamic Data
Authentication) *card authentication mechanism within
theircredit/debit application.
Domestic card brandsIn addition to the global brands, local
domestic cards are proliferating. Nominally independent of
theglobal brands, they are often required to work out-of-area so
that they can be used by cardholderstravelling on business or
leisure. Issuers therefore often form joint marketing and
processingrelationships with the global brands, enabling
cardholders to access cash via ATMs, and in someinstances to make
purchases at merchant outlets when travelling. The most common
schemes areMasterCards Maestro and Cirrus and Visas Electron and
Plus cards.
e-PursesElectronic purses have been developed and deployed by a
significant number of financial institutions, but they have serious
drawbacks. Lack of interoperability between schemes, poor
geographicalcoverage and the fact that most purses only support a
single currency are three factors that have limited adoption.
Some experts believe that the business case for e-Purse as a
global scheme is unproven and that we will see instead the
emergence of niche, closed circuit and national e-Purse
products.
The migration to EMV smart cards may create an environment in
which e-Purse applications will workand be readily accepted.
*See section on Application Security.
9
-
10
What payment schemes do I want to support with my cards?
What are the standards and mandates of those schemes?
Do I want to support single or multiple applications or a
mixture of both?
Do I want to offer my customers an electronic purse?
Are there any other legal issues specific to my country that I
need to consider such asdata protection laws?
Critical questions about financial applications
Thales e-Security
American Express
CEPSco
Diners Club International
Discover Card
EMVco
JCB
MasterCard
Visa
Proton
Further information
-
Non-financial applications
Multiple applications on a single CardA multi-application smart
card, in addition to providing debit or credit functionality, might
also work as a store chain loyalty card, a library card, a
gymnasium membership card the possibilities are verybroad. Indeed,
some industry commentators have suggested that there is no
technical reason why asingle smart card should not securely carry
all the personal information in the average persons
walletincluding, in some countries, driving license and social
entitlement details.
There is no doubt that the relative simplicity of a single
application card provides the easiest andfastest route to EMV
issuing, with all the benefits of brand visibility, leadership and
market penetrationthat rapid deployment will generate for early
adopters.
But it is unlikely to be as cost-effective as a
multi-application card.
The more useful applications a single card holds, the more
indispensable it becomes. The higher theperceived value, the less
likely the customer is to switch to an alternative card, even
though it mayoffer a lower interest rate. An Issuer that opens its
card to applications from third-party providers not only spreads
card deployment and management costs but also generates further
income streamsthrough its rental of card real-estate.
Small wonder that the overwhelming majority of industry experts
expect multi-application cards to eventually become dominant.
Over 50 companies, including all the major card associations,
are now members of the GlobalPlatformalliance that is working to
establish standards for EMV multi-application smart cards and to
promotetheir deployment.
Online retail applications and Internet bankingAlthough the EMV
specification was not designed with such applications in mind, the
cryptographic keyson a smart card are capable of generating what is
effectively an electronic signature.
This means that the core application on a card, such as VSDC,
M/Chip or J/Smart, could help secureon-line retail transactions and
help provide a secure logon for Internet banking, as well as card
presentdebit/credit functionality.
11
-
12
My card will have an anchor financial application. But do I want
it to carry otherapplications such as a retail loyalty scheme?
Do I want the card to support Internet banking?
Will I create the additional applications in house, use third
party developers, or acceptapplications provided by partners?
How will I handle loading and deletion of third party
applications for current andreplacement cards?
Critical questions about non-financial applications
Catuity
Datacard
Gemplus
Proton
Welcome Realtime
Schlumberger
Further information
-
EMV application security
EMV specifications define a four-element framework for the
security of credit/debit card payment applications:
Card authentication The means by which a terminal can ascertain
that a card is genuine. (See section below on SDA, DDA and
CDA).
Risk management parameters The card records all transactions and
decides when pre-setthresholds (cumulative or single transaction
value) have been reached, so triggering an on-linetransaction.
Off-line PIN Smart cards are able to store data securely,
offering the opportunity for PINverification to take place on the
card itself. This saves the need to carry out a PIN-based
transaction on-line.
Online mutual authentication The means by which an Issuer can
satisfy himself that a transaction has genuinely come from a
specific and authentic card as well as the card ensuringthat the
approval/decline response has been sent by the authentic
Issuer.
EMV does not specify the cryptographic algorithms and key
management schemes to be used for authenticating transactions. It
does define an eight-byte data element called an
ApplicationCryptogram that is securely bound to the details of each
transaction. The fact that different keymanagement methods and
algorithms may be adopted is perfectly satisfactory since the
cryptogram is not an interoperability parameter, being handled only
by the card itself and Issuers transactionauthorisation
systems.
The card associations have defined for their members all the
details not included in the EMVspecifications. In addition some
other schemes have evolved for specific geographical areas. An
example is the UKIS scheme defined by APACS in the UK for smart
cards.
EMV smart cards need around 50 data items to be created for
loading onto the chip. Between 10% and 20% of these are produced
using cryptographic processes implemented on a securitymodule such
as the Thales P3CM. Secret values such as keys and PIN are also
encrypted by themodule using a shared key to ensure their secure
transmission to the personalisation system.
In addition to general security principles, there are also local
legislative issues that can have a bearingon card security. These
include data protection laws, digital signature legislation and
e-money legislation.
The choice of SDA, DDA or CDA in credit/debit applicationsOne of
many decisions facing card Issuers is which of two alternative
technologies to use when verifyingthe authenticity of smart cards
when used in a terminal.
Magnetic stripe cards carry a verification value (CVV) or card
verification code (CVC) that can only be checked during on-line
transactions.
Smart cards, designed from the outset to support off-line as
well as on-line transactions, use twoalternative techniques.
The simpler, and cheaper, of the two is SDA or Static Data
Authentication. This is a process where thesame digital signature
is used by the card to authenticate itself to a terminal each time
a transactiontakes place.
The more complex option is DDA or Dynamic Data Authentication.
It creates a unique digital signatureeach time the card is used
off-line rather than continually using the same one. This means
that it is amore secure technology. However, it is as much as 25%
more expensive, because it requires a publickey co-processor on the
card and more complex software.
13
-
Many Issuers remain confident in SDA for on-line use because its
mutual authentification checkingprocess is very secure. However, if
smart cards are being used predominantly off-line the extra
security provided by DDA in this environment will make it the
authentification scheme of choice formany Issuers.
A further method is also specified in the EMV 2000
specifications. Known as CDA or CombinedDynamic Data
Authentication, the card generates the application cryptogram and
the dynamicsignature. By verifying the dynamic signature the
terminal is able to determine that the applicationsignature was
generated by a valid card.
14
Do I want SDA or the extra security of DDA?
What EMV risk management parameters should I select and what
values should they be set to?
Will I use the off-line PIN functionality and what other, if
any, Cardholder VerificationMethods should I support?
Is there legislation, such as data protection law, that might
impact the security of myapplications?
How can I modify the off-line PIN after the card has been
issued?
How can I modify the EMV parameters after the card has been
issued?
How do I manage the information flows and business rules when I
allow third partyapplications to make use of my card real
estate?
Critical questions about application security
Thales e-Security
EMVco
MasterCard
Schlumberger
Aconite Solutions
JCB
Visa
Gemplus
Further information
-
Smart card selection
Proprietary card platformsManufacturers that have spent vast
sums developing smart card technology quite sensibly wish
tomaximise the return on their investment. One way they can do this
is by making it advantageous forIssuers to buy all their smart
cards from a single source, rather than from two or more.
The cards may be cheaper, or perhaps offer distinctive
functionality but unlike open platform cards(see below) they are
proprietary and therefore not capable of interoperating with cards
from othervendors, unless designed to a common specification.
Card price is primarily determined by the memory size (EEPROM or
E2PROM) Multi application cardsrequire larger memory typically 16K
or above EEPROM to store the additional information.Proprietary,
single application cards use less memory typically in the range
2-4K EEPROM and are therefore cheaper.
There are over 20 vendors of smart cards globally. Most have
single application as well as multi-application platforms with
memory capacities ranging from 2 to 64 Kbytes. Many offer
datapreparation and card personalisation services to support their
proprietary schemes.
It is not within the scope of this paper to provide an analysis
of the differences between the proprietaryschemes. Readers wishing
to explore them should contact card vendors for information.
Multi-application, open card platformsAs is the case with so
many technologies, vendors and interest groups use many different
andcontradictory definitions and terms to describe smart cards.
Safe positioning statements to make about an open smart card are
that it:
Supports a wide variety of suppliers in both chips used and card
software and applicationsimplemented
Supports standards-based application development and
maintenance/support
Supports selectable levels of security
Facilitates partnership and co-developments with companies in
the same and in other industries
Allows Issuers to experiment in finding and developing new value
propositions
Has a declared development path that aims to protect existing
investment.
Card buyers talking with multiple vendors will be offered a
number of different multi-applicationarchitectures including Java
Card, GlobalPlatform and MULTOS.
Java CardJava Card is not an operating system but a series of
specifications, which defines how a Java VirtualMachine can run on
any vendors underlying operating system.
In most cases Java implementations are migrating toward support
of the GlobalPlatform standards and API described below.
15
-
GlobalPlatform CardGlobalPlatform is a highly secure, open and
comprehensive system architecture designed to enable fastand easy
development of globally interoperable smart card systems. The
GlobalPlatform specificationsand companion documents are available
royalty-free from www.globalplatform.org.
GlobalPlatform includes published Application Program Interfaces
(APIs) and specifications that enableany compliant card from any
vendor to be issued, loaded with applications and managed in
exactly thesame way. It also provides for the use of multiple card
operating systems and allows the issuer toretain total control of
the card and its applications.
MULTOS CardMULTOS is an open standard multi-application smart
card operating system that has been developed bythe MAOSCO
consortium. MAOSCO requires all MULTOS devices to have been
independantly accreditedto the highest achievable levels of
security assurance such as ITSEC E6 High. Hence MULTOS istargeted
at markets requiring high security such as finance, secure ID and
other related applications.
The security of applications on a MULTOS card is provided by
on-card firewalls that prevent memoryarea intrusions, and a
load/delete mechanism based on asymmetric cryptography which means
cardissuers and application providers do not need to share
secrets.
www.multos.com
16
Do I want a single or multi-application card?
Will I select a proprietary card supplied by one supplier, or
choose an open platformsolution with cards from multiple
vendors?
What memory size do I need on the card?
Will I apply segmentation to my card base and will I create a
mix of proprietary EMV-cardsand Open Platform cards?
Critical questions about smart card selection
Card platforms
GlobalPlatform
MAOSCO (MULTOS)
Card suppliers
Austria Card
Cardag
DNP
Fabrica Nacional
G&D
Gemplus
Hitachi
ID Data Systems
Incard
Infineon
Iris Tech
Novacard
Oberthur
Orga
PPC Card Systems
Schlumberger
Setec
Toppan
Keycorp
Further information
-
Upgrading the existing back office systems
Magnetic stripe card issuance and management is supported by
tried and tested legacy back office systems.
One challenge for Issuers looking to migrate to EMV smart cards
is how to provide similar automatedsupport facilities for the new
card technology. Single application smart cards are significantly
morecomplex and therefore demanding of support systems than
magnetic stripe cards.
This is one reason why upgrading or modifying existing support
systems to handle smart cards is thought by some experts to be not
cost-effective.
Multi-application smart cards present back office support
systems with an even more complex supporttask. The route preferred
by most Issuers, particularly those moving to multiple-application
cards, is therefore to concentrate smart card issuance and
management support in a separate, dedicatedsolution that interfaces
to the legacy back office issuing and acquiring systems.
Such a solution is called a Smart Card Management System.
Smart card management systemsSmart Card Management Systems
(SCMS) manage cards and applications throughout their entire
lifecycle, before and after issue to customers. They enable the
loading, blocking or deleting of applicationsat any time, and make
new card-based services instantly available via the Internet or
private network.
Smart Card Management Systems also store details of every smart
card issued, making thereplacement of lost or stolen cards both
fast and simple. The same information can also be used to create a
comprehensive database of cardholders and their application
preferences.
Some smart card management systems support the setting and
changing of application parametersduring issuance and in the field,
including EMV risk parameters.
17
-
18
Do I want to support more then one different card type or card
platform (like TIBC, Java,Proprietary or Multos)
Do I want to set and dynamically update my EMV risk
parameters?
Do I want a single application card, multiple application card
or a mixture?
How do I ensure that my systems support my future
strategies?
How can I interface between my issuance and acquiring
systems?
Critical questions about upgrading back office systems
ACI Worldwide
Bell ID
CardBASE Technologies
Card Tech Limited
Cards etc.
Datacard
Proton
Schlumberger
Further information
-
Data preparation and card personalisation overview
Data preparation is the process by which cardholders specific
data and the complex cryptographic keysneeded for security are
generated. It is the first of two steps toward readying a new card
for issue.
The second is card personalisation. It includes the application
of brand printing, magnetic stripeencoding, security holograms and
perhaps photographs, as well as the embossing and indenting
oftypographical characters. Smart cards also require electronic
personalisation. The already prepareduser data and cryptographic
keys are securely loaded to the card, together with one or
moreapplications.
The smart card is now ready for issue.
Smart cards, with their much stronger security than magnetic
stripe technology, require considerablymore data to be generated.
Substantial changes to established processes are required and
manyIssuers will take the opportunity for a complete re-evaluation
of their data generation andpersonalisation arrangements.
Three main business modelsThere are three main models for data
preparation and the subsequent card personalisation. The decision
over which one is adopted is usually based on best practice
security considerations as well as cost:
Outsource data preparation and card personalisation to a
bureauThe Issuer sends existing magnetic stripe records output from
its host system to a bureau that carriesout the entire process from
data and cryptographic key generation to card personalisation.
Additionally it is necessary for the issuer to work with the
service bureau to describe the additional chipdata needed that
describe EMV and application features to be implemented along with
the riskmanagement parameter settings to best meet the requirements
of the issuer.
Data preparation in house, card personalisation outsourced to a
bureauThe Issuer processes existing magnetic stripe records output
by their host system, generating dataand cryptographic keys in
house. It then sends the resulting file containing all the
traditional magneticstripe and additional chip data to a bureau
where smart cards are personalised. In this model the bankretains
control of its own cryptographic master keys.
Data preparation in house, card personalisation in houseThe
Issuer processes existing magnetic stripe records output by their
host system, creating thecryptographic keys and extra data required
for EMV cards. It then personalises smart cards using a desktop
personalisation machine or high volume personalisation system in
house.
19
name
age
D.O.B
Addre
ss
AB
C
D
Expires
Sort C
ode
name
age
D.O.B
Addre
ss
AB
C
D
Expires
Sort C
ode
-
20
Which model should I adopt for data preparation and card
personalisation?
What tools and processes are available in the marketplace to
assist, if model 2 or 3 adopted?
Critical questions about data preparation and card
personalisation
See sections on Data Preparation and Card Personalisation.
Further information
-
name
age
D.O.B
Addre
ss
AB
C
D
Expire
s
Sort C
ode
name
age
D.O.B
Addre
ss
AB
C
D
Expire
s
Sort C
ode
Data preparation
Principal approaches to data preparationData preparation can be
achieved with any of the three following methods:
Development of own host systemA route chosen by some Issuers is
to develop the required data and key generation technology in
house. It is only an option for Issuers with particularly
well-funded internal IT departments, and it does have significant
ongoing implications in terms of cost and pull on resources.
This is because data and key generation is a complex, specialist
field and not one in which generalist ITdevelopers can rapidly gain
expertise. There are many instances where internal development
programshave been started, then abandoned as the scale of the task
became apparent and as costs rapidlyescalated. Another factor is
constantly changing specifications that further absorb costly
developmenttime and divert IT staff from core activities.
OutsourceOutsourcing data preparation to a bureau is therefore
seen by some as a better alternative. However,it too has its
potential downside. Todays bureaus offer a highly secure solution
with the very highestintegrity. However, central to best practice
in security is that the number of people handlingcryptographic keys
is kept to an absolute minimum, outsourcing introduces more people
into the production chain and therefore introduces more potential
points of weakness or attack. It alsorequires Issuers to cede
responsibility for managing the extra risk, and therefore
ultimately the integrityof scheme security, to a third party.
In-house with EMV data preparation solution such as Thales
P3Many, perhaps most Issuers, have a fundamental aversion to
anything less than 100% control oversecurity. They have always
generated the data for much simpler magnetic stripe cards in-house
and willwish to continue to do so for smart cards. They do not see
in-house development of a data generationsystem as an option
because of cost and drain on IT resources.
Their solution will be the purchase and in-house operation of a
data preparation system such as theThales P3.
P3 integrates with host systems and card personalisation devices
to generate EMV smart card dataand keys from existing magnetic
stripe card files.
A further reason for keeping Data Preparation in house is that
an Issuer does not tie himself to onepersonalisation bureau.
Bureaux may offer services for both Data Preparation and
Personalisation. A one-off cost is typicallycharged for setting up
the keys required for Data Preparation, with an additional per-card
cost for theData Preparation itself. Personalisation is also
usually charged in a similar way.
If Data Preparation and the associated key management is ceded
to one bureau, and six months lateranother bureau is able to offer
lower cost cards or personalisation services, then the resultant
keymanagement costs at the new bureau may negate the potential
savings by switching supplier.
One more consideration is that if Data Preparation is moved from
one bureau to another, thefundamental security elements
(cryptographic keys) have to be shared with yet another party.
Securitybest practice dictates that cryptographic keys are shared
with as few parties as possible.
EMV parametersThe process of data preparation includes the
setting of EMV parameters for risk managementpurposes. These
parameters offer the Issuer options to tailor risk management to
batches of cards, orif required sometimes even on a per-card basis.
With a potentially confusing number or combinationsof parameters
the card associations offer recommended sets of parameters for
Issuers to adopt.
21
-
Tools may also be available from the card associations to
automate the selection of these parameters.
Key managementRigorous key management is essential for securing
data preparation.
The system must be able to generate cryptographic keys, be able
to receive cryptographic keys andcertificates from organisations
such as Visa or MasterCard and also manage the keys during
thepersonalisation process.
Unlike magnetic stripe data, EMV smart card data contains
potentially sensitive information, such askeys derived from Issuer
master keys. This means that every step in the process needs to be
securedusing cryptographic hardware.
The five main areas of key management that a data preparation
system must be able to handle are:
Key generation for each application.
Storage of the master key and transport keys
Key distribution to secure the personalisation process
Key update of the existing keys
Exchange of the public keys with scheme certification
authorities (i.e. JCB, MasterCard and Visa)
22
How do I want to do data preparation?
1) Change host system
2) Deploy P3-type solution
3) Outsource
Do I select a standard set of EMV parameters as recommended by
my card association or do I select my own?
Does my data preparation system provide all the key management
functionality I requireand is it secure?
How do I manage my card products?
How do I handle large volumes of cards to be issued?
How do I manage the workflow?
Critical questions on data preparation
Thales e-Security
Cryptomathic
UBIQ
Schlumberger
Bell ID
Gemplus
Visa
Further information
-
Card personalisation
Card personalisation can be a costly and complex business,
depending on the size of customercardholder base and the number of
different card products that an Issuer offers.
The larger Issuers historically have employed their own in-house
card personalisation bureaus for theproduction and issuance of
cards. High card volumes help justify the expense of secure
premises,card personalisation systems and skilled staff.
There are three options when considering personalisation:
In house bureauIt is believed that the majority of cards will be
issued from central in-house bureaus for the foreseeablefuture.
Smart card personalisation is slower than magnetic stripe
personalisation, mainly due to thevastly increased amount of data
and cryptographic keys to be loaded onto each card.
However,personalisation equipment providers have developed
solutions to this problem including systems thatprogram multiple
cards simultaneously.
External bureausMost bureaus are also card manufacturers who
realised that they were missing out by not providing a much needed
value-added service.
There are over 90 Visa/MasterCard certified card manufacturers
worldwide, and the majority of thesealso provide personalisation
services. Most bureaus are regional, but there are global players
includingSchlumberger, Gemplus, Oberthur & G&D.
Distributed or remote instant issuanceFrom a bank customer
perspective, card issuance is a slow process. Most are resigned to
the factthat in even the quickest of systems many days elapse
between the completion and submission of theapplication form, and
the arrival by separate post of the card and its PIN.
Instantaneous production of smart cards, at the point of
application, will become an importantmarketing tool for Issuers in
the near future. It is already a feature of magnetic stripe card
products in some countries.
In regions with good telecommunications, remote sites will be
able to communicate in real time withthe centralised host system
for the generation of card data. If telecommunications are bad,
Issuers willhave to adopt a distributed issuance model, where
details are stored and forwarded to a centralsystem later.
Post-personalisationMulti-application smart cards can be
re-programmed in the field. New applications can be loaded andold
ones removed when the cards are used at compliant terminals.
Called post-personalisation, this powerful feature gives card
Issuers the unique ability to provide a cardproduct that better
supports the lifestyle of their customers, promoting usage and
providingcardholders with greater benefit and perceived value.
In order to support this business model, Issuers need to deploy
infrastructure (such as a Smart CardManagement System) that allows
the generation and delivery of secure personalisation data, in
thecorrect format for the target card, to remote devices in a real
time mode.
23
-
Physical and cryptographic security considerationsThe card stock
has to be physically protected during the production and
personalisation stages. Fromthe production process perspective,
security controls have to be implemented once the white plastichas
had the Issuer and card association logos, brands and holograms
applied. This includes physicalprotection of premises as well as
management control and procedures. The stringent physical
securitycontrols aim to stop printed unpersonalised cards from
finding their way into the wrong hands wherethey could conceivably
be used fraudulently, causing harm to the Issuer and Association
brands.
It is standard practice for the international card associations
to annually audit all facilities that produceassociation branded
cards.
There are major differences between the cryptographic security
arrangements on magnetic stripebankcards and those on smart
cards.
Magnetic stripe card production involves the generation of two
cryptographic elements:
Card Verification Value/Code I (stored on magnetic stripe)
Card Verification Value/Code II (printed on reverse of the
card)
This is typically carried out by the Issuer using a suitable
hardware security module during theproduction of card data. The
values are then included into the card record, and the batch
filesubsequently used for personalisation.
Once the data is produced, there is no meaningful value to be
gained from these data elements, as they are cryptograms.
Therefore, there is no requirement to protect the individual data
elementsbeing transferred from the Issuer host to the
personalisation system. However, it should be recognisedthat most
Issuers still protect the batch file during transmission to the
personalisation machine.
Smart card production is a fundamentally secure process,
featuring a final round of cryptographicprocessing before
applications, Issuer and cardholder data are loaded onto a smart
card. Card dataarrives at the personalisation system encrypted and
with an associated message authentication code.Blank cards are also
cryptographically locked at the initialisation stage following
manufacture, and canonly accept data following presentation of the
correct so-called transport key.
EMV Card Personalisation SpecificationA Card Personalisation
device needs to understand the chip on the card that it is about to
personalise.Previously there was no standardisation in this area
and personalisation systems would have to workwith many different
card vendor-specific approaches to be able to personalise a range
of cards.
A new initiative, driven by some of the major card associations
and now approved by EMVco is calledEMV Card Personalisation
Specification (CPS) method
Previously the standard personalisation methods were Common
Personalisation and then Incard CPS.The one common industry
personalisation standard today is EMV CPS, which addresses both
DataPreparation and Personalisation.
First the Data Preparation software needs to be able to output a
file or record according to the EMV CPS method.
Secondly, the Personalisation system software, usually running
on a PC next to the personalisationmachine, must be able to
personalise the card according to this specification.
EMV CPS provides a common standard for personalisation and will
lead to lower cost implementationsas suppliers of Personalisation
software will be able to support a single standard rather than
multiplespecifications from multiple vendors.
An Issuer should check with their card vendor to see if the card
they are considering supports thisimportant new industry
standard.24
-
25
Where do I want to personalise my cards?
1) In house bureau?
2) Outsource to a 3rd party bureau?
3) Instant issuance at a branch level?
Do I want to consider post personalisation of new applications
to my cards?
How do I manage the workflow?
Critical questions on card personalisation
Personalisation machine suppliers
Atlantic Zeiser
CIM
Datacard
Datacard Gilles Leroux
Fargo
Logika
Mattica
Mhlbauer
NBS
Orga
Personalisation bureau services
Gemplus
G & D
Oberthur
Schlumberger
FDR
TSYS
Personalisation software suppliers
Thales e-Security
Datacard
Ubiq
Schlumberger
Gemplus
Further information
-
26
-
Acquiring and Terminal
NETWORKChallenges
27
-
Acquiring and Terminal Network ChallengesOverviewDespite only
being concerned with the process flow between terminal and smart
card, the EMVspecification has implications for retail bank host
systems, and for ATM and EFTPoS systems.
Issuer Transaction Processing and Host Systems
Hosts may need to be upgraded to process on-line or batch
transactions from devices using messageprotocols enhanced from
their magnetic-stripe equivalents. Network interfaces will need
enhancing totransmit EMV data when transactions are switched out to
Issuer banks for authorisation. And on-lineauthorisation
capabilities will also require upgrading.
With on-line EMV transactions, Issuers may be required to
receive extra chip-related data in the on-linemessage and reply to
the Acquirer, and therefore to the device, with additional response
data. Thisincludes authentication using the authorisation request
cryptogram (ARQC) and authorisation responsecryptogram (ARPC) in a
process known as on-line mutual authentication (OMA). The Issuers
hostneeds to be enhanced to provide this processing, which it does
in conjunction with the host securitymodule and secret keys
encrypted ultimately by local master keys maintained by the
HSM.
EMV allows Issuers to use scripts to modify data elements such
as the PIN or risk parameters on asmart card during on-line
transactions. Since this is a sensitive process, these scripts must
besecured with the use of cryptography, again involving the use of
an HSM. As scripts are now beinggenerated by the on-line host
processor, this demands much closer integration with card
managementsystems than is the case with magnetic stripe cards.
Where banks are both Issuers and Acquirers, all of the changes
described here are applicable.
InterchangesThere are multiple interchanges (or switches)
operating in most countries, with the most well knownbeing the
international interchanges operated by Visa and MasterCard. They
act as network hubs,routing on-line authorisations from the
Acquirer (acceptor) of a transaction to the Issuer
forauthorisation.
To correctly route EMV transactions, interchanges like host
systems will need to handle theenhanced inter-bank transaction
protocols required by smart cards.
SettlementCurrently most Acquirers and Issuers settle regularly
with an interchange. This is normally done through an exchange of
batch files (for example Visa Base2) between the interchange and
its member banks. EMV impacts this process by adding chip-related
data to the transaction recordswithin these files.
28
-
29
Do I want to be able to change EMV parameters on already-issued
cards (for exampleincreasing the cards transaction value
limit)?
Has my interchange or switch been enhanced to accept EMV related
data?
Has my settlement process been enhanced to accept EMV related
data?
Is my infrastructure capable of blocking cards and applications
if needed?
Have I upgraded my host system to accept OMA (Online Mutual
Authentication,ARQC/ARPC)?
Will my host system cope with the volume of extra data
associated with EMV?
Will I need to support the generation of Issuer scripts and, if
so, has my host beenupgraded to do this?
Critical questions about Issuer Transaction Processing and Host
Systems
Transaction Processing
ACI Worldwide
Aconite Solutions
Card Tech Limited
E-Funds
IFS
Logika
Mosaic Software
Nomad
S2Systems
Thales e-Security
Type approval
EMVco
MasterCard
Visa
JCB
Transaction authorisation and Terminal Acquiring
ACI
Aconite Solutions
Card Tech Limited
CR2
IBM
Mosaic Software
Nomad
Oasis
Schlumberger
Further information
-
ATM/EFTPoS networks
The change from magnetic stripe to smart cards will not happen
overnight. Magnetic stripe cards willbe in use for many years to
come. During the transition, terminals, payment networks and
hostsystems must support both types of card.
Type approvalFor a terminal to be legitimately used for
accepting EMV transactions it must have first been certified(type
approved) by a body appointed by the card schemes. EMVCo has
worldwide responsibility for EMVterminal type approval, but the
testing itself is subcontracted to qualified test laboratories.
Certification testing is at two levels: Level 1 concerns mainly
terminal hardware. It verifiescommunications with the chip card and
checks for correct electro-mechanical interaction.
Level 2 concerns mainly terminal software and ensures compliance
with EMV specifications fortransaction flow and card/terminal
interaction.
Any terminal used by banks for acquiring EMV transactions must
be approved for both level 1 and level 2. Terminal hardware and
software may legitimately be from different vendors, independently
typeapproved by those vendors, respectively.
TerminalsThe majority of ATM and EFTPoS terminals in current use
only perform magnetic-stripe basedtransactions, even though some
support smart card functions but would require a software
upgrade.Others support smart cards, but typically older versions of
the EMV specification. They will also need upgrading.
A small number of ATM networks have been performing chip-based
transactions for some years. Useof the magnetic stripe is still
anticipated although in the future it will mainly be used to
establish thecorrect orientation for the card, except of course for
magnetic stripe transactions when a non-chipcard is used.
ATMs typically need a substantial software upgrade to cope with
EMV cards. Many of the leading ATMmanufacturers have already
released type approved software but to date there are few
deployments.The slow take-up is partly due to such software only
recently becoming available, and partly due to theenhancements
needed at host systems to accommodate the new application
protocols.
Hardware upgrades are also required on some ATMs. The size of
the upgrade is very dependent onthe particular style of ATM but
varies from a simple change to the card reader to a full upgrade of
theATM Processor.
For stand-alone dial-up EFTPoS terminals already incorporating
chip card readers, EMV acceptanceis simply a matter of upgrading
the resident software application. Such terminals are usually owned
by Acquirer banks or processors, making upgrades the responsibility
of those organisations and notthe retailer.
Such a software upgrade can often be made remotely over the
terminal network. However, this willalso require an enhanced
transaction protocol between terminal and host, necessitating an
upgrade atthe host also. As the protocols involved tend to be
simpler than those used with ATMs, such hostenhancements are not
normally a major obstacle to EFTPoS smart card acceptance.
Those stand-alone EFTPoS terminals that do not currently accept
smart cards require either ahardware upgrade or replacement. The
upgrade route may seem the most cost effective but theowner must be
aware that there are performance considerations to be taken into
account. Forexample an old generation product that has been
upgraded may result in lengthy chip transaction timesdue to
increased processing requirements. This will only get worse in the
future with the introductionof longer keys for increased
security.
30
-
31
Consequently, the short term cost advantages of hardware
upgrades must be balanced against theimpact on customer
satisfaction (longer waiting times at the checkout). The ideal
solution is to replacethe entire estate with the latest generation
products but this can be costly. For those markets that
aremigrating to PIN customer verification (such as the UK) the
situation is even more complex. Upgradeswill have to consider not
only chip but also PIN acceptance.
The situation is complicated somewhat by a second category of
retail EFTPoS terminal. Many largemulti-lane retailers like
supermarkets and department stores use integrated EPoS devices that
combinepayment and checkout functionality. Upgrades will require
significant programming effort to integratethe software
applications that handle bar code scanning, inventory and other
functions with the EMVpayment transaction process.
As these devices are owned by retailers themselves, upgrades
(and in the UK, off-line PIN also) will betheir responsibility. In
general, however, retailers are viewing the shift to EMV
positively. There will, forexample, be simpler point-of-sale
procedures with less reliance on paper signatures, reduced
potentialfor fraud, faster checkout times, higher floor limits, and
more scope for unattended terminals throughthe use of offline
PIN.
Have I upgraded my ATM/EFTPoS network to physically accept EMV
cards?
Have I upgraded my ATM/EFTPoS terminal software to accept EMV
cards?
Have I selected terminal and hardware that has already been
appropriately type approved?
Have retailers in my markets agreed to update retailer owned
EFTPoS terminals?
Have the retail outlets in my region been educated about
EMV?
Has my ATM/EFTPoS management system been upgraded for EMV?
Have I taken into account the testing and approval process of
EMV ATM/EFTPoSterminals in my implementation plan?
Is my implementation future proof i.e. processor speed, memory
and will terminalshandle multiple applications in the future?
Do I replace or upgrade my ATM/EFTPoS network?
How long will it take to upgrade my ATM/EFTPoS network?
What training will I perform/recommend for retailers?
What do I do with my old terminals?
Critical questions about ATM/EFTPoS networks
ACI Aconite Solutions Card Tech Limited Ingenico
Mosaic Software NCR Thales e-Transactions Verifone
Further information
-
Appendix 1 Contributors to this documentThales, one of the
globes leading suppliers of integrated security solutions,
addresses the businesssecurity needs of corporates and governments
alike, protecting transactions, networks, identificationdocuments
and sensitive sites. Thales security capability extends to security
and payment technologyfor financial transactions, networks and
e-commerce. An acknowledged expert in smart cardtechnology and
applications, Thales is a European leader in security critical
electronic payments,integrated Electronic Fund Transfer (EFT),
e-purse payment and secured keyboards, as well as beingthe UKs
leading supplier of electronic card payment terminals.
www.aciworldwide.comACI has been a leading company for more than
25 years with a worldwide presence in more than 80 countries
focussing on payment engines for the financial industry and smart
card managementsystems. Amongst ACIs more than 2000 customers are
the leading financial institutes. ACIs SmartCard Division is based
in Gouda, the Netherlands. It develops and delivers products to
handle thecomplete issuance, life-cycle management and workflow
management for smart cards of any type of card and purpose.
ACI views EMV migration as of prime strategic importance. Its
wide ranging product suite (ACI SmartChip Manager, Base24) covering
both the issuing and acquiring side of the business has already
helpedover 50 banks to migrate to EMV. ACIs expertise in the EMV
arena has been a key factor in successfulmigration projects.
ACI Smart Chip Manager is deployed in the financial industry,
health care, public transport, ID andGovernment. Implementations
range from small-scale single-application pilots to large-scale
rollouts of leading-edge multi-application schemes containing many
millions of cards.
Banks aiming for the simplest form of EMV migration already reap
the benefits of ACI Smart ChipManager. Legacy systems can be
seamlessly integrated into the new chip-processes without the
needfor extensive re-engineering. Any mix of card and chip types
can be supported.
One of the strong features of EMV is the ability of parameter
management. ACI Smart Chip managerallows this capability as an
additional module. It interfaces to ACIs acquiring systems or third
partypayment engines and terminal management systems.
Its a challenge for most issuers to finally migrate to a full
multi-application smart card scheme. ACISmart Chip Manager can
easily be extended to full multi-app including additional
post-issuing functionality.
www.aconite.netAconite is a business IT consultancy and software
solutions provider with specialist expertise in smartcard systems,
EMV, Security and e-Trust.
Aconite invests in solutions which address EMV migration, smart
card systems management, businessIT and trusted computing.
Established in 2000, Aconite has expanded at pace, gathering a
dynamic team with unique experiencein their respective fields.
Aconite recruits experienced professionals with a combination of
technicalskills and business acumen to apply technology
effectively.
Working alongside leading financial institutions and retailers,
Aconites client list includes Royal Bank ofScotland, Standard
Chartered Bank, Coutts & Co, Visa, LINK and Marks &
Spencer.
32
THALES
ACI
ACONITE
-
Flexible, pragmatic and committed, Aconite provides clients with
applied consultancy, inventivetechnology and business
understanding. Delivering focused assistance in strategic,
technical andoperational areas, Aconite is a dependable partner for
clients seeking to exploit innovative approachesto complex business
issues.
www.apsca.orgThe Asia Pacific Smart Card Association (APSCA) is
a non-profit, independent association fororganisations in the smart
card industry in the Asia Pacific region. APSCA is the only
professionalassociation for smart cards covering the Asia Pacific
and has over 60 members in Hong Kong, China,Taiwan, Japan, Korea,
Singapore, Malaysia and Thailand. The Association delivers
information,consultancy, guidance and networking to corporations
and government organisations, including smartcard scheme operators
and suppliers, providing an unparalleled opportunity to solve
problems, facilitatesmart card initiatives and generate increased
business development. Apart from organising more than50 events,
seminars, trainings and conferences covering all aspects of smart
cards, APSCA hasassisted government smart card projects, national
card payment policies and initiated real business forAPSCA
members.
www.atmel.comAtmel Corporation is a world-wide leader in design
manufacturing and marketing of advancedsemiconductors, including
logic, non-volatile memory and mixed signal and RF integrated
circuits. Atmel is also a pre-eminent provider of system level
integrated solutions, enabling customers to leadthe markets they
serve with electronic products that are smaller, smarter, less
expensive and moreversatile than ever.
Atmel is a multi-national company employing over 7,550 people
with world-wide revenues, balancedbetween North America, Europe and
Asia with significant development and manufacturing in eachregion.
Its headquarters are located in San Jose, California, USA.
It should be noted that Atmel is a semiconductor company only,
providing Smart Card ICs in wafer formor packaged in modules for
the Smart Card and Security related markets. It is neither a vendor
ofcards nor software integrated solutions. It partners with the
worlds leading card vendors and systemintegrators to support many
of the leading Smart Card solutions in high volume production
todayrequiring secure microcontroller ICs for Payment, Mobile
Communications, Health, ID, Pay TV ande-Security markets.
www.bellid.comBell ID, a subsidiary of London-based Bell Group
plc, has developed ANDiS, its open software platformproviding a
complete spectrum of turnkey products and services for single and
multi-application smartcard management schemes. In major Smart
Card, Biometrics, and Public Key Infrastructure (PKI)projects, Bell
ID operates both as a main contractor and/or as a technology and
software platformprovider. Bell ID operates from several main
segments e.g. Finance, Government, Blue Chip, Educationand
Telecom.
Bell ID is a client-focused company maintaining tight
relationships with key accounts. Clients areprovided with superior
quality, service, training and support around the globe.
Furthermore, Bell IDpursues and maintains strategic partnerships
with clients and suppliers. All projects are carried out byhighly
motivated, autonomous, teams with strong perseverance.
In order to guarantee interoperability and independency of the
ANDiS software suite, Bell ID activelycontributes to the
development of industrial standards and strives to comply with all
commonstandards relating to smart cards, tokens, PKI, biometrics,
electronic purse, and debit/credit.
33
APSCA
ATMEL
BELL ID
-
Bell IDs headquarters is located in Rotterdam, The Netherlands,
providing support to client sites withinthe Benelux. Sister company
Bell Security with offices in London, Belfast, Dublin, Edinburgh,
Glasgow,Stockholm, Zurich, Eindhoven, Hong Kong, Melbourne and
Paris provide local services, whereas salesand delivery of turnkey
solutions is coordinated from the office in Rotterdam.
Full global and around-the-clock support for the ANDiS product
suite is provided from Rotterdam and isenhanced through sales
partnerships with a number of major companies. Sales Partners are
trained inall aspects of the ANDiS software and utilise their
worldwide presence to provide installation, serviceand maintenance
of the ANDiS platform.
www.cardbase.comCardBASE Technologies is an independent software
company offering smart card management andsmart card payment
solutions. CardBASE offers MASCOT, a multi-application smart card
managementsolution and ChipPURSE, a complete CEPS Purse suite of
software comprising Issuer and Acquirermodules in order to help
banks leverage the most benefit from the migration to smart cards
andensure compliance with the EMV mandates laid down by the large
payment organisations.
MASCOT, from CardBASE, is a multi-application smart card
management solution. MASCOT enablesissuers to manage magnetic
stripe cards, smart cards and multi-application cards on the same
systemenabling issuers to adopt a phased yet comprehensive approach
to EMV migration.
While MASCOT offers support for EMV and CEPS Purse it also
supports non-payment applicationsincluding Certificate Authorities
to issue Digital Certificates and Loyalty solutions with the aim
ofsupporting the current and future needs of card issuers.
MASCOT is a Global Platform compliant solution and the product
features include; CardholderManagement, Card & Application
Lifecycle Management along with Post Issuance support
forapplication downloads and application updates.
www.ctl.comSince its inception in 1989, CTL has become a
market-leading provider of software solutions to thepayments
industry. We pride ourselves in delivering the highest quality
products and services on timeand to an agreed budget; we back up
every installation with the very best support service, 24 hours
aday, seven days a week. Today, more than 150 clients, including
some of the worlds largest banks,use our systems in over 60
countries worldwide.
CTL builds software on an open platform, providing you with
complete, yet modular solutions for anycard programmes you choose.
One of the great advantages of our software designs is their
flexibility:they integrate with existing systems and can be quickly
and cost-effectively adapted to take advantageof the
ever-increasing opportunities available to you in our fast-moving
industry.
Payment card technologies are the foundation of our expertise.
CTL systems support a wide variety ofmagnetic stripe, chip and
proxy card programmes with highly sophisticated functionality. They
have alsobeen adapted to create the Web tools you need for a safe,
profitable entrance into the e-businessarena. We invest heavily in
research and development to ensure that our future proof systems
remainat the cutting edge of technology and secure your long-term
investment in payments systems.
CTL guarantees compliance with the mandatory regulations of the
payment associations AmericanExpress, Diners Club, JCB, MasterCard
and Visa.
34
CARD TECHLIMITED
CardBASETechnologies
-
www.cryptomathic.comCryptomathic is one of the worlds leading
providers of e-Security, specialising in commercialcryptography.
Cryptomathic offers products and solutions, including systems for
home banking, smartcard issuing and key management.
CardInk is a data preparation system for issuing
multi-application smart cards. It uses CommonPersonalization and
integrates into the GlobalPlatform framework and supports VISA and
MasterCard applications.
www.datacard.comDatacard provides customers in more than 200
countries with the systems, software, and consultativeexpertise
they need to launch and maintain profitable card programs. The
company helped transformthe world for consumers and card issuers
more than 30 years ago by enabling secure, high-volumeissuance of
magnetic stripe-based financial cards. Today, more than 90% of the
worlds financialcardsand the majority of plastic cards used for
other applicationsare personalised with Datacardbrand systems and
software. Many of the worlds leading financial institutions and
consumer marketersplan to issue single & multi-application
smart cards, and Datacards smart card infrastructure will beused to
personalise, distribute and manage a vast majority of these cards.
Through industryassociations such as Global Platform and the Smart
Card Alliance, Datacard is also helping to defineand then implement
open standards and interfaces needed to issue cards and manage the
dataneeded within a comprehensive smart card issuance program.
Datacard is a privately held companyowned by the Quandt Family of
Bad Homburg, Germany. Datacard is headquartered in Minnetonka,MN,
with a sales and service network of direct sales organisations,
dealers, distributors and valueadded resellers in over 120
countries. Additionally, worldwide operations include software
developmentcentres in the U.S., U.K., India and Japan. The company
employs more than 1,600 people worldwideand generates annual
revenues of more than $300 million.
www.gemplus.comGemplus helps its clients offer an exceptional
range of portable, personalised solutions that bringsecurity and
convenience to peoples lives. These include mobile Internet access,
inter-operable bankingfacilities, e-commerce and a wealth of other
applications.
Gemplus is the only completely dedicated, truly global player in
the Smart Card industry, with thelargest R&D team, unrivalled
experience, and an outstanding track record of technological
innovation.
Gemplus offer in EMV: EMV Prime A suite of solutions guiding
banks on the optimal path to migration.
Whatever your EMV migration requirements, you will find that
Gemplus has a solution that fits and a team of experts to help
manage your project. EMV Prime was built on three years of
experience in EMV migration and with assistance and feedback from
clients all around the world. EMV Primecovers migration planning,
development, piloting and all stages of deployment. The EMV Prime
modulescan be tailored to suit the needs of any client, whilst
dedicated project management teams work withyou to ensure that EMV
Prime lives up to its reputation.
Gemplus trades its shares on Euronext Paris S.A. First Market
and on the NASDAQ Stock Market(tm)as GEMP in the form of ADSs.
35
GEMPLUS
DATACARD
CRYPTO-MATHIC
-
www.gdai.comMore than 30 years experience in smart security for
payment cards have made G&D a leadingsupplier of electronic
payment cards. In 6 years only, 100 million banking cards have been
issued usingsmart card software developed by G&D.
G&D is an accredited technology partner of all major
international payment organisations, such as Europay International,
MasterCard International, Visa International, Proton World and
Discover.
With our technological edge in the development of chip card
operating systems and applications, G&D has successfully
migrated from a manufacturer of high quality magnetic stripe cards
to a leading technology supplier of microprocessor and crypto
processor cards.
G&D is represented on all important international
standardisation committees, i.e. MAOSCOConsortium, Eurosmart, ETSI
SMG 9, JavaCard Forum, Peoples Bank of China Technical
Subgroup,ISO/IEC, Smart Card Forum, Global Chip Card Alliance,
Global Platform Group.
Giesecke & Devrient (G&D) is an international technology
group with 150 years of tradition. Founded in 1852, G&D first
specialised in banknote printing and security paper manufacture,
later addingcurrency automation systems to its product portfolio.
Today, G&D is also a technology leader in thefields of smart
cards and system solutions for telecommunications, electronic
payments,transportation, health, ID, loyalty, pay-TV, multimedia
and Internet security (Public Key Infrastructure).
The Giesecke & Devrient Group, headquartered in Munich,
operates subsidiaries and joint ventures all over the world.
G&D employs around 7,000 people worldwide and generated a
revenue of 1.12 billion in fiscal 2001.
www.globalplatform.orgGlobalPlatform is the only cross-industry
forum focused on the development, management andpromotion of
specifications for multiple application smart cards, smart card
applications, and enablingdevices. With support from its global
Member organisations, GlobalPlatform promotes a standardframework
facilitating the implementation of smart card programs in any
industry around the world.GlobalPlatform allows flexibility in the
choice of technologies and vendors through an emphasis on
openstandards for cards, terminals and support infrastructure.
GlobalPlatforms card, terminal and systemsspecifications are the
first open standards adopted by GlobalPlatform and will provide a
solid foundationfrom which the organisation will define the future
of multiple application smart cards.
GlobalPlatform totals fifty-six Members from across Europe, USA,
Canada, Australia, Japan and Korea,including issuers,
manufacturers, and vendors of multiple application smart cards,
such as AmericanExpress, Hitachi, MasterCard International, JCB,
NTT Corporation, Proton World, Schlumberger, Sun Microsystems,
Thales, The Bank of Nova Scotia and Visa International, as well as
severalgovernment bodies.
About Hitachi Europe
Ltd.:www.hitachi-eu.com/semiconductorsHitachi Europe Ltd., is a
wholly owned subsidiary of Hitachi, Ltd. Japan. It has operations
throughoutEMEA which provide sales, marketing, technical support
and research and development. Hitachissemiconductor and display
products are key components in the fields of smart cards,
communications,automotive, consumer, industrial, displays and
system LSI. They include the SuperH RISCmicroprocessors, the H8
microcontroller family, smart card controllers, TFT displays,
memories (Flashand SRAM), transistors and diodes, and network
products. For reader enquiries or more informationon the products
and services offered in Europe by Hitachi Semiconductor, please
visit the Web site.
36
GLOBALPLATFORM
HITACHI
G&DGIESECKE &
DEVRIENT
-
About Hitachiwww. global.hitachi.com. Hitachi, Ltd.,
headquartered in Tokyo, Japan, is a leading global electronics
company, withapproximately 320,000 employees worldwide. Fiscal 2001
(ended March 31, 2002) consolidatedsales totalled 7,994 billion yen
($60.1 billion). The company offers a wide range of systems,
productsand services in market sectors, including information
systems, electronic devices, power and industrialsystems, consumer
products, materials and financial services. For more information on
Hitachi, pleasevisit the companys Web site.
www.jcbinternational.comJCB is one of the international payment
brands, such as Visa and MasterCard, and is also the largest card
Issuer and acquirer by itself in Japan. JCB launched its card
business in 1961 and beganexpanding overseas in 1981. Its merchant
network includes 9.78 million merchants and spans189 countries and
territories, and serves 42 million card members worldwide. As part
of itsinternational growth strategy, JCB has formed alliances with
more than 320 leading banks andfinancial institutions globally to
increase merchant coverage. JCB has started the full-scale
issuanceof smart cards in Japan from Dec. 2001, with J/Smart EMV
application loaded, and has also beenvery active in the smart card
migration in the markets outside of Japan. For further
information,please visit the JCB International website.
www.logicacmg.comLogicaCMG is a global solutions company
providing management and IT consultancy, systemsintegration and
outsourcing services. With additional expertise in wireless
technology, the companysupports clients across diverse markets
including telecoms, financial services, energy and
utilities,industry, distribution and transport and the public
sector. Formed in December 2002 through themerger of Logica and CMG
the company has offices in 34 countries and over 60 years of
combinedexperience in the IT services arena. LogicaCMG is the
number two European quoted IT servicescompany and is listed on both
the London and Amsterdam stock exchanges.
LogicaCMG has been at the forefront of providing EMV compliant
open systems for a number of years.With our knowledge of the third
party product suppliers, we are able to offer consultancy, and
provideeither full end-to-end card processing capability, or
individual component solutions for the physical andvirtual payments
world. Our solutions range from fault-tolerant systems, through
high availability UNIXconfigurations, to the latest Windows NT/2000
systems. Specific focus is placed on modern opentransaction
systems, smart card solutions, EMV compliance and international
operator-independentmobile & card fraud alerting solutions and
services.
LogicaCMGs vision for the next generation of card systems
covers:
Core application components for Card Issuing, Card Transaction
Acquiring, Merchant Management,Transaction Switching, Smart Card
Management, Settlement, Clearing;
Customer services and business process workflow, addressing
issues and opportunities around thericher functional and
technological features of these systems;
Platform technologies, focusing on emerging interoperable and
open corporate standards.
LogicaCMG already has a track record in implementing proven open
systems that have similar reliabilitylevels to the legacy high
availability systems, but with significantly improved cost of
ownership and timeto market. An even more complex and critical
issue is an appropriate migration strategy for replacing alegacy
system with a new, open variant. The migration strategy is the
central part of the vision toensure that risk is contained, whilst
ensuring that return of investment criteria are being achieved.
37
LogicaCMG
JCB
-
www.mosaicsoftware.comMosaic Software develops leading-edge
software solutions in the consumer transaction space. The Mosaic
Software offices in the USA, UK, Australia and South Africa support
clients that includefinancial institutions, retailers,
telecommunications operators, transaction processors, Internet
serviceproviders, card issuers and data processing service
providers.
Mosaic Softwares product, Postilion, is a scalable, modular
system designed to deliver consumer-generated transactions at every
level of an EFT network. Postilion is currently installed in more
than 30 countries, where it is used for ATM driving and monitoring,
EFT switching and routing, EFTPoScredit/debit card transaction
processing, Internet/call centre payment authorisations and
mobilecommerce applications. Postilion reduces transaction
processing costs, improves analytical capabilitiesof customer
transactions and increases overall transactional revenues.
Postilion is fully EMV compliantand can support EMV migration with
two specific solutions:
Postilion EMV Gateway is a low-cost, fast track solution for EMV
smart card compliance. BothAcquirers and issuers can achieve EMV
compliance for online transaction processing by front-endingtheir
incumbent systems with the Postilion EMV Gateway. Magnetic stripe
transactions are processedby the existing system infrastructure
while EMV transactions are routed directly from the Postilion EMV
Gateway, avoiding the need to upgrade the incumbent system to
support EMV data fields.
Postilion for Chip and PIN offers multi-lane retailers a means
to rapidly support EMV chip cards andsecure PIN processing at the
point of sale. Further benefits are the ability to offer
sophisticated EFT services at the till such as staff discount and
loyalty programmes; authorisation of transactions at the till even
when store systems are down; a faster settlement cycle and reports
to meet all store requirements.
Mosaic Softwares major partners include Thales, Stratus
Technologies, Retail Decisions, MasterCard,SmartTrust, Diebold, and
NCR. Well-known companies such as 7-Eleven, Marks & Spencer,
E*Trade, BankLeumi, TNS, ABSA, Retail Decisions, American Express
and Cell-C are clients. The company is backed byGE Equity and
Comparex and is a selected technology provider to multiple GE
Capital businesses.
www.multos.comMULTOS is an open standard multi-application smart
card operating system that has been developed bythe MAOSCO
consortium. MAOSCO requires all MULTOS devices to have been
independantly accreditedto the highest achievable levels of
security assurance such as ITSEC E6 High. Hence MULTOS istargeted
at markets requiring high security such as finance, secure ID and
other related applications.
The security of applications on a MULTOS card is provided by
on-card firewalls that prevent memoryarea intrusions, and a
load/delete mechanism based on asymmetric cryptography which means
cardissuers and application providers do not need to share
secrets.
www.ncr.comAs the worlds leading ATM manufacturer, NCR has
deployed self-service EMV solutions across Europe,Asia Pacific and
the Americas.
NCR Corporation (NYSE: NCR) is a leading global technology
company helping businesses buildstronger relationships with their
customers. NCRs ATMs, retail systems, Teradata data warehousesand
IT services provide Relationship TechnologyTM solutions that
maximise the value of customerinteractions. Based in Dayton, Ohio,
NCR employs 30,400 people worldwide.
38
NCR
MULTOS
MOSAIC
-
www.nomadsoft.comNOMAD Software supplies card payment solutions
based around its NOMAD CORTEX product set.NOMADs customers are
innovative new generation banks who want to build strong and
profitablerelationships with all their customers, be they private
clients, merchants or businesses.
Flexibility, performance, reliability, availability and
scalability are all at the heart of a NOMAD solution.NOMAD CORTEX
benefits from a well architectured 3-tier structure, which embraces
the Internet andsmart card. Established requirements in areas such
as Card Management, Authorisation,Switching andTerminal Management
are all available off-the-shelf, while the very latest business
requirements can besatisfied using ready-made components.
www.norton-consultancy.comNorton Consultancy Limited is a
provider of business and technical consultancy and training on
theimplementation of EMV chip cards.
Norton Consultancy Limited has worked with many of the major
high street UK Banks and third partyprocessors providing hands-on
assistance with the implementation of chip cards. Norton
ConsultancyLimited has experience with the full end-to-end EMV chip
card implementation:
Establishing a suitable Project Team Structure
Defining Chip Business Requirements
Defining Chip System Design
Defining and Implementing Chip Keys
Upgrading Card Bureau to Support Chip
Interpretation of chip specifications (EMV, VIS, M/Chip Lite
& M/Chip Select)
Defining chip MI requirements
Chip Testing
Delivery of Customised Training
Norton Consultancy Limited has gained a reputation for being
able to translate the complex technicalworld of chip into a more
understandable business language, assisting organisations to climb
the steeplearning curve of chip thus reducing project time scales
and costs.
www.oberthurcs.comOberthur Card Systems, listed on the Euronext
Stock Exchange (Code Euroclear 12413) sinceJuly 2000, is one of the
worlds leading providers of card-based solutions, software and
applications including SIM and multi-application smart cards and
services ranging from consulting to personalisation.
Innovative products and high quality services ensure Oberthurs
strong positioning in its three maintarget markets.
Payment : 52% of revenues in 2001. the company is the world
leader and number one supplier for Visa and MasterCard.
39
OBERTHURCARD
SYSTEMS
NORTONCONSULTANCY
LIMITED
NOMADSOFTWARE
-
Mobile Communications : 31% of revenues in 2001, with open and
interoperable solutions based on Java technology.
Authentication and Network Security : emerging markets in which
the company plays a pioneeringrole, with strong expertise in
security and a dominant position in e-commerce and Pay-TV.
Close to its customers, Oberthur Card Systems benefits from an
industrial and commercial presenceacross all five continents.
Oberthur Card Systems is a subsidiary of Franois-Charles
Oberthur Group.
www.slb.comSchlumberger Smart Cards and Terminals is the worlds
leading provider of microprocessor cards thekey to digital networks
and a major supplier of card-related terminals and transaction
software. Its5,000 employees serve customers in more than 100
countries, with worldwide sales exceeding 2.6billion smart cards to
date. The company possesses more than 20 years experience in smart
cardinnovation and leads its industry in security technology and
open systems.
Schlumberger has an unparalleled track record implementing
successful banking projects, whether itsleveraging smart card
technology for nationwide EMV migration schemes, or designing
payment systems.Our technical expertise embraces security, payments
standards such as EMV, chip card design, cardmanagement and issuing
systems, bank transaction processing and design of payment
terminals
www.thales-esecurity.comOperating in three main markets covering
e-security, card payment and network security, Thales e-Security
addresses the business and finance industrys need for cryptographic
security products andsolutions used to protect a range of critical
information infrastructures. Over half of the worlds banks,together
with the majority of the busiest exchanges, currently use Thales
technology. For more than 20years the company has been at the
forefront of security and payment technology, co-operating
andcontributing to set the industry standards used for financial
transactions and e-commerce globally.
Thales P3Thales P3 lets issuers deploy EMV smart cards with
minimal impact on their existing systems and withminimum cost.
It integrates with host systems and card personalisation devices
to:
Enable creation of EMV parameters for each card holder
Generate, store and manage cryptographic keys for each
application
Output files of parameters and keys for personalisation
machines
Generate an audit log of activities
Three levels of Thales P3 system enable issuers to deploy a
Thales solution scaled to meet their individual needs.
Thales HSMThe Host Security Module (HSM) is a physically secure,
tamper-resistant security server that providescryptographic
functions to secure transactions in retail financial applications
including PIN encryptionand verification, debit card validation,
stored value card issuing and processing, chip card issuing
andprocessing, message authentication and symmetric key
management.
With the optional DSP-RSA Module, the HSM can also support
public key cryptographic operationsincluding digital signatures,
certificates, and asymmetric key management. 40
THALES e-SECURITY
SCHLUMBERGERSmart Cards and Terminals
-
www.thales-e-transactions.com Thales e-Transactions is a wholly
owned subsidiary of the global electronics group Thales and
providesuser-friendly secured solutions for card transactions. The
company is a European leader in the fields ofportable, mobile and
fixed electronic payment terminals, integrated Electronic Fund
Transfer (EFT), e-purse payment and secured keyboards. Thales
e-Transactions expertise in smart card applications forbanking and
commercial markets is highly acknowledged on a worldwide basis.
The solution that Thales e-Transactions proposes is a range of
terminals that are appropriate for a variety of card acceptance
locations.
Artema Desk for standard retail where the customer attends the
Point of Sale desk
Artema DECT for locations where the terminal needs to be taken
to the customer away from thePoint of Sale desk
Artema Mobile where the terminal can accept transactions on the
move.
These products have common core hardware platform and common
software architecture which offersthe following advantages
Price benefits
Lower certification costs from common EMV Level 1 IFM to common
Level2 Kernel
Faster to market with regional applications through the use of a
simple to use software development toolkit
The Artema Desk product can also be provided with a TSC+ PIN
pad. The first in the world to achieveVisa PED approval to the
higher security required for chip transactions.
Thales also produce other terminals that are specific to local
regions. Because of the nature of theproposal these terminals have
not been included in this offer but Thales would be happy to
providefurther details on request.
With considerable expertise of developing EMV certified products
in the main European markets, and with asignificant international
presence both in and outside of the EU region, Thales
e-Transactions believes its iswell qualified to be a valued partner
of Visa International in the Global Cost Effective Acceptance
Project.
www.corporate.visa.comVisa is the worlds leading payment brand
generating US$2.4 trillion in annual card sales volume. Visahas
unsurpassed acceptance in more than 150 countries. The Visa
organization plays a pivotal role indeveloping innovative payment
products and technologies to benefit its 21,000 member
financialinstitutions and their cardholders. Visa is a leader in
Internet based payments and is pioneering thecreation of
u-commerce, or universal commerce the ability to conduct commerce
anywhere, anytime,and any way. For more information, visit
www.corporate.visa.com.
41
THALES e-TRANSACTIONS
VISA
-
42
-
Contact information for companiesmentioned in this document
Company Website ACI www.aciworldwide.comAconite Solutions
www.aconite.netAmerican Express www.americanexpress.comAsia Pacific
Smart Card Association (APSCA) www.apsca.orgAtlantic Zeiser
www.atlanticzeiser.comAtmel www.atmel.comAustria Card
www.austriacard.atBell ID www.bellid.comCardag
www.cardag.comCardBASE Technologies www.cardbase.comCards etc.
www.cardsetc.comCard Tech www.ctl.comCatuity www.catuity.comCEPSco
www.cepsco.comCIM www.cimitaly.itCR2 www.bankworld.ieCryptomathic
www.cryptomathic.dkDatacard www.datacard.comDatacard Gilles Leroux
www.gilles-leroux.comDiners Club International
www.dinersclub.comDiscover Card www.discovercard.comDNP
www.dnp.co.jpE-Funds www.efunds.comEMVco www.emvco.comFabrica
Nacional www.fnmt.esFargo www.fargo.comG&D www.gdai.comGemplus
www.gemplus.comGlobalPlatform www.globalplatform.orgHitachi
www.hitachi.comID Data Systems www.id-data.co.ukIFS
www.ifsintl.comIncard www.incard.itInfineon
www.infineon.comIngenico www.ingenico.comIris Tech
www.iris-technology.co.ukJCB International
www.jcbinternational.comKeycorp www.keycorp.netLogicaCMG
www.logicacmg.comLogika www.logika.itMasterCard
www.mastercard.comMatica www.maticasystems.itMosaic Software
www.mosaicsoftware.comMuehlbauer www.muehlbauer.comMultos
www.multos.comNBS www.nbstech.comNCR www.ncr.com
43
-
Company Website Nomad www.nomadsoft.comNorton Consultancy
www.norton-consultancy.comNovacard www.novacardservices.co.ukOasis
www.oasis-technology.comOberthur www.oberthurcs.comProton World
www.protonworld.comS2Systems www.s2systems.comSchlumberger
www.slb.com/smartcardsSetec www.setec.comThales e-Security
www.thales-esecurity.comThales e-Transactions
www.thales-e-transactions.comToppan www.toppan.co.jpUBIQ
www.ubiqinc.comVerifone www.verifone.comVisa www.visa.comWelcome
realtime www.welcome-rt.com
44
-
Card issuing Critical Questions checklist
Does this affect me?
Introduction to EMVWhat is the date of the EMV migration for my
country or regionset by the card associations of which I am a
member?
What level of testing period do I want to allow myself before
goinglive with my EMV card base/infrastructure?
Which vendors will I select to help facilitate my move to
EMV?
When do I start migrating my card base to EMV cards, bearing
inmind that the cards I am issuing today might still be in
circulationafter the EMV migration date?
What extra business can I generate by achieving first
moveradvantage in my markets by moving to smart cards
Am I actually losing business by not moving more rapidly to
smart cards?
Am I being targeted by fraudsters because competitors
havealready migrated?
Financial applicationsWhat payment schemes do I want to support
with my cards?
What are the standards and mandates of those schemes?
Do I want to support single applications, multiple applications,
or both?
Do I want to offer my customers an electronic purse?
Are there any other legal issues specific to my country that I
needto consider such as data protection laws?
Non-financial applicationsMy card will have an anchor financial
application. But do I want it to carry other applications such as a
retail loyalty scheme?
Do I want the card to support Internet banking?
Will I create the additional applications in house, use third
partydevelopers, or accept applications provided by partners?
45
-
Does this affect me?
Application securityDo I want SDA, CDA or the extra security of
DDA authentication?
What EMV risk management parameters should I select and