Abstract image of a woman sitting on books and studying on a laptop

What is A Smart Card

P
Philip Andreae

The document discusses the global migration towards EMV (Europay, MasterCard, and Visa) chip technology for payment cards, highlighting the history, benefits, and implications of this transition. It emphasizes the enhanced security against fraud, the necessity for upgrades in banking and merchant systems, and the expected investment in infrastructure for the migration process. Key stakeholders, including banks, retailers, and governments, are actively pursuing the adoption of smart card technologies to improve payment systems.

Business
1 of 39
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
The Technology Is Ready Philip Andreae Philip Andreae & Associates
2 Why are you Here • The globe is in migration to EMV • June 2003: Visa Canada announced its plans to migrate to chip • January 8, CTV W-5 documented the reality of debit card fraud • October 2005: Interac issued schedule for chip • American Express, MasterCard and JCB are ready to support the Canadian migration to chip The Time Has Come
3 What is a Chip Card? • A plastic credit card with an embedded computer chip containing a microcomputer –1976 a calculator in your card –Today the power of 1981 IBM PC –Tomorrow integrated with your body, PDA and Cell Phone?
4 History of Chip Cards a.k.a the Smart Card • 1968 German Inventors, Jurgen Dethloff & Helmet Grotrupp German patent use of plastic as a carrier for Microchips • 1970 Japanese Inventor, Kunitake Arimura applied for similar patent • 1974 French Inventor, Roland Moreno patented the Smart Card • 1978 Honeywell Bull proves miniaturization of electronics • 1993 Work on EMV began • 1995 MasterCard Buys Mondex • French Banks Specifications 1977 • Honeywell Bull Produce First Cards 1978 • Payphone Cards 1983 • French Banking Pilot Begins 1984 • Used in TV 1990 • ETSI GSM SIM 1991 • First ePurse in Bulle, Switzerland 1992 • German Health Card 1993 • First Combi Card 1997 • Mondex in Canada 1998
5 1984-1992 • France Banks elect to implement smart cards • Carte Bancaire develop chip application - B0’ • Merchants receive government incentives • Cardholders use PIN for both credit and debit • Domestic fraud down to 0.02% The World Watched
6 Application Requirements Define the cost of the chip : $1 - $5 USD Operating System Fixed Data Standard Routines Card Id •Owner Id •Pin •EMV Parameters •Credit Limits •Cash Balances CPU RAM ROM Calculated Results NVM Contact Contactless Combi I/O RAM - Read Access Memory ROM - Read Only Memory NVM - Non-Volatile Memory CPU- Central Processing Unit I/O – Input Output
7 Which Chip Card or What Form Factor? • They Vary In Capabilities: – Simple memory cards – Secured memory cards – Processor chips with static data authentication – Crypto chips with dynamic data authentication • Terminal Interface can be:  Contact  Dip and Go  Contactless  Tap and Go  USB Too  Plug & Play • Common Configurations: – Magnetic stripe only (Today) – RFID – Tags and Fobs – Contactless – Paypass, access and transit applications – Hybrid EMV – Magnetic Stripe with chip – Dual chip – Same card, 2 chips, 1 contact - 1 contactless – Combi – Contact – Contactless interface connected to one Chip
8 Smart Cards Support Many Things Credit Debit Stored Value Home Banking Payment Guarantee Ticket Itinerary Boarding Pass Frequent Flyer VIP – Security Calling Card Parking Cards Transit Card Fitness Club Library Card Points Rewards Coupons Discounts Punch Card Passport Drivers License Corporate ID National ID Photo Biometrics Pharmacology Emergency Data: Blood type, Donor Status, Allergies Physician’s Details Health Insurance Access/Rights Home Address vCard Passwords Credentials Car Key PSE IATA Subscriber Loyalty ID Health Profile Key uses: Security, Authentication, Identification, Purse and Data Storage PSE – Payment Systems Environment IATA – International Air Transport Associations
9 Senior Citizen Card Monthly Pass Parking Reservation E-Purse Public Transport Is Going Contactless • Octopus, the Hong Kong Transport System, is also now a bank with payments included on the card • Major cities are implementing contactless fare collection systems – London, Paris, San Francisco, Seattle, Tokyo, Strasburg Washington DC … • Burlington and Gatineau have systems in operation • Montreal, Vancouver, Edmonton, Calgary … are in progress • Most systems include an e-purse other merchants could accept ePurse is the focus….. Profile
10 Governments Are Pursuing Smart Cards • Identity theft is a global concern seeking a secure means of identification • Digital identity, drivers license, benefits and health cards are seen as likely applications • The U.S. Department of Defence issued millions of cards • A digital ID is being sought yet privacy is a concern • Borders are going contactless due to U.S. passport requirements yet interoperability and privacy are a civil libertarian’s concern • Integrity in the Payment systems is a national issue Passport Drivers License SIN Gov. Entitlements Identity Card ID
11 Retailers Are Pursuing Smart Cards • The issuing banks expect retailers to investment in PIN pads, EMV terminals and central system upgrades • Most see large investments with no return on investment • CRM and data-mining use a central database - barcode • For loyalty programs, database solutions work • Mid-tier merchants are being ignored • Renting space on a Payment card is an option Yet, partnering with one bank is not a solution Boots Esso Target Delhaize ASDA Marks & Spencer Loyalty
12 The Banks Are Pursuing Smart Cards • AMEX, Diners, Interac, JCB MasterCard and Visa support a global migration to EMV – Europe implemented a liability shift this year – 2006 thru 2010 Asia Pacific, Central Europe, Middle East, Africa, Latin America have liability shifts planned • Various electronic purse schemes have been tried – Mondex – Proton (Exact) – Visa® Cash – Common Electronic Purse Standard CEPS • MasterCard is focused on contactless – PayPass™ Credit Debit Stored Value Home Banking Payment Guarantee PSE PSE – Payment Systems Environment
13 The Smart Card Forms a Relationship • Portable, anytime - anywhere access mechanism Cardholder Secure Identity Payment Mechanism Access Rights Personal Profile Internet Access Mechanism Interface Device IFD
14 1991 - “ECPS” Identified Smart Cards as the Solution to Payment Card Fraud • The technology was proven in France • Debit card and security drove the requirements • The banks believed in the integrity it would provide • The technology is secure A belief in future profit ECPS = European Council for Payment Systems
15 Began December 1993 Stable Version Released 1998 The international schemes decided smart cards are the way forward Europay, MasterCard, Visa International started “EMV Integrated Circuit Card Specifications for Payment Systems” Fraud Control Pin On Credit Logic in Chip Credit Risk Management Cost Reduction Off-line Authentication Revenue Creation Value Added Services
17 The Classic Smart Card Business Case • Is Based On – A CAM to stop counterfeit loses Card Authentication Method – A CVM to reduce lost and stolen card fraud Cardholder Verification Method – Offline algorithms to reduce processing cost – Support of future value added services
18 The Specifications are Stable International Standards Organization and EMV ISO 7816 - Smart Card Part 1: Physical characteristics Part 2: Cards with contacts -- Dimensions and location of the contacts Part 3: Cards with contacts -- Electrical interface and transmission protocols Part 4: Organization, security and commands for interchange . . . ISO 14443 - Contactless Part 1: Physical characteristics Part 2: Radio frequency power and signal interface Part 3: Initialization and anti-collision Part 4: Transmission protocol . . . EMV Version 4.1 May 2004 Book 1 - Application independent ICC to terminal interface requirements Book 2 - Security and key management Book 3 - Application specification Book 4 - Cardholder, attendant, and acquirer interface requirements Interoperability: The Goal EMVco Certification: The Method
19 Insert Card into Reader Answer to reset Select Applications by PSE or by AID Develop Candidate Application List Consumer Selection EMV Defines Application Selection The key to merging all payment products onto one card PSE – Payment Systems Environment AID – Application Identifier 1. – MasterCard® 2. – Member Card® Enter 1 or 2 to select payment Method ?
20 Interac MasterCard Visa Merchant Commercial Account Cardholder - Member Issuing FIs Payment Scheme Payments: A Four Party Model Retailer - Acquirer  Issuer - Cardholder Acquirer Authorization/Finance Request Authorization/Finance Response Batch Presentment/Clearing
21 Payments a Process with Purpose Authentication Verification Approval Card Security Features PIN Signature Hologram Magnetic Stripe Online Authentication (cvv/cvc) Credit Limit Floor Limit Available Balance Yet No Longer Secure What You Have What You Know      Manual
22 EMV: A Secure Physical Token At Every Point of Interaction Authentication Verification Approval PIN Verified in Chip Credit Limit Available Balance What You Have What You Know Unique Serial Number and Certificates Valid Scheme  Issuer  Card Offline Authentication with Online Optional Terminal Risk Management Card Risk Management At POIBy Issuer
23 Chip Changes the Fabric The card is no longer a passive component Authentication Verification Approval Card Production and Personalization PIN Management Finance and Fraud Management Security Features Encode Mag. Stripe Embed Chip EMV and Card Keys Pin Offset or Host-Based Consumer Choice: A Need for PIN Synchronization Online Authorization Chip Can Actively Engage at POI Issuer Can Update the Card Dynamically
24 Issuing FIs NETWORKS The Chip Card is the Easy Part All your strategic systems are affected Credit Issuers & Banking Systems
25 International Specifications are Available Issued by Each Association VISA NET Bank-NET P RINTER POS P RINTER POS P RINTER POS P RINTER POS CLEARING & SETTLEMENT CLEARING & SETTLEMENT ACQUIRING SYSTEM FRAUD MANAGEMENT ISSUING SYSTEM POINT OF SALE NETWORK VISA ROOT KEY RETAIL HOST STORE CONTROLER PKi SECURITY SERVER RETAIL HOSTSTORE CONTROLER CHECKOU T CHECKOUT CHECKOUT CHECKOUT CHECKOUT CHECKOUT DOMESTIC ROOT KEY MasterCard EUROPAY ROOT KEY CARD PERSONALIZATION CARD PRODUCTION SMART CARD LOADER ENCODINGEMBOSSING CARD MANAGEMENT MCPS & MCHIP VIS & VSDC AEIPS Interac Chip On Paper
26 Benefits of EMV to Issuers • Global interoperability • More secure payment card • Reduced fraud; therefore, less exceptions • Efficiency in servicing low value transactions • Ability to support credit and debit on a card • Reduced costs through offline transactions • New revenue opportunities
27 Benefits of EMV to the Acquirers • Irrefutability of payment transaction • Reduced cost of handling chargebacks • Low value transactions – Drives transaction growth • New revenue opportunities • Rewards • Consumer profile • Loyalty • Other value-added services
28 Benefits of EMV to Merchants • Guarantees payment to merchants • Enhance efficiencies: – Speed and ease of use at the point-of-sale – Reduction in need to keep paper receipts – Improve dispute procedures and resolution – Reduce fraud
29 Benefits of EMV to Merchants • Enhance the e-commerce environment • Platform for more robust loyalty programs • Opportunity to employ electronic payments at unattended locations and high-risk outlets
30 Canada Will Invest $1 Billion+ Local Networks Everyone's Legacy Systems Must Be Upgraded Payment Network s 100% Terminal Replacement Processors $ 2 Million x 15 $ 30M Issuers $ 15 Million x 5 Banks $ 7 Million X 10 Banks + $2 per Card x 75M $ 295 M Integrated Merchants $ 2 Million Per Major x 50 + 250 Per PIN Pad x 300,000 Devices $ 175M Merchants $ 300 Per POS x 500,000 devices $ 150M White Label ATM $ 2,000 Per ATM x 25,000 devices $ 50M Estimates are by PA&A for Canadian Payment Migration Issuer Bank Machines $ 2,000 x 28,000 $56 M Petroleum $6,000 Per Dispenser EMV demands significant change to the 8583 message Processors Acquiring FI Processor Acquiring Processors $ 5 Million Each x 6 Processors $ 30M
31 Key EMV Migration Issues • PIN Verification in chip and consumer select • The EMV message structure expands • Online CAM added to authorization process • Point-of-interaction must be EMV and PCI PED compliant • Introduction of cryptography everywhere
32 Business Process Implications • Impact on product design • Consumer PIN select • Inclusion of chip in card design • Card production and issuance • Call centre screens and work flow • Reduction in exception items • Consumer education • Merchant acceptance procedures • Merchant and consumer contracts • Branch processes and procedures
33 PIN Management • Both credit and debit cards will employ PIN as the preferred means of cardholder verification • The requirement: Let the consumer select their PIN – Yet, the PIN on chip and the magnetic stripe PIN are technically different – The two PINs must be synchronized and changed together at a secure point-of-interaction i.e. branch terminal or ATM • Those without national infrastructure must consider their strategy carefully
34 Merchant Migration is the Biggest Issue • Acquirer-Owned Equipment – Typically written off – Most equipment has several good years of life left in it • Integrated Merchants – Can identify saving as a result of EMV introduction – Will plan as part of normal point-of-sale upgrade – Have leverage to negotiate with acquirers • Small Integrated Merchant – Very little leverage – Typically own their own payment terminals – Must upgrade point-of-sale software
35 Chip Card Manufacturing Process Developing the mask can take upwards of 20 months Die bond Module Wire bond Encapsulation Embossing & Personalization Module Embedding GLUE MODULE SITE CUSHION MODULE
36 EMV: Card and Key Management • EMV introduces cryptography – To assure card authenticity – To guarantee an irrefutable transaction • Various methodologies are employed – Public Key – between the card and POI – Symmetric Key – between card and issuer • Various algorithms are employed – RSA – authenticate scheme, issuer and card – 3DES – authenticate card and transaction to issuer and issuer to card
37 Back Office Debit and Credit Systems Many systems require upgrade or replacement • Credit card systems must perform online authentication • Banking systems must perform online authentication • Key management becomes a core competency • Integration with card management processes • New PIN management techniques required • Fraud and risk management systems • Card life cycle must be managed • Card issuance and replacement
38 Card Management • Management of smart cards is complex – EMV requires management of the card during its entire life – Security must be managed holistically – Employing scripts – chip parameters can be updated during the life of the card – Future value of smart cards is the ability to support multiple functions within the same card – Managing the load or unload of applications enhances consumer proposition and fraud management capabilities
39 Smart Card More Than a Technology • The technology has been proven – 600+ million EMV cards deployed • Card schemes are committed • EMV affects more than the technology – also business processes and product design • Most organizations do not have appropriate depth of knowledge, and skills are in short supply • Key is the relationship card, and creating sticky relationships for profit The future is for those that can offer me “My Card”
40 Thank You

More Related Content

PPTX
EMV chip cards
Dilip Kumar
 
PDF
EMV: Preparing for Changes to the Retail Payment Process
- Mark - Fullbright
 
PDF
EMV Migration Webinar / Lessons Learned + Next Steps
Ingenico Group
 
PDF
Emv chip card buyers guide
3D Merchant powered by CenPOS
 
PPT
Introduction to emv
Anil Chaurasiya
 
PDF
EMV: What you Need to Know
Total Merchant Services
 
PPTX
Smart Card EMV for Dummies
phdexec
 
PDF
Abdullin modern payments security. emv, nfc, etc
DefconRussia
 
EMV chip cards
Dilip Kumar
 
EMV: Preparing for Changes to the Retail Payment Process
- Mark - Fullbright
 
EMV Migration Webinar / Lessons Learned + Next Steps
Ingenico Group
 
Emv chip card buyers guide
3D Merchant powered by CenPOS
 
Introduction to emv
Anil Chaurasiya
 
EMV: What you Need to Know
Total Merchant Services
 
Smart Card EMV for Dummies
phdexec
 
Abdullin modern payments security. emv, nfc, etc
DefconRussia
 

What's hot (20)

PPTX
Emv and fraud
Ujwal Tamminedi
 
PDF
Chip and Skim: cloning EMV cards with the pre-play attack
- Mark - Fullbright
 
PPTX
So you want to be an EMV Issuer...
Ainsley Ward
 
PPTX
EMV 201 EMF June 2016
Philip Andreae
 
PDF
Sploitego
London School of Cyber Security
 
PPT
Emv overview-payscape-2015 (1)
Karina Khemani
 
PDF
Emv Explained in few words
Banque Populaire Du Rwanda
 
PDF
emv-ebook
Richard Dover
 
PDF
EMV Overview
Kona Software Lab Limited.
 
PDF
EMV Myths Debunked / Fact vs. Fiction
Ingenico Group
 
PDF
Key Things to Know About EMV
Corral Solutions
 
TXT
Smart card emv for dummies
BACKSEATRIDER
 
PDF
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Ingenico Group
 
PPT
Card Industry Overview
Organizational Development & Change Management
 
PPTX
Smart cards
Siddhartha Mazumdar
 
PPT
End-to-End Encryption for Credit Card Processing
Lennon808
 
PDF
7 Ways to Make EMV Easier / Webinar
Ingenico Group
 
PPTX
Credit card industry
Unitedworld School Of Business
 
PPTX
EMV Card Migration: How the EMV Transaction Flow Works
AnnMargaret Tutu (AMT)
 
PDF
EMV Payments: Changes at the Point of Sale
- Mark - Fullbright
 
Emv and fraud
Ujwal Tamminedi
 
Chip and Skim: cloning EMV cards with the pre-play attack
- Mark - Fullbright
 
So you want to be an EMV Issuer...
Ainsley Ward
 
EMV 201 EMF June 2016
Philip Andreae
 
Sploitego
London School of Cyber Security
 
Emv overview-payscape-2015 (1)
Karina Khemani
 
Emv Explained in few words
Banque Populaire Du Rwanda
 
emv-ebook
Richard Dover
 
EMV Overview
Kona Software Lab Limited.
 
EMV Myths Debunked / Fact vs. Fiction
Ingenico Group
 
Key Things to Know About EMV
Corral Solutions
 
Smart card emv for dummies
BACKSEATRIDER
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Ingenico Group
 
Card Industry Overview
Organizational Development & Change Management
 
Smart cards
Siddhartha Mazumdar
 
End-to-End Encryption for Credit Card Processing
Lennon808
 
7 Ways to Make EMV Easier / Webinar
Ingenico Group
 
Credit card industry
Unitedworld School Of Business
 
EMV Card Migration: How the EMV Transaction Flow Works
AnnMargaret Tutu (AMT)
 
EMV Payments: Changes at the Point of Sale
- Mark - Fullbright
 
Ad

Similar to What is A Smart Card (20)

PDF
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
PPTX
Digital banking cards
DhatshanaG
 
PPTX
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
Ken Givens
 
PDF
EMV and Smartcards
NEXTEP Processing
 
PDF
Emv and smartcards
NEXTEP Processing
 
PPT
Smart cards
imshubham
 
PPT
technical seminar EnggRoom_Code_Smartcard.ppt
DJeevithaCse
 
PDF
EMV Credit Card Technology in Parking
Parking & Traffic Consultants
 
PDF
Financial Tech - St. Charles County Chambers Technology Committee presentatio...
Ken Tucker
 
PDF
Smart Cards - Enablers of Electronic Commerce_DeloitteConsultingVS1998
Venkatesan 'Prasad' Sundararajan
 
PPTX
PCI,Smart Card,ATM and E-commerce
Amira Serag
 
PPTX
Smart card technologies dorababu
Dorababu anjimeti
 
PDF
Vanderhoof smartcard-roadmap
Hai Nguyen
 
PPT
Maximizing cardholder value using Smart Card Technology - VISA
Filipe Mello
 
PPT
Smart Cards In The USA
Agile Set, LLC
 
PPT
SMART CARD
Kapil Dev Ghante
 
PPT
Smart cards
Divam Goyal
 
PPT
Introduction to SmartCards - Michael Perlov
Filipe Mello
 
PDF
smartcard-120830090352-phpapp02.pdf
ssuser5b47c8
 
PPTX
Smart Cards.pptx
AjaySahre
 
Embedded System Security: Learning from Banking and Payment Industry
Narudom Roongsiriwong, CISSP
 
Digital banking cards
DhatshanaG
 
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
Ken Givens
 
EMV and Smartcards
NEXTEP Processing
 
Emv and smartcards
NEXTEP Processing
 
Smart cards
imshubham
 
technical seminar EnggRoom_Code_Smartcard.ppt
DJeevithaCse
 
EMV Credit Card Technology in Parking
Parking & Traffic Consultants
 
Financial Tech - St. Charles County Chambers Technology Committee presentatio...
Ken Tucker
 
Smart Cards - Enablers of Electronic Commerce_DeloitteConsultingVS1998
Venkatesan 'Prasad' Sundararajan
 
PCI,Smart Card,ATM and E-commerce
Amira Serag
 
Smart card technologies dorababu
Dorababu anjimeti
 
Vanderhoof smartcard-roadmap
Hai Nguyen
 
Maximizing cardholder value using Smart Card Technology - VISA
Filipe Mello
 
Smart Cards In The USA
Agile Set, LLC
 
SMART CARD
Kapil Dev Ghante
 
Smart cards
Divam Goyal
 
Introduction to SmartCards - Michael Perlov
Filipe Mello
 
smartcard-120830090352-phpapp02.pdf
ssuser5b47c8
 
Smart Cards.pptx
AjaySahre
 
Ad

Recently uploaded (20)

PDF
Kishore Vora - Best CFO in India to watch in 2025.pdf
insightssuccess2
 
PDF
Communication Tactics in Legal Contexts: Historical Case Studies (www.kiu.ac...
publication11
 
PDF
Second Hand Fashion Call to Action March 2025
agatadrynko
 
PPT
Retail Management and Retail Markets and Concepts
SurbhiChoudhary37
 
PDF
Middle East's Most Impactful Business Leaders to Follow in 2025
thearabbusiness
 
PDF
THE COMPLETE GUIDE TO BUILDING PASSIVE INCOME ONLINE
Malcolm86
 
PDF
Tortilla Mexican Grill 发射点犯得上发射点发生发射点犯得上发生
ssun243
 
PPTX
IITM - FINAL Option - 01 - 12.08.25.pptx
MukeshAssociates2
 
PPTX
Transportation in Logistics management.pptx
ssuserc60071
 
PPTX
operations management : demand supply ch
JayeshJaiswal23
 
PDF
533158074-Saudi-Arabia-Companies-List-Contact.pdf
Shaik Abubakr Siddiqui
 
PPTX
IMM marketing mix of four ps give fjcb jjb
aruntambralli3813
 
PPTX
33ABJFA6556B1ZP researhchzfrsdfasdfsadzd
Maria Net
 
PPTX
interschool scomp.pptxzdkjhdjvdjvdjdhjhieij
PrashantNagi1
 
DOCX
Center Enamel A Strategic Partner for the Modernization of Georgia's Chemical...
cecvessels
 
PPTX
Astra-Investor- business Presentation (1).pptx
diksha27bhardwaj
 
PDF
HQ #118 / 'Building Resilience While Climbing the Event Mountain
meetingmediagroupusa
 
PPTX
2 - Self & Personality 587689213yiuedhwejbmansbeakjrk
inshu28231804
 
PDF
Satish NS: Fostering Innovation and Sustainability: Haier India’s Customer-Ce...
red402426
 
PDF
Comments on Clouds that Assimilate Parts I&II.pdf
Brij Consulting, LLC
 
Kishore Vora - Best CFO in India to watch in 2025.pdf
insightssuccess2
 
Communication Tactics in Legal Contexts: Historical Case Studies (www.kiu.ac...
publication11
 
Second Hand Fashion Call to Action March 2025
agatadrynko
 
Retail Management and Retail Markets and Concepts
SurbhiChoudhary37
 
Middle East's Most Impactful Business Leaders to Follow in 2025
thearabbusiness
 
THE COMPLETE GUIDE TO BUILDING PASSIVE INCOME ONLINE
Malcolm86
 
Tortilla Mexican Grill 发射点犯得上发射点发生发射点犯得上发生
ssun243
 
IITM - FINAL Option - 01 - 12.08.25.pptx
MukeshAssociates2
 
Transportation in Logistics management.pptx
ssuserc60071
 
operations management : demand supply ch
JayeshJaiswal23
 
533158074-Saudi-Arabia-Companies-List-Contact.pdf
Shaik Abubakr Siddiqui
 
IMM marketing mix of four ps give fjcb jjb
aruntambralli3813
 
33ABJFA6556B1ZP researhchzfrsdfasdfsadzd
Maria Net
 
interschool scomp.pptxzdkjhdjvdjvdjdhjhieij
PrashantNagi1
 
Center Enamel A Strategic Partner for the Modernization of Georgia's Chemical...
cecvessels
 
Astra-Investor- business Presentation (1).pptx
diksha27bhardwaj
 
HQ #118 / 'Building Resilience While Climbing the Event Mountain
meetingmediagroupusa
 
2 - Self & Personality 587689213yiuedhwejbmansbeakjrk
inshu28231804
 
Satish NS: Fostering Innovation and Sustainability: Haier India’s Customer-Ce...
red402426
 
Comments on Clouds that Assimilate Parts I&II.pdf
Brij Consulting, LLC
 

What is A Smart Card

  • 1. The Technology Is Ready Philip Andreae Philip Andreae & Associates
  • 2. 2 Why are you Here • The globe is in migration to EMV • June 2003: Visa Canada announced its plans to migrate to chip • January 8, CTV W-5 documented the reality of debit card fraud • October 2005: Interac issued schedule for chip • American Express, MasterCard and JCB are ready to support the Canadian migration to chip The Time Has Come
  • 3. 3 What is a Chip Card? • A plastic credit card with an embedded computer chip containing a microcomputer –1976 a calculator in your card –Today the power of 1981 IBM PC –Tomorrow integrated with your body, PDA and Cell Phone?
  • 4. 4 History of Chip Cards a.k.a the Smart Card • 1968 German Inventors, Jurgen Dethloff & Helmet Grotrupp German patent use of plastic as a carrier for Microchips • 1970 Japanese Inventor, Kunitake Arimura applied for similar patent • 1974 French Inventor, Roland Moreno patented the Smart Card • 1978 Honeywell Bull proves miniaturization of electronics • 1993 Work on EMV began • 1995 MasterCard Buys Mondex • French Banks Specifications 1977 • Honeywell Bull Produce First Cards 1978 • Payphone Cards 1983 • French Banking Pilot Begins 1984 • Used in TV 1990 • ETSI GSM SIM 1991 • First ePurse in Bulle, Switzerland 1992 • German Health Card 1993 • First Combi Card 1997 • Mondex in Canada 1998
  • 5. 5 1984-1992 • France Banks elect to implement smart cards • Carte Bancaire develop chip application - B0’ • Merchants receive government incentives • Cardholders use PIN for both credit and debit • Domestic fraud down to 0.02% The World Watched
  • 6. 6 Application Requirements Define the cost of the chip : $1 - $5 USD Operating System Fixed Data Standard Routines Card Id •Owner Id •Pin •EMV Parameters •Credit Limits •Cash Balances CPU RAM ROM Calculated Results NVM Contact Contactless Combi I/O RAM - Read Access Memory ROM - Read Only Memory NVM - Non-Volatile Memory CPU- Central Processing Unit I/O – Input Output
  • 7. 7 Which Chip Card or What Form Factor? • They Vary In Capabilities: – Simple memory cards – Secured memory cards – Processor chips with static data authentication – Crypto chips with dynamic data authentication • Terminal Interface can be:  Contact  Dip and Go  Contactless  Tap and Go  USB Too  Plug & Play • Common Configurations: – Magnetic stripe only (Today) – RFID – Tags and Fobs – Contactless – Paypass, access and transit applications – Hybrid EMV – Magnetic Stripe with chip – Dual chip – Same card, 2 chips, 1 contact - 1 contactless – Combi – Contact – Contactless interface connected to one Chip
  • 8. 8 Smart Cards Support Many Things Credit Debit Stored Value Home Banking Payment Guarantee Ticket Itinerary Boarding Pass Frequent Flyer VIP – Security Calling Card Parking Cards Transit Card Fitness Club Library Card Points Rewards Coupons Discounts Punch Card Passport Drivers License Corporate ID National ID Photo Biometrics Pharmacology Emergency Data: Blood type, Donor Status, Allergies Physician’s Details Health Insurance Access/Rights Home Address vCard Passwords Credentials Car Key PSE IATA Subscriber Loyalty ID Health Profile Key uses: Security, Authentication, Identification, Purse and Data Storage PSE – Payment Systems Environment IATA – International Air Transport Associations
  • 9. 9 Senior Citizen Card Monthly Pass Parking Reservation E-Purse Public Transport Is Going Contactless • Octopus, the Hong Kong Transport System, is also now a bank with payments included on the card • Major cities are implementing contactless fare collection systems – London, Paris, San Francisco, Seattle, Tokyo, Strasburg Washington DC … • Burlington and Gatineau have systems in operation • Montreal, Vancouver, Edmonton, Calgary … are in progress • Most systems include an e-purse other merchants could accept ePurse is the focus….. Profile
  • 10. 10 Governments Are Pursuing Smart Cards • Identity theft is a global concern seeking a secure means of identification • Digital identity, drivers license, benefits and health cards are seen as likely applications • The U.S. Department of Defence issued millions of cards • A digital ID is being sought yet privacy is a concern • Borders are going contactless due to U.S. passport requirements yet interoperability and privacy are a civil libertarian’s concern • Integrity in the Payment systems is a national issue Passport Drivers License SIN Gov. Entitlements Identity Card ID
  • 11. 11 Retailers Are Pursuing Smart Cards • The issuing banks expect retailers to investment in PIN pads, EMV terminals and central system upgrades • Most see large investments with no return on investment • CRM and data-mining use a central database - barcode • For loyalty programs, database solutions work • Mid-tier merchants are being ignored • Renting space on a Payment card is an option Yet, partnering with one bank is not a solution Boots Esso Target Delhaize ASDA Marks & Spencer Loyalty
  • 12. 12 The Banks Are Pursuing Smart Cards • AMEX, Diners, Interac, JCB MasterCard and Visa support a global migration to EMV – Europe implemented a liability shift this year – 2006 thru 2010 Asia Pacific, Central Europe, Middle East, Africa, Latin America have liability shifts planned • Various electronic purse schemes have been tried – Mondex – Proton (Exact) – Visa® Cash – Common Electronic Purse Standard CEPS • MasterCard is focused on contactless – PayPass™ Credit Debit Stored Value Home Banking Payment Guarantee PSE PSE – Payment Systems Environment
  • 13. 13 The Smart Card Forms a Relationship • Portable, anytime - anywhere access mechanism Cardholder Secure Identity Payment Mechanism Access Rights Personal Profile Internet Access Mechanism Interface Device IFD
  • 14. 14 1991 - “ECPS” Identified Smart Cards as the Solution to Payment Card Fraud • The technology was proven in France • Debit card and security drove the requirements • The banks believed in the integrity it would provide • The technology is secure A belief in future profit ECPS = European Council for Payment Systems
  • 15. 15 Began December 1993 Stable Version Released 1998 The international schemes decided smart cards are the way forward Europay, MasterCard, Visa International started “EMV Integrated Circuit Card Specifications for Payment Systems” Fraud Control Pin On Credit Logic in Chip Credit Risk Management Cost Reduction Off-line Authentication Revenue Creation Value Added Services
  • 16. 17 The Classic Smart Card Business Case • Is Based On – A CAM to stop counterfeit loses Card Authentication Method – A CVM to reduce lost and stolen card fraud Cardholder Verification Method – Offline algorithms to reduce processing cost – Support of future value added services
  • 17. 18 The Specifications are Stable International Standards Organization and EMV ISO 7816 - Smart Card Part 1: Physical characteristics Part 2: Cards with contacts -- Dimensions and location of the contacts Part 3: Cards with contacts -- Electrical interface and transmission protocols Part 4: Organization, security and commands for interchange . . . ISO 14443 - Contactless Part 1: Physical characteristics Part 2: Radio frequency power and signal interface Part 3: Initialization and anti-collision Part 4: Transmission protocol . . . EMV Version 4.1 May 2004 Book 1 - Application independent ICC to terminal interface requirements Book 2 - Security and key management Book 3 - Application specification Book 4 - Cardholder, attendant, and acquirer interface requirements Interoperability: The Goal EMVco Certification: The Method
  • 18. 19 Insert Card into Reader Answer to reset Select Applications by PSE or by AID Develop Candidate Application List Consumer Selection EMV Defines Application Selection The key to merging all payment products onto one card PSE – Payment Systems Environment AID – Application Identifier 1. – MasterCard® 2. – Member Card® Enter 1 or 2 to select payment Method ?
  • 19. 20 Interac MasterCard Visa Merchant Commercial Account Cardholder - Member Issuing FIs Payment Scheme Payments: A Four Party Model Retailer - Acquirer  Issuer - Cardholder Acquirer Authorization/Finance Request Authorization/Finance Response Batch Presentment/Clearing
  • 20. 21 Payments a Process with Purpose Authentication Verification Approval Card Security Features PIN Signature Hologram Magnetic Stripe Online Authentication (cvv/cvc) Credit Limit Floor Limit Available Balance Yet No Longer Secure What You Have What You Know      Manual
  • 21. 22 EMV: A Secure Physical Token At Every Point of Interaction Authentication Verification Approval PIN Verified in Chip Credit Limit Available Balance What You Have What You Know Unique Serial Number and Certificates Valid Scheme  Issuer  Card Offline Authentication with Online Optional Terminal Risk Management Card Risk Management At POIBy Issuer
  • 22. 23 Chip Changes the Fabric The card is no longer a passive component Authentication Verification Approval Card Production and Personalization PIN Management Finance and Fraud Management Security Features Encode Mag. Stripe Embed Chip EMV and Card Keys Pin Offset or Host-Based Consumer Choice: A Need for PIN Synchronization Online Authorization Chip Can Actively Engage at POI Issuer Can Update the Card Dynamically
  • 23. 24 Issuing FIs NETWORKS The Chip Card is the Easy Part All your strategic systems are affected Credit Issuers & Banking Systems
  • 24. 25 International Specifications are Available Issued by Each Association VISA NET Bank-NET P RINTER POS P RINTER POS P RINTER POS P RINTER POS CLEARING & SETTLEMENT CLEARING & SETTLEMENT ACQUIRING SYSTEM FRAUD MANAGEMENT ISSUING SYSTEM POINT OF SALE NETWORK VISA ROOT KEY RETAIL HOST STORE CONTROLER PKi SECURITY SERVER RETAIL HOSTSTORE CONTROLER CHECKOU T CHECKOUT CHECKOUT CHECKOUT CHECKOUT CHECKOUT DOMESTIC ROOT KEY MasterCard EUROPAY ROOT KEY CARD PERSONALIZATION CARD PRODUCTION SMART CARD LOADER ENCODINGEMBOSSING CARD MANAGEMENT MCPS & MCHIP VIS & VSDC AEIPS Interac Chip On Paper
  • 25. 26 Benefits of EMV to Issuers • Global interoperability • More secure payment card • Reduced fraud; therefore, less exceptions • Efficiency in servicing low value transactions • Ability to support credit and debit on a card • Reduced costs through offline transactions • New revenue opportunities
  • 26. 27 Benefits of EMV to the Acquirers • Irrefutability of payment transaction • Reduced cost of handling chargebacks • Low value transactions – Drives transaction growth • New revenue opportunities • Rewards • Consumer profile • Loyalty • Other value-added services
  • 27. 28 Benefits of EMV to Merchants • Guarantees payment to merchants • Enhance efficiencies: – Speed and ease of use at the point-of-sale – Reduction in need to keep paper receipts – Improve dispute procedures and resolution – Reduce fraud
  • 28. 29 Benefits of EMV to Merchants • Enhance the e-commerce environment • Platform for more robust loyalty programs • Opportunity to employ electronic payments at unattended locations and high-risk outlets
  • 29. 30 Canada Will Invest $1 Billion+ Local Networks Everyone's Legacy Systems Must Be Upgraded Payment Network s 100% Terminal Replacement Processors $ 2 Million x 15 $ 30M Issuers $ 15 Million x 5 Banks $ 7 Million X 10 Banks + $2 per Card x 75M $ 295 M Integrated Merchants $ 2 Million Per Major x 50 + 250 Per PIN Pad x 300,000 Devices $ 175M Merchants $ 300 Per POS x 500,000 devices $ 150M White Label ATM $ 2,000 Per ATM x 25,000 devices $ 50M Estimates are by PA&A for Canadian Payment Migration Issuer Bank Machines $ 2,000 x 28,000 $56 M Petroleum $6,000 Per Dispenser EMV demands significant change to the 8583 message Processors Acquiring FI Processor Acquiring Processors $ 5 Million Each x 6 Processors $ 30M
  • 30. 31 Key EMV Migration Issues • PIN Verification in chip and consumer select • The EMV message structure expands • Online CAM added to authorization process • Point-of-interaction must be EMV and PCI PED compliant • Introduction of cryptography everywhere
  • 31. 32 Business Process Implications • Impact on product design • Consumer PIN select • Inclusion of chip in card design • Card production and issuance • Call centre screens and work flow • Reduction in exception items • Consumer education • Merchant acceptance procedures • Merchant and consumer contracts • Branch processes and procedures
  • 32. 33 PIN Management • Both credit and debit cards will employ PIN as the preferred means of cardholder verification • The requirement: Let the consumer select their PIN – Yet, the PIN on chip and the magnetic stripe PIN are technically different – The two PINs must be synchronized and changed together at a secure point-of-interaction i.e. branch terminal or ATM • Those without national infrastructure must consider their strategy carefully
  • 33. 34 Merchant Migration is the Biggest Issue • Acquirer-Owned Equipment – Typically written off – Most equipment has several good years of life left in it • Integrated Merchants – Can identify saving as a result of EMV introduction – Will plan as part of normal point-of-sale upgrade – Have leverage to negotiate with acquirers • Small Integrated Merchant – Very little leverage – Typically own their own payment terminals – Must upgrade point-of-sale software
  • 34. 35 Chip Card Manufacturing Process Developing the mask can take upwards of 20 months Die bond Module Wire bond Encapsulation Embossing & Personalization Module Embedding GLUE MODULE SITE CUSHION MODULE
  • 35. 36 EMV: Card and Key Management • EMV introduces cryptography – To assure card authenticity – To guarantee an irrefutable transaction • Various methodologies are employed – Public Key – between the card and POI – Symmetric Key – between card and issuer • Various algorithms are employed – RSA – authenticate scheme, issuer and card – 3DES – authenticate card and transaction to issuer and issuer to card
  • 36. 37 Back Office Debit and Credit Systems Many systems require upgrade or replacement • Credit card systems must perform online authentication • Banking systems must perform online authentication • Key management becomes a core competency • Integration with card management processes • New PIN management techniques required • Fraud and risk management systems • Card life cycle must be managed • Card issuance and replacement
  • 37. 38 Card Management • Management of smart cards is complex – EMV requires management of the card during its entire life – Security must be managed holistically – Employing scripts – chip parameters can be updated during the life of the card – Future value of smart cards is the ability to support multiple functions within the same card – Managing the load or unload of applications enhances consumer proposition and fraud management capabilities
  • 38. 39 Smart Card More Than a Technology • The technology has been proven – 600+ million EMV cards deployed • Card schemes are committed • EMV affects more than the technology – also business processes and product design • Most organizations do not have appropriate depth of knowledge, and skills are in short supply • Key is the relationship card, and creating sticky relationships for profit The future is for those that can offer me “My Card”