emv 101 michelle lehouck emv product manager cpi card group
TRANSCRIPT
EMV 101
Michelle LehouckEMV Product ManagerCPI Card Group
Card Manufacturing Business Model(s)
Copyright © 2012 CONFIDENTIAL
What is EMV?• “The globally interoperable standard
specification governing transactions between chip cards and terminals in the payments industry is called EMV– From the initials of Europay, Mastercard and
Visa– The payment networks that originally
developed the specifications• Today, the EMV standard, it’s
management, and future development are under the control of EMVCo, a jointly owned body set up by the payment networks for this purpose” *Mastercard, “An Introduction to EMV”, 2012
What is EMV?
• EMV creates a stable basis for investment in chip-based dynamic data payments across multiple form factors (contact cards, contactless devices, and mobile devices) and enables product-level innovation across the payment ecosystem without compromising interoperability.
Copyright © 2012 CONFIDENTIAL
EMV 101
• Consumer payment application is resident in a secure Integrated Circuit Card (ICC) or chip– Contact chips in smart cards– Contactless chips in smart cards or personal
devices such as smart phones
• Chip key features– Store information– Perform processing– Secure element which stores secrets and
performs cryptographic functions
Copyright © 2012 CONFIDENTIAL
Why EMV: Building a Business Case
• “EMV can transform the purchasing experience and enable future innovations by making payments safer, simpler and smarter for both consumers and customers alike.
• Many have upgraded to EMV to reduce:Fraud however, the upgrade to the EMV standard also will potentially deliver:– Reduced operational costs– Improved risk management– Increased card usage– A wide range of value added opportunities”*
*Mastercard, “An Introduction to EMV”, 2012
EMV: Overview of Infrastructure• Card Issuance• Terminal Installation by Acquirer or Merchant• Testing and Certification• The Payment Process
– Card Authentication (CAM)– Card Verification (CVMs)– Authorization– Clearing and Settlement
• Issuer Host Systems• Acquirer Host Systems• Other Important Features of the EMV Chip
– Scripts, Card Network Rules, Chip & Pin, Added value apps
*Mastercard, “An Introduction to EMV”, 2012
How is the transaction different?
• The card generates an EMV Application Cryptogram (AC) at key transaction points– AC’s are signatures created with a card unique DES key
composed of critical data elements that indicate the status at the transaction point
• To indicate if online authorization is required– Authorization ReQuest Cryptogram (ARQC)
• At transaction completion– Transaction Certificate (TC) for an
approval– Application Authentication Cryptogram
(AAC) for a decline
Copyright © 2012 CONFIDENTIAL
How is the transaction different?
• Risk management features under acquirer control to select transactions for online approval– Floor limits– Domestic or retailer criteria– Random transaction selection
• Together with issuer chip card controls, protect against the use of lost and stolen or counterfeit cards which attempt to stay beneath the floor limit
Copyright © 2012 CONFIDENTIAL
Cardholder Verification Process (CV)• EMV introduces new features for
cardholder verification– Cardholder verification method (CVM)
list• Issuer can define multiple CVMs in the card
and define the conditions under which the CVM must be applied
– Offline PIN• Offline Plaintext PIN• Offline Enciphered PIN
– EMV still supports traditional methods• Online enciphered PIN, signature, “no CVM”
Copyright © 2012 CONFIDENTIAL
EMV Card StandardsISO 7816 Standards
ISO defines the principal standard for making, controlling and testing smart cards.
ISO 7816-4Memory management and inter industry commands
ISO 7816-1Dimensions and
physical constraints
WidthMax 85,72 mmMin 85,47 mm
HeightMax 54,03 mmMin 53,92 mm
Thickness0,76 +/- 0,08 mm
ISO 7816-2Electrical signals
ISO 7816-3Communication Protocol
Copyright © 2012 CONFIDENTIAL
RAM : Random Access MemoryCPU : Processor unit (RSA: cryptocontroller)ROM : Read Only MemoryEEPROM : Electrically Erasable Programmable Read Only
Memory
Components
Chip Architecture
Copyright © 2012 CONFIDENTIAL
Decisions 101
What chip should I use?When creating EMV cards there are many factors
that will affect the cost, software and production time. Start by answering the following questions:
• Choose from the following: Contact, Contactless, Dual Interface
What is the card type?
• Visa, MC, AMEX, Discover, JCB, China UnionPay
What Association?
• Choose from the following: Domestic, International, Global
Where is the market?
• Our technology experts will help define the best technology that fits your specific needs to determine the optimal solution.
When can we meet?
Copyright © 2012 CONFIDENTIAL
EMV Card Types
• Contact: Reader comes into ‘contact’ with the chip
• Contactless: Reader signals chip wirelessly
• Dual Interface: Reader can use contact with chip or wireless
Copyright © 2012 CONFIDENTIAL
MemoryHow much erasable memory do
you need on this EMV card?
• Eeprom is where your service bureau would dynamically load proprietary applications onto the card, like an app to you or other (sector apps on the card) For example: a ticketing application.
– Contact – Averages 8k– Dual Interface – Averages 12k– More is needed for large
custom applications
Copyright © 2012 CONFIDENTIAL
Authorization?
• SDA - Static Data Authentication– Cheapest, developed for off-line
• DDA - Dynamic Data Authentication
• CDA - Combined Data Authentication
• See appendix for more details
Copyright © 2012 CONFIDENTIAL
Operating System
What software is supported on the chip?
• Open:– JAVA – MULTOS (primarily for MC Banks Only)
• GP – VGP: Global Platform , Visa Global Platform• Native (proprietary)
Copyright © 2012 CONFIDENTIAL
Software Specifications
What level of VISA/MC specifications do you need?
• VSDC 2.7.1• MChip4 Select (1.1a, or 1.1b) / MChip4 Advance
If you have picked a JAVA or GP OS, what level
of Java or GP (Global Platform) Card specification would you like to comply to?
• JAVA 2.1.1, Java 2.2.2• GP 2.1.1Copyright © 2012
CONFIDENTIAL
Other Manufacturing Questions• Key Ceremony:
– CPI can manufacture the card and rotate the public manufacturing key to a secure issuer. To do this, a key ceremony will need to be performed with the issuer and service bureau
• Who initializes the card?– CPI in a pre-personalization step?– Service bureau
• CAP (Chip Authentication Program) files– These can be loaded at pre-perso and provides
for faster personalization
Copyright © 2012 CONFIDENTIAL
Association Mandates
EMV in the U.S.
The adoption of dual-interface chip technology will help prepare the U.S. payment infrastructure for the arrival of NFC-based mobile
payments by building the necessary infrastructure to accept
and process chip transactions that support either a signature or
PIN at the point of sale.
Source: Visa, August 9, 2011
Mandates
Effective October 1, 2012, Visa will expand its Technology Innovation Program (TIP) to the U.S.
Visa will require U.S. acquirer processors and sub-processor service providers to be able to
support merchant acceptance of chip transactions
no later than April 1, 2013.
Visa intends to institute a U.S. liability shift for domestic and cross-border counterfeit card-
present point-of-sale (POS) transactions, effective October 1, 2015.
Source: Visa, August 9, 2011
Recommendations
Copyright © 2012 CONFIDENTIAL
Source: Visa, October 26, 2011
MasterCard• By April 2013, Acquirers need to be able to
compute EMV transaction (POS/ATMs)• Strongly supports DDA EMV card issuance
(contact or DI) with introduction of PIN • By October 2015, Liability Shift from
Association to Issuer if EMV chip is not enabled on all financial cards (Credit and Debit)applies to:– Card Present– Card Not Present
Copyright © 2012 CONFIDENTIAL
Construction 101
Production Process
Lamination Milling Embedding
Copyright © 2012 CONFIDENTIAL
LaminationLamination consists of punching and applying
hot melt tape on the micromodule film.
Copyright © 2012 CONFIDENTIAL
Milling
Milling consists of the creation of the cavity prior to receive the micromodule.
Copyright © 2012 CONFIDENTIAL
Embedding
Embedding consists of punching and picking the micromodule from the film and
inserting it into the milled cavity.
Copyright © 2012 CONFIDENTIAL
Dual Interface• Compression Technology
– “Z” axis adhesive
– Flexible bump
Copyright © 2012 CONFIDENTIAL
• Air coupled – SPS “antenna coupling”
• Hera– Pigtails module soldered to antenna Connections
Copyright © 2012 CONFIDENTIAL
Dual Interface cont.
More Resources
More Resources
• http://www.smartcardalliance.org/• http://www.cpicardgroup.com/educati
on• http://www.emvco.com/• http://www.linkedin.com/groups?gid=
2242262&trk=myg_ugrp_ovr
Copyright © 2012 CONFIDENTIAL
Appendix
Copyright © 2012 CONFIDENTIAL
Static Data Authentication (SDA)• Indicates that the signed data on the chip has not
been changed or manipulated– Cards DO NOT require RSA cryptographic processing
capability– Each card is personalized with the Issuer public key
certificate and static signed application data– Static signed application data is composed of data
elements personalized onto the card and signed with issuer private key
– Terminal performs RSA cryptographic processing using issuer public key to authenticate signed static application data
– Does NOT indicate that card is authenticated offline
Copyright © 2012 CONFIDENTIAL
Dynamic Data Authentication (DDA)• Indicates that the actual card issued is present at
the point of sale– Cards DO require RSA cryptographic processing
capability– Each card is personalized with the issuer public key
certificate, card public key certificate and card private key
– Card generates unique signed dynamic application dataper transaction by signing data elements from both the card and terminal with the card private key
– Terminal performs RSA cryptographic processing using card public key to authenticate signed dynamic application data
– DOES indicate that the card is authenticated offline
Copyright © 2012 CONFIDENTIAL
Combined Data Authentication (CDA)
• Dynamic Data Authentication with Application Cryptogram generation (CDA) – The same personalisation requirements as DDA with an
additional step during “card analysis”• Cards DO require RSA cryptographic processing
capability• Card generates a “dynamic signature” using card
private key, in addition to the “application cryptogram”, to prove that the card authenticated during DDA was the same card that provided the “application cryptogram”
• Assists in the detection of an attempted "man-in-the-middle" attack where the fraudster alters data between card and terminal to try to keep the card offlineCopyright © 2012
CONFIDENTIAL