White Paper: Reducing Certification Cycles for Chip EMV Application
|
|
- Damian Little
- 6 years ago
- Views:
Transcription
1 2014 White Paper: Reducing Certification Cycles for Chip EMV Application Nitin Mittal
2 Introduction White Paper: Reducing Certification Cycles for Chip EMV Application In past and even today, lot of incidents are heard about card skimming and card cloning with magnetic stripe technology. To combat this situation, EMV came into picture which has substantially reduced such type of frauds. EMV is a global standard for interoperable operations of ICC, ATMs and POS worldwide which is being evolved against latest vulnerabilities. Worldwide EMV Deployment and Adoption Adoption Rate 81.60% 24.40% 54.20% 38.90% 17.40% Canada, Latin America, and the Carribbean Asia Pacific Africa & the Middle East Europe Zone 1 Europe Zone 2 As on 6 th May, 2014 (EMVCo), there are 2.37 billion EMV payment cards in circulation and 36.9 million EMV terminals active worldwide. This figure is witnessing the level of acceptance of EMV technology worldwide. Below chart shows the adoption rate of EMV payment cards regionally. Figure 1: Figures reported in Q and represent the latest statistics from American Express, Discover, JCB, MasterCard, UnionPay, and Visa, as reported by their member institutions globally. (Source: EMVCo) With increasing demand for EMV technology, many players are coming up with their card products in market. These products must go through Card Type Approval process which is established by EMVCo. Separate Card Type Approval process has been defined for CCD (Common Core Definitions) and CPA (Common Payment Application) specifications. EMVCo defines two levels of certification for type approval i.e. Level 1 and Level 2. The Level 1 Type Approval process tests compliance with the electromechanical characteristics, logical interface, and transmission protocol requirements defined in the EMV Specifications. Level 2 Type Approval tests compliance with the debit/credit application requirements as defined in the EMV Specifications. EMV chip payment applications are neither easy to develop nor getting certified from accredited laboratory. Certification of EMV chip payment application is a prolonged process which may take more than two or three iterations which is sometimes more than a year or two in terms of duration. This situation arises due to lack of maturity in developing chip payment application and qualifying them inhouse. This document highlights the areas for Level 2 where in-house testing must put its maximum emphasis in order to identify potential defects in chip payment application, in turn, which will expedite the certification process at accredited lab as maximum number of issues would have been dealt with already. This document may also serve a kind of Defect Taxonomy for chip payment application. 2
3 EMV Transaction Flow Image shown below illustrates the EMV transaction flow in a simpler way. Based on these transaction steps, this document will address the type of defects that may be a potential issue in the respective step. Application Selection May be more than one application. Terminal and chip agree on common supported applications. Cardholder may choose if more than one common application. Initiate Application Processing and Read Application Data Selected application is initiated and terminal read the necessary data from the chip. Offline Data Authentication Offline data authentication via SDA, DDA or CDA. Processing Restriction Checks are performed to confirm the chip is allowed to do the Transaction. Cardholder Verification Signature, online PIN, Offline enciphered PIN, Offline plaintext PIN or no CVM. Terminal Risk Management Terminal performs checks such as Floor Limit to determine if online processing is required. Terminal Action Analysis Based on offline data auth, processing restriction, CVR, TRM and rules in terminal and chip, the terminal application requests a result of decline offline, approve offline or go online. Card Action Analysis Based on issuer defined rules and limits, the card will respond With ARQC, AAC or TC. Completion and Script Processing Online Processing If the chip requests to go online, then the terminal builds an online request to the issuer host for authorization and online card Authentication. If ARPC is received, the terminal will send the data to card to chip for Transaction completes. If online processing occurred the chip will be requested to confirm with a TC or AAC and will apply any script commands. 3
4 Potential Area to Detect Defects After understanding the EMV transaction and its processing steps, now let s see the areas where potential defects could be identified. Although defects could be present in any processing step, yet this white paper is intended to focus on the most erroneous part of transaction processing. Application Selection SELECT Selection of ADF with partial name Selection of next occurrence of ADF with partial name, if another ADF exists with same partial name Selection of next occurrence of ADF with partial name, if no other ADF exists with same partial name Selection of next occurrence of an ADF with complete AID Selection of next occurrence of ADF with partial name before the selection of first occurrence Selection of a non-existent application Selection of ADF with Alias AID Initiate Application Processing GET PROCESSING OPTIONS Increment ATC for each transaction initiated No ATC increment, if error occurs during initiate application processing Initiate Application Processing must be stopped, if ATC reached its maximum limit. (Issuer option) Incorrect PDOL provided in data field Missing tag 83 in data field Inconsistent length of PDOL related data in data field Profile Selection processing (if supported) Profile Selection Table consistency AFL consistency 4
5 Offline Data Authentication SDA, DDA and CDA INTERNAL AUTHENTICATE Terminal must perform Offline Data Authentication, if supported by terminal and ICC both Manipulation in data required for Offline Data Authentication Data required for Offline Data Authentication not TLV encoded Data required for Offline Data Authentication, if in range SFI 1 to 10, must not include tag 70 and length of data for processing Data required for Offline Data Authentication, if in range SFI 11 to 30, must be include tag 70 and length of data for processing If Static Data Authentication Tag list exists, it must contain only the tag of Application Interchange Profile Tag and length of Application Interchange Profile must not be included in data required for Offline Data Authentication ICC does not contain DDOL or ICC contains DDOL but does not include Unpredictable Number Different RSA keys are used at ICC and terminal Response must be in format 2 and length of response equals ICC RSA key modulus length ICC must return error SW if Unpredictable Number is personalized in DDOL or no DDOL related data present in APDU Two successive Internal Authenticate command are not possible ICC returns error SW if no prior GPO command or failed GPO command ICC returns error SW if DDOL is not personalized ICC returns error SW if RSA key not personalized Cardholder Verification VERIFY ICC must verify the PIN (plaintext / enciphered) Counter must decrease for each unsuccessful PIN verification attempt PIN counter must be reset to its limit after successful PIN verification attempt When PIN counter reaches to 0, ICC must send back error SW (PIN blocked) PIN data not in EMV format PIN not personalized but used Scope of PIN verification is limited to current transaction 5
6 Card Action Analysis GENERATE APPLICATION CRYPTOGRAM ICC must check the content of Card Risk Management Data Object List (CDOL1) ICC response for each type of requested cryptogram i.e. TC, ARQC and AAC Cryptogram Information Data (CID) must be checked if correct bits are set according to transaction status Card Verification Results (CVR) must be checked if correct bits are set according to transaction status ICC must return AAC for blocked application Check the behavior of ICC based on Card Issuer Action Code (CIAC) for denial, online and default Check the behavior of ICC in current transaction if some flags were set during previous transaction Check the behavior of ICC based on velocity checking Updating counter in accordance with Card Status Unit (CSU) or Issuer Authentication Check the behavior of ICC for different cases of Issuer Authentication (Performed, Failed, Passed, Not Performed) Check the behavior of ICC is Issuer Script failed in previous transaction Check the behavior of ICC if it is a new card Check the behavior of ICC for online capable or no online capable terminal Check the behavior of ICC in case terminal sends erroneous status of Cardholder Verification Results Check the behavior of ICC in case terminal sends erroneous status of Offline Data Authentication Verify CDA signature returned in response Cryptogram must be validated Check the behavior of ICC in case Authorization Response Code is Y3 or Z3 (terminal is unable to go online) Check if transaction log file is being updated for transaction 6
7 Script Processing APPLICATION BLOCK Check if ICC application is blocked after a successful Application Block command Selection of blocked ICC application must return warning SW Transaction must be declined for block ICC application must be allowed only in application script state APPLICATION UNBLOCK Check if ICC application is unblocked after a successful Application Unblock command must be allowed only in application script state PIN CHANGE/UNBLOCK Check if ICC application PIN is unblocked after a successful PIN Change/Unblock command with P2 = 00 Check if ICC application PIN is changed after a successful PIN Change/Unblock command with P2 = 01 using current PIN Check if ICC application PIN is changed after a successful PIN Change/Unblock command with P2 = 02 without using current PIN ICC must return error if tag 87 is not present for enciphered data block (PIN change case) ICC must return error if padding indicator 01 is not present for enciphered data block (PIN change case) ICC must return error is PIN block is not in EMV format must be allowed only in application script state 7
8 PUT DATA Check if ICC application is able to update allowed tag Check if ICC application is able to decline to update the non allowed tag ICC must return error if first byte of secured command data field is not equal to 81 ICC must return error if supplied data length if greater than the reserved data length of the tag must be allowed only in application script state UPDATE RECORD Check if ICC application is able to update the record Check if ICC is able to decline updating a record if length of new value is greater than the reserved length of record ICC must return error if first byte of secured command data field is not equal to 81 must be allowed only in application script state 8
9 Conclusion White Paper: Reducing Certification Cycles for Chip EMV Application As depicted in Figure 1, it is clearly shown the scope of EMV deployment across the globe. On continuous approach to improve functioning and security of EMV chip application, EMVCo and other associated parties are evolving and publishing their chip application specification. This increases the demand of new applications, with additional features, that need to be certified by a laboratory which charges handsome amount of money for certification. Hence, this makes in-house testing essential in order to reduce the cost attached to certification. This can be achieved only if application under certification has been tested robustly during in-house testing. Moving to more standardized and established in-house testing will require right direction, right inputs and right solutions. This white paper will contribute its little yet significant role towards establishing a robust chip application test framework and test suite. In today s dynamic and challenging and regulatory environment, organization must ensure the least certification cycles should be practiced in order to minimum turnaround time for product launch and reducing cost attached to this. 9
EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...
EMV Chip Cards FREQUENTLY ASKED QUESTIONS Table of Contents GENERAL BACKGROUND...1 GENERAL FAQ...1 4 MERCHANT FAQ...5 PROCESSOR/ATM PROCESSOR FAQ... 6 ISSUER FAQ... 6 U.S.-SPECIFIC FAQ...7 8 GENERAL BACKGROUND
More informationEMV Versions 1 & 2. Divided into 3 parts:
EMV Specification EMV Specifications May 94 - Version 1.0 EMV Part 1 Aug 94 - Version 1.0 EMV Part 2 Oct 94 - Version 1.0 EMV Part 3 Jun 95 - Version 2.0 EMV Jun 96 - Version 3.0 EMV 96 May 98 - Version
More informationVisa Minimum U.S. Online Only Terminal Configuration
Visa Minimum U.S. Online Only Terminal Configuration Intended Audience This document is intended for U.S. merchants, acquirers, processors and terminal providers who are planning deployments of EMV chip
More informationCanada EMV Test Card Set Summary
Canada EMV Test Card Set Summary.90 January, 2018 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationIs Your Organization Ready for the EMV Challenge?
Is Your Organization Ready for the EMV Challenge? Suzanne Galvin Director of Product Management Elan Financial Services Jeff Green Director of the Emerging Technologies Advisory Service Mercator Advisory
More informationEMV: Facts at a Glance
EMV: Facts at a Glance 1. What is EMV? EMV is an open-standard set of specifications for smart card payments and acceptance devices. The EMV specifications were developed to define a set of requirements
More informationCard Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?
Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure? A Smart Card Alliance Payments Council White Paper Publication/Update Date: January 2013 Publication
More informationRe: EMVCo Letter of Approval - Contact Terminal Level 2
June 23, 2017 Mr. Hans-Henning Kochsmeier Wincor Nixdorf International GmbH Heinz-Nixdorf-Ring 1 Paderborn 33106 GERMANY Re: EMVCo Letter of Approval - Contact Terminal Level 2 EMV Application Kernel:
More informationPayPass M/Chip Requirements. 3 July 2013
PayPass M/Chip Requirements 3 July 2013 Notices Following are policies pertaining to proprietary rights, trademarks, translations, and details about the availability of additional information online. Proprietary
More informationUSA EMV Test Card Set Summary
USA EMV Test Card Set Summary.80 January, 2018 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationCards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region
Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region Notice of confidentiality This presentation is furnished to you solely in your capacity as a
More informationEMV * Contactless Specifications for Payment Systems
EMV * Contactless Specifications for Payment Systems Book A Architecture and General Requirements Version 2.6 March 2016 * EMV is a registered trademark or trademark of EMVCo LLC in the United States permitted
More informationOptimizing Transaction Speed at the POS
Optimizing Transaction Speed at the POS Version 3.0 Date: October 2017 U.S. Payments Forum 2017 Page 1 About the U.S. Payments Forum The U.S. Payments Forum, formerly the EMV Migration Forum, is a cross-industry
More informationEMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services
EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services October 25, 2012 Agenda What EMV is and how it works U.S. and global adoption Impact to the payments ecosystem
More informationAcquirer JCB EMV Test Card Set Summary
Acquirer JCB EMV Test Card Set Summary July, 2017 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationThe Migration to EMV in the USA from a Founders Perspective. Philip Andreae Oberthur Technologies
The Migration to EMV in the USA from a Founders Perspective Philip Andreae Oberthur Technologies Chip Card Contact multisim Identity Card Passport SIM card Access Control Identity Dual Card Form Factors
More informationAconite Smart Solutions
Aconite Smart Solutions PIN Management Services Contents PIN MANAGEMENT... 3 CURRENT CHALLENGES... 3 ACONITE PIN MANAGER SOLUTION... 4 OVERVIEW... 4 CENTRALISED PIN VAULT... 5 CUSTOMER PIN SELF SELECT
More informationEMV: Frequently Asked Questions for Merchants
EMV: Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited
More informationExtending EMV to support Murabaha transactions
Extending EMV to support Murabaha transactions Mansour A. Al-Meaither and Chris J. Mitchell Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, United Kingdom {M.Al-Meaither,
More informationEMV Transactions with the ID TECH Universal SDK
EMV Transactions with the ID TECH Universal SDK Rev. B August 10, 2017 2017 ID Technologies, Inc. All rights reserved ID TECH 10721 Walker Street, Cypress, CA90630 Voice: (714) 761-6368 Fax: (714) 761-8880
More informationEMV and Educational Institutions:
October 2014 EMV and Educational Institutions: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks,
More informationTokenization: What, Why and How
Tokenization: What, Why and How 11/5/2015 UL Transaction Security 2011 Underwriters Laboratories Inc. We have EMV why do we need tokenization? From Magstripe Merchant Signature Issuer Magstripe Risk Management
More informationEMV Adoption in the U.S.
EMV Adoption in the U.S. What you need to know about the outcome of EMV adoption in other countries and the implications for adoption in the U.S. Table of Contents Introduction [3] What is EMV? [4] The
More informationWhite Paper. EMV Key Management Explained
White Paper EMV Key Management Explained Introduction This white paper strides to provide an overview of key management related to migration from magnetic stripe to chip in the payment card industry. The
More informationPinless Transaction Clarifications
Pinless Transaction Clarifications April, 2017 Agenda Definition Level Set Application Selection Overview and Scenario Explanation EMV No CVM PIN Bypass Debit Expansion Programs PINless POS Product Signature
More informationEMV is coming. But it s ever changing.
EMV is coming. But it s ever changing. March 26, 2013 Presented By MICHELLETHORNTON Senior Product Manager CO-OP Financial Services RYANZILKER B2B Marketing Manager CO-OP Financial Services Today s Agenda
More informationInformation about this Replacement
Information about this Replacement Replacement What is in this new version? The July 2008 Card Personalization Validation Guide replaces your existing document. Please refer to the Summary of Changes for
More informationTop 5 Facts Merchants Need To Know About EMV
Top 5 Facts Merchants Need To Know About EMV June, 2015 Lindsay Breathitt, Product Marketing Steve Cole, Product Management Why EMV, Why Now Agenda U.S. market update EMV Top 5 EMV facts Understanding
More informationWhitepaper ax eft-kernel EMV Level 2 Kernel - a Software Module for EFTPOS Terminals
Abrantix AG Förrlibuckstrasse 66 CH 8005 Zürich Tel.: +41 43 433 70 30 Fax.: +41 43 433 70 31 www.abrantix.com info@abrantix.com Whitepaper ax eft-kernel EMV Level 2 Kernel - a Software Module for EFTPOS
More informationATM Webinar Questions and Answers May, 2014
May, 2014 Debit Network Alliance LLC (DNA) is a Delaware Limited Liability Company currently comprised of 10 U.S. Debit Networks and open to all U.S. Debit Networks. The goal of this collaborative effort
More informationEMVCo: Operating Principles
EMVCo: Operating Principles This document provides an overview of EMVCo s operating principles, including its governance, operations and the role of EMV Specifications in the wider payments community.
More informationCard Payment acceptance at Common Use positions at airports
Card Payment acceptance at Common Use s at airports Business requirements Version 1, published in June 2016 Preamble Common Use (CU) touchpoints (self-service s such as self-service kiosks or bag drops,
More informationFormal models of banking cards for free! Fides Aarts Erik Poll Joeri de Ruiter
Formal models of banking cards for free! Fides Aarts Erik Poll Joeri de Ruiter Radboud University Nijmegen To verify a program you need: 1. a program logic Program Verification 2. a tool supporting this
More informationHEADLINE INSIGHTS ON HERE EMV TRANSACTION SPEED PERFORMANCE OPTIMIZATION
HEADLINE INSIGHTS ON HERE EMV TRANSACTION SPEED Subhead & POS Here PERFORMANCE OPTIMIZATION EXECUTIVE SUMMARY It has been more than a year since the EMV liability shift came into effect in the U.S. and
More informationEMV Just the Facts. Ozarks Association of Government Accountants
EMV Just the Facts Ozarks Association of Government Accountants Speakers and Housekeeping EMV: Just the Facts Presentation Brad Hench Regional Sales Manager US Bank Elavon 45 minute presentation 10 minute
More informationEMV & Fraud POS Fraud Mitigation Tips for Merchants First Data Corporation. All Rights Reserved.
EMV & Fraud POS Fraud Mitigation Tips for Merchants EMV Information Merchants may see an increase in Card-Not-Present Fraud as a result of the new EMV standards. Help protect your business from fraud risk
More informationEMV Testing and Certification White Paper: Current Global Payment Network Requirements for the U.S. Acquiring Community
AN EMV MIGRATION FORUM TESTING AND CERTIFICATION WORKING COMMITTEE WHITE PAPER EMV Testing and Certification White Paper: Current Global Payment Network Requirements for the U.S. Acquiring Community Version
More informationARGO SP3 US Common AID Update Software Release Notes
Triton Systems of Delaware, LLC ARGO 7 3.3.2 SP3 US Common AID Update Software Release Notes Affected products ARGO 7 July 21, 2016 Version 1.2 Triton Systems of Delaware, LLC 21405 B Street Long Beach,
More informationUnderstanding the 2015 U.S. Fraud Liability Shifts
Understanding the 2015 U.S. Fraud Liability Shifts Version 1.0 May 2015 Some U.S. payment networks are implementing EMV fraud liability shifts effective October 2015. With these liability shifts fast approaching,
More informationE M V O V E R V I E W. July 2014
E M V O V E R V I E W July 2014 A G E N D A EMV Overview EMV Industry Announcements EMV Transaction Differences, What to Expect Solution Decisions Market Certification Considerations Questions 2 E M V
More informationpayshield 9000 The hardware security module securing the world s payments
> payshield 9000 The hardware security module securing the world s payments www.thalesgroup.com/iss Information Systems Security Information Systems Security payshield 9000 Table of Contents Introduction
More informationEMV: The Journey Begins October 1st
221 NORTH LASALLE ST. CHICAGO, IL 60601 312-873-3300 INFO@WCAPRA.COM EMV: The Journey Begins October 1st An Examination of the History, Impact, Best Practices, Pitfalls of EMV Implementations, and What
More informationGemalto Consulting Services. Take control of your smart card implementation
Gemalto Consulting Services Take control of your smart card implementation FINANCIAL SERVICES & RETAIL > SERVICE ENTERPRISE INTERNET CONTENT PROVIDERS PUBLIC SECTOR TELECOMMUNICATIONS TRANSPORT Gemalto
More informationTokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC
ization Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager Andrews Hooper Pavlik PLC 1 Agenda and Implementation EMV, Encryption, ization Apple Pay Google Wallet Recent Trends Resources Agenda and
More informationTechnology Developments in Card-Based Payments WACHA Payments 2013
Technology Developments in Card-Based Payments WACHA Payments 2013 April 9, 2013 The information contained on these slides is considered the Confidential & Proprietary Information of Two Sparrows Consulting,
More informationProtecting Your Future
Protecting Your Future with NCR Secure How to prepare for the EMV and Windows 7 Migration An NCR White Paper 02 1 Upcoming Major Changes and Trends The North American financial industry will go through
More informationFirst Data EFTPOS. User Guide. 8006L2-3CR Integrated PIN Pad
First Data EFTPOS User Guide 8006L2-3CR Integrated PIN Pad 2 Contents What are you looking for? Get to know your PIN pad Introduction 05 PIN Pad location and PIN privacy 05 PIN Pad ownership 06 Your PIN
More informationEMV Migration for the US Parking Industry EMV and the Parking Industry
EMV and the Parking Industry May 2013 Contents Introduction 03 What is EMV 04 Why EMV Matters 06 to Parking Overcoming the 08 Challenges Case Study 10 Best Practice Tips for 11 EMV Migration About Creditcall
More informationContactless Toolkit for Acquirers
MASTERCARD AND MAESTRO CONTACTLESS PAYMENTS Contactless Toolkit for Acquirers DECEMBER 2016 19.7% The Global Contactless Payment Market is poised to grow at a CAGR of around 19.7% over the next decade
More informationMerchant Trading Name: Merchant Identification Number: Terminal Identification Number: ANZ CONTACTLESS EFTPOS MERCHANT OPERATING GUIDE
Merchant Trading Name: Merchant Identification Number: Terminal Identification Number: ANZ CONTACTLESS EFTPOS MERCHANT OPERATING GUIDE Contents 1. Welcome 3 2. Merchant Operating Guide 3 3. Important Contact
More informationThe Future of Payment Security in Canada
The Future of Payment Security in Canada October 2017 1 Visa Canada Public The Future of Payment Security in Canada Notices Forward-Looking Statements This presentation contains forward-looking statements
More informationeid Meets Credit Cards and Biometrics: The Next Stage of Convergence Adam Ross Sales Manager eid Solutions EMEA, cv cryptovision GmbH
eid Meets Credit Cards and Biometrics: The Next Stage of Convergence Adam Ross Sales Manager eid Solutions EMEA, cv cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24
More informationCollis/B2 EMV & Contactless Offering
Collis/B2 EMV & Contactless Offering USA Migration Bruce Murray, B2PS Itai Sela, B2PS January 2012 Ensuring Trust in Technology 1 Overview Introduction to EMV and Contactless in the USA B2 Training Programs
More informationEMVCo Type Approval. Terminal ESD Evaluation Administrative Process. Version 2.3. July 2014
EMVCo Type Approval Terminal ESD Evaluation Administrative Process Version 2.3 July 2014 Page 1 Legal Notice This document summarizes EMVCo s present plans for type approval testing services and policies
More informationEMV, PCI, Tokenization, Encryption What You Should Know for Presented by: The Bryan Cave Payments Team
EMV, PCI, Tokenization, Encryption What You Should Know for 2015 Presented by: The Bryan Cave Payments Team Agenda Overview of Secured Payments Judie Rinearson (NY) EMV Courtney Stout (DC) End to End Encryption
More informationA Guide to. US EMV Migration
A Guide to US EMV Migration Table of Contents What is EMV?... 3 EMV: A Global Standard... 4 Fraud Prevention... 5 Mobile & Contactless... 6 U.S. EMV Deadlines... 7 Maestro Liability Shift... 8 U.S. EMV
More informationEnsuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015
Ensuring the Safety & Security of Payments Faster Payments Symposium August 4, 2015 Problem Statement: The proliferation of live consumer account credentials Bank issues physical card Plastic at point
More informationI N T E R A C. The Faster, More Convenient Way. Small Value Purchases
I N T E R A C I S S U I N G F L A S H The Faster, More Convenient Way to Securely Accept Payment For Small Value Purchases Trade-mark of Interac Inc. (Everlink Payment Services Inc.) authorized user of
More informationThe Shared Electronic Banking Services Company (KNET) Knet securing E-payment for EGOV
The Shared Electronic Banking Services Company (KNET) Knet securing E-payment for EGOV November 21, 2015 Knet 2 The Shared Electronic Banking Services Company (Knet) was established in 1992. Knet Established
More informationTopics. First Data and STAR Network overview. Competitive advantage. Fraud in emerging payments. Fraud innovation what s coming
Todd Clark Topics First Data and STAR Network overview Competitive advantage Fraud in emerging payments Fraud innovation what s coming 2 Introducing Todd Clark Background Entrepreneur Core Data Resources
More informationPoint-of-Sale Terminals
Point-of-Sale Terminals The Right Hardware for the Job SIMPLE, SECURE PAYMENT PROCESSING Your customers can be anywhere. And no matter where they are, they expect you to process their payments easily and
More informationHelping merchants automate testing practices.
Helping merchants automate testing practices. Meet deadlines, facilitate certifications and overcome complexities. www.fisglobal.com As a merchant, you are in the middle of the shift from traditional cash
More informationEMV Migration. What You Need to Know about the Technology, the Security Protection it Provides, and When to Implement
EMV Migration What You Need to Know about the Technology, the Security Protection it Provides, and When to Implement According to a 2016 TSYS study identifying consumer payment preferences, 40 percent
More informationEMV: Coming Soon to a Card Near You
Julie Conroy EMV: Coming Soon to a Card Near You Page 2 This presentation is the work of its author who is solely responsible for its contents. First Data Corporation and its subsidiaries and affiliates
More informationQuick Guide. Token Service Provider
Quick Guide Token Service Provider 1 Introduction to Mobile Payments The mobile payments revolution is here! Driven by the development of near field communication (NFC) enabled smartphones, the launch
More informationSmart Cards and EMV Adoption in China
Smart Cards and EMV Adoption in China Opportunities and Obstacles Emerging Strategy www.emerging-strategy.com August, 2008 Table of Contents Background... 2 Global Drivers for EMV Migration... 3 Migration
More informationMaximize the use of your HSM 8000
MAximise_HSM.qxp 19/06/2009 17:11 Page 1 www.thalesgroup.com/iss Maximize the use of your HSM 8000 Information Systems Security Information Systems Security Maximize the use of your HSM 8000 Table of Contents
More informationEMV : One year later. Merchants take steps to adapt and address challenges in the year following the shift to EMV technology at the point of sale
EMV : One year later Merchants take steps to adapt and address challenges in the year following the shift to EMV technology at the point of sale EMV: ONE YEAR LATER A BANK OF AMERICA MERCHANT SERVICES
More informationU.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will fnd: Explaining Chip Card Technology (EMV)
U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled
More informationEMV 3-D Secure Press Kit Q&A
EMV 3-D Secure Press Kit Q&A 1. What is EMV 3-D Secure? EMV Three-Domain Secure (3DS) is a messaging protocol that enables frictionless consumer authentication and the ability for consumers to authenticate
More informationWHITE PAPER. Focus on value added services by network companies a paradigm shift. Rahul Kaushal, Ramakant Mittal
WHITE PAPER Focus on value added services by network companies a paradigm shift Rahul Kaushal, Ramakant Mittal Introduction Network association is the most critical player in the payment card industry.
More informationGBIC Approval Scheme. Version 1.9
Version 1.9 01.12.2016 Content 1 Management Summary... 8 2 Introduction... 11 2.1 Scope... 11 2.2 Objectives... 11 2.3 GBIC as Approval Authority... 12 2.4 Starting Points... 13 2.4.1 Development of the
More informationEMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown
EMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown andy.brown@ncr.com MAC is an organization comprised of members from Banks, Acquirers, ISOs, Card Associations, Law Enforcement and
More informationA complete Dual Interface portfolio from standard to premium payment cards
A complete Dual Interface portfolio from standard to premium payment cards Ivan Peytavin, SPS cryptovision Mindshare 2017 cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com
More informationVIRTUAL TERMINAL USER GUIDE
VIRTUAL TERMINAL USER GUIDE VERSION 17.2 NOVEMBER 2017 COPYRIGHT 2007-2017 GLOBAL PAYMENTS INC. ALL RIGHTS RESERVED. RELEASE NOVEMBER 2017 The Virtual Terminal User Guide contains proprietary information.
More informationVeriFone VX QUICK REFERENCE GUIDE
QUICK REFERENCE GUIDE VeriFone VX This Quick Reference Guide will guide you through understanding your terminal s functionality and navigation, and will help you with troubleshooting. INDUSTRY Retail and
More informationSeeds of Change in Debit
Seeds of Change in Debit The 2016 Debit Issuer Study MEDIA EXHIBITS Study Overview The Debit Issuer Study is the definitive assessment of U.S. debit market 2016 Debit Issuer Study is the 11th edition of
More informationCONVEGO. Platforms and Applications
CONVEGO Platforms and Applications Team up with the leader in secure payment products G&D s product line for native payment products G&D has specialized in the, G&D s multi-application product The full
More informationVerifone MX 915/925 Payment Devices. with KWI 6.x POS Registers: What s New?
Verifone MX 915/925 Payment Devices with KWI 6.x POS Registers: What s New? Contents Overview... 3 Network and Power Requirements... 5 Network Requirements... 5 Power Requirements... 5 Place Your Order
More informationGLOBAL TRANSPORT VT USER GUIDE VERSION 17.2 NOVEMBER Global Payments Inc. 10 Glenlake Parkway, North Tower Atlanta, GA
GLOBAL TRANSPORT VT USER GUIDE VERSION 17.2 NOVEMBER 2017 Global Payments Inc. 10 Glenlake Parkway, North Tower Atlanta, GA 30328-3447 COPYRIGHT 2007-2017 GLOBAL PAYMENTS INC. ALL RIGHTS RESERVED. RELEASE
More informationesocket POS Integrated POS solution Knet
esocket POS Integrated POS solution Knet 1 Summary Since 1994 when the first POS devise was deployed in the market, Knet had recognized the importance of this service and did take it up on it self to invest
More informationECSG SEPA CARDS STANDARDISATION (SCS) VOLUME STANDARDS REQUIREMENTS
ECSG001-17 01.03.2017 (Vol Ref. 8.7.00) SEPA CARDS STANDARDISATION (SCS) VOLUME STANDARDS REQUIREMENTS BOOK 7 CARDS PROCESSING FRAMEWORK Payments and Cash Withdrawals with Cards in SEPA Applicable Standards
More informationSecurity enhancement on HSBC India Debit Card
Security enhancement on HSBC India Debit Card A Secure Debit Card HSBC India Debit Cards are more secure and enabled with the Chip and PIN technology. In addition to this you can restrict usage of the
More informationThe Changing Landscape of Card Acceptance
The Changing Landscape of Card Acceptance Troy Byram Vice-President Sr. E-Receivables Consultant February 6, 2015 Agenda EMV (Chip and Pin) PCI Compliance and Data Security New Regulations for Municipalities
More informationNetSuite Integration for CyberSource. Getting Started Guide
NetSuite Integration for CyberSource Getting Started Guide December 2017 Contents Introduction... 3 Configure Your CyberSource Account... 3 Configure Your NetSuite Account... 5 Add a New CyberSource Credit
More informationarxiv: v1 [cs.cy] 12 Sep 2012
: cloning EMV cards with the pre-play attack Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, and Ross Anderson forename.lastname@cl.cam.ac.uk arxiv:1209.2531v1 [cs.cy] 12 Sep 2012 Computer
More informationInstant issuance in retail breaks new ground for banks
Use Case Instant issuance in retail breaks new ground for banks The most obvious consumer trend today is the expectation of immediacy. You can download movies and music, and shop online with instant results.
More informationEmpowering Merchants through Adoption of Global Standards
Empowering Merchants through Adoption of Global Standards Normand Provost, MarCom Chair, nexo-standards Bryan Croteau Director, Product Management, ACI Worldwide Agenda Introductions Where We Are Today
More informationHorizontal Integration in the Payments Industry
Horizontal Integration in the Payments Industry Gerard Hartsink Senior Executive Vice President 2007 Payments Conference Santa Fe, 3 May 2007 Content European landscape Restructuring of functions Impact
More informationMOBILE (NFC) SOLUTIONS
TRANSFORMS YOUR PAYMENTS PERSPECTIVE SOLUTION FLYER MOBILE (NFC) SOLUTIONS VENDOR INDEPENDENCE SUPPORTING OPEN STANDARDS AND INTERFACES PREDICTABLE INTEGRATION TIMES FOR FASTER TIME TO MARKET FLEXIBLE,
More informationVirtual Terminal User Guide
Virtual Terminal User Guide Table of Contents Introduction... 4 Features of Virtual Terminal... 4 Getting Started... 4 3.1 Logging in and Changing Your Password 4 3.2 Logging Out 5 3.3 Navigation Basics
More informationJTC Resource Bulletin. EMV and Credit Card Liability: What Courts Need to Know
JTC Resource Bulletin EMV and Credit Card Liability: What Courts Need to Know Adopted December 5, 2014 Abstract Nearly every country in the world uses the global standard called EMV (short for Europay,
More informationQuick Guide. Token Service Provider
Quick Guide Token Service Provider Introduction to Mobile Payments The mobile payments revolution is here! Driven by the development of near field communication (NFC) enabled smartphones, the launch of
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE Last Reviewed: December 13, 2017 Last Updated: December 19, 2017 PCI DSS Version: v3.2, rev 1.1 Prepared for: The
More informationCANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS RULE E4
CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS RULE E4 EXCHANGE OF PIN-LESS POINT-OF-SERVICE DEBIT PAYMENT ITEMS FOR THE PURPOSE OF CLEARING AND SETTLEMENT 2016 CANADIAN PAYMENTS ASSOCIATION
More informationConverge Release Notification
Converge Release Notification January 2017 Two Concourse Parkway, Suite 800, Atlanta, GA 30328 Elavon, Incorporated 2017. All Rights Reserved Table of Contents Enhancements... 3 DCC 2.0... 3 Rate Provider
More informationChip Card Testing & Approval Requirements
Chip Card & Approval Requirements Version 7.1 December 2017 Visa Public DISCLAIMER Visa s testing services and polices are subject to change at any time in Visa s sole discretion, with or without notice.
More informationNew Customer Account
New Customer Account Implementation Guide shift4.com Copyright 2017 Shift4 Corporation. All rights reserved. Table of Contents Introduction...4 New Account Setup Process...5 Step 1 Project Planning Call...6
More information