The Migration to EMV in the USA from a Founders Perspective. Philip Andreae Oberthur Technologies

Similar documents
The Global Migration to EMV and What is Happening in the U.S.

Choosing the Correct Card Technologies, Options and Card Management Strategies for Issuers

EMV Terminology Guide

EMV: Frequently Asked Questions for Merchants

EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services

Agenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions

EMV Frequently Asked Questions for Merchants May, 2015

Technology Developments in Card-Based Payments WACHA Payments 2013

Frequently Asked Questions for Merchants May, 2015

EMV Adoption. What does this mean to your ATMs?

Target, the third largest retailer in the U.S., suffered a

EMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...

PayPass M/Chip Requirements. 3 July 2013

Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?

EMV is coming. But it s ever changing.

EMV and Educational Institutions:

Introduction to EMV BEYOND PAYMENT

EMV: Strengthen Your Business Through Secure Payments

Visa Minimum U.S. Online Only Terminal Configuration

Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region

EMV: Facts at a Glance

EMV: GET READY. Michelle Thornton, CO-OP Financial Services

White Paper: Reducing Certification Cycles for Chip EMV Application

ATM Webinar Questions and Answers May, 2014

EMV THE DEFINITIVE GUIDE FOR US MERCHANTS AND POS RESELLERS

EMV 101. EMV Migration Forum Webinar March 6, 2014

Is Your Organization Ready for the EMV Challenge?

Finding the Best Route for EMV in the US

EMV 101. Guy Berg Senior Managing Consultant MasterCard Advisors

EMV A Chip Off the New Block

Dual-Interface Card Personalization

EMV Implementation Guide

Heartland Payment Systems

Optimizing Transaction Speed at the POS

EMV Basics and the market

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

EMV in the U.S. Liability shift; what does this mean for the U.S.?

EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011

EMV: The Race Is On! September 24, 2013

EMV Beyond October 1, Kristi Kuehn VP, Compliance Heartland

Will US EMV Migration Impact Acquiring Worldwide?

Merchant Considerations for U.S. Chip Migration. EMV Migration Forum/National Retail Federation September 2014

Secure Remote Payment Council (SRPc) White Paper Discussion: EMV Enhancements Post Implementation September 13, 2016

EMV * ContactlessSpecifications for Payment Systems

Testing & Certification Terminology

EMV * Contactless Specifications for Payment Systems

THE ADOPTION OF EMV TECHNOLOGY IN THE U.S. By Guy Berg Global Industry Sales Consultant Datacard Group

Pinless Transaction Clarifications

EMV Implementation Guide

Top 5 Facts Merchants Need To Know About EMV

Ensuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015

Ignite Payment s Program on EMV

Card Payment acceptance at Common Use positions at airports

Dates Visa MasterCard Discover American Express. Acquirers, subprocessors. support EMV. International ATM liability shift 2

Merchant Testing and Training Pack

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Mobile and Contactless Payments Requirements and Interactions

Contactless Toolkit for Acquirers

The Evolution of Payment Specifications and Tokenization. Smart Card Alliance and EMVCo Webinar October 1, 2015

Effective Communication Practices for U.S. Chip Migration. Communication & Education Working Committee June 2014

Re: EMVCo Letter of Approval - Contact Terminal Level 2

A Merchant s Path to EMV Understanding Impacts To Your Business

OU, IM990C, Master Computer Science. Thesis Security evaluation of the NFC contactless payment protocol using Model Based testing

E M V O V E R V I E W. July 2014

Re: EMVCo Letter of Approval - Contact Terminal Level 2

X Infotech Banking. Software solutions for smart card issuance

Crash Course: What are EMV and the EMV Liability Shift?

Implementing EMV at the ATM:

Smartcards and Beyond

EMV Versions 1 & 2. Divided into 3 parts:

In this Document: EMV Payment Tokenisation Payment Account Reference (PAR) FAQ EMV Payment Tokenisation Technical FAQ

Re: EMVCo Letter of Approval - Contact Terminal Level 2

STAR Network Overview

Proxama PIN Manager. Bringing PIN handling into the 21 st Century

Glocal Test Pack. Product description and user s guide 2018 MERCHANT TESTCARDS ALL RIGHTS RESERVED

EMV Validation (on-behalf of) Service

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Testing Best Practices. Derek Ross ICC Solutions

To maintain the quality of our publications, we need your comments on the accuracy, clarity, organization, and value of this book.

Attachment 2: Merchant Card Services

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Re: EMVCo Letter of Approval - Contact Terminal Level 2

Winter 2019 Network Updates. Webinar Presentation January 29, 2019

C-TUU a OS-TUU a

Semi-Integrated EMV Payment Solution

EMV Adoption in the U.S.

1.9 billion. contactless Toolkit for financial institutions ADDING CONTACTLESS. MasterCard and Maestro Contactless

EMV: The Next Generation of Payments

ECSG (Vol Ref. 8.A01.00) SEPA CARDS STANDARDISATION (SCS) VOLUME. Payments and Cash Withdrawals with Cards in SEPA

Re: EMVCo Letter of Approval - Contact Terminal Level 2

MITIGATE THE RISK OF FRAUD AND COMPLIANCE COSTS with EMV mandates. An NCR white paper

The Changing Landscape of Card Acceptance

Canada EMV Test Card Set Summary

POS Interface Specifications ISO 8583 (1987 version)

The Small Business Guide to Mastering EMV

Transcription:

The Migration to EMV in the USA from a Founders Perspective Philip Andreae Oberthur Technologies

Chip Card Contact multisim Identity Card Passport SIM card Access Control Identity Dual Card Form Factors Transport NFC Mobile Financial Services Increase Efficiency Green Products Form Factors Convergence NFC OUR ENVIRONMENT Banking Card Access Control Chip Card ese multisim Pin Contactless M2M Smart Transactions Chip Digital security ese Chip Card Banking Card Convergence Devices Cloud Green Products Big Data Internet of Things Mobility

Our environment 14 Billion Connected M2M devices in 2020 3 billion payment smart cards Shipped in 2017 75% Of passports will be electronic by 2016 1.2 Billion NFC-Enabled Phones Sold in 2018 Mobile Payment Market $721 Billion in 2017 80% of ID cards are expected to be electronic in 2015

Mobility, at the heart of OT world

Why Are We Here? August 2011: Visa Inc. announced its roadmap June 2012: American Express, Discover and MasterCard agreed to converge on the same common timeline April 2013: Acquirers and processors must support EMV transactions April 21st 2014: Court of Appeal found for the Board of Governors Federal Reserve April 30th: EMF published Debit Technical White Paper October 2015: Liability shift Liability is the responsibility of the party not protecting the transaction Liability remains the issuer s if merchant upgrades to EMV October 2017: Liability shift for gas stations December 2013: Following a number of compromises Target, Neiman Marcus the time has come for the U.S. to embrace EMV

EMV the Global Standard for Credit & Debit Payments In 1993 The International Payment Brands Decided The Long Term Solution To Fraud Was The ICC and Agreed To Develop A Common Specification To Assure Global Interoperability They agreed the requirements and published The Integrated Circuit Card Specifications for Payment Systems EMVCo is owned & staffed by Visa, MasterCard, JCB, American Express, UnionPay and Discover Counterfeit Protection Off/On-line Authentication Lost and Stolen Fraud Cardholder Verification Offline Authorization Cost Reduction Revenue Creation Value Added Services

Is Based On The Classic Smart Card Business Case A CAM to stop counterfeit loses Card Authentication Method A CVM to reduce lost and stolen card fraud Cardholder Verification Method Card Risk Management to assure payment everywhere Support for Value Added Services The Intangible value of Security

One Green Void In a Sea of Color

USA Last to Migrate to EMV Why have US payment card Issuers resisted EMV migration? US has robust 100% online (network) infrastructure employing sophisticated fraud management techniques The US Contactless initiative failed to produce positive revenue The perceived economics haven t justified the investment on the Issuer or Merchant side of the transaction QR Codes require much less investment in terminal hardware Interchange has created opportunities to create Cloud and ACH based alternatives Many ask the question why an old technology EMV when the Cloud and Smart Phones are the future EMV IS A PROVEN SOLUTION TO REDUCE FRAUD AT THE POINT OF SALE. THE TIME HAS COME TO MIGRATE

1,400 1,200 As a result of the data breaches The US market is accelerating beyond expectations Includes estimates for Debit, Credit, PLCC and Prepaid High Base Low An Extrapolation using recent Payment Security Task Force project of 575 Credit and Debit Cards 1,237 1,122 1,000 1,004 800 781 807 875 940 600 638 672 727 400 638 515 300 200 228 165 0 2014 2015 2016 2017 2018

Benefits of EMV to Merchants and Acquirers Acquirer Irrefutability of transaction Reduced costs through offline transactions Reduced cost of handling chargebacks Low value transactions Drives transaction growth New revenue opportunities Rewards Consumer profile Loyalty Other value-added services Merchant Guarantee of payment Reduced costs through offline transactions Opportunity to expand unattended payment locations Enhance efficiencies: Speed and ease of use at the POS Reduce storage of paper receipts Improve dispute procedures Reduces fraud Builds infrastructure for NFC Mobile Commerce

Benefits of EMV to Issuers EMV pro-activity provides a competitive advantage EMV issuance protects the brand Reduced fraud; therefore, less exceptions Liability shift reduces financial exposure of Issuer More secure payment card Unique PINs for each person on account Global interoperability Efficiency in servicing low value transactions Ability to support credit and debit on a card New revenue opportunities Paves way for use of NFC mobile payments

Business Process Implications With the decision to move to EMV, Financial Institutions have decisions to make: Impact of product and EMV program design Inclusion of chip in card design Consumer-selected PIN management Card production and issuance Card/chip lifecycle must be managed Card issuance and replacement Call center representative training Changes to back-office procedures Consumer card usage education Marketing opportunities

Back Office Debit and Credit Systems Many systems require upgrade or replacement Credit card systems must perform online authentication Banking systems must perform online authentication Key management becomes a core competency Integration with card management processes New PIN management techniques required Fraud and risk management systems Card life cycle must be managed Card issuance and replacement

AN EMV PRIMER Authentication, Verification, Authorization and Irrefutability Four Words describe what EMV offers the payment industry

Three Key Capabilities Are Defined by EMV Designed to be Future Proof Based on a stable standard Built on evolving technologies Authentication What you have Offline by Terminal Online on Issuer Host Verification What you know Signature PIN In Chip IN On Host No CVM Offline Issuer Defined Card Risk Management Parameters Authorization You have the funds Online 0 Floor Limit Host Authorized

Field 55 Designed to Support Authentication Merchant Acquiring Bank Payment Switch Issuing Bank Authorization or Financial Request: The ARQC to authenticate the card to the issuer Terminal Interface to chip: Prepare authorization Draft data capture Acquirer Select appropriate route Forward to payment network Payment Network Validate transactions Route to issuer Settle between Issuer and Acquirer Issuer Authenticate ARQC Authorize transaction Prepare ARPC and scripts Return authorization response Settle with Merchant At Completion or end of day Authorization or Financial Response: The ARPC authenticates the issuer to the card A chance to update the card with scripts Clearing and Settlement: The transaction Certification assures Irrefutability Optionally authenticate TC Settle with payment system

EMV Defined Application Selection Issuer Control & Consumer Choice Answer to reset 1. Personal Credit Card 2. Corporate Credit Card 3. Family Debit Card Select AID(s) 4. Personal Debit Card Insert Card Enter 1, 2, 3 or 4 into Develop To select payment Reader method? Candidate AID List Consumer Selection PSE Payment Systems Environment AID Application Identifier

Chip Cards Can Support Various Applications PSE Payment Systems Environment IATA International Air Transport Associations PSE IATA Subscriber Loyalty ID Health Transi t Credit Debit Stored Value Home Banking Payment Guarantee Ticket Itinerary Boarding Pass Frequent Flyer VIP Security Calling Card Parking Cards Fitness Club Library Card Campus Cards Points Rewards Coupons Discounts Punch Card Passport Drivers License Corporate ID National ID Photo Biometrics Pharmacology Emergency Data: Blood type, Donor Status, Allergies Physician s Details Health Insurance Token Tap On Tap Off Senior/Studen t Period Pass Car Key Key uses: Security, Authentication, Identification, and Data Storage

Mobile Devices Solve the Branding Issue EMV Designed to be Future Proof A stable standard Built on evolving technologies NFC & HCE Built on the same Stable standard Employing evolving technologies PSE Payment Systems Environment IATA International Air Transport Associations PSE IATA Subscriber Loyalty ID Health Transi t Credit Debit Stored Value Home Banking Payment Guarantee Ticket Itinerary Boarding Pass Frequent Flyer VIP Security Calling Card Parking Cards Fitness Club Library Card Campus Cards Points Rewards Coupons Discounts Punch Card Passport Drivers License Corporate ID National ID Photo Biometrics Pharmacology Emergency Data: Blood type, Donor Status, Allergies Physician s Details Health Insurance Token Tap On Tap Off Senior/Studen t Period Pass Car Key

Business Relationships and Infrastructure Is Key Card Application Terminal Application Elemetary File EF Master File MF Data File DF Elemetary File EF Data File DF Inter-industry Commands READ BINARY command WRITE BINARY command UPDATE BINARY command ERASE BINARY command READ RECORD(S) command WRITE RECORD command APPEND RECORD command UPDATE RECORD command GET DATA command PUT DATA command SELECT FILE command VERIFY command INTERNAL AUTHENTICATE command EXTERNAL AUTHENTICATE command GET CHALLENGE command MANAGE CHANNEL command GET RESPONSE command ENVELOPE command VPN Host Application

EMV Impacts the Merchant s Systems Payment Switch PED Cash Register Store Server VPN Local Store Replace PIN Pad with EMV PIN Entry Device Upgrade payment software to support EMV Transaction flow and the Payment Networks Add Bit 55 with TLV coded data elements Certify with Acquirer and Payment Networks Debit Networks Acquirer Merchant Data Center

Chip Cards Come In Multiple Form Factors Contact card: 1. One chip connected to external contacts 2. Works only in contact mode Pure contactless card*: 1. One chip connected to the antenna and buried inside plastic body 2. Works only in contactless mode Dual interface card*: 1. One chip embedded with external contacts and antenna connections 2. Works in contact and contactless mode (contactless like US contactless and NFC transactions future proof solution) *Not compatible with foil card designs

The Card Operating System NATIVE Proprietary OS: Supplied by all major vendors Highly secure: Hardware (EAL5+) and software (EAL4+). Dominant smart card technology: Most widely deployed to date Full EMV compatibility for single and multiapplications payment cards Offer best price competitiveness to issuers. Ideal choice for EMV migrating markets and mass volume penetration strategy Optimized OS and applications for best-in-class memory consumption and timing performances Full compatibility with EMV common personalization systems offering issuers multiple sourcing and seamless products migrations (lower switching cost). Many providers competing on performance and security, with multiple silicon providers JAVA Global Platform Industry open standard: Offer the largest multisourcing to issuers High portability and security Open business model: Issuer-centric or multi-issuer Possibility to reuse existing infrastructure (KMS, CA) Java cards can be issued using any global platform compliant infrastructure such as personalization equipment and key management system Healthy competition brings innovation faster to the market place, along with competitive prices for the issuers Applications developed in Java standard language known by most developers Large pool of OS implementers competing on performance and security, with multiple silicon providers

Application, Offline Characteristic and Interface Contact Contactless Dual MChip VSDC AEIPS D-Pas MiFare Date Storage Access PKI RSA TDES Secrets 1.AID(s) 2.Keys 3.Configuration Parameters 4.Card Risk Management Parameters 5.Counters 6.PIN 2 1 2 3 4 5

The Specifications ISO 7816 Smart Card Part 1: Physical characteristics Part 2: Cards with contacts Dimensions and location of the contacts Part 3: Cards with contacts Electrical interface and transmission protocols Part 4: Organization, security and commands for interchange ISO 14443 Contactless Part 1: Physical characteristics Part 2: Radio frequency power and signal interface Part 3: Initialization and anti-collision Part 4: Transmission protocol The industry is awaiting the debit networks To all Publish their network specifications and certification requirements EMV Version 4.3 Contact Book 1: Application independent ICC to terminal interface requirements Book 2: Security and key management Book 3: Application specification Book 4: Cardholder, attendant and acquirer interface requirements EMV Version 2.3 Contactless Book A: Architecture and general requirements Book B: Entry point specification Books C1-6: Kernel specifications Book D: Communications protocol Payment system specifications Operating rules Network requirements AEIPS Card specification AEIPS Terminal Specifications Key management requirements E2E certification requirements

ISO 7816 Defines the Communications Protocol

Today s Track 1 Data Start sentinel 1 byte (the % character) Format code 1 byte alpha (The standard for financial institutions "B") Primary Account number Up to 19 characters. Separator 1 byte (the ^ character) Country code 3 bytes, if used. (The United States is 840) Surname Surname separator (the / character) First name or initial Space (when followed by more data) Middle name or initial Period (when followed by a title) Title (when used) Separator 1 byte (^) Expiration date or separator 4 bytes (YYMM) Discretionary data Optional data can be encoded here by the issuer. End Sentinel 1 byte (the? character) Longitudinal Redundancy Check (LRC) 1 byte.

Today s Track 2 Data Start sentinel Primary Account Number Separator Country code 1 byte (0x0B, or a ; in ASCII) Up to 19 bytes 1 byte (0x0D, or an = in ASCII) 3 bytes, if used. (The United States is 840) This is only used if the account number begins with "59." Expiration date or separator 4 bytes (YYMM) or the one byte separator if a non-expiring card Discretionary data End Sentinel Longitudinal Redundancy Check (LRC) Optional data can be encoded here by the issuer. 1 byte (0x0F, or a? in ASCII) 1 byte.

Data Element Tag Application Selection Indicator Authorisation Response Cryptogram (ARPC) Card Status Update (CSU) Certification Authority Public Key Check Sum Certification Authority Public Key Exponent Certification Authority Public Key Modulus Description as per EMV 4.2 Book 3 Table 33 Or ISO Specification For an application in the ICC to be supported by an application in the terminal, the Application Selection Indicator indicates whether the associated AID in the terminal must match the AID in the card exactly Cryptogram generated by the issuer and used by the card to verify that the response came from the issuer. Contains data sent to the ICC to indicate whether the issuer approves or declines the transaction, and to initiate actions specified by the issuer. Transmitted to the card in Issuer Authentication Data. A check value calculated on the concatenation of all parts of the Certification Authority Public Key (RID, Certification Authority Public Key Index, Certification Authority Public Key Modulus, Certification Authority Public Key Exponent) using SHA-1 Value of the exponent part of the Certification Authority Public Key Bit Map if 55 then only in 55 Included in Tag 91 1 1 0 0 1 1 1 0 1 2 0 0 1 2 1 0 44 P1.8 M EMV & ISO 44 P1.6 M 44 P1.4 M Value of the modulus part of the Certification Authority Public Key 1 3 0 0 1 3 1 0 1 3 2 0 1 3 3 0 1 3 4 0 1 3 5 0 1 4 0 0 1 4 1 0 1 4 2 0 1 4 3 0 Receipt Default Dynamic Data Authentication Data Object List (DDOL) DDOL to be used for constructing the INTERNAL AUTHENTICATE command if the DDOL in the card is not present Shall only contain the Tag and Length for Unpredictable Number (tag 9F37) Default Transaction Certificate Data Object List (TDOL) Enciphered Personal Identification Number (PIN) Data TDOL Data to be used for generating the TC Hash Elements Value if the TDOL in the card is not present No one requires a default be set Transaction PIN enciphered the PIN pad for online N N verification or for offline verification if the PIN pad and 52 C C A A IFD are not a single integrated device C N A C N A Maximum Target Percentage to be used for Biased Random Selection Message Type Personal Identification Number (PIN) Pad Secret Key Value used in terminal risk management for random transaction selection Indicates whether the batch data capture record is a financial record or advice Secret key of a symmetric algorithm used by the PIN pad to encipher the PIN and by the card reader to decipher the PIN if the PIN pad and card reader are not integrated PIX Proprietary Application Identifier Extension Processing Code A set of numbers that describe the type of the transaction as well as the account Proprietary Authentication Data Contains issuer data for transmission to the card in the Issuer Authentication Data of an online transaction. RID Registered Application Provider Identifier 44 p1.1a M Target Percentage to be Used for Random Selection Terminal Action Code Default Value used in terminal risk management for random transaction selection Specifies the acquirer s conditions that cause a transaction to be rejected if it might have been approved online, but the terminal is unable to process the transaction online

Durbin in Context An Industry Seeking Answers

Multi- Access and Multi-Application AID Application Identifier The AID is the name of the directory in the chip that contains the keys, certificates, parameter, counters and identifies the application The AID are registered by the payment networks: Visa (credit or debit) A000000003 1010 Visa Electron A000000003 2010 Visa Interlink A000000003 3010 US Common Debit A000000098 0840 MasterCard A000000004 1010 Maestro Int l A000000004 3060 US Maestro A000000004 2203 Amex A000000025 01XX JCB A000000065 1010 Discover A000000324 1010 DNA Common Debit A000000620 0620 Application The Payment Networks Card and Terminal specifications defines of the software required in the card and how the terminal will employ the EMV tool kit Each Payment Network has invested in in defining, maintaining and certifying implementations of their specifications Amex AEIPS Discover - D-Pas MasterCard MChip Visa VIS The Visa and MasterCard specification define methods of sharing data between two or more AIDs to support US Debit requirements Card and terminal vendors develop and request type approval of their products

Durbin introduced Merchant Choice as a Matter of Law The Durbin amendment changed Debit Cards operations Reduced Interchange fees earned by debit card Issuers Required Issuers to define two unaffiliated routes for each transaction The Federal Reserve issued Regulation ii Reg. ii was implemented October 2011 July 31 st 2013 Judge Richard Leon remanded Regulation II back to the Federal Reserve March 21 st 2014 The Court of Appeal found for the Board of Governors of the Federal Reserve System April 30 th 2014 The EMV Migration Forum Published U.S. Debit EMV Technical Proposal

Much Work Still To Do Debit Networks must define how EMV transactions will be processed Each Debit network must license or develop an EMV application Visa and MasterCard must publish the US Debit specifications Debit Networks must upgrade to support field 55 Merchants, acquirers, POS vendors and processors must implement a Debit solution Merchant and acquiring terminals and Interfaces must be certified The framework for Contactless must be defined Debit Conundrum Score Card Owner Master Card Visa AFFN Alaska Option Allpoint ATH Cirrus MasterCard done done Yes CU-24 done Interlink Visa done done Yes Jeanie Vantiv Maestro MasterCard done done Yes Money Pass Nets NYCE FIS done done Yes Plus Visa done done Yes Presto Pulse Discover done done Yes Shazam done done Star First Data done done The Co-op done The Exchange/Accel Fiserv done done Yes Specs Issued

Dispelling Myths EMV was designed to address counterfeit and lost and stolen fraud in the physical world Proximity (NFC) mobile payments are based on EMV specifications Near Field Communications or NFC is a communication protocol Once EMV is fully deployed it significantly reduces the value of the data that can be acquired by breaking into payment systems To address card not present or shopping on the Internet, an EMV capable card reader (contact or contactless) could be deployed, utilizing 3D-Secure EMV uses cryptography to create dynamic digital signatures the ARQC, ARPC and TC Tokenization, End to End Encryption and EMV compliment each other

EMV Is Driven by Cryptographic Processes At its core EMV is about using cryptography to assure that the card is authentic at both the terminal and when the transaction is seen by the Issuer s host.

The Key to Secure Identification Multi-Factor Authentication Something You Have The Token = Card Something You Know The Secret = PIN Something You Are Biometric = You Offering Issuers Fraud Protection & Future Flexibility

Authentication and Confidentiality Requires Cryptography Symmetric One participant establishes a secret and shares the secret key S with other participants Triple DES algorithm is used for online PIN security EMV employs Triple DES for On-line Authentication Sharing the secret key with too many parties puts the secret key at risk Asymmetric Each participant establishes a unique pair of keys public key P and secret key S Public Key cryptography is used to assure authenticity and security on the Internet EMV employs RSA for Off-line Authentication Each participant has a unique secret key they do not share

Primer in Symmetric Cryptography Online Authentication is based on Triple DES S Secret Key S ecret TDES Sign Signature TDES Verify S ecret Hash Hash Bob DATA DATA FDTS Sally S ecret TDES Encrypt TDES Decrypt S ecret

Primer in Public Key Cryptography Offline Authentication is Based on RSA S Secret Key P Public Key Founders RSA Algorithm Ron Rivest Adi Shamir Leonard Adleman S Bob RSA Sign Signature RSA Verify P Bob Hash Hash Bob DATA DATA FDTS Sally P Sally RSA Encrypt RSA Decrypt S Sally

RSA Issuer Certificate Request Process Oberthur Certification Request From Issuer -BIN -Cert. Exp. Date BIN (Test/Live) Tracking # CertificateA uthority (Visa/MC) Public Key Private Key From Oberthur -Public Key -Hash -Self Signed Certificate BIN Issuer Public Key Certificate

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback