eBook - ePub
Acquiring Card Payments
Ilya Dubinsky
This is a test
Condividi libro
- 246 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Acquiring Card Payments
Ilya Dubinsky
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
This book delves into the essential concepts and technologies of acquiring systems. It fills the gap left by manuals and standards and provides practical knowledge and insight that allow engineers to navigate systems as well as the massive tomes containing standards and manuals.
Dedicated to card acquiring exclusively, the book covers:
- Payment cards and protocols
- EMV contact chip and contactless transactions
- Disputes, arbitration, and compliance
- Data security standards in the payment card industry
- Validation algorithms
- Code tables
- Basic cryptography
- Pin block formats and algorithms
When necessary the book discusses issuer-side features or standards insomuch as they are required for the sake of completeness. For example, protocols such as EMV 3-D Secure are not covered to the last exhaustive detail. Instead, this book provides an overview, justification, and logic behind each message of the protocol and leaves the task of listing all fields and their formats to the standard document itself. The chapter on EMV contact transactions is comprehensive to fully explain this complex topic in order to provide a basis for understanding EMV contactless transaction.
A guide to behind-the-scenes business processes, relevant industry standards, best practices, and cryptographic algorithms, Acquiring Card Payments covers the essentials so readers can master the standards and latest developments of card payment systems and technology
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Acquiring Card Payments è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Acquiring Card Payments di Ilya Dubinsky in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Informatique e Sciences générales de l'informatique. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
CARD-PRESENT ENVIRONMENT | III |
Chapter 5
Contact Chip Transactions
CONTENTS
5.1Overview
5.1.1Introduction
5.1.2“ICC” vs. “EMV card”
5.1.3ICC Architecture Overview
5.1.4Card-Terminal Interaction
5.2ICC Architecture Details
5.2.1Chip and Antenna Hardware
5.2.2ICC File System
5.2.2.1Dedicated Files and AID
5.2.2.2Elementary Files
5.3Flow of a Chip Transaction
5.3.1Overview
5.3.2Card Interface
5.3.2.1Answer-to-Reset
5.3.2.2Command and Response
5.3.2.3CLA Format
5.3.2.4INS Values
5.3.2.5SW1 and SW2
5.3.2.6SFI
5.3.3EMV DOLs and Tags
5.3.4Terminal Verification Results (TVR) and Transaction Status Information (TSI)
5.3.5Application Selection
5.3.5.1Indirect Application Selection
5.3.5.2Direct Application Selection
5.3.5.3Final Selection
5.3.5.4File Control Information (FCI)
5.3.6Initiate Processing
5.3.6.1Application Interchange Profile
5.3.6.2Application File Locator
5.3.7Read Application Data
5.3.8Offline Card Authentication
5.3.8.1Common Steps of Offline Authentication
5.3.8.2Key Chain of Trust
5.3.8.3Public Key Recovery
5.3.8.4Signed Data Validation
5.3.8.5Static Data Authentication (SDA)
5.3.8.6Dynamic Data Authentication (DDA)
5.3.8.7Combined Data Authentication (CDA)
5.3.9Processing Restrictions
5.3.9.1Application Version Number
5.3.9.2Application Usage Control
5.3.9.3Application Effective and Expiration Date
5.3.10Cardholder Verification
5.3.10.1Amount Fields
5.3.10.2Cardholder Verification Rules
5.3.10.3CVM Results
5.3.10.4Example of a CVM List
5.3.10.5Offline PIN Verification
5.3.10.6Online PIN Verification
5.3.11Terminal Risk Management
5.3.11.1Offline Authorization and Terminal Risk Management
5.3.11.2Floor Limit
5.3.11.3Random Transaction Selection
5.3.11.4Velocity Checking
5.3.12Terminal Action Analysis
5.3.13Generation of Cryptograms and Issuer Authentication
5.3.13.1Card Action Analysis
5.3.13.2Generate AC (GAC) Command
5.3.14Script Processing
5.3.15Transaction Completion
5.1Overview
5.1.1Introduction
Introducing an entirely new complicated technology profoundly affects card issuers as well as acquirers and requires a nearly complete renewal of terminal, network and card production inventory and is an expensive and disruptive move. However, in the eyes of major industry stakeholders the move was justified for two reasons: combatting fraud and allowing smarter offline authorizations.
A card having a magnetic stripe is not hard to skim and replicate, and as the prices for electronics plummeted and skimming devices grew smaller, it became possible for fraudster waiters to swipe it on their way to the cashier inconspicuously. After such a swipe the card could be replicated and reused for fraudulent purchases.
Magnetic stripe technology made offline transactions authorization possible but imposed high risks on scheme participants as no limits for the numbers or amounts of offline authorizations could be efficiently imposed.
To address both issues scheme participants undertook a major technological transition to integrated circuit cards (ICCs), embedding in effect a small and very secure computer into each card.
Thus, the card becomes smart enough to maintain internal counters in a manner independent from the capabilities and integrity of a particular terminal and rely on cryptographic methods to authenticate cards and transactions. In addition, as faking a chip card is extremely hard, issuers are able to delegate some authority to the card itself allowing it to approve transactions offline.
The terminal, in turn, has to be sufficiently sophisticated to be able to participate in a meaningful dialog with the card, including not only the obvious ability to physically communicate with the chip on it via contact or contactless link but also support the appropriate communication protocol and application-level logic, including cryptographic means of data encryption and signature validation.
5.1.2“ICC” vs. “EMV card”
In the context of payment the, terms “ICC” and “EMV card” are frequently used interchangeably. That, however, is imprecise.
The term “ICC”, if used more accurately, refers to an ISO/IEC 7816-compatible chip card also called smart card. The term “EMV card” refers to a card that is compatible with a version of the EMV specification. It follows that every EMV card is an ICC but not necessarily vice versa.
To begin with, all GSM SIM cards are built using the ICC technology and essentially are ICCs with smaller form factors. But even without considering this example the area in which ICCs are used go way beyond boundaries of the EMV standard.
Smart cards can be used as means to achieve higher security during authentication, for example, to facilitate single sign-on in sensitive environments. Also, most HSMs rely on proprietary smart card solutions to store key components.
Governments are increasingly using smart cards for identification. For example, Turkey has relied on ICCs for its drivers’ licenses since 1987, and EU countries such as Belgium and Estonia have transitioned to smart card government IDs.
ICCs were (and still are, although decreasingly) used as electronic wallets not requiring a connection to a bank or processing host in order to perform a payment.
Smart cards are also widely used as transit tickets especially since contactless technology was introduced and gradually became affordable. Tapping a card on a terminal is much faster than having the bus driver punch a hole in a multi-ride ticket.
Furthermore, as it is described in more detail below, due to the fact that an ICC can host multiple applications, a single card can perform multiple functions.
Thus, many educational institutions around the globe have introduced student cards providing secure student identification and serving as a digital wallet for purchase of goods and services around the campus. Banks sometimes issue payment cards with applications from several card brands bundled together. In some regions banks issue a combined transit/payment card that can be used both as a transit pass and a payment card (such as OysterPass card in London or Troika card in Moscow).
In subsequent chapters we cover a minimum necessary subset of ICC ISO standards and refer to EMV standards when the latter supplants or extends the former.
5.1.3ICC Architecture Overview
As mentioned above, the notion of an Integrated Circuit Card means that a “small and secure” computer is embedded ...