References


References

  1. Visa, "Products & Services", http://www.visa.com.

  2. MasterCard, "Our Cards", http://www.vis.com.

  3. American Express, "Cards", http://www.americanexpress.com.

  4. Europay International, "Brands", http://www.europay.com.

  5. Diners Club, "Credit Cards", http://www.dinersclub.com.

  6. Discover Financial Services, http://www.discovercard.com.

  7. Japanese Business Cards, http://www.japanese-business-cards.com.

  8. Federal Trade Commission, "Secured Credit Card Marketing Scams", http://www.ftc.gov, October 1996.

  9. Brobeck, S., "Recent Trends in Bank Credit Card Marketing and Indebtedness", Consumer Federation of America, http://www.abiworld.org, July 1998.

  10. ISO/IEC 7811, "Identification Cards ”Recording technique ”Part 1: Embossing", "Part 2: Magnetic Stripe", "Part 3: Location of Embossed Characters on ID-1 Card", "Part 4: Location of Read-Only Magnetic Tracks ”Track 1 and 2", "Part 5: Location of Read-Write Magnetic Track ”Track 3", 1985.

  11. ISO/IEC 7812, "Identification Cards ”Numbering System and Registration Procedure for Issuer Identifiers", 1987.

  12. ISO/IEC 4909, "Bank Cards ”Magnetic Stripe Data Content for Track 3", 1987.

  13. ISO/IEC 7813, "Identification Cards ”Financial Transaction Cards", 1987.

  14. Stern, C., "Micro-Thief That ˜Steals Credit Cards", Sunday Mirror Magazine , January 28, 2001.

  15. Freier, A. O., P. Karlton, and P. C. Kocher, The SSL 3.0 Protocol , Internet-Draft, November 1996.

  16. Dierks, T., and C. Allen, The TLS Protocol ”Version 1.0 , Internet-Draft, November 1997.

  17. ISO/IEC 8583:1993, "Financial Transaction Card Originated Messages “Interchange Message Specifications", 1995.



Part II: Chip Migration with EMV

Chapter List

Chapter 3: Chip Migration
Chapter 4: EMV Compliant Data Organization
Chapter 5: EMV Certificates
Chapter 6: Debit and Credit with EMV
Chapter 7: EMV Chip Migration Issues



Chapter 3: Chip Migration

Overview

Payment cards for debit and credit have proven to be a huge business success for the retail financial industry. The magnetic stripe technology is cheap enough to make the cost of cards small. Moreover, the payment network and the terminals at the point of service have been in place for years now. Therefore, there is no further need to invest in infrastructure. Meanwhile, the operation of debit and credit cards increases year after year, both in the number of issued cards and in the geographical coverage. Consequently, profit has increased, so there is no apparent cause for concern.

The first section of this chapter lists several causes of concern that should encourage payment system operators, issuers , and acquirers to consider the migration from magnetic stripe to chip. We believe that this motivation could help a chip solution vendor make his business case when talking to skeptics about switching from the magnetic stripe technology to chip.

The second section reminds the reader of the essentials of chip card technology. In this book the terms ICC and chip card are used interchangeably to refer to one and the same device, which not only stores data in its permanent memory but is also able to process data. Therefore, it would be more accurate to refer to these cards as microprocessor chip cards, to clearly distinguish them from the memory chip cards, which can store data but cannot process it. For the fluency of presentation, however, we will refer to the microprocessor chip cards as simply chip cards or ICCs. In Section 3.2.1 we give an overview of the hardware and software structure of a chip card, as well as the life cycle of the chip card. We then make a diagonal presentation of the ISO/IEC 7816 standard, which dominates the world of ICC with contacts. The emphasis is only on few topics from Part 4 of the ISO/IEC 7816 standard. We briefly review the basics about a card file system and the methods of referencing files (Section 3.2.2). Then, the formats of the commands/responses sent to and returned from the card, as well as the most common commands, are briefly presented (Section 3.2.3). This is the minimum amount of knowledge someone would need to be able to understand the rest of this book. For an extensive introduction to chip card technology, the reader should refer to [1]. At the end of the section, we present the concepts of terminal application and card application, and their interactions in a client server model when performing a transaction (Section 3.2.4).

After these foundations of the ICC technology are revisited, two possible chip migration paths are outlined: closed proprietary payment applications and open interoperable payment applications. We analyze some of the features of a payment application that allows interoperability (Section 3.4). These features contrast with the homologue features of a proprietary application (identified in Section 3.3), and thus emphasize the price one pays for open design and interoperability.