References


References

  1. Rankl, W., and W. Effing, Smart Card Handbook , Chichester, England: John Wiley and Sons, 1997.

  2. Chan, E, "Fraud, a Common Virus in Asia", Cards Now , March/April 2001.

  3. Stern, C., "Micro-Thief That ˜Steals Credit Cards", Sunday Mirror Magazine , January 28, 2001.

  4. ISO/IEC 7816-3, "Identification Cards ”Integrated Circuit(s) Cards with Contacts ”Part 3: Electronic Signals and Transmission Protocols", 1997.

  5. ISO/IEC 7816-4, "Identification Cards ”Integrated Circuit(s) Cards with Contacts ”Part 4: Interindustry Commands for Interchange", 1995.

  6. ISO/IEC 7816-5, "Identification Cards ”Integrated Circuit(s) Cards with Contacts ”Part 5: Numbering System and Registration Procedure for Application Identifiers", 1994.

  7. ISO/IEC 7816-6, "Identification Cards ”Integrated Circuit(s) Cards with Contacts ”Part 4: Interindustry Data Elements", 1996.

  8. Hassler, V., et al., Java Card for E-Payment Applications , Norwood, MA: Artech House, 2002.

  9. Sun, Java Card 2.1.1, Platform specifications, http://java.sun.com/products/javacard.

  10. Maosco Ltd., Multos Overview , http://www.multos.com/multpres.ihtml.

  11. Vedder, K., and F. Weikmann, "Smart Cards ”Requirements, Properties, and Applications", in B. Preneel and V. Rijmen (eds.), State of the Art in Applied Cryptography , Springer LNCS 1528, 1998, pp. 307 “331.

  12. ISO/IEC 8825, "Information Technology ”Open Systems Interconnection ”Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)", 1990.



Chapter 4: EMV ¢ Compliant Data Organization

Overview

The actual trend in the industry of electronic payment systems is the use of chip cards that simultaneously accommodate several payment products. Issuers are interested in providing their clients with a comprehensive package of payment products, which cover all their payment preferences. For example, an issuer could be interested in a chip card that can accommodate three payment applications:

  • A debit product, which allows the direct use of money from an account;

  • A credit product for important spending at home or abroad;

  • An electronic purse that allows for small payments and even for micropayments like buying information on demand in an electronic commerce scenario.

Thus, the business requirement of issuers is the possibility of accommodating multiple payment applications in the same chip card. Different payment system operators could operate these applications. The business requirement of acquirers is the possibility of implementing application selection mechanisms in terminals without being aware beforehand of the internal organization of cards. These business requirements imply the need of a data organization that provides openness and interoperability. In Section 3.4 we identified several features that can accomplish both openness and interoperability:

  • Possibility of self-determined encoding of data elements in data objects;

  • A customized and flexible file system organization;

  • Variable formats for command and response APDUs.

We also saw that the EMV ¢ chip card technology offers the appropriate data organization principles needed to support these features. This technology is described in the EMV Integrated Circuit Card Specifications for Payment Systems , which we shortly refer to as the EMV ¢ specifications. The EMV ¢ data organization is common to all those chip cards and card applications that claim to be EMV ¢ compliant, regardless of the specific payment method they actually implement.

This chapter focuses on the EMV ¢ compliant data organization. It contains four sections. Section 4.1 briefly describes the documents that compose the EMV ¢ specifications. Section 4.2 outlines the encoding of the EMV ¢ data elements, explaining the BER-TLV encoding scheme. Section 4.3 presents the file types in an EMV ¢ card. Section 4.4 presents two application selection mechanisms proposed by the EMV ¢ specifications.