Part I: Magnetic stripe debit and credit cards

Part I: Magnetic stripe debit and credit cards

This part includes only Chapter 2. It analyzes debit and credit payment instruments as they are currently implemented with magnetic stripe cards. First we outline the general picture of electronic payment systems, identifying the participant roles and their business interactions. In this context, we concentrate on the magnetic stripe implementation of a debit/credit card and we discus the content of the financial data recorded on its magnetic tracks. Then we analyze the processing performed by the terminal on the financial data captured from the card for completing a transaction carried out at the point of service. We consider the security mechanisms that can be put in place for this type of card, and we identify some of the security threats that make them vulnerable to certain types of attacks. This security analysis aims to show the need of chip migration, which will better enforce the security of the participants in a payment system. Finally, we offer a high level view of the authorization, clearing, and settlement processing, which represent the backbone activity of any payment system that facilitates the business interaction between issuers of the payment cards and the acquirers of payment transactions collected from merchants .

Part II: Chip migration with EMV ¢

This part includes five chapters. In Chapter 3 we discuss chip migration, which defines the process of changing the implementation of a debit/credit card from magnetic stripe to chip. Two chip migration paths are identified and are analyzed through comparison. The first path is chip migration according to proprietary solutions. These solutions were independently adopted by pioneering payment systems that were willing to use new chip technology to cut down on losses generated by counterfeit and fraudulent transactions. The second path represents a chip migration solution where the interoperability plays a central role in the business model. In this case we discus only the EMV ¢ chip solution jointly proposed by the three major card associations ”namely, Europay, MasterCard, and Visa (EMV ¢ ). We have chosen EMV ¢ since it has become a de facto standard in the area of debit/credit payment systems, considering the important market share held by these three card associations in retail financial services.

Chapter 4 discusses the organization of data according to EMV ¢ . This data organization is common to those chip cards and card applications that claim to be EMV ¢ compliant regardless of the specific payment method they actually implement. The EMV ¢ data organization satisfies the issuers ' business requirement of accommodating multiple payment applications, which are provided by different payment system operators, in the same chip card. It also satisfies the acquirers ' business requirement of running an application selection mechanism in terminals without being aware beforehand of the internal organization of cards. These demands imply the need for a data organization that provides openness and interoperability, and EMV ¢ offers these features.

Chapter 5 defines the EMV ¢ certificates that are needed to build the trust relationship between an EMV ¢ card and the terminal at the point of service.

Chapter 6 details the EMV ¢ payment method for debit and credit. The aim is to offer a tutorial presentation on the transaction profile of the EMV ¢ debit and credit payment application. This presentation should allow for an easier understanding of the EMV ¢ documents by someone who has no time to read the entire specification. The emphasis of the presentation is placed on the analysis of the protocol between the chip card and the terminal, rather than discussing the card and the terminal separately. In this chapter, the functionality of the EMV ¢ debit and credit payment cards is considered only in a face-to-face interaction.

Chapter 7 focuses on management and organizational issues concerning the EMV ¢ chip migration. In this context we analyze the impact of chip migration on the roles involved in the implementation of the payment system infrastructure.