The issuer's business case regarding the definition of an EMV ¢ card application can be described as a compromise between three rather contradictory requirements:
Availability of the financial service to the cardholder;
Security against counterfeit and fraudulent transactions;
Reduced operational costs when using chip cards.
The issuer would like to provide his cardholders with highly reliable and easy-to-use financial services, whose availability is not vulnerable to the technical degrading of the payment system's components and devices, to the limitations of the terminal's capabilities, or to the timing restrictions of the transaction processing. Below, we list some possible availability policies of the issuer:
A transaction should be completed off-line in case a failure of the acquirer's network or a failure of the payment system's network has occurred.
A transaction should be completed with the financial information carried out by the magnetic stripe of the card in case the chip fails.
The behavior of the card application should be adaptable to the particularities of the business environment at the point of service and to the terminal's capabilities. In Section 7.6 we outline the design of an adaptable card application. During the initiate application processing, the card provides different AFL(s) to the terminal in response to the GET PROCESSING OPTIONS command, depending on the type of terminal at the point of service, the amount involved in the transaction, and the merchant category code. This design approach increases the availability of the payment service. For example, whenever the card is involved in a payment transaction at a tollgate on the highway , it presents an AFL pointing to a fast CVM List then the default CVM List. The fast CVM List allows the completion of the transaction without the cardholder's verification. This facility increases the availability of the payment service to the detriment of security in order to answer the time constraint of completing the transaction in the shortest time possible to avoid the creation of traffic jams.
The issuer must also define the processing restrictions of each card application. This definition takes into account the prescriptions of the payment brand corresponding to the card application. Section 7.9 analyzes the definition of the processing restrictions by the issuer, such that a large variety of payment services are available to the cardholder, while no overlap should exist between card applications in offering the same service.
The issuer would like to minimize its loss due to counterfeit and fraudulent transactions. This requires a strengthening of the card application's security, namely, of the CAM and the CVM. It is important to note that a design that addresses this requirement could negatively impact the availability of the financial service (the first requirement of the issuer) and the operational costs of the ICC (the third requirement).
For example, one way to reduce the number of counterfeit transactions is to ask for the on-line completion of all the transactions. In this case the on-line dynamic CAM reduces the risk of counterfeit cards, since the IH must verify each Application Cryptogram produced by the card. The communication costs increase, however, and could become unjustified in transactions involving a small amount (which infringes upon the third requirement of the issuer). Consequently, the profit of the issuer decreases, even though the reason is not the loss due to fraudulent transactions. Moreover, in the case of network degrading, this policy has a negative impact on the availability of the financial service (which was the first requirement of the issuer).
Another possibility for reducing the counterfeit transactions is to implement a dynamic off-line CAM through the DDA. This improves the availability, in case of network degrading, and decreases the communication costs. However, this increases the costs of the ICC since a cryptographic processor must be included in the ICC hardware platform. Considering the continuous improvements to technologies and the decreasing prices for an ICC including a cryptographic coprocessor in its configuration, this design solution could become preferable.
Section 7.7 presents design choices for CAM selection, and Section 7.8 presents design choices for CVM selection, while observing the trade-off between the issuer's requirements.
The issuer would like to maximize its profit while operating the card application.
One way could be the minimization of communication costs through the off-line completion of transactions. Section 7.10 outlines the design of the card risk management such that the decision of the off-line completion of a transaction is taken after a careful evaluation of the risk.
Another way to increase the profitability of the card application is to spend little money on the ICC cards. We analyze the influence of the ICC costs on the choice of the CAM and CVM in Section 7.7 and 7.8, respectively.
The issuer's business case consists of establishing an appropriate trade-off between the availability of the financial service for the cardholder and the security on the one hand, and the communication costs and the implementation costs of the ICC on the other hand. In the following sections we analyze how this trade-off impacts the design of the processing performed by the ICC: the initialization of the EMV ¢ card application, the card authentication method, the cardholder verification method, the processing restrictions, and the card risk management.