1. Visa, "Chip Card: Testing and Approval Requirements", version 6.0, November 2001, vendors /industryserv/ pdfs /Chip_Card_Testing_and_Approval_Requirements_Version_6.0.pdf.

  2. EMVCo, "Type Approval Terminal, Level 1: Administrative Procedures/ Requirements/Test Cases",

  3. EMVCo, "Type Approval Terminal, Level 2: Administrative Procedures/ Requirements/Test Cases",

  4. Visa, "VISA EU Smart Payment Product Principles",

  5. MasterCard, "Minimum Card Requirements for Debit and Credit",

  6. MasterCard, "M/Chip Lite",

  7. Visa, "VIS Specifications, version 1.4.0", smartcard /vsmartspecs/visspec.jsp.

  8. Schlumberger Sema, "Cryptoflex ”Cards 16K",

  9. Giesecke and Devrient, "Starcos SPK 2.3",

  10. Gemplus, "GPK (Gemplus Public Key) Cards",

  11. Sun, Java Card 2.1.1, Platform specifications,

  12. Maosco Ltd., "Multos Overview",

  13. Sun, "Secure Computing with Java: Now and the Future (a White Paper)", collateral /security.html.

  14. Java Card Forum Task Force, "Java Card Management Specification",

  15. ISO/IEC 7816-5, "Identification Cards ”Integrated Circuit(s) Cards with Contacts ”Part 5: Numbering System and Registration Procedure for Application Identifiers", 1994.

  16. EMVCo, "Frequently Asked Questions ”Security",

  17. Giesecke and Devrient, "Star Debit/Credit ”The Secure Solution for Your Chip Migration",

  18. Schlumberger Sema, "Banking & Retail ”EMV ¢ Migration",

  19. Gemplus, "GemVision Smart",

Part III: Remote Debit and Credit with EMV

Chapter List

Chapter 8: Remote Card Payments and EMV

Chapter 8: Remote Card Payments and EMV ¢


Consumers are using a growing number of access devices for participating in the e-/m-commerce framework, including home and office PCs, mobile phone handsets, personal digital assistants (PDAs), TV set top boxes, and mobile Internet access devices. Consequently, consumers would like to extend their actual payment experience with credit and debit cards to make remote payments, using the aforementioned access devices, as they would use the payment cards in face-to-face transactions. This requires the provision of an acceptable security level for remote card payments: authenticating consumers and their cards, authenticating merchants , protecting the card's financial data while conveyed from the cardholder access device to the merchant access device, and providing enough identification means for the transactions that would impede attackers to replicate them. These business requirements are the impetus for the addition of Annex D in Book 3 of the EMV 2000 specifications, which defines the Transaction Processing for Chip Electronic Commerce . This framework allows the use of EMV ¢ debit and credit cards not only for paying in face-to-face transactions, as they were initially designed, but also for paying in remote transactions. This solution leverages the EMV ¢ payment function with the SET specification to provide the foundation for secure, portable, and cost-effective ICC-based transactions over the Internet [1].

This chapter concentrates on three objectives. First, we present two competing remote payment card methods : the TLS-based payment method and the SET. We analyze TLS and SET from the viewpoint of security and convenience of use. This analysis shows the security limitations of the TLS-based solution compared with SET. The analysis also shows the advantages of the TLS-based solution over SET in terms of ease of operation. This is reflected by a greater acceptability of the TLS-based solution by cardholders and merchants. Second, we look at the possibilities of using the EMV ¢ chip cards for both increasing the security of the TLS-based remote card payments and increasing the acceptance of the SET payment method. Third, we present the transaction processing for chip electronic commerce. This framework allows issuers to better exploit their EMV ¢ chip migration effort, offering their clients the possibility of using the EMV ¢ chip cards not only in face-to-face transactions but also in remote transactions carried out on various channels.

The rest of the chapter is organized as follows . Section 8.1 proposes a model for remote card payments and the channels of interaction between cardholders and merchants. Section 8.2 uses this model to identify possible security threats in conjunction with remote transactions and the appropriate security services that counteract them. We present the structure of the Internet communication protocol stack. We also analyze the possibilities for the realization of these security services at various levels of this stack. This analysis leads to the discussion of the general purpose transport layer security protocol TLS, which can also be used for implementing a remote card payment, and the SET, which is an application layer security protocol dedicated to remote card payments. Section 8.3 describes the possibility of implementing remote card payments based on TLS. We identify the limits of the TLS-based solution in terms of security services opposed to specific threats in remote card payments. In Section 8.4 we discuss the SET solution in the original "software only" implementation. Section 8.5 discuses the pros and cons of the TLS-based solution versus SET. The analysis stresses the superiority of SET in terms of security and identifies its drawbacks regarding the ease of operation by cardholders and merchants. First, we show that the secure implementation of the on-line card authentication and the cardholder verification services, using an EMV ¢ chip card in the configuration of the cardholder access device, can improve the security of the TLS-based solution. Second, we make a resource analysis that shows that it is not practical to entirely base the management of the SET payment system functionality at the level of the cardholder access device, transforming it into a thick client. We outline that delegating some of the functionality of the cardholder access device to a remote wallet server run by the issuer decreases the operational requirements of the cardholder access device, which can be implemented as a thin client. Then we describe the integration of the EMV ¢ chip card in the configuration of the cardholder access device. In Section 8.6 we present the transaction processing of the EMV ¢ chip cards for e-commerce, focusing on Annex D of Book 3 in the EMV 2000 specification. This presentation includes the message flow between the various components of the cardholder access device, as well as the message flow between the cardholder access device and the computers of other participants in the payment system.