Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
The EMV standard is still very young. In addition to the fact that he only recently celebrated his 10th anniversary, it must be admitted that the truly massive implementation of the standard began only 5 years ago.
Experience - "the son of difficult mistakes" - is the main source of numerous technical refinements of the EMV standard. The incompatibility of cards and terminals due to the ambiguous understanding of certain provisions of the standard by suppliers of card equipment and cards or the presence of contradictions within the standard lead to the fact that it continues to undergo minor changes today. This process is natural, and it can be stated that the peak of technical refinements of the standard has already been passed and the intensity of their appearance is decreasing.
During its existence, the EMV standard has undergone a number of more significant technological changes. These include the definition of a new method for dynamic authentication of the CDA card, which ensures the integrity of data exchange between the card and the terminal, the use of a new data element Card Status Update, which is an alternative to the script processing procedure and maintains the integrity of data exchange between the card and the terminal when using Format 2 of the ARPC cryptogram , changes in key derivation procedures, etc.
Undoubtedly, a landmark is the appearance in the penultimate version of the EMV 4.1 standard, approved in May 2004, of the Common Core Definitions, on the basis of which a common application of the leading payment systems Common Payment Application (CPA) was developed.
The emergence of the EMV Card Personalization Specification is also of great importance, allowing to a significant extent to standardize the process of personalizing bank cards of the EMV standard. In turn, this standard was projected by payment systems and EMVCo on the M / Chip 4, VSDC and CPA applications, taking into account the data structure of the mentioned applications.
Finally, the rapid development of contactless payments should be mentioned. Here EMVCo has so far approved the communication protocol for the operation of the card with the reader, the Entry Point Specification, which defines the general format of contactless operations, as well as the procedure for selecting the contactless application. The trend towards increased use of contactless microprocessor cards is expected to only intensify.
It should be noted that changes in the standard are caused not only by new technological needs of the market, but also by new capabilities of microprocessors. Today, IPCs with 4-8 Kb RAM, 32-72 Kb non-volatile rewritable EEPROM, 16/32-bit processors operating at 33-66 MHz clock rates are not a curiosity. New features of the card allow you to implement mechanisms that could not have been dreamed of before.
There have been changes in the first book of the EMV standard, which defines the physical characteristics of the card and terminal. For example, the world continues to move towards chips that consume less power and operate on a supply voltage of 3 V and even 1.8 V. This is reflected in the policy of EMVCo. By July 1, 2009, the migration of cards supporting only 5 V supply voltage to cards supporting two voltage values - 5 V and 3 V, and cards supporting three voltage values - 5 V, 3 V and 1.8 V was quietly completed Cards supporting a single supply voltage of 5V are no longer used.
The EMV standard is yet to change. First of all, they will concern changes in the field of telecommunication protocols. The T = 0 and T = 1 protocols are obsolete and do not meet today's business requirements. They are being replaced by high-speed physical layer protocols based, for example, on the use of the USB standard. In addition, the card will support network and transport layer protocols. The latter will be selected protocols IP and TCP. Moreover, VISA promotes the Smart Card Web Server concept of using application protocols on the card in an open systems interconnection model.
The implementation of the entire protocol stack on the card will create an independent secure general-purpose hardware and software platform based on the microprocessor card and will expand the scope of application of the microprocessor cards. In particular, the card will become an independent device capable of working with network computers via the Internet, including playing the role of a web server.
Over time, with the growth of card capabilities, the EMV standard will still undergo changes related to the card's support for payment terminal authentication. It is expected that at a certain stage of the migration of cards to the new technology, payment terminals will become a target for fraudsters. It would be useful to forestall the intentions of fraudsters in this direction by introducing authentication of the terminal with a card or, at least at first, by making it mandatory to use the procedure for reliable authentication of the terminal by the serving bank.
Talking about the incentives for banks to migrate to the EMV standard, we must admit that the fight against card fraud will remain the main driver of this migration in the coming years. At the same time, the possibilities of contactless cards, methods of biometric authentication of the cardholder, the use of multi-application cards with the possibility of secure remote downloading of some applications after the card is issued to the bank's client will also not remain in the shadows, and will stimulate banking technologists and banking business to implement interesting innovative projects.
In any case, it is obvious that migration to the IPC is a natural stage in the development of card technology, and in the coming decades all of us will have to get to know this technology more deeply and apply it more and more actively in our work.
EVERYONE KNOWS
KAZIMIR MALEVICH I BLACK SQUARE
IBM I DATACARD! ORACLE I HP I MICROSOFT
WE KNOW AND YOU
KAZIMIR MALEVICH I WHITE SQUARE
CARTHALL I GAMMA CARD I PRONIT I TAGRUS
Appendix A
Experience - "the son of difficult mistakes" - is the main source of numerous technical refinements of the EMV standard. The incompatibility of cards and terminals due to the ambiguous understanding of certain provisions of the standard by suppliers of card equipment and cards or the presence of contradictions within the standard lead to the fact that it continues to undergo minor changes today. This process is natural, and it can be stated that the peak of technical refinements of the standard has already been passed and the intensity of their appearance is decreasing.
During its existence, the EMV standard has undergone a number of more significant technological changes. These include the definition of a new method for dynamic authentication of the CDA card, which ensures the integrity of data exchange between the card and the terminal, the use of a new data element Card Status Update, which is an alternative to the script processing procedure and maintains the integrity of data exchange between the card and the terminal when using Format 2 of the ARPC cryptogram , changes in key derivation procedures, etc.
Undoubtedly, a landmark is the appearance in the penultimate version of the EMV 4.1 standard, approved in May 2004, of the Common Core Definitions, on the basis of which a common application of the leading payment systems Common Payment Application (CPA) was developed.
The emergence of the EMV Card Personalization Specification is also of great importance, allowing to a significant extent to standardize the process of personalizing bank cards of the EMV standard. In turn, this standard was projected by payment systems and EMVCo on the M / Chip 4, VSDC and CPA applications, taking into account the data structure of the mentioned applications.
Finally, the rapid development of contactless payments should be mentioned. Here EMVCo has so far approved the communication protocol for the operation of the card with the reader, the Entry Point Specification, which defines the general format of contactless operations, as well as the procedure for selecting the contactless application. The trend towards increased use of contactless microprocessor cards is expected to only intensify.
It should be noted that changes in the standard are caused not only by new technological needs of the market, but also by new capabilities of microprocessors. Today, IPCs with 4-8 Kb RAM, 32-72 Kb non-volatile rewritable EEPROM, 16/32-bit processors operating at 33-66 MHz clock rates are not a curiosity. New features of the card allow you to implement mechanisms that could not have been dreamed of before.
There have been changes in the first book of the EMV standard, which defines the physical characteristics of the card and terminal. For example, the world continues to move towards chips that consume less power and operate on a supply voltage of 3 V and even 1.8 V. This is reflected in the policy of EMVCo. By July 1, 2009, the migration of cards supporting only 5 V supply voltage to cards supporting two voltage values - 5 V and 3 V, and cards supporting three voltage values - 5 V, 3 V and 1.8 V was quietly completed Cards supporting a single supply voltage of 5V are no longer used.
The EMV standard is yet to change. First of all, they will concern changes in the field of telecommunication protocols. The T = 0 and T = 1 protocols are obsolete and do not meet today's business requirements. They are being replaced by high-speed physical layer protocols based, for example, on the use of the USB standard. In addition, the card will support network and transport layer protocols. The latter will be selected protocols IP and TCP. Moreover, VISA promotes the Smart Card Web Server concept of using application protocols on the card in an open systems interconnection model.
The implementation of the entire protocol stack on the card will create an independent secure general-purpose hardware and software platform based on the microprocessor card and will expand the scope of application of the microprocessor cards. In particular, the card will become an independent device capable of working with network computers via the Internet, including playing the role of a web server.
Over time, with the growth of card capabilities, the EMV standard will still undergo changes related to the card's support for payment terminal authentication. It is expected that at a certain stage of the migration of cards to the new technology, payment terminals will become a target for fraudsters. It would be useful to forestall the intentions of fraudsters in this direction by introducing authentication of the terminal with a card or, at least at first, by making it mandatory to use the procedure for reliable authentication of the terminal by the serving bank.
Talking about the incentives for banks to migrate to the EMV standard, we must admit that the fight against card fraud will remain the main driver of this migration in the coming years. At the same time, the possibilities of contactless cards, methods of biometric authentication of the cardholder, the use of multi-application cards with the possibility of secure remote downloading of some applications after the card is issued to the bank's client will also not remain in the shadows, and will stimulate banking technologists and banking business to implement interesting innovative projects.
In any case, it is obvious that migration to the IPC is a natural stage in the development of card technology, and in the coming decades all of us will have to get to know this technology more deeply and apply it more and more actively in our work.
EVERYONE KNOWS
KAZIMIR MALEVICH I BLACK SQUARE
IBM I DATACARD! ORACLE I HP I MICROSOFT
WE KNOW AND YOU
KAZIMIR MALEVICH I WHITE SQUARE
CARTHALL I GAMMA CARD I PRONIT I TAGRUS
Appendix A
