Implementing Electronic Card Payment Systems
1st Edition
Published on 1. January 2002
464 pages
978-1-58053-803-9 (ISBN)
Description
As magnetic stripe cards are being replaced by chip cards that offer consumers and businesses greater protection against fraud, a new standard for this technology is being introduced by Europay, MasterCard, and Visa (EMV). This cutting-edge, new book provides you with a comprehensive overview of the EMV chip solution and explains how this technology provides a chip migration path, where interoperability plays a central role in the business model. The book offers you a better understanding of the security problems associated with magnetic stripe cards, and presents the business case for chip migration. Moreover, it explains the implementation of multi-application selection mechanisms in EMV chip cards and terminals, and shows you how to design a multi-application EMV chip card layout. This first-of-its-kind resource also discusses the organizational and management issues in connection with the EMV chip migration and the use of EMV chip cards in e-commerce and m-commerce transactions. An excellent reference for today's IT/e-commerce professionals and post-graduate student alike, the book helps you fully understand this emerging, complex payment card technology.
More details
Other editions
Additional editions
Cristian Radu
Implementing Electronic Card Payment Systems
Book
10/2002
Artech House Publishers
€109.50
Shipment within 10-20 days
Content
- Contents
- Acknowledgments xv
- 1 Introduction 1
- Part I: Magnetic stripe debit and credit cards 3
- Part II: Chip migration with EMV 3
- Part III: Remote debit and credit with EMV 5
- Part 1 Magnetic Stripe Debit and Credit Cards 7
- 2 Payment Card Processing 9
- 2.1 Payment card processing at a glance 10
- 2.2 Roles involved in payment card processing 13
- 2.3 Payment card brands 15
- 2.4 Credit and debit payment cards 16
- 2.5 Focusing on the magnetic stripe card 17
- 2.6 Threats and security protections 24
- 2.7 Processing at the point of service 34
- 2.8 Payment network and interchange messages 37
- 2.9 On-line authorization 45
- 2.10 Clearing and settlement 47
- Part 2 Chip Migration with EMV 51
- 3 Chip Migration 53
- 3.1 A business case for chip migration 54
- 3.2 An overview of the chip card technology 56
- 3.3 Proprietary payment application 69
- 3.4 Interoperable payment application 80
- 4 EMV Compliant Data Organization 91
- 4.1 Organization of the EMV specifications 92
- 4.2 EMV data elements 96
- 4.3 EMV file system 99
- 4.4 EMV application selection 115
- 5 EMV Certificates 125
- 5.1 Certification mechanism and algorithm 125
- 5.2 Public key certificate for RSA scheme 126
- 5.3 Entities and certifiers 127
- 5.4 Entity public key remainder 129
- 5.5 EMV certification chains 129
- 5.6 Issuing EMV public key certificates 132
- 5.7 Verifying EMV public key certificates 136
- 5.8 Issuing signed static application data 140
- 5.9 Verifying the Signed Static Application Data 144
- 6 Debit and Credit with EMV 147
- 6.1 Overview of the EMV debit/credit transaction 148
- 6.2 Initiate application processing 152
- 6.3 Read application data 156
- 6.4 Off-line data authentication 160
- 6.5 Processing restrictions 174
- 6.6 Cardholder verification 178
- 6.7 Terminal risk management 195
- 6.8 Terminal action analysis 201
- 6.9 On-line processing and issuer authentication 217
- 6.10 Issuer scripts 222
- 7 EMV Chip Migration Issues 227
- 7.1 EMV regulatory framework 228
- 7.2 Deriving ICC specifications by issuers 236
- 7.3 Selection criteria of the ICC architecture 239
- 7.4 Multiapplication ICC 242
- 7.5 Issuer's business case 253
- 7.6 Adaptive initiate application processing 255
- 7.7 Design criteria for CAM selection 259
- 7.8 Design criteria for CVM 267
- 7.9 Processing restrictions 271
- 7.10 Card risk management 273
- Part 3 Remote Debit and Credit with EMV 289
- 8 Remote Card Payments and EMV 291
- 8.1 A model for remote card payments 293
- 8.2 Security aspects of remote card payments 295
- 8.3 Remote payment method based on TLS 306
- 8.4 SET-based solutions 310
- 8.5 TLS versus SET or wallet servers and EMV cards 332
- 8.6 Transaction processing for chip e-commerce 340
- Appendix A: Security Framework 359
- Appendix B: Generic Security Threats 363
- Appendix C: Security Services 367
- C.1 Service description 367
- C.2 Realization of security services 370
- Appendix D: Security Mechanisms 373
- D.1 Encryption 373
- D.2 Cryptographic hash functions 376
- D.3 Digital signature schemes 380
- D.4 Public key certificates 384
- D.5 Cardholder verification mechanisms 387
- D.6 SDA mechanisms 392
- D.7 DDA mechanisms 394
- Appendix E: Block Ciphers 399
- E.1 Definition and parameters 399
- E.2 Modes of operation 400
- E.3 DES, Triple-DES, and AES 402
- E.4 MAC using a 64 bit-length block cipher 404
- E.5 Key derivation 405
- Appendix F: RSA Encryption and Signature Scheme 407
- F.1 Key generation 407
- F.2 Public and secret RSA operations 409
- F.3 Digital signature giving message recovery 410
- F.4 Digital signature and encryption with PKCS#1 414
- Appendix G: E-Commerce and M-Commerce Related Technologies 419
- G.1 E-commerce and m-commerce 419
- G.2 SIM, STK, SMS, and WAP 420
- G.3 Access devices for remote card payments 421
- G.4 WAP protocol suite compared to Internet 426
