Implementing Electronic Card Payment Systems

As magnetic stripe cards are being replaced by chip cards that offer consumers and businesses greater protection against fraud, a new standard for this technology is being introduced by Europay, MasterCard, and Visa (EMV). This cutting-edge, new book provides you with a comprehensive overview of the EMV chip solution and explains how this technology provides a chip migration path, where interoperability plays a central role in the business model.

Thebook offers you a better understanding of the security problems associated withmagnetic stripe cards, and presents the business case for chip migration.Moreover, it explains the implementation of multi-application selectionmechanisms in EMV chip cards and terminals, and shows you how to design amulti-application EMV chip card layout. This first-of-its-kind resource alsodiscusses the organizational and management issues in connection with the EMVchip migration and the use of EMV chip cards in e-commerce and m-commercetransactions. An excellent reference for today’s IT/e-commerce professionalsand post-graduate student alike, the book helps you fully understand thisemerging, complex payment card technology.

Contents:

Introduction.

PaymentCard Processing - Payment Card Processing at a Glance. Roles Involved inPayment Card Processing. Payment Card Brands. Credit and Debit Payment Cards. Zoom on the Magnetic Stripe Card. Threats andSecurity Protections. Processing at the Point of Service. Payment Network andInterchange Messages. Online Authorization. Clearing and Settlement.

ChipMigration - A Business Case for Chip Migration. An Overview of the ChipCard Technology. Proprietary Payment Application. Interoperable PaymentApplication.

Organizationof the EMV Specifications. - EMV DataElements and Commands. EMV File System. EMV Application Selection.

EMVCertificates - Certification Mechanism and Algorithms. - Public Key Certificate for RSA Scheme.Entities and Certifiers. Entity Public Key Remainder. - EMV Certification Chains. IssuingEMV Public Key Certificates. Verifying EMV Public Key Certificates. IssuingSigned Static Application Data.

Verifying Signed Static Application Data.

Debitand Credit with EMV - Overview ofthe EMV Debit/Credit Transaction. InitiateApplication Processing. Read Application Data. Offline Data Authentication.Processing Restrictions. Cardholder Verification. Terminal Risk Management.Terminal Action Analysis. Online Processing and Issuer Authentication. IssuerScripts.

EMVchip migration issues - EMV Regulatory Framework. Deriving ICC Specifications by Issuers.

Selection Criteria of the ICC Architecture. Multi-Application ICC. Issuer’sBusiness Case. Adaptive Initiate Application Processing. Design Criteria forCAM Selection. Design Criteria for CVM Selection. Processing Restrictions. CardRisk Management.

RemoteCard Payments and EMV - A Model for Remote Card Payments. SecurityAspects of Remote Card Payments. Remote Payment Method Based on TLS. SET BasedSolutions. TLS vs. SET or Wallet Servers and EMV Cards. Transaction Processingfor Chip E-commerce.

Appendixes-Security Approach. Generic Security Threats. Security Mechanisms. BlockCiphers. RSA Encryption and Signature Scheme. E-commerce and M-commerce RelatedTechnologies.

CristianRadu iscurrently an independent consultant for payment system and telecom operators inBelgium. He has over 15 years experience as an engineer, researcher andprofessor. Dr. Radu earned his Ph.D. in electrical engineering at the CatholicUniversity of Leuven, Belgium.