NACCU 2013. Migrating to Contactless: 2013 1

Similar documents
MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER

Guard All Security Symposium. Identity and Access Management

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control

permitting close proximity communication between devices in this case a phone and a terminal.

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

NFC Hacking: The Easy Way

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

Converged Smart Card for Identity Assurance Solutions. Crescendo Series Smart Cards

How Secure are Contactless Payment Systems?

CRESCENDO SERIES Smart Cards. Smart Card Solutions

Mobile Near-Field Communications (NFC) Payments

CANADA VS THE USA - THE CONTRAST AND LESSONS FOR MOBILE PAYMENTS

Enhancing the Contactless Cards UAT. Enabling faster and efficient transactions.

NFC Hacking: The Easy Way

advant advanced contactless smart card system

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Contactless Payments with Mobile Wallets. Overview and Technology

Ingenious Systems. Evolute System's. Mobile Payment. Initiative

Smart Cards and Biometrics in Physical Access Control Systems

American Express Contactless Payments

Identiv is a publicly traded company and its common stock is listed on the NASDAQ Capital Market in the U.S. under the symbol INVE.

Gemalto Mifare 1K Datasheet

Contactless Solutions

Inside the Mobile Wallet: What It Means for Merchants and Card Issuers

Training MIFARE SDK. Public. MobileKnowledge June 2015

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

Latest and Future development of Mobile Payment in Hong Kong

John Beckwith Loyola Marymount. Access Control - Where are we and where are we going?

Better Security Through Mobile The One-Two Punch Industry Best Practices

Edge Metrics Data Center User Manual

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Hacking the NFC credit cards for fun and debit ;) Renaud Lifchitz BT Hackito Ergo Sum 2012 April 12,13,14 Paris, France

The Canadian Migration to EMV. Prepared By:

How To Make Money From Mobile Payment On Wirecard

Executive Summary P 1. ActivIdentity

CONTACTLESS INTEROPERABILITY IN TRANSIT

Beyond the Hype: Mobile Payments for Merchants

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO BASED TECHNOLOGY FOR PAYMENT 4

Mobile and Contactless Payment Security

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association

Jolly Encoder Configuration Guide

Open Payment Fare Systems Save money through operational efficiencies.

AD-Series. Selection Guide

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013

Beginner s Guide to Point of Sale

Development of Hybrid Radio Frequency Identification and Biometric Security Attendance System

Evolving Mobile Payments Industry Landscape

RFID Hacking. Live Free or RFID Hard. 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV. Presented by: Francis Brown Bishop Fox

Enrolling with PIV and PIV-I Velocity Enrollment Manager

General information about NFC technology

Using Contactless Smart Cards for Secure Applications

Electronic Access Control Security. Matteo Beccaro HackInTheBox Amsterdam, May 27 th, 2016

INTRODUCTION AND HISTORY

EMV/NFC/MOBILE PAYMENTS THE TIME IS NOW THE OPPORTUNITY IS HUGE

iclass MHz Contactless Cards and Readers ACCESS SECURE IDENTITY

How To Secure A Paypass Card From Being Hacked By A Hacker

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

Payments Transformation - EMV comes to the US

Simple Smart Card Applications for Paratransit Systems

The EMV Readiness. Collis America. Guy Berg President, Collis America

Mobile Electronic Payments

Smart Card Fare Payment Solutions For Public Transportation

Using RFID Techniques for a Universal Identification Device

Secure your Privacy. jrsys, Inc. All rights reserved.

Index. 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acquirer Interface 4-Letters of Approval

An Effective Approach to Open Payment Systems

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Offering you the New Age of Vending and Micro Markets The Most Technologically Advanced System in the World!

SALTO Systems I SALTO Carriers. innovation in ID technology. MIFARE DESFire

RFID Penetration Tests when the truth is stranger than fiction

NFCulT. An easy a nice tool that will make you have fun, or... make profit!

PCI and EMV Compliance Checkup

More effective protection for your access control system with end-to-end security

NFC Tags & Solutions. Understanding Near Field Communication (NFC) Technology. Executive Summary

OT PRODUCTS & SOLUTIONS TRANSPORT

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

Unleashing the Power of Smart Payment

SYMMETRY PRODUCT OVERVIEW

Bringing Mobile Payments to Market for an International Retailer

SmartCITIES. Smart InterOperable. Solutions for Transport Authorities

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

Special Report: Trends in Mobile Payment April 2015

How to connect your D210 using Bluetooth. How to connect your D210 using GPRS (SIM Card)

EMV-TT. Now available on Android. White Paper by

OVERVIEW OF MOBILE PAYMENT LANDSCAPE

OVERVIEW OF MOBILE PAYMENT LANDSCAPE Marianne Crowe Federal Reserve Bank of Boston NEACH September 10, 2014

SYMMETRY. DATASHEET ACCESS CONTROL Product Overview

Transcription:

NACCU 2013 Migrating to Contactless: 2013 1

AGENDA The demise of cards has been predicted for many years. When will this really happen? This presentation by two card industry experts will cover the rise of ID cards, the technological innovations that have made them indispensable and the reasons that cards will be with us for a long time. Migrating to Contactless: 2013 2

AGENDA Trends Plastic cards Contactless smart cards Physical access readers Contactless payments Printing, reading and encoding contactless Migrating to contactless The future Migrating to Contactless: 2013 3

TRENDS New contactless products System tools Cards and readers Decision points for card technology migration New building construction Card system upgrade Transit integration IT getting more involved in ID decisions Phones! Will NFC or mobile apps dominate payments? NFC pilot programs Migrating to Contactless: 2013 4

CARD CONSTRUCTION Chip Inlay Layer Migrating to Contactless: 2013 5

CARD CONSTRUCTION Mag Stripe Layer Migrating to Contactless: 2013 6

CARD CONSTRUCTION Pre-printed Layer Migrating to Contactless: 2013 7

LAYERS OF A SMART CARD Migrating to Contactless: 2013 8

CARD LAMINATING PRESS Migrating to Contactless: 2013 9

IDENTIFICATION TECHNOLOGIES THE CARD HOLDS IDENTIFYING NUMBERS FOR ALL THE APPLICATIONS THAT IT TOUCHES EXTERNAL Visual Printed Image Photo Printed Number Automatic ID Encoded Mag Stripe Bar Code INTERNAL Automatic Prox Chip Contactless Chip Contact Chip Migrating to Contactless: 2013 10

DEFINITIONS - RFID Three frequency ranges used for Radio Frequency Identification cards: 1. Low Frequency Prox 2. Ultra High Frequency UHF RFID EPC Gen II (Electronic Product Code) 3. High Frequency Contactless Smart Card Migrating to Contactless: 2013 11

PROXIMITY CARDS Proximity Prox Proxy cards 125KHz, Low Frequency Up to 100 bits of memory Usually pre-programmed by manufacturer 25 year-old technology HID, Indala, Casi-Rusco, AWID, Kantech Vulnerabilities New mobile devices that can read and write to Prox cards Soon it will be easier to clone Prox than mag stripes Migrating to Contactless: 2013 12

RFID 900 MHz, Ultra High Frequency (UHF) Used as ID tags for things more often than people EPC Gen II Electronic Product Code 30 Read range Not considered as secure as Contactless Inventory, vehicles, passports, ski Migrating to Contactless: 2013 13

CONTACTLESS CARDS Contactless Smart Cards 13.56 MHz High Frequency Additional rewritable memory available, up to 8K bytes Advanced security available encryption Widely used for physical access, transit, payments Migrating to Contactless: 2013 14

CONTACTLESS MEMORY For commercial contactless cards: Memory on a contactless chip is like a hardcover book Book cover has the Card Serial Number (CSN) or Universal ID (UID) Unique to every contactless chip Electronically stamped by the mfr. Interoperable No data encryption Migrating to Contactless: 2013 15

CONTACTLESS MEMORY The first chapter of the book can be reserved for the physical access application Card ID number, for physical access readers Locked with manufacturer s key Recommend unique encryption key for each institution Normally non-rewritable area Migrating to Contactless: 2013 16

CONTACTLESS MEMORY Remaining chapters can be used for other applications Putting an application on the card Storing a number in an area of the chip memory for retrieval by a particular application Each application has its own chapter Often rewritable Biometric templates Payment data Student ISO numbers Migrating to Contactless: 2013 17

CONTACTLESS IDENTIFIER REVIEW CSN, UID, CHUID Free read, not very secure Used by unlicensed reader manufacturers Physical access control application number Encrypted, secure Other application numbers Contactless credit card payment data mimics mag stripe data Biometric templates Read/write data Some physical access control applications Transit fare collection systems Payment applications increment, decrement Migrating to Contactless: 2013 18

ENCRYPTION Keys are like passwords that lock memory sectors on smart cards If cards are pre-programmed for physical access, then that application area is locked with a key Physical access cards can have manufacturer s standard key, or a custom key unique to the institution HID Elite Key program option for iclass Unique encryption key for cards and readers PACS readers and cards usually have to be from the same manufacturer Migrating to Contactless: 2013 19

PERSONALIZATION All ID printers have contactless reader options Each printer model has to be specifically supported by software Smart cards require special support Migrating to Contactless: 2013 20

DTC PRINTERS AND CONTACTLESS CARDS Migrating to Contactless: 2013 21

REVERSE TRANSFER PRINTING Migrating to Contactless: 2013 22

RE-CARD: IN-HOUSE OR OUTSOURCE? Why Re-Card? New card technology New card artwork or logo New banking relationship New card system Things to keep in mind for your in-house re-card: Printers Do you have enough printers? Rent printers? How many? How long? Cards Don t forget to order extra cards for production Considerations Wear and tear on printers Time and deadlines Cost consumables & resources Puts a lot of pressure on the Card Office! Migrating to Contactless: 2013 23

PAYMENT CARDS EMV (Chip and PIN ) in EU, Canada, other parts of the world NFC in Japan, Korea Mostly FeliCa, not PayPass (MC) or PayWave (VISA) Mag stripe is standard in US Some contactless card use EMV is coming standards required by MC and VISA, by 2014 Many EMV terminals will have contactless readers NFC may become payments method in US? NFC was hijacked by the payments industry and has not been heard from since. Migrating to Contactless: 2013 24

CONTACTLESS PAYMENT Many banks issue contactless payment cards (credit, debit, pre-paid) Applications by Master Card (PayPass), VISA (PayWave), AMX (expresspay) It s all about convenience Every transaction must be successful The data is not encrypted on contactless payment cards Helps assure successful transaction Skimming is very easy, especially with NFC phones NFC for payments would follow the no-encryption model Back-end systems could help recognize fraud Bank payment apps could technically reside on your campus cards Complicated by rules and regulations Migrating to Contactless: 2013 25

CONTACTLESS FOR TRANSIT MIFARE was made for transit Legacy systems write payment data to card Newer systems are usually account-based Chicago is installing an open loop system Ventra Card Based on Master Card Debit Single ride and day tickets, or contactless bankcard Closed loop transit data usually proprietary to that system Cards must be programmed by transit agency, or under licensing agreement UTA is exception - they read CSN Latest cards could hold multiple apps ISO 14443 standard IR aptiq HID SEOS Other? Migrating to Contactless: 2013 26

CONTACTLESS NUMBERS Physical access cards traditionally pre-programmed by manufacturer Numbers captured at issuance Printer with reader and correct software Manually, with USB reader at PC Some systems now write data to cards in printer Blackboard, with FeliCa and MIFARE CBORD, with MIFARE, DESFire? What data and how does it work? Migrating to Contactless: 2013 27

SECURITY COMPARISON Migrating to Contactless: 2013 28

THE FUTURE -- PHONES! NFC for physical access Near Field Communication Contactless chip in the phone that talks to phone OS Many new smartphones have NFC chips Apple, not yet NFC for payments BYOD NFC tags How to provision and manage? Stickers that are read by NFC phones Coupons on posters Migrating to Contactless: 2013 29

NFC CREDENTIALS Remember secure credentials on cards? Readers at doors look for the same credentials, whether on cards or phones VIRTUAL CREDENTIALS! Reader mfrs. will not give credentials away for free Will integrators charge for this service? Credentials for NFC payments Could be free? Not encrypted How to provision phones? Migrating to Contactless: 2013 30

THE FUTURE PORTABLE DATA One manufacturer s approach to making data portable HID s SIO Secure Identity Objects Data can be anything ID number for PACS, employee ID, ISO number SIO can be securely stored on contactless card, PC, phone SIO data read at door by HID SE readers NFC, MIFARE, DESFire, SEOS, iclass Readers have Hardware Security Module (HSM) for key storage Securely provision NFC phones with SIO, Over The Air (OTA) Migrating to Contactless: 2013 31

NFC FOR PAYMENTS Commercial mobile payment evolution: Google Wallet will now have card Software solutions (phone apps) already more widely used than NFC ISIS Starbucks PayPal Home Depot MCX Wal-Mart, Target Will use QR codes! Verizon, AT&T Trying to use NFC Network operators own the SIM Migrating to Contactless: 2013 32

FUTURE - EMV CARDS Gold contact chip on front Chip and PIN Global 1 billion EMV cards issued globally 15.4 million POS terminals Coming to the US? VISA and MC guidelines Contactless EMV is possible NFC + EMV? Migrating to Contactless: 2013 33

FUTURE -- PIV, CAC, TWIC? Dual interface chip Gold contact chip on front Used for authentication and logical access Contactless interface through antenna in card Used for physical access No encryption on this data US Gov requires background check PIN unlocks card Fingerprints stored on card Iris templates coming Smart chip has PKI encryption Best portable encryption available Many certificates on card for many uses Migrating to Contactless: 2013 34

CREDENTIAL CONCLUSIONS Determine your security requirements and policies Levels of security Throughput Convenience Human participation Readers are almost forever choose wisely Create migration path to introduce advanced authentication technology Multi-technology cards and/or readers Visual security for cards is important Keep systems that work well and make sense Test! Migrating to Contactless: 2013 35

NFC CONCLUSIONS Widespread adoption by payments industry in the U.S. is years away NFC could work in closed loop environment Has to be fully supported by infrastructure: PACS or payments How to manage mobile devices? Test! Apple? Android Windows? Migrating to Contactless: 2013 36

CARD CONCLUSIONS More general purpose plastic cards issued worldwide in 2012 than ever! Use cards until NFC support is available for your application If you need to upgrade from mag or prox, for PACS: Buy readers that could read NFC Test! iclass SE aptiq Integrator proprietary Migrating to Contactless: 2013 37

Thanks! Migrating to Contactless: 2013 38

Questions? Call or email for more information. David Stallsmith Director of Product Management 704-897-1156 david.stallsmith@colorid.com Todd Brooks Product Manager 704-897-1959 todd.brooks@colorid.com Migrating to Contactless: 2013 39

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information