THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO 14443 BASED TECHNOLOGY FOR PAYMENT 4



Similar documents
American Express Contactless Payments

Mobile Near-Field Communications (NFC) Payments

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

MasterCard Contactless Reader v3.0. INTRODUCTION TO MASTERCARD CONTACTLESS READER v3.0

Enhancing the Contactless Cards UAT. Enabling faster and efficient transactions.

Mobile Payment: The next step of secure payment VDI / VDE-Colloquium. Hans-Jörg Frey Senior Product Manager May 16th, 2013

CONTACTLESS INTEROPERABILITY IN TRANSIT

EMV mobile Point of Sale (mpos) Initial Considerations

The EMV Readiness. Collis America. Guy Berg President, Collis America

Fundamentals of EMV. Guy Berg Senior Managing Consultant MasterCard Advisors

NFC Hacking: The Easy Way

Visa Recommended Practices for EMV Chip Implementation in the U.S.

NFC Hacking: The Easy Way

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

What Merchants Need to Know About EMV

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

How Secure are Contactless Payment Systems?

INTRODUCTION AND HISTORY

E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014

Desktop Terminals. UK Terminals and Monthly Lease Payments (VAT Excluded) Ingenico ICT250CC VAT per month. 48 month lease.

permitting close proximity communication between devices in this case a phone and a terminal.

OT PRODUCTS AND SOLUTIONS EMV-IN-A-BOX

Index. 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acquirer Interface 4-Letters of Approval

EMV : Frequently Asked Questions for Merchants

EMV Frequently Asked Questions for Merchants May, 2014

A Guide to EMV Version 1.0 May 2011

The Future is Contactless

welcome to liber8:payment

EMV Acquiring at the ATM: Early Planning for Credit Unions

Contactless Payments with Mobile Wallets. Overview and Technology

NEWSLETTER PAX TECHNOLOGY. March Your Payment Partner of Choice

Meet The Family. Payment Security Standards

PayPass M/Chip Requirements. 10 April 2014

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

Information about this New Guide

Payments Transformation - EMV comes to the US

Preparing for EMV chip card acceptance

Euronet s Contactless Solution

Frequently asked questions - Visa paywave

M/Chip Functional Architecture for Debit and Credit

Card Technology Choices for U.S. Issuers An EMV White Paper

MasterCard. Terminal Implementation Requirements. PayPass

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

The Canadian Migration to EMV. Prepared By:

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

HOW TO OPTIMIZE THE CONSUMER CONTACTLESS EXPERIENCE? THE PERFECT TAP

Chip Card Acceptance Device

Gemalto Mifare 1K Datasheet

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

PCI and EMV Compliance Checkup

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

Using RFID Techniques for a Universal Identification Device

A Guide to Contactless Cards

Paving the way for a SEPA wide Payment Solution. The OSCar Project June 2013

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

Smart Cards for Payment Systems

How To Secure A Paypass Card From Being Hacked By A Hacker

Requirements for an EMVCo Common Contactless Application (CCA)

MasterCard PayPass. M/Chip, Acquirer Implementation Requirements. v.1-a4 6/06

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

Mobile Contactless Payments and Data Privacy

MOBILE NEAR-FIELD COMMUNICATIONS (NFC) PAYMENTS

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association

Figure 1: Attacker home-made terminal can read some data from your payment card in your pocket

EMV and Small Merchants:

Loyalty Systems over Near Field Communication (NFC)

Digital Payment Solutions TSYS Enterprise Tokenization:

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

NACCU Migrating to Contactless:

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

PAYMENTS AS A SERVICE. Fully managed multi-channel card acceptance for all business environments.

Abracon PTM Introduction to ANFCA Series Flexible Peel & Stick NFC Antennas

NFC Test Challenges for Mobile Device Developers Presented by: Miguel Angel Guijarro

EMV Chip Card Payment Standard: Perspective

EMV in Hotels Observations and Considerations

Credit and debit card payment processing. Proven daily in 20,000 parking terminals worldwide

Mobile Electronic Payments

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

PayPass - M/Chip Requirements. 5 December 2011

How to connect your D210 using Bluetooth. How to connect your D210 using GPRS (SIM Card)

a leap ahead in analog

How To Protect A Smart Card From Being Hacked

Paving the way for a SEPA wide Payment Solution. The OSCar Project April 2014

Your Reference Guide to EMV Integration: Understanding the Liability Shift

WIRELESS - GPRS iwl250 POS SOLUTION

A RE T HE U.S. CHIP RULES ENOUGH?

Introductions 1 min 4

How To Use The Smart Cities Smart Contactless Framework

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

Die Zukunft des M-Payment The future of m-payment

Security & Chip Card ICs SLE 44R35S / Mifare

Wayne EMV Solutions. Protect your business with a complete EMV Solution inside and out.

Transcription:

CONTACTLESS

THE APPEAL FOR CONTACTLESS 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO 14443 BASED TECHNOLOGY FOR 4 DESIGNING AN EMV LIKE CONTACTLESS SYSTEM 5 INGENICO, LEADER IN CONTACTLESS TECHNOLOGY 7

CONTACTLESS THE APPEAL FOR CONTACTLESS Many consumers have first experienced contactless technology with the purchase of a contactless card for public transportation, going through the gates with that intriguing plastic card in hand. Just wave your card over a terminal, you can hear a beep and go. It s as simple as that. You don t even have to pull out the card from your wallet. Since more and more cities are adopting these new ticketing systems, travellers have learned to appreciate the beauty of contactless technology - its speed, convenience and reliability. As the public becomes accustomed to this new technology and builds trust using it everyday, new contactless applications can be expected to proliferate outside public transportation. One of the emerging uses of contactless technology is Contactless Payment, as witnessed in a number of recent developments and initiatives. One after the other, the leading payment card associations have announced contactless payment programs and have issued corresponding specifications - MasterCard PayPass, Visa Contactless and American Express ExpressPay (USA only). The leading card associations are leading the way to contactless payment and have good reasons to do it. Customers and merchants are eager to reduce transaction times. Some businesses such as fast foods and small retail shops, currently accepting cash in most cases, would like to convert to contactless payment to increase speed and generate more revenue. Contactless technology enables businesses to accept payment from devices that are not necessarily in the format of a card, for instance a mobile phone. Contactless technology improves reliability and increases protection against vandalism, especially in unattended payment applications such as vending machines. AVAILABLE CONTACTLESS TECHNOLOGIES There are numerous technologies capable of performing a contactless transaction. Basically, any means of transporting encrypted data through the air can be used for this application. These include Infrared Data Transfer, Bluetooth, Wi-Fi, Wireless Data Transfer and Radio-Frequency communications. There have been trials of infrared technologies in Japan where payment card information is securely stored in a mobile phone or PDA and transmitted to a reader via the device infrared port. Similarly, it is possible to send transaction data wirelessly from a device to a reader located at a close distance using Bluetooth or Wi-Fi communications. Another alternative is to transmit payment information using Wireless Data communication over a GPRS network. All these technologies have interesting features but share one major limitation - they require a powered device at each end of the communication link. It is thus hard to imagine how to use them with a sole payment card in hand. Fortunately, there is one technology that is designed for this function - Radio-Frequency powering and communication. By providing power through a radio frequency signal, the reader - sometimes called a coupler - can wake up the chip integrated within the card and start communicating with it, eliminating thus the need for a powered device on the card side. INGENICO 2007 3.

The smartcard industry quickly understood the potential of Radio Frequency and pushed for the standardization of this technology, calling it Contactless. Two specifications were agreed and issued. ISO 14443 is a specification standard for the short range contactless transmission of less than 10 cm while ISO 15693 is a specification standard for the longer distance contactless transmission of up to 1 meter. Both Radio Frequency standards operate at a frequency of 13,56MHz. Contactless has become a third possible interface between the card and the reader, in addition to the magnetic stripe and ISO contact. Contactless payments can thus benefit from the inherent security of smart cards. With the endorsement of ISO 14443 by major card associations, it has become practical to implement full EMV protocols over the air. This will be accelerated when EMVCo publish their requirements following the formation of the EMVCo Contactless Working Group in March 2006. USING ISO 14443 BASED TECHNOLOGY FOR Traditional credit/debit cards use a magnetic stripe card as a machine readable identification. This is simple and convenient, but cards are extremely easy to copy or alter. The chip in EMV brought far greater security and the card became a full player in the decision making process whether the transaction should be approved off-line, rejected, or sent for on-line approval. There are parallels in the contactless world. MasterCard PayPass Mag-stripe, Visa Magnetic Stripe Data or American Express ExpressPay are replacements for magnetic stripe cards. These mag-stripe style contactless systems are much harder to copy or alter than magnetic cards and are easier to use. Messaging and host support requirements for mag-stripe style contactless is similar to true magnetic stripe cards. Card Associations have also provided equivalents to EMV-style cards, known as MasterCard OneSmart (or M/Chip) PayPass and Visa qvsdc Contactless. These EMV style cards offer a higher degree of security than mag-stripe style cards with strong card authentication and a transaction certificate 1 for irrefutability. They also bring the intelligence of an EMV card with the greater possibility of an off-line approval to reduce transaction time and cost. A well designed EMV system will support contactless without major re-design. Whether the transaction is mag-stripe like or EMV like, Ingenico demonstrated it can be completed in a fraction of a second. Both MasterCard and Visa have options that exploit the intelligence of EMV-like systems further to reduce the necessity of on-line authorisations. Examples are the Low Value (LV) payment feature of Visa qvsdc and MasterCard OneSmart Pre-Authorized 2. If they differ in some details, their objective is similar. In both cases, a pre-authorised spending limit is loaded onto the card (possibly ring-fencing funds in the cardholder s account), and decremented with every off-line transaction. An on-line or PIN transaction is only required for high value transactions or when the pre-authorised limit is exhausted. Ingenico has made successful demonstrations of both of these pre-authorised systems. 1 A Transaction Certificate is a cryptographic check confirming that a transaction took place with a particular card, on a particular terminal at a particular time. 2 MasterCard formerly branded OneSmart Pre-Authorized as MPA. INGENICO 2007 4.

DESIGNING AN EMV LIKE CONTACTLESS SYSTEM EMV CONTACT In the contact EMV world, we are familiar with a layered structure: EMV CONTACTLESS The layered structure is paralleled in the Contactless world specifications: DESCRIPTION REQUIREMENTS DESCRIPTION REQUIREMENTS LOCAL REQUIREMENTS. MASTERCARD FUNCTIONAL ARCHITECTURE VISA VIS LOCAL REQUIREMENTS. MASTERCARD FUNCTIONAL ARCHITECTURE VISA VIS KERNEL (EMV LEVEL 2) FLOW AND SECURITY EMVCO BOOKS 1 TO 4 CONTACTLESS LEVEL 2 FLOW AND SECURITY PAYPASS - MCHIP PAYPASS - MAG STRIPE VISA CONTACTLESS SPECIFICATION INTERFACE MODULE (EMV LEVEL 1). EMVCO BOOK 1 (PART) PROXIMITY COUPLING DEVICE. PAYPASS ISO/IEC 14443 IMPLEMENTATION SPECIFICATION Over the years, Ingenico has worked with the Card Associations and EMVCo to bring a reasonably flexible - yet rigorous - approval system. From its earliest certifications, Ingenico promoted the concept of approval of modules (in opposition to terminals), which can be implemented in a variety of products and control of features through parameters, rather than by hard coding. This relies on Ingenico s strict layered software architecture and careful design. EMVCo currently certifies modules (IFM and kernel), and allows some flexibility in the use of kernels through multi configuration kernel approval, minor changes and unutilised functions. Once again, Ingenico is working with the Card associations to achieve flexibility with rigor in the contactless approvals. The industry needs to build up confidence in the portability of approvals; this is coming with the experience of well designed systems. In a typical contactless attended system, it is likely that there will be a conveniently positioned PCD as well as a merchant terminal for the cardholder. There are various ways in which the layers of a contactless transaction can be split between the two parts. 5.

First of all, it is possible to include the basic transaction flow with the card interface in the cardholder unit. In Visa terminology, this is called PCDA (Proximity Coupling Device Application): Alternatively, the card interface can concentrate on the communications and leave the transaction to the power of the Unicapt 32 terminal. In Visa terminology, this is called PCDR (Proximity Coupling Device Reader): U32 TERMINAL CARD READER U32 TERMINAL CARD READER CONTACTLESS LEVEL 2 FLOW AND SECURITY CONTACTLESS LEVEL 2 FLOW AND SECURITY PROXIMITY COUPLING DEVICE. PROXIMITY COUPLING DEVICE. 6.

Both architectures have their advantages. The PCDA is convenient for upgrade of existing systems to support mag stripe type contactless transactions. However, when it comes to EMV style contactless, there are strong arguments for moving to a PCDR type architecture. Fundamentally, it re-uses the resource that has been invested in contact technology. An EMV style transaction requires considerably more processing power and data storage than a mag stripe style transaction. This is already available in a Unicapt 32 terminal which has an extremely fast RSA computation speed as well as a large and secure memory. An EMV style contactless transaction requires many more control parameters than a mag stripe style transaction, and these parameters are likely to need periodic updates. Again, the Unicapt 32 terminal can be easily updated through IngEstate, Ingenico s Terminal Management System 3. INGENICO, LEADER IN CONTACTLESS TECHNOLOGY Ingenico continually evaluates and studies enabling technologies. Thanks to its participation in many global pilots and prototypes programs, the company has demonstrated key capabilities in all areas of contactless payment including magnetic stripe emulation, contactless EMV, mobile terminals, portable terminals and fixed terminals. In 2004 at Cartes, Ingenico was the first to demonstrate EMV style transactions. We went on to successfully demonstrate VLP at the Visa Europe member meeting in Malta and the Visa board meeting in Beijing. In 2005 at Cartes, Ingenico demonstrated the latest qvsdc implementation including the emerging fdda01 card authentication. Ingenico is also the sole terminal provider of the first large scale NFC payment experiment in the French city of Caen. More importantly, Ingenico is now delivering massive roll-outs of contactless systems in North America. Ingenico was able to bring its exceptional experience in secure transactions to deliver solutions that provide a secure contactless payment experience to the consumer and the merchant. Ingenico has achieved certifications below of its Contactless Payment Expansion Module for Visa MSD, MasterCard Mag-stripe and AMEX ExpressPay. The CPEM is currently being rolled out in major USA retailers as an upgrade of their existing magnetic stripe terminals, operating in a PCDA mode. The same CPEM can also be operated in a PCDR mode for EMV style transactions. Whatever your need is, Ingenico will make sure to provide you an easy way into contactless. 3 In the contact world, EMVCo state that acquirers are strongly encouraged to use a Terminal Management System (TMS) for the purposes of configuring and updating their EMV devices. EMV introduces features, functions and required data to terminals that are more effectively managed using a TMS. Some of these features and functions are as follows: Certificate Authority (CA) Public Key Management Terminal Action Codes Configuration Application Identifier Random Transaction Selection Parameters Terminal Processing Restrictions Floor Limits A TMS is recommended to provide the Acquirer with control over the process of changing or updating data elements and features on their devices. A TMS is equally relevant to EMV style contactless. Groupe Ingenico 192, avenue Charles de Gaulle 92200 Neuilly-sur-Seine - France Tel : +33 (0)1 46 25 82 00 Fax : +33 (0)1 47 72 56 95 www.ingenico.com 03-2007

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information