ADAM PARTNERS

LET’S LOOK AT SO CALLED SMART CARDS

In REFERENCE LIBRARY, UNDERSTANDING THE CONCEPTS on July 5, 2011 at 6:49 am
A cross sectional view of the structure and pa...

Image via Wikipedia

EMV stands for EuropayMasterCard and VISA, a global standard for inter-operation of integrated circuit cards (IC cards or “chip cards”) and IC card capable point of sale (POS) terminals andautomated teller machines (ATMs), for authenticating credit and debit card transactions.

It is a joint effort between Europay, MasterCard and Visa to ensure security and global interoperability so that Visa and MasterCard cards can continue to be accepted everywhere. Europay International SA was absorbed into MasterCard in 2002. JCB (formerly Japan Credit Bureau) joined the organization in December 2004, and American Express joined in February 2009. IC card systems based on EMV are being phased in across the world, under names such as “IC Credit” and “Chip and PIN“.

The EMV standards define the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards.

The first standard for payment cards was the Carte Bancaire B0′ standard deployed in France in 1989.Geldkarte in Germany also predates EMV. EMV was designed to allow cards and terminals to be backwardly compatible with these standards. France has since migrated all its card and terminal infrastructure to EMV.

The most widely known chip card implementations of EMV standard are:

  • VSDC – VISA
  • MChip – MasterCard
  • AEIPS – American Express
  • J Smart – JCB

Visa and MasterCard have also developed standards for using EMV cards in devices to support card-not-present transactions over the telephone and Internet. MasterCard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Password Authentication (DPA) scheme, which is their implementation of CAP using different default values.

In February 2010 computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack; however, the way PINs are processed depends on the capabilities of the card and the terminal. This attack is not a general weakness, but it does show that attacks are possible depending on the implementation.

In May 2010, a press release from Gemalto (a global EMV card producer) indicated that United Nations Federal Credit Union in New York would become the first EMV card issuer in the US, offering an EMV Visa credit card to its customers.

Click on the link below for a copy of the original study by Cambridge student, Omar S. Choudary.

The Smart Card Detective: a hand-held EMV interceptor

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: