Issuer System
- Supply of cards from the personalization office
- Cards are sent locked from the personalization office. Only the bank that receives the card can unlock this lock.
- Personalization of cards
- Unlock personalization of cards
- Physical print design is done
- EMV data to be uploaded to the card is created (P3 System)
- Cards are personalized by the card issuing machine
Personalization System-Quality Control
- Quality Control System
- It is a system used to check whether the cards that have been personalized or to be personalized are correctly personalized.
- Before personalization, the personalization file is passed through the quality control system.
- Sample cards selected from personalized cards are subjected to quality control.
Quality management
- The chip has a low degradation rate
- Broken chips need to be brought back to life
- Quality Assurance Tool: A tool that allows us to understand the status of the card. (PIN Blocked, Card blocked, data on the card corrupted, etc.)
- It can interfere with corrupted cards. (From bank branch, ATM, Internet)
Authorization Host System
- Should be able to interpret newly incoming EMV data
- Should be able to apply risk management criteria on the EMV data received in the authorization message
- TVR control
- Cryptogram verification
- Should be able to interpret the operation parameters entered from the Back Office System
- block card
- Increase limit
- Must be able to compose the Authorization Response Message
- Authorization response code
- Issuer’s cryptogram (ARPC) (Used for the card to verify the issuer)
- Issuer Script commands (change PIN, increase limit, etc.)
- Security in Authorization Response Message
- Ensuring message security and privacy in Issuer Script commands
- If the PIN CHANGE command is going, the PIN must be encrypted.
- All Issuer Script commands use a special key and a special algorithm to securely deliver the message to the card.
Post-Issuance Management System
- Post-Issuance Commands
- It is used to ensure that some data on EMV cards are changed by the bank after the card is issued.
- Operations that can be performed with Post-Issuance Commands
- Updating the offline transaction limits of the card
- Changing the PIN of the card
- Deactivating (blocking) PIN
- Unlocking (unblocking) PIN
- Closing the application on the card
- Opening the application on the card
- Deactivating the card
- Post-Issuance Commands
- Application Block: Allows an application on the card to be blocked by the issuer; If there is more than one application, there will be no problem in the operation of the other application.
- Application Unblock: Allows an EMV application blocked by the Issuer to be reactivated
- Card Block: It is the command that the Issuer can make the card unusable. No apps will work. Once the card is blocked, it cannot be opened again, it must be pressed again.
- PIN Change – UnBlock: It is the command that Issuer sends to the card to change the customer’s password. If this command runs successfully, the customer starts using the new password. The Pin Unblock
- command allows the customer whose PIN is blocked to reuse their password.
- Put Data: Allows updating parameters such as risk parameters (Velocity Counters) defined by the Issuer before the card is personalized.
- Deciding the post-issuance commands to be sent to the cards
- Follow-up of the results of post-issuance commands sent to the cards
- Logging of post-issuance commands sent to cards
- Post-issuance command sending order (Call Center)
- Post-issuance command sending order (Online message check result: Card is in black list, etc.)
- Design of screens with the aim of issuing Post-Issuence orders
- Ability to display the post-issuance commands sent to the cards according to various criteria
- Tracking and reporting the frequency of post-issuance commands
Clearing & Settlement System
- The message format received by the issuer bank at the end of the day also includes EMV data.
- Verification of the cryptogram (TC) received at the end of the day
- Acquirer banks are required to keep cryptograms and other transaction information in their systems
- If necessary, transaction information can be requested from Acquirer banks
- Acquirer systems are responsible for transferring all transaction information (offline and online) on terminals to issuer systems.
- This does not require charge-back even if cryptogram verification fails
- In the event of a cryptogram verification failure, a decision must be made about what to do with that card.
- Disable card
- Disable the application on the card
Issuer System Customer Service
- Clear display of magnetic card and chip card indicators to operators
- Displaying the critical points of Post Issuance studies and chip personalization studies on the screens of customer service officials
- The transaction data logged to the database clearly contains chip or magnetic separator information.
- Seeing the applications kept on the card and the chip application-specific information by the operator
- Easy access to chip-related data in the card management system, like accessing magnetic stripe information
- Was the transaction with the chip or with the magnetic stripe?
- Why did the chip process refuse?
- How can the chip be interfered with?
Credit Card Management System
- The card management system needs to be renewed to reflect the new EMV data and different risk parameters to its operators.
- Authorization criteria (Velocity Parameters) may vary according to account types and card types.
- Creation of cardholder verification methods according to card types
- Managing the customer’s offline PIN limit and value in the database
- Making Post Issuence decisions. Directing these decisions from the management screens according to certain procedures
- Follow-up of the results of the Post Issuence commands. And the effect of the previous results on the new commands. (card blocked card —- cannot re-enter the usage process)
Card Replacement
- How to keep track of cards to be renewed
- How will the necessary data be transmitted to the place of personalization during the renewal process of cards with multiple applications?
- Information on the cards to be renewed in the customer management system; How will customer representatives access this system?
Reporting
- Frequency of fallback transactions
- Distance covered in fraud prevention
- Causes of terminals drop to fallback transactions
- Cost analysis of offline chip transactions compared to online
- Problems arising from the correct selection of card parameters
- Achievements of chip cards compared to magnetic card transactions
- Examining authorization times when chip card is supported, how to handle them if high