Structure of Smart Card
Structure of Smart Card, Smart card and Smart Card Systems: A smart card is a small computer with a processor and memory on it.
- Smart card types
- contact cards
- Contactless cards
- Combi cards
- Usage areas of smart cards
- health card
- insurance card
- Transport
- Cable and satellite television
- Prepaid meters
- credit card, debit card
- Electronic wallet
- Access control (to buildings, sections, safes, etc.)
- phone card
- They are used as ID cards.
Structure of Smart Card – Life Cycle
Card Production
File Structure of Card-1
Card’s Operating System
Making the Chip
embedding
Painting the plastic card
Embedding (Adhering the chip to the plastic card)
Pre-personalization (Creating the basic file structure of the card)
Personalization
Card Usage Phase
Structure of Smart Card; File Structure-3
- C:\Tutorial\Training.txt
- MF: Master File (C:\): It is the root directory of the card. All files and folders are collected under Master File
- DF: Dedicated File(Training): Application folders under Master File layer
- EF: Elementary File(Egitim.txt): These are the files that are located under the Master File or Dedicated Files and contain application data.
What is EMV?
- In 1994, the three major card associations, Visa International, Europay International and MasterCard, came together to develop a standard for the use of smart cards in their member financial institutions. This collaboration accelerated similar standardization studies carried out by ISO and the EMV standard was started to be developed. The purpose of EMV is to discard the magnetic stripe cards used in the banking system and replace them with chip cards. It is also a plus that the EMV standard brought by these three institutions increases the security.
- The EMV standard aims to reduce the dependency of cards on banks and enable offline transactions. Depending on the risk management policy of the issuing institution and the acquire banks, transactions between the card and the terminal can be made offline continuously. Losses from card frauds and attackers (hackers) are expected to decrease thanks to EMV
Smart Card and Smart Card Systems Advantages of EMV-For Banks
- Opportunity to trade from anywhere in the world
- Elimination of incompatibilities arising from transactions made with counterfeit cards, thanks to increased transaction security
- More direct contact with the customer thanks to additional applications
- Expansion of the customer portfolio thanks to secure transactions
- Less fraud, customer satisfaction, reduced financial losses due to fraud
- Safe use of the same card from different payment channels. Secure online shopping with EMV cards
Advantages of EMV-Card Holders
- Opportunity to buy more services with the same card. (Safe online shopping, loyalty apps)
- The banking service can be accessed from anywhere, anytime.
- Ability to operate offline
- Can host multiple applications on the same card
- Copying of EMV Card is impossible
Advantages of EMV-For Member Businesses
- Elimination of disputes affecting customer service, thanks to reduced card reading errors
- Reduction of communication costs
- Fewer customer complaints, thanks to reduced fraud
Smart Card and Smart Card Systems EMV Certifications
EMV has divided the terminal and card certification process into two layers: hardware-based and software-based.
- EMV Level 1(Hardware Specifications)
- EMV Level 2(Security and Software Specifications)
EMV Level 1 Certification
It is a collection of specifications that smart card and smart card readers must comply with mainly hardware. Focused Topics:
- -Physical Interface
- -Electrical characteristics
- -Sub-level communication protocols
EMV Level 2 Certification
It is a collection of software specifications that the application on the terminals must comply with. Focused Topics:
- -Communication standards of card and terminal
- -Card Verification, PIN Verification Algorithms, etc.
- -Slip formats, messages to be displayed, etc.
EMV Terminology
- TVR Terminal Verification Results (Terminal’s process log)
- TSI Transaction Status Information
- TAC Terminal Action Code (Terminal Action Codes)
- IAC Issuer Action Code (Issuer Action Codes)
- TC Transaction Certificate (Transaction Certificate)
- ARQC Authorisation Request Cryptogram (Cryptogram generated for online transactions)
- AAC Application Authentication Cryptogram (Cryptogram generated for rejected transactions)
- TLV Tag – Length – Value
- AID: Application Id (Id of the application)
- DOL Data Object List
- PDOL Processing Options DOL
- DDOL Dynamic Data Authentication DOL
- CDOL Card Risk Management DOL
- TDOL Transaction Certificate DOL
General Concepts
Acquirer Bank:The bank that owns the terminals.
Issuer Bank:The bank that produces the cards.
DES(Data Encryption Standard) :It is used to provide security in EMV. Issuer bank generates DES Keys and keeps them securely in its system and securely uploads them to the card.
RSA: A standard used to provide advanced security in EMV. It is used to verify the card offline. RSA Keys consist of 2 parts: Public Key, Private Key
Certification Authority:The institution that shares the keys between the terminals of Acquirer banks and the cards of Issuer banks
EMV Data
- Data Element: The smallest unit of data that has meaning
- Tag, Length, Value (TLV): How Data Elements are expressed
- Tag: Unique id of Data Element
- Length: The length of the Data Element
- Value: Value of Data Element
EMV Data Elements
- EMV Data Elements are expressed in TLV format
- Properties of EMV Data Elements
- Format: Numeric, alphanumeric, binary, alphanumeric custom
- Requirement : Required, Mandatory, Conditional, Optional
- Source: Terminal, Card
- Definition: What the data element means
An example Data Element
- Name: Card Number
- Tag: 5A (id)
- Length: 08 (Length)
- Value: 1628386081524355 (Value)
- Definition: A singular number used to represent a card