THALES e-SECURITY

EMV
EASY MIGRATION GUIDE
Version 2
An impartial guide for Issuers and Acquirers looking
to migrate to EMV.
The key issues and technologies.
Some questions that must
be answered.
A reference for further information.
Produced in collaboration with other smart card
industry leaders.

www.thales-esecurity.com

EMV Easy migration guide

How to use this guide
Migration from magnetic stripe cards to EMV smart cards may look daunting. It is a complex task.
However, broken down into a series of logical elements it becomes much less problematical.
Whether the reader is tasked with managing the whole project, or perhaps just discrete parts, this
document aims to provide a useful introduction to the headline issues arising from migration.

The guide has been divided into three main sections:

Introduction
Card Issuer challenges
Acquiring and terminal network challenges

The second and third sections follow the same format:

An Overview of the subject area
An exploration of the Essential Issues upon which decisions must be made
A list of Critical Questions that the reader should ask
Suggestions on where the reader can obtain Further Information to support the decision-making
process including providers of relevant products and services
At the end of the document, the Critical Questions are then repeated in checklist format for clarity
of planning. Finally, overviews and contact details of the technology and service providers named in the
guide are provided.

Introduction
to

EMV

Introduction to EMV
The development of the smart card may well turn
out to be one of the most fundamental changes
yet seen by the global payments industry.
Despite concerted development, magnetic stripe card technology has reached a technical dead-end.
A magnetic stripe simply cannot carry the strong security needed to keep cardholder details secret.
Once criminals found out how easy it was to make copies, fraud grew rapidly and according to
European Card Review magazine now costs the EU alone over 3.5 million a day.
But the limited security does more than leave private information vulnerable. It also means magnetic
stripe cards have little scope for more than one or two simple financial applications on a single card.
Against this background the smart card is revolutionary. The smart card works by storing information
securely for use during a transaction and by performing checks and processes using its internal
microprocessor. Very much larger memory capacity enables it to hold multiple applications for
example an anchor debit card application, plus a number of others which do not have to be financial.
Early movers in the market have shown that smart cards reduce losses due to fraud while generating
new revenues and differentiation.
The move to smart cards is not a free-for-all. The major card associations have collaborated
to develop the EMV (Europay, MasterCard, Visa) standard, a mechanism by which the payments
industry is seeking to ensure that cards, terminals and other systems will successfully interact,
for debit and credit applications at least, wherever they are in the world.
The EMV specifications describe core attributes including physical and electrical characteristics, how
data and functions on the card are to be accessed, and how card security is structured, but they leave
the detail of individual financial applications to card associations to define.
For all card Issuers, the question is not: should we migrate to smart cards, but: when should we
migrate to smart cards? This is because the major card associations are setting dates by which
regions around the world must have completed migration to EMV cards. Beyond these dates liability for
fraudulent transactions will lie with magnetic stripe card issuers or acquirers, if it can be shown that
the use of smart card technology would have prevented the fraud.
Issuers need to bear in mind that the date appropriate to their region is not the starting gun for
migration it is the date by which the whole of their card base and its supporting infrastructure should
be EMV compliant. Testing and any pilot scheme should be completed well before this date.
Typical schemes with three-year replacement cycles mean that cards issued in February 2002 will still
be in circulation past the European January 2005 deadline.
Given this effective count down to EMV, it is likely that there will be a rush as the date looms nearer,
squeezing the amount of time technology vendors can devote to each Issuer. Better service and more
comprehensive support may be available to the early adopters.
There are, anyway, compelling differentiation and fraud prevention reasons why all Issuers should
consider moving quickly. American Express found that new customers in the US and the UK were
attracted by promised extra security and the novelty value of EMV smart cards. Early adopter market
advantage is therefore a reality.
Also a reality is the certainty that the last card Issuers to migrate will inevitably be the concentrated
target of fraudsters as the strong security of EMV smart cards closes the window of opportunity
for crime.
4

Critical questions about EMV

What is the date of the EMV migration for my country or region set by the card
associations of which I am a member?
What level of testing period do I want to allow myself before going live with my EMV card
base/infrastructure?
Which vendors will I select to help facilitate my move to EMV?
When do I start migrating my card base to EMV cards, bearing in mind that the cards
I am issuing today might still be in circulation after the EMV migration date?
What extra business can I generate by achieving first mover advantage in my markets
by moving to smart cards?
Am I actually losing business by not moving more rapidly to smart cards?
Am I being targeted by fraudsters because competitors have already migrated?

Further information

EMVco

JCB

MasterCard

Visa

Card

ISSUER
Challenges

Card Issuer challenges

Overview
As a card Issuer, there are many challenges that need to be considered when moving to EMV.
A smart card must be programmed with an operating system (often called a mask) before it can be
loaded with applications, in much the same way as a PC needs Windows or Linux before it can run
applications and have any utility for users.
Then, when an application such as Visas VSDC (Visa Smart Debit Credit), MasterCards M/Chip or
JCBs J/Smart is loaded onto a smart card, together with unique data that personalises the
application to an authorised cardholder, the card can interact with payment terminals to perform
secure transactions.
One further major advantage is that smart cards can be securely up-dated or re-programmed in the
field. An Issuer can update risk management parameters contained within an EMV banking application
remotely during an on-line transaction at a terminal.
Some types of multi-application cards support the download of new applications and the deletion of old
ones remotely at dedicated terminals or over the Internet.
The winners in the move to smart cards are likely to be those Issuers who most successfully exploit
such flexibility to offer the most compelling proposition at the lowest cost.
The following Essential Issues section is further sub-divided into the following areas where readers
may need to make decisions:
Financial applications
Non-financial applications
Application security
Smart card selection
Upgrading the existing back office systems
Data preparation and card personalisation overview
Data preparation
Card personalisation

Essential Issues
Financial Applications
EMV credit/debit applications
The EMV specifications are a framework of basic risk reduction measures. Issuers have the freedom to
select the strength of the further security parameters they apply to smart cards and this has led to
the development of different EMV banking applications by the global card associations. These
applications cover everything needed to produce a card, including functionality, card association specific
features as well as EMV risk management.
JCB (J/Smart)
MasterCard (M/Chip)
Visa (VSDC)
All of these are EMV-Compliant, but use slightly different additional risk parameters to manage the risk
of off-line transactions.
Most card associations offer SDA (Static Data Authentication), DDA (Dynamic Data Authentication)
and CDA (Combined Dynamic Data Authentication) *card authentication mechanism within their
credit/debit application.

Domestic card brands

In addition to the global brands, local domestic cards are proliferating. Nominally independent of the
global brands, they are often required to work out-of-area so that they can be used by cardholders
travelling on business or leisure. Issuers therefore often form joint marketing and processing
relationships with the global brands, enabling cardholders to access cash via ATMs, and in some
instances to make purchases at merchant outlets when travelling. The most common schemes are
MasterCards Maestro and Cirrus and Visas Electron and Plus cards.

e-Purses
Electronic purses have been developed and deployed by a significant number of financial institutions,
but they have serious drawbacks. Lack of interoperability between schemes, poor geographical
coverage and the fact that most purses only support a single currency are three factors that
have limited adoption.
Some experts believe that the business case for e-Purse as a global scheme is unproven and that
we will see instead the emergence of niche, closed circuit and national e-Purse products.
The migration to EMV smart cards may create an environment in which e-Purse applications will work
and be readily accepted.
*See section on Application Security.

Critical questions about financial applications

What payment schemes do I want to support with my cards?
What are the standards and mandates of those schemes?
Do I want to support single or multiple applications or a mixture of both?
Do I want to offer my customers an electronic purse?
Are there any other legal issues specific to my country that I need to consider such as
data protection laws?

Further information

10

Thales e-Security

EMVco

American Express

JCB

CEPSco

MasterCard

Diners Club International

Visa

Discover Card

Proton

Non-financial applications
Multiple applications on a single Card
A multi-application smart card, in addition to providing debit or credit functionality, might also work
as a store chain loyalty card, a library card, a gymnasium membership card the possibilities are very
broad. Indeed, some industry commentators have suggested that there is no technical reason why a
single smart card should not securely carry all the personal information in the average persons wallet
including, in some countries, driving license and social entitlement details.
There is no doubt that the relative simplicity of a single application card provides the easiest and
fastest route to EMV issuing, with all the benefits of brand visibility, leadership and market penetration
that rapid deployment will generate for early adopters.
But it is unlikely to be as cost-effective as a multi-application card.
The more useful applications a single card holds, the more indispensable it becomes. The higher the
perceived value, the less likely the customer is to switch to an alternative card, even though it may
offer a lower interest rate. An Issuer that opens its card to applications from third-party providers
not only spreads card deployment and management costs but also generates further income streams
through its rental of card real-estate.
Small wonder that the overwhelming majority of industry experts expect multi-application cards
to eventually become dominant.
Over 50 companies, including all the major card associations, are now members of the GlobalPlatform
alliance that is working to establish standards for EMV multi-application smart cards and to promote
their deployment.

Online retail applications and Internet banking

Although the EMV specification was not designed with such applications in mind, the cryptographic keys
on a smart card are capable of generating what is effectively an electronic signature.
This means that the core application on a card, such as VSDC, M/Chip or J/Smart, could help secure
on-line retail transactions and help provide a secure logon for Internet banking, as well as card present
debit/credit functionality.

11

Critical questions about non-financial applications

My card will have an anchor financial application. But do I want it to carry other
applications such as a retail loyalty scheme?
Do I want the card to support Internet banking?
Will I create the additional applications in house, use third party developers, or accept
applications provided by partners?
How will I handle loading and deletion of third party applications for current and
replacement cards?

Further information

12

Catuity

Proton

Datacard

Welcome Realtime

Gemplus

Schlumberger

EMV application security

EMV specifications define a four-element framework for the security of credit/debit card
payment applications:
Card authentication The means by which a terminal can ascertain that a card is genuine.
(See section below on SDA, DDA and CDA).
Risk management parameters The card records all transactions and decides when pre-set
thresholds (cumulative or single transaction value) have been reached, so triggering an on-line
transaction.
Off-line PIN Smart cards are able to store data securely, offering the opportunity for PIN
verification to take place on the card itself. This saves the need to carry out a PIN-based
transaction on-line.
Online mutual authentication The means by which an Issuer can satisfy himself that
a transaction has genuinely come from a specific and authentic card as well as the card ensuring
that the approval/decline response has been sent by the authentic Issuer.
EMV does not specify the cryptographic algorithms and key management schemes to be used
for authenticating transactions. It does define an eight-byte data element called an Application
Cryptogram that is securely bound to the details of each transaction. The fact that different key
management methods and algorithms may be adopted is perfectly satisfactory since the cryptogram
is not an interoperability parameter, being handled only by the card itself and Issuers transaction
authorisation systems.
The card associations have defined for their members all the details not included in the EMV
specifications. In addition some other schemes have evolved for specific geographical areas.
An example is the UKIS scheme defined by APACS in the UK for smart cards.
EMV smart cards need around 50 data items to be created for loading onto the chip. Between
10% and 20% of these are produced using cryptographic processes implemented on a security
module such as the Thales P3CM. Secret values such as keys and PIN are also encrypted by the
module using a shared key to ensure their secure transmission to the personalisation system.
In addition to general security principles, there are also local legislative issues that can have a bearing
on card security. These include data protection laws, digital signature legislation and e-money legislation.

The choice of SDA, DDA or CDA in credit/debit applications

One of many decisions facing card Issuers is which of two alternative technologies to use when verifying
the authenticity of smart cards when used in a terminal.
Magnetic stripe cards carry a verification value (CVV) or card verification code (CVC) that can only
be checked during on-line transactions.
Smart cards, designed from the outset to support off-line as well as on-line transactions, use two
alternative techniques.
The simpler, and cheaper, of the two is SDA or Static Data Authentication. This is a process where the
same digital signature is used by the card to authenticate itself to a terminal each time a transaction
takes place.
The more complex option is DDA or Dynamic Data Authentication. It creates a unique digital signature
each time the card is used off-line rather than continually using the same one. This means that it is a
more secure technology. However, it is as much as 25% more expensive, because it requires a public
key co-processor on the card and more complex software.
13

Many Issuers remain confident in SDA for on-line use because its mutual authentification checking
process is very secure. However, if smart cards are being used predominantly off-line the extra
security provided by DDA in this environment will make it the authentification scheme of choice for
many Issuers.
A further method is also specified in the EMV 2000 specifications. Known as CDA or Combined
Dynamic Data Authentication, the card generates the application cryptogram and the dynamic
signature. By verifying the dynamic signature the terminal is able to determine that the application
signature was generated by a valid card.

Critical questions about application security

Do I want SDA or the extra security of DDA?
What EMV risk management parameters should I select and what values should they
be set to?
Will I use the off-line PIN functionality and what other, if any, Cardholder Verification
Methods should I support?
Is there legislation, such as data protection law, that might impact the security of my
applications?
How can I modify the off-line PIN after the card has been issued?
How can I modify the EMV parameters after the card has been issued?
How do I manage the information flows and business rules when I allow third party
applications to make use of my card real estate?

Further information

14

Thales e-Security

Aconite Solutions

EMVco

JCB

MasterCard

Visa

Schlumberger

Gemplus

Smart card selection

Proprietary card platforms
Manufacturers that have spent vast sums developing smart card technology quite sensibly wish to
maximise the return on their investment. One way they can do this is by making it advantageous for
Issuers to buy all their smart cards from a single source, rather than from two or more.
The cards may be cheaper, or perhaps offer distinctive functionality but unlike open platform cards
(see below) they are proprietary and therefore not capable of interoperating with cards from other
vendors, unless designed to a common specification.
Card price is primarily determined by the memory size (EEPROM or E2PROM) Multi application cards
require larger memory typically 16K or above EEPROM to store the additional information.
Proprietary, single application cards use less memory typically in the range 2-4K EEPROM
and are therefore cheaper.
There are over 20 vendors of smart cards globally. Most have single application as well as multiapplication platforms with memory capacities ranging from 2 to 64 Kbytes. Many offer data
preparation and card personalisation services to support their proprietary schemes.
It is not within the scope of this paper to provide an analysis of the differences between the proprietary
schemes. Readers wishing to explore them should contact card vendors for information.

Multi-application, open card platforms

As is the case with so many technologies, vendors and interest groups use many different and
contradictory definitions and terms to describe smart cards.
Safe positioning statements to make about an open smart card are that it:
Supports a wide variety of suppliers in both chips used and card software and applications
implemented
Supports standards-based application development and maintenance/support
Supports selectable levels of security
Facilitates partnership and co-developments with companies in the same and in other industries
Allows Issuers to experiment in finding and developing new value propositions
Has a declared development path that aims to protect existing investment.
Card buyers talking with multiple vendors will be offered a number of different multi-application
architectures including Java Card, GlobalPlatform and MULTOS.

Java Card
Java Card is not an operating system but a series of specifications, which defines how a Java Virtual
Machine can run on any vendors underlying operating system.
In most cases Java implementations are migrating toward support of the GlobalPlatform standards
and API described below.

15

GlobalPlatform Card
GlobalPlatform is a highly secure, open and comprehensive system architecture designed to enable fast
and easy development of globally interoperable smart card systems. The GlobalPlatform specifications
and companion documents are available royalty-free from www.globalplatform.org.
GlobalPlatform includes published Application Program Interfaces (APIs) and specifications that enable
any compliant card from any vendor to be issued, loaded with applications and managed in exactly the
same way. It also provides for the use of multiple card operating systems and allows the issuer to
retain total control of the card and its applications.

MULTOS Card
MULTOS is an open standard multi-application smart card operating system that has been developed by
the MAOSCO consortium. MAOSCO requires all MULTOS devices to have been independantly accredited
to the highest achievable levels of security assurance such as ITSEC E6 High. Hence MULTOS is
targeted at markets requiring high security such as finance, secure ID and other related applications.
The security of applications on a MULTOS card is provided by on-card firewalls that prevent memory
area intrusions, and a load/delete mechanism based on asymmetric cryptography which means card
issuers and application providers do not need to share secrets.
www.multos.com

Critical questions about smart card selection

Do I want a single or multi-application card?
Will I select a proprietary card supplied by one supplier, or choose an open platform
solution with cards from multiple vendors?
What memory size do I need on the card?
Will I apply segmentation to my card base and will I create a mix of proprietary EMV-cards
and Open Platform cards?

Further information
Card platforms
I

GlobalPlatform

MAOSCO (MULTOS)

Card suppliers

16

Austria Card

ID Data Systems

PPC Card Systems

Cardag

Incard

Schlumberger

DNP

Infineon

Setec

Fabrica Nacional

Iris Tech

Toppan

G&D

Novacard

Keycorp

Gemplus

Oberthur

Hitachi

Orga

Upgrading the existing back office systems

Magnetic stripe card issuance and management is supported by tried and tested legacy back
office systems.
One challenge for Issuers looking to migrate to EMV smart cards is how to provide similar automated
support facilities for the new card technology. Single application smart cards are significantly more
complex and therefore demanding of support systems than magnetic stripe cards.
This is one reason why upgrading or modifying existing support systems to handle smart cards
is thought by some experts to be not cost-effective.
Multi-application smart cards present back office support systems with an even more complex support
task. The route preferred by most Issuers, particularly those moving to multiple-application cards,
is therefore to concentrate smart card issuance and management support in a separate, dedicated
solution that interfaces to the legacy back office issuing and acquiring systems.
Such a solution is called a Smart Card Management System.

Smart card management systems

Smart Card Management Systems (SCMS) manage cards and applications throughout their entire life
cycle, before and after issue to customers. They enable the loading, blocking or deleting of applications
at any time, and make new card-based services instantly available via the Internet or private network.
Smart Card Management Systems also store details of every smart card issued, making the
replacement of lost or stolen cards both fast and simple. The same information can also be used
to create a comprehensive database of cardholders and their application preferences.
Some smart card management systems support the setting and changing of application parameters
during issuance and in the field, including EMV risk parameters.

17

Critical questions about upgrading back office systems

Do I want to support more then one different card type or card platform (like TIBC, Java,
Proprietary or Multos)
Do I want to set and dynamically update my EMV risk parameters?
Do I want a single application card, multiple application card or a mixture?
How do I ensure that my systems support my future strategies?
How can I interface between my issuance and acquiring systems?

Further information

18

ACI Worldwide

Cards etc.

Bell ID

Datacard

CardBASE Technologies

Proton

Card Tech Limited

Schlumberger

B
A

name
age
D.O.B

name
age
D.O.B

Address

Expires
Code
Sort

Address

Expires
Code
Sort

Data preparation and card personalisation overview

Data preparation is the process by which cardholders specific data and the complex cryptographic keys
needed for security are generated. It is the first of two steps toward readying a new card for issue.
The second is card personalisation. It includes the application of brand printing, magnetic stripe
encoding, security holograms and perhaps photographs, as well as the embossing and indenting of
typographical characters. Smart cards also require electronic personalisation. The already prepared
user data and cryptographic keys are securely loaded to the card, together with one or more
applications.
The smart card is now ready for issue.
Smart cards, with their much stronger security than magnetic stripe technology, require considerably
more data to be generated. Substantial changes to established processes are required and many
Issuers will take the opportunity for a complete re-evaluation of their data generation and
personalisation arrangements.

Three main business models

There are three main models for data preparation and the subsequent card personalisation.
The decision over which one is adopted is usually based on best practice security considerations
as well as cost:

Outsource data preparation and card personalisation to a bureau

The Issuer sends existing magnetic stripe records output from its host system to a bureau that carries
out the entire process from data and cryptographic key generation to card personalisation.
Additionally it is necessary for the issuer to work with the service bureau to describe the additional chip
data needed that describe EMV and application features to be implemented along with the risk
management parameter settings to best meet the requirements of the issuer.

Data preparation in house, card personalisation outsourced to a bureau

The Issuer processes existing magnetic stripe records output by their host system, generating data
and cryptographic keys in house. It then sends the resulting file containing all the traditional magnetic
stripe and additional chip data to a bureau where smart cards are personalised. In this model the bank
retains control of its own cryptographic master keys.
Data preparation in house, card personalisation in house
The Issuer processes existing magnetic stripe records output by their host system, creating the
cryptographic keys and extra data required for EMV cards. It then personalises smart cards using
a desktop personalisation machine or high volume personalisation system in house.

19

Critical questions about data preparation and card personalisation

Which model should I adopt for data preparation and card personalisation?
What tools and processes are available in the marketplace to assist,
if model 2 or 3 adopted?

Further information
See sections on Data Preparation and Card Personalisation.

20

D
C
B
A

name
age
D.O.B

ss

Addre

es
Expir
Code
Sort

Data preparation
Principal approaches to data preparation
Data preparation can be achieved with any of the three following methods:

D
C
B
A

name
age
D.O.B

ss

Addre

es
Expir
Code
Sort

Development of own host system

A route chosen by some Issuers is to develop the required data and key generation technology
in house. It is only an option for Issuers with particularly well-funded internal IT departments, and
it does have significant ongoing implications in terms of cost and pull on resources.
This is because data and key generation is a complex, specialist field and not one in which generalist IT
developers can rapidly gain expertise. There are many instances where internal development programs
have been started, then abandoned as the scale of the task became apparent and as costs rapidly
escalated. Another factor is constantly changing specifications that further absorb costly development
time and divert IT staff from core activities.

Outsource
Outsourcing data preparation to a bureau is therefore seen by some as a better alternative. However,
it too has its potential downside. Todays bureaus offer a highly secure solution with the very highest
integrity. However, central to best practice in security is that the number of people handling
cryptographic keys is kept to an absolute minimum, outsourcing introduces more people
into the production chain and therefore introduces more potential points of weakness or attack. It also
requires Issuers to cede responsibility for managing the extra risk, and therefore ultimately the integrity
of scheme security, to a third party.
In-house with EMV data preparation solution such as Thales P3
Many, perhaps most Issuers, have a fundamental aversion to anything less than 100% control over
security. They have always generated the data for much simpler magnetic stripe cards in-house and will
wish to continue to do so for smart cards. They do not see in-house development of a data generation
system as an option because of cost and drain on IT resources.
Their solution will be the purchase and in-house operation of a data preparation system such as the
Thales P3.
P3 integrates with host systems and card personalisation devices to generate EMV smart card data
and keys from existing magnetic stripe card files.
A further reason for keeping Data Preparation in house is that an Issuer does not tie himself to one
personalisation bureau.
Bureaux may offer services for both Data Preparation and Personalisation. A one-off cost is typically
charged for setting up the keys required for Data Preparation, with an additional per-card cost for the
Data Preparation itself. Personalisation is also usually charged in a similar way.
If Data Preparation and the associated key management is ceded to one bureau, and six months later
another bureau is able to offer lower cost cards or personalisation services, then the resultant key
management costs at the new bureau may negate the potential savings by switching supplier.
One more consideration is that if Data Preparation is moved from one bureau to another, the
fundamental security elements (cryptographic keys) have to be shared with yet another party. Security
best practice dictates that cryptographic keys are shared with as few parties as possible.

EMV parameters
The process of data preparation includes the setting of EMV parameters for risk management
purposes. These parameters offer the Issuer options to tailor risk management to batches of cards, or
if required sometimes even on a per-card basis. With a potentially confusing number or combinations
of parameters the card associations offer recommended sets of parameters for Issuers to adopt.
21

Tools may also be available from the card associations to automate the selection of these parameters.

Key management
Rigorous key management is essential for securing data preparation.
The system must be able to generate cryptographic keys, be able to receive cryptographic keys and
certificates from organisations such as Visa or MasterCard and also manage the keys during the
personalisation process.
Unlike magnetic stripe data, EMV smart card data contains potentially sensitive information, such as
keys derived from Issuer master keys. This means that every step in the process needs to be secured
using cryptographic hardware.
The five main areas of key management that a data preparation system must be able to handle are:
Key generation for each application.
Storage of the master key and transport keys
Key distribution to secure the personalisation process
Key update of the existing keys
Exchange of the public keys with scheme certification authorities (i.e. JCB, MasterCard and Visa)

Critical questions on data preparation

How do I want to do data preparation?

1) Change host system

2) Deploy P3-type solution
3) Outsource
Do I select a standard set of EMV parameters as recommended by my card association
or do I select my own?
Does my data preparation system provide all the key management functionality I require
and is it secure?
How do I manage my card products?
How do I handle large volumes of cards to be issued?
How do I manage the workflow?

Further information

22

Thales e-Security

Bell ID

Cryptomathic

Gemplus

UBIQ

Visa

Schlumberger

Card personalisation
Card personalisation can be a costly and complex business, depending on the size of customer
cardholder base and the number of different card products that an Issuer offers.
The larger Issuers historically have employed their own in-house card personalisation bureaus for the
production and issuance of cards. High card volumes help justify the expense of secure premises,
card personalisation systems and skilled staff.
There are three options when considering personalisation:

In house bureau
It is believed that the majority of cards will be issued from central in-house bureaus for the foreseeable
future. Smart card personalisation is slower than magnetic stripe personalisation, mainly due to the
vastly increased amount of data and cryptographic keys to be loaded onto each card. However,
personalisation equipment providers have developed solutions to this problem including systems that
program multiple cards simultaneously.

External bureaus
Most bureaus are also card manufacturers who realised that they were missing out by not providing
a much needed value-added service.
There are over 90 Visa/MasterCard certified card manufacturers worldwide, and the majority of these
also provide personalisation services. Most bureaus are regional, but there are global players including
Schlumberger, Gemplus, Oberthur & G&D.

Distributed or remote instant issuance

From a bank customer perspective, card issuance is a slow process. Most are resigned to the fact
that in even the quickest of systems many days elapse between the completion and submission of the
application form, and the arrival by separate post of the card and its PIN.
Instantaneous production of smart cards, at the point of application, will become an important
marketing tool for Issuers in the near future. It is already a feature of magnetic stripe card products
in some countries.
In regions with good telecommunications, remote sites will be able to communicate in real time with
the centralised host system for the generation of card data. If telecommunications are bad, Issuers will
have to adopt a distributed issuance model, where details are stored and forwarded to a central
system later.

Post-personalisation
Multi-application smart cards can be re-programmed in the field. New applications can be loaded and
old ones removed when the cards are used at compliant terminals.
Called post-personalisation, this powerful feature gives card Issuers the unique ability to provide a card
product that better supports the lifestyle of their customers, promoting usage and providing
cardholders with greater benefit and perceived value.
In order to support this business model, Issuers need to deploy infrastructure (such as a Smart Card
Management System) that allows the generation and delivery of secure personalisation data, in the
correct format for the target card, to remote devices in a real time mode.

23

Physical and cryptographic security considerations

The card stock has to be physically protected during the production and personalisation stages. From
the production process perspective, security controls have to be implemented once the white plastic
has had the Issuer and card association logos, brands and holograms applied. This includes physical
protection of premises as well as management control and procedures. The stringent physical security
controls aim to stop printed unpersonalised cards from finding their way into the wrong hands where
they could conceivably be used fraudulently, causing harm to the Issuer and Association brands.
It is standard practice for the international card associations to annually audit all facilities that produce
association branded cards.
There are major differences between the cryptographic security arrangements on magnetic stripe
bankcards and those on smart cards.
Magnetic stripe card production involves the generation of two cryptographic elements:
Card Verification Value/Code I (stored on magnetic stripe)
Card Verification Value/Code II (printed on reverse of the card)
This is typically carried out by the Issuer using a suitable hardware security module during the
production of card data. The values are then included into the card record, and the batch file
subsequently used for personalisation.
Once the data is produced, there is no meaningful value to be gained from these data elements,
as they are cryptograms. Therefore, there is no requirement to protect the individual data elements
being transferred from the Issuer host to the personalisation system. However, it should be recognised
that most Issuers still protect the batch file during transmission to the personalisation machine.
Smart card production is a fundamentally secure process, featuring a final round of cryptographic
processing before applications, Issuer and cardholder data are loaded onto a smart card. Card data
arrives at the personalisation system encrypted and with an associated message authentication code.
Blank cards are also cryptographically locked at the initialisation stage following manufacture, and can
only accept data following presentation of the correct so-called transport key.

EMV Card Personalisation Specification

A Card Personalisation device needs to understand the chip on the card that it is about to personalise.
Previously there was no standardisation in this area and personalisation systems would have to work
with many different card vendor-specific approaches to be able to personalise a range of cards.
A new initiative, driven by some of the major card associations and now approved by EMVco is called
EMV Card Personalisation Specification (CPS) method
Previously the standard personalisation methods were Common Personalisation and then Incard CPS.
The one common industry personalisation standard today is EMV CPS, which addresses both Data
Preparation and Personalisation.
First the Data Preparation software needs to be able to output a file or record according to the
EMV CPS method.
Secondly, the Personalisation system software, usually running on a PC next to the personalisation
machine, must be able to personalise the card according to this specification.
EMV CPS provides a common standard for personalisation and will lead to lower cost implementations
as suppliers of Personalisation software will be able to support a single standard rather than multiple
specifications from multiple vendors.

24

An Issuer should check with their card vendor to see if the card they are considering supports this
important new industry standard.

Critical questions on card personalisation

Where do I want to personalise my cards?

1) In house bureau?
2) Outsource to a 3rd party bureau?
3) Instant issuance at a branch level?
Do I want to consider post personalisation of new applications to my cards?
How do I manage the workflow?

Further information
Personalisation machine suppliers

Personalisation bureau services

Atlantic Zeiser

Gemplus

CIM

G&D

Datacard

Oberthur

Datacard Gilles Leroux

Schlumberger

Fargo

FDR

Logika

TSYS

Mattica

Personalisation software suppliers

Mhlbauer

Thales e-Security

NBS

Datacard

Orga

Ubiq

Schlumberger

Gemplus

25

26

Acquiring

and Terminal

NETWORK
Challenges

27

Acquiring and Terminal

Network Challenges
Overview
Despite only being concerned with the process flow between terminal and smart card, the EMV
specification has implications for retail bank host systems, and for ATM and EFTPoS systems.

Issuer Transaction Processing and Host Systems

Hosts may need to be upgraded to process on-line or batch transactions from devices using message
protocols enhanced from their magnetic-stripe equivalents. Network interfaces will need enhancing to
transmit EMV data when transactions are switched out to Issuer banks for authorisation. And on-line
authorisation capabilities will also require upgrading.
With on-line EMV transactions, Issuers may be required to receive extra chip-related data in the on-line
message and reply to the Acquirer, and therefore to the device, with additional response data. This
includes authentication using the authorisation request cryptogram (ARQC) and authorisation response
cryptogram (ARPC) in a process known as on-line mutual authentication (OMA). The Issuers host
needs to be enhanced to provide this processing, which it does in conjunction with the host security
module and secret keys encrypted ultimately by local master keys maintained by the HSM.
EMV allows Issuers to use scripts to modify data elements such as the PIN or risk parameters on a
smart card during on-line transactions. Since this is a sensitive process, these scripts must be
secured with the use of cryptography, again involving the use of an HSM. As scripts are now being
generated by the on-line host processor, this demands much closer integration with card management
systems than is the case with magnetic stripe cards.
Where banks are both Issuers and Acquirers, all of the changes described here are applicable.

Interchanges
There are multiple interchanges (or switches) operating in most countries, with the most well known
being the international interchanges operated by Visa and MasterCard. They act as network hubs,
routing on-line authorisations from the Acquirer (acceptor) of a transaction to the Issuer for
authorisation.
To correctly route EMV transactions, interchanges like host systems will need to handle the
enhanced inter-bank transaction protocols required by smart cards.

Settlement
Currently most Acquirers and Issuers settle regularly with an interchange. This is normally
done through an exchange of batch files (for example Visa Base2) between the interchange and
its member banks. EMV impacts this process by adding chip-related data to the transaction records
within these files.

28

Critical questions about Issuer Transaction Processing and Host Systems

Do I want to be able to change EMV parameters on already-issued cards (for example
increasing the cards transaction value limit)?
Has my interchange or switch been enhanced to accept EMV related data?
Has my settlement process been enhanced to accept EMV related data?
Is my infrastructure capable of blocking cards and applications if needed?
Have I upgraded my host system to accept OMA (Online Mutual Authentication,
ARQC/ARPC)?
Will my host system cope with the volume of extra data associated with EMV?
Will I need to support the generation of Issuer scripts and, if so, has my host been
upgraded to do this?

Further information
Transaction Processing

ACI Worldwide

Aconite Solutions

Card Tech Limited

E-Funds

IFS

Logika

Mosaic Software

Nomad

S2Systems

Thales e-Security

Transaction authorisation
and Terminal Acquiring

ACI

Aconite Solutions

Card Tech Limited

CR2

IBM

Mosaic Software

Nomad

Oasis

Schlumberger

Type approval

EMVco

MasterCard

Visa

JCB

29

ATM/EFTPoS networks
The change from magnetic stripe to smart cards will not happen overnight. Magnetic stripe cards will
be in use for many years to come. During the transition, terminals, payment networks and host
systems must support both types of card.

Type approval
For a terminal to be legitimately used for accepting EMV transactions it must have first been certified
(type approved) by a body appointed by the card schemes. EMVCo has worldwide responsibility for EMV
terminal type approval, but the testing itself is subcontracted to qualified test laboratories.
Certification testing is at two levels: Level 1 concerns mainly terminal hardware. It verifies
communications with the chip card and checks for correct electro-mechanical interaction.
Level 2 concerns mainly terminal software and ensures compliance with EMV specifications for
transaction flow and card/terminal interaction.
Any terminal used by banks for acquiring EMV transactions must be approved for both level 1 and
level 2. Terminal hardware and software may legitimately be from different vendors, independently type
approved by those vendors, respectively.

Terminals
The majority of ATM and EFTPoS terminals in current use only perform magnetic-stripe based
transactions, even though some support smart card functions but would require a software upgrade.
Others support smart cards, but typically older versions of the EMV specification. They will also
need upgrading.
A small number of ATM networks have been performing chip-based transactions for some years. Use
of the magnetic stripe is still anticipated although in the future it will mainly be used to establish the
correct orientation for the card, except of course for magnetic stripe transactions when a non-chip
card is used.
ATMs typically need a substantial software upgrade to cope with EMV cards. Many of the leading ATM
manufacturers have already released type approved software but to date there are few deployments.
The slow take-up is partly due to such software only recently becoming available, and partly due to the
enhancements needed at host systems to accommodate the new application protocols.
Hardware upgrades are also required on some ATMs. The size of the upgrade is very dependent on
the particular style of ATM but varies from a simple change to the card reader to a full upgrade of the
ATM Processor.
For stand-alone dial-up EFTPoS terminals already incorporating chip card readers, EMV acceptance
is simply a matter of upgrading the resident software application. Such terminals are usually owned
by Acquirer banks or processors, making upgrades the responsibility of those organisations and not
the retailer.
Such a software upgrade can often be made remotely over the terminal network. However, this will
also require an enhanced transaction protocol between terminal and host, necessitating an upgrade at
the host also. As the protocols involved tend to be simpler than those used with ATMs, such host
enhancements are not normally a major obstacle to EFTPoS smart card acceptance.
Those stand-alone EFTPoS terminals that do not currently accept smart cards require either a
hardware upgrade or replacement. The upgrade route may seem the most cost effective but the
owner must be aware that there are performance considerations to be taken into account. For
example an old generation product that has been upgraded may result in lengthy chip transaction times
due to increased processing requirements. This will only get worse in the future with the introduction
of longer keys for increased security.
30

Consequently, the short term cost advantages of hardware upgrades must be balanced against the
impact on customer satisfaction (longer waiting times at the checkout). The ideal solution is to replace
the entire estate with the latest generation products but this can be costly. For those markets that are
migrating to PIN customer verification (such as the UK) the situation is even more complex. Upgrades
will have to consider not only chip but also PIN acceptance.
The situation is complicated somewhat by a second category of retail EFTPoS terminal. Many large
multi-lane retailers like supermarkets and department stores use integrated EPoS devices that combine
payment and checkout functionality. Upgrades will require significant programming effort to integrate
the software applications that handle bar code scanning, inventory and other functions with the EMV
payment transaction process.
As these devices are owned by retailers themselves, upgrades (and in the UK, off-line PIN also) will be
their responsibility. In general, however, retailers are viewing the shift to EMV positively. There will, for
example, be simpler point-of-sale procedures with less reliance on paper signatures, reduced potential
for fraud, faster checkout times, higher floor limits, and more scope for unattended terminals through
the use of offline PIN.

Critical questions about ATM/EFTPoS networks

Have I upgraded my ATM/EFTPoS network to physically accept EMV cards?
Have I upgraded my ATM/EFTPoS terminal software to accept EMV cards?
Have I selected terminal and hardware that has already been appropriately type approved?
Have retailers in my markets agreed to update retailer owned EFTPoS terminals?
Have the retail outlets in my region been educated about EMV?
Has my ATM/EFTPoS management system been upgraded for EMV?
Have I taken into account the testing and approval process of EMV ATM/EFTPoS
terminals in my implementation plan?
Is my implementation future proof i.e. processor speed, memory and will terminals
handle multiple applications in the future?
Do I replace or upgrade my ATM/EFTPoS network?
How long will it take to upgrade my ATM/EFTPoS network?
What training will I perform/recommend for retailers?
What do I do with my old terminals?

Further information

ACI

Mosaic Software

Aconite Solutions

NCR

Card Tech Limited

Thales e-Transactions

Ingenico

Verifone
31

Appendix 1
Contributors to this document
THALES

ACI

Thales, one of the globes leading suppliers of integrated security solutions, addresses the business
security needs of corporates and governments alike, protecting transactions, networks, identification
documents and sensitive sites. Thales security capability extends to security and payment technology
for financial transactions, networks and e-commerce. An acknowledged expert in smart card
technology and applications, Thales is a European leader in security critical electronic payments,
integrated Electronic Fund Transfer (EFT), e-purse payment and secured keyboards, as well as being
the UKs leading supplier of electronic card payment terminals.

www.aciworldwide.com
ACI has been a leading company for more than 25 years with a worldwide presence in more than
80 countries focussing on payment engines for the financial industry and smart card management
systems. Amongst ACIs more than 2000 customers are the leading financial institutes. ACIs Smart
Card Division is based in Gouda, the Netherlands. It develops and delivers products to handle the
complete issuance, life-cycle management and workflow management for smart cards of any type
of card and purpose.
ACI views EMV migration as of prime strategic importance. Its wide ranging product suite (ACI Smart
Chip Manager, Base24) covering both the issuing and acquiring side of the business has already helped
over 50 banks to migrate to EMV. ACIs expertise in the EMV arena has been a key factor in successful
migration projects.
ACI Smart Chip Manager is deployed in the financial industry, health care, public transport, ID and
Government. Implementations range from small-scale single-application pilots to large-scale rollouts
of leading-edge multi-application schemes containing many millions of cards.
Banks aiming for the simplest form of EMV migration already reap the benefits of ACI Smart Chip
Manager. Legacy systems can be seamlessly integrated into the new chip-processes without the need
for extensive re-engineering. Any mix of card and chip types can be supported.
One of the strong features of EMV is the ability of parameter management. ACI Smart Chip manager
allows this capability as an additional module. It interfaces to ACIs acquiring systems or third party
payment engines and terminal management systems.
Its a challenge for most issuers to finally migrate to a full multi-application smart card scheme. ACI
Smart Chip Manager can easily be extended to full multi-app including additional post-issuing functionality.

ACONITE

www.aconite.net
Aconite is a business IT consultancy and software solutions provider with specialist expertise in smart
card systems, EMV, Security and e-Trust.
Aconite invests in solutions which address EMV migration, smart card systems management, business
IT and trusted computing.
Established in 2000, Aconite has expanded at pace, gathering a dynamic team with unique experience
in their respective fields. Aconite recruits experienced professionals with a combination of technical
skills and business acumen to apply technology effectively.
Working alongside leading financial institutions and retailers, Aconites client list includes Royal Bank of
Scotland, Standard Chartered Bank, Coutts & Co, Visa, LINK and Marks & Spencer.

32

Flexible, pragmatic and committed, Aconite provides clients with applied consultancy, inventive
technology and business understanding. Delivering focused assistance in strategic, technical and
operational areas, Aconite is a dependable partner for clients seeking to exploit innovative approaches
to complex business issues.

APSCA

www.apsca.org
The Asia Pacific Smart Card Association (APSCA) is a non-profit, independent association for
organisations in the smart card industry in the Asia Pacific region. APSCA is the only professional
association for smart cards covering the Asia Pacific and has over 60 members in Hong Kong, China,
Taiwan, Japan, Korea, Singapore, Malaysia and Thailand. The Association delivers information,
consultancy, guidance and networking to corporations and government organisations, including smart
card scheme operators and suppliers, providing an unparalleled opportunity to solve problems, facilitate
smart card initiatives and generate increased business development. Apart from organising more than
50 events, seminars, trainings and conferences covering all aspects of smart cards, APSCA has
assisted government smart card projects, national card payment policies and initiated real business for
APSCA members.

ATMEL

www.atmel.com
Atmel Corporation is a world-wide leader in design manufacturing and marketing of advanced
semiconductors, including logic, non-volatile memory and mixed signal and RF integrated circuits.
Atmel is also a pre-eminent provider of system level integrated solutions, enabling customers to lead
the markets they serve with electronic products that are smaller, smarter, less expensive and more
versatile than ever.
Atmel is a multi-national company employing over 7,550 people with world-wide revenues, balanced
between North America, Europe and Asia with significant development and manufacturing in each
region. Its headquarters are located in San Jose, California, USA.
It should be noted that Atmel is a semiconductor company only, providing Smart Card ICs in wafer form
or packaged in modules for the Smart Card and Security related markets. It is neither a vendor of
cards nor software integrated solutions. It partners with the worlds leading card vendors and system
integrators to support many of the leading Smart Card solutions in high volume production today
requiring secure microcontroller ICs for Payment, Mobile Communications, Health, ID, Pay TV and
e-Security markets.

BELL ID

www.bellid.com
Bell ID, a subsidiary of London-based Bell Group plc, has developed ANDiS, its open software platform
providing a complete spectrum of turnkey products and services for single and multi-application smart
card management schemes. In major Smart Card, Biometrics, and Public Key Infrastructure (PKI)
projects, Bell ID operates both as a main contractor and/or as a technology and software platform
provider. Bell ID operates from several main segments e.g. Finance, Government, Blue Chip, Education
and Telecom.
Bell ID is a client-focused company maintaining tight relationships with key accounts. Clients are
provided with superior quality, service, training and support around the globe. Furthermore, Bell ID
pursues and maintains strategic partnerships with clients and suppliers. All projects are carried out by
highly motivated, autonomous, teams with strong perseverance.
In order to guarantee interoperability and independency of the ANDiS software suite, Bell ID actively
contributes to the development of industrial standards and strives to comply with all common
standards relating to smart cards, tokens, PKI, biometrics, electronic purse, and debit/credit.
33

Bell IDs headquarters is located in Rotterdam, The Netherlands, providing support to client sites within
the Benelux. Sister company Bell Security with offices in London, Belfast, Dublin, Edinburgh, Glasgow,
Stockholm, Zurich, Eindhoven, Hong Kong, Melbourne and Paris provide local services, whereas sales
and delivery of turnkey solutions is coordinated from the office in Rotterdam.
Full global and around-the-clock support for the ANDiS product suite is provided from Rotterdam and is
enhanced through sales partnerships with a number of major companies. Sales Partners are trained in
all aspects of the ANDiS software and utilise their worldwide presence to provide installation, service
and maintenance of the ANDiS platform.

CardBASE
Technologies

www.cardbase.com
CardBASE Technologies is an independent software company offering smart card management and
smart card payment solutions. CardBASE offers MASCOT, a multi-application smart card management
solution and ChipPURSE, a complete CEPS Purse suite of software comprising Issuer and Acquirer
modules in order to help banks leverage the most benefit from the migration to smart cards and
ensure compliance with the EMV mandates laid down by the large payment organisations.
MASCOT, from CardBASE, is a multi-application smart card management solution. MASCOT enables
issuers to manage magnetic stripe cards, smart cards and multi-application cards on the same system
enabling issuers to adopt a phased yet comprehensive approach to EMV migration.
While MASCOT offers support for EMV and CEPS Purse it also supports non-payment applications
including Certificate Authorities to issue Digital Certificates and Loyalty solutions with the aim of
supporting the current and future needs of card issuers.
MASCOT is a Global Platform compliant solution and the product features include; Cardholder
Management, Card & Application Lifecycle Management along with Post Issuance support for
application downloads and application updates.

CARD TECH
LIMITED

www.ctl.com
Since its inception in 1989, CTL has become a market-leading provider of software solutions to the
payments industry. We pride ourselves in delivering the highest quality products and services on time
and to an agreed budget; we back up every installation with the very best support service, 24 hours a
day, seven days a week. Today, more than 150 clients, including some of the worlds largest banks,
use our systems in over 60 countries worldwide.
CTL builds software on an open platform, providing you with complete, yet modular solutions for any
card programmes you choose. One of the great advantages of our software designs is their flexibility:
they integrate with existing systems and can be quickly and cost-effectively adapted to take advantage
of the ever-increasing opportunities available to you in our fast-moving industry.
Payment card technologies are the foundation of our expertise. CTL systems support a wide variety of
magnetic stripe, chip and proxy card programmes with highly sophisticated functionality. They have also
been adapted to create the Web tools you need for a safe, profitable entrance into the e-business
arena. We invest heavily in research and development to ensure that our future proof systems remain
at the cutting edge of technology and secure your long-term investment in payments systems.
CTL guarantees compliance with the mandatory regulations of the payment associations American
Express, Diners Club, JCB, MasterCard and Visa.

34

CRYPTOMATHIC

www.cryptomathic.com
Cryptomathic is one of the worlds leading providers of e-Security, specialising in commercial
cryptography. Cryptomathic offers products and solutions, including systems for home banking, smart
card issuing and key management.
CardInk is a data preparation system for issuing multi-application smart cards. It uses Common
Personalization and integrates into the GlobalPlatform framework and supports VISA and
MasterCard applications.

DATACARD

www.datacard.com
Datacard provides customers in more than 200 countries with the systems, software, and consultative
expertise they need to launch and maintain profitable card programs. The company helped transform
the world for consumers and card issuers more than 30 years ago by enabling secure, high-volume
issuance of magnetic stripe-based financial cards. Today, more than 90% of the worlds financial
cardsand the majority of plastic cards used for other applicationsare personalised with Datacard
brand systems and software. Many of the worlds leading financial institutions and consumer marketers
plan to issue single & multi-application smart cards, and Datacards smart card infrastructure will be
used to personalise, distribute and manage a vast majority of these cards. Through industry
associations such as Global Platform and the Smart Card Alliance, Datacard is also helping to define
and then implement open standards and interfaces needed to issue cards and manage the data
needed within a comprehensive smart card issuance program. Datacard is a privately held company
owned by the Quandt Family of Bad Homburg, Germany. Datacard is headquartered in Minnetonka,
MN, with a sales and service network of direct sales organisations, dealers, distributors and value
added resellers in over 120 countries. Additionally, worldwide operations include software development
centres in the U.S., U.K., India and Japan. The company employs more than 1,600 people worldwide
and generates annual revenues of more than $300 million.

GEMPLUS

www.gemplus.com
Gemplus helps its clients offer an exceptional range of portable, personalised solutions that bring
security and convenience to peoples lives. These include mobile Internet access, inter-operable banking
facilities, e-commerce and a wealth of other applications.
Gemplus is the only completely dedicated, truly global player in the Smart Card industry, with the
largest R&D team, unrivalled experience, and an outstanding track record of technological innovation.
Gemplus offer in EMV: EMV Prime A suite of solutions guiding banks on the optimal path
to migration.
Whatever your EMV migration requirements, you will find that Gemplus has a solution that fits and
a team of experts to help manage your project. EMV Prime was built on three years of experience
in EMV migration and with assistance and feedback from clients all around the world. EMV Prime
covers migration planning, development, piloting and all stages of deployment. The EMV Prime modules
can be tailored to suit the needs of any client, whilst dedicated project management teams work with
you to ensure that EMV Prime lives up to its reputation.
Gemplus trades its shares on Euronext Paris S.A. First Market and on the NASDAQ Stock Market(tm)
as GEMP in the form of ADSs.

35

G&D
GIESECKE &
DEVRIENT

www.gdai.com
More than 30 years experience in smart security for payment cards have made G&D a leading
supplier of electronic payment cards. In 6 years only, 100 million banking cards have been issued using
smart card software developed by G&D.
G&D is an accredited technology partner of all major international payment organisations, such
as Europay International, MasterCard International, Visa International, Proton World and Discover.
With our technological edge in the development of chip card operating systems and applications,
G&D has successfully migrated from a manufacturer of high quality magnetic stripe cards
to a leading technology supplier of microprocessor and crypto processor cards.
G&D is represented on all important international standardisation committees, i.e. MAOSCO
Consortium, Eurosmart, ETSI SMG 9, JavaCard Forum, Peoples Bank of China Technical Subgroup,
ISO/IEC, Smart Card Forum, Global Chip Card Alliance, Global Platform Group.
Giesecke & Devrient (G&D) is an international technology group with 150 years of tradition. Founded
in 1852, G&D first specialised in banknote printing and security paper manufacture, later adding
currency automation systems to its product portfolio. Today, G&D is also a technology leader in the
fields of smart cards and system solutions for telecommunications, electronic payments,
transportation, health, ID, loyalty, pay-TV, multimedia and Internet security (Public Key Infrastructure).
The Giesecke & Devrient Group, headquartered in Munich, operates subsidiaries and joint ventures
all over the world. G&D employs around 7,000 people worldwide and generated a revenue
of 1.12 billion in fiscal 2001.

GLOBAL
PLATFORM

www.globalplatform.org
GlobalPlatform is the only cross-industry forum focused on the development, management and
promotion of specifications for multiple application smart cards, smart card applications, and enabling
devices. With support from its global Member organisations, GlobalPlatform promotes a standard
framework facilitating the implementation of smart card programs in any industry around the world.
GlobalPlatform allows flexibility in the choice of technologies and vendors through an emphasis on open
standards for cards, terminals and support infrastructure. GlobalPlatforms card, terminal and systems
specifications are the first open standards adopted by GlobalPlatform and will provide a solid foundation
from which the organisation will define the future of multiple application smart cards.
GlobalPlatform totals fifty-six Members from across Europe, USA, Canada, Australia, Japan and Korea,
including issuers, manufacturers, and vendors of multiple application smart cards, such as American
Express, Hitachi, MasterCard International, JCB, NTT Corporation, Proton World, Schlumberger,
Sun Microsystems, Thales, The Bank of Nova Scotia and Visa International, as well as several
government bodies.

HITACHI

About Hitachi Europe Ltd.:

www.hitachi-eu.com/semiconductors
Hitachi Europe Ltd., is a wholly owned subsidiary of Hitachi, Ltd. Japan. It has operations throughout
EMEA which provide sales, marketing, technical support and research and development. Hitachis
semiconductor and display products are key components in the fields of smart cards, communications,
automotive, consumer, industrial, displays and system LSI. They include the SuperH RISC
microprocessors, the H8 microcontroller family, smart card controllers, TFT displays, memories (Flash
and SRAM), transistors and diodes, and network products. For reader enquiries or more information
on the products and services offered in Europe by Hitachi Semiconductor, please visit the Web site.

36

About Hitachi
www. global.hitachi.com.
Hitachi, Ltd., headquartered in Tokyo, Japan, is a leading global electronics company, with
approximately 320,000 employees worldwide. Fiscal 2001 (ended March 31, 2002) consolidated
sales totalled 7,994 billion yen ($60.1 billion). The company offers a wide range of systems, products
and services in market sectors, including information systems, electronic devices, power and industrial
systems, consumer products, materials and financial services. For more information on Hitachi, please
visit the companys Web site.

JCB

www.jcbinternational.com
JCB is one of the international payment brands, such as Visa and MasterCard, and is also the
largest card Issuer and acquirer by itself in Japan. JCB launched its card business in 1961 and began
expanding overseas in 1981. Its merchant network includes 9.78 million merchants and spans
189 countries and territories, and serves 42 million card members worldwide. As part of its
international growth strategy, JCB has formed alliances with more than 320 leading banks and
financial institutions globally to increase merchant coverage. JCB has started the full-scale issuance
of smart cards in Japan from Dec. 2001, with J/Smart EMV application loaded, and has also been
very active in the smart card migration in the markets outside of Japan. For further information,
please visit the JCB International website.

LogicaCMG

www.logicacmg.com
LogicaCMG is a global solutions company providing management and IT consultancy, systems
integration and outsourcing services. With additional expertise in wireless technology, the company
supports clients across diverse markets including telecoms, financial services, energy and utilities,
industry, distribution and transport and the public sector. Formed in December 2002 through the
merger of Logica and CMG the company has offices in 34 countries and over 60 years of combined
experience in the IT services arena. LogicaCMG is the number two European quoted IT services
company and is listed on both the London and Amsterdam stock exchanges.
LogicaCMG has been at the forefront of providing EMV compliant open systems for a number of years.
With our knowledge of the third party product suppliers, we are able to offer consultancy, and provide
either full end-to-end card processing capability, or individual component solutions for the physical and
virtual payments world. Our solutions range from fault-tolerant systems, through high availability UNIX
configurations, to the latest Windows NT/2000 systems. Specific focus is placed on modern open
transaction systems, smart card solutions, EMV compliance and international operator-independent
mobile & card fraud alerting solutions and services.
LogicaCMGs vision for the next generation of card systems covers:
Core application components for Card Issuing, Card Transaction Acquiring, Merchant Management,
Transaction Switching, Smart Card Management, Settlement, Clearing;
Customer services and business process workflow, addressing issues and opportunities around the
richer functional and technological features of these systems;
Platform technologies, focusing on emerging interoperable and open corporate standards.
LogicaCMG already has a track record in implementing proven open systems that have similar reliability
levels to the legacy high availability systems, but with significantly improved cost of ownership and time
to market. An even more complex and critical issue is an appropriate migration strategy for replacing a
legacy system with a new, open variant. The migration strategy is the central part of the vision to
ensure that risk is contained, whilst ensuring that return of investment criteria are being achieved.
37

MOSAIC

www.mosaicsoftware.com
Mosaic Software develops leading-edge software solutions in the consumer transaction space.
The Mosaic Software offices in the USA, UK, Australia and South Africa support clients that include
financial institutions, retailers, telecommunications operators, transaction processors, Internet service
providers, card issuers and data processing service providers.
Mosaic Softwares product, Postilion, is a scalable, modular system designed to deliver consumergenerated transactions at every level of an EFT network. Postilion is currently installed in more than
30 countries, where it is used for ATM driving and monitoring, EFT switching and routing, EFTPoS
credit/debit card transaction processing, Internet/call centre payment authorisations and mobile
commerce applications. Postilion reduces transaction processing costs, improves analytical capabilities
of customer transactions and increases overall transactional revenues. Postilion is fully EMV compliant
and can support EMV migration with two specific solutions:
Postilion EMV Gateway is a low-cost, fast track solution for EMV smart card compliance. Both
Acquirers and issuers can achieve EMV compliance for online transaction processing by front-ending
their incumbent systems with the Postilion EMV Gateway. Magnetic stripe transactions are processed
by the existing system infrastructure while EMV transactions are routed directly from the Postilion
EMV Gateway, avoiding the need to upgrade the incumbent system to support EMV data fields.
Postilion for Chip and PIN offers multi-lane retailers a means to rapidly support EMV chip cards and
secure PIN processing at the point of sale. Further benefits are the ability to offer sophisticated
EFT services at the till such as staff discount and loyalty programmes; authorisation of transactions
at the till even when store systems are down; a faster settlement cycle and reports to meet all
store requirements.
Mosaic Softwares major partners include Thales, Stratus Technologies, Retail Decisions, MasterCard,
SmartTrust, Diebold, and NCR. Well-known companies such as 7-Eleven, Marks & Spencer, E*Trade, Bank
Leumi, TNS, ABSA, Retail Decisions, American Express and Cell-C are clients. The company is backed by
GE Equity and Comparex and is a selected technology provider to multiple GE Capital businesses.

MULTOS

www.multos.com
MULTOS is an open standard multi-application smart card operating system that has been developed by
the MAOSCO consortium. MAOSCO requires all MULTOS devices to have been independantly accredited
to the highest achievable levels of security assurance such as ITSEC E6 High. Hence MULTOS is
targeted at markets requiring high security such as finance, secure ID and other related applications.
The security of applications on a MULTOS card is provided by on-card firewalls that prevent memory
area intrusions, and a load/delete mechanism based on asymmetric cryptography which means card
issuers and application providers do not need to share secrets.

NCR

www.ncr.com
As the worlds leading ATM manufacturer, NCR has deployed self-service EMV solutions across Europe,
Asia Pacific and the Americas.
NCR Corporation (NYSE: NCR) is a leading global technology company helping businesses build
stronger relationships with their customers. NCRs ATMs, retail systems, Teradata data warehouses
and IT services provide Relationship TechnologyTM solutions that maximise the value of customer
interactions. Based in Dayton, Ohio, NCR employs 30,400 people worldwide.

38

NOMAD
SOFTWARE

www.nomadsoft.com
NOMAD Software supplies card payment solutions based around its NOMAD CORTEX product set.
NOMADs customers are innovative new generation banks who want to build strong and profitable
relationships with all their customers, be they private clients, merchants or businesses.
Flexibility, performance, reliability, availability and scalability are all at the heart of a NOMAD solution.
NOMAD CORTEX benefits from a well architectured 3-tier structure, which embraces the Internet and
smart card. Established requirements in areas such as Card Management, Authorisation,Switching and
Terminal Management are all available off-the-shelf, while the very latest business requirements can be
satisfied using ready-made components.

NORTON
CONSULTANCY
LIMITED

www.norton-consultancy.com
Norton Consultancy Limited is a provider of business and technical consultancy and training on the
implementation of EMV chip cards.
Norton Consultancy Limited has worked with many of the major high street UK Banks and third party
processors providing hands-on assistance with the implementation of chip cards. Norton Consultancy
Limited has experience with the full end-to-end EMV chip card implementation:
Establishing a suitable Project Team Structure
Defining Chip Business Requirements
Defining Chip System Design
Defining and Implementing Chip Keys
Upgrading Card Bureau to Support Chip
Interpretation of chip specifications (EMV, VIS, M/Chip Lite & M/Chip Select)
Defining chip MI requirements
Chip Testing
Delivery of Customised Training
Norton Consultancy Limited has gained a reputation for being able to translate the complex technical
world of chip into a more understandable business language, assisting organisations to climb the steep
learning curve of chip thus reducing project time scales and costs.

OBERTHUR
CARD
SYSTEMS

www.oberthurcs.com
Oberthur Card Systems, listed on the Euronext Stock Exchange (Code Euroclear 12413) since
July 2000, is one of the worlds leading providers of card-based solutions, software and
applications including SIM and multi-application smart cards and services ranging from consulting
to personalisation.
Innovative products and high quality services ensure Oberthurs strong positioning in its three main
target markets.
Payment : 52% of revenues in 2001. the company is the world leader and number one supplier
for Visa and MasterCard.

39

 Mobile Communications : 31% of revenues in 2001, with open and interoperable solutions based
on Java technology.
Authentication and Network Security : emerging markets in which the company plays a pioneering
role, with strong expertise in security and a dominant position in e-commerce and Pay-TV.
Close to its customers, Oberthur Card Systems benefits from an industrial and commercial presence
across all five continents.
Oberthur Card Systems is a subsidiary of Franois-Charles Oberthur Group.

SCHLUMBERGER
Smart Cards
and Terminals

www.slb.com
Schlumberger Smart Cards and Terminals is the worlds leading provider of microprocessor cards the
key to digital networks and a major supplier of card-related terminals and transaction software. Its
5,000 employees serve customers in more than 100 countries, with worldwide sales exceeding 2.6
billion smart cards to date. The company possesses more than 20 years experience in smart card
innovation and leads its industry in security technology and open systems.
Schlumberger has an unparalleled track record implementing successful banking projects, whether its
leveraging smart card technology for nationwide EMV migration schemes, or designing payment systems.
Our technical expertise embraces security, payments standards such as EMV, chip card design, card
management and issuing systems, bank transaction processing and design of payment terminals

THALES
e-SECURITY

www.thales-esecurity.com
Operating in three main markets covering e-security, card payment and network security, Thales eSecurity addresses the business and finance industrys need for cryptographic security products and
solutions used to protect a range of critical information infrastructures. Over half of the worlds banks,
together with the majority of the busiest exchanges, currently use Thales technology. For more than 20
years the company has been at the forefront of security and payment technology, co-operating and
contributing to set the industry standards used for financial transactions and e-commerce globally.

Thales P3
Thales P3 lets issuers deploy EMV smart cards with minimal impact on their existing systems and with
minimum cost.
It integrates with host systems and card personalisation devices to:
Enable creation of EMV parameters for each card holder
Generate, store and manage cryptographic keys for each application
Output files of parameters and keys for personalisation machines
Generate an audit log of activities
Three levels of Thales P3 system enable issuers to deploy a Thales solution scaled to meet their
individual needs.

Thales HSM
The Host Security Module (HSM) is a physically secure, tamper-resistant security server that provides
cryptographic functions to secure transactions in retail financial applications including PIN encryption
and verification, debit card validation, stored value card issuing and processing, chip card issuing and
processing, message authentication and symmetric key management.
40

With the optional DSP-RSA Module, the HSM can also support public key cryptographic operations
including digital signatures, certificates, and asymmetric key management.

THALES
e-TRANSACTIONS

www.thales-e-transactions.com
Thales e-Transactions is a wholly owned subsidiary of the global electronics group Thales and provides
user-friendly secured solutions for card transactions. The company is a European leader in the fields of
portable, mobile and fixed electronic payment terminals, integrated Electronic Fund Transfer (EFT), epurse payment and secured keyboards. Thales e-Transactions expertise in smart card applications for
banking and commercial markets is highly acknowledged on a worldwide basis.
The solution that Thales e-Transactions proposes is a range of terminals that are appropriate for
a variety of card acceptance locations.
Artema Desk for standard retail where the customer attends the Point of Sale desk
Artema DECT for locations where the terminal needs to be taken to the customer away from the
Point of Sale desk
Artema Mobile where the terminal can accept transactions on the move.
These products have common core hardware platform and common software architecture which offers
the following advantages
Price benefits
Lower certification costs from common EMV Level 1 IFM to common Level2 Kernel
Faster to market with regional applications through the use of a simple to use software
development toolkit
The Artema Desk product can also be provided with a TSC+ PIN pad. The first in the world to achieve
Visa PED approval to the higher security required for chip transactions.
Thales also produce other terminals that are specific to local regions. Because of the nature of the
proposal these terminals have not been included in this offer but Thales would be happy to provide
further details on request.
With considerable expertise of developing EMV certified products in the main European markets, and with a
significant international presence both in and outside of the EU region, Thales e-Transactions believes its is
well qualified to be a valued partner of Visa International in the Global Cost Effective Acceptance Project.

VISA

www.corporate.visa.com
Visa is the worlds leading payment brand generating US$2.4 trillion in annual card sales volume. Visa
has unsurpassed acceptance in more than 150 countries. The Visa organization plays a pivotal role in
developing innovative payment products and technologies to benefit its 21,000 member financial
institutions and their cardholders. Visa is a leader in Internet based payments and is pioneering the
creation of u-commerce, or universal commerce the ability to conduct commerce anywhere, anytime,
and any way. For more information, visit www.corporate.visa.com.

41

42

Contact information for companies

mentioned in this document
Company

Website

ACI
Aconite Solutions
American Express
Asia Pacific Smart Card Association (APSCA)
Atlantic Zeiser
Atmel
Austria Card
Bell ID
Cardag
CardBASE Technologies
Cards etc.
Card Tech
Catuity
CEPSco
CIM
CR2
Cryptomathic
Datacard
Datacard Gilles Leroux
Diners Club International
Discover Card
DNP
E-Funds
EMVco
Fabrica Nacional
Fargo
G&D
Gemplus
GlobalPlatform
Hitachi
ID Data Systems
IFS
Incard
Infineon
Ingenico
Iris Tech
JCB International
Keycorp
LogicaCMG
Logika
MasterCard
Matica
Mosaic Software
Muehlbauer
Multos
NBS
NCR

www.aciworldwide.com
www.aconite.net
www.americanexpress.com
www.apsca.org
www.atlanticzeiser.com
www.atmel.com
www.austriacard.at
www.bellid.com
www.cardag.com
www.cardbase.com
www.cardsetc.com
www.ctl.com
www.catuity.com
www.cepsco.com
www.cimitaly.it
www.bankworld.ie
www.cryptomathic.dk
www.datacard.com
www.gilles-leroux.com
www.dinersclub.com
www.discovercard.com
www.dnp.co.jp
www.efunds.com
www.emvco.com
www.fnmt.es
www.fargo.com
www.gdai.com
www.gemplus.com
www.globalplatform.org
www.hitachi.com
www.id-data.co.uk
www.ifsintl.com
www.incard.it
www.infineon.com
www.ingenico.com
www.iris-technology.co.uk
www.jcbinternational.com
www.keycorp.net
www.logicacmg.com
www.logika.it
www.mastercard.com
www.maticasystems.it
www.mosaicsoftware.com
www.muehlbauer.com
www.multos.com
www.nbstech.com
www.ncr.com
43

44

Company

Website

Nomad
Norton Consultancy
Novacard
Oasis
Oberthur
Proton World
S2Systems
Schlumberger
Setec
Thales e-Security
Thales e-Transactions
Toppan
UBIQ
Verifone
Visa
Welcome realtime

www.nomadsoft.com
www.norton-consultancy.com
www.novacardservices.co.uk
www.oasis-technology.com
www.oberthurcs.com
www.protonworld.com
www.s2systems.com
www.slb.com/smartcards
www.setec.com
www.thales-esecurity.com
www.thales-e-transactions.com
www.toppan.co.jp
www.ubiqinc.com
www.verifone.com
www.visa.com
www.welcome-rt.com

Card issuing Critical Questions checklist

Does this affect me?
Introduction to EMV
What is the date of the EMV migration for my country or region
set by the card associations of which I am a member?
What level of testing period do I want to allow myself before going
live with my EMV card base/infrastructure?
Which vendors will I select to help facilitate my move to EMV?

When do I start migrating my card base to EMV cards, bearing in

mind that the cards I am issuing today might still be in circulation
after the EMV migration date?
What extra business can I generate by achieving first mover
advantage in my markets by moving to smart cards
Am I actually losing business by not moving more rapidly
to smart cards?
Am I being targeted by fraudsters because competitors have
already migrated?

Financial applications
What payment schemes do I want to support with my cards?

What are the standards and mandates of those schemes?

Do I want to support single applications, multiple applications,

or both?
Do I want to offer my customers an electronic purse?

Are there any other legal issues specific to my country that I need
to consider such as data protection laws?

Non-financial applications
My card will have an anchor financial application. But do I want
it to carry other applications such as a retail loyalty scheme?
Do I want the card to support Internet banking?

Will I create the additional applications in house, use third party

developers, or accept applications provided by partners?

45

Does this affect me?

Application security
Do I want SDA, CDA or the extra security of DDA authentication?
What EMV risk management parameters should I select and what
values should they be set to?
Will I use the off-line PIN functionality and what other, if any,
Cardholder Verification Methods (CVM) should I support?
Is there legislation, such as data protection law, that might impact
the security of my applications?
How can I modify the off-line PIN after the card has been issued?
How can I modify the EMV parameters after the card has
been issued?
How do I manage the information flows and business rules when I
allow third-party applications to make use of my card real estate?

Smart card selection

Do I want a single or multi-application card?
Will I select a proprietary card supplied by one supplier, or choose
an open platform solution with cards from multiple vendors?
What memory size do I need on the card?

Will I apply segmentation to my card base and will I create a mix

of proprietary EMV-cards and Open Platform cards?

Upgrading back office systems

Do I want to source my cards from multiple vendors?
Do I want to support more then one different card type or card
platform (Gold, Platinum, VISA, MasterCard, TIBC, Credit, Java,
Proprietary, debit, M-chip, Mulattos etc)
Do I want to set and dynamically update my EMV (risk) parameters?

Do I want a single application card, multiple application card or a mixture?

How do I ensure that my systems support my future strategies?

How can I interface between my issuance and acquiring systems?

46

Does this affect me?

Data preparation
How do I want to do data preparation?

1) Change host system

2) Deploy P3-type solution

3) Outsource

Do I select a standard set of EMV parameters as recommended

by my card association or do I select my own?
Does my data preparation system provide all the key management
functionality I require and is it secure?
How do I manage my card products?
How do I handle large volumes of cards to be issued?
How do I manage the workflow?

Card personalisation
Where do I want to personalise my cards?

1) In house bureau?

2) Outsource to a third party bureau?

3) Instant issuance at a branch level?

Do I want to consider post personalisation application load of new

applications to my cards?
How do I manage the workflow?

47

Acquiring and terminal network Critical

Questions checklist
Does this affect me?
Issuer transaction processing and host systems
Do I want to be able to change EMV parameters on already-issued
cards (for example increasing the cards transaction value limit)?
Has my interchange or switch been enhanced to accept
EMV related data?
Has my settlement process been enhanced to accept
EMV related data?
Is my infrastructure capable of blocking cards and applications
if needed?
Have I upgraded my host system to accept OMA (Online Mutual
Authentication, ARQC/ARPC)?
Will my host system cope with the volume of extra data associated
with EMV?
Will I need to support the generation of Issuer scripts and, if so,
has my host been upgraded to do this?

ATM/EFTPoS networks
Have I upgraded my ATM/EFTPoS network to physically accept
EMV cards?
Have I upgraded my ATM/EFTPoS terminal software to accept
EMV cards?
Have I selected terminal and hardware that has already been
appropriately type approved?
Have retailers in my markets agreed to update retailer owned
EFTPoS terminals?
Have the retail outlets in my region been educated about EMV?

Has my ATM/EFTPoS management system been upgraded

for EMV?
Have I taken into account the testing and approval process of EMV
ATM/EFTPoS terminals in my implementation plan?
Is my implementation future proof (i.e. processor speed, memory
and will terminals handle multiple applications in the future?)
Do I replace or upgrade my ATM/EFTPoS network?

48

Does this affect me?

How long will it take to upgrade my ATM/EFTPoS network?

What training will I perform/recommend for retailers?

What do I do with my old terminals?

Host systems
What do you do with all your old terminals?

Have I upgraded my host system to accept OMA (Online Mutual

Authentication, ARQC/ARPC)?
Will my host system cope with the volume of extra data associated
with EMV?

49

EUROPE, MIDDLE EAST, AFRICA

THALES e-SECURITY LTD.
Meadow View House
Long Crendon, Aylesbury
Buckinghamshire, HP18 9EQ, UK
Tel:
+44 (0)1844 201800
Fax:
+44 (0)1844 208550
e-mail: emea.sales@thalesesecurity.com

AMERICAS
THALES e-SECURITY, INC.
2200 N. Commerce Parkway
Suite 200
Weston, Florida 33326, USA
Tel:
+1 888 744 4976
or:
+1 954 888 6200
Fax:
+1 954 888 6211
e-mail: americas.sales@thalesesecurity.com

ASIA PACIFIC
THALES e-SECURITY (ASIA) LTD.
Asia Pacific
Units 2205-06, 22/F Vicwood Plaza,
199 Des Voeux Road
Central, Hong Kong, PRC
Tel:
+852 2815 8633
Fax:
+852 2815 8141
e-mail: asia.sales@thalesesecurity.com

DISCLAIMER
Thales reserves the right at any time, without notice and at its sole discretion to revise, update, enhance, modify, change or discontinue the information provided herein.
THALES MAKES NO REPRESENTATION OR WARRANTY AS TO THE ADEQUACY OR COMPLETENESS OF THE INFORMATION PROVIDED HEREUNDER.
The Thales policy is one of continuous development and consequently the equipment may vary in detail from the description and specification in this publication.
All trademarks are acknowledged. U.S. Patent No. 4,405,829 licensed exclusively by RSA Data Security, Inc.
Publication Number: 0104/10596 2004.