News

Preventive and radical measures to protect against fraud

Despite all the anti-fraud measures taken by the participants of the global card market, today it still poses a serious threat to the stability of the electronic payments industry. The market for plastic cards in Russia has increased several times in recent years. With the increase of issue volumes of cards and the growing number of fraudulent transactions. At the same time, criminals are using more and more sophisticated methods of stealing money: phishing and phone fraud (vishing), interception of cards during shipment and skimming, fraud...

read more

The problem of security of card payments

Card fraud refers to deliberate deceptive actions of a certain party based on the use of Bank card technology and aimed at unauthorized acquisition of financial funds placed on the “card” accounts of Bank card holders or due to a merchant for card transactions. Card fraud is often called fraud (from the English. fraud — fraud, deception).Fraud is usually divided into two groups: fraud on the part of issuing cards and fraud on the part of servicing them. The first group includes fraud related to unauthorized use of the...

read more

EMV standard for microchip cards

Smart cards are bursting into our lives more and more decisively. Mobile phones, access control systems, e – tickets, information security systems, voting systems, electronic passports and various identity cards, Bank cards, mobile phones and satellite television are just some examples of their use. Today, several billion smart cards are circulating in the world. These are mainly SIM / UICC cards (Subscriber Identification Module/Universal Integrated Circuit Card) for cell phones, Bank cards, cards for paying for transport, telephone...

read more

Implementation of the technological chain for EMV card production

MasterCard International presents MasterCard PayPass. This is a new “contactless” card solution that offers holders a simple and reliable payment method. MasterCard MasterCard PayPass the cardholder does not need to insert it into the terminal or pass it through a reader. To make a payment, you just need to bring your card to a special wireless terminal with PayPass. The product is convenient to use in places where the speed of service is especially important, but it is traditionally paid in cash: in restaurants, cinemas, and gas...

read more

Methods for evaluating cryptographic strength

Let’s now focus on evaluating the cryptographic strength of today’s cryptographic algorithms. Let’s start with a description of the secret key opening model. The model is based on the following assumptions.Moore’s law, according to which the computing performance of microprocessors increases 2 times every 18 months or, what is the same, about 100 times every 10 years. In 2005, a typical personal computer connected to the Internet has a performance of about 1000 MIPS (1 MIPS refers to the performance of the old DEC...

read more

Overview of asymmetric EMV encryption algorithms

Most of the asymmetric encryption algorithms used in practice are based on the complexity of solving one of the following mathematical problems:factorization (factorization) problems of a large number: multiplication of two large numbers is a polynomial problem with respect to the size of the multipliers in terms of complexity. At the same time, the inverse problem— decomposing into multipliers — is extremely difficult. The RSA algorithm is based on the complexity of solving the factorization problem;problems of finding a discrete logarithm....

read more

Introduction to EMV cryptography

Introduction to cryptography General conceptCryptography plays a Central role in the development of card technologies. In applications related to transaction processing, typical tasks for various fields of technology are solved to protect information from unauthorized access, which include:ensuring the integrity of information (it is impossible for a third party located between the participants of the information exchange to modify the transmitted information in such a way that the receiving party does not notice it);ensuring the...

read more

Impact of migration on the system of the servicing Bank

Migration of the Bank to the IPC has a smaller impact on the host of the servicing Bank compared to the host of the Issuer. The servicing Bank must upgrade the software modules for managing devices of its host application in order to ensure that chip related data is received from the terminal and sent to the Issuer’s host without meaningful processing of this data. Two options are usually used for transmitting chip related data to the Issuer’s host: a composite data element 055 that is specifically designed for the purposes in...

read more

Choosing the IPC hardware and software platform

The choice of the hardware and software platform of the microprocessor card and the configuration of its application is largely determined by the tasks formulated by the Bank in its card programs. Here are a few examples to illustrate this.If the Bank plans to use prepaid cards, it is obvious that most operations on such cards will be performed offline. Therefore, to avoid the possibility of fraudsters cloning SDA cards, it is advisable to use chips that support dynamic authentication methods for a prepaid card. Despite the fact that a card...

read more

Possible schemes for forging a magnetic stripe

In the right hand, we only have a card with a magnetic stripe, which is transferred to the information from the magnetic stripe of the card located in the left hand. We are trying to use the card in a hybrid terminal that accepts microprocessor cards and magnetic stripe cards. The terminal must check the value of the service Code on the magnetic stripe, and if it is equal to 2xx, it must require the transaction to be performed using the chip.The terminal must not allow magnetic stripe operations if the service code value is 2xx and the...

read more