In late 1993, recognising the importance of chip technology to the future of the plastic payments industry, Europay International, MasterCard International and Visa International joined forces to facilitate the migration to chip technology. The result was the integrated circuit card (ICC) specification for payment systems, known as the EMV ICC specification for payment systems. With these specifications in place, the three card associations have paved the way for universal acceptance of chip-based transactions for credit and ATM cards.
The smart card is capable of delivering business benefits that are not possible with magstripe technology.
Pierre Kotze, Financial Services Executive, Integrated Card Technology.
Traditionally, magnetic stripe cards are essentially passive. During a transaction, the terminal does the work, interacting with the card only to obtain the necessary data. In contrast, the smart card is capable of delivering business benefits that are not possible with magstripe technology - the chip can be programmed to carry out specific actions and make specific decisions in interactions with smart card-enabled terminals or card readers.
The following points describe briefly the value proposition for credit and debit card products when implemented as an application on a smart card:
* Smart cards give the bank control over the actions of its cardholders by controlling the number and/or value of transactions that can be completed offline prior to the requirement of an online authorisation, helping to manage credit risk.
* Fraud risk management controls are enhanced at the point-of-sale. Smart cards use their interactive "computing" ability to employ a card authentication method, using cryptography to prove that a card is genuine. In the fight against lost, stolen and not received items, the chip securely stores a cardholder PIN, enabling offline PIN-based transactions to prove cardholder identity. Card-issuers can use the secure PIN to validate the cardholder, rather than relying on merchants to verify cardholders via a signature check. The PIN would need to be known before a lost or stolen card could be used.
* As many authorisations can actually be handled offline, both card issuers and merchants can save on telecommunication costs. There is also improved service because transactions are processed more quickly.
* The smart card promises to provide banks not only with a more secure and more flexible version of their current card products, but also a platform on which new products and services can be delivered to cardholders and merchants.
However, the complexity and future implications of the following components/processes should not be underestimated:
* Choice of chip card platform.
* Manufacture of plastic card bodies and embedding of chip modules.
* Pre-personalisation data generation process. This process prepares application-specific personalisation data and also generates card-unique keys and digital certificates.
* Personalisation. There are multiple types of data required for magstripe bankcard personalisation. For example, data to be embossed on cards, data to be encoded on the magnetic stripe and graphic data to be printed on the card. For bank integrated circuit cards, additional data elements will be included - the chip application code and/or customer data to be placed in the integrated circuit card.
* Card management system. In a multi-application environment, such a system will provide a mechanism for managing the card and the applications on the card throughout the card`s lifecycle. In the world of magstripe cards, the issuer of the card and the provider of the service represented by the data contained on it are the same entity. In multi-application schemes these functions, issuing a card and providing a service, can be performed by different entities with a bilateral agreement between them. With the necessary security features implemented on a multi-application smart card, the card management system will give card issuers control over which applications are loaded onto the card while allowing service providers (and application providers) to verify the integrity of their application code and data.
When they evaluate the options available, financial institutions need to take all relevant factors into account to reach the best decision for their business.
Share