EMV Technology

Solution Summary

For nearly a decade, CSFi has offered a proven integrated solution for EMV acquiring, issuing, and issuer-processing support with SWITCHWARE®. Our solution maintains the integrity of the payment transaction and takes full advantage of how EMV technology provides a secure way to handle card creation and cardholder authentication. Once deployed, liability can be shifted away to those who cannot support EMV chip cards, which means EMV compliant issuers and acquirers are absolved of any loss.

SWITCHWARE® is EMV-ready and contains the additional data elements necessary to support the latest EMV mandates. These data elements require only a few tables used in configuring the interfaces to support EMV. A new EMV data transaction log stores all of the EMV data received from an acquirer and issuer system. RSA security is used for authenticating the cardholder and common EMV functions used by all EMV-enabled interfaces, which are included in the base release. CSFi’s EMV base system license is required to activate the EMV functions in SWITCHWARE®.

SWITCHWARE EMV

  • Offline PIN Verification
  • Application Cryptogram Validation (ARQC/ARPC)
  • Card Risk Management (Offline risk parameters & authorization controls)
  • Card security code (CSC, CVV, CVV2) and Chipcard Security Code (iCVV or Chip CVC)
  • Card Verification Results (CVR) Support
  • Multiple cardholder verification methods (Offline, Fallback, Online, Signature, No CVM)
  • All chip cards (ICC, Contact, Contactless, Dual Interface, All CVN types)
  • Combined DDA & Application (CDA) cryptogram support.
  • Issuer Scriptiong & Issuer Action Codes (IACS)
  • Message Authentication Code (MAC) Support

Solution Diagram

EMV Issuing Support

EMV issuer support consists of Cardholder Authentication Method (CAM) verification, the means by which a plastic card is determined genuine and not counterfeit, verifying the Authorization Request Cryptogram (ARQC) and responding with Issuer Authentication Data.

HSM Interface. Card authentication is performed through special commands sent to a Host Security Module (HSM). The HSM supports RSA Key Management, verification of the ARQC (Authorization Request Cryptogram) and generation of an ARPC (Authorization Response Cryptogram). Available EMV-enabled HSM interfaces are provided using Thales HSM devices.

Smart Card Issuance Solutions

In addition to authorizing transactions as a smart card issuer, your organization may wish to issue smart cards with preloaded applications. In order to accomplish this, several components are required to support an “end-to-end” smart card issuance environment.

Pingen.  The Pingen system’s main purpose is to provide PIN mailer generation and card encoding/embossing functions. To support EMV smart card issuance, Pingen is responsible for accessing SWITCHWARE®’s cardholder data tables for magnetic stripe, embossing and EMV data. Pingen then generates a PIN and outputs a file containing track1, track2 embossing and EMV data.

Pingen P3 Interface Module. The Pingen P3 interface module is used to prepare the EMV data file for importation into the Thales P3™ card personalization process system. The import file generated for P3 will consist of the embossing/encoding details, the PIN encrypted in ZPK defined between Pingen and the card personalization system and the EMV related tags setup for the cardholder in the SWITCHWARE® database.

P3™. The Thales P3™ Personalization Preparation Process system provides the functionality to define, generate and store cryptographic data that will ultimately be loaded onto the smart card. There are multiple P3 software solutions available that are designed to meet the needs of your EMV smart card issuance volume and performance needs.

P3 Cryptographic Functions. A P3 Crypto Module (P3CM) is used to perform the EMV cryptographic functions required by the P3 Personalization Preparation Process System.

EMV Acquiring Support

ATM Support. EMV-enabled ATM handlers support the acquisition of a smart card at an ATM terminal equipped with a smart card reader and Encrypting PIN Pad (EPP) that supports 3DES and MACing (Message Authentication Code). Available ATM handlers include:

  • Diebold format
  • NCR format
  • Wincor-Nixdorf (Using their native extensions)

POS Support. EMV-enabled POS handlers support the acquisition of a smart card at a POS device equipped with a smart card reader and EMV compliant terminal program.

FeatureMagstripeSWITCHWARE®
EMV
Storing data on the card
(PAN, account inf, etc.)
Stored in the clearEncrypted
Card data is protected and
not easily skimmed or copied
NoYes
The issuer can authenticate
the card and the terminal as legitimate
NoYes
The ability to identify
counterfeit cards
NoYes
Card can perform own risk
assessment (rules for risk stored on the card)
NoYes
POS terminal can perform own
risk assessment (rules for risk stored on the card)
Rare casesYes
Issuer can generate dynamic
cryptogram sent to the card
NoYes
CVC 1YesYes
Chip CVCNoYes
ARQC dynamic cryptogram
generated at the time of the transaction
NoYes
Chip security/service code
(to differentiate between chip and magstripe)
NoYes
Issuing system can be
validated by the card using an ARPC
NoYes
Send issuer scripts, modify
applications, limits and other values stored on the card
NoYes
Offline transactions allowedNoYes
Offline PIN allowedNoYes

Commonly Asked Questions

How will the inclusion of a chip change the graphic design of the card? Where does our logo appear? How do we preserve our brand?

Which applications are included on the chip?

Can we use the same BINs/Prefixes for our chip cards that we used for our magnetic stripe cards, or do we use new BINs/Prefixes? What are the advantages and disadvantages?

Can we support the PIN change function for our chip cards?

How will we perform the steps needed for chip card authentication?