1 / 143

Part 1 Card Technology

Part 1 Card Technology. Card Era. credit cards have become part of our daily life as forms of plastic money since its first launch in 1960 a magnetic card verse a smart card. Magnetic Card. composed of a layer of magnetic material for storing information easy to carry

aure
Download Presentation

Part 1 Card Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Part 1 Card Technology

  2. Card Era • credit cards have become part of our daily life as forms of plastic money since its first launch in 1960 • a magnetic card verse a smart card

  3. Magnetic Card • composed of a layer of magnetic material for storing information • easy to carry • can be use for authentication • what is its principles?

  4. Information on Magnetic Card • the stripe is 8.5cm X 1.2cm • data is constructed based on ISO 7811/2 • maximum 3 stripes • can store around 1K bits

  5. ISO Standards • Based on ISO 7811 • Track 1 is developed by International Air Transportation Association (IATA) which contains adaptive 6-bit alphanumerical characters • Track 2 is used by American Bankers Association (ABA) which stores 4-bit numerical information containing identification number and control information. • Track 3 is originated by Thrift Industry which contains information which is intended to be updated with each transaction.

  6. Capacity TrackRecord density bits/inchCapacity 1 210 79 (7 bits/char.) 2 75 40 (5 bits/char.) 3 210 107 (5 bits/char)

  7. Fraud card activities • Stealing — A legal card may be stolen and used in ATMs or EPOSs. • Altering and re-embossing a genuine card, that is modifying the visual features of card. • Skimming or altering the original electronic data stored on the magnetic stripe, for example the expire date or the credit limit. • Buffering or re-encoding the original data to the magnetic card. This technique is commonly used in producing card counterfeits of store-value ticket.

  8. Copying of data from a genuine card to another in an on-line fashion  “white plastic fraud” • Counterfeiting — “color plastic fraud” may be prepared by reading another legal card and encoding the same information onto another fraud card in an off-line fashion.

  9. Valid Card Fraud Card

  10. Design of card protection technologies • Validation by Appearance — this is a visual mean to protect against illegal duplication of plastic card. The aim is to make the appearance of card so unique and difficult to duplicate that shopkeepers or card handlers can identify the genuine card instantly.

  11. Verification on Access — this validation relies on the interaction with the card holder, the objective of the protection mechanism is to identify the person accessing the card is an authorized one.

  12. Protection on Data — this is a machine readable protection to avoid data from being access and duplication illegally. The importance of stripe data protection is .to ensure the security of electronic transaction and provide an alternative verification mechanism of magnetic card.

  13. 6.5.1 Validation by Appearance Computer Chip Hologram IN GOD WE TRUST But Counterfeits Still Exists! Magnetic Stripe Logo VISB MR. B 12/95 Printed & Embossed Data Fine Printings Bar Code Authorized Signature Photo ID Signatures

  14. Holograms • are the most notable marking for credit cards • produced by a combination of photography and laser beams • initially counterfeit holograms were crude and manufactured by stamping tin foils • recently counterfeit holograms were produced by professional technical knowledge is needed to validate the authenticity of holograms

  15. Embossed characters • are some raised marks implemented on the plastic surface of card • the embossed information includes the user name, expiry date, card number and unique embossed symbol — VISA embossed a symbol like “CV” besides the expiry date. • However, the card material is a thermal plastic by warming the card to about 50C, it allows “debossing” of the characters and re-embossing with fraud information.

  16. Photocards • are introduced by CitiBank Corporation • the effectiveness of photocard on marketing purposes seems to be greater than that on security • it is not an effective mean to stop card fraud because counterfeiters had the ability to imitate laser engraved photographs and signatures in rather low cost using a photomachine of around US$ 5000.

  17. Ultra-violet dove, bank identifying number (BIN) and micro-printings • can also be duplicated under the existing technology • technical knowledge is needed to recognize a counterfeit card from a genuine one • most card reading terminals contain no visual detector to validate these visual protection features while human eyes are not a reliable mean of verification • difficult to validate a genuine card

  18. Protection on Card Access • the card holder is requested to prove his identity or the authorized user will be acknowledged about the transaction • methods: • signature • biometrices • PIN

  19. Signature • Signature is the most popular way of verification. • When a transaction is made, the card holder is requested to sign and the signature will be verified visually. • this method is simple • not useful in protection against “color plastic fraud” where the criminal can sign their own signature in the fraud card.

  20. Biometrics • biometrics features were developed such as speed of writing, fingerprint or iris pattern • implementation cost is high • their accuracy is questionable

  21. Personal identifying number (PIN) • PIN is a unique number given by the bank to each user which is effectively fixed by the customer account number and the cryptographic key used in the derived PIN computation. • PIN offset or password is a value that relates a derived PIN to actual PIN value.

  22. When a card holder transfer or withdraw his money from a bank account, a 6-digits password is inputted before transaction processed. • The password will be validated by comparing with the one stored inside the magnetic card by offset or in a centralized database in the bank.

  23. The security of password is relied on the encryption algorithm of PIN, the PIN management scheme and the secrecy of password. • PIN does not provides defense against data copied from another card which contains the correct card verification value. • Moreover, the encryption algorithm adopted in validation codes may be tampered and decoded by professional hackers with some insider information.

  24. Protection on Data • the major magnetic card protection techniques have included • Watermark • MagneticPrint • Valugard • Xsec-Jitter • Macaps

  25. Smart Card • Integrated Circuit - chip • originated from France • invented in 70 and matured in 90 • Magnetic Card replacement

  26. Types of Smart Card • Memory Card • MPU IC card • Crypto- processor card • Contactless card

  27. Memory Card • Primitive type • composed of EEPROM/PROM • simple function • as prepay card

  28. Cypto-processor IC Cards • composed of cypto-processor & PROM • a powerful MPU • can recognise illegal signal and security features

  29. MPU IC Smart Card • Composed of MCU/MPC • software driven • have flexibility and primitive intelligence • some security features

  30. Contactless Smart Card • similar to contact smart card • with RF transceiver to increase robustness and security

  31. Advantages of Smart Card • Large storage capacity • more security features • multiple functions • flexibility in use - intelligent, lower power consumption, effective packaging • as access card, electronic purse, debit/credit cards, ID card etc. - particular off-line applications

  32. Hardware Technologies • new memory technologies - EEPROM and flash-EPROM • new silicon technologies - 1.3 m to 0.65 or even 0.18m for more storage and security, lower power consumption • new packaging technologies - against breakage, rubbing and bending

  33. Smart Card Software • Intelligent Chip Operating System -COS • Encryption techniques - RSA & DES • Multiple Application OS (MAOS) • Mondex, EMV, GSM, Loyalty • New requirements • hot list, trust key management

  34. 6.6.4 Smart Card Worldwide • Use Distribution 40% Western Europe, 25% Asia, 15% North America, 8% South America and 12% others • Major user is France over 130M cards • Germany 80 M health insurance • over 20 countries use GSM and electronic purse

  35. Smart Card Project Worldwide • Mondex - UK • Barclay/Mercury one-2-one project (UK) • Detemobil Toll Collection (UK) • Advantages Card in RSA • ID card in Taiwan • Mastercard &Visa + Netscape and Microsoft - COS project • Credit Card in USA

  36. Some Difficulties Worldwide • Bank card project cancellation - Taiwan • Mondex tampering slow down bank sector development - RSA and New Zealand • Mastercard - year 2000 delay of massive launching • Visa - adoption of magnetic card in RSA debit card project • Major concern - COST EFFECTIVENESS

  37. Smart Card in Hong Kong • Mondex • Visa Cash • City Smart • Octopus - smart travelling card • Jockey Club -pre-pay card • New airport - access control card • HKT - telephone card • Parking Meter - prepay card project

  38. Smart Card in Electronic Commerce • Electronic Data Interchange (EDI) • Tradelink • Electronic Purchasing • Home Banking • Internet Shopping

  39. New Technologies Required • Data Storage Management - information protection • authentication process - • biometric: fingerprint, facial features, iris identification, dynamic signature recognition, speech recognition • encryption methods - • Elliptic Curve Cryptography, chaotic techniques

  40. THE SMART CARD MARKET IN THE YEAR 2000 (in millions – Source: Philips Communication Systems) Application France Europe Others Total Phone cards 140.8 553.1 640.0 1334 GSM cards 4.0 15.0 42.0 61 Health cards 10.0 55.0 92.0 157 Bank cards 25.0 85.0 75.0 185 ID cards - - - - Transport tickets - - - - Pay TV cards 4.5 24.0 81.0 110 Access control 1.8 3.0 5.0 10 City cards /Misc 24.0 55.1 64.3 143 Total 210.1 790.2 999.3 2000

  41. Some Difficulties Worldwide • Bank card project cancellation - Taiwan • Card tampering slow down bank sector development - RSA and New Zealand • MasterCard - year 2000 delay of massive launching • Visa - adoption of magnetic card in RSA debit card project • Major concern - COST EFFECTIVENESS

  42. Smart Card in Electronic Commerce • Electronic Data Interchange (EDI) • Tradelink • Electronic Purchasing • Home Banking • Internet Shopping

  43. New Technologies Required • Data Storage Management - information protection • authentication process - • biometric: fingerprint, facial features, iris identification, dynamic signature recognition, speech recognition • encryption methods - • Elliptic Curve Cryptography, chaotic techniques

  44. Smart Card in Mobile Phone Applications • Wireless Application Protocol (WAP) emerges for a mobile Internet access • Research work launched in Japan indicates a good market if available. • Mobile operators will provide add on WAP gateways and WAP services to enable wireless internet services: • Banks, financial institutions, restaurants, retailers, • Utilities, transit operators, hotels, • entertainment and media, selling goods and information

  45. Limitation, the SIM card inside the WAP phone cannot provide complicated the PKI authentication process thus security is an issue. • A possible solution is to introduce an additional smart card interface (either contact or contactless) to enable the authentication process. (MasterCard – dual card phone)

  46. New technologies requirements: • The development of m-PKI (mobile PKI) in the multiple-application OS is more essential and practical • The development of high security low power card modules • A better interface to new wireless internet platform, other ancillary technologies, such as Bluetooth and Wireless Wallets are also important

  47. Java Card • More powerful processor & memories • Allow download of applications • Open software platform for code transportability • For multi-function, e-purse, loyalty, health care database and Internet/Intranet access card

  48. Smart Card in Hong Kong • Mondex • Visa Cash • Campus card • Octopus - smart traveling card • Jockey Club -pre-pay card • New airport - access control card • Telephone card & SIM Card • Parking Meter - prepay card project • Residential access card • Possible new ID card, Road Toll Pay Card

More Related