Credit card fraud has become a major issue for financial institutions. In 2006 the credit card fraud was 428 million pounds for the UK only. To reduce credit card fraud, a new worldwide standard has been introduced called EMV (Europay Mastercard Visa). These are the names of three of the main credit card companies in the world today. Until now, credit cards were equipped with easy to copy magnetic stripes and, therefore, provided no card authentication. This means that there was no way to determine that the card was original, or a copy.

Cardholder authentication was not forced by the credit card companies, and was rarely used (identifying oneself by showing a passport, for instance). The new core technology used by the new EMV standard is a smartcard containing a chip that is protected by cryptographic algorithms. This allows terminals to authenticate the card by ensuring that the card is genuine. By using a PIN code procedure, one can also authenticate the cardholder. Because of those two pillars on which the EMV standard rests, being card authentication and cardholder authentication, the project to introduce this new technology in the UK is referred to as ”Chip & Pin”.

Chip & Pin was rolled out nationwide in 2004 with advertisements in the press and national television touting the Safety in Numbers slogan. The UK was one of the first countries were Chip & Pin was rolled out. At the moment, almost all credit card payment facilities are Chip & Pin compatible, and all domestic credit card transactions are Chip & Pin transactions. In the Netherlands the first EMV credit cards were rolled out in begin 2005.

The business process around credit card payments, in general, is the process by which a shopper buys goods or services from a merchant and pays for these by using a credit card.

Contents

Preface
Contents
List of Figures
List of Tables
1 Introduction
2 EMV Overview

2.1 The Business Process
2.2 TheEMVStandard
2.3 TheChain
2.4 EMV Transaction

3 Analysis and Critical Evaluation of the Certification Process

3.1 Why a Certification Process?
3.2 What Includes the Certification Process?
3.3 CertificationProcessinMoreDetail
3.4 LifeCertification
3.5 Individual Components of the Chain
3.6 Integration of Components of the Chain
3.7 Critical Evaluation
3.8 Summary and Conclusions

4 Proposed Improvements to the EMV Certification Process

4.1 Certification Authority
4.2 Sniffer Logs
4.3 Redundancy in Test Suites
4.4 The Quality of the Visa and MasterCard Test Suites
4.5 Improve Reference PSP
4.6 Chain of Components
4.7 Summary and Conclusions

5 Evaluation of the Proposed Improvements to the EMV Certification Process

5.1 Certification Authority
5.2 SnifferLogs
5.3 Redundancy in Test Suites
5.4 The Quality of The Visa and MasterCard Test Suites
5.5 Improve Reference PSP
5.6 Chain of Components
5.7 Summary and Conclusions

6 Summary, Conclusions, Future Work

6.1 Summary
6.2 Conclusions
6.3 FutureWork

7 Reflection
Bibliography
Glossary
Appendices
A Sequence Diagram of the Payment Transaction Process
B Screens hots of the First Certified EMV Transactions
C Certification Test Suites

C.1 Visa
C.2 MasterCard

D Branch Coverage of the EMV Certification Process

D.1 Vis a test suite
D.2 MasterCardtestsuite

E Visa Transaction Flows
F MasterCard Transaction Flows
G Communication Messages in the Chain of Components

G.1 Card and Terminal
G.2 Terminal and POS Application
G.3 POS Application and PSP
G.4 PSP and Acquirer

Download
PDF Ebook Master Thesis Towards an Improved EMV Credit Card Certification