A. DES Keys
1. System keys
1.1 LMK (Local Master Key), managed by HSM
1.2 ZMK (Issuer ZMK)
1.3 KEK, managed by Issuer
2.Card keys (external authentication keys)
2.1 KMC
2.1.1 KMCenc
2.1.2 KMCmac
2.1.3 KMCdek(KMCkek)
3.Issuer Keys (Key size should be 16 bytes, from bank)
VISA:
MDKac
MDKenc
MDKmac
MasterCard:
IMKac
IMKsmi/IMKmac
IMKsmc/IMKenc
IMKidn
B. RSA Keys
1 CA RSA, generated by CA, we only need CA PK Index and Public Key modules.
2. Issuer (Bank) RSA, Generated by Issuer.
3. IC Card RSA, Generated by DP system.
3.1 ICC RSA Key only for DDA Card.
3.2 ICC RSA Key generated by DP system during DP.
4. PEK (PIN Encryption Key) (optional)
4.1 PEK RSA Key only for DDA Card.
4.2 PEK RSA Key generated by DP system during DP.
4.3 Sometimes, we used ICC Key instead of PEK to save many resources, such as card memory is not enough for 2 RSA key stored.
EMV migration is mandated by the world’s leading payment schemes. With the migration from magstripe to EMV, you may face with the challenges of card and terminal migration, so you may need to be consider below items:
a. The costs and risks of the EMV migration
b. Manage the implementation of EMV within the current organization, operational processes, security policy infrastructure.
c. How to plan reissuance of cards.
d. how to handle of new terminals.
e. Comply with government regulations
f. Evaluate the impact on the terminal side, acquiring system, key management, authentication, security, certification, TMS system?
g. Evaluate the impact on the cards, personalization process, key management, authentication, authorization host, security, certification, charge back rules and so on.
Wisecard have more than 10 years EMV migration experience, we can help you make the correct choices during the migration project, ensuring your migration is done smoothly and within set time limits.
Personalization is one of the major components in the production of the EMV cards. Numerous methods of personalization with proprietary commands exist for each card or application.
Normally, we need a EMV personalization software (such as Wisecard SmartOne) to take charge of all process:
1. Bank apply the BIN from VISA/MC
2. Bank get tracking number and VPA profile (CPV profile for MasterCard)
3. Bank generate a Issuer RSA Key pair, and then generate the issuer self-signed certificate to send CA to sign it (*.INP for VISA, *.sip for MC)
4. Bank Get CA signed certificate from VISA/MC, then send to personalization center
5. Prepare Issuer DES Keys which generated by bank
VISA/MC type approval: get the issuer sample DES Key from VISA/MC
Production chip card: Generated by bank through KMS system
6. Get the chip card and chip card KMC from bank or card vendor
7. Bank generate traditional personalization data file by CMS system
8. Create a Personalization software job file (required: VPA/CPV + Certificate + Issuer RSA Key + Issuer DES Key + chip card key)
9. Data Preparation for chip card with traditional personalization data file.
10. A Card Production process will be implemented interface with EMV personalization printer with Data Preparation output data file
A magnetic stripe card can be cloned, but chip cards contain a microprocessor to provide a higher level of security when used at a chip-reading terminal, this technology in the chip makes it difficult to copy or counterfeit.
EMV (stands for Europay, MasterCard and Visa) is a global security standard for chip card technology. It enables chip cards to be accepted anywhere in the world. With the EMV Smart Chip, your card is better protected against fraudulent activities, EMVCo is owned by American Express, MasterCard, JCB, and Visa, and includes other organizations from the payments industry participating as technical and business associates. Information on the specifications and organization is available at http://www.emvco.com.