EMV Migration Economics - Comparing Native and …mail.arcom-group.com/~sarmatov/Common/EMV/Whitepaper_EMV_Mig… · 1 EMV Migration Economics - Comparing Native and MULTOS smart

1

EMV Migration Economics - Comparing Native and MULTOS

smart card choices 1 Introduction

As a result of growing losses caused by various kinds of credit card fraud, and with the expanding possibilities for making payments over open networks such as the Internet, the card issuing associations such as MasterCard and Visa have been working to develop more secure payment solutions. The standard developed and agreed by the above associations for reducing fraud related to the copying of magnetic stripes and card counterfeiting was the "EMV" standard for debit and credit smart cards. MasterCard and Visa are now working with member banks and merchants to migrate to "chip" – and since January 2005 the liability for fraudulent transactions has shifted to the non chip accepting party in most regions. In many markets, the cost of EMV migration outweighs the cost of the fraud it will prevent, so some issuers are looking for ways in which the migration to chip can add value to their card programmes. Multi-application smart cards based on open standards often form part of this strategy, since they can enable card issuers to combine packages of applications on one card that match the lifestyle of their cardholders – thereby enhancing the value of the card to the consumer, increasing his spend using the preferred card, and improving customer retention. However, multi-application smart card projects are sometimes perceived as being complex and expensive to implement. This paper demonstrates that a new alternative now exists, in the form of MULTOS step/one, which offers issuers all the supply chain management benefits of open standard smart cards, plus limited multi-application capability, at prices competitive with native cards. 2 EMV Options

2.1 Card Association EMV specifications: Today financial card issuers all over the globe are either executing or planning their EMV chip migration. In the case of MasterCard members, the EMV specification with which they must comply is M/Chip. In the case of Visa this specification is Visa Smart Debit Credit (VSDC). In addition both American Express and JCB have defined their own versions of an EMV specification. In the case of JCB this is called “J-Smart”.

2.2 Static vs Dynamic Data Authentication: EMV Terminals need to be able to authenticate that the EMV transaction data generated by the card is genuine. This can be performed without the terminal needing to go on-line with “Static Data Authentication” (SDA) or “Dynamic Data

2

Authentication” (DDA). In the case of SDA, the same digital signature is used by the card to authenticate itself each time an offline transaction takes place. This means that it may be possible to copy that card’s data, and create a duplicate card using programmable smart cards. Cloned SDA cards cannot be blocked if they are used in off-line terminals, but can be detected as soon as the terminal goes on-line. For this reason the threat of SDA card cloning is judged to be less of a threat than the current magnetic stripe technology. SDA is the most common deployment of EMV smart cards to date, since they do not require RSA cryptographic support in the chip, and so are less expensive. The solution recommended for greater security is “Dynamic Data Authentication”, because it protects against the cloning of chip cards and against so-called "replay attacks". This is because a DDA terminal can dynamically authenticate that a DDA card is a genuine card off-line, by sending a challenge to the card which is processed by the card’s RSA co-processor, and responded to. The disadvantage of DDA is that the requirement for an RSA co-processor makes the smart card more expensive than a simple SDA card. Both MasterCard and Visa have defined EMV smart card implementation options for DDA and SDA. 3 Native vs Open standard card issuance.

The cost of introducing EMV smart cards and acceptance infrastructure is a major investment, which may initially cost more than the current cost of magnetic stripe card fraud. For this reason, many issuers try to generate other revenue streams from smart card and terminal deployment by adding other value added applications such as Authentication, Electronic Purse, Ticketing or Loyalty. The benefits of multiple applications on one card are that if the applications add convenience or other benefits for the cardholder, or enable the cardholder to carry fewer cards in his wallet, the card becomes more valued by the cardholder, so promoting usage of the “top of wallet” card, and hence generating greater transaction revenue for the issuer of the payment application(s).

3.1 Fixed (Single) Application “Native” Cards Single Application EMV SDA smart cards based on chips with a small (2-4 kb) E2PROM memory and no RSA co-processor, employing “native” operating systems

are sufficient to comply with the minimum requirements of EMV. “Native” EMV products are supplied by a limited number of smart card companies around the world who have the skills necessary to develop an EMV smart card application in “native” code (i.e. languages that are specific to a particular silicon chip). This code is fixed in the “Read Only Memory” of the chip, and cannot be changed after the chip is manufactured. See figure:

Chip Hardware BChip Hardware BChip Hardware AChip Hardware A

Proprietary OS A Proprietary OS B

EMV Code

LoyaltyCode

Data Data

RO

ME2

Native EMV CodeEMVCode

LoyaltyCode

Data Data

RO

ME2


X


Proprietary OS AProprietary OS A Proprietary OS BProprietary OS B

EMV CodeEMV Code

LoyaltyCode

LoyaltyCode

Data Data

RO

ME2

Native EMV Code

Native EMV CodeEMVCodeEMVCode

LoyaltyCode

LoyaltyCode

Data Data

RO

ME2


X

3

The benefit of this is that the cost of the chip card is kept to a minimum. The disadvantage is that the cards are unable to have their functionality changed or to support other applications unless they too are developed in native code and “masked” in ROM, which can take considerable time and cost to get security approved, and the product itself is “proprietary” to a particular smart card manufacturer, so changing card supplier may have an impact on the issuer’s card personalisation arrangements.

3.2 “Open Standard / Multi-Application” Cards: The alternative is the open standard, multi-application smart card. An “Open Standard” card such as MULTOS or JavaCard is able to load and execute an application’s software on its “virtual machine” in a standard manner, and therefore be available in interoperable versions from lots of different suppliers. Also instead of the EMV application or other applications being coded in native code and burned into the chip’s ROM at manufacture, the applications are loaded into the Programmable chip memory (E2PROM) at personalisation, and so can be changed or added to during the life of the card. See figure:

3.3 Introducing MULTOS MULTOS is the world’s leading open standard multi-application smart card operating system* (*JavaCard defines an API & Virtual Machine, but not a complete operating system). The MULTOS specifications define a complete end to end architecture: the MULTOS Application Abstract (or Virtual) Machine (AAM), Application Programming Interface (API) and Operating

System, which includes the mechanism for initialising chips, managing the secure loading and deleting of applications into E2PROM, and the application firewall security mechanisms which must be implemented to a security assurance level capable of achieving ITSEC E6 High (the highest possible security assurance rating for IT products).

Chip A

Vendor / MULTOS OS

MULTOS / JavaCard Virtual Machine

MULTOS / JavaCard API

EMV PKI

ROM

Chip B

Vendor / MULTOS OS

MULTOS / JavaCard Virtual Machine

MULTOS / JavaCard API ROM

Application A

ApplicationB

E2PROM

EMV PKI Application A

E2PROM

4

The following diagram shows the structure of a MULTOS Card.

3.3.1 Defining Open Standards The term “Open standards” can be interpreted in different ways. Open standards are enshrined in the MULTOS proposition as follows:

3.3.1.1 Open Application Development The API for developing new applications is freely available. Applications can be developed in a variety of languages, ranging from C and Java to low level Assembler (MULTOS Executable Language or “MEL”) and compiled to run on any MULTOS Type Approved device:

3.3.1.2 Open Application Personalisation and Loading The specifications for creating so-called “Application Load Units” consisting of the application code and data that is to be loaded to a MULTOS card using a high security mechanism are freely available, so multiple products have been developed to perform data preparation and loading of MULTOS applications exist.

3.3.1.3 Open Governance of MULTOS specifications by MAOSCO The MULTOS specifications are governed by “MAOSCO” – the “Multi-application operating System Consortium” - a consortium of companies who manage the further development of the MULTOS specification in an open and democratic manner:

Application

C Compiler Java Compiler / Translator

MEL Editor

MULTOS

Renesas

MULTOS

Infineon

MULTOS

Samsung

5

The MAOSCO ConsortiumThe MAOSCO Consortium

4 Benefits of MULTOS vs Proprietary Smart Cards

4.1 Faster time to market with new applications for consumers

4.1.1 Faster application development and deployment First of all, many software development companies, and even card issuers have procured a Smart Card Application Development Tool for MULTOS, and using standard languages such as C or Java, have been able to quickly develop their own applications for MULTOS. With open standard cards, the applications on the cards do not have to be developed by the operating system developer. As a result, applications can be prototyped on MULTOS in a matter of days (or even hours in some cases). Secondly, a large number of applications for MULTOS cards have already been developed and are available off the shelf from independent application providers. A selection of existing MULTOS applications are shown in the table below: Payment Applications: EMV applications available for all MULTOS devices: • MasterCard M/Chip 4 Lite &

Select in all configurations including: o Chip Authentication (CAP) o Pre-Authorised Debit o Paypass MasterCard M/Chip 2 Lite & Select

• Visa VSDC 1.4 SDA & DDA • Amex EMV SDA & DDA • JCB JSMART SDA & DDA • Common Payment Application

due for release 4 2006. Additional payment applications: • Bo’, FISC, Moneo, K-Cash, SEED, T-

MONEY

Off the shelf Applications: Single Sign On applications: IdentiPhi, SCB Solutions PKI Applications: Advanced Encryption Technologies, PIV (StepNexus), Keycorp, Smartcon Biometric applications: Precise Biometrics Fingerprint Match On Card, Hitachi Fingervein Match On Card, Cogent Fingerprint Matching Data Storage and Loyalty: MasterCard Open Data Storage (MODS), MulteFile (eCEBS), Multi-pockets (DNP), ISO Files (Keycorp), Welcome Realtime, Cassis loyalty and many more. GSM & Transit SIM, USIM, ITSO, Mifare, KCG

6

4.1.2 Faster route for type approval of EMV and other applications against Payment Scheme certification requirements:

Issuers and vendors also need to take into consideration the certification requirements laid down by the payment card schemes for EMV and other applications residing on the EMV card. To give an example, MasterCard’s CAST or “Compliance and Assessment Security Testing” process requires the EMV application to pass an implementation review or a Common Criteria evaluation. In addition, any additional non-EMV applications must be tested to ensure that they have no impact on the EMV application (Implementation review or Firewall testing) and that the non-EMV application itself cannot be easily compromised (Risk Assessment). Implementation Reviews / Firewall Testing and Risk Assessments have to be carried out by recognised test laboratories, who charge for their services. But in the case of type approved and security evaluated MULTOS devices, the Implementation Reviews / Firewall Testing is not necessary, because the M/Chip EMV application is already supplied as a CAST approved application, and the MULTOS ITSEC E6 High firewalls already guarantee that additional applications cannot affect the EMV application. So MULTOS is the most cost effective solution for enabling issuers to deploy EMV cards with one or more additional applications:

Any MULTOS ChipAny MULTOS Chip

MasterCard CAST Policy trusts MULTOS:

Required per app and per chip

Required per app combination

Required

JavaCard

Required once per app –valid on any platform

Not required (MULTOS Firewalls ITSEC E6 High / EAL4+ evaluated)

Not required. (M/Chip 4 supplied CAST and EAL 4+ evaluated)

MULTOS



Required

NativeSymbol

CAST of Value added applications – Risk Assessment (Is the application fit for purpose?)

CAST of Value added applications – impact on M/Chip application (firewall testing)

CAST of M/Chip application and chip OS / hardware

CAST Requirements:

Specific ChipSpecific Chip

Native OS

Native M/Chip

Code

Native LoyaltyCode R

OM

App Data App Data

E2

Specific ChipSpecific Chip

Vendor OS

JavaCard Virtual MachineJavaCard API

M/Chip PKI

RO

M

ApplicationA

E2PRO

M

MULTOS VMMULTOS API

M/Chip PKI

RO

M

ApplicationA

E2PRO

M

Required Required CAST Approved. (Chip & OS by MAOSCO, M/Chip 4 supplied CAST and EAL 4+ evaluated)



Not required (MULTOS Firewalls ITSEC E6 High / EAL4+ evaluated)



Required once per app –valid on any platform

4.2 Continuity of Supply For some consumers, their credit or debit card is an essential tool for their business or personal life, as it enables them to pay for goods and services when travelling on business or for pleasure, or if they do not have time to go to a bank branch during opening hours to withdraw cash. Hence, if a consumer loses their card, or if it is

7

stolen, it is essential that the card can be replaced quickly. For this reason, financial institutions place significant value on the ability to maintain continuity of supply of their payment card products. Ensuring smooth supply of cards based on magnetic stripe technology has become relatively simple for issuers to manage, since nearly all card manufacturers – about one hundred around the world - can supply a card compliant with the relevant standards and the equipment for personalising magnetic stripe cards is relatively easy to install and run. So if one supplier was not able to meet the deadlines demanded by the card issuer, a back-up supplier of cards or personalisation services could easily be activated with little notice. However, with the move to EMV, the number of suppliers who can supply products that are fully compliant with the relevant EMV chip standards is drastically reduced. And furthermore, the cost for an issuer to install his own chip data preparation and personalisation equipment is significantly higher and more complex than for magnetic stripe, making more issuers reliant on outsourced data preparation and perso services.

4.2.1 EMV Chip Data Preparation Therefore an issuer who wishes to ensure a smooth supply of cards to cardholders has to choose between making an expensive investment in systems, machinery and expertise, or to outsource chip card data preparation and / or personalisation to a local personalisation bureau or to the chip card manufacturer themselves. The decision the issuer takes will depend on a number of factors. As far as EMV chip data preparation is concerned, an issuer who wishes to maintain in-house control of his EMV Issuer keys – used to derive the EMV chip data – will have to invest in a Data Preparation system capable of securely hosting keys and preparing chip data. Various suppliers of such systems exist. Generically these systems are referred to as “P3” or “Personalisation Preparation Process” systems. An issuer could outsource this element of data preparation to the card personalisation bureau, but this means that the issuer must trust the bureau, and be contractually tied to use that bureau’s personalisation services. If an issuer wished to use the services of two or more personalisation bureaux, in order to ensure a backed-up supply chain for card issuance, the most flexible solution would be for the issuer to host his own P3.

4.2.2 Multi-sourcing EMV Chip Card Personalisation: Native Cards If the issuer wishes to have a second source of supply for EMV card manufacture, and wishes card vendor B’s bureau to personalise native cards from card vendor A, there will be a cost incurred by card vendor B’s bureau to adapt their systems to support initialisation of the smart card from Card Vendor, a cost which is likely to be passed onto the card issuer. As in the in-house scenario, each additional application supported will also require changes to the personalisation software system for each native card vendor that the card issuer purchases chip cards from. See figure:

8

4.2.3 Multi-sourcing EMV Chip Card Personalisation: Open Standard Multi-Application cards

The aim of “Open standard" multi-application smart card platforms is to define standard interfaces for application development, platform security and loading of applications. Whilst more than one “open standard” for multi-application smart cards exists, MULTOS is the only one today that has a detailed enough specification and enforced type approval procedure to guarantee that multiple MULTOS chip products can be supported in a card personalisation system without any changes being required to the chip personalisation software whatsoever if the card issuer multi-sources or switches silicon chip, embedding or personalisation centre. It is thanks to the end to end interoperability of MULTOS products that the smart card supply chain is made easier to manage and less expensive to implement. See figure:

Because of MULTOS’s standard application loading interface, regardless of the MULTOS chip card or embedding supplier, if the card issuer wishes to add a new application, the software to personalise the application only needs to be developed once, and it will work with any MULTOS chip. Whether it is the card issuer who personalises his own cards or a third party bureau, maintaining back up sources of supply is easier to manage and requires no additional personalisation software development if multiple chip sources are being used.

Card Vendor A

Card Vendor B

Card Vendor C

Card Manufacture and Embedding

Chip Y

Chip X

Chip Z

Chip Supplier

Native Card Perso

Vendor A Perso Bureau

Vendor B Perso Bureau

$$

$$

Card Vendor A

Card Vendor B

Card Vendor C

MULTOS Chip Y

MULTOS Chip X

MUTOS Chip Z

Local Bureau

Issuer’s Bureau

Card Manufacture and Embedding

Chip Supplier

MULTOS App Loader

3rd Party Applications

Issuer’s Application(s)

Data Prep

9

This is because MULTOS is unique in that MULTOS applications can be personalised in advance, as part of the data preparation process, and then sent as a file to any bureau that has a standard “MULTOS Application Loader” capability. This process is what gives issuers maximum flexibility and control over the speed at which they add new smart card applications to their offering, since if they control the data preparation process, introducing new applications has minimal impact on the rest of the supply chain.

4.3 Introducing MULTOS step/one For many financial institutions facing EMV migration for credit and debit cards the imperative is for rapid deployment at the lowest possible cost. These organizations are concerned with their first smart card project and infrastructure and support investments often drive them towards lowest cost smart cards. MULTOS step/one is based on the MULTOS specification but engineered for an entry level issuer who is prepared to limit card options and some functionality. Focused on static data authentication (SDA) profile EMV cards, MULTOS step/one provides a multi-application secure smart card platform with reduced infrastructure demands, yet incorporating all of the heritage and experience of MULTOS. MULTOS step/one ensures that issuers’ infrastructure, data preparation systems and personalization investments can be built upon into the future to accommodate dynamic data authentication (DDA) through MULTOS, with no significant changes. MULTOS step/one also imposes a more flexible approach to security evaluation, providing a framework to support a range of approaches. With its focus on rapid issuance, MULTOS heritage and sustainable infrastructure investment, MULTOS step/one provides a unique entry level solution to EMV migration.

Introducing MULTOS step/one:• WHAT’S DIFFERENT?

– Specification defines symmetric key based application loading mechanism – allowing use of smaller DES only chips – TARGETED at limited functionality SDA EMV migration

– Hence there is no requirement for a MULTOS KMA – Symmetric key Enablement Data and Certificates generated by standard Data Preparation Products

– Entire code and fixed data of core applications such as M/Chip & MODS in ROM – allowing use of less expensive <4KB E2PROM chips – Competitive with Proprietary Cards

• WHAT’S THE SAME AS MULTOS?– Multi-sourceable – still MAOSCO type approved– Open standard –still develop in C or Java, compile for one MULTOS chip, and run on another. – Will run any existing MULTOS app (non RSA)

• BENEFIT FROM OPEN STANDARDS IN SDA STAGE OF EMV MIGRATION, AND PROTECT INVESTMENT ON TRANSITION TO DDA and Multi-app.

4K E2 4K E2 Infineon DES ChipInfineon DES Chip

MULTOS VMMULTOS API

32K E32K E2 2 Renesas / Renesas / RSA ChipRSA Chip

MULTOS VMMULTOS API R

OM

M/Chip4M/Chip4

RO

M

Data

MODS

E2

MODS

Data My App E2

M/Chip4

Data

MODS

DataMy App

10

The advantage of MULTOS step/one is that it offers all the advantages of MULTOS (for non-RSA applications) at a cost competitive with native cards. 5 MULTOS Solutions for EMV Migration

5.1 EMV Debit / Credit Applications

5.1.1 M/Chip 4 for MULTOS M/Chip 4 is MasterCard’s latest version of M/Chip. M/Chip 4 for MULTOS is a fully M/Chip 4 (Lite and Select) compliant EMV application available off the shelf from MasterCard and licensed to vendors. The features of M/Chip 4 for MULTOS are as follows: • M/Chip 4 for MULTOS can be configured to support the following MasterCard

products: − MasterCard Credit − Maestro Debit − Cirrus ATM − MasterCard Chip Authentication Programme − MasterCard Pre-Authorised

• M/Chip 4 for MULTOS can be configured to support the “Lite” (SDA) profile or “Select” (DDA/CDA) profile (fully EMV 2000 compliant).

• Select configuration supports enciphered or plaintext PIN is supported • All card risk management parameters can be changed post issuance • Card Block or Application Block/Unblock supported • Supports Currency Conversion • Card risk management velocity checking • M/Chip 4 Application code can be loaded into E2PROM (4kB), but is

“codeletised” in ROM of all the latest MULTOS masks, including MULTOS step/one. Application Data occupies under 2.5 KB in E2PROM

• Evaluated to EAL4+ / CAST approved • Supplied with the “M/Chip 4 for MULTOS Customisation Utility”, a Windows

based configuration tool which allows the user to select which features of M/Chip 4 to implement and generates an automatic output file that can be imported directly into most EMV Data Preparation Systems.

5.1.2 VSDC for MULTOS Visa Smart Debit Credit for MULTOS has been developed by iSmart in response to demand from dual-issuers, and has been successfully submitted for type approved by Axalto to Visa International. The existing application supports the VIS 1.4.2 specifications and supports both SDA and DDA configurations, and the VSDC application code has been codeletised into a number of MULTOS and MULTOS step/one masks.

5.1.3 Amex and JCB for MULTOS Both the Amex EMV application and the JCB EMV application (J-Smart) have been developed and are available on the MULTOS / MULTOS step/one platforms.

11

5.2 Multi-Application Management Systems for MULTOS Nearly all the commercial providers of multi-application card personalization and card / application management systems support MULTOS in their products. One of the key advantages of MULTOS over its competition is that the MULTOS personalisation mechanism is the same for all MULTOS implementations, so personalisation or card management products do not have to support multiple versions of the same standard. Furthermore, MULTOS allows alternative methods for applications to be personalized. Either the applications can be loaded onto unpersonalised MULTOS cards, and then the application can be personalized on the card; OR the application can be personalized with unique cardholder data beforehand, and the entire personalized application code and data can be sent to the MULTOS card as an encrypted block for decryption within the secure confines of a specific MULTOS card.

5.2.1 Cost effective Branch Issuance of MULTOS cards The advantage of the MULTOS “asymmetric” mechanism is that data preparation of MULTOS applications, such as EMV, Loyalty etc can take place in a central location, and then be distributed to multiple remote locations, such as branches without the need for dedicated lines of communication to the branches, and without the need to have Hardware Security Modules connected to the desktop personalisation equipment in each branch. For a full list of card personalisation and card management systems see the MULTOS Product Directory at www.multos.com.

5.3 MULTOS Chip Platform Roadmap Today multiple type approved MULTOS devices are available on the Infineon, Renesas, and Philips families of microprocessors, ranging from 4kB to 64kb of E2PROM devices, with new devices coming available from Samsung Semiconductors shortly. Dual-interface contactless parts are available now. See figure:

Samsung SDSDNP/HitachiKeycorp

E2P

RO

M S

ize

IC2 s /o

S M s /o

I4D

I4D

I4D

I4Dc

I4Dc

AE 43Cb

AE 45CH

AE 45CAE 45X

S M 10

S M 10

S M 20

S M 20

P 4C

4K

8K

16K

32K

64K

Infineon P hilips R enesas S amsung

MULTOS OS Developer

IC2 s /o

=Contactless

IC2 s /o

Samsung SDSDNP/HitachiKeycorp

E2P

RO

M S

ize

IC2 s /o

S M s /o

I4D

I4D

I4D

I4Dc

I4Dc

AE 43Cb

AE 45CH

AE 45CAE 45X

S M 10

S M 10

S M 20

S M 20

P 4C

4K

8K

16K

32K

64K

Infineon P hilips R enesas S amsung

MULTOS OS Developer

IC2 s /o

=Contactless

IC2 s /o

12

For technical details of the various available MULTOS implementations, see the “MULTOS Implementation Report” available in the Developer section of the MULTOS website.

5.4 How Does MULTOS Compare With Other Open Standard Multi-Application Smart Card Platforms?

It is outside the scope of this white paper to go into the detail of why MULTOS is the only open standard multi-application smart card platform on the market today that fully realises all the benefits brought by open standards, interoperability, and multi-application security. Suffice to say that unless an open-standard multi-application smart card platform guarantees 100% interoperability from the perspective of loading, executing and securing applications, then it is little better than the native proprietary solutions it was designed to replace. MULTOS guarantees 100% interoperability by defining the multi-application smart card specification from end to end – including the operating system itself, the Virtual Machine, the API and the security requirements, compliance to which is also guaranteed through the strict type approval and security evaluation of MULTOS chip products required by MAOSCO Ltd. But a high level summary of the key differences between MULTOS and GP/JavaCard can be summarised below:

6 Reference projects moving from native to MULTOS

Case Study 1: Asia Pacific MasterCard members EMV migrations MasterCard banks migrating to EMV across Asia Pacific have embraced MULTOS en masse. Over 40 financial institutions in 5 countries have deployed EMV on MULTOS, with additional applications ranging from contactless payment, to loyalty, chip authentication and mass

CChhiipp

MULTOS OS MULTOS AAM MULTOS API

EMV PKI MULTOS Load

Delete Mech-anism ROM

E2

CChhiipp

Vendor’s Proprietary OS

JavaCard VM

JavaCard API

EMV PKI Global Platform

Load Delete Mech-anism

ROM

E2

MULTOS

•One End to End Specification

•One End to End 3rd Party Type Approval

•Multiple fully Interoperable Products

•Mandated Security

•Off-card personalisation facilitating Multi-Application Management

•Smaller code size = less expensive chips: enabling the MULTOS step/one concept

GP JavaCard

•GP Spec for Load / Delete, SUN spec for JavaCard VM, Proprietary OS

•No single 3rd Party End to End Test

•Multiple non-Interoperable Products

•Security optional

•“On-card” perso only requiring secure session with card

•Bigger code size and greater resource requirements = no MULTOS step/one equiv

13

transit. By offering volume commitments to module suppliers, MasterCard Asia / Pacific was able to drive prices for MULTOS cards to levels that were as competitive or better than native card prices. The “OneSMART” card pricing agreements drove multi-application card pricing down to $2.99 in 2001, to $1.99 in 2003, and to $0.99 for MULTOS step/one cards in 2005.

China

Australia

IndonesiaIndonesia

Thailand

HK

SouthKorea

Malaysia

Philippines

Taiwan

NZ

S ingaporeS ingapore

BruneiBrunei

Japan

MasterCard & J CB issuers – E MV & F ingervein BiometricJ apan R esidential Card

5+ Is suers including:Kookmin BankChohung BankHyundai CardBC CardS amsung Card

15+ Issuers including:Alliance Bank MalaysiaAmbank BerhadBank Is lam MalaysiaHS BC Bank Malaysia BerhadMalayan BankMBF Cards (Malaysia) S DN BHDOCBC Bank Malaysia BerhadP ublic BankR HB Bank BerhadS outhern BankS tandard Chartered Bank Bumipatra Commerce Bank Berhad

15+ Issuers including:Cathay United BankChang Hwa BankChinfon Comm BankCosmos BankE S un BankF ar E astern Int. BankInt. Bank of TaipeiLand Bank of TaiwanTaiwan Co-Op BankUnion Bank of Taiwan

Bank of P hilippine Is lands

China

Australia

IndonesiaIndonesia

Thailand

HK

SouthKorea

Malaysia

Philippines

Taiwan

NZ

S ingaporeS ingapore

BruneiBrunei

Japan










Bank of P hilippine Is lands

The success of the multi-application programmes of MasterCard issuers is now spreading to other regions including the Middle East, Europe and Latin America. In every case, where issuers have deployed on MULTOS they are able to benefit from the latest innovations in payment products – such as “Paypass” for contactless payments, or “Chip Authentication” for secure on line payments. The two case studies that follow outline two of the most successful and ground breaking projects by MasterCard members in Asia and Europe:

Case Study 2: Taiwan Money Card OneSMART Paypass & Pre-Authorised for Mass Transit on dual interface MULTOS - the world’s first payment smart card to combine both transportation and shopping: In October 2005, Kaohsiung City Government (KCG), the second largest city in Taiwan, launched the Smart Transport Card Project, as part of its initiative to transform Kaohsiung into an e-City through the deployment of next-generation technologies. Using multiple application smartcards as part of a wider project to implement a cost-effective, high-performance and open standards-based computing and communications platform, the project aims to accelerate the city's economic development. The KCG Smart Transport Card Project introduces a truly integrated retail and transport payments solution, through extending open retail payments based on contactless EMV (Paypass) into the transport system (rather than trying to expand a closed transport card scheme into retail payments). Two types of cards are being issued by MasterCard Taiwan members. The Standalone Card for children, non-local and non-banked customers, features a single payment brand (associated with transport payments in this market), utilising OneSMART™ pre-authorised and PayPass™ technology. The second card, Payment Plus, is aimed at existing cardholders and new account customers and is a dual-branded card including MasterCard credit and/or debit. The Pre-Authorised Debit configuration of the Paypass EMV application means that it can also be

14

used like an e-purse. Card holders can top up their Pre-Authorised balance, and then spend it in any merchant or transport acceptance point, whether contact or contactless. The real advantage is that cardholders do not need to manage two balances. Instead, they have one balance, that allows them to spend their value on ordinary goods at any EMV accepting merchant or for bus journeys. Using the MULTOS platform, the open standards environment enables both proprietary and off-the-shelf applications to be added pre- or post-issuance. This encourages more competitive sourcing and global interoperability based on EMV, MULTOS ISO 14443 (Type A/B) contact-less technology and the PayPass global standard for contactless payments.

Case Study 3: Banka Koper: OneSMART “Authentication” & “Web” on MULTOS Headquartered in the South West of Slovenia, a new member state of the European Union, Banka Koper has been operating for 50 years and is currently the country’s seventh largest bank. Since December 2004, Banka Koper has started routinely converting its 800,000 Activa Maestro Debit cards and 200,000 Credit cards to EMV on MULTOS. Then in May 2005, Banka Koper implemented the MasterCard Chip Authentication Programme to provide stronger authentication for their online banking, phone banking and electronic commerce customers and cardholders performing transactions online, thereby removing any risk of Username and password phishing. Smart card readers were issued to the bank’s retail customers for use in conjunction with their EMV bank cards. Users authenticate their details via a portable “CAP” card reader when accessing their bank account or shopping online. After tapping their PIN into the reader, a unique password is securely generated which the user types into the web page when prompted. By entering a ‘one use only’ password, rather than the normal fixed password, the likelihood of password fraud is dramatically reduced and limited to a specific web connection. From this month Banka Koper is introducing another added value, OneSmart WEB functionality. The cardholder can now enter and store information such as name, address, credit card data, favourite websites and passwords for access to encrypted data. Notes can be added and forms downloaded from websites can be completed automatically. Cardholders pay for goods and services, use POS terminals, shop via the Internet and withdraw cash at ATMs normally and at no additional cost. Banka Koper is the first financial institution in the world to successfully deploy OneSMART Authentication and Web, and according to Gojmir Nabergoj, head of Banka Koper’s Electronic Money and Automation Division, “MULTOS allows us to meet all our requirements on one platform. Indeed, one of the primary drivers for implementing MULTOS was its interoperability and open standard architecture. Based on the platform, we write our own applications, tailored specifically for customers in the domestic, international and corporate sectors”. In 2006, Banka Koper also plans to migrate its portfolio of Visa cards to chip with the newly type approved VSDC for MULTOS solution.

Case Study 4: Turkish Military ID card project

15

In August 2005, the Turkish Armed Forces (TAF), the second largest armed force in the NATO Alliance, announced that it was deploying a multi-application smart card based on dual interface MULTOS technology for issuance to all servicemen and their families. TAF plan to rollout two million smartcards within 12 months. The new military ID cards will incorporate a number of applications: • e-purse functionality – for spending allowances at shops on base. The ePurse

application is actually supplied by Oyak Bank, a leading Turkish financial institution that provides financial and pension management services to the Turkish Military. The application is based on the open EMV standard, using MasterCard’s M/Chip payment function configured as “Pre-Authorized Debit”. This allows the card to be used in standard EMV payment terminals, and transactions can be processed using standard EMV networks. The difference to a standard EMV “Chip & PIN” transaction being that the cardholder must “Pre-Authorize” a balance for spending on the card, meaning that it functions as if it were an ePurse.

• Physical access control – for access to controlled areas on Turkish Military bases.

• PKI application for logical access control and digital signature • Healthcare application – storing emergency healthcare details, of soldiers and

family members. The TSK smartcard project utilizes the strengths of the MULTOS smartcard platform, including its extremely high security and the ability to add extra applications without having to replace the cards. Keycorp will supply the MULTOS technology together with its Public Key Infrastructure (PKI) security application and specially customized ID and health applications. As in the other projects above, TAF have also implemented and operate their own independent MULTOS Key Management Authority so as to maintain total sovereignty over production of chips and keys that enable chip activation and content loading. Case Study 5: Banrisul Brazil EMV & PKI chip migration As a leading regional financial and banking institution in Brazil, transaction security and customer satisfaction is high priority for Banrisul. To fulfill that priority, Banrisul wanted to increase the channels through which customers could access and manage their finances, whilst maintaining integrity and security of customer assets. Solution Objectives 1. Extend access to payment products, whilst increasing Payment Network (ATM and POS) security. “We wanted to exploit the off line risk management properties of EMV (Europay, MasterCard, Visa) smart cards and terminals to enable us to offer payment cards to a much wider proportion of our account holders. To do this securely, we needed a smart card platform that could support enhanced features such as Dynamic Data Authentication (DDA), Combined Dynamic Data Authentication (CDA), enciphered off-line PIN authentication, and full-grade authorizations. By developing our own EMV application on MULTOS, we were able to achieve this” said Jorge F. Krug, senior IT security executive of Banrisul. 2. Increase Internet Channels security.

16

“We also wanted to offer secure access to accounts over the internet. By developing our own PKI application on MULTOS, we have been able to introduce a solution that employs enciphered off-line password authentication and on-line transaction signature validation. The signatures are generated and validated according to a PKI framework known as ‘ICP-Brasil’ (Brazilian National PKI Standard) that grants legal non-repudiation and authentication of every transaction signed with ICP-Brasil certificates. Since the card generates a signature for every transaction and this signature is validated at the authorizers, there is a high level of security associated.”. 3. Empower customers with a single, secure and flexible card that can be used both at the current payment networks and at Internet channels “Giving each customer a smart card capable of executing banking and PKI applications, while also capable of receiving new applications in the future without having to issue new cards is a tremendous convenience for our customers and offers a cost saving for Banrisul. A single MULTOS card combining EMV & PKI, is less expensive than issuing separate proprietary OS EMV and PKI cards.” Superior Turnkey Flexibility: Banrisul was careful to ensure that it was not tied to a single vendor for all of its smart card needs. One of the key needs was a technology that gave the bank flexibility in chip suppliers, personalization bureaus, and the ability to add their own applications in the future. After exploring JavaCard, FlashCOS, and proprietary EMV and PKI solutions, Banrisul determined that the StepNexus MULTOS platform was the most secure and flexible system available on the market. Having decided for MULTOS, Banrisul worked with SmartCon, a local Smart Card Consultancy to develop its own MULTOS EMV & PKI applications, and its own data preparation and smart card management systems which run on IBM z/OS and use IBM ICSF (Integrated Cryptoserver Service Facility) as an HSM (hardware security module). The bank generates personalization data in house and then uses Gemplus BankNote as an external bureau for personalizing its StepNexus MULTOS cards. Having selected Keycorp/Infineon 32kb MULTOS version 4.2 smart cards, Banrisul is able to source embedding of the MULTOS modules from any smart card manufacturer in Brazil. The new smart cards have been used with several PC/SC Desktop smart card readers, ATMs, EFTPOS and PIN Pads with great success. “The StepNexus MULTOS platform is now the standard smart card platform for all chip card programs for Banrisul. Its architecture offers all the security we need, together with excellent multi-application support.” Smart and Successful Banrisul is well on its way to smartcard success in Brazil. The roll out is starting for Corporate Internet bank clients and clients that complete higher value transactions on-line. Banrisul has issued 35,000 MULTOS cards as of April, 2005. More importantly, customers are noticing the change. When asked about how StepNexus MULTOS helps Banrisul meet its business objective, Krug is quite clear. “StepNexus MULTOS solutions reduce fraud and increase the volume of transactions conducted online, eliminating the substantial costs of processing paper. That impacts our bottom line. Whenever you can do that for a bank, you make a positive, measurable impact that gets noticed.”

17

7 Conclusion

The priority of most issuers is to get off the ground with EMV migration quickly, and the temptation is to invest in native smart card products and native card personalisation systems which will become redundant as soon as new functionality needs to be supported on the cards, or tie issuers into specific solution providers. MULTOS step/one provides a cost-effective open standard alternative to allow EMV compliance, whilst allowing issuers to capitalise on their investment to rapidly embrace new applications from alternative sources or dynamic authentication mechanisms in the future. 8 For more information about StepNexus and MULTOS

Visit: www.multos.com, www.stepnexus.com Contact: [email protected]

Documents

EMV Migration Economics - Comparing Native and …mail.arcom-group.com/~sarmatov/Common/EMV/Whitepaper_EMV_Mig… · 1 EMV Migration Economics - Comparing Native and MULTOS smart