© 2011, Uwe Trüggelmann, TruCert Ltd 1

REFLECTIVE LAYERS IN CARDSManaging the risks related to:

Disclaimer:Images showing specific products in this presentation have

been taken off publicly available pages on the Internet.

The use of these images in the context of this presentation does not constitute a statement about these products being

fit or unfit for their intended purpose.

The images shown here are solely to illustrate the types of products the problems may occur in. The details to clarify if or if not a product constitutes a risk are not visible from, nor

implied through these images.

2

© 2011, Uwe Trüggelmann, TruCert Ltd 3

ELECTROSTATIC DISCHARGESReflective Layers in Cards

4

Electrostatic Discharges (“ESD”)

ESD is the discharging of Electrostatic Charges

© 2011 TruCert Ltd

5

Electrostatic Discharges (“ESD”)Wikipedia.org: Electrostatic phenomena include many examples as

simple as the attraction of the plastic wrap to your hand after you remove it from a package, to the apparently spontaneous explosion of grain silos, to damage of electronic components during manufacturing, to the operation of photocopiers.

Electrostatics involves the buildup of charge on the surfaces of objects due to contact with other.

© 2011 TruCert Ltd

6

Electrostatic Discharges (“ESD”)For us relevant is the fact that Electrostatic Charges can build up on cards and cardholders.The level of these Electrostatic Charges are influenced by various factors, including: Materials involved, e.g. card materials, clothing Environmental conditions High humidity supports quick dissipation of Electrostatic

Charges Low humidity supports the slow dissipation, equals build-up of

Electrostatic Charges

© 2011 TruCert Ltd

7

Electrostatic Discharges (“ESD”)The step from Electrostatic Charges to ESD involves conducting the Charges.In our case the conductor is the card, or parts thereof, and the charges are conducted by the card into the terminal.The ESD conductivity of the card is influenced by Materials involved Location of conductive elements, e.g. edge, surface Size of conductive elements, e.g. edge to edge Insulation of conductive elements, e.g. varnish or

overlay.

© 2011 TruCert Ltd

8

Electrostatic Discharges (“ESD”)

Conductivity for high voltage ESD may differ from that at low voltages.What performs as an insulator at 5V, might break down or even become a conductor at 5 kV.

We leave the physics now!

© 2011 TruCert Ltd

© 2011, Uwe Trüggelmann, TruCert Ltd 9

WHAT IS HE TALKING ABOUT?Reflective Layers in Cards

40+ Years of Plastic Cards

© 2011 TruCert Ltd 10

1966

1974

19832000 onward

For the first 30 years the only changes were the addition of security features to the standard card design

Since 2000 there has been a massive change to the card itself and how the card is used

11

Roles of the transaction card bodyIn the financial card industry: The primary role of the banking card has and always will be

to enable financial transactions, even if the details change over the years

The secondary roles are: Authentication of the cardholder Brand awareness

Given saturation in the transaction card market, it becomes a marketing platform, designed to make the cardholder chose that particular card

This can be seen in the increasing amount of space claimed by the issuer

© 2011 TruCert Ltd

12

Card Calling for AttentionTo make cards: Look more attractive More attractive to use Grant more space to issuers More secure …

the industry has been and is looking for ways to make cards look more appealing and sophisticated.And how does one make a card more appealing?

13

Card Calling for Attention

14

Card Calling for Attention

Metallic reflections are associated with metal.Metal is, compared with plastic, associated with value.Based on this, various technologies have been applied:

Holographic magnetic stripes:

© 2011 TruCert Ltd 15

Full face holographic layers:

© 2011 TruCert Ltd 16

Metal Card Bodies

© 2011 TruCert Ltd 17

18

Cards Calling for AttentionAnd others: Metallic screen printing inks Metallic hot-stamping on the surface Metallic inserts on or near the surface of the card …

© 2011, Uwe Trüggelmann, TruCert Ltd 19

WHAT DO SOME OF THESE CARDS DO?

Reflective Layers in Cards

February 22, 2008 20

What do some of these cards do?

PVC, the classic card material, is an electrical insulator and not electrically conductive even for voltages of 10 kV.

A pure PVC card can carry an electrostatic charge but this electrostatic charge is contained in multiple isolated areas on the surface of the card.

Metallic and some other materials in or on the card can change this behaviour: The Card becomes electrically conductive The electrical capacitance of the card changes

February 22, 2008 21

Electrical conductivity

A large metallic surface feature can provide an electrically conductive path into sensitive parts of terminals: A metal layer on the magnetic stripe can conduct a

charge to the magnetic read head A full-face holographic layer can conduct a charge from

one point on the edge of the card to another, and in some cases close enough to IC Card contacts to result in a discharge through the IC Card contacts into the terminal’s IC Card reader contacts.

February 22, 2008 22

Electrical capacitance

A large metallic feature inside the card can increase the electrical capacitance of a card: The small, local charges on the card surface become

‘kind of electrically connected’ Components inside the card can add to the

capacitance that then under specific conditions can discharge into a reader.

© 2011, Uwe Trüggelmann, TruCert Ltd 23

WHY CAN THIS BE A PROBLEM?Reflective Layers in Cards

February 22, 2008 24

Why can this be a problem?

Conductive features in cards can conduct a relatively large electrostatic charge from a human body into areas of the terminal that are normally out of reach for humans, like magnetic read heads and IC Card contacts.

An increased capacitance of the card can carry a larger charge into the terminal than a ‘regular’ PVC card.

Both scenarios can result in terminal failure with certain ESD sensitive terminals.

25

Consequence: New card constructions change non-standardized

characteristics of cards. These new characteristics result in the card

conducting or transferring larger than usual electrostatic charges into sensitive parts of the terminal

Certain terminals are sensitive to such electrostatic discharges, and these sensitivities are not detected through the usual testing.

The combination of such card, terminal and certain circumstances can result in ….

26

Terminal Failure!

Various types of terminal failure have been observed in tests and in the field:

Automatic Reboots Lock-ups, requiring manual Power Cycling Permanent Damage

27

Are all terminals equal?

There is a broad range in ESD immunity in terminals deployed in the field: We have observed terminals locking up following ESD

discharges of only 200V into the IC Card reader contacts.

We have seen terminals unaffected by ESD discharges of 10 kV into the IC Card reader contacts or magnetic stripe heads.

Sometimes different versions of the same terminal show substantial differences.

© 2011, Uwe Trüggelmann, TruCert Ltd 28

AREN’T STANDARDS SUPPOSED TO PREVENT THIS?

Reflective Layers in Cards

29

Aren’t there Standards preventing this?

ISO/IEC 7810, 7811, 7816 ff: These standards were not written with large metallic

areas inside the card in mind. Conductivity and Capacitance are not standardized card

characteristics Robustness against Electrostatic Discharges (“ESD”) for

terminals is not defined, simply because the definitions within 7816 apply to the functional interaction between card and terminal.

30

Aren’t there Standards preventing this?

EMC Directive, IEC 61000 standards: These regulations are intended to cover immunity

against electromagnetic phenomena like ESDBut: The card is considered part of the terminal from an EMC

perspective and not an individual device. Hence the selection of the card for the test plays a role and is not regulated.

Most terminals have plastic housings and all metal parts are covered. As such discharges do not occur during testing, even though with certain cards they can occur in the field.

31

Aren’t there Standards preventing this?

What is being done in ISO/IEC JTC1/SC17/WG1: While initiatives before 2006 to establish ESD

conductivity related test methods failed because of too much opposition, based on the desire to not hamper the introduction of certain ‘innovative products’, the mood now is more favourable to regulate these aspects.

Test methods for cards and terminals are proposed and discussed.

Expect future editions of ISO/IEC 7810 and other standards documents to address this issue both on the card and terminal side.

© 2011, Uwe Trüggelmann, TruCert Ltd 32

HOW CAN WE ASSESS THE RISK?

Reflective Layers in Cards

33

How can we assess the risk:

When we asses the risk resulting from Reflective Layers and other metallic features in cards, we need to consider: The card construction The terminal construction The existing terminal infrastructure The environment

34

Risk assessment: Card Testing

A proposal has been made to ISO/…/WG1 for a test method to assess the ESD conductivity of a card: The card is placed between an arrangement of

electrodes A defined ESD is applied to some of the

electrodes and one observes if the ESD is conducted by the card into some other electrodes.

This observation can be made visually or through the built in detector of the ESD generator.

35

Risk assessment: Card EvaluationBased on the previously described method, a slight modification allows to analyse the level of discharge the card provides and thus to better quantify the risk. Connection of a resistor and capacitor network Connection of a high bandwidth oscilloscope

and a high voltage probe. Recording of the discharge curve through a

resistor without a card. Recording of the discharge curve through a

card in parallel to the resistor and comparison with previously recorded curves.

36

Risk assessment: Card EvaluationExample 1 – 8 kV Discharge without a card:

37

Risk assessment: Card EvaluationExample 2 – 8 kV Discharge – Metal Card with Insulating Varnish:

38

Risk assessment: Card EvaluationExample 1 – 8 kV Discharge – Metal Card without insulation:

39

Risk assessment: Terminal Testing

Terminal robustness can be tested easily: Connect an ESD generator through a specific

adapter to a component inside the terminal, e.g. the magnetic read head, or the IC Card contacts.

Conduct an ESD into the adapter and thus into the relevant component inside the terminal.

Check that the terminal remains fully functional. The test should be conducted with the terminal

in operational mode, thus not turned off, and with all cables connected.

40

Terminal Testing - Robustness

We recommend the following level of ESD robustness for any read interfaces inside the terminal that might get in contact with, or close to an inserted card:

at least 4 kV HBM

As indicated earlier, we have seen terminals managing 8 kV to 10 kV without problems.

41

Risk assessment: Terminal Infrastructure

Where the terminal infrastructure is of limited variety, e.g. just a few terminal types deployed: Test the robustness of the different terminal

types. Adjust the risk introduced by the card.

Where the terminal infrastructure is of large variety, or practically uncontrolled: Verify that the card does not constitute a risk.

42

Risk assessment: Environment

As explained earlier, the humidity in the air play a role in the build-up of Electrostatic Charges, hence: Consider if the card will be used in low humidity

environments Low humidity environments often occur in

conjunction with low temperaturesOutdoor use in Singapore for example is not an application with a risk of low humidity conditions.

© 2011, Uwe Trüggelmann, TruCert Ltd 43

SOLUTIONSReflective Layers in Cards

44

Solutions

As shown previously, problems from ESD conductivity are caused by a combination: Card Construction, and Terminal ConstructionWhile it would be nice to only have robust terminals in the field, this is likely to take another 10 or more years, as the terminal infrastructure changes slowly.Hence there is a need to address both cards and terminals.

45

Solutions - Terminals

Terminals should be robust against Electromagnetic distortions transferred through certain cards into the inside of terminals: Improve circuit design Verify robustness

46

Solutions – Cards

To improve cards: If metal cannot be avoided, break up any

longer conductive paths. A summarized gap of 5 mm over the length of the card massively reduces the risk

Use other material combinations to create reflective and holographic effects

47

Solutions – Cards …

48

Solutions – Cards We have seen some nice examples of reflective and holographic effects without creating a conductive path.

Questions

© 2011 TruCert Ltd 49

Thank you

© 2011 TruCert Ltd 50

More Questions, Comments, Complaints and Suggestions to:

Mr. Uwe TrüggelmannTruCert LtdConvener ISO/IEC/JTC1 SC17/WG1

36 Barretts WaySutton CourtenayOX14 4DEUnited Kingdom

Landline: +44 (1235) 848 846Mobile: +44 (7979) 597 449Universal: +44 (1865) 522 597E-Mail: uwe@trucert.comSkype: trumobile

© 2011 TruCert Ltd 51