EMV ATM solution

Product Paper
Product paper

EMV compliant
ATM and debit card management solution

This paper provides a thorough description of CR2’s complete EMV compliant ATM
and debit card solution

Background - EMV and Smart Card technology

Since the introduction of chip card technology, SmartCards have been seen as the
ultimate replacement for the magnetic stripe cards used for credit and debit
applications worldwide.

Magnetic stripe cards in the 21st century have been developed and enhanced to
the point that there is now little or no scope for further security enhancements for
the prevention of fraud. Subsequently the level of card related fraud continues to
grow globally and as a result leading card schemes, Europay, MasterCard and
Visa (EMV) have started looking at alternative technology.

Following their initial analysis, the concept of ‘chip and PIN’ card technology was
introduced. This simply requires the embedding of a computer chip on the plastic
card. This new approach offers a number of significant benefits to the
cardholders, retailers and financial institutions including:

ƒ Improved transaction processing

ƒ Advanced security features
ƒ Greater control of the security through advanced software application

In the late ‘90’s, an EMV mandate instructed that all financial institutions move to
chip card technology. Specifications were released for issuers, acquirers and
software suppliers. These specifications formed the basis for conformance to the
new EMV requirements. EMV, as the standard is now known, aims to ensure that:

ƒ All cards and terminals used globally are compatible with each other
ƒ The same terminal and card approval processes can be used worldwide
ƒ The standards are fully open and published

These basic provisions ensure that there is a global acceptance and compliance
with the standard.

The two main security features of EMV are:

ƒ Card Authentication Method (CAM) - protects the card against counterfeiting
ƒ Card holder Verification Method (CVM) - protects against lost and stolen cards.
This involves online mutual authentication - the means by which an issuer can
satisfy himself that a transaction has come from a specific and authentic card
and that the approval/decline response has been sent by the authentic issuer.

Page 2 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper

CR2’s EMV solution

CR2 is a leading provider of channel banking software and is continuously

developing new solutions to allow financial institutions to conform to international
standards.

CR2’s business is focused on offering leading-edge delivery channel and card-

based solutions to the world market and has proven technology solutions in the
following areas:
ƒ Channel Management
ƒ ATM management
ƒ POS management
ƒ Card Management
ƒ Internet banking
ƒ Mobile banking
ƒ Phone banking

With these capabilities, CR2 is uniquely positioned to offer banks a one-vendor

approach that guarantees their future position as a leading banking service
provider.

CR2 is already significantly advanced in the development of a fully compliant EMV

product suite ranging from end to end ATM solution, POS solution, debit and
credit card management, electronic purse solutions, as well as Smart Card
production.

EMV ATM and debit card management

The EMV debit package includes the software and services necessary for an
institution to issue and acquire internationally accepted EMV compliant debit
cards. The ATM solution uses EMV Level 2 compliant cards.

CR2 will work with banks to engage a vendor once the choice of personalisation
solution has been finalised.

The solution includes the complete range of business processes:

ƒ Card production
ƒ Card management
ƒ EMV ATM services
ƒ EMV ATM branding and software distribution
ƒ ATM network management
ƒ Connection to international payment networks
ƒ Connection to host system
ƒ EMV transaction processing
ƒ EMV acquiring

Page 3 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper
EMV modules
The following CR2 products are included in the EMV solution:
ƒ CardWorld Card Manager
• EMV Chip card management
ƒ Lost and stolen card management
ƒ Card report generation
ƒ Card product configuration

ƒ CardWorld Producer
• EMV chip card personalisation

ƒ BankWorld ATM
• ATM services
• ATM branding and software distribution
• EMV ATM network management

ƒ BankWorld Card Gateway

• Connection to International Payment Networks
• Transaction monitoring to ensure they conform to network
specifications
• EMV transaction acquiring

ƒ BankWorld Channel Manager

• ATM Transaction authorisation with the host

Solution Diagram

Page 4 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper
EMV chip card personalisation
As EMV chip card personalisation is a complex process, CR2 has partnered with
third party organisations specialising in chip card production. These include
Datacard1 (card personalisation hardware) and Thales E-Security (chip data
preparation). CardWorld Producer prepares card embossing and encoding files to
feed the card production devices.

Step 1: Emboss and encode data preparation

Magstripe Data (MSD) and Embossing Data (ED)

Step 2: EMV chip data preparation

HS

Certificate authority,
eg MasterCard, Visa

Magstripe Data (MSD) + Embossing Data (ED) + SmartCard Data

HS
Step 3: Card personalisation

Alternatively CardWorld Producer can prepare data in a format that can be used
by an external agency to personalise cards.

In order to personalise cards, data must be entered into the CardWorld Producer
module. This may happen in one of three ways:
ƒ Card file import
ƒ Online database import
ƒ Manual data entry

The preferred method of card detail entry is via import files. This requires a file to
be generated by the host detailing the accounts for which cards are to be issued.

1
Datacard Group is a leading card personalising solution provider, offering solutions for smart card
programs, card issuance operations and digital identity programs.
Page 5 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper

The import file format is determined by CR2 and includes all fields required for
card personalisation. Once the import has been completed, a card personalisation
batch is processed, followed by card personalisation, PIN mailer printing and
letter printing. The last stage of a production schedule is to import details of all
successfully produced cards to CardWorld Card Manager. This is performed via
the Card Manager database.

EMV card management

When the details have been imported from CardWorld Producer, CardWorld Card
Manager becomes responsible for the lifetime management of cards. This
includes:

ƒ Lost and stolen card management – once a card is reported stolen, the card
management system automatically updates the Card Gateway with this
information.

ƒ Card product definition – Various card products and brands can be defined
within the system. Examples of card products supported are:
o Visa - Electron
o MasterCard – Maestro
o Proprietary debit cards
o Various National Switch cards

For each card product defined within the system, the following configurations are
permitted:
• card limits
• service restrictions
• card status
• account types assigned
• number of cardholders

The parameters at product and brand level are also configured in CardWorld
Card Manager and may include card number format and generation, default
service code, key set, and currency/country codes. Product wide limits can
also be set, although these may be overridden at card level where required -
for example, a VIP card.

ƒ Report Management – Reports can be configured by the bank. The options

include:
• specification of the reporting tool used to generate the report
• output device
ƒ printer
ƒ file – pdf/html
ƒ screen
• output type
• location

CR2 also supplies an Oracle data dictionary that can be used to modify
existing report templates. Alternatively, in house reports can be developed
by CR2 using the bank’s data dictionary.

Page 6 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper

EMV ATM services

BankWorld ATM Client
is the software that
resides on and runs
each ATM. Using a
combination of key
traditional and new
ATM technologies, the
multi-media ATM
application allows
financial institutions to
provide an increased
service offering to
customers.

ATM Client
ƒ Presents banks with the opportunity to launch chip card services
ƒ Provides Financial Institutions with a high profile, image enhancing multi-
media ATM network which provides banks with a potential advertising
platform. EMV and XFS compliant ATMs and hardware will be required
ƒ The Web technology allows banks to deploy a wide range of media and feeds
as part of the customer interface. Of particular advantage is the fact that the
customer interface is specified purely in HTML and XML requiring no
proprietary languages or tools.
ƒ Provides banks with the option to offer secure standalone ATM services
through CR2 proprietary track three processing. In cases where
communication to the host is lost, BankWorld ATM Client is still able to offer
cash withdrawal services.

Supported services
The following services are supported by BankWorld ATM Client
ƒ Fast cash from the primary Account.
ƒ Cash withdrawal from any account linked to the card
ƒ Cash withdrawal in second currency
ƒ Balance enquiry for any accounts linked to the card
ƒ Statement request
ƒ Mini statements available on screen and hardcopy can be printed
ƒ Book request supporting paying in and cheque book requests
ƒ PIN change
ƒ Funds transfer between customer’s bank accounts held on a card.
ƒ Deposit by cash, cheque, mixed deposits and deposit by instruction.
ƒ Bill payment by cash, cheque, account transfer or using a combination of
deposits
ƒ Mobile top up

Page 7 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper

ATM branding and software distribution

BankWorld ATM Distributor allows banks to individually brand ATM screens and
download them directly to ATMs from a remote location. This provides financial
institutions with extensive marketing opportunities and saves time and money as
it eliminates the need to physically visit each ATM. Banks can remotely download
the following:
ƒ Software updates
ƒ Changes to the ATM’s local parameters
ƒ Movies
ƒ Advertisements
ƒ Sound
ƒ Animation

EMV ATM management

BankWorld ATM Controller monitors the bank’s entire network of ATMs from one
central location.

ATM monitoring
ATM monitoring includes, but is not limited to:
ƒ Opening and closing ATMs
ƒ Controlling ATM services
ƒ Notification of changes in the ATM status
ƒ Configuration of the ATM, groups of ATM’s for differing products and service
ƒ Amount of cash dispensed and remaining per ATM
ƒ Total amount of cash dispensed and remaining for all ATMs
ƒ Number of each transaction types per ATM
ƒ Total number of each transaction type for all ATMs
ƒ Number of captured cards per ATM
ƒ Number of captured cards for all ATMs

ATM device monitoring

Examples of ATM devices monitored are:
ƒ Card reader
ƒ Floppy disc drive used for offline operation
ƒ Cash dispenser
ƒ Depository
ƒ Internal hardware encryption device
ƒ Journal printer used for auditing purposes
ƒ Receipt printer for customer receipts
ƒ Status of each of the currency cassettes
ƒ Envelope dispenser

BankWorld ATM provides complete control of the ATM network through a number
of visual indicators and configurable alerts both visually and through audio.

BankWorld ATM Controller is capable of driving large ATM networks from a central
location. New features have been built into BankWorld ATM Controller to simplify
network monitoring and fault diagnosis.

Page 8 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper

These features include GUI applications that enable banks to drill down into ATM
details and examine components of individual devices. The ability to remotely
investigate device faults ensures that engineers are fully prepared before costly
maintenance trips to remote locations are undertaken.

ATM network management; Device status and service control

Page 9 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper
Host connection
BankWorld Channel Manager connects each of the channels to one or multiple
back office information system. This eliminates the complexities of adding new
back offices as and when required by banks.

CR2 has a highly skilled integration team and have built up a vast amount of
experience to date in back office integration. To perform integration, a component
needs to be developed which typically converts from our API formats, to the
format used by the Back Office system. CR2 refer to this component as a BOIS
(Back Office Integration Service). There are already a number of BOIS available
for many of the core banking packages.

Sample List of BOIS

ƒ BankMaster - Misys
ƒ Equation - Misys
ƒ Iflex - Flexcube
ƒ Globus - Temenos
ƒ Midas - Kapiti

The host connections can be provided over a number of communications protocols

or combinations of protocols including TCP/IP sockets and proprietary queues.
The method of host integration will be determined by the banks preference and
the messages to be processed by the bank.

Connection to payment networks

BankWorld Card Gateway is designed to route transactions between connected
parties (switch, schemes etc) and CardWorld Card Manager. It allows customers
to use their cards at Visa connected terminals worldwide.

For the purpose of this paper, the connected parties will be limited to the Visa
International Payment Network. Additional parties such MasterCard can be
connected through deploying a MasterCard interface.

BankWorld Card Gateway also supports ISO8583 connections to various national

networks.

Sample List
ƒ Jonet – Jordan
ƒ Shetab – Iran
ƒ Cashnet – India
ƒ Benefits – Bahrain
ƒ NAPS - Qatar

Page 10 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper

Transaction acquiring
BankWorld Card Gateway performs the core routing, recording and reporting of
transactions. When a customer uses the card, the transaction will be routed to
the banks Visa connection via the Visa network. It is then in turn, passed to
CardWorld Card Gateway where the message will be stored before routing to
CardWorld Car Manager.

CardWorld Card Manager will perform authorisation and forward any response
messages to the gateway. These will be converted into the format required by
the particular network before being recorded and sent back out to the payment
network.

The Gateway includes GUI applications for transaction investigation and reporting
and allows the user to search the database using key fields. Once a particular
message has been located, all related messages can be retrieved and viewed.

A second GUI controls and monitors the state of the interfaces connected to the
gateway. As well as allowing the operator to stop and start interfaces, the system
tracks uptime and usage of each interface.

Transaction authorisation
The Gateway routes transactions to CardWorld Card Manager for authorisation.
The first authorisation check performed by Card Manager is to examine the ARQC
or Authorisation Request Cryptogram. This is a secure value generated by the
card and processed by the payment network as part of the authorisation request
message. By decoding the ARQC, CardWorld Card Manager will verify that the
request originated with a valid card and that the details have not been tampered
with during the process.

CardWorld Card Manager then compares the transaction information against the
limits set for the identified card record. Card limits include
ƒ set of services enabled or disabled for the card
ƒ transaction limit
ƒ frequency limit
ƒ cycle limit
All transaction limits may be set separately for both cash and purchase
transactions. Individual cards may also have different limits from those of the
card product group to which they belong.

The system also checks the card status, valid dates and PIN. Once all of these
checks are completed successfully, the system will authorise the transaction
amount against the account balance.

Account Balance authorisation is carried out via BankWorld Channel Manager. The
Channel Manager connects to one or more banking host applications. Channel
Manager’s stand-in capability allows transactions to be authorised on behalf of a
periodically offline host. The Channel Manager maintains records for accounts
held on the host system. During normal online operation, these accounts are
synchronised so that a correct card balance is available, should the host go

Page 11 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper
offline. During the offline period the Channel Manager authorises transactions
against the local copy of the account balance. The balance is then adjusted to
reflect successful transactions. The Channel Manager also records the
transactions so that they may be posted to the host when it is next available. This
ensures that account and statement details are correct and that the correct
transaction fees and charges can be applied.

System requirements

GUI Client requirements

ƒ Pentium 750 MHz or above
ƒ 80GB minimum free hard-drive space
ƒ 1GB memory
ƒ Windows 2000
ƒ Oracle 8.1.7 Client software

Windows 2000 Server 1 – ATM and card management

ƒ DL360 Single ‘U’ Rack Mountable Server
ƒ Dual Pentium PIII 1.4GHz or higher
ƒ 2 x 18 GB SCSI-2 RAID 1 Disk Mirroring Configuration
ƒ Memory: 512GB
ƒ Network: Dual GHz Network Card with Automatic Fail Over Support
ƒ Oracle 8.1.7 Server Software (Standard edition)

Windows 2000 Server 2 – Host connection

ƒ DL380 Two ‘U’ Rack Mountable Server
ƒ Dual Pentium PIII 1.4GHz or higher
ƒ 6 x 18 GB SCSI-2 RAID 1 Disk Mirroring Configuration 3 Logical Drives
ƒ Memory: 512GB
ƒ Network: Dual GHz Network Card with Automatic Fail Over Support
ƒ Oracle Server Version 9
ƒ Orbix 3.3
ƒ Oracle Client 8.1.7

Card personalisation devices

ƒ Hardware security modules – Thales RG7xxx or 8000 Series or software
encryption can be used
ƒ Thales P3 Module
ƒ DataCard EMV desktop package
ƒ PIN mailer printers – Dot Matrix

ATMs
ƒ EMV Level 2 and XFS compliant ATMs
ƒ Processor - Pentium 500 MHz - 700MHZ or higher
ƒ Hard disk - minimum of 10 GB
ƒ Memory - recommend 256MB (128MB absolute minimum)
ƒ Monitor display - minimum 640 x 480 with highest possible resolution
ƒ One CD Rom drive
ƒ One Floppy disk drive

Page 12 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper

Appendix 1 - EMV card technical information

This section provides additional technical background and details the processes
that take place when an EMV card is entered into an EMV terminal.

1. Card entered into terminal

2. Terminal interrogates it to see which applications are present. Data on an EMV
card is organised in structures similar to the directory structure of a PC. The
interrogation process is not dissimilar to a PC program searching a PC
directory structure to determine which files it can read.
3. Terminal software will offer the terminal operator the selection of available
applications.

For this example we will use a Visa terminal that

communicates with the Visa VSDC (Visa Smart Debit
Credit) application.

4. Terminal will default to VSDC application as this is the

only application common to both terminal and card
5. Card holder performs purchase
6. Terminal can perform purchase offline (if it is below a
floor limit) or online.
Floor limits are defined by two fields – counter and
amount - stored on the card. These fields are used to
limit the risk associated with offline transactions
ƒ The counter represents the number of transactions
that can be performed offline before the card must
be used online. Each time an offline transaction is
performed, the counter is decreased by one. Once the count reaches zero
the next transaction must be performed online. If this is not possible the
terminal will decline the transaction. Whenever the card is used online, the
counter is reset to its original maximum value.
ƒ The amount field represents the financial risk that the card issuer is willing
to take on offline transactions. Each time a transaction is performed
offline, the card will reduce the offline amount by the transaction amount
until no offline limit remains. At this point the card will again request the
terminal to perform an online authorisation. Again, if the terminal is
unable to perform an online authorisation it will decline the transaction.
7. In order to perform transaction online, card generates an ARQC. (ARQC is
unique to each transaction and is supplied by the card to the terminal)
8. Terminal application uses this value as part of
authorisation request
9. ARQC forwarded to acquiring bank
10. Acquiring bank forwards message to issuing bank
through Visa payment network.
11. Issuing bank receives message through Visa network
12. ARQC will have been encrypted by card using a
derived key based on card details
The issuer’s authorisation software will also derive this
key from card details and its own issuer key. This will
only be possible if the card was issued by this issuer using the correct issuer

Page 13 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper
key. If not, the card will be detected as fraudulent and declined. If the card is
not fraudulent, the derived key is used to decode the message digest which
can then be used to ensure the message contents are valid. This provides
further security as if the message contents have been tampered with, the
message digest will not match the message and the transaction will again be
declined on the assumption of fraud.
13. Issuer authorises transaction by responding to
acquirer through the Visa network.
Part of the response message will include an issuer
cryptogram which the card can use to ensure that the
response is from the expected issuer. This is important
as part of the response can include “post issuance
updates” which allows the issuers’ authorisation
software to update information stored on the card.
Currently this post issuance update functionality is
primarily used to reset the offline counter and amount
fields following an online transaction.
14. Acquiring bank will receive authorisation response
through visa network and forward it to acquiring
terminal.
15. Terminal will advise card of response
16. Card will verify issuer based on issuer cryptogram
17. Card produces an audit cryptogram to be recorded by terminal.
The audit cryptogram is a secure value which provides evidence of the
activities performed by the card and the terminal. This value can be used to
prove the card was present during any disputes and will form part of the
information passed to the issuer in the clearing file.

Page 14 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper
APPENDIX 2:
Benefits of EMV Smart Cards

EMV Smart Cards have a number of secondary benefits to financial institutions:

ƒ Reduce costs
US cost models show that magnetic stripe cards cost US $12 to deliver to
consumers and that credit cards are retained for 2 years. An issuing bank’s
ROI is 1.5 years, leaving only 6 months to profit from the customer. Smart
Cards cost US $16 to deliver, but the ability to update the cards without
reissuing, increases the length of time a card is retained, and so increases
the bank’s profitability.

EMV Smart Cards can be reconfigured after being issued. With the current
magnetic stripe cards, a new card must be issued in order to change a
customer’s offline limits. However, with an EMV Smart Card, a script can be
sent to the terminal which updates the configuration of the card. This allows
different limit rules to be stored and applied by the card in offline mode thus
saving the bank the cost of reissuing the card.

The ability to enforce sophisticated offline limits means that more

transactions can be performed offline, which typically is more cost effective
than having to service transactions online. This secure offline processing can
be particularly advantageous for peak periods such as summer sales, as it
allows the bank to smooth peak usage efficiently – effectively supporting the
same peak load with fewer resources.

ƒ Increase revenue streams

Chip cards provide the means to process multiple applications via the smart
chip on each card. These “mini-computers” can provide the user with value-
added services including loyalty schemes and e-purse – all via the one card.
This provides the issuer with an infrastructure for new income streams.

With these benefits in mind, card industries are pushing for issuers and acquirers
to become fully EMV compliant by offering incentives for early migration. Visa has
also introduced the EMV Visa Early Option scheme (Chip card data managed by
Visa), which is quicker and cheaper for organisations to participate in while they
prepare for full migration.

For markets where fraud is relatively low and hence the cost of EMV
implementation is difficult to justify, card organisations have a three pronged
approach:

ƒ EMV TIFT initiative: When the card is acquired at an EMV terminal, the
interchange rate payable by the acquirer to the issuer is decreased by 10
basis points of the transaction value
ƒ Liability shift to non EMV party: In the event of a disputed transaction, the
party who has not implemented EMV is liable for the cost of the transaction.
ƒ Financial incentives where each EMV region is offered funds to help banks
offset the costs of migration to EMV

Page 15 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com

Product paper
Appendix 3:
Impact of EMV

As with the advent of any new technology, there are some affects on
infrastructure and deployment:

ƒ Personalisation
Issuing institutions must have the capability to personalise chip cards and
load them with the payment application. This will typically require an upgrade
to the card embossing/encoding applications. An alternative for low volume
issuers is to consider outsourcing card production to a third party processor
or partner bank.
ƒ Payment network interfaces
EMV compliant systems need to process larger payment network messages
which includes the additional security information generated by the chip. This
may require an upgrade or reconfiguration of the interface between the
issuing system and the payment networks.
ƒ Card management
The card management system should be capable of interpreting and
performing authorisation based on the additional security information
(Authorisation Request Cryptogram) generated by a chip based transaction.
The card management system must also be able to generate post issuance
updates on the chip as well as issuer security information before performing
any post issuance updates.
ƒ Device upgrade
Institutions will need to upgrade their banking devices, such as ATMs and
POS terminals. ATMs with card readers will need to be deployed with EMV
compliant software. Similarly POS terminals that support chip cards will need
to replace all existing POS terminals.

EMV deadlines by region

Region Visa MasterCard

st
EU 1 January 2005 1st January 2005
Middle East 1st January 2006 1st January 2006
Asia Pacific 1st January 2006 1st January 2006
Caribbean 1st January 2010 1st January 2005
Latin America 1st January 2008 1st January 2005
Africa 1st January 2006 1st January 2006
South Africa 1st January 2006 1st January 2005

Page 16 of 16

2005 CR2 Ltd. All rights reserved www.cr2.com