ABOUT SM 3000 PERSO
The issue and personalization of mag stripe and smart cards, including NFC, NFC rings, bracelets and watches is a complex process and for its implementation it is necessary to solve a number of issues to accurately reflect the requirements of the Customer. Some key factors will be noted below to provide a clear understanding of the main functions of the SM 3000 PERSO.
ABOUT EMV AND NFC
At first glance, issuing EMV smart cards does not seem like a daunting task. For example, to issue a single VSDC application card through a personalization bureau, vendors provide a solution that can use the same data as traditionally supplied for embossing magnetic stripe cards. To this data are added all the necessary personalization elements for the production of a simple EMV card.
However, as the business develops, we are dealing with several card platforms, which means that we need to have different sets of parameters and keys. And this situation becomes even more complicated as all the properties of smart cards are used and new applications appear.
Most banks today issue different types of cards with different designs reflecting the status of the customer and the way the cards are used. Some banks issue hundreds of card products and all of them must be managed during issuance and personalization in different flows, using different types of plastic in the receiving part of the embosser. For smart cards, this will become even more difficult, since depending on the application, the issuer can use chips with different memory sizes within the same card product. To optimize cost, the issuer can change smart card vendor on the fly, and the chips can even have a different operating system.
For payment products on the EMV platform, Payment Systems have released their own specifications. Visa has VSDC and Mastercard – M / Chip specification, and now further developments of VSDC and M / Chip cards are available.
Payment Systems offer options for using VSDC and M / Chip products with an approach so that banks can add new applications that add functionality to cards and make them more attractive to customers. However, this also requires more attention to the complexity and flexibility of the issuing environment so that issuers can implement all these new functions.
A significant role is played by the ability to dynamically manage parameters at the card, application and, more importantly, at the level of a single client. This is not possible with most cards that are personalized through the bureau or at the vendor’s production stage.
All elements of the environment for managing cards and applications should be closely integrated with each other for dynamic management of risk parameters based on solutions in a developed authorization system.
ABOUT EMV CARDS ISSUING REQUIREMENTS
In modern magnetic stripe card issuance technology, the existing card management system prepares the data for personalization. This data contains information on both the card and the customer, however, it is not complete enough for the issuance of smart cards.
Personalizing a smart card is similar to programming a small computer and is significantly different from entering data onto a magnetic stripe. To achieve the desired result, the current flow of personalization data for the magnetic stripe must be supplemented and expanded to support the smart card with EMV application.
There are two critical steps for chip card issuance that must be passed after the data has been prepared for conventional embossing by the traditional system:
- Data preparation and
- Smart Cards personalization.
Data preparation is the addition of data specific to the chip card and EMV application, including the generation of keys for the card and the application, which is part of the Key Management infrastructure.
Personalization consists in converting the prepared data into a list of commands for programming the chip.
Chip cards are often manufactured using hardcoded systems that are not flexible at all to support other platforms. Also, it is difficult to reconfigure them when business requirements change, which entails business losses due to release delays.
More recently, we offer a more standardized solution, allowing issuers to issue different types of cards and EMV application modifications using the same data preparation and personalization systems. We has specified 2 types of Data Preparation Script (DPS) and Card Creation Script (CCS). These standards make data preparation and personalization processes independent of the purpose of the card issuance and the chip platforms used.
An open data preparation system can be flexibly configured, and the latest generations of such systems can be configured using DPS scripts. They will contain all the required items to prepare the smart card data. And changing any data element will entail the requirement to change only the script.
Each DPS contains a definition:
- Card platform and its manufacturer;
- The released application. In the case of EMV applications, we are dealing not only with VSDC or M / Chip, but also with their variations M / Chip Select, etc. Each version of the EMV app will require a new DPS;
- Parameters defining EMV application and parameters of EMV risk management;
- Key data. These are usually references to keys used for each specific type of card.
Over time, this will entail a significant increase in the number of scripts. Since the Data Preparation System only uses DPS, and does not manage many of them, other controls will be required to determine which DPS scripts should be used in each case.
Data preparation is no more than one of the means in the overall card issuance solution.
In addition to the data preparation methods, there is a common alternative for issuing smart cards with a single EMV application and it is often much easier to start with pre-installed modules or Embedded Data Preparation Modules. Using them in conjunction with compatible scripts will facilitate the first steps of migration to EMV and at the same time will be open to any combination of cards and applications in the future.
Attempts to standardize personalization led to the emergence of the Global Platform standards. However, only maps compatible with the Global Platform will work with them, leaving behind a large number of maps with specialized formats.
Currently we support:
- M/Chip Select
- M/Chip Advance
- PayWave MSD/qVSDC
- Java Cards
- Magnetic Stripe
- Magnetic Stripe with Pin, iCVV
Our company has transferred the principles and methods of the GP to work with different maps. Especially in personalization, scripts are used for absolutely any type of card that the bank wishes to personalize. This makes the SM 3000 PERSO personalization solution open to any card and, since the bank gets the ability to create scripts on its own, it provides the bank with complete independence from vendors.
There are a large number of systems where data conversion is combined with personalization itself. It integrates into personalization software, or DDL. Then, with any changes to the used chip platform or the version of the loaded static data, a program or DDL change will be requested. In addition, converting data during personalization can slow down the process and reduce the performance of expensive personalization equipment.
Between the wide range of the supported personalization’s stations SM3000 PERSO supports the equipment – leaders of the market:
- Entrust DataCard 150, 280, 350, 450, MX2000, 7000s series, 9000s series;
- CIM 1000;
- MATICA S700 series;
- MAGTEK ExpressCard.
This list doesn’t limit the supported equipment usage. It is provided on the basement of the actual versions implementation jobs and upgrades.
SM3000 PERSO was implemented with NBS and other station brands equipment for our banks customers around the world also.
If you use a different station, do not hesitate to provide us the Protocol description for the machine and we’ll realize the data interchange shortly.
SM3000 PERSO requires a Host Security Module (HSM) manufactured by Thales, FUTUREX or SafeNet. It is able to connect to these cryptographic devices both via COM port and TCP / IP protocol. As an option our solution supports software based HSM, developed by ALFEBA, for the individual projects, implemented in accordance with PCI DSS and PIN DSS security standards and requirements of the international payment systems.
Do not hesitate to look through the equipment to deliver by ALFEBA here.
SM 3000 PERSO PRODUCT PARTS
The first part prepares data to compose a personalization script, complements magnetic stripe card issuers and enables the issuance and management of cards based on VSDC and M / Chip applications using a variety of chip platforms and operating systems.
The second part prepares scripts for personalization of cards (CCS – Card Creation Scripts) and sends them to the personalization equipment. This solution works in tandem with existing personalization station software and complements it with management and reporting tools during the personalization process.
SM 3000 PERSO for card personalization sits between card and application controls, and personalization equipment for managing application programming and personalization process.
SM 3000 PERSO provides maximum flexibility in terms of supporting a variety of card technologies and ease of support for new types of card products.