EMV Insight 2. EMV Card Testing System
Card Testing System
EMV Insight 2 is a quality control tool for personalization of EMV applications on smart cards. EMV Insight 2 allows you to minimize the efforts associated with the certification of EMV cards in international payment systems, simplify the selection of the optimal set of parameters of EMV applications in preparation for the release of new card products, as well as identify the causes of failures in the operation of already issued cards. EMV Insight 2 helps to solve problems and save time during the stages of personalization preparation, release and operation of EMV cards. When configuring the parameters of new card products, EMV Insight 2 helps to verify the operability of the test card, check its behavior at different values of the parameters of the EMV application. With mass personalization, EMV Insight 2 allows you to check the correctness of the data personalized on the card without violating the initial state of the card. In case of problems with the operation of cards issued into circulation, EMV Insight 2 helps to find out the reasons for the inactivity of cards returned by customers, as well as to manage the parameters of the cards.
Functions
EMV Insight 2 is a payment system emulator that includes a POS terminal simulator and an authorization center simulator. EMV Insight 2 implements the following main functions: monitoring and visualization of the EMV smart card authorization process in various modes; analysis of the results of initialization and electronic personalization of EMV smart cards, including monitoring: o card operability during transaction servicing; o completeness of data on the card; o authenticity of data by checking certificates and keys; o consistency and lack of data redundancy; o no duplication of data; o compliance with data presentation formats (including tag length control); o consistency of interdependent parameters in accordance with the requirements of payment systems. monitoring the implementation of cryptographic functions of the EMV application; checking the consistency of personalization of the EMV application, magnetic stripe and embossed data. These functions are implemented by performing a number of procedures described later in this document.
Innovations
The EMV card testing complex “EMV Insight 2” is a logical continuation of the well-proven EMV Insight complex, which has been in operation for more than 7 years. Over the past time, despite the constant modification of the EMV Insight software and bringing it into line with the current versions of the payment system and EMVCo specifications, the developers have accumulated extensive experience in operating the complex, which led to the need to release a new software product called EMV Insight 2.
1. “EMV Insight 2” has a new structure for representing the parameters of terminal devices and the authorization center, which led to a change in the format of storing configuration parameters. At the same time, the user interface of the complex is as close as possible to the interface of the previous version of “EMV Insight” in order to minimize the user’s adaptation time to the new software.
2. The structure of the terminal simulator database parameters has been significantly simplified. Removed parameters not in demand by users of “EMV Insight” v.1. The remaining parameters are regrouped for the purpose of operational testing of EMV cards in various types of service points.
3. “EMV Insight 2” supports the operation of EMV cards with applications of American Express, JCB, UnionPay
4. “EMV Insight 2” supports the operation of contactless cards of Visa and MasterCard payment systems in all possible modes specified in the VCPS (payWave) and PayPass documentation
5. Expanded the range of supported devices used to control the performance of cryptographic functions EMV applications (except for SAM cards and software implementation of cryptographic functions): HSM of Thales e-security; HSM of SafeNet (formerly Eracom) (will be available soon).
6. “EMV Insight 2” supports both financial and specialized applications operating in all CAP/DPA 2 modes (Mode 1, Mode 2, Mode 2 TDS, Mode 3, Mode 3 TDS).
7. “EMV Insight 2” supports checking PVV, CVV/CVC/CSC, icvv/chipcvc, CVV2/CVC2 values calculated for various input data formats. Downloading and using the necessary cryptographic keys (CVK, PVK) is possible both in the software implementation of cryptomechanisms and in hardware cryptographic devices (SAM card or HSM).
8. “EMV Insight 2” supports checking Data Authentication Code (DAC) and ICC Dynamic Number (ICC) values.
9. “EMV Insight 2” allows you to define up to 30 RSA keys for each payment system simultaneously. 10. “EMV Insight 2” allows you to copy BIN descriptions along with the values of 3DES keys.
11. “EMV Insight 2” can ignore the presence of PSE on the smart card, which allows you to test specialized applications, including CAP/DPA, that are absent in PSE.
12. The user can select the currency of the operation and the country code of the terminal device from the full list of currencies and countries described in the relevant ISO standards. For the convenience of modifying lists, descriptions of currencies and countries are stored in text files CurrencyCode.txt and CountryCode.txt
13. Due to the fact that SAM cards do not support RSA cryptography for keys of the entire range of lengths and only open RS keys are used in authorization operations, “EMV Insight 2” does not support RSA cryptography functions in SAM cards.
14. The lists of tags available via the Get Data and Put Data commands for contact and contactless cards are editable for each payment system specification (if the Issuer has placed additional tags in the card that are not described in the payment system specifications).
15. The test protocol is output to a file in HTML format and has become more informative compared to the “EMV Insight” version.
16. The user can create an exception file for warning and error messages to filter messages that are not essential for a specific type of application.
17. “EMV Insight 2” has an OLE interface that allows you to call it from other applications.
18. “EMV Insight 2” analyzes the data obtained from MasterCard M/Chip applications for compliance with the standard data templates provided in the document “M/Chip Card Personalization Standard Profiles”, and the data obtained from Visa applications for compliance with standardized data templates is analyzed. Due to the external storage of the description of standard templates, the publication of new standard templates of payment systems does not require updating the versions of “EMV Insight 2”.
Advantages of EMV Insight 2
Checking cards for compliance with the specifications of EMV, Visa, MasterCard, American Express, JCB, UnionPay; Clear presentation of the results of data analysis of the chip and magnetic stripe; Identification of personalization errors and causes of card inactivity; Checking the consistency of personalization of the chip, magnetic stripe and embossed data; 2 Comes as a separate option
Performing cryptographic procedures either in the program (for full control of the encryption process) or in a cryptographic device (Java card cryptoapplet or HSM) for the safe use of “working” keys; Obtaining statistics on the method (Online/Offline) and the result (Approve/Decline) of authorization of the workflow, indicating the source of decision-making; Detailed logging of performed operations. Obtaining an integrated assessment of card testing; Combining wide configuration capabilities and ease of performing card testing. Tincture of parameters is not mandatory due to the supplied parameter configuration templates for the most common types of applications (including VIS 1.3.2, VIS 1.4.x, VIS 1.5.x, M/Chip 2.1 and M/Chip 4.0); Performing a financial transaction with an EMV card application at the touch of a button. Data verification and analysis Key checks of message length and format parameters of tag duplication parameters tag sequence in the received data availability of mandatory tags of unknown and unused tags and templates availability of all necessary data for the PIN code verification procedures declared by the card Verification of authenticity of data expiration dates
For data presented in the BER-TLV format, lengths are monitored as elementary tags and container tags. Depending on the value of the tag code, the length is checked either for strict compliance with the specified length, or for falling within the acceptable range. EMV Insight 2 monitors the compliance of the data received in the tags with a valid set of characters and data format (alphanumeric, digital data, date, time, etc.). EMV Insight 2 records the presence of duplicate tags on the card. EMV Insight 2 controls the sequence of tags in the data received from the card. EMV Insight 2 fixes the absence of mandatory tags in the data on the card. EMV Insight 2 informs the operator about all tags that are not included in the EMV, VIS, M/Chip specifications or are not used in smart card applications. EMV Insight 2 monitors the availability of all the data required to perform the checks specified in the AIP (Application Interchange Profile). The program informs the user about the impossibility of obtaining data from the card (ATC and Online ATC) necessary to assess the risks of Offline authorization. EMV Insight 2 controls the verification of the cardholder’s credentials and the correctness of the verification of the PIN code by the card. The program performs static and dynamic authentication of EMV application data, thereby verifying certificates and keys recorded on the card. EMV Insight 2 monitors the expiration date and activation period for cards and certificates.
Testing the personalization of EMV cryptograms of the card
The program checks the cryptogram obtained from the EMV application. Cryptographic operations can be performed by a software module, a smart card with a specialized cryptographic applet, or a hardware cryptographic device (HSM). EMV Insight 2 monitors application data for the validity of values: control of falling into the ranges of acceptable values; validity of CVM List format data values (list of checks of the cardholder’s authority) geographical restrictions of applications priorities of applications of data from magnetic stripe tracks of cards of embossed data identification of prohibited values; compliance of the specified codes with ISO 4217 (currency codes), ISO 3166 (country codes), ISO 639 (language codes), ISO 7813 (track format magnetic stripe); control of the zero value of reserved bits; search for forbidden bit combinations. The program analyzes the CVM List of the VSDC application for the presence of all types of checks designated as mandatory in this payment system for all types of devices. If there are several financial applications on the card, EMV Insight 2 controls the ability to service both local and international transactions. If there are several financial applications on the card, EMV Insight 2 monitors the correct prioritization of applications of different types. The program controls the format of the data on the magnetic stripe tracks and the correspondence of these data to the values obtained from the card chip.
The program allows the operator to control the correspondence of the embossed data to the data stored in the chip of the card and on the magnetic strip. Advanced Data Analysis EMV Insight 2 performs a complete analysis of all available data elements of the serviced application. In addition, the analysis of the interaction of financial applications on the multiapplication card is performed (analysis of geographical restrictions, priorities of application maintenance on the card). CVM List is analyzed for the presence of all mandatory types of checks for all types of terminal devices. Checking the correctness of the data of the EMV applications of personalized cards, the operator is given the opportunity to read the data of the EMV application without modifying the value of the transaction counter (ATC) and the internal flags of the card that record the current state of the card (for example, the New Card flag)
Testing the ability of cards to execute the issuer’s scripts The operator can generate and initiate the execution of the issuer’s scripts in the card. To control the execution of the issuer’s script, there is a convenient opportunity to view tags and records before and after the script execution. Terms of service of the operation EMV Insight 2 allows you to flexibly configure the parameters of transactions and the environment of their execution. The choice of the type, amount and number of Online transactions on the initiative of the Card operator in the stop list Maintenance of applications not included in the PSE Authorization can be performed for various types of transactions, such as Sale, Cash withdrawal, Transfer of funds, etc. The type of operation and the amount can be selected randomly. The operator can force a transaction in the Online PAN of the tested application can be placed in the terminal stop list. It is used to control the behavior of the card in case its PAN hits the stop list. The operator can allow the maintenance of applications that were not included in the PSE on the card. It is used for testing local specialized applications.
Parameters of the payment system emulator
Settings of the parameters of the payment system emulator allow you to check the card’s operability in various modes. EMV Insight 2 provides the user with the ability to configure the parameters of the operation being performed, the POS terminal simulator, the Emission Center simulator, as well as the level of logging the results of testing EMV applications. However, to quickly get started with EMV Insight 2, it is enough for the user to select the type of smart card reader with which he will work and determine the values of the Issuer’s symmetric keys used.
Terminal parameters
EMV Insight 2 allows you to modify a large number of parameters in the configuration of the POS terminal, including: values of public keys Certification Authority; supported methods of identification of the cardholder (public or encrypted PIN, signature); supported methods of data authentication (SDA, DDA, CDA); VLP parameters of the card authorization mode; financial limits of the operation; TAC bitmasks that determine the authorization method selected by the POS terminal. Parameters of the EMV Insight 2 Emission Center allows you to configure the parameters of the Emission Center, including: the values of symmetric encryption keys; parameters for generating scripts of the issuer (Emission Center) for subsequent execution in a smart card.
Support Card health testing is a complex complex process that requires an understanding of the essence and numerous relationships of the processes taking place in a real payment system. In addition, the standards governing various aspects of the organization and operation of the payment system are constantly changing (one example is the evolution of the EMV specification from EMV 96 to EMV 4.3). Therefore, an important place is occupied by the support and maintenance of the quality control system for personalization of EMV applications. PRONIT specialists help the client in building and using the EMV application personalization quality control system: explain the architecture of the payment system, the essence and interrelationships of the processes taking place in it; explain the methodology of working with EMV Insight 2; provide a set of documentation; and of course, install the software and support it in accordance with the updates of the EMV, Visa specifications, MasterCard, American Express, JCB, UnionPay.
Documentation
The EMV Insight 2 documentation is supplied complete with detailed documentation in English. The documentation includes the following volumes: EMV Insight2. EMV Insight2 User’s Guide. EMV Insight2 Installation Guide. Quick Start EMV Insight2. Recommendations for testing EMV Insight2. Analysis of the EMV Insight2 protocol. OLE interface Table of versions and changes of EMV Insight 2 (including CA_DKL2, TLV_Decoder2) CA DKL2. TLV Decoder2 User’s Guide. User Manual Compliance with EMV Specifications Insight 2 is developed in accordance with the standards and specifications:
ISO/IEC,-4, ISO/IEC 7813, ISO/IEC 4217, ISO/IEC 3166, ISO/IEC 639-1; EMV v (EMV 96), EMV v.4.0 (EMV 2000), EMV v.4.1, EMV v.4.2, EMV v.4.3; VIS v.1.3.2, VIS v.1.4.0, VIS v.1.4.1, VIS v.1.5.0, Visa VCPS 2.1; M/Chip 2.1, M/Chip 4, MCW PayPass. CAP 2007, PLA 2010; AEIPS v.4.1; JCB 2.0 Related software CA_DKL TLV Decoder Module for loading cryptographic keys into a cryptoaplet; Data decoding tool in BER-TLV format.