Achieving 100% Personalization Quality ... Technical development Failure analysis ... M/Chip...

Click here to load reader

  • date post

    03-Apr-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Achieving 100% Personalization Quality ... Technical development Failure analysis ... M/Chip...

  • Br ian Summerhayes

    Managing Director

    Barnes Internat ional

    © 2014 BARNES INTERNATIONAL LIMITED 1

    Achieving 100% Personalization Quality Control

    ICMA Manufacturing and Personalization Expo 2014

  • Agenda

    Introducing Barnes

    Card Certification Testing

    Payment Application Personalization Validation

    Personalization 100% Quality Control

    © 2014 BARNES INTERNATIONAL LIMITED 2

  • Barnes International Ltd

    © 2014 BARNES INTERNATIONAL LIMITED

    22 year heritage

    Leading international supplier of chip and magnetic stripe card test equipment

    Specialist UK company – Offices in US: PA and CA

    Installations worldwide (80+ countries)

    Mission: to make complex labour intensive card tests simple and ensure excellent personalization quality control

    3

  • Payment Application Personalization Validation

    © 2014 BARNES INTERNATIONAL LIMITED 4

  • Certification and QC Testing

    © 2014 BARNES INTERNATIONAL LIMITED 5

    QC tools used by all leading card and ticket developers, manufacturers, personalizers and issuers for:

    Technical development Failure analysis Compliance verification and Laboratory Certification Manufacturing quality assurance

    Enable issuers to provide proven and certified cards and tickets to their customers

    Cards require testing during development and production QC

    Pre-certification testing required in order to pass card certification. Certification tools include

     MasterCard CPV and FIME F-CPV test tools used by MasterCard for card certification

     Visa GPR and VPA tools used by Visa Inc. for card certification

     Amex card test scripts  Discover and Diners D-PAS test scripts  All these tools are available to Issuers to carry out

    pre-certification testing of cards before submission to the certification laboratory

  • Card Certification Testing

    © 2014 BARNES INTERNATIONAL LIMITED 6

  • Payment Scheme Card Certification

    © 2014 BARNES INTERNATIONAL LIMITED 7

    American Express

    Discover/ D-PAS

    MasterCard

    Visa

  • MasterCard Personalization Validation (CPV)

     CPV process Launched in 2008  2013 – Version 6.2  MasterCard Personalization Validation Tool – Release 2013 Requirements v6.2 June

    2013  M/Chip Requirements 03 October 2013  M/Chip Personalization Data Specifications and Profiles 28 June 2013  PayPass – M/Chip Requirements 28 June 2013  PayPass Personalization Data Specifications, Version 1.8 – April 2013  M/Chip Card Personalization Standard Profiles 28 June 2013  M/Chip Card Personalization U.S. Market Standard Profiles 28 June 2013

    Test Specifications

    Accredited Laboratories

    © 2014 BARNES INTERNATIONAL LIMITED 8

    Qualified Test Tools

  • MasterCard CPV Certification

    © 2014 BARNES INTERNATIONAL LIMITED 9

  • Visa Global Personalization Validation (GPR)

    Visa Laboratories

    © 2014 BARNES INTERNATIONAL LIMITED 10

    Qualified Test Tools

    US PR Test Specifications  U.S. Personalization Validation Requirements – Test Cases v1.0 Jan 2014 (DRAFT)

     Products  Visa DB/CR, Electron, DPA, Plus, Interlink, US Common Debit

     Specifications  VIS 1.4.1, 1.5.x  VCPS 2.0.2, 2.1.x  VMCPS 1.4.x

     Applets  VSDC 2.7.1, 2.8.x and VMPA v.1.4.x Applets

    VSDC Personalization Requirements for U.S. Implementations Version 3 Oct 2013

  • Visa GPR Certification

    © 2014 BARNES INTERNATIONAL LIMITED 11

  • Other Schemes

    © 2014 BARNES INTERNATIONAL LIMITED 12

    American Express

    Discover

  • Payment Scheme Testing

    © 2014 BARNES INTERNATIONAL LIMITED 13

     EMV + Amex, Discover/ D-PAS, MasterCard, Visa  + National Specs, e.g. JCB, RuPay, SPAN, PBOC and Union Pay

    Payment Scheme Standards – Data validation required

     MasterCard CPV Certification: CPV  Visa Global Personalization Requirements: US PR

    Payment Scheme Certification Tools

    Card Certification Laboratories

    Card Quality Control in Production

  • Personalization Quality Control Testing

    © 2014 BARNES INTERNATIONAL LIMITED 14

  • Card Personalization

    © 2014 BARNES INTERNATIONAL LIMITED 15

    Personalization is the process of writing data fields to the chip card and the magnetic stripe

    Some of the data fields will be standard across all products e.g. Issuer Country Code

    Some of the data fields will be unique to the cardholder e.g. Account Number (PAN) and cardholder name

    The following slides examine some of the many personalization issues that we have personally experienced

  • Personalization Quality Control – Why?

    © 2014 BARNES INTERNATIONAL LIMITED 16

    Chip cards have far more complicated coding compared with a simple magnetic stripe

    Chip cards have far more information inside them compared with a magnetic stripe

    Dual interface cards are also complex to code with shared parameters

    • Magnetic Stripe vs Chip Data

    • Correct Keys • Validation vs

    Payments Scheme

    • Issuer/ Card Tag values

  • Personalization Test Example 1

    © 2014 BARNES INTERNATIONAL LIMITED 17

    Magnetic Stripe Only

    Data on Track 1 & 2 missing

  • Transposition of Data Across Cards

    © 2014 BARNES INTERNATIONAL LIMITED 18

    Transposition of data:

    Mrs Smith name inside the chip card and Mr Jones name on the magnetic stripe

    Result of manufacturing hiccup Can be detected easily by performing quality control on

    personalised cards (First, Middle and Last cards)

    Now seeing fraudulent cards – where data on chip is totally different to that on magnetic stripe.

    Occurs post issuance easily proven with a test tool

  • Cryptographic Errors

    © 2014 BARNES INTERNATIONAL LIMITED 19

    Numerous cryptographic errors on cards

    DES Keys incorrect resulting in transaction cryptogram failure and/or script processing failure

    SDA/DDA/CDA test DES Keys can easily be checked as part of QC

    Even live DES keys can be checked if QC equipment connected to HSM

  • Formatting Errors

    © 2014 BARNES INTERNATIONAL LIMITED 20

    Formatting errors more difficult to detect. Examples include:

     Incorrectly formatted account number, if number of digits is odd, pad with only a single “F” and not multiple “F”s 12345 67891 234F ✔ 12345 67891 234FF FFFFF ✘

  • Production Issues

    © 2014 BARNES INTERNATIONAL LIMITED 21

    UK country code on cards issued abroad

    Personalization preparation was outsourced to the UK and the data file exported back to another country for card production If it is a chip card issued to (say) a US customer inside the US

    then the Issuer Country Code should be US irrespective of where the personalization data is created

  • Ongoing Quality Control

    © 2014 BARNES INTERNATIONAL LIMITED 22

    Fully personalised chip cards should be sent to the appropriate Scheme prior to issue for certification – a very sensible and valuable practice.

    Errors on certified cards do happen

    all errors in this section have been seen on live cards consider how many possible negative errors could be introduced –

    hundreds of thousands of possible coding combinations - difficult to check all

    certification processes and quality control tools constantly enhanced and improved

  • Personalization QC

    © 2014 BARNES INTERNATIONAL LIMITED 23

    Quality Control of the cards in manufacturing and during personalization is essential Chip cards – much more to go wrong Chip cards are far more expensive than magnetic stripe and thus are costly

    to reissue Reputational/customer service impact can result in substantial lost revenue

    Offline or Inline Quality Control of the cards during personalization Offline Single Card tests with Batch Testing

     Inline Enables 100% testing

  • Offline QC Testing Card Personalization Validation Testing Tool

     Data Read Only Mag Stripe + Contact Chip + Contactless Chip

     Interpret s. EMV and payment schemes  No validation

    Data Explorer

     Validates data to EMV and payment scheme requirements  Confirms chip, Mag-stripe and embossing correlation

     Identifies incorrect data

     Contact and Contactless chip validation tests Multiple Application data validation -single card insertion Multi-level user interface for Production, QA & Bank personnel with complete analysis

    facilities for Experts

    Validation – Standard Card Perso Tool (“CPT”)

     All the features of a CPT, PLUS:  Test Script development  Issuer scripts and Cryptography

     Host Simulation + HSM interface (e.g. with Thales 9000 and Safenet)

    Test Development – Card Analysis Tool

    24© 2014 BARNES INTERNATIONAL LIMITED

  • Validation Test Report

    1. Summary of Test

    2. Individual Fa