Cards are produced in batches and it is the responsibility of the host system to assemble all data for a given batch of cards. A batch might be generated as a result of the normal replacement cycle (two or three years) or possibly to replace those cards that have been reported lost or stolen during the day. The host system produces the data in a series of records, one record per cardholder. The data is known as a Personalization Data File.
Each record of the Personalization Data File comprises a number of modules. These normally include:
- Data to be embossed onto the card.
- Data to be encoded onto the magnetic stripe of the card.
- Data to be printed on a “paper carrier.” This carrier is used to hold the card, while in its delivery envelope, and is printed, for example, with the cardholder’s name and address.
- Data for an ID photograph
Some items in the magnetic stripe module need to be generated using a security module.
These include a PIN Verification Value (PVV), or equivalent,
and a Card Verification Value (CVV).
Both these items are derived using a cryptographic process that involves the use of secret keys.
The data is the file is not normally encrypted.
The PIN mailer for a card is normally produced in a separate establishment from the cards themselves, often as a separate output from the issuer host system. This separation of PIN mailer and finished card is normally an essential part of the card issuance process. Often, PIN mailers are not posted until the cardholder acknowledges receipt of the card.
With the arrival of the smart card, the issuer needs to produce an extra “module” of data, which is intended to be programmed into the chip itself. Of course, there will be many items of information in this chip data, which are common to the magnetic stripe and the embossing data. Examples of this are a Primary Account Number (PAN) and the cardholder name. However, there are some new items that are specific to smart cards.
Some examples are:-
Upper consecutive offline limit:
This is a value held by the card that determines its spending limit. After this limit has been exceeded, the card forces the transaction to be completed online. This is part of the inherent risk management features of a chip card.
Signature of static card data:
This is a value calculated using a public key cryptographic algorithm at the time the card data is generated. It can be validated by each terminal accepting the card and is used to give some confidence that the card is genuine.
Issuer certificate:
This data is set up by the issuer in conjunction with the card association to which the issuer belongs (Visa or MasterCard). It is placed onto every card issued and contains the public key of the issuer. It is used by the terminal as part of the process to validate the signature in the second item in this list.
Unique Derived Keys (UDKs):
These are DES keys, unique to each card, which are placed on the chip and used as part of the transaction validation process. Basically, the transaction details are passed to the card, which uses the UDK to generate a cryptogram (similar to a MAC) that is passed back to the issuer for validation. Using this technique, the issuer can be sure that the transaction was handled by a valid card.
The various credit and debit specifications define in excess of 40 such data items, which need to be generated and placed on smart cards. It is the issuer’s responsibility to generate these items, something that existing card systems were never designed to handle.
INFO:
The advent of chip cards has meant that for the first time, some of the data passing from issuer to personalizer is now secret and must only be sent in encrypted form. The UDKs previously described are an example of such secret data.