Muutke küpsiste eelistusi

Acquiring Card Payments [Kõva köide]

4.43/5 (12 hinnangut Goodreads-ist)
  • Formaat: Hardback, 262 pages, kõrgus x laius: 234x156 mm, kaal: 540 g, 5 Tables, black and white; 30 Illustrations, black and white
  • Ilmumisaeg: 27-Aug-2019
  • Kirjastus: CRC Press
  • ISBN-10: 0367342847
  • ISBN-13: 9780367342845
Teised raamatud teemal:
Acquiring Card PaymentsSuurem pilt
  • Formaat: Hardback, 262 pages, kõrgus x laius: 234x156 mm, kaal: 540 g, 5 Tables, black and white; 30 Illustrations, black and white
  • Ilmumisaeg: 27-Aug-2019
  • Kirjastus: CRC Press
  • ISBN-10: 0367342847
  • ISBN-13: 9780367342845
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780367342845.html
Märksõnad:

This book delvers into the essential concepts and technologies of acquiring systems. It fills the gap left by manuals and standards and provides practical knowledge and insight that allow engineers to navigate systems as well as the massive tomes containing standards and manuals.

Dedicated to card acquiring exclusively, the book covers:

  • Payment cards and protocols
  • EMV contact chip and contactless transactions
  • Disputes, arbitration, and compliance
  • Data security standards in the payment card industry
  • Validation algorithms
  • Code tables
  • Basic cryptography
  • Pin block formats and algorithms

When necessary the book discusses issuer-side features or standards insomuch as they are required for the sake of completeness. For example, protocols such as EMV 3-D Secure are not covered to the last exhaustive detail. Instead, this book provides an overview, justification, and logic behind each message of the protocol and leaves the task of listing all fields and their formats to the standard document itself. The chapter on EMV contact transactions is comprehensive to fully explain this complex topic in order to provide a basis for understanding EMV contactless transaction.

A guide to behind-the-scenes business processes, relevant industry standards, best practices, and cryptographic algorithms, Acquiring Card Payments covers the essentials so readers can master the standards and latest developments of card payment systems and technology

Preface xv
Section I: Payment Cards And Protocols 1(72)
1 Overview of Card Payments Industry
3(10)
1.1 The First Supper
3(3)
1.2 Industry Actors
6(3)
1.3 Three-party and Four-party Schemes
9(1)
1.4 Payment Online and at the Store
10(3)
2 Payment Flow and Basics of Technology
13(36)
2.1 Card Shape
14(1)
2.2 Card Number (PAN)
15(2)
2.3 Card Types and Products
17(2)
2.4 The Magnetic Stripe
19(6)
2.4.1 Track 1
20(1)
2.4.2 Track 2
21(1)
2.4.3 Track 3
22(1)
2.4.4 Service Code
23(2)
2.5 Card Verification Values
25(5)
2.5.1 CVV Calculation Algorithm
26(2)
2.5.2 CVV1
28(1)
2.5.3 CVV2
29(1)
2.5.4 iCVV
29(1)
2.5.5 Dynamic CVV
30(1)
2.6 Overview of Card-Present Technology
30(1)
2.7 Cardholder Verification Methods
31(3)
2.7.1 Strong Customer Authentication
34(1)
2.8 PIN Handling
34(1)
2.8.1 PIN Verification
34(1)
2.8.2 Storing Encrypted PIN
35(1)
2.8.3 Relying on PIN Verification Value (PVV)
35(1)
2.9 Transaction Types
35(4)
2.9.1 Retail Transactions
36(2)
2.9.2 Cash Withdrawals and Deposits
38(1)
2.9.3 Payment Transactions
38(1)
2.10 Point-of-Sale Types, Conditions and Entry Modes
39(7)
2.10.1 Data Transfer Methods
40(1)
2.10.2 Data Formats
40(5)
2.10.2.1 Terminal Capabilities and Conditions
41(4)
2.10.3 Terminal Certification Process
45(1)
2.11 Card-Not-Present Point-of-Sale Types, Conditions and Entry Modes
46(3)
3 Payment Services and Protocols
49(24)
3.1 Introduction
49(2)
3.2 Authorization Service Messages
51(1)
3.3 ISO 8583 Message Structure
51(19)
3.3.1 Message Header
52(1)
3.3.2 Message Type Indicator
52(3)
3.3.3 Bitmap
55(1)
3.3.4 Data Elements
56(14)
3.4 Other Card Scheme Services
70(3)
Section II: Card-Not-Present Environment 73(22)
4 Card-Not-Present Environment
75(20)
4.1 Introduction
76(1)
4.2 Secure Sockets Layer
76(1)
4.3 3D Secure
76(4)
4.3.1 Overview
77(1)
4.3.2 Participation Check
78(1)
4.3.3 Payer Authentication
79(1)
4.3.4 Payer Authentication
79(1)
4.3.5 3D Secure Adoption and Challenges
80(1)
4.4 3D Secure 2.0 (EMV 3D Secure)
80(7)
4.4.1 Major Changes in 3D Secure 2.0
81(1)
4.4.2 3D Secure 2.0 Actors and Messages
81(2)
4.4.3 Browser-based Flow
83(2)
4.4.4 App-based Flow
85(1)
4.4.5 Merchant-initiated Transaction (3RI)
86(1)
4.4.6 EMV 3-D Secure Security
87(1)
4.5 Address Verification Service (AVS)
87(1)
4.6 Tokenization
88(9)
4.6.1 Processor Tokenization
89(3)
4.6.2 Revocation of Authorization and Account Updater Services
92(1)
4.6.3 Payment Network Tokenization (EMV Tokenization)
92(1)
4.6.4 Payment Network Tokenization in Mobile Payments
93(2)
Section III: Card-Present Environment 95(74)
5 Contact Chip Transactions
97(54)
5.1 Overview
99(4)
5.1.1 Introduction
99(1)
5.1.2 "ICC" vs. "EMV card"
99(1)
5.1.3 ICC Architecture Overview
100(1)
5.1.4 Card-Terminal Interaction
101(2)
5.2 ICC Architecture Details
103(4)
5.2.1 Chip and Antenna Hardware
103(1)
5.2.2 ICC File System
104(3)
5.2.2.1 Dedicated Files and AID
104(2)
5.2.2.2 Elementary Files
106(1)
5.3 Flow of a Chip Transaction
107(44)
5.3.1 Overview
107(1)
5.3.2 Card Interface
108(4)
5.3.2.1 Answer-to-Reset
108(1)
5.3.2.2 Command and Response
109(1)
5.3.2.3 CLA Format
110(1)
5.3.2.4 INS Values
111(1)
5.3.2.5 SW1 and SW2
112(1)
5.3.2.6 SFI
112(1)
5.3.3 EMV DOLs and Tags
112(2)
5.3.4 Terminal Verification Results (TVR) and Transaction Status Information (TSI)
114(1)
5.3.5 Application Selection
115(3)
5.3.5.1 Indirect Application Selection
116(1)
5.3.5.2 Direct Application Selection
116(1)
5.3.5.3 Final Selection
117(1)
5.3.5.4 File Control Information (FCI)
117(1)
5.3.6 Initiate Processing
118(2)
5.3.6.1 Application Interchange Profile
118(1)
5.3.6.2 Application File Locator
118(2)
5.3.7 Read Application Data
120(1)
5.3.8 Offline Card Authentication
120(10)
5.3.8.1 Common Steps of Offline Authentication
121(1)
5.3.8.2 Key Chain of Trust
122(2)
5.3.8.3 Public Key Recovery
124(2)
5.3.8.4 Signed Data Validation
126(1)
5.3.8.5 Static Data Authentication (SDA)
127(1)
5.3.8.6 Dynamic Data Authentication (DDA)
127(2)
5.3.8.7 Combined Data Authentication (CDA)
129(1)
5.3.9 Processing Restrictions
130(1)
5.3.9.1 Application Version Number
130(1)
5.3.9.2 Application Usage Control
130(1)
5.3.9.3 Application Effective and Expiration Date
130(1)
5.3.10 Cardholder Verification
131(7)
5.3.10.1 Amount Fields
131(1)
5.3.10.2 Cardholder Verification Rules
131(2)
5.3.10.3 CVM Results
133(1)
5.3.10.4 Example of a CVM List
133(2)
5.3.10.5 Offline PIN Verification
135(3)
5.3.10.6 Online PIN Verification
138(1)
5.3.11 Terminal Risk Management
138(3)
5.3.11.1 Offline Authorization and Terminal Risk Management
138(1)
5.3.11.2 Floor Limit
139(1)
5.3.11.3 Random Transaction Selection
139(1)
5.3.11.4 Velocity Checking
140(1)
5.3.12 Terminal Action Analysis
141(1)
5.3.13 Generation of Cryptograms and Issuer Authentication
142(6)
5.3.13.1 Card Action Analysis
143(1)
5.3.13.2 Generate AC (GAC) Command
144(4)
5.3.14 Script Processing
148(1)
5.3.15 Transaction Completion
149(2)
6 EMV Contactless Transactions
151(18)
6.1 Overview
152(1)
6.2 Main Concepts
153(1)
6.3 Entry Point
154(2)
6.3.1 Pre-Processing
155(1)
6.3.2 Protocol Activation
155(1)
6.3.3 Combination Selection
155(1)
6.3.4 Kernel Activation
156(1)
6.3.5 Outcome Processing
156(1)
6.4 Kernel Outcomes
156(3)
6.5 Contactless Magstripe
159(1)
6.6 Cardholder Verification Methods
159(1)
6.7 Understanding Kernels
160(11)
6.7.1 Kernel 1-Visa, JCB
161(1)
6.7.2 Kernel 2-MasterCard
161(2)
6.7.3 Kernel 3-Visa
163(1)
6.7.4 Kernel 4-American Express
164(1)
6.7.5 Kernel 5-JCB
165(1)
6.7.6 Kernel 6-Discover
166(1)
6.7.7 Kernel 7-UnionPay
167(2)
Section IV: Other Processes And Standards 169(40)
7 Disputes, Arbitration and Compliance
171(8)
7.1 Dispute Management and Arbitration
172(5)
7.1.1 Overview of Generic Dispute Lifecycle
172(1)
7.1.2 Retrieval Requests and Fulfillments
173(1)
7.1.3 Chargebacks and Representments
173(2)
7.1.4 Second Chargeback
175(1)
7.1.5 Allocation vs. Collaboration
175(1)
7.1.6 Pre-arbitration and Arbitration
175(1)
7.1.7 Liability Shift
176(1)
7.1.8 Streamlined Lifecycle
176(1)
7.2 Compliance
177(2)
8 Data Security Standards in the Payment Card Industry
179(26)
8.1 PCI Data Security Standard (PCI DSS)
180(6)
8.1.1 Account Data
180(1)
8.1.2 Levels of Compliance and Assessment Process
181(1)
8.1.3 Self-Assessment Questionnaires
182(1)
8.1.4 PCI DSS Principles
183(3)
8.2 PCI Payment Applications Data Security Standard (PCI PA DSS)
186(4)
8.2.1 PCI PA DSS Requirements
186(4)
8.3 Key Management with Hardware Security Modules (HSMs)
190(15)
8.3.1 Hardware Security Modules (HSMs)
190(1)
8.3.2 HSM Keys and Algorithms
191(1)
8.3.3 Variants and Key Blocks
192(1)
8.3.4 Trust Zones
193(1)
8.3.5 Key Components
194(1)
8.3.6 PIN Security Requirements
195(6)
8.3.6.1 General Principles
195(1)
8.3.6.2 PCI PIN Security Requirements and Testing Procedures v3.0
196(5)
8.3.7 Key Custodians and Key Ceremony
201(19)
8.3.7.1 Sample Procedure
201(4)
9 Other Payment Methods
205(4)
9.1 Electronic Wallets
206(1)
9.2 Cash-based Methods
207(1)
9.3 Telco Billing
207(1)
9.4 Bank Transfers
207(1)
9.5 Invoices
208(1)
9.6 Digital Currencies
208(1)
Section V: Algorithms And Encodings 209(24)
10 Validation Algorithms
211(4)
10.1 Luhn Algorithm
211(1)
10.2 Longitudinal Redundancy Check (LRC)
212(1)
10.3 Key Check Value (KCV)
213(2)
11 Code Tables
215(8)
11.1 ANSI/ISO ALPHA Data Format
215(1)
11.2 ANSI/ISO BCD Data Format
215(1)
11.3 ASCII Character Encoding Table
216(1)
11.4 EBCDIC Character Encoding Table
217(1)
11.5 Base64 Encoding
218(2)
11.6 BER-TLV Encoding
220(3)
11.6.1 Tag or Type Identifier
220(1)
11.6.2 Length
221(2)
12 Cryptography 101
223(6)
12.1 Introduction
223(2)
12.2 DES and 3-DES Encryption
225(1)
12.3 AES Algorithm
226(1)
12.4 Message Authentication Code
226(1)
12.5 Asymmetric Encryption
227(2)
13 PIN Block Formats and Algorithms
229(4)
13.1 EPB (Encrypted PIN Block) Formats
229(4)
Index 233
Ilya Dubinsky has 20 years of experience in the software industry. He is the Head of the CTO Office in Credorax, a cross-border acquiring bank in the European Union. He defines the technological roadmap of the company, manages its IP portfolio, and guides participation in international standard bodies. He also leads in-house technology research, publishes whitepapers, and writes a blog for the Israeli economic newspaper, The Marker.









Dubinsky participates in global groups and bodies, including The Berlin Group Banking Industry Standards Initiative, the Payment Services User Group of Bank of Malta, and the Fintech Forum of Bank of Israel. Capitalizing on his years of experience in software development, product, and project management in telecom and finance industries, he teaches a fin-tech class at Holon Institute of Technology and oversees joint research projects with Tel Aviv University.