During card issuance, the personalization system will execute ‘personalization scripts’ in order to load each individual card with the right set of:
Applications (e.g., EMV application)
Application data values (e.g., EMV parameters)
Application cryptographic keys (e.g., EMV cryptographic keys)
These components have been prepared for the card by the data preparation and the key management applications, in addition to the usual track data.
For EMV payment applications, the EMV parameters convey the issuer's implementation choices to the EMV application on the chip. The volume of EMV parameters to be personalized on a chip card is quite large compared to the volume of data that needs to be personalized on a magnetic stripe card. Therefore, issuers should allocate enough time for the definition of the EMV parameters.
In some cases, it may be possible for issuers to update some of the EMV parameters later during the post-issuance phase – that is, after the cards are issued and in the hands of cardholders. This process, by which the issuer sends parameter updates to the chip either through the payment network or using a POS in a branch, is referred to as ‘EMV issuer scripting’.
The cryptographic keys are integral to EMV authentication security and to secure post-issuance updates through EMV issuer scripts. Both the data preparation and the key management applications require an HSM to generate, store and process the EMV cryptographic keys during the data preparation process. The applications can share the same HSM or use separate HSMs.
The EMV data preparation and key management applications can be installed in the issuer’s secure data center or issuers can outsource this functionality to a full-service personalization bureau that already has them installed and audited by the payment brands that they support.
HSMs are used to store cryptographic keys, derive keys during personalization, key exchange and secure the personalization communication lines.
In case of card personalization onto mobile device, the provisioning request is raised by the Mobile device and after validation, provisioning happens through TSM, Cloud based Payments server which interfaces with the Issuer Back end system, Tokenization server (where required). If account is eligible, the service, account profile parameter information, cryptogram keys are gathered, and the card is provisioned with this data through the TSM.
Our Team helps and works closely with our customers to understand the existing scope, current business scenarios, flows of the existing systems, to provide the consulting solutions to Build, Architect, Enhance Features, Design, Develop, Test, Automate, Deploy, UAT.
Know more about our technology services Read more....
For more information please contact us at firstname.lastname@example.org