Cardholder Data Protection & EMV Data Preparation

Card issuers have compelling incentives to migrate from mag stripe-only payment cards to integrated chip (IC) cards compliant with EMV. This EMV migration will soon return as much as 1% of revenue to the bottom line, as the responsibility for point-of-sale fraud shifts from the issuers to the merchants. Prime Factors’ Bank Card Security System (BCSS) shields you from the complexity of EMV card issuance, making it feasible to perform EMV data preparation in-house. Many issuers have shied away from EMV smart card issuance due to its complexity compared to magnetic stripe card issuance.

As a result issuers have outsourced EMV data preparation and key management to third-party bureaus, thereby relying on others to keep secure their most valuable assets – cardholder data and associated keys.

BCSS gives you control of your cardholder data and keys. It lets you perform EMV data preparation in-house by simplifying the complexity associated with data preparation and key management. BCSS data preparation for EMV is as familiar and routine as magnetic stripe card issuance is today and delivers a highly flexible output file that any card personalization system can interpret for processing.

How BCSS works after EMV risk parameters have been defined:

If you develop your EMV card issuance platform in-house, Prime Factors reduces development costs because BCSS:

  • Fits into your existing secure card issuing and personalization platform.
  • Eliminates the need to maintain custom software code with the logical security and payment scheme EMV configuration changes that occur regularly.
  • Simplifies the requirement to incorporate hardware security modules (HSMs) for key management and creation and verification of security codes and PINs.
  • Supports key profiles with both key values and key attributes, derived keys, key versioning, and signed certificates.
  • Makes it easier to incorporate key management processes into your existing embossed card issuing environment.
  • Runs on legacy systems where your current cardholder data resides and where emboss files are created for magnetic stripe cards.
  • Offers subroutines to support Thales HSM commands that crytographically prepare data for issuing smart cards.
  • Delivers data preparation functions including generating and managing card issuer public key certificates, and generating unique card keys and certificates.
  • Includes dynamic CVV/CVC3 verification and CVC3 generation for contactless cards.
  • Contains authentication functions, including ARQC verification and ARPC generation that comply with EMV96, EMV2000, and EMV 4.3 standards.

Learn more about how BCSS cuts the cost of developing an in-house card issuance platform.