EMV migration
Download training leaflet as PDF
Training programme
| Cryptography 101 | This optional module is aimed at giving a basic knowledge about cryptography, in order for trainees to fully benefit from this training. It is impossible to actually understand EMV without proper knowledge of cryptography basis : public key and secret key, RSA and DES, signature and ciphering, authentication, cryptograms, etc. |
| Smart cards 101 | This optional module is aimed at giving a basic knowledge about smart cards. The basis of smart card technology will be explained : different types of cards, open platforms, main standards (ISO 7816), communication between a card and a terminal, data representation. |
| EMV business case and multi-application | The EMV business case is a widely discussed issue. We will show how it can be enhanced and present simple and cheap methods allowing to reduce fraud while differentiating from competitors and having cardholders be involved in the scheme. Adding applications besides payment is another interesting way to increase profitability and customer satisfaction. We will present such applications as loyalty, transport, home-banking, games, campus, city cards, etc. from a pragmatic point of view, focusing on the way to actually set them up. This will be illustrated by real case studies. |
| Differences between MasterCard and Visa products | MasterCard and Visa have both proposed products based on EMV. The last releases (MasterCard M/Chip 4 and Visa VIS 1.4) are especially interesting and offer some important characteristics which bring an added value to the issuer. We will discuss these differences in details, in order to help trainees to make their choice. |
| Choosing the card and the other system components | There are currently more than 100 certified EMV cards. It becomes necessary to have the keys to compare and make a choice between all these products. On which criteria should a choice be based, how to evaluate the weak points of different offers, what is the importance of associated services, are standard products acceptable ? Other components in the system will also be discussed : terminals, personalisation systems, card management systems. |
| Migration planning | This module will allow trainees to evaluate, based on real case-studies, their planning migration, adapted to their particular situation. |
| The EMV transaction | This important module will come back in details on the EMV specifications. For this training we preferred to aim at having the trainees understand why EMV is handling a transaction this way. We will come back on what EMV brings compared to ISO 7816, what are the commands and data used, we will insist and the transaction flow, on the methods for selecting an application, for doing data authentication (CAM) and cardholder authentication (CVM) and on the card risk management. Practical work: running and understanding a full EMV transaction on a real card. |
| EMV card life cycle | We will discuss the technical characteristics related to card life cycle : issuing, personalisation, card management. |
| Introduction to EMV security | This module is aimed at increasing awareness on the risk of misuse of EMV cards. We will describe the EMV security architecture, the data authentication methods (SDA, DDA, CDA) and the risks of errors in personalisation. Based on information publicly available from international and national payment schemes, we will give an overview of the methods used by fraudsters. |
| Platform choice: JavaCard, Multos or native ? | Which advantages do open platforms bring, how complex is it to deploy them, what are the specific constraints related to EMV ? We will discuss the challenge of open platforms and compare JavaCard, Multos and native cards. Finally, we will explain how to manage a multi-application EMV program using open platform cards. |
Details
TThe training will be given by Jerome Ajdenbaum, one of the best expert on EMV security. Jerome is Senior Consultant for Iteon, the company he started four years ago. Before starting Iteon, Jerome held various R&D and marketing responsibilities with Bull CP8 (now Axalto).
| Training fee | Contact us for a customised pricing. |
| How to register | By email: trainings@iteon.net |
Note
This training is meant for individuals belonging to banks, financial institutions or related industry. For security reasons, Iteon reserves the right to refuse registrations.
