Evolution of Payment Instruments

Decades back when people want to purchase some goods they go to the nearby shop and give hard cash to get the same. In 20th century there was a tremendous growth in technologies of all kind, so eventually payment industry also found its way to cope up with the pace in which the technologies evolve. Banks were computerized and People were introduced with payment cards through which they could make transaction which reduced the burden of standing in long queues to withdraw some bucks from an account. It reduced the risk of carrying cash to make transactions.

After some painful decades, at present we enjoy the luxury of carrying the cards easily to purchase anything-anywhere-anytime. As technologies evolve, now we have so many flavours of payment instruments like chip cards, contactless cards, wallets, mobile apps, etc. This blogger is created with the intention of giving as much possible information on all the possible sections of payment industry.



Saturday, October 7, 2017

Classification of Bank Cards based on technology


Payment cards can be classified into following categories based on the technology used,

Magnetic Stripe cards:

These cards have only the magnetic stripe tape on the back side of the card. The embossed magnetic stripe will have Track 1, Track 2 and Track 3 among which Track 1/Track 2 are only readable and Track 3 is read/writable. Track 3 is not used by any major card schemes like Visa, Mastercard and Amex in card payments industry. Track 1 is used majorly in Airline transactions as mentioned in IATA (International Air Transport Association) standards and Track 2 is used in all retail financial transaction as per ABA (American Bankers Association) standards.

Track 2 format is as follows,

·         Primary Account Number

·         Separator (=)

·         Expiry Date (MMYY)

·         POS Service Code

·         PIN Verification Value

·         Discretionary Data (Ex., CVV, CVC, CAV, etc.)

Track 1 format is as follows,

·         Format code

·         Primary Account Number

·         Separator

·         Cardholder Name

·         Separator

·         Expiry Date

·         POS Service Code

·         PIN Verification Value

·         Discretionary Data

The magnetic stripe readers at the point of sale will read the track data to make the transactions while swiping the card. The data present in magnetic stripe is static data and customer will be prompted for PIN or Signature validation during the transaction. Customer’s signature can be verified against the signature present in the panel present in the back side of the card.
 

EMV Chip cards:

Europay, Mastercard and Visa devised the standards for Chips in payments card industry thus it is called as EMV Chip cards. The embedded chip can interact with the chip readers present in POS machines and the transaction data changes dynamically for every transaction unlike magnetic stripe cards. The dynamic application cryptogram (ARQC) value generated during transactions are driven by encryption keys thus makes the chip transactions more secured and impossible to crack.

The chips are very versatile as there can be multiple applications installed in a single chip to perform different functionality (Ex. Credit, Savings and Current accounts in one chip). Track 2 equivalent will be used along with chip data in EMV transactions in which either CVV or iCVV will be present as discretionary data. EMV cards also has the magnetic stripe at the back side, the same can be used if in case the chip is in unreadable condition and the same is called Fallback transaction.

Contactless Magnetic stripe & Contactless EMV cards:

The contactless cards have an embedded contactless chip (different from regular EMV chip) capable of communicating with contactless readers through NFC (Near field communication) technology. The transaction can be made by just showing the card within the proximity of the reader. Contactless cards either pass magnetic stripe data or chip data with dCVV (dynamic Cardholder Verification Value) based on the type of reader it is interacting with.

Contactless EMV cards can be used in both contactless EMV & contactless magnetic stripe readers and contactless magnetic stripe cards can only be used in contactless magnetic stripe readers. These cards can also be used in EMV contact and magnetic stripe only POS machines.

In United States, most of the merchant issues & accepts only contactless magnetic stripe payments and rest of the world is migrating from contact EMV to contactless EMV capability. This is because US migrated to contactless technology even before the introduction of contactless EMV and so it will take lot of investment for them to upgrade the technology again.

PayPass and payWave are the contactless technologies adopted by Mastercard and Visa respectively.

Virtual cards:

In this upcoming future technology, there won’t be any physical cards issued and the cards will be present in mobile application. The virtual cards present in the mobile applications can be used like a contactless card just by tapping the mobile to interact with the POS machine using NFC technology.

Sunday, September 24, 2017

What is 3D Secure?


3D secure technology aims to mitigate Card-not-Present (CNP) fraud and meet the scheme mandate to utilise 3D Secure technology. Verified by Visa (VbV), SecureCode by MasterCard, Safekey by Amex, J/Secure by JCB and Pay Secure by RuPay are online programs designed to make Internet purchase transactions safer by authenticating a Cardholder’s identity at the time of purchase, before the Merchant submits an authorization request.

The goal of 3D Secure technology is to create a level of consumer trust and confidence in online shopping like that in the physical shopping environment. It is designed to improve both Cardholder and Merchant confidence in Internet purchases and to reduce disputes and fraudulent activity related to the use of payment cards. Banks can benefit from reduced costs associated with the most common types of Internet disputes.

The key objectives of the having 3D Secure technology are to–

·             Comply with scheme obligations by implementing 3D Secure technology.

·             Address the growing Card-Not-Present fraud.

·             Prevent fraudulent transactions at point of exposure through real time risk based scoring.

·             Increase online spend and have a good customer experience.

3D Secure technology is normally implemented at banks through an external vendor – Arcot.

In a real-world transaction, purchases require cardholders to present their payment cards to the merchant. The fact that a cardholder holds the card authenticates the cardholder. The merchant may read the magnetic stripe on the back of the card, and the cardholder may be asked to sign a receipt. These measures help reduce fraud. Criminals must steal a card to use it, and cardholders cannot easily deny purchases when their signature is on a charge receipt. Internet purchases, however, only require the cardholder to supply the card number, the expiration date, and sometimes the billing address during a purchase transaction. Thus, fraud rates are much higher for Internet purchases than for real-world purchases.

Criminals can obtain cardholder information, and cardholders can deny having made transactions (friendly fraud). Many cardholders are uncomfortable with this lack of security and do not make Internet purchases.3-D Secure aims to solve this problem by sending a cardholder a real-time one time Passcode for that specific transaction. When shopping at a participating Internet merchant, the cardholder will be required to enter this Passcode to complete a purchase.

3-D Secure is an XML-based protocol used as an added layer of security for online credit and debit card transactions. It was developed by Visa and Arcot to improve the security of Internet payments and offered to customers as the Verified by Visa service. Services based on the protocol have also been adopted by MasterCard, under the name MasterCard SecureCode, and by JCB International as J/Secure.

The basic concept of the protocol is to tie the financial authorization process with an online authentication. This authentication is based on a three-domain model (hence the 3-D in the name). The three domains are:

• Issuer Domain

• Acquirer Domain (the merchant and the bank to which money is being paid)

• Interoperability Domain (the infrastructure provided by the credit card scheme to support the 3-D Secure protocol)

The protocol uses XML messages sent over SSL connections with client authentication (this ensures the authenticity of both peers, the server and the client, using digital certificates).

A transaction using Verified by Visa/SecureCode will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not restrict this) including static password, dynamic passwords via token or SMS, and even chip card. The flow is illustrated in the following diagram:




 

 

Sunday, January 17, 2016

Bank Card Numbers

Bank Card numbers

Have you ever thought why most of the time a bank card number is of 16 digits?
Have you ever observed Visa card numbers always start with 4 and MasterCards with 5?!?
Have you ever tried to know whether a card number is valid or not?
Do you know a card number can actually show you what product it is and which bank issued that card?

Every Payment Card (Bank Card) is assigned with a number called Bank card number (also called as Payment card number) by the banks.

Bankcard number actually consists of three parts,
·         BIN (Bank Identification Number) or IIN (Issuer Identification Number) – the first 6 digits of a card number (Allocated by American Bankers Association to Issuers)
o   First digit of the BIN is called as MII (Major Industry Identifier) – Digits 2, 4, 5 and 6 are assigned
·         Individual Account Number (Allocated by Issuing Banks
·         Check Digit (calculated using Luhn’s Algorithm) 


BINs can be used to identify the Issuer Bank, Issuer Bank’s Country, Interchange Association of the Card and the Product type.
For example,

BIN 405028 in this card identifies the card issuer as ‘HDFC Bank’, Country as ‘India’, Interchange Association as ‘VISA’ and Product Type as ‘Platinum Plus’.
By Identifying the Country Code, billing currency can be identified.

Major Industry Identifier (MII)
Industry Category
0
ISO/TC 68
1
Airlines
2
Banking/Financial Institutions
3
Travel and Entertainment
4
Banking/Financial Institutions
5
Banking/Financial Institutions
6
Banking/Financial Institutions
7
Petroleum

8
Telecommunications and Health Care
9
National Standard Bodies


These numbers are assigned as per the ISO/IEC 7812 standards which define the numbering system for the identification of issuers of cards that require an IIN to operate in an international interchange environment.

ISO/IEC 7812-1:2006 Identification cards - Identification of issuers Part 1: Numbering system

ISO/IEC 7812-2:2007 Identification cards - Identification of issuers Part 2: Application and registration procedures

Registration of BINs

Issuers need to fill the application forms with all details of the industry category (to assign a MII), intended use of the IIN (Debit card, Credit card, ATM card, etc.,) and submit it to Sponsoring Authority of the nation. Sponsoring authorities are the members of ISO.

For example,
·         BIS - Bureau of Indian Standards
·         ANSI – American National Standards Institute
·         BSI – British Standards Institution

These Sponsoring Authorities will validate the information provided by the applicant for the compliance of application with ISO/IEC 7812 standards and if approved, forward the application to Registration authority. In case of the application being rejected the sponsoring authorities will write to applicant explaining the reasons for which the application has been rejected and help the applicant in appealing process.

Once the application is received the registration authority assigns a BIN from appropriate MII and makes an entry in the ISO register of card issuer identification numbers.

Luhn’s Algorithm - Check Digit

Luhn’s Algorithm (also called as Modulus 10 algorithm) created by IBM scientist Hans Peter Luhn is a checksum formula used to validate verities of identification numbers. This algorithm is helpful in distinguishing the valid numbers from incorrect or mistyped numbers.


Usually the check digit is appended to the end of the number to make it a complete identification number. The check digit can be calculated as below,

·         Double the alternative numbers starting from the number beside check digit (moving from right to left).
·         If the number is a double digit number after doubling operation, add the digits of the product.

Card Number
4
2
6
8
2
8
0
0
1
2
3
4
5
6
7
X
Doubling
8

12

4

0

2

6

10

14

Sum
8
2
3
8
4
8
0
0
2
2
6
4
1
6
5
X


·         Sum up the products,
Sum = 8+2+3+8+4+8+0+0+2+2+6+4+1+6+5 = 59

·         Subtract the unit digit from 10,
Check digit = 10- 9 = 1







Sunday, January 10, 2016

Credit Cards

These cards are issued by banks or financial institutions to customers using which they can make purchases or withdraw money in advance for a credit. The credit limit offered to the individuals may vary between person to person based on their spending capability. The total transaction amount can be paid in full (Payment Due) or partial (Minimum Payment Due) once the bill is received for the month. Usually customers get certain period (~20 days) to pay the due as a grace period and if the due is not paid within the grace period, certain fee and interest would be added to the due amount.

Once the application is received from a customer, the banks screen the application and arrive at a credit score. The credit limit and the card product which is offered to the customer will be determined based on the credit score. Normally the applications are forwarded to a Credit Information Company (CIC) which screens the application to arrive at the credit score. For example,
- CIBIL - Credit Information Bureau (India) Limited
- Equifax
- Experian
- TransUnion
- ICS - Iran Credit Scoring
- Creditinfo

There are different types of credit cards based on the features like a Co-branded card or an Affinity card. The option of paying the minimum due introduces us the concept of Revolving Credit. Loyalty points can be accrued for every transaction and the same can be redeemed to get Gift Vouchers, Air miles, Gifts, etc.


Features:
·         Can make a purchase even when the customer’s bank account is out of balance
·         Buy now and pay later
·         Option to pay a minimum amount as due
·         Rewards on every transaction (Loyalty)
·         Balance transfer


Note:  The concepts of applying for a credit card, credit scoring, printing of cards, revolving credit, different types of credit cards, loyalty and fee related to transactions will be explained in upcoming posts.

Saturday, January 9, 2016

ATM and Debit Cards

ATM Cards:

These cards are issued by banks or financial institutions that can be utilized by cardholder to withdraw cash from an Automated Teller Machine (ATM) or to avail other non-financial services (like a Balance Inquiry or an ATM PIN change, etc.,) in an ATM machine. A secret PIN is issued along with the card to enhance the security of the transactions which can be changed by the cardholder. The secret PIN has to be entered in all the card related activities.

An ATM card is always linked with a savings bank account and the amount is getting transferred from cardholder’s account (Issuer Bank) to Merchant’s account (Acquirer bank). ATM withdrawals can be made till the available balance of savings account is exhausted. The daily limit for ATM withdrawals is determined by the Issuer banks and it differs between banks.

Most of the banks now issue ATM cum Debit cards.



Features:
·         No need to carry cash
·         No need to visit the bank to withdraw money
·         Can withdraw money at any time (even on bank holidays and other than office timings)
·         Can be used at ATMs of the bank which issues the card and any affiliated bank

Debit Cards:

These cards are issued by banks or financial institutions that can be used to make purchases from any merchants or institutions through Point of Sale (POS) machines, to make purchases from any merchants through web sites (E-Commerce), to make cash withdrawals at ATM machines and other non-financial transactions at ATM and POS terminals.

A Debit card is always linked with a savings bank account and the amount is getting transferred from cardholder’s account (Issuer Bank) to Merchant’s account (Acquirer bank). Purchases/withdrawals can be made till the available balance of savings account is exhausted. The daily limit for purchase/withdrawals is determined by the Issuer banks and it differs between banks.



Features:
·         Can make purchases at stores without cash
·         No need to carry cash
·         No need to visit the bank to withdraw money
·         Can withdraw money at any time (even on bank holidays and other than office timings)
·         Can be used at ATMs of the bank which issues the card and any affiliated bank