Get To Know Technology Means Of Payment Using The Card

In contrast to the previous article which discusses digital access to finance directly to server/server of the bank (including ATM services) which means being in the environment under control, financial transactions using the card drape system third-party security and security features of the card.

Cards, in General, is a tool of identity other than bank savings book. The cards are more easily carried in the wallet and security technology the better. In the process, the technology allows the transaction without the presence of the card physically. Well, how do we as users can be sure of the security of transactions using the card?

ATM card is a basic identification card stating us as a customer of a bank so entitled to access such bank ATM. The addition of a debit card function on ATM card payment cards makes it into the most popular because it can be used in almost all merchant/merchant through EDC (Electronic Data Capture).

Credit and debit cards cannot be merged because the source of the funding of different debit cards comes from the personal account while the credit card debit card is where payment is made in advance by the bank. Both are included in the definition of APMK (means of payment using the card) from BI, while electronic money Card not included. Electronic money and other FinTech products will be discussed in the next article.

The Development Of Technology Cards

Card technology developed from previously only provided Ribbon magnet (magnetic tripe/magstripe) EMV chip, then became the NFC and biometric security. Magstripe cards very popular yet vulnerable once exposed cases of theft of data through a method of skimming so prohibited published again as of 1 January 2022. To minimize these risks, the BI issue commemorative hard which prohibits double swiping at the merchant and develop standards NSICCS national standard chip technology as a substitute for magstripe Debit/ATM card.

Based on ISO7813, data on ATM Card/Debit is written in parallel columns of 3 (track) behind a layer of black ribbon magnet card to preserve the integrity of

the entire data. The first and second track contains your name, card number, validity period, and the CSC1 (Card Security Code CVV, CVC Visa – MasterCard) for transactions direct friction (CP-Card Present). The optional third track is usually empty. This information can be taken with a magnetic card reader and cloned to another card.

Smart card technology with a chip developed by EMV, the consortium of the European Union with the Master Card and Visa. In the chip has an integrated computer system that ensures simple communication between the card and EDC in an encrypted form safe and appropriate State standards of ISO7816. However, as the needs of the user is growing more convenience of contactless technology card based on the ISO14443 standard. With the NFC card emulation technology on Smartphones, tokenization engineering of new cards can be used once the biometric authentication so that speed up access time card and data exchange while maintaining security.

Anatomy Cards

Sixteen numbers are printed on the credit or debit card has the international numbering standards. The first six-figure known as the BIN (Bank Identification Number) where the first digit indicates the switching company (e.g. 4: Visa, MasterCard, and 5:6: Maestro) and five the next number is an identification code of the issuing bank and card type (e.g. Card Independent Platinum Credit). The next nine digits is the identity of the customer with 1 the last digit is a checksum to make sure there are no consecutive identification numbers.

Printed information physical or stored in chips or magstripe is information string for the transaction directly with the download or download the swipe card dip. Transactions of CNP (Card Not Present) and write down the card information when online transactions, written on the back of 3 numbers CSC2 as an additional authentication that is different in CSC1 magstripe.

Some credit card issuers are adding features to the MFA by sending an SMS code to authenticate transactions in general called 3-d Secure (example: Verified by Visa and MasterCard SecureCode) that affect the Domain 3 validation when Transact.

The Grammar Rules Of APMK

Bank Indonesia Regulation in regulating APMK (means of payment using the card), the known existence of the term issuer (issuer), acquirer, and switching or payment network. The card issuer is directly related to the user and manage the billing and administration of customer relationships. Attached to the merchant acquirer and payment will be responsible as well as EDC devices.

In practice, many card issuer and acquirer in end-to-end is held by the same bank network (On-Us). Yet as between seller and buyer different bank or transactions in foreign countries with the different acquirer (Off-Us), the company provided switching so that the transaction can be done.

Get To Know Technology Means Of Payment Using Card

The Card
When the card communicates with the EDC, EDC will forward the data to the server for the acquirer. If the acquirer does not know the BIN from the card, then the acquirer has the default switching based on Principal cards (Visa or Mastercard).

The principals have all the data of the BIN and run forward to the server the card issuer to ask whether a transaction with the specified nominal at EDC can be authorized or not. In this process also publishers can do to block due to insufficient Fund, or even block the suspicion of the existence of fraud will be the use of transactions carried out abroad.

With the switching position is very important because as the Centre for interconnection payments, Visa and Mastercard payment of license fee from the scoop BIN, commissions per transaction, and interchange settlement. The regulation of Bank Indonesia concerning the National Payment Gateway or payment gateways then created to ensure that the cost of switching domestic retail transactions must not be out of the country as before with the introduction of domestic rules switching.

The introduction of EMV chip technology is indeed managed to decrease fraud on CP, but based on transaction data to US Payment Forum, fraud in the CNP transactions are predicted to increase. CNP transactions on the internet is one of the largest sources of fraud because of course merchant cannot confirm the identity of the card owner directly and rely on the services of the Internet Payment Gateway to perform verification and settlement transactions credit card.

In addition, the attack on the merchant's server every so often happens to steal credit card data.

How do we secure financial transactions using the card? In addition to General Internet security tips here, some of the tips below may be useful for us.

  1. Keep and save fine cards do not get damaged or lost. Immediately report it to the bank if it happens to get a replacement.
  2. Enclose the CVV2 code behind credit card transactions during the use of the CP.
  3. Save and destroy printout slip after a transaction at the store as well as the credit card bills to reduce the risk of collecting credit card numbers from the trash.
  4. Select a credit card issuer that provides added security by sending the code directly to your mobile number as an additional authentication of a transaction.
  5. Turn the MFA if any, minimal SMS notification when the transaction.
  6. Make sure does not happen a Double Swipe transactions CP.
  7. Be careful using cards with Magstripe because easily cloned, do not get off from view when doing transaction CP, and better running the cash register restaurant to give our cards.
As secure as any feature cards, if we do not maintain our own credentials, then nothing does all of these security technologies. Remember, there is no SECURITY without U.

The author, Satriyo Wibowo (@sBowo) is a Digital Entrepreneur Association of Indonesia Executive Board, b. Noviansyah (@tintinnya) is an independent security researcher, and Nugroho Gito, a banking Software Architect at IBM. All three are active in Indonesia Cyber Security Forum primarily in research related to Blockchain.

Source: inet.detik.com