Bingodumps.net | Storage
Payment cards: types, types, categories, features
Today we are talking about plastic cards. What exist, their types and features. Plastic cards today perform the role of a settlement tool combining also the functions of deposit and credit nature.
Plastic bank cards exist in order to make our life easier, namely for non-cash payments.
The card itself is a plastic plate, the standard size of which is 85.6 mm, 53.9 mm, 0.76 mm. The card is made using a special technology from a special plastic that is resistant to mechanical damage and excessive temperature fluctuations. If we reduce everything to a primitive, then the main function of the card is the identification of the holder with its subsequent possibility of conducting a non-cash payment (payment).
The vast majority of cards use the 16-digit standard, where the first 6 are the bank identification number, aka BIN (bank identification number). The next 9 digits are the individual card number, its account in the system of the issuing bank. The last sign is a control sign.
Card payments can be made at any point of sale equipped with a POS terminal, as well as online. The plastic card payment itself is divided into the following stages: first, the terminal authenticates the card and checks its authenticity and the availability of the required funds by connecting with the processing center.
Then funds are debited from the card account and a receipt is generated. Basically everything.Further, the point of sale transfers all the checks collected during the day to the acquiring bank, which in turn makes calculations, and also transmits information to the processing center about transactions on cards that it is not the issuer of.
The processing center, based on the information received, makes all transactions and provides all parties with appropriate documentation and reports.
Before you start qualifying plastic cards, you need to understand that there are many qualifying features. In this lecture, we will touch on most of them.
From a technological point of view, cards, in popular language, can be divided into 2 types: with a magnetic stripe and a chip. Cards simply with a chip are practically not used anywhere. A combined version of the magnetic strip and chip is used. Cards with a chip are also called smart cards.
A magnetic stripe is needed to record information about the card and its holder on it. Magnetic stripe cards come in three formats ( ID-1, ID-2, ID-3), but the first format is the most widely used.
There are three tracks (tracks) on the magnetic strip. Most often, the first two are used, where they write down the card number, its validity period, the name of the cardholder and other related data.Those who want to work in real life should know that it is possible to write down ANY information on the dump. But first of all it concerns the name and surname of the holder: we put there any data on which we have an idishka with our muzzle, the rest of the data we leave the real holder and go shopping)) But this is a lyrical digression. Cards with a chip (EMV, microprocessor) are much more secure. On the chip itself, an array of information is recorded, including the PIN code. Thus, for example, opening the pin in front of the reading equipment is not required.
Also, the microprocessor chip is self-sufficient in some cases and does not require a permanent connection to the bank. The main point is that copy (dump) The chip is practically not real. More precisely, it is real in theory, in practice it is not feasible. Such cards, in addition to advanced authentication, also carry out risk assessment of the transaction, as well as verification of the holder. The main method of confirming the authenticity of transa in online transactions is authentication. To do this, there is a special method for generating the ARQC cryptogram by the card itself for each operation separately. This isn't exactly relevant for online scams, but it's a good thing to know.
These cards are considered much safer than just a card with a magnetic stripe as it is much more difficult to compromise and fake. All the most common MPas today fully support this type of card, and it, in turn, is trying to actively spread around the world.
The EMV standard is open and can be found on the developer's website. It is unlikely that anyone will be interested, but here https://www.emvco.com / Cards with microchips are most widely distributed in Europe, there are still few of them in the US. The reason is in the banking lobby itself: equipment purchased for decades to come under the old format and the reluctance of large banks to re-equip the technological base to meet new requirements. There are also smart cards with a magnetic stripe and NFC chip that allow you to make a contactless purchase with a POS terminal or a device that can perform such operations.
By the way, a card with a chip, it is also a microprocessor, it is also an EMV card, appeared not so long ago and developed it, or rather the first who began to jointly develop the technology were "VISA Inc"and" MasterCard Worldwide". EMV technology is not the simplest and it is not possible to describe it in detail in the first place within the framework of this lecture, and secondly it does not make sense. We will touch upon the written truths and the most important things for us.
Basically, an EMV microprocessor card is nothing more than a smart card. It is based on the ISO/IEC 7816 or ISO/IEC 14443 standards for the contactless version.
The beauty of microprocessor cards is that they have decently changed the very processing of payment by the bank and other participants in the transaction.
I talked about the difference in authentication in a previous lecture. Here I will only repeat that authentication is not identification and the task of this operation is to make sure that the card is authentic. That is, this operation has nothing to do with identifying the holder. This is a technical element, it is quite important (I covered it in more detail in the previous lecture)
So, when performing an operation, the terminal reads the card data and sends it to the payment system through the acquiring bank. Naturally, we are now talking about making a purchase through a POS terminal.
When making online purchases, due to the fact that authentication is virtually impossible (such a transaction even has a special classification CNP - card not present), this stage is not performed. In the case of online transits, everything is a little different. Only CVV/CVC remains on guard of anti-fraud from the fundamental things. This is not counting software methods and tools.
Trying to actively implement dynamic CVV codes: the so-called DCV (from the word dynamic). But of course nifiga does not come out and will not come out for a long time. The technological base is outdated, the development of which cost billions of dollars around the world and no one will change anything now. The nonsense of this idea is that in one of the proposed options, the map should have a graphic display. That firstly increases the cost of its production, and secondly brings another technological link to the process of performing the operation with all the consequences that follow from this.
The general consensus among issuers for many years has been found long ago: they will not officially change the infrastructure. Everyone is quite satisfied with the 3 - dsecure technology, which is also not very popular, frankly.
Now, regarding the material from which the cards are made: this parameter is no longer relevant in fact, since in our time cards are made only of plastic. Previously, there were paper (cardboard) cards, but now this is not even a rarity, now they simply do not exist in the paper version.
The next feature, which by the way is not mutually exclusive, is the purpose of the map. The card can be issued for financial transactions, identification or information.
For example, employees of a large enterprise can get a card that will play the role of a pass, have a cash balance that can be spent in a local canteen. Or another example, in the gym, the card is both an access key and a means of calculation (which is pre-linked to your paypass through interaction with a proprietary application on your smartphone).
Recently, there has been a clear trend towards combining different functions in plastic cards. It's convenient.
The next feature is the calculation mechanism: it can be bilateral or multilateral.
In the first case, there is an agreement between the two parties to the settlement / settlement. As a rule, it is used in closed networks (bonuses, miles, points) and is controlled by the card issuer.
In the second case, the card holder can use it in various points of sale that accept it as a means of payment (these are the classic payment cards that we know).
The next feature is the type of calculations performed. Here, the cards are divided into credit and debit cards.
The first are directly related to the opening of a credit line in a credit institution in the name of the card holder. This allows the holder to temporarily and for a fee use the bank's borrowed funds in the amount determined by the terms of the contract.
The holder receives a certain credit limit, which he has the right to exhaust and which he is obliged to repay within the time limit set by the contract. As a rule, the more a person spends on a credit card, the greater the credit limit they will receive from their bank.
In the case of debit cards, only those funds that are directly available to the holder are spent. In most cases (with a few exceptions in the form of a technical overdraft, for example) such cards do not allow you to make payments if there are no funds in the card account.
Also separately I want to highlight prepaid cards (prepaid), they are also " prepa” - these are those cards on the balance of which there are already certain funds and they can be spent as a rule after activating the card in the issuer. I'll say a few more words about them later. The following feature: the nature of use: the card can be individual-issued to a specific person, can be of any level; family - issued to members of the holder's family; corporate-a card issued to a legal entity for different or specific purposes. So there is a card for purchases, for paying for stationery, and so on. Also, these cards can be registered, issued in the name of the director or chief accountant. In such cases, these persons open a bank account linked to the company's main account. Responsibility for these cards is not borne by the persons using the card, but by the legal entity to which the katu was issued.
The following characteristic: field of use. Here everything is simple-cards can be either universal, which can be used for any payments at any point of sale, or individual, which can only be used to purchase a certain product / service (gas stations, hotels, large monobrand stores).
The next factor is territorial affiliation: cards can be international (valid in most countries of the world, such as VISA or amex), national (valid within one country, such as MIR), local (used in a specific territory within the country).
The next factor: the method of recording information on the card: there are mainly magnetic stripe coding, embossing, chip and their combinations. Although there are still a couple of methods such as applying a barcode or QR code, for example. But they are in the minority, and therefore we do not care much.
And the last and very interesting factor is the categories of maps. Banks and other financial organizations form different financial products based on the market situation and targeting different segments of the population.
Different segments have different map categories. The card category, in turn, determines the status of the holder.
As a rule, the higher the status, the more nishtyakov the holder gets and the steeper his card.
According to established international practice, there are globally three categories of cards: electronic, classic and premium.
Electronic cards are the cheapest entry-level cards. They can be either debit or credit. According to science, this level is called for example Visa Electron for VISA or Mastercard Electoronic or Maestro for Mastercard, respectively. Distinctive features of this level: low cost of annual maintenance, no special programs, no cost overruns.
Another cool feature of this entry - level card (you probably didn't know) is that they are considered the most secure because of the mandatory real-time authorization requirement. Until recently, operations on the Internet for them were prohibited by default.
As a rule, such cards are issued as a financial instrument for a salary project or, for example, some special retail lending programs, or they can be issued free of charge. These are fu-fu-fu cards and a decent carder, as you know, does not need them.
The few electrons that are found in the shops-most likely a complete mess. All kinds of Instat Issue cards fall into the same category - these are those that are issued to the client instantly and are not personalized (that is, they do not have the holder's first and last name marked on them).
The next level (which is already suitable for us) This is a classic level: Visa Classic or Mastercard Standard. There can also be both debit and credit cards. The main client is people with a stable income that does not exceed the average.
Such cards usually have the most balanced package of services and the most sensible ratio of the price of service and services provided by the bank. From practice, I will say that on the classics there are flying amounts more than at premium levels, but rather this is a rarity.
Those who are going to drive UP to 1k, you can take the classics as well. For amounts less than 600-500 bucks, you can not even steam-this level is suitable.
At this level, the cards are already personalized, embossed: the holder's name, expiration date are stamped on the front side of the card.
By the way, embossing is a kind of rudiment, now not used for its intended purpose anywhere. Previously, embossing was required for imprinting. Now the cards are no longer rolled anywhere in this way.
These cards are available for both online and offline transactions (including cash withdrawals at ATMs).
The next big category of cards is premium cards. My most favorite! Similarly, they can be both debit and credit. By the way, credits on premium cards can be impressive: 30-50k will not surprise anyone.
The number of such cards include Visa Signature and Infinite, as well as maps of the World.
On these cards, there are always a number of other services and additional services (such as cashback, various discounts, information products, insurance and other such things).
Gold cards are privileged, and platinum cards are even cooler - they get an extended service package, but on even more favorable and convenient terms.
In the United States and Europe, the premium level of cards is available only to those who really earn much higher than average (you can go here and easily get yourself platinum).
I would now like to go through the maps directly in the United States in more detail, since most of us will work in this country.
As we know, there is a Federal Reserve System in the United States(https://ru.wikipedia.org/wiki/%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F_%D1%80%D0%B5%D0%B7%D0%B5%D1%80%D0%B2%D0%BD%D0%B0%D1%8F_%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0 %B0), something like our Central Bank, but cooler.
In addition to it, there are both MPs and many credit organizations of national and local scale. Many of them have a permit (license) to issue and service plastic cards, make non-cash payments and carry out clearing operations and acquiring.
These systems are all different and differ in many ways. First of all, we will look at those organizations that serve maps.
The relevant permits are issued to organizations by the licensing authority in each state separately.
Of course, you should start with VISA. As we know, VISA is ubiquitous and in the US it also shares a pedestal on a par with Mastercard.
VISA is an international payment system that provides a safe and uninterrupted flow of funds through the eponymous plastic cards.
At the time of writing this lecture, more than 20,000 credit institutions around the world were connected to the system. It's like 20.000 banks so then.
More than 200,000,000 transactions are processed per day, and the processing speed of a single request is about 1.5 seconds.
As I already wrote in one of the previous lectures, the activity and procedure of the IPU is regulated by its rules and regulations.
Below, we'll take a quick look at the most basic map categories:
Classic - the most basic, standard functions (such as withdrawing cash, replenishing the balance at ATMs, making purchases online, etc.)
Gold - the first stage of premium cards, has certain requirements for the potential holder. In turn, it gives more privileges: increased limits on cash withdrawal, all kinds of discounts and loyalty programs, depending on the specifics of a particular product. Platinum is the next step in the hierarchy. It has all the same as the previous two only even more advanced features. Accordingly, the requirements for the holder are the same. Yes, they are increasing.
Signature is in general the apotheosis of high. This product has everything. It gives the maximum possible withdrawal limits, as well as all possible bonuses, a lot of options when traveling and other highs. The holder requirement (and the amount of annual maintenance) are appropriate.
Infinite is the same as signatures, only EVEN more exclusive. Holders infinitec - really very wealthy people.
Black is ilita ilit. I don't even know if there are such cards in real life or not, but in visa services it is. This is a direct exclusive of exclusives. Issued on a special occasion. And not for everyone. I beat like that. I didn't notice the difference. Signatures and just gold is better imho)
Regarding business cards (issued by visa), there are several products there. And prepayments (prepaid) and credit, and signatures and anything else:
They are issued in the same way as for physicists-depending on the size of the organization, its financial performance and needs. There is an opinion that business cards go best. This is not true)
Now we go further to Mastercard. As far as you know, it's a rival firm. It's hard to say who is "bigger". Different regions are dominated by different MPs.
In fact, they are about the same in their distribution. Now about the maps. The main maps of this MPC are as follows:
Maestro is an analog of Electron from VISA. Terrible horror and bespontovoe bullshit. Standard-analog of Classic from VISA
Gold-analog of Gold from VISA
Platinum-analog of Platium from VISA
World-a premium product for travel (it is not desirable to drive from it)
Elite-an analogue of Infinite from VISA
Next up is American Express or amex - itself a premium MPC. Anyone who has
an Amex card is already considered a successful white person.
Cards are cool, holders are even cooler. I strongly advise you to get to work. The product line at Amex is meager: the standard card card - nothing remarkable, just a card and a card (with nishtyakami Amex type round-the-clock voice support for example).
Gold card - the level of service is higher than the standard one: availability of bonus programs, participation in insurance programs, concierge service
Platinum card - like gold, only still cooler at times. The height of the heights is shorter. And of course I can't help but mention Centurion. This is a straight space rasp in a square: the rarest map in the world. The trick of the card is that at the end of the calendar month, the holder is required by the contract to repay the entire credit line, which by the way does not have a limit)) And the annual maintenance of the card costs about 2k) To be able to apply for Centurion, you need to spend at least 250k per year on the card. Think about it.
Now a few words about authentication.
Authentication is a purely technical process by which it is confirmed that the card is issued by a bank that has authorization for this action from the relevant international payment system (hereinafter referred to as the IPU) and that it is the original card issued and issued to the holder, and not its clone (dump). Technically, this happens in this way: the payment card data is sent by the terminal to the issuing bank through the acquiring bank and the payment system.
After receiving this data, the issuer either confirms the transaction or does not skip it. Magnetic cards are authenticated quite simply( and stupidly): statistics are used that do not change over the entire life of the card. This data is transmitted to the issuing bank and the bank simply checks the data and confirms the transaction. Thus, with a full copy of the magnetic strip, you can easily "copy" the card itself. What is actively used by realists.
This is done by the way elementary, literally in a second, swiped and voila-dump, consider, in your hands.
This is exactly the security points I was talking about. This is what made us develop and implement a new standard of chip cards, which are simply impossible to dump.
The risk of fraudulent transactions is traditionally high on magnetic cards and the terminal does not de facto assess the risks.
While, for example, in the case of EMV cards, when buying offline, the terminal will most likely ask you to enter a pin code, thereby identifying the owner. The main vulnerability of the EMV standard is just the same and is the ability to conduct a transaction without using the chip directly-stupidly copy the magnetic stripe.
So, if the card was dumped, the issuing bank does not have the technological capabilities to determine whether the card is the original or someone's dump.
In one of the previous lectures, I said that one of the main components in payment transactions with cards is authentication.
It should not be confused with the identification of the holder (holder).
All hope is in the POS terminal, which can (and should!) ask for a transaction using a chip. However, there are (and the regulations provide for!) situations where you can make transactions with EMV cards by using a magnetic stripe (for example, if the chip is damaged). But this is all regulations and theory, in practice, if you give a dump WITHOUT a chip, and the POS asks for a trance on the chip, then at least the seller will ask for another card. As a maximum - garbage and a bottle (crossed out) of the bullpen. With respect to cards with a chip, authentication is performed by using a digital signature of the card's statistics and the transaction data itself.
What does this mean in human language?
The digital signature (also known as the secret key of the chip) is recorded in the memory of this chip at the manufacturing stage. This digital signature is unique and cannot be extracted without breaking the integrity of the chip.
A distinctive feature of EMV cards is that the issuing bank can " communicate” with the card: initiate mutual authentication (send its cryptogram to the card) or update the card data (block or update the limit).
By the way, issuing banks, when implementing the new standard (namely, from January 1, 2005), transferred responsibility for the fraud and lost funds to business entities that made the sale or the bank itself if the fraud was committed through cards that do not support the EMV standard.
Now let's understand the intricacies of working with maps. There are many considerations. I'll try to fit everything into one lecture. Before I lose my mind, I'd like to tell you something about prepaid cards. There is one interesting feature. In addition to those issued by a financial institution (for example, a bank) and which can be further replenished, prepay cards with a fixed cost and balance are very popular in the United States. Such prepa are sold literally at every step and vendors have a huge number. So, you can easily buy a prep from Amazon, Walmart or Verizon. The popularity of such prep is due to several interesting facts.
First, buying such a card and using it on the Internet for further purchases, a person does not shine his main card, which, you will agree, is dangerous these days (gygygy). By the way, I will say that there are actually a lot of paranoids in the states.
Those who basically do not buy anything online, just not to shine their card number. The second reason is that such prepa are often used as a gift. It is not fashionable to give a cache (and not always appropriate), but such a card is the most important thing.
A man gave such a card to his 13-year-old nephew, and he took and bought a subscription to pornhub for himself and everyone is happy: we have uncle not sosnifili number his cards, plemyash sits nayarivaet fiercely and pornhub with visoy earned. Just some kind of global happiness and love!
Yes, just a few words about how the cards work with a certain balance: you buy, hand over the card (optional) or keep it for yourself, the beneficiary activates the card online and voila, you can use it. In many payment services, such cards will be blocked.
Thus, you can use it only on the service that issued it. That is, in fact, the person simply turned off the service that issued the card.
In fact, if you call a spade a spade, any debate is Galima prepca. For us in the hierarchy of the cards, these occupy the last place because by nature they areconcerned and holders or illegal immigrants who are not issued a credit card (by the way I XS what should be done for fucking a dick to you in the States had not made a very simple card!) or a pimply 15-year-old drocher who can't have a credit card for objective reasons.
Regarding EMV cards, there are a number of common and important questions. I decided not to make a separate lecture, but to include them in this one, since the topic is still the same.
Q: Is it possible to copy data on from one chip card to another?
Purely in theory (technically) this is feasible. Provided that we have a map with a clean app (not personalized). But there is another point: since it is not possible to make a copy of the card keys, the application will generate incorrect transaction signatures all the time. At this point, just happens pale-any online transactions
(not to be confused with online shopping!) I will be rejected by the issuer. And due to the fact that there are no keys, it will also be impossible to perform CDA / DDA authentication. The only vulnerable point is the offline authentication SDA. But even here there are difficulties: this method, as the only authentication method, is unacceptable due to the fact that it is considered outdated and dangerous.
Q: Can I copy the data of an EMV application to a magnetic stripe?
Yes, you can. Tracks for the magnetic stripe are easily compiled from the application's EMV data, except for one small parameter: Service Code (aka service code). In the case of EMV cards, the Service Code indicates to the POS terminal that the operation should be performed using the chip. If you take and copy this code to the magnetic track, the terminal will try in vain to perform the operation using the chip (EMV application).
In fairness, of course, I will say that there is still one cool gap in these miracle cards. I wrote earlier that manufacturers and issuers have not yet reached a general consensus, and therefore there are standards and compatibility modes for combined cards: these are those that have both a chip and a magnetic stripe (well, that is, EVERYTHING)). So, it is possible to copy the data of one magnetic stripe to a card with a non-working chip and perform an operation called fallback.
Quite officially, if it is not possible to read the chip, the terminal conducts a trance along the magnetic strip. In a number of banks, such operations will be rejected for obvious reasons. In the same place where they will be accepted, the risk for these operations will fall on the acquirer. There is also an interesting question about NFC cards and the ability to make payments without the holder's knowledge, for example, walking between the rows in a movie theater or public transport.
I'll write a separate lecture, but in a nutshell I will say the following: it is possible for example to arrange online payment, creating a channel between the map (which is for example in the victim's pocket or backpack) and a mobile phone that will emulate a NFC card (HCE application).
To do this, two of the cheapest mobile phones with NFC support will be required, a host with a white IP to send traffic online between mobile phones and clear work within the team.
But here the problem is in limits without entering a PIN.
That is, one person stands near the victim reading her card, and the second lays his phone at the checkout in ZARA hahahaha))
In fact, in a separate lecture, I will cover in detail all possible options for working with NFC. From the fantastic to the real!