QSecure has developed a suite of enterprise software solutions that enable issuers to quickly and cost effectively support both their SmartStripe and Display Card programs.
These systems have been designed using industry best practices for high security, throughput and reliability while retaining low operating costs. Further, the basic security architecture provides the flexibility to use alternate cryptographic schemes, allowing the issuer to select (or design) the scheme that best meets their needs.
These solutions also take advantage of industry standard servers, FIPS 140-2 certified hardware security modules (HSMs) and other commercially available components to further reduce deployment and operating costs.
The QSecure-Cryptogram Server
During the personalization process, SmartStripe and Display cards are loaded with issuer generated cryptograms that provide the dynamic data for each transaction.
The QSecure Cryptogram Server (QCS) is a stand-alone system that securely generates these cryptograms within the issuer’s secure facility or service bureau. After generating the cryptograms, QCS creates a personalization file that is loaded to the card by the issuer’s personalization bureau.
QCS includes a QSecure defined cryptographic scheme for generating cryptograms. It is also capable of supporting issuer defined cryptographic schemes. And the system is flexible enough that issuers can change schemes and algorithms over time as their needs change.
The QSecure-Authentication Server
Once in the field, the issuer must be able to authenticate their SmartStripe and Display Cards. The QSecure Authentication Server (QAS) provides card issuers with an enterprise software solution to integrate with their existing authorization system for real time authentication of the dynamic data generated by QSecure cards.
QAS allows issuers to identify fraud by validating the dynamic data for each transaction. It has also been designed to account for all types of transaction scenarios such as legitimate replay of transaction data (e.g. travel agencies completing a transaction from stored card data) and transactions that are out of sequence (e.g. those from merchants that batch process their transactions). This allows issuers to immediately differentiate between fraudulent and good transactions in real time.
QAS has also been designed to simplify integration with the issuer’s authorization systems. Interface options include messaging–based and web services based interfaces.
QAS is under the full control of the issuer and features issuer-defined parameters that ensure it can meet the unique needs of every issuer.