February 2013, the People's Bank of China issued the "Chinese Financial Integrated circuit (IC) card specification (V3.0)" (hereinafter referred to as PBOC3.0), PBOC3.0 in the People's Bank of China in 2005 promulgated the "Chinese Financial Integrated circuit (IC) Card Specification (2.0)" (hereinafter referred to as PBOC2.0) on the basis of the industry experts have been a number of discussions and continuous revision, supplemented and perfected, the upgrade to adapt to the bank card business development of new requirements for the further expansion of the financial IC card application laid the foundation for the promotion of financial innovation and improve the level of financial services to the people's livelihood is of great significance.
I. Background of the promulgation of PBOC3.0
December 1997, the People's Bank of China on the basis of reference to international standards, combined with domestic financial application needs, issued the "Chinese Financial Integrated circuit (IC) Card specification V1.0", the industry later called this specification PBOC1.0. From the content point of view, the PBOC1.0 specification defines the E-wallet/E-passbook application, which specifies the interface of the card and terminal, the technical specifications of the card itself, the application-related transaction process and the technical requirements of the terminal.
To meet the needs of the development of financial IC applications, the People's Bank of China launched the PBOC1.0 revision in 2003 to complement the E-wallet/passbook application, adding a debit/Credit application compatible with the EMV2000 standard, supplemented with contactless IC card electrical protocol features, e-wallet extension applications, debit/ The application of personalization guidelines was credited, and the PBOC2.0 specification was enacted in March 2005.
To promote the application of the financial IC card in the field of small payment and fast payment, the PBOC issued the PBOC2.0 specification version 2010 in May 2010. The 13-part specification adds non-contact payments, E-cash based on debit and credit, to meet small, fast-to-pay market demands.
In order to meet the needs of China's social security payment, promote the healthy development of financial IC card, March 15, 2011, the People's Bank of China issued the "People's Bank of China on the promotion of the Financial IC card application work", said "Twelve-Five" during the nationwide comprehensive promotion of financial IC card application, To promote the industrial upgrading and sustainable development of Bank of China card. At the same time, the People's bank also put forward the IC card Processing Environment transformation and bank card issuance timetable, which marks the domestic financial IC card migration began to advance comprehensively, IC card migration into a critical period. After nearly three years of efforts, the PBOC3.0 standard came into being, the People's Bank in February 2013 formally promulgated the implementation.
second, the main content of PBOC3.0
The PBOC3.0 consists of 14 parts (part 1th of the original PBOC2.0: Wallet Passbook Card, part 2nd: Wallet Passbook application, part 9th: wallet passbook extension deleted), respectively:
The 3rd part: the IC card and the terminal interface which is irrelevant to the application;
Part 4: Debit Credit Application;
Part 5th: Debit Credit Application card;
Part 6th: Debit Credit Application terminal;
The 7th part: Debit Credit Application security;
Part 8th: Non-contact specifications unrelated to the application;
Part 10th: Debit Credit Application personalization guide;
Part 11th: contactless IC card communication;
Part 12th: contactless IC card payment;
Part 13th: Small payments based on debit and credit applications;
Part 14th: Micro-payment extension applications based on debit and credit applications;
Part 15th: E-Cash Dual-currency payment application;
The 16th part: IC card Internet terminal;
Part 17th: Debit Credit app security enhancements.
Combining the latest technology and safety standards at home and abroad, PBOC3.0 has perfected the underlying standards and security algorithms of the financial IC card, enhanced the interaction adaptability between the card and the terminal, and introduced the elements such as mobile payment, industry multi-application and so on to improve the security of financial payment.
analysis of similarities and differences between PBOC3.0 and PBOC2.0
1. Security enhancement
In the light of various factors such as national financial security, PBOC3.0 in the 17th part of the detailed definition and description of the state-secret algorithm in the Financial IC card application, that is, PBOC3.0 's financial IC card can support SM2/SM3/SMS4 (National secret Algorithm) and Rsa/sha-1/3des (International algorithm )。 The two sets of algorithms support the indicator label DF69 through the SM algorithm to switch.
The principle of two algorithms switching is: The terminal and the card use the common support algorithm to complete the transaction, and follow the principle of State secret algorithm priority.
2. Increase Application
(1) Non-contact IC card Small Payment expansion application
In order to adapt to the financial IC card cross-industry multi-application needs, to promote the financial IC card multi-use for the benefit of the people's livelihood, PBOC3.0 in the 14th part of the expansion of QPBOC extension applications, distribution of extended application files to meet the financial IC card in the metro, bus, highway charges, parking fees, railways (high-speed rail) and other applications, as well as other banking custom applications and retention applications.
(2) e-Cash dual currency application
With the promotion of international IC card migration, China's financial IC card is further compatible with international standards for Hong Kong, Macao and overseas cardholders to provide convenience, PBOC3.0 the 15th part of the dual-currency electronic cash and dual-currency QPBOC application, the dual currency trading tag is mapped to maximize the cardholder in the two currencies between the rapid conversion.
(3) IC card Internet terminal
In order to promote the integration of financial IC card and network payment and mobile payment, PBOC3.0 in the 16th part of the IC card Internet terminal content, the IC card Internet Terminal security system, application scenarios, transaction procedures and other aspects of the detailed definition and interpretation. IC card Internet terminal effectively introduced mobile payment of new elements, a variety of application scenarios to solve the cardholder to the bank Counter queue processing business distress.
3, the original content upgrade
(1) Increased aid reservation and allocation
Tag is reserved for future use, and code rules and retention rules for aid are defined.
(2) revised the GAC and GPO command data related content.
The card processing method is clarified when the GAC is inconsistent with the GPO command data.
At the terminal level, it is also clear that if the card return label repeats, the terminal should terminate the transaction;
The 9F63 requirements are added to the card Online GPO response data to accommodate the growing demand for applications;
Clarified the format that the GPO response should follow.
(3) The relationship between executing the issuing bank's certification and executing the issuing bank's script is clarified.
The card should be able to handle the application unlock command, regardless of whether the issuing bank certification is executed, if the issuing bank certification execution but failed, the card should refuse to execute the card issuing line script, and recommend "6985" response to the issuing line script command.
(4) Modify the 9F63 product identification information.
9F63 is named "Product identification" to identify the physical form, use, etc. of the cardholder's equipment product.
(5) Added section 6.5, "Rules for personalization data to be followed"
In addition to the rules, it also clarifies the requirements for the custom data of the issuing bank in 9F10, and the revisions of these parts combine the experience of the commercial banks ' access to the UnionPay network, which is of guiding significance for the personal data of the commercial Bank's card issuer.
(6) Revision of non-contact IC card communication parameters
The revision of the parameters is intended to be compatible with ISO/IEC 14,443:2011.
(7) Increase of two transaction logs
Logging requirements: When the electronic cash balance (9f79) in a card is successfully overwritten by the set data (Put) command, the card should record a loop log.
Added QPBOC transaction log requirements (the issuing bank is optional).
(8) Major revisions to other terminal sections
The terminal shall not terminate the transaction due to the wrong name of the cardholder;
The method by which the terminal obtains the electronic cash balance in the card at the time of trading and after trading;
The authorized amount is 0 of the processing: if the authorized amount is zero, unless the terminal payment QPBOC extension application, the terminal with the ability to online should be in the terminal transaction attribute byte 2 of the 8th place to request the online application of the ciphertext; If the authorized amount is zero, only the terminals that support offline should terminate the transaction unless the terminal payment QPBOC extends the application , prompting the cardholder to use a different interface, if one exists.
(9) Major revisions to other card parts
Revised the processing method of the card continuous Mac error. When a card executes a script command that receives a MAC error, it should not be allowed to execute subsequent issuing line script commands;
Revised the approach to "flash card";
Clarified that the Qpboc no longer set LOATC.
4. Remove the non-applicable section
Removed the e-wallet/E-passbook application and its extended application;
Deleted the debit and credit application of the DDF description, removed the terminal in the application of the choice of the DDF support, while forcing the card does not use DDF;
Removed MSD application-related content from contactless payment applications.
Iv. the impact of PBOC3.0 promulgation on industrial development
The promulgation of PBOC3.0 is propitious to the challenge of China's bank card industry to cope with the development of international bank card technology, meet the needs of the people for safe and convenient payment methods under the new situation, promote the technology upgrade of China's bank card industry, and promote the combination of the application of China's financial IC card and industry application. In order to accelerate the application of China's financial IC card popularization and industrial development provides guidelines and development opportunities.
At the same time, the promulgation of PBOC3.0 further consummates the financial standardization system, which provides a strong support for improving the financial service level and guaranteeing the healthy development of finance industry in our country.
V. Concluding remarks
PBOC3.0 specification of the establishment and promulgation, lasted nearly three years, is the relevant ministries, financial institutions, IC card industry chain units and other collective wisdom crystallization. In line with the publicizing and implementation of the PBOC3.0 specification, the bank card Testing Center as an independent professional third-party testing institutions, timely participation and follow-up of the establishment of the PBOC norms, has been updated in accordance with the PBOC3.0 in a timely manner or newly developed to adapt to the PBOC3.0 requirements of the testing tools and testing platform for the overall introduction of PBOC3.0 phase Test project to meet the requirements of the testing of IC card and terminal products according to the new specifications; Meanwhile, the bank card Testing Center for the commercial banks, IC card-related enterprises to carry out the "PBOC3.0 testing standards, technology" as the theme of training seminars, and actively cooperate with the new standard landing implementation.
The difference between PBOC2.0 and PBOC3.0