CA2779774A1

CA2779774A1 - Universal recognition platform

Info

Publication number: CA2779774A1
Application number: CA2779774A
Authority: CA
Inventors: Jeffrey Moscoe; Sacha Diab; Marc Lavine
Original assignee: One Inc
Current assignee: One Inc
Priority date: 2012-05-30
Filing date: 2012-05-30
Publication date: 2013-11-30

Description

, . =
. . , .,=
= 1 Application number / numero de demande: 0-31- '11 -Ty Figures:
Pages: 19 021 e.P .93 ac-t 30 gµf 35 3c, 41 ci-?,..51, 521 6,044 r, 4,-?100( -f-qt 14-1,,- 49,i___-}-1&4_1-o-4----(1311'15,.o1 J3$ __13`t f3.1_14/_,J5it 151 I 5 (t. k_,x_kac.4 ILaccili4;_on /Si" /601:CA/et rivei&la..rbJa: rin ,;.5;_g__)'_9,1_p_cay 3 (40 ekg45(11-N ______________________________ AdoL-4.1n_ 0 .I clirk _________ 42c1.4-..a- 1.41ski-4-1 .rol42/34-Ificcater.kith LiAiR4s4.iõ----------------------------------------------------------------= = =
itak.LerSad 5.1OLL' =
Unscannable items received with this application (Request original documents in File Prep. Section on the I 0' floor) Documents recu avec cette dernande lie pouvant etre balayes (Commander les documents originaux dans la section de preparation des dossiers au 10eme etage) 001CS , a's ahi iuu,ptLb2 Ot-. Joftl40r61)0() Upc=rot-z4.1.-ci:or s rn (0.4_ bam.. ..(QQ).4jAcjL4 unC..,r 'ten t,*6 S.Du-Ska. aierreLS , SS4C-V4q 7.-12Cot Z-ocialto_12 pa.grleK loccd.cans.
ctufl c.Akt.e) .=
= = .
, .
= ' =

ONE INC. UNIVERSAL RECOGNITION
Inc.
ONE INC.
UNIVERSAL RECOGNITION
MANUAL
Page 1 of 166 ONE INC. UNIVERSAL RECOGNITION
This Manual contains the following Sections Overall Introduction ¨ Business Overview Executive Summary One Inc ¨ Customer Universal Recognition - Introduction Registration and Enrollment Universal Recognition One Inc. - Central Processing Platform One Inc. ¨ Data Classification and Encryption One Inc. ¨ Card and Token Issuance Requirements Information Gathering for One Inc. and Partners Project Management Methodology Testing Strategy This manual is organized so that it can be read end to end.
The sections within the manual are also created to stand alone.
In this way, the processes and functions within Universal Recognition and Enrolment can be clearly identified and shared with partners within specific areas.
It should be noted that even though there is one overall table of contents, certain stand alone sections also contain their own table of contents for easier extraction.
Page 2 of 166 ONE INC. UNIVERSAL RECOGNITION
Table of Contents BUSINESS OVERVIEW ............................................................

Executive Summary ............................................................

The Marketplace Challenge ....................................................

Universal Recognition Token ..................................................

Registration with Customers and Partners .....................................

Enrollment ...................................................................

Data Maintenance .............................................................

Universal Recognition ........................................................

Security, access control, and encryption .....................................

Technology platform ..........................................................

Conclusion ...................................................................

SECTION - Enrollment for Customer Universal Recognition ......................

One Inc. - Card Registry and Enrollment ¨ highlights .........................

One Inc. - Card Numbering and Issuance - Overview ............................

One Inc. ¨ Number assignment and tracking ....................................

Major industry identifier ....................................................

Issuer identifier number - 636831 ............................................

Number Assignment Registry ...................................................

One Inc. - Card Numbering and Issuance ¨ Example Process Flow ................

One Inc. - Number Issuance ¨ Process .........................................

Card Number Assignment and Linkage ...........................................

One Inc. Card Inquiry ........................................................

One Inc. - Card Numbering and Issuance ¨ Enrollment Data Flow ¨ Example Loyalty Issuer Verification Option ..........................................................

One Inc. - Card Numbering and Issuance ¨ Example Enrollment Data Flow One Inc Verification Option .......................................................................

One Inc. Customer Enrollment Screen ..........................................

SECTION - Universal Recognition ..............................................

Universal Recognition Platform Possible Capabilities .........................

Business Capability to Technology Map ........................................

Universal Recognition Token ..................................................

Universal Recognition ........................................................

Participants in the Universal Recognition Program ............................

Card-Issuing Bank ............................................................

Processor ....................................................................

Cardholder ...................................................................

Merchant .....................................................................

Acquirer .....................................................................

Card Association / Payment Networks ..........................................

One Inc. .....................................................................

One Inc. Hub Interaction Model ...............................................

Universal Recognition ¨ Point of Sale Systems ................................

Pos Systems ¨ Usage ¨ Capability ¨ Benefits ..................................

Page 3 of 166 ONE INC. UNIVERSAL RECOGNITION
POS Systems and Pin pads ...................................................

PCI compliance Personal identification number (PIN) .......................................

Customer facing PIN pad ....................................................

Smart card .................................................................

Hand-held POS PIN pad ......................................................

Compatibility ..............................................................

Swiped Cards and data stored on the Magnetic Stripe ........................

Universal Recognition ¨ Example Payment and Token Process Flow .............

Payment and One Inc. Token Usage ...........................................

Merchant Environment Components ............................................

Example Implementation Option 1 ¨ Merchant Pos Recognizing and Routing To One Inc. 40 POS Recognition and Route to One Inc - Example Flow ........................

Pos Direct to One Inc Illustration .........................................

POS System Transaction Creation ............................................

Primary account number (PAN) ...............................................

Expiration date ............................................................

Service code ...............................................................

POS changes for Universal recognition ......................................

Using a Chip Card at POS ¨ Recognizing the Card ............................

Certification ..............................................................

Hardware ...................................................................

Network Connectivity .......................................................

Performance ................................................................

Data Storage ...............................................................

Compliance .................................................................

Example Implementation Option 2 - Merchant Server Recognizing and Routing To One Inc. 50 Merchant Routing directly to One Inc - Example Flow. .......................

Software ...................................................................

Example of Data to be from POS to the Merchant Server. .....................

Deployment of a Table resident on the Merchant servers .....................

Example of the One Inc. Card Range Table at the Merchant ...................

Example of Data to be sent to One Inc ......................................

Timing: ...................................................................

Changes for implementation: ................................................

Example of Data to be sent to the Merchant Server ..........................

Hardware ...................................................................

Network Connectivity .......................................................

Security ...................................................................

Performance ................................................................

Data Storage ...............................................................

Compliance .................................................................

Example Implementation Option 2 - Summary and Costs ........................

Example Implementation Option 3 ¨ Routing From Card Association or Issuer!
Processor 59 Example Issuer or Card Association routing process flow ....................

Issuer ¨ Card Association Software changes .................................

Link Table - (if One Inc. does not store Card Number). .....................

Example of Data to be sent to One Inc. from Issuer/ Processor or Card Association 62 Page 4 of 166 ONE INC. UNIVERSAL RECOGNITION
Example of Data to be sent to Issuer/Processor or Card Association from One Inc. 63 Hardware .....................................................................

Network Connectivity .........................................................

Security .....................................................................

Performance ..................................................................

Data Storage .................................................................

Compliance ...................................................................

Universal Recognition for Access .............................................

Universal Recognition ¨ Access Control Systems ...............................

Universal Recognition Token or Payment card as Access ¨ example flow .........

Access control models ........................................................

Attribute-based access control ...............................................

Discretionary access control - DAC ...........................................

Role-based access control ....................................................

Access control system operation ..............................................

Access Readers ...............................................................

Security Considerations and Authentication on Access .........................

Access control system components .............................................

Example access control topology ..............................................

Appendix A - Universal Recognition ISO 8583 POS Messaging Standard ...........

Message type indicator .......................................................

ISO 8583 versions ............................................................

Message class ................................................................

Message function .............................................................

Message origin ...............................................................

Bitmaps ......................................................................

Data elements ................................................................

ISO 8583 POS Messaging Format ................................................

Appendix C ¨ Merchant POS Certification ¨ EMV - PCI ..........................

Purpose ......................................................................

Introduction .................................................................

Example Phases of the EMV Compliance Process .................................

POS Device Hardware ..........................................................

POS Compliance by Payment Brand (Card Association) ...........................

Example Requirements by Payment Brand ........................................

Example Payment Application Software .........................................

Merchant Connection to the Acquirer Network ..................................

End to End Validation ........................................................

SECTION - Central Processing Platform ........................................

Central Processing Platform ..................................................

One Inc. ¨ Central Processing Platform .......................................

Example Message Flow Overview ................................................

Enrollment Web Services ......................................................

Cardholder Information Updates ...............................................

Example Real Time Message Flows ..............................................

Example Customer Recognition ................................................

Example Loyalty Real Time Transaction ........................................

Example Access to Premises Request Real Time Transaction .....................

Page 5 of 166 ONE INC. UNIVERSAL RECOGNITION
Example File Transfer Data Flow ..............................................

Example Transaction Types ....................................................

Merchant POS - Recognition ...................................................

Enrollment in a Program at POS ...............................................

Purchase at POS ..............................................................

Example Partner Initiated Transactions: .....................................

Customer Profile Update ......................................................

File Transfer Batch Transactions .............................................

Example Data Model ...........................................................

Data Dictionary ..............................................................

Example System Platform Architecture .........................................

Example Transmission Protocol ................................................

Example Database Security Protocol ..........................................

Example Secure File Transfer Architecture ....................................

Secure File Transfer Standard ................................................

SECTION - Data Classification and Encryption .................................

One INC. Universal Recognition ¨ Data and Encryption Overview ................

One INC. Universal Recognition ¨ Data Classification ........................

One INC. Universal Recognition ¨ Cryptographic Keys ..........................

One INC. Universal Recognition ¨ Key Life Cycle ..............................

Key Life Cycle Events ........................................................

Key Generation ...............................................................

Key Distribution ............................................................

Key Loading ..................................................................

Key Backup ...................................................................

Key Usage ....................................................................

Key Storage Environment ......................................................

Key Archive ..................................................................

Key Destruction ..............................................................

One INC. Universal Recognition ¨ Example Key Encryption Key ..................

One INC. Universal Recognition ¨ Example Base Derivation Key .................

One INC. Universal Recognition ¨ Example PIN Verification Key ................

One INC. Universal Recognition ¨ Example PIN Block ...........................

One INC. Universal Recognition ¨ Data Encryption Standard - DES ..............

One INC. Universal Recognition ¨Key Exchange .................................

One INC. Universal Recognition ¨ Example Key Ceremony ........................

One Inc. Example Key Ceremony ................................................

One INC. Universal Recognition ¨ Example Cryptography Options ................

One Inc. In-House Cryptography Example .......................................

One Inc. Outsourced Cryptography Example .....................................

CHIP CARD Keys (EMV) .........................................................

Issuer Private Key ...........................................................

Payment Systems Environment ..................................................

Issuer Public Key ............................................................

Example Contact and Contactless Chip .........................................

Example Fields on the traditional Payment Chip. ..............................

One INC. Universal Recognition ¨ Example Data Authentication .................

One INC. Universal Recognition ¨ Static Data Authentication .................

Page 6 of 166 ONE INC. UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example Static Data Verification Steps ......

One INC. Universal Recognition ¨ Example Dynamic Data Authentication .........

One INC. Universal Recognition ¨ Dynamic Data Authentication ¨ Example Verification steps 144 One INC. Universal Recognition ¨ Combined Data Authentication ¨ Future .......

One INC. Universal Recognition ¨ Example Hardware Security Modules ...........

One INC. Universal Recognition ¨ Cloud Cryptography ..........................

SECTION - Card and Token Issuance ............................................

Card and Token Issuance - Introduction .......................................

Example Steps for production of Cards and Tokens .............................

1). Customer Enrolment .......................................................

2). Customer Verification ....................................................

3). Customer Confirmation / Rejection 4). Customer and Form Factor Data Creation (Embossing Files) .................

5). Form Factor Personalization .............................................

6). Form Factor Production and Distribution ..................................

7). Form Factor Activation, Usage ............................................

8). Reissue and Replacement ..................................................

Important concepts in Issuance and Enablement of Cards and Tokens Personalization ..............................................................

Embossing ....................................................................

Provisioning .................................................................

Recognition Devices ..........................................................

Card Types ...................................................................

Bar code .....................................................................

Magnetic-stripe ..............................................................

Smart Card ¨ Contact .........................................................

Smart Card - Contactless (RFID) ..............................................

ISO Standards for Cards ......................................................

Contactless and Mobile Chips .................................................

Contactless tokens ...........................................................

Comparison between Magnetic Stripe and Chips .................................

Dual Interface and Hybrid Chips ..............................................

Global Chip Card Deployment Map ..............................................

Enablement ¨ Chip Cards ......................................................

Enablement ...................................................................

Enablement Data ..............................................................

Enablement Data ¨ encryption .................................................

Enablement Data ¨ How it is obtained .........................................

Embossing File Data ..........................................................

File Data ....................................................................

Pin Data .....................................................................

Encryption Key Details .......................................................

Production and Delivery Details ..............................................

Mailer Details ..............................................................

Embossing Details ...........................................................

Matrix of Example Card Technologies and approximate costs ....................

Page 7 of 166 ONE INC. UNIVERSAL RECOGNITION
BUSINESS OVERVIEW
Page 8 of 166 ONE INC. UNIVERSAL RECOGNITION
Executive Summary One Inc. solves the problem of the Customer carrying too many loyalty and membership cards.
We offer the same level of membership and Loyalty participation through an easy to use Card or Token. By allowing a person to use the card or token of their choice as an identifier at many locations, One Inc. increases customer participation and satisfaction.
The Marketplace Challenge For Consumers = Consumers have too many loyalty and membership cards in wallet = Billions of loyalty memberships worldwide ¨2 billion in the US, 18.4 per house hold and 130 million in Canada = On average Canadians have 10+ cards in wallet For Merchants = 54% of loyalty cards are left at home and not used. In 2009, a survey by Isle Ventures supported this Colloquy finding as their respondents indicated that they forgot their cards 61%
of the time = Active loyalty program member spend on average 13% more than non members = Loyalty program administrators recognize that member data is critical to driving business economics = Technology advancements are presenting platforms allowing for the consolidation of loyalty programs and payment solutions ¨ chip, e-wallet, NFC etc.
For Credit Card Issuers & Payment Brands (MasterCard, Visa, American Express &
Interac) = Becoming and staying the "first card in wallet"
= Increase spend on the card = Increase market share = Need for competitive differentiation = Innovation required to remain card of choice during rapidly changing payment environment (E-wallets, PayPal) Page 9 of 166 ONE INC. UNIVERSAL RECOGNITION
Universal Recognition Token In order to have our Card or Token universally recognized, One Inc. has obtained a unique identification number from the Canadian Standards Council and the International Standards Organization.
In one example, any of One Inc.'s Partners may immediately recognize a One Inc. product with the Identification number starting with 636831.
This unique number enables all participating Merchants, Partners and Customers to instantly recognize and act upon a One Inc. issued form factor.
Registration with Customers and Partners One Inc. may have a matching One Inc. number for every Payment Card Issued by our Payment Network Partners and may also issue cards and tokens in concert with our partners.
Customers may be able to register their Payment, Loyalty, Identity, Gift or Pre-paid and Identity numbers linked to a single One Inc. number through Web or Merchant Access points.
One Inc.'s recognition and identification service provides a real-time translation from a customer-chosen identification "token" to the loyalty or membership number required by a retailer's systems.
One Inc. also provides services to keep customer contact information current and to enroll new customers with little or no effort by the customer or partner staff.
Enrollment One Inc. increases membership and participation in a partner's program by making it easy (effortless) to enroll in programs. When One Inc. sees a token for a customer who is not already enrolled in a program, One Inc. can supply the program with enrollment information to have the customer set up without any action required by the customer, the merchant, or the loyalty program staff.
Data Maintenance One Inc. data maintenance services improve the quality and effectiveness of customer communication and engagement. A demographic change (address, email contact, phone number changes) that a customer makes at any One Inc. partner is propagated to all other partners where the customer has a membership, if the customer opts into this service.
Page 10 of 166 ONE INC. UNIVERSAL RECOGNITION
Universal Recognition The One Inc. Enrolment and Registration capability, combined with the unique Issuer Identification number allows all participants in the program the ability to recognize customers at their points of presence.
We offer Merchants, Payment Networks and Issuers the flexibility of communicating with One Inc, in order to recognize a customer using a One Inc. or One Inc. Linked number.
Merchants are able to recognize and route One Inc. numbers from their Point of Sale or Access, as well as from their processing centers in order to recognize and reward their customers. This is a significant feature as 54 to 61 percent of customers do not usually have their Loyalty cards present.
Cash paying customers are also accommodated under the One Inc. identification program and can accrue points or gain access to facilities by presenting their unique One Inc.
identification.
For Merchants who choose to have the Payments networks or Issuers recognize their customers, One Inc. has the ability to retrieve the Loyalty number for the Customer /
Merchant combination and to send it directly to the merchant or to have the Payment Network or Issuer include the information when they are responding to the requestor.
Security, access control, and encryption One of the greatest concerns of any customer, merchant, payment network or issuer in participating in programs involving personal or payment information is the issue of privacy, identity management and data security.
One Inc. technology and certifications may provide the protection of real time data in transit as well as any stored data.
Page 11 of 166 ONE INC. UNIVERSAL RECOGNITION
Technology platform The One Inc. state of the art Service Platform may meet or exceed the Payment Card Industry (PCI) and Personal Data protection (PIPEDA) and storage standards in any of the following manners:
= Physical Premises. The Production processing environment may be housed in a secured Data Centre, with access by authorized and authenticated personnel.
= Access Controls. System Access and Changes to One Inc.'s System (Servers, Database) components may be limited to authenticated authorized personnel, with Change Control processes that require Management Review and Approval.
= Firewall. The production Network may be firewalled and configured to allow only authenticated and authorized limited access to a pre-defined business capability.
= Real time transaction data. Network transmission with external partners for Real Time transactions may be encrypted, using either a dedicated VPN connection or https protocol with SSL 128 bit encryption.
= File Transfers. This may be done with Secure File Transfer Protocol (SFTP) based on Secure Shell Protocol(SSH), which uses encrypted transmission, and the files may be encrypted using asymmetric Key (Public/Private key pairs) with external partners.
= Customer Critical Data at Rest. Critical Data may be 3DES or higher level encrypted using a Hardware Security Module to protect the Master Keys. The Master Key is not known to any one individual, but two or more separate individuals know a part of the key, which is then stored in the HSM device. This is also banking level security mandated by the Card Associations to store and process PIN based transactions. Critical Data to be stored with this level of encryption includes, Credit Card number, Customer website login data, such as a website password.
= High Performance 24X7 real time processing with Failover Redundancy for Maximum uptime.
Page 12 of 166 ONE INC. UNIVERSAL RECOGNITION
Conclusion One Inc. - A single universal recognition token that replaces all of your current cards!
One Inc., is a groundbreaking solution that allows consumers to consolidate all of their loyalty program and membership cards into one number that can be stored and attached to a payment card, a co-branded One Inc. card, a mobile app, a fob, or any other token that the consumer chooses and the merchant or institution accepts.
Simply put, One Inc. is a universal recognition platform connecting millions of members to issuers, clubs, museums, and more, in the way they choose.
Page 13 of 166 ONE INC. UNIVERSAL RECOGNITION

Inc.
SECTION - Enrollment for Customer Universal Recognition Page 14 of 166 ONE INC. UNIVERSAL RECOGNITION
One Inc. - Card Reclistry and Enrollment ¨ hkihlicihts Registration and Tracking of all One Inc. and Partner Cards issued under One Inc. Issuer Identification Number (IN) Flexibility in Issuing One Inc. numbers or accommodating Partner numbering systems Tracking Card Issuance and Activation by Customer 'j-= Enabling the Customer to Link Loyalty program numbers to a Financial and One Inc. Number Issuance of Loyalty Program numbers on behalf of Partners `e Ability to verify Card , One Inc. and Loyalty on our stand alone platform or in Real Time with the Loyalty program Partner Ability to Register and Track Numbers on varying form factors (Card, Virtual, Fob, Mobile) Page 15 of 166 ONE INC. UNIVERSAL RECOGNITION
One Inc. - Card Numbering and Issuance - Overview One Inc. issues identification numbers from a Registered Issuer Identification Number range granted via our application through the Canadian Standards Council (CSC) and the International Standards Organization (ISO).
In one example, all of One Inc. cards and tokens may be identified by the first 6 digits "636831".
These numbers represent virtual cards as well as other form factors such as Magnetic Stripe, Integrated Circuit (Chip), Fobs and mobile devices.
One Inc. has a state of the art card tracking system which assigns and tracks card number ranges in concert with Merchants, Loyalty Partners, Card Associations and Issuing Banks participating in our unique offering.
Using the IIN number assigned to One Inc., the Number tracking system assigns a One Inc. known number range to each partner. The assigned numbers, when used, may indicate One Inc. enrolled customer activity across a variety of channels and recognition points.
A cardholder may make a purchase, accrue loyalty points or gain access to facilities with just one device.
Page 16 of 166 ONE INC. UNIVERSAL RECOGNITION
One Inc. ¨ Number assignment and tracking In one example, the Canadian Standards Association and the International Standards Organization assigns One Inc. their own exclusive 19 digit Card Numbering system based upon the Major Industry in which we operate. The major industry identifier categories are listed in the table below.
Major industry identifier The major industry identifier (MII) is the first digit of the ISO/IEC 7812 number. It identifies the industry within which the card is primarily to be used.
MII digit value Issuer category 0 ISOfTC 68 and other industry assignments 1 Airlines 2 Airlines and other future industry assignments 3 Travel and entertainment and banking/financial 4 Banking and financial Banking and financial 6 Merchandising and banking/financial 7 Petroleum and other future industry assignments 8 Healthcare, telecommunications and other future industry assignments 9 For assignment by national standards bodies If the major industry identifier is 9 the next three digits are the numeric-3 country code.
Issuer identifier number - 636831 The issuer identification number is unique to One Inc. and is recognized by all organizations who participate in ISO accredited functions. The IIN is broken down as follows:
The first six digits, including the major industry identifier, compose the issuer identifier number (IIN).
This identifies the issuing organization. The official ISO registry of IINs, the "ISO Register of Card Issuer Identification Numbers", is not available to the general public. It is only available to institutions which hold IINs, issue plastic cards, or act as a financial network or processor. Institutions in the third category may sign a license agreement before they are given access to the registry.
Upon receipt of this number, One Inc. controls the assignment and distribution of the remaining 13 available digits based upon the current and future requirements of its partners.
Page 17 of 166 ONE INC. UNIVERSAL RECOGNITION
One Inc. - Number Issuance ¨ Process Card Number Assignment and Linkage 1. After receiving the ISO IIN number, One Inc. may initiate the generation and linkage of the One Inc. number by requesting a current and future numbering requirement from the Partner or Partner may generate within the One Inc. range.
2. The Partner may be assigned a number range from One Inc.'s Tracking system.
3. The Partner may then generate the Partner Card number and One Inc. linked card number and send them back in a batch file transmission using an encrypted Managed Secure File Transfer system.
4. Subsequent updates can be sent via batch or online secure channels depending on the partner capability.
5. Upon receipt of the secure data, One Inc. may transform and encrypt the partner number and record the used numbers into One Inc.'s tracking system, such that the number and linkage may represent a unique combination.
6. Our entire processes may be PCI and PIPEDA compliant and may adhere to Industry Security standards.
7. The Cardholder may receive marketing information detailing the Enrollment process and may use a financial institute or Loyalty partner to link any Loyalty program to the form factor of their choice.
8. The cardholder may click thru a link from the partner site and may be served a pre-populated Enrollment screen showing the cardholder number and dropdown menu of Loyalty programs available for linkage.
9. The cardholder may opt into the One. Inc program by entering the Loyalty number of each program of which they are a member.

10. The data may be sent back to the One Inc. Authorization engine which may verify the Card number and may also validate the Loyalty numbers by either at One Inc.'s site or the Loyalty program's site.

11.0ne Inc. may also create the ability for assigning new numbers for customers wishing to enroll in a program either by assigning the number or informing the Loyalty program that the customer wishes to register.

12.The Partner may then be able to record the Enrollment of that Loyalty number into the One Inc.
Program.
Page 20 of 166 ONE INC. - UNIVERSAL RECOGNITION
1 Inc.
SECTION - Universal Recognition Page 25 of 166 ONE INC. - UNIVERSAL RECOGNITION
Universal Recognition Platform Possible Capabilities One Inc. provides a state of the art, high performance robust platform that may be capable of serving multiple concurrent connectors in real time, near real time and batch modes.
The Platform enables the consumer to link their Financial Card to multiple Loyalty programs and to accumulate points in Real Time with a single number in a physical or electronic wallet.
Cash paying customers are accommodated through the use of a One Inc. offering which may identify them to merchants and loyalty programs participating in the Program.
Industry standards for access, security and cryptography are supported by a secure and hardened hardware, infrastructure and internal and external network connectivity.
The platform is hosted within a certified and secure datacenter with disaster recover capabilities and intrusion detection (physical and system) 24 hours a day. Physical and access security include biometric and two factor authentication as well as gating (mantraps).
The processes for monitoring, first line support and escalation are clearly defined and governed by Service Level Agreements and the Network Operations Center monitors the health of the One Inc system at a database, application, infrastructure, network and security level.
One Inc. has a clearly documented and defined methodology for managing all aspects of IT
Operations under the control of the Project Management Office.
Page 26 of 166 ONE INC. - UNIVERSAL RECOGNITION
Business Capability to Technology Map Business requirement Technology Component Flexibility ¨ Integration with partners Standard Industry Interfaces ISO, XML
Configurable formatters High Performance and throughput of Database transactions Messaging engine Secure Storage and Networks Transformation, Encryption, Access Security, - HSM
Encrypted Data while in flight or at rest HSM ¨ Key Ceremony ¨ Key Exchanges Industry Standard Compliance ¨ PCI DSS PCI Self Assessment ¨ GAP / Risk QSA Agent Audit Based on Classification Robust (Failover and Load Balancing) Routers Load Balancing Monitoring Manual and Automatic Failover Channel Agnostic ¨ (All sources - IVR, Configurable Interfaces WEB, MOBILE, B2B, B2C) TCP-IP capability Over the Air Provisioning Open Platform Messaging (ISO, XML) ISO, XML and Configurable - Custom Content Serving Web Server, Screens Real Time transaction capability Routing, Logging , Authorization, Store and forward Secure Managed File Transfers Security, Encryption, Tracking, Guaranteed Delivery - Re-transmission Guaranteed Delivery Mechanisms (Store Transaction storage and replay mechanism and Forward capability) Capable of Authorizing Card, Loyalty and Encryption, Decryption ¨ HSM
One Inc. numbers Check Digit Validation International Standards Organization and Application Form Canadian Standards Council Numbering (IIN) Routing to all parties Messaging , Routing, Network Connectivity Transaction Logging Databases Reporting Data analysis and classification, retrieval Settlements Reconciliation, Settlement, Clearing Page 27 of 166 ONE INC. - UNIVERSAL RECOGNITION
Universal Recognition Token One Inc.'s Universal Recognition enables customers to use a single token in order to identify themselves at a point of presence in order to purchase, accrue points into Loyalty program of their choice or to gain access to facilities.
One Inc. may enroll customers, merchants and their Loyalty partners into a program which may link traditional Payment Cards to a One Inc. Number and to the Customer's Loyalty or Access facilities.
Merchants, Card Networks, Issuers and their processors may be equipped with the capability to use the traditional existing networks to communicate with One Inc.'s Universal Recognition Platform in Batch or Real time modes. These parties may also have the option of directly connecting to the One Inc. Platform.
Page 28 of 166 ONE INC. - UNIVERSAL RECOGNITION
Universal Recognition Participants in the Universal Recognition Program Card-Issuing Bank The cardholder's financial institution, also a licensed member of a Card Network (such as MasterCard, or VISA).
Processor The entity that receives and approves transactions on behalf of the Card Issuing Bank Cardholder A consumer who is solicited, screened, and approved by the issuer who establishes a line of credit for the consumer and issues the credit card.
Merchant Any company wishing to recognize the presence of its customer.
Acquirer A licensed member of the Payment Networks that screens and accepts merchants into its credit card program, processes transactions, and completes financial settlement to them.
Card Association / Payment Networks Associations which provide their brands to member financial institutions that in turn provide services to consumers and merchants. (E.g. Visa and MasterCard).
American Express is both the Payment Network and the Card Issuer for Amex Products.
One Inc.
A High Availability, High Performance, Fault Tolerant, Secure and Encrypted platform capable of connecting to all parties in a real time or batch mode. One Inc. has domain and subject matter expertise in the areas of Loyalty, Payments, Emerging Technologies, Security, Cryptography and real time message exchange. This expertise enables us to provide a unique customer experience "in the moment" when the customer uses their Financial or One Inc. card number for identification, Payment or Facilities Access. Our flexibility in delivering these experiences are tailored to minimize changes to existing merchant and Payment Processing systems and are supported by three models, however, we are capable of handling special requests on our open system.
Page 29 of 166 ONE INC. - UNIVERSAL RECOGNITION
Universal Recognition ¨ Point of Sale Systems A POS system, or Point of Sale system, refers to the location in which transactions are made in a business. The major components of a POS system are the hardware and software needed to run the system, such as the cash register, a computer, credit or debit card acquirer pin pads, and checkout system.
Pos Systems ¨ Usage ¨ Capability ¨ Benefits 1. Increased efficiency POS systems reduce the time that employees spend in maintaining inventory and calculating sales and cash flow. Equipment included in POS systems, such as cash registers and barcode scanners allow employees to quickly process customers and streamline the checkout process. In addition, POS
systems reduce the chance of human error, leading to increased sales and productivity.
2. Customer Satisfaction Using a POS system allows employees to rapidly address the customer's needs.
It allows them to process customers through the check-out process quickly and efficiently. In addition, some of the features of POS systems include the ability to create gift cards, process discounts, and maintain customer loyalty programs. Another feature of POS systems is that it can collect customer data that can be further used for specialized marketing and advertising campaigns.
3. Reduced Losses POS systems keep track of inventory and prices of each individual product in the store. A major problem that businesses may address is shrinkage, or the loss of products due to theft, misuse or waste. This computerized system can minimize shrinkage through the ability to track inventory as it moves from storage to checkout.
4. Access to Real-time Information With POS systems, employees can instantly access data that gives them information on inventory and sales at any point of the day. For example, POS systems can inform staff members of how much of a product they have sold yesterday, a week ago, or the month before.
Another benefit is that POS
systems can give alerts when a certain inventory stock runs low, or when a frequent customer has entered the store.
Page 31 of 166 ONE INC. - UNIVERSAL RECOGNITION
POS Systems and Pin pads POS (point of sale) pin pads are a convenient way for businesses to accept credit and debit card transactions. There are three different types of PIN pads available including those that only have a number pad, those that provide a card swipe and those that offer a way for customers to provide a digital signature. POS PIN pads may be compliant with existing software and terminal hardware to make transactions secure.
PCI compliance POS PIN pads that are certified by the Payment Card Industry (PCI) as compliant meet PCI data security standards. These standards help to protect information when payments are made through debit and credit cards. This helps to create consistency for security measures across the globe. The Pin pads are tamper proof and key injected by the Acquirer or the entity deploying the Pin pad.
Personal identification number (PIN) The personal identification number is a four digit code issued to or chosen by a cardholder. This PIN
is a security measure used to validate the identification of the cardholder.
Customer facing PIN pad A customer facing PIN pad provides many additional features for the customer.
Instead of having the cashier swipe the card and sign a paper receipt, a customer facing PIN pad allows customers to swipe their own cards and provide a digital signature.
Smart card Some POS PIN pads are equipped with Smart card technology. This technology allows users to make payments securely and, in many cases, without the card making physical contact with a terminal.
Hand-held POS PIN pad A hand-held POS PIN pad is a convenient piece of equipment. The hand held PIN
pad allows cashiers to hand the unit to the customer so they can enter the PIN number for their card without assistance. This is an added level of security directed to PIN privacy. These units can be both wired or wireless.
Page 32 of 166 ONE INC. - UNIVERSAL RECOGNITION
Compatibility Compatibility for POS PIN pads refers to their ability to work with the software for the POS terminal. If these are not compatible, transactions may not properly process and security can be compromised.
Swiped Cards and data stored on the Magnetic Stripe Swiped Cards yield a limited set of data known as "Track 2" Data 1, Card Number 1- Expiry Date )=. Service Code Page 33 of 166 ONE INC. - UNIVERSAL RECOGNITION
Payment and One Inc. Token Usage One Inc. may implement a solution for merchants. This solution may minimize changes to the Merchant software and processes while delivering a valuable real time customer experience. The customer may not require a Merchant Loyalty card if they choose to register with the One Inc.
universal recognition program.
1). The customer checks out and uses their enrolled Credit Card or One Inc.
token to identify their presence.
2). The Merchant Pos may create a Financial Transaction Request for Authorization (e.g. ISO 8583 ¨
MT 100) and may send to the Merchant Processing System.
2A). At this point, if the Merchant is capable , they may send the Card Number or token along with Route information directly to One Inc. from the POS system. One Inc. would link the request to the Loyalty Number and return it to the POS system.
3). The Merchant Processing System may pass the Financial Transaction Request for Authorization (ISO 8583 ¨ MT 100) to the Acquirer (e.g. Moneris, Chase Paymentech).
3A). The Merchant Processing System may send the Card Number or token along with Route information directly to One Inc.. One Inc. would link the request to the Loyalty Number and return it to the Merchant Processing system.
4). The Acquirer examines the Issuer Identification Number (first 6 digits of DE2 - Primary Account Number IIN number) and routes the Transaction to the appropriate Payment Network (e.g. VISA, MASTERCARD, AMEX) 5). The Payment Network sends the transaction to the Issuer's Processor.
5A). If the Payment Network is connected and participating in the One Inc.
Program, they may map the PAN to the One Inc Number and send a request to One Inc. The Payment Network could also send the PAN to be mapped by One Inc. For the participating Payment Network, One Inc. would return the Loyalty number to be placed in a data field (TBD) on the outbound leg of the transaction from the Issuer's Processor or send back a "Do not Wait" code if we return the Loyalty number directly back to the Merchant Server or Merchant POS (5B or 5C).
5B). One Inc. extracts the appropriate routing fields from the Card Association feed and sends the transaction with the Loyalty Number to the Merchant Server. This route may be arranged when the Merchant enrolls.
5C). One Inc. may extract the appropriate routing fields from the Card Association feed and may send the transaction with the Loyalty Number to the Merchant POS.
Page 37 of 166 ONE INC. - UNIVERSAL RECOGNITION
6). Issuer's Processor authorizes the transaction amount against its limits and current balance. The Issuer Processor formats a Response to Authorization message (MT 110) and may include the Loyalty number from One Inc (6A). The transaction may then be sent back to the Payment Network.
6A). If the Issuer's Processor is a One Inc. participant, they may either route the Card Number or perform the One Inc. translation and send a request to the Universal Recognition platform. One Inc.
would then return a Loyalty Number or a "Do Not Wait" code if we are sending directly back to the Merchant Server or POS.
6B). One Inc. may extract the required fields from the Processors message and may send the transaction with the Loyalty Number to the Merchant's Server. The Routing information may be set up when the Merchant enrolls.
6C). One Inc. may extract the required fields from the Processors message and may send the transaction with the Loyalty Number to the Merchant POS
7). the participating Payment Network (CA) may insert the Loyalty Number if required and send to the Acquirer.
8). The Acquirer routes the transaction back to the Point of Origin by applying the original Routing Information it received in the request portion of the message.
9). The Merchant may have several options at this point.
= If the Loyalty Number was sent back directly to either the POS or Merchant Server, they would be able to calculate the Points and Balance for inclusion into the message back to the POS
printer for approved transactions.
`) If the Loyalty Number is sent back within the ISO response message, they would extract it and apply their Points and Balance calculations in the message going back to the POS on approved transactions.
= In a Cash scenario, they would calculate the points as a result of their direct link to One Inc.
and send Points, Balance and Payment amount to the Customer's endpoint.
10). Points and Balance are sent back to Customer on Approved or Cash transactions Page 38 of 166 ONE INC. - UNIVERSAL RECOGNITION
Merchant Environment Components Most Merchants installations, depending on the Industry, have the following components:
), Vendor packaged, customized or developed Checkout Software Loyalty Software 1, Payment Software = Acquirer Secure Pin pads and ISO (Financial) Message capabilities ), Connectivity to Store, Loyalty and Financial Systems (Acquirer) ), Access Recognition and Entry systems = PCI Certifications on Equipment, Network and Software )=- Encryption, Key Exchange and Secure Transmissions in Batch and Real Time Modes Page 39 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Implementation Option 1 ¨ Merchant Pos Recognizing and Routing To One Inc.
Merchant and Access systems may be required to recognize the Payment Card or One Inc. token at their Points of Sale, Payment and Checkout Systems.
Upon recognition of the Payment Card or One Inc. token, the Merchant system may be asked to route the transactions to a One Inc. server located on the One Inc. platform or within the Merchant's designated secure area hosting a one Inc. Server.
Traditionally, the Payment card is read by the POS payment system by swipe, Contact Chip, Contactless tap on a secure reader (e.g. pin pad) or hand entry by the attendant if the magnetic strip swipe is not readable.
In the event that the Loyalty program runs on the Chip, terminal software changes would be needed to recognize and route the Loyalty Number to the appropriate destination.
In traditional Merchant systems the Loyalty Cards are also recognized by the system via a scan or swipe NOT usually at the Pin Pad. The customized merchant software would then link the Payment and Loyalty number so that the Loyalty points can be calculated on eligible Stock Keeping Unit number (SKU) of the items at checkout.
In fifty-four percent of the cases, the Customer may not have their Merchant Loyalty card in their possession and could lose out on the opportunity to accrue points and receive offers.
One Inc. Universal Recognition provides the Merchant the opportunity to recognize the customer's presence 100% of the time.
Page 40 of 166 ONE INC. - UNIVERSAL RECOGNITION
POS System Transaction Creation The minimum set of data collected by a swipe is known as Track 2 data and yields the following information. Chip and Pin Data is detailed in the Appendix.
Primary account number (PAN) The PAN is an ISO defined field up to 19 digits in length. The first 6 digits are the Issuer Identification Number (IN).
Expiration date The date after which the card should be renewed or reissued - four characters in the form YYMM.
Service code Three digits field obtained on a card swipe and detailed below:
The first digit specifies the interchange rules, the second specifies authorization processing and the third specifies the range of services.
Service code values common in financial cards are:
First digit 1: International interchange OK
2: International interchange, use IC (chip) where feasible 5: National interchange only except under bilateral agreement 6: National interchange only except under bilateral agreement, use IC (chip) where feasible 7: No interchange except under bilateral agreement (closed loop) 9: Test Second digit 0: Normal 2: Contact issuer via online means 4: Contact issuer via online means except under bilateral agreement Third digit 0: No restrictions, PIN required 1: No restrictions 2: Goods and services only (no cash) 3: ATM only, PIN required 4: Cash only 5: Goods and services only (no cash), PIN required 6: No restrictions, use PIN where feasible Page 43 of 166 ONE INC. - UNIVERSAL RECOGNITION
7: Goods and services only (no cash), use PIN where feasible The rest of the Payment Message is constructed by the certified software running on the POS
system. Refer to the ISO Message format in Appendix A of this document.
POS changes for Universal recognition In order for the Merchant to detect the presence of a customer changes may be required at the Merchant POS. If the Payment card is swiped or hand entered only a minimum set of data is initially available. The payment message may be built from the three track 2 fields described above.
Recognizing the Payment Card or Token at the Merchant POS:
One Inc. may provide data which may enable the Merchant to determine Card or Token eligibility and may drive the decision to create and send requests for Loyalty numbers to the One Inc. platform.
Example of the One Inc. Card Ramie Table at the Merchant POS.
Institution Card Card Range Product One Inc One Inc.
Range End (if (Optional) Primary Route Secondary Start required) (alternate) Route MasterCard 5118 10 PC Financial 255.255.255.255 255.255.213.200 MasterCard Credit Card MasterCard 5178 05 Capital One 255.255.255.255 255.255.213.200 MasterCard Credit Card One Inc 1234 56 One Inc Token 1 255.255.255.255 255.255.213.200 When the Payment Card or One Inc. Token is recognized by the Merchant POS
software, the POS
system may invoke new logic to check the One Inc. Card Range Table to see if the Card or Token is eligible under our program.
If a match is found, the Merchant POS system would retrieve the One Inc.
Routing information and pass the encrypted Card number or One Inc. token to the location described as the primary route.
In the event that the primary route is unavailable, the alternate or secondary route would be used.
This redundancy may ensure that transaction is delivered to One Inc. in time for the Card or Token to be linked to the Loyalty number and returned to the Requestor as there may be no single point of failure.
When the Merchant enrolls in the One Inc. program, they would be registered on a similar routing table established on the One Inc. Platform.
Page 44 of 166 ONE INC. - UNIVERSAL RECOGNITION
Data to be sent to One Inc.
Example of Data to be sent to One Inc.
Payment Terminal Merchant Tran ID Tran Tran Unique Card ID ID Date Time Identifier Number (Retrieval Ref Number) Using One Inc One Inc.
Primary Secondary Route Route Note: If additional Fields are required, these may be determined during the detailed design with the Merchant technical team in order to determine when the fields are populated and available during their checkout process. Fields such as terminal ID and Merchant ID are not dependent upon SKU
items and can be delivered to One Inc. prior to the calculation of the amount.
The Amount is usually the last item which is determined as all of the SKU
items would have to be scanned and tabulated.
Also, of note is that the Card Number may be encrypted from the source and may never be exposed or stored within a non- secure system. PCI rules apply.
Timing:
Usually, the Payment Card is not presented by the Customer until the end of the checkout and after the total calculated.
Changes for implementation:
A procedural change would be requested so that there is no additional time in lane. We would request that the customer tap the card into the POS system prior to or during checkout.
')=- The Merchant would send the Card Number, Terminal and Merchant ID along with the provided routing data.
Page 45 of 166 ONE INC. - UNIVERSAL RECOGNITION
Merchant Software changes to identify the customer and to send the transaction o Load and Maintain the One Inc. IIN and Routing tables at the merchant o Recognize the tap or swipe of the Payment Card or Token o Check the One Inc. IIN table o Retrieve the route o Create a transaction in an agreed upon format to be sent to One Inc.
o Do a round robin check for an available route o Log the transaction into a state table which would wait for the response o Send the transaction with a unique identifier so that the response from One Inc. can be matched to the original transaction request o Log the response o Interface with the Loyalty system passing the Loyalty number and terminal data so that the Points and Balance can be sent to the customer One Inc. may verify the Merchant, match the Card or token number and respond with the Loyalty number using the merchant route stored at the One Inc. Merchant routing facility.
The transaction may delivered back to the Merchant POS in adequate time to enable the merchant to calculate the points and balance for the customer. One Inc would also log the transaction into the One Inc. database so that Reconciliation and Balancing can be done with the Merchant.
Data to be sent to the Merchant POS
Loyalty Terminal Merchant Tran Tran Tran Unique Number ID ID ID Date Time Identifier to match the Merchant message (Retrieval Ref Number) Using Merchant Merchant.
Primary Secondary Route Route Page 46 of 166 ONE INC. - UNIVERSAL RECOGNITION
In order to achieve the recognition and routing, One Inc. may choose to develop and deploy an Application Program Interface (API) along with the Card Range and Routing Tables. The API may integrate with the Merchant Customized Software to recognize and route transactions to One Inc.
This software would have to portable and reusable as there are a variety of POS equipment vendors and operating systems currently in use on the market.
Industry experts such as AJB Software and Tender Retail have developed interfaces which integrate with Payment and Checkout systems.
Using a Chip Card at POS ¨ Recognizing the Card The terminal has a list containing the Application Identifier (AID) of every EMV application that it is configured to support, and the terminal may generate a candidate list of applications that are supported by both the terminal and chip. The terminal may attempt to obtain a directory listing of all chip applications from the chip's PPSE (Proximity Payments Systems Environment). If this is not supported or fails to find a match, the terminal may iterate through its list asking the chip whether it supports each individual AID.
If there are multiple applications in the completed candidate list, or the application requires it, then the cardholder may be asked to choose an application; otherwise it may be automatically selected The Cardholder selects the application at the Point of Service and, using the cardholder's input, the terminal selects the application on the chip.
The chip may then supply the correct data records for the transaction.
The Application Identifier (AID) may be encoded according to [IS07816-5] and may be made up of a byte Registered Application Provider Identifier (RID) and an optional Proprietary Application Identifier Extension (PIX) of up to 11 bytes, for example.
The AID of each application shall be set during personalization so it needs to be provided to the Service Bureau (producers of the card).
E.g. the AID for contactless VISA (AO 00 00 03 10 10) and is the same for MSD
(Magnetic Stripe Format) For dual interface cards with dual applications, the AIDs may be different for each application.
Page 47 of 166 ONE INC. - UNIVERSAL RECOGNITION
Certification PCI Certification may require that changes to Software running in a Payment environment may require that the software be certified within that environment as PCI
compliance encompasses Hardware, Software and connectivity.
Key Points/ Questions )- Can the software be developed and certified independently of Acquirers and Processors Does the merchant have to re-certify their systems when the recognition and routing software is added Do we have to develop specific software for each type of equipment or is there a universal type of application PCI and EMV compliance documentation clearly states that "Terminal compliance requires the participation of the terminal manufacturer, Payment Brands and Acquirer/
VAR". See Appendix C for Certification details.
This process may be verified and detailed by the QSA assessor.
Hardware One Inc. could deploy computers into the Store System in order to store encrypted data enabling the Merchant to recognize One Inc. Numbers or Card Numbers. This may require a review of PCI and PIPEDA rules. This equipment would be accessible to One Inc. for batch and Real Time updates.
The hardware option may still include the POS software changes described above. Additionally, there may be a requirement to exchange key protected data with this server.
Hardware Security Modules (HSM's) may be required at the Merchant location in order to decrypt data encrypted under the One Inc. key system. This process is detailed in the Cryptography Section of this document.
Network Connectivity In order to achieve Real Time and Batch Connectivity with Merchants, One Inc.
and the Merchant may establish.
Secure and Encrypted Primary and Alternate routes (e.g. VPN) > Development and Test Route Managed Secure File Transfer Route Page 48 of 166 ONE INC. - UNIVERSAL RECOGNITION
Security In scenarios where Card or Personal Identifiable Information is exchanged and stored, Encrypted and Secure transmissions may be required for information in transit and at rest. Hardware Security Modules (HSM) and Secure tunnels are industry standard for this practice. Keys are exchanged in strictly supervised Key Ceremonies so that both partners in the exchange are able to use the information. Key Ceremonies and HSM's will be addressed in the Cryptography section of this Manual.
Performance Service Level Agreements detailing One Inc and Partner commitments to Request / Response thresholds, Uptime and throughput may be in place.
End to end testing may be required to confirm performance within the Service Level Agreements and a monitoring process and reporting may be in place for audit purposes.
Data Storage Data being stored at One Inc. and partner sites would need to be classified (rated) and assigned categories. Usually Data is classified in the following manner:
= Public = Internal Use = Confidential = Restricted Personal and Financial Data are usually in the Restricted Category. This detailed in the Data Classification and Cryptography section of this document Compliance The result of the Data Classification exercise may drive the Compliance requirements.
The Standards are set by the:
Payment Card Industry ¨ PCI
Canadian Government - Personal Information Protection and Electronic Documents Act (PIPEDA) Canadian Marketing Association ¨ Privacy Guidelines Page 49 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Implementation Option 2 - Merchant Server Recognizing and Routing To One Inc.
The Merchant and One Inc. may agree that it would be a better choice to modify the application on the Merchant's own system to identify and route the Card or Token to One Inc.
This modification at Merchant or In-store servers provides more flexibility for software customization by the Merchant.
One Inc. would receive and send transactions back to Merchant Servers rather than individual POS
endpoints.
Depending on the design, the Merchant POS system could "blind route" all of the transactions that it acquires and the One Inc. Bin route tables would reside on the Merchant Servers rather than at the POS.
This solution could minimize the requirement for a re-certification with Acquirers if the POS system does not have to be changed.
Page 50 of 166 ONE INC. - UNIVERSAL RECOGNITION
Software The POS system would still have to be able to recognize and route the minimum data to the Merchant Servers.
The Merchants are more in control of these systems and are less dependent on third parties for modification and certifications. The implementation requirements and options may be similar to the POS options.
Example of Data to be from POS to the Merchant Server.
Payment Terminal Merchant Tran ID Tran Tran Unique Card ID ID Date Time Identifier Number (Retrieval Ref Number) Using Merchant Merchant Primary Secondary Route Route Page 53 of 166 ONE INC. - UNIVERSAL RECOGNITION
Deployment of a Table resident on the Merchant servers The tables will be provided by One Inc. can be updated in Batch or Real Time depending on the Merchant requirements.
Example of the One Inc. Card Range Table at the Merchant Institution Card Card Range Product One Inc One Inc.
Range End (if (Optional) Primary Route Secondary Start required) (alternate) Route MasterCard 5118 10 PC Financial 255.255.255.255 255.255.213.200 MasterCard Credit Card MasterCard 5178 05 Capital One 255.255.255.255 255.255.213.200 MasterCard Credit Card One Inc 1234 56 One Inc Token 1 255.255.255.255 255.255.213.200 Example of Data to be sent to One Inc.
Payment Terminal Merchant Iran ID Tran Tran Unique Card ID ID Date Time Identifier Number (Retrieval Ref Number) Using One Inc One Inc.
Primary Secondary Route Route One Inc. may also deploy an application (API) which may integrate with the Merchant Customized Software to recognize and route transactions to One Inc. As a precedent, Moneris offers API's to link to their system for viewing data or linking to their gateways.
Note: If additional Fields are required, these may be determined during the detailed design with the Merchant technical team in order to determine when the fields are populated and available during their checkout process. Fields such as terminal ID and Merchant ID are not dependent upon SKU
items and can be delivered to One Inc. prior to the calculation of the amount.
The Amount is usually the last item which is determined as all of the SKU
items would have to be scanned and tabulated.
Also, of note is that the Card Number may be encrypted from the source and may never be exposed or stored within a non- secure system. PCI rules apply.
Page 54 of 166 ONE INC. - UNIVERSAL RECOGNITION
Timing:
Usually, the Payment Card is not presented by the Customer until the end of the checkout and after the total calculated.
Changes for implementation:
:0- A procedural change would be requested so that there is no additional time in lane. We would request that the customer tap the card into the POS system prior to or during checkout.
fr The Merchant would send the Card Number, Terminal and Merchant ID along with the provided routing data.
fr '00- Merchant Software changes to identify the customer and to send the transaction o Load and Maintain the One Inc. IIN and Routing tables at the merchant O Recognize the tap or swipe of the Payment Card or Token o Check the One Inc. IIN table o Retrieve the route o Create a transaction in an agreed upon format to be sent to One Inc.
O Do a round robin check for an available route o Log the transaction into a state table which would wait for the response O Send the transaction with a unique identifier so that the response from One Inc. can be matched to the original transaction request o Log the response o Interface with the Loyalty system passing the Loyalty number and terminal data so that the Points and Balance can be sent to the customer One Inc. may verify the Merchant, match the Card or token number and respond with the Loyalty number using the merchant route stored at the One Inc. Merchant routing facility.
= The transaction may delivered back to the Merchant Server in adequate time to enable the merchant to calculate the points and balance for the customer. One Inc would also log the transaction into the One Inc. database so that Reconciliation and Balancing can be done with the Merchant.
Page 55 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example of Data to be sent to the Merchant Server Loyalty Terminal Merchant Tran Tran Tran Unique Number ID ID ID Date Time Identifier to match the Merchant message (Retrieval Ref Number) Using Merchant Merchant.
Primary Secondary Route Route In order to achieve the recognition and routing, One Inc. may choose to develop also deploy an Application Program Interface (API) along with the Card Range and Routing Tables. The API may integrate with the Merchant Customized Software to recognize and route transactions to One Inc.
This software would have to portable and reusable as there are a variety of POS equipment vendors and operating systems currently in use on the market.
Hardware One Inc. could deploy computers into the Merchant Data Center in order to store encrypted data enabling the Merchant to recognize One Inc. Numbers or Card Numbers. This may require a review of PCI and PIPEDA rules. This equipment would be accessible to One Inc. for batch and Real Time updates.
Hardware Security Modules (HSM's) may be required at the Merchant location in order to decrypt data encrypted under the One Inc. key system. This process is detailed in the Cryptography Section of this document Network Connectivity In order to achieve Real Time and Batch Connectivity with Merchants, One Inc.
and the Merchant may establish.
s;)=. Secure and Encrypted Primary and Alternate routes (e.g. VPN) Development and Test Route Managed Secure File Transfer Route Page 56 of 166 ONE INC. - UNIVERSAL RECOGNITION
Security In scenarios where Card or Personal Identifiable Information is exchanged and stored, Encrypted and Secure transmissions may be required for information in transit and at rest. Hardware Security Modules (HSM) and Secure tunnels are industry standard for this practice. Keys are exchanged in strictly supervised Key Ceremonies so that both partners in the exchange are able to use the information. Key Ceremonies and Ham's will be addressed in the Cryptography section of this Manual.
Performance Service Level Agreements detailing One Inc and Partner commitments to Request / Response thresholds, Uptime and throughput may be in place.
End to end testing may be required to confirm performance within the Service Level Agreements and a monitoring process and reporting may be in place for audit purposes.
Data Storage Data being stored at One Inc. and partner sites would need to be classified (rated) and assigned categories. Usually Data is classified in the following manner:
= Public = Internal Use = Confidential = Restricted Personal and Financial Data are usually in the Restricted Category Compliance The result of the Data Classification exercise may drive the Compliance requirements.
The Standards are set by the:
Payment Card Industry ¨ PCI
Canadian Government - Personal Information Protection and Electronic Documents Act (PIPEDA) Canadian Marketing Association ¨ Privacy Guidelines Page 57 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Implementation Option 2 - Summary and Costs The costs would be similar to the changes at POS as described in Option 1.
The Merchant POS would have to recognize and route the One Inc number to the Merchant central servers and then the servers managing the end-points would route the transaction to One Inc.
This process may be more under control of the merchants and may leave them less dependent on vendors.
Depending upon the detailed design of this option with the Merchant technical staff, there may be a less complex recertification required with the acquirer as the routing logic for routing would reside on the Merchant host.
The Merchant would be asked to estimate the cost of the Host based routing and receiving messages.
Page 58 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Implementation Option 3 ¨ Routing From Card Association or Issuer /
Processor For Merchants who are unable to change the POS systems in order to recognize One Inc. provided IIN number ranges, or for those who are unable to establish a direct route to One Inc., the option of having the transaction transiting the traditional payment path exists.
Upon recognition of the Payment Card, the Card Association or the Issuer /
Processor may be enabled with the capability to recognize and route the Payment Card Number or the One Inc. number so that the Loyalty Number for the customer can be retrieved or authorized (recognized).
As detailed in the example flows below, the major distinction with this option is that there are no direct incoming links from the Merchant or Merchant POS systems.
The Merchants may be required to extract the Loyalty number from the transaction returned by the Acquirer or receive a direct communication from One Inc.
Page 59 of 166 ONE INC. - UNIVERSAL RECOGNITION
Issuer ¨ Card Association Software changes The Card Association Route would be similar to the Processor Route in that either could host a Link Table which may map the Card Number to the One Inc. Number Link Table - (if One Inc. does not store Card Number).
Card One Wait for Number Inc. Response Number flag The wait for Response Flag is an indicator which can be set up when the Merchant enrolls with One Inc.
If the Merchant provides routing information to One Inc. may use this flag to indicate to the Card Association or Issuer / Processor that we would not be returning a Loyalty number for insertion into the outgoing response message. They do not wait for our response with the Loyalty Number.
The data passed to One Inc. has to be specific enough so that the Merchant can match the One Inc.
transaction to the financial transaction.
Upon the arrival of the inbound (from the Acquirer) message, the Card Association may be asked to look up the Link Table and to match the Card Number to the One Inc. Number.
They may then be asked to extract the relevant information from the transaction and send those to One Inc.
Example of Data to be sent to One Inc. from Issuer/ Processor or Card Association One Inc. Terminal Merchant Tran ID Iran Iran Unique Linked ID ID Date Time Identifier Number Using One Inc One Inc.
Primary Secondary Route Route Page 62 of 166 ONE INC. - UNIVERSAL RECOGNITION
If One Inc. is returning the Loyalty number back to the Card Association or Issuer / Processor Example of Data to be sent to Issuer/Processor or Card Association from One Inc.
One Inc. Loyalty Merchant Tran ID Tran Tran Unique Linked Number ID Date Time Identifier Number (retrieval or Stan) Using Issuer or Issuer or CA CA
Primary Secondary Route Route The direct routing of the Data back to the Merchant Server or Merchant POS
would be the same as described in the POS and Merchant Server implementation options.
Hardware The Option is available for One Inc. to deploy a mapping and routing server and API on the CA or Processor site in order to facilitate this translation. Any hardware deployed on Payment Network or Processor sites may be subject to PCI.
Network Connectivity In order to achieve Real Time and Batch Connectivity with Payment Networks or Processors, One Inc. may establish:
Secure and Encrypted Primary and Alternate routes (e.g. VPN) Development and Test Route Managed Secure File Transfer Route Security In scenarios where Card or Personal Identifiable Information is exchanged and stored, Encrypted and Secure transmissions may be required for information in transit and at rest. Hardware Security Modules (HSM) and Secure tunnels are industry standard for this practice. Keys are exchanged in strictly supervised Key Ceremonies so that both partners in the exchange are able to use the information. Key Ceremonies and HSM's are addressed in the Cryptography section of this Manual.
Page 63 of 166 ONE INC. - UNIVERSAL RECOGNITION
Performance Service Level Agreements detailing One Inc and Partner commitments to Request / Response thresholds, Uptime and throughput may be in place.
End to end testing may be required to confirm performance within the Service Level Agreements and a monitoring process and reporting may be in place for audit purposes.
The treatment of the Loyalty number returned to the Payment Network or Issuer may not negatively impact the end to end request / response transaction time from POS to ISSUER
and back.
Data Storage Data being stored at One Inc. and partner sites would need to be classified (rated) and assigned categories. Usually Data is classified in the following manner:
= Public = Internal Use = Confidential = Restricted Personal and Financial Data are usually in the Restricted Category Compliance The result of the Data Classification exercise may drive the Compliance requirements.
The Standards are set by the:
Payment Card Industry ¨ PCI
Canadian Government - Personal Information Protection and Electronic Documents Act (PIPEDA) Canadian Marketing Association ¨ Privacy Guidelines Page 64 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
Universal Recognition for Access Page 65 of 166 ONE INC. - UNIVERSAL RECOGNITION
Universal Recognition ¨ Access Control Systems An access control system determines who is allowed to enter or exit, where they are allowed to exit or enter, and when they are allowed to enter or exit Electronic access control uses computers to solve the limitations of mechanical locks and keys. A wide range of tokens can be used to replace mechanical keys. The electronic access control system grants access based on the credential presented. When access is granted, the door is unlocked (or the gate is opened) for a predetermined time and the transaction is recorded. When access is refused, the door remains locked (or the gate remains closed) and the attempted access is recorded. The system may also monitor the door (or gate) and alarm if the door (or gate) is forced open or held open too long after being unlocked.
ONE INC. may take the complexity out of these numerous credentials and tokens by enabling access validation on a single form factor utilizing an existing Card, Loyalty or One Inc. number.
Page 66 of 166 ONE INC. - UNIVERSAL RECOGNITION
Access control models Access control models are sometimes categorized as either discretionary or non-discretionary. The three most widely recognized models are Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC). MAC and RBAC are both non-discretionary Attribute-based access control In attribute-based access control (ABAC), access is granted not based on the rights of the subject associated with a user after authentication, but based on attributes of the user. The user has to prove so called claims about his attributes to the access control engine. An attribute-based access control policy specifies which claims need to be satisfied in order to grant access to an object. For instance the claim could be "older than 18". One Inc. could provide assistance in enabling Rules based access control.
Discretionary access control - DAC
Discretionary Access Control (DAC) is an access policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have. One Inc. could filter eligibility in order to enable DAC.
Role-based access control Role Based Access Controls (RBAC) is an access policy determined by the system, not the owner. RBAC is used in commercial applications and also in military systems, where multi-level security requirements may also exist. RBAC differs from DAC in that DAC
allows users to control access to their resources, while in RBAC; access is controlled at the system level, outside of the user's control.
Three primary rules are defined for RBAC:
1. Role assignment: A subject can execute a transaction only if the subject has selected or been assigned a role.
2. Role authorization: A subject's active role may be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized.
3. Transaction authorization: A subject can execute a transaction only if the transaction is authorized for the subject's active role. With rules 1 and 2, this rule ensures that users can execute only transactions for which they are authorized.
Page 68 of 166 ONE INC. - UNIVERSAL RECOGNITION
Access control system operation An access control point can be a door, turnstile, parking gate, elevator, or other physical barrier where granting access can be electronically controlled. An electronic access control point can contain several elements. At its most basic there is a stand-alone electric lock. The lock is unlocked by an operator with a switch. To automate this, operator intervention is replaced by a reader. The reader could be a keypad where a code is entered, it could be a card reader, or it could be a biometric reader.
Access Readers Access Readers do not usually make an access decision but send a card number to an access control panel that verifies the number against an access list.
Generally only entry is controlled and exit is uncontrolled. In cases where exit is also controlled a second reader is used on the opposite side of the door. In cases where exit is not controlled, free exit, a device called a request-to-exit (RTE) is used.
Request-to-exit devices can be a push-button or a motion detector. When the button is pushed or the motion detector detects motion at the door, the door alarm is temporarily ignored while the door is opened. Exiting a door without having to electrically unlock the door is called mechanical free egress. This may be an important safety feature. In cases where the lock may be electrically unlocked on exit, the request-to-exit device also unlocks the door.
When a credential is presented to a reader, the reader sends the credential's information, usually a number, to a control panel, a highly reliable processor. The control panel compares the credential's number to an access control list, grants or denies the presented request, and sends a transaction log to a database. When access is denied based on the access control list, the door remains locked. If there is a match between the credential and the access control list, the control panel operates a relay that in turn unlocks the door.
Security Considerations and Authentication on Access The above description illustrates a single factor transaction. Credentials can be passed around, thus subverting the access control list. For example, someone has access rights to the data center. The credential can be lent or stolen and used fraudulently. To prevent this, two factor authentication can be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted;
another factor can be a PIN, a second credential, operator intervention, or a biometric input.
There are three types (factors) of authenticating information = something the user knows, e.g. a password, pass-phrase or PIN
= something the user has, such as smart card = something the user is, such as fingerprint, verified by biometric measurement Page 69 of 166 ONE INC. - UNIVERSAL RECOGNITION
Access control system components An access control point, which can be a door, turnstile, parking gate, elevator, or other physical barrier where granting access can be electronically controlled.
Typically the access point is a door. An electronic access control door can contain several elements.
At its most basic there is a stand-alone electric lock. The lock is unlocked by an operator with a switch. To automate this, operator intervention is replaced by a reader.
One Inc. can integrate with the Host PC in order to authenticate the user.
Example access control topology 'WowIN .
i' ...: o, 111 rei7 li.., , .. , ,..,.., õ.. , Page 70 of 166 ONE INC. - UNIVERSAL RECOGNITION
Appendix A - Universal Recognition ISO 8583 POS Messaging Standard ISO 8583 defines a message format and a communication flow so that different systems can exchange these transaction requests and responses. The vast majority of transactions made at ATMs use ISO 8583 at some point in the communication chain, as do transactions made when a customer uses a card to make a payment in a store ¨
POS. In particular, American Express, MasterCard and Visa networks base their authorization communications on the ISO 8583 standard, as do many other institutions and networks. ISO 8583 has no routing information, so is sometimes used with a TPDU
header.
Cardholder-originated transactions include purchase, withdrawal, deposit, refund, reversal, balance inquiry, payments and inter-account transfers. ISO 8583 also defines system-to-system messages for secure key exchanges, reconciliation of totals, and other administrative purposes.
Although ISO 8583 defines a common standard, it is not typically used directly by systems or networks. It defines many standard fields (data elements) which remain the same in all systems or networks, and leaves a few additional fields for passing network specific details. These fields are used by each network to adapt the standard for its own use with custom fields and custom usages.
The placements of fields in different versions of the standard varies; for example, the currency elements of the 1987 and 1993 versions are no longer used in the 2003 version, which holds currency as a sub-element of any financial amount element. As of writing, ISO 8583:2003 has yet to achieve wide acceptance. The technology described herein may be used with other message formats and communication flows.
Page 71 of 166 ONE INC. - UNIVERSAL RECOGNITION
An ISO 8583 message is made of the following parts:
= Message type indicator (MTI) = One or more bitmaps, indicating which data elements are present = Data elements, the fields of the message Message type indicator This is a 4 digit numeric field which classifies the high level function of the message. A
message type indicator includes the ISO 8583 version, the Message Class, the Message Function and the Message Origin, each described briefly in the following sections. The following example (MTI 0110) lists what each digit indicates:
Oxxx -> version of ISO 8583 (1987 version) x1xx -> class of the Message (Authorization Message) xx1x -> function of the Message (Request Response) xxx0 -> who began the communication (Acquirer) ISO 8583 versions Position one of the MTI specifies the versions of the ISO 8583 standard which is being used to transmit the message.
Position Meaning Oxxx ISO 8583-1:1987 version 1xxx ISO 8583-2:1993 version 2xxx ISO 8583-1:2003 version 9xxx Private usage Page 72 of 166 ONE INC. - UNIVERSAL RECOGNITION
Message class Position two of the MTI specifies the overall purpose of the message.
Position Meaning Usage A h Determine if funds are available, get an approval but do xlxx ut not post to account for reconciliation, Dual Message Messaorization ge System (DMS), awaits file exchange for posting to account Determine if funds are available, get an approval and post x2xx Financial Message directly to the account, Single Message System (SMS), no file exchange after this File Actions x3xx Used for hot-card, TMS and other exchanges Message x4xx Reversal Message Reverses the action of a previous authorization Reconciliation x5xx Message Transmits settlement information message x6xx Administrative Transmits administrative advice. Often used for failure Message messages (e.g. message reject or failure to apply) Fee Collection x7xx Message Network x8xx anagement Used for secure key exchange, logon, echo test and other M
Message network functions x9xx Reserved by ISO
Page 73 of 166 ONE INC. - UNIVERSAL RECOGNITION
Message function Position three of the MTI specifies the message function which defines how the message may flow within the system. Requests are end-to-end messages (e.g., from acquirer to issuer and back with timeouts and automatic reversals in place), while advices are point-to-point messages (e.g., from terminal to acquirer, from acquirer to network, from network to issuer, with transmission guaranteed over each link, but not necessarily immediately).
Position Meaning xx0x Request xxl x Request Response xx2x Advice xx3x Advice Response xx4x Notification xx8x Response acknowledgment xx9x Negative acknowledgment Message origin Position four of the MTI defines the location of the message source within the payment chain.
Position Meaning xxx0 Acquirer xxxl Acquirer Repeat xxx2 Issuer xxx3 Issuer Repeat xxx4 Other xxx5 Other Repeat Page 74 of 166 ONE INC. - UNIVERSAL RECOGNITION
Examples Bearing each of the above four positions in mind, an MTI may completely specify what a message may do, and how it is to be transmitted around the network.
Unfortunately, not all ISO 8583 implementations interpret the meaning of an MTI in the same way.
However, a few MTIs are relatively standard:
MTI Meaning Usage Request from a point-of-sale terminal for 0100 Authorization request authorization for a cardholder purchase 0110 Issuer Response Issuer response to a point-of-sale terminal for authorization for a cardholder purchase When the Point of Sale device breaks down and you 0120 Authorization Advice have to sign a voucher 0121 Authorization Advice Repeat if the advice times out 0130 Issuer Response to Confirmation of receipt of authorization advice Authorization Advice 0200 Acquirer Financial Request Request for funds, typically from an ATM or pinned point-of-sale device 0210 Issuer Response to Issuer response to request for funds Financial Request E.g. Checkout at a hotel. Used to complete 0220 Acquirer Financial Advice transaction initiated with authorization request Acquirer Financial Advice 0221 if the advice times out repeat Issuer Response to Confirmation of receipt of financial advice 0230 Financial Advice 0400 Acquirer Reversal Request Reverses a transaction 0420 Acquirer Reversal Advice Advises that a reversal has taken place Acquirer Reversal Advice 0421 if the reversal times out Repeat Message 0430 Issuer Reversal Response Confirmation of receipt of reversal advice Network Management 0800 Echo test, logon, log off etc.
Request 0810 Network Management Echo test, logon, log off etc.
Response Network Management Key change 0820 Advice Page 75 of 166 ONE INC. - UNIVERSAL RECOGNITION
Bitmaps Within ISO 8583, a bitmap is a field or subfield within a message which indicates which other data elements or data element subfields may be present elsewhere in a message.
A message may contain at least one bitmap, called the Primary Bitmap which indicates which of Data Elements 1 to 64 are present. A secondary bitmap may also be present, generally as data element one and indicates which of data elements 65 to 128 are present. Similarly, a tertiary, or third, bitmap can be used to indicate the presence or absence of fields 129 to 192, although these data elements are rarely used.
The bitmap may be transmitted as 8 bytes of binary data, or as 16 hexadecimal characters 0-9, A-F in the ASCII or EBCDIC character sets.
A field is present only when the specific bit in the bitmap is true. For example, byte '82x is binary '1000 0010' which means fields 1 and 7 are present in the message and fields 2, 3, 4, 5, 6, and 8 are not present.
Examples Bitmap Defines presence of 4210001102C04804 Fields 2,7, 12, 28, 32, 39, 41, 42, 50, 53, 62 72340541 Fields 2, 3, 4, 7, 11, 12, 14, 22, 24, 26, 32, 35, 37, 41, 42, 47, 49, 53,62,64 8000000000000001 Fields 1, 64 (secondary Fields 127, 128 bitmap) Explanation of Bitmap (8 BYTE Primary Bitmap = 64 Bit) field 4210001102C04804 BYTE1 : 01000010 = 42x (counting from the left, the second and seventh bits are 1, indicating that fields 2 and 7 are present) BYTE2 : 00010000 = 10x (field 12 is present) BYTE3 : 00000000 = 00x (no fields present) BYTE4 : 00010001 = 11x (fields 28 and 32 are present) BYTE5 : 00000010 = 02x (field 39 is present) BYTE6 : 11000000 = COx (fields 41 and 42 are present) BYTE7 : 01001000 = 48x (fields 50 and 53 are present) BYTE8 : 00000100 = 04x (field 62 is present) 0 _______ 10 ____ 20 ______ 30 _____ 40 _______ 50 _____ 60_64 1234567890123456789012345678901234567890123456789012345678901234 n-th bit Page 76 of 166 ONE INC. - UNIVERSAL RECOGNITION
010000100001 00000000000000010001000000101 10000000100100000000100 bit map Fields present in the above variable length message record:

Data elements Data elements are the individual fields carrying the transaction information.
There are up to 128 data elements specified in the original ISO 8583:1987 standard, and up to 192 data elements in later releases. The 1993 revision added new definitions, deleted some, while leaving the message format itself unchanged.
While each data element has a specified meaning and format, the standard also includes some general purpose data elements and system- or country-specific data elements which vary enormously in use and form from implementation to implementation.
Each data element is described in a standard format which defines the permitted content of the field (numeric, binary, etc.) and the field length (variable or fixed), according to the following table:
Abbreviation Meaning a Alpha, including blanks Numeric values only Special characters only an Alphanumeric as Alpha & special characters only ns Numeric and special characters only ans Alphabetic, numeric and special characters.
Binary data Tracks 2 and 3 code set as defined in ISO/IEC 7813 and ISO/IEC 4909 respectively . Or... or ... Variable field length indicator, each. indicating a digit.
Fixed length of field or maximum length in the case of variable length x or xx or xxx fields.
Additionally, each field may be either fixed or variable length. If variable, the length of the field may be preceded by a length indicator.
Page 77 of 166 ONE INC. - UNIVERSAL RECOGNITION
Type Meaning Fixed no field length used Where LL < 100, means two leading digits LL specify the LLVAR or (..xx) field length of field VAR
Where LLL < 1000, means three leading digits LLL specify LLLVAR or (...xxx) the field length of field VAR
LL can be 1 or 2 bytes. For example, if compressed as one hex byte, '27x means there are 27 VAR bytes to follow. If ASCII, the two bytes '32x, '37x mean there are 27 bytes to LL and LLL are hex or follow. 3 digit field length LLL uses 2 bytes with a leading '0' ASCII. A VAR field can be nibble if compressed, or 3 bytes if ASCII. The format of a compressed or ASCII
VAR data element depends on the data element type. If depending of the data numeric it may be compressed, e.g. 87456 may be element type.
represented by 3 hex bytes '087456x. If ASCII then one byte for each digit or character is used, e.g. '38x, '37x, '34x, '35x, '36x.
Page 78 of 166 ONE INC. - UNIVERSAL RECOGNITION
iSO 8583 POS Messaging Format ISO/ ISO Field Data- Length Format Full description 8583 -87 Name type BIT
Number Bit Map h 16 Secondary bit map Extended indicating the presence or absence of bits in range 65-128 in the message being transmitted.
2 Primary n 19 LLVAR Customer PAN, used to route account messages.
number pAN) _ 3 Processing n 6 Define the transaction type code 3x2 digit fields. 1&2=type of trans, 3&4=type of account, 5&6=to account (zeroes) 4 Amount, n 12 Transaction amount in transaction (lowest unit local currency) at the acquirer.
Amount, n 12 Settlement 6 Amount, n 12 Amount in (lowest unit local cardholder currency) of amount to be billing debited from the account held by the issuer.
7 Transmission n 10 mmddhhmmss Message transmission date date & time and time in GMT. Switch completes this field.
Amount, n 8 Cardholder billing fee 9 Conversion n 8 rate, Settlement _______ Conversion n 8 Conversion rate applied to rate, Forex txn amount, format cardholder ABBBBBBB where A is the billing decimal point position from the right and B is the conversion factor which when multiplied by field 4 gives field 6.
11 Systems trace n 6 Sequence number assigned audit by message originator. Stays number Unchanged through txn life.
12 Time, Local n 6 hhmmss Time of the local transaction transaction 13 Date, Local n 4 mmdd Date of the local transaction transaction Page 79 of 166 ONE INC. - UNIVERSAL RECOGNITION

14 Date, n 4 yymm Card expiration date Expiration 15 Date, a 4 mmdd Date of settlement Settlement 16 Date, a 4 mmdd conversion 17 Date, capture a 4 mmdd 18 Merchant type n 4 Category code of merchant acquirer. Auth transactions only.

19 Acquiring n 3 Country code of acquiring institution institution country code 20 PAN Extended, n 3 country code 21 Forwarding n 3 institution.
country code 22 Point of service a 3 PIN/PAN entry mode.
entry mode Format PPN where PP=Pos entry mode and N=PIN
entry mode.

23 Application a 3 Identifies and differentiates PAN number cards with the same PAN

24 Network n 3 International identifier 25 Point of service n 2 Condition under which the condition code transaction takes place at POS. Various values.

26 Point of service n 2 Maximum number of PIN
capture code digits supported.

27 Authorizing a 1 identification response length 28 Amount, a 8 transaction fee 29 Amount. a 8 settlement fee 30 Amount, n 8 transaction processing fee 31 Amount, n 8 settlement processing fee 32 Acquiring a 11 LLVAR Code identifying the institution acquirer identification code Page 80 of 166 ONE INC. - UNIVERSAL RECOGNITION

33 Forwarding n 11 LLVAR
institution identification code -- --34 Primary n 28 LLVAR
account number, extended 35 Track 2 data z 37 LLVAR Information encoded on track 2 of the magstripe card 36 Track 3 data n 104 LLLVAR

37 Retrieval an 12 Data for matching original reference txn Julian date+term number sequence 38 Authorization an 6 Authorization ID assigned identification by authorizing institution response 39 Response code an 2 Disposition of message:
Approved, incorrect PIN
etc) 40 Service an 3 restriction code 41 Card acceptor ans 8 Unique code identifying the terminal terminal at the card identification acceptor location.

42 Card acceptor ans 15 Code identifying the card Identification acceptor.
code 43 Card acceptor ans 40 Full terminal address (1-23 name/location address 24-36 City 37-38 State 39-40 Country) 44 Additional an 25 LLVAR Used for P05 referrals, response data format errors, or VISA
acquired auth responses.

45 Track 1 Data an 76 LLVAR

46 Additional an 999 LLLVAR
data - ISO

47 Additional an 999 ILL VAR
data -National 48 Additional an 999 LLLVAR
data - Private 49 Currency code, a 3 Code (ISO?) of the local transaction currency of the acquirer.

50 Currency code, an 3 settlement Page 81 of 166 ONE INC. - UNIVERSAL RECOGNITION

51 Currency code, a 3 Code (ISO?) of the currency cardholder used for cardholder billing.
billing 52 Personal h 16 Encrypted PIN block Identification number data 53 Security n 18 related control information 54 Additional an 120 Mandatory for txn amounts response. Contains codes for account, amount and currency types and amounts.

55 ICC CARD ans 999 LLLVAR Chip and Pin specific data DATA

56 Reserved ISO ans 999 LLLVAR

57 Reserved ans 999 LLLVAR
National 58 Reserved ans 999 LLLVAR
National 59 Reserved for ans 999 LLLVAR
national use 60 Advice/reason an 7 LVAR ICC reason for reversal or code (private advice.
reserved) 61 Reserved ans 999 LLLVAR
Private 62 Reserved ans 999 LLLVAR
Private 63 Reserved ans 999 LLLVAR
Private 64 Message h 16 MAC check code authentication code (MAC) 65 Bit map, h 16 Tertiary bit map indicating tertiary the presence or absence of bits in positions 129-192 in the message being transmitted.

66 Settlement n 1 code 67 Extended n 2 payment code 68 Receiving n 3 institution country code 69 Settlement n 3 institution county code Page 82 of 166 ONE INC. - UNIVERSAL RECOGNITION

70 Network n 3 Network processing info.
management Various 3digit codes for Information sign on and off, keychange, code cutover, handshake etc 71 Message n 4 number 72 Message n 4 number, last 73 Date, Action n 6 yymmdd 74 Credits, n 10 number __________ 75 Credits, n 10 reversal number 76 Debits, number n 10 77 Debits, n 10 reversal number 78 Transfer n 10 number 79 Transfer, n 10 reversal number 80 Inquiries n 10 number 81 Authorizations, n 10 number 62 Credits, n 12 processing fee amount 83 Credits, n 12 transaction fee amount 84 Debits, n 12 processing fee amount SS Debits, n 12 transaction fee amount 86 Credits, n 15 amount 87 Credits, n IS
reversal amount SS Debits, n IS
amount 89 Debits, n IS
reversal amount Page 83 of 166 ONE INC. - UNIVERSAL RECOGNITION
90 Original data is 42 Data elements in a reversal elements identifying the original txn.
These elements are formatted specifically.
91 File update an 1 Code indicating type of file code update operation (1=add 2=change 3=delete 4=enquiry) 92 File security n 2 code 93 Response indicator 94 Service an 7 Indicator 95 Replacement an 42 Actual amounts dispensed amounts and settled for partial reversals. If not partial both amounts are zero.
96 Message an 8 Password to net security code management and file Update. Not currently validated by LINK
97 Amount, net n 16 settlement 98 Payee ans 25 99 Settlement n 11 LLVAR
institution identification code 100 Receiving a 11 LLVAR
Institution identification code 101 File name ans 17 Name of file being accessed for a file update.
102 Account ans 28 LLVAR Identifies the 'from' identification 1 account in a transfer 103 Account ans 28 LLVAR
identification 2 104 Transaction ans 100 LLVAR
description 105 Reserved for ans 999 LLLVAR
ISO use 106 Reserved for am 999 LLLVAR
ISO use 107 Reserved for ans 999 LLLVAR
ISO use 108 Reserved for ans 999 LLLVAR
ISO use Page 84 of 166 ONE INC. - UNIVERSAL RECOGNITION
ISO use 113 Authorizing n 11 LLVAR Institution approving or agent denying the transaction.
institution id code 122 Reserved for ans 999 LLLVAR
private use 123 Reserved for ans 999 LLLVAR
private use 124 Info Text am 255 LLLVAR For file updates, cardholder file maint data, for admin advices the first 255 bytes in error.
125 Network ans 50 LLLVAR Additional net management management info: 1-16 information working key,17-20 check value, 21-50 spaces 126 Issuer trace id ans 6 LLLVAR Used by issuer to label the txn with his own transaction id. Unique within business day.
Unchanged through transaction life.
127 Reserved for ans 999 LLLVAR
private use 128 Message h 16 MAC check code Authentication code Page 85 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
EMV ¨ Chip and Pin specific data ¨ DE 55 breakdown E.2 ICC System Related Data Field 66 Field 55 is an LLL VAR field comprising Header and Data Fields.
Request Format - DIjPcnnit Tag IV Comment -- -Header 1 ICC Implementation Name 4(a11) = M Value = AGNS
EBCDIC in EBCDIC character set Header 2 ICC Implementation Version 2b(I1) - M Value: 0001x Number Data I ARQC 8b(an) 9F26 M Application Request CIYP4togran Data 2 Issuer Application Data 32b 9F10 M Note LLVAR
IAD 11 Length 11)(n) = 14 Sub field 1 IAD 12 Derivation Key Index lb(n) - M Sub field 2 (AD 13 Cryptogram Version Number 1b(n) = M Sub field 3 IAD 14 Card Verification Results 4b(an) = M Sub field 4 Data 3 Unpredictable Number 4b(n) 9F37 M
Data 4 Application Transaction Counter 21)(n) 9F36 M
Data 5 Terminal Verification Results 5b(an) 95 M
Data 6 Transaction Date 3b(n) 9A M YVAIMDD
Data 7 Transaction Type 113(n) 9C M
Data 8 Amount, Authorised 6b(n) 9F02 M
Data 9 , Transaction Currency Code 2b(n) 5F2A M Man Data 10 Terminal Country Code 2b(n) 9F1A M Onno Data 11 Application Interchange Profile 2b(an) 82 M
Data 12 Amount, Other 6b(n) 9F03 PA Ahvays zero f AMEX issuer Data 13 Application PAN sequence Number lb(n) 5F34 M
Data 14 Cryptogram information data 114n) 9F27 M
Data 15 Reserved for Future Use = b 0 Reserved data area, to take LL VAR the maximum total length up to the defined length of 255 _ bYtes-Page 86 of 166 ONE INC. - UNIVERSAL RECOGNITION
Appendix C ¨ Merchant POS Certification ¨ EMV - PCI
Purpose This document has been designed by Canadian Acquirers and Payment Brands in order to clarify the EMV device compliance process for merchants with integrated Point of Sale (POS) systems. Merchants with integrated POS systems and those who own their POS hardware are responsible, along with their AcquirerNalue Added Reseller (VAR), to ensure that their POS systems are fully EMV compliant. Merchants who rent or lease their POS terminals may contact their payment service provider to confirm that EMV
device compliance requirements may be addressed by the equipment vendor, Acquirer or VAR providing the equipment.
This document is targeted at merchants with integrated POS systems. The objective of this document is to provide key personnel such as payment experts and project management resources with a basic level of understanding regarding the EMV
compliance processes across all payment brands. This document is not intended to replace any other documents supplied by Acquirers or VARs. Merchants may contact their Acquirer for proprietary requirements.
Introduction Around the world, countries are migrating from magnetic stripe technology to EMV chip technology to support card payments.
As Canada migrates to EMV chip from magnetic stripe, integrated merchants may be required to upgrade their point of sale solutions to support this new technology.
The EMV compliance process comprises several stages.
First, the equipment itself may be Type Approved to satisfy EMV requirements.
Next the payment application software may be validated. Each payment brand may have its own terminal application software requirements that need to be met.
After hardware and software validation, the connection between the POS
terminal and the Acquirer may be validated.
Lastly, the entire chain for transactions may be confirmed. Integrated merchants may be required to participate in the application software and the merchant-acquirer connection validation phases.
Page 87 of 166 ONE INC. - UNIVERSAL RECOGNITION
Page 88 of 166 ONE INC. - UNIVERSAL RECOGNITION
compliance requires the participation of the terminal manufacturer, Payment Brands and Acquirer.
Page 92 of 166 ONE INC. - UNIVERSAL RECOGNITION
One Inc.
Universal Recognition SECTION - Central Processing Platform Page 93 of 166 ONE INC. - UNIVERSAL RECOGNITION
Central Processing Platform One Inc. ¨ Central Processing Platform One Inc. as part of its Universal Recognition services to Merchants, Loyalty and Access partners including individual Customers, may provide a Central platform, where transaction processing, file serving, database content analysis and Web based services are offered.
The One Inc. Platform is an interoperable and versatile platform supporting the Enrolment, Processing and Secure File transfer services offered to protect and process the Customer and partner data in a compliant and secure environment. The One Inc.
platform has three major functions;
= Web Services and Authentication = Real Time Transaction Processing and Linkage Routing = Secure File Transfers The One Inc. Central Application Server Hub is a system within the Internet Cloud utilizing Universal Resource Locator addresses (URLs). The protection through the cloud is a Virtual Private Network for Merchants and Partners and SSL
encrypted web pages for the Customers.
This Internet and VPN connectivity option would enable a Merchant's POS, Server or Access to connect and send messages in order to perform Universal recognition.
The platform features Web Sites at One Inc. or Partner locations accessing web services which enable individual Customers to enroll and maintain their information.
The system is available 24x7 supported by firewalls, load balancers, alternate routing, guaranteed delivery and encryption devices bolstered by failover, monitoring and alert systems housed within a PCI secure data center.
Partners include Merchants, Loyalty Programs, Card Associations and any organization requiring the use of One Inc. Universal Recognition services.
The open and interoperable design of the platform permits clients such as Health Clubs, Museums and Art Galleries to exchange messages with the One Inc. Application Platform in an ISO compliant or configurable format.
Page 94 of 166 ONE INC. - UNIVERSAL RECOGNITION
The Platform has the capability to initiate or respond to messages in real time within industry standard guidelines.
Customers may be able to create or update their information on the One Inc.
website.
The messages generated may trigger the functionality for enrollment in the One Inc.
program, address changes, updating of Customer demographic data and linkages to participating programs offered by One Inc. partners.
Page 95 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Transaction Types Merchant POS - Recognition This transaction is initiated when a Customer presents the Merchant with a card at the POS during a Purchase checkout process. The Merchant's POS sends a message to the One Inc. Central processing Hub which performs the following;
- Receive the message, and extract the relevant data, including the Customer's card number, the Merchant and Terminal ID.
- Look up the Customer Profile Data with the Customer's card number.
- Look up the Merchant Profile with the Merchant's ID and Terminal ID.
- Look for a Program Id in the Customer's Profile that matches a Program Id in the Merchant's Profile. (Program Id could be Loyalty Program).
- If a match is found then respond to the Merchant's POS with the Customer's Account number in that Program. Otherwise respond with a "not found"
response message.
Note: The Customer's Card number in this case, could be any card that is linked to the Customer's Profile including the One Inc. card or a Payment Card.
Page 102 of 166 ONE INC. - UNIVERSAL RECOGNITION
Enrollment in a Program at POS
This transaction occurs if a Customer is not recognized in a Program sponsored by a Merchant.
The Merchant's POS sends an enrollment message to One Inc. with the Program Identifier and the Customer's Card number.
The Central Application Hub Server may:
- Retrieve the Customer's Profile based on the Card Number.
- Depending on the Program, either forward the enrolment Request message with the relevant Customer information to the Partner hosting the Program and forward the response from the Partner onto the POS;
- Optionally, One Inc. could perform the enrollment process on behalf of the Partner and advise the Partner hosting the Program at a later point in time.
- On successful completion, the One Inc. Platform may store the Customer's newly assigned number and add that Program to the Customer's One Inc.
Profile.
Page 103 of 166 ONE INC. - UNIVERSAL RECOGNITION
Purchase at POS
This transaction occurs when a Customer purchases product at a Merchant and presents a Card. The Recognition transaction is forwarded to One Inc. with the encrypted Card Number.
The Central Application Hub Server may:
- Retrieve the Customer Profile based on the Card Number.
- If the Customer is enrolled with One Inc., The One Inc. platform may match the Merchant to the appropriate Loyalty Program or Partner.
- If a matching Program between Merchant and Customer is found then, depending on the Partner hosting the Program, One Inc. may send the Purchase transaction to the Partner for fulfillment, (e.g. Loyalty Points issuance, Balance Inquiry, or Redemption). Or One Inc. may perform the Partner's transaction and advise the Partner at a later time.
Page 104 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Partner Initiated Transactions:
Customer Profile Update A One Inc. Partner Hosting a Program may send a Customer Profile update transaction to One Inc., where the Central Application Processing Hub may perform the following;
(e.g. Cancellation of the Partner Program Card Number for a Customer, and replace with a new number) - Receive the message, parse it and extract the Customer data.
- Update the Customer's record in the One Inc. database.
Page 105 of 166 ONE INC. - UNIVERSAL RECOGNITION
File Transfer Batch Transactions Partners may initiate Secure File Transfers to the Central Application Hub Server containing Customer Profile Updates similar to the Real Time Transaction Types.
One Inc. may transfer files to a Partner, containing Customer Enrollment and Profile update data relevant to that Partner.
Page 106 of 166 ONE INC. - UNIVERSAL RECOGNITION
Data Dictionary Data Item Description Acctld Account Id is an internal number that groups related Card Holders into a single Account in the One Inc.
system.
CardHolderld Card Holder Identifier is an Internal number that uniquely identifies an individual registered with the One Inc.
system.
OneCardNum This is the One Inc. number of a Physical (Card, FOB) medium assigned to an individual registered with the One Inc. system.
CardStatus This is the Status of a Card, could be 'A'ctive,' l'nActive , 'C'ancelled, 'Lost/Stolen PymtCardNum Payment Card Number, normally this would be a Credit or Debit Card linked to an individual subscribed to the One Inc. system. This data is Encrypted.
LoyaltyPGMId Loyalty Program Id is an internal number representing a Loyalty Program partnered with One Inc.
LoyaltyPointsBal Loyalty Points Balance of an individual's account at a Loyalty Program.
Merchld Merchant Id is an internal number representing a Merchant partnered with One Inc.
Storeld Store Id is a number assigned to a Merchant Location, this number is provided by the Merchant's systems.
Terminalld Terminal Id is a number assigned to a Merchant's POS
(Point of Service) device; this number is provided by the Merchant's systems.
CardRangeStart Card Number Range start number, this is a One Inc.
assigned BIN start number for a range assigned to a Merchant and or Loyalty partner.
CardRangeEnd Card Number Range end number, this is a One Inc.
assigned BIN end number for a range assigned to a Page 108 of 166 ONE INC. - UNIVERSAL RECOGNITION
Merchant and or Loyalty partner.
Region Region represents a Geographical location that a Merchant Location is in.
LoyaltyCardNum Loyalty Card Number is a number assigned to an individual by the Loyalty Program Provider.
AccessPolicy Access Policy, is a representation that determines whether an individual has access to a specific Merchant Location (Store and Terminal).
CardHolderName Name of the individual subscriber to One Inc. system.
CardHolderStreetNum Address Street Number of the individual subscribed to One Inc.
CardHolderStreetName Address Street Name of the individual subscribed to One Inc.
CardHolderSuiteNum Address Suite Number of the individual subscribed to One Inc.
CardHolderCity Address City or Town of the individual subscribed to One Inc.
CardHolderProvState Address Province or State of the individual subscribed to One Inc.
CardHolderCountry Address Country of the individual subscribed to One Inc.
CardHolderGender Gender of the individual subscribed to One Inc.
CardHolderBirthYear Birth Year of the individual subscribed to One Inc.
CardHolderAnnualIncome Annual Income of the individual subscribed to One Inc.
CardHolderWebPassword Encrypted One Inc. website password of an individual.
_ CardHolderSecretQuestionl A question to be asked to the Card Holder to unlock PIN
and or password.
Page 109 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
Card HolderSecretAnswerl Answer to CardHolderSecretQuestionl.
CardHolderSecretQuestion2 A question to be asked to the CardHolder to unlock PIN
and or password.
CardHolderSecretAnswer2 Answer to CardHolderSecretQuestion2.
CardHolderSecretQuestion3 A question to be asked to the CardHolder TO unlock PIN ¨
and or password.
CardHolderSecretAnswer3 Answer to CardHolderSecretQuestion3.
One Inc.CardPINOffset One Inc. Card PIN offset, this is a PIN Verification Value (Checksum) assigned to the OneCard.
MerchName Merchant Name MerchLocStreetNum Merchant Location Street Number MerchLocStreetName Merchant Location Street Address MerchLocCity Merchant Location City MerchLocProvState Merchant Location Province or State MerchLocCountry Merchant Location Country MerchLocRegion Merchant Location Region MerchLocPOSInfo Merchant Location POS Information, Model, vendor, PINPAD model etc ...
LoyaltyPGMName Loyalty Program Name LoyaltyPGMStreetNum Loyalty Program Street Number LoyaltyPGMStreetName Loyalty Program Street Address LoyaltyPGMCity Loyalty Program City LoyaltyPGMProvState Loyalty Program Province or State LoyaltyPGMCountry Loyalty Program Country Page 110 of 166 ONE INC. - UNIVERSAL RECOGNITION
LoyaltyPGMRegion Loyalty Program Region TransID Transaction ID is an internal number to uniquely identify a transaction in the One Inc. system.
TransType Transaction Type could be the following; Loyalty Points Inquiry, Loyalty Points Redemption, User Authentication, User Access Request.
TransDate Transaction Date and Time (UTC).
TransAmount Transaction Amount.
TransCurrency Transaction Currency TransMerchld TransAction MerchantId TransStorelD TransAction Merchant Store Id.
TransTerminalld Transaction Terminal Id.
TransCardNum Transaction Card Number (Encrypted) .
TransEntryMode Transaction Card Entry Mode, MagStripe, Proximity, Manual, Chip TransChipData Transaction Chip Data.
TransUserAuthMode Transaction User Authentication Mode, None, PIN, Password, Signature.
TransLoyaltyPGMID Transaction Loyalty Program ID, if Trans type was Loyalty based.
TransLoyaltyCardNum Transaction Loyalty Card / Account Number, if the Trans was Loyalty based.
TransLoyaltyAmount Transaction Loyalty Amount, if the Trans was Loyalty based.
REC_CREATE DT Record Create Date and Time stamp for every record in a-database entity.
Page 111 of 166 ONE INC. - UNIVERSAL RECOGNITION
REC CHANGE DT Record Change Date and Time stamp for every record in a database entity.
Page 112 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Transmission Protocol The transmission between the One Inc. Application Server and all external partners may be over the Internet using TCP/IP. The communication channel may be secured by using either SSL, IPSec tunnel, or in some cases where the partner is generating large volumes of messages and transactions, then a dedicated VPN tunnel.
The internal Network of the One Inc. Web and Application Services Server may be a private LAN behind firewalls with SSL (Secure Socket Layer) encryption to comply with Payment Card Industry security standards.
Example Database Security Protocol All sensitive customer data may be encrypted while stored in the One Inc.
database and decrypted as required. Data Security processes may comply with established industry standards and guidelines. The encryption keys may be secured and managed as per established industry standards. (Please refer to the Encryption Section for further details).
Page 114 of 166 ONE INC. - UNIVERSAL RECOGNITION
Secure File Transfer Standard The SFTP standard was developed by the IETF (Internet Engineering Task Force) as an extension of the second version of the SSH (Secure Shell Protocol) in order to be compatible with a myriad of other protocols as well as provide users with secure file transfer capability. This specialized file transfer policy has become the gold standard in the file transferring protocol field in terms of excellence in service, security, safety, added intuitiveness, ease of use, and versatility, especially when considering the fact that it's quite usable with other protocols too.
The IETF claims that although SFTP is defined in the SSH2 protocol's context, it's a standard that's actually independent from the rest of the SSH2 protocol suite (so it's not limited by the SSH2's own concepts and definitions) and is even a lot more universal to boot. Because it can virtually be used with most other existing protocols, it can be applied into a multitude of purposes and functions, which may include the transfer of management information in VPN applications and secure file transfer over TLS (Transport Layer Security).
Whenever you open an SFTP application, you may be required to enter the name of the SFTP host you want to visit as well as your password and username. All the authorized members of a given SFTP (a company's staff and crew or a university's student body and faculty, for example) can download and exchange files via either the WinSCP SFTP client for Windows PCs or the MacSFTP client for Macintosh machines.
SFTP assumes by default that it is running on a private and secure channel (e.g., SSH) wherein the server is authorized and deemed legitimate by the client.
Moreover, the identity of the client user is accessible to the protocol. Also, the graphical equivalent of the SFTP client further abridges and streamlines the file transfer process by enabling you to deliver files via the tried-and-true drag and drop functions of your mouse; that is, just like in any standard propriety operating system, you can now access, copy, move, or paste files between windows using SFTP.
Each partner may be asked to provide the public encryption transmission key;
this may be saved on One Inc.'s Server, which may then allow the partner's system to login to the One Inc. Server.
The partner's access to the One Inc. server may be limited to writing a new file, they may not be able to delete, read, or overwrite any existing files.
Page 116 of 166 ONE INC. - UNIVERSAL RECOGNITION
SECTION - Data Classification and Encryption (11 ,. Inc.
Page 117 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Data and Encryption Overview There are a significant number of regulations in effect worldwide that relate to protection of private and sensitive data. Some are focused on protection of specific industry information, where others are more concerned with proper disclosure of data loss incidents and general privacy attributes.
Most of today's standards and compliance regulations are concerned largely with the protection of private data at rest, during transactions, and while it traverses network connections. Some of these regulations make specific recommendations or require particular technologies for compliance. For all of them, however, encryption can be employed to satisfy the protection requirements.
Encryption is the conversion of data into a form, called a ciphertext. Data in this form cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood.
In order to easily recover the contents of an encrypted signal, the correct decryption key may be required.
The key is an algorithm that undoes the work of the encryption algorithm.
Alternatively, a computer can be used in an attempt to break the cipher.
The more complex the encryption algorithm, the more difficult it becomes to eavesdrop on the communications without access to the key.
Strong encryption is an industry term which describes ciphers that are essentially unbreakable without the decryption keys.
By determining what data you are required to protect, locating the data at rest and in transit, and implementing the appropriate encryption technologies, you can significantly improve your overall security posture while complying with any number of data privacy regulations.
The following pages describe the types of data under regulation and describe example practices for implementing appropriate encryption technologies.
Page 118 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Data Classification Although there are many distinct types of data of importance to regulators, most of them fall into several broad categories:
= Financial data:
The types of financial data are numerous, but commonly include credit card account numbers and tracking data, bank account numbers and associated financial information, and a variety of credit-related data on individuals and businesses. Several regulatory standards, particularly Sarbanes-Oxley in the Unites States, are concerned with reporting financial data for public companies.
= Personal health data:
Sensitive patient health data can include insurance related data, actual medical information, and personal data about patients, such as social insurance numbers, addresses, and other sensitive information, which may not be publicly available.
= Private individual data:
Such data includes social insurance numbers, addresses and phone numbers, and other personally identifiable data that could potentially be used for identity theft and other illicit activity.
= Military and government data:
Data specific to government programs, particularly those related to military departments and operations is carefully regulated.
= Confidential/sensitive business data:
Data that has to be kept secret including trade secrets, research and business intelligence data, management reports, customer information, sales data, etc.
falls into this category.
Data at rest is data that is commonly located on desktops and laptops, in databases and on file servers. In addition, subsets of data can often be found in log files, application files, configuration files, and many other places.
Page 119 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Cryptographic Keys Cryptographic Keys are strings of bits that are used during the encryption and/or decryption process, according to the protocol being employed.
= Keys are measured in length of bits; the longer the keys, the better security they provide.
= Cryptographic keys are analogous to the keys that secure a lock on a door. Compromising these keys can have significant consequences on any cryptosystem.
= These keys are usually stored in a Host Security Module, or as cryptograms (encrypted keys) in a Host's database.
A key cryptogram is the result of encrypting a clear key value, in other words, producing a ciphertext block Page 121 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Key Life Cycle Key Life Cycle Events In order to manage keys, it is critical to first understand the life cycle of a key.
The life cycle for symmetrical keys may differ from that of asymmetrical keys, as symmetrical schemes only use one key, opposed to asymmetrical schemes which use both a public and a private key pair.
The following essential events form part of the key's life cycle:
Key Generation = Initial creation of the key Key Distribution = Since the key may not necessarily be used within the same system where it had been generated, it has to be distributed to other systems.
For symmetric keys this is always the case, since the key may be communicated to at least one other point.
Key Loading = Once the key has been distributed to the systems that may use it, it may be loaded. In some cases this is achieved by manually loading/entering the key into a hardware security module Key Backup = It might be a requirement to also backup the key into a secure environment Key Usage = This is where the key may be used in cryptographic algorithms as part of a solution.
Key Storage Environment = While the key is not in use, it may be stored securely. A key can be stored on a normal storage medium, or on a cryptographic token, like a smart card or Hardware Security Module Key Archive = Once the key has been decommissioned and is no longer in use, it could be archived for future reference.
Key Destruction = A key is deleted or physically destroyed Page 122 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition - Example Master File Key The MASTER FILE KEY is a symmetric key, also known as Local Master Key (LMK), and may be used to encrypt other cryptographic keys which are to be stored outside of the Hardware Security Module (1-ISM). It is also sometimes called the Issuer Master Key (IMK) This is the most significant key in the One Inc. cryptography scheme as it secures every key in the cryptosystem. It may be created, entered, audited and controlled as detailed in the Key Ceremony described in this document.
= The Master Key may be created of triple length to ensure the best strength and durability.
= This may be the first key created and entered into the HSM
= For management purposes, if using redundant HSMs, it is recommended that the same MFK be loaded into all of them. This may ensure consistency between the hardware devices (uptime and failover considerations in a Real Time transactional environment).
= Typically the designated Key Custodians for this key type are people close to the IT and/or information security departments. These are people that are closely related to the HSM.
= HSM's are hardware modules that can fail like any other hardware device, and so the Key Custodians may be readily available to re-create the MFK
in the case of an emergency so as to limit the impact to the production.
Page 123 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example Key Encryption Key The KEY ENCRYPTION KEY (KEK) may be used for the secure transport and storage of other cryptographic keys = The KEK may be used as a wrapper to ensure that keys are not compromised during the transport process from one party to another.
= This may be a shared key that is exchanged between two parties using the Key Custodian method (described on later in this document) = Once this key is successfully exchanged, it may be used for exchanging new keys securely in an automated fashion.
Page 124 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example Base Derivation Key The BASE DERIVATION KEY (BDK) is used when dynamic generation of new keys are required. Key derivation allows for the recipient of data to re-generate the same key using transaction data and a previously shared key (BDK).
DUKPT ¨ Pronounced "duckput" ¨ Derived Unique Key Per Transaction - is an encryption standard that is recognized as one secure way of performing debit transactions = Some encryption protocols, like the one employed in DUKPT, generate new keys dynamically = In DUKPT, a new key is generated by the sender for every transaction, making it virtually impossible for anyone to attempt to decipher the information in transit, or even break the key. Dynamic Key Exchange = Some protocols allow for a new key to be generated every (n) transaction or every (n) seconds, but the new key may be exchanged securely with the other party before it can be used. This exchange process may take a few seconds to complete, and therefore is not suitable for a one key per transaction protocol like DUKPT.
= The BDK may be shared either via the Key Custodian method, or in the case of PIN Pad devices, it may be injected into the device prior to being deployed. On the recipient's side, this BDK may also be installed in order for the derivation procedure to work.
Page 125 of 166 ONE INC. - UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example PIN Verification Key The PIN Verification Key (PVK) may be the result of encrypting the last 12 positions of the Primary Account Number ('PAN') under a key producing a "natural Pin".
= A 'natural PIN' may be derived and associated with each valid card number = The PVK may be static so that for any given PAN, the same natural PIN
may always be calculated = The HSM calculates the difference between the customer's selected PIN
and the card's natural PIN
= This difference ¨ known as the PIN offset ¨ may be placed on your card database for subsequent PIN checks.
Page 126 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example PIN Block A PIN Block is a cryptogram of a customer-entered PIN during the transaction initiation process.
= A transaction can be entered at an ATM or at a POS device using a PIN
Pad = The customer selected PIN is formatted, according to the standard being employed, then it is encrypted using the 3DES or AES algorithm = This formatting and encrypting of the PIN produces a 64 bit block of data.
= This PIN block travels with the transaction and may be verified by the issuing host in order to continue with the transaction authorization process.
Page 127 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Data Encryption Standard - DES
Data Encryption Algorithm is a standard used for encrypting data, in which a private key is shared between one or more parties.
= This key may be used, according to the protocol, to encrypt and decrypt the information being exchanged.
= The process of sharing the keys is called key exchange, and may be performed in a very secure manner to prevent key compromise.
Page 128 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Key Exchange A key exchange is the process of two parties exchanging keys in a secure manner = The same keys are used by both parties in order to enable them to understand the ciphertext being exchanged = the keys remain secret during the exchange process = The most common method is the key custodian method, in which key custodians in each of the organizations is tasked with generating (or entering) the secret keys into the HSM ¨ Key Ceremony = Two or more key parts may be generated (typically three parts), and distributed to two or more key custodians on both organizations.
= This method has proven to be the most secure method as no single custodian in either organization knows the entire key = These key parts may be combined at both organizations by their respective key custodians in order to make up the one secret key required by the cryptosystem Page 129 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example Key Ceremony One Inc. has a standard for Strong Encryption that may use a 3 part Key. Many organizations employ 2 part keys and we can accommodate that process:
One Inc. Example Key Ceremony = Key Custodian 1 for One Inc generates key part 1 using an HSM and records it. It is recommended that at least a double-length key is generated.
= Key Custodian 2 for One Inc. generates key part 2 using the same HSM
and records the key.
= Key Custodian 3 for One Inc., generates key part 3 using the same HSM
and records the key.
= Key Custodian 1 for One Inc. sends a copy of key part 1 (Secure transmission method) to Key Custodian 1 in organization B. Traditionally, they can be sent in a tamper resistant container using certified mail or bonded Couriers.
= Key Custodian 2 for One Inc. sends a copy of key part 2 to Key Custodian 2 in organization B.
= Key Custodian 3 for One Inc. sends a copy of key part 3 to Key Custodian 3 in organization B.
= In an audited key entering ceremony, Key Custodian 1 in One Inc. enters the HSM room, and inputs Part 1 of the key. It is recommended that Key Custodians 1, 2 and 3 may never enter the HSM room at the same time.
= Key Custodian 1 may record the check digits returned by the HSM.
= In the same audited key entering ceremony, Key Custodian 2, in One Inc.
enters the HSM room, and enters Part 2 of the key. Key Custodian 2 may record the check digits returned by the HSM for his/her key part.
Page 130 of 166 ONE INC. - UNIVERSAL RECOGNITION
= The last custodian participating in the audited key entering ceremony, Key Custodian 3, in One Inc. enters the HSM room, and enters Part 3 of the key. Key Custodian 3 may record the check digits returned by the HSM
for his/her key part. At this point, the HSM may return an 'overall' check digit value which may also be record by Key Custodian 3.
= In a similar ceremony, Key Custodians 1, 2 and 3 in organization B may perform the same procedures.
= At the end of the ceremony, the Key Custodians 3 may compare the overall check digits to ensure that all key parts were entered correctly. If the overall check digits do not match, this is an indication that one or more parts were keyed in incorrectly when they were entered into the HSM. If this is the case, the key custodians may compare the check digits for their respective keys to identify where the problem might be.
Page 131 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition - Example Cryptography Options Two example options available for generation and control of One Inc keys are:
= In-house Cryptography = Outsourced Cryptography Page 132 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
CHIP CARD Keys (EMV) DOW ¨ Dynamic Card Verification value (Visa term) Description The DCW is a master key used in the derivation of chip specific unique derived keys (UDKs) that are used for the authentication of transactions made by that card. One DCW is generated for the IIN under which One Inc. issues cards.
The keys are double length.
Generation DCW keys are generated by custodians using the One Inc. key generation facility.
Storage Two copies of each DCW are retained after generation and conveyance in clear component form.
Page 135 of 166 ONE INC. - UNIVERSAL RECOGNITION
Issuer Private Key Description The Issuer private key is used to sign Integrated Chip Card (ICC) public keys that are unique to each chip. This signature may later be verified by terminals processing financial transactions to authenticate the ICC public key. One Issuer private key is generated as One Inc. has one IIN. The keys may initially be 1152 bits long and may be replaced every two years (standard banking practice).
The size of the replacement key may upgraded as the Payment Networks increase their CA private key length Generation Issuer private keys are usually generated by the Service Bureaus (G&D, Oberthur and Gemalto are the market leaders) and may be securely stored in their HSM devices.
Payment Systems Environment In order to have a One Inc. chip card recognized by terminals, an application ID, issuer public and chip and terminal software may be created or modified to establish a Payment System Environment (PSE) and a Proximity Payment System Environment for contactless transactions (PPSE).
Page 136 of 166 ONE INC. - UNIVERSAL RECOGNITION
Issuer Public Key Description The Issuer public key is used to verify card specific ICC public keys by terminals processing financial transactions. The Issuer public key is signed by the Payment Network CA private key to create the Issuer public key certificate.
One Issuer public key is generated for each IIN for One Inc.
Generation Issuer private keys are usually generated by the Service Bureaus (G&D, Oberthur and Gemalto are the market leaders) and may be securely stored in their HSM devices.
Storage Once the Payment Network has signed each Issuer public key, the certificates are stored One Inc. A copy is also retained by the Service Bureau producing the cards.
Conveyance Once generated by the Service Bureau, Public Keys are sent to One Inc. One Inc. then sends the keys to the Payment Network. Once the Payment Network has signed the keys they may be returned to One Inc. in the form of an Issuer Public Key Certificate which may then be sent to the Service Bureau via secure courier.
Page 137 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Fields on the traditional Payment Chip.
In the table below, the Cardholder available data is presented Name EMV Tag Max M/O Description - CARDMEMBER DATA
Identifier Length PERSONALIZATION
Application 9F42 02 Optional Indicates the currency in which the Currency Code account is managed. This is Optional but becomes mandatory if Cumulative Total Transaction Amount checking is used Application 5F25 03 Mandatory The date from which the Chip application Effective Date is activated Application 5F24 03 Date AFTER which the Chip application Expiration date Mandatory expires Application 5A 08 Mandatory One Inc. Card Number Primary Account Number (PAN) Application 5F34 01 Mandatory Identifies and differentiates Chip Primary (Applications) with the same PAN
Account Number (PAN) Sequence Number Cardholder 5F20 26 Optional Indicates the Cardholder Name according name to (IS07813).
Cardholder 9FOB Optional In case the Cardholder Name exceeds Name the 26 characters defined for 5F20.
Extended Service Code 5F30 02 Optional This is the Service code as defined on the mag stripe Track 1 and Track 2 . This is (also included) in the "Track 2 Equivalent Data" - tag 57, ** Note** Some issuers use this Service code to identify contactiess transactions i.e. - It is different from the Magstripe service code Track 1 9F1F variable Optional Discretionary Data associated with Track Discretionary 1 on the Magstripe data Track 2 9F20 variable Optional Discretionary Data associated with ¨ I -Discretionary Track 2 on the Magstripe. Does not data seem to be required - Verify with test team Verify with Service Bureau - Do they need any additional cardmember data?
Page 139 of 166 ONE INC. ¨ UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example Data Authentication Two mechanisms used to ensure that the authorization for a transaction is not vulnerable to fraud are the CAM and the CVM.
CAM, or Card Authentication Method, is the way that the POS checks if the card is cloned and valid.
The CVM or Cardholder Verification Method comprises the smartcard verifying that the PIN typed on the POS by the payer is the correct PIN.
There are three types of offline Data Authentication that can be performed, but the method to be used depends on the capabilities of the card and terminal. Online-only terminals are not required to support data authentication, but all other terminals may support both SDA and DDA and may also support CDA.
SDA - Static Data Authentication of the card data (e.g. account number and expiry date) to verify that it has not been modified.
DDA - Dynamic Data Authentication of card and terminal data to verify that the card application and data are genuine.
CDA - Combined DDA and Application Cryptogram Generation.
Page 140 of 166 ONE INC. - UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Static Data Authentication STATIC DATA AUTHENTICATION
Key Points ¨
Static Data Authentication is a form of offline authentication in which the terminal validates a fixed signature over data elements held within the card to confirm the legitimacy of critical chip resident data identified by the AFL and the Static Data Authentication Tag List.
This method of authentication detects unauthorized alteration of data on the chip after personalization.
During SDA, the Chip is passive and the Terminal is active.
The Chip provides the data to be validated, but the Terminal carries out all the computation The same data and signature is used for every transaction. Hence the term 'Static' No secret key is stored on card, unlike DDA; hence authentication is done purely on the signed data.
The risk is that the chip can be cloned.
One Inc. recommends that the Merchants work with their OEM's to ensure that their terminals are DDA capable.
Page 141 of 166 ONE INC. - UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example Static Data Verification Steps Issuer (Certification Aathonty) Acqutrer ) Dmlibused te xy:tte Key Pubbc Key Pek,-..7.te Kiey Public lioy iltespies m Ten:4a*
St Ps kA PCA
=
c\i c\i Cim:r...54-2, r-r-C
IC Card IC Talmital -4 catnumikatitua Waimea IC Cord aad Taman' IP.
Card provides to tertroital - 1 %rs Pt;,, wirify that tba Inures. Pl -P,mated by Cettifscatiou. Amin*
tt-as cestlfiet! try the C A
-Cant clata talghtlagstal 5goature - 1%v. P, - ttlt tha dotal aignature alba card data Page 142 of 166 ONE INC. - UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example Dynamic Data Authentication DYNAMIC DATA AUTHENTICATION ¨ DDA
Key Points ¨
Each chip is equipped with a private key and a public key.
The public key is in a public key certificate signed by the issuer.
At transaction time, the chip signs random data with its private key.
The terminal checks the signature and verifies the certficate chain.
Different data used every time (therefore dynamic).
In order to support CDA, the chip may be required to be RSA capable (needs additional hardware in the form of a crypto processor).
Definition RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978. A
user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key.
Page 143 of 166 ONE INC. - UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Combined Data Authentication ¨ Future COMBINED DATA AUTHENTICATION (ON THE FUTURE ROADMAP) CDA comprises a dynamic signature generated by the ICC (similar to DDA but including Application Cryptogram (AC) generation) followed by verification of the signature by the terminal.
It is applicable to both the first and second GENERATE AC commands and may require the retrieval of the relevant public keys Since the public keys are not required until the CDA signature is verified as part of processing the response to the first GENERATE AC, retrieval of the public keys may happen any time before verifying the CDA signature During retrieval of the public keys, errors may result in CDA failure (TVR bit for 'CDA
failed' is set to 1). These errors include but are not limited to failure of public key retrieval and invalid format of records to be authenticated There are no known implementations of this type of authorization but it is designed to prevent a "man in the middle" type of attack.
Page 145 of 166 ONE INC. - UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Example Hardware Security Modules A hardware security module (often abbreviated to HSM) is a type of secure crypt processor targeted at managing digital keys, accelerating crypto processes in terms of digital signings/second and for providing strong authentication to access critical keys for server applications.
These modules are physical devices that traditionally come in the form of a plug-in card or an external TCP/IP security device The goals of an HSM are = onboard secure generation = onboard secure storage = use of cryptographic and sensitive data material, = Offloading application servers for complete asymmetric and symmetric cryptography.
HSMs provide both logical and physical protection of these materials from non-authorized use and potential adversaries. In short, they protect high-value cryptographic keys.
The cryptographic material handled by most HSMs are asymmetric key pairs (and certificates) used in public key cryptography. Some HSMs can also handle symmetric keys and other arbitrary data.
Major Vendors ¨ Thales, HP AtaIla, SafeNetInc Page 146 of 166 ONE INC. - UNIVERSAL RECOGNITION
One INC. Universal Recognition ¨ Cloud Cryptography This is an evolving exercise with theories being developed and models suggested.
The most promising is Homomorphic Encryption Homomorphic encryption is a form of encryption where a specific algebraic operation performed on the plaintext is equivalent to another (possibly different) algebraic operation performed on the ciphertext.
Page 147 of 166 ONE INC. - UNIVERSAL RECOGNITION
1 Inc.
., SECTION - Card and Token Issuance Page 148 of 166 ONE INC. - UNIVERSAL RECOGNITION
Card and Token Issuance - Introduction The One Inc. Universal Recognition program allows for the recognition of the Customer using the One Inc. number at various touch points.
The program is capable of recognizing a variety of form factors in the contact, contactless (RFID) and mobile (NEC) environments.
Recognition of a customer ensures that the unique identity of the individual enrolled in the One Inc.
program may be recognized by the Merchant or Access partner in order to ensure that the individual possessing the One Inc. token is eligible for the services offered by that particular establishment.
Page 149 of 166 ONE INC. - UNIVERSAL RECOGNITION
Example Steps for production of Cards and Tokens 1). Customer Enrolment 2). Customer Verification 3). Customer Confirmation / Rejection 4). Customer and Form Factor Data Creation (Embossing Files) 5). Form Factor Personalization 6). Form Factor Production and Distribution 7). Form Factor Activation, Usage 8). Reissue and Replacement Page 150 of 166 ONE INC. - UNIVERSAL RECOGNITION
Important concepts in Issuance and Enablement of Cards and Tokens Personalization The Cardholder Data may be taken from the Cardholder database and sent to a card production facility via a secure and encrypted process. Once here, the physical card itself can be created. In the case of a pre-existing Mobile device, the Personalization is done via Over the Air Provisioning (OTA) where the data is sent through a Trusted Secure Management system directly to the chip on the mobile device. .
Embossing In a Payment environment, Embossing files are usually batch files prepared by the Issuer Bank with assistance from the processor and the Card Network and sent to the Service Bureau for Magnetic Stripe and Chip Card Issuance.
** This file contains the Personal Identifiable Information and Cryptography necessary for the production, mailing and usage of cards (and PINs (if required))**
As a non-financial Issuer One Inc. may not require the involvement of the processor, however, ISO
standards may need to be followed for the form factor to be used in a shared Payment Environment.
There are also ISO standards defined for Access Cards and Tokens.
Provisioning The terminology means "providing something". In the case of cards and chips, cardholder and security data is provided in order to accomplish the function of the card or token.
In Mobile devices, the provisioning is done "Over the Air" (OTA). In the case of a phone, applications, data and instructions (lock, unlock, reset) can be sent from the issuer directly to the device or the customer can request the same..
Page 152 of 166 ONE INC. - UNIVERSAL RECOGNITION
Contactless and Mobile Chips Contactless Cards and Mobile Phones share similar Chip Technology but are updated and maintained by different methods. These chips are called Dual Interface chips.
A Dual Interface chip is created and provisioned to Operate in a both a Contact and Contactless mode.
Contact ¨ Card is inserted into POS or ATM and parameters can actually be updated via Scripts sent from the Processor (Pin required) or Card can be swiped in "fallback" mode.
Contactless ¨ Card or Mobile phone is waved or brought into the proximity area of a Paywave, Expresspay or Paypass terminal reader.
It is important to note that there are a few parametric differences between provisioning the Contact and Contactless "sides" of the Chip.
Contactless tokens Contactless tokens form a logical connection to the client computer but do not require a physical connection. These keychain tokens or fobs are a popular choice for keyless entry systems and electronic payment solutions.
Page 155 of 166 ONE INC. - UNIVERSAL RECOGNITION
Comparison between Magnetic Stripe and Chips Magnetic Stripe Chip Magnetic stripe holds basic information about the ), Chip is capable of storing large Card member. amounts of data securely.
= Typically swiped through a terminal to begin a > Remains in the terminal throughout the transaction. transaction and exchanges information with the terminal.

1.) Can be launched with either PIN or signature as Signature required for cardholder verification, the method for cardholder verification.
1.) More secure alternative to magnetic stripe 1.) = Vulnerable to counterfeit, lost or stolen, and card when used in card-present transactions.
card not present types of fraud.

Embedded computer chip is very difficult to copy.
= Information on magnetic stripe can be easily copied.
Can facilitate additional payment and non-= Facilitates standard payment transactions. payment applications (e.g., loyalty programs).
Page 156 of 166 ONE INC. - UNIVERSAL RECOGNITION
Dual Interface and Hybrid Chips Two additional categories of cards are dual-interface cards and hybrid cards.
A hybrid card has two chips, one with a contact interface and one with a contactless interface. The two chips are not interconnected.
A dual-interface card has a single chip with both contact and contactless interfaces. With dual-interface cards, it is possible to access the same chip using either a contact or contactless interface with a very high level of security.
The chips used in all of these cards fall into two categories as well:
microcontroller chips and memory chips. A memory chip is like a small floppy disk with optional security. Memory chips are less expensive than microcontrollers but with a corresponding decrease in data management security. Cards that use memory chips depend on the security of the card reader for processing and are ideal for situations that require low or medium security.
A microcontroller chip can add, delete, and otherwise manipulate information in its memory. A
microcontroller is like a miniature computer, with an input/output port, operating system, and hard disk. Smart cards with an embedded microcontroller have the unique ability to store large amounts of data, carry out their own on-card functions (e.g., encryption and digital signatures) and interact intelligently with a smart card reader.
Page 157 of 166 ONE INC. - UNIVERSAL RECOGNITION
Enablement ¨ Chip Cards Enablement When a chip is manufactured it does not belong to an issuer and as a consequence is not configured to process application loading and deleting. The chip has a unique ID, its Carrier Device (CD) ID, and a set of chip specific symmetric transport keys. The chip is said to be in protected state.
When an issuer purchases chips and wishes to deploy them, they may first be enabled. This binds the chip irrevocably to the issuer and allows the issuer only to load and delete applications.
Enablement Data The main elements of enablement data may comprise:
= Issuer ID
= Carrier Device (CD) Number = Product ID
= Communications settings = Public Key Certificate The Issuer ID may one of the most important data elements updated during enablement. During loads and deletes it may be one of the first elements checked. If the certificate does not contain the same value, the load or delete may not take place.
Prior to enablement the chip is identified by the CD ID, but after it is the CD Number that is used. This may be important as it may play a role in confidential loads.
The Product ID allows issuers to segregate their card base as they see fit.
This value can also be used to target certificates at particular products. For example, a gold card program cardholder may have access to a special loyalty application. If all gold cards have the same product ID (or share a range of ID), then a load certificate can be created that would only allow those chips to load the application.
For a contact interface the communication settings are held in the Answer-To-Reset (ATR) value.
Here the chip announces its preferred transport protocol(s), communications speed and other information. Once set at enablement this can not be changed at all during the lifetime of the chip.
Page 161 of 166 ONE INC. - UNIVERSAL RECOGNITION
Another important change that takes place at enablement is the replacing of the symmetric transport keys by an asymmetric key pair. The chip's public key is made available in a certified format and that key is used during confidential loads.
Enablement Data ¨ encryption Each card has its own unique set of symmetric transport keys. The key values are derived from the chip's CD ID. When enablement data for a chip is generated the KMA system derives the CD
specific keys and encrypts all the data. Only the target CD can decrypt it and use it.
Enablement Data ¨ How it is obtained Enablement data may be requested from the Key Management Authority (KMA) of the Chip Manufacturer (e.g. MULTOS) Page 162 of 166 ONE INC. - UNIVERSAL RECOGNITION
Embossing File Data File Data Record ID - "H" ¨ Indicates that it's a Batch Header Record File Type - Major Urgency Indicator (Daily, Cycle or Fast) Date - MMDDYY
Timestamp - Timestamp when the file was generated Client Number - Client Number used to identify the Issuer (One Inc.) Request Type - New, Special, Replacement (Depends on Card Product Decision) Photo Indicator - Not generally used on Payment Cards but could be used for Identity Cards CRV Indicator - If the Card is participating in the CARD RECEIPT
VERIFICATION (CRV) VISA / MC Ind - Card payment Network Type (Visa / MasterCard) # Of Applications - Number of applications running on the ICC (Integrated Circuit Chip).
Pin Data Pin - PIN encrypted under the PIN ENCRYPTION KEY (PEK) ¨ usually the responsibility of Issuer ¨ ISO 4 ¨ 12 digits PIN Message - Pin Message printed on the Card Carrier. If Canada Post, hold for 2 days. If courier sometimes Card and PIN are sent together Mailer Indicator - Pin Mailer or No Pin Message Date - PIN date usually pulled from file date and formatted as "DD/MM/YYYY" ¨
Service Bureau dependent - Gemalto example Page 163 of 166 ONE INC. - UNIVERSAL RECOGNITION
Encryption Key Details UDK ¨MAC - Unique Message Authentication Code Key - UDK may be encrypted with the appropriate Zone Master Keys (ZMK) UDK ¨ENC - Unique Data Encipherment Key - UDK may be encrypted with the appropriate Zone Master Keys (ZMK) UDK ¨AUTH - Unique DEA (ARQC / ARPC) Key - UDK may be encrypted with the appropriate Zone Master Keys (ZMK) Production and Delivery Details Account (Card) Number - The number that may be embossed on the card Account Identifier - Unique Identifier created when the Cardholder's application is approved. It may be the same for Primary, Co-Applicant and Authorized users. The value never changes throughout the Life Cycle of the account.
Delivery Codes - Hold Code, Postal Mail, Postal Mail without hold, Courier Language Code - Language Preference Indicator Region Code - Cardholder Geographic region (Residence) Mailer Details Credit limit - The Account's Credit Limit. Format is usually whole dollars, right justified, zero filled. Message printed based on Language Code Card Holder Name - Cardholder's Name printed on the card mailer.
Address Lines 1 - 5 - Cardholder's mailing address Mailer Message 1-6 - Pin Mailer Messages Return Address 1 -2 - Return Address Page 164 of 166 ONE INC. - UNIVERSAL RECOGNITION
Embossing Details Embossing Line 1 - Account Number Embossing Line 2 - Expiry Date Embossing Line 3 - Cardholder Name (26 digit limitation) Embossing Line 4 - Based on CARD ID options. E.g. Business Name (limit of 26 digits) Deboss Line 1 - Information printed on the signature panel on the back of the card ¨ CVV (note Amex CVV is on the front) Coercivity - Mag Stripe production based on Card ID options . 4 = low usually Encoding Track 1 - Data to be encoded on Track 1 Encoding Track 2 - Usually, Account Number, Expiry Date, Service Code Page 165 of 166 ONE INC. - UNIVERSAL RECOGNITION
Matrix of Example Card Technologies and approximate costs . _________________ :
1 Relative Data ' Cost of ' Relative Card Technology Drawbacks Advantages Storage finished Security cards"
I Cost $ 0.36 Bar-Code 104 bits Read-only, Durability, No average clone-able Security 372 bit Read-only, 7% Infant s No Magnetic-Stripe Mortality, Reader Life, Cost $ 0.38 2 tracks Security Clone-able up 000 Read-Write to , Smart Contact- its Data storage is limited Capability, $ 0.80 Medium b Memory Durability Security Read-Write &
up to Computing Smart Contact-CPU Cost 1.25 512,000 bits I Capability, $
SeHighcurity I lDurability, Security, l Storage Read-only, High Cost of No R.F.I.D. - Prox 36 bits cards, readers and I Durability $
2.60 1 Security ' terminals, clone-able i R.F.I.D. - IS01443 lup to 64,000 High Cost of cards, l Read-Write ' LOW
Capability, I bits readers and terminals I, Durability $ 3.50 ill Security Page 166 of 166 POS Card Number Capture and Encryption Executive Summary Merchant Point of Sale integration is a key aspect of having the One Inc.
token and Payment Card recognized.
Merchant systems are comprised of two distinct components which communicate and pass data between each other. The two components are the Main POS and the Payment Systems.
The Main POS system is responsible for the checkout and Loyalty functions.
Some well known vendors are Squirrel, Jonas Group, Beanstream and Sweda.
The Payment System acquires Payment transactions from the Payment Terminals (pinpads) and transmit the encrypted data directly to the Acquirer or via the Main host Merchant switch to the Acquirer.
Companies such as AJB Software and Tender Retail perform POS environment integration in order to ensure communications between the two systems.
One Inc. Universal Recognition aims to minimize the time the customer spends in the checkout lane during the recognition process.
Merchant changes required:
= Payment System needs to accept the One Inc. Encryption key. We do not want to affect the Acquirer Payment Terminal even though most are capable of accepting secondary keys.
= Payment System must recognize and encrypt card number and pass it to the Main POS system for transmission to One Inc.. This requires knowledge of the One Inc. IIN number ranges.
= Payment System must be able to accept the response from One Inc. and extract the Loyalty or Pre-paid card number.
= In the event that the Loyalty Number is returned from the Acquirer in the ISO
response message, the Payment System will be modified to identify and extract the number for Merchant action = If there is a Barcode attached to the Payment Card, the Main POS will recognize and route the One Inc. number to the One Inc. Platform 4/11/12 One Inc - POS Design - V.03 Page II.

POS - Card Number Data Flow - Direct Connect Merchant to One Inc.
The approach of using the Payment Card Capture Terminal for One Inc. cards and transactions is to limit the number of Card capture devices at the POS Lane to one device, as well as limiting PCI-DSS scope to the Payment driver module where Payment Card Numbers are used as One Inc.
recognition tokens.
Overview The driver module of the Payment Terminal will perform the Card Capture, encrypt the Card Number and provide the encrypted card data to the Main POS module. The POS module will then perform the recognition and routing to One Inc. and will receive and interpret the One Inc. response based upon a mutually agreed message format.
Detail Data Flow Customer ¨ Enters or provides a Card (Form Factor) to a Payment Terminal with Magstripe swipe, a Chip validation or a NFC (Near Field Communications) tap.
Terminal Driver ¨The driver module of the Card Capture device will perform the following;
- If the Card Capture is for a Payment transaction, then proceed with the payment process, while routing the card information to the Main POS module with the Card Number encrypted using the One Inc. public encryption key provided via a secure and audited Key Ceremony.
- If the Card Capture is for Loyalty or Customer recognition, the terminal driver will encrypt the Card Number with the One Inc. public encryption key and send that information to the Main POS
module.
Main POS module ¨ Receives the One Inc. encrypted Card Number and checks the Recognition and routing One Inc. module (or device) for the necessary primary or alternate routing instructions.
Encryption One Inc.'s encryption best practices requires the use of Public/Private key pairs. Data encrypted under a Public Key can only be decrypted by the corresponding Private Key.
The Payment Terminal driver module will be required to store the One Inc.
public key, encrypt captured Card Numbers under this key and to provide the encrypted Card Number to the Main POS module. The main POS module will then access the One Inc. recognition and routing module.
4/16/12 One Inc - POS Design - V.03 Page 13 Key Management The specific process by which the Keys are to be managed are as follows:
A key version identifier along with the encrypted data will be provided by the to the Main POS module by the Terminal Driver One Inc. will then be able to determine which specific key was used to encrypt the data at that point in time.
The Key Versioning methodology provides the capability of using multiple keys when transitioning to a new key and is a PCI-DSS compliance requirement.
The Terminal Driver module will be required to periodically check for and refresh the One Inc. public key and to provide the key version identifier along with the encrypted data to be passed through the Main POS.
This pass through ensures Point to Point encryption and the data can only be decrypted via One Inc. can appropriate private key.
The card data is NEVER decrypted at any point in the journey from the secure Payment terminal environment to the One Inc. PCI compliant zone.
4/16/12 One Inc - POS Design - V.03 Page 1 4 Using the existing Payment infrastructure (Ride the Rails) The approach of "Ride the Rails: is to use the existing payment infrastructure of the Payment Network or Processor to recognize and route a Request to One Inc.
The One Inc. response back to the Payment Network or Processor will be incorporated into the Payment response message and sent back along the Payment route to the Merchant.
Overview The driver module of the Payment Terminal will perform the Payment process as it does today when formatting and sending the message to the Acquirer for treatment by the Payment Network and Issuer's processor.
The Terminal Driver needs to be enhanced as the additional processing occurs when it receives the response from the Payment Network. The Terminal driver would have to parse the message (bitmap) to determine if One Inc. response data exists in the response message. The additional response data would then be passed on to the Main POS checkout module under the same encryption process detailed earlier.
The proposed additional response data from One Inc. is to be placed in ISO
8583 DE427, which is defined as a Private Use data element.
Detail Data Flow Customer - Enters or provides a Card (Form Factor) to a Payment Terminal with Magstripe swipe, a Chip validation or a NFC (Near Field Communications) tap.
Terminal Driver - The driver module of the Card Capture device performs the following:
- Sends the transaction to the Acquirer and receives the response as is done today.
- Parse and check the Response message for additional data from One Inc.
- If additional One Inc. data is found, provide that data in the response to the Main POS module.
Main POS module - should expect and process the additional One Inc. response data if it is present in the response data from the Terminal module.
4/16/12 One Inc - POS Design - V.03 Page 1 6 Encryption The connection between the Payment Network and One Inc. is a on a VPN and the additional One Inc.
response data does not contain Payment data, hence no further encryption process is required by the Terminal driver module. The DE-127 field will contain the customer Loyalty number corresponding to the Merchant s Loyalty program.
Key Management The existing Key Management is not affected and the Payment data never leaves control of the Payment Infrastructure.
4/16/12 One Inc - POS Design - V.03 Page 1 7 Ride Rails and Branch to One Inc. and Merchant POS - Card Number Data Flow The approach of Ride the Rails is to use the existing payment Network to send a message to One Inc. In this implementation the connection to One Inc. would be a branch from the Payment Network or Processor. One Inc. will continue the branch by responding directly to the Merchant's Host system based on the Merchant, Terminal and Device Data provided by the Payment Network or Processor.
The Payment Network or Processor will receive a "Do not wait" response from One Inc.
The Payment Network or Processor sends the transaction to One Inc., who would then process it and provide the One Inc. data directly to the Merchant's Host system.
The Merchant's Host system would be enhanced to recognize the originating POS
and to communicate the appropriate response on approved payment transactions.
Overview The driver module of the Payment Terminal will be unaffected and would perform the Payment process as it does currently. No additional changes would be required in this implementation model.
Detail Data Flow Customer ¨ Enters or provides a Card (Form Factor) to a Payment Terminal with Magstripe swipe, a Chip validation or a NFC (Near Field Communications) tap.
Terminal Driver ¨ The driver module of the Card Capture perfroms the following:
- Sends the transaction to the Acquirer and Payment Network and receives the response (business as usual).
Payment Network / Processor ¨ The network would process the transaction as is today, it would also send the transaction to One Inc.
Payment Network / Processor - would receive a "Do not wait" signal back from One Inc. when the direct merchant route is identified as the return option.
One Inc. ¨ Once a transaction is received from the Payment Network, One Inc.
would perform the translation and retrieval function and provide the resulting output data in a message to the Merchant's Host system.
4/16/12 One Inc - POS Design - V.03 Page 19 Merchant Host System ¨ When this system receives a One Inc. message, it should perform the existing Loyalty function using the returned Customer number and route the response to the appropriate end point.
Main POS module should expect a message from the Merchant's Host system, with Loyalty and or additional processing based on the One Inc. message.
Encryption The connection between the Payment Network and One Inc. and the Merchant host system are on Virtual Private Network. The One Inc. message to the Merchant Host system data does not contain Payment data, hence no further encryption process is required. It should be noted that One Inc. has encryption capability should the need arise.
Key Management Current Key Management processes are not affected. One Inc. has encryption and Key exchange capability should they be required.
4/16/12 One Inc - POS Design - V.03 Page I 10 Overview ¨ Cash Payment In the case when a Customer pays by Cash and also provides a One Card token (e.g. Card) , the One Inc.
process will continue as per implementations described in this document, the Main POS module will be required to process two separate streams of processing a Payment and a One Inc. stream.
There is also an opportunity for Direct Connect Merchant to One Inc. to accept the One Inc. token at the POS therefore bypassing the Card Payment Terminal.
4/16/12 One Inc - POS Design - V.03 Page I 12 in 0 c ONE INC.
SECURE FILE TRANSFER
ARCHITECTURE
AND
PROCESS

ONE INC.
SECURE FILE TRANSFER ARCHITECTURE AND PROCESS
INTRODUCTION ...................................................... 3 TRANSMISSION PROTOCOL ............................................. 3 FILE DATA ENCRYPTION .............................................. 5 FILE DATA INTEGRITY ............................................... 6 One Inc Page 2 of 6 ONE INC.
SFTP in computing terms refers to the SSH File Transfer Protocol, otherwise known as the Secure File Transfer Protocol, which is a network protocol designed to offer file management, file transfer, and file access functionality over any dependable data streams or channels. It's also a vast improvement from its predecessor, FTP (File Transfer Protocol), which used to be the standard in file transference between two computers during the dialup era and before the broadband era.
The SFTP standard was developed by the IETF (Internet Engineering Task Force) as an extension of the second version of the SSH (Secure Shell Protocol) in order to be compatible with a myriad of other protocols as well as provide users with secure file transfer capability. This specialized file transfer policy has become the gold standard in the file transferring protocol field in terms of excellence in service, security, safety, added intuitiveness, ease of use, and versatility, especially when considering the fact that it's quite usable with other protocols too.
The IETF claims that although SFTP is defined in the SSH2 protocol's context, it's a standard that's actually independent from the rest of the SSH2 protocol suite (so it's not limited by the SSH2's own concepts and definitions) and is even a lot more universal to boot. Because it can virtually be used with most other existing protocols, it can be applied into a multitude of purposes and functions, which may include the transfer of management information in VPN applications and secure file transfer over TLS
(Transport Layer Security).
Whenever you open an SFTP application, you're required to enter the name of the SFTP host you want to visit as well as your password and username. All the authorized members of a given SFTP (a company's staff and crew or a university's student body and faculty, for example) can download and exchange files via either the WinSCP SFTP client for Windows PCs or the MacSFTP client for Macintosh machines.
SFTP assumes by default that it is running on a private and secure channel (e.g., SSH) wherein the server is authorized and deemed legitimate by the client. Moreover, the identity of the client user is accessible to the protocol. Also, the graphical equivalent of the SFTP client further abridges and streamlines the file transfer process by enabling you to deliver files via the tried-and-true drag and drop functions of your mouse; that is, just like in any standard propriety operating system, you can now access, copy, move, or paste files between windows using SFTP.
Each partner will be asked to provide the public encryption transmission key;
this will be saved on OneInc's Server, which will then allow the partner's system to login to the OneInc Server.
The partner's access to the OneInc server will be limited to writing a new file, they will not be able to delete, read, or overwrite any existing files.
One Inc Page 4 of 6 ONE INC.
FILE DATA INTEGRITY
The Integrity of a transmitted file must be assured, this will can be done by using MD5 checksum method.
Once the transmitter of a file is assured that the file has been transmitted successfully, must provide a MD5 checksum hash of the file. This value is not of cryptographic significance, it only assures that the receiver of the file can calculate the MD5 hash and verify this with the MD5 provided by the sender, if those match then the receiver is assured that the intended file was transferred successfully by the sender.
The following is a brief description of MD5 checksum;
The MD5 hash also known as checksum for a file is a 128-bit value, something like a fingerprint of the file.
This feature is useful both for comparing the files and their integrity control.
All hash values share the following properties:
Non-discoverability Every pair of nonidentical files will translate into a completely different hash value, even if the two files differ only by a single bit. Using today's technology, it is not possible to discover a pair of files that translate to the same hash value.
Repeatability Each time a particular file is hashed using the same algorithm, the exact same hash value will be produced.
Irreversibility All hashing algorithms are one-way. Given a checksum value, it is infeasible to discover the password. In fact, none of the properties of the original message can be determined given the checksum value alone.
One Inc Page 6 of 6 RTS is designed on industry standard hardware platforms and communication systems. This makes interoperability possible between off-the-shelf components from different sources, eliminating the need for custom coding to permit coexistence.
RTS runs on a standard Intel "Server" Class platform.
The RTS and the RTS Pathfinder GUI architecture are built around .NET
framework and are written in C#. It provides user authentication against the Windows active directory and user access control.
Each user has unique permissions for which screens can be viewed or changed.
RTS is performance tuned for high transaction volumes and maximum availability and reliability from the outset. The system is engineered to maximize available bandwidth, without impacting payment authorization transactions.
RTS operating on a single server configuration will support a minimum of 300 (three hundred) transactions per second (TPS). We have completed internal benchmark testing at 2000 (two thousand) TPS.
RTS is a very scalable architecture. A..113 customers have achieved a 24X7X365 operation through the use of multiple production RTS Servers in multiple locations providing for redundant authorization capability.

Redundancy and load balancing can be achieved with several different approaches. The RTS
production servers can be placed into a single TCP/IP cluster using either Windows Network Load Balancing Service or through the use of an external hardware appliance like a Cisco Content Switch or BIG IP. All stores would connect to one IP address at your corporate office.
The load balancing device would automatically load balance the TCP/IP connections between the multiple RTS Production Servers. As store connection messages from the stores are received, the load balancing device would determine which RTS gets the next connection.
The RTS systems can be installed in the same site or between two physical locations.
RTS provides for full replication of applicable data between the RTS systems.
AJB strives to provide its customers with solutions that function in a "lights out" fashion. The underlying criteria have always been that the system must function with the least amount of manual intervention and only alert users when a problem is detected. In keeping with this mission statement, RTS provides user configurable alerting thresholds, and several mechanisms for generating alerts to the merchant's support desk personnel including pager, email and NT event log.
RTS uses an "executable" architecture in which each financial processor has an assigned specific executable that contains the applicable message format logic. All formatting is completed for that processor with the assigned executable. The RTS software uses a bank routing table to be able to setup a profile for each store type. Each profile contains a listing of all supported card types and which processors they will be sent to. Because each financial processor would have a unique executable, when changes are made to one executable, there will not be any impact to other executables on the system.
RTS also has a pass-through message format called the "FiPay 300". This message structure is used by merchants to define their own message types to service internal transaction types with other host bank end applications such as Loyalty, SKU
Locator, Refund Management and customer lookup. The structure requires a standard header format that is used by RTS for routing purposes. The rest of the structure can be defined by the merchant and is routed transparently between the POS and backend processing interfaces.
RTS includes our Pathfinder network management software. Pathfinder is a user friendly Graphical User Interface (GUI) that provides a flexible, easy-to-use method for defining, accessing, and managing the RTS and the network. It provides real-time access and into the status of your network, stores and financial processor links.
In a dual or multi server RTS configuration, Pathfinder can provide a single view of both systems.
Pathfinder will update with input from each system. Additionally by double-clicking on a Node, Pathfinder will display the log and trace information on the system that the store is currently connected to. If a store is in a failed state, it means the store is failed across all RTS Servers.
RTS Pathfinder provides enhanced monitoring functions to manage your stores and financial processors as well as providing enhanced reporting and statistical capability.
The RTS Pathfinder Dashboard tool allows a snapshot view of all current system status, including TPS
(transactions per second) overall, TPS by specific processor and other key operational events.
The RTS requires access to Microsoft SQL Server 2005/2008 for reporting, PCI
auditing and settlement/reconciliation purposes only. RTS does not use SQL for the authorization function. so if the SQL database is not available to RTS, there is absolutely no impact on the authorizations between the stores, RTS and your financial processors.

RTS supports the following application security:
o SSL connectivity from store to RTS
o SSL connectivity from Pathfinder GUI to RTS
o VPN (although inherent to network security) and transparent to AJB
application o Windows Active Directory for user authentication and permissions o AES 256 bit encryption which is tied into shared key distribution. No single user knows the entire key, only their partial key o signed files preventing changes to configuration files Universal Recognition Token and Platform (SaaS partner overview) The Market:
There are several high quality providers of gift / prepaid / loyalty solutions. These companies integrate into the retailers (POS / payment terminal) and provide software as a service (SaaS) via the 'cloud'. Initially started as gift cards / prepaid (Stored Value Solutions - SVS) solutions, they are now expanding into loyalty and other marketing services.
These organizations' strengths are the quality of the software solution, the robustness of their platform, and quality of service. These services can be provided cost effectively and turnkey to the retailer. Additionally, once integrated into a retailer they are looking for value add and more ways to upsell the retailer with new products and services.
Their 'weakness' is that these solutions require a new customer to (I) get and carry a new card in order to be recognized (II) fill out an enrollment form either in store or online. These two elements pose significant barriers. Retailer must feel confident that their customer will accept to carry a new card - not an easy task -and take the time to enroll. These barriers are slowing the growth of the providers of SaaS SVS and loyalty solution. One Inc's universal recognition platform may eliminate these barriers.
Registration is key for gift / prepaid cards. Today, customers can use prepaid (Coffee Card) with registering. However, this has two significant drawbacks. For the customer, if the card is lost ¨they lose all the money on the card ¨just like it is cash. For the retailer, an unregistered card means that they get no customer information contact /
buying behavior that can be used for effective marketing.
The card is not linked to the service.
First take a step back, the card may not be linked to the service. The card may simply be a recognition device. The actual service gift / prepaid / loyalty may be completely 'decoupled' from the card. Once identified, the service provider's system takes care of settlement of cash, attribution of points ...so, in fact, the card may simply be a 'number' or way to identify the customer.
The Opportunity:
Universal Recognition Card (Token) - one is better than many.
The One Universal Recognition Platform may allow providers of gift / prepaid (SVS) and loyalty programs the ability to provide their retailers and the final customer with the ability to have one card for multiple locations.
So what does One Inc provide? An Interconnect Model:
One inc solution provides an interconnection between various provides that will allow for the implementation of a universal recognition token at multiple locations.
This is similar to Interac allowing one bank card at multiple ATM's or MasterCard allowing Universal Recognition Token and Platform (SaaS partner overview) customer to shop at any retailer worldwide.
The interconnect model is based on the following elements - Universal Recognition card / token(s) that can be accepted at all locations.

- Unique number on every token - Central real time recognition platform Universal Recognition Card (Token) - one is better than many.
The starting point may be a card in order to be accepted at ALL locations. The token may have the lowest common denominator for technology so that every retailer may accept it. For example, this is a card with a mag strip - every retailer has the ability either on their POS or payment terminal to read a mag strip. {What about the phone ..
.see appendix }
Get a new token. Customers who do not hold a one card token may get a new token just like they get a new gift / prepaid / loyalty card today at the retailers point of sale.
The difference is that this token will not be a single store token but the customer may be able use it to be recognized at any partner location. These tokens may branded the issuing retailer with a 1 logo. For existing customers that already have a non-one card they may exchange it at the retailer for a new 1 activate card. Same service that they have today, but now with universal recognition.
Use an existing token. Once a customer has a 1 token in their possession they may not need to get a new token; they may simply use one that is already in the wallet.
Third party token issuance: In order to build a membership base and 'park of One card tokens, it may be possible to work with third party partner to 'distribute' tokens to their customer as a value add ¨ branded ¨ gift. These partners may not be merchants that accept the One Inc. universal token, but may issue tokens as a marketing tool.
The idea is that, by issuing the token, the partner may enhance customer satisfaction by providing something of value ¨ that will remain in their wallet. Partners could be banks (given to customer of gold bank cards), insurance companies, etc....
Unique Number:
The numbers assigned to the One Inc. universal tokens may be a subset of our official BIN number. That way One Inc. may ensure that every number issued is unique.
It may also allow for 'distributed issuance of numbers. Our interconnect partners may have a subset of numbers attributed to them which may allow them to independently issue new tokens while ensuring they have a unique number across the coalition.
Universal Recognition Hub We provide the central hub that may allow customers to use a single token across Universal Recognition Token and Platform (SaaS partner overview) multiple retailers - that are not using the same provider (like Interac did with the banks) . One Inc. may integrate with the solution providers in order to 'enhance' their service offering to the retailers. "Enhance" it by eliminating the need for their customer to carry a new card and enroll in a new program. The hub may provide the following functionality real time to our partners - and thus their retailers - New Customer Activation: New (to One Inc. ) / New (to retailer) - Instant Enroll in new programs: Existing One Inc. members (hold a token) may instantly enroll in a new program by simply swiping their card. One Inc. may transmit the appropriate contact information in their behalf, avoiding the need to enroll or register.
- Lost Card replacement: Replace one card, not many - Update Customer Information: Customer updates once and that information may be pushed to all the retail programs that you participate in.
- Change tokens: as new technology arrives (e.g. Smartphone), customer may seamlessly switch to a new token without having to re register all of their cards /
programs.
Leverage our partners base.
One Inc. recognition platform may enhance our partners service offering. For example, One Inc. may leverage off its partners network for:
- Integration: One Inc. may connect the One Inc. recognition platform to our partners SaaS system, which, in turn, connects us to the retailers. This strategy may allow One Inc., via this partnership, to provide a universal recognition token to thousands of retailers with 'directly' integrating into their POS, as our channel partners have already done so. Each new partner integrated may provide the opportunity to instantly 'activate' thousands of new retailers.
- Sales: The Universal recognition token is a value add that may enhance the service our partners are already providing. This may be sold as an additional product to existing customers or to be used as a key selling feature when pitching new clients.
Thus it is the partners that (help) sell. As the number of One Inc. tokens in circulation increases, this may become a big selling feature for partners.
- Billing: As this is sold though our channel partners, they may bill the merchants directly (either as part of the existing service or an additional fee - tbd) and One Inc.
may share in that revenue stream.

Universal Recognition Token and Platform (SaaS partner overview) Why will the partner loin One Inc. (and not do it on their own) ?
The card is not a strategic advantage - in fact it is a barrier to them selling - and up selling - their services.
Why Join.
Their customers may select their solution based on the value of the solution, not the fact that they can provide a card. The card is not a strategic advantage. The retailer can get all the value of the solution plus without having to 'force' another card into the customer wallet.
One Inc. universal solution may also be a preemption against new 'virtual providers'.
New startups are pitching phone based solutions that do not require a card.
They do not address the 'all tech' solution of being able to service ALL of a merchants customer base ¨ as everyone will not have or want to use a Smartphone. By joining One Inc., the providers have a competitive solution to these new 'non card based' providers of gift /
loyalty programs.
Why not do it on their own?
Beyond Retail. In addition to providing a interconnection to other retail locations, One Inc. may expand the recognition platform beyond loyalty to other 'access' opportunities.
If potential partners go it alone, they cannot provide a token to their retailers that can also be used beyond retail for access to museums, health clubs, etc.
Beyond Retail -In addition to retail, One Inc. may take the same approach - integrating into channel partners - in markets beyond retail.
Museums / Galleries: Memberships are another example of a service that need a recognition token. Similar to gift / loyalty, there are larger SaaS suppliers of these solutions to museums / galleries. Working with these suppliers allows you to get an 'in' international ticketing companies.
Ticketing: Many venues, transport, etc....have put in place a bar code system for tickets. Instead of printing the ticket, customers could attach the ticket to the One Inc.
card recognition token and use that to enter the event. Many ticketing supplier are moving to a semi virtual solution by pushing bar codes via sms or to an app.
An additional opportunity for the SaaS ticket providers is to connect to the One Inc.

Universal Recognition Token and Platform (SaaS partner overview) recognition platform and allow their customer to use their One Inc. card as a ticket.
Health Clubs: Similar to gift / loyalty, there are SaaS providers to the health / fitness clubs. One Inc. takes a similar approach to eliminating the need for an additional card in the wallet.
Companies providing access systems to ski resorts. For example, the ski pass is a contact-less card that provides access at each lift. These cards are not one time - but 'rechargeable' during the season and season to season. Customers can go online, purchase their list ticket (day, week .. ) and 'attach' it to their pass.
There are even some resorts that have put in place a pay as you go system in which the token is linked to a credit card and you are billed for actual usage. This is a big step forward for the ski resorts as it reduces lines - and staff - selling tickets and allows for more sophisticated direct marketing and optimization of pricing. However for this to work the customer may need to have a card issued by the resort.
If One card was integrated into one of these companies, all of their resorts could offer this functionality by attaching the ski pass to any One inc universal (contact-less) token.
The advantages to the resort may be (i) first time customers do not need to line up to get a card, they can order tickets in advance and attach to their One card (ii) eliminate lost, forgotten (in the other jacket) ..ski card. (iii) automatic photo id.
Passes that are for more than 2 days require an electronic photo that can be sent directly from one to the ski resort (photo is not on the card, but in the system an shows on a screen ever time you pass a lift) (iv) Customer data. One Inc. may provide additional customer data (name, email, telephone) that the ski resort does not currently receive.

Universal Recognition Token and Platform (SaaS partner overview) Appendix X: What about the phone?
The phone may be a solution in the future but for these services to work they are based on a ALL tech solution. The starting point will be a card in order to be accepted at ALL
locations. It is important to have a token that has the lowest common denominator for technology so that every retailer can accept it. For now this is a card with a mag strip (every retailer has the ability either on their POS or payment terminal to read a mag strip).
So how will One address the smartphone.
One will take an all tech approach to the phone ¨ running 'parallel' options.
There will (always) be a simple card (mag and maybe enhanced to contact-less). However;
One will also have implement 'virtual' soltutions.
One App (bar code). One will have a bar code app that will allow members to have the same universal recognition token but with a single app. The app will simply be a 'virtual' bar code of the one number (that can be scanned). As a customer you can use one app instead of having multiple apps ¨ each with a different bar code ¨ that you need to find, launch and display on checkout. The challenge with this option is that the SaaS
providers need to have a solution that can accept a bar code as well as a mag strip and the merchants need to have the appropriate hardware, a bar code scanner.
One App (NFC) ¨ When NFC rolls out and sufficient SaaS providers and their merchants have the ability to accept this technology, One can seamless 'upgrade' customer from their existing One Recognition Token to NFC.

The Problem of Recognition Issuers (collectively defined as loyalty programs, membership to clubs, transportation pass, car sharing, bike sharing etc.) may require that the 'members' be identified. In order to identify members the issuer may assign a unique identifier to each member so that each time the member requires access to the service and benefits they can be identified.
Identifiers The ideal identifier for an issuer may be one that is universally unique, permanent and transportable. The most common unique identifier is a new number issued on a new card. This is the simplest as it ensures that the number is unique; however it may require the customer to carry a new card. However, although the number is unique for that issuer the number is not universally unique. Other 'alternative' identifiers include the use of email address, phone numbers, name, work, etc. but are not optimal because they do not have all the three criteria of an ideal identifier. For example, a loyalty card number is unique for the company but may not be universally unique across all loyalty programs. An email address or phone number is universally unique but may not be permanent if the user changes work or their provider.
The One Number - The ultimate universal unique identifier The One number is the optimal identifier for recognition as it is the only identifier created solely for the purpose of recognition. The one number is universally unique, permanent and transportable.
The One Universal Token The one universal token is the ultimate recognition token. It is based on the universally unique One Number and can take the form, for example, of a card (mag stripe, bar code, RFID), a Smartphone application, wireless fob ..
The one token may provide the holder with a single token to be recognized at multiple participating issuers.
How issuers Participate:
Use One numbers. Issuer can request a one number range and use this number on their tokens. Initially it may work just like an existing loyalty card /
number.
The additional benefit is that the number may be guaranteed to be universally unique not just unique for the issuer. Thus, in the future, if that issuer wants to allow their card to be used at other locations or if the issuer wants to accept other issuers' tokens, it is possible without any change to the system or numbering on their cards.

Simple Acceptance: An issuer who wants to accept a universal one token can add an additional identifier field - the one field - to their system. When a customer uses the one token, the system may search on the one field and open their profile. The rest of the process may be exactly as if they has been identified with the issuers token / card / number.
Linked System: An issuer can also be linked to the One Recognition platform and can do a real time lookup of any one token. This cloud-based process may have additional benefits.
Benefits of participating in the one platform may include -- Interoperability - Instant Enroll - Centralized Membership Information Updates - Switching of tokens Interoperability -Current loyalty / membership programs that issue a unique identifier e.g.
loyalty card / number, may ensure that it is unique for their company. However, they may not be able to ensure that the number is unique for other programs /
memberships. Thus is it not possible for an issuer to 'partner' with one or more issuers allowing members to use one card at multiple locations. E.g. use my gym card to get loyalty points at a retail location or vice versa. Since the One number is unique, participating locations that accept the one number can allow members to use the card at multiple locations as it may be guaranteed to be a unique identifier across all of those locations.
Instant Enroll -Enrolment of new members usually requires (i) the creation of a new member profile (ii) the issuance of a new unique identifier and card (or alternative token). The One Universal Token may provide for instant membership enrolment and may eliminate the need for the two steps.
- New member simply 'swipes' their one universal token (mag strip swipe, bar code read or REID swipe) and a new membership profile may be created with the one number as the unique identifier.
- One inc. then 'sends' the necessary customer information (name, address, email ...) to the issuer to complete the profile.
Thus an issuer may secure a new member with one simple swipe of the One universal token without having to issue a new card nor requiring the customer to fill out a new customer profile.
From a customer point of view, they are now part of a new program without having to carry a new card or fill out any forms.

Central Update of Customer Information - Master Data Management In addition to using the one number for recognition, an additional benefit of the one number may be to simplify master data management of member identity information.
Members may be able to update their information profile (address, phone number, email address...) once, and that information may be pushed out to all the connected issuers. Since the issuers all use a unique one number to indentify the members, this may eliminate any errors in matching the updated customer information with the correct customer profile in their database.
Switching of Tokens:
The one number is the key to identification, not the token. Thus a member can seamlessly switch from one form of a token to another. For example they can change from a card to a Smartphone application. Since there may be no 'data' associated with the profile - just the one number - the switch may be simple:
just enter the one number into the new app and the member may have instant access at all of the one partner locations. This is a simplified and streamlined process compared to current applications in the market that store several loyalty /
member car numbers in one application. A change of phone would mean that all the data of all the members cards would have to be reentered or synchronized.
With the One system, there is only one number, not multiple numbers.