Nearly 1.3 million German citizens soon will be testing a new system of tap-and-go payment cards in a project called Girogo. Bank and savings customers will be offered payment card facilities in a network of shops and filling stations for payments of up to 20€. The project will be operated in Hanover, Braunschweig, and Wolfsburg.
Contactless payment isn’t new. So what makes Girogo different? It will use a security chip designed by Infineon and approved by the German Banking Industry Committee (Deutsche Kreditwirtschaft) for new contactless bankcards. In fact, the chip is the first device to get the committee’s approval—and the committee’s security requirements are regarded as the most stringent standards in the world.
Customers can use the dual-interface Girogo bankcard for contact-based payment by inserting it into a normal chip and pin payment terminal. Or for contactless payment, users can hold the card in front of the reader at the checkout. No signature or PIN entry is required, meaning the payment process takes less than a second.
As chip-based cards supersede magnetic-stripe cards, the German Banking Industry Committee says they have been instrumental in reducing card-related crimes. Data theft at cash dispensers, for example, dropped 45% from 2010 to 2011. Analysts believe the global number of chip-activated payment cards, including contactless cards, to be shipped in 2012 will reach approximately 1 billion.
The SLE 78 Security Controller
The SLE 78C family is the latest system from Infineon for high-security chip-card markets. It follows the SLE 66PE family, which is currently used across all existing chip-card markets worldwide.
The SLE 78C provides a simple migration path while introducing Integrity Guard, offering long-term device security and ensuring CC EAL5+(High) certification. Rather than relying entirely on shields and sensors, Integrity Guard concentrates on core security to protect against fraudulent attacks.
Features include dual central processing units (CPUs); implementation for fault detection; full CPU, memory, bus, and cache encryption; error detection codes in all memories; error codes for cache protection; and address and data scrambling of memories.
The dual CPU is particularly important in security terms, enabling the cross-checking of usage data to help identify any errors stemming from the card’s fraudulent use. The system also complies with EMVCo (Europay, Mastercard, Visa) security requirements for payment cards.