Basic system architecture options
Electronic payment systems based on smart cards can be constructed in a wide variety of manners. For economic reasons, they are often based on existing systems, most of which are based on magnetic-stripe cards. However, there is no single basic model that applies to all payment systems, since the requirements vary too widely. We can therefore only describe the basic principles of such systems in terms of their essential components. Large smart card payment systems basically consist of four different components. These are the background system, the network, the terminals and the cards.

Background system
The background system consists of two parts: clearing and management. The clearing subsystem maintains the accounts of all of the banks, merchants and cardholders participating in the system, and it books all incoming transaction data. It also provides the system monitoring functions. A simple example of such a function is maintaining a running balance to check whether the total of the amounts submitted to the clearing system exceeds the total amount of money in the electronic purses. If it does, an attacker has loaded money into smart cards without the knowledge of the background system. The management part of the background system controls all administrative processes, such as distributing new blacklists, switching to new key versions, sending software updates to the terminals and so on. This subsystem also generates data sets for personalizing smart cards. The background system has complete control of the electronic payment system, regardless of the system architecture. Even with systems that work completely offline, the background system establishes the global system parameters and monitors the security and operation of the system.

The network links the background system to the terminals. The connections may be circuit-switched (e.g. ISDN) or packet-switched (e.g. X.25). As a rule, the network is totally transparent to the data traffic, which is passed unmodified from the sender to the receiver.

The various types of terminals can be classified as either loading terminals or payment terminals, according to their functions with respect to payments. They can also be classified as automated terminals or attended terminals. The classic example of an automated terminal is a cash dispenser (ATM). In electronic purse systems, automated terminals are primarily used only to load cards. It would naturally also be conceivable to allow an electronic purse to be emptied using such a terminal, with the balance being paid out in cash. Attended terminals are typically located at supermarket checkouts and in retail shops. They are always used to pay for goods. In some systems, terminals in banks can also be used to load smart cards in exchange for cash payments.

Smart cards
Smart cards are the most widely distributed component of the system. They can be used as electronic purses, but they can also be used as security modules in various types of terminals. Another use is transporting data between various system components. Cards for this purpose, which are called transfer cards, are used to manually transfer transaction data from a terminal that works completely offline to one that works online (such as a cash dispenser). The example system shownin Figure 12.4 illustrates the system components and their logical connections. The background system, which may be the background system of a different operator or a component of the system itself, is connected to the other components via a transparent network. Electronic purses are must commonly loaded using cash dispensers, most of which operate online, although they can also operate offline for a limited time in the event of a network failure. For this reason, they have their own security modules, which hold all of the keys necessary for normal operation and key derivation. There are also electronic purse payment systems that operate fully offline. Two examples are parking meters and terminals in taxis. In such cases, transfer cards can be used to transport the transaction data from the security modules to a cash dispenser, from which they reach the background system via the network. In exchange, the terminals receive current administration data, such as blacklists and software updates. A second type of payment terminal is one that is connected to the network via an online connection that is established as necessary. This type of terminal normally works offline, but it periodically connects to the background system in order to exchange any available billing and administrative data. A third type of payment terminal has no direct connection to the network. For example, it could be connected to a supermarket cash register that in turn is connected to a concentrator located in the facility. This concentrator, which is normally a PC acting as a server, might connect to the background system once a day via the network. The necessary data exchanges occur during this connection. The Quick electronic purse system in Austria and the Geldkarte system in Germany are similar to the example system just described, and many parts of the Visa Cash electronic purse system correspond to what has just been described. For large applications, it is quite common to use a distributed system architecture consisting of several different background systems operating in parallel.With such an architecture, several different purse systems with more than one system operator can be operated with mutual compatibility.