The move from cash to cash payments has freed the financial industry to develop new channels and drive greater profitability.However, it has also heralded escalating fraud rates, increasing legislative pressure and subsequent financial repercussions from loss of revenue and reputationIt was to rectify this and create a more secure payments framework, that card issuers Europay, MasterCard and Visa combined forces to champion the development of EMV – releasing the first set of standards in 1995.
Replace traditional magnetic stripe cards, which offered basic security features such as a data-string, signature strip and hologram, Improved security will be provided by an IC or smart card and PIN to identify the card and authenticate the cardholder.
Enhanced SecurityUnlike magnetic stripe, the data held on the EMV chip uses specially designed cryptographic algorithms, such as DES, Triple-DES, RSA and SHA, to provide authentication of the card to the processing terminal and the card issuer’s host system. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978.La familia SHA (Secure Hash Algorithm, Algoritmo de Hash Seguro) By making transaction processes more complex, EMV is able to ‘lock out’ many fraudsters and prevent common practices such as card skimming. Practical attacks in effect are extremely limited.
Enhanced SecurityEMV’s use of chip technology greatly reduces a criminal’s ability to reuse stolen payment card data by introducing dynamic forms of cardholder verification for each transaction. Even if payment card data is compromised, a counterfeit card would be unusable at the point of sale without the presence of the card’s unique elements. By reducing static verification methods, it allows card issuers and retailers
AdoptionLocal and global liability shifts, applied by payment schemes across 60 countries globally have led to EMV becoming firmly established as the primary payment standard worldwide. Today, 45% of all global payment cards and 76% of all terminals currently use the EMV payment standard.This means that 1.5 billion EMV cards and almost 22 million EMV terminals are now in circulation (Source: EMVCo, EMV deployment figures for Q4 2011).
Deployment CostsMagnetic stripe cards cost around 19 cents compared with $1 for a chip-and-PIN card (Source: TowerGroup, 2011). In addition EMV requires an upgrade/replacement of POS and ATM equipment.
Deployment CostsPOS upgrade cost can be reduced in markets which can afford to implement a streamlined only version of EMV that does not require offline PIN support. In addition, the investment required by issuers to upgrade cards to EMV can be offset over time as EMV cards offer issuers and retailers the opportunity to treat cards as assets – facilitating new value added customer services on a single card. EMV cards can have a long lifespan and a strong ROI.
LongevitySome are also concerned with the age of the standard. EMV will be pushing 20 years old.Experience from successful implementations in a broad range of markets in varying levels of development show it is still holding out against the fraudsters. Its complexity is such that it has maintained its role of cutting out the most basic and frequent forms of card–based financial crime.
LongevitySome are also concerned with the age of the standard. EMV will be pushing 20 years old.Experience from successful implementations in a broad range of markets in varying levels of development show it is still holding out against the fraudsters. Its complexity is such that it has maintained its role of cutting out the most basic and frequent forms of card–based financial crime.
Liability ShiftThe supposed increased protection from fraud has allowed banks and card issuers to push through a ‘liability shift’ in most markets making merchants liable for any fraud that results from transactions on systems that are not EMV capable. For transactions in which an EMV card is used, the cardholder is assumed to be liable unless they can unquestionably prove they were not present for the transaction or did not authorize the transaction.
For Issuers and Retailers Reduced FraudAuthentication of chip card protecting against counterfeit and online and offline fraudBetter risk management parametersDigital data signing for transaction integrityMore robust cardholder verificationAdded Value FeaturesSupport for complex loyalty schemesLocal applications (e-purse, ATM, etc)DPA/CAP
For Issuers and Retailers Faster, More Convenient PaymentsSupport for online and offline transactions (DDA/CDA)Support for additional non-payment oriented on-card applications – transport, access, etc.
For acquirersReduced Authorization ExpensesFewer Transaction DisputesNew Merchant Accounts (those which were previously too high risk)Greater Offline Transaction Security
EMV specifications include the following information:Functionality required for integrated circuit cardsFunctionality required for terminals to ensure correct operation and interoperability with ICC’sSecurity requirements and recommendations with respect to the on-line communication between ICC and issuer and the management of cryptographic keys at terminal, issuer and payment system level
EMV standard is supported in various TranzWare products: In TranzWare Online EMV standard is supported in authorization and acquiring settingsIn TranzWare Card Factory it is supported at the stage of card personalizationIn TranzWare Card Management System this standard is supported in Card Limits Definition
EMV standard is supported in various TranzWare products: In TranzWare Online EMV standard is supported in authorization and acquiring settingsIn TranzWare Card Management System this standard is supported in Card Limits DefinitionIn TranzWare Card Factory it is supported at the stage of card personalization
Let us consider EMV Support in TranzWare Online system. TranzWare Online provides host interfaces supporting this standard. You can see the list of these interfaces on this slide. Speaking about terminal equipment it is necessary to mention that TranzWare Online supports various types of ATMs: NDC+ and DDC D912. There are several configuration types, for example, NCR, ProCash NDC, ProCash NDC/Diebold. But it is necessary to provide additional service maintenance and configure special ATM scenario.EMV cards may be served in TPTP POS-es as well as in TITP POS-es.TranzWare Online supports EMV-cards management by means of Issuer EMV scripts and EMV-tags and prevents overdraft on EMV-cards caused by the cards offline use, it also controls EMV offline-limits.
Let us consider EMV Support in TranzWare Online system. TranzWare Online provides host interfaces supporting this standard. You can see the list of these interfaces on this slide. Speaking about terminal equipment it is necessary to mention that TranzWare Online supports various types of ATMs: NDC+ and DDC D912. There are several configuration types, for example, NCR, ProCash NDC, ProCash NDC/Diebold. But it is necessary to provide additional service maintenance and configure special ATM scenario.EMV cards may be served in TPTP POS-es as well as in TITP POS-es.TranzWare Online supports EMV-cards management by means of Issuer EMV scripts and EMV-tags and prevents overdraft on EMV-cards caused by the cards offline use, it also controls EMV offline-limits.
Let us consider EMV Support in TranzWare Online system. TranzWare Online provides host interfaces supporting this standard. You can see the list of these interfaces on this slide. Speaking about terminal equipment it is necessary to mention that TranzWare Online supports various types of ATMs: NDC+ and DDC D912. There are several configuration types, for example, NCR, ProCash NDC, ProCash NDC/Diebold. But it is necessary to provide additional service maintenance and configure special ATM scenario.EMV cards may be served in TPTP POS-es as well as in TITP POS-es.TranzWare Online supports EMV-cards management by means of Issuer EMV scripts and EMV-tags and prevents overdraft on EMV-cards caused by the cards offline use, it also controls EMV offline-limits.
Let us consider EMV Support in TranzWare Online system. TranzWare Online provides host interfaces supporting this standard. You can see the list of these interfaces on this slide. Speaking about terminal equipment it is necessary to mention that TranzWare Online supports various types of ATMs: NDC+ and DDC D912. There are several configuration types, for example, NCR, ProCash NDC, ProCash NDC/Diebold. But it is necessary to provide additional service maintenance and configure special ATM scenario.EMV cards may be served in TPTP POS-es as well as in TITP POS-es.TranzWare Online supports EMV-cards management by means of Issuer EMV scripts and EMV-tags and prevents overdraft on EMV-cards caused by the cards offline use, it also controls EMV offline-limits.
Let us consider EMV online-authorization: A terminal generates transaction request.The terminal sends an AC generation request to the card. EMV card generates Application Cryptogram using transaction data. This Cryptogram is sent to the terminal. In case the Cryptogram is ARQC (Authorization Request Cryptogram), it is sent to the authorizing host.Then the authorization request with ARQC is sent to authorizing host. When the authorizing host receives an authorization request, it analyses its data and generates its own ARQC and compares its value with the value in authorization request. If the values that had been compared coincide, the хост generates ARPC – Authorization Response Cryptogram.Then authorization response with ARPC is sent to the terminal.The terminal sends authorization response with ARPC to the card. The card generates its own and compares its value with the value in authorization responseIf the values that had been compared coincide transaction is completed. If not the card sends a bad ARPC response and the terminal generates transaction reversal.
A list of EMV-scripts is defined by EMV specifications. Let us consider Issuer EMV-scripts processing. Issuer Scripts are special commands allowing an Issuer to manage EMV-cards state. These commands are sent to a card with authorization response.
There are several Issuing Scripts types: Card Block – blocks all applications of EMV-cardApplication Block – blocks a selected application of EMV-cardApplication Unblock – unblocks a selected application of EMV-cardUpdate Record – modifies data of lineal filePut Data – changes selected card parameter PIN Change – changes Offline PIN codePIN Unblock – unblocks Offline PIN code in case the limit of incorrect PIN tries defined while card issuing had been exceeded. EMV-scripts are arranged into a queue. The commands at the head of the queue have higher priority.There may be Application block and Card Block scripts in a queue. In case one of these scripts is in a queue it will have the highest priority and will be sent to the card first.
PurposeEMV Offline spending control is used to prevent the overdraft on EMV-cards caused by the cards offline useThis technology also allows to synchronize EMV-card and host balances quickly and efficiently control EMV offline-limits. It should be noted that EMV Offline spending control usage may increase authorization time
EMV Offline spending control algorithmsNo offline spending control: the funds spent offline are not being counted.Do not hold offline limit: the available balance will change on the amount spent offlineHold offline limit:The “Hold offline limit”algorithm indicates that with each online-authorization, the available balance will be debited for the amount spent offline. This variant provides for the max hold. Hold offline limit but use it for EMV online: The “Hold offline limit but use it for EMV online” algorithm alternative indicates that the offline limit will be hold for the mag stripe online transactions. The mag stripe transaction is initiated: there have been the offline transactions on the card but no any EMV-online transaction. The amount spent offline on the card is unknown as there has been no any EMV online transaction, thus, the Offline limit amount is hold in order to avoid the overdraft.