2. EMV – Europay, MasterCard and
Visa
• A chip card is simply a plastic card
containing an integrated circuit.
• It contain an embedded micro-
processor chip which will
encrypt transaction data
dynamically for each purchase
3. EMV – Europay, MasterCard and Visa
• The chip technology on the card in conjunction with a PIN or signature
verification, provides a two factor authentication necessary to combat fraud.
• First U.S. payment card utilizing the EMV standard “Chip & PIN” was issued
by United Nation FCU in 2010
4. So many definitions so little time!
SMART CARD or is it a CHIP ENABLED CARD
CHIP CARD or CHIP & PIN
CHIP CONTACT CARD, CHIP & SIGNATURE
At the end, they all do the same thing. So
keep in mind it all means the same. A card
with an integrated circuit.
If we can’t even agree on a name, how
are we going to agree on the rest?
5. EMV is a global reality, with 1.3 billion cards
and 20.7 million card readers based on EMV
standard. Excluding U.S., 42.4% of cards
issued and over 75.9% of POS card readers
are EMV enabled. (EMVCO, Q3 2011)
Its time you joined the club!
6. EMV improves payment transaction security by:
Card Authentication – protecting against counterfeit cards
Cardholder verification – protecting against lost or stolen cards
Transaction authorization – using issuer defined rules to
authorize transactions
7. Master your game by understanding the basics!
PAYMENT METHOD VERIFICATION METHOD AUTHENTICATION METHOD
8. PAYMENT METHOD
Contact smart cards require you to
CONTACT AND actually insert the card for identification
purposes.
CONTACLESS CARDS
Contactless smart cards, also knows as
RFID (radio frequency ID) only require you to
be near the scanner for reading.
Contactless smart cards make the identification
process fast & easy. However, the same
technology that enables you to use these cards
without touching the scanner also makes it
possible for enterprising hackers to steal
information. Keep that in mind as you look at
your options.
9. VERIFICATION METHOD
Chip & PIN or Chip & Signature
Chip & PIN
• Verify identity with PIN that must correspond to information
on the chip
• Most secure type of technology
• Harder for fraudsters to replicate or steal your card.
• Will have mag stripe on back of card
Chip & Signature
• Verify identity with Signature
• Less secure than Chip & PIN but more secure than
mag stripe
• Unable to use at unmanned kiosks
• Shorter implementation time and cost
• Will have mag stripe on back of card
10. EMV card supports verification methods (CVM’s)
Online PIN, is encrypted by the PIN pad and sent to the card issuer online for verification
Offline PIN, where the PIN is verified offline by the chip on the card. Only the result is sent
to the host.
Signature authentication, where the cardholder signature is verified
NO CVM (typically for low value transactions or transactions at unattended POS locations)
Network & terminal capabilities largely dictate which solution is to be used
ATM’s are typically required to always support online PIN
11. • EMV transactions can be authorized online or offline
Cards can be configured to allow both online & offline authentication. Network &
terminal capabilities largely dictate which solution is to be used.
12. • Chip card uses key technology to generate a cryptogram, also called Authorization Request Cryptogram (ARQC)
• ARQC is the dynamic data which makes an EMV transaction unique & provides card present counterfeit fraud protection
• Chip generates cryptogram by applying algorithm to the card, the device and the transaction data
• Because cryptogram generation is different for each transaction, the resulting cryptogram is unique for each transaction
13. Keep it in mind!
• With online authorization, a dynamic cryptogram protects against the use of
skimmed data & stolen account data
• Card usage restrictions such as international use prohibitions are systematically
enforced
• With offline authorization, a PIN capability protects against lost & stolen card fraud
• With offline authorization, data authentication protects against counterfeit cards
• Limits on offline activity protects against credit overruns and fraud
Source: emvco.com