EMV and Smart Payment Cards

What is EMV? 

EMV is a standard relating to smart payment cards and the terminals where they are processed. EMV stands for Europay, MasterCard, and Visa, the three companies that are behind this technology.  

The cards based on EMV are frequently called Chip-and-PIN or Chip-and-Signature cards subject to its means of verification by the card emitter. Chip-and-PIN systems are considered more secure than the chip-and-signature ones. Both types of cards are described as smart because they have an embedded chip where data is stored in integrated circuits along with a magnetic stripe. This makes them safer than cards with a magnetic stripe alone. 

Benefits of EMV 

Fraud reduction 

EMV chip card transactions improve security against fraud thanks to its requirement of a personal identification number (PIN) as opposed to magnetic stripe cards which require the mere signing of a paper receipt – where the holder’s signature could easily be forged. Moreover, the chip is packed with encryption algorithms which further safeguard the authentication process.

In addition, attempts to copy the card will be useless, as only the magnetic stripes will be copied, but not the chip – which cannot be cloned.  

However, PIN authentication will not always occur, as it is incumbent upon the capacity of the terminal and the programming of the card.  

Offline operation 

EMV cards contain microprocessors that can interact with terminals, enabling them to perform offline transaction verification and offline cardholder verification without requiring an online connection to banking systems. Terminals can be configured to verify and accept PIN codes offline, which was a feature not supported by magnetic stripe cards.  

Contactless transactions 

Mobile wallets are one of the major trends in the payment industry. EMV technology enables those transactions, where cardholders can only tap their cards against a terminal. For instance, it allows customers to wave their smart-phones over a terminal rather than dipping or tapping a card.  

Steps of an EMV transaction 

An EMV transaction takes place in 12 steps: 

Application selection 

An application identifier which consists of a registered application provider identifier of five bytes is used to address an application in the card.  

Initiate application processing 

The terminal sends a command to the card. The card responds with a list of files and records that the terminal needs to read from the card. 

Read application data 

This command enables the file locator to read EMV data from Smart cards which are stored in files in a particular format.  

Processing restrictions 

This step performs three checks (version number, usage control, expiration date) to see if the card should be used. If any of these fail, the card might be declined. 

Offline data authentication 

The coding of the card is verified to validate the card. One process ensures data read from the card has been signed by the card issuer while a second step provides protection against modification of data and cloning.

Cardholder verification 

This is used to evaluate whether the person presenting the card is the legitimate cardholder, more commonly via a signature or an online PIN. 

Terminal risk management 

This checks the transaction amount against an offline ceiling limit (above which transactions should be processed on-line) 

Terminal action analysis 

This is used to determine whether a transaction should be approved offline, sent online for authorization, or declined offline. 

First card action analysis 

This step gives the card the opportunity to accept the terminal’s action analysis or to decline a transaction or force a transaction on-line. 

Online transaction authorization 

The card generates a code which the card issuer can check in real time. This provides a strong cryptographic check that the card is genuine 

Second card action analysis 

The terminal sends data to the card again to let it know the issuer’s response. 

Issuer script processing 

If a card issuer wants to update a card (such as blocking it, or change its parameters) after having issued it, it can send commands to the card using this process.  

The Liability Shift 

New rules now cover credit card fraud. The presumed added protection from counterfeiting which EMV technology brings has empowered banks and credit card issuers to come forward with a “liability shift”.  

Normally, it is the card issuer who is liable for fraudulent transactions. However, since January 2005 in the EU region and 1 October 2015 in the US, the ATM or merchant’s point of sale terminal – and not the card issuer – is legally responsible for any fraud that results from transactions on systems that are not EMV-capable.  

For instance, based on these new liability rules, if a defrauder uses a chip card at a terminal that reads solely the magnetic stripe, the merchant will have to cover the loss because they failed to comply with the EMV standard. From now on, the issuer will cover the loss if the counterfeit card had a chip and was used on an updated terminal – a scenario deemed unlikely however due to the enhanced security. 

Featured Articles

The use of EMV cards throughout Asia

With 70 percent of the world’s consumers now using EMV-enabled cards, the growth of these high-security cards has been constant. But with contactless payments becoming more (…) Read more

Payment processing: Learning from the ups and downs of 2016

Payment processing in 2016 made a great leap, largely thanks to technological advances. The transition to Europay, Mastercard, and Visa (EMV), as well as the behavior of (…) Read more

Fraudsters go online as EMV reduces card fraud

With the advent of the EMV chips in credit and debit cards, fraudsters are being forced to look elsewhere. While it may be a little annoying having to wait for the terminal to (…) Read more

EMV-enabled cards are taking over worldwide

With the increase in credit card fraud, more and more people are starting to use microchip-enabled cards to help secure their personal data. EMV-enabled cards are the future of (…) Read more

Decoding the EMV technology and liabilities

Magnetic stripe cards are getting outdated as the world is shifting to chip cards. Europay/ MasterCard/ Visa (EMV) technology has already established itself as an innovative (…) Read more

The use of EMV technology expected to spike in 2017

There is no escape. Adopted nationwide in the United States on the 1st of October 2015, Europay/ MasterCard/ Visa (EMV) cards is here to stay. It has started replacing the old (…) Read more

EMV: Safety and ease of use for retailers and consumers

The use of bank cards has always brought about fraud worries and convenience issues. Europay/ MasterCard/ Visa (EMV) chip cards are revolutionizing the payment industry in the (…) Read more

Four absolute trends for payment processing

The growth of digital payment has shown how fast the payment industry is evolving. Apple Pay, Samsung Pay and others (…) Read more

More and more hackers are coveting Point-of-Sale systems

Attacks are multiplying against Point-of-Sale (POS) systems. Hackers view this payment system as easy targets. The reason behind is that POS systems have relatively old security (…) Read more

EMV conversion: Neither security nor convenience sacrificed

Transition towards Europay Mastercard Visa (EMV) payment has entailed an inevitable tug of war between security and convenience. Both retailers and customers are seeking these two (…) Read more

Chip Cards: A semi-satisfactory first birthday

One year after its launch in the US, the EMV card threw a wrench into counterfeit card fraud which declined by over 50 percent. But while the chip-and-pin is giving a hard time to (…) Read more

EMV: Tips to win the uphill battle

EMV helps prevent instances of card-present fraud by using a microchip to authenticate the card or cardholder. Since October 2015, retailers, and not payment networks, are liable (…) Read more

 Mobile POS Market Expects 38% Boost by 2024, NFC Seen to Top the List

As the need for payment solutions in many industries arises, mobile technology becomes a huge role player in connecting retailers and customers. Mobile Point-of-Sale market is one (…) Read more

News Flashes

EN 2017-04-21 emazzanti.net

[Video]8 Ways to Spot Counterfeit Credit Cards

To avoid unnecessary chargeback liability, make sure that retail employees are well-trained on these methods of detecting fraudulent credit cards: Read more

Other Topic Pages