Smart Card EMV for Dummies


Published on

Simplify EMV business for financial institutions

Smart Card EMV for Dummies

  2. 2. EMV – Europay, MasterCard andVisa• A chip card is simply a plastic card containing an integrated circuit. • It contain an embedded micro- processor chip which will encrypt transaction data dynamically for each purchase
  3. 3. EMV – Europay, MasterCard and Visa• The chip technology on the card in conjunction with a PIN or signature verification, provides a two factor authentication necessary to combat fraud.• First U.S. payment card utilizing the EMV standard “Chip & PIN” was issued by United Nation FCU in 2010
  4. 4. So many definitions so little time!SMART CARD or is it a CHIP ENABLED CARD CHIP CARD or CHIP & PIN CHIP CONTACT CARD, CHIP & SIGNATURE At the end, they all do the same thing. So keep in mind it all means the same. A card with an integrated circuit. If we can’t even agree on a name, how are we going to agree on the rest?
  5. 5. EMV is a global reality, with 1.3 billion cardsand 20.7 million card readers based on EMVstandard. Excluding U.S., 42.4% of cardsissued and over 75.9% of POS card readersare EMV enabled. (EMVCO, Q3 2011)Its time you joined the club!
  6. 6. EMV improves payment transaction security by: Card Authentication – protecting against counterfeit cards Cardholder verification – protecting against lost or stolen cards Transaction authorization – using issuer defined rules to authorize transactions
  7. 7. Master your game by understanding the basics!PAYMENT METHOD VERIFICATION METHOD AUTHENTICATION METHOD
  8. 8. PAYMENT METHOD Contact smart cards require you to CONTACT AND actually insert the card for identification purposes.CONTACLESS CARDS Contactless smart cards, also knows as RFID (radio frequency ID) only require you to be near the scanner for reading. Contactless smart cards make the identification process fast & easy. However, the same technology that enables you to use these cards without touching the scanner also makes it possible for enterprising hackers to steal information. Keep that in mind as you look at your options.
  9. 9. VERIFICATION METHODChip & PIN or Chip & SignatureChip & PIN • Verify identity with PIN that must correspond to information on the chip • Most secure type of technology • Harder for fraudsters to replicate or steal your card. • Will have mag stripe on back of cardChip & Signature • Verify identity with Signature • Less secure than Chip & PIN but more secure than mag stripe • Unable to use at unmanned kiosks • Shorter implementation time and cost • Will have mag stripe on back of card
  10. 10. EMV card supports verification methods (CVM’s)Online PIN, is encrypted by the PIN pad and sent to the card issuer online for verificationOffline PIN, where the PIN is verified offline by the chip on the card. Only the result is sentto the host.Signature authentication, where the cardholder signature is verifiedNO CVM (typically for low value transactions or transactions at unattended POS locations) Network & terminal capabilities largely dictate which solution is to be used ATM’s are typically required to always support online PIN
  11. 11. • EMV transactions can be authorized online or offline Cards can be configured to allow both online & offline authentication. Network & terminal capabilities largely dictate which solution is to be used.
  12. 12. • Chip card uses key technology to generate a cryptogram, also called Authorization Request Cryptogram (ARQC)• ARQC is the dynamic data which makes an EMV transaction unique & provides card present counterfeit fraud protection• Chip generates cryptogram by applying algorithm to the card, the device and the transaction data• Because cryptogram generation is different for each transaction, the resulting cryptogram is unique for each transaction
  13. 13. Keep it in mind!• With online authorization, a dynamic cryptogram protects against the use of skimmed data & stolen account data• Card usage restrictions such as international use prohibitions are systematically enforced• With offline authorization, a PIN capability protects against lost & stolen card fraud• With offline authorization, data authentication protects against counterfeit cards• Limits on offline activity protects against credit overruns and fraud Source:
  14. 14. © PREPARE YOURSELF FOR SUCCESS!Aris Jerahianaris@arisjerahian.comA payment industry executive with more than 20 years of client management, consulting and operationalexperience which helped establish long-term, successful partnership with financial institutions. He is theauthor of “Courage to Change,” which aims to help readers improve both their professional and personallives, and serves as a council member on the Council of Advisors for Gerson Lehrman Group, a globalnetwork of executives who provide consultation to investment leaders.