Kona Software Lab Limited., profile picture
Uploaded byKona Software Lab Limited.
PDF, PPTX5,681 views

EMV Overview

The document provides an overview of EMV (Europay, MasterCard, and Visa) standards, highlighting the roles of various players in the payment ecosystem such as issuers, acquirers, and payment network providers. It details the evolution of payment cards from magnetic stripe to chip and contactless technologies, emphasizing authentication and security features to combat fraud and data duplication risks. Additionally, the document outlines the transaction processes and risk assessment methods associated with EMV technology.

Embed presentation

Download as PDF, PPTX
EMV Overview KONA SOFTWARE LAB LTD. October 01, 2016
CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Players and Roles for Payment System Payment Network Provider  Offering products and services to User  Signing up with Acquirer  Buying Merchant’s products and services  Using payment card issued by IssuerUser Merchant Acquirer Issuer Payment Network Provider network  Transmitting collected transaction data to Issuer  Signing up and underwriting Merchant  Approval or rejection of transaction  Issuing payment card  Providing network between Issuer and Acquirer  Offering brand benefit Payment eco- system Acquirer User Merchant Issuer POSATM Acquiring System Issuing System HostPayment Cards Interchange Network Authorization System NPSB 3
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 4
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 5
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 6
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 7
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 8
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Magnetic Stripe Cards Magnetic Stripe Cards • Stores data on the magnetic band usually located on the back of the card. • Contains Track 1 & Track 2 Data • Track 1 Data • Card Type, PAN, Cardholder Name, PAN Expiry Date, Service Code. • Track 2 Data • PAN, PAN Expiry Date, Service Code • Stored data can not be changed. • Read by swiping past a magnetic reading head.
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Magnetic Stripe Transaction Flow Magnetic Stripe Transaction Flow Static Authentication Data Static Authentication Data Static Authentication Data Acquirer Payment Network Provider Issuer Transaction Response Transaction Response Transaction Response Magnetic Stripe Card Swiped in POS 10
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Security Issues for Magnetic Stripe Cards Security Issues for Magnetic Stripe Cards • Card Cloning  Magnetic stripe data is not encrypted and very easy to clone. • Static Data  Static data is stored in the magnetic stripe during personalization  This data is not changed during its lifetime. So, if this data is compromised once, it can be used for numerous number of times to perform fraud transactions. • Little Risk Assessment  No risk assessment is performed at the terminal or card.  Risk assessment is performed only at the host. 11
CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV EMV • A standard for smart payment cards and terminals. • EMV stands for – EuroPay, MasterCard and Visa, the three companies who were the founder of the standard. • This standard is maintained by EMVCo – a consortium with payment brands like Visa, MasterCard, JCB, American Express, China UnionPay, Discover as members. 13
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Purpose of EMV Standards Purpose of EMV Standards • To prevent card fraud  Minimize the risk of card data duplication and counterfeit that were easy with MS card • To reduce cost  Cut cost by activating offline transaction • Interoperability  Set up interoperable payment infrastructure(chip, card, terminal, and system) by defining business role of players in Credit & Debit Payment System 14
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Offerings EMV Offerings Cardholder and card authentication Cryptographic processing capability of smart chip Authorization by issuer by predefined rules Acquirer Authorization Request with dynamic data Payment Network Provider Issuer Authorization Request with dynamic data 15
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Cryptographic Processing EMV Cryptographic Processing • EMV chip cards has cryptographic processing capability. • Cryptographic algorithms such as Triple DES, RSA and SHA are used throughout various phases of the smart card’s lifecycle. 16
|Copyright 2016, Kona SL Ltd. | All Rights Reserved A Look Into Chip Cards A Look Into Chip Cards Contact Cards Contactless Cards Dual Interface Cards • 1 square cm. contact area with gold plated contact pads. • ISO/IEC 7816 standard defines the communication protocol, physical characteristics of card, security and command for interchange, commands for security operations, etc. • Card communicates with the reader through RF Induction technology • ISO/IEC 14443 standard defines the communication protocol, radio frequency power, transmission protocol, etc. • Both contact and contactless interfaces are supported • ISO/IEC 14443 standard defines the communication protocol, radio frequency power, transmission protocol, etc. 17
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Authentication EMV Authentication Card Authentication • Online Authentication • Offline Authentication  SDA – Static Data Authentication  DDA – Dynamic Data Authentication  CDA – Combined Data Authentication Cardholder Authentication • Online PIN • Offline PIN 18
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Authorization by the Issuer Authorization by the Issuer • Transaction cryptogram is generated and sent to the issuer online. • The issuer authorizes the transaction online. Payment Network Issuer Cryptogram Request Cryptogram Request Cryptogram Request Authorization Response Authorization Response Authorization Response Online Authorization Offline Authorization • Used when terminals don’t have online connectivity. • Card and terminal communicates and decides whether the transaction can be authorized. 19
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Risk Assessment Risk Assessment Terminal Risk Assessment • Terminal can decide to perform the transaction online/offline • For offline transactions, terminal checks the transaction amount against an offline ceiling limit. Card Risk Assessment • Card takes part in the decision making of accepting/declining a transaction • Different types of application cryptograms are generated  AAC – used for declining a transaction  TC – used for offline transaction  ARQC – used for online transaction 20
CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management Initiation of the transaction 22
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Reading card data for transaction Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 23
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Card authentication by terminal Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 24
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Static Data Authentication Signed by Payment Brand Payment Brand Certificate kept at the terminal Static Application Data Verified by payment brand certificate Verified by Issuer Public Key Certificate Payment Brand Certificate Issuer Public Key Certificate Issuer Public Key Certificate
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Dynamic Data Authentication Signed by Payment Brand Payment Brand Certificate kept at the terminal Issuer Public Key Certificate Issuer Public Key Certificate Verified by payment brand certificate Payment Brand Certificate Verified by Issuer Public Key Certificate ICC Public Key Certificate + Static Application Data Card & Terminal Dynamic Data Verified by ICC Public Key Certificate ICC Public Key Certificate
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Combined Data Authentication Generate Application Cryptogram Issuer Application Request Cryptogram (ARQC) Send ARQC to Issuer Cryptogram Validation Application Response Cryptogram Send ARPC to Card DDA
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Confirming compatibility between terminal and card Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 28
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Confirming whether a cardholder is valid Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 29
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Cardholder Verification Method Cardholder Verification Method Verification Methods • Online PIN  PIN is encrypted and verified by the issuer online • Offline PIN  A copy of the PIN is stored at the card in encrypted form  During transaction, user provided PIN is matched with that stored encrypted PIN • Signature  Cardholder’s signature on receipt is matched with the signature at the back of the card • No verification method • Only Card is authenticated • Usually takes place for small amount transaction 30
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Different steps taken by the terminal to prevent fraud Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 31
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Primary decision for transaction whether to approve or decline offline or online Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 32
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Final decision making for going online or offline for transaction by card self risk management based on terminal action analysis Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 33
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management Online Transaction with Application Cryptogram 34
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Online Transaction Flow EMV Online Transaction Flow Application Request Cryptogram (ARQC) Acquirer Payment Network Provider Issuer Application Response Cryptogram (ARPC) Application Request Cryptogram (ARQC) Application Request Cryptogram (ARQC) Cryptogram Validation Application Response Cryptogram (ARPC) Application Response Cryptogram (ARPC) 35
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Process Additional Commands from Issuer Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 36
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Complete Transaction Process Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 37
Copyright ⓒ 1999-2013 Kona I Co., Ltd All Rights Reserved. Copyright © 2016, KONA Software Lab Ltd. All Rights Reserved 38

More Related Content

PPT
Introduction to emv
byAnil Chaurasiya
 
PPTX
EMV chip cards
byDilip Kumar
 
PDF
Emv Explained in few words
byBanque Populaire Du Rwanda
 
PPTX
Tokenisation 2.0
byMadhuka De Silva
 
PPTX
Payment Card System Overview
byNarudom Roongsiriwong, CISSP
 
PDF
What is Payment Tokenization?
byRambus Inc
 
PDF
What is a Token Service Provider?
byRambus Inc
 
PPTX
HSM Key change flow using thales
byGalih Lasahido
 
Introduction to emv
byAnil Chaurasiya
 
EMV chip cards
byDilip Kumar
 
Emv Explained in few words
byBanque Populaire Du Rwanda
 
Tokenisation 2.0
byMadhuka De Silva
 
Payment Card System Overview
byNarudom Roongsiriwong, CISSP
 
What is Payment Tokenization?
byRambus Inc
 
What is a Token Service Provider?
byRambus Inc
 
HSM Key change flow using thales
byGalih Lasahido
 

What's hot

PDF
Abdullin modern payments security. emv, nfc, etc
byDefconRussia
 
PPTX
EMV Card Migration: How the EMV Transaction Flow Works
byAnnMargaret Tutu (AMT)
 
PPTX
Smart Card EMV for Dummies
byphdexec
 
PPTX
Payment gateway/payment service providers and future trends in mobile payment...
byDanail Yotov
 
PPTX
Epayments system in India and globally iit project
byabhiROCKS1103
 
PPTX
Digital payments
byUmashanker Sahu
 
PPT
E Payment
byAnkit Saxena
 
PPT
Payment Gateway
byAshraf Bashir
 
PPTX
Concepts of Digital Banking
byAbinayaS31
 
PPTX
Payment Gateway
byAsif Hussain
 
PDF
Payments 101 - Visual Diagrams
byKapish Kaushal
 
PPTX
Payments and transaction processing systems - Global and Indian Overview
byAkshay Kaul
 
PDF
Secure QR code payment
byJames Wu
 
PPT
Atm technology and operations
byAnil Chaurasiya
 
PDF
Swift standard messages
byPeter Hansen
 
PPT
Payment system to e commerce business
byQamar Farooq
 
PDF
How Credit Card Processing Works
byBusiness.com
 
PPTX
Atm
byAnurag Srivastava
 
PPTX
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
byRadhika Venkat
 
PPT
Payment Gateway
byNyros Technologies
 
Abdullin modern payments security. emv, nfc, etc
byDefconRussia
 
EMV Card Migration: How the EMV Transaction Flow Works
byAnnMargaret Tutu (AMT)
 
Smart Card EMV for Dummies
byphdexec
 
Payment gateway/payment service providers and future trends in mobile payment...
byDanail Yotov
 
Epayments system in India and globally iit project
byabhiROCKS1103
 
Digital payments
byUmashanker Sahu
 
E Payment
byAnkit Saxena
 
Payment Gateway
byAshraf Bashir
 
Concepts of Digital Banking
byAbinayaS31
 
Payment Gateway
byAsif Hussain
 
Payments 101 - Visual Diagrams
byKapish Kaushal
 
Payments and transaction processing systems - Global and Indian Overview
byAkshay Kaul
 
Secure QR code payment
byJames Wu
 
Atm technology and operations
byAnil Chaurasiya
 
Swift standard messages
byPeter Hansen
 
Payment system to e commerce business
byQamar Farooq
 
How Credit Card Processing Works
byBusiness.com
 
Atm
byAnurag Srivastava
 
ATM(AUTOMATIC TELLER MACHINE)-HISTORY,TYPES, WORKING, STRUCTURE
byRadhika Venkat
 
Payment Gateway
byNyros Technologies
 

Similar to EMV Overview

PPTX
Digital banking cards
byDhatshanaG
 
PPTX
EMV 201 EMF June 2016
byPhilip Andreae
 
PDF
Embedded System Security: Learning from Banking and Payment Industry
byNarudom Roongsiriwong, CISSP
 
PDF
EMV and Smartcards
byNEXTEP Processing
 
PPTX
Hot Topics In Payments DallasAFP Oct 2014
byThabaniNcube8
 
PDF
What is A Smart Card
byPhilip Andreae
 
PDF
Emerging Technologies in Payment Industry
byErfan Moradian
 
PDF
Sploitego
byLondon School of Cyber Security
 
PDF
EMV Payments: Changes at the Point of Sale
by- Mark - Fullbright
 
PDF
Heartland Secure PPT
byRobert Tarrant
 
TXT
Smart card emv for dummies
byBACKSEATRIDER
 
PDF
EMV: Preparing for Changes to the Retail Payment Process
by- Mark - Fullbright
 
PPTX
Emv and fraud
byUjwal Tamminedi
 
PDF
SBMS EMV Doc
byCraig Saling
 
PDF
Iiw13 identifying with_your_bank
bySteve Sidner
 
PPTX
EMV - Is your business ready?
byShannon Walcott
 
PDF
Emv and smartcards
byNEXTEP Processing
 
PDF
Financial Tech - St. Charles County Chambers Technology Committee presentatio...
byKen Tucker
 
PPTX
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
byKen Givens
 
PPT
Emv overview-payscape-2015 (1)
byKarina Khemani
 
Digital banking cards
byDhatshanaG
 
EMV 201 EMF June 2016
byPhilip Andreae
 
Embedded System Security: Learning from Banking and Payment Industry
byNarudom Roongsiriwong, CISSP
 
EMV and Smartcards
byNEXTEP Processing
 
Hot Topics In Payments DallasAFP Oct 2014
byThabaniNcube8
 
What is A Smart Card
byPhilip Andreae
 
Emerging Technologies in Payment Industry
byErfan Moradian
 
Sploitego
byLondon School of Cyber Security
 
EMV Payments: Changes at the Point of Sale
by- Mark - Fullbright
 
Heartland Secure PPT
byRobert Tarrant
 
Smart card emv for dummies
byBACKSEATRIDER
 
EMV: Preparing for Changes to the Retail Payment Process
by- Mark - Fullbright
 
Emv and fraud
byUjwal Tamminedi
 
SBMS EMV Doc
byCraig Saling
 
Iiw13 identifying with_your_bank
bySteve Sidner
 
EMV - Is your business ready?
byShannon Walcott
 
Emv and smartcards
byNEXTEP Processing
 
Financial Tech - St. Charles County Chambers Technology Committee presentatio...
byKen Tucker
 
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
byKen Givens
 
Emv overview-payscape-2015 (1)
byKarina Khemani
 

More from Kona Software Lab Limited.

PDF
Whitepaper on Evolution of the Payment Industry of Bangladesh
byKona Software Lab Limited.
 
PDF
Smart card to the cloud for convenient, secured nfc payment
byKona Software Lab Limited.
 
PDF
Kona Corporate Profile
byKona Software Lab Limited.
 
PDF
K cps datasheet
byKona Software Lab Limited.
 
PDF
Future Payment Trends
byKona Software Lab Limited.
 
PDF
Kona Biometric Card
byKona Software Lab Limited.
 
PDF
Kona dCVV Card
byKona Software Lab Limited.
 
PDF
Kona OTP Card
byKona Software Lab Limited.
 
Whitepaper on Evolution of the Payment Industry of Bangladesh
byKona Software Lab Limited.
 
Smart card to the cloud for convenient, secured nfc payment
byKona Software Lab Limited.
 
Kona Corporate Profile
byKona Software Lab Limited.
 
K cps datasheet
byKona Software Lab Limited.
 
Future Payment Trends
byKona Software Lab Limited.
 
Kona Biometric Card
byKona Software Lab Limited.
 
Kona dCVV Card
byKona Software Lab Limited.
 
Kona OTP Card
byKona Software Lab Limited.
 

Recently uploaded

PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PDF
January Patch Tuesday
byIvanti
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PDF
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
PDF
P6 Presentation basics for project control managers and planners
byNebojsaPavlovic9
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PDF
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
PDF
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PDF
XonTel Plus IP-PBX Business Phone System
byXonTel Technology
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PPT
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
PPTX
Grade 8 LESSON 7 - VIDEO EDITING lessonb
byclarizzairahmanansal
 
PPTX
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
A "Kill Switch" (Emergency Off Switch) for AI?
byScott M. Graffius
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
January Patch Tuesday
byIvanti
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
Saga: The new era of transactions in a microservices architecture
byGiovanni Marigi
 
P6 Presentation basics for project control managers and planners
byNebojsaPavlovic9
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
2025-CB-NCAE-slide-deck.pptx-1-83.pdf Virtual Orientation on the Administrati...
byNelizabethEsplaguera1
 
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
XonTel Plus IP-PBX Business Phone System
byXonTel Technology
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
Grade 8 LESSON 7 - VIDEO EDITING lessonb
byclarizzairahmanansal
 
Flutter & Firebase Session Slides - GDG VESIT
bygdgcodecellcmpn
 

EMV Overview

  • 1.
    EMV Overview KONA SOFTWARELAB LTD. October 01, 2016
  • 2.
    CONTENTS Ⅰ EMV Authentication &Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
  • 3.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Players and Roles for Payment System Payment Network Provider  Offering products and services to User  Signing up with Acquirer  Buying Merchant’s products and services  Using payment card issued by IssuerUser Merchant Acquirer Issuer Payment Network Provider network  Transmitting collected transaction data to Issuer  Signing up and underwriting Merchant  Approval or rejection of transaction  Issuing payment card  Providing network between Issuer and Acquirer  Offering brand benefit Payment eco- system Acquirer User Merchant Issuer POSATM Acquiring System Issuing System HostPayment Cards Interchange Network Authorization System NPSB 3
  • 4.
    Embossing Magnetic StripeIC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 4
  • 5.
    Embossing Magnetic StripeIC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 5
  • 6.
    Embossing Magnetic StripeIC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 6
  • 7.
    Embossing Magnetic StripeIC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 7
  • 8.
    Embossing Magnetic StripeIC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 8
  • 9.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Magnetic Stripe Cards Magnetic Stripe Cards • Stores data on the magnetic band usually located on the back of the card. • Contains Track 1 & Track 2 Data • Track 1 Data • Card Type, PAN, Cardholder Name, PAN Expiry Date, Service Code. • Track 2 Data • PAN, PAN Expiry Date, Service Code • Stored data can not be changed. • Read by swiping past a magnetic reading head.
  • 10.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Magnetic Stripe Transaction Flow Magnetic Stripe Transaction Flow Static Authentication Data Static Authentication Data Static Authentication Data Acquirer Payment Network Provider Issuer Transaction Response Transaction Response Transaction Response Magnetic Stripe Card Swiped in POS 10
  • 11.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Security Issues for Magnetic Stripe Cards Security Issues for Magnetic Stripe Cards • Card Cloning  Magnetic stripe data is not encrypted and very easy to clone. • Static Data  Static data is stored in the magnetic stripe during personalization  This data is not changed during its lifetime. So, if this data is compromised once, it can be used for numerous number of times to perform fraud transactions. • Little Risk Assessment  No risk assessment is performed at the terminal or card.  Risk assessment is performed only at the host. 11
  • 12.
    CONTENTS Ⅰ EMV Authentication &Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
  • 13.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved EMV EMV • A standard for smart payment cards and terminals. • EMV stands for – EuroPay, MasterCard and Visa, the three companies who were the founder of the standard. • This standard is maintained by EMVCo – a consortium with payment brands like Visa, MasterCard, JCB, American Express, China UnionPay, Discover as members. 13
  • 14.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Purpose of EMV Standards Purpose of EMV Standards • To prevent card fraud  Minimize the risk of card data duplication and counterfeit that were easy with MS card • To reduce cost  Cut cost by activating offline transaction • Interoperability  Set up interoperable payment infrastructure(chip, card, terminal, and system) by defining business role of players in Credit & Debit Payment System 14
  • 15.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved EMV Offerings EMV Offerings Cardholder and card authentication Cryptographic processing capability of smart chip Authorization by issuer by predefined rules Acquirer Authorization Request with dynamic data Payment Network Provider Issuer Authorization Request with dynamic data 15
  • 16.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved EMV Cryptographic Processing EMV Cryptographic Processing • EMV chip cards has cryptographic processing capability. • Cryptographic algorithms such as Triple DES, RSA and SHA are used throughout various phases of the smart card’s lifecycle. 16
  • 17.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved A Look Into Chip Cards A Look Into Chip Cards Contact Cards Contactless Cards Dual Interface Cards • 1 square cm. contact area with gold plated contact pads. • ISO/IEC 7816 standard defines the communication protocol, physical characteristics of card, security and command for interchange, commands for security operations, etc. • Card communicates with the reader through RF Induction technology • ISO/IEC 14443 standard defines the communication protocol, radio frequency power, transmission protocol, etc. • Both contact and contactless interfaces are supported • ISO/IEC 14443 standard defines the communication protocol, radio frequency power, transmission protocol, etc. 17
  • 18.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved EMV Authentication EMV Authentication Card Authentication • Online Authentication • Offline Authentication  SDA – Static Data Authentication  DDA – Dynamic Data Authentication  CDA – Combined Data Authentication Cardholder Authentication • Online PIN • Offline PIN 18
  • 19.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Authorization by the Issuer Authorization by the Issuer • Transaction cryptogram is generated and sent to the issuer online. • The issuer authorizes the transaction online. Payment Network Issuer Cryptogram Request Cryptogram Request Cryptogram Request Authorization Response Authorization Response Authorization Response Online Authorization Offline Authorization • Used when terminals don’t have online connectivity. • Card and terminal communicates and decides whether the transaction can be authorized. 19
  • 20.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Risk Assessment Risk Assessment Terminal Risk Assessment • Terminal can decide to perform the transaction online/offline • For offline transactions, terminal checks the transaction amount against an offline ceiling limit. Card Risk Assessment • Card takes part in the decision making of accepting/declining a transaction • Different types of application cryptograms are generated  AAC – used for declining a transaction  TC – used for offline transaction  ARQC – used for online transaction 20
  • 21.
    CONTENTS Ⅰ EMV Authentication &Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
  • 22.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management Initiation of the transaction 22
  • 23.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Reading card data for transaction Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 23
  • 24.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Card authentication by terminal Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 24
  • 25.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Static Data Authentication Signed by Payment Brand Payment Brand Certificate kept at the terminal Static Application Data Verified by payment brand certificate Verified by Issuer Public Key Certificate Payment Brand Certificate Issuer Public Key Certificate Issuer Public Key Certificate
  • 26.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Dynamic Data Authentication Signed by Payment Brand Payment Brand Certificate kept at the terminal Issuer Public Key Certificate Issuer Public Key Certificate Verified by payment brand certificate Payment Brand Certificate Verified by Issuer Public Key Certificate ICC Public Key Certificate + Static Application Data Card & Terminal Dynamic Data Verified by ICC Public Key Certificate ICC Public Key Certificate
  • 27.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Combined Data Authentication Generate Application Cryptogram Issuer Application Request Cryptogram (ARQC) Send ARQC to Issuer Cryptogram Validation Application Response Cryptogram Send ARPC to Card DDA
  • 28.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Confirming compatibility between terminal and card Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 28
  • 29.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Confirming whether a cardholder is valid Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 29
  • 30.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Cardholder Verification Method Cardholder Verification Method Verification Methods • Online PIN  PIN is encrypted and verified by the issuer online • Offline PIN  A copy of the PIN is stored at the card in encrypted form  During transaction, user provided PIN is matched with that stored encrypted PIN • Signature  Cardholder’s signature on receipt is matched with the signature at the back of the card • No verification method • Only Card is authenticated • Usually takes place for small amount transaction 30
  • 31.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Different steps taken by the terminal to prevent fraud Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 31
  • 32.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Primary decision for transaction whether to approve or decline offline or online Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 32
  • 33.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Final decision making for going online or offline for transaction by card self risk management based on terminal action analysis Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 33
  • 34.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management Online Transaction with Application Cryptogram 34
  • 35.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved EMV Online Transaction Flow EMV Online Transaction Flow Application Request Cryptogram (ARQC) Acquirer Payment Network Provider Issuer Application Response Cryptogram (ARPC) Application Request Cryptogram (ARQC) Application Request Cryptogram (ARQC) Cryptogram Validation Application Response Cryptogram (ARPC) Application Response Cryptogram (ARPC) 35
  • 36.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Process Additional Commands from Issuer Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 36
  • 37.
    |Copyright 2016, KonaSL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Complete Transaction Process Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 37
  • 38.
    Copyright ⓒ 1999-2013Kona I Co., Ltd All Rights Reserved. Copyright © 2016, KONA Software Lab Ltd. All Rights Reserved 38