emv card and terminal basic requirements final 04 15 v2.2
Post on 24-Jan-2016
22 Views
Preview:
DESCRIPTION
TRANSCRIPT
Minimum EMV Chip Card and Terminal Requirements
Intended Audience
This document is intended for use by U.S. issuers, merchants, acquirers, processors and vendors who are planning deployments of their respective EMV chip programs in the U.S.
Introduction
How to Use the Minimum Requirements Matrix
Some U.S. payment networks are implementing EMV “liability shifts” effective October 2015. As U.S. issuers, merchants, acquirers and processors plan for these liability shifts, many are asking: “What are the minimum requirements that we need to consider as we deploy chip for my organization?”
To help merchants, acquirers, processors and issuers develop their strategies for EMV implementation, several payment network participants in the EMV Migration Forum have collaborated to create a document presenting minimum requirements for EMV chip deployment across each payment network. The primary goal of this document is to help stakeholders understand the minimum requirements of EMV chip implementation and deployment for those payment networks – Accel, American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa – reflected in the document, so that stakeholders can work with their partners to develop a strategy to meet those requirements. While the document addresses minimum EMV chip requirements of the respective networks, decisions regarding deployment of chip technology will differ by stakeholder and involve a balancing of considerations, such as business needs and preferences, deployment timing, complexity and associated initial and future costs.
The document focuses on the minimum card and terminal EMV requirements for the U.S. payment networks Accel, American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa in the context of the U.S. electronic payments marketplace and the October 2015 liability shifts. These participants have documented their respective minimum card and terminal configurations for EMV compliance. Some issuers and merchants, as they evaluate their business needs, may consider added functionalities that are beyond each network’s minimum requirements, such as offline PIN support and offline data authentication. All issuers and merchants should carefully evaluate their individual business requirements against the potential additional functionalities and their associated costs and complexities. In addition, merchants should evaluate these functionalities against the expected volume of issuers that may support them, and issuers should evaluate these functionalities against the expected volume of merchants that may support them.
Issuers and merchants that choose to deploy EMV solutions are encouraged to work directly with their card and terminal vendors, payment networks and processing partners to determine the approved EMVCo configurations offered that best satisfy their business needs. Approved EMVCo terminal configurations (e.g. chip reader and chip software) are a global industry requirement, including in the U.S.
The Minimum Requirements Matrix is an Excel document consisting of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and one tab for a glossary:
• Introduction• Cards - Credit• Cards - Debit U.S. Common AID• Cards - Debit Brand AID• Terminals - Point-of-Sale (POS)• Terminals - ATM• Glossary
Within each tab, the left vertical columns B and C list the available capabilities for cards or terminals within the EMV standard (called “attributes” in the matrix). The horizontal row 4 lists the U.S. participants in the matrix: American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa.
For each participant, a checkmark signifies those attributes that are minimum requirements for that participant. If an attribute is left blank, it means that the attribute is optional for that participant, and not required. In some cases, participants have added comments regarding particular attributes that are optional or that the participant deems to require clarification.
Legal Notice
About U.S. EMV Chip Migration
About the EMV Migration Forum
The Minimum Requirements Matrix is an Excel document consisting of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and one tab for a glossary:
• Introduction• Cards - Credit• Cards - Debit U.S. Common AID• Cards - Debit Brand AID• Terminals - Point-of-Sale (POS)• Terminals - ATM• Glossary
Within each tab, the left vertical columns B and C list the available capabilities for cards or terminals within the EMV standard (called “attributes” in the matrix). The horizontal row 4 lists the U.S. participants in the matrix: American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa.
For each participant, a checkmark signifies those attributes that are minimum requirements for that participant. If an attribute is left blank, it means that the attribute is optional for that participant, and not required. In some cases, participants have added comments regarding particular attributes that are optional or that the participant deems to require clarification.
This document provides an overview of each participating payment network minimum card and terminal requirements for chip deployment. The information is publicly available, and is provided to help stakeholders understand the minimum requirements of chip deployment for each payment network so they can work with their partners to determine their best strategy to meet requirements as the fraud liability shift approaches.
This document describes each participants’ minimum EMV requirements in the context of the U.S. marketplace. It should be noted, however, that specific requirements are determined independently by the respective networks, and are subject to change. Issuers and merchants are therefore strongly encouraged to evaluate these requirements against their own specific business needs, and to work directly with card and terminal vendors to determine the approved EMVCo configurations that satisfy the relevant minimum card and terminal requirements. While great effort has been made to ensure that the information in this document and the Minimum Requirements Matrix is accurate and current, neither document should be relied on for any legal purpose, whether statutory, regulatory, contractual or otherwise and all warranties of any kind are disclaimed, including all warranties relating to or arising in connection with the use of or reliance on the information set forth in either document. Any person that uses or otherwise relies in any manner on the information set forth in the documents does so at his or her sole risk.
If a network is not included in the matrix, issuers and merchants should directly contact their respective networks and acquirers regarding minimum card and terminal requirements for regional debit networks.
Commonly used globally in place of magnetic stripe technology, EMV chip technology helps to reduce card fraud in a face-to-face card-present environment; provides global interoperability; and enables safer transactions across contact and contactless channels. Chip implementation was initiated in the U.S. in 2011 and 2012 when American Express, Discover, MasterCard and Visa announced their roadmaps for supporting a chip-based payments infrastructure. Acquirer processor readiness mandates to support chip were established for 2013, with liability shifts for managing fraud risk in a face-to-face environment set for 2015.
The EMV Migration Forum is a cross-industry body focused on supporting the EMV implementation steps required for global and regional payment networks, issuers, processors, merchants, and consumers to help ensure a successful introduction of more secure EMV chip technology in the U.S. The focus of the Forum is to address topics that require some level of industry cooperation and/or coordination to migrate successfully to chip technology in the U.S. For more information on the EMV Migration Forum, please visit http://www.emv-connection.com/emv-migration-forum/.
This document is intended for use by U.S. issuers, merchants, acquirers, processors and vendors who are planning deployments of their respective EMV chip programs in the U.S.
Some U.S. payment networks are implementing EMV “liability shifts” effective October 2015. As U.S. issuers, merchants, acquirers and processors plan for these liability shifts, many are asking: “What are the minimum requirements that we need to consider as we deploy chip for my organization?”
To help merchants, acquirers, processors and issuers develop their strategies for EMV implementation, several payment network participants in the EMV Migration Forum have collaborated to create a document presenting minimum requirements for EMV chip deployment across each payment network. The primary goal of this document is to help stakeholders understand the minimum requirements of EMV chip implementation and deployment for those payment networks – Accel, American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa – reflected in the document, so that stakeholders can work with their partners to develop a strategy to meet those requirements. While the document addresses minimum EMV chip requirements of the respective networks, decisions regarding deployment of chip technology will differ by stakeholder and involve a balancing of considerations, such as business needs and preferences, deployment timing, complexity and associated initial and future costs.
The document focuses on the minimum card and terminal EMV requirements for the U.S. payment networks Accel, American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa in the context of the U.S. electronic payments marketplace and the October 2015 liability shifts. These participants have documented their respective minimum card and terminal configurations for EMV compliance. Some issuers and merchants, as they evaluate their business needs, may consider added functionalities that are beyond each network’s minimum requirements, such as offline PIN support and offline data authentication. All issuers and merchants should carefully evaluate their individual business requirements against the potential additional functionalities and their associated costs and complexities. In addition, merchants should evaluate these functionalities against the expected volume of issuers that may support them, and issuers should evaluate these functionalities against the expected volume of merchants that may support them.
Issuers and merchants that choose to deploy EMV solutions are encouraged to work directly with their card and terminal vendors, payment networks and processing partners to determine the approved EMVCo configurations offered that best satisfy their business needs. Approved EMVCo terminal configurations (e.g. chip reader and chip software) are a global industry requirement,
The Minimum Requirements Matrix is an Excel document consisting of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and one tab for a
Within each tab, the left vertical columns B and C list the available capabilities for cards or terminals within the EMV standard (called “attributes” in the matrix). The horizontal row 4 lists the U.S. participants in the matrix: American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa.
For each participant, a checkmark signifies those attributes that are minimum requirements for that participant. If an attribute is left blank, it means that the attribute is optional for that participant, and not required. In some cases, participants have added comments regarding particular attributes that are optional or that the participant deems to require clarification.
The Minimum Requirements Matrix is an Excel document consisting of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and one tab for a
Within each tab, the left vertical columns B and C list the available capabilities for cards or terminals within the EMV standard (called “attributes” in the matrix). The horizontal row 4 lists the U.S. participants in the matrix: American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa.
For each participant, a checkmark signifies those attributes that are minimum requirements for that participant. If an attribute is left blank, it means that the attribute is optional for that participant, and not required. In some cases, participants have added comments regarding particular attributes that are optional or that the participant deems to require clarification.
This document provides an overview of each participating payment network minimum card and terminal requirements for chip deployment. The information is publicly available, and is provided to help stakeholders understand the minimum requirements of chip deployment for each payment network so they can work with their partners to determine their best strategy to meet
This document describes each participants’ minimum EMV requirements in the context of the U.S. marketplace. It should be noted, however, that specific requirements are determined independently by the respective networks, and are subject to change. Issuers and merchants are therefore strongly encouraged to evaluate these requirements against their own specific business needs, and to work directly with card and terminal vendors to determine the approved EMVCo configurations that satisfy the relevant minimum card and terminal requirements. While great effort has been made to ensure that the information in this document and the Minimum Requirements Matrix is accurate and current, neither document should be relied on for any legal purpose, whether statutory, regulatory, contractual or otherwise and all warranties of any kind are disclaimed, including all warranties relating to or arising in connection with the use of or reliance on the information set forth in either document. Any person that uses or otherwise relies in any manner on the information set forth in the documents does so at his or her sole risk.
If a network is not included in the matrix, issuers and merchants should directly contact their respective networks and acquirers regarding minimum card and terminal requirements for regional
Commonly used globally in place of magnetic stripe technology, EMV chip technology helps to reduce card fraud in a face-to-face card-present environment; provides global interoperability; and enables safer transactions across contact and contactless channels. Chip implementation was initiated in the U.S. in 2011 and 2012 when American Express, Discover, MasterCard and Visa announced their roadmaps for supporting a chip-based payments infrastructure. Acquirer processor readiness mandates to support chip were established for 2013, with liability shifts for
The EMV Migration Forum is a cross-industry body focused on supporting the EMV implementation steps required for global and regional payment networks, issuers, processors, merchants, and consumers to help ensure a successful introduction of more secure EMV chip technology in the U.S. The focus of the Forum is to address topics that require some level of industry cooperation and/or coordination to migrate successfully to chip technology in the U.S. For more information on the EMV Migration Forum, please visit http://www.emv-connection.com/emv-
Note:
Card: U.S. Credit Configuration - Brand AID
Attribute Visa MasterCard China UnionPay American Express Discover
Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments
AuthorizationOnline P P P P P
Offline
Authentication
Not allowed
DDA Required if card not configured as online-only P P Required if card not configured as online-only
CDA Required if card not configured as online-only
ARQC P P P P Application Cryptogram is mandatory P
Issuer authentication (ARPC) P Optional to Issuers P
CVM
Online PIN P P P P Only for ATM P
Offline PIN
Signature P P P P P
No CVM P P P P P
Scripting
Offline PIN block
Offline PIN change
Application block/unblock
EMV scripting
Counter reset
Note: 1. Visa to discontinue SDA for new and replacement Visa contact chip only cards that support offline authorization, effective 1 Oct 2015
P= indicates requirement
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Not required or recommended due to online-only environment in U.S.
SDA1
Offline authentication not required or recommended due to online-only environment in U.S.
Not recommended, could lead to unnecessary reversals; only needed to reset offline counters
For ATM cash transactions only, not required for purchase transactions
P Online or Offline PIN
For Signature Cards: Required for ATM and unattended terminals (CAT 1)
P Online or Offline PIN P Online or Offline PIN
PIN required for ATM cash transactions only, not mandatory for purchase transactions
Scripting is not necessary due to online-only environment in U.S.
UPI standards support scripting, and is optional for issuer
Scripting will be dependent on personalization, all must be supported by the chip application
Discover supports issuer scripting, it is the issuer's choice whether to utilize this functionality
Note:
Card: U.S. Debit Configuration - Common AID
Attribute Visa MasterCard China UnionPay Accel PULSE NYCE STAR Network AFFN Jeanie SHAZAMMinimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments
AuthorizationOnline P P P P P P P P P P
Offline
Authentication
SDA Not allowed
DDA Required if card not configured as online-only
CDA Required if card not configured as online-only
ARQC P P P P P P P P P P
Issuer authentication (ARPC) P
CVM
Online PIN P P P P P P P P P P
Offline PIN Not Supported Not supported at this time
Signature Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM
No CVM P P P P P P P P P P
Scripting
Offline PIN block
Offline PIN change
Application block/unblock Scripting not supported at this time
EMV scripting
Counter reset
P= indicates requirement
ODA (offline data authentication) can be optionally supported
Not recommended, could lead to unnecessary reversals; only needed to reset offline counters
STAR will pass the ARPC back in the online message for approved transactions to support Issuer ARPC if implemented
SHAZAM will pass the ARPC back in the online message for approved transactions to support Issuer ARPC if implemented
Scripting is not necessary due to online-only environment in U.S. UPI standards support scripting, and is
optional for issuer
Issuer option; Accel will pass the data in the message if the Issuer has opted to utilize this functionality.
Issuer scripting supported, it is the issuer's choice whether to utilize this functionality
Issuer scripting supported, it is the issuer's choice whether to utilize this functionality
If the issuer supports scripting STAR will pass in the message. Issuer's choice whether to utilize this functionality
If the issuer supports scripting SHAZAM will pass in the message. Issuer's choice whether to utilize this functionality
Note:
Card: U.S. Debit Configuration - Brand AID
Attribute Visa MasterCard China UnionPay Discover
Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments
AuthorizationOnline P P P P
Offline
Authentication
SDA Not allowed
DDA Required if card not configured as online-only
CDA Required if card not configured as online-only ODA can be optionally supported
ARQC P P P P
Issuer authentication (ARPC) P Optional to Issuers
CVM
Online PIN P Required for cash transactions P P P P P
Offline PIN
Signature P P P P
No CVM P P P P
Scripting
Offline PIN block
Offline PIN change
Application block/unblock
EMV scripting
Counter reset
P= indicates requirement
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Not recommended, could lead to unnecessary reversals; only needed to reset offline counters
For Signature Cards: Required for ATM and unattended terminals (CAT 1)
Scripting is not necessary due to online-only environment in U.S.
UPI standards support scripting, and is optional for issuer
Issuer scripting supported, it is the issuer's choice whether to utilize this functionality
Note:
U.S. EMV POS Terminal- Basic Configuration
Attribute Visa MasterCard China UnionPay American Express DiscoverDescription Comments Description Comments Description Comments Description Comments Description Comments
Application AIDs supported
Required MasterCard UnionPay Credit/Debit/Quasi Credit/Common AID American Express D-PAS Proprietary , U.S. Common AID, Zip AID
Optional
Terminal Type and Floor Limit
Terminal type Any device supporting online authorization Including 21, 24 (Tag '9F 35') terminal types Any device supporting online authorization Any device supporting online authorization
Terminal floor limit 0 0 0 0
Attribute Visa MasterCard China UnionPay American Express Discover
Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments
Authorization & Settlement
Online authorization P P P P
Offline authorization Optional, can be used in merchant stand-in
Offline clearing, settlement
Deferred authorization Optional, dependent on industry etc. Optional
Offline Data Authentication (ODA)
SDA Not allowed Required if terminal supports offline CAM
DDA P P P P P
CDA P Optional
Terminal Capabilities & CVM
Magnetic stripe P P P P P
IC with contacts P P P P P
Online enciphered PIN P Required if Offline PIN is supported P Required if Offline PIN is supported
Offline PIN P Required if Online PIN is supported Recommended, Offline plaintext PIN only P Required if Online PIN is supported
Signature Required at attended POS only Required at attended POS only Required at attended POS only P P
No CVM Required at unattended POS only Required at unattended POS only P P
Transaction Types and Requirements
Cash back Optional
Goods P P P P P
Services P P P P P
Receipt capabilities P P P P P
PIN Pad POS PIN pad P P P P
Support / carry chip data
Authorization request / response P Optional for Issuer to send chip data in response P P P P
Clearing, settlement P P P P
Returns Chip data not required Not required
AID in authorization message P Optional
Scripting
PIN block P P P P
All scripting must be supported by the terminal
P
PIN change P P P P P
Application block/unblock P P P P P
EMV scripting P P P P P
Counter reset P P P P P
P= indicates requirement
Visa Credit/ DebitVisa Electron
Must support partial AID
InterlinkVisa U.S. Common Debit
MaestroU.S. Maestro (Common AID)
Acquirer / merchant choice whether to support Common AID
Acquirers must identify floor limit under the max amount allowed by DFS Operating Regulations (for offline capable terminals)
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Requirement relating to Lost/Stolen Liability
Online and offline authorization supported within risk management parameters
Recommended for temporary communication outages
Required if terminal supports offline CAM or offline enciphered PIN
Required if terminal supports offline enciphered PIN
Required if terminal supports offline CAM or offline enciphered PIN
Required if terminal supports offline CAM or offline enciphered PIN
When the chip terminal integrates such magnetic stripe hardware
Recommended at POS if accepting Online PIN for mag-stripe
P Online or Offline PIN
Either PIN method satisfies the requirement for protection from lost/stolen fraud. We recommend merchants certify for both PIN methods.
P (at attended POS only) P (at attended POS only) P (at attended POS only)
P (at unattended POS only) P (at unattended POS only) P (at unattended POS only) Required at unattended POS only, optional at attended POS
If offline authorization supported, chip data is required
Terminal will support scripting if Issuers sends scripts
Note:
U.S. EMV ATM Terminal - Basic Configuration
Attribute Visa MasterCard China UnionPay American Express DiscoverDescription Comments Description Comments Description Comments Description Comments Description Comments
Application AIDs supported
Required UnionPay Credit/Debit/Quasi Credit/Common AID American Express Global AID D-PAS Proprietary and U.S. Common AID
Optional U.S. Maestro (Common AID)
Terminal Type and Floor Limit Terminal type Any device supporting online authorization Including 14 (Tag '9F 35') terminal type Any device supporting online authorization Any device supporting online authorization Any device supporting online authorization
Terminal floor limit 0 0 0 0 0
Attribute Visa MasterCard China UnionPay American Express Discover
Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments
Authorization & Settlement
Online authorization P P P P P
Offline authorization
Offline clearing, settlement
Prohibited
Offline Data Authentication (ODA)
SDA Prohibited
DDA Prohibited
CDA Prohibited
Terminal Capabilities & CVM
Magnetic stripe P P P P P
IC with contacts P P P P P
Online enciphered PIN P P P P P
Offline PIN
Signature
No CVM
Transaction Types and RequirementsCash P P P P P
Receipt capabilities P P P P P
PIN Pad ATM PIN pad P P P P P
Support / carry chip dataAuthorization request / response P Optional for Issuer to send chip data in response P P P P
AID in authorization message P Optional Optional
Scripting
PIN block P P P P PPIN change P P P P PApplication block/unblock P P P P PEMV scripting P P P P PCounter reset P P Not normally performed by scripting P P P
P= indicates requirement
Visa Credit/ DebitVisa ElectronPlus
MasterCardMaestroCirrus
Visa U.S. Common DebitAcquirer /ATM driver choice whether to support Common AID
Any device supporting online authorization for cash disbursement
Devices certified for track 1 and track 2 EMV data
Glossary
Term
Application Identifier (AID)
Authorization Request Cryptogram (ARQC)
Authorization Response Cryptogram (ARPC)
Card Risk Management
Cardholder Verification Method (CVM)
CDA (Combined DDA/ Application CDA Cryptogram Generation)
DDA (Dynamic Data Authentication)
Deferred Authorization
EMV Chip Card
EMV Terminal
Floor Limit
ICC
Issuer Script
Lost/Stolen Liability Shift
Magnetic Stripe Card
No CVM
Offline Authorization
Offline Clearing, Settlement
Offline Data Authentication (ODA)
Offline Enciphered PIN
Offline PIN
Offline Plaintext PIN
Online Authorization
Online PIN
PIN Management
SDA (Static Data Authentication)
Signature
Definition
An alpha numeric representation of the application defined within ISO 7816. A data label that differentiates payment systems and products. The card issuer uses the data label to identify an application on the card or terminal. Cards and terminals use AIDs to determine which applications are mutually supported, as both the card and the terminal must support the same AID to initiate a transaction. Both cards and terminals may support multiple AIDs. An AID consists of two components, a registered application identifier (RID) and a propriety application identifier extension (PIX).
A cryptogram generated by the card at the end of the first round of card action analysis, which is included in the authorization request sent to the card issuer and which allows the issuer to verify the validity of the card and message.
A cryptogram generated by the issuer and sent in the authorization response back to the terminal. The terminal provides this cryptogram back to the card which allows the card to verify the validity of the issuer response.
Issuer defined risk parameters and authorization controls programmed into the chip application enabling the card to act on the issuer’s behalf at the point of transaction to determine if the transaction should be sent online, approved offline or declined offline. These controls aid issuers in managing their below-floor limit exposure to fraud and credit losses. They may be tailored to the risk level of individual cardholders or groups of cardholders.
In the context of a transaction, the method used to authenticate that the person presenting the card is the valid cardholder. EMV supports four CVMs: offline personal identification number (PIN) (offline enciphered & plain text), online encrypted PIN, signature verification, and no CVM. The issuer decides which CVM methods are supported by the card and the merchant chooses which CVMs are supported by the terminal. The issuer sets a prioritized list of methods on the chip for verification of the cardholder.
Point-of-sale (POS) device or ATM that is able to process chip transactions.
A card authentication technique used in online and offline chip transactions that combines dynamic data authentication (DDA) functionality with the application cryptogram used by the issuer to authenticate the card.
A card authentication technique used in offline chip transactions that requires the card to digitally sign unique data sent to it from the terminal. DDA protects against card skimming and counterfeiting.
Also known as "store and forward." Deferred Authorization occurs when an online authorization is performed after the card is no longer available. The time delay may be brief, such as for a temporary communications failure or where the merchant simply wishes to speed processing. The time delay may be extended, as when a ferry is out of range of shore, for in-flight sales, or when the device does not have online capability (for example, unattended kiosks where the transactions are offloaded nightly to a server and submitted in batches).
A device that includes an embedded secure integrated circuit that can be either a secure microcontroller or equivalent intelligence with internal memory, or a secure memory chip alone. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface. With an embedded microcontroller, chip cards have the unique ability to securely store large amounts of data, carry out their own on-card functions (e.g., encryption and mutual authentication), and interact intelligently with a card reader. All EMV cards are chip cards.
Integrated Circuit Card, EMV chip card, Contact chip card
A plastic card that uses a band of magnetic material to store data. Data is read by a mag stripe reader.
A currency amount that is established for single transactions, above which an online authorization is required.
A process by which an issuer can update securely the contents digitally stored on chip cards without reissuing the cards. Examples of issuer scripts include blocking and unblocking an account, blocking the entire card, changing and unblocking the cardholder’s personal identification number (PIN), and changing the cardholder’s offline authorization controls (ACs).
(Applicable to MasterCard, American Express and Discover) Beginning Oct. 1, 2015, if a merchant accepts a PIN-preferring (both online and offline) chip card that has been stolen (not a copy or counterfeit) and presented at a terminal that does not support either online or offline PIN, allowing the card to be processed as signature, the merchant will be liable for the chargeback resulting from the fraud. This process does not include No CVM (Cardholder Verification Method) transactions that meet the No CVM requirements of the card brand or network.
Clearing and settlement of offline-approved transactions.
A cardholder verification method (CVM) supported by EMV in which the cardholder is not required to provide a signature or enter a PIN.
Authorizing or declining a payment transaction through card-to-terminal communication, using issuer-defined risk parameters that are set in the card to determine whether the transaction can be authorized without going online to the issuer host system.
A process whereby the card is validated at the point of transaction, using RSA public key technology to protect against counterfeit or skimming. Three forms of offline data authentication are defined by EMV: Static (SDA), Dynamic (DDA) and Combined DDA/Application Cryptogram (CDA).
Personal identification number (PIN) processing in which the PIN entered by the cardholder is encrypted using public key cryptography at the PIN pad and then sent to the chip card where it is decrypted inside the chip and verified.
The personal identification number (PIN) stored on the chip card (versus a PIN stored at the host). In a chip transaction using offline PIN, the PIN entered at the terminal is compared with the PIN stored securely on the chip card without going online to the issuer host for the comparison. Only the result of the comparison is passed to the issuer host system. Two types of offline PIN are enciphered and plaintext.
Offline personal identification number (PIN) processing in which the PIN entered by the cardholder is sent unencrypted, in plaintext, from the PIN pad to the chip card for verification.
Authorizing or declining a payment transaction by sending transaction information to the issuer and requesting an authorization response from the issuer usually in real time.
In a chip transaction, the process of comparing the cardholder's entered personal identification number (PIN) with the PIN stored on the issuer host system. The PIN is encrypted by the terminal PIN pad before being passed to the acquirer system. The PIN is then decrypted and re-encrypted as it passes between each party on its way to the issuer. This is supported today with mag-stripe.
The process of using issuer scripts to securely update personal identification number (PIN) data stored on the card. PIN management includes PIN change and PIN unblock.
A card authentication technique used in offline chip transactions that uses signed static data elements. With SDA, the data used for authentication is static—the same data is used at the start of every transaction. This prevents modification of data, but does not prevent the data in an offline trans-action from being replicated.
A cardholder verification method (CVM) supported by EMV in which the cardholder provides signature verification.
top related