emv card and terminal basic requirements final 04 15 v2.2

Minimum EMV Chip Card and Terminal Requirements

Intended Audience

This document is intended for use by U.S. issuers, merchants, acquirers, processors and vendors who are planning deployments of their respective EMV chip programs in the U.S.

Introduction

How to Use the Minimum Requirements Matrix

Some U.S. payment networks are implementing EMV “liability shifts” effective October 2015. As U.S. issuers, merchants, acquirers and processors plan for these liability shifts, many are asking: “What are the minimum requirements that we need to consider as we deploy chip for my organization?”

To help merchants, acquirers, processors and issuers develop their strategies for EMV implementation, several payment network participants in the EMV Migration Forum have collaborated to create a document presenting minimum requirements for EMV chip deployment across each payment network. The primary goal of this document is to help stakeholders understand the minimum requirements of EMV chip implementation and deployment for those payment networks – Accel, American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa – reflected in the document, so that stakeholders can work with their partners to develop a strategy to meet those requirements. While the document addresses minimum EMV chip requirements of the respective networks, decisions regarding deployment of chip technology will differ by stakeholder and involve a balancing of considerations, such as business needs and preferences, deployment timing, complexity and associated initial and future costs.

The document focuses on the minimum card and terminal EMV requirements for the U.S. payment networks Accel, American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa in the context of the U.S. electronic payments marketplace and the October 2015 liability shifts. These participants have documented their respective minimum card and terminal configurations for EMV compliance. Some issuers and merchants, as they evaluate their business needs, may consider added functionalities that are beyond each network’s minimum requirements, such as offline PIN support and offline data authentication. All issuers and merchants should carefully evaluate their individual business requirements against the potential additional functionalities and their associated costs and complexities. In addition, merchants should evaluate these functionalities against the expected volume of issuers that may support them, and issuers should evaluate these functionalities against the expected volume of merchants that may support them.

Issuers and merchants that choose to deploy EMV solutions are encouraged to work directly with their card and terminal vendors, payment networks and processing partners to determine the approved EMVCo configurations offered that best satisfy their business needs. Approved EMVCo terminal configurations (e.g. chip reader and chip software) are a global industry requirement, including in the U.S.

The Minimum Requirements Matrix is an Excel document consisting of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and one tab for a glossary:

• Introduction• Cards - Credit• Cards - Debit U.S. Common AID• Cards - Debit Brand AID• Terminals - Point-of-Sale (POS)• Terminals - ATM• Glossary

Within each tab, the left vertical columns B and C list the available capabilities for cards or terminals within the EMV standard (called “attributes” in the matrix). The horizontal row 4 lists the U.S. participants in the matrix: American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa.

For each participant, a checkmark signifies those attributes that are minimum requirements for that participant. If an attribute is left blank, it means that the attribute is optional for that participant, and not required. In some cases, participants have added comments regarding particular attributes that are optional or that the participant deems to require clarification.

Legal Notice

About U.S. EMV Chip Migration

About the EMV Migration Forum

The Minimum Requirements Matrix is an Excel document consisting of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and one tab for a glossary:

• Introduction• Cards - Credit• Cards - Debit U.S. Common AID• Cards - Debit Brand AID• Terminals - Point-of-Sale (POS)• Terminals - ATM• Glossary



This document provides an overview of each participating payment network minimum card and terminal requirements for chip deployment. The information is publicly available, and is provided to help stakeholders understand the minimum requirements of chip deployment for each payment network so they can work with their partners to determine their best strategy to meet requirements as the fraud liability shift approaches.

This document describes each participants’ minimum EMV requirements in the context of the U.S. marketplace. It should be noted, however, that specific requirements are determined independently by the respective networks, and are subject to change. Issuers and merchants are therefore strongly encouraged to evaluate these requirements against their own specific business needs, and to work directly with card and terminal vendors to determine the approved EMVCo configurations that satisfy the relevant minimum card and terminal requirements. While great effort has been made to ensure that the information in this document and the Minimum Requirements Matrix is accurate and current, neither document should be relied on for any legal purpose, whether statutory, regulatory, contractual or otherwise and all warranties of any kind are disclaimed, including all warranties relating to or arising in connection with the use of or reliance on the information set forth in either document. Any person that uses or otherwise relies in any manner on the information set forth in the documents does so at his or her sole risk.

If a network is not included in the matrix, issuers and merchants should directly contact their respective networks and acquirers regarding minimum card and terminal requirements for regional debit networks.

Commonly used globally in place of magnetic stripe technology, EMV chip technology helps to reduce card fraud in a face-to-face card-present environment; provides global interoperability; and enables safer transactions across contact and contactless channels. Chip implementation was initiated in the U.S. in 2011 and 2012 when American Express, Discover, MasterCard and Visa announced their roadmaps for supporting a chip-based payments infrastructure. Acquirer processor readiness mandates to support chip were established for 2013, with liability shifts for managing fraud risk in a face-to-face environment set for 2015.

The EMV Migration Forum is a cross-industry body focused on supporting the EMV implementation steps required for global and regional payment networks, issuers, processors, merchants, and consumers to help ensure a successful introduction of more secure EMV chip technology in the U.S. The focus of the Forum is to address topics that require some level of industry cooperation and/or coordination to migrate successfully to chip technology in the U.S. For more information on the EMV Migration Forum, please visit http://www.emv-connection.com/emv-migration-forum/.

This document is intended for use by U.S. issuers, merchants, acquirers, processors and vendors who are planning deployments of their respective EMV chip programs in the U.S.

Some U.S. payment networks are implementing EMV “liability shifts” effective October 2015. As U.S. issuers, merchants, acquirers and processors plan for these liability shifts, many are asking: “What are the minimum requirements that we need to consider as we deploy chip for my organization?”

To help merchants, acquirers, processors and issuers develop their strategies for EMV implementation, several payment network participants in the EMV Migration Forum have collaborated to create a document presenting minimum requirements for EMV chip deployment across each payment network. The primary goal of this document is to help stakeholders understand the minimum requirements of EMV chip implementation and deployment for those payment networks – Accel, American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa – reflected in the document, so that stakeholders can work with their partners to develop a strategy to meet those requirements. While the document addresses minimum EMV chip requirements of the respective networks, decisions regarding deployment of chip technology will differ by stakeholder and involve a balancing of considerations, such as business needs and preferences, deployment timing, complexity and associated initial and future costs.

The document focuses on the minimum card and terminal EMV requirements for the U.S. payment networks Accel, American Express, Armed Forces Financial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa in the context of the U.S. electronic payments marketplace and the October 2015 liability shifts. These participants have documented their respective minimum card and terminal configurations for EMV compliance. Some issuers and merchants, as they evaluate their business needs, may consider added functionalities that are beyond each network’s minimum requirements, such as offline PIN support and offline data authentication. All issuers and merchants should carefully evaluate their individual business requirements against the potential additional functionalities and their associated costs and complexities. In addition, merchants should evaluate these functionalities against the expected volume of issuers that may support them, and issuers should evaluate these functionalities against the expected volume of merchants that may support them.

Issuers and merchants that choose to deploy EMV solutions are encouraged to work directly with their card and terminal vendors, payment networks and processing partners to determine the approved EMVCo configurations offered that best satisfy their business needs. Approved EMVCo terminal configurations (e.g. chip reader and chip software) are a global industry requirement,

The Minimum Requirements Matrix is an Excel document consisting of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and one tab for a



The Minimum Requirements Matrix is an Excel document consisting of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and one tab for a



This document provides an overview of each participating payment network minimum card and terminal requirements for chip deployment. The information is publicly available, and is provided to help stakeholders understand the minimum requirements of chip deployment for each payment network so they can work with their partners to determine their best strategy to meet

This document describes each participants’ minimum EMV requirements in the context of the U.S. marketplace. It should be noted, however, that specific requirements are determined independently by the respective networks, and are subject to change. Issuers and merchants are therefore strongly encouraged to evaluate these requirements against their own specific business needs, and to work directly with card and terminal vendors to determine the approved EMVCo configurations that satisfy the relevant minimum card and terminal requirements. While great effort has been made to ensure that the information in this document and the Minimum Requirements Matrix is accurate and current, neither document should be relied on for any legal purpose, whether statutory, regulatory, contractual or otherwise and all warranties of any kind are disclaimed, including all warranties relating to or arising in connection with the use of or reliance on the information set forth in either document. Any person that uses or otherwise relies in any manner on the information set forth in the documents does so at his or her sole risk.

If a network is not included in the matrix, issuers and merchants should directly contact their respective networks and acquirers regarding minimum card and terminal requirements for regional

Commonly used globally in place of magnetic stripe technology, EMV chip technology helps to reduce card fraud in a face-to-face card-present environment; provides global interoperability; and enables safer transactions across contact and contactless channels. Chip implementation was initiated in the U.S. in 2011 and 2012 when American Express, Discover, MasterCard and Visa announced their roadmaps for supporting a chip-based payments infrastructure. Acquirer processor readiness mandates to support chip were established for 2013, with liability shifts for

The EMV Migration Forum is a cross-industry body focused on supporting the EMV implementation steps required for global and regional payment networks, issuers, processors, merchants, and consumers to help ensure a successful introduction of more secure EMV chip technology in the U.S. The focus of the Forum is to address topics that require some level of industry cooperation and/or coordination to migrate successfully to chip technology in the U.S. For more information on the EMV Migration Forum, please visit http://www.emv-connection.com/emv-

Note:

Card: U.S. Credit Configuration - Brand AID

Attribute Visa MasterCard China UnionPay American Express Discover

Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments

AuthorizationOnline P P P P P

Offline

Authentication

Not allowed

DDA Required if card not configured as online-only P P Required if card not configured as online-only

CDA Required if card not configured as online-only

ARQC P P P P Application Cryptogram is mandatory P

Issuer authentication (ARPC) P Optional to Issuers P

CVM

Online PIN P P P P Only for ATM P

Offline PIN

Signature P P P P P

No CVM P P P P P

Scripting

Offline PIN block

Offline PIN change

Application block/unblock

EMV scripting

Counter reset

Note: 1. Visa to discontinue SDA for new and replacement Visa contact chip only cards that support offline authorization, effective 1 Oct 2015

P= indicates requirement

Requirement relating to Lost/Stolen Liability





Not required or recommended due to online-only environment in U.S.

SDA1

Offline authentication not required or recommended due to online-only environment in U.S.

Not recommended, could lead to unnecessary reversals; only needed to reset offline counters

For ATM cash transactions only, not required for purchase transactions

P Online or Offline PIN

For Signature Cards: Required for ATM and unattended terminals (CAT 1)

P Online or Offline PIN P Online or Offline PIN

PIN required for ATM cash transactions only, not mandatory for purchase transactions

Scripting is not necessary due to online-only environment in U.S.

UPI standards support scripting, and is optional for issuer

Scripting will be dependent on personalization, all must be supported by the chip application

Discover supports issuer scripting, it is the issuer's choice whether to utilize this functionality

Note:

Card: U.S. Debit Configuration - Common AID

Attribute Visa MasterCard China UnionPay Accel PULSE NYCE STAR Network AFFN Jeanie SHAZAMMinimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments

AuthorizationOnline P P P P P P P P P P

Offline

Authentication

SDA Not allowed

DDA Required if card not configured as online-only

CDA Required if card not configured as online-only

ARQC P P P P P P P P P P

Issuer authentication (ARPC) P

CVM

Online PIN P P P P P P P P P P

Offline PIN Not Supported Not supported at this time

Signature Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM Supported via No CVM

No CVM P P P P P P P P P P

Scripting

Offline PIN block

Offline PIN change

Application block/unblock Scripting not supported at this time

EMV scripting

Counter reset


ODA (offline data authentication) can be optionally supported


STAR will pass the ARPC back in the online message for approved transactions to support Issuer ARPC if implemented

SHAZAM will pass the ARPC back in the online message for approved transactions to support Issuer ARPC if implemented

Scripting is not necessary due to online-only environment in U.S. UPI standards support scripting, and is

optional for issuer

Issuer option; Accel will pass the data in the message if the Issuer has opted to utilize this functionality.

Issuer scripting supported, it is the issuer's choice whether to utilize this functionality


If the issuer supports scripting STAR will pass in the message. Issuer's choice whether to utilize this functionality

If the issuer supports scripting SHAZAM will pass in the message. Issuer's choice whether to utilize this functionality

Note:

Card: U.S. Debit Configuration - Brand AID

Attribute Visa MasterCard China UnionPay Discover

Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments Minimum Requirement Comments

AuthorizationOnline P P P P

Offline

Authentication

SDA Not allowed

DDA Required if card not configured as online-only

CDA Required if card not configured as online-only ODA can be optionally supported

ARQC P P P P

Issuer authentication (ARPC) P Optional to Issuers

CVM

Online PIN P Required for cash transactions P P P P P

Offline PIN

Signature P P P P

No CVM P P P P

Scripting

Offline PIN block

Offline PIN change

Application block/unblock

EMV scripting

Counter reset







For Signature Cards: Required for ATM and unattended terminals (CAT 1)

Scripting is not necessary due to online-only environment in U.S.

UPI standards support scripting, and is optional for issuer


Note:

U.S. EMV POS Terminal- Basic Configuration

Attribute Visa MasterCard China UnionPay American Express DiscoverDescription Comments Description Comments Description Comments Description Comments Description Comments

Application AIDs supported

Required MasterCard UnionPay Credit/Debit/Quasi Credit/Common AID American Express D-PAS Proprietary , U.S. Common AID, Zip AID

Optional

Terminal Type and Floor Limit

Terminal type Any device supporting online authorization Including 21, 24 (Tag '9F 35') terminal types Any device supporting online authorization Any device supporting online authorization

Terminal floor limit 0 0 0 0



Authorization & Settlement

Online authorization P P P P

Offline authorization Optional, can be used in merchant stand-in

Offline clearing, settlement

Deferred authorization Optional, dependent on industry etc. Optional

Offline Data Authentication (ODA)

SDA Not allowed Required if terminal supports offline CAM

DDA P P P P P

CDA P Optional

Terminal Capabilities & CVM

Magnetic stripe P P P P P

IC with contacts P P P P P

Online enciphered PIN P Required if Offline PIN is supported P Required if Offline PIN is supported

Offline PIN P Required if Online PIN is supported Recommended, Offline plaintext PIN only P Required if Online PIN is supported

Signature Required at attended POS only Required at attended POS only Required at attended POS only P P

No CVM Required at unattended POS only Required at unattended POS only P P

Transaction Types and Requirements

Cash back Optional

Goods P P P P P

Services P P P P P

Receipt capabilities P P P P P

PIN Pad POS PIN pad P P P P

Support / carry chip data

Authorization request / response P Optional for Issuer to send chip data in response P P P P

Clearing, settlement P P P P

Returns Chip data not required Not required

AID in authorization message P Optional

Scripting

PIN block P P P P

All scripting must be supported by the terminal

P

PIN change P P P P P

Application block/unblock P P P P P

EMV scripting P P P P P

Counter reset P P P P P


Visa Credit/ DebitVisa Electron

Must support partial AID

InterlinkVisa U.S. Common Debit

MaestroU.S. Maestro (Common AID)

Acquirer / merchant choice whether to support Common AID

Acquirers must identify floor limit under the max amount allowed by DFS Operating Regulations (for offline capable terminals)






Online and offline authorization supported within risk management parameters

Recommended for temporary communication outages

Required if terminal supports offline CAM or offline enciphered PIN

Required if terminal supports offline enciphered PIN



When the chip terminal integrates such magnetic stripe hardware

Recommended at POS if accepting Online PIN for mag-stripe

P Online or Offline PIN

Either PIN method satisfies the requirement for protection from lost/stolen fraud. We recommend merchants certify for both PIN methods.

P (at attended POS only) P (at attended POS only) P (at attended POS only)

P (at unattended POS only) P (at unattended POS only) P (at unattended POS only) Required at unattended POS only, optional at attended POS

If offline authorization supported, chip data is required

Terminal will support scripting if Issuers sends scripts

Note:

U.S. EMV ATM Terminal - Basic Configuration

Attribute Visa MasterCard China UnionPay American Express DiscoverDescription Comments Description Comments Description Comments Description Comments Description Comments

Application AIDs supported

Required UnionPay Credit/Debit/Quasi Credit/Common AID American Express Global AID D-PAS Proprietary and U.S. Common AID

Optional U.S. Maestro (Common AID)

Terminal Type and Floor Limit Terminal type Any device supporting online authorization Including 14 (Tag '9F 35') terminal type Any device supporting online authorization Any device supporting online authorization Any device supporting online authorization

Terminal floor limit 0 0 0 0 0



Authorization & Settlement

Online authorization P P P P P

Offline authorization

Offline clearing, settlement

Prohibited


SDA Prohibited

DDA Prohibited

CDA Prohibited

Terminal Capabilities & CVM

Magnetic stripe P P P P P

IC with contacts P P P P P

Online enciphered PIN P P P P P

Offline PIN

Signature

No CVM

Transaction Types and RequirementsCash P P P P P

Receipt capabilities P P P P P

PIN Pad ATM PIN pad P P P P P

Support / carry chip dataAuthorization request / response P Optional for Issuer to send chip data in response P P P P

AID in authorization message P Optional Optional

Scripting

PIN block P P P P PPIN change P P P P PApplication block/unblock P P P P PEMV scripting P P P P PCounter reset P P Not normally performed by scripting P P P


Visa Credit/ DebitVisa ElectronPlus

MasterCardMaestroCirrus

Visa U.S. Common DebitAcquirer /ATM driver choice whether to support Common AID

Any device supporting online authorization for cash disbursement

Devices certified for track 1 and track 2 EMV data

E9

14: Online only, unattended financial institution (ATM)

Glossary

Term

Application Identifier (AID)

Authorization Request Cryptogram (ARQC)

Authorization Response Cryptogram (ARPC)

Card Risk Management

Cardholder Verification Method (CVM)

CDA (Combined DDA/ Application CDA Cryptogram Generation)

DDA (Dynamic Data Authentication)

Deferred Authorization

EMV Chip Card

EMV Terminal

Floor Limit

ICC

Issuer Script

Lost/Stolen Liability Shift

Magnetic Stripe Card

No CVM

Offline Authorization

Offline Clearing, Settlement


Offline Enciphered PIN

Offline PIN

Offline Plaintext PIN

Online Authorization

Online PIN

PIN Management

SDA (Static Data Authentication)

Signature

Definition

An alpha numeric representation of the application defined within ISO 7816. A data label that differentiates payment systems and products. The card issuer uses the data label to identify an application on the card or terminal. Cards and terminals use AIDs to determine which applications are mutually supported, as both the card and the terminal must support the same AID to initiate a transaction. Both cards and terminals may support multiple AIDs. An AID consists of two components, a registered application identifier (RID) and a propriety application identifier extension (PIX).

A cryptogram generated by the card at the end of the first round of card action analysis, which is included in the authorization request sent to the card issuer and which allows the issuer to verify the validity of the card and message.

A cryptogram generated by the issuer and sent in the authorization response back to the terminal. The terminal provides this cryptogram back to the card which allows the card to verify the validity of the issuer response.

Issuer defined risk parameters and authorization controls programmed into the chip application enabling the card to act on the issuer’s behalf at the point of transaction to determine if the transaction should be sent online, approved offline or declined offline. These controls aid issuers in managing their below-floor limit exposure to fraud and credit losses. They may be tailored to the risk level of individual cardholders or groups of cardholders.

In the context of a transaction, the method used to authenticate that the person presenting the card is the valid cardholder. EMV supports four CVMs: offline personal identification number (PIN) (offline enciphered & plain text), online encrypted PIN, signature verification, and no CVM. The issuer decides which CVM methods are supported by the card and the merchant chooses which CVMs are supported by the terminal. The issuer sets a prioritized list of methods on the chip for verification of the cardholder.

Point-of-sale (POS) device or ATM that is able to process chip transactions.

A card authentication technique used in online and offline chip transactions that combines dynamic data authentication (DDA) functionality with the application cryptogram used by the issuer to authenticate the card.

A card authentication technique used in offline chip transactions that requires the card to digitally sign unique data sent to it from the terminal. DDA protects against card skimming and counterfeiting.

Also known as "store and forward." Deferred Authorization occurs when an online authorization is performed after the card is no longer available. The time delay may be brief, such as for a temporary communications failure or where the merchant simply wishes to speed processing. The time delay may be extended, as when a ferry is out of range of shore, for in-flight sales, or when the device does not have online capability (for example, unattended kiosks where the transactions are offloaded nightly to a server and submitted in batches).

A device that includes an embedded secure integrated circuit that can be either a secure microcontroller or equivalent intelligence with internal memory, or a secure memory chip alone. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface. With an embedded microcontroller, chip cards have the unique ability to securely store large amounts of data, carry out their own on-card functions (e.g., encryption and mutual authentication), and interact intelligently with a card reader. All EMV cards are chip cards.

Integrated Circuit Card, EMV chip card, Contact chip card

A plastic card that uses a band of magnetic material to store data. Data is read by a mag stripe reader.

A currency amount that is established for single transactions, above which an online authorization is required.

A process by which an issuer can update securely the contents digitally stored on chip cards without reissuing the cards. Examples of issuer scripts include blocking and unblocking an account, blocking the entire card, changing and unblocking the cardholder’s personal identification number (PIN), and changing the cardholder’s offline authorization controls (ACs).

(Applicable to MasterCard, American Express and Discover) Beginning Oct. 1, 2015, if a merchant accepts a PIN-preferring (both online and offline) chip card that has been stolen (not a copy or counterfeit) and presented at a terminal that does not support either online or offline PIN, allowing the card to be processed as signature, the merchant will be liable for the chargeback resulting from the fraud. This process does not include No CVM (Cardholder Verification Method) transactions that meet the No CVM requirements of the card brand or network.

Clearing and settlement of offline-approved transactions.

A cardholder verification method (CVM) supported by EMV in which the cardholder is not required to provide a signature or enter a PIN.

Authorizing or declining a payment transaction through card-to-terminal communication, using issuer-defined risk parameters that are set in the card to determine whether the transaction can be authorized without going online to the issuer host system.

A process whereby the card is validated at the point of transaction, using RSA public key technology to protect against counterfeit or skimming. Three forms of offline data authentication are defined by EMV: Static (SDA), Dynamic (DDA) and Combined DDA/Application Cryptogram (CDA).

Personal identification number (PIN) processing in which the PIN entered by the cardholder is encrypted using public key cryptography at the PIN pad and then sent to the chip card where it is decrypted inside the chip and verified.

The personal identification number (PIN) stored on the chip card (versus a PIN stored at the host). In a chip transaction using offline PIN, the PIN entered at the terminal is compared with the PIN stored securely on the chip card without going online to the issuer host for the comparison. Only the result of the comparison is passed to the issuer host system. Two types of offline PIN are enciphered and plaintext.

Offline personal identification number (PIN) processing in which the PIN entered by the cardholder is sent unencrypted, in plaintext, from the PIN pad to the chip card for verification.

Authorizing or declining a payment transaction by sending transaction information to the issuer and requesting an authorization response from the issuer usually in real time.

In a chip transaction, the process of comparing the cardholder's entered personal identification number (PIN) with the PIN stored on the issuer host system. The PIN is encrypted by the terminal PIN pad before being passed to the acquirer system. The PIN is then decrypted and re-encrypted as it passes between each party on its way to the issuer. This is supported today with mag-stripe.

The process of using issuer scripts to securely update personal identification number (PIN) data stored on the card. PIN management includes PIN change and PIN unblock.

A card authentication technique used in offline chip transactions that uses signed static data elements. With SDA, the data used for authentication is static—the same data is used at the start of every transaction. This prevents modification of data, but does not prevent the data in an offline trans-action from being replicated.

A cardholder verification method (CVM) supported by EMV in which the cardholder provides signature verification.

emv card and terminal basic requirements final 04 15 v2.2

Documents