EMV is a more secure payment transaction with enhanced functionality, consisting of physical, electrical, data and application levels of security between the chip on the payment device and the payment terminal. The EMV Integrated Circuit Card Specifications for Payment Systems are global credit card industry specifications that describe the requirements for interoperability between chip based cards and compatible terminals to enable payment. The specifications are managed by the organization EMVCo.
EMV “Smart Cards” are embedded with a chip that enhances cardholder identification and security procedures in ways that magnetic stripes lack. These capabilities provide the means for secure consumer payments and protect against duplicate card fraud.
HOW IS IT USED?
EMV cards contain a microprocessing chip that can allow cardholders to pay in two different, secure ways: “contact” or “contactless”. The microprocessor chip resides behind a contact plate located on the surface of the card, If the cardholder has a “contact” chip card, the contact plate makes physical contact with the chip reader when inserted at the point of sale.
“Contactless” purchases utilize a special “Dual Interface” card, where the EMV chip has an additional antenna embedded in the card. The card can be positioned near a reader, allowing information to ﬂow between the chip and the acceptance terminal. Both methods provide the same features to card users, ensuring more secure purchases when compared to cards that only use magnetic stripes.
HOW DOES IT WORK?
The card is authenticated during the payment transaction, protecting against counterfeit cards. Transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or oﬄine with the terminal using Static Data Authentication (SDA) or Dynamic Data Authentication (DDA). EMV transactions also create unique transaction data that can only be used once.
The cardholder is authenticated to protect against lost and stolen cards. The cardholder can be veriﬁed with: oﬄine PIN, online PIN, signature, or no veriﬁcation. The issuer can prioritize veriﬁcation methods based on the associated risk of the transaction. The transaction information is sent to the issuer along with a cryptogram to either authorize or decline the transaction, this can be completed online or oﬄine. For an online authorization, transactions proceed as they do today in the U.S. with magnetic stripe cards. Oﬄine EMV transactions are used when terminals do not have online connectivity, the card communicates with the terminal based. Security parameters are set in the card and will determine whether the transaction will be authorized.