SlideShare a Scribd company logo

EMV Overview

Kona Software Lab Limited.
Kona Software Lab Limited.

EMV is a standard for smart payment cards and terminals. EMV stands for – EuroPay, MasterCard and Visa, the three companies who were the founder of the standard. This standard is maintained by EMVCo – a consortium with payment brands like Visa, MasterCard, JCB, American Express, China UnionPay, Discover as members.

Technology
1 of 38
Download to read offline
EMV Overview KONA SOFTWARE LAB LTD. October 01, 2016
CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Players and Roles for Payment System Payment Network Provider  Offering products and services to User  Signing up with Acquirer  Buying Merchant’s products and services  Using payment card issued by IssuerUser Merchant Acquirer Issuer Payment Network Provider network  Transmitting collected transaction data to Issuer  Signing up and underwriting Merchant  Approval or rejection of transaction  Issuing payment card  Providing network between Issuer and Acquirer  Offering brand benefit Payment eco- system Acquirer User Merchant Issuer POSATM Acquiring System Issuing System HostPayment Cards Interchange Network Authorization System NPSB 3
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 4
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 5
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 6
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 7
Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 8
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Magnetic Stripe Cards Magnetic Stripe Cards • Stores data on the magnetic band usually located on the back of the card. • Contains Track 1 & Track 2 Data • Track 1 Data • Card Type, PAN, Cardholder Name, PAN Expiry Date, Service Code. • Track 2 Data • PAN, PAN Expiry Date, Service Code • Stored data can not be changed. • Read by swiping past a magnetic reading head.
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Magnetic Stripe Transaction Flow Magnetic Stripe Transaction Flow Static Authentication Data Static Authentication Data Static Authentication Data Acquirer Payment Network Provider Issuer Transaction Response Transaction Response Transaction Response Magnetic Stripe Card Swiped in POS 10
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Security Issues for Magnetic Stripe Cards Security Issues for Magnetic Stripe Cards • Card Cloning  Magnetic stripe data is not encrypted and very easy to clone. • Static Data  Static data is stored in the magnetic stripe during personalization  This data is not changed during its lifetime. So, if this data is compromised once, it can be used for numerous number of times to perform fraud transactions. • Little Risk Assessment  No risk assessment is performed at the terminal or card.  Risk assessment is performed only at the host. 11
CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV EMV • A standard for smart payment cards and terminals. • EMV stands for – EuroPay, MasterCard and Visa, the three companies who were the founder of the standard. • This standard is maintained by EMVCo – a consortium with payment brands like Visa, MasterCard, JCB, American Express, China UnionPay, Discover as members. 13
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Purpose of EMV Standards Purpose of EMV Standards • To prevent card fraud  Minimize the risk of card data duplication and counterfeit that were easy with MS card • To reduce cost  Cut cost by activating offline transaction • Interoperability  Set up interoperable payment infrastructure(chip, card, terminal, and system) by defining business role of players in Credit & Debit Payment System 14
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Offerings EMV Offerings Cardholder and card authentication Cryptographic processing capability of smart chip Authorization by issuer by predefined rules Acquirer Authorization Request with dynamic data Payment Network Provider Issuer Authorization Request with dynamic data 15
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Cryptographic Processing EMV Cryptographic Processing • EMV chip cards has cryptographic processing capability. • Cryptographic algorithms such as Triple DES, RSA and SHA are used throughout various phases of the smart card’s lifecycle. 16
|Copyright 2016, Kona SL Ltd. | All Rights Reserved A Look Into Chip Cards A Look Into Chip Cards Contact Cards Contactless Cards Dual Interface Cards • 1 square cm. contact area with gold plated contact pads. • ISO/IEC 7816 standard defines the communication protocol, physical characteristics of card, security and command for interchange, commands for security operations, etc. • Card communicates with the reader through RF Induction technology • ISO/IEC 14443 standard defines the communication protocol, radio frequency power, transmission protocol, etc. • Both contact and contactless interfaces are supported • ISO/IEC 14443 standard defines the communication protocol, radio frequency power, transmission protocol, etc. 17
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Authentication EMV Authentication Card Authentication • Online Authentication • Offline Authentication  SDA – Static Data Authentication  DDA – Dynamic Data Authentication  CDA – Combined Data Authentication Cardholder Authentication • Online PIN • Offline PIN 18
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Authorization by the Issuer Authorization by the Issuer • Transaction cryptogram is generated and sent to the issuer online. • The issuer authorizes the transaction online. Payment Network Issuer Cryptogram Request Cryptogram Request Cryptogram Request Authorization Response Authorization Response Authorization Response Online Authorization Offline Authorization • Used when terminals don’t have online connectivity. • Card and terminal communicates and decides whether the transaction can be authorized. 19
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Risk Assessment Risk Assessment Terminal Risk Assessment • Terminal can decide to perform the transaction online/offline • For offline transactions, terminal checks the transaction amount against an offline ceiling limit. Card Risk Assessment • Card takes part in the decision making of accepting/declining a transaction • Different types of application cryptograms are generated  AAC – used for declining a transaction  TC – used for offline transaction  ARQC – used for online transaction 20
CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management Initiation of the transaction 22
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Reading card data for transaction Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 23
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Card authentication by terminal Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 24
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Static Data Authentication Signed by Payment Brand Payment Brand Certificate kept at the terminal Static Application Data Verified by payment brand certificate Verified by Issuer Public Key Certificate Payment Brand Certificate Issuer Public Key Certificate Issuer Public Key Certificate
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Dynamic Data Authentication Signed by Payment Brand Payment Brand Certificate kept at the terminal Issuer Public Key Certificate Issuer Public Key Certificate Verified by payment brand certificate Payment Brand Certificate Verified by Issuer Public Key Certificate ICC Public Key Certificate + Static Application Data Card & Terminal Dynamic Data Verified by ICC Public Key Certificate ICC Public Key Certificate
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Combined Data Authentication Generate Application Cryptogram Issuer Application Request Cryptogram (ARQC) Send ARQC to Issuer Cryptogram Validation Application Response Cryptogram Send ARPC to Card DDA
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Confirming compatibility between terminal and card Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 28
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Confirming whether a cardholder is valid Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 29
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Cardholder Verification Method Cardholder Verification Method Verification Methods • Online PIN  PIN is encrypted and verified by the issuer online • Offline PIN  A copy of the PIN is stored at the card in encrypted form  During transaction, user provided PIN is matched with that stored encrypted PIN • Signature  Cardholder’s signature on receipt is matched with the signature at the back of the card • No verification method • Only Card is authenticated • Usually takes place for small amount transaction 30
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Different steps taken by the terminal to prevent fraud Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 31
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Primary decision for transaction whether to approve or decline offline or online Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 32
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Final decision making for going online or offline for transaction by card self risk management based on terminal action analysis Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 33
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management Online Transaction with Application Cryptogram 34
|Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Online Transaction Flow EMV Online Transaction Flow Application Request Cryptogram (ARQC) Acquirer Payment Network Provider Issuer Application Response Cryptogram (ARPC) Application Request Cryptogram (ARQC) Application Request Cryptogram (ARQC) Cryptogram Validation Application Response Cryptogram (ARPC) Application Response Cryptogram (ARPC) 35
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Process Additional Commands from Issuer Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 36
|Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Complete Transaction Process Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 37
Copyright ⓒ 1999-2013 Kona I Co., Ltd All Rights Reserved. Copyright © 2016, KONA Software Lab Ltd. All Rights Reserved 38

Recommended

EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cardsDilip Kumar
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emvAnil Chaurasiya
 
Smart Card EMV for Dummies
Smart Card EMV for DummiesSmart Card EMV for Dummies
Smart Card EMV for DummiesSilly Beez
 
Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words Banque Populaire Du Rwanda
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksAnnMargaret Tutu (AMT)
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Danail Yotov
 
How Credit Card Processing Works
How Credit Card Processing WorksHow Credit Card Processing Works
How Credit Card Processing WorksBusiness.com
 
Step by-step presentation on digital payments
Step by-step presentation on digital paymentsStep by-step presentation on digital payments
Step by-step presentation on digital paymentsMahantesh Biradar
 

Recommended

EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cardsDilip Kumar
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emvAnil Chaurasiya
 
Smart Card EMV for Dummies
Smart Card EMV for DummiesSmart Card EMV for Dummies
Smart Card EMV for DummiesSilly Beez
 
Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words Banque Populaire Du Rwanda
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksAnnMargaret Tutu (AMT)
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Danail Yotov
 
How Credit Card Processing Works
How Credit Card Processing WorksHow Credit Card Processing Works
How Credit Card Processing WorksBusiness.com
 
Step by-step presentation on digital payments
Step by-step presentation on digital paymentsStep by-step presentation on digital payments
Step by-step presentation on digital paymentsMahantesh Biradar
 
Payment Card System Overview
Payment Card System OverviewPayment Card System Overview
Payment Card System OverviewNarudom Roongsiriwong, CISSP
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
Mobile Payments - How is it done?
Mobile Payments - How is it done?Mobile Payments - How is it done?
Mobile Payments - How is it done?Parag Arjunwadkar
 
Payment Gateway
Payment Gateway Payment Gateway
Payment Gateway Rohit Srivastav
 
Secure Electronic Transaction
Secure Electronic TransactionSecure Electronic Transaction
Secure Electronic TransactionUnited International University
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card SecurityPrav_Kalyan
 
Payment Gateway
Payment GatewayPayment Gateway
Payment GatewayAshraf Bashir
 
E wallet
E wallet E wallet
E wallet Mauryasuraj98
 
E wallet
E walletE wallet
E walletDebashis Mondal
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testingAtul Pant
 
Tokenisation 2.0
Tokenisation 2.0Tokenisation 2.0
Tokenisation 2.0Madhuka De Silva
 
Chp8 electronic payment system
Chp8 electronic payment systemChp8 electronic payment system
Chp8 electronic payment systemEngr Razaque
 
Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems ShortenedRitesh Verma
 
Digital wallet
Digital walletDigital wallet
Digital walletSohil Gupta
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificateNetGains Technologies Pvt. Ltd.
 
Epayments system in India and globally iit project
Epayments system in India and globally iit project Epayments system in India and globally iit project
Epayments system in India and globally iit project abhiROCKS1103
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Electronic payment by ahmad
Electronic payment by ahmadElectronic payment by ahmad
Electronic payment by ahmadMohd. Ahmad Siddiqi
 
Mastercard t464 acquiring atm transactions reconciliation manual
Mastercard t464 acquiring atm transactions reconciliation manualMastercard t464 acquiring atm transactions reconciliation manual
Mastercard t464 acquiring atm transactions reconciliation manualCharles Itsuokor
 
Digital wallet
Digital walletDigital wallet
Digital walletLokesh Jajoo
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingParking & Traffic Consultants
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process- Mark - Fullbright
 

More Related Content

What's hot

Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcDefconRussia
 
Mobile Payments - How is it done?
Mobile Payments - How is it done?Mobile Payments - How is it done?
Mobile Payments - How is it done?Parag Arjunwadkar
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card SecurityPrav_Kalyan
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testingAtul Pant
 
Chp8 electronic payment system
Chp8 electronic payment systemChp8 electronic payment system
Chp8 electronic payment systemEngr Razaque
 
Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems ShortenedRitesh Verma
 
Epayments system in India and globally iit project
Epayments system in India and globally iit project Epayments system in India and globally iit project
Epayments system in India and globally iit project abhiROCKS1103
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Mastercard t464 acquiring atm transactions reconciliation manual
Mastercard t464 acquiring atm transactions reconciliation manualMastercard t464 acquiring atm transactions reconciliation manual
Mastercard t464 acquiring atm transactions reconciliation manualCharles Itsuokor
 

What's hot (20)

Payment Card System Overview
Payment Card System OverviewPayment Card System Overview
Payment Card System Overview
 
Abdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etcAbdullin modern payments security. emv, nfc, etc
Abdullin modern payments security. emv, nfc, etc
 
Mobile Payments - How is it done?
Mobile Payments - How is it done?Mobile Payments - How is it done?
Mobile Payments - How is it done?
 
Payment Gateway
Payment Gateway Payment Gateway
Payment Gateway
 
Secure Electronic Transaction
Secure Electronic TransactionSecure Electronic Transaction
Secure Electronic Transaction
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card Security
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
E wallet
E wallet E wallet
E wallet
 
E wallet
E walletE wallet
E wallet
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testing
 
Tokenisation 2.0
Tokenisation 2.0Tokenisation 2.0
Tokenisation 2.0
 
Chp8 electronic payment system
Chp8 electronic payment systemChp8 electronic payment system
Chp8 electronic payment system
 
Electronic Payment Systems Shortened
Electronic Payment Systems ShortenedElectronic Payment Systems Shortened
Electronic Payment Systems Shortened
 
Digital wallet
Digital walletDigital wallet
Digital wallet
 
Digital signature & certificate
Digital signature & certificateDigital signature & certificate
Digital signature & certificate
 
Epayments system in India and globally iit project
Epayments system in India and globally iit project Epayments system in India and globally iit project
Epayments system in India and globally iit project
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Electronic payment by ahmad
Electronic payment by ahmadElectronic payment by ahmad
Electronic payment by ahmad
 
Mastercard t464 acquiring atm transactions reconciliation manual
Mastercard t464 acquiring atm transactions reconciliation manualMastercard t464 acquiring atm transactions reconciliation manual
Mastercard t464 acquiring atm transactions reconciliation manual
 
Digital wallet
Digital walletDigital wallet
Digital wallet
 

Similar to EMV Overview

EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process- Mark - Fullbright
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentKona Software Lab Limited.
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSazzadur Rahaman
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment systempankhadi
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfelectronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfUjwalReddyPB
 
Shift Happens. What You Need to Know About EMV & The October Deadline
Shift Happens. What You Need to Know About EMV & The October DeadlineShift Happens. What You Need to Know About EMV & The October Deadline
Shift Happens. What You Need to Know About EMV & The October DeadlineConstellation Payments
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceNetcetera
 
Web technology and commerce unit 4
Web technology and commerce unit 4Web technology and commerce unit 4
Web technology and commerce unit 4arun0501
 
Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...Netcetera
 
NFC Presentation [Compatibility Mode]
NFC Presentation [Compatibility Mode]NFC Presentation [Compatibility Mode]
NFC Presentation [Compatibility Mode]Khaled Hasan
 
Industrial application on online banking
Industrial application on online bankingIndustrial application on online banking
Industrial application on online bankingAbhilash Kallayil
 
Introduction to e-Commerce Payments
Introduction to e-Commerce PaymentsIntroduction to e-Commerce Payments
Introduction to e-Commerce PaymentsAri Viljakainen
 

Similar to EMV Overview (20)

EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in Parking
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process
 
Smart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc paymentSmart card to the cloud for convenient, secured nfc payment
Smart card to the cloud for convenient, secured nfc payment
 
Smart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC PaymentSmart Card to the Cloud for Convenient, Secured NFC Payment
Smart Card to the Cloud for Convenient, Secured NFC Payment
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
 
Ch 2
Ch 2Ch 2
Ch 2
 
electronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdfelectronicpaymentsystem-12697023522629-phpapp01.pdf
electronicpaymentsystem-12697023522629-phpapp01.pdf
 
Shift Happens. What You Need to Know About EMV & The October Deadline
Shift Happens. What You Need to Know About EMV & The October DeadlineShift Happens. What You Need to Know About EMV & The October Deadline
Shift Happens. What You Need to Know About EMV & The October Deadline
 
E commerce
E commerceE commerce
E commerce
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
m:Cypher overview
m:Cypher overviewm:Cypher overview
m:Cypher overview
 
Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote Commerce
 
What is A Smart Card
What is A Smart CardWhat is A Smart Card
What is A Smart Card
 
Web technology and commerce unit 4
Web technology and commerce unit 4Web technology and commerce unit 4
Web technology and commerce unit 4
 
Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...
 
NFC Presentation [Compatibility Mode]
NFC Presentation [Compatibility Mode]NFC Presentation [Compatibility Mode]
NFC Presentation [Compatibility Mode]
 
Industrial application on online banking
Industrial application on online bankingIndustrial application on online banking
Industrial application on online banking
 
Pcitf iiw10
Pcitf iiw10Pcitf iiw10
Pcitf iiw10
 
EMV 201 EMF June 2016
EMV 201 EMF June 2016EMV 201 EMF June 2016
EMV 201 EMF June 2016
 
Introduction to e-Commerce Payments
Introduction to e-Commerce PaymentsIntroduction to e-Commerce Payments
Introduction to e-Commerce Payments
 

More from Kona Software Lab Limited.

Whitepaper on Evolution of the Payment Industry of Bangladesh
Whitepaper on Evolution of the Payment Industry of BangladeshWhitepaper on Evolution of the Payment Industry of Bangladesh
Whitepaper on Evolution of the Payment Industry of BangladeshKona Software Lab Limited.
 

More from Kona Software Lab Limited. (7)

Kona Corporate Profile
Kona Corporate ProfileKona Corporate Profile
Kona Corporate Profile
 
Kona Biometric Card
Kona Biometric CardKona Biometric Card
Kona Biometric Card
 
Kona dCVV Card
Kona dCVV CardKona dCVV Card
Kona dCVV Card
 
Kona OTP Card
Kona OTP CardKona OTP Card
Kona OTP Card
 
Future Payment Trends
Future Payment TrendsFuture Payment Trends
Future Payment Trends
 
K cps datasheet
K cps datasheetK cps datasheet
K cps datasheet
 
Whitepaper on Evolution of the Payment Industry of Bangladesh
Whitepaper on Evolution of the Payment Industry of BangladeshWhitepaper on Evolution of the Payment Industry of Bangladesh
Whitepaper on Evolution of the Payment Industry of Bangladesh
 

Recently uploaded

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

EMV Overview

  • 1. EMV Overview KONA SOFTWARE LAB LTD. October 01, 2016
  • 2. CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
  • 3. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Players and Roles for Payment System Payment Network Provider  Offering products and services to User  Signing up with Acquirer  Buying Merchant’s products and services  Using payment card issued by IssuerUser Merchant Acquirer Issuer Payment Network Provider network  Transmitting collected transaction data to Issuer  Signing up and underwriting Merchant  Approval or rejection of transaction  Issuing payment card  Providing network between Issuer and Acquirer  Offering brand benefit Payment eco- system Acquirer User Merchant Issuer POSATM Acquiring System Issuing System HostPayment Cards Interchange Network Authorization System NPSB 3
  • 4. Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 4
  • 5. Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 5
  • 6. Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 6
  • 7. Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 7
  • 8. Embossing Magnetic Stripe IC Chip Card RF Card Mobile Card Verification of Card & Cardholder Penciling the embossed card Imprinted sales slip, transaction slip, and signature verification Transaction slip, PIN, and signature verification Same principle as IC chip card but streamlined authentication Same as RF card Data Processing Manually Electronically process transaction and settlement data for the first time Payment application- installed-chip stores and processes data Similar process to that of IC chip card but streamlined transaction flow Comply with NFC transaction process by using NFC equipped cellphone Validation Verification - CVC, CVV verification, Hologram verification by eye Offline data authentication through digital signature verification ARQC verification Same as RF card Note High risk of data duplication Increase in risk of data duplication by popularization of MS card usage and technology -Strong security provided by high grade of cryptosystem -Inconvenience in simple transaction Compatibility with MS card infrastructure OTA post issuance of card |Copyright 2016, Kona SL Ltd. | All Rights Reserved Payment Card Evolution Payment Card Evolution 8
  • 9. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Magnetic Stripe Cards Magnetic Stripe Cards • Stores data on the magnetic band usually located on the back of the card. • Contains Track 1 & Track 2 Data • Track 1 Data • Card Type, PAN, Cardholder Name, PAN Expiry Date, Service Code. • Track 2 Data • PAN, PAN Expiry Date, Service Code • Stored data can not be changed. • Read by swiping past a magnetic reading head.
  • 10. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Magnetic Stripe Transaction Flow Magnetic Stripe Transaction Flow Static Authentication Data Static Authentication Data Static Authentication Data Acquirer Payment Network Provider Issuer Transaction Response Transaction Response Transaction Response Magnetic Stripe Card Swiped in POS 10
  • 11. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Security Issues for Magnetic Stripe Cards Security Issues for Magnetic Stripe Cards • Card Cloning  Magnetic stripe data is not encrypted and very easy to clone. • Static Data  Static data is stored in the magnetic stripe during personalization  This data is not changed during its lifetime. So, if this data is compromised once, it can be used for numerous number of times to perform fraud transactions. • Little Risk Assessment  No risk assessment is performed at the terminal or card.  Risk assessment is performed only at the host. 11
  • 12. CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
  • 13. |Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV EMV • A standard for smart payment cards and terminals. • EMV stands for – EuroPay, MasterCard and Visa, the three companies who were the founder of the standard. • This standard is maintained by EMVCo – a consortium with payment brands like Visa, MasterCard, JCB, American Express, China UnionPay, Discover as members. 13
  • 14. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Purpose of EMV Standards Purpose of EMV Standards • To prevent card fraud  Minimize the risk of card data duplication and counterfeit that were easy with MS card • To reduce cost  Cut cost by activating offline transaction • Interoperability  Set up interoperable payment infrastructure(chip, card, terminal, and system) by defining business role of players in Credit & Debit Payment System 14
  • 15. |Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Offerings EMV Offerings Cardholder and card authentication Cryptographic processing capability of smart chip Authorization by issuer by predefined rules Acquirer Authorization Request with dynamic data Payment Network Provider Issuer Authorization Request with dynamic data 15
  • 16. |Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Cryptographic Processing EMV Cryptographic Processing • EMV chip cards has cryptographic processing capability. • Cryptographic algorithms such as Triple DES, RSA and SHA are used throughout various phases of the smart card’s lifecycle. 16
  • 17. |Copyright 2016, Kona SL Ltd. | All Rights Reserved A Look Into Chip Cards A Look Into Chip Cards Contact Cards Contactless Cards Dual Interface Cards • 1 square cm. contact area with gold plated contact pads. • ISO/IEC 7816 standard defines the communication protocol, physical characteristics of card, security and command for interchange, commands for security operations, etc. • Card communicates with the reader through RF Induction technology • ISO/IEC 14443 standard defines the communication protocol, radio frequency power, transmission protocol, etc. • Both contact and contactless interfaces are supported • ISO/IEC 14443 standard defines the communication protocol, radio frequency power, transmission protocol, etc. 17
  • 18. |Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Authentication EMV Authentication Card Authentication • Online Authentication • Offline Authentication  SDA – Static Data Authentication  DDA – Dynamic Data Authentication  CDA – Combined Data Authentication Cardholder Authentication • Online PIN • Offline PIN 18
  • 19. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Authorization by the Issuer Authorization by the Issuer • Transaction cryptogram is generated and sent to the issuer online. • The issuer authorizes the transaction online. Payment Network Issuer Cryptogram Request Cryptogram Request Cryptogram Request Authorization Response Authorization Response Authorization Response Online Authorization Offline Authorization • Used when terminals don’t have online connectivity. • Card and terminal communicates and decides whether the transaction can be authorized. 19
  • 20. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Risk Assessment Risk Assessment Terminal Risk Assessment • Terminal can decide to perform the transaction online/offline • For offline transactions, terminal checks the transaction amount against an offline ceiling limit. Card Risk Assessment • Card takes part in the decision making of accepting/declining a transaction • Different types of application cryptograms are generated  AAC – used for declining a transaction  TC – used for offline transaction  ARQC – used for online transaction 20
  • 21. CONTENTS Ⅰ EMV Authentication & Authorization Ⅱ Ⅲ EMV Overview Current Payment Scenario
  • 22. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management Initiation of the transaction 22
  • 23. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Reading card data for transaction Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 23
  • 24. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Card authentication by terminal Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 24
  • 25. |Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Static Data Authentication Signed by Payment Brand Payment Brand Certificate kept at the terminal Static Application Data Verified by payment brand certificate Verified by Issuer Public Key Certificate Payment Brand Certificate Issuer Public Key Certificate Issuer Public Key Certificate
  • 26. |Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Dynamic Data Authentication Signed by Payment Brand Payment Brand Certificate kept at the terminal Issuer Public Key Certificate Issuer Public Key Certificate Verified by payment brand certificate Payment Brand Certificate Verified by Issuer Public Key Certificate ICC Public Key Certificate + Static Application Data Card & Terminal Dynamic Data Verified by ICC Public Key Certificate ICC Public Key Certificate
  • 27. |Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Data Authentication EMV Data Authentication  SDA  DDA  CDA Combined Data Authentication Generate Application Cryptogram Issuer Application Request Cryptogram (ARQC) Send ARQC to Issuer Cryptogram Validation Application Response Cryptogram Send ARPC to Card DDA
  • 28. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Confirming compatibility between terminal and card Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 28
  • 29. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Confirming whether a cardholder is valid Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 29
  • 30. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Cardholder Verification Method Cardholder Verification Method Verification Methods • Online PIN  PIN is encrypted and verified by the issuer online • Offline PIN  A copy of the PIN is stored at the card in encrypted form  During transaction, user provided PIN is matched with that stored encrypted PIN • Signature  Cardholder’s signature on receipt is matched with the signature at the back of the card • No verification method • Only Card is authenticated • Usually takes place for small amount transaction 30
  • 31. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Different steps taken by the terminal to prevent fraud Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 31
  • 32. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Primary decision for transaction whether to approve or decline offline or online Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 32
  • 33. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Final decision making for going online or offline for transaction by card self risk management based on terminal action analysis Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 33
  • 34. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management Online Transaction with Application Cryptogram 34
  • 35. |Copyright 2016, Kona SL Ltd. | All Rights Reserved EMV Online Transaction Flow EMV Online Transaction Flow Application Request Cryptogram (ARQC) Acquirer Payment Network Provider Issuer Application Response Cryptogram (ARPC) Application Request Cryptogram (ARQC) Application Request Cryptogram (ARQC) Cryptogram Validation Application Response Cryptogram (ARPC) Application Response Cryptogram (ARPC) 35
  • 36. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Process Additional Commands from Issuer Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 36
  • 37. |Copyright 2016, Kona SL Ltd. | All Rights Reserved Card & Terminal Communication Steps for Transaction Card & Terminal Communication Steps Complete Transaction Process Initiate Application Data Authentication Processing Restrictions Cardholder Verification Terminal Action Analysis Online Processing & Issuer Authentication Card Action Analysis Completion Read Application Data Script Processing Online/ Offline Decision Online Offline Terminal Risk Management 37
  • 38. Copyright ⓒ 1999-2013 Kona I Co., Ltd All Rights Reserved. Copyright © 2016, KONA Software Lab Ltd. All Rights Reserved 38