An EMV card generates a unique “Authorisation Request Cryptogram” for each transaction that requires online authorisation. This is calculated by encrypting the card and transaction data using a secret key that is known only to the card and the card issuer. When the transaction details are sent to the issuer during the authorisation process, the issuer can then use its copy of the secret key to verify that the cryptogram for the transaction is correct, and that therefore the card is genuine.

Once the issuer is satisfied that the request is genuine and they wish to authorise the transaction, they will generate an authorisation response cryptogram, which the card can then use to authenticate that the authorisation for the payment came from the genuine issuer of the card.

These checks allow the EMV card and the issuer to verify the authenticity of each other, and thus protect the cardholder from being debited for fraudulent transactions.

This is just one of the many benefits that EMV migration can bring. The CreditCall EMV kernels provide a simple but powerful way to add EMV level 2 to ATMs, PoS devices and unattended payment terminals such as kiosks.

Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.