Posts Tagged ‘emv level 2’

EMV Cardholder Verification Methods

Wednesday, January 6th, 2010

Although EMV is often referred to as “Chip and PIN”, in fact EMV supports several different methods of verifying the identity of the cardholder, known as Cardholder Verification Methods (CVM). Every card contains a list of the CVM that it supports, and when they need to be applied (e.g. Use online PIN if the transaction is an ATM cash withdrawal, else use signature).

Whenever an EMV transaction is performed, the terminal’s EMV Level 2 Kernel processes the CVM list in order, until it finds a CVM that it supports and can process. In the event that no supported CVM is found or an error occurs during CVM processing (e.g. the PIN-Pad was malfunctioning), the EMV kernel will flag this in the Terminal Verification Results, which may cause the transaction to be declined or sent online for authorisation by the card issuer.

The CVM that EMV currently supports are Online PIN (required in certain countries for all transactions, and also for all ATM cash withdrawals), Offline PIN verified by the chip card (required in certain countries for all payment transactions), signature (for attended payment terminals in some countries), or a combination of both PIN and signature if additional verification is required.

Also, in some environments it is permissible to use no CVM for low-value transactions or for terminals that do not support any of the CVM on the cards.

CreditCall’s EMV Kernels support every EMV-defined CVM, and provide a simple yet powerful way to add EMV level 2 to payment devices. Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.

Tags: , , , , , , , , , , ,
Posted in EMV Certification and Approvals | No Comments »

EMV Online Security

Wednesday, December 9th, 2009

If you are familiar with magnetic stripe card processing, you may not be aware that the online processing of an EMV “Chip and PIN” card allows the authenticity of a payment card to be verified, in addition to checking whether there are sufficient funds available for the payment.

An EMV card generates a unique “Authorisation Request Cryptogram” for each transaction that requires online authorisation. This is calculated by encrypting the card and transaction data using a secret key that is known only to the card and the card issuer. When the transaction details are sent to the issuer during the authorisation process, the issuer can then use its copy of the secret key to verify that the cryptogram for the transaction is correct, and that therefore the card is genuine.

Once the issuer is satisfied that the request is genuine and they wish to authorise the transaction, they will generate an authorisation response cryptogram, which the card can then use to authenticate that the authorisation for the payment came from the genuine issuer of the card.

These checks allow the EMV card and the issuer to verify the authenticity of each other, and thus protect the cardholder from being debited for fraudulent transactions.

This is just one of the many benefits that EMV migration can bring. The CreditCall EMV kernels provide a simple but powerful way to add EMV level 2 to ATMs, PoS devices and unattended payment terminals such as kiosks.

Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.

Tags: , , , , , , , , ,
Posted in Security | 5 Comments »

EMV Approval Expiry

Thursday, December 3rd, 2009

This year, for the first time, EMVCo have implemented a policy of revoking all EMV Level 2 letters of approval that are more than 3 years old. Although EMVCo offer the option to renew an existing EMV Kernel approval by submitting it for retesting, the fact that they regularly issue specification update bulletins effectively means that this option is not possible. Therefore, any EMV Level 2 Kernels greater than 3 years old can no longer claim to be EMV-compliant, which is a problem when trying to market and deploy new terminals.

It is of course possible to update an existing EMV solution to meet the latest specifications, but the sheer volume of specification changes means that this is a significant task. A better approach therefore, is to migrate to an EMV Kernel that is compliant with the latest EMV standards, such as the CreditCall EMV Kernels. Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.

Found this Interesting, but struggling with the terminology? Why not consult the helpful Glossary of Terms at http://www.emvx.co.uk/glossary.aspx EMV de-mystified!

Tags: , , , , , , , , ,
Posted in EMV Certification and Approvals | 3 Comments »