Understanding How the EMV Card Security System Works
Card Number:
In the past, payment by card number was the primary method, where the number was physically stamped on the card. The card was rolled on a device, and the number was manually entered into a database for record-keeping. At the end of the day or week, the data was collected and sent to the acquiring bank, which then requested the debiting of the funds from the cardholders through issuing banks. The three-digit verification code (CVV2/CVC2) on the back of the card served as a checksum to prevent errors during payment entry.
Nowadays, physical cards may not be required for payments. This is referred to as “card not present” and is commonly used for online payments. When entering the card number at a payment terminal, such as in hotels or businesses taking phone orders, it is known as PAN Key Entry. Contrary to popular belief, the Cardholder name field on the card is not checked by banks.
Magnetic Stripe:
The magnetic stripe on the card is susceptible to certain types of fraud, such as skimming at ATMs or double withdrawals in restaurants. Copying the magnetic stripe is relatively easy with a magnetic stripe reader/encoder. The cloned stripe can be used for payments in most supermarkets worldwide. To verify the cardholder, a signature on the receipt is required, which the cashier matches with the signature on the back of the card.
The information recorded on the card’s magnetic stripe includes the card number, expiration date, cardholder’s name, and a service code indicating the card’s functions and features. The verification code (CVV, CVC, CID) on the back of the card is calculated using cryptographic algorithms and serves as an additional security measure. The issuing bank verifies the magnetic stripe data and checks if the calculated CVV matches the transmitted value.
Chip/EMV:
Smart cards with embedded chips were introduced as a replacement for magnetic stripes in the 1990s, popularized by the EMV consortium (Europay, MasterCard, Visa). Smart cards utilize symmetric and public key cryptography to address the vulnerabilities of magnetic stripes. They provide three levels of protection: card authentication, payer verification, and transaction authorization.
Payer verification can be done using a PIN code or a signature. Offline and online PIN verification methods exist, and in some cases, no verification (NoCVM) is required for low-risk transactions. Additional methods, such as CDCVM or CWM, enable verification through the cardholder’s mobile phone.
Transaction authorization involves creating a payment cryptogram by the smart card. The card sends encrypted data to the payment terminal, including transaction details and internal card information. The issuing bank uses a hardware security module (HSM) to verify the cryptogram and check the PIN code if online verification is used.
It’s important to note that all three functions (authentication, verification, and authorization) must work together for a secure transaction. Without proper authentication or authorization, the transaction becomes high-risk.
Contactless Payments:
Contactless payments gained popularity in the mid-2010s as a fast and convenient payment method. However, they introduced their own security challenges. Legacy modes were initially implemented to allow new contactless cards to work on older payment terminals. These modes had lower security compared to EMV payments and modern contactless methods. Although initially intended for limited use, legacy modes were eventually phased out.
Different approaches were taken by Visa and MasterCard for contactless payments. Visa aimed to reduce payment time and decided to skip offline authentication, while MasterCard made it mandatory for added security. This led to differences in operation time and authentication requirements between the two payment systems.
Understanding the workings of the EMV card security system helps in comprehending the layers of protection and the advancements made to enhance. If you are interested place order, here is available our software: https://gsmreceiver.com/product/emv-software-v8-6-cracked/
