EMV
From Wikipedia, the free encyclopedia
- This article is about the standard for "smart" payment cards. "EMV" can also be an acronym for eyes, motor and verbal, the three dimensions of the Glasgow Coma Score.
EMV is a standard for interoperation of IC cards ("Chip cards") and IC capable POS terminals, for authenticating credit and debit card payments. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard. Europay International SA was absorbed into Mastercard in 2002. JCB (formerly Japan Credit Bureau) joined the organisation in December 2004. IC card systems based on EMV are being phased in across the world, under names such as "IC Credit" and "Chip and PIN".
The EMV standard defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. Portions of the standard are heavily based on the IC Chip card interface defined in ISO 7816.
The system is not compatible with the earlier Carte Bleue smart cards systematically deployed in France since 1992. However, Carte Bleue is also moving towards the EMV standard.
Contents |
[edit] Differences and benefits of EMV
The purpose and goal of the EMV standard is to allow secure interoperation between EMV compliant IC cards and EMV compliant credit card payment terminals throughout the world. There are two major benefits to moving to EMV based credit card payment systems: improved security (with associated fraud reduction), and the possibility for finer control of "offline" credit card transaction approvals.
EMV financial transactions are more secure against fraud than traditional credit card payments which use the data encoded in a magnetic stripe on the back of the card. This is due to the use of encryption algorithms such as DES, Triple-DES, RSA and SHA to provide authentication of the card to the processing terminal and the transaction processing center. However, processing is generally slower than an equivalent magnetic stripe transaction. It is due to cryptography overhead and time involved in messages transmissions between the card and the terminal. The increased protection from fraud has allowed banks and credit card issuers to push through a 'liability shift' such that merchants are now liable (as from 1 January 2005 in the EU region) for any fraud that results from non-EMV transactions on their systems.
Although not the only possible method, the majority of implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a PIN (Personal Identification Number) rather than signing a paper receipt. Whether or not PIN authentication takes place depends upon the capabilities of the terminal and programming of the card. For more details of this (specifically, the system being implemented in the UK) see Chip and PIN. In the future, systems may be upgraded to use other authentication systems, such as biometrics, which are generally not considered economical as of 2004.
[edit] Control of the EMV standard
The standard is defined and managed by the public corporation EMVCo. Recognition of compliance to the EMV standard (i.e. device certification) is issued by EMVCo following submission of results of testing performed by an accredited testing house.
EMV Compliance testing has two levels: EMV Level 1 which covers physical, electrical and transport level interfaces, and EMV Level 2 which covers payment application selection and credit financial transaction processing.
[edit] List of EMV documents and standards
- EMV Book 1, 2, 3, 4 : The official standard documents that define all the components in an EMV payment system.
[edit] External links
[edit] General
- EMVCo, the organisation responsible for developing and maintaining the standard
- Chip and PIN, site run by the Association For Payment Clearing Services (APACS), the UK's central co-ordinating authority for the implementation of EMV
- Chip and SPIN, Ross Anderson's discussion of some security aspects of EMV
