What is EMV?
EMV is fraud-reducing technology that can help protect issuers, merchants and consumers against losses from the use of counterfeit and lost or stolen payment cards at the point-of-sale.
EMV cards are embedded with a microprocessor or smart chip that interacts with the merchant’s point-of-sale device to make sure that the payment card is valid and with the use of a PIN that it belongs to the person using the card.
This kind of chip technology adds layers of security against fraud and is virtually impossible to duplicate. At the moment of transaction- when the cardholder is most susceptible to fraud- an EMV cryptogram is what keeps sensitive data away from cyber-thieves.
What are the benefits of EMV?
The biggest benefit of EMV is the reduction in card-present card fraud resulting from counterfeit, lost and stolen cards. EMV also provides interoperability with the global payments infrastructure – consumers with EMV chip payment cards can use their card on any EMV-compatible payment terminal. EMV technology also supports enhanced cardholder verification methods.
Why are EMV credit and debit cards and EMV chip payment transactions secure?
EMV secures the payment transaction with enhanced functionality in three areas:
- Card authentication, protecting against counterfeit cards. The card is authenticated during the payment transaction, protecting against counterfeit cards. Transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or offline with the terminal using Static Data Authentication (SDA), Dynamic Data Authentication (DDA) or Combined DDA with application cryptogram generation (CDA). EMV transactions also create unique transaction data, so that any captured data cannot be used to execute new transactions.
- Cardholder verification, authenticating the cardholder and protecting against lost and stolen cards. Cardholder verification ensures that the person attempting to make the transaction is the person to whom the card belongs. EMV supports four cardholder verification methods (CVM): offline PIN, online PIN, signature, or no CVM. The issuer prioritizes CVMs based on the associated risk of the transaction (for example, no CVM is used for unattended devices where transaction amounts are typically quite low).
- Transaction authorization, using issuer-defined rules to authorize transactions. The transaction is authorized either online and offline. For an online authorization, transactions proceed as they do today in the U.S. with magnetic stripe cards. The transaction information is sent to the issuer, along with a transaction-specific cryptogram, and the issuer either authorizes or declines the transaction. In an offline EMV transaction, the card and terminal communicate and use issuer-defined risk parameters that are set in the card to determine whether the transaction can be authorized. Offline transactions are used when terminals do not have online connectivity (e.g., at a ticket kiosk) or in countries where telecommunications costs are high.
EMV cards store payment information in a secure chip rather than on a magnetic stripe and the personalization of EMV cards is done using issuer-specific keys. Unlike a magnetic stripe card, it is virtually impossible to create a counterfeit EMV card that can be used to conduct an EMV payment transaction successfully.