A credit card issued by Japan Airlines and Visa, showing the square, gold-plated contact pads for connecting to the chip.
WHAT IS EMV ?
EMV is a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines that can accept them. EMV cards are smart cards (also called chip cards or IC cards) that store their data on integrated circuits in addition to magnetic stripes (for backward compatibility). These include cards that must be physically inserted (or “dipped”) into a reader and contactless cards that can be read over a short distance using radio-frequency identification (RFID) technology. Payment cards that comply with the EMV standard are often called Chip and PIN or Chip and Signature cards, depending on the authentication methods employed by the card issuer.
EMV stands for Europay, MasterCard, and Visa, the three companies that originally created the standard. The standard is now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.[1]
There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards (MasterCard Contactless, PayWave, ExpressPay).
The most widely known chip card implementations of the EMV standard are
- VIS – Visa
- MasterCard chip – MasterCard
- AEIPS – American Express
- UICS – China Union Pay
- J Smart – JCB
- D-PAS – Discover/Diners Club International.
- Rupay – NPCI
Visa and MasterCard have also developed standards for using EMV cards in devices to support card not present transactions over the telephone and Internet. MasterCard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Passcode Authentication (DPA) scheme, which is their implementation of CAP using different default values.
In February 2010, computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack; however, the way PINs are processed depends on the capabilities of the card and the terminal and in this demonstration it was only implementations where the PIN was validated offline that were vulnerable.