Plaintext PIN


Plaintext PIN verification performed by ICC (000001b): This is a cost effective Cardholder Verification Method, which is specific for chip Card products.

The POS Terminal captures the PIN from the user and sends it in clear to the chip Card. The chip compares the value received with a witness value stored in its permanent memory since the personalization stage.

The method is described in Appendix D, Section D.5.3. Issuers that do not consider the threat of eavesdropping on the interface terminal-card prefer this method to on-line enciphered PIN since implementing it is cheaper and it allows the off-line completion of an EMV transaction at an unattended terminal. The terminal implementing this CVM has to be equipped with an off-line PIN pad, which is a tamper resistant device such that capturing the PIN of the cardholder on the interface card-terminal is difficult.

More Information#

There might be more information for this subject on one of the following: