EMV Terms

Overview#

A listing of EMV terms that we have discovered. applications include payment, terminal behavior, CVM preferences, security keys, rules, risk policies, stored value, and loyalty. Programs on card chip that allow card to be used for payment, to store value and to get loyalty rewards. space to promote the efficient, timely, and effective migration to EMV- enabled cards, devices, and terminals in the United States.

Issuing Processor #

An entity that facilitates card issuance activities on behalf of an issuer such as process payment transactions, card enrollment, preparing and sending the card personalization information to the card vendor, and maintaining the cardholder database. The issuer processor may provide only card issuing activities or may provide other ancillary services as well (e.g., web front-end administrative and cardholder account management applications, customer service, settlement and clearing, chargeback processing) A standards-based wireless communication technology that allows data to be exchanged two-ways between devices that are a few centimeters apart. NFC-enabled mobile phones incorporate smart chips (called secure elements) that allow the phones to securely store the payment application and consumer account information and to use the information as a "virtual payment card".

Near field communication (NFC) is a set of standards for smartphones and similar devices used to establish communication with each other by touching them together or bringing them close.

Offline Authorization#

Authorizing or declining a payment transaction through card-to-terminal communication, using issuerdefined risk parameters that are set in the card to determine whether the transaction can be authorized without going online to the issuer host system.

Offline Data Authentication#

A process whereby the card is validated at the point of transaction, using RSA public key technology to protect against counterfeit or skimming. Three forms of offline data authentication are defined by EMV: SDA, DDA and CDA.

Offline PIN#

The PIN stored on the chip card (versus a PIN stored at the host). In a chip transaction using offline PIN, the PIN entered at the terminal is compared with the PIN stored securely on the chip card without going online to the issuer host for the comparison. Only the result of the comparison is passed to the issuer host system. Two types of offline PIN are enciphered and plaintext.

Offline Only Terminal#

A chip terminal that is not capable of sending an online authorization request and where all transactions have to be approved offline.

Online Authorization#

Authorizing or declining a payment transaction by sending transaction information to the issuer and requesting a response real-time.

Online Capable Terminal#

A chip terminal that supports both offline and online processing.

Online Card Authentication#

Validation of a chip card by the issuer during online authorization to protect against data manipulation and skimming. See also ARQC (Authorization Request Cryptogram).

Online EMV#

A streamlined implementation of EMV that uses online card authentication and online transaction authorization together and requires 100 percent online authentication / authorization. Online EMV may be appropriate for countries with a fast, reliable telecommunications infrastructure, such as the U.S.

Online Issuer Authentication#

Validation of the issuer by the card to ensure the integrity of the issuer. Also known as Issuer Authentication and Host Authentication. See also ARPC (Authorization Response Cryptogram).

Online PIN#

In a chip transaction, the process of comparing the cardholder's entered PIN with the PIN stored on the issuer host system. The PIN is encrypted by the POS terminal PIN pad before being passed to the acquirer system.

The PIN is then decrypted and re-encrypted as it passes between each party on its way to the issuer.

This is supported today with mag-stripe.

PCI DSS Payment Card Industry Data Security Standard#

A framework developed by the Payment Card Industry Security Standards Council for developing a robust payment card data security process – including prevention, detection and appropriate reaction to security incidents.

Payment Network#

Organization which defines specifications and rules of the network, routes transactions between issuers and acquirers, and ensures security and interoperability. Also known as a card brand.

Personalization#

Process by which the elements specific to the issuer and cardholder are added to the plastic card, magnetic stripe and/or chip.

Personalization Bureau#

An entity which provides some of the following personalization services to issuers: Perform key management activities for EMV, CVV/CVC, and PINs between card manufacturer and personalization bureau and between issuer and personalization bureau

PIN#

Also known as An alphanumeric code of 4 to 12 characters that is used to identify cardholders at a customer-activated PIN pad. PINs can be verified online by the issuer or sent to the chip card for offline PIN verification. See also Offline PIN.

A secret code or number that an individual memorizes and uses to authenticate his or her identity for card use.

PIX#

Also known as: • Proprietary Application Identifier Extension The last four digits of the Application ID

Plaintext PIN#

Offline PIN processing in which the PIN entered by the cardholder is sent unencrypted, in plaintext, from the PIN pad to the chip card for verification.

POS/ATM Terminal Manufacturers/ Suppliers#

An entity which manufactures and supplies POS/ATM terminals to POS/ATM terminal operators/owners

POS/ATM Terminal Operators/Owners#

An entity which drives or operates some or all parts of payments through terminals or ATMs. Examples: • Acquirer • IAD (Independent ATM Deployer) • ISO (Independent Selling Organization) • Merchant • VARs (Value Added Resellers)© 2013 First Data Corporation. All Rights Reserved. All trademarks, service marks and trade names referenced in this material are the property of their respective owners.

Private Key#

The secret component of an asymmetric key pair. The private key is always kept secret by its owner. It may be used to digitally sign messages for authentication purposes.

Public Key #

The public component of an asymmetric key pair. The public key is usually publicly exposed and available to users. A certificate to prove its origin often accompanies it.

Public Key Cryptography#

An Encryption method that is used to verify an identity or to encrypt data or messages. It consists of two keys, one Public Key and one Private Key. The Public Key is in the public domain and available to all users and the Private Key is kept secret. Public Key cryptography may also be used to verify digital signatures to authenticate the message sender. Public Key Cryptography requires a Public Key Infrastructure to be secure and effective.

PKI - Public Key Infrastructure#

The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a Certificate-based Public Key Cryptography.

Regional Debit Network#

Organization which defines specifications and rules for a debit-only payment network, routes debit transactions between issuers and acquirers, merchants and ATMs, and ensures security and interoperability.

A debit network supports debit transactions (withdrawals, balance inquiries, transfers, and cash advances).

RID (Registered Application Provider identifier)#

The first part of the Application ID, starting with a letter and containing nine numbers, used to identify a payment system (card scheme) or network, e.g., MasterCard, Visa, Interac.

ROM Read Only Memory#

Permanent memory that cannot be changed once it is programmed. It is used to store chip operating systems and permanent data.

RSA Rivest, Shamir, and Adelman#

A widely used public key algorithm, developed by Rivest, Shamir and Adelman. The RSA algorithm is used, for example, in Offline Data Authentication.

SAM (Secure Application Module)#

A logical device used to provide security for insecure environments. It is protected against tampering and stores secret and/or critical information. SAMs are often inserted into point-of- sale terminals to store keys, especially for chip card applications.

Standards Body#

An entity which ensures physical and logical global interoperability of contact and contactless capable devices and systems: e.g., cards, Mobile Devices, POS systems, ATMs, acquiring networks, issuer host systems.

Entity which creates standards for all companies to work well together.

SDA Static Data Authentication#

An authentication technique used in offline chip transactions that uses a Cryptogram using a static public key certificate and static data elements. With SDA, the data used for authentication is static—the same data is used at the start of every transaction.

Symmetric Key Technology#

Keys that are used for symmetric (secret)Private Key Cryptography. In a Symmetric Key Cryptography, the same secret key is used to perform both the cryptographic operation and its inverse (for example to encrypt and decrypt, or to create a message authentication code and to verify the code).

The secret key is shared between the sender and the receiver or the card and the issuer.

TACs Terminal Action Codes#

Codes placed in the terminal software by the acquirer. These codes indicate the acquirer’s preferences for approving transactions offline, declining transactions offline, and sending transactions online to the issuer based on risk management performed.

TVR Terminal Verification Results#

The result of the checks performed by the terminal during the transaction.

TC Transaction Certificate#

A Cryptogram generated by the card at the end of all offline and online approved transactions. The Cryptogram is the result of card, terminal, and transaction data encrypted by a DES key. The TC provides information about the actual steps and processes executed by the card, terminal, and merchant during a given transaction and can be used during dispute processing.

Triple DES#

Also known as: A sophisticated implementation of DES, in which the procedure for encryption is the same but repeated three times.

First, the DES key is broken into three sub keys. Then the data is encrypted with the first key, decrypted with the second key and encrypted again with the third key.

Triple DES offers much stronger encryption than DES.

More Information#

There might be more information for this subject on one of the following:
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!