EMV standard!steemCreated with Sketch.

in technology •  8 years ago 

EMV!

Have you ever been concerned about your credit/debit card data and how it will put you in trouble? If not, I have to say you are not thinking it through.
In last couple of years billions of dollars were stolen from people due to fraudulent activities, one of these activities is called counterfeit card which could target almost everyone

Counterfeit card

When you are using your card on a Point Of Sale (POS), the data on your card (which is by the way static and does not change and is written on magnetic stripe) is supposed to be transferred to the POS as encrypted data (encryption means you change your plain data by using an algorithm and a key that nobody can get to the plain data unless the ones who have the key).
So far this sounds good! But what happens if someone use a POS (or a card reader) that does not have any key or the key is compromised and accessible by others? The answer is simple! Your data such PAN (primary account number), CVV2 (3-4 digits number on the card), PIN (the password you use), signature, etc... Will be accessible by others.

The scary part!


Source
Now the person who captured your card data can simply issue another card with the exact static data as yours! Now your card and your PIN/signature officially is in another person’s hand, I leave the rest to your imagination

here is inside the magnetic stripe card with track1, track2 and track3

Source

So what should I do to prevent this?

You don’t need to do anything really, you just need to be a little smart and use another type of service with EMV (Europay, MasterCard, and Visa) support which involves a chip card(instead of magnetic stripe) and a Point of sale terminals capable of accepting such cards

What is EMV and how it is safer?


Source
In one sentence EMV is a standard which is going to create a unique code for every transaction that cannot be used again. And the information written on card is not static (it changes because of the very small processor reside in the card), so it cannot just be counterfeited. Also all the process of communication between card and terminal is completely encrypted and dynamic (for every communication there is a new key generated that only is used by that session).

Source
EMV in fact is benefiting of many standards like ISO/IEC 7816(communication between card and reader, etc…), ISO 8583(standard protocol used for communication between POS and issuer
In general EMV uses a risk management system called terminal action analysis which in every transaction terminals uses a combination of data objects known as terminal action codes (TACs) that is held in the terminal and issuer action codes (IACs) reside in card. by the result given to terminal finally terminal will make the decision about the transaction and how to deal with it:

  1. Offline approved (when authorization is successful, the amount is low enough for offline transaction, card counter is not over the limitation, etc…)
  2. Go online for authorization
  3. Decline (risk is too high and transaction cannot be authorized due to certificate, application, PIN, etc…)

Go online

Online transaction in magnetic stripe cards and EMV chip cards are pretty much the same with a very big difference which is field number 55

Source

Source

Field number 55 is containing Authorization Request Cryptogram (ARQC)
“Transactions go online when an ARQC has been requested. The ARQC is sent in the authorization message (resides in Field 55). The card generates the ARQC. Its format depends on the card application. EMV does not specify the contents of the ARQC. The ARQC created by the card application is a digital signature of the transaction details, which the card issuer can check in real time. This provides a strong cryptographic check that the card is genuine. The issuer responds to an authorization request with a response code (accepting or declining the transaction), an authorization response cryptogram (ARPC) and optionally an issuer script (a string of commands to be sent to the card).” Source

by the way if you have found this post by searching through internet , take some time and read about our great community( steemit ) as well, you are going to love it :)

Where is EMV now?

2015

Europe has the highest rate of transaction based on EMV, not surprisingly the amount of fraudulent activities in these countries has the lowest rate. United States in other hand is not successful in this area and again not surprisingly you can see the rate of fraud is very high in this country.

Keep in mind that EMV standard will reduce fraud(specially on Card present transactions), it cannot eliminate it, though.

EMV has a lot of technicality , but here I just tried to simplified for people who have no information about it and give them the Idea behind the EMV.

this post has been powered up 100%

thanks for reading or at least checking out my post

later on I am gonna talk about tokenization,Please follow me at @meysam if you are interested at all

have fun :)

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Most of Credit card users they don't know the dangeroeus things that happen for them by the spammer/hacker

exactly , it is actually very easy to counterfeit a card