Financial Times Virtual Finance Report The ABC of EMV by Dave Birch.
The ABC of EMV
There’s a chip on my Barclaycard
by Dave Birch
No Change
My new Barclaycard has a chip on it. So do lots of others, since Barclaycard have already issued their first 500,000 smart cards (with another 2.5 million to follow over the next couple of years). The chip on my Barclaycard is rather a clever one, with two applications on it: a smart credit card application and an electronic purse application. Not much to get excited about on the surface (unless you live in Northampton, for example, where the smart payment card pilot was running), but it has some very important implications for online financial services and commerce. Not right now—I’ve used it at home and overseas, and can testify that it works exactly the same as my old one with no chip on it—but in the very near future.
The move to smart cards started a few years ago. The finance sector requirements for a Card Authentication Method (CAM) to address the growth in magnetic stripe card fraud led to investigations by the card associations to review emerging card technologies. Several technologies were evaluated and the smart card was selected as the best and most cost effective available. This led to several initiatives by the card associations. In one of these, Mastercard International, Europay International and Visa International have been co–operating in a working group on smart payment cards, generally known as EMV, since 1993. The purpose of this group was to develop standard specifications for payments businesses founded on ISO 7816, the standard for contact smart cards. Broadly speaking, the group’s goals were to:
♦ Establish standards for global interoperability for financial institution smart card transactions at POS and ATMs.
♦ To reduce the amount of online authorisations, passing on reduced acquiring costs for merchants.
♦ To reduce the fraud costs associated with counterfeit cards.
♦ To provide a secure platform to enable offline cardholder verification at “point of interaction” for smart card transactions. In other words, to provide a way to make customers in shops prove that they are entitled to use the card they have presented, without having to go online to a database somewhere.
The first release of the resulting EMV standard was in May 1994. It presented an implementation of the ISO 7816 specification to:
© Hyperion Systems Limited (1999) Page 1/8 (This reprint 26th June 1999) Financial Times Virtual Finance Report The ABC of EMV by Dave Birch.
» Provide a process whereby an offline payment transaction could be authorised in a controlled environment.
» Provide a process to mutually authenticate the card and the issuer in an online transaction over insecure data links (public networks).
EMV is a three part specification: the first part deals with the cards, the second with the terminals and the third with applications. Since 1994, the specifications have been reissued a number of times, with each version being controlled through a committee process. Due the length of time involved, a number of large scale smart card developments and implementations went ahead during the review process and were therefore based on different shapshots of the EMV specifications.
The current version is EMV ’96 3.1.1 (published 31st May 1998), and the payment associations have said that it will be stable until 2001. Most European schemes for moving existing magnetic stripe credit, debit and charge cards over to smart cards have declared EMV compliance to be one of their goals, although their timescales for EMV implementation naturally vary wildly (see Table 1). Note that the EMV specifications do not cover electronic purse.
EMV Readiness Countries