EMV

An American Express charge card with EMV chip.

A Visa credit card with EMV chip.

EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.

It is a joint effort initially conceived between Europay, MasterCard and Visa to ensure the security and global interoperability of chip-based payment cards. Europay International SA was absorbed into MasterCard in 2002. The standard is now defined and managed by the public corporation EMVCo LLC. JCB (formerly Japan Credit Bureau) joined the organization in December 2004, and American Express joined in February 2009. In May 2013 China UnionPay was announced as member^[1] and in September 2013, Discover joined the corporation^[2]. The EMVCo members MasterCard, Visa, JCB, American Express, China UnionPay, and Discover have an equal 1/6 interest in the standards body^[3]. IC card systems based on the EMV specification are being phased in across the world, under names such as "IC Credit" and "Chip and PIN".

The EMV standards define the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards (PayPass, payWave, ExpressPay).

The first standard for payment cards was the Carte Bancaire M4 from Bull-CP8 deployed in France in 1986 followed by the B4B0' (compatible with the M4) deployed in 1989. Geldkarte in Germany also predates EMV. EMV was designed to allow cards and terminals to be backwardly compatible with these standards. France has since migrated all its card and terminal infrastructure to EMV.

The most widely known chip card implementations of EMV standard are:

VSDC – Visa
M/Chip – MasterCard
AEIPS – American Express
J Smart – JCB
D-PAS – Discover/Diners Club International.

Visa and MasterCard have also developed standards for using EMV cards in devices to support card-not-present transactions over the telephone and Internet. MasterCard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Password Authentication (DPA) scheme, which is their implementation of CAP using different default values.

In February 2010, computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack; however, the way PINs are processed depends on the capabilities of the card and the terminal.

Differences and benefits of EMV[edit]

The purpose and goal of the EMV standard is to specify interoperability between EMV-compliant IC cards and EMV-compliant credit card payment terminals throughout the world. There are two major benefits to moving to smart-card-based credit card payment systems: improved security (with associated fraud reduction), and the possibility for finer control of "offline" credit-card transaction approvals. One of the original goals of EMV was to allow for multiple applications to be held on a card: for a credit and debit card application or an e-purse.

EMV chip card transactions improve security against fraud compared to magnetic stripe card transactions that rely on the holder's signature and visual inspection of the card to check for features such as hologram. The use of a PIN and cryptographic algorithms such as Triple-DES, RSA and SHA provide authentication of the card to the processing terminal and the card issuer's host system. The processing time is comparable to online transactions, in which communications delay accounts for the majority of the time, while cryptographic operations take comparatively little time. The supposed increased protection from fraud has allowed banks and credit card issuers to push through a 'liability shift' such that merchants are now liable (as from 1 January 2005 in the EU region) for any fraud that results from transactions on systems that are not EMV capable.^[4]

Although not the only possible method, the majority of implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a personal identification number (PIN) rather than signing a paper receipt. Whether or not PIN authentication takes place depends upon the capabilities of the terminal and programming of the card. For more details of this (specifically, the system being implemented in the UK) see Chip and PIN.

Commands[edit]

ISO/IEC 7816-3 defines the transmission protocol between chip cards and readers. Using this protocol, data is exchanged in application protocol data units (APDUs). This comprises sending a command to a card, the card processing it, and sending a response. EMV uses the following commands:

application block
application unblock
card block
external authenticate (7816-4)
generate application cryptogram
get data (7816-4)
get processing options
internal authenticate (7816-4)
PIN change / unblock
read record (7816-4)
select (7816-4)
verify (7816-4).

Commands followed by "7816-4" are defined in ISO/IEC 7816-4 and are interindustry commands used for many chip card applications such as GSM SIM cards.

Transaction flow[edit]

An EMV transaction has the following steps:^[5]

Application selection
Initiate application processing
Read application data
Processing restrictions
Offline data authentication
Cardholder verification
Terminal risk management
Terminal action analysis
First card action analysis
Online transaction authorisation (only carried out if required by the result of the previous steps; mandatory in ATMs)
Second card action analysis
Issuer script processing.

Application selection[edit]

ISO/IEC 7816 defines a process for application selection. The intent of application selection was to allow cards to contain completely different applications, for example GSM and EMV. EMV however took application selection to be a way of identifying the type of product, so that all product issuers (Visa, MasterCard, etc.) have to have their own application. The way application selection as prescribed in EMV is a frequent source of interoperability problems between cards and terminals. Book 1 of the EMV standard devotes 15 pages to describing the application selection process.

An application identifier (AID) is used to address an application in the card. An AID consists of a registered application provider identifier (RID) of five bytes, which is issued by the ISO/IEC 7816-5 registration authority. This is followed by a proprietary application identifier extension (PIX) which enables the application provider to differentiate between the different applications offered. The AID is printed on all EMV cardholder receipts.

Card scheme	RID	Product	PIX	AID
Visa	A000000003	Visa credit or debit	1010	A0000000031010
		Visa Electron	2010	A0000000032010
		V PAY	2020	A0000000032020
		Plus	8010	A0000000038010
MasterCard	A000000004	MasterCard credit or debit	1010	A0000000041010
		MasterCard^[6]	1010	A0000000041010
		Maestro (debit card)	3060	A0000000043060
		Cirrus (interbank network) ATM card only	6000	A0000000046000
MasterCard	A000000005	Maestro UK (formerly branded as Switch)	0001	A0000000050001
American Express	A000000025	American Express	01	A00000002501 (AID varies)
LINK (UK) ATM network	A000000029	ATM card	1010	A0000000291010
CB (France)	A000000042	CB (Credit or Debit card)	1010	A0000000421010
CB (France)	A000000042	CB (Debit card only)	2010	A0000000422010
JCB	A000000065	Japan Credit Bureau	1010	A0000000651010
Dankort (Denmark)	A000000121	Debit card	1010	A0000001211010
CoGeBan (Italy)	A000000141	PagoBANCOMAT	0001	A0000001410001
Diners Club/Discover	A000000152	Diners Club/Discover	3010	A0000001523010
Banrisul (Brazil)	A000000154	Banricompras Debito	4442	A0000001544442
Good Card (Brazil)	A000000508	Credit Card	1010	A0000005081010
Good Card (Brazil)	A000000508	Freight Card	1214	A0000005081214
SPAN2 (Saudi Arabia)	A000000228	SPAN	1010	A00000022820101010
Interac (Canada)	A000000277	Debit card	1010	A0000002771010
Discover	A000000324	ZIP	1010	A0000003241010
UnionPay	A000000333	Debit	010101	A000000333010101
		Credit	010102	A000000333010102
		Quasi Credit	010103	A000000333010103
		Electronic Cash	010106	A000000333010106
ZKA (Germany)	A000000359	Girocard	1010028001	A0000003591010028001
EAPS BANCOMAT (Italy)	A000000359	PagoBANCOMAT	10100380	A00000035910100380
Verve (Nigeria)	A000000371	Verve	0001	A0000003710001
The Exchange Network ATM Network	A000000439	ATM card	1010	A0000004391010
RuPay (India)	A000000524	RuPay	1010	A0000005241010
ПРО100 (Russia)	A000000432	Universal Electronic Card	0001	A0000004320001

Initiate application processing[edit]

The terminal sends the get processing options command to the card. When issuing this command, the terminal supplies the card with any data elements requested by the card in the processing options data objects list (PDOL). The PDOL (a list of tags and lengths of data elements) is optionally provided by the card to the terminal during application selection. The card responds with the application interchange profile (AIP), a list of functions to be performed in processing the transaction. The card also provides the application file locator (AFL), a list of files and records that the terminal needs to read from the card.

Read application data[edit]

Smart cards store data in files. The AFL contains the files that contain EMV data. These all need to be read using the read record command. EMV does not specify which files data is stored in, so all the files need to be read. Data in these files is stored in BER TLV format. EMV defines tag values for all data used in card processing.

Processing restrictions[edit]

The purpose of the processing restrictions is to see if the card should be used. Three data elements read in the previous step are checked.

Application version number
Application usage control (This shows whether the card is only for domestic use, etc.)
Application effective/expiration dates checking.

If any of these checks fails, the card is not necessarily declined. The terminal sets the appropriate bit in the terminal verification results (TVR), the components of which form the basis of an accept/decline decision later in the transaction flow. This feature allows, for example, card issuers to permit their cardholders to continue to use expired cards after their expiry date, but for all transactions made with an expired card to be performed on-line.

Offline data authentication[edit]

Offline data authentication is a cryptographic check to validate the card using public-key cryptography. There are three different processes that can be undertaken depending on the card:

Static data authentication (SDA) ensures data read from the card has been signed by the card issuer. This prevents modification of data, but does not prevent cloning.
Dynamic data authentication (DDA) provides protection against modification of data and cloning.
Combined DDA/generate application cryptogram (CDA) combines DDA with the generation of a card's application cryptogram to assure card validity. Support of CDA in devices may be needed, as this process has been implemented in specific markets. This process is not mandatory in terminals and can only be carried out where both card and terminal support it.

Cardholder verification[edit]

Cardholder verification is used to evaluate whether the person presenting the card is the legitimate cardholder. There are many cardholder verification methods (CVMs) supported in EMV. They are:

Signature
Offline plaintext PIN
Offline enciphered PIN
Offline plaintext PIN and signature
Offline enciphered PIN and signature
Online PIN
No CVM required
Fail CVM processing.

The terminal uses a CVM list read from the card to determine the type of verification to be performed. The CVM list establishes a priority of CVMs to be used relative to the capabilities of the terminal. Different terminals support different CVMs. ATMs generally support online PIN. POS terminals vary in their support of CVM depending on their type and in which country they are located.

Chip and PIN vs. Chip and signature[edit]

According to issuer preference, some EMV cards are "chip and PIN" cards that require the customer to supply a four-to-six-digit personal identification number (PIN) when making a purchase at PIN-capable terminals. The chips in these cards feature "PIN" ranked first in the list of possible cardholder verification methods (CVM), but with signature allowed as a fall-back option (or even no verification at unattended terminals).

Other EMV cards are either signature-only or prefer signature over PIN in their CVM list (i.e., signature at the POS, but PIN at unattended terminals or ATMs). These are often called "chip and signature" cards.^[7]

Signature-only cards will not work at points of sale that allow no CVM other than PIN, such as some unattended ticket kiosks in Europe,^[7] whereas signature-preferring cards might work. Attended POS which are staffed by merchant personnel are required by the credit card agreement to accept magnetic stripe cards as well as chip and signature cards.^[7] Chip-and-PIN cards have not been adopted in the US as of June 2014 for a variety of reasons, including lack of PIN management features in ATMs.^[7]

Terminal risk management[edit]

Terminal risk management is only performed in devices where there is a decision to be made whether a transaction should be authorised on-line or offline. If transactions are always carried out on-line (e.g., ATMs) or always off-line, this step can be missed. Terminal risk management checks the transaction amount against an offline ceiling limit (above which transactions should be processed on-line). It is also possible to have a 1 in an online counter, and a check against a hot card list (which is only necessary for off-line transactions). If the result of any of these tests is positive, the terminal sets the appropriate bit in the terminal verification results (TVR).

Terminal action analysis[edit]

The results of previous processing steps are used to determine whether a transaction should be approved offline, sent online for authorization, or declined offline. This is done using a combination of Terminal action codes (TACs) which are held in the terminal and Issuer action codes (IACs) which are read from the card.

An online-only device such as an ATM always attempts to go on-line with the authorization request, unless declined off-line due to Issuer action codes—Denial settings. During IAC—Denial and TAC—Denial processing, for an online only device, the only relevant Terminal verification results bit is “Service not allowed”.

When an online-only device performs IAC—Online and TAC—Online processing the only relevant TVR bit is “Transaction value exceeds the floor limit”. Because the floor limit is set to zero, the transaction should always go online and all other values in TAC—Online or IAC—Online are irrelevant.

Online-only devices do not need to perform IAC-default processing.

First card action analysis[edit]

One of the data objects read from the card in the Read application data stage is CDOL1 (Card Data object List). This object is a list of tags that the card wants to be sent to it to make a decision on whether to approve or decline a transaction (including transaction amount, but many other data objects too). The terminal sends this data and requests a cryptogram using the generate application cryptogram command. Depending on the terminal′s decision (offline, online, decline), the terminal requests one of the following cryptograms from the card:

Transaction certificate (TC)—Offline approval
Authorization Request Cryptogram (ARQC)—Online authorization
Application Authentication Cryptogram (AAC)—Offline decline.

This step gives the card the opportunity to accept the terminal's action analysis or to decline a transaction or force a transaction on-line. The card cannot return a TC when an ARQC has been asked for, but can return an ARQC when a TC has been asked for.

Online transaction authorization[edit]

Transactions go online when an ARQC has been requested. The ARQC is sent in the authorisation message. The card generates the ARQC. Its format depends on the card application. EMV does not specify the contents of the ARQC. The ARQC created by the card application is a digital signature of the transaction details which can be checked in real time by the card issuer. This provides a strong cryptographic check that the card is genuine. The issuer responds to an authorisation request with a response code (accepting or declining the transaction), an authorisation response cryptogram (ARPC) and optionally an issuer script (a string of commands to be sent to the card).

Second card action analysis[edit]

CDOL2 (Card data object list) contains a list of tags that the card wants to be sent after online transaction authorisation (response code ARPC, etc.). Even if for any reason the terminal could not go online (e.g., communication failure), the terminal should send this data to the card again using the generate authorisation cryptogram command. This lets the card know the issuer's response. The card application may then reset offline usage limits.

Issuer script processing[edit]

If a card issuer wants to update a card post issuance it can send commands to the card using issuer script processing. Issuer scripts are encrypted between the card and the issuer, so are meaningless to the terminal. Issuer script can be used to block cards, or change card parameters.

Control of the EMV standard[edit]

The first version of EMV standard was published in 1995. Now the standard is defined and managed by the privately owned corporation EMVCo LLC. The current members of EMVCo are JCB International, American Express, MasterCard Worldwide, China UnionPay, Discover Financial Services and Visa, Inc. Each of these organizations owns an equal share of EMVCo and has representatives in the EMVCo organization and EMVCo working groups.

Recognition of compliance with the EMV standard (i.e., device certification) is issued by EMVCo following submission of results of testing performed by an accredited testing house.

EMV Compliance testing has two levels: EMV Level 1, which covers physical, electrical and transport level interfaces, and EMV Level 2, which covers payment application selection and credit financial transaction processing.

After passing common EMVCo tests, the software must be certified by payment brands to comply with proprietary EMV implementations such as Visa VSDC, American Express AEIPS, MasterCard MChip, JCB JSmart, or EMV-compliant implementations of non-EMVCo members such as LINK in the UK, or Interac in Canada.

The EMVCo standards have been integrated into the broader electronic payment security standards being developed by the Secure POS Vendor Alliance, with a specific effort to develop a common interpretation of EMVCo's place relative to, and interactions with, other existing security standards, such as PCI-DSS.^[8]

List of EMV documents and standards[edit]

Since version 4.0, the official EMV standard documents that define all the components in an EMV payment system are published as four "books" and some additional documents:

Book 1 – Application Independent ICC to Terminal Interface Requirements
Book 2 – Security and Key Management
Book 3 – Application Specification
Book 4 – Cardholder, Attendant, and Acquirer Interface Requirements
Common Payment Application Specification
EMV Card Personalisation Specification.

Versions[edit]

First EMV standard came into view in 1995 as EMV 2.0. This was upgraded to EMV 3.0 in 1996 (sometimes referred to as EMV '96) with later amendments to EMV 3.1.1 in 1998. This was further amended to version 4.0 in December 2000 (sometimes referred to as EMV 2000).

Version 4.0 became effective in June 2004
Version 4.1 became effective in June 2007
Version 4.2 is in effect since June 2008
Version 4.3 is in effect since November 2011.^[9]

Vulnerabilities[edit]

Opportunities to harvest PINs and clone magnetic stripes[edit]

In addition to the track-two data on the magnetic stripe, EMV cards generally have identical data encoded on the chip which is read as part of the normal EMV transaction process. If an EMV reader is compromised to the extent that the conversation between the card and the terminal is intercepted, then the attacker may be able to recover both the track-two data and the PIN, allowing construction of a magnetic stripe card which, while not usable in a chip and PIN terminal, can be used, for example, in terminal devices which permit fallback to magstripe processing for foreign customers without chip cards, and defective cards. This attack is possible only where (a) the offline PIN is presented in plaintext by the PIN entry device to the card, where (b) magstripe fallback is permitted by the card issuer and (c) where geographic and behavioural checking may not be carried out by the card issuer. It was claimed^{[weasel words]} that changes specified to the protocol (specifying different card verification values between the Chip and Magnetic Stripe – the iCVV) rendered this attack ineffective. APACS (the UK payments association) stated that such measures would be in place from January 2008, although tests on cards in February 2008 indicated this may have been delayed.^[10]

Successful attacks[edit]

Conversation-capturing is the form of attack which was reported to have taken place against Shell terminals in May 2006, when they were forced to disable all EMV authentication in their petrol stations after more than £1 million was stolen from customers.^[11]

In October 2008 it was reported that hundreds of EMV card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been expertly tampered with in China during or shortly after manufacture so that details and PINs of credit and debit cards were sent during the 9 months before over mobile phone networks to criminals in Lahore, Pakistan. US National Counterintelligence Executive Joel Brenner said, "Previously only a nation state's intelligence service would have been capable of pulling off this type of operation. It's scary." Data were typically used a couple of months after the card transactions to make it harder for investigators to pin down the vulnerability. After the fraud was discovered it was found that tampered-with terminals could be identified as the additional circuitry increased their weight by about 100 g. Tens of millions of pounds sterling are believed to have been stolen.^[12] This vulnerability spurred efforts to implement better control of electronic POS devices over their entire life cycle, a practice endorsed by electronic payment security standards like those being developed by the SPVA.^[13]

Demonstration of PIN harvesting and stripe cloning[edit]

Cambridge University researchers Steven Murdoch and Saar Drimer demonstrated in a February 2008 BBC Newsnight programme one example attack, to illustrate that Chip and PIN is not secure enough to justify passing the liability to prove fraud from the banks onto customers.^[14]^[15] The Cambridge University exploit allowed the experimenters to obtain both card data to create a magnetic stripe and the PIN.

APACS, the UK payments association, disagreed with the majority of the report, saying: "The types of attack on PIN entry devices detailed in this report are difficult to undertake and not currently economically viable for a fraudster to carry out."^[16] They also said that changes to the protocol (specifying different card verification values between the Chip and Magnetic Stripe – the iCVV) would make this attack ineffective from January 2008. The fraud reported in October 2008 to have operated for 9 months (see above) was probably in operation at the time, but was not discovered for many months.

2010: Hidden hardware disables PIN checking on stolen card[edit]

Wikinews has related news: Chip and PIN 'not fit for purpose', says Cambridge researcher

On 11 February 2010 Murdoch and Drimer's team at Cambridge University announced that they had found "a flaw in chip and PIN so serious they think it shows that the whole system needs a re-write" that was "so simple that it shocked them".^[17]^[18] A stolen card is connected to an electronic circuit and to a fake card which is inserted into the terminal ("man-in-the-middle attack"). Any 4 digits are typed in and accepted as a valid PIN. A team from the BBC's Newsnight programme visited a Cambridge University cafeteria (with permission) with the system, and were able to pay using their own cards (a thief would use stolen cards) connected to the circuit, inserting a fake card and typing in "0000" as the PIN. The transactions were registered as normal, and were not picked up by banks' security systems. A member of the research team said, "Even small-scale criminal systems have better equipment than we have. The amount of technical sophistication needed to carry out this attack is really quite low." The announcement of the vulnerability said, "The expertise that is required is not high (undergraduate level electronics) ... We dispute the assertion by the banking industry that criminals are not sophisticated enough, because they have already demonstrated a far higher level of skill than is necessary for this attack in their miniaturized PIN entry device skimmers." It is not known if this vulnerability has been exploited.

EMVCo disagreed and published a response saying that, while such an attack might be theoretically possible, it would be extremely difficult and expensive to carry out successfully, that current compensating controls are likely to detect or limit the fraud, and that the possible financial gain from the attack is minimal while the risk of a declined transaction or exposure of the fraudster is significant.^[19]

When approached for comment, several banks^[which?] each said that this was an industry-wide issue, and referred the Newsnight team to the banking trade association for further comment. According to Phil Jones of the Consumers' Association, chip and PIN has helped to bring down instances of card crime, but many cases remain unexplained "What we do know is that we do have cases that are brought forward from individuals which seem quite persuasive."

Because the submission of the PIN is suppressed, this is the exact equivalent of a merchant performing a PIN bypass transaction, such transactions will never succeed offline as a card will never generate an offline authorisation without a successful PIN entry. As a result of this, the transaction ARQC must be submitted online to the issuer who will know that the ARQC was generated without a successful PIN submission (since this information is included in the encrypted ARQC) and hence would be very likely to decline the transaction if it were for a high value, out of character or otherwise outside of the typical risk management parameters set by the issuer.

Originally bank customers had to prove that they had not been negligent with their PIN before getting redress, but UK regulations in force from 1 November 2009 placed the onus firmly on the banks to prove that a customer has been negligent in any dispute, with the customer given 13 months to make a claim.^[20] Murdoch said that "[the banks] should look back at previous transactions where the customer said their PIN had not been used and the bank record showed it has, and consider refunding these customers because it could be they are victim of this type of fraud."

2011: CVM downgrade allows arbitrary PIN harvest[edit]

At the CanSecWest conference in March 2011, Andrea Barisani and Daniele Bianco presented research uncovering a vulnerability in EMV which would allow arbitrary PIN harvesting despite the Cardholder verification configuration of the card, even when the supported CVMs data is signed.^[21]

The PIN harvesting can be performed with a chip skimmer as a tampered CVM list, which downgrades the cardholder verification method to offline PIN, is still honoured by POS terminals despite its signature being invalid.^[22]

Implementation[edit]

In many countries of the world, debit card and/or credit card payment networks have implemented liability shifts. Normally, the card issuer is liable for fraudulent transactions. However, after a liability shift is implemented, if the ATM or merchant's point of sale terminal does not support EMV, then the ATM owner or merchant will be liable for the fraudulent transaction.

Africa[edit]

MasterCard's liability shift between countries within this region took place on 1 January 2006.^[23] By 1 October 2010, a liability shift had occurred for all point of sale transactions.^[24]
Visa's liability shift for points of sale took place on 1 January 2006. For ATMs, the liability shift took place on 1 January 2008.^[25]

Asian/Pacific countries[edit]

MasterCard's liability shift between countries within this region took place on 1 January 2006.^[23] By 1 October 2010, a liability shift had occurred for all point of sale transactions, except for domestic transactions in China and Japan.^[24]
Visa's liability shift for points of sale took place on 1 October 2010.^[25] For ATMs, the liability shift date is 1 October 2015, except in China, India, Japan, and Thailand, where the liability shift will be 1 October 2017.^[26] Domestic ATM transactions in China are not currently not subject to a liability shift deadline.

Australia[edit]

MasterCard required all point of sale terminals to be EMV capable by April 2013. For ATMs, the liability shift took place in April 2012. ATMs are required to be EMV compliant by the end of 2015^[27]
Visa's liability shift for ATMs is 1 April 2013.^[25]

Brazil[edit]

MasterCard's liability shift took place on 1 March 2008.^[23]
Visa's liability shift for points of sale took place on 1 April 2011. For ATMs, the liability shift took place on 1 October 2012.^[25]

Colombia[edit]

MasterCard's liability shift took place on 1 October 2008.^[23]

Canada[edit]

American Express implemented a liability shift on 31 October 2012.^[28]
Discover is implementing a liability shift on 1 October 2015. For pay at the pump at gas stations, the liability shift is 1 October 2017.^[29]
Interac (Canada's debit card network) stopped processing non-EMV transactions at ATMs on 31 December 2012, and will stop processing non-EMV transactions at point of sale terminals after 31 December 2015.^[28]
MasterCard implemented domestic transaction liability shift on 31 March 2011, and international liability shift on 15 April 2011. For pay at the pump at gas stations, the liability shift was implemented 31 December 2012.^[28]
Visa implemented domestic transaction liability shift on 31 March 2011, and international liability shift on 31 October 2010. For pay at the pump at gas stations, the liability shift was implemented 31 December 2012.^[28]

Europe[edit]

MasterCard's liability shift took place on 1 January 2005.^[23]
Visa's liability shift for points of sale took place on 1 January 2006. For ATMs, the liability shift took place on 1 January 2008.^[25]

Latin America and the Caribbean[edit]

MasterCard's liability shift between countries within this region took place on 1 January 2005.^[23]
Visa's liability shift for points of sale took place on 1 October 2012, for any countries in this region that have not already implemented a liability shift. For ATMs, the liability shift will take place on 1 October 2014, for any countries in this region that have not already implemented a liability shift.^[25]

Middle East[edit]

MasterCard's liability shift between countries within this region took place on 1 January 2006.^[23] By 1 October 2010, a liability shift had occurred for all point of sale transactions.^[24]
Visa's liability shift for points of sale took place on 1 January 2006. For ATMs, the liability shift took place on 1 January 2008.^[25]

Mexico[edit]

Discover is implementing a liability shift on 1 October 2015. For pay at the pump at gas stations, the liability shift is 1 October 2017.^[29]
Visa's liability shift for points of sale took place on 1 April 2011. For ATMs, the liability shift took place on 1 October 2012.^[25]

New Zealand[edit]

MasterCard required all point of sale terminals to be EMV compliant by 1 July 2011. For ATMs, the liability shift took place in April 2012. ATMs are required to be EMV compliant by the end of 2015.^[27]
Visa's liability shift for ATMs was 1 April 2013.^[25]

South Africa[edit]

MasterCard's liability shift took place on 1 January 2005.^[23]

United States[edit]

Visa,^[30] MasterCard^[31] and Discover^[32] in March 2012 – and American Express^[33] in June 2012 – have announced their EMV migration plans for the US. In spite of these announcements, doubts remain over the willingness of merchants to develop the capability to support EMV.^[34] Since the announcement, multiple banks and card issuers have announced cards with EMV chip-and-signature technology, including American Express, Bank of America, Citibank, Wells Fargo,^[35] JPMorgan Chase, U.S. Bank, and several credit unions.^[36] JPMorgan was the first major bank to introduce a card with EMV technology, namely its Palladium card, in mid-2012.^[36]

American Express is implementing a liability shift for point of sale terminals in October, 2015.^[37] For pay at the pump, at gas stations, the liability shift is October, 2017.
Discover is implementing a liability shift on 1 October 2015. For pay at the pump at gas stations, the liability shift is 1 October 2017.^[29]
Maestro implemented a liability shift of 19 April 2013, for international cards used in the United States.^[38]
MasterCard is implementing a liability shift for point of sale terminals in October, 2015.^[37] For pay at the pump, at gas stations, the liability shift is October, 2017. For ATMs, the liability shift date is in October 2016.^[39]
Visa is implementing a liability shift for point of sale terminals on 1 October 2015. For pay at the pump, at gas stations, the liability shift is 1 October 2017.^[40] For ATMs, the liability shift date is 1 October 2017.^[26]

In May 2010, a press release from Gemalto (a global EMV card producer) indicated that United Nations Federal Credit Union in New York would become the first EMV card issuer in the US, offering an EMV Visa credit card to its customers.^[41]

Venezuela[edit]

MasterCard's liability shift took place on 1 July 2009.^[23]

References[edit]

^ http://www.finextra.com/news/announcement.aspx?pressreleaseid=49871
^ http://blog.discovernetwork.com/stories/news/discover-joins-emvco-to-help-advance-global-emv-standards/
^ http://www.emvco.com/about_emvco.aspx?id=156
^ Chip and PIN liability Shift, The UK Cards Association
^ https://www.level2kernel.com/flow_chart.html
^ PayPass Implementation Guides
^ ^a ^b ^c ^d "Chip-and-PIN vs. Chip-and-Signature", CardHub.com, retrieved 31 July 2012.
^ SPVA Launch Presentation, Secure POS Vendor Alliance, 2009
^ "Integrated Circuit Card Specifications for Payment Systems". EMVCo. Retrieved 26 March 2012.
^ Saar Drimer, Steven J. Murdoch and Ross Anderson. "PIN Entry Device (PED) vulnerabilities".
^ "Petrol firm suspends chip-and-pin". BBC News. 6 May 2006.
^ "Organized crime tampers with European card swipe devices". The Register. 10 October 2008.
^ "Technical Working Groups, Secure POS Vendor Alliance". 2009.
^ "Is Chip and Pin really secure?". BBC News. 26 February 2008. Retrieved 2 May 2010.
^ http://www.bbc.co.uk/consumer/tv_and_radio/watchdog/reports/insurance_and_finance/insurance_20070206.shtml
^ http://www.channelregister.co.uk/2008/02/27/credit_card_reader_security_pants/
^ Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond, EMV PIN verification "wedge" vulnerability, Computer Laboratory, University of Cambridge, retrieved 2010-02-12
^ BBC: New flaws in chip and pin system revealed, 11 February 2010
^ Response from EMVCo to the Cambridge University Report on Chip and PIN vulnerabilities ('Chip and PIN is Broken' – February 2010), EMVCo, retrieved 2010-03-26
^ Telegraph – Card fraud: banks now have to prove your guilt, 12 February 2010
^ Adam Laurie, Andrea Barisani, Daniele Bianco and Zac Franken. "Chip & PIN is definitely broken".
^ Adam Laurie, Andrea Barisani, Daniele Bianco and Zac Franken. "CVM downgrade attack".
^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ Chargeback Guide
^ ^a ^b ^c Visa International Operating Regulations
^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ The Journey To Dynamic Data
^ ^a ^b Visa Expands U.S. Roadmap for EMV Chip Adoption to Include ATM and a Common Debit Solution
^ ^a ^b MasterCard Announces Five Year Plan to Change the Face of the Payments Industry in Australia
^ ^a ^b ^c ^d Chip Liability Shift
^ ^a ^b ^c Discover to enforce EMV liability shift by 2015
^ Visa update for EMV Chip implementation in the U.S.
^ MasterCard Aligns with Visa’s U.S. EMV Migration Plans by Publishing its Own EMV Implementation Roadmap
^ Discover Implements EMV Mandate for U.S., Canada and Mexico
^ American Express Announces Its Plans to Support EMV in Terminals and Cards
^ "EMV's Uncertain Fate in the US". Protean Payment. Retrieved 22 September 2012.
^ Camhi, Jonathan (August 3, 2012). "Wells Fargo Introduces New EMV Card for Consumers". Bank Systems & Technology.
^ ^a ^b Chip-and-Pin and Chip-and-Signature Credit Card Primer for 2013
^ ^a ^b EMV Migration – Driven by Payment Brand Milestones
^ MasterCard Brings EMV Chip-Card Liability Policy to U.S. ATMs
^ MasterCard Extends U.S. EMV Migration Roadmap to ATM Channel
^ Visa Announces U.S. Participation in Global Point-of-Sale Counterfeit Liability Shift
^ United Nations Federal Credit Union Selects Gemalto for First U.S. Issued Globally Compliant Payment Card, Gemalto NV

External links[edit]

EMVCo, the organisation responsible for developing and maintaining the standard
Chip and PIN, site run by the Association For Payment Clearing Services (APACS), the UK's central coordinating authority for the implementation of EMV
Chip and SPIN, discussion of some security aspects of EMV, from members of the University of Cambridge Security Group
What is EMV?, a technical guide to EMV transactions, complete with a glossary of terms a flowchart showing the stages of a typical transaction
Glossary of EMV terms, a complete glossary of terms and terminology used in EMV
Cryptography of EMV cards, a clear explanation of EMV card cryptography.

[1] ttp://www.finextra.com/news/announcement.aspx?pressreleaseid=49871

[2] ttp://blog.discovernetwork.com/stories/news/discover-joins-emvco-to-help-advance-global-emv-standards/

[3] ttp://www.emvco.com/about_emvco.aspx?id=156

[4] Chip and PIN liability Shift, The UK Cards Association

[5] ttps://www.level2kernel.com/flow_chart.html

[6] PayPass Implementation Guides

[chipAndPin-7] "Chip-and-PIN vs. Chip-and-Signature", CardHub.com, retrieved 31 July 2012.

[8] SPVA Launch Presentation, Secure POS Vendor Alliance, 2009

[9] "Integrated Circuit Card Specifications for Payment Systems". EMVCo. Retrieved 26 March 2012.

[10] Saar Drimer, Steven J. Murdoch and Ross Anderson. "PIN Entry Device (PED) vulnerabilities".

[11] "Petrol firm suspends chip-and-pin". BBC News. 6 May 2006.

[12] "Organized crime tampers with European card swipe devices". The Register. 10 October 2008.

[13] "Technical Working Groups, Secure POS Vendor Alliance". 2009.

[14] "Is Chip and Pin really secure?". BBC News. 26 February 2008. Retrieved 2 May 2010.

[15] ttp://www.bbc.co.uk/consumer/tv_and_radio/watchdog/reports/insurance_and_finance/insurance_20070206.shtml

[16] ttp://www.channelregister.co.uk/2008/02/27/credit_card_reader_security_pants/

[EMVPINverificationwedgevulnerability-17] Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond, EMV PIN verification "wedge" vulnerability, Computer Laboratory, University of Cambridge, retrieved 2010-02-12

[BBC201002-18] BBC: New flaws in chip and pin system revealed, 11 February 2010

[19] Response from EMVCo to the Cambridge University Report on Chip and PIN vulnerabilities ('Chip and PIN is Broken' – February 2010), EMVCo, retrieved 2010-03-26

[bankliable-20] Telegraph – Card fraud: banks now have to prove your guilt, 12 February 2010

[21] Adam Laurie, Andrea Barisani, Daniele Bianco and Zac Franken. "Chip & PIN is definitely broken".

[22] Adam Laurie, Andrea Barisani, Daniele Bianco and Zac Franken. "CVM downgrade attack".

[Chargeback_Guide-23] ^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ Chargeback Guide

[corporate.visa.com-24] Visa International Operating Regulations

[The_Journey_To_Dynamic_Data-25] ^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ The Journey To Dynamic Data

[pressreleases.visa.com-26] Visa Expands U.S. Roadmap for EMV Chip Adoption to Include ATM and a Common Debit Solution

[mastercard.com-27] MasterCard Announces Five Year Plan to Change the Face of the Payments Industry in Australia

[Chip_Liability_Shift-28] Chip Liability Shift

[finextra.com-29] Discover to enforce EMV liability shift by 2015

[30] Visa update for EMV Chip implementation in the U.S.

[31] MasterCard Aligns with Visa’s U.S. EMV Migration Plans by Publishing its Own EMV Implementation Roadmap

[32] Discover Implements EMV Mandate for U.S., Canada and Mexico

[33] American Express Announces Its Plans to Support EMV in Terminals and Cards

[34] "EMV's Uncertain Fate in the US". Protean Payment. Retrieved 22 September 2012.

[35] Camhi, Jonathan (August 3, 2012). "Wells Fargo Introduces New EMV Card for Consumers". Bank Systems & Technology.

[frequentbusinesstraveler.com-36] Chip-and-Pin and Chip-and-Signature Credit Card Primer for 2013

[emv-connection.com-37] EMV Migration – Driven by Payment Brand Milestones

[38] MasterCard Brings EMV Chip-Card Liability Policy to U.S. ATMs

[39] MasterCard Extends U.S. EMV Migration Roadmap to ATM Channel

[40] Visa Announces U.S. Participation in Global Point-of-Sale Counterfeit Liability Shift

[41] United Nations Federal Credit Union Selects Gemalto for First U.S. Issued Globally Compliant Payment Card, Gemalto NV

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

[37]

[38]

[39]

[40]

[41]

EMV

Contents