Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Increasing Security and Reducing Fraud with and

advertisement 
Increasing Security and
Reducing Fraud with
EMV Chip and PCI Standards
When data is exposed, it puts
your customers and your
reputation as a business
at serious risk. EMV chip
technology combined with
PCI Security Standards offer
a powerful combination for
increasing card data security
and reducing fraud.
Security
Standards
What they are –
0000 0000 0000 0000
EXP 00/00
JOHN CITIZEN
?
Fraud protection & data security
Bank Name
CreditCard
#!$%
?
?
EMV chip:
?
• Technology that uses secret
cryptographic keys to help
protect against fraud at the
point of sale and make
payment cards more difficult
to counterfeit.
PCI Security Standards:
• Security controls for making sure that customers’ card data is kept
secure throughout the entire transaction process.
How they’re different:
Authentication technology vs. data security controls
CreditCard
CreditCard
J.Citizen
0000 000
Bank Name
CreditCard
Bank Name
0000 0000 0000 0000
0000 0000 0000 0000
JOHN CITIZEN
JOHN CITIZEN
EXP 00/00
Bank
Name
CallCall
000.000.0000
for info
Bank
Name
000.0000.0000
EMV chip:
CreditCard
J.Citizen
0000 000
EXP 00/00
Bank
Name
CallCall
000.000.0000
for info
Bank
Name
000.0000.0000
• Authentication
technology for the point of
sale part of the transaction
when the physical card is
actually present.
• When this chip is embedded on a card, it helps ensure the card being
used is real and that it belongs to the person using it. It drastically
reduces the chances of your business accepting lost, stolen or
counterfeit cards.
PCI Security Standards:
• Security controls to protect the cardholder’s confidential information
on payment cards, not just at the moment the card is swiped or dipped,
but all the way through the transaction process.
• They also apply when payments are made online or via telephone,
where the card is not present, to make sure your customers’ card data is
kept safe.
How they work together:
A layered approach for securing multi-channel
transactions
• EMV chip provides an additional
level of authentication at the point
of sale that increases the security
of a payment transaction and reduces
chances of fraud.
Bank Name
CreditCard
Security
Standards
0000 0000 0000 0000
EXP 00/00
JOHN CITIZEN
• Once the card is entered into the merchant’s system, the cardholder’s
confidential information (see chart below) is transmitted and stored on
their network in a clear, easily accessible form, meaning it’s vulnerable for
attack and use for fraud by criminals in online and other channels.
• Which is where PCI Standards come in. On top of EMV chip at the
point of sale, they offer protections for the point of sale device* itself
and provide layers of additional security controls** for businesses to use
throughout the transaction process and across payment channels to
keep card data safe - such as patching systems, monitoring for intrusions,
using firewalls, managing access, developing secure software, educating
employees, and having clear processes for the handling of sensitive
payment card data.
How it’s done:
CARDHOLDER DATA
Here’s a break-down of existing data elements
Data Element
Rationale
Primary Account
Number (PAN)
Necessary in clear-text for EMV transactions to:
• Identify the cardholder and settle the transaction
• Facilitate transaction routing
• Perform data authentication at the point of sale -Enable
key derivation by the Issuer
Cardholder Name
Present in an EMV chip. Not required to be
transmitted in an authorization message.
Service Code
Present in Track 2 Equivalent Data on chip. Enables the
issuer to validate the card verification code or value if also
included.
Expiration Date
Always available on EMV cards in the clear with specific
expiration date tag. In case of online authorization, the
expiration date included in Track 2 Equivalent Data will be
included in the authorization message.
Service Code
BankName
Name
Bank
CreditCard
CreditCard
Primary Account Number
(PAN)
Expiration Date
0000
0000 0000
0000 0000 0000
0000
Cardholder Name
EXP 00/00
EXP
00/00
SENSITIVE AUTHENTICATION DATA
JOHNCITIZEN
CITIZEN
JOHN
Data Element
Rationale
Full Magnetic-Stripe
Data
EMV may optionally contain Track 1 and 2 Equivalent Data,
which contains the same fields as that of a magnetic stripe.
The Track 2 Equivalent Data is typically included in an EMV
on-line authorization requests available in clear-text. When
a unique chip card verification code or value is used, the
equivalent track 2 data changes from the magnetic-stripe
data and cannot be used to create fraudulent cards. In
this instance, only the cardholder data elements remain
sensitive.
CAV2/CVC2/
CVV2/CID
Not part of EMV Specification. EMV chips do not contain
this information. This code is only printed on the card itself.
PIN/PIN Block
EMV allows for off-line verification of the cardholder
through the use of the PIN in the chip itself. Other CVM are
also supported.
Full Magnetic-Stripe Data
CAV2/CVC2/CVV2/CID
J.Citizen
0000 000
Bank Name Call 000.000.0000 for info
s
m
r
e
T
and
s
n
o
i
t
you
a
i
p
l
v
e
h
e
r
ts.
s to
Abb
y effor
t term
ortan
ecurit
s
p
r
m
u
i
f
o
sary o d improve y
s
o
l
g
A
d an
n
a
t
s
r
unde
t
presen
t-
o
Card-n
CNP
results
ificati
r
Card ve
CVM
& CVR
ication
t
n
e
h
t
u
code
Data a
DAC
EMV
ICC
iCVV
POS
SEPA
TRM
Hybrid
hods &
on met
card
cal
Techni
k
fallbac
d, Visa re info
r
a
C
r
e
t
y, Mas
for mo
Europa .emvco.com
w
Visit ww
it card
u
c
r
i
c
d
te
Integra
n Value
o
i
t
a
c
fi
i
ICC Ver
f sale
a
Point o
nts Are
e
m
y
a
Euro P
Single
ement
g
a
n
a
al risk m
Termin
oth an
b
s
n
i
a
e
nt
tic strip
that co
e
d
n
r
g
a
a
c
m
A
p and a
i
h
e used
c
b
V
t
o
EM
n
n
a
a chip c such as
h
c
i
h
w
try
in
A state er type of en AN key is
rP
oth
and an -stripe read o ction.
sa
tic
magne mplete a tran
co
used to
When used together, EMV
chip and PCI Standards are
a powerful combination to
increase security and reduce
fraud. Protect your customers’
data and your business today.
Cre
dit
Ca
00
Securi
Standa ty
rd
EX
s
Ba
00
P0
JO
rd
0/
HN
00
C IT
nk
00
IZ E
N
00
00
00
Na
me
00
00
Visit www.emvco.com
and www.pcisecuritystandards.org to learn more.
*See PCI PIN Transaction Security Requirements
**See PCI Data Security Standard (PCI DSS) and PCI Payment Application Data Security Standard (PA-DSS)
Related documents
Cover Letter
Cover Letter
1. Find the single precision floating number representation of... (a) 1.125
1. Find the single precision floating number representation of... (a) 1.125
Homework 9 Principles of Economics
Homework 9 Principles of Economics
Architecture Quiz
Architecture Quiz
ONE WAY TO DO AN INDEX WITH SPSS
ONE WAY TO DO AN INDEX WITH SPSS
Download
advertisement