The term EMV, which stands for Europay, MasterCard and Visa, refers to a global standard of authentication for credit and debit card transactions. EMV standards apply to contact cards, contact-less cards and card-not-present transactions over the Internet or telephone. In addition to MasterCard and Visa, American Express, Discover and JCB all use the EMV standards.
EMV-compliant "smart cards" use integrated circuit chip technology similar to the SIM cards found in mobile devices. Contact cards have a contact area, about a square centimeter in area, with several gold-plated contact pads that interface directly with a reader. Contact-less EMV cards use RF induction technology to communicate with a reader without physically touching. A few EMV-compliant cards use dual-interface technology to interact with both contact and contact-less readers. All of these cards are approximately the same size as a standard magnetic strip credit card and include tamper-resistant security systems.
EMV technology is designed to accomplish several main purposes.
First, the embedded chips provide more reliable security than standard magnetic strips, which tend to rely on signatures and visual inspections to prevent fraud. EMV chips have built-in cryptographic algorithms that provide automatic authentication between the card processing terminal and the issuer; furthermore, most require the user to enter a personal identification number. Banks and credit card issuers have taken advantage of these security systems to push liability for fraudulent transactions onto merchants and cardholders.
Second, in a growing global economy, the EMV standards allow for better coordination between payment terminals all over the world. EMV-compliant cards can interface directly with EMV-compliant merchants anywhere, and the technology also provides for finer control over online transactions. EMV smart cards can use systems such as the MasterCard Chip Authentication Program and the Visa Dynamic Passcode Authentication to authenticate the user during online payments even though the card is not present.
For use in countries that do not currently use the EMV standards, such as the United States, EMV-compliant cards also come equipped with magnetic stripes.
The EMV standards support four user verification methods: online PIN, offline PIN, signature verification and no verification at all. The majority of transactions use online PIN verification, in which the issuer verifies the PIN in real time, or offline PIN in cases where connectivity is not available. Each EVM-compliant card can be personalized to accept one or more types of verification.
EMV-compliant cards support both online and offline authorization, depending on circumstances. In an online authorization, the card issuer receives transaction information along with a unique, transaction-specific cryptogram. The issuer can then decide whether to decline or authorize the transaction in real time. Offline EMV transactions require the card and terminal to communicate based on pre-set issuer-defined risk parameters that determine whether or not the transaction can be completed.
Today, most EMV transactions are authorized online, although exceptions exist at locations that do not have online connectivity and in regions where telecommunications costs are especially high. EMV smart cards can be configured to allow either online or offline authorization as needed.
With the advent of near field communication (NFC) to allow mobile devices to communicate with others with no need for direct contact, the EMV standards have helped to define the architecture of mobile payment options. For instance, the European Union now uses EMV-based infrastructure to support mobile payments through NFC technology.