How the EMV Card security system works
Payment by card number has historically been the oldest. Previously, there was nothing on the cards except this number. The number was “embossed” — stamped on the card. When paying, the card was “rolled” on a special device, which allowed the seller to quickly enter the number into the ancient replacement database, that is, to print it on a piece of paper.
At the end of the working day or week, this data was collected and transmitted to the acquiring bank. Further, the bank sent requests for debiting this money from cardholders through issuing banks. It was so long ago that few people know where the three-digit payment verification code written on the back of the card, the so-called CVV2/CVC2, came from. We have received information that this code was used rather as a checksum, necessary so that the cardholder did not make a mistake and correctly entered all the information when paying. It seems to be true, considering how short this code is.
Now a physical card may not participate in the payment at all. This is called card not present and is most often used when paying online. If the card number is entered when paying at a payment terminal, and this is typical for hotels, businesses doing business by phone, as well as for most terminals in the United States, such a subtype of payments is called PAN Key Entry.
Many still believe that the Cardholder name field on the front side of the card needs to be entered correctly and that it is checked. This is not the case — no bank checks this field.
Magnetic stripe operations are one of the simplest methods. People associate it with certain types of fraud. Skimming at ATMs, double withdrawals in restaurants — all this is possible due to the disadvantages of the magnetic stripe. The magnetic stripe is easy to copy — only a special reader/encoder of the magnetic stripe is needed for this. Further, the cloned magnetic strip is enough to pay in most supermarkets in the world. To verify the cardholder, it was supposed to use the signature on the receipt, which the cashier must verify with the signature on the back of the card.
In the picture above you can see an example of the information recorded on the card. The black stripes are ones, the white ones are zeros. There are open source solutions for decoding this data — for example, magstripe.
In fact, the image shows that there are not one, but two magnetic strips of different densities on the card (Track1 and Track2). What data is contained on the magnetic strip?
Card number, expiration date, cardholder’s name — everything that is physically printed on the front side of the card.
The service code is three digits that help the device interacting with the card (terminal or ATM) to understand which functions the card has and which do not. Is it possible to use this card at an ATM, is the card equipped with a chip.
The verification code (CVV, CVC, CID — terminology depends on the payment system) is a code similar to what is written on the back of the card. It is calculated using the cryptographic checksum algorithm (MDK MAC) using a 128‑bit key from the information recorded on the magnetic strip. Using a calculated CVV instead of a random one helps against attacks when, for example, an attacker replaces the service code and tries to convince the payment terminal that the card is not equipped with a chip. The issuing bank will receive the magnetic stripe data, verify them, and the checksum will not converge with the transmitted value in the CVV field. The reconciliations take place in a secure keystore — the so-called HSM (hardware secure module).
The magnetic stripe was replaced in the nineties by smart cards, which were popularized by the EMV consortium (Europay, MasterCard, Visa). The idea promoted by the consortium was simple: using the features of smart cards, symmetric cryptography and public key cryptography, to solve all the problems associated with the magnetic stripe. Smart card operations provide three degrees of protection:
- Authentication of the card. Verification by the payment terminal that the card is genuine and was indeed issued by Bank N, and was not created by intruders at home.
- Verification of the payer. Verification that this card belongs to the buyer standing in front of the payment terminal.
- Authorization of the transaction. It’s a long way from the card to the issuing bank. The bank must make sure that these transactions have not been distorted by intruders anywhere. That the amount remained unchanged, that the date of the operation is correct, that this operation is unique, and was not already performed last month.
Let’s go through the methods used.
There are two main ways to verify the payer: PIN code and signature. In fact, there are a little more of them — the PIN code can be checked offline (on the card itself) and online. It can be encrypted (using a 3DES symmetric key) or transmitted in plaintext.
There is also a way to verify NoCVM — that is, the absence of verification. A good example of such operations are those that do not exceed the limits of 3000 rubles and do not require entering a PIN code. They are sometimes called Click and Continue.
Another method, which, depending on the payment system, is called CDCVM or CWM on the device, makes verification possible on the cardholder’s mobile phone. and, it is used in Google Play and Apple Pay.
To authorize a transaction, smart cards create a payment cryptogram. The card sends the terminal a list of fields — their set depends on the cryptogram version and the card settings. As a rule, these are the transaction amount, currency, date and other important terminal settings for the risk management stage. Further, the card supplements these fields with its internal fields: operation counter, cryptogram version.
The received string is encrypted using the 3DES secret key recorded on the card in digital signature mode and transmitted to the bank along with all signed information. The issuing bank uses a hardware security module (HSM), which contains a copy of the symmetric key of the card in a read‑protected memory area.
HSM also creates a digital signature based on data from the payment terminal. If he receives the same cryptogram, the transaction will be considered authorized. This means that no one has substituted these operations during their transfer from the card to the issuing bank. At the same stage, the PIN code of the card is decrypted and verified, if online PIN verification is used.
Please note that all these three functions work well only together. In order for verification to work correctly, it must be controlled by authentication. If there is no authorization, the entire transaction becomes high—risk, and so on.
Contactless payments have been gaining popularity since the mid-2010s. Banks and payment systems promote them as a fast and convenient payment method. It’s understandable — the more people pay with cards, the more you can earn on commissions! With the development of technology, it is necessary to develop security, but this is not always the case. And contactless payments are just an example of unsuccessful ones.
When contactless payments were created, chip cards were not particularly common in the United States yet, so Visa and MasterCard provided an intermediate step when new contactless cards can be paid on old non-modern payment terminals that do not support modern cryptography. This step is called Legacy modes — modes whose degree of security is significantly lower than that of EMV payments and modern forms of contactless payments.
Legacy modes are more like operations with a magnetic stripe in terms of the degree of protection, only they are carried out via NFC. Despite the fact that these regimes were supposed to be used only in a few countries, and after some time they were completely canceled.
A separate problem is how payment systems have approached the implementation of contactless payments. Instead of coming up with something new, Visa and MasterCard decided to use EMV here, but each did it in its own way, so de jure they ceased to be part of the EMV standard.
Visa was dissatisfied with the too long payment time. When the chip was used for this, there were no problems — the card was inserted into the terminal. However, Visa felt that holding the card at the terminal while waiting for all the steps of EMV to pass is not very convenient. The stage that caused the main delay was offline authentication of the card.
At the same time, MasterCard made a diametrically opposite decision — they recognized that offline authentication is also important for those cards that support the most secure CDA authentication scheme, and made it mandatory. In the EMV specification, if the interaction under the CDA scheme does not end successfully, the terminal can still send a cryptogram for online authorization. Whereas for contactless MasterCard payments, a failed CDA authentication always leads to the cancellation of the payment. The difference in the time of operations is insignificant, but it remains a decisive factor for Visa.