EMV

EMV chip cards are payment cards embedded with a small computer chip. It is this chip, and not the magnetic stripe (magstripe) on the back of the card, that transmits payment data to the card reader during a transaction.

Instead of transmitting a PAN during a transaction, EMV chips generate a unique code at time of purchase, which is transmitted to the card reader.

These codes are unable to be replicated or easily faked and are one-time use. These mitgate the security vulnerabilities previously seen with magstripe transactions.

Most EMV chip cards are still equipped with a magstripe, even through the chip usually conducts the transaction.

🗒️

EMV chips are not used for online purchases, since online transactions are card-not-present (CNP) by nature, and thus don't use this physical component of cards.

Card Present transactions on EMV chip cards

When a cardholder inserts their card in a POS device, the EMV chip transmits an encrypted, one-time code containing the card information.

To proceed with the purchase, the cardholder must enter their PIN or sign, depending on whether the card is set up as chip-and-PIN or chip-and-signature.

The card payment process then proceeds like any other card payment i.e. the transaction is then routed to the Issuer to approve or decline.

Contactless transactions on EMV chip cards

Typically, EMV chip cards are enabled to make contactless payments using NFC technology.

In this scenario, when a cardholder taps their card on the POS device, the EMV chip transmits an encrypted one-time code containing the card information via NFC technology to the POS device.

If the purchase is above the SCA threshold, then the cardholder must enter their PIN or sign, depending on whether the card is set up as chip-and-PIN or chip-and-signature.

The card payment process then proceeds like any other card payment i.e. the transaction is then routed to the Issuer to approve or decline.