You might have noticed in the last few years that more credit and debit cards are coming with small chips. These are EMV chips, and they provide a safe approach to managing card transactions. They are the latest evolution in payment card technology and a significant improvement over the traditional magnetic stripe cards people have been using for years.
EMV cards are more difficult to duplicate than older magnetic stripe-based ones. An older magstripe card could be easily copied and counterfeited, as the stripe data does not change. But the data in an EMV card can change with each transaction, making it harder for a person to copy the content.
EMV cards are easy to read, as a terminal can identify the chip data and secure a transaction from there. But how does the transaction process work?
Here’s a look at the steps of an EMV transaction. These focus on ensuring everything will accurately travel over a secure network.
- The terminal and card chip will determine the application being utilized.
The application in the EMV transaction will vary by whatever card scheme or payment network. Visa, MasterCard, American Express, and various other card brands use unique networks. The terminal and card chip will need to read the specific network being managed here.
- The terminal starts reading application data.
The terminal will send a processing command to the card. The terminal will give the card and data pieces the card requests. A unique value is produced to confirm the card’s identity and to ensure the transaction is unique and traceable. Creating such distinct values is critical for preventing theft or fraud, as the card’s readable data becomes hard for outside parties to predict.
- The card data is authenticated offline.
Offline confirmation ensures the card isn’t a counterfeit one. A static data authentication process will review the card data and confirm the card was signed by the issuer. The process ensures the data stays permanent, although it doesn’t prevent card cloning. Cloning may occur in cases where a customer requires a duplicate card for different occasions or backup purposes. But the process will require confirmation with an issuing bank to work.
- The chip and transaction are confirmed.
An EMV certificate will work in this process. The card chip sends a public key to the terminal. The terminal then reviews the key to confirm the chip data. The transfer of data allows the card chip to work as necessary.
- The cardholder will verify one’s identity.
The cardholder still needs to confirm one’s identity in the transaction process. The cardholder can use a cardholder verification method like a signature, a personal identification number code, or another acceptable method. Some newer cards may support biometrics features where a customer must provide a fingerprint on the card while in use.
- The reader reviews the floor limit on the card.
The floor limit is the maximum amount of money one can charge on a card before authorization. The reader can use an electronic payment network to confirm this value. The floor limit is necessary for ensuring there’s enough room for the payment the customer wishes to make. The transaction may be canceled or declined if the floor limit is too low for the order.
- The terminal will ask for approval.
The terminal will request approval for the transaction. It will send a message to the card network asking to complete the deal. The device will attempt to go online to complete the move. Sometimes the terminal won’t access a network and might decline to approve the deal if it can’t reach a suitable signal.
- The card approves the transaction.
The card will approve the transaction based on the data it receives. It will record the retailer data and the value of the transaction. It will also produce a distinct transaction code separate from any other move on the card. The unique code ensures you can trace data as necessary. The system reduces the risk of fraud or theft.
- The payment authorizer will receive a request to complete the transaction.
The payment process will entail a unique report that fits the transaction. It includes details on the unique transaction you wish to complete.
- The transaction is finished as an issuing script goes back to your card.
The issuing script includes data on the transaction. The terminal will not require any further data. The script can also include rules on how the card may be utilized later. The layout can include details on how a card might be safe to use in certain business environments.
What Makes the Process So Useful?
These steps for how an EMV transaction will work are beneficial for many reasons:
- EMV transactions can be processed in a short amount of time. EMV technology has been evolving to where these steps can move forward faster.
- The process can work offline if necessary. You can store offline card and transaction data and move it through a network after regaining an online connection.
- The EMV chip provides a more secure and accurate data verification process than what a signature might provide. While a signature can be easy to forge, an EMV chip is tough to duplicate. The chip produces unique codes for each transaction, ensuring everything reads well.
- EMV data is also easy to encrypt. An outside party won’t be capable of stealing the data like what one would get from a magstripe card whose pattern is easy to read and copy.
Can It Work on Contactless Cards?
The steps listed here can also work on contactless cards. It can work on Apple Pay or Android Pay wallets. It can also work on NFC-based transactions where the user will waive one’s card over a reader.
Your business can start reading EMV cards if you have an appropriate EMV reader on hand. Be sure to set one up to help you start working with these cards.