In both their contact and contactless formats, EMV cards and Mobile EMV payments are fortified with the full protection that EMV affords: two-way authentication of the card and POS, cryptographic verification, and the dynamic code that protects each transaction.
So what’s behind the security of an EMV card?
The chip
Why did the developers of EMV specify a smart card chip inside of every card?
For one reason – security. A smart card chip is a small computer (or microprocessor) that has its own data storage, processing power, and application software. Unlike a magnetic stripe card, a chip is extremely difficult to crack.
A smart chip offers greater security because it contains a secure vault that holds unique keys specific to each card. That key protects your transactions.
A unique code for each transaction
EMV cards generate a unique code that is validated by your bank for each transaction, and the code cannot be re-used.
A fake card created with stolen data could not generate the correct unique code – and its transactions would fail.
Advanced cryptography
EMV security is based on strong cryptography, which is used to generate the unique transaction codes. These codes allow the payment terminal to authenticate the card.
EMV cryptography is built on private key infrastructure, meaning that only a chip card that is personalized with the cardholder’s private key during manufacturing can generate a valid transaction.
DDA offers best-in-class security
EMV cards can use either SDA or DDA, which is Static or Dynamic Data Authentication. DDA has become the industry standard because it is much more effective at reducing card fraud. Visa and MasterCard have mandated a migration to DDA on all EMV cards in Europe and Canada, and it is becoming standard in the US, too.
How effective is DDA at preventing cloning? Extremely.
France's financial authority, the Banque de France, has proudly touted that no fraud cloning cases have been reported since France completed its DDA migration program in 2008.
How does DDA work?
DDA authentication is based on public-key cryptography, typically RSA cryptography. Each card contains a unique public and private key pair that is used during authentication.
When prompted by the terminal, the card uses one key to generate a valid cryptographic code that is sent back to the terminal. This code is unique to that transaction and proves that the card is genuine. The terminal uses the second key to validate the code returned by the card.
What does it take to go DDA?
The move from SDA to DDA requires a chip with a cryptographic coprocessor. This type of processor is necessary to perform the cryptographic calculations that allow a DDA card to generate the unique codes necessary for its trademark authentication process. For card personalization, an additional key pair is generated per card, as well as an additional certificate.
Gemalto can lend expertise in DDA implementation
The advantage of working with the market leader is that new customers benefit from the lessons learned from previous migration programs.
Having partnered with many of the world’s leading card issuers, we have gained expertise from the many DDA implementations we have helped to navigate.
Each country has a different approach to its migration program and unique challenges that have brought to light important considerations for your any program.