In this blog I will outline the steps an EMV card present transaction goes through from start to finish. This excellent infographic does a great job of illustrating all of the steps card issuers and processors have put in place to help fight fraud. Enjoy!
Step 1: Transaction initiated by point-of-sale. This can be done by way of an attendant or by a user at an unattended self-service kiosk.
Step 2: Card inserted into PIN entry device or PED. This is done by the customer at the register or user of the kiosk.
Step 3: Card application is selected. EMV cards can run multiple applications due to the development of a common EMV application identifier (AID) to support routing between the credit and debit networks, as well as PIN and signature networks.
Step 4: Offline card check. This step is used to validate that the card being used is a genuine card.
Step 5: Card holder verification. In a chip and PIN environment the user enters a PIN to authenticate their identity.
Step 6: Terminal decision. Based on the type of terminal, the installation scenario, and the value of the transaction, the terminal decides if the transaction can be completed offline, or if online authorization with the bank is required.
Step 7: Card decision. In EMV the card ultimately decides whether the transaction should go online or not. It can override the terminals previous decision. Chip cards are active in their own monitoring and can require an online transaction or a PIN entry if it determines that it has been used in a suspicious manner recently.
Step 8: If the transaction goes online a ARQC is generated which is a cryptogram that acts as a digital signature of the authorization request.
Step 9: The processor and acquirer ensures that the encrypted information makes it all the way to the card issuer.
Step 10: The ARQC is verified by the issuer and a risk evaluation is preformed on the transaction.
Step 11: If approved the issuer generates a APRC, which is an encrypted authorization response.
Step 12: The decision from step 11 is passed all the way back to the terminal and informs it of the decision from the issuer; authorize or decline.
Step 13: At this point any updates the issuer sent along with its decision can be written to the chip negating the need for issuers to send out new cards when updates are needed as previously done with magnetic stripe technology.
Step 14: The user removes the card from the reader and the decision is passed back to the POS or self-service kiosk.
Step 15: The transaction is complete!
Rob Chilcoat "Chip & PIN kiosk hardware"
Unattended Card Payments Inc.
(702) 802-3504 TelContinue reading