10 min read

Reducing Payment Card Fraud by Shifting over to EMV Chip Technology

Cryptomathic : 21. October 2015

EMV Key Management

Reducing Payment Card Fraud by Shifting over to EMV Chip Technology

This article gives an insight into the EMV chip technology, which is being rolled out on a world-wide scale to increase the level of fraud protection in credit card transactions. It presents and discusses legal incentives for migration, security benefits, a detailed view of the sequence of steps in a transaction and a concluding discussion.

The necessity of the gradual shift to EMV technology

Because of its great potential for reducing fraud and better control of online and offline transactions, the migration from magnetic stripe based payment cards to EMV chip cards is an inevitable process that started about 20 years ago, and could span another 20 years or more. This move was originated by Europay (now part of MasterCard), MasterCard and Visa, and became abbreviated as EMV.

The transition to EMV chip cards was considered necessary because the magnetic-stripe cards are very vulnerable to fraudulent attacks due to counterfeiting (cloning cards by copying magnetic-stripe data), forging signatures, intercepting card data online, and many other types of attacks resulting from lost or stolen cards.

Most of these attack methods are rendered useless during EMV chip card transactions, because of advanced encryption techniques, embedded card risk analysis capabilities, and online and offline authentication and the impossibility of copying the chip-resident cryptographic keys used for transaction processing.

Motivation factors for the shift

The migration has been motivated by the increasing costs of correcting damages due to fraud, new liability regulations, widespread use of mobile devices, contactless connections, and other advances in technology.

As a result banks, issuers, processors, merchants, and others are working together to achieve a common goal, but at a relatively slow pace because of the extensive work involved in achieving it.

Migration at a global level

Approximately 80 countries around the world have already migrated to the EMV chip card technology, including Canada, Australia, UK, and various countries in Europe, the Middle-East, Latin America, Africa, and the Asia/Pacific region.

However, the U.S, which is the by far the largest user of payment cards and the largest target for payment card fraud, is lagging far behind in the conversion process.

US-card-fraud-losses-2012-2014-1

U.S. Card Fraud Losses 2012 - 2014, Source: n>genuity journal

Incentives to speed up progress in the U.S.

Many incentives are now in place to speed up the migration process in the U.S. Credit card companies, including American Express, Discover, MasterCard and Visa have recently announced that they would accelerate their plans for moving to a chip-based payment infrastructure in the U.S.

Annual costs of card fraud is the main driving factor, which is estimated at $8.6 billion per year. If the U.S. continues to lag behind with its chip card implementation, costs could rise to $10 billion or higher in 2016.

Another major incentive is the Technology Innovation Program (TIP), as Visa expanded this program to the U.S. on October 1, 2012. This program eliminates the requirement for merchants to annually validate their compliance with the PCI Data Security Standard if certain criteria is met. This would save on maintenance and auditing costs, but the merchants would have to satisfy the following conditions:

75 percent of the merchant’s Visa transactions must originate from chip-enabled terminals
Terminals must support both contact and contactless card interfaces, including mobile payments based on NFC technology.
Merchants must ensure that their systems do not store track data, security codes or PINs, and other sensitive card data.
Merchants must demonstrate that they continue to comply with the PCI DSS standards as applicable.
The merchant must not have been involved in a breach of cardholder data. (Such a merchant may qualify again for TIP if it has subsequently validated PCI DSS compliance.)

In most regions, Master Card and Visa have set fraud liability shifts for bank issuers. “Liability shift” means that if issuers and merchants still are using non-EMV compliant devices, and they accept transactions made with EMV chip cards, they assume liability for any transactions that are found to be fraudulent on those cards. An important region that is still to shift is the United States.

The U.S. has been slow to adopt this program, but as of October 1, 2015, Visa intends to have instituted the liability shift program for all counterfeit card-present point-of-sale transactions in the U.S. Merchants with automated fuel dispensers will have an additional two years until the liability shift takes effect for them.

EMV-migration-1

Roadmap to introducing EMV into the U.S.: POS Terminals,
Source: Mercator Advisory Group

Other added benefits inherent in an EMV chip card

There are also many other added benefits of switching over to EMV chip technology.

Magnetic strip data is fixed, while the data on an EMV chip can be dynamically updated, or “flash updated”, which helps to dramatically reduce costs over time.

Although chip cards are more expensive to produce, they have a longer shelf life than magnetic stripe cards, as the stripes tend to wear out. EMV chip cards were also designed to be used for multiple applications: for example, credit and debit capabilities on the same card as well as contactless capabilities.

Online security benefits

It is extremely difficult to counterfeit an EMV chip card because, unlike the magnetic stripe, the chip is able to do its own processing of information, as card authentication and PIN verification are done automatically by the chip for each transaction.

But the main feature that prevents fraudulent attacks is the use of “dynamic data” in that the card can generate its own unique “cryptogram” for each transaction, so that even if the card data is stolen or intercepted during a transaction, nothing can be done with it.

All dynamic card data can only be used for one individual transaction, and after that, it's useless. (See “Online processing” below for more information.)

Offline security benefits

Another major benefit of EMV chip cards over magnetic stripe cards is the ability to authenticate the card offline without the need to go on-line to the issuer.

Card issuers provide a choice of three different schemes for off-line authentication – Static Data Authentication (SDA), Dynamic Data Authentication (DDA), or Combined Data Authentication (CDA) (See “Offline processing” below for explanations of these).

All three schemes utilize the RSA (Rivest-Shamir-Adleman) cryptosystem, which uses public key cryptography, where messages can only be decrypted with a private key to maintain confidentiality. Only one of the three methods can be used for a particular transaction.

In addition to the card authentication and cardholder authentication provided by the RSA algorithm, the EMV specification requires that each EMV card use a unique 3-DES key to evaluate the actual transaction information between a card, a terminal and a bank.

The specification also requires the use of the SHA-1 (Secure Hash Algorithm) for the data integrity verification.

Sequence of events during an EMV transaction

For a magnetic stripe card, the card's permanently stored data is simply read by the terminal, and then the card is removed and no longer used for the transaction. The processing is done by the terminal while applying criteria for payment. During an EMV transaction, the chip itself will process information, and actually sets up a series of events for the transaction.

These events include offline data authentication, online authorization, verifying the cardholder identity via signature or PIN, etc.

The EMV specifications define the sequence of steps, which is the protocol for the interaction between the chip and the terminal. The following list describe these steps in more detail:

Application Selection – If there is more than one application in the chip, a selection process chooses a suitable application for the transaction, if it is supported by the terminal. The cardholder usually makes the choice here.

Initiate Application Processing and Read Application Data - The terminal reads cardholder data and sensitive application data from the chip, while using the selected application.

Offline Data Authentication - Offline Data Authentication is performed via SDA, DDA, or CDA. (See “Offline processing” below.)

Processing Restrictions – Additional Checks are made to for any restrictions in allowing the transaction requested by the chip.

Cardholder Verification – The cardholder is verified by a method that is mutually supported by the chip and the terminal. Methods can include signature, online PIN, offline PIN (plaintext or encrypted) or “no CVM” (cardholder verification method).

Terminal Risk Management – The terminal runs a few checks (such as spending limit) to determine the risk level, which may require online processing.

Terminal Action Analysis – The terminal application now analyzes the results of the previous four steps, along with processing restrictions in the card and the chip, and sends a request to the chip for a decision to approve offline, decline offline, or go online for processing.

Card Action Analysis - Based on rules and limits set by the issuer the chip will respond with one of three choices

ARQC: go online;
AAC: offline decline
TC: offline approval

Online Processing - If the decision is made to go online, then the terminal sends an online request to the issuer host for card authentication and authorization. If the response includes optional issuer authentication (ARPC), the terminal will send data to the chip for verification. (See “Online processing” below.)

Completion and script processing - Transaction is completed. If online processing occurred, the chip must respond with a TC (approval) or an AAC (decline), and apply any script commands from the issuer host.

The EMV transaction process,

Example of the EMV transaction process

Online processing

For all communication involved in online and offline transactions, the EMV specifications define the message formats. If the transaction is to go online, the card application generates an ARQC (authorization request cryptogram), which the terminal includes in its authorization request to the network. The ARQC includes the transactions details, the card authentication method (CAM), and a cryptogram designed for one-time use. As the issuer receives the request, it generates its own cryptogram from the transaction data using the private 3-DES key, which is known only to the issuer and the chip. If this cryptogram matches the cryptogram sent by the terminal, the issuer knows the card is genuine, and not counterfeit. The issuer then responds with an ARPC (authorization response cryptogram), which either accepts or declines the transaction. The ARPC may also contain an issuer script (a new set of commands to be sent to the card). The ARPC can include another cryptogram, which the chip can use to verify the issuer.

Offline processing

When processing is done offline (particularly at terminals that don’t have online connectivity), details of the transaction are sent between the EMV chip and terminal only.

Risk parameters are evaluated to determine whether such a transaction can take place, or to continue the authorization process online.

The three types of offline processing are described here:

SDA – Static Data Authentication

SDA is used to authenticate the payment card itself, and verify that selected card information from the issuer hasn't changed since it has been issued.
SDA does not require cryptographic processing by the chip, since it uses a “static cryptogram” permanently stored on the chip. This cryptogram was previously generated by selected card information on the chip. The cryptogram must have been signed by the private key of the issuer’s RSA key pair.

During a payment transaction, the card sends this signed static cryptogram, the CA index, and the issuer certificate to the terminal.

The terminal verifies the issuer certificate and the digital signature by using a public key, which was signed by a certification authority (CA), and then comparing the data to the actual application data present on the card.

The terminal verifies that data read from the card has been created and signed by the issuer, and is the data hasn't changed.

However, this method is unable to prevent other types of attacks, such as cloning.

DDA – Dynamic Data Authentication

Since SDA presents the same data in every transaction, this data can easily be used by attackers to create a clone. The static cryptogram and the digital certificate are static information, and hence are independent of the actual transaction.

An EMV chip using the Dynamic data authentication (DDA) method ensures protection against cloning attacks by creating a “dynamic cryptogram” that is unique to the transaction.

The chip uses its RSA key, which is private and unique to the card, to generate the dynamic cryptogram from the static card data, and also signs the cryptogram during a transaction.

As the card is inserted into the terminal, the card will send the signed dynamic cryptogram, the CA index, the issuer certificate, and the card certificate for validation.

The terminal then generates its own dynamic cryptogram from the given information using a public key, and if the two dynamically generated codes match, the card is verified as authentic, which means it is not a copy of the original (a counterfeit), and none of the original card data has changed since being issued.

CDA – Combined Dynamic Data Authentication

The SDA and DDA schemes are used exclusively for authenticating the card and the static data contained on the card as original and exactly as it was sent from the issuer to the customer.

There are two processes yet to take place during a transaction.

The next step is to verify the cardholder’s identity by one of the card verification methods (CVM):

offline PIN,
online PIN,
signature, or
no CVM.

The final step is to verify the transaction itself by sending the transaction information along with another cryptogram (which is unique the transaction) online to the issuer for approval or denial.

If this approval process is to be done offline instead, certain risk parameters are evaluated first, and a decision is made whether to deny, approve, or go online for issuer decision.

There is a potential weakness in this process where an attacker can intercept the message for card approval, and then transfer the approval decision to a different card (even though dynamic cryptograms are used). The CDA (Combined Dynamic Data Authentication - Application Cryptogram Generation) scheme takes care of this weakness by combining the card authentication and the transaction request in one step.

First, the card and its data are verified as authentic and original by using the DDA process as described.

Next, a second dynamic cryptogram with a signature is used to confirm the DDA process has passed, and the same card is used to authorize the transaction.

The approval decision is sent to the terminal at the same time as its card and transaction information along with the signed cryptograms.

About the 3-DES cryptographic protocol

Whereas SDA, DDA and CDA are based on RSA asymmetric key cryptography, the 3-DES protocol is used for evaluating the actual transaction request.

This evaluation is done mostly in the card itself and the POS/ATM terminal, but may be done online if need be. 3-DES keys are used for encrypting the evaluation result of the card, and verifying the evaluation response from the issuer. Every EMV chip card that is issued must have at least one unique 3-DES key and one of the three RSA public key infrastructure (SDA, DDA, or CDA).

The 3-DES scheme simply allows the issuer’s data preparation system and authorization system to share the same set of master keys. A unique key is placed on a card as it is issued by the data preparation system that is an encrypted form of the cardholder’s account number. So when a transaction is sent to be authorized, the authorization system will encrypt the same account number with the same master key to verify the card.

About the Certificate Authority (CA)

All EMV transactions require correspondence with a certification authority, which is a highly secure cryptographic facility that originates digital certificates and authenticates (signs) the issuer’s public RSA keys in the payment infrastructure. Each terminal in the infrastructure contains these CA signed public keys as applicable to the payment card and its application.

About the EMV card issuing process

When preparing to issue EMV cards, an issuer must work out a payment scheme with a CA, which involves the exchange of cryptographic keys and digital certificates. There are many tasks and procedures in the preparation process, including the retrieval of customer information from a bank’s database, feeding this data into a data preparation system along with the appropriate cryptographic keys and digital certificates, and then finally to transfer this data to the chip itself.

The preparation process also includes the creation and exchange of the 3-DES keys used to encrypt the actual transaction data. This process takes place between the issuer, the bank, and an authorization system.

Conclusion

As shown in this article, there are many complex cryptographic tasks and procedures to be implemented in the migration process from magnetic stripe to EMV chip technology.

These tasks can be made simpler by employing ready-made systems like Cryptomathic’s Key Management and EMV solutions, that will take care of much of the transferring process automatically. These flexible solutions, along with increased expertise and more detailed specifications, have made the EMV card issuing process much less challenging than before.

Cryptomathic is a highly experienced EMV vendor assisting any type of organisation to move to chip, including banks, third party service providers and payment schemes.

Cryptomathic has been delivering EMV solutions for more than ten years and we are particularly accomplished in:
   •   Data preparation
   •   Key management
   •   Certification authority
   •   Card management
   •   Compliance assurance, e.g. payment scheme and PCI DSS

More than 150 million EMV cards are annually issued with data generated by Cryptomathic products. We have EMV customers on six continents and a range of regional and global partners to support our large network of regional and multi-national customers.

References and further reading

Selected articles on Key Management (2012-16) and EMV, by Ashiq JA, Chuck Easttom, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Matt Landrock, Peter Landrock, Steve Marshall, Torben Pedersen, Maria Stokes, John Trankenschuh and more

Contact Chip Card Online Authentication (2014) by the EMV Migration Forum
EMV Key Management – Explained (2015) by Cryptomathic
EMV Migration Forum by the EMV Connection (retrieved: October 2015)
A Guide to EMV (2011) by the EMVCo, LLC
Chip-and-PIN vs. Chip-and-Signature (2012) by John Kiernan
Cryptography of EMV cards (2014) by Yefim L. Leifman
How secure is Chip and PIN? (2008) by Susan Watts
EMV Payment Security – A Brief Overview (2014) by Dan Boneh

Image: "Credit cards on keyboard" courtesy of GotCredit, Flickr (CC BY 2.0)