Beruflich Dokumente
Kultur Dokumente
Intended Audience
This document is intended for use by U.S. issuers, merchants, acquirers, processors and vendor
Introduction
Some U.S. payment networks are implementing EMV liability shifts effective October 2015. A
What are the minimum requirements that we need to consider as we deploy chip for my organ
To help merchants, acquirers, processors and issuers develop their strategies for EMV implemen
create a document presenting minimum requirements for EMV chip deployment across each pa
minimum requirements of EMV chip implementation and deployment for those payment networ
Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa reflected in the document, so that
While the document addresses minimum EMV chip requirements of the respective networks, de
of considerations, such as business needs and preferences, deployment timing, complexity and
The document focuses on the minimum card and terminal EMV requirements for the U.S. payme
Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa in the context of the U.S. e
documented their respective minimum card and terminal configurations for EMV compliance. So
functionalities that are beyond each networks minimum requirements, such as offline PIN supp
individual business requirements against the potential additional functionalities and their assoc
the expected volume of issuers that may support them, and issuers should evaluate these func
Issuers and merchants that choose to deploy EMV solutions are encouraged to work directly wit
approved EMVCo configurations offered that best satisfy their business needs. Approved EMVCo
including in the U.S.
Introduction
Cards - Credit
Cards - Debit U.S. Common AID
Cards - Debit Brand AID
Terminals - Point-of-Sale (POS)
Terminals - ATM
Glossary
Within each tab, the left vertical columns B and C list the available capabilities for cards or term
participants in the matrix: American Express, Armed Forces Financial Network (AFFN), China Un
For each participant, a checkmark signifies those attributes that are minimum requirements for
Within each tab, the left vertical columns B and C list the available capabilities for cards or term
participants in the matrix: American Express, Armed Forces Financial Network (AFFN), China Un
For each participant, a checkmark signifies those attributes that are minimum requirements for
participant, and not required. In some cases, participants have added comments regarding part
Legal Notice
This document provides an overview of each participating payment network minimum card and
to help stakeholders understand the minimum requirements of chip deployment for each paym
requirements as the fraud liability shift approaches.
This document describes each participants minimum EMV requirements in the context of the U
independently by the respective networks, and are subject to change. Issuers and merchants ar
business needs, and to work directly with card and terminal vendors to determine the approved
great effort has been made to ensure that the information in this document and the Minimum R
purpose, whether statutory, regulatory, contractual or otherwise and all warranties of any kind a
reliance on the information set forth in either document. Any person that uses or otherwise reli
If a network is not included in the matrix, issuers and merchants should directly contact their re
debit networks.
Commonly used globally in place of magnetic stripe technology, EMV chip technology helps to r
enables safer transactions across contact and contactless channels. Chip implementation was in
announced their roadmaps for supporting a chip-based payments infrastructure. Acquirer proce
managing fraud risk in a face-to-face environment set for 2015.
The EMV Migration Forum is a cross-industry body focused on supporting the EMV implementati
consumers to help ensure a successful introduction of more secure EMV chip technology in the
and/or coordination to migrate successfully to chip technology in the U.S. For more information
uirers, processors and vendors who are planning deployments of their respective EMV chip programs in the U.S.
s effective October 2015. As U.S. issuers, merchants, acquirers and processors plan for these liability shifts, m
we deploy chip for my organization?
strategies for EMV implementation, several payment network participants in the EMV Migration Forum have co
p deployment across each payment network. The primary goal of this document is to help stakeholders understa
ent for those payment networks Accel, American Express, Armed Forces Financial Network (AFFN), China Union
cted in the document, so that stakeholders can work with their partners to develop a strategy to meet those req
f the respective networks, decisions regarding deployment of chip technology will differ by stakeholder and invo
ment timing, complexity and associated initial and future costs.
quirements for the U.S. payment networks Accel, American Express, Armed Forces Financial Network (AFFN), Chi
a in the context of the U.S. electronic payments marketplace and the October 2015 liability shifts. These partici
ations for EMV compliance. Some issuers and merchants, as they evaluate their business needs, may consider a
ents, such as offline PIN support and offline data authentication. All issuers and merchants should carefully eval
unctionalities and their associated costs and complexities. In addition, merchants should evaluate these functio
s should evaluate these functionalities against the expected volume of merchants that may support them.
couraged to work directly with their card and terminal vendors, payment networks and processing partners to d
ness needs. Approved EMVCo terminal configurations (e.g. chip reader and chip software) are a global industry
g of an introduction tab, five tabs for chip card and acceptance terminal requirements for each network, and on
capabilities for cards or terminals within the EMV standard (called attributes in the matrix). The horizontal ro
cial Network (AFFN), China UnionPay, Discover, Jeanie, MasterCard, NYCE, PULSE, SHAZAM, STAR and Visa.
e minimum requirements for that participant. If an attribute is left blank, it means that the attribute is optional
t network minimum card and terminal requirements for chip deployment. The information is publicly available,
p deployment for each payment network so they can work with their partners to determine their best strategy t
ments in the context of the U.S. marketplace. It should be noted, however, that specific requirements are determ
nge. Issuers and merchants are therefore strongly encouraged to evaluate these requirements against their own
rs to determine the approved EMVCo configurations that satisfy the relevant minimum card and terminal requir
document and the Minimum Requirements Matrix is accurate and current, neither document should be relied on
nd all warranties of any kind are disclaimed, including all warranties relating to or arising in connection with the
on that uses or otherwise relies in any manner on the information set forth in the documents does so at his or h
hould directly contact their respective networks and acquirers regarding minimum card and terminal requireme
MV chip technology helps to reduce card fraud in a face-to-face card-present environment; provides global inter
s. Chip implementation was initiated in the U.S. in 2011 and 2012 when American Express, Discover, MasterCar
nfrastructure. Acquirer processor readiness mandates to support chip were established for 2013, with liability s
porting the EMV implementation steps required for global and regional payment networks, issuers, processors, m
e EMV chip technology in the U.S. The focus of the Forum is to address topics that require some level of industry
he U.S. For more information on the EMV Migration Forum, please visit http://www.emv-connection.com/emv-mig
Note:
P = indicates requirement
Attribute
Visa
Minimum Requirement
Online
MasterCard
Comments
Authorization
Minimum Requirement
DDA
CDA
ARQC
Online PIN
American Express
Comments
Minimum Requirement
Discover
Comments
Minimum Requirement
Comments
P
Not recommended, could lead to unnecessary
reversals; only needed to reset offline counters
Optional to Issuers
P
CVM
Minimum Requirement
Not allowed
SDA1
Authentication
China UnionPay
Comments
P
Not required or recommended due to onlineonly environment in U.S.
Offline
Offline PIN
Signature
No CVM
Application block/unblock
EMV scripting
Counter reset
Note: 1. Visa to discontinue SDA for new and replacement Visa contact chip only cards that support offline authorization, effective 1 Oct 2015
Note:
P = indicates requirement
Attribute
Minimum Requirement
Online
Visa
Comments
Minimum Requirement
MasterCard
Comments
Minimum Requirement
China UnionPay
Comments
Accel
Minimum Requirement
Comments
Minimum Requirement
PULSE
Comments
Minimum Requirement
NYCE
Comments
Minimum Requirement
STAR Network
Comments
Minimum Requirement
AFFN
Comments
Minimum Requirement
Jeanie
Comments
Minimum Requirement
SHAZAM
Comments
Authorization
Offline
SDA
Not allowed
DDA
CDA
Authentication
ARQC
Online PIN
P
Not recommended, could lead to unnecessary
reversals; only needed to reset offline counters
Offline PIN
Not Supported
P
Not supported at this time
CVM
Signature
No CVM
Application block/unblock
EMV scripting
Counter reset
Note:
P = indicates requirement
Visa
Attribute
Minimum Requirement
Online
MasterCard
Comments
Minimum Requirement
China UnionPay
Comments
Minimum Requirement
Discover
Comments
Minimum Requirement
Comments
Authorization
Offline
SDA
Not allowed
DDA
Authentication
CDA
ARQC
P
Optional to Issuers
Signature
No CVM
Online PIN
CVM
Offline PIN
Application block/unblock
EMV scripting
Counter reset
Note:
P = indicates requirement
Attribute
Visa
Description
MasterCard
Comments
Description
MasterCard
Optional
Interlink
Visa U.S. Common Debit
Maestro
U.S. Maestro (Common AID)
Terminal type
Required
China UnionPay
Comments
Description
American Express
Comments
Discover
Description
Comments
Description
American Express
Comments
Attribute
Visa
Minimum Requirement
Online authorization
Requirement relating to
Lost/Stolen Liability
MasterCard
Comments
Minimum Requirement
Requirement relating to
Lost/Stolen Liability
China UnionPay
Comments
Minimum Requirement
Requirement relating to
Lost/Stolen Liability
American Express
Comments
Minimum Requirement
Requirement relating to
Lost/Stolen Liability
Discover
Comments
Minimum Requirement
Requirement relating to
Lost/Stolen Liability
Comments
Online and offline authorization supported within
risk management parameters
Offline authorization
Deferred authorization
SDA
Offline Data Authentication (ODA)
DDA
CDA
Magnetic stripe
IC with contacts
P
P
P
P
Offline PIN
Signature
No CVM
Optional
Not allowed
P
P
P
P
P
P
P
P
Cash back
PIN Pad
Optional
Goods
Services
Receipt capabilities
P
P
Clearing, settlement
Returns
Scripting
Not required
PIN block
PIN change
Application block/unblock
EMV scripting
Counter reset
Optional
P
P
All scripting must be supported by the terminal
Note:
P = indicates requirement
Attribute
Visa
Description
Required
Description
Terminal type
Online authorization
Description
0
MasterCard
Minimum Requirement
Description
American Express
Comments
Comments
China UnionPay
Comments
Discover
Description
Comments
Visa
Minimum Requirement
MasterCard
Comments
MasterCard
Maestro
Cirrus
Optional
Attribute
Comments
Comments
0
China UnionPay
Minimum Requirement
Comments
American Express
Minimum Requirement
Comments
Discover
Minimum Requirement
Comments
Offline authorization
Offline clearing, settlement
Prohibited
Prohibited
SDA
Offline Data Authentication (ODA)
DDA
Prohibited
CDA
Prohibited
Magnetic stripe
IC with contacts
Cash
Receipt capabilities
PIN block
P
P
P
P
P
PIN Pad
P
P
PIN change
Scripting
Application block/unblock
EMV scripting
Counter reset
Optional
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
Optional
P
P
P
P
P
Glossary
Term
Deferred Authorization
EMV Terminal
Floor Limit
ICC
Issuer Script
No CVM
Offline Authorization
Offline PIN
Online Authorization
Online PIN
PIN Management
Signature
Definition
An alpha numeric representation of the application defined within ISO 7816. A data label that differen
payment systems and products. The card issuer uses the data label to identify an application on the c
terminal. Cards and terminals use AIDs to determine which applications are mutually supported, as bo
the card and the terminal must support the same AID to initiate a transaction. Both cards and termina
may support multiple AIDs. An AID consists of two components, a registered application identifier (RID
a propriety application identifier extension (PIX).
A cryptogram generated by the card at the end of the first round of card action analysis, which is inclu
in the authorization request sent to the card issuer and which allows the issuer to verify the validity of
card and message.
A cryptogram generated by the issuer and sent in the authorization response back to the terminal. Th
terminal provides this cryptogram back to the card which allows the card to verify the validity of the is
response.
Issuer defined risk parameters and authorization controls programmed into the chip application enabl
the card to act on the issuers behalf at the point of transaction to determine if the transaction should
sent online, approved offline or declined offline. These controls aid issuers in managing their below-flo
limit exposure to fraud and credit losses. They may be tailored to the risk level of individual cardholde
groups of cardholders.
In the context of a transaction, the method used to authenticate that the person presenting the card i
valid cardholder. EMV supports four CVMs: offline personal identification number (PIN) (offline enciphe
plain text), online encrypted PIN, signature verification, and no CVM. The issuer decides which CVM
methods are supported by the card and the merchant chooses which CVMs are supported by the term
The issuer sets a prioritized list of methods on the chip for verification of the cardholder.
A card authentication technique used in online and offline chip transactions that combines dynamic da
authentication (DDA) functionality with the application cryptogram used by the issuer to authenticate
card.
A card authentication technique used in offline chip transactions that requires the card to digitally sign
unique data sent to it from the terminal. DDA protects against card skimming and counterfeiting.
Also known as "store and forward." Deferred Authorization occurs when an online authorization is
performed after the card is no longer available. The time delay may be brief, such as for a temporary
communications failure or where the merchant simply wishes to speed processing. The time delay ma
extended, as when a ferry is out of range of shore, for in-flight sales, or when the device does not hav
online capability (for example, unattended kiosks where the transactions are offloaded nightly to a se
and submitted in batches).
A device that includes an embedded secure integrated circuit that can be either a secure microcontro
equivalent intelligence with internal memory, or a secure memory chip alone. The card connects to a
reader with direct physical contact or with a remote contactless radio frequency interface. With an
embedded microcontroller, chip cards have the unique ability to securely store large amounts of data,
out their own on-card functions (e.g., encryption and mutual authentication), and interact intelligently
a card reader. All EMV cards are chip cards.
A currency amount that is established for single transactions, above which an online authorization is
required.
A process by which an issuer can update securely the contents digitally stored on chip cards without
reissuing the cards. Examples of issuer scripts include blocking and unblocking an account, blocking t
entire card, changing and unblocking the cardholders personal identification number (PIN), and chang
the cardholders offline authorization controls (ACs).
(Applicable to MasterCard, American Express and Discover) Beginning Oct. 1, 2015, if a merchant acc
PIN-preferring (both online and offline) chip card that has been stolen (not a copy or counterfeit) and
presented at a terminal that does not support either online or offline PIN, allowing the card to be proce
as signature, the merchant will be liable for the chargeback resulting from the fraud. This process doe
include No CVM (Cardholder Verification Method) transactions that meet the No CVM requirements of
card brand or network.
A plastic card that uses a band of magnetic material to store data. Data is read by a mag stripe reade
A cardholder verification method (CVM) supported by EMV in which the cardholder is not required to
provide a signature or enter a PIN.
Authorizing or declining a payment transaction through card-to-terminal communication, using issuerdefined risk parameters that are set in the card to determine whether the transaction can be authoriz
without going online to the issuer host system.
A process whereby the card is validated at the point of transaction, using RSA public key technology t
protect against counterfeit or skimming. Three forms of offline data authentication are defined by EMV
Static (SDA), Dynamic (DDA) and Combined DDA/Application Cryptogram (CDA).
Personal identification number (PIN) processing in which the PIN entered by the cardholder is encrypte
using public key cryptography at the PIN pad and then sent to the chip card where it is decrypted insid
the chip and verified.
The personal identification number (PIN) stored on the chip card (versus a PIN stored at the host). In a
transaction using offline PIN, the PIN entered at the terminal is compared with the PIN stored securely
the chip card without going online to the issuer host for the comparison. Only the result of the compar
is passed to the issuer host system. Two types of offline PIN are enciphered and plaintext.
Offline personal identification number (PIN) processing in which the PIN entered by the cardholder is s
unencrypted, in plaintext, from the PIN pad to the chip card for verification.
Authorizing or declining a payment transaction by sending transaction information to the issuer and
requesting an authorization response from the issuer usually in real time.
In a chip transaction, the process of comparing the cardholder's entered personal identification numbe
(PIN) with the PIN stored on the issuer host system. The PIN is encrypted by the terminal PIN pad befo
being passed to the acquirer system. The PIN is then decrypted and re-encrypted as it passes between
each party on its way to the issuer. This is supported today with mag-stripe.
The process of using issuer scripts to securely update personal identification number (PIN) data stored
the card. PIN management includes PIN change and PIN unblock.
A card authentication technique used in offline chip transactions that uses signed static data element
With SDA, the data used for authentication is staticthe same data is used at the start of every
transaction. This prevents modification of data, but does not prevent the data in an offline trans-action
from being replicated.
A cardholder verification method (CVM) supported by EMV in which the cardholder provides signature
verification.