Understanding Interfaces : EMV Transaction Flow (Part -1)
Introduction:
In this series of articles, I aim to provide a clear and simplified explanation of the interactions between a chip card and a device during a purchase through a POS terminal or when using an ATM. We will examine each step of the exchange process, commonly referred to as the “EMV(Europay Mastercard Visa) Transaction flow.” In the first part, I will focus on reviewing the interfaces involved in the exchange.
By presenting this information in a straightforward manner, my goal is to enhance understanding of the complex transaction flow and enable readers to grasp the intricacies of the communication between chip cards and devices. I believe that by gaining a comprehensive understanding of these processes, individuals will be better equipped to comprehend and navigate the world of electronic payment systems.
Interfaces:
“Interface” is a commonly used term to describe the different methods of communication between a card and a device. When discussing POS or ATM systems, we typically refer to three main interfaces:
1. ICC Contact (Integrated Circuit Card, Contact). It is also known as the “EMV card” or “chip card”. The technological capabilities and security level of contact chip cards are significantly higher compared to contactless chips, especially when the issuer adheres to all the requirements and recommendations of the payment scheme. Interestingly, contact chip cards have certain capabilities that are challenging to implement in contactless chips due to their specific characteristics
One of the main drawbacks of contact chip cards is the relatively slower rate of data exchange between the card and the device. This can result in longer transaction times when compared to contactless transactions. However, it’s important to note that this delay is not due to any issues with the speed or performance of the POS terminal itself.. It is caused by the architectural features of the exchange interface design (we will talk about such features in this series of articles.). Besides, certain POS to HOST protocols involve additional communication sessions between the device (such as a POS terminal) and the PC specifically for contact chip-based transactions. This additional communication session is known as EMV Final Advice (EFA).
EMV Final Advice is a process that occurs after the completion of a contact chip-based transaction. It involves the terminal sending transaction-related information to the host or PC for further processing and validation. This information typically includes transaction details, card data, and other relevant data required for post-transaction activities.
The POS terminal initiates the connection twice: once for the exchange with the issuer and receiving the response from the issuer, and then again for the EMV Final Advice (EFA) communication with the host system. This double connection initiation can contribute to longer transaction times.
Payment systems are indeed aware of this drawback, and they have developed various ways to optimize the exchange between the POS terminal and the chip card. These optimizations aim to reduce transaction times by modifying the general logic of transaction processing, such as the amount, type of cryptogram, and other factors, compared to the traditional EMVBook scheme. Some examples of these optimized specifications include Visa’s Quick Chip, and American Express’s Quick Chip.
Such specification data and, consequently, such exchange schemes, are not widely spread in our region. It is basically thanks to a relatively high general technical level of the regional infrastructure which allowed to provide, in a very short time, support of the contactless cards that have no issues with the rate of the data exchange
2. ICC Contactless (Integrated Circuit card, Contactless). Another card not less widely spread in our region. This interface enables communication between the card and the device without the need for physical contact. It utilizes radio frequency (RF) technology to establish a wireless connection between the card’s chip and the device’s contactless reader. The card and the device exchange data through this interface, enabling transactions to be conducted by simply tapping or waving the card near the device’s contactless reader. Unlike the contact EMV cards, it is based on the ISO 14443 protocol. It has no such downside as the rate of the data exchange, which was and is clearly highlighted by the Payment systems. The “contactless” card technology has undergone various modifications, and in certain cases, these modifications can be significant. For instance, while the contactless core of MasterCard has not undergone substantial changes, the Contactless Visa card has distinct features that are crucial for information exchange. As a result, even if the identification (IDs) of a specific card are described in the configuration of a POS or ATM, it does not guarantee that the device will support those IDs during communication through the contactless interface.
Another characteristic feature logically deriving from the above-said, is some «reduction» of the contactless cores’ technical functionality regarding the contact chip, mainly in terms of the rate of the data exchange and the security. Those include the exception of the offline PIN codes from the list of CVM methods, the exception of the cardholder’s name/surname storage in the contactless card profile and some other things inherent in each specific PS.
3. MS/MStripe, or a Magnetic Stripe, is the earliest exchange interface, gradually falling into “void”, some older card technologies, such as magnetic stripe cards, still rely on this interface. The card’s magnetic stripe contains encoded information that can be read by a magnetic stripe reader on the device. The reader reads the magnetic stripe when the card is swiped or inserted, allowing the device to retrieve the necessary data for processing the transaction. The data which sits on the magstrip or so called “track” is the static data consists of the card number, its validity term, surname/name of the cardholder as well as the service code and a certain set of data for card validity verification (so-called CVV, Card Verification Value).As noted above, since the structure of the data is simple enough, and their size is limited, a magnetic stripe card can be easily copied by the fraudsters. That is the main reason why such an interface is currently getting out of use.
These three interfaces play a crucial role in facilitating communication and data exchange between the card and the device during POS or ATM transactions. Understanding the specifics of each interface is essential for implementing and utilizing these payment systems effectively.