Mutual authentication between EMV applets (such as MasterCard's M/Chip and Visa's VSDC) and POS TerminalHow can I read the purse balance with an EMV CARD?Unable to read PAN from debit card using EMV contactless (Interac Flash)MUTUAL AUTHENTICATION failed in EMV cardReading from an EMV Card to perform transactionsUnable to read information from Contact VISA Card using APDU commandsIs applet and application in EMV chip the same?How is Apple Pay and NFC-enabled Credit Cards used in check in/check out scenarios such as the London Underground?MTIP Contactless Test MP11 Fails on CVM ResultsEMV on chip applicationMutual Authentication in Cloud Foundry Application with NodeJS+express
How do I make my fill-in-the-blank exercise more obvious?
How do I delete cookies from a specific site?
What quests do you need to stop at before you make an enemy of a faction for each faction?
Does the Commodore CDTV-CR contain a 65C02 for some reason?
Why there is no wireless switch?
"syntax error near unexpected token" after editing .bashrc
Global variables and information security
How quickly would a wooden treasure chest rot?
How do I anonymously report the Establishment Clause being broken?
Friend is very nit picky about side comments I don't intend to be taken too seriously
Why does the seven segment display have decimal point at the right?
Why would one hemisphere of a planet be very mountainous while the other is flat?
Magento 2: Set order history page as default after login
Does the Giant Toad's Swallow acid damage take effect only at the start of its next turn?
Is the interior of a Bag of Holding actually an extradimensional space?
Why is a pressure canner needed when canning?
Is there some sort of French saying for "a person's signature move"?
How to create large inductors (1H) for audio use?
What's this constructed number's starter?
What drugs were used in England during the High Middle Ages?
Is there a neutral term for people who tend to avoid face-to-face or video/audio communication?
Types of tablet... a tablet secretion
Existence of a Hölder-free space
French equivalent of "my cup of tea"
Mutual authentication between EMV applets (such as MasterCard's M/Chip and Visa's VSDC) and POS Terminal
How can I read the purse balance with an EMV CARD?Unable to read PAN from debit card using EMV contactless (Interac Flash)MUTUAL AUTHENTICATION failed in EMV cardReading from an EMV Card to perform transactionsUnable to read information from Contact VISA Card using APDU commandsIs applet and application in EMV chip the same?How is Apple Pay and NFC-enabled Credit Cards used in check in/check out scenarios such as the London Underground?MTIP Contactless Test MP11 Fails on CVM ResultsEMV on chip applicationMutual Authentication in Cloud Foundry Application with NodeJS+express
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
As I know, for EMV cards, before transaction taking place, the terminal perform Card Authentication (using Static Data Authentication or Dynamic Data Authentication) to make sure the card is not a fake card.
(In reverse, it seem that there is no way for POS Terminal Authentication)
In Google Play, there are many applications can read EMV card data.
With a NFC-enable smartphone, we can read the sensitive card information including card number and expiration date.
(And the same for contact EMV card by using a smartcard reader)
My question is:
For EMV cards, is there any standards which specifies 'mutual authentication' protocol between cards and terminals.
And the card only send card data to terminal after performing 'mutual authentication' step.
Thanks,
authentication emv mutual-authentication
asked Mar 28 at 4:41
TrungTrung
5904 silver badges18 bronze badges
add a comment |
As I know, for EMV cards, before transaction taking place, the terminal perform Card Authentication (using Static Data Authentication or Dynamic Data Authentication) to make sure the card is not a fake card.
(In reverse, it seem that there is no way for POS Terminal Authentication)
In Google Play, there are many applications can read EMV card data.
With a NFC-enable smartphone, we can read the sensitive card information including card number and expiration date.
(And the same for contact EMV card by using a smartcard reader)
My question is:
For EMV cards, is there any standards which specifies 'mutual authentication' protocol between cards and terminals.
And the card only send card data to terminal after performing 'mutual authentication' step.
Thanks,
authentication emv mutual-authentication
asked Mar 28 at 4:41
TrungTrung
5904 silver badges18 bronze badges
add a comment |
As I know, for EMV cards, before transaction taking place, the terminal perform Card Authentication (using Static Data Authentication or Dynamic Data Authentication) to make sure the card is not a fake card.
(In reverse, it seem that there is no way for POS Terminal Authentication)
In Google Play, there are many applications can read EMV card data.
With a NFC-enable smartphone, we can read the sensitive card information including card number and expiration date.
(And the same for contact EMV card by using a smartcard reader)
My question is:
For EMV cards, is there any standards which specifies 'mutual authentication' protocol between cards and terminals.
And the card only send card data to terminal after performing 'mutual authentication' step.
Thanks,
authentication emv mutual-authentication
asked Mar 28 at 4:41
TrungTrung
5904 silver badges18 bronze badges
As I know, for EMV cards, before transaction taking place, the terminal perform Card Authentication (using Static Data Authentication or Dynamic Data Authentication) to make sure the card is not a fake card.
(In reverse, it seem that there is no way for POS Terminal Authentication)
In Google Play, there are many applications can read EMV card data.
With a NFC-enable smartphone, we can read the sensitive card information including card number and expiration date.
(And the same for contact EMV card by using a smartcard reader)
My question is:
For EMV cards, is there any standards which specifies 'mutual authentication' protocol between cards and terminals.
And the card only send card data to terminal after performing 'mutual authentication' step.
Thanks,
authentication emv mutual-authentication
authentication emv mutual-authentication
asked Mar 28 at 4:41
TrungTrung
5904 silver badges18 bronze badges
asked Mar 28 at 4:41
TrungTrung
5904 silver badges18 bronze badges
asked Mar 28 at 4:41
TrungTrung
5904 silver badges18 bronze badges
asked Mar 28 at 4:41
TrungTrung
5904 silver badges18 bronze badges
asked Mar 28 at 4:41
TrungTrung
5904 silver badges18 bronze badges
5904 silver badges18 bronze badges
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
Nothing to my knowledge. I believe this is so because the business use case does not justify this requirement.
Case 1. As you said there are readers who can read card data. However if at all someone take all the data from the card and replay it on a terminal, since transactions are protected by a single use cryptogram, and unpredictable number is provided by terminal, it will fail.
Case 2. A fraudster after forging a card can get some goods/services and leave, but for the terminal, it has to be registered to an acquirer/bank. There cannot be zombie terminals. Hence it is terminal who want to check the genuineness of the card and not the other way around.
You can get the track/card from chip, but so does mag stripe.
answered Mar 28 at 16:10
Adarsh NanuAdarsh Nanu
1,3071 gold badge9 silver badges16 bronze badges
add a comment |
There is nothing like Mutual Authentication in EMV Payment Transaction between Terminal & Card.
Since every transaction is based on some transaction specific unique data & cryptography then cloning is not possible (here I am not talking about SDA cards).
Even though any reader is able to read the data (which is actually allowed by EMV), Since these readers application is not authorized by EMV, so they can't use the VISA/MasterCard servers for transaction processing.
answered Apr 2 at 11:57
Gaurav ShuklaGaurav Shukla
3421 gold badge3 silver badges11 bronze badges
add a comment |
(Extending existing answers with another point of view)
During online transaction card validates that terminal is able to communicate with card issuer -- i.e. that the terminal is able to deliver card-generated ARQC to the issuer and is given a valid ARPC.
As Gaurav Shukla notes in his answer fake terminals are not able to communicate with respective payment association servers.
answered Apr 15 at 21:07
vlpvlp
4,9842 gold badges12 silver badges39 bronze badges
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55390295%2fmutual-authentication-between-emv-applets-such-as-mastercards-m-chip-and-visa%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Nothing to my knowledge. I believe this is so because the business use case does not justify this requirement.
Case 1. As you said there are readers who can read card data. However if at all someone take all the data from the card and replay it on a terminal, since transactions are protected by a single use cryptogram, and unpredictable number is provided by terminal, it will fail.
Case 2. A fraudster after forging a card can get some goods/services and leave, but for the terminal, it has to be registered to an acquirer/bank. There cannot be zombie terminals. Hence it is terminal who want to check the genuineness of the card and not the other way around.
You can get the track/card from chip, but so does mag stripe.
answered Mar 28 at 16:10
Adarsh NanuAdarsh Nanu
1,3071 gold badge9 silver badges16 bronze badges
add a comment |
Nothing to my knowledge. I believe this is so because the business use case does not justify this requirement.
Case 1. As you said there are readers who can read card data. However if at all someone take all the data from the card and replay it on a terminal, since transactions are protected by a single use cryptogram, and unpredictable number is provided by terminal, it will fail.
Case 2. A fraudster after forging a card can get some goods/services and leave, but for the terminal, it has to be registered to an acquirer/bank. There cannot be zombie terminals. Hence it is terminal who want to check the genuineness of the card and not the other way around.
You can get the track/card from chip, but so does mag stripe.
answered Mar 28 at 16:10
Adarsh NanuAdarsh Nanu
1,3071 gold badge9 silver badges16 bronze badges
add a comment |
Nothing to my knowledge. I believe this is so because the business use case does not justify this requirement.
Case 1. As you said there are readers who can read card data. However if at all someone take all the data from the card and replay it on a terminal, since transactions are protected by a single use cryptogram, and unpredictable number is provided by terminal, it will fail.
Case 2. A fraudster after forging a card can get some goods/services and leave, but for the terminal, it has to be registered to an acquirer/bank. There cannot be zombie terminals. Hence it is terminal who want to check the genuineness of the card and not the other way around.
You can get the track/card from chip, but so does mag stripe.
answered Mar 28 at 16:10
Adarsh NanuAdarsh Nanu
1,3071 gold badge9 silver badges16 bronze badges
Nothing to my knowledge. I believe this is so because the business use case does not justify this requirement.
Case 1. As you said there are readers who can read card data. However if at all someone take all the data from the card and replay it on a terminal, since transactions are protected by a single use cryptogram, and unpredictable number is provided by terminal, it will fail.
Case 2. A fraudster after forging a card can get some goods/services and leave, but for the terminal, it has to be registered to an acquirer/bank. There cannot be zombie terminals. Hence it is terminal who want to check the genuineness of the card and not the other way around.
You can get the track/card from chip, but so does mag stripe.
answered Mar 28 at 16:10
Adarsh NanuAdarsh Nanu
1,3071 gold badge9 silver badges16 bronze badges
answered Mar 28 at 16:10
Adarsh NanuAdarsh Nanu
1,3071 gold badge9 silver badges16 bronze badges
answered Mar 28 at 16:10
Adarsh NanuAdarsh Nanu
1,3071 gold badge9 silver badges16 bronze badges
answered Mar 28 at 16:10
Adarsh NanuAdarsh Nanu
1,3071 gold badge9 silver badges16 bronze badges
1,3071 gold badge9 silver badges16 bronze badges
add a comment |
add a comment |
There is nothing like Mutual Authentication in EMV Payment Transaction between Terminal & Card.
Since every transaction is based on some transaction specific unique data & cryptography then cloning is not possible (here I am not talking about SDA cards).
Even though any reader is able to read the data (which is actually allowed by EMV), Since these readers application is not authorized by EMV, so they can't use the VISA/MasterCard servers for transaction processing.
answered Apr 2 at 11:57
Gaurav ShuklaGaurav Shukla
3421 gold badge3 silver badges11 bronze badges
add a comment |
There is nothing like Mutual Authentication in EMV Payment Transaction between Terminal & Card.
Since every transaction is based on some transaction specific unique data & cryptography then cloning is not possible (here I am not talking about SDA cards).
Even though any reader is able to read the data (which is actually allowed by EMV), Since these readers application is not authorized by EMV, so they can't use the VISA/MasterCard servers for transaction processing.
answered Apr 2 at 11:57
Gaurav ShuklaGaurav Shukla
3421 gold badge3 silver badges11 bronze badges
add a comment |
There is nothing like Mutual Authentication in EMV Payment Transaction between Terminal & Card.
Since every transaction is based on some transaction specific unique data & cryptography then cloning is not possible (here I am not talking about SDA cards).
Even though any reader is able to read the data (which is actually allowed by EMV), Since these readers application is not authorized by EMV, so they can't use the VISA/MasterCard servers for transaction processing.
answered Apr 2 at 11:57
Gaurav ShuklaGaurav Shukla
3421 gold badge3 silver badges11 bronze badges
There is nothing like Mutual Authentication in EMV Payment Transaction between Terminal & Card.
Since every transaction is based on some transaction specific unique data & cryptography then cloning is not possible (here I am not talking about SDA cards).
Even though any reader is able to read the data (which is actually allowed by EMV), Since these readers application is not authorized by EMV, so they can't use the VISA/MasterCard servers for transaction processing.
answered Apr 2 at 11:57
Gaurav ShuklaGaurav Shukla
3421 gold badge3 silver badges11 bronze badges
answered Apr 2 at 11:57
Gaurav ShuklaGaurav Shukla
3421 gold badge3 silver badges11 bronze badges
answered Apr 2 at 11:57
Gaurav ShuklaGaurav Shukla
3421 gold badge3 silver badges11 bronze badges
answered Apr 2 at 11:57
Gaurav ShuklaGaurav Shukla
3421 gold badge3 silver badges11 bronze badges
3421 gold badge3 silver badges11 bronze badges
add a comment |
add a comment |
(Extending existing answers with another point of view)
During online transaction card validates that terminal is able to communicate with card issuer -- i.e. that the terminal is able to deliver card-generated ARQC to the issuer and is given a valid ARPC.
As Gaurav Shukla notes in his answer fake terminals are not able to communicate with respective payment association servers.
answered Apr 15 at 21:07
vlpvlp
4,9842 gold badges12 silver badges39 bronze badges
add a comment |
(Extending existing answers with another point of view)
During online transaction card validates that terminal is able to communicate with card issuer -- i.e. that the terminal is able to deliver card-generated ARQC to the issuer and is given a valid ARPC.
As Gaurav Shukla notes in his answer fake terminals are not able to communicate with respective payment association servers.
answered Apr 15 at 21:07
vlpvlp
4,9842 gold badges12 silver badges39 bronze badges
add a comment |
(Extending existing answers with another point of view)
During online transaction card validates that terminal is able to communicate with card issuer -- i.e. that the terminal is able to deliver card-generated ARQC to the issuer and is given a valid ARPC.
As Gaurav Shukla notes in his answer fake terminals are not able to communicate with respective payment association servers.
answered Apr 15 at 21:07
vlpvlp
4,9842 gold badges12 silver badges39 bronze badges
(Extending existing answers with another point of view)
During online transaction card validates that terminal is able to communicate with card issuer -- i.e. that the terminal is able to deliver card-generated ARQC to the issuer and is given a valid ARPC.
As Gaurav Shukla notes in his answer fake terminals are not able to communicate with respective payment association servers.
answered Apr 15 at 21:07
vlpvlp
4,9842 gold badges12 silver badges39 bronze badges
answered Apr 15 at 21:07
vlpvlp
4,9842 gold badges12 silver badges39 bronze badges
answered Apr 15 at 21:07
vlpvlp
4,9842 gold badges12 silver badges39 bronze badges
answered Apr 15 at 21:07
vlpvlp
4,9842 gold badges12 silver badges39 bronze badges
4,9842 gold badges12 silver badges39 bronze badges
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55390295%2fmutual-authentication-between-emv-applets-such-as-mastercards-m-chip-and-visa%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
