1

Are there EMV cards, which do not support online PIN verification? Or all EMV cards support both online and offline PIN and terminal decides which to use?

Thanks in advance.

Alex
  • 169
  • 1
  • 3
  • 11

3 Answers3

5

Pure EMV Cards (i.e. the ones conforming only to the EMV Specifications -- no VISA,MC...) do not need to support any cardholder verification at all.

Whether they do is specified in bit 'b5' of the first byte of AIP (Application Interchange Profile).

See the chapter 10.5 of the EMV Book 3.

The configuration of the card is up to the issuer.

vlp
  • 7,811
  • 2
  • 23
  • 51
2
Are there EMV cards, which do not support online PIN verification?

Actually As per EMV Standard all EMV card must support Online or offline pin verification. It is choice of issuer that which method to choose.

There are a Tag 8E (Card holder Verification method) which defined the same whether card support online or offline pin verification. for example if 8E - CVM List - 99 99 99 99 00 00 00 00 02 01 02 06 42 03 1E 00

CVR 1 - 0201 - Online Enciphered PIN If Unattended Cash & Stop

In Real scenario, Terminal read 8E tag during AFL read and check which method is using. If offline , pin is matched with reside in the card , if online , pin send to Issuer in encrypted form for authentication.

Hope it helps.

Arjun
  • 3,491
  • 4
  • 25
  • 47
  • Thanks for answer. Yes, EMV card must support some of verification methods, but can EMV card support only offline-pin or signature or no-cvm **without** online-pin capability? The terminal can, but EMV card? Cannot find this in EMV specs. – Alex Aug 11 '15 at 15:30
  • MasterCard support various profile for various purpose. I found profiles which supported "only offline pin" , signature and online pin with various offline card authentication scheme ( DDA, CDA) – Arjun Aug 12 '15 at 09:27
  • Could you please provide a link to this specification? – Alex Aug 12 '15 at 11:22
  • Actually it is from MasterCard Only.. its a proprietary document. – Arjun Aug 12 '15 at 13:06
  • @Alex Can't help with a spec reference, but I can confirm this is how EMV cards work in the UK and France. There is no capacity for online PIN on cards issued here. – Duncan Jones Nov 17 '16 at 15:10
0

Yes, it can.

Actually the idea of payment card is to ease the payment method itself, generating more transactions and revenue (more interchange fee). That is the reason why in some of the CVM configuration has "Signature" or even "NO CVM" at all.

It is up to the issuer to decide based on the risk management and the capability of their IT system. Capability means, for example, in some country that I know, the offline PIN cannot be changed after issuance at the first time due to the cost/risk of supporting offline PIN change, that is by implementing Issuer Script support on their ATM/Terminals.

Here are the list of supported CVM:

  • Offline Plain text PIN
  • Offline enciphered PIN
  • Online Plain Text PIN
  • Online enciphered PIN
  • Signature
  • No CVM
Bondhan Novandy
  • 362
  • 1
  • 4
  • 16