The EMV standard defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. Portions of the standard are heavily based on the IC Chip card interface defined in ISO 7816.
The most widely known implementations of EMV standard are:
MasterCard has a Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of Modes.
The purpose and goal of the EMV standard is to specify interoperability between EMV compliant IC cards and EMV compliant credit card payment terminals throughout the world. There are two major benefits to moving to smart card based credit card payment systems: improved security (with associated fraud reduction), and the possibility for finer control of "offline" credit card transaction approvals. The goals and benefits of EMV: High level standard on terminal↔card API. It reduces the cost and time interval of software development (POS, ATM, HSM,...). The non EMV payment smart card has its own crypto protections (RSA, DES) and is based on local private standards.
EMV financial transactions are more secure against fraud than traditional credit card payments which use the data encoded in a magnetic stripe on the back of the card. This is due to the use of encryption algorithms such as DES, Triple-DES, RSA and SHA to provide authentication of the card to the processing terminal and the transaction processing center. However, processing is generally slower than an equivalent magnetic stripe transaction. This is due to cryptography overhead and time involved in messages transmissions between the card and the terminal. The increased protection from fraud has allowed banks and credit card issuers to push through a 'liability shift' such that merchants are now liable (as from 1 January 2005 in the EU region) for any fraud that results from transactions on systems that are not EMV capable.
Although not the only possible method, the majority of implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a PIN (Personal Identification Number) rather than signing a paper receipt. Whether or not PIN authentication takes place depends upon the capabilities of the terminal and programming of the card. For more details of this (specifically, the system being implemented in the UK) see Chip and PIN. In the future, systems may be upgraded to use other authentication systems, such as biometrics, which are generally not considered economical as of 2007.
The first version of EMV standard was published in 1999. Now the standard is defined and managed by the public corporation EMVCo Recognition of compliance with the EMV standard (i.e. device certification) is issued by EMVCo following submission of results of testing performed by an accredited testing house.
EMV Compliance testing has two levels: EMV Level 1 which covers physical, electrical and transport level interfaces, and EMV Level 2 which covers payment application selection and credit financial transaction processing.
After passing a common EMVCo tests the software must be tested to comply with EMV standard (VISA VSDC, MasterCard MChip,...).
Version 4.0 became effective in June 2004. The current version, 4.1, became effective in June 2007.