An introduction to contactless card transactions
Contactless Payment Cards CPCs are debit, credit and
charge cards including...
With contactless payments using a mobile phone or a contactless card its possible to do point-of-sale POS transactions
without the need to verify the cardholder...
- Mobile phone,
- contactless card,
- No CVM (Cardholder Verification Method),
- Easy payment,
- Tap and pay
- Pay tags (Paytag smart sticker) and
- Near field communication (NFC) technology... NFC contactless stickers.
The so called "no-CVM" transactions, if the transaction is a "low value" transaction.
In case of a "high value" transaction cardholder verification is always required.
The amount which determines whether a transaction is a "low value" or a "high value" transaction:
- Is determined by the card scheme - MasterCard in case of Maestro PayPass, VISA or Card Issuer.
- Can vary per country or region. For example, in the country such as Holland/Netherlands it is set to €25.00
- Is configured in and checked by the POS terminal. Therefore, the terminal will ask for a PIN if the transaction amount equal to
€25.00 or higher.
How do contactless payment cards work?
Banks and International banks such as NatWest/ Lloyds/ HSBC/
Australia/ Barclays/ Halifax/ Santander/ JCB/ Vodafone/ Oyster/ Japan/ Ireland/
Citi/ RBS do advertise about its products - contactless payment cards.
With contactless payments "no-CVM" transactions can be done in any merchant environment... where
Maestro PayPass/ Visa PayWave/ blink/ American Express ExpressPay
is accepted, whereas with contact payments "no-CVM" transactions are only allowed in specific merchant environments
(For example, parking garages, tollways, transit vending machines).
For example, in some countries, for example, MasterCard or Visa may grant a waiver that support for "no-CVM" transactions at
transit vending machines is not required.
CVM stands for Cardholder Verification Method, therefore, method to verify (authenticate) the cardholder
(For example, "Online PIN", "Offline PIN", "Signature", no CVM required).
The contactless application (PayPass) on the debit or credit card only supports Online PIN and no CVM required
as allowed CVM. So no CVM in this context means "no PIN".
The CVMs that EMV supports are:
- Online PIN (personal identification number) for credit or debit transactions, in which the PIN is electronically sent
to and validated by the card issuer.
The potential PIN requirement for credit transactions where a PIN pad is present is new with EMV, and will inevitably
require some degree of explanation to the consumer at the POS.
- Offline PIN, whereby instead of sending the PIN to the issuer, the PIN entered by the consumer is matched to that
on an application housed on the EMV chip card.
This functionality is exclusive to EMV card transactions. The authorization request may still be sent to the issuer.
- Signature, just as it is used today for magnetic-stripe card transactions.
- No CVM in low-dollar$/ euro€/ pound£ transactions, at merchants in low-risk
categories, such as fast food, convenience and grocery stores.
In this situation, an issuer-set transaction threshold allows the consummation of a sale without cardholder verification.
As both card-based contact and contactless payment usage grows for low-dollar$/ euro€/ pound£ transactions,
the frequency of no-CVM (i.e., no receipt-based signature required), transactions will increase as well.
Using contactless payment cards on buses or trains
As you know, contactless payment cards (CPCs) are debit, credit and charge cards that use
radio frequency technology for quick and easy payments.
They are increasingly being issued by banks and credit and charge card companies.
Customers who have CPCs can now use them to pay for single journeys on buses in London, United Kingdom (UK) or using OV-Chipkaart
on metro trains (metro travel) in Amsterdam, Holland/Netherlands.
If you have a debit, credit or charge card that has been issued in the UK and displays the contactless payment symbol
(pictured on the left), you should be able to use it on buses or underground tube (metro trains travel) to pay for single journeys.
When you touch your CPC on the yellow card reader, you are giving authorisation for
the cost of a single bus journey to be deducted from your card account.
You will be charged £1.40 for each bus journey you make with a contactless payment card in London.
What is a Smart Card?
Smart card or ICC (Integrated Circuit Card) is the general term for a credit or debit plastic card
that contains an integrated circuit chip.
Chip carries instructions that provide security and application support. There are wide varieties of Chip memory sizes with
There multi-applications with payment and non-payment applications.
ICC has the following security features...
- Chip is hard to copy
- Intelligence to make authorization decisions
- Parameters can be updated after issue
- New applications can be downloaded after issue
Magnetic Stripe Card
Magnetic stripe card are cheap and reliable. It works globally through use of ISO standards.
Easy for fraudsters to copy and is a read only mechanism and limited data capacity.
What is EMV?
EMV is a set of chip card, terminal and application specifications developed and promoted by
Europay, MasterCard and Visa.
The EMV Specifications consists of...
It's a global interoperability which uses original Specs EMV "96 version 3.1.1 and is currently
EMV 2004 version 4.2.
- Book 1 Application ICC to Terminal Interface Specification.
- Book 2 Security and Key Management.
- Book 3 Application Specification.
- Book 4 Cardholder, Attendant and Acquirer Interface Requirements.
An EMV application is not an implementation specification. But a Card Scheme implementation specs of:
The Chip applications comply with implementation specs and have multiple applications possible on same card.
- VIS (VSDC)
- Domestic implementation specs, e.g. UKIS, ABI, DPAS, etc.
The following emv security is used:
- Delivery of encrypted data
- On-line Card and Issuer Authentication
- Secure CAM Card Authentication Method
- Secure CVM Cardholder Verification
- Secure script delivery
Purpose of EMV Security
- A specification that allows growth and development in the future, e.g. to support new business functions.
- Cards and systems that are inter-operable across the world
- Enhanced transaction processing security and fraud protection
- Greater functionality within the card
Difference between EMV and Magnetic Stripe Cards
- Applications reside on the cards not terminal
- Change issued cards using scripts
- EMV cards carry a lot more data, including limits/usages for Risk Management
- EMV cards have a processor which adds another layer of security => prevents counterfeiting
- EMV also allows better CVMs because of the data held on the card => offline PIN
- EMV allows Issuers more control
- EMV allows more offline transactions because of the data held on the card
- EMV allows you to put more than one application on a card
The Impact of EMV
- Cards - Issuing and personalisation, post-issuance updates
- Accepting devices - Terminals, point of sale, ATM, etc.
- Message Formats - Authorization and data capture
- Networks and interchanges
- Customer Services / Back Office
Daily Limit for Contactless Payment
POS Contactless Amount
POS contactless amount is the maximum amount of contactless POS transactions done with a
debit or credit card per day.
The Daily card limit to mitigate the risk that when the card is stolen or lost, someone else
(who knows the PIN) can do transactions with the card up to the available balance on the account.
This limit is also used to switch contactless "on" or "off" (by means of a limit override).
A proposed value of 500, 250 or 0 - depending on the limit profile and
should be reset at midnight (00:00h).
No-CVM Contactless Amount
The maximum amount of consecutive contactless "no CVM required" transactions done with a debit
or credit card.
The Cumulative card limit (so not a daily card limit!) is to mitigate the risk that when the card is stolen or lost,
someone else can do "low value" transactions without the need to enter a PIN "forever".
There is a proposed value of 50 or 0 (depending on the limit profile).
Future Contactless Payment
In early , customer should be able to use their contactless payment card on:
- Docklands Light Rail (DLR)
- London Overground
- Underground Tube
FoneZafe Shield has been designed to protect your Radio-frequency identification (RFID) Near field communication (NFC)
Identity Stronghold Secure Sleeve / Case for ID & Credit Card - Pack of 5.