‹ Back
04 Sep 15
Security & Fraud

Learn the Lingo: Speaking Clearly about Payment Security

EMV terms and acronyms for the elements of multi-layered security

The details of changing security solutions can be confusing, not least because of the proliferation of terms and abbreviations with specific payment-industry meanings. Here are some industry terms and acronyms that can help define and explain the components of multi-layered security:

Authentication (online): A cryptographic process in which an issuer/host is able to validate the authenticity of a payment card in order to prevent counterfeiting, and a payment smartcard is optionally able to validate the issuer/host in order to prevent fraudulent “man-in-the-middle” attacks on cardholder data.

Authentication (offline): An authentication process that allows the payment terminal to authenticate a smartcard’s validity through asymmetric public/private key cryptography, designed for use in cases where the device is unable to connect online to the issuer. The card’s chip may also authorize the transaction if the defined risk parameters (especially brand requirements and floor limits) of both the chip and the terminal have been satisfied.

PAN: Primary Account Number, which is the card number embossed or represented by the credit or debit card credentials.

PAN Encryption: Called variously End-to-End or Point-to-Point Encryption, this method encrypts card data that included the PAN, the expiration date, and the Security Code (if present). Encryption methods vary, as do the encryption mechanisms. Encrypted data must not be mathematically traceable to the original PAN, nor can the data destination have the means to decrypt.

PIN Validation (online): The cardholder PIN is encrypted by the PIN entry device and sent within the authorization request to the issuer. The issuer decrypts the PIN and validates the identity of the cardholder.

PIN Validation (offline): The cardholder PIN is validated by the PIN embedded in the chip by the issuer. The PIN may be either enciphered or in clear text, since it is never transmitted away from the security of the card reader. Offline PIN validation may be used in conjunction with offline card authentication and authorization or, in cases where the issuer does not support online PIN, offline validation may be used alongside online card authentication and authorization.

Tokenization: Tokenization requires that a replacement value – or “token” – be substituted for the cardholder PAN during the transaction. This token may or may not resemble an actual PAN, depending on the specifics of the tokenization solution. In any case, the token must never be mathematically traceable to the original PAN.

Making sure everyone on your security team is speaking the same language is critical to avoid errors and omissions that could compromise security. If in doubt, ask for complete clarification.

To see a more complete list of EMV and transaction security terminology, please visit http://www.emv-connection.com/standardization-of-terminology/

Allen Friedman is the Director of Payment Solutions at Ingenico Group, North America

Allen Friedman

-

Ingenico US

EMV
Android

Also in Security & Fraud

02 May 24
How Partnerships Deliver Complete Smart Vending Solutions
Read more
29 Apr 24
Get the Most Out of Your PIN Pad in the New World of Commerce
Read more
22 Apr 24
Highlights from ETA TRANSACT 2024
Read more
02 Apr 24
How to Simplify Cross-Border Payments
Read more
29 Mar 24
Mastering the Complexity of Multi-Lane Payment Device Management
Read more
20 Mar 24
How to Effectively Make Portable POS a Part of a Retailer’s Strategy
Read more
12 Mar 24
ISVs: Adapt to the Growing Demand for Contactless Payments
Read more
05 Mar 24
Line-Busting Is Easy with the Right Payment Technologies
Read more
prev next
newsletter
Stay informed

Get the latest news about Ingenico.

See all news
contact us
Any questions or feedback?

Send us a message using the link below and we'll reply as soon as possible.

Contact sales