More Tips on EMV Cards


Eight ideas for planning smart-chip card rollouts

By Scott Bennett

Interest in so-called EMV smart-card security technology that makes copying data from payment cards more difficult has increased as a result of the Target compromise and other large merchant breaches. Such EMV-chip technology has been used in Europe, Canada, South America, Asia Pacific and elsewhere for a long time to control payment fraud.

As you know, starting in October 2015, Visa and MasterCard will shift card-transaction liability to merchants that do not accept smart cards at the point of sale. But the recent high-profile merchant breaches have also helped spur more retailers to begin deploying point-of-sale transaction terminals that can process EMV cards.

Many large card issuers have actively begun converting their debit and credit card portfolios to the higher security EMV offers. With those large issuers actively issuing EMV cards, it is important for community banks to review the steps they will take to issue smart cards for their customers. To begin the process, here are eight points to consider while working through with your bank’s card manufacturer or its card processor.

1. Confirm whether your bank’s card processor is capable of providing EMV-enabled cards.

2. Decide whether your bank’s smart cards will use Static Data Authentication software standard or the Dynamic Data Authentication software standard. At this time, Visa is supporting the use of SDA, and MasterCard is supporting DDA.

3. Visa prefers a security-procedure model that uses chips and signatures (where the consumer provides a signature to authenticate a purchase). MasterCard prefers a model using chips and PINs (where the consumer enters a PIN to authenticate a transaction), and there is a strong initiative by U.S. merchants to adopt chip and PIN.

4. There are two card options to consider. There is a possibility of choosing six points of surface contact for smart cards or eight points of contact, although there is no difference in a card’s functionality between those two options. The only difference between those cards is the size of their footprints. The six-point PIN has a smaller footprint on the card, the eight-point PIN is more demonstrative.

5. Contact or dual interface is another item to choose. A contact-only smart card can be used only in a contact or “swipe” smart card reader at the point of sale. A smart card with a dual-interface chip also allows for “tap and pay” transactions.

6. The security chip on a smart card can be manufactured and fabricated by many companies throughout the world. Each chip must pass a standard created by EMVCo LLC, the governing body for EMV chip technology. The differences between each smart chip are only relevant to the brand of software a development company uses. At the end of the day, if a smart chip is certified as workable with EMV, this issue should not concern a card issuer.

7. Each smart card can carry the application for one brand or multiple brands, such as Visa, MasterCard or Discover, that are embedded into a smart card by a card manufacturer.

8. There are three basic operating systems that are used to program a smart card chip for brand certification. They are Java/Global Platform, Multos and Native platforms. As an issuer, the ultimate selection doesn’t determine the functionality of a card. Inherently, a Native (proprietary) chip, though specialized, reduces the number of available manufacturers available to provide that product. Because all three operating systems are certified, the decision of which software to use is typically left to the card manufacturer or processor. The cost differences between deploying these operating systems are negligible.

Scott Bennett ( is chief technology officer for Catalyst Card Co., a company in Centennial, Colo., that helps community banks implement EMV smart-card programs. His payment card expertise includes the card manufacturing process, data processing and industry certifications. In the emerging EMV market, he has also helped guide software development and implementation.