M/CHIP™ OFFERS NEW CVM OPTIONS AT THE POS—AND THAT MEANS LOWER COSTS AND MORE SATISFIED CARDHOLDERS
The Cardholder Verification Method (CVM) verifies that the person using the card is actually the authorized cardholder. The migration to chip offers issuers more CVM alternatives, which translate into enhanced cardholder confidence and better security.
Enhanced CVM Benefits Everyone
As many markets around the world have migrated to chip, they have also decided to migrate away from signature-verified transactions toward more secure PIN-based transactions.
Chip-enabled PIN-based transactions bring benefits to all participants in the payments value chain. These transactions:
- Give cardholders greater confidence that their transactions are secure—translating into greater card usage, top-of-wallet status, and cardholder loyalty
- Reduce lost and stolen and never-received-issue (NRI) fraud losses
- Reduce exception-processing costs—retrieving signature slips to prove transactions occurred will be a thing of the past
PIN Support Reduces Liability
As of October 2015, U.S. merchants will be protected against fraud loss resulting from lost/stolen and NRI fraud, if they support PIN. Issuers that continue to issue signature-preferring cards, on the other hand, will be responsible for lost/stolen and NRI fraud when the chip card is used at a merchant enabled for chip/PIN (online/offline).
If an issuer wants to migrate to PIN-preferring cards, a consumer education program will be required to ensure that cardholders are aware of their PINs.
PIN Validation Options
With chip cards, PIN can be validated in either of two ways:
- Online by the issuer host—as ATM transactions are today
- Offline by the card
Either PIN option brings benefits to the issuer, and the cardholder will be unaware of how the PIN is validated. Points to consider when choosing which to support include:
|Considerations||Online PIN Validation||Offline PIN Validation|
|Transaction Authorization||Transactions must be authorized online, similar to magnetic stripe–transactions today; offline transactions will never go online to validate PIN||PIN can be validated offline for both online and offline transactions|
|Card Personalization||Card personalization is simple, as PIN is stored at the host||The PIN has to be securely stored in the secure memory of the chip|
|PIN Change||PIN change is simple to support, as it is host based||PIN change involves updating the offline PIN stored on the card|
|PIN Management||If the PIN has been entered incorrectly too many times, resetting is simple, as it is host based||PIN counter resetting involves updating card|
|PIN Validation||PIN validated in host system||PIN validated by card|
|International Interoperability||Online PIN not supported in all POS terminals in some markets||Offline PIN widely supported in POS terminals in migrated EMV markets|
Terminals in the U.S. market that support PIN will support both options. If the card supports both online and offline PIN, the order of preference of the two options will depend on:
- Whether the issuer wants to allow offline transactions. If online PIN is the chosen CVM, all transactions must be approved online.
- Whether PIN change is supported by interactive voice response or similar systems. Offline PIN will only be updated after the next online authorization. If offline PIN is only used for international transactions, then more simple PIN change solutions are available.