Chip Card Profile Business Considerations

Counterfeit Protection
Support

Counterfeit Protection

CHIP ENABLES SECURITY CHECKS THAT READILY IDENTIFY COUNTERFEIT FRAUD

Chip technology enables the issuer to identify that the card being used for a transaction is genuine and not counterfeit. This means counterfeit cards are much easier to identify and fraud losses reduced.

Key Benefit of Card Authentication: Helping Prevent Counterfeit Fraud

To support online CAM, an issuer or their processor must support chip-grade processing. This means developing the host system to validate the cryptogram received in the authorization—or using the MasterCard on-behalf service—and reviewing the data received from the chip transaction.

MasterCard M/Chip Processing Services is one way that the issuer can define a flexible strategy for launching chip cards. The issuer/processor selects the amount of host system changes their business model can accommodate, and delegates to MasterCard certain aspects of the chip transaction processing.

Chip Host Grade

With Chip Host Grade, the host system is able to receive chip data, validate the Authorization Request Cryptogram (ARQC), analyze the Terminal Verification Results (TVR) and Card Verification Results (CVR), and use the information to influence the authorization decision. An Authorization Response Cryptogram (ARPC) is generated with the authorization response by the issuer/processor.

If the issuer has Chip Host Grade, the card should be configured as “semi-grade.” This means that, in order to improve acceptance where there may be issues in the acquirer infrastructure, cards with this setting in their profile will approve transactions received online even if no ARPC is provided to the card. To ensure a high level of risk control offline counters are not reset unless the card receives a valid ARPC.

Magnetic Stripe Host Grade

With Mag Stripe Host Grade, the host system is not able to receive and process chip data or generate an ARPC with the authorization response.

The issuer/processor may or may not be able to interpret the TVR and CVR received with the authorization message and influence the authorization response accordingly.

This capability will influence several settings on the card and is therefore used to help define mag-stripe grade profiles.

If the issuer/processor has Mag Stripe Host Grade, the card must be configured as “mag-stripe grade.” In this profile setting the card will approve transactions approved online with no ARPC and the offline counters on the card are reset. Using mag-stripe grade introduces extra risk for the issuer as a stolen card can have the offline counters reset by a fraudster without any cryptographic control.

Considerations

If an issuer chooses not to support counterfeit protection upon implementation of chip cards, it will gain limited security benefits from introducing chip. Magnetic stripe–grade processing should be considered a transitional step, and issuers should plan to implement chip-grade processing as soon as possible.

M/Chip Processing Services:

Chip to Magnetic Stripe Conversion Service

Designed for issuers who want to start chip programs with minimal impact to their core systems.

This basic, entry-level service enables early roll out of chip cards—even before authorization or clearing systems are updated.

How Does It Work?

The Chip to Magnetic Stripe Conversion Service removes chip data from the authorization request and converts other fields (e.g., point-of service entry mode) so the authorization looks like a magnetic stripe transaction to an issuer processing system. In clearing, the Chip to Magnetic Stripe Conversion Service can optionally remove chip data from inbound clearing messages. You have the flexibility to use the service in either authorization, clearing, or in both systems.
There are 2 options for the Chip to Magnetic Stripe conversion Service:

  • One option allows participating issuers to specify whether the POS Entry Mode data element, as delivered to the issuer in DE22, must be kept untouched by the service. This allows the issuer to determine that the transaction originated at a chip terminal since other chip data has been removed. The current service does always convert the POS Entry Mode data element so as to emulate a magnetic stripe transaction.
  • Another option allows participating issuers to specify if they are willing not to receive DE48 sub element 71 – On-behalf results in the authorization or financial request messages.

Chip CVC to CVC1 Conversion Service

Designed for issuers that want to issue chip cards with minimal impact to their core systems.

Note: Issuers/processors subscribing to this service independently from the M/Chip Cryptogram Pre-Validation Service must configure their chip cards using magnetic stripe-grade personalization profiles.

This service, in combination with the Chip to Magnetic Stripe Conversion service enables early roll out of chip cards that feature a Chip CVC without the need for updating authorization systems.

How does it work?

The Chip CVC to CVC1 Conversion Service validates the Chip CVC in the authorization message and, if valid, replaces it with the relevant CVC1. The relevant keys are provided by the issuer/processor to MasterCard.

M/Chip Cryptogram Pre-Validation Service

Designed for issuers seeking a reliable migration solution.

Note: Issuers subscribing to this service are considered as chip grade and therefore can configure their chip cards using semi-grade personalization profiles.

This Service delivers the maximum benefit of chip cards before your in-house/processor systems are fully able to support chip validation processing.

How Does It Work?

The M/Chip Cryptogram Pre-Validation Service validates the chip cryptogram received in every authorization request processed by our network, indicating whether the cryptogram originates from a genuine card.

In addition to checking the chip cryptogram, this service also looks at the chip data received and identifies other issues that might concern you (for example, the result of an offline PIN entry) in light of criteria you've defined.

The validation results, and the related chip data, are passed along to the issuer/processor as part of the authorization request. You use the validation result—along with existing risk-management capabilities—to approve or decline the transaction.

The M/Chip Cryptogram Pre-Validation Service then calculates the response cryptogram based on your decision and returns it to the card. By validating this response cryptogram, the chip card knows this is a valid authorization and sets internal parameters accordingly–giving you the highest level of security in chip authorization.

M/Chip Cryptogram Validation in Stand-in Processing Service

Designed for full-grade chip issuers seeking business continuity

MasterCard recommends M/Chip Cryptogram Validation in Stand-in Processing Service as a best practice for all full-grade chip issuers who already support chip validation in their/their processors primary authorization systems. A natural extension of Stand-In for magnetic stripe cards, this service steps in if your system is unavailable to respond to an authorization request.

How Does It Work?

Stand-In checks the cryptogram from the card and generates the response cryptogram back to the card, completing the chip validation lifecycle, and then applies the Stand-In parameters you have established at MasterCard. As a chip issuer, you ensure that Stand-In processing is just as secure as authorizations processed by your primary system.

Like M/Chip Cryptogram Pre-Validation, this service also evaluates the chip data. For example, if the offline PIN is wrong, the transaction could be approved or declined depending on criteria you've defined.