EMF Implementing EMV at the ATM

Embed Size (px)

Text of EMF Implementing EMV at the ATM

  • Implementing EMVat the ATM:

    Requirements and Recommendations for the

    U.S. ATM Community

    Version 1.0

    Date: August 2014

  • Implementing EMV at the ATM: Requirements and Recommendations for the U.S. ATM Community

    __________________________________________________________________________________

    Page 2

    About the EMV Migration Forum

    The EMV Migration Forum is a cross-industry body focused on supporting the EMV implementation

    steps required for global and regional payment networks, issuers, processors, merchants, and

    consumers to help ensure a successful introduction of more secure EMV chip technology in the

    United States. The focus of the Forum is to address topics that require some level of industry

    cooperation and/or coordination to migrate successfully to EMV technology in the United States.

    For more information on the EMV Migration Forum, please visit http://www.emv-

    connection.com/emv-migration-forum/.

    EMV is a trademark owned by EMVCo LLC.

    Copyright 2014 EMV Migration Forum and Smart Card Alliance. All rights reserved. The EMV

    Migration Forum has used best efforts to ensure, but cannot guarantee, that the information described

    in this document is accurate as of the publication date. The EMV Migration Forum disclaims all

    warranties as to the accuracy, completeness or adequacy of information in this document. Comments

    or recommendations for edits or additions to this document should be submitted to: ATM-

    Implementation@us-emvforum.org.

    http://globenewswire.com/Tracker?data=oQyFROJCfAQEU_at4H_hop6Z5le_oD7Ox7vx1pfkcNFtCnc35JQIqvoNMbEnMJUGtlwzEX0mlAHCkqQnkbKGc8h-mneXjNAutdDVoGejnxT6Ywq9B44YNIyq1AsJ9ejxx_5rERmBcT2MhPq-tJZVGpHQjdbpgxFtdPA9Uii3HA4%3Dhttp://globenewswire.com/Tracker?data=oQyFROJCfAQEU_at4H_hop6Z5le_oD7Ox7vx1pfkcNFtCnc35JQIqvoNMbEnMJUGtlwzEX0mlAHCkqQnkbKGc8h-mneXjNAutdDVoGejnxT6Ywq9B44YNIyq1AsJ9ejxx_5rERmBcT2MhPq-tJZVGpHQjdbpgxFtdPA9Uii3HA4%3Dmailto:ATM-Implementation@us-emvforum.orgmailto:ATM-Implementation@us-emvforum.org

  • Implementing EMV at the ATM: Requirements and Recommendations for the U.S. ATM Community

    __________________________________________________________________________________

    Page 3

    TABLE OF CONTENTS

    1 INTRODUCTION ............................................................................................................................................. 6

    1.1 EXECUTIVE SUMMARY ........................................................................................................................................ 6

    1.2 NOTES AND INFORMATION DISCLOSURE ................................................................................................................ 7

    1.3 ASSUMPTIONS .................................................................................................................................................. 8

    2 FUNDAMENTAL EMV CONCEPTS ................................................................................................................... 9

    2.1 COMPARING A MAGNETIC STRIPE TRANSACTION WITH AN EMV TRANSACTION ............................................................ 9

    2.2 EMV AND EMVCO ........................................................................................................................................... 9

    2.2.1 Chip Reader ............................................................................................................................................ 10

    2.2.2 Kernel ..................................................................................................................................................... 10

    2.2.3 Approval and Renewal Processes........................................................................................................... 10

    2.3 ICC APPLICATIONS AND APPLICATION IDENTIFIERS ................................................................................................. 11

    2.4 APPLICATION IDENTIFIERS USED BY NETWORKS ..................................................................................................... 13

    2.5 EMV TAGS .................................................................................................................................................... 14

    2.6 APPLICATION PREFERRED NAME/APPLICATION LABEL ............................................................................................ 15

    2.7 ONLINE AND OFFLINE PIN ................................................................................................................................ 16

    2.8 SERVICE CODES ............................................................................................................................................... 16

    2.9 ISSUER SCRIPTS ............................................................................................................................................... 17

    2.9.1 Application Block ................................................................................................................................... 18

    2.9.2 Application Unblock ............................................................................................................................... 18

    2.9.3 Card Block .............................................................................................................................................. 18

    2.9.4 PIN Change............................................................................................................................................. 18

    2.9.5 PIN Unblock ............................................................................................................................................ 18

    2.10 TERMINAL VERIFICATION RESULTS ...................................................................................................................... 18

    3 BASIC EMV REQUIREMENTS FOR ATMS ....................................................................................................... 20

    3.1 CARD READER ................................................................................................................................................ 20

    3.1.1 Contact Styles ........................................................................................................................................ 20

    3.1.2 Motorized Reader .................................................................................................................................. 21

    3.1.3 Dip Reader ............................................................................................................................................. 22

    3.1.4 Contactless Reader ................................................................................................................................ 23

    3.2 OPERATING SYSTEM ........................................................................................................................................ 23

    3.3 ATM SOFTWARE ............................................................................................................................................ 24

    3.4 EMV SOFTWARE KERNEL ................................................................................................................................. 24

    3.5 COMMUNICATIONS PROTOCOL .......................................................................................................................... 25

    3.6 RECEIPTS ....................................................................................................................................................... 26

    3.7 CONFIGURATION ............................................................................................................................................. 26

    3.8 ENCRYPTION KEYS ........................................................................................................................................... 28

    3.9 TESTING AND APPROVALS ................................................................................................................................. 28

    4 MIGRATION PLANNING ............................................................................................................................... 30

    4.1 GENERAL CONSIDERATIONS ............................................................................................................................... 30

  • Implementing EMV at the ATM: Requirements and Recommendations for the U.S. ATM Community

    __________________________________________________________________________________

    Page 4

    4.2 UPGRADE OR REPLACE ..................................................................................................................................... 31

    4.3 CERTIFICATION, TESTING, AND APPROVALS NEEDED .............................................................................................. 32

    4.4 MIGRATION PLANNING TASKS ........................................................................................................................... 33

    4.4.1 Hardware and Software Evaluation ....................................................................................................... 33

    4.4.2 Policy and Requirements Definition ....................................................................................................... 34

    4.4.3 Review User Experience ......................................................................................................................... 35

    4.4.4 Implementation .....