LLMpediaThe first transparent, open encyclopedia generated by LLMs

EMV (payment system)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Ventra card Hop 5
Expansion Funnel Raw 106 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted106
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
EMV (payment system)
NameEMV
CaptionChip card and contactless reader
DeveloperEuropay, Mastercard, Visa
Introduced1994
TypePayment standard

EMV (payment system)

EMV is an international technical standard for smart payment cards and compatible payment terminals that defines interaction protocols among integrated circuit cards, point-of-sale terminals, and automated teller machines. The standard originated from a consortium of Europay, Mastercard, and Visa and has influenced payment infrastructure across banking networks, card schemes, and financial institutions. EMV's design affects card issuance by JPMorgan Chase, Bank of America, Citigroup, and central issuers such as the Bank of England and the European Central Bank, while influencing terminal manufacturers like Ingenico and Verifone.

Overview

EMV specifies card authentication, cardholder verification, and transaction authorization processes used by brands including Visa, Mastercard, American Express, Discover Financial Services, and regional schemes such as China UnionPay, JCB, Interac, and RuPay. The standard distinguishes between contact, contactless, and mobile implementations deployed by issuers like HSBC, Barclays, Deutsche Bank, BNP Paribas, and Santander. EMV supports offline and online authorization flows utilized by payment processors such as Worldpay, Global Payments Inc., FIS, Fiserv, and card networks operated by SWIFT participants. Adoption decisions by regulators including the Federal Reserve and the European Commission shaped rollout strategies used by retailers like Walmart, Target Corporation, Tesco, Carrefour, and 7-Eleven.

History and development

EMV began as a collaboration among Europay, Mastercard, and Visa in the early 1990s, building on smartcard research from entities such as Gemplus, Giesecke+Devrient, and Schlumberger. Key milestones include protocol specification releases aligned with cryptographic advances from standards initiatives like ISO/IEC 7816, ISO/IEC 14443, and work by organizations such as EMVCo and the International Organization for Standardization. National migrations, influenced by incidents like card fraud spikes addressed by central banks such as the Bank of France, were accelerated by liability shift policies instituted by networks including Visa Europe and Mastercard Worldwide. Collaborations with technology firms such as Apple Inc., Google LLC, Samsung Electronics, and mobile wallet pilots by PayPal Holdings guided contactless and tokenization efforts alongside regulatory actions by agencies like the UK Financial Conduct Authority.

Technical specifications

EMV builds on smartcard hardware and protocols referenced to ISO/IEC 7816, ISO/IEC 14443, and cryptographic recommendations from bodies like NIST and standards such as PKCS#11. Card data models use Application Primary Account Number records aligned with issuer directories maintained by Visa Inc. and Mastercard Incorporated. Terminal behaviour follows application selection and processing rules implemented in firmware by manufacturers including Ingenico Group and Verifone Systems. Contactless operations employ Near Field Communication stacks implemented by NXP Semiconductors and supported by mobile platforms from Apple, Google, and Samsung. Tokenization and secure element models interact with services like Visa Token Service and Mastercard Digital Enablement Service under governance by EMVCo.

Security and vulnerabilities

EMV introduced dynamic authentication using cryptographic counters and offline data authentication intended to reduce counterfeit fraud affecting issuers such as Santander UK and Credit Suisse. Attack research by academic groups at University of Cambridge, University of London, Princeton University, and security firms like Kaspersky Lab and Trend Micro identified vulnerabilities including relay attacks, card skimming, and offline PIN bypasses exploited in some deployments. Responses included algorithm updates, strengthened card authentication protocols, EMV kernel upgrades by terminal vendors, and mitigation measures by networks including Visa and Mastercard. Tokenization, secure elements, and remote attestations promoted by companies such as Apple Pay, Google Pay, and Samsung Pay complement EMV to address mobile-specific threat models flagged by auditors like Deloitte and PricewaterhouseCoopers.

Adoption and global implementation

EMV rollout timelines varied: early adoption in Europe and Latin America involved banks like Banco Santander, Banco do Brasil, and BBVA, while North American migration by American Express Company and major issuers accelerated after liability shift policies. Country-level implementations coordinated by central banks—e.g., the Reserve Bank of India, Bank of Mexico, Swiss National Bank—and payment associations including European Payments Council and NACHA shaped infrastructure upgrades. Retail ecosystems from IKEA to McDonald's upgraded terminals; transit systems in cities like London, New York City, and Tokyo integrated contactless EMV for fare payment, interoperating with schemes such as Oyster card systems and municipal authorities.

Interoperability and certification

Certification processes managed by EMVCo and testing laboratories such as UL and TÜV Rheinland ensure compatibility across vendors including Thales Group, Morpho (IDEMIA), and Gemalto. Interoperability involves compliance with kernel versions, acquirer processing rules at networks like First Data Corporation, and certification by scheme-specific labs run by Visa, Mastercard, and American Express. Cross-border acceptance relies on BIN sponsorship by issuer banks such as Barclays PLC and clearing arrangements coordinated through processors like Adyen and Stripe, Inc..

Impact on merchants and consumers

For merchants including Amazon (company), eBay, Starbucks Corporation, and brick-and-mortar chains, EMV reduced certain fraud categories but required capital expenditure on terminals and training coordinated with acquirers like Chase Paymentech. Consumers experienced increased use of contactless payments via wallets from Apple and Google and banking apps from Revolut, Monzo, and N26, while issuers implemented EMV cards with chips and contactless antennas. Liability shifts by networks influenced merchant acceptance policies and dispute handling by institutions such as PayPal and issuers including Wells Fargo.

Category:Payment systems