Pci emv
Data Security Standard
PCI DSS Applicability in an EMV Environment
A Guidance Document
Version 1
Release date: 5 October 2010
Table of Contents
1 Executive Summary................................................................................................. 3
1.1 1.2 1.3 The Role of EMV....................................................................................................................... 3 The Role of the PCI DSS........................................................................................................... 4 Conclusions ............................................................................................................................... 4
2 Scope........................................................................................................................ 5 3 EMV Security and PCI DSS ..................................................................................... 6
3.1 The Payment Card Environment ............................................................................................... 7 3.1.1 Magnetic-Stripe Transactions.......................................................................................... 7 3.1.2 Technical Fallback ........................................................................................................... 7 3.1.3 PAN Key Entry ................................................................................................................. 8 3.1.4 Mail Order/Telephone Order-based Transactions........................................................... 8 3.1.5 EMV Transactions ........................................................................................................... 8 3.2 PCI DSS and the Current EMV Environment ............................................................................ 8 3.3 Future Developments in Transaction Security.......................................................................... 9 3.4 Summary ................................................................................................................................... 9
4 Reference & Glossary ........................................................................................... 11
4.1 4.2 4.3 References.............................................................................................................................. 11 Abbreviations & Glossary ........................................................................................................ 12 Acknowledgements ................................................................................................................. 12
PCI DSS Applicability in an EMV Environment – A Guidance Document © 2010 PCI Security StandardsCouncil, LLC
October 2010 Page 2
1
Executive Summary
This document compares and contrasts the current fraud-reduction capabilities of EMV within the security framework of the Payment Card Industry Data Security Standard (PCI DSS) and examines the rationale for why it remains necessary to implement PCI DSS in the EMV environments that exist today.
1.1
The Role of EMV
EMV smartcardswere designed and introduced to reduce fraud occurring in magnetic-stripe faceto-face environments, by using integrated-circuit (IC) based cards that use secret cryptographic keys to generate authentication and authorization data. As such, robust implementations of the EMV specifications can mitigate the risk of compromised card data being used to commit face-toface fraud. EMV implementations thatutilize different card verification values maintained on the chip from those maintained in the magnetic-stripe image provide an effective barrier to creating counterfeit magnetic-stripe cards from compromised EMV magnetic-stripe image data. In addition, when implemented in conjunction with PIN for cardholder verification, EMV limits the impact of the lost/stolen/never-received categories of...
Regístrate para leer el documento completo.