Cryptography standard enables robust EMV® contact chip security long-term as payment technology evolves.
The EMV® Contact Chip Specification, managed by global technical body EMVCo, now supports Elliptic Curve Cryptography (ECC). „Use of this cryptography standard by the payment community can enable enhanced security without impacting technical performance of a payment device or slowing transaction processing time. The inclusion of ECC is required to support new, future payment scenarios,” according to the press release.
In an EMV contact chip payment, the merchant point-of-sale terminal can cryptographically authenticate a card and its data. For this purpose, EMVCo has based its EMV Contact Chip Specifications on RSA (Rivest-Shamir-Adleman) public key cryptography since its inception and intends to continue to support this standard. The addition of ECC into EMV Specifications helps achieve superior cryptographic strength with much smaller key sizes, enabling more efficient transactions in the future.
Robin Trickel, EMVCo Executive Committee Chair, explains: “The longer the cryptographic key used to secure a transaction, the more storage and processing power required. The size of a cryptographic key is therefore important. EMVCo recognises that RSA could continue to offer ‘stronger’ keys, however, these would increase in length resulting in slower computing and transaction times. In contrast, ECC is compact and efficient, making it an appealing option for use in devices with limited storage and processing capabilities.”
EMVCo has been working with the payment community for several years through its Associate Programme to identify how it can facilitate scalable security as payment practices and technology evolve.
“ECC provides strong security efficiency when compared to RSA, which is essential to ensure a smooth migration,” adds Trickel. “So while it doesn’t make current payments more secure today, it ensures robust security can be maintained in new payment innovations, setting the foundation to support the long-term security needs of the payment community.”
The EMV Contact Chip Specification for ECC (Specification Bulletin 243) has been published following approval of its release by EMVCo’s Board of Advisors and is available for royalty-free download from www.emvco.com. Updates to the EMV chip technology infrastructure will be part of the natural product lifecycle over a period of time for both cards and point-of-sale terminals.
EMVCo aims to provide EMV technology users with a suite of options to meet regional and local requirements. Both ECC and RSA will be supported by EMVCo while there is demand within the payment community. EMVCo does not mandate the use of encryption standards.
___________
EMVCo is the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV Specifications and related testing processes. EMV is a technology toolbox that enables globally interoperable secure payments across face-to-face and remote environments.
Adoption of EMV Specifications and associated approval and certification processes promotes a unified international payments framework, which supports an advancing range of payment methods, technologies and acceptance environments. The specifications are available royalty free, designed to be flexible, and can be adapted regionally to meet national payment requirements and accommodate local regulations.
EMVCo is collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa, and focuses on the technical advancement of the EMV Specifications.
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below: