How EMV (Chip and PIN) work?

Cloned Boy

Professional
Messages
874
Reaction score
696
Points
93
EMV is a standard for secure chip card transactions. Key components:
  1. Chip (ICC)
    • Contains unique keys and data (PAN, expiration date, cryptographic keys).
    • Generates dynamic codes for each transaction.
  2. PIN code
    • Confirms the identity of the cardholder.
    • It is verified by a chip or by the bank online.

Dynamic authentication (ARQC, ARPC)​

ARQC (Authorization Request Cryptogram)​

  • What is it? A unique cryptogram that the chip generates for each transaction.
  • How does it work?
    • The terminal sends a request (including an Unpredictable Number ).
    • The chip calculates ARQC based on:
      • ICC Private Key (card private key),
      • ATC (transaction counter),
      • Transaction data (amount, currency, etc.).
    • The bank checks the ARQC. If the cryptogram is incorrect, the transaction is rejected.

ARPC (Authorization Response Cryptogram)​

  • What is this? Bank's response to ARQC, confirming successful authentication.
  • Contains:
    • Approval Code,
    • New parameters for the next transaction (if needed).
Error example: If the cloned card cannot generate a valid ARQC, the terminal will return error 3-DA001 (Authentication Error).

The role of the ICC private key​

  • What is it? A unique key written into the chip when the card is issued. Never leaves the chip.
  • What is it used for?
    • Signs transactions (ARQC),
    • Performs Offline authentication (DDA/CDA).
  • Why can't it be copied?
    • Stored in secure memory (Secure Element),
    • Exporting the key requires hacking the chip (attacks like Side-Channel or Laser Fault Injection are complex and expensive).

Difference between SDA, DDA and CDA​

Authentication typeDescriptionLevel of protectionVulnerabilities
SDA (Static Data Authentication)Checks static card data (signed by the issuer).ShortVulnerable to cloning (if an attacker replaces the data).
DDA (Dynamic Data Authentication)The chip generates a unique signature for each transaction (uses ICC Private Key).AverageProtects against cloning, but is vulnerable to Pre-play attacks .
CDA (Combined DDA + Application Cryptogram)Combines DDA with ARQC for maximum protection.HighUsed in modern maps. Virtually invulnerable.

Example of an attack on SDA:​

If the card uses only SDA, the carder can:
  1. Copy data (PAN, expiration date, SDA signature).
  2. Write them to another card.
  3. The terminal will check the static signature and approve the transaction.

Why is DDA/CDA safer?​

  • Require dynamic signature (depends on Unpredictable Number),
  • Without ICC Private Key it is impossible to forge a signature.

Conclusion​

EMV secures transactions by:
  1. Dynamic cryptograms (ARQC/ARPC).
  2. Private keys (that do not leave the chip).
  3. Different levels of authentication (SDA → DDA → CDA).
For legal research: Study EMVCo Specs, use test cards (eg from Fime or UL).

Want to analyze a specific scenario (for example, how the terminal checks CDA)? Or are you interested in hacking methods (for educational purposes)?
 
Top