EMV contactless transactions, commonly known as "tap-to-pay" or "wave-and-pay," allow cardholders to complete card-present payments by holding a dual-interface chip card, wearable, or mobile device within ~4 cm of an NFC-enabled terminal. These transactions adhere to the same cryptographic security principles as contact (inserted) EMV chip transactions — primarily dynamic authentication via Application Cryptograms — but are heavily optimized for speed (typically <500 ms end-to-end) and user convenience. The core trade-off is controlled risk through transaction limits, mandatory online authorization above thresholds, and strong offline data authentication.
As of December 30, 2025, contactless dominates card-present volume in mature markets:
The specifications are governed by EMVCo, with the following key documents current in 2025:
2025 bulletins (e.g., DSB 316, 314) primarily provided clarifications on risk data handling and kernel interoperability.
C-8 Kernel enhancements: ECC for smaller/faster signatures, native AES cryptograms.
EMV contactless delivers the perfect balance of speed, convenience, and chip-grade security, driving its dominance in modern card-present payments.
If you'd like even deeper specifics — e.g., exact APDU sequences, C-8 vs. legacy differences, mobile wallet token flows, or relay attack timing constraints — let me know for further expansion!
As of December 30, 2025, contactless dominates card-present volume in mature markets:
- Europe/UK/Australia/Canada: >90–95% of in-person transactions.
- Asia-Pacific: Rapid growth, with >1.9 billion dual-interface cards issued globally.
- United States: Steady increase post-liability shift, now >60% at major merchants.
The specifications are governed by EMVCo, with the following key documents current in 2025:
| Specification | Latest Version (2025 Status) | Key Focus |
|---|---|---|
| Book A | Architecture and general requirements | Overall framework |
| Book B | Entry Point (v2.9 + bulletins) | Common application selection and kernel routing |
| Books C-2 to C-7 | Legacy scheme-specific kernels (e.g., C-3 Visa, C-2 Mastercard PayPass) | Still widely deployed but being phased toward C-8 |
| Book C-8 | Unified Contactless Kernel 8 (published 2022; approvals accelerating 2024–2025; royalty-free) | Single common kernel; ECC/AES-based; co-exists with legacy |
| Book D | Contactless communication protocol (ISO/IEC 14443) | Physical layer |
| Book E | Security and key management (v1.1 with 2025 updates) | Cryptographic requirements |
2025 bulletins (e.g., DSB 316, 314) primarily provided clarifications on risk data handling and kernel interoperability.
Detailed Transaction Flow (Contactless Kernel)
The flow is significantly streamlined compared to contact EMV to achieve sub-second processing.- Power-Up and Card Detection
- Terminal continuously polls the RF field (ISO/IEC 14443 Type A/B).
- Card responds with Answer to Select (ATS) or Answer to Request (ATQA/UID).
- Anti-collision resolves if multiple cards present (rare in practice).
- Application Selection
- Terminal sends SELECT PPSE (Proximity Payment System Environment) command.
- Card returns File Control Information (FCI) listing supported Application Identifiers (AIDs) in priority order.
- Terminal selects the highest-priority mutually supported AID (e.g., A0000000031010 for Visa Credit).
- Entry Point Processing (Book B)
- Common pre-processing layer determines which kernel to activate.
- Builds combination list, checks terminal capabilities (contactless vs. contact, supported CVMs).
- Routes to appropriate kernel (legacy C-x or new C-8).
- Kernel Processing (Core EMV Steps – Accelerated)
- Read Application Data: GET PROCESSING OPTIONS → card returns PDOL data and static records.
- Offline Data Authentication:
- fDDA (fast Dynamic Data Authentication) or CDA (Combined Data Authentication).
- Card generates dynamic signature (ECC or RSA) over transaction data + cryptogram using its private key.
- Terminal verifies using card's public key (recovered from certificate chain).
- Critical for preventing relay attacks.
- Processing Restrictions: Application version check, expiry, usage control.
- Cardholder Verification Method (CVM):
- Most common: No CVM Required for low-value (below Contactless CVM Limit).
- Consumer Device CVM (CD-CVM) for mobile wallets (biometric/PIN on phone).
- Signature or Online PIN rare in contactless.
- Terminal Risk Management:
- Contactless-specific counters: consecutive offline, cumulative amount.
- Floor limits, random online selection.
- Terminal Action Analysis: Based on TVR and issuer/terminal parameters.
- Card Action Analysis:
- Card generates Application Cryptogram:
- ARQC (most common above limits – forces online).
- TC (offline approval – limited).
- AAC (decline).
- Card generates Application Cryptogram:
- Transaction Outcome
- Online Path (ARQC):
- Terminal sends authorization request (including cryptogram, ATC, IAD) to issuer.
- Issuer verifies cryptogram (recomputes MAC) and returns approval/decline.
- No second GENERATE AC in contactless (card already removed).
- Offline Path (TC/AAC):
- Terminal verifies CDA/fDDA signature.
- Approves or declines locally.
- User feedback: Beeps, lights, screen messages ("Approved", "See Phone" for mobile).
- Online Path (ARQC):
Cryptographic Elements in Contactless
| Element | Description | Contactless Specifics |
|---|---|---|
| Application Cryptogram (AC) | ARQC/TC/AAC (8-byte MAC using session key) | Same as contact; often ARQC due to limits |
| fDDA/CDA Signature | Dynamic signature over cryptogram + transaction data (ECC preferred in C-8) | Mandatory for higher security; timing constrains relay |
| Unpredictable Number (UN) | 4 bytes from terminal | Ensures uniqueness |
| Application Transaction Counter (ATC) | Increments per transaction | Prevents replay |
C-8 Kernel enhancements: ECC for smaller/faster signatures, native AES cryptograms.
Risk Management & Limits
| Parameter | Typical Values (Regional) | Purpose |
|---|---|---|
| Contactless Floor Limit | $50–$250 (e.g., £100 UK, $100–200 US, €50 EU) | Force online above limit |
| Contactless CVM Limit | Same or slightly higher than floor limit | No PIN/biometric below |
| Cumulative Offline Limit | Varies by issuer (e.g., $200–500 total offline) | Prevent excessive offline |
| Consecutive Offline Counter | 5–10 transactions | Random online after |
Security Advantages & Remaining Risks
- Advantages:
- Same chip-level dynamic authentication as contact EMV.
- CDA/fDDA timing prevents practical relay attacks.
- Mobile wallets (Apple Pay/Google Pay) add tokenization + device CVM → superior security.
- Remaining Risks (2025):
- Relay attacks theoretically possible on legacy kernels without strict timing; mitigated by CDA.
- Lost/stolen card abuse below limits (countered by instant freeze apps).
- Shimming irrelevant (no chip insertion).
2025 Trends & Future
- Unified Kernel 8 adoption accelerating (simpler certification, lower costs).
- Tap-on-phone/softPOS growth.
- Integration with transit, IoT, wearables.
- Preparations for post-quantum cryptography in next major revision.
EMV contactless delivers the perfect balance of speed, convenience, and chip-grade security, driving its dominance in modern card-present payments.
If you'd like even deeper specifics — e.g., exact APDU sequences, C-8 vs. legacy differences, mobile wallet token flows, or relay attack timing constraints — let me know for further expansion!