EMV Glossary L - Mühlbauer Group

EMV and Smartcard Glossary
123456789
3-D Secure
3-D secure is a protocol, developed by Visa, to allow secure payment over open networks (the Internet). 3-D secure is based on SLL and is
relatively simple to implement.
µm Unit of measurement know as a Micron. One millionth of a meter or one thousandth of a millimetre.
A
AAC
Application Authentication Cryptogram. The final cryptogram generated by the chip, in response to a GENERATE AC command (FIRST or
SECOND), if the transaction is declined.
AC
Acquirer
Acquirer Floor Limits
Acquirer Truncation
ADA
AES
Application Cryptogram. AC is the generic term given to describe an Application Cryptogram such as a TC, ACC, ARPC and an ARQC.
An Acquirer is a bank that makes agreements with merchants (i.e. retailers, hotels etc.) for the purposes of accepting card payments for
goods or services.
An Acquirer Floor Limit is a pre-agreed monetary value between an Acquirer and a retailer/merchant, above which a transaction must be
sent on-line for authorisation. If the Acquirer Floor Limit is greater than the Merchant Floor Limit, MFL, Transactions can be Acquirer
truncated.
Acquirer Truncation is the process whereby an on-line transaction is 'cut-short' and authorised y the Acquirer instead of either the Issuer or
a Scheme (STIP). Acquirer Truncation occurs for over 1/3 (on average) of all transactions in the UK and can be the result of Acquirer
Floor Limits, or a system outage.
Application Default Action. ADA is a data field in VIS (and UKIS) used in the Card Risk management, CRM, internal processing.
Advanced Encryption Standard. AES is an official US government FIPS 197 standard, which will eventually replace Triple DES. The two
inventors of this cryptographic algorithm are Dr. Joan Daemen and Dr. Vincent Rijmen. The name oft the algorithm is thus referred to as
Rijndael.
Affinity Card
AID
AIP
An Affinity Card is a type of relationship branding, where the Issuer co-brands a card with an organisation such as a charity contain data
required to be read by the terminal in order to conduct a transaction. The AFL is also used to identify data signed in the SDA process.
Application Identifier. AIDs are used to identify the Scheme and type of application present on a chip card. The AID is made up of two
fields, a RID to identify the Scheme and PIX to identify the application type.
Application Interchange Profile. The AIP contains details of the card's capability to support specific functions in the application (SDA, DDA,
Cardholder Verification, and Issuer Authentication).
Algorithm
An Algorithm is a process or set of rules, in the form of a computer program, used to manipulate data. Cryptographic algorithms are also
referred to as ciphers.
Mühlbauer AG EMV Seminar Newport News 2012 1/17

ANSI
APDU
API
API
Applet
Application
ARC
ARPC
ARQC
ASCII
ATC
ATM
ATR
Asymmetric Algorithm
AUC
American National Standards Institute. ANSI have adopted the ASCII code that assigns the numbers 0 through 127 to letters, 1000100); an
exclamation point is coded as decimal 33 (Binary 0100001). By standardising the values used to represent text. Text fields in chip cards
are usually encoded in ANSI. The use of ANSI and ASCII encoded characters enables computers to exchange information
Application Protocol Data Unit. APDU is the command message sent from the interface device (in the terminal) and the response message
returned by the chip to the interface device.
Application Programming Interface. An API is the interface through which one program can interface with another. Different programs may
be interchangeable if they share the same API.
Application Priority Indicator. If a terminal does not support cardholder selection, the highest priority application is selected as indicated by
the API written to the card at personalisation by the Issuer.
An Applet is a platform independent program written in Java, designed to be downloaded to run on a chip/computer.
An Application is a set of commands, data, rules and algorithms within a chip card to provide a given function in a particular system.
Examples include GSM, credit/debit and electronic purse.
Authorisation Response Code. The ARC is a two-digit code generated by the Issuer (as indicated in ISO 8583:1987) and transmitted to the
terminal to approve, decline or refer a transaction. Most commonly used ARCs consist of an one-line approval (00), on-line decline (05),
referral (01) or capture card request (04). The terminal is prohibited from altering the ARC from the Issuer. The terminal is allowed to
generate an ARC in the following exception conditions: Y1 = Off-line approved Z1 = Off-line declined Y3 = Unable to go online (off-line
approved) Z3 = Unable to go online (off-line declined)
Authorisation Response Cryptogram. An ARPC is a cryptogram generated by the Issuer (or Scheme in STIP), sent back to the chip card
as part on the on-line authorisation response message. The chip card uses the ARPC to authenticate the Issuer, in a process referred to
as CAM.
Authorisation Request Cryptogram. An ARQC is a cryptogram generated by the chip application, in response to the FIRST GENERATE AC
command, if the transaction is to be conducted on-line The ARQC is used by the Issuer to authenticate the chip card in a process referred
to as CAM.
American Standard Code for Information Interchange. A code that assigns the numbers 0 through 127 to letters, the digits 0 to 9,
punctuation marks, and certain other characters. For example, upper-case D is coded as decimal 68 (Binary 1000100); an exclamation
point is coded as decimal 33 (binary 010001). By standardising the values used to represent text, ASCII enables computers to exchange
information.
Application transaction Counter. The ATC is a dynamic data field inside the chip application that increments by one when the Get
Processing Options command is issued at the start of a transaction. The ATC, in conjunction with the Last On-line ATC can be used to
detect counterfeit chip cards and highlight possible fraud patterns.
Automated Teller Machine. An ATM is an unattended, customer-operated machine used to dispense cash and other services.
Answer to Reset. An ATR is sent from the chip (after the supply voltage, the clock and the reset signal) containing various data related to
the transmission protocol of the chip.
An Asymmetric Algorithm is an algorithm that utilises a different key for scrambling and unscrambling the plain text. The two keys are
referred to as the Private Key and the Public Key as one key never appears in clear and the other key may be made public.
Application Usage Control. The AUC contains details of the card's geographic processing restrictions and support for specific services
(international transactions, cash-back etc.).
Mühlbauer AG EMV Seminar Newport News 2012 2/17

Authentication
Authenticity
Authorisation
AVS
Authentication is the process of verifying data or an application or product. Authentication of a chip card refers to the checking of the online
cryptograms ARQC and ARPC. The correct name for chip authentication is Card Authentication Method or CAM.
Proving the Authenticity of data is proving the data originated from a legitimate source.
Authorisation is the process whereby the Issuer performs checks to ensure that the cardholder has sufficient funds to perform a
transaction. During authorisation the authenticity of a magnetic stripe card is checked via the CVV (1)/CVC (1) and the authenticity or a
chip card is checked via the ARQC.
Address Verification System. Merchants use AVS and CVV2/CVC2 to authenticate customers in CNP transactions. The address specified
by a customer in a CNP transaction must be the same as that recorded by the Issuer for the card being used.
B
Base I
Base II
Behavioural Scoring
Binary
BIN
Biometrics
Bit
Block Cipher
Byte
Base I is Visa's authorisation system/messaging.
Base III is Visa's settlement system/messaging.
Behavioural Scoring is the use of account and payment history to calculate the nature of the cardholder's future financial performance.
Binary numbers are used for counting in Base 2 using the digits 0 and 1. Most modern computes systems operate using binary logic.
Computers use the binary number system by representing the values 0 and 1 using two voltage levels (usually 0 V for logic 0 and either
+3.3 V or +5 V for logic 1).
Binary Identification Number. A BIN is a six-digit number uniquely identifying the card Issuer. Each Issuer normally has several BINs.
Biometrics is a method of verifying the identity of a person by electronically measuring some unique physical characteristic e.g. voice
patterns fingerprint and retinal pattern.
Binary Digit. A Binary Digit is the smallest unit of memory and therefore information within a computer. A bit can hold only one of two
values, 0 or 1.
A Block Cipher is a type of cipher that operates on blocks (normally 64 bits) of plain text data. DES is a type of block cipher.
A Byte is a unit of data equal to eight Bits. Computer information is usually transferred or stored as binary code in byte-sized groups.
C
CA
Certificate Authority. A Certificate Authority is a trusted organisation that creates, revokes and expires certificates. A CA is responsible for
ensuring the identity of the user requesting the certificate is legitimate.
CAA
Caesar Cipher
CAM
Card Action Analysis. The card performs CAA after completion of Card Risk Management (CRM) and the setting of the CVR. CAA involves
analysis of the CRM processes and responding with an appropriate cryptogram (TC to accept off-line, ARQC to go on-line and AAC to
decline off-line) to the FIRST GENERATE AC request from the terminal. Often the terms CAA and CRM are used interchangeably.
The Caesar Cipher is the name given to the first cipher used by Julius Caesar or military purposes. The Caesar Cipher is a type of
substitution cipher where individual letters are replaced by different letters a fixed displacement along in the alphabet. For example, the
letter 'd' replaces the Letter 'a', 'e' replaces the Letter 'b', 'f' replaces 'c' and so on.
Card Authentication Method. CAM is the name given to the process of authenticating the card and the Issuer using the cryptograms ARQC
and ARPC, respectively.
Mühlbauer AG EMV Seminar Newport News 2012 3/17

CAP
Cardholder
Card IACs
CBC
CCF
CDOL1
CDOL2
CECS
Chip Authentication Program. CAP is MasterCard's name for the process of producing a human readable form of cryptogram which can be
used to authenticate a card in a CNP transaction. It is equivalent to Visa's DPA.
A Cardholder it the name given to a person who is provided with a financial payment card. The cardholder's name is embossed on the front
of the card and is also stored inside the chip application.
Card Issuer Action Codes. A set of three data fields, Card IAC Denial, Card IAC On-line and Card IAC Default, defined in M/Chip and
M/Chip Lite for use in the Card Risk Management (CRM) internal processing.
Cipher Block Changing. CBC is an operational mode of a cipher that employs a simple feedback function. In the CBC mode a block of
plain text data is XORed with the previous cipher block prior to encryption. Triple DES in CBC mode is employed in chip applications to
create the cryptograms ARQC, ARPC, TC and ACC.
Currency Conversation Factor. A CCF is used to convert between the Primary and Secondary Currency on a VIS chip card, as part of the
Card Risk Management (CRM) process. Please refer to the explanation of CTTAL (dc) for further information.
Card Risk Management Data Object List 1. CDOL1 is a list of data objects (Tags and Lengths) that are passed ROM the terminal to the
chip application with the FIRST GENERATE AC command.
Card Risk Management Data Object List 2. CDOL2 is a list of data objects (Tags and Lengths) that are passed from the terminal to the
chip application with the SECOND GENERATE AC command.
Chip Electronic Commerce Specification. The Transaction Processing for Chip Electronic Commerce defines the use of a chip application
to conduct a credit or debit transaction in an electronic commerce environment using SET 1.0 complainant software covers the EMV
functions with the Secure Electronic Transaction (SET) Specification, to provide the foundation for secure, chip card based transaction
over the Internet.
CEPS
Charge back
Chip
Chip Card
Cipher
Cipher Text
Clear Text
CNP
Common Criteria
Contact Chip Card
Common Electronic Purse Specification. The Common Electronic Purse Specifications (CEPS) define requirements for all components
needed by an organisation to implement a globally interoperable electronic purse program, while maintaining full accountability and audit.
Charge-back is the process whereby a transaction is returned or charged back from the Issuer to the Acquirer for payment. Examples of
chargeback include, transactions from cards that are listed as lost/stolen or unauthorised transactions with a value higher than a preagreed
Merchant Floor Limit.
A Chip is a single crystal of semiconductor (silicon), on which an integrated circuit is created.
A Chip Card is a plastic card embedded with a chip; also known as a smart card or Integrated Circuit Card.
A Cipher is a process or set of rules, in the form of a computer program, used to encrypt data. Ciphers are also referred to as
cryptographic algorithms.
Cipher Text is the output obtained by scrambling plain text, with a cipher.
Clear text is the message to be scrambled with, or just recovered from, a cipher. Clear text is often referred to as plain text.
Card Not Present (transaction). CNP transactions are transactions over an open network, e.g. telephone, internet, mail order where a
terminal or retailer does not physically check the card.
Common Criteria is a directory of criteria used to evaluate and certify computer systems globally. Common Criteria was published by NIST
and is now an ISO standard (15408).
A Contact Chip Card is a chip card that requires physical contact with an interface device power. A contact plate wired to the chip directly
locates onto a power source.
Mühlbauer AG EMV Seminar Newport News 2012 4/17

Contactless Chip Card
CPU
CRM
Cryptanalysis
Cryptography
CTLico
CTLicu
CTTAL (d)
CTTAL (dc)
A Contactless Chip Card is a chip card that does not require physical contact with an interface device to receive power. Power is provided
to the chip using electromagnetic induction. Contactless chip cards are particularly suitable for access control, transport and baggage
handling applications.
Central Processing Unit. The CPU is the brain of a microcontroller card.
Card Risk Management. CRM is a process performed by the card to determine if a transaction should be sent on-line, approved off-line or
declined off-line. The output from CRM is the setting of the CVR that is subsequently used in Card Action Analysis (CAA). CRM is not
defined in EMV and is thus proprietary to the card specification.
Cryptanalysis is the art and science of breaking cipher codes.
Cryptography is the art and science of keeping data secure and is practised by cryptographers.
Consecutive Transaction Limit (international country). The CTLico velocity checking allows the Issuer to request that, after a certain
number of consecutive off-line transactions not in the card's country of issue, transactions should be completed on-line Typical values
used to date in the UK are 2 or 3. The maximum permitted value is 255.
Consecutive Transaction Limit (international country). The CTLicu velocity checking allows the Issuer to request that, after a certain
number of consecutive off-line transactions not in the card's primary currency, transactions should be completed on-line Typical values
used to date in the UK are 2 or 3. The maximum permitted value is 255.
Cumulative Total Transaction Amount Limit (domestic). The CTTAL (d) velocity checking allows the Issuer to request that, after a certain
amount of off-line spend in the card's primary currency, transactions should be completed on-line Typical value used in the UK is £250. A
value should be chosen that does not prevent the LCOL from being ineffective.
Cumulative Total Transaction Amount Limit (dual currency). The CTTAL (dc) velocity checking allows the Issuer to request that, after a
certain amount of off-line spend in the card's primary and/or secondary currency, transactions should be completed on-line Typical value
used in the UK is £250. A value should be chosen that does not prevent the LCOL from being ineffective.
CVC (1)
CVC2
CVK
CVM
CVN
Card Verification Code (1). CVC (1) is the name given to the three-digit field coded on the magnetic stripe of a MasterCard bank card. The
value is generated using Triple DES (Single DES is no longer permitted) from the account number (PAN), expiry date and service code.
Card Verification Code 2. CVC (2) is the name given to the three-digit field printed on the signature panel of a MasterCard bank card. The
value is generated using Triple DES (Single DES is no longer permitted) from the account number (PAN), expiry date and service code set
to 000. The CVC2 is used in CNP transactions to prove the presence of a legitimate card.
Card Verification Key. The CVK is the Master Key used to Create the CVC (1) / CVV (1) and CVC2 / CVV2.
Cardholder Verification Method. CVM is the method by which a cardholder is identified during a transaction e.g. PIN or signature.
Cryptogram Version Number. CVN is a 1-byte hexadecimal field used to identify the cryptographic method used to generate cryptograms
on an EMV chip card.
CVV (1)
CVV2
Card Verification Value (1). CVV (1) is the name given to the three-digit field coded on the magnetic stripe of a Visa bank card. The value
is generated using Triple DES (Single DES is no longer permitted) from the account number (PAN), expiry date and service code.
Card Verification Value 2. CVV2 is the name given to the three-digit field printed on the signature panel of a Visa bank card. The value is
generated using Triple DES (Single DES is no longer permitted) from the account number (PAN), expiry date and service coded set to
000. The CVV2 is used in CNP transactions to prove the presence of a legitimate card.
Mühlbauer AG EMV Seminar Newport News 2012 5/17

CVR
Card Verification Results. The CVR is a proprietary data field that reports transaction processing information to the Issuer e.g. number of
scripts processed successfully. The CVR is used in M/Chip and M/Chip Lite to perform Card Risk Management (CRM).
D
DDA
Decryption
Denary
DES
DFA
Digital Certificate
Digital Signature
DKauth
Dynamic Data Authentication. Dynamic Data Authentication is an off-line security check of the chip card. Specific data fields within the card
(for example, PAN and Expiry Date) are combined with data from the terminal (unpredictable number) in real time and signed using the
chip cards' unique ICCKPR. DDA is a strong security check, requiring a chip with an MCP, which is not subject to replay attacks.
Decryption is the process whereby cipher text is unscrambled to reveal the original plain text data using a cryptographic algorithm.
Denary numbers are used for counting in Base 10 using the digits 0 to 9. Denary in the number system used for everyday general
counting.
Data Encryption Standard. DES is an encryption standard, defined by the U.S. government. DES encrypts data by breaking it into 64-bit
blocks of data and using a 56-bit key. Officially the algorithm should be referred to as DEA (Data Encryption Algorithm) but this term is
normally replaced with DES. DES is a symmetric algorithm, as the keys used for encryption and decryption are identical. DES (Single) has
a key space of 2. Triple DES is much stronger than Single DES, with a strength (key space) of 2
Differential Fault Analysis. DFA is a theoretical attack on chip cards. Spurious faults are induced in the chip to change a single bit of the
secret key whilst it is being used. This attack is repeated several times and the results mathematically analysed to reveal the value of the
secret key. Although this attack is only theoretical chip cards do have preventive mechanisms against DFA, e.g. the cryptogram is
computed twice and the two values compared before output.
A Digital Certificate consists of data, unique to an organisation, scrambled with an asymmetric private key. In their simplest form,
certificates contain a public key, a name of an organisation, an expiration date, the name of the certifying authority that issued the
certificate and a serial number. Digital Certificates are used to identify legitimate organisations.
A Digital Signature consists of data, unique to an individual, scrambled with the signer’s asymmetric private key. It is typically created
through the use of a hash function and is used to identify legitimate individuals.
Derived Authentication Key (unique). DKauth is a key unique to each card (derived from the Master Authentication Key, MKauth), which is
loaded into each chip card during personalisation. The DKauth is used in real time to generate the ARQC and verify the ARPC. [The
terminology used here is specific to our EMV Chip Implementation Training Courses. VIS refers to DKauth as 'Unique DEA Key' and
M/Chip refers to DKauth as 'ICC Application Cryptogram Master Key' or MK.]
DKenc
Derived Encryption Key (unique). DKenc is a key unique to each card (derived from the Master Encryption Key, MKenc), which is loaded
into each chip card during personalisation. The DKenc is used in real time to decrypt a data field after transmission to the card encrypted
within a script, E.g. PIN. [The terminology used here is specific to our EMV Chip Implementation Training Courses. VIS refers to DKenc as
'Data Encipherment DEA Key' and M/Chip refers to DKenc as 'ICC Master Key for Secure Messaging for Confidentiality' or MK.]
DKmac
Derived MAC Key (unique). DKmac is a key unique to each card (derived from the master MAC Key, MKmac), which is loaded into each
chip card during personalisation. The DKmac is used to check the authenticity and integrity of a script, ensuring the script came from a
valid Issuer and it has not been tampered with. [The terminology used here is specific to our EMV Chip Implementation Training Courses.
VIS refers to DKmac as 'MAC DEA Key' and M/Chip refers to DKmac as 'ICC Master Key for Secure Messaging for Integrity' or MK.]
Mühlbauer AG EMV Seminar Newport News 2012 6/17

DKman
DKpers
DKI
DPA
DPA
Derived Manufacturer Key (unique). DKman is a key unique to each card, (derived from the Master Manufacturing Key, MKman), which is
loaded into and locks each chip card during initialisation for transportation between the Initialiser and the Pre-Personaliser. [The
terminology used here is specific to our EMV Chip Implementation Training Courses. Each chip card manufacturer defines a different
name for this DKman.]
Derived Personalisation Key (unique). DKpers is a key unique to each card, (derived from the Master Personalisation Key, MKpers), which
is loaded into and locks each chip card during pre-personalisation for transportation between the Pre-Personaliser and the Personaliser.
[The terminology used here is specific to our EMV Chip Implementation Training Courses. Each chip card manufacturer defines a different
name for this DKman.]
Derivation Key Index. DKI is a two digit, hexadecimal field located on the card and the Host system to identify a set of Master DES Keys
used to generate cryptograms, MKauth and those used in secure messaging, MKenc and MKmac.
Differential Power Analysis. DPA is non-destructive or passive attack on a chip to obtain details of the secret keys. DPA analyses very
small variations in the power usage, using an analogue to digital converter, as the chip performs a transaction. Complex statistical analysis
of the power profiles can be performed using modern computers to reveal information about secret keys in the chip. Most Bank cards are
protected against DPA. Issuers must confirm with the chip manufacturers and the Schemes that within chips to be used for Bank cards
DPA countermeasures are in place.
Dynamic Passcode Authentication. DPA is Visa's name for the process of producing a human readable form of cryptogram which can be
used to authenticate a card in a CNP transaction. It is equivalent to MasterCard's CAP.
Dynamic Digital Signature
The Dynamic Digital Signature is created by signing unique card and terminal data with the ICC Private Key, ICCKPR, for use in DDA.
E
EEPROM
Electronic Purse
Elliptic Curves
Embedding
EMV
EMVCo
Encryption
Electrically Erasable Programmable Read Only Memory. This type of memory is used in chip cards to store all personalisation data and
other dynamic data, for example counters, used in the application. Data in the EEPROM is retained without power but can only be modified
when power is available.
An Electronic Purse contains pre-loaded electronic money that can be used as a form of payment for goods an service.
Elliptic Curves are a type of asymmetric public key algorithm. Elliptic Curves are still in their infancy but have much potential due to their
ability to provide as strong a cryptographic system as RSA for smaller key sizes. The use of smaller key sizes enables a faster
cryptographic implementation of Elliptic Curves compared to RSA.
Embedding is the name of the process where a recess is milled in the plastic card and a chip module is glued into this recess.
Europay MasterCard Visa. EMV, the Integrated Circuit Card (ICC) Specification for Payment Systems defines the minimum functionality
required of debit/credit chip cards and terminals to ensure correct operation and interoperability.
EMVCo is the name of the non-profit organisation formed between Europay, MasterCard and Visa that maintains the EMV Standard. JCB
also joined EMVCo.
Encryption is the process whereby plain text data is scrambled into non-readable data, know as cipher text, using a symmetric
cryptographic algorithm.
EPI
EPOS
Europay International. EPI is a payment Scheme that is now part of MasterCard International and has been renamed 'MasterCard Europe'.
Electronic Point of Sale. A point of sale (POS) or point of service device equipped with electronic equipment for pricing and recording
transactions. EPOS systems are normally installed in large retailers, e.g. supermarkets.
Mühlbauer AG EMV Seminar Newport News 2012 7/17

F
Fallback
FIPS
Fallback is the process whereby a chip card transaction falls back to a magnetic stripe transaction due to either a faulty chip or faulty chip
terminal. All fallback transactions have to be fully authorised by the Issuer/Scheme or they are subject to chargeback.
Federal Information Processing Standards. National Institute of Standards and Technology (NIST), a division of the U.S. Department of
Commerce, issues standards and guidelines such as FIPS intended to be adopted in all computer systems in the U.S.
Flash EEPROM
Float
Frequency Analysis
Flash EEPROM is a type of memory that has a faster write time at a lower voltage than standard EEPROM. Flash EEPROM is used to
store not only customer data but also the programme code making Flash EEPROM an excellent replacement for mask programmed ROM.
The term Float is used to describe the total real money, owned by the Bank operating an electronic purse scheme, which resides on
electronic purses, in the form of electronic money.
Frequency Analysis is a form of cryptanalysis. Frequency analysis uses the finer points of language construction to determine the plain text
from the cipher text. For example, in the English language 'e', 't' and 'a' are the most commonly occurring letters. The letter 't' does not
appear either directly before or after the letter 'j', etc.
G
GSM
Global System for Mobile Communications. GSM is an international standard for terrestrial mobile telephone systems.
H
HASH
Hexadecimal
HSM
A Hash is the output from a hashing function that takes variable length input data and converts it to a fixed length, normally shorter, value.
Hashing functions are usually one-way; that is, the hash (output) cannot be manipulated to return back to the original input data. The
hashing function most commonly used in creating digital signatures in SHA-1.
Hexadecimal characters are used for outing in Base 16 using the digits 0 to 9 and A to F. hexadecimal is often referred to as Hex.
Hardware Security Module. A HSM is a secure, tamper evident device used for generating keys (symmetric and asymmetric) and for
performing cryptographic calculations.
I
IACs
IC
ICC
ICCK
ICCK
Issuer Action Codes. IACs are a set of three data fields, IAC denial, IAC on-line and IAC default, defined in EMV, for use in the Terminal
Risk Management (TRM) processing. IACs are set by the Issuer and programmed onto the chip card at personalisation.
Integrated Circuit. An IC is an electronic circuit whose components, such as transistors and resistors, are etched or imprinted on a single
slice of semiconductor material.
Integrated Circuit Card. An ICC is a plastic card containing an integrated circuit; also known as smart cards or chip cards.
ICC Private Key. The ICC Private Key is used to sign unique card an terminal data to create a Dynamic Digital Signature for use in DDA.
The nomenclature used by EMV is S. this EMV nomenclature is not used in our EMV Chip Implementation Training courses to avoid
confusion with the term 'secret' that is normally reserved for symmetric algorithms such as DES.
ICC Public Key. The ICC Public Key is used to resolve the Dynamic Digital Signature used in DDA. The nomenclature used by EMV is P.
Our EMV Chip Implementation Training courses do not use this EMV nomenclature.
Mühlbauer AG EMV Seminar Newport News 2012 8/17

ICCK Exponent
ICCK remainder
ICC Digital Certificates
IK
IK
IK Exponent
IK Remainder
Initialisation
Initialiser
Integrity
Internet
ICC Public Key Exponent. The ICCK Exponent is a field having the value of 3 or 2 + 1 used in the creation of the ICC Digital Certificate
used in DDA.
ICC Public Key Remainder. The ICCK Remainder is the right hand part of the ICCKPU that could not fit inside the ICC Digital Certificate.
The ICCK Remainder is written to the chip card at personalisation.
An ICC Digital Certificate is created by signing the ICC Public Key, ICCKPU, with the Issuer Private Key, IKPR.
Issuer Private Key. The Issuer Private Key is used to sign unique card data to create Static Digital Signature for use in SDA. Issuer Private
Key. The Issuer Private Key is used to sign the ICC Public Key, ICCKPU, to create an ICC Digital Certificate for use in DDA. The
nomenclature used by EMV is S. This EMV nomenclature is not used in our EMV Chip Implementation Training courses to avoid confusion
with the term 'secret' that is normally reserved for symmetric algorithms such as DES.
Issuer Public Key. The Issuer Public Key is used to resolve the Static Digital Signature used in SDA. Issuer Public Key. The Issuer Public
Key is used to resolve the ICC Digital Certificate used in DDA. The nomenclature used by EMV is P. Our EMV Chip Implementation
Training courses do not use this EMV nomenclature
Issuer Public Key Exponent. The IK Exponent is a field having the value of 3 or 2 + 1 use in the creation of the Static Digital Signature used
in SDA and ICC Digital Certificate in DDA.
Issuer Public Key remainder. The IK Remainder is the right hand part of the Issuer Public Key, IKPU, which could not fit inside the Issuer
Digital Certificate. The IK Remainder is written to the chip card at personalisation.
Initialisation is the first phase of programming a chip. During this phase the chip is tested by writing and reading data to the memory area,
loading a serial number and locking the chip with a unique key derived from a Master Manufacturing Key.
An Initialiser is the entity that performs initialisation of the chip.
Proving the integrity of data is proving the data has not been altered accidentally or deliberately.
The Internet is made from many networks that interconnect million of supercomputers, mainframes, workstations, personal computers,
laptops, and even pocket radios. The networks that make use of the Internet, all use a standard set of communications protocols, thus
allowing computers with distinctive software and hardware to communicate.
ISO
Issuer
Issuer Digital Certificate
ITSEC
International Standards Organisation. The following ISO standards are referenced in EMV 4: ISO 639:1988 Codes for the representation of
names and languages ISO/IEC 7811 - 1:1995 Identification cards - Recording technique Part 1: Embossing ISO/IEC 7811 - 3:1995
Identification cards - Recording technique Part 3: Location of embossed characters on ID-1 cards ISO/IEC 7816 - 1:1998 Identification
cards - Integrated circuit(s) cards with contacts - Part 1: Physical characteristics ISO/IEC 7816 - 2:1999 Identification cards - Integrated
circuit(s) cards with contacts - Part 2: Dimensions and location of contacts ISO/IEC 7816 - 3:1997 Identification Cards - Integrated circuit(s)
cards with contacts - Part 3: Electronic signals and transmission protocols ISO/IEC 7816 - 4:1995 Identification cards - Integrated circuit(s)
cards with contacts - Part 4, Inter-industry commands for interchange ISO/IEC 7816 - 5:1994 Identification cards - Integrated circuit(s)
cards with contacts - Part 5: Numbering system and registration procedure for application identifiers ISO/IEC 8859:1987 Information
processing - 8-bit single-byte coded graphic character sets ISO/IEC 10373:1993 Identification cards - Test methods
An Issuer is the entity that issues and retains ownership of payment cards to cardholders.
The Issuer Digital Certificate is created by signing the Issuer Public Key, IKPU, with the Scheme Private Key, SKPR for use in both SDA
and DDA.
Information Technique System Criteria. ITSEC is a directory of criteria used to evaluate and certify computer systems in Europe to an
agreed level of security. ITSEC has now been replaced by Common Criteria.
Mühlbauer AG EMV Seminar Newport News 2012 9/17

J
Java
Java Card
JVM
Java is a trademark name for a simple object orientated programming language developed by Sun Microsystems. Java is designed for use
over the Internet, providing a secure environment for writing and executing world wide web applications. One of the major advantages of
Java is that it is platform independent and thus the phrase "write once, run anywhere" was invented to describe Java.
Java Card is a subset of Java specifically designed for use on chip cards. Java normally takes up over 1 Megabyte of memory and thus a
subset of Java is used for chip cards that have a lower memory capacity.
Java Virtual Machine. JVM is a microcontroller simulated in software to run Java byte code.
K
KEK
Key
Key Management
Key Space
Key Encrypting Key. A KEK is the name given to a key that is used exclusively to encrypt other keys.
A key is a alphanumeric (hexadecimal) string of characters used by a cryptographic algorithm to scramble plain text data. The key is not
directly related to the algorithm but is at the heart of the security of the algorithm. The algorithm can be made publicly available, but without
the key, scrambled data cannot be unscrambled.
Key Management is the process of security managing keys throughout their life, including generation, storage, distribution, usage and
destruction.
The Key Space of an algorithm is the number of possible different cipher texts that can be produced from a single plain text. Generally, the
larger the key space the stronger the algorithm.
L
LCOL
LMK
LOATC
Lower Consecutive Off-line Limit. The LCOL is used to limit the number of consecutive off-line transactions before the Issuer decides to go
on-line Typical values used to date in the UK are 4 or 5. Maximum value is 255.
Local Master Key. A LMK is the highest-level administrative key, generated in clear in a Hardware Security Module (HSM). The LMK is
used to encrypt all Zone Master Keys (ZMK) and Application Keys (for example, MKauth, MKmac and MKenc) used in cryptographic
processing. Each self-contained system, housing one or more HSMs, should have an independent LMK value, as suggested by the word
'Local' in the key name. Please note that IBM security devices refer to these keys as Master Keys.
Last On-line Application Transaction Counter. The LOATC is a dynamic data field inside the chip card that is set equal to the ATC after a
successful on-line transaction has taken place. The LOATC, in conjunction with the ATC can be used to detect a counterfeit chip card and
highlight possible fraud patterns.
M
MAC
Masking
MasterCard Europe
M/Chip (Select)
Message Authentication Code. A MAC is cipher text that is used to provide integrity of data. MACs are used extensively in IT when
transferring data files between two systems. MACing the file enables the data to be checked for accidental or deliberate corruption during
the transfer. DES is often employed as the MACing algorithm due its speed of operation.
Masking is the photo-lithographic process of burning the ROM mask (programme code) into the chip.
MasterCard Europe is a payment Scheme, formerly known as EPI, hat is part of MasterCard International.
M/Chip is the name of MasterCard's full specific implementation of an EMV credit/debit appication on chip cards.
Mühlbauer AG EMV Seminar Newport News 2012 10/17

M/Chip Lite
MCI
MCP
MEL
Memory Card
MFL
MKauth
MKenc
MKmac
M/Chip Lite is the name of MasterCard's 'light' specific implementation of an EMV credit/debit application on chip cards. M/Chip Lite is a
subset of the full M/Chip specification. M/Chip Lite does not support DDA, combined DDA/AC generation, Off-line Transaction encrypted
PIN.
MasterCard International. MCI is an international payment Scheme that now incorporates EPI.
Mathematical Co-Processor. An MCP is a special integrated unit for performing complex arithmetic calculations normally associated with
RSA processing.
Multos Executable Language. MEL is the computing language for writing applications that work on MULTOS.
Memory cards do not have a CPU but consist of a simple chip that can be read or written to. Telephone cards are memory cards.
Merchant Floor Limit. MFL is a traditional fraud prevention technique in the magnetic stripe to force transactions on-line MFLs are preagreed
monetary values between an Issuer and a retailer/merchant, above which a transaction must be sent on-line for authorisation.
Unauthorised transactions that are over the Merchant Floor Limit are subject to chargeback.
Master Authentication Key. The MKauth is used to derive unique keys, DKauth, that are loaded into each chip card during personalisation.
The DKauth is used to generate the ARQC and verify the ARPC.
Master Encryption Key. The MKenc is used to derive unique keys, DKenc, that are loaded into each chip card during personalisation. The
DKenc is used to decrypt a data field after transmission to the card in a script. E.g. PIN.
Master MAC Key. The MKmac is used to derive unique keys, DKmac, that are loaded into each chip card during personalisation. The
DKmac is used to check the authenticity and integrity of a script.
MKman
MKpers
Mod 10
Module
MONDEX
Mono-alphabetic Cipher
Multi-application
Multi-functional
MULTOS
Master Manufacturing Key. The MKman is used to derive unique keys, DKman, that are loaded into and lock each chip during initialisation.
Master Personalisation Key. The MKpers is used to derive unique keys, DKpers, which are loaded into and lock each chip card during Pre-
Personalising.
Mod 10 or more correctly Modulo 10 is the name given to the process of generating the last digit of an PAN from all the other digits.
A Module consists of the silicon chip wired to a contact plate, ready for insertion into a plastic card.
MONDEX is the name of an electronic purse specification owned by MasterCard International.
A Mono-alphabetic Cipher is a type of substitution cipher where only one character or symbol is used to replace a letter in the plain text.
Mono-alphabetic Ciphers are open to a frequency analysis attack. The Caesar Cipher is a mono-alphabetic substitution cipher.
A Multi-application chip card is one that contains more than one application; for example, debit and an electronic purse.
A Multi-functional chip card is one that contains more than one application and has additional functionality to load and delete application
remotely. Often the term 'multi-functional' is not used and such cards are referred to as multi-application chip cards.
MULTOS is a multi-functional operating system for chip cards. MULTOS is a open standard with a high security architecture evaluated to
ITSEC Level 6 (most secure).
N
NIST
NSA
National Institute of Standards and Technology. NIST is a American organisation responsible for the standardising Information Technology
Systems. NIST publishes FIPS standards.
National Security Agency. NSA is an American organisation responsible for communication security including the development of new
cryptographic algorithms.
Mühlbauer AG EMV Seminar Newport News 2012 11/17

Non-Volatile Memory
Non-Volatile Memory is memory that does not need power to retain its contents; examples include ROM, EEPROM and Flash EEPROM.
O
Off-line PIN
Off-line Transaction
On-line PIN
On-line Transaction
Open Platform
An Off-line PIN is held and verified inside the chip. The off-line PIN should be kept in synchronisation with the corresponding on-line PIN.
There are two forms of off-line PIN - plain text and encrypted.
An Off-line Transaction is an electronic transaction that is processed without authorisation from the Issuer or Scheme (STIP).
An On-line PIN is held and verified on the Issuer Host system.
An On-line Transaction is an electronic transaction that is processed on-line by either the Issuer or Scheme (STIP).
Open Platform is Visa's preferred technology for multi-functional chip cards.
P
PAN
PDOL
PEK
Personalisation
Personalisation
Pig Pen
Primary Account Number. The PAN is a 16 to 19-digit number used to identify a cardholder (debit) or an account (credit) that may have
one or more authorised users.
Processing Options Data Object List. The PDOL is an EMV data field containing a list of Tags and Lengths that identify fields required if
geographical restrictions are supported by the chip application. PDOL is processed at the start of the transaction via the Get Processing
Potion command.
PIN Encrypting Key. A PEK is the name given to a key that is used exclusively to encrypt PIN blocks.
Personalisation is the third phase of programming the chip card. During this phase the cardholder specific data is loaded into the preprepared
file locations. At the end of this phase the card is activated and ready for use in the field.
A Personaliser is the entity that personalises the chip card.
Pig Pen is a type of substitution cipher where individual letters are replaced by a symbol that corresponds to part of a grid. The
Freemasons used Pig Pen in the 18th Century.
PIN
PIN Fallback
PIX
PKCS
PKI
Plain Text
Personal Identification Number. A PIN is a string of numbers between 4 and 12 digits (EMV) used to provide cardholder verification, CVM.
PIN fallback is a term used to identify the fallback of off-line PIN to signature as the CVM for a particular chip transaction. The ability of a
card to perform PIN fallback is indicated in the card's CVM List.
Proprietary Application Identifier Extension. A PIX is the second part of an Application Identifier or AID used to identify the specific
application on the chip card. Credit/debit applications normally have a PIX of 1010.
Public Key Cryptographic Standard. PKCS is a set of standards published by RSA containing rules relating to the use of asymmetric
algorithms.
Public Key Infrastructure. PKI is the term used to describe the total infrastructure used to deliver Public Key applications. Public Key
applications use RSA cryptography to protect sensitive documentation over open networks (the Internet).
Plain text is the message to be scrambled using cryptography. Plain text is often referred to as clear text.
Mühlbauer AG EMV Seminar Newport News 2012 12/17

Poly-alphabetic Cipher
POS
PPM (Review)
Pre-personalisation
Pre-Personaliser
Private Key
PSE
Public Key
PVV
A Poly-alphabetic Cipher is a type of substitution cipher where more than one character or symbol is used to replace a single letter in the
plain text. The number of replacement characters or symbols for each letter is normally dependent on the frequency the plain text letter
occurs in the language being used. Poly-alphabetic Ciphers are more resistant to frequency analysis than Mono-alphabetic Ciphers.
Point of Sale. A POS device is a terminal used to process an electronic transaction in shops, restaurants etc. The POS device may go online
for full authorisation by the Issuer/Scheme or stay off-line to conduct the transaction.
Post PIN Maturity (Review). The term PPM(Review) indicates that once a mature off-line PIN environment has been established in the UK,
off-line PIN card parameters should be reviewed.
Pre-personalisation is the second phase of programming the chip card. During this phase a file structure is created inside the chip and it is
locked with a unique key, DKpers, derived from a Master Personalisation Key, MKpers.
A Pre-Personaliser is the entity that pre-personalises the chip card.
A Private Key is a key from an asymmetric algorithm that must be kept secret. The Private Key is mathematically linked to a Public Key
that does not have to be kept secret.
Payment System Environment. PSE has a fixed name of 1PAY.SYS.DDF01 and contains a directory of all applications present on the
card. PSE is optional in EMV 4.0. If there is space available on the chip it is recommended to code PSE.
A Public Key is a key from an asymmetric algorithm that does not have to be kept secret. The Public Key is mathematically linked to a
Private Key that has to be kept secret.
Personalisation Verification Value. PCC is the name given to the three-digit field coded on the magnetic stripe of a bank card that can be
used to validate an on-line PIN. The PCC is generated using Triple DES (Single DES is no longer allowed) from 11 digits of the account
number (PAN, excluding the mod 10 check value), the PIN Verification Key Index (0-6) and the four leftmost digits of the PIN.
Q
R
RAM
Replay Attack
Resolving
RFU
RID
Rijndael
ROM
Random Access Memory. RAM is often referred to as working memory as it is used to store data that is modified during a calculation
session. Data in the RAM is lost when the power is removed.
A Replay Attack, in the context of bank chip cards, refers to the fraudulent reproduction of the data from a legitimate transaction without
the card being present.
Resolving is the process whereby cipher text is unscrambled to reveal the original plain text data using an asymmetric algorithm.
Reserved for Future Use. RFU it the term often seen in many chip specifications/standards to represent space for a field that may be used
in the future for new functionality.
Registered Identifier. A RID is the first part of an Application Identifier, AID, used to identify the Scheme brand associated with a bank chip
card.
Rijndael it the name given to the Advanced Encryption Standard, AES. AES is an official US government FIPS 197 standard, which will
eventually replace Triple DES. The two inventors of this cryptographic algorithm are Dr. Joan Daemen and Dr. Vincent Rijmen.
Read Only Memory. ROM is the type of memory that can only be read, not written to. Data in the ROM is retained without power, as it is
hard wired into the chip. This type of memory is used in chips to store the operating system, testing routines and the programme code. A
photo-lithographic process is used to burn all the code into the chip.
Mühlbauer AG EMV Seminar Newport News 2012 13/17

RSA
Rivest-Shamir-Adleman. RSA is an asymmetric algorithm named after its three inventors.
S
Scheme
Script
A Scheme is an organisation that provides interoperability and global (normally) acceptance of payment cards via an electronic routing
network for payment transactions between the Acquirer and the Issuer. Examples include MasterCard, Visa and American Express.
A Script is a command sent to the card in the authorisation response message that changes data in the chip application, blocks/unblocks
an application or blocks the chip entirely
SDA
Secrecy
Secret Key
SET
SHA-1
Signing
SIM
SK
SK
SK Exponent
SK Index
SSL
Static Digital Signature
STIP
Substitution Cipher
Static Data Authentication. Static Data Authentication is an off-line security check of the chip. Specific data fields within the card (Primary
Account Number, Expiry Date and more) are checked to ensure that they have not been tampered with since the card was personalised by
the Issuer. SDA is a weaker security check than DDA as the security data is static and is thus subject to replay attacks.
Data requiring Secrecy never appears in clear but is scrambled using an algorithm and a key.
A Secret Key is a key from a symmetric algorithm that must never appear in clear.
Secure Electronic Transaction. SET is a protocol developed by Visa, MasterCard and other leading companies to allow secure payment
over open networks (the Internet). SET in a complex secure protocol.
Secure Hashing Algorithm. SHA-1 is a one-way Secure Hashing Algorithm designed by NIST and the NSA for use with the digital
signatures standard. When any message of length

Symmetric Algorithm
A Symmetric Algorithm is an algorithm that utilised the same key for scrambling and unscrambling the plain text. The key is referred to as a
secret key as the value should never appear in clear.
T
TAA
TAC
TC
TLV
Transposition Cipher
Triple DES
TRM
TVR
Terminal Action Analysis. Following completion of Terminal Risk Management, TRM, and the setting of the TVR, the terminal performs
TAA. TAA involves terminal analysis of the TRM processes and the request of an appropriate cryptogram (TC to accept off-line, ARQC to
go on-line and AAC to decline off-line). Often TAA and TRM are used interchangeably.
Terminal Action Codes. TACs are a set of three data fields, TAC denial, TAC on-line and TAC default, defined in EMV, for use in the
Terminal Risk Management, TRM, processing. TACs are set by the Schemes and are located in the terminal.
Transaction Certificate. A TC is the final cryptogram generated by the chip application, by the chip application, in response to a
GENERATE AC command (FIRST or SECOND), if the transaction is accepted.
Tag, Length and Value. TLV is a data format that uses a label (TAG) to uniquely identify the field. The Tag is followed by the Length, then
the Value of the field.
A Transposition Cipher is the name given to a cipher that rearranges the characters of the plain text to produce the cipher text, which is
thus an anagram of the plain text.
Triple DS uses the symmetric DES algorithm three times with two keys to encrypt a data block. Firstly, the data block is encrypted with the
first key, the result is then decrypted using the second key and this result is finally encrypted using the first key again. Triple DES has a
strength (key space) of 2 112, much stronger than single DES, 2 56.
Terminal Risk Management. TRM is a process performed by the terminal to determine if a transaction should be sent on-line, approved
off-line or declined off-line. The output from TRM is the setting of the TVR that is subsequently used in Terminal Action Analysis, TAA.
Terminal Verification Results. The TVR is an EMV defined field that reports transaction processing information e.g. PIN failure to the
Issuer. The TVR is also used in Terminal Action Analysis, TAA.
U
UCOL
UKIS
Upper Consecutive Off-line Limit. The UCOL is used to limit the maximum number of consecutive off-line transactions, after which the
Issuer decides to decline the transaction in an off-line environment. Use of this field by UK Issuer has varied from lower values (e.g. 20) to
much higher values up to the maximum of 255.
United Kingdom Integrated Circuit Card Specification. UKIS is the UK's specific implementation of an EMV credit/debit application on chip
cards. This specification was a subset of an early version (1.2) of VIS and used by the UK prior to the introduction of off-line PIN. UKIS is
now obsolete for new card issuance, as it does not contain an off-line PIN.
V
VIS
Visa Integrated Circuit Card Specification. VIS is Visa's specific implementation of an EMV credit/debit application on chip cards. This
specification is often referred to as VSDC.
Mühlbauer AG EMV Seminar Newport News 2012 15/17

Visa Early Option
Visa Easy Entry
Visa International
VLP
VLP Authorisation Code
VLP Available Funds
VLP Funds Limit
VLP Single Transaction
Limit
Volatile Memory
VSDC
Visa Early Option is the term given to describe a system whereby Visa performs the CAM process (check ARQC, generate ARPC) on
behalf on the Issuer. Visa passes a traditional magnetic stripe message with very minor modifications to the Issuer for authorisation
Similarly the settlement message sent through the Base II system does not contain any additional chip information. Visa Early Option
allows Issuers to phase in chip migration, concentrating on card Issuance first. However, if an Issuer wishes to support scripting (needed
for off-line PIN) then Visa Early Option cannot be used.
Visa Easy Entry is the term given to storing only the magnetic stripe information (PAN, CVV1, Service Code etc.) inside the chip. At a chip
terminal the magnetic stripe information is read from the chip application and forwarded to the Issuer. Visa Easy Entry was introduced to
avoid the major system changes required to issue and authorise full EMV chip cards. Visa Easy Entry is no longer allowed by the payment
Schemes.
Visa International is a payment Scheme.
Visa Low Payment. VLP is a feature within VSDC that enables a pre-authorised amount on the cards to be used in offline low-value
transactions. The transaction must be in the card's domestic currency.
VLP Authorisation Code is the data element containing an authorisation code indication that the transaction was an approved VLP
transaction.
VLP Available Funds is the amount oft money available to spend in a VLP transaction subject to the VLP Single Transaction Limit.
VLP Funds Limit is the maximum amount of money available to spend in VLP transactions. The VLP Available Funds are reset to the VLP
Funds Limit after an online approved transaction when the Issuer's Authentication requirements are satisfied.
VLP Single Transaction Limit is the maximum amount of money allowed in a single VLP transaction.
Volatile memory is memory that needs power in order to retain its contents, for example RAM.
Visa Smart Debit Credit. VSDC is a generic name for Visa's chip card debit/credit program. VSDC is often used to refer to the technical
VIS specification.
W
X
Wafer
WFSC
X509
XOR
A wafer is a high purity silicon disk on which chips are built. Wafers vary in diameter from 6 to 12 inches.
Windows for Smart Cards. WFSC is an open standard (under licence) for multi-functional chip cards developed by Microsoft.
X509 is a standard for Public Key Digital Certificates. This standard is used in public key applications used in digitally sign documents for
transmission over open networks.
XOR is a mathematical operation used to combine binary data. Like bits ('0', '0' and '1', '1') XOR to give '0' and unlike bits ('0', '1' and '1'
and '0' XOR to give a '1'.)
Y
Y1
Y3
Y1 is an Authorization Response Code (ARC) issued by the terminal for an off-line approved transaction.
Y3 is an Authorisation Response Code (ARC) issued by the terminal for an off-line approved transaction if the terminal is unable to go
online.
Mühlbauer AG EMV Seminar Newport News 2012 16/17

Z
Z1
Z3
Z1 is an Authorisation Response Code (ARC) issued by the terminal for an off-line declined transaction
Z3 is an Authorisation Response Code (ARC) issued by the terminal for an off-line declined transaction if the terminal is unable to go
online.
ZMK
Zone Master Key. A ZMK is a high level administrative key established manually between two systems. Secret data including keys can be
then be transferred securely between the two systems. Please note that Visa refer to Zone Master Keys as Zone Control Master Keys.
Every effort has been made to ensure this document is correct, if you should find any mistakes please notify info@muehlbauer.de
Mühlbauer AG EMV Seminar Newport News 2012 17/17