Offline EMV Transaction

The peculiarity of an offline transaction is that the transaction is carried out by card and terminal without contacting the bank and the payment system. During such a transaction, the card can approve the transaction within the established limit, and the terminal, in turn, sends information to the bank later on schedule, or when a connection with the bank appears. Such offline transactions provide additional benefits to both the issuing bank and the card holder. For example, the owner may pay even if there is no connection with the bank. Or, if the amount is small, the operation will be much faster.

How does card authentication occur in an offline transaction?

It was mentioned earlier that online and offline authentication use different technologies. If online uses the 3DES cryptographic algorithm, then in the case of offline, RSA with asymmetric keys is used. Why use such different technologies? The thing is that with online authentication, only the card and bank store the keys. In the case of offline, the key must be entrusted to the terminal. Given the large number of terminals, it is likely that the secret key trusted to the terminals will not remain secret for long.

Because the detailed description of offline card authentication is quite large, consider a simplified model.

At the head of all is a payment system (more precisely, a certification authority) that issues a pair of keys: a private key (red) and a public key (blue). The issuing bank also has its own key pair. For its keys, the issuer in a special way generates a certificate (Issuer Public Key Certificate), which contains the issuer’s public key. This certificate is signed (encrypted) with the private key of the payment system. In the process of personalization, this certificate is uploaded to the card.

When the payment terminal is installed at a point of sale and connected to the system, the public key of the payment system is downloaded to the terminal through the acquirer bank.

During the offline transaction, the terminal performs offline authentication of the card. First, the terminal deducts the Issuer Public Key Certificate from the card, and using the public key of the payment system checks the signature of the certificate (i.e. decrypts). If the signature is correct, the issuer’s public key is retrieved. Further, using the issuer’s public key, the signature of the critical card data is verified, which confirms its authenticity.

The method described above relates to Static Data Authentication (SDA). Currently, dynamic authentication is more commonly used: DDA (Dynamic Data Authentication) and CDA (Combined Data Authentication), which include SDA and additionally, similar to online, sign data that runs between the terminal and the card. Data is signed with the private key of the card, which is uploaded to the card during personalization. The signature is verified by the terminal using a public key recovered from the corresponding certificate.

SDA technology allows the terminal to verify that the data on the card is not modified. However, it does not allow to fully identify the authenticity of the card (it is possible to copy SDA data). In turn, DDA and CDA technologies make it possible to confirm the authenticity of the card, because the card is a carrier of a unique private key whose certificate (public key) is signed by the issuer’s private key (issuer certificate (its public key) is signed by the private key of the payment system).

Charts SDA, DDA and CDA, EMV Book 2

DDA and CDA technologies already contain SDA and are generally similar. Both algorithms use a unique card key and dynamic data. DDA authentication is a separate operation and is performed before the main cycle of the transaction process. CDA is executed in the main transaction cycle, and a card cryptogram is additionally used as signed data. In general, today, DDA technology is more common, although CDA is more preferable to use.

In addition to digital signatures, the terminal and the card are able to assess the risks of the transaction. For an offline transaction, the card can operate with several types of transaction counters and accumulators of offline amounts, currencies and countries, offline pin and its limits, as well as additional rules. In the process of personalizing the card, the issuer has the opportunity to limit the maximum number of consecutive offline transactions and / or the maximum transaction amount (lower and upper limits), thereby determining the level of risk.

For each implementation of the application of a particular payment system, there is a set of rules on the basis of which the card can make decisions to conduct offline, online or reject a transaction. The list of these rules is quite flexible and can be configured differently by the issuer for each card product. The decision process may involve the results of previous transactions, offline counters, pin verification results, etc.