Three methods of offline card authentication: EMV standard (V. 4.2)

Card authentication methods are divided into offline and online. The latest version of the EMV standard (V. 4.2) distinguishes three methods of offline card authentication:

1) SDA (Static Data Authentication);
2) DDA (Dynamic Data Authentication);
3) CDA (Combined Dynamic Data Authentication/AC Generation).

The first authentication method in the list belongs to the class of static authentication methods, while the last two belong to dynamic authentication methods.

The SDA method ensures the integrity of static data critical to the map application, as well as the impossibility of creating a map from a “white sheet”. In the process of static authentication, the card transmits to the terminal for verification a Signed Static Application Data object, which is a signature of critical static application data executed on the card Issuer’s key. At its core, the SDA method is a chip analog of the CVVICVC values used to ensure the integrity of the card number, service code, and expiration values stored on the card’s magnetic stripe.

Methods of dynamic card authentication (DDA and CDA) are to be checked by a terminal calculated by the map data labels provided by the card terminal (with the mandatory use of a random number generated by the terminal) in accordance with the list of DDOL stored on the card. In this case, the successful result of card authentication guarantees at the level of cryptographic stability of the RSA algorithm the fact that the card contains a chip personalized by the Issuer authorized by the payment system to issue cards of this system. To implement dynamic methods of card authentication, the card chip requires support for the RSA algorithm, which in turn requires the presence of a special cryptographic coprocessor in the chip and therefore increases the cost of the card.

The CDA method in addition to dynamic authentication of the card additionally ensures the integrity of the most critical data of the information exchange of the card with the terminal (CID, transaction details and terminal). This is achieved by combining the authentication procedure of the card with the processing of the GENERATE AC command, during which the most important data for deciding on the method of completing the transaction is exchanged between the card and the terminal. As a result, the card signs a data set that includes the value of the hash function from the data circulating between the card and the terminal during the processing of the GET PROCESSING OPTIONS and GENERATE commands.

Another advantage of the CDA method is a reduction in the processing time of the operation (on average by several tens of milliseconds) compared to the case of using a card that supports the DDA method to process the same operation. This reduction in time in the case of using the CDA method is due to the absence of a separate INTERNAL AUTHENTICATE command in the transaction processing process, which is used when authenticating the card application in the DDA method.

Most of the first microprocessor cards only supported the SDA static authentication method. This was due to significantly higher prices for cards with dynamic authentication. However, over time, the difference in the cost of cards with dynamic and static authentication has decreased significantly, and international payment systems together with banks began to pursue a policy of gradual replacement of SDA-napr cards with dynamic authentication. So, since January 1, 2011 new cards issued by banks in the MasterCard Europe and VISA Europe regions must support the DDA method (in France, this decision is effective from January 1, 2007). However, new maps should not support the SDA method. Moreover, VISA Europe prohibits issuers in ITS region from using the SDA method as of January 1, 2015.

In the US, which recently started migrating to the chip, a similar decision was made from the very beginning of the introduction of microprocessor card technology: all cards that support offline authentication must support DDA/CDA

When performing individual transactions, the offline authentication mechanism of the card application may not be used. For example, this applies to transactions made in ATMs or online-only POS-terminals. Transactions initiated by such devices are processed online, and therefore they use mutual online authentication of the card and the Issuer.

Offline authentication is also not used in cardholder authentication operations in CAP/DPA programs. According to the rules of VISA and MasterCard, offline authentication may not be used in all operations performed from terminals that process transactions only in the online mode (online ol/u-terminals).

According to the VISA and MasterCard rules, all chip terminals capable of working offline must support the offline authentication methods of the SDA and DDA card (in Europe, this rule has been in force since January 1, 2005).

As of January 1, 2011, all new hybrid terminals capable of working offline (I/O/Le-Saray / e-terminals), regardless of where they are installed, must support the CDA method. Thus, from now on, all new offline-capable MasterCard terminals support all three methods of offline card authentication. So far, nothing is known about a similar decision by VISA.

According to MasterCard, today in Europe more than 70% of all POS-terminals support CDA. In Canada, Southeast Asia and Latin America, the number of such terminals is close to 100%. The main problem with CDA implementation is the lack of all system keys on some” undisciplined ” terminals. Servicing banks (outlets) do not implement public keys of the payment system at the terminals within the terms established for this purpose by the system. Using these keys, certificates of public keys of issuers are checked, and therefore, in the absence of a system key on the terminal, using which the Issuer’s key certificate is made, offline authentication of the card fails. In the case of CDA, this results in the rejection of the transaction because it is not possible to process the transaction online: the transaction cryptogram cannot be extracted from the card-signed data.

To alleviate the problem of missing system keys on the terminal when using the CDA method, the behavior of the terminal was changed in version XV 4.2. A terminal that meets version 4.2 must attempt to recover the card key before sending THE generate AC command to the card. If the terminal realizes that it does not have the system key required for recovery, it does not use the CDA (in TVR, the corresponding bit indicates that offline authentication of the application has not been performed), but requests the ARQC cryptogram.

But even if the terminal has software that does not correspond to the EMV 4.2 version, it is recommended to use the new TAC (Terminal Action Code) values on the terminal. Namely, if bit 3 of byte 1 of the TVR object is equal to 1 (CDA Failed), it is recommended to send the transaction for online authorization to the Issuer without the ARQC cryptogram (i.e. the corresponding bit in TAC-Decline = 0, in TAC-Opip = 1 and TAC-Default = 1 instead of the previously accepted triple (1, 0, 0)).

The share of” undisciplined ” terminals significantly depends on the country, the servicing Bank, the trading enterprise. On average in Europe, their number does not exceed 0.4% of the total fleet of terminals, and this figure is steadily decreasing from year to year.

MasterCard’s decision to require the CDA method to be supported by the e-terminals to be put into operation means that the CDA cards of This system may not support the DDA method after the time required to adapt the CDA method to MasterCard terminals. Today, such support is mandatory, since not all terminals support CDA.

Since card authentication is an important element of the Issuer’s decision on the outcome of the transaction authorization, it is desirable that the Issuer has the opportunity to verify the fact that the terminal performs card authentication. This is required in order to avoid fraud on the part of an unscrupulous merchant or service Bank claiming that offline authentication of the card has been performed, although this statement does not correspond to reality. The reason for the deception may be the savings of the merchant or service Bank to support the card authentication function on the POS-terminal. There is a mechanism for checking the fact that the terminal performs card authentication in the EMV standard (Data Authentication Code for the case of static authentication and ICC Dynamic Number for the case of dynamic card authentication).