Credit cards Domain: Offline PIN and On-line PIN and CVM

Back when payment cards weren’t equipped with an EMV chip and most payment terminals were only capable of doing offline transactions, card issuing banks introduced the signature as the primary type of authorization for a transaction.

So what is EMV…

It stands for Europay Master card and Visa card

The merchant is supposed to check the signature on the back of the card with the signature provided by the shopper. Often the merchant also asks for an ID card in order to verify the ownership of the card.

There was also a time when a picture of the card owner was printed on the back of the card and used instead of a signature at the point of sale. The drawback of this type of verification is that no paper trail of the authorization is available afterwards, which is probably also one of the reasons why this type is no longer used.


Also Read


A PIN was traditionally used to authorize cash withdrawals at ATMs, but is becoming a more and more common CVM at the point of sale. To accept PIN verifications, terminals must meet high security standards and undergo a certification process before they can be used at the point of sale. This ensures that the PIN is highly protected and cannot be extracted in plain by a malicious entity.

Today there are two different PIN verification methods, online PIN and offline PIN. With an online PIN verification, the PIN is encrypted by the terminal and send to the card issuing bank with a request to verify its authenticity. The offline PIN verification is only available with EMV cards, as the PIN is checked internally by the chip.

It is also worth noting that based on the used CVM, the burden of proof that a transaction was actually authorized by the rightful card owner lies with different parties. With a signature the merchant is responsible to provide the appropriate proof (i.e. by producing the respective receipt with a signature) in case of a challenge by the card owner. In case of a PIN authorized transaction, the burden of proof lies with the shopper and it is generally impossible to challenge this transaction.

Paying with Credit or Debit Card

In determining which CVM will be used for a specific transaction at the point of sale, the type of card is the most decisive factor.

Transactions with a debit card represent the most straight forward cases, as they will use the PIN as verification method if the terminal offers this feature. In general the online PIN is used and while checking the PIN with the issuing bank, the account balance is also checked.

When paying with credit cards, a signature is commonly used as the preferred CVM for transactions at the point of sale. Only when withdrawing cash at an ATM, a PIN is requested. But there is a slow shift away from signatures in favor of PIN verifications, with the United Kingdom and Ireland being one of the countries now only issuing cards that require a PIN as CVM. (Ref: Payworksmobile)

Advertisements

Author: Srini

Experienced software developer. Skills in Development, Coding, Testing and Debugging. Good Data analytic skills (Data Warehousing and BI). Also skills in Mainframe.