virtual credit card number chase visa

It's not a physical card, but a randomly generated, unique 16-digit number (with its own expiration date and security code) connected to your. To add a card to your Venmo account from a computer, click here and click "Edit payment methods" and then "Add Debit or. PayPal Key is a virtual credit card number which lets you use your Chase Freedom Flex, Freedom Visa, and Discover It cards often offer.

youtube video

How to get a FREE Virtual Card without any Bank Account - International Virtual Card for PayPal

Credit Cards

Credit Card Offer FAQs

Find information on Discover cards, how to apply for a credit card online, and more.

Discover credit cards are available on the Discover it® platform, a set of common benefits we’re committed to providing to every customer. However, the rewards and some extra benefits vary from virtual credit card number chase visa to product to be sure we can give different customers what they need.

 

Discover it® Cash Back: earn fidelity federal bank and trust at different places

 

Discover it® Miles: great for vacations or staycations

 

Discover it® Chrome Gas & Restaurants: earn rewards on road trips

 

Discover it® Secured Credit Card: build your credit history

 

Discover it® Student Cash Back: students earn rewards at different places

 

Discover it® Chrome for Students: students earn rewards at gas stations and restaurants

 

NHL® Discover it®: put your favorite team on your card

 

Discover it® Business: simple, smart benefits business owners need

You can apply for Discover credit cards at Discover.com or by calling 1-800-DISCOVER (1-800-347-2683). Select from cash back credit cards or travel credit cards. We also have Discover student cards and a Discover business card. All our credit cards earn Discover rewards on every purchase. You’ll need to be 18 or older to apply for a card. If you're not yet 21, you will have to apply online. Discover business card and Discover Secured credit card applicants must also apply online.

Discover card credit score requirements vary by product. In general, the standard Discover it® Card is for people with established credit. But the Discover Secured credit card is built for people looking to build or rebuild their credit with responsible use.4 No matter what, cardmembers earn Discover Card rewards on every purchase.

People wondering how to get a credit card should check their credit score with a free tool like the Discover Credit Scorecard. Then you may want to do a credit card comparison and choose the one that’s best for you. It’s always good to check if you’re pre-approved to see your likely offers before you apply for a card. While checking if you’re pre-approved won’t hurt your credit, each full application for a credit card may impact your credit score.

If you’re thinking about how to get a credit card, check your credit score to figure out your likely credit card eligibility. Then, a credit card comparison can help you choose the one that’s best virtual credit card number chase visa you. It’s always good to check if you’re pre-approved for a card before you apply. Checking if you’re pre-approved won’t harm your credit, but applying for credit cards may impact your credit score. Check to see if you‘re pre-approved.

You may receive credit card offers in the mail, by email or online. Compare your offers by rewards, sign-up bonus, benefits, APR (including introductory rates), fees and credit limits. Look for rewards programs that fit the way you spend: if you know you will use the card for groceries, gas, dining or travel, you may be able to find a card that helps you earn more. And look for a sign-up bonus that doesn’t have a minimum spending amount required to get your extra rewards.

Different credit cards require a different credit rating for approval. Some cards are only for people with excellent credit or good credit. Other cards are great if you have fair credit or are building or rebuilding credit. The credit card company will run a credit check as part of its decision to approve your application. It’s a good idea to check your credit score or get a copy of your credit report before applying for a new card.

A credit card is a revolving loan that you can use to make purchases. Each month you’ll receive a statement telling you how much of the loan you have used and have to pay back. If you pay the statement balance in full by the due date each month, you will not be charged interest on purchases. Otherwise your APR will apply to your unpaid credit card balance and you’ll have interest charges in your next statement. When you apply for a credit card, the credit card issuer will pull your credit report – which could result in a hard inquiry – as one of the factors they use to decide whether to approve your application. Credit cards often provide rewards on purchases, which is usually a percentage of the amount you spent with the card. A credit card comparison shows you different rewards and benefits and can help you find the credit card that’s best for you.

Your credit limit is the maximum amount of the revolving line of credit on your card—or the total amount you can use on your card for purchases, balance transfers, etc. When you apply for a credit card, the bank or credit card company uses a variety of information to decide what credit limit they can offer. As you show responsible credit use, credit card issuers may increase your credit card limit.

There are many reasons to get a credit card: you may decide to apply for a credit card for the rewards, APR (including intro rates) or sign-up offers. Or you might want to build your credit history. Some credit cards like Discover provide $0 Fraud Liability Guarantee, which means you’re never responsible for unauthorized purchases on your Discover Card.6 Also, credit cards often provide extra benefits, like providing helpful alerts on your spending and more.

Credit card companies consider a number of factors in their decision to approve your application, including your credit history and your ability to repay. So they may consider your credit score, income and more. One of the simplest helpful credit habits is to make at least the minimum payment for all of your bills on time every month.

Are you ready to add a Discover credit card to your credit journey?

 

Learn how and why you may receive pre-approved credit card offers, what to look for, and how you can opt-out of pre-approved credit card offers.

 

Learn how to apply for a credit card online, increase your chances of approval and protect your personal information while applying for credit cards online.

 

Find out which credit cards you qualify for by virtual credit card number chase visa an online card pre-approved tool, checking doesn't virtual credit card number chase visa your credit score and can personalize your offer.

Источник: https://www.discover.com/credit-cards/

Credit Cards You Can Use Instantly After Approval

With some credit cards, you don't have to wait for a piece of plastic to arrive in the mail before making your first purchase.

Many major issuers now offer ways to instantly use credit cards. And at least one — American Express — offers access to credit card numbers immediately after approval on all of its consumer credit and charge cards. Cards associated with certain brands — such as store cards, airline cards and hotel cards — also commonly offer instant access to credit.

» MORE:Card issuers are offering cheaper ways to access your credit line

Top credit cards you can use instantly after approval

Blue Cash Preferred® Card from American Express

Our pick for: Intro APR

Why we like it

American Express Blue Cash Preferred Credit Card
NerdWallet ratingNerdWallet's ratings are determined by our editorial team. The scoring formula takes into account the type of card being reviewed (such as cash back, travel or balance transfer) and the card's rates, fees, rewards and other features.

Learn More

The Blue Cash Preferred® Card from American Express comes with a solid 0% APR offer: 0% intro APR on Purchases for 12 months, and then the ongoing APR of 13.99%-23.99% Variable APR. And it starts with a good welcome offer: Earn a $300 statement credit after you spend $3,000 virtual credit card number chase visa purchases on your new Card within the first 6 months. Terms Apply. The annual fee is $0 intro for the first year, then $95. Plus, it offers an industry-leading 6% cash back at U.S. supermarkets on up to $6,000 in spending per year, 6% cash back on streaming subscriptions, such as Netflix, HBO Now and Audible; 3% on transit and gas at U.S. gas stations; and 1% on all other purchases. Terms apply (see rates and fees).

» MORE:How an AmEx card's instant credit access helped me fix my roof

How to use it instantly

Eligible cardholders will be able to get an instant card number immediately after being approved online. The number can be used anywhere American Express is accepted where a physical card isn't required. Eligibility for an instant card number is based on AmEx's ability to instantly verify your identity. Instant card numbers are available only on online AmEx applications, not through applications processed by phone.

» MORE:Full review of the Blue Cash Preferred® Card from American Express

Bank of America® Premium Rewards® credit card

Our pick for: Travel

Why we like it

Bank of America® Premium Rewards® Credit Card
NerdWallet ratingNerdWallet's ratings are determined by our editorial team. The scoring formula takes into account the type of card being reviewed (such as cash back, travel or balance transfer) and the card's rates, fees, rewards and other features.

Learn More

The Bank of America® Premium Rewards® credit card earns 2 points per $1 spent on travel and dining purchases, and 1.5 points per $1 spent on everything else. It has a $95 annual fee, but it comes with up to $200 in travel statement credit rewards, plus this bonus for new cardholders: Receive 50,000 online bonus points - a $500 value - after you make at least $3,000 in purchases in the first 90 days of account opening. If you're a member of the bank's Preferred Rewards program, your rewards will get a 25% to 75% boost depending on the balances in your eligible accounts.

How to use it instantly

You'll need to have at least one existing account with Bank of America®, and open the new card through a targeted promotion in the bank's mobile app in order to qualify for an instant card number. If you meet these qualifications, you can add your new card information to a digital wallet until your physical card arrives. This isn't an option if you apply through the app but don't click on one of the targeted promotions.

» MORE:Full review of the Bank of America® Premium Rewards® credit card

Nerdy tip: Cards that offer "instant use" and cards offering "instant approval" are not one and the same. Some cards promise instant approval with no credit check, but they are not guaranteeing the ability to use the card instantly upon approval.

Amazon Prime Rewards Visa Signature Card

Our pick for: A store card

Why we like it

Amazon Prime Rewards Visa Signature Card
NerdWallet ratingNerdWallet's ratings are determined by our editorial team. The scoring formula takes into account the type of card being reviewed (such as cash back, travel or balance transfer) and the card's rates, fees, rewards and other features.

Learn More

The Amazon Prime Rewards Visa Signature Card offers a high 5% rewards rate on purchases at both Amazon and Whole Foods Market; 2% at restaurants, gas stations and drugstores; and 1% everywhere else. Rewards are worth 1 cent each and can be redeemed toward eligible Amazon.com purchases, or for cash back, either as a statement credit or a deposit into an eligible checking or savings account. The card has a $0, but you must be an Amazon Prime member to qualify.

» MORE: How to choose the Amazon credit card for you

How to use it instantly

Once approved for the card, you'll be able to access the card from your Amazon account and use it to cover purchases there. (You'll have to wait for the physical card to show up to use it on other purchases.)

» MORE:Full review of the Capital One® Walmart Rewards™ Mastercard®

United℠ Explorer Card

Our pick for: An airline card

Why we like it

Chase United Airlines Mileage Plus Credit Card
NerdWallet ratingNerdWallet's ratings are determined by our editorial team. The scoring formula takes into account the type of card being reviewed (such as cash back, travel or balance transfer) and the card's rates, fees, rewards and other features.

Learn More

Want to book a flight while earning a big sign-up bonus and valuable airline benefits at the same time? The United℠ Explorer Card allows you to do just that. It comes with a large sign-up bonus: Earn 60,000 bonus miles after you spend $3,000 on purchases in the first 3 months your account is open. And if you apply for this card before taking a United-operated flight, you could also take advantage of its other benefits during your trip, including two one-time-use passes to United Club lounges, a free checked-bag benefit, and 25% back on in-flight purchases.

You'll earn 2 miles per dollar spent on purchases from United and on restaurant purchases and hotel accommodations purchased directly with the hotel, and 1 mile per dollar spent on all other purchases. The card also comes with a credit that covers the application fee for Global Entry or TSA Precheck, which renews every four years and is worth up to $100. The annual fee is $0 intro for the first year, then $95.

How to use it instantly

Once approved, you'll be able to access the card from your MileagePlus account with United Airlines and use it to cover United purchases. (You'll have to wait for the physical card to show up to use it on other purchases.)

» MORE:Full review of the United℠ Explorer Card

Upgrade Triple Cash Rewards Visa®

Our pick for: Flexibility

Why we like it

Upgrade Triple Cash Rewards Visa
NerdWallet ratingNerdWallet's ratings are determined by our editorial team. The scoring formula takes into account the type of card being reviewed (such as cash back, travel or balance transfer) and the card's rates, fees, rewards and other features.

Learn More

The Upgrade Triple Cash Rewards Visa®, issued by Sutton Bank, is a unique credit card/personal loan hybrid product that earns cash-back rewards. The $0-annual-fee card earns 3% cash back on home, auto and health purchases, and 1% back on everything else. You can either use it as a credit card anywhere Visa is accepted, or you can choose to use it as a personal loan, where funds are sent to your bank account and you pay back the loan over a set period of time at a fixed interest rate.

How to use it instantly

After you're approved for the card, sign in to your account online and you can access your temporary virtual card. This temporary card number will be different from the card number on your permanent physical card, but you can use it until that physical card arrives in the mail.

» MORE: Full review of the Upgrade Triple Cash Rewards Visa®

SoFi Credit Card

Our pick for: SoFi customers

Why we like it

SoFi Credit Card
NerdWallet ratingNerdWallet's ratings are determined by our editorial team. The scoring formula takes into account the type of card being reviewed (such as cash back, travel or balance transfer) and the card's rates, fees, rewards and other features.

Learn More

On the surface, the SoFi Credit Card looks like a straightforward cash-back credit card, but it has some unique options. If you're a SoFi customer, you can redeem your rewards toward investing, cryptocurrency, saving or paying down an eligible loan with SoFi — in which case, you'll earn an effective 2% back. (Other redemption options, like statement credits, redeem at a lower rate.) Another distinctive feature: Once you make 12 on-time payments, the APR decreases by 1%.

How to use it instantly

Newly approved cardholders can add the card to an eligible digital wallet and begin using it right away without having to wait for the physical card to arrive in the mail.

» MORE:Full review of the SoFi Credit Card

Other notable options

Many popular "co-branded" credit cards — whether store cards or cards that are offered in partnership with another kind of business — offer instant credit access. Here are some notable examples:

  • The Apple Card, issued by Goldman Sachs, can be used immediately through Apple Pay after approval.

  • The Digital First Card, from Deserve, lets those who are approved use the card instantly through Apple Pay.

  • The HMBradley credit card, issued by Hatch Bank, lets you add your card to your Apple Wallet, Samsung Pay or Google Wallet instantly upon approval.

  • The PayPal Cashback Mastercard®, issued by Synchrony Bank, can be used for purchases processed through PayPal right away.

  • The Rakuten Cash Back Visa credit card, also issued by Synchrony, earns 3% cash back on qualifying purchases made through Rakuten.com, in-store offers, Rakuten hotels and Rakuten travel. You can combine cash back earned on the credit card with the rewards you earn for shopping with Rakuten's partners. Upon approval, you'll receive a card number that can be used instantly online or anywhere that doesn't require a physical credit card.

  • In addition to the Upgrade Triple Cash Rewards Visa® mentioned above, Upgrade also offers the Upgrade Visa® Card with Cash Rewards, which also gives immediate access to a virtual product option. Both cards are issued by Sutton Bank.

  • The Venmo Credit Card, issued by Synchrony, can be used instantly upon approval. The card lives within the Venmo app and can be added to some digital wallets (with the exception of Apple Pay).

  • The Bilt Rewards Mastercard, issued by Evolve Bank, earns rewards on rent with no fees, plus solid earnings on some everyday spending. Upon approval, cardholders can instantly find their new card number in the Bilt Rewards app for use online or anywhere you don't need a physical credit card.

Major issuers and their policies on instant credit access

NerdWallet's survey of issuers found that while many of them offer some form of instant access to credit, American Express has by far the most comprehensive such policy. With AmEx, all consumer cards give you access to an instant card number that you can use almost anywhere, as long as the issuer can instantly verify your identity.

Other issuers either didn't offer instant access to credit or made it available on a more limited basis. The following list is accurate as of June 2021:

An instant card number upon account approval is available on all American Express U.S. consumer credit and charge cards, including co-branded cards, according to the issuer. AmEx prepaid cards don't offer this feature, AmEx notes. Eligibility is based on American Express’ ability to instantly validate your identity. If you are eligible for an instant card number, you will receive one that you can use virtually anywhere AmEx is accepted, and a physical card will not be required. An instant card number is available only when you apply online through American Express via a desktop or mobile device, AmEx says. It's not available on applications made by phone.

Eligible existing customers who open a new credit card through a targeted promotion via the issuer's mobile app can view and add their new card information to a digital wallet while they are waiting to receive the physical card in the mail, according to Bank of America®. This option is available only to those who already have at least one account with Bank of America®. Currently, this isn't an option if you apply through the app without clicking on one of the targeted promotions.

The following cards do not offer instant credit upon approval, according to Barclays:

· The AAdvantage® Aviator® Red World Elite Mastercard®. · The Miles & More® World Elite Mastercard®.

But the issuer notes that several of its other co-branded cards do offer instant credit under certain circumstances. A sampling:

· The Frontier Airlines World Mastercard® offers instant credit upon approval toward your Frontier purchase when you apply while booking a flight or other travel through the site.

· The offers instant credit upon approval when you apply while booking a flight or other travel through the site.

· The Holland America Line Rewards Visa® Card offers instant credit upon approval when you apply while booking a cruise or when you apply onboard.

· The JetBlue Card offers instant credit upon approval toward your JetBlue purchase when you apply while booking a flight or vacation through the site.

· The NFL Extra Points Credit Card offers instant credit upon approval toward your purchase when you apply at NFLShop.com or PackersProShop.com.

· The Priceline Rewards™ Visa® Card offers instant credit upon approval toward your purchase when you apply while booking travel through the site.

· The Princess Cruises Rewards Visa® Card offers instant credit upon approval when you apply while booking a cruise or when you apply onboard.

· The Carnival World Mastercard offers instant credit upon approval when you apply while booking a cruise or when you apply onboard.

· The Diamond Resorts World Mastercard offers instant credit upon approval when you apply while visiting one of Diamond’s resorts.

· The RCI Elite Rewards Mastercard offers instant credit upon approval when you apply while visiting one the resorts in the RCI affiliate network.

· The Bluegreen Rewards Mastercard offers instant credit upon approval when you apply while visiting one of Bluegreen’s resorts.

· The Choice Privileges Visa Signature Card offers instant credit upon approval toward your purchase when you apply while booking travel through the site.

Customers that already have a Capital One account can get instant access to cards after applying if they meet certain criteria and the issuer is able to sufficiently verify their identity, according to Capital One. Those who are eligible can only access their Capital One card information instantly through the Capital One app, the issuer notes.

The Capital One® Walmart Rewards™ Mastercard® also offers instant access to credit through the Walmart app for Walmart purchases made online and in-store.

Certain co-branded Chase cards can be used instantly, according to the issuer. Customers won't immediately receive the account number, but instead, Chase will supply it directly to the co-brand partner, Chase notes. According to the issuer, this feature is available on cards associated with the following brands:

· Amazon. · British Airways. · Disney. · Marriott. · Southwest Airlines. · United Airlines.

Citi did not provide information on the availability of instant credit on its cards. In general, it doesn't offer instant access to credit, but there are exceptions. For example, it's possible to get instant access to the Costco Anywhere Visa® Card by Citi. If you're approved right away, you'll get access to a temporary barcode linked to your account that can only be used for Costco purchases.

Discover does not offer instant card numbers upon approval for its credit cards, the issuer confirms.

Wells Fargo does not offer instant card numbers upon approval for its credit cards, the issuer confirms.

» MORE: How soon can I get my new credit card?

To view rates and fees of the Blue Cash Preferred® Card from American Express, see this page.

Information related to the Amazon Prime Rewards Visa Signature Card and the Amazon Rewards Visa Signature Card has been collected by NerdWallet and has not been reviewed or provided by the issuer of these cards.

Источник: https://www.nerdwallet.com/article/credit-cards/instant-credit-card-numbers

I've received an error message stating that my credit card is invalid. What should I do?

If you see an error message stating that your credit card is invalid, this has most likely happened for one of the following reasons:
1. You have incorrectly entered your credit card number.
2. You have incorrectly entered your CVV code.
3. You have incorrectly entered your expiration date.
4. You have used a cancelled credit card to place your order.
5. Your card is restricted to point-of-sale transactions only (sales where your card is physically scanned).
Please double-check your credit card and/or with your bank to ensure that none of these problems have occurred. If you realize that you've made a mistake, simply return to the payment option page and enter in the correct information. Continue checking out as normal. If you're still encountering problems, please contact us. However, at NO point should you ever e-mail us your full credit card number. Your e-mail does not have the same security features in place as the website. If you wish to reference a specific credit card that you already have on file with us, please reference by the order number. If you believe that your card was declined due to insufficient funds, but now have those funds available, you may submit a new application. If you believe that your card is restricted to point-of-sale transactions, you must either contact your bank about removing such restrictions, use a different credit card, or pay with a money order.


Источник: https://em-study.com/emsfema/

How virtual card numbers can help prevent credit card phishing scams

Select’s editorial team works independently to review financial products and write articles we think our readers will find useful. We may receive a commission when you click on links for products from our affiliate partners.

The Capital One Spark Cash for Business is no longer available to new applicants; however, Capital One has launched 3 new business cards for small business owners. Click here to learn more.

Whether you've always been an avid online shopper or recently switched to virtual checkouts during the coronavirus pandemic, it's important to know your options for keeping your credit card information safe.

Some credit card issuers offer virtual card numbers to protect your real credit card number from phishers and hackers. A virtual card number is a digital copy of your credit card with a randomly-generated number that links to your account when you make online purchases. This creates an invisible buffer between bad actors and your real card number, making credit card fraud harder to pull off.

A virtual card number is different than an instant card number. The first is for masking your real card number, and the second is when a credit card issuer gives you an account number right away so that you can make online payments instantly upon approval without waiting for your physical card to arrive in the mail.

Right now, there are only two card issuers that offer virtual card numbers: Capital One and Citi.

Below, CNBC Select reviews which card issuers provide virtual card numbers so that you can have peace of mind while shopping online.

Capital One credit cards with virtual numbers

Using Eno®, Capital One's intelligent assistant portal, you can create unique virtual card numbers that are linked to your eligible Capital One credit cards. Create a virtual number for each merchant, which Eno can save to use again in the future. When you use a virtual number that's linked to one of your Capital One cards, it will be charged as though you were using the original account number.

It works like this:

  1. Select online checkout at your preferred merchant.
  2. The Eno browser extension will pop up when you're ready to pay and prompt you to sign in. 
  3. Eno will create a merchant-specific virtual number that will link to your existing Capital One credit card.
  4. Your payment information will autofill during checkout.
  5. Eno will save your specific virtual number for ongoing and future payments at each merchant.
  6. All charges will show up on your statement as they normally would.

Citi credit cards with virtual numbers

Citi allows select cardmembers to create a different virtual number for every website they shop. Every decoy number will link back to your main credit card account so that phishers and other fraudsters can't crack the code. And in case someone does manage to steal your virtual number, you can simply get a new one without having to replace your physical card. This feature is available for most Citi credit cards.

Here is how to set up a virtual account number with your Citi card:

  1. When you're ready to provide your purchase information at checkout, log in to your Citi account in a separate tab.
  2. Launch Virtual Account Numbers.
  3. Select "Generate" to obtain a Virtual Account Number.
  4. In the merchant's checkout form, input the newly generated credit card number, expiration date and 3-digit security code on the back of the card (if applicable).

Below are some of the most popular Citi cards:

View our full list of top Citi credit cards.

Alternatives to virtual card numbers

Though just a couple of card issuers offer virtual card numbers, a virtual credit card number chase visa of payment options such as Chase Pay® and Mastercard® Click to Pay allow cardmembers to store their card number in a secure wallet that you can access when you checkout at participating merchants.

Though digital wallets and secure payment apps are different than virtual card numbers, they provide another layer of protection because you don't have to enter your card information every time you pay. However, not every merchant accepts digital wallets as a form of payment.

Bottom line

Phishers are fraudsters who try to record keystrokes to steal your sensitive information. Never enter your credit card information on a website or email you cannot verify, and always check twice when things seem off. When you shop with a virtual credit card number, you can easily replace it in the event of fraud without having to cancel the original card. This can help you out if a bad actor gets hold of your information, whether by infiltrating your favorite merchant or sending a scam email.

If you are concerned about phishing scams, monitor your credit statement and credit report regularly to put your mind at ease.

Learn more:


Information about the Citi Prestige® Card, and Capital One cards has been collected independently by CNBC and has not been reviewed or provided by the issuer of the card prior to publication.

Editorial Note: Opinions, analyses, reviews or recommendations expressed in this article are those of the Select editorial staff’s alone, and have not been reviewed, approved or otherwise endorsed by any third party.
Источник: https://www.cnbc.com/select/how-to-avoid-phishing-scams/

Credit and Debit Card Market Share by Network and Issuer

Many or all of the products here are from our partners that pay us a commission. It’s how we make money. But our editorial integrity ensures our experts’ opinions aren’t influenced by compensation. Terms may apply to offers listed on this page.

Image source: Getty Images

If you ask the average American which credit cards are the most common, they'll probably tell you that Visa and Mastercard dominate the market. But to what degree is that true? Which credit card network has the highest market share? Which issuers are most popular?

We dug into the most recent data from the Nilson Report, the premier collection of financial data, to get you the answers. Read on for information on credit and debit card market share by network, issuer, and more.

Key findings

  • 82% of American adults had a debit card in 2018, the most recent year for which this data has been published.
  • 72% of American adults had a credit card in 2018.
  • In 2018, over 70% of all cards in the United States were prepaid debit cards.
  • Almost half of Americans had a Visa credit card in 2018.
  • There were more store credit cards in circulation than any other type of card in 2018.
  • Visa accounted for about half of the purchase volume on credit cards in 2018.
  • Chase had the largest credit card market share of any issuer in 2019, when measured by outstanding balances.
  • Almost 3 out of 4 Americans had a Visa debit card in 2018.
  • Wells Fargo had the largest debit card market share of any issuer in 2019, when measured by purchase volume.

The payment card landscape

Credit and debit card usage in America is on the up, with total card purchases predicted to top $10 trillion by 2023.

Americans were slightly more likely to hold a debit card in 2018, but the overall purchase volume was higher on credit cards.

How many Americans have debit and credit cards?

These figures come from a 2019 Nilson Report:

  • 208.7 million adults in the U.S. (82.20%) had a debit card in 2018.
  • 182 million adults (71.67%) had a credit card in 2018.

Those numbers are projected to rise. By 2023, it's estimated that 84.58% landmark vacation rentals north carolina adults will hold a debit card and 73.37% will hold a credit card.

How many cards do Americans have?

Not only do most adults in the U.S. hold a debit or credit card, but many adults hold more than one. The Nilson Report noted that there were 6.96 billion credit, debit, and prepaid cards in the U.S. in 2018.

That's about 21 per person.

Keep in mind, though, that of the nearly 7 billion cards in the U.S., 71.7% were prepaid debit cards.

Debit and credit card purchase volume

The purchase volume on all electronic payment cards in the U.S. rose to $7.27 trillion in 2018, according to the Nilson Report. That's up almost 10% from 2017.

Of the over $7 trillion in electronic payment card purchases in 2018, credit card purchase volume accounted for 54.17% (up from 52.87% in 2013) and debit card purchase volume accounted for 45.83% (down from 47.13% in 2013).

By 2023, the purchase volume on all electronic payment cards in the U.S. is projected to rise to $10.086 trillion.

Credit card market share: which cards do Americans carry and which do they use?

As we've seen over 7 in 10 Americans had a credit card in 2018.

Visa stood out as the most popular credit card network. It also had a high number of cards in circulation and a correspondingly high purchase volume.

In contrast, while over 4 in 10 Americans had store credit cards in 2018, they didn't spend a lot on them.

The average amount of a credit card purchase transaction was $90.73, up nearly 1% from 2017.

Credit card market share by number of cardholders

Almost half of Americans had a Visa credit card in 2018:

Here's how the market share of breaks down by card network:

  • 49.26% of American adults had a Visa credit card in 2018,
  • 44.16% of American adults had a store credit card in 2018,
  • 38.95% of American adults had a Mastercard credit card in 2018,
  • 17.52% of American adults had a Discover credit card in 2018, and
  • 15.00% of American adults had an American Express credit card in 2018.

At first glance, 44% of adults with a store credit card (also known as a private label card) may seem high, but that number has actually been trending down since the Great Recession.

Credit card market share by cards in circulation

There were over 1.1 billion credit cards in circulation in the United States in 2018. The market share of credit cards in circulation was pretty evenly distributed:

  • Store credit cards: 392 million (34.93%)
  • Visa: 338 million (30.09%)
  • Mastercard: 231 million (20.55%)
  • Discover: 57 million (5.10%)
  • American Express: 54 million (4.78%)
  • Other: 51.2 million (4.57%)

Credit card market share by purchase volume

Visa accounted for about half of the purchase volume on credit cards in 2018:

  • Visa credit: 49.70%
  • Mastercard credit: 20.60%
  • American Express credit: 19.61%
  • Store credit: 4.62%
  • Discover credit: 3.53%
  • Other credit: 1.93%

How will that change in the future? Here's what the Nilson Report predicts:

  • The purchase volume on Mastercard credit cards will grow 53.4% by 2023.
  • The purchase volume on American Express credit cards will grow 42.9% by 2023.
  • The purchase volume on Visa credit cards will grow 34.6% by 2023.

Mastercard debit cards are also predicted to grow faster than Visa debit cards over the same time period.

Superprime consumers are driving credit card purchase volume trends

Even though the purchase volume on electronic payment cards continues to rise, the amount of debt consumers carry on their credit cards continues to do the opposite.

The Bureau of Consumer Financial Protection reported that credit card debt as a percentage of purchase volume had fallen from 64.7% in 1996 to 26.5% in 2018.

Consumers with superprime credit scores (scores of 720 or greater) accounted for 82% of the purchase volume on credit cards, consumers with prime scores (scores from 660 to 719) accounted for 13%, and the remaining credit score tiers made up 5%.

The American Bankers Association reported in 2019 that as consumers exhibit good payment behavior, issuers are responding by slowly increasing credit lines; however, issuers are also slowing the pace of new account openings, particularly for prime (credit scores from 680 to 759) and subprime (scores less than 680) borrowers.

Outstanding balances on credit cards in the U.S. totaled more than $1 trillion

As reported by the Nilson Report, at the end of 2018, outstanding balances on credit cards in the U.S. totaled $1.124 trillion, up 5.8% from 2017. In terms of outstanding balance, Visa held the largest credit card market share:

  1. Visa: 41.93%
  2. Mastercard: 27.54%
  3. Store credit cards: 11.64%
  4. American Express: 10.67%
  5. Discover: 6.49%

Other networks had the final 1.73%.

Credit card market share by network (outstanding balances)

According to the Nilson Report, the 2019 market share for the top 10 issuers of credit cards based on outstanding balances was as follows:

  1. Chase: 16.6%
  2. Citi: 11.6%
  3. American Express: 11.3%
  4. Bank of America: 10.7%
  5. Capital One: 10.5%
  6. Discover: 7.6%
  7. Wells Fargo: 4.3%
  8. U.S. Bank: 4.1%
  9. Barclays: 2.6%
  10. Synchrony: 2.0%

Other issuers made up the final 18.7%. The top 10 credit card issuers controlled 81.3% of the market, while none of the remaining issuers had a market share larger than 2%.

Debit card market share: how do Americans use their debit cards?

In 2018, there were about 5.8 trillion debit cards in the U.S., and over 80% of Americans had at least one debit card.

It's worth noting that prepaid credit cards made up over 85% of the debit cards in circulation, but they accounted for less than 10% of the purchase volume. In contrast, Visa debit cards represented less than 10% of the total cards, but over half the purchases.

Debit card market share by number of cardholders

Visa debit cards had a larger market share than Mastercard debit cards in 2018, but Mastercard is predicted to grow faster until at least 2023.

Debit card market share by number of cards

The number of general purpose and private label debit cards increased 3.8% to 5.84 billion (or 83.85% of all cards) between 2017 and 2018.

Prepaid cards made up the lion’s share of debit cards in circulation at 4.9 billion (85.50%), followed by Visa debit cards at 561 million (9.61%), and Mastercard debit cards at 216 million (3.69%).

Debit card market share by purchase volume

Around half of all purchase volume on debit cards were on Visa branded cards in 2018:

  • Visa debit: 51.86%
  • Mastercard debit: 21.79%
  • Prepaid debit: 8.45%

The rest of purchases are made up of electronic funds transfer (EFT) cards without Visa and Mastercard branding as well as a small amount of ACH card purchases. EFT networks include names like PULSE, Star Systems, and NYC.

Between 2018 and 2023, the purchase volume on ACH debit cards is expected to grow by 56.7%, more than any other type of electronic payment card. (ACH cards are like EFT cards, but use a slightly different processing system.)

Debit card market share by issuer (purchase volume)

A recent Nilson Report revealed the 2019 top issuers of general purpose debit and prepaid cards in terms of purchase volume for goods and services.

Wells Fargo topped the debit card market share when it came to purchase volume:

  1. Wells Fargo: $363.8 billion
  2. Bank of America: $346.6 billion
  3. Chase: $345.6 billion
  4. PNC: $80.1 billion
  5. Truist: $75.7 billion
  6. US Bank: $72.0 billion
  7. USAA: $65.6 billion
  8. Bancorp: $62.9 billion
  9. Navy FCU: $59.3 billion
  10. TD Bank: $51.5 billion

Wells Fargo, Bank of America, and Chase dominated the ranking, with the rest of the top 10 bringing in significantly less purchase volume.

Sources

Share This Page

Many or all of the products here are from our partners that pay us a commission. It’s how we make money. But our editorial integrity ensures our experts’ opinions aren’t influenced by compensation. Terms may apply to offers listed on this page.

About the Chase student account 100 dollars Shannon Souza is a research writer for The Ascent. She has a bachelor’s degree in economics from Texas A&M University and a master’s degree in applied economics from Johns Hopkins University.

Источник: https://www.fool.com/the-ascent/research/credit-debit-card-market-share-network-issuer/

HOW DOES IT WORK?

Add Eno to your browser

Once installed, sign into the Eno browser extension and enroll with a Capital One credit card to get started.

Get virtual cards at checkout

When you're ready to pay, Eno can create a merchant-specific virtual card for you that is linked to your credit card account.

Happy shopping!

Eno saves your virtual cards for future payments and all charges will show up on your credit card account statements as they normally would.

Skip sign in—if you want

Opt in to express checkout to bypass sign in for a quicker checkout experience.

Add Eno to your browser

Once installed, sign into the Eno browser extension and enroll with a Capital One credit card to get started.

Get virtual cards at checkout

When you're ready to pay, Eno can create a merchant-specific virtual card for you that is linked to your credit card account.

Happy shopping!

Eno saves your virtual cards for future payments and all charges will show up on your credit card account statements as they normally would.

Skip sign in—if you want

Opt in to express checkout to bypass sign in for a quicker checkout experience.

Источник: https://www.capitalone.com/applications/eno/virtualnumbers/

EMV

For the amusement ride vehicle, see Enhanced motion vehicle. For the Mexican school, see Escuela Mexicana del Valle. For the Australian agency, see Emergency Management Victoria.

5143773081812421

EMV is a payment method based upon a technical standard for smartpayment cards and for payment terminals and automated teller machines which can accept them. EMV originally stood for "Europay, Mastercard, and Visa", the three companies that created the standard.

EMV cards are smart cards, also called chip cards, integrated circuit cards, or IC cards which store their data on integrated circuit chips, in addition to magnetic stripes for backward compatibility. These include cards that must be physically inserted or "dipped" into a reader, as well as contactless cards that can be read over a short distance using near-field communication technology. Payment cards which comply with the EMV standard are often called chip and PIN or chip and signature cards, depending on the authentication methods employed by the card issuer, such as a personal identification number (PIN) or digital signature.

There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards (Mastercard Contactless, Visa PayWave, American Express ExpressPay).

In February 2010, computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack but only implementations where the PIN was validated offline were vulnerable.

History[edit]

See also: Payment card and Smart card

Until the introduction of Chip & PIN, all face-to-face credit or debit card transactions involved the use of a magnetic stripe or mechanical imprint to read and record account data, and a signature for purposes of identity verification. The customer hands their card to the cashier at the point of sale who then passes the card through a magnetic reader or makes an imprint from the raised text of the card. In the former case, the system verifies account details and prints a slip for the customer to sign. In the case of a mechanical imprint, the transaction details are filled in, a list of stolen numbers is consulted, and the customer signs the imprinted slip. In both cases the cashier must verify that the customer's signature matches that on the back of the card to authenticate the transaction.

Using the signature on the card as a verification method has a number of security flaws, the most obvious being the relative ease with which cards may go missing before their legitimate owners can sign them. Another involves the erasure and replacement of legitimate signature, and yet another involves the forgery of the correct signature.

The invention of the siliconintegrated circuit chip in 1959 led to the idea of incorporating it onto a plastic smart card in the late 1960s by two German engineers, Helmut Gröttrup and Jürgen Dethloff.[1] The earliest smart cards were introduced as calling cards in the 1970s, before later being adapted for use as payment cards.[2][3] Smart cards have since used MOS integrated circuit chips, along with MOS memory technologies such as flash memory and EEPROM (electrically erasable programmable read-only memory).[4]

The first standard for smart payment cards was the Carte Bancaire B0M4 from Bull-CP8 deployed in France in 1986, followed by the B4B0' (compatible with the M4) deployed in 1989. Geldkarte in Germany also predates EMV. EMV was designed to allow cards and terminals to be backwardly compatible with these standards. France has since migrated all its card and terminal infrastructure to EMV.

EMV originally stood for Europay, Mastercard, and Visa, the three companies that created the standard. The standard is now managed by EMVCo, a consortium with control split equally among Visa, Mastercard, JCB, American Express, China UnionPay, and Discover.[5] EMVCo also refers to "Associates," companies able to provide input and receive feedback on detailed technical and operational issues connected to the EMV specifications and related processes.[6]

JCB joined the consortium in February 2009, China UnionPay in May 2013,[7]Discover in September 2013,[8] and RuPay on 26 March 2012.[9][10]

Differences and benefits[edit]

There are two major benefits to moving to smart-card-based credit card payment systems: improved security (with associated fraud reduction), and the possibility for finer control of "offline" credit-card transaction approvals. One of the original goals of EMV was to provide for multiple applications on a card: for a credit and debit card application or an e-purse. New issue debit cards in the US[when?] contain two applications — a card association (Visa, Mastercard etc.) application, and a common debit application. The common debit application ID is somewhat of a misnomer as each "common" debit application actually uses the resident card association application.[11]

EMV chip card transactions improve security against fraud compared to magnetic stripe card transactions that rely on the holder's signature and visual inspection of the card to check for features such as hologram. The use of a PIN and cryptographic algorithms such as Triple DES, RSA and SHA provide authentication of the card to the processing terminal and the card issuer's host system. The processing time is comparable to online transactions, in which communications delay accounts for the majority of the time, while cryptographic operations at the terminal take comparatively little time. The supposed increased protection from fraud has allowed banks and credit card issuers to push through a "liability shift", such that merchants are now liable (as of 1 January 2005 in the EU region and 1 October 2015 in the US) for any fraud that results from transactions on systems that are not EMV-capable.[12][promotional source?][13][promotional source?]

The majority of implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a personal identification number (PIN) rather than signing a paper receipt. Whether or not PIN authentication takes place depends upon the capabilities of the terminal and programming of the card.[citation needed]

When credit cards were first introduced, merchants used mechanical rather than magnetic portable card imprinters that required carbon paper to make an imprint. They did not communicate electronically with the card issuer, and the card never left the customer's sight. The merchant had to verify transactions over a certain currency limit by telephoning the card issuer. During the 1970s in the United States, many merchants subscribed to a regularly-updated list of stolen or otherwise invalid credit card numbers. This list was commonly printed in booklet form on newsprint, in numerical order, much like a slender phone book, yet without any data aside from the list of invalid numbers. Checkout cashiers were expected to thumb through this booklet each and every time a credit card was presented for payment of any amount, prior to approving the transaction, which incurred a short delay.[citation needed]

Later, equipment electronically contacted the card issuer, using information from the magnetic stripe to verify the card and authorize the transaction. This was much faster than before, but required the transaction to occur in a fixed location. Consequently, if the transaction did not take place near a terminal (in a restaurant, for example) the clerk or waiter had to take the card away from the customer and to the card machine. It was easily possible at any time for a dishonest employee to swipe the card surreptitiously through a cheap machine that instantly recorded the information on the card and stripe; in fact, even at the terminal, a thief could bend down in front of the customer and swipe the card on a hidden reader. This made illegal cloning of cards relatively easy, and a more common occurrence than before.[citation needed]

Since the introduction of payment card Chip and PIN, cloning of the chip is not feasible; only the magnetic stripe can be copied, and a copied card cannot be used pixels com fine art america itself on a terminal requiring a PIN. The introduction of Chip and PIN coincided with wirelessdata transmission technology becoming inexpensive and widespread. In addition to mobile-phone-based magnetic readers, merchant personnel can now bring wireless PIN pads to the customer, so the card is never out of the cardholder's sight. Thus, both chip-and-PIN and wireless technologies can be used to reduce the risks of unauthorized swiping and card cloning.[14]

Chip and PIN versus chip and signature[edit]

Chip and PIN is one of the two verification methods that EMV enabled cards can employ. Rather than physically signing a receipt for identification purposes, the user just enters a personal identification number (PIN), typically of 4 to 6 digits in length. This number must correspond to the information stored on the chip. Chip and PIN technology makes it much harder for fraudsters to use a found card, so if someone steals a card, they can't make fraudulent purchases unless they know the PIN.

Chip and signature, on the other hand, differentiates itself from chip and PIN by verifying a consumer's identity with a signature.

As of 2015, chip and signature cards are more common in the US, Mexico, parts of South America (such as Argentina, Colombia, Peru) and some Asian countries (such as Taiwan, Hong Kong, Thailand, South Korea, Singapore, and Indonesia), whereas chip and PIN cards are more common in most European countries (e.g., the UK, Ireland, France, Portugal, Finland and the Netherlands) as well as in Iran, Brazil, Venezuela, India, Sri Lanka, Canada, Australia and New Zealand.[15][16]

Online, phone, and mail order transactions[edit]

While EMV technology has helped reduce crime at the point of sale, fraudulent transactions have shifted to more vulnerable telephone, Internet, and mail order transactions—known in the industry as card-not-present or CNP transactions.[17] CNP transactions made up at least 50% of all credit card fraud.[18] Because of physical distance, it is not possible for the merchant to present a keypad to the customer in these cases, so alternatives have been devised, including

  • Software approaches for online transactions that involve interaction with the card-issuing bank or network's website, such as Verified by Visa and Mastercard SecureCode (implementations of Visa's 3-D Secure protocol). 3-D Secure is now being replaced by Strong Customer Authentication as defined in the European Second Payment Services Directive.
  • Creating a one-time virtual card linked to a physical card with a given maximum amount.
  • Additional hardware with keypad and screen that can produce a one-time password, such as the Chip Authentication Program.
  • Keypad and screen integrated into complex cards to produce a one-time password. Since 2008, Visa has been running pilot projects using the Emue card where the generated number replaces the code printed on the back of standard cards.[19]

Commands[edit]

ISO/IEC 7816-3 defines the transmission protocol between chip cards and readers. Using this protocol, data is exchanged in application protocol data units (APDUs). This comprises sending a command to a card, the card processing it, and sending a response. EMV uses the following commands:

  • application block
  • application unblock
  • card block
  • external authenticate (7816-4)
  • generate application cryptogram
  • get data (7816-4)
  • get processing options
  • internal authenticate (7816-4)
  • PIN change / unblock
  • read record (7816-4)
  • select (7816-4)
  • verify (7816-4).

Commands followed by "7816-4" are defined in ISO/IEC 7816-4 and are interindustry commands used for many chip card applications such as GSMSIM cards.

Transaction flow[edit]

An EMV transaction has the following steps:[20][third-party source needed]

Application selection[edit]

ISO/IEC 7816 defines a process for application selection. The intent of application selection was to let cards contain completely different applications—for example GSM and EMV. However, EMV developers implemented application selection as a way of identifying the type of product, so that all product issuers (Visa, Mastercard, etc.) must have their own application. The way application selection is prescribed in EMV is a frequent source of interoperability problems between cards and terminals. Book 1[21] of the EMV standard devotes 15 pages to describing the application selection process.

An application identifier (AID) is used to address an application in the card or Host Card Emulation (HCE) if delivered without a card. An AID consists of a registered application provider identifier (RID) of five bytes, which is issued by the ISO/IEC 7816-5 registration authority. This is followed by a proprietary application identifier extension (PIX), which enables the application provider to differentiate among the different applications offered. The AID is printed on all EMV cardholder receipts. Card issuers can alter the application name from the name of the card network. Chase, for example, renames the Visa application on its Visa cards to "CHASE VISA", and the Mastercard application on its Mastercard cards to "CHASE MASTERCARD". Capital One renames the Mastercard application on its Mastercard cards to "CAPITAL ONE", and the Visa application on its Visa cards to "CAPITAL ONE VISA". The applications are otherwise the same.[a]

List of applications:

Card scheme / Payment Network RID Product PIX AID
Danmønt (Denmark)A000000001Cash card1010A0000000011010
Visa (USA)A000000003Visa credit or debit1010A0000000031010
Visa Electron2010A0000000032010
V Pay2020A0000000032020
Plus8010A0000000038010
Mastercard (USA)A000000004Mastercard credit or debit1010A0000000041010
Mastercard[22]9999A0000000049999
Maestro3060A0000000043060
Cirrus ATM card only6000A0000000046000
Chip Authentication Program Securecode8002A0000000048002
MastercardA000000005Maestro UK
(formerly Switch)
0001A0000000050001
American Express (USA)A000000025American Express01A00000002501
American Express (USA)A000000790American Express (China debit and credit cards)01A00000079001
U.S. Debit (all interbank networks) (USA) A000000098 Visa-branded card 0840 A0000000980840
A000000004 Mastercard-branded card 2203 A0000000042203
A000000152 Discover-branded card 4010 A0000001524010
Menards Credit Card (store card) (USA) A000000817 002001 A000000817002001
LINK ATM network (UK)A000000029ATM card1010A0000000291010
CB (France)A000000042CB (credit or debit card)1010A0000000421010
CB (Debit card only)2010A0000000422010
JCB (Japan)A000000065Japan Credit Bureau1010A0000000651010
Dankort (Denmark)A000000121Dankort1010A0000001211010
VisaDankort 4711 A0000001214711
Dankort (J/speedy)4711A0000001214712
Consorzio Bancomat (Italy)A000000141Bancomat/PagoBancomat0001A0000001410001
Diners Club/Discover (USA)A000000152Diners Club/Discover3010A0000001523010
Banrisul (Brazil)A000000154Banricompras Debito4442A0000001544442
SPAN2 (Saudi Arabia)A000000228SPAN1010A00000022820101010
Interac (Canada)A000000277Debit card1010A0000002771010
Discover (USA)A000000324ZIP1010A0000003241010
UnionPay (China)A000000333Debit010101A000000333010101
Credit010102A000000333010102
Quasi-credit010103A000000333010103
Electronic cash010106A000000333010106
ZKA (Germany)A000000359Girocard1010028001A0000003591010028001
EAPS Bancomat (Italy)A000000359PagoBancomat10100380A00000035910100380
Verve (Nigeria)A000000371Verve0001A0000003710001
The Exchange Network ATM network (Canada/USA)A000000439ATM card1010A0000004391010
RuPay (India)A000000524RuPay1010A0000005241010
Dinube (Spain) A000000630 Dinube Payment Initiation (PSD2) 0101 A0000006300101
MIR (Russia)A000000658MIR Debit2010A0000006582010
MIR Credit1010A0000006581010
Edenred (Belgium)A000000436Ticket Restaurant0100A0000004360100
eftpos (Australia) A000000384 Savings (debit card) 10 A00000038410
Cheque (debit card) 20 A00000038420
GIM-UEMOA


(Eight West African countries: Benin, Burkina Faso, Côte d'Ivoire, Guinea Bissau, Mali, Niger, Senegal, Togo)

A000000337 Retrait 01 000001 A000000337301000
Standard 01 000002 A000000337101000
Classic 01 000003 A000000337102000
Prepaye Online 01 000004 A000000337101001
Prepaye Possibile Offline 01 000005 A000000337102001
Porte Monnaie Electronique 01 000006 A000000337601001
meeza (Egypt)A000000732meeza Card100123A000000732100123

Initiate application processing[edit]

The terminal sends the get processing options command to the card. When issuing this command, the terminal supplies the card with any data elements requested by the card in the processing options data objects list (PDOL). The PDOL (a list of tags and lengths of data elements) is optionally provided by the card to the terminal during application selection. The card responds with the application interchange profile (AIP), a list of functions to perform in processing the transaction. The card also provides the application file locator (AFL), a list of files and records that the terminal needs to read from the card.[citation needed]

Read application data[edit]

Smart cards store data in files. The AFL contains the files that contain EMV data. These all must be read using the read record command. EMV does not specify which files data is stored in, so all the files must be read. Data in these files is stored in BERTLV format. EMV defines tag values for all data used in card processing.[23]

Processing restrictions[edit]

The purpose of the processing restrictions is to see if the card should be used. Three data elements read in the previous step are checked: Application version number, Application usage control (This shows whether the card is only for domestic use, etc.), Application effective/expiration dates checking.[citation needed]

If any of these checks fails, the card is not necessarily declined. The terminal sets the appropriate bit in the terminal verification results (TVR), the components of which form the basis of an accept/decline decision later in the transaction flow. This feature lets, for example, card issuers permit cardholders to keep using expired cards after their expiry date, but for all transactions with an expired card to be performed on-line.[citation needed]

Offline data authentication (ODA)[edit]

Offline data authentication is a cryptographic check to validate the card using public-key cryptography. There are three different processes that can be undertaken depending on the card:[citation needed]

  • Static data authentication (SDA) ensures data read from the card has been signed by the card virtual credit card number chase visa. This prevents modification of data, but does not prevent cloning.
  • Dynamic data authentication (DDA) provides protection against modification of data and cloning.
  • Combined DDA/generate application cryptogram (CDA) combines DDA with the generation of a card's application cryptogram to assure card validity. Support of CDA in devices may be needed, as this process has been implemented in specific markets. This process is not mandatory in terminals and can only be carried out where both card and terminal support it.[citation needed]

EMV certificates[edit]

To verify the authenticity of payment cards, EMV certificates are used. The EMV Certificate Authority[24] issues digital certificates to payment card issuers. When requested, the payment card chip provides the card issuer's public key certificate and SSAD to the terminal. The terminal retrieves the CA's public key from local storage and uses it to confirm trust for the CA and, if trusted, to verify the card issuer's public key was signed by the CA. If the card issuer's public key is valid, the terminal uses the card issuer's public key to verify the card's SSAD was signed by the card issuer.[25]

Cardholder verification[edit]

Cardholder verification is used to evaluate whether the person presenting the card is the legitimate cardholder. There are many cardholder verification methods (CVMs) supported in EMV. They are[citation needed]

  • Signature
  • Offline plaintext PIN
  • Offline enciphered PIN
  • Offline plaintext PIN and signature
  • Offline enciphered PIN and signature
  • Online PIN
  • No CVM required
  • Consumer Device CVM
  • Fail CVM processing

The terminal uses a CVM list read from the card to determine the type of verification to perform. The CVM list establishes a priority of CVMs to use relative to the capabilities of the terminal. Different terminals support different CVMs. ATMs generally support online PIN. POS terminals vary in their CVM support depending on type and country.[citation needed]

For offline enciphered PIN methods, the terminal encrypts the cleartext PIN block with the card's public key before sending it to the card with the Verify command. For the online PIN method, the cleartext PIN block is encrypted by the terminal using its point-to-point encryption key before sending it to the acquirer processor in the authorization request message.

In 2017, EMVCo added support for biometric verification methods in version 4.3 of the EMV specifications[26]

Terminal risk management[edit]

Terminal risk management is only performed in devices where there is a decision to be made whether a transaction should be authorised on-line or offline. If transactions are always carried out on-line (e.g., ATMs) or always off-line, this step can be skipped. Terminal risk management checks the transaction amount against an offline ceiling limit (above which transactions should be processed on-line). It is also possible to have a 1 in an online counter, and a check against a hot card list (which is only necessary for off-line transactions). If the result of any of these tests is positive, the terminal sets the appropriate bit in the terminal verification results (TVR).[27]

Terminal action analysis[edit]

The results of previous processing steps are used to determine whether a transaction should be approved offline, sent online for authorization, or declined offline. This is done using a combination of data objects known as terminal action codes (TACs) held in the terminal and issuer action codes (IACs) read from the card. The TAC is logically OR'd with the IAC, to give the transaction acquirer a level of control over the transaction outcome.[citation needed]

Both types of action code take the values Denial, Online, and Default. Each action code contains a series of bits which correspond to the bits in the Terminal verification results (TVR), and are used in the terminal's decision whether to accept, decline or go on-line for a payment transaction. The TAC is set by the card acquirer; in practice card schemes advise the TAC settings that should be used for a particular terminal type depending on its capabilities. The IAC is set by the card issuer; some card issuers may decide that expired cards should be rejected, by setting the appropriate bit in the Denial IAC. Other issuers may want the transaction to proceed on-line so that they can in some cases allow these transactions to be carried out.[citation needed]

An online-only device such as an ATM always attempts to go on-line with the authorization request, unless declined off-line due to issuer action codes—Denial settings. During IAC—Denial and TAC—Denial processing, for an online only device, the only relevant Terminal verification results bit is "Service not allowed".[citation needed]

When an online-only device performs IAC—Online and TAC—Online processing the only relevant TVR bit is "Transaction value exceeds the floor limit". Because the floor limit is set to zero, the transaction should always go online and all other values in TAC—Online or IAC—Online are irrelevant. Online-only devices do not need to perform IAC-default processing.[citation needed]

First card action analysis[edit]

One of the data objects read from the card in the Read application data stage is CDOL1 (Card Data object List). This object is a list of tags that the card wants to be sent to it to make a decision on whether to approve or decline a transaction (including transaction amount, but many other data objects too). The terminal sends this data and requests a cryptogram using the generate application cryptogram command. Depending on the terminal's decision (offline, online, decline), the terminal requests one of the following cryptograms from the card:[citation needed]

  • Transaction certificate (TC)—Offline approval
  • Authorization Request Cryptogram (ARQC)—Online authorization
  • Application Authentication Cryptogram (AAC)—Offline decline.

This step gives the card the opportunity to accept the terminal's action analysis or to decline a transaction or force a transaction on-line. The card cannot return a TC when an ARQC has been asked for, but can return an ARQC when a TC has been asked for.[citation needed]

Online transaction authorization[edit]

Transactions go online when an ARQC has been requested. The ARQC is sent in the authorisation message. The card generates the ARQC. Its format depends on the card application. EMV does not specify the contents of the ARQC. The ARQC created by the card application is a digital signature of the transaction details, which the card issuer can check in real time. This provides a strong cryptographic check that the card is genuine. The issuer responds to an authorization request with a response code (accepting or declining the transaction), an authorisation response cryptogram (ARPC) and optionally an issuer script (a string of commands to be sent to the card).[citation needed]

ARPC processing is not performed in contact transactions processed with Visa Quick Chip[28] for EMV and Mastercard M/Chip Fast,[29] and in contactless transactions across schemes because the card is removed from the reader after the ARQC has been generated.

Second card action analysis[edit]

CDOL2 (Card data object list) contains a list of tags that the card wanted to be sent after online transaction authorisation (response code, ARPC, etc.). Even if for any reason the terminal could not go online (e.g., communication failure), the terminal should send this data to the card again using the generate authorisation cryptogram command. This lets the card know the issuer's response. The card application may then reset offline usage limits.

Issuer script processing[edit]

If a card issuer wants to update a card post issuance it can send commands to the card using issuer script processing. Issuer scripts are meaningless to the terminal and can be encrypted between the card and the issuer to provide additional security. Issuer script can be used to block cards, or change card parameters.[30]

Issuer script processing is not available in contact transactions processed with Visa Quick Chip[31] for EMV and Mastercard M/Chip Fast,[32] and for contactless transactions across schemes.

Control of the EMV standard[edit]

Contact pad for the electrical interface on the front side of a credit card

The first version of EMV standard was published in 1995. Now the standard is defined and managed by the privately owned corporation EMVCo LLC. The current members of EMVCo[33] are American Express, Discover Financial, JCB International, Mastercard, China UnionPay, and Visa Inc. Each of these organizations owns an equal share of EMVCo and has representatives in the EMVCo organization and EMVCo working groups.

Recognition of compliance with the EMV standard (i.e., device certification) is issued by EMVCo following submission of results of testing performed by an accredited testing house.[citation needed]

EMV Compliance testing has two levels: EMV Level 1, which covers physical, electrical and transport level interfaces, and EMV Level 2, which covers payment application selection and credit financial transaction processing.[citation needed]

After passing common EMVCo tests, the software must be certified by payment brands to comply with proprietary EMV implementations virtual credit card number chase visa as Visa VSDC, American Express AEIPS, Mastercard MChip, JCB JSmart, or EMV-compliant implementations of non-EMVCo members such as LINK in the UK, or Interac in Canada.[citation needed]

List of EMV documents and standards[edit]

Ambox current red.svg

This section needs to be updated. Please help update this article to reflect recent events or newly available information.(March 2020)

As of 2011, since version 4.0, the official EMV standard documents which define all the components in an EMV payment system are published as four "books" and some additional documents:

Versions[edit]

The first EMV standard came into view in 1995 as EMV 2.0. This was upgraded to EMV 3.0 in 1996 (sometimes referred to as EMV '96) with later amendments to EMV 3.1.1 in 1998. This was further amended to version 4.0 in December 2000 (sometimes referred to as EMV 2000). Version 4.0 became effective in June 2004. Version 4.1 became effective in June 2007. Version 4.2 is in effect since June 2008. Version 4.3 is in effect since November 2011.[39]

Vulnerabilities[edit]

Opportunities to harvest PINs and clone magnetic stripes[edit]

In addition to the track-two data on the magnetic stripe, EMV cards generally have identical data encoded on the chip, which is read as part of the normal EMV transaction process. If an EMV reader is compromised to the extent that the conversation between the card and the terminal is intercepted, then the attacker may be able to recover both the track-two data and the PIN, allowing construction of a magnetic stripe card, which, while not usable in a Chip and PIN terminal, can be used, for example, in terminal devices that permit fallback to magstripe processing for foreign customers without chip cards, and defective cards. This attack is possible only where (a) the offline PIN is presented in plaintext by the PIN entry device to the card, where (b) magstripe fallback is permitted by the card issuer and (c) where geographic and behavioural checking may not be carried out by the card issuer.[citation needed]

APACS, representing the UK payment industry, claimed that changes specified to the protocol (where card verification values differ between the magnetic stripe and the chip – the iCVV) rendered this attack ineffective and that such measures would be in place from January 2008.[40] Tests on cards in February 2008 indicated this may have been delayed.[41]

Successful attacks[edit]

Conversation capturing is a form of attack which was reported to have taken place against Shell terminals in May 2006, when they were forced to disable all EMV authentication in their filling stations after more than £1 million was stolen from customers.[42]

In October 2008, it was reported that hundreds of EMV card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been expertly tampered with in China during or shortly after manufacture. For 9 months details and PINs of credit and debit cards were sent over mobile phone networks to criminals in Lahore, Pakistan. United States National Counterintelligence Executive Joel Brenner said, "Previously only a nation state's intelligence agency would have been capable of pulling off this type of operation. It's scary." Data were typically used a couple of months after the card transactions to make it harder for investigators to pin down the vulnerability. After the fraud was discovered it was found that tampered-with terminals could be identified as the additional circuitry increased their weight by about 100 g. Tens of millions of pounds sterling are believed to have been stolen.[43] This vulnerability spurred efforts to implement better control of electronic POS devices over their entire life cycle, a practice endorsed by electronic payment security standards like those being developed by the Secure POS Vendor Alliance (SPVA).[44]

PIN harvesting and stripe cloning[edit]

In a February 2008 BBC Newsnight programme Cambridge University researchers Steven Murdoch and Saar Drimer demonstrated one example attack, to illustrate that Chip and PIN is not secure enough to justify passing the liability to prove fraud from the banks onto customers.[45][46] The Cambridge University exploit allowed the experimenters to obtain both card data to create a magnetic stripe and the PIN.

APACS, the UK payments association, disagreed with the majority of the report, saying "The types of attack on PIN entry devices detailed in this report are difficult to undertake and not currently economically viable for a fraudster to carry out."[47] They also said that changes to the protocol (specifying different card verification values between the chip and magnetic stripe – the iCVV) would make this attack ineffective from January 2008. The fraud reported in October 2008 to have operated for 9 months (see above) was probably in operation at the time, but was not discovered for many months.

In August 2016, NCR (payment technology company) computer security researchers showed how credit card thieves can rewrite the code of a magnetic strip to make it appear like a chipless card, which allows for counterfeiting.[citation needed]

2010: Hidden hardware disables PIN checking on stolen card[edit]

On 11 February 2010 Murdoch and Drimer's team at Cambridge University announced that they had found "a flaw in chip and PIN so serious they think it shows that the whole system needs a re-write" that was "so simple that it shocked them".[48][49] A stolen card is connected to an electronic circuit and to a fake card which is inserted into the terminal ("man-in-the-middle attack"). Any four digits are typed in and accepted as a valid PIN.[citation needed]

A team from the BBC's Newsnight programme visited a Cambridge University cafeteria (with permission) with the system, and were able to pay using their own cards (a thief would use stolen cards) connected to the circuit, inserting a fake card and typing in "0000" as the PIN. The transactions were registered as normal, and were not picked up by banks' security systems. A member of the research team said, "Even small-scale criminal systems have better equipment than we have. The amount of technical sophistication needed to carry out this attack is really quite low." The announcement of the vulnerability said, "The expertise that is required is not high (undergraduate level electronics) . We dispute the assertion by the banking industry that criminals are not sophisticated enough, because they have already demonstrated a far higher level of skill than is necessary for this attack in their miniaturized PIN entry device skimmers." It is not known if this vulnerability has been exploited.[citation needed]

EMVCo disagreed and published a response saying that, while such an attack might be theoretically possible, it would be extremely difficult and expensive to carry out successfully, that current compensating controls are likely to detect or limit the fraud, and that the possible financial gain from the attack is minimal while the risk of a declined transaction or exposure of the fraudster is significant.[50]

When approached for comment, several banks (Co-operative Bank, Barclays and HSBC) each said that this was an industry-wide issue, and referred the Newsnight team to the banking trade association for further comment.[51] According to Phil Jones of the Consumers' Association, Chip and PIN has helped to bring down instances of card crime, but many cases remain unexplained. "What we do know is that we do have cases that are brought forward from individuals which seem quite persuasive."[citation needed]

Because submission of the PIN is suppressed, this is the exact equivalent of a merchant performing a PIN bypass transaction. Such transactions can't succeed offline, as a card never generates an offline authorisation without a successful PIN entry. As a result of this, the transaction ARQC must be submitted online to the issuer, who knows that the ARQC was generated without a successful PIN submission (since this information is included in the encrypted ARQC) and hence would be likely to decline the transaction if it were for a high value, out of character, or otherwise outside of the typical risk management parameters set by the issuer.[citation needed]

Originally, bank customers had to prove that they had not been negligent with their PIN before getting redress, but UK regulations in force from 1 November 2009 placed the onus firmly on the banks to prove that a customer has been negligent in any dispute, with the customer given 13 months to make a claim.[52] Murdoch said that "[the banks] should look back at previous transactions where the customer said their PIN had not been used and the bank record showed it has, and consider refunding these customers because it could be they are victim of this type of fraud."[citation needed]

2011: CVM downgrade allows arbitrary PIN harvest[edit]

At the CanSecWest conference in March 2011, Andrea Barisani and Daniele Bianco presented research uncovering a vulnerability in EMV that would allow arbitrary PIN harvesting despite the cardholder verification configuration of virtual credit card number chase visa card, even when the supported CVMs data is signed.[53]

The PIN harvesting can be performed with a chip skimmer. In essence, a CVM list that has been modified to downgrade the CVM to Offline PIN is still honoured by POS terminals, despite its signature being invalid.[54]

PIN bypass[edit]

In 2020, researchers David Basin, Ralf Sasse, and Jorge Toro from ETH Zurich reported[55][56] a critical security issue affecting Visa contactless cards. The issue consists of lack virtual credit card number chase visa cryptographic protection of critical data sent by the card to the terminal during an EMV transaction. The data in question determines the cardholder verification method (CVM, such as PIN verification) to be used for the transaction. The team demonstrated that it is possible to modify this data to trick the terminal into believing that no PIN is required because the cardholder was verified using their device (e.g. smartphone). The researchers developed a proof-of-concept Android app that effectively turns a physical Visa card into a mobile payment app (e.g. Apple Pay, Google Pay) to perform PIN-free, high-value purchases. The attack is carried out using two NFC-enabled smartphones, one held near the physical card and the second held near the payment terminal. The attack might affect cards by Discover and China's UnionPay but this was not demonstrated in practice, in contrast to the case of cards by Visa.

In early 2021, the same team disclosed that Mastercard cards are also vulnerable to a PIN bypass attack. They showed that criminals can trick a terminal into transacting with a Mastercard contactless card while believing it to be a Visa card. This card brand mixup has critical consequences since it can be used in combination with the PIN bypass for Visa to also bypass the PIN for Mastercard cards.[56]

"Complex systems such as EMV must be analyzed by automated tools, like model checkers[56]", researchers point out as the main takeaway of their findings. As opposed to humans, model-checking tools like Tamarin are up to the task since they can deal with the complexity of real-world systems like EMV.[citation needed]

Implementation[edit]

EMV originally stood for "Europay, Mastercard, and Visa", the three companies that created the standard. The standard is now managed by EMVCo, a consortium of financial companies.[citation needed] The most widely known chips of the EMV standard are:[when?]

  • VIS: Visa
  • Mastercard chip: Mastercard
  • AEIPS: American Express
  • UICS: China Union Pay
  • J Smart: JCB
  • D-PAS: Discover/Diners Club International
  • Rupay: NPCI
  • Verve

Visa and Mastercard have also developed standards for using EMV cards in devices to support card not present transactions (CNP) over the telephone and Internet. Mastercard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Passcode Authentication (DPA) scheme, which is their implementation of CAP using different default values.

In many countries of the world, debit card and/or credit card payment networks have implemented liability shifts.[citation needed] Normally, the card issuer is liable for fraudulent transactions. However, after a liability shift is implemented, if the ATM or merchant's point of sale terminal does not support EMV, the ATM owner or merchant is liable for the fraudulent transaction.

Chip and PIN systems can cause problems for travellers from countries that do not issue Chip and PIN cards as some retailers may refuse to accept their chipless cards.[57] While most terminals still accept a magnetic strip card, and the major credit card brands require vendors to accept them,[58] some staff may refuse to take the card, under the belief that they are held liable for any fraud if the card cannot verify a PIN. Non-chip-and-PIN cards may also not work in some unattended vending machines at, for example, train stations, or self-service check-out tills at supermarkets.[59]

Africa[edit]

  • Mastercard's liability shift among countries within this region took place on 1 January 2006.[60] By 1 October 2010, a liability shift had occurred for all point of sale transactions.[61]
  • Visa's liability shift for points of sale took place on 1 January 2006. For ATMs, the liability shift took place on 1 January 2008.[62]

South Africa[edit]

  • Mastercard's liability shift took place on 1 January 2005.[60]

Asian and Pacific countries[edit]

  • Mastercard's liability shift among countries within this region took place on 1 January 2006.[60] By 1 October 2010, a liability shift had occurred for all point of sale transactions, except for domestic transactions in China and Japan.[61]
  • Visa's liability shift for points of sale took place on 1 October 2010.[62] For ATMs, the liability shift date took place on 1 October 2015, except in China, India, Japan, and Thailand, where the liability shift was on 1 October 2017.[63] Domestic ATM transactions in China are not currently not subject to a liability shift deadline.

Australia[edit]

  • Mastercard required that all point of sale terminals be EMV capable by April 2013. For ATMs, the liability shift took place in April 2012. ATMs must be EMV compliant by the end of 2015[64]
  • Visa's liability shift for ATMs took place 1 April 2013.[62]

Malaysia[edit]

  • Malaysia is the first country in the world to completely migrate to EMV-compliant smart cards two years after its implementation in 2005.[65][66]

New Zealand[edit]

  • Mastercard required all point of sale terminals to be EMV compliant by 1 July 2011. For ATMs, the liability shift took place in April 2012. ATMs are required to be EMV compliant by the end of 2015.[64]
  • Visa's liability shift for ATMs was 1 April 2013.[62]

Europe[edit]

  • Mastercard's liability shift took place on 1 January 2005.[60]
  • Visa's liability shift for points of sale took place on 1 January 2006. For ATMs, the liability shift took place on 1 January 2008.[62]
  • France has cut card fraud by more than 80% since its introduction in 1992 (see Carte Bleue).

United Kingdom[edit]

Green rectangle containing a row of four white asterisks in black squares; the outline of a hand points to and obscures the second asterisk.

Chip and PIN was trialled in Northampton, England from May 2003,[67] and as a result was rolled out nationwide in the United Kingdom on 14 February 2006[68] with advertisements in the press and national television touting the "Safety in Numbers" slogan. During the first stages of deployment, if a fraudulent magnetic swipe card transaction was deemed to have occurred, the retailer was refunded by the issuing bank, as was the case prior to the introduction of Chip and PIN. On January 1, 2005, the liability for such transactions was shifted to the retailer; this acted as an incentive for retailers to upgrade their point of sale (PoS) systems, and most major high-street chains upgraded on time for the EMV deadline. Many smaller businesses were initially reluctant to upgrade their equipment, as it required a completely new PoS system—a significant investment.

New cards featuring both magnetic strips and chips are now issued by all major banks. The replacement of pre-Chip and PIN cards was a major issue, as banks simply stated that consumers would receive their new cards "when their old card expires" — despite many people having had cards tarrant county health department food handlers expiry dates as late as 2007. The card issuer Switch lost a major contract with HBOS to Visa, as they were not ready to issue the new cards as early as the bank wanted.

The Chip and PIN implementation was criticised as designed to reduce the liability of banks in cases of claimed card fraud by requiring the customer to prove that they had acted "with reasonable care" to protect their PIN and card, rather than on the bank having to prove that the signature matched. Before Chip and PIN, if a customer's signature was forged, the banks were legally liable and had to reimburse the customer. Until 1 November 2009 there was no such law protecting consumers from fraudulent use of their Chip and PIN transactions, only the voluntary Banking Code. There were many reports that banks refused to reimburse victims of fraudulent card use, claiming that their systems could not fail under the circumstances reported, despite several documented successful large-scale attacks.[citation needed]

The Payment Services Regulations 2009 came into force on 1 November 2009[69] and shifted the onus onto the banks to prove, rather than assume, that the cardholder is at fault.[52] The Financial Services Authority (FSA) said "It is for the bank, building society or credit card company to show that the transaction was made by you, and there was no breakdown in procedures or technical difficulty" before refusing liability.

Latin America and the Caribbean[edit]

  • Mastercard's liability shift among countries within this region took place on 1 January 2005.[60]
  • Visa's liability shift for points of sale took place on 1 October 2012, for any countries in this region that had not already implemented a liability shift. For ATMs, the liability shift took place on 1 October 2014, for any countries in this region that had not already implemented a liability shift.[62]

Brazil[edit]

  • Mastercard's liability shift took place on 1 March 2008.[60]
  • Visa's liability shift for points of sale took place on 1 April 2011. For ATMs, the liability shift took place on 1 October 2012.[62]

Colombia[edit]

  • Mastercard's liability shift took place on 1 October 2008.[60]

Mexico[edit]

  • Discover implemented a liability shift on 1 October 2015. For pay at the pump at gas stations, the liability shift was on 1 October 2017.
  • Visa's liability shift for points of sale took place on 1 April 2011. For ATMs, the liability shift took place on 1 October 2012.[62]

Venezuela[edit]

  • Mastercard's liability shift took place on 1 July 2009.[60]

Middle East[edit]

  • Mastercard's liability shift among countries within this region took place on 1 January 2006.[60] By 1 October 2010, a liability shift had occurred for all point of sale transactions.[61]
  • Visa's liability shift for points of sale took place on 1 January 2006. For ATMs, the liability shift took place on 1 January 2008.[62]

North America[edit]

Canada[edit]

  • American Express implemented a liability shift on 31 October 2012.[71][promotional source?]
  • Discover implemented a liability shift on 1 October 2015 for all transactions except pay-at-the-pump at gas stations; those transactions shifted on 1 October 2017.[third-party source needed]
  • Interac (Canada's debit card network) stopped processing non-EMV transactions at ATMs on 31 December 2012, and mandated EMV transactions at point-of-sale terminals on 30 September 2016, with a liability shift taking place on 31 December 2015.[72][failed verification][third-party source needed]
  • Mastercard implemented domestic transaction liability shift on 31 March 2011, and international liability shift on 15 April 2011. For pay at the pump at gas stations, the liability shift was implemented 31 December 2012.[71]
  • Visa implemented domestic transaction liability shift on 31 March 2011, and international liability shift on 31 October 2010. For pay at the pump at gas stations, the liability shift was implemented 31 December 2012.[71]
  • Over a 5-year period post-EMV migration, domestic card-card present fraudulent transactions significantly reduced in Canada. According to Helcim's reports, card-present domestic debit card fraud reduced 89.49% and credit card fraud 68.37%.[73][promotional source?]

United States[edit]

After widespread identity theft due to weak security in the point-of-sale terminals at Target, Home Depot, and other major retailers, Visa, Mastercard and Discover[74] in March 2012 – and American Express[75] in June 2012 – announced their EMV migration plans for the United States.[76] Since the announcement, multiple banks and card issuers have announced cards with EMV chip-and-signature technology, including American Express, Bank of America, Citibank, Wells Fargo,[77] JPMorgan Chase, U.S. Bank, and several credit unions.

In 2010, a number of companies began issuing pre-paid debit cards that incorporate Chip and PIN and allow Americans to load cash as euros or pound sterling.[78][promotional source?]United Nations Federal Credit Union was the first United States issuer to offer Chip and PIN credit cards.[79] In May 2010, a press release from Gemalto (a global EMV card producer) indicated that United Nations Federal Credit Union in New York would become the first EMV card issuer in the United States, offering an EMV Visa credit card to its customers.[80] JPMorgan was the first major bank to introduce a card with EMV technology, namely its Palladium card, in mid-2012.[81]

As of April 2016, 70% of U.S. consumers have EMV cards and as of December 2016 roughly 50% of merchants are EMV compliant.[82][83] However, deployment has been slow and inconsistent across vendors. Even merchants with EMV hardware may not be able to process chip transactions due to software or compliance deficiencies.[84] Bloomberg has also cited issues with software deployment, including changes to audio prompts for Verifone machines which can take roslyn savings bank bay shore ny months to release and deploy software out. Industry experts, however, expect more standardization in the United States for software deployment and standards. Visa and Mastercard have both implemented standards to speed up chip transactions with a goal of reducing the time for these to be under three seconds. These systems are labelled as Visa Quick Chip and Mastercard M/Chip Fast.[85]

  • American Express implemented liability shift for point of sale terminals on 1 October 2015.[86][promotional source?] For pay at the pump, at gas stations, the liability shift is 16 April 2021. This was extended from 1 October 2020 due to complications from the coronavirus.[87]
  • Discover implemented liability shift on 1 October 2015. For pay at the pump, at gas stations, the liability shift is 1 October 2020.
  • Maestro implemented liability shift of 19 April 2013, for international cards used in the United States.[88]
  • Mastercard implemented liability shift for point of sale terminals on 1 October 2015.[86] For pay at the pump, at gas stations, the liability shift formally is on 1 October 2020.[89] For ATMs, the liability shift date was on 1 October 2016.[90][91]
  • Visa implemented liability shift for point of sale terminals on 1 October 2015. For pay at the pump, at gas stations, the liability shift formally is on 1 October 2020.[89][92] For ATMs, the liability shift date was on 1 October 2017.[63]

Notes[edit]

  1. ^These application names are not found on the Apple Pay versions of these cards. Instead, they retain the original network name.

See also[edit]

References[edit]

  1. ^Chen, Zhiqun (2000). Java Card Technology for Smart Cards: Architecture and Programmer's Guide. Addison-Wesley Professional. pp. 3-4. ISBN .
  2. ^"A short review of smart cards (2019 update)". Gemalto. 7 October 2019. Retrieved 27 October 2019.
  3. ^Sorensen, Emily (26 July 2019). "The Detailed History of Credit Card Machines". Mobile Transaction. Retrieved 27 October 2019.
  4. ^Veendrick, Harry J. M. (2017). Nanometer CMOS ICs: From Basics to ASICs. Springer. p. 315. ISBN .
  5. ^"EMVCo Members". EMVCo. Retrieved 10 May 2015.
  6. ^https://www.emvco.com/get-involved/associates/
  7. ^"China UnionPay joins EMVCo" (Press release). Finextra Research. 20 May 2013. Retrieved 10 May 2015.
  8. ^"Discover Joins EMVCo to Help Advance Global EMV Standards". Discover Network News. 3 September 2013. Retrieved 10 May 2015.
  9. ^"Rupay international website".
  10. ^"NPCI's RuPay debit cards to rival Visa and Mastercard". The Economic Times. 27 March 2012. Retrieved 25 July 2019.
  11. ^"Visa and MasterCard Support Common Solutions to Enable U.S. Chip Debit Routing". Mastercard.
  12. ^"Shift of liability for fraudulent transactions". The UK Cards Association. Retrieved 10 May 2015.
  13. ^"Understanding the 2015 U.S. Fraud Liability Shifts"(PDF). www.emv-connection.com. EMV Migration Forum. Archived from the original(PDF) on 19 September 2015. Retrieved 15 November 2015.
  14. ^"Why You're Still Not Safe From Fraud If You Have a Credit Card With a Chip". ABC News.
  15. ^"Chip-and-PIN vs. Chip-and-Signature", CardHub.com, retrieved 31 July 2012.
  16. ^"EMV Update: Discussion with the Federal Reserve"(PDF). Visa. Retrieved 2 January 2017.
  17. ^Carlin, Patricia (15 February 2017). "How To Reduce Chargebacks Without Killing Online Sales". Forbes.
  18. ^"BBC NEWS – Technology – Credit card code to combat fraud". bbc.co.uk.
  19. ^"Visa tests cards with built-in PIN machine". IT PRO.
  20. ^"How EMV (Chip & PIN) Works – Transaction Flow Chart". Creditcall Ltd. Retrieved 10 May 2015.
  21. ^ ab"Book 1: Application Independent ICC to Terminal Interface Requirements"(PDF). 4.3. EMVCo. 30 November 2011. Retrieved 20 September 2018.
  22. ^"MasterCard Product & Services - Documentation". Retrieved 17 April 2017.
  23. ^"A Guide to EMV Chip Technology"(PDF). EMVCo. November 2014.
  24. ^"EMV CA". EMV Certificate Authority Worldwide. 20 November 2010. Retrieved 20 March 2020.
  25. ^"Book 2: Security and Key Management (PDF). 4.3"(PDF). EMVCo. 29 November 2011. Retrieved 20 September 2018.
  26. ^https://www.emvco.com/wp-content/uploads/2017/03/EMVCo-Website-Content-2.1-Contact-Portal-plus-Biometric-FAQ_v2.pdf
  27. ^"ContactlessSpecifications for Payment Systems"(PDF). EMVCo.
  28. ^https://usa.visa.com/visa-everywhere/security/visa-quick-chip.html
  29. ^https://newsroom.mastercard.com/press-releases/mchip-fast-from-mastercard-speeds-emv-transactions-and-shoppers-through-checkout/
  30. ^https://www.emvco.com/wp-content/uploads/documents/A-Guide-to-EMV-Chip-Technology-v3.0-1.pdf
  31. ^https://usa.visa.com/visa-everywhere/security/visa-quick-chip.html
  32. ^https://newsroom.mastercard.com/press-releases/mchip-fast-from-mastercard-speeds-emv-transactions-and-shoppers-through-checkout/
  33. ^EMVCo. "EMVCo Members". Retrieved 1 August 2020.
  34. ^"Book 2: Security and Key Management"(PDF). 4.3. EMVCo. 29 November 2011. Retrieved 20 September 2018.
  35. ^"Book 3: Application Specification"(PDF). 4.3. EMVCo. 28 November 2011. Retrieved 20 September 2018.
  36. ^"Book 4: Cardholder, Attendant, and Acquirer Interface Requirements"(PDF). 4.3. EMVCo. 27 November 2011. Retrieved 20 September 2018.
  37. ^"SB CPA Specification v1 Plus Bulletins"(PDF). EMVCo. 1 March 2008. Retrieved 20 September 2018.
  38. ^"EMV® Card Personalization Specification"(PDF). EMVCo. 1 July 2007. Retrieved 20 September 2018.
  39. ^"Integrated Circuit Card Specifications for Payment Systems". EMVCo. Retrieved 26 March 2012.
  40. ^"How secure is Chip and PIN?". BBC Newsnight. 26 February 2008.
  41. ^Saar Drimer; Steven J. Murdoch; Ross Anderson. "PIN Entry Device (PED) vulnerabilities". University of Cambridge Computer Laboratory. Retrieved 10 May 2015.
  42. ^"Petrol firm suspends chip-and-pin". BBC News. 6 May 2006. Retrieved 13 March 2015.
  43. ^"Organized crime tampers with European card swipe devices". The Register. 10 October 2008.
  44. ^"Technical Working Groups, Secure POS Vendor Alliance". 2009. Archived from the original on 15 April 2010.
  45. ^"Is Chip and Pin really secure?". BBC News. 26 February 2008. Retrieved 2 May 2010.
  46. ^"Chip and pin". 6 February 2007. Archived from the original on 5 July 2007.
  47. ^John Leyden (27 February 2008). "Paper clip attack skewers Chip and PIN". The Channel. Retrieved 10 May 2015.
  48. ^Steven J. Murdoch; Saar Drimer; Ross Anderson; Mike Bond. "EMV PIN verification "wedge" vulnerability". Computer Laboratory, University of Cambridge. Retrieved 12 February 2010.
  49. ^Susan Watts (11 February 2010). "New flaws in chip and pin system revealed". BBC News. Retrieved 12 February 2010.
  50. ^"Response from EMVCo to the Cambridge University Report on Chip and PIN vulnerabilities ('Chip and PIN is Broken' – February 2010)"(PDF). EMVCo. Archived from the original(PDF) on 8 May 2010. Retrieved 26 March 2010.
  51. ^Susan, Watts. "New flaws in chip and pin system revealed (11 February 2010)". Newsnight. BBC. Retrieved 9 December 2015.
  52. ^ abRichard Evans (15 October 2009). "Card fraud: banks now have to prove your guilt". The Telegraph. Archived from the original on 21 October 2009. Retrieved 10 May 2015.
  53. ^Andrea Barisani; Daniele Bianco; Adam Laurie; Zac Franken (2011). "Chip & PIN is definitely broken"(PDF). Aperture Labs. Retrieved 10 May 2015.
  54. ^Adam Laurie; Zac Franken; Andrea Barisani; Daniele Bianco. "EMV – Chip & Pin CVM Downgrade Attack". Aperture Labs and Inverse Path. Retrieved 10 May 2015.
  55. ^D. Basin, R. Sasse, J. Toro-Pozo (2020). "The EMV Standard: Break, Fix, Verify". 2021 IEEE Symposium on Security and Privacy (SP): 1766–1781. arXiv:2006.08249.CS1 maint: multiple names: authors list (link)
  56. ^ abc"The EMV Standard: Break, Fix, Verify".
  57. ^"US credit cards outdated, less useful abroad, as 'Chip and PIN' cards catch on". creditcards.com.[permanent dead link]
  58. ^"Visa Australia". visa-asia.com.
  59. ^Higgins, Michelle (29 September 2009). "For Americans, Plastic Buys Less Abroad". The New York Times. Retrieved 17 April 2017.
  60. ^ abcdefghi"Chargeback Guide"(PDF). MasterCard Worldwide. 3 November 2010. Retrieved 10 May 2015.
  61. ^ abc"Operating Regulations"(PDF). Visa International. Archived from the original(PDF) on 3 March 2013.
  62. ^ abcdefghi"The Journey To Dynamic Data". Visa. Archived from the original on 28 June 2021.
  63. ^ ab"Visa Expands U.S. Roadmap for EMV Chip Adoption to Include ATM and a Common Debit Solution" (Press release). Foster City, Calif.: Visa. 4 February 2013. Retrieved 10 May 2015.
  64. ^ ab"MasterCard Announces Five Year Plan to Change the Face of the Payments Industry in Australia". Mastercard Australia. Archived from the original on 28 January 2013.
  65. ^"Malaysia first to complete chip-based card migration". The Start Online.
  66. ^"US learns from Malaysia, 10 years later". The Rakyat Post. 14 October 2015.
  67. ^"Anti-fraud credit cards on trial". BBC Business News. 11 April 2003. Retrieved 27 May 2015.
  68. ^The UK Cards Association. "The chip and PIN guide"(PDF). Retrieved 27 May 2015.
  69. ^Foundation, Internet Memory. "[ARCHIVED CONTENT] UK Government Web Archive – The National Archives". Archived from the original on 12 November 2008. Retrieved 17 April 2017.
  70. ^ abc"Chip Liability Shift". globalpayments. Archived from the original on 30 July 2013.
  71. ^"Interac - For Merchants". Retrieved 17 April 2017.
  72. ^"EMV Reduces Card-Present Fraud in Canada (Infographic) - The Official Helcim™ Blog". Retrieved 17 April 2017.
  73. ^"Discover Implements EMV Mandate for U.S., Canada and Mexico". Archived from the original on 10 May 2012.
  74. ^"American Express Announces U.S. EMV Roadmap to Advance Contact, Contactless and Mobile Payments" (Press release). New York: American Express. 29 June 2012. Archived from the original on 10 May 2015. Retrieved 10 May 2015.
  75. ^"EMV's Uncertain Fate in the US". Protean Payment. Archived from the original on 29 September 2013. Retrieved 22 September 2012.
  76. ^Camhi, Jonathan (3 August 2012). "Wells Fargo Introduces New EMV Card for Consumers". Bank Systems & Technology. Archived from the original on 5 June 2014. Retrieved 10 May 2015.
  77. ^"Travelex Offers America's First Chip & PIN Enabled Prepaid Foreign Currency Card". Business Wire. Business Wire. 1 December 2010. Retrieved 6 February 2014.
  78. ^
Источник: https://en.wikipedia.org/wiki/EMV
virtual credit card number chase visa

Notice: Undefined variable: z_bot in /sites/msofficesetup.us/chase/virtual-credit-card-number-chase-visa.php on line 136

Notice: Undefined variable: z_empty in /sites/msofficesetup.us/chase/virtual-credit-card-number-chase-visa.php on line 136

5 Replies to “Virtual credit card number chase visa”

Leave a Reply

Your email address will not be published. Required fields are marked *