Strengthening Card Authentication: a migration to DDA - An White Paper by SPA - July 2015
First published in 2009, this SPA paper has been updated in 2015 to reflect the evolving technology and commercial environment - to provide an overview of the Card Authentication Methods (CAMs) marketplace, the role of Static Data Authentication (SDA) and the increasing adoption of Dynamic Data Authentication (DDA) and Combined Data Authentication (CDA) schemes.
In the fight to combat card fraud, a key objective is to make the data - which the fraudsters want to get their hands on – useless. This can be accomplished by making each transaction unique. There is no value in stealing account numbers and expiry dates if these are accompanied by a unique set of data that can only be verified by a trusted party.
In face-to-face transactions, public and private key cryptography are employed to achieve this goal. The success of these methods has driven the worldwide introduction of smart (chip) payment cards, and of course, the adoption of the EMV standard (www.emvco.com). Initially, Card Authentication Methods (CAMs) were based on Static Data Authentication (SDA). However, the world has moved on, and the vast majority of payment cards shipped today feature the more sophisticated Dynamic Data Authentication (DDA) or Combined Data Authentication (CDA).
For those banks and regions that continue to use the SDA method, it’s time to change. As we’ll explore in this paper, the opportunities to be gained from a migration to DDA are significant – not least in improved security, the associated reduction in fraud, and the enablement of the “finer” control of offline transaction approvals.
First published in 2009, this SPA paper has been updated in 2015 to reflect the evolving technology and commercial environment - to provide an overview of the CAM marketplace, the role of SDA and the increasing adoption of DDA and CDA schemes.