Why offline authentication still matters in today’s online payments world - An SPA Insight - January 2021
In recent years, a debate on whether there is a continued need for offline data authentication (ODA) capability on EMV cards has been growing. In some respects, it is easy to understand why this viewpoint has emerged.
EMV specifications provide highly efficient interoperable mechanisms to support both offline and online verification – consumers with EMV chip payment cards can use their card on any EMV-compatible payment terminal and transactions can be authorized either online or offline.
For online authorization, transaction information is sent to the issuer, along with a transaction-specific cryptogram, and the issuer either authorizes or declines the transaction. In offline payments, the authentication and authorization of a transaction is exclusively managed between the card and terminal. This is undertaken utilising cryptographic keys, stored on the card, which enables the terminal to authenticate the card.
Fifteen years ago, many terminals were still connected over PSTN (telephone) networks. In the event of slow connection speeds or connectivity failures, transactions could still be processed using offline authentication via the terminal itself. Transactions could then be ‘batch processed’ during the night when speed of the online connection was not an issue.
Today, however, the growing prevalence of terminals with high speed IP connectivity induces the perception that the ‘fall back’ offline capability of EMV cards is no longer relevant or necessary. For issuers, eliminating the offline capability of EMV chip cards is commercially appealing – cards without the additional dynamic data authentication security cryptograms, that are needed to undertake this functionality, are less expensive.
However, Offline Data Authentication (ODA) capabilities continue to be essential for a number of use cases. Let’s take a look at three reasons why ODA is still important.
Reason 1: high volume/high speed payment scenarios
In high volume/high speed payment scenarios such as public transport networks, commuters and travellers are able to flash their contactless EMV card/mobile device at a barrier or card reader to gain access to metros, trams, trains, and buses.
Eliminating any need to queue and purchase a ticket, this frictionless payment option enables travellers to ‘tap and ride’ transit systems. Something that is good for travellers – and great for EMV card issuers, who are able to partner with transport providers to enable mass transit payment schemes. Alongside reducing the need for cash handling, this Covid-safe payment mode reduces reliance on the bespoke hardware operators use to issue tickets. Unsurprisingly, demand for fare-payments-as-a-service delivery models has further rocketed during the pandemic.
However, the success of contactless ticketing is reliant on the ultra-fast transaction times made possible by the availability of secure offline processing functionality.
Processing a payment card at the entry gate to, for example, a metro station must be completed in under 400 milliseconds. Something that cannot be achieved via online authorisation, despite the latest new generation networks, as it involves a chain of servers and sequential ‘handshakes’ from the terminal at the gate all the way to the authorisation host of the issuer.
Contactless payment use cases in public transport were specifically designed to utilize the fast card authentication and transaction capabilities made possible by ODA. Eliminating this capability would significantly impact the ease and speed of user experience that is so essential for user acceptance.
Reason 2: the connectivity conundrum – smaller merchants and independent traders
Assuring the real-time connectivity that is needed for online only authentication may be within the financial grasp of large scale multi-lane retailers. But less so for smaller merchants and independent retailers, for whom the cost of purchasing 99.9% bandwidth availability may prove to be too prohibitive.
For smaller retailers and hospitality businesses, retaining the goodwill of customers depends on being able to transact no matter how well their network service performs. For this cohort of card scheme users, ODA capabilities continue to remain critical. Because, if consumers are using EMV cards that don’t have fallback ODA capabilities, then transactions will be rejected if a network fails or is less than robust.
Reason 3: enabling a global service standard
While reliable and high bandwidth connectivity may be ubiquitous in the developed world, there are many places around the globe where the infrastructure is such that consistently good IP connectivity is not a given. That is still also the case in many rural locations in so called developed western economies.
The brand reputation and success of international card payment schemes is built on a commitment that acceptance for cardholders is guaranteed – no matter where in the world they may be visiting, living, working, or transacting. Without ODA capabilities, this assurance would be undermined. In essence, ODA ensures that the acceptance of EMV cards is maximized.
A word on the cryptography discussion
A secondary discussion that has been fuelling the debate whether or not it is time to retire ODA relates to cryptographic algorithms and keys used in the process.
The growing need to reinforce offline payment transactions against increasingly sophisticated criminals has led to a steady increase in size (length) of the RSA based cryptographic keys, which in turn has had an impact on transaction speed.
For this reason, SPA is in full alignment with the view of EMVCo that the best way for the industry to maximize security is to utilize Elliptic Curve Cryptography (ECC) for offline authentication purposes. And, while some point to its potential vulnerability to emerging quantum computing analysis, ECC technology will undoubtably remain a secure option for a decade or more to come.
SPA is supporting its members to transition smoothly to the new ECC security mechanism and protocols which will lead to lower production costs, without compromising security – providing an effective resolution that will protect issuers, merchants and cardholders for the next decades.
SPA believes that discussion around the retirement of ODA functionality for EMV chip cards is premature and limited in vision. Dual offline and online authentication capabilities continues to be essential to assure robust global card schemes that serve the needs of all members and users:
• High volume/high speed scenarios such as contactless card payment are dependent on offline (ODA) processing that delivers the high speed transactional throughput that is required in use cases such as transit, tolls, parking payments and so forth. New use cases, such as Mobility-as-a-Service, that are dependent on the offline capability of EMV payment are already at an advanced development stage.
• The ‘fall back’ capability offered by payment cards with both online and offline payment processing is critical for a multitude of scenarios around the globe where high speed network connectivity cannot be guaranteed 24x7x365.
• ECC is a next generation and highly robust option for assuring speedier and highly secure offline transactions. For the same transaction time, ECC cards are less vulnerable to classical cryptanalysis than RSA cards. Conversely, with a similar strength against cryptanalysis, ECC allows for faster computations than RSA.
A brief guide to Offline Data Authentication (ODA)
Most modern EMV cards and terminals support both online and offline authorization operational modes.
This means that when no online connection is available, the card is authenticated offline by the terminal and the card can deliver an authorisation based on its internal rules set by the card issuer. Later the transaction is uploaded, in a batch, to the bank where it is further processed.
This fallback facility offers a safety assurance that, should a network issue arise, an EMV card will continue to ensure that transactions can still proceed, using asymmetric cryptography for data authentication.
With ODA, the card is able to sign dynamic data, internal to the card and provided by the terminal, using its own RSA private key and the terminal is able to verify this signature thereby authenticating the card as legitimate.
The advantages of this for the retailer, the payer (cardholder) and card issuer are:
• The terminal does not need to establish a connection with its bank acquirer. As a result the transaction is faster and, once the card authorizes the transaction offline, the payment is guaranteed for the retailer.
• The payer interaction time with the terminal is minimised; the PIN/biometrics are solely managed by card/terminal.
• The card issuer will benefit from additional transactions that would otherwise fail in case of insufficient connectivity of the terminal.
EMV Specifications offer two options for ODA that can be executed either using today’s RSA public-key cryptosystem for secure data transmission – or future ECC cryptography:
• Dynamic Data Authentication (DDA) which protects against the modification of card data and cloning
• Combined Dynamic Data Authentication (CDA), which is similar to DDA but additionally includes the transaction amount in the CDA authentication data generated by the card.