EMV - The chip in the card
EMV or chip in the card is a computer program in the chip which processes information for security reasons. The exchange of information makes the card safer. The card must be in the cardholders possession to work with the chip. Purchases at the Point of Sale uses the chip to accept and send information to the bank which issued the card.
EMV is a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV cards are smart cards (also called chip cards or IC cards) which store their data on integrated circuits rather than magnetic stripes, although many EMV cards also have stripes for backward compatibility. They can be contact cards which must be physically inserted (or "dipped") into a reader, or contactless cards which can be read over a short distance using radio-frequency identification technology. Payment cards which comply with the EMV standard are often called chip-and-PIN or chip-and-signature cards, depending on the exact authentication methods required to use them.
EMV stands for Europay, MasterCard, and Visa, the three companies which originally created the standard. The standard is now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.
There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards (PayPass, PayWave, ExpressPay).
The most widely known chip card implementations of EMV standard are:
VIS – Visa
M/Chip – MasterCard
AEIPS – American Express
UICS - China Union Pay
J Smart – JCB
D-PAS – Discover/Diners Club International.
Visa and MasterCard have also developed standards for using EMV cards in devices to support card not present transactions over the telephone and Internet. MasterCard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Passcode Authentication (DPA) scheme, which is their implementation of CAP using different default values.
PCI - Payment Card Industry
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded from the major card schemes including Visa, MasterCard, American Express, Discover, JCB, and China UnionPay. Private label cards – those which aren't part of a major card scheme – are not included in the scope of the PCI DSS.
The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.
