Why duplicate data in EMV card

7
votes

I am working in EMV card and my new task is to compare Magstripe data with chip data. as I read out. Data that should be common in Mag and chip is:- PAN, Card Holder Name, Expiry date. Here I have confusion like:-

A single data like PAN is present in multiple places:-
It present in Mag Track1
It present in Mag Track2
It present in 5A EMV Tag
It present in 57 [track 2 equivalent data] EMV Tag.

or expiry date
It present in Mag Track1 and Track2
It present in 57 [track 2 equivalent data] EMV Tag.
it present in 5f24 emv tag.

Why same data is present in multiple location? and what about the data SHOULD exactly common in Mag and chip and its location in EMV chip?

Is anybody tell me the significance of keeping Mag data in Chip under what TAG values so that I could compare those values only..??

Sorry for my bad english. If you have any query please ask.

3
credit-cardsmartcardemv

3 Answers

6
votes

It is known as 'fallback'. If for whatever reason you cannot read the chip data (card damaged, or issue with your device) you fallback to track 2 data.

The service code on track 2 will indicate whether or not this is a chip enabled card, and subsequently adjust the authorization request sent to the acquirer/issuer. It is then the issuers decision on whether to accept or decline the transaction (bearing in mind fallback to track 2 data is much less secure)

In summary, always trust the values on chip if you can access those. Fallback to track 2 data only if necessary.

2
votes

Why same data is present in multiple location?

Because the EMV standard first started out supporting only magnetic stripe cards, then was extended to handle smart / chip cards, and most recently has been extended to support the tap-and-go contactless smart cards.

Each extension was typically designed in such a way as to maintain some kind of backwards compatibility with cards from the previous version (so smart card readers typically also have in-built magstripe readers to support the abovementioned 'fallback' case). However, the magstripe data is fundamentally less secure/trustworthy than smartcard data, because the smartcard has an in-built cryptoprocessor which can provide a degree of integrity and confidentiality, so you should always prefer the smartcard data to the magstripe data.

1
votes

The CVV value must be different on the tag 57 data than the CVV value encoded on the mag stripe track 2. This aids in fraud mitigation.