Back to Basics – Dual Interface

We get many questions from people about dual interface cards and what happens during a transaction, such as, “When you tap a dual interface card, what is actually happening?” I was asked to go back-to-basics and reveal what happens behind the scenes of a dual interface tap or wave. What if I were to tell you by the time a dual interface card is tapped, all the information between card and reader has already been exchanged? The End. Well, that may make for the shortest blogging career on record, so instead let us take some time to examine what happens during the time a customer is reaching out to make a contactless payment.

Starting from the perspective of the payment terminal, the common card reader in the grocery store checkout line is operating at or near a radio frequency of 13.56MHz. Considered “high frequency,” 13.56MHz compares to an amateur ham-radio operation; higher than AM radio waves, but not as high as FM radio or television broadcasts. When activated, the card reader will produce an alternating magnetic radio field, looking to establish contact with a payment object. “Payment objects” include a variety of devices such as phones, watches, cards or other technologies with payment data; but for now, we’ll focus on cards. Before the data can be received, the card reader has to do three things: establish contact with the card, open a secure communication channel, and then negotiate the communication speed with the card. Finally, the terminal finds the EMV® application on the chip and starts reading the data tags to get directions for handling the transaction.

Let us flip our perspective to focus on what is happening with cards during a payment transaction. Cards may also be referred to as “proximity cards,” which are smart cards that become active when in proximity to a card reader, and can be either pure contactless or dual interface. These cards are designed to meet ISO standards. Proximity cards have an embedded antenna that functions at or near a frequency of 13.56 MHz. When a card approaches the radio field of a reader, energy from the reader crosses the antenna in the card and generates a current flow. Usually the needed power level is achieved when the card is within 4 cm of the reader, which causes the chip to come alive to transmit its data.

As the cardholder extends the card towards the terminal, the radio frequency emitted from the reader inductively couples to the antenna in the card and turns on the chip. The card is a passive receiver of energy, harvesting what is needed for the chip with no additional power source required from the card itself. Now the chip is on and ready to share its stored information.

The card waits for the first command from the terminal, and then responds with an “answer.” The terminal finds the EMV application and reads the data tags on the chip to get directions for handling the transaction. Data tags are bits of accountholder information encrypted and securely stored on the EMV chip. Some you would expect, such as cardholder name, expiration date of the card, or primary account number, and others are more obscure, as in “card risk management data object list” (there are two of those!). A complete list can feature more than 30 separate data tags.

So far, the chip has come alive and is transmitting its data tags to the terminal – all in about a half of a second. The cardholder is still moving the card towards the terminal at this point. The reader will use information from the card to determine if the card should be declined, if it should go online to get authorization from the core processor, or if it can be accepted as an offline transaction. If it requires online authorization, an Authorization Request Cryptogram (ARQC) will be sent to the host system for final card validation. The host (core processor) calculates an Authorization Response Cryptogram (ARPC) and sends it back to validate the issuer.

After these two additional snippets of data are exchanged, the card is close enough for a physical tap. As the light flashes and the card reader emits a beep, the cardholder can safely return the card to their wallet because even as they withdraw the card, the transaction is already complete. The entire transaction process of waving the dual interface card usually takes around one second in real time.

Watch for more back-to-basics explanations and other topics on CPI’s blog: https://www.cpicardgroup.com/resources/blog/ and read our dual interface whitepaper “Catching the Dual Interface Wave”

Leave any comments, questions or suggestions in the box below.