The first standard for smart payment cards was the Carte Bancaire B0M4 from Bull-CP8 deployed in France in 1986, followed by the B4B0' (compatible with the M4) deployed in 1989. Smart cards have since used MOS integrated circuit chips, along with MOS memory technologies such as flash memory and EEPROM (electrically erasable programmable read-only memory). The earliest smart cards were introduced as calling cards in the 1970s, before later being adapted for use as payment cards. The invention of the silicon integrated circuit chip in 1959 led to the idea of incorporating it onto a plastic smart card in the late 1960s by two German engineers, Helmut Gröttrup and Jürgen Dethloff. Another involves the erasure and replacement of legitimate signature, and yet another involves the forgery of the correct signature.
Using the signature on the card as a verification method has a number of security flaws, the most obvious being the relative ease with which cards may go missing before their legitimate owners can sign them. In both cases the cashier must verify that the customer's signature matches that on the back of the card to authenticate the transaction. In the case of a mechanical imprint, the transaction details are filled in, a list of stolen numbers is consulted, and the customer signs the imprinted slip. In the former case, the system verifies account details and prints a slip for the customer to sign. The customer hands their card to the cashier at the point of sale who then passes the card through a magnetic reader or makes an imprint from the raised text of the card.
Until the introduction of Chip & PIN, all face-to-face credit or debit card transactions involved the use of a magnetic stripe or mechanical imprint to read and record account data, and a signature for purposes of identity verification. 9.3 2011: CVM downgrade allows arbitrary PIN harvest.9.2 2010: Hidden hardware disables PIN checking on stolen card.9.1.2 PIN harvesting and stripe cloning.9.1 Opportunities to harvest PINs and clone magnetic stripes.4 Online, phone, and mail order transactions.3 Chip and PIN versus chip and signature.
In February 2010, computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack but only implementations where the PIN was validated offline were vulnerable. There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards ( Mastercard Contactless, Visa PayWave, American Express ExpressPay). Payment cards which comply with the EMV standard are often called chip and PIN or chip and signature cards, depending on the authentication methods employed by the card issuer, such as a personal identification number (PIN) or digital signature. These include cards that must be physically inserted or "dipped" into a reader, as well as contactless cards that can be read over a short distance using near-field communication technology. EMV originally stood for " Europay, Mastercard, and Visa", the three companies that created the standard.ĮMV cards are smart cards, also called chip cards, integrated circuit cards, or IC cards which store their data on integrated circuit chips, in addition to magnetic stripes for backward compatibility. EMV is a payment method based upon a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them.