EMV-CAP

EMV-CAP is the Chip Authentication Program (CAP) developed by credit card leaders Europay, Mastercard, and Visa (EMV). OneSpan provides a range of EMV-CAP–compliant smart card readers.

Primary account numbers (PAN) are stored as encrypted numbers in the data store. When PANs are displayed in the UI, they are decrypted, but will be displayed as masked values by default. You can assign administrators the View Clear PAN administrative privilege that will allow them to see PAN values in clear text.

Requirements and limitations

The EMV-CAP functionality requires the following:

  • EMV-CAP scenario. To use EMV-CAP functionality, the EMV-CAP scenario must be enabled in the configuration of each OneSpan Authentication Server instance. For more information, refer to the OneSpan Authentication Server Administrator Reference, Section "OneSpan Authentication Server configuration settings".

  • Licensing. The following licensing options must be included for each OneSpan Authentication Server instance:

    • HSM
    • EMV-CAP
  • Hardware security modules. We highly recommend to use a hardware security module (HSM) with EMV-CAP smart card readers (see Hardware security module setup).

The following features of OneSpan Authentication Server are not supported with EMV-CAP:

  • Dynamic User Registration (DUR)
  • auto-assignment
  • self-assignment

EMV-CAP modes

OneSpan Authentication Server supports three EMV-CAP–compliant authenticator applications, or modes. All modes provide a secure code as output, but differ in the type of input data (see Table: Supported EMV-CAP modes in OneSpan Authentication Server).

Table: Supported EMV-CAP modes in OneSpan Authentication Server
Mode Data sent to OneSpan Authentication Server Mandatory Secure code
Mode 1 Challenge, transaction amount, or transaction currency No Secure code
Mode 2 (Transaction data signing) Nine different data fields No Signature
Mode 3 (Challenge/response) Challenge Yes Secure code