What is a Cryptogram on a Credit Card?

Originally published by TokenEx here.

Written by Anni Burchfiel, TokenEx.

Quick Hits:

• EMV chip cards use cryptograms to secure cardholder data every time a transaction is made.
• Cryptograms validate transactions by verifying the identity of both the card and the approval from the issuer.

Cryptograms are encoded messages, best known as a tool for subterfuge and secrecy as they kept sensitive information away from prying eyes throughout history. While your everyday experiences may not revolve around smuggling important missives across enemy lines, cryptograms are likely an invisible part of your normal day-to-day.

For every cup of coffee, a grocery run, or impulse purchase made using a chip card, a cryptogram is used to secure the transaction. When you dip an EMV chip card into a card reader, messages filled with sensitive information are sent between the reader and your card using cryptograms. To understand this better, let’s take a quick look at how EMV chips work.

How do EMV Chip Cards work?

EMV Chip Cards were designed to solve the security issues of the magnetic stripe card. Magnetic stripe cards hold cardholder information using a magnetic strip of tape and transmit this information when swiped. However, this method of sharing information is incredibly easy to steal.

Magnetic strips have security flaws similar to phones that are not password protected. Even if you carefully guard the item that holds the sensitive information, it remains easily accessible if someone gains unauthorized access. Hackers found multiple ways to steal this unguarded information from magnetic stripe cards, which led to EMV chip cards being created.

How do EMV chips use Cryptograms?

EMV chips solved magnetic card security issues by utilizing cryptograms to secure transactions. This technology is used for three distinct purposes:

Transaction Validation

EMV chips use an embedded computer chip to store the cardholder’s sensitive data. This chip also stores cryptogram technology that enables the creation of one-time codes for every transaction.

This code is generated by the chip and the terminal where the payment is taking place. The cryptogram they create is used to validate the transaction for the bank by proving the security and authenticity of the card. Additionally, the issuer may send a return cryptogram that further verifies the approval of the transaction.

Card Replication Prevention

This cryptogram is not only important for verification purposes, it is also what makes the replication of EMV chip cards impossible. While magnetic stripe cards were easy to replicate, even advanced hackers who find a way to steal chip card information cannot create a new card. Without the ability to replicate the chip and the cryptogram, hackers cannot create EMV chips themselves.

Securing Data in Motion

The other key function of EMV cryptograms is their ability to secure sensitive data in motion. The time when cardholder information is traveling to approve the transaction is heavily targeted by criminals. However, with the cryptogram, only the point at the end of the information’s journey, likely the bank, has the key to unencode the data.

Because of EMV chips, advanced security measures like cryptograms are made possible for everyday purchases. Hopefully, you’ll keep an eye out for more reasons to use your EMV chip instead of your magnetic stripe when given the option. Unless, of course, you use NFC mobile payments, in which case we can’t blame you for utilizing an even more secure transaction tool.

Either way, next time you dip your card into a payment terminal, you’ll know a bit more about the complex measures taken to secure your cardholder information.