In October 2021, EMVCo published a technical specification update to enable EMV® chip cards to support Elliptic Curve Cryptography (ECC). In this Q&A post, Michael Ward, Chair of the EMVCo Security Working Group, details the benefits to the payment community of introducing this cryptographic standard into the *EMV Chip Specifications

Can you begin by explaining the role cryptographic standards play within EMV Chip Specifications?

Michael Ward: The payment community approaches security in ‘layers’, using many different techniques to combat fraud. Cryptography is one of these layers of protection.

In an EMV chip payment, when a card is used at a merchant payment terminal, the terminal can cryptographically authenticate the card and its data by verifying digital signatures that were generated by the card, its issuer and the payment system.

What cryptographic standard has EMVCo traditionally used to cryptographically authenticate payment data?

Michael Ward: Since its inception in the mid-1990s, the EMV Chip Specification has used RSA public key cryptography, which was then widely deployed and internationally standardised. ECC is a slightly newer form of public key cryptography and while ECC and RSA can each be used to secure transactions, ECC uses smaller key sizes due to its greater security efficiency when compared to RSA.

Why is the key size significant?

Michael Ward: As a general rule, the longer the key, the greater the security, but more storage and processing power is required.

While we fully recognise that RSA could continue to be used with longer and therefore ‘stronger’ keys over time, the increase in key length increases both transmission time and computing time which would slow future transaction times.

In contrast, due to the smaller keys size for the same security strength, ECC is compact and efficient, which makes it an appealing option for use in devices with limited storage and processing capabilities, and where transaction speed is important.

What other benefits does ECC’s compactness and efficiency bring to the payment community?

Michael Ward: Using ECC enables the payment community to achieve security without impacting technical performance, constraining payment innovations or restricting existing and new transaction scenarios.

Most importantly, it offers the EMV community a state-of-the-art security standard that has the ability to evolve in line with new technologies and support the long-term needs of EMV Specifications.

Does this make payments more secure?

Michael Ward: ECC doesn’t necessarily make payments more secure than today. It does, however, enable robust security to be maintained as payment technology advances and innovates, due to the possibilities presented by the smaller key lengths, simpler key generation, and smaller digital signatures.

How quickly will ECC be adopted by the payments industry?

Michael Ward: Our role at EMVCo is to provide a common payment technical framework that enables seamless payments to be delivered. How and when this is implemented is driven by regional and marketplace dynamics.

What we do know is that during EMVCo’s engagement process with industry manufacturers, it was highlighted that many terminals and cards already have the capability to support ECC.

Based on this, our expectation is that integrating ECC will be part of the natural product lifecycle for both cards and POS terminals.

If ECC is already available, why is EMVCo only introducing it into its EMV Chip Specification now?

Michael Ward: For many years EMVCo has been engaging with its Associate and Subscriber communities on how to enhance the EMV Chip Specifications to provide a roadmap that supports the long-term security needs of the wider industry. During this period our security team have also been engaging with leading academics and experts at the forefront of advancements in cryptography, and have conducted patent searches, standardisation and security evaluations.

Once it was decided to incorporate ECC, it has taken EMVCo time to not only include the technical details of the ECC standard, but also to identify how best to incorporate it into the future of the EMV Chip technology offering.

With the pace of technology advancements, is there a risk that it could quickly become outdated?

Michael Ward: We continually monitor the payment security landscape and work with a wide range of parties to understand potential current and future trends and threats.

An example of this is our activity to monitor the role of Quantum Computing and the efforts led by the NIST on quantum-resistant cryptography. At this point, however, as EMV Chip exclusively uses cryptography for real-time payment authorisation and terminal PIN protection, it is not something that will have an immediate impact. This contrasts with other non-payment use cases that need information that is protected now to remain confidential for many years and survive the arrival of cryptographically significant quantum computers.

Does the introduction of ECC make RSA redundant within the context of an EMV chip transaction?

Michael Ward: No. EMVCo offers a suite of technical solutions and options to the payment community. In the context of cryptography, this now includes RSA and ECC. It also includes the appropriate cryptographic hash functions and block cipher-based mechanisms.

Going forward, however, emphasis is to be placed on the long-term role of ECC within the EMV payment ecosystem due to its greater efficiency and the possibilities that this presents.

*EMVCo specifies ECC integration for EMV Contact Chip Specifications.