As EMV rolls out across Europe, issuers face a choice between static data

authentication and dynamic data authentication, or DDA and SDA. While many

banks migrate initially to SDA smart cards, most are likely to end up with DDA or its

even more advanced alternative, CDA – combined date authentication

EMV may be a standard, but it still comes in several variants, leading to choices for issuers.

One key choice is between dynamic and static data authentication, or DDA and SDA.

The purpose of data authentication in EMV is to check whether the card is genuine. Static data

authentication checks data embedded in the card at the time of issuance, while dynamic data

authentication checks data generated during the lifetime of the card.

By Jane Adams

“The purpose is for the card to authenticate itself at the POS with the equivalent of a

signature,” says Dirk Jan van den Heuvel, MD of Collis, the Dutch test tools and consulting

company: “With SDA, the signature is the same every time you authenticate. With DDA, the

signature is only valid for one authentication.”

Static data comprises a digital certificate signed by the issuer’s public key plus an additional

static data block signed by the issuer’s private key. With DDA, the card holds its own key and

is able to generate a fresh digital certificate combining the time of a transaction and card,

cardholder and merchant details for each transaction.

Theoretically, because SDA data does not change, a fraudster could capture it and use it to

clone a card. In practice this has not yet occurred in real life. With DDA, it would not be

possible at all.

The big practical difference between DDA and SDA is that DDA allows authentication, risk

management and cardholder verification to be conducted offline. This is because DDA chips

incorporate an additional component to generate data – a crypto co-processor. Of course, a

card with a crypto co-processor could also have an SDA chip, but a card without one cannot

run DDA.

A DDA chip enables a card’s PIN to be verified offline. The PIN entered into the PINpad can be

either encrypted or not. To encrypt it, the card must have its own key pair and computation

ability. DDA chips can do this; SDA chips cannot, creating potential vulnerability when SDA

cards are used with stand-alone PINpads.

Offline verification also enables additional applications like digital signatures, opening up the

possibility of applications like government ID on bank cards. However, at present there is little

appetite anywhere in Europe for this sort of real estate sharing, because of inability to agree

business terms, for reasons of cost or because applications or cryptographic methods are too

divergent between the two sectors.

needed, as the cards are already conducting dynamic authentication online. This is the case

with Visa Electron and Maestro, which always go online.

Countries like Finland and the UK have offline infrastructures under which the card’s EMV

profile determines whether the transaction goes online. Inevitably, that means that some SDA

cards stay offline for some transactions, a potential security risk.

However, DDA and offline authentication increase the range of applications which can be done

with EMV cards, in particular low value contactless payments. “The real motivation for DDA is

extending the debit proposition to low value,” says Pascal Dufour, VP and head of chip

products management, MasterCard Worldwide. Dufour is, nonetheless, keen to dispel the

impression that SDA is a serious security risk. “We have not seen massive attacks or fraud on

SDA,” he adds.

By conducting payments offline, transaction times can be speeded up, which is important in

real life retail environments. “Low value payments occur in situations where consumers want

to go fast,” says Dufour. Speed can be less important in pilots. For example, in the UK the

Royal Bank of Scotland contactless payment trials are being conducted in-house (where one

would hope that the fraud risk is lower than average) and use SDA cards.

One card manufacturer claims to have heard that DDA will be mandated for contactless

payments, as contactless cards are easier to skim. Neither Visa nor MasterCard confirms this.

“I don’t think a decision has taken place, but it wouldn’t be a big surprise. Already for offline

cards we have a high recommendation that you should use DDA,” says Pekka Mattila, VP and

head of chip integration, Visa Europe.

“We can use the encrypted PIN option if the card reader is not integrated in the PINpad,” says

Eero Vasenius, VP Nordea Bank Finland. One of the commonest places to have a separate

PINpad and card reader is the PC environment, “so no one can tap the line and see what PIN

has been keyed in,” he notes.

The first major European EMV roll-out, in the UK, used SDA cards. At present, Visa estimates

that across Europe, 3%-5% of EMV cards are DDA. In fact, different countries are taking

different approaches. Austria will use DDA, while Belgium will start with SDA, says Dufour:

“Most markets migrate via SDA.”

That’s what happened in France, but from now on all new cards will be DDA. Currently 99.4%

of Cartes Bancaires-branded cards are EMV-compliant, and 18.6% (over 9 million) use DDA

(GCB figures from October 2006). All cards should use DDA by 2008. “It’s clearly an

improvement in security to move from SDA to DDA,” says David Stephenson, head of

international affairs at Groupement des Cartes Bancaires.

handled offline using a crypto-processor chip. “CB members decided that the second solution

is preferable,” Stephenson says.

The decision was made on grounds of security rather than added applications such as the

contactless trials currently being conducted by Crédit Mutuel. These are the concern of the

individual banks, he says: “Our members share a technology platform but compete on

services.”

In Germany, the national EMV operating system SECCOS is based on DDA and in general

German issuers are issuing DDA cards, although a few credit card issuers who started their

implementation programmes early use SDA cards.

“Most of the cards issued in Germany are based on the SECCOS operating platform,” says

Oliver Hommel, group manager for debit and smart cards at BVR, the cooperative banks’

association: “When we started developing SECCOS in around 2000, we built it with DDA

because of the extra security and the problems in security with SDA cards – they could be

counterfeited. The other reason was product strategy. A lot of issuers were using their cards

for very strong authentication methods such as digital signatures.”

These are online banking authentication applications, and there are no plans to put

government applications on German bank cards. However, says Hommel: “We are discussing

with the health sector and the government if we can use the same operating system, so

getting more economies of scale on the chip production side.”

Nor is there much interest in Germany in contactless low value payments on EMV cards. “The

major problem is the cost of the transaction,” says Hommel: “That’s the reason electronic

purse systems were developed. We still believe that low value payments should be electronic

purse transactions.”

Although the UK is purely SDA at present, growing bank interest in low value contactless

payments may force a future move to DDA. So was it a mistake for the UK to start out with

SDA? “Not really. We haven’t had any reported cases that an EMV SDA card has been

compromised,” says Mattila: “But as you know there isn’t any such thing as 100% security. So

we have to be a little bit ahead and that’s why banks will move to DDA when they see the

appropriate time.”

“How much fraud has the UK sustained since it introduced SDA that it would not have

sustained if it had been DDA,” asks Campbell Fisher, head of commercial development delivery

at Royal Bank of Scotland: “The answer – zero. Yes, there have been attacks but they’ve all

been on the magnetic stripe.”

Fisher points out the reality that banks need to make decisions which do not damage

profitability over the short term. This applies to technology choices such as that between SDA
and DDA as much as to anything else. “I can’t take (DDA) to a senior executive and make a

business case that says that this will save you this much money next year, because it won’t,”

he says: “The reality is that in the short term we will see zero benefits.”

Nonetheless UK banks are discussing DDA, particularly now that price and speed differences

have disappeared. “The main reason we’re looking at DDA right now is not that there is fraud

now on SDA, but we’ve got to look at a three-year cycle. So if we issue in 2007, the reissue

cycle won’t complete till 2010,” says Fisher: “I don’t want to put a specific time on when we

will start issuing DDA cards, but it should be sooner rather than later.”

In Switzerland, the EMV roll-out will complete in 2007 using DDA cards, although some banks

have already issued SDA cards. “Most banks want to do the minimum to meet the liability

shift,” comments Martin Ott, group purchasing and security supervisor at Swiss card

manufacturer Trüb AG.

In the Nordic region there is a mixture of SDA and DDA cards. “I believe that most of the banks

will move to DDA, but when, I do not know,” says Mattila.

“In Finland, we are the first and probably the only bank issuing DDA cards so far,” says

Vasenius. Almost half of Nordea’s EMV cards in Finland use DDA, he adds: “We have the

principle for our EMV migration that we recommend all countries to use DDA cards.” In

Sweden, all Nordea EMV cards are DDA and when Nordea Finland starts to issue SEPA-

compliant cards, they will all be DDA cards.

What factors does a bank or group of banks take into account when choosing between SDA

and DDA?

In general, the primary issue is security. “In France, I think the driving thinking behind (the

choice) was that there had been cases reported that the non-EMV domestic scheme had had

some compromises,” says Mattila: “That drives the thinking of the authorities as well as the

banks. In Germany, we generally feel they are security conscious so it might be just the normal

attitude that they are more concerned.”

Performance is another question. At the time when the UK made its EMV planning decisions,

there was a significant performance differential between DDA and SDA, with DDA’s extra

security adding seconds at the POS. “It would have slowed down transactions and customer

service would have been an issue,” says Fisher: “Some of the biggest retailers will happily tell

you that one second longer per transaction costs a million pounds a year.”

With developments in chip technology, that difference is no longer significant. “At the moment,

although we haven’t tested it to any great extent, there should be little perceptible

difference,” Fisher adds: “However, that assumes you’ve got a terminal with a fairly up-to-date

processor in it.”
There was also a price difference between SDA and DDA chips when the UK was making its

EMV planning decisions, says Fisher: “DDA was a much more expensive product, significantly

enough for us not to want to do it.”

Today, most people agree that the price difference at volume between DDA and SDA chips of

the same size is minimal and at maximum no more than e0.25-e0.30 per chip. “We’ve

produced around 60 million–70 million SECCOS cards and you get economies of scale,” says

Hommel: “It becomes much cheaper. Plus chip hardware has become cheaper over the past

few years and if you compare this price difference with the extra security you get, it’s a logical

decision to pick a DDA card.” However, Trüb’s Ott points out that some manufacturers are

offering larger DDA chips, increasing the price differential.

Collis looked into the issue of transaction speeds, says VP and manager, EMV competence

centre, Maarten Bron: “We took EMV apart completely and constructed a mathematical model

to see the effect of the longer key and we also found that the way the chip is personalized can

make a difference.” But he adds: “The bottleneck is not 500 milliseconds for SDA or DDA chips

– it’s the 5 or 6 seconds taken for PIN prompt and entry.”

The choice has no impact on terminal choice by acquirers and merchants, as all terminals must

support both DDA and SDA cards by mandate from the associations.

Selection of DDA does make a minor difference to back office systems. “There is some work

that needs to be done, but not to the same extent as introducing chip and PIN in the first

place,” says Fisher. In addition, chip and PIN is only part of an overall fraud control strategy for

banks.

“So as we move forward to DDA, there will be a re-evaluation of what the overall framework

is,” he adds.

“DDA does make a difference to how you manage key data,” says Andy Brown, director of

product marketing, ACI Worldwide: “Any bank that hasn’t taken that into account when

developing a systems will have trouble upgrading. We programme for DDA with SDA as the

exception.”

RBS took the same approach. “There was certainly an overall expectation that we’d be moving

forward to DDA or CDA,” confirms Fisher.

And indeed, looking forward, banks will have a further option to consider – CDA or Combined

Data Authentication, which was detailed in the EMV2000 specification. This works in the same

way as DDA, but also protects against ‘man in the middle’ or ‘wedge’ attacks.

“The way the cryptography works in DDA prevents the cloning of cards, but it doesn’t

absolutely preclude something coming between the card and the terminal,” says Fisher: “Now,

that’s a fairly esoteric thing and you have to be really up to the mark to contemplate how to do
it. In reality, being able to do it without detection is almost impossible. But it’s theoretically

possible.”

The difference with respect to the card compared to DDA is a matter of personalization rather

than extra hardware. CDA does require terminal changes and few terminals in the field are

ready for CDA. However, that is today’s situation and banks are working on readying terminals

for CDA and on ironing out any performance issues.

“If we can do that, there’s no reason why we shouldn’t go to CDA because the difference in

terms of cost of chip is nothing,” says Fisher. Outside Europe some banks are choosing CDA –

Aconite and Bell ID recently delivered a CDA-ready EMV solution to one of the biggest Saudi

banks.

Back in Europe, France currently has no plans to move to CDA, although the banks are keeping

a watching brief. In Germany, the next generation of the SECCOS operating system will use

CDA. “In October 2007, we’ll see the first CDA cards issued to customers,” says Hommel.