This article continues the series dedicated to EMV standard and EMV payment card processing. In it we are going to describe transaction fallback mechanism, its purpose, and types of EMV fallback transactions.
As we know, the general purpose of EMV technology is to increase the level of security and protection of cardholder data during the transaction. That is why it is always preferable to perform transactions when the card is equipped with a chip which is properly functioning. However, in some cases EMV transaction is impossible, in spite of the fact that the EMV chip is available.
For example, the payment terminal does not support chipped cards at all, or the slot, intended for reading of card chips is temporarily out of order.
Sometimes a chip cannot be read because it is damaged and the terminal cannot read the data from this chip.
For situations like these EMV standard provides the concept of EMV fallback transaction. If the data cannot be read from the chip, one can try to swipe the EMV card like an ordinary magnetic stripe card (swiped EMV fallback transaction). If the swipe doesn’t work either, it is possible to input the card number into the terminal manually (manual EMV fallback transaction).
It should be stressed, that EMV transaction fallback is an independent concept, and EMV card swipe cannot be viewed as an ordinary swipe transaction. This approach allows to prevent EMV terminals from being used for unintended purposes. That is, in theory, a fraudster could use a stolen EMV card with the terminal and try to swipe it or input its number manually (instead of scanning the chip, which might lead to detection of the fraudulent activity). However, EMV terminals are programmed in such a way that EMV card swipe cannot be attempted unless and attempt of reading the chip has already been made (although, technically, manual input of card number can still be attempted before the chip). This is implemented using a special service code, present in the track data. When a swipe is performed, the terminal analyzes that service code, it can block the swipe and display the message, requiring to insert the EMV card. If an attempt to insert an EMV chip has been detected, the terminal allows the operator to subsequently perform EMV fallback transaction. In this case, when the transaction is processed, a special flag is raised, indicating that it is a fallback, and that the initial attempt to read the chip was unsuccessful.
When implementing your EMV application, you need to take fallback mechanism into account. Although there are no strict requirements as to the order of fallbacks, it is recommended to develop protection mechanism, preventing the card from being swiped before the chip has been attempted. If the chip cannot be read, it is recommended to perform the swipe, and after that (if the swipe is unsuccessful) – try manual fallback.
If the payment terminal supports both contactless and contact EMV payments, these payment types should be “interchangeable” (if contact transaction is unsuccessful, conactless payment can be attempted and vice versa). If neither contact nor contacless payment comes through, swipe and manual fallback can be attempted.