When a consumer uses a debit card or credit card to pay for goods and services in a physical store or online store, the overall process is very similar but there are differences. For example, the transaction may or may not require a PIN in a physical store but is never used online. The three-digit CVV number of the back of the card is only used during online transactions, which will involve authentication using EMV 3D Secure, which isn’t used in physical stores.
Although a PIN is not required for a contactless payment subject to the transaction limit, it is still authorised and checked for fraud by the customer’s bank. The card’s chip contains several counters, based upon number or amount of transactions, that force the customer to occasionally use their PIN at a POS or ATM to verify that they have the card.
Some regions, notably US, operate a single messaging protocol. The EU uses a dual messaging system. Single messaging is where the authorisation, clearing and settlement is undertaken on the same day. Dual messaging is where authorisation takes place when the goods are sold and clearing and settlement takes place two working days later. To provide a full understanding of the process, we will discuss a dual messaging process.