EMV-CAP is the Chip Authentication Program (CAP) developed by credit card leaders Europay, Mastercard, and Visa (EMV). OneSpan provides a range of EMV-CAP–compliant smart card readers.
Primary account numbers (PAN) are stored as encrypted numbers in the data store. When PANs are displayed in the UI, they are decrypted, but will be displayed as masked values by default. You can assign administrators the View Clear PAN administrative privilege that will allow them to see PAN values in clear text.
Requirements and limitations
The EMV-CAP functionality requires the following:
EMV-CAP scenario. To use EMV-CAP functionality, the EMV-CAP scenario must be enabled in the configuration of each OneSpan Authentication Server Appliance instance. For more information, refer to the OneSpan Authentication Server Administrator Reference, Section "OneSpan Authentication Server configuration settings".
Licensing. The following licensing options must be included for each OneSpan Authentication Server Appliance instance:
- HSM
- EMV-CAP
Hardware security modules. We highly recommend to use a hardware security module (HSM) with EMV-CAP smart card readers (see Hardware security module setup).
The following features of OneSpan Authentication Server Appliance are not supported with EMV-CAP:
- Dynamic User Registration (DUR)
- auto-assignment
- self-assignment
EMV-CAP modes
OneSpan Authentication Server Appliance supports three EMV-CAP–compliant authenticator applications, or modes. All modes provide a secure code as output, but differ in the type of input data (see Table: Supported EMV-CAP modes in OneSpan Authentication Server Appliance).