Impact of EMV on Payment Security through the Four Corners Model

In today’s online payment industry, buyers and businesses are looking for a safer and more reliable payment solution that can help reduce data breaches. EMV technology has introduced various transaction types that involve different levels of cardholder verification, making it a versatile payment option and impacting the roles of merchants and issuers.


Understanding these verification levels, roles and interactions is crucial for the payment industry as a whole and EMV development in particular, and this is where the “Four Corners” model, also known as the “Four Party Scheme”, comes into play.

The four Corners Model has become a new norm in the online payment industry, as it provides a fundamental framework for comprehending the roles and interactions of the different entities involved in a payment card transaction. This comprehensive model also plays a significant role in further development and implementation of EMV technology.

Benefits of EMV Payment Solutions

The added security features of the EMV chip cards help businesses streamline their payment processing in the following ways:

  • Protect your account against unauthorized use without any liability
  • Get a one-time code for a mobile transaction and EMV tokenization
  • Issue payment tokens for multiple devices, such as wearable devices and mobile wallets
  • Allow customers to use the EMV tokens for card-present and card-no-present transactions

Merchants and customers can streamline their payment processing using different EMV payment solutions, including chip and pin cards, card-not-present, and contactless payments.

What is the Four Corners Model: Everything You Need to Know

The Four Corners Model (aka Four Party Scheme) is a new standard typically used in almost all card payment systems across the globe. The Four Corners of this scheme are:

  1. The Cardholder (a consumer to who a financial institution has given a card)
  2. The Merchant (also known as Acceptor)
  3. The Issuer (usually a financial institute, like a bank)
  4. The Acquirer (usually a financial institute, like a bank)

In the Four Corner Model, a merchant connects to the acquirer. And the acquirer connects to the cardholder’s card issuer through a scheme. It is worth mentioning that between the merchant and the acquirer, there is always a third-party serving as a gateway or switch.

The model may seem relatively simple but it involves several flows between the four components. The model triggers when a consumer makes an online payment with an EMV payment card for the products or services purchased from the merchant.

It starts the process of payment authentication with various entities involved. For payment authentication and processing, a cardholder must have a payment card, and the merchant’s POS (point of sale) terminal must be able to accept the payment card.

Impact of EMV on Payment Security Through the Four-Corner Model

EMV payment solutions affect digital payment transactions in the following ways:

1. Cardholder and EMV Security

Cardholders (or customers) are individuals who are issued a credit or debit card by a financial institution, such as a bank.

The correlation between cardholders and EMV is pretty straightforward. Cardholders use the card to make online payment transactions for the products and services they avail from the merchants, making these cards a desirable target for cybercriminals.

A chip-based payment system provides a radically unique payment processing system compared to traditional magnetic-stripe-based payment cards. With this technology’s help, cardholders’ protection is ensured through robust and complex cryptographic protocols and secure PIN transmission.

In addition, the chips used in EMV payment solutions are incredibly secure that prevent cardholders from cloning their payment cards, such as physically unclonable functions or secure protected memories.

EMV technology ensures the safety of the cardholders in the following ways:

  • Using biometric authentication for cardholders’ identification
  • Getting a one-time password for mobile transactions
  • Using multiple-factor authentication for card-not-present (CNP) payments

2. Merchants and EMV Security

A merchant is an organization or vendor that accepts card payments from the cardholders for the services or products they avail from them. The primary role of a merchant is to accept card payments. So, ATMs, restaurants, hotels, and e-commerce platforms equipped with POS payment terminals can also be termed as Merchants.

In the Four Corner Model, merchants have no real cryptographic protection except the offline authentication designed by EMVco. For data authentication, EMV technology offers three different offline authentication schemes, which are:

  • CDA (Combined Data Authentication)
  • DDA (Dynamic Data Authentication)
  • SDA (Static Data Authentication)

3. Issuer and EMV Security

The issuer is typically a financial organization, such as a bank, that issues the digital payment card to the cardholder. Note that the issuing bank provides customers with payment cards on behalf of various payment cards brands like Mastercard, Visa, and American Express.

You might think that the issuers are better protected than cardholders and merchants, but they have to deal with many risks, including clone payment cards. EMV technology uses a cryptogram verification mechanism to ensure the safety of the issuers.

EMV offers several types of cryptograms, including:

  • Issuer Scripting – A practical payment security system that gives the issuer the right to access the payment card and modify it anytime. If a card is misused, the issuer can block that card remotely.
  • Anti-Cloning – Payment card cloning is the biggest security threat card issuers face. Anti-cloning technology of the EMV involves secure chips resistant to side-channel attacks and differential power attacks (DPA).

4. Acquirer and EMV Security

An acquirer in the Four Corner Model is typically a hardware or software vendor that provides a platform for merchants to accept payment cards. When processing transactions for merchants, acquirers may have to deal with several security risks, such as transaction laundering.

EMV technology can help acquirers predict potential risks and address them effectively in the following ways:

  1. Chargeback Management
  2. Card Association Protection Systems
  3. Third-Party Anti-Fraud System


Digital payment systems are more prone to data breaches and other cybersecurity threats. The Four Corner Model is a new standard that helps understand the pivotal role of merchants and issuers in digital payment processing.

EMV payment solutions aim to secure the four components of the Four Party Scheme and streamline the overall payment processing. You can partner with an EMV expert like Edvantis to improve your payment security.