Skip to main content

Cardholder Verification Methods

The Cardholder Verification Methods CVM are used to evaluate whether the person presenting the card or the mobile device is the legitimate cardholder.

The main distinction to make is between device driven and POS driven CVM.

  • Consumer Device Cardholder Verification Method CDCVM is a Device driven CVM that is performed on a cardholder Mobile Device. This only applies to terminals fitted with V3 (or later) contactless readers. Terminals with V2 contactless readers may not honor the on device authentication and can request on terminal cardholder verification.
  • In the case of POS driven CVM, for a transaction above the CVM limit, the cardholder is prompted to refer to the POS device where a request for an authentication awaits the cardholder (Online PIN or signature).

CDCVM Models

The CDCVM Model indicates whether an on device verification of the cardholder is required for every transaction (CDCVM Always), or required based on velocity checks (CDCVM Flexible), or never required (Card Like).

  • CDCVM Always

    The Issuer Pay library will perform checks for every transaction to ensure that explicit authentication happens for both LVT and HVT contactless transactions. Prolonged and persistent authentication can be optionally supported. CDCVM Always Payment Flows

  • CDCVM Flexible

    Based on velocity checks, the Issuer Pay library will perform checks to ensure that authentication happens for transactions whenever required. CDCVM Flexible Payment Flows

  • Card Like (No CDCVM)

    The Issuer Pay library will not perform checks to ensure on-device user authentication. Card Like Payment Flows

  • CDCVM Always with Step-Up Authentication

    An additional configuration which allows to move Cardholder Verification handling to the Issuer App instead of Issuer Pay library. The Issuer Pay library will inform the Issuer App when Step-Up Authentication should be performed to meet custom authentication requirements, e.g. when:

    • LVT contactless transaction limit is exceeded and Step-Up Authentication is expired. LVT limit can be made higher than configured in POS terminals.
    • Cumulative amount of LVT contactless transactions since last Step-Up Authentication is exceeded.
    • Device is locked and Step-Up Authentication is expired.


  • Locally-verified (Device unlock, Fingerprint fragment)

    If Locally-verified CDCVM is used then authentication is considered to be any action on the mobile device that proves the person holding the device is the legitimate user of the device. Various methods can be used for this authentication, including PIN, password, pattern or fingerprint. Swipe is not considered a legitimate authentication method.

    When using the Issuer Pay library device unlock or fingerprint fragment cardholder verification, library will use Android Keystore System to verify device authentication for transaction.

    Transaction credentials - Session Keys UMD cryptogram is generated using Session Key, which is per transactions unique key and only limited number of them are stored on the mobile device.

  • Mobile PIN

    Transaction credentials - Single Use Keys SUKs are also unique for each transaction, however before they can be used they need to be transformed into Session Keys. This involves performing an "exclusive or"(XOR) with a Mobile PIN.

    Mobile PIN CDCVM type granularity:

    • Wallet-level Mobile PIN

      The Mobile PIN value stored by the CMS-D is common to all tokens in the mobile wallet application, but each token has its own Mobile PIN Try Counter maintained on the MDES Authorization System. If a Mobile PIN Try Counter of any token reaches the limit, MDES suspends all the tokens belonging to the wallet instance. When the consumer resets the Mobile PIN, the CMS-D updates the common Mobile PIN value, and MDES resets each Mobile PIN Try Counter and activates each token (as applicable) for the wallet instance.

    • Card-level(Token) Mobile PIN

      The Mobile PIN value and the Mobile PIN Try Counter are specific to each token in the mobile wallet application. Each Mobile PIN is managed individually. If a token is suspended when its Mobile PIN Try Counter reaches the limit, the other tokens in the wallet instance are not affected. Likewise, when the Mobile PIN of a particular token is reset, the other tokens are not affected.

CDCVM Type Selection

The Issuer Pay library supported CDCVM types:

  • Android 4.4+
    • Mobile PIN
  • Android 6.0+
    • Fingerprint or any other biometric authentication that device supports, if it is set-up by user (Locally-verified)
    • Secure Device Unlock, if it is set-up by user (Locally-verified)
    • Mobile PIN, if none of the above are supported by device or user

In the Issuer Pay library CDCVM Type selection process happens at the library initialization. In case of Locally-verified CDCVM type, library will check also if on device authentication is enabled and set-up by user, before registration. And the selected CDCVM Type is send to WSP in registration request, after registration it cannot be changed.

If wallet application is configured to use Card Like model then the Issuer Pay library will not select any CDCVM Type.

Initialize - CDCVM Selection

CDCVM Type selection initialize

Register - CVM Selection

CDCVM Type selection register