VISA USA has made some recommendations for how to implement theshift from magnetic stripe payment cards to those which use a chipfor authentication and seems primarily concerned with explainingthat the new chip cards will not need associated personalidentification numbers.

“One thing that's clear from the questions is that there's a lotof confusion around the myth that EMV means 'chip-and-PIN.' Itdoesn't in many countries, including the U.S.,” Stephanie Ericksen,head of Authentication Product Integration for Visa Inc., write inan online entry about the recommendations.

“That's because, in the U.S., we can rely on online processingwhere transactions are transmitted in real-time to the issuer forapproval. With that in place, there's no need for the offlineauthentication that was the genesis of chip-and-PIN,” Ericksenwrote.

The card brand announced it was prepared to start supporting theuse of chips in payment cards in the U.S. in August 2011.

The difference between an online and offline PIN is that anonline PIN is not stored on the card. Once the cardholder entersthe PIN at the point-of-sale terminal, the PIN is encrypted by thePIN pad and sent online to the host for validation, similar to howPIN debit transactions are authorized today.

In an offline PIN situation, the offline PIN is stored securelyon the chip card and during a transaction, when the cardholderenters the PIN, the POS terminal sends the PIN to the chip card forverification. The cardholder verification therefore takes placewithin the chip card.