What are SDA, DDA, and CDA?

SDA (Static Data Authentication), DDA (Dynamic Data Authentication), and CDA (Combined Dynamic Data Authentication) are Offline data verification methods.

SDA (Static Data Authentication)

When used in ATM and POS terminal, RSA signatures that verify the credit card itself are the first and most basic crypto layer. For SDA, the smart card contains application data signed by the private key of the issuer RSA key pair. When a card with an SDA application is inserted into a terminal, the card sends these signed static application data, the CA index, and the issuer certificate to the terminal (POS / ATM).

The terminal verifies the issuer certificate and digital signature by comparing it with the actual application data on the card. In short, an RSA signature assures that the data is original and created by the authorized issuer.

DDA – Dynamic Data Authentication

It cannot prevent repetitive attacks because of using the same static data in every transaction. This can be improved with a DDA card with variable and transaction-specific data and has its own unique RSA key that sends it to the terminal. When a card with DA application is inserted into a terminal, the card carries the signed dynamic application data, CA index, issuer certificate, and card certificate to the terminal (POS / ATM). The terminal then verifies the issuer certificate, smart card certificate, and signed dynamic application data.

CDA(Combined Dynamic Data Authentication)

When verifying with DDA, the terminal can verify the card but cannot verify that the next operation is performed by this card.

CDA closes the gap invalidation with DDA. With CDA, the card digitally signs all-important transaction data to verify the card and the transaction.

Source: Wikipedia