Add EMV overview documentation

[tomkp]

Summary

• Adds comprehensive EMV overview document in docs/emv-overview.md
• Links to the overview from the README for easy discovery

What's in the overview

The document explains:

• Why EMV exists - the security problems chip cards solve
• How cards communicate - APDU protocol basics
• Command structure - request and response formats
• Transaction flow - the four main phases of an EMV transaction
• Common commands - SELECT, READ RECORD, GET DATA, VERIFY, etc.
• Data encoding - BER-TLV structure and common tags
• Security considerations - safe practices when working with cards

Written following GOV.UK plain language guidelines for clarity.

Closes #110

[Copilot]

Pull request overview

This PR adds comprehensive EMV overview documentation to help users understand how chip-based payment cards work and how to use the library effectively.

Key Changes:

• Adds a detailed EMV overview guide covering protocol basics, transaction flows, common commands, and security practices
• Links the new documentation from the README for easy discovery

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 8 comments.

File	Description
docs/emv-overview.md	New comprehensive guide explaining EMV concepts, APDU protocol, transaction flow, common commands, data encoding (BER-TLV), and security considerations
README.md	Adds link to the new EMV overview documentation for new users

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The expiry date format description is incorrect. EMV cards store expiry dates in YYMMDD format according to the table, but EMV specification actually uses YYMM format (4 digits, not 6). The day component is not included in EMV expiry dates as cards expire at the end of a month, not on a specific day.

Suggested change

	| `5F24` | Expiry Date | YYMMDD format |
	| `5F24` | Expiry Date | YYMM format (no day component) |

[Copilot]

The PIN block format description contains a typo. The format should use 'yyyy' to represent PIN digits, but the description says "y is each PIN digit" when it should clarify that each 'y' represents one PIN digit (0-9), and the format pads to the right with 'F' (hex). A clearer description would be: "where x is PIN length and each y is a PIN digit (0-9)".

Suggested change

	The PIN block format: `2x yyyy yyyy FF FF FF FF FF` where x is PIN length and y is each PIN digit.
	The PIN block format: `2x yyyy yyyy FF FF FF FF FF` where x is the PIN length and each y is a PIN digit (0-9), with the remaining nibbles right-padded with 'F' (hex).

[Copilot]

The Application Interchange Profile (AIP) is listed in the tags table but uses the abbreviation without first defining it in this context. While AIP is mentioned earlier in the transaction flow section (line 103), the tag table would benefit from consistency. Consider either spelling out the full name or ensuring readers can easily reference the earlier definition.

Suggested change

	| `82` | AIP | Application Interchange Profile |
	| `82` | Application Interchange Profile (AIP) | Application Interchange Profile |

[Copilot]

The Application File Locator (AFL) is listed in the tags table but uses the abbreviation without first defining it in this context. While AFL is mentioned earlier in the transaction flow section (line 103), the tag table would benefit from consistency. Consider either spelling out the full name or ensuring readers can easily reference the earlier definition.

Suggested change

	| `94` | AFL | Application File Locator |
	| `94` | Application File Locator (AFL) | Application File Locator |

[Copilot]

The Cryptogram Information Data (CID) abbreviation is used in the tag table without defining what it represents. While the cryptogram itself is explained earlier in the document, CID specifically indicates which type of cryptogram was generated (TC, ARQC, or AAC). Consider using the full name "Cryptogram Information Data" in the Name column for clarity.

Suggested change

	| `9F27` | CID | Cryptogram type indicator |
	| `9F27` | Cryptogram Information Data (CID) | Cryptogram type indicator |

[Copilot]

The word "authorisation" uses British spelling. Consider using American spelling "authorization" for consistency with standard EMV terminology, which predominantly uses American English (e.g., "Authorization Request Cryptogram" - ARQC).

Suggested change

	Requests a cryptogram for transaction authorisation.
	Requests a cryptogram for transaction authorization.

[Copilot]

The documentation lists common EMV tags but is missing the "Data encoding" section link in the table of contents. The section "Data encoding" starts at line 278 but is not listed in the Contents section (lines 9-14). This makes it harder for readers to navigate to this important section.

Suggested change

	- [Common commands](#common-commands)
	- [Common commands](#common-commands)
	- [Data encoding](#data-encoding)

[Copilot]

The "Security considerations" and "Further reading" sections are not included in the table of contents. These sections start at lines 306 and 315 respectively and should be added to the Contents section for complete navigation.

Suggested change

	- [What you can do](#what-you-can-do)
	- [What you can do](#what-you-can-do)
	- [Security considerations](#security-considerations)
	- [Further reading](#further-reading)