What is EMV?
EMV® has been a recognized trademark within the payment industry since the introduction of the first EMV Chip Specifications in 1998. EMV chip cards achieved a significant reduction in transaction fraud in every country in which they have been implemented. The latest figures provided by EMVCo as of Q2 2018 indicate that 54.6 % of cards issued worldwide are EMV, with 7.1 billion EMV chip payment cards in circulation. The EMV specifications have evolved to meet the needs of the payment industry, advancing in new and emerging payment technologies. Today, EMV specifies a set of secure payment technologies that include face-to-face or card present, e-commerce and online transactions.
EMVCo is the organization behind the EMV trademark, responsible for the administration of EMV specifications. EMVCo defines itself as a global technical body that facilitates worldwide interoperability and acceptance of secure payment transactions by managing and evolving the EMV® Specifications and related testing processes.EMVCo organization has six members: American Express, Discover, JCB, Mastercard, UnionPay and Visa. In addition, several companies in the payment ecosystem such as banks, merchants, vendors and other industry stakeholders participate in the organization as EMVCo associates.
From the first EMV chip-based payment specification published in the late 90s, the specification has been enhanced to accommodate industry trends (e.g., contactless payments). In recent years, EMVCo has also published other specifications for mobile, payment tokenization, 3-D Secure, QR Code and Secure Remote Commerce payment technologies.
The main purpose of the EMV specifications is to enable secure payment transactions and facilitate worldwide interoperability. EMVCo secure payment technologies are:
A set of specifications that describe how a transaction between a point-of-sales terminal and a contact chip card should be conducted. In a contact payment, the cardholder inserts his EMV card into the terminal for the duration of the transaction.
A set of specifications that describe how a transaction between a point-of-sales terminal and a contactless card should be conducted. In a contactless payment, the cardholder taps or swipes his card against the point of sales terminal.
A set of specifications that describe how a transaction between a point-of-sales terminal and an NFC-enabled smartphone or wearable should be conducted. In mobile payment, the smartphone or wearable owner taps or swipes it against the point-of-sales terminal.
A specification that describes a framework to generate, deploy and manage payment tokens which can operate with existing payment networks. Tokenization replaces the card number, also known as PAN, with a unique payment token in order to limit the risk associated with unauthorized use of PANs.
A set of specifications that describe a common and interoperable format for QR Code payments. In QR code-based payment, the QR code is scanned to conduct the transaction. The displayed QR code has associated the payment credentials of the consumer or merchant.
A set of specifications that describe a framework to conduct secure e-commerce online card transactions. 3-D Secure allows merchants to authenticate the cardholder during an online payment transaction, preventing unauthorized use of cards online.
Secure remote commerce
A specification that describes how merchants can obtain from the card the payment data required to conduct and authorize an online transaction. This specification provides secure payment acceptance between a merchant site and the consumer device. It defines the interfaces, data delivery methods and payment payload protection concerning the merchant.
EMV 2nd Generation
A specification that describes an architecture for a flexible and modular terminal design that supports a variety of payment interfaces for online and offline processing (contact, contactless, mobile, etc).
For more information, EMV specifications are available to the public for free download in the EMVCo website.
EMV product type approvals
Besides the enhancement and evolution of payment specifications, EMVCo also develops testing plans, product type approvals and certification processes. These processes assess the compliance of products to EMV specifications. In fact, EMVCo must approve product conformance before these products are deployed in the field. The EMV type approval processes defined are:
Contact card-based products
The contact card type approval indicates that the chip hardware satisfies the electro-mechanical and functional requirements of the EMV specifications.
It also indicates that the application loaded in the chip complies with the EMV Common Core Definition (CCD) and Common Payment Application (CPA) specifications.
The acceptance device type approval applies to any point-of-sales (POS) terminal that accepts EMV chip cards to enable a payment transaction. The EMV chip specification encompasses both contact and contactless payments. The type approval process asses separately the compliance of both contact and contactless interfaces of the POS terminal to the EMV Level 1 and EMV Level 2 specification requirements.
On the one hand, the EMV Level 1 requirements include electrical and protocol testing in the contact interface, and analog, digital and interoperability testing in the contactless interface. On the other hand, the EMV Level 2 verifies that the payment application, or kernel, loaded in the point-of-sales terminal satisfy the EMV specifications.
The NFC consumer device type approval applies to any product that supports NFC-based payments, such as smartphones or wearable devices.
This type approval process assesses the compliance of the contactless interface of the smartphone or wearable to the EMV Level 1 specification requirements. The EMV Level 1 requires passing a set of analog, digital, interoperability and performance tests to verify that the contactless interface complies with the EMV specifications. In addition, the type approval process mandates a security evaluation of the hardware platform or the software components on which the payment application is installed.
The authentication type approval applies to systems that use 3-D Secure cardholder authentication protocol when making e-commerce purchases. The type approval process tests that the 3-D Secure authentication protocol is in accordance with EMV 3-D Secure specifications.
This type approval process verifies that the infrastructure and components used are compliant with the EMV 3-D Secure specifications (i.e., Access Control Server, Directory Server, 3DS Server and 3DS SDK).
QR Code evaluation
QR Code-based payments do not define a type approval process like the ones described above. Instead, EMVCo provides a set of tools and sample QR codes that can be used for self-evaluation of the QR code-based solution.
EMV product type approval process
The standard EMV type approval process of a new product consists of these steps:
- Registration: Submit a registration form to receive a contract and registration number from EMVCo.
- Product declaration: Select an EMVCo accredited laboratory to run the tests.
- Product validation: Perform product testing in an accredited laboratory and receive a test report.
- Product approval: EMVCo evaluates the test reports and issues a Letter of Approval (LOA) when a test report demonstrates product conformance
During the product validation phase, the laboratory delivers a report with the test results. However, these laboratories do not indicate how to pass failed tests. Here is where MobileKnowledge comes to the rescue, our expertise in smartcard and contactless technology, as well as deep knowledge on EMV specifications, allows us to identify the root cause of failed test and define and implement the required solution to ensure a PASS is obtained. Continue reading to discover how we can help you certify your product.
Our EMV services
If you are struggling with the EMV certification for your new contactless point-of-sales terminal or wearable that supports NFC payments, we are your ideal partner.
At MobileKnowledge we support you in bringing your new product to market in the shortest possible time and at a controlled cost. We validate your product compliance to EMVCo specifications before certification. We support you with consultancy services, at any design stage, of the EMV PCD Level 1, Mobile Level 1 and Wearable Level 1 type approval processes.
Let’s talk. Contact us at firstname.lastname@example.org.
Icons by Icons8