This Week’s blog, we try to answer these questions. When it comes to EMV in transit certifications, it is often unclear what certifications apply, which parties have which role in obtaining the certificates, what the certification requirements are, how long the process takes when a re-certification is required, which are the typical certification pitfalls.
Ambimat Electronics with its experience of over 4 decades of indigenously designing and manufacturing Payment products in India, wishes to draw the attention of our customers and readers of blog posts towards the Automated Fare collection system.
EMV is designed to significantly improve the security for consumer card payments by providing enabling features for reducing fraudulent payment that results from counterfeit and lost and stolen cards. The features that are defined by EMV are as follows -:
1. Authentication of the chipcard to verify that the card is genuine to protect against counterfeit fraud for both online authorized transactions and offline transactions.
2. Risk management parameters to define the conditions under which the issuer will permit the chip card to be used and force transactions online for authorization under certain conditions such as offline limits being exceeded.
3. Digitally signing payment data for transaction integrity.
4. More robust cardholder verification to protect against loss and stolen card fraud for EMV transactions. Counterfeit and lost and stolen card fraud represents a significant cost to all participants in the payment process, including retailers, banks, card issuers, and cardholders. Costs are realized through the processing of cardholder disputes, research into suspect transactions, replacement of cards that have been counterfeited or reported as lost and stolen, and eventual liability for the fraudulent payment itself. By reducing counterfeit and lost and stolen card fraud, EMV offers real benefits to retailers, acquirers, card issuers, and cardholders.
The Evolution of the EMV Specifications
In 1994, three international payment systems, Europay, MasterCard, and Visa, began developing a global chip specification for payment systems. This globalization continued when in 2004, JCB joined in participating with EMV and American Express in 2009. An initial version of the specification titled EMV ’96 Integrated Circuit Card Specification for Payment Systems was released in1996. The first production version of the EMV specifications, version 3.1.1, was subsequently published in 1998. The most recent version of the EMV specifications is version 4.2, published in 2008. Over the preceding ten years, the EMV specifications evolved to meet the changing requirements of the payment industry. They benefited from over a decade of implementation experience in multiple markets across the globe. Despite the ongoing change, the driving principle behind the evolution of the EMV specifications has been that each new release or version is always backward compatible with prior releases. This helps protect the investment in EMV infrastructure made by payment industry stakeholders.
There are three levels of EMV certification:
Level 1 – Hardware: The physical terminal, logic, and transmission of payments are tested.
Level 2 – Software Kernel: The software written to facilitate the transfer of payment information is tested.
Level 3 – Application: Each card brand is tested against the entire processing solution (components of level 1 and 2, plus the payment application).
EMVCo, which is composed of six member organizations (Visa, MasterCard, Discover, Amex, JCB, and UnionPay), manages and defines the specifications for each level and ultimately certifies equipment at just levels 1 and 2. To earn Level 3 EMV certification, the equipment must pass tests with each individual card brand.
If your business needs to use a payment application specific to your industry, level 3 certification gets a lot more complicated.