Scribd
Upload
2K views21 pages

EMV - Europay, MasterCard, Visa

This document provides an overview of EMV (Europay, Mastercard, and Visa) testing procedures and specifications for payment terminals. It describes the basic transaction flow and roles of different parties in an EMV transaction. It also discusses the Common Payment Application process, terminal requirements, and the multi-level testing procedures including Level 1 (electromechanical and protocol testing) and Level 2 (application compliance testing). Finally, it covers contactless specifications regarding communication protocols, terminal architecture, and contactless testing procedures.

Uploaded by

Rajat Kumar
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views21 pages

EMV - Europay, MasterCard, Visa

This document provides an overview of EMV (Europay, Mastercard, and Visa) testing procedures and specifications for payment terminals. It describes the basic transaction flow and roles of different parties in an EMV transaction. It also discusses the Common Payment Application process, terminal requirements, and the multi-level testing procedures including Level 1 (electromechanical and protocol testing) and Level 2 (application compliance testing). Finally, it covers contactless specifications regarding communication protocols, terminal architecture, and contactless testing procedures.

Uploaded by

Rajat Kumar
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

EUROPAY, MASTERCARD &

VISA (EMV)

Testing Procedures and Specifications


By Rajat Kumar
Basic Terms
 Account Holder – Consumer using Integrated Circuit
Card (ICC)
 Acquirer – Financial Institution that enlists merchant
to use an application like VISA
 Issuer – Financial Institution which issues ICC to
consumer
 Merchant – a store, restaurant, airline etc.
Transaction Flow

Cardholder Application Issuer


Merchant Acquirer

VISA/MASTERCARD
Course of Presentation
 Common Payment Application(CPA) basics
 Terminal requirements
 Hardware

 Software

 Test Procedure
 Level 1
 Level 2

 Contactless Specifications
Common Payment Application
- a process overview

 Application Selection
 Checking for offline verification

 Initiate Application Processing

 Read Application Data


CPA – a process overview
 Offline Data Authentication
 Two methods
 Static
Data Authentication(SDA)
 Dynamic Data Authentication(DDA)

 SDA verifies authenticity of personalized data


 Dynamic data authentication has two forms :
 In DDA, terminal decodes a cryptogram generated by card
using dynamic data, thus verifying legitimacy of card
 In Combined DDA/ Generate AC, a dynamic signature is
sent along with Application Cryptogram to terminal.
CPA – a process overview
 Processing Restrictions
 Cardholder Verification
 Terminal Risk Management
 Terminal Action Analysis
 Terminal decides on basis of results from offline data
authentication, processing restrictions, terminal risk
mgmt. and cardholder verification to approve
transaction offline, sent online for verification or decline
offline.
POS Terminal Definition
 Terminal Type ‘22’
 Offline with online capability for carrying out
transactions
 Operational Control is provided by merchant

-- EMV v4.2 Book 4


Terminal Requirements
 Mechanical Characteristics
 IFD must be ISI/IEC 7816-1,2
 Contact embossing should be ISO 7811 -1,3 compliant.

 Contact force on IC Card contacts must be in range of


0.2 to 0.6 Newton.

-- EMV v4.2 Book 1


Terminal contact locations
Terminal Requirements
 Electrical Characteristics
 All measurements must be with respect to GND over an
ambience 5⁰⁰ C to 40⁰⁰ C
 Input/Output contact must limit current by +/-15mA

 Rise and Fall times for signals as mentioned in Book-1


-- EMV v4.2 Book 1
Terminal Requirements
 Software Characteristics
 Offlinedata authentication
 Personal Identification Number encipherment

 Secure messaging

 Terminal security
Test Procedure
 Multi level testing
 Level 1
 Electromechanical characteristics
 Logical interface
 Transmission protocol

 Level 2
 Compliance with debit/credit payment applications
Test Procedure
 Level 1 Test Cases
 Card session test
 Answer to reset test
 Protocol test
 Transport layer test

-- Terminal Level-1 Test Cases


Test Procedure
 Level 2 Test Cases
 Application selection
 Security aspects
 Cryptography algorithm
 Functions in transaction processing
 Erroneous/missing data in ICC

-- Terminal Level-2 Test Cases


Contactless Specifications
 Communication Protocol
 Electrical characteristics of interface
 Powerrequirements
 Modulation methods used

 Protocol layer sequence


 Proximity Coupling Device’s(PCD) polling mechanism
Contactless Specifications
 Terminal Architecture
 EntryPoint – An overlying layer above application
kernels to support multiple legacy kernels.
 Application kernels such as Paypass MasterCard chip
kernel lie in the next layer
 Once Entry Point finds a suitable kernel match with
PICC it hands over communication to it.
Contactless Specifications

Terminal Architecture
Contactless Testing
 Level 1 is about compliance to EMV CL
Communication Protocol Specification v2.0
 Entry Point Compliance Label is given after testing
Entry Point using specified kernels

* Level 1 certification has been given to three terminals.


* No test cases mentioned for Level 1/Entry Point.
References
 www.emvco.com
 www.visa.com
 Google Image & Web Search
Thank You

You might also like