You may have heard of EMV (Europay, MasterCard and Visa) certification as it pertains to businesses becoming EMV compliant with the necessary equipment to mitigate fraud. But what exactly is EMV certification, and how does the process work? With EMV chip technology becoming the norm, what do you need to know about EMV certification?
In this piece, we’ll help you answer those questions. We’ll dive into the 3 levels of certification and explain the EMV certification process by breaking it down into 3 easy steps. Additionally, we’ll explain how our EMV certified common kernel makes the process much simpler.
Before we dive into the steps in the EMV certification process, let’s take a look at each of the 3 levels. The EMV certification process can be broken down initially into three levels; Level 1 is Hardware. Level 2 is the software kernel, and Level 3 is the solution. These levels make sense if you think of how a device like an EMV card reader works. It isn’t just hardware. It’s the hardware, plus embedded software, plus support for a set of payment networks.
EMVCo is comprised of several member organizations including Visa, Mastercard, Discover, Amex, JCB and UnionPay. The EMVco organization manages and determines requirements for all three levels. They also designate and authorize test labs to complete testing of payment terminals against the EMV Specifications for levels 1 and 2. EMV certification only then earns level 3 after the equipment issued has passed tests with each of the aforementioned card brands.
This is straightforward. At Level 1, we’re talking about the physical terminal wherein the payments are tested. These tests make sure the device can meet the physical requirements and lower level electromagnetic and communication protocols required, including operating distance tests. EMV Level 1 testing and certification applies to both contact EMV and contactless EMV.
The hardware supplier is responsible for Level 1 EMV certification.
Now that we understand EMV certified hardware, we can move on to the next level that is concerned with validating payment functionality that runs on the L1 certified hardware; specifically known as a Software Kernel or Library. The EMV kernel is used to ensure that the L1 hardware is able to properly communicate to the EMV chip card.
For EMV contact, there is one common specification established by EMVco for EMV Level 2 testing. However, for EMV Contactless, each card brand has their own unique specification for contactless EMV Level 2. Typically, the payment hardware supplier will also provide a Level 2 EMV kernel and associated L2 certification as the software kernel traditionally runs internally within the payment terminal.
EMV End-to-End certification, also known within the industry as EMV Level 3, consists of hardware that has passed EMV L1 certification, an approved EMV L2 kernel (or kernels for contactless), the payment application, a chosen gateway/processor and approval from the brands. Here, all of the components that make up an EMV transaction have all been tested and approved by the brands.
Now that we understand the 3 levels of EMV Certification let’s dive into the process of obtaining it.
Once the hardware has been chosen, the solution provider can then begin the development of the payment application to initiate the payment transaction. Generally, hardware suppliers will provide associated SDKs and documentation for the application developer to create their application to work with the hardware. This step can involve some initial pretest to validate that the application is functioning as expected.
Once the application is ready and the payment processor chosen, the solution provider can initiate the enrollment process. This includes filling out the appropriate paperwork required by a payment processor, including the EMVCo certification of the target device containing the EMV card reader. This paperwork is often called the “intake forms” also describe the payment environment and limitations of the solution (ex: unattended kiosk with an integrated insert reader but no supported PIN pad would result in no PIN test cases being assigned). Next, the payment processor must complete the enrollment process so that every one of the card brands can test and verify with their test systems. With enrollment done, we move on to preparation.
Preparation involves the payment processor issuing test credentials and host access information which runs a basic transaction in order to authenticate that the account was set up properly. This will prevent IT issues like your firewall blocking access as well as other access restrictions being cleared. Reviewing all test scripts ensures all desired application features are covered during certification.
To obtain EMV certification, it is suggested to use a UL Brand Test Tool (BTT) to load in test cases from the card brands to be run against the device and application. These can cost around $12,000 to purchase and are a must-have. During this part of testing, a person must sit and manually execute hundreds of tests, meaning inserting a card, pushing buttons and keeping a record of results as part of the “tpp” file designated for the UL Brand Test Tool.
After this level of testing has been completed, the application is done because all issues are considered fixed or covered by a waiver. You are now in the pre-validation stage wherein every test must be carried out with the card brand test systems. Each brand has an individual check following this stage to ensure the host and card passed through the system. This test might take several days to complete.
Validation is the actual and final certification, the home stretch if you will of the entire process. That means a final round of testing, but timed against official card brand certification hosts to work out any kinks or surprises all the prior testing might have missed. For the coup de grace, certifications issued via e-mail to signal your work is done.
If the entire process sounds too complicated, then ID TECH can make it easy for you. ID TECH’s Common Kernel makes the certification process simpler. Once you have a contact EMV payment solution that contains any ID TECH Common Kernel product and is Level 3 certified, no new Level 3 certification is needed to integrate new products based on ID TECH’s Common Kernel.
This enables flexibility and agility when there is a need to upgrade or add EMV payment solutions to a system. You don’t have to begin the expensive and intensive Level 3 certification process again. When you consider how time-consuming the EMV certification process can be, this is a game-changer. Eliminating recertification can lead to huge gains in productivity and speed up time to market.
At ID TECH, we not only make the EMV Certification Process simpler and easier on your budget, but we make it easy for you to accept every way your customers want to pay. From kiosks to ATMs to mobile payments, we’ve got you covered with the latest in PCI certified contact and contactless EMV payment technology.
If you would like to learn more about ID TECH regarding the EMV Certification process, a more in-depth exposure to the entire process, how it can maximize profits for your business and mitigate losses due to fraud, contact us to learn more at IDTECH.