EUROPAY, MASTERCARD & VISA (EMV)VISA (EMV)

Testing Procedures and Specifications

By Rajat Kumar

Basic Terms

� Account Holder – Consumer using Integrated Circuit Card (ICC)

� Acquirer – Financial Institution that enlists merchant to use an application like VISAto use an application like VISA

� Issuer – Financial Institution which issues ICC to consumer

� Merchant – a store, restaurant, airline etc.

Transaction Flow

CardholderMerchant Acquirer

Application Issuer

VISA/MASTERCARD

Course of Presentation

� Common Payment Application(CPA) basics

� Terminal requirements

� Hardware

� Software� Software

� Test Procedure

� Level 1

� Level 2

� Contactless Specifications

Common Payment Application- a process overview

� Application Selection

� Checking for offline verification

� Initiate Application Processing

� Read Application Data

CPA – a process overview

� Offline Data Authentication

� Two methods

� Static Data Authentication(SDA)

� Dynamic Data Authentication(DDA)

� SDA verifies authenticity of personalized data

� Dynamic data authentication has two forms :

� In DDA, terminal decodes a cryptogram generated by card using dynamic data, thus verifying legitimacy of card

� In Combined DDA/ Generate AC, a dynamic signature is sent along with Application Cryptogram to terminal.

CPA – a process overview

� Processing Restrictions

� Cardholder Verification

� Terminal Risk Management

� Terminal Action Analysis� Terminal Action Analysis

� Terminal decides on basis of results from offline data authentication, processing restrictions, terminal risk mgmt. and cardholder verification to approve transaction offline, sent online for verification or decline offline.

POS Terminal Definition

� Terminal Type ‘22’

� Offline with online capability for carrying out transactions

� Operational Control is provided by merchant� Operational Control is provided by merchant

-- EMV v4.2 Book 4

Terminal Requirements

� Mechanical Characteristics

� IFD must be ISI/IEC 7816-1,2

� Contact embossing should be ISO 7811 -1,3 compliant.

� Contact force on IC Card contacts must be in range of � Contact force on IC Card contacts must be in range of 0.2 to 0.6 Newton.

-- EMV v4.2 Book 1

Terminal contact locations

Terminal Requirements

� Electrical Characteristics

� All measurements must be with respect to GND over an ambience 5⁰ C to 40⁰ C

� Input/Output contact must limit current by +/-15mA

⁰ ⁰

� Rise and Fall times for signals as mentioned in Book-1

-- EMV v4.2 Book 1

Terminal Requirements

� Software Characteristics

�Offline data authentication

� Personal Identification Number encipherment

� Secure messaging� Secure messaging

� Terminal security

Test Procedure

� Multi level testing

� Level 1

� Electromechanical characteristics

� Logical interface

� Transmission protocol

� Level 2

� Compliance with debit/credit payment applications

Test Procedure

� Level 1 Test Cases

� Card session test

� Answer to reset test

� Protocol test

Transport layer test� Transport layer test

-- Terminal Level-1 Test Cases

Test Procedure

� Level 2 Test Cases

� Application selection

� Security aspects

� Cryptography algorithm

Functions in transaction processing� Functions in transaction processing

� Erroneous/missing data in ICC

-- Terminal Level-2 Test Cases

Contactless Specifications

� Communication Protocol

� Electrical characteristics of interface

� Power requirements

�Modulation methods used

� Protocol layer sequence

� Proximity Coupling Device’s(PCD) polling mechanism

Contactless Specifications

� Terminal Architecture

� Entry Point – An overlying layer above application kernels to support multiple legacy kernels.

� Application kernels such as Paypass MasterCard chip kernel lie in the next layer

�Once Entry Point finds a suitable kernel match with PICC it hands over communication to it.

Contactless Specifications

Terminal Architecture

Contactless Testing

� Level 1 is about compliance to EMV CL Communication Protocol Specification v2.0

� Entry Point Compliance Label is given after testing Entry Point using specified kernelsEntry Point using specified kernels

* Level 1 certification has been given to three terminals.

* No test cases mentioned for Level 1/Entry Point.

References

� www.emvco.com

� www.visa.com

� Google Image & Web Search

Thank You