View
192
Download
0
Category
Tags:
Preview:
DESCRIPTION
This document briefly talks about EMV Certification.
Citation preview
EUROPAY, MASTERCARD & VISA (EMV)VISA (EMV)
Testing Procedures and Specifications
By Rajat Kumar
Basic Terms
� Account Holder – Consumer using Integrated Circuit Card (ICC)
� Acquirer – Financial Institution that enlists merchant to use an application like VISAto use an application like VISA
� Issuer – Financial Institution which issues ICC to consumer
� Merchant – a store, restaurant, airline etc.
Transaction Flow
CardholderMerchant Acquirer
Application Issuer
VISA/MASTERCARD
Course of Presentation
� Common Payment Application(CPA) basics
� Terminal requirements
� Hardware
� Software� Software
� Test Procedure
� Level 1
� Level 2
� Contactless Specifications
Common Payment Application- a process overview
� Application Selection
� Checking for offline verification
� Initiate Application Processing
� Read Application Data
CPA – a process overview
� Offline Data Authentication
� Two methods
� Static Data Authentication(SDA)
� Dynamic Data Authentication(DDA)
� SDA verifies authenticity of personalized data
� Dynamic data authentication has two forms :
� In DDA, terminal decodes a cryptogram generated by card using dynamic data, thus verifying legitimacy of card
� In Combined DDA/ Generate AC, a dynamic signature is sent along with Application Cryptogram to terminal.
CPA – a process overview
� Processing Restrictions
� Cardholder Verification
� Terminal Risk Management
� Terminal Action Analysis� Terminal Action Analysis
� Terminal decides on basis of results from offline data authentication, processing restrictions, terminal risk mgmt. and cardholder verification to approve transaction offline, sent online for verification or decline offline.
POS Terminal Definition
� Terminal Type ‘22’
� Offline with online capability for carrying out transactions
� Operational Control is provided by merchant� Operational Control is provided by merchant
-- EMV v4.2 Book 4
Terminal Requirements
� Mechanical Characteristics
� IFD must be ISI/IEC 7816-1,2
� Contact embossing should be ISO 7811 -1,3 compliant.
� Contact force on IC Card contacts must be in range of � Contact force on IC Card contacts must be in range of 0.2 to 0.6 Newton.
-- EMV v4.2 Book 1
Terminal contact locations
Terminal Requirements
� Electrical Characteristics
� All measurements must be with respect to GND over an ambience 5⁰ C to 40⁰ C
� Input/Output contact must limit current by +/-15mA
⁰ ⁰
� Rise and Fall times for signals as mentioned in Book-1
-- EMV v4.2 Book 1
Terminal Requirements
� Software Characteristics
�Offline data authentication
� Personal Identification Number encipherment
� Secure messaging� Secure messaging
� Terminal security
Test Procedure
� Multi level testing
� Level 1
� Electromechanical characteristics
� Logical interface
� Transmission protocol
� Level 2
� Compliance with debit/credit payment applications
Test Procedure
� Level 1 Test Cases
� Card session test
� Answer to reset test
� Protocol test
Transport layer test� Transport layer test
-- Terminal Level-1 Test Cases
Test Procedure
� Level 2 Test Cases
� Application selection
� Security aspects
� Cryptography algorithm
Functions in transaction processing� Functions in transaction processing
� Erroneous/missing data in ICC
-- Terminal Level-2 Test Cases
Contactless Specifications
� Communication Protocol
� Electrical characteristics of interface
� Power requirements
�Modulation methods used
� Protocol layer sequence
� Proximity Coupling Device’s(PCD) polling mechanism
Contactless Specifications
� Terminal Architecture
� Entry Point – An overlying layer above application kernels to support multiple legacy kernels.
� Application kernels such as Paypass MasterCard chip kernel lie in the next layer
�Once Entry Point finds a suitable kernel match with PICC it hands over communication to it.
Contactless Specifications
Terminal Architecture
Contactless Testing
� Level 1 is about compliance to EMV CL Communication Protocol Specification v2.0
� Entry Point Compliance Label is given after testing Entry Point using specified kernelsEntry Point using specified kernels
* Level 1 certification has been given to three terminals.
* No test cases mentioned for Level 1/Entry Point.
References
� www.emvco.com
� www.visa.com
� Google Image & Web Search
Thank You
Recommended