March 2nd, 2010
Traditionally, most card payment terminals have used purpose-built hardware and software, running an embedded operating system for reasons of cost and performance. Over the years however the market has gradually evolved and many payment terminals now use general purpose platforms that support Java.
When developing EmvJ – the platform-independent EMV Level 2 Kernel that runs on any Java Virtual Machine – CreditCall wanted to harness the full potential of Java. Thus EmvJ is not only a very powerful and versatile kernel but has also been highly optimised for both performance and size, making it ideal for use on any payment device – whether it’s an ATM, an unattended kiosk or an EFT PoS (Point-of-Sale) terminal.
A major focus during the development of EmvJ was to provide an EMV Kernel that could easily be integrated into a card payment application. This enables EMV novices to quickly achieve an EMV-compliant transaction using EmvJ with only a few lines of code, and also provides advanced features to customise the kernel to support specific EMV Level 2 or card scheme-specific functionality appropriate to a particular solution.
The EmvJ Kernel was also designed to allow any PIN-pad and card reader components to be added without recompilation of the Kernel, by providing the drivers for those in separate Java packages. This can provide significant savings when undertaking the EMVCo Level 2 approval processes if multiple configurations and PIN Pads need to be supported. Drivers are already available for popular PIN Pads and EMV Level 1 approved card readers, including those from Ingenico, Verifone, Gemalto, Magtek and Sankyo.
CreditCall’s family of EMV Kernels are maintained to the very latest EMV Level 2 and industry standards, so you can be certain that they provide the best EMV solutions both now and in the future. Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.
Posted in EMV Certification and Approvals | No Comments »
February 9th, 2010
The much anticipated release of the latest EMV Level 2 test specification happened on the 5th February, and already CreditCall is working through the documents to identify changes that need to be made to its widely certified EMV software Kernel.
In addition to the test case updates to validate the implementations of all the EMV specification update bulletins that have been published during the past year, test cases are now also provided for American Express. This is the first EMVCo Level 2 test plan released since they joined MasterCard, Visa and JCB as EMVCo’s fourth member last year.
With over 100,000 users of the Kernel in Europe alone, and with customers in most regions of the world where Chip and PIN is mandated, CreditCall expects to be certifying new integration of its EmvX, EmvJ and EMV.LIB as soon as March 2010.
Link to EmvCo Bulletins
Tags: EMV Kernel, EMV Level 2 Approval, EMV Test Case, EMV Test Specification, EMVCo 4.2b, EMVCo Specification
Posted in EMV Certification and Approvals | No Comments »
February 2nd, 2010
Metric "Aura" EMV equipped Pay-and-Display machine
Although much of the publicity surrounding EMV “Chip and PIN” migration has related to its use in retail outlets, another market sector that has benefitted from EMV migration is Unattended Payment Terminals (UPT).
Unattended payments, where a customer uses an unsupervised terminal to pay for goods or services such as parking and vending machines or self-service kiosks, have traditionally been processed using cash. Where card payment has been supported this has been achieved by using the data from the magnetic stripe on a customer’s card, with no cardholder verification. This means that such machines are an obvious target for fraudsters trying to use stolen and cloned cards and, as there are no attendants to monitor these environments, it has been extremely difficult to crackdown on this illegal activity. This has therefore limited the growth of unattended card payments.
However, the advent of EMV cards means that secure PIN entry can now be used to verify the cardholder, and advances in communications technology means that it is also possible to quickly and safely authorise transactions with the card issuer even when there is no fixed communications infrastructure on site.
Together, these developments have fuelled a large growth in a number of unattended environments, including car parking, transport ticketing, automated supermarket lanes and other self-service kiosks vending higher value goods, as vendors can now have confidence that every transaction is genuine and they will always receive their payment.
This is just one example of the benefits that EMV migration can bring. The CreditCall EMV Kernels provide a simple but powerful way to add EMV Level 2 capability to payment devices. Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.
Tags: Chip and PIN terminal, EMV Kernal, EMV Parking, EMV Ticketing, EMV Transaction, kiosk payment, low-value transaction, Parking payment, Unattended payment terminal, UPT, Vending Payment
Posted in EMV Certification and Approvals | 1 Comment »
January 20th, 2010
EMVCo have finally corrected one of the longest standing anomalies in the EMV specifications, with the release of EMVCo Specification Update Bulletin No. 71.
When there are multiple payment applications present on an EMV card, or the card configuration requires cardholder confirmation, payment terminals will display the list of applications to the cardholder to allow them to select an EMV application to use for the transaction.
EMV cards will often include an ‘application preferred name’, which is the name of the card application in the cardholder’s local language. Although this is the preferred name to display to the cardholder, it will not always be possible to do so as the name may use an ‘issuer code table’ that is not supported by the terminal. For example, a terminal in Europe may not contain a display font that allows Arabic characters to be displayed.
Therefore, normally all EMV card applications will contain an ‘application label’ which contains only characters in the common character set that all EMV-capable terminals are required to support, which should ensure that there will always be a name that can be displayed to the cardholder.
Unfortunately, although the presence of the application label on the EMV card is mandatory when using the PSE directory method during application selection, it was only defined as optional when selecting the application using the list of Applications method. Therefore it has never been possible to guarantee the presence of the application label on a chip card – until now! EMVCo have finally resolved this by issuing Specification Update Bulletin No. 71 that now makes the application label mandatory on all new EMV-compliant cards. This will finally mean that EMV Level 2 Kernels used by payment terminal vendors will always have a name to display during application selection, and should no longer need to implement default name processing.
The CreditCall EMV kernels are compliant with all the latest industry requirements, and provide a simple but powerful way to add EMV Level 2 compliance to payment devices. Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.
Tags: Application Selection, EMV application label, emv complinace, EMV Kernel, EMV Specification Update, EMV Transaction, Level 2 Kernel
Posted in EMV Certification and Approvals | 3 Comments »
January 6th, 2010
Although EMV is often referred to as “Chip and PIN”, in fact EMV supports several different methods of verifying the identity of the cardholder, known as Cardholder Verification Methods (CVM). Every card contains a list of the CVM that it supports, and when they need to be applied (e.g. Use online PIN if the transaction is an ATM cash withdrawal, else use signature).
Whenever an EMV transaction is performed, the terminal’s EMV Level 2 Kernel processes the CVM list in order, until it finds a CVM that it supports and can process. In the event that no supported CVM is found or an error occurs during CVM processing (e.g. the PIN-Pad was malfunctioning), the EMV kernel will flag this in the Terminal Verification Results, which may cause the transaction to be declined or sent online for authorisation by the card issuer.
The CVM that EMV currently supports are Online PIN (required in certain countries for all transactions, and also for all ATM cash withdrawals), Offline PIN verified by the chip card (required in certain countries for all payment transactions), signature (for attended payment terminals in some countries), or a combination of both PIN and signature if additional verification is required.
Also, in some environments it is permissible to use no CVM for low-value transactions or for terminals that do not support any of the CVM on the cards.
CreditCall’s EMV Kernels support every EMV-defined CVM, and provide a simple yet powerful way to add EMV level 2 to payment devices. Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.
Tags: Cardholder verification, CVM, CVM method, CVM Processing, EMV Kernal, EMV Kernel, emv level 2, EMV Transaction, EmvX, low-value transaction, offline PIN, online PIN
Posted in EMV Certification and Approvals | No Comments »
December 9th, 2009
If you are familiar with magnetic stripe card processing, you may not be aware that the online processing of an EMV “Chip and PIN” card allows the authenticity of a payment card to be verified, in addition to checking whether there are sufficient funds available for the payment.
An EMV card generates a unique “Authorisation Request Cryptogram” for each transaction that requires online authorisation. This is calculated by encrypting the card and transaction data using a secret key that is known only to the card and the card issuer. When the transaction details are sent to the issuer during the authorisation process, the issuer can then use its copy of the secret key to verify that the cryptogram for the transaction is correct, and that therefore the card is genuine.
Once the issuer is satisfied that the request is genuine and they wish to authorise the transaction, they will generate an authorisation response cryptogram, which the card can then use to authenticate that the authorisation for the payment came from the genuine issuer of the card.
These checks allow the EMV card and the issuer to verify the authenticity of each other, and thus protect the cardholder from being debited for fraudulent transactions.
This is just one of the many benefits that EMV migration can bring. The CreditCall EMV kernels provide a simple but powerful way to add EMV level 2 to ATMs, PoS devices and unattended payment terminals such as kiosks.
Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.
Tags: authorisation response cryptogram, EMV Kernal, EMV Kernel, emv level 2, EMV Transaction, EmvX, kiosk payment, low-value transaction, offline PIN, online PIN
Posted in Security | 1 Comment »
December 3rd, 2009
This year, for the first time, EMVCo have implemented a policy of revoking all EMV Level 2 letters of approval that are more than 3 years old. Although EMVCo offer the option to renew an existing EMV Kernel approval by submitting it for retesting, the fact that they regularly issue specification update bulletins effectively means that this option is not possible. Therefore, any EMV Level 2 Kernels greater than 3 years old can no longer claim to be EMV-compliant, which is a problem when trying to market and deploy new terminals.
It is of course possible to update an existing EMV solution to meet the latest specifications, but the sheer volume of specification changes means that this is a significant task. A better approach therefore, is to migrate to an EMV Kernel that is compliant with the latest EMV standards, such as the CreditCall EMV Kernels. Check out www.emvx.co.uk for further details of these EMV Level 2 Kernels.
Found this Interesting, but struggling with the terminology? Why not consult the helpful Glossary of Terms at http://www.emvx.co.uk/glossary.aspx EMV de-mystified!
Tags: emv complinace, EMV Kernal, EMV Kernel, EMV Kernel approval, EMV Kernel expiry, emv level 2, EMV Transaction, EmvX, Level 2 Kernel, low-value transaction
Posted in EMV Certification and Approvals | 3 Comments »
