EMV (Europay, MasterCard, and Visa) certification is a governing process that mandates the security criteria for all payment acceptance systems. EMV certification compliance is required for all payment processing systems, including point-of-sale (POS) terminals, kiosks, embedded systems, and payment software to meet its security and functionality standards compliance. The certification process is divided into three levels, each serving a specific purpose and involving different parties. Let’s explore these three levels of EMV certification:
1. Level 1 Certification – Terminal Integration Process (TIP):
- Purpose: Level 1 certification focuses on the physical and electrical aspects of the terminal, ensuring that it meets EMV hardware requirements and can communicate with EMV chip cards.
- Responsibilities: This certification level is typically the responsibility of the device manufacturer. The manufacturer must ensure that the hardware meets EMV standards, including aspects such as card reading, communication interfaces (like NFC and chip card readers), and power management.
- Testing: The manufacturer undergoes rigorous testing to verify that the hardware is compliant with EMV standards. This includes testing for electrical specifications, signal levels, and proper functioning of the hardware components.
- Outcome: Once the hardware successfully passes Level 1 certification, it is considered EMV-compliant at the hardware level and can proceed to Level 2 certification.
2. Level 2 Certification – Kernel Integration Process (KIP):
- Purpose: Level 2 certification focuses on the software components within the device, particularly the EMV kernel, which is responsible for processing EMV transactions. It ensures that the device’s software adheres to EMV standards and can handle various card types and transaction scenarios.
- Responsibilities: Hardware vendors or software developers typically take responsibility for Level 2 certification. They develop and test the EMV kernel that runs on the device and ensure that it functions correctly.
- Testing: Level 2 certification involves extensive testing of the device’s EMV kernel. This includes scenarios like card reading, transaction processing, and handling different card types (e.g., credit, debit, contactless). Testing also verifies that the device can correctly perform cryptographic operations required for secure EMV transactions.
- Outcome: Successfully completing Level 2 certification means that the device’s EMV software meets the necessary standards and can handle EMV transactions. The device is then ready for Level 3 certification.
3. Level 3 Certification – Application Integration Process (AIP):
- Purpose: Level 3 certification focuses on the integration of the terminal’s EMV software with specific payment applications and payment networks. It ensures that the device can interact correctly with payment cards, financial institutions, and processors.
- Responsibilities: Payment processors, payment software developers, or financial institutions are typically responsible for Level 3 certification. They ensure that their payment applications are compatible with the device’s EMV kernel.
- Testing: Level 3 certification involves comprehensive testing of the entire transaction flow, from card insertion or tap to transaction authorization and settlement. It verifies that the payment application interacts correctly with the device’s EMV software and that transactions are processed securely.
- Outcome: Successfully completing Level 3 certification means that the device is ready for real-world deployment. It can confidently process EMV transactions with various payment applications and networks, ensuring a seamless and secure payment experience for consumers and merchants.
The three levels of EMV certification ensure that payment devices and software adhere to EMV standards, from the hardware level (Level 1) to the software components (Level 2) and the integration with payment applications and networks (Level 3). This rigorous certification process is essential for maintaining the security and interoperability of EMV-compliant payment systems. For more information contact us below.