EMV Level 2 - Just what does it mean?

The purpose and goal of the EMV standard is to specify interoperability between EMV compliant IC cards and EMV compliant credit card payment terminals throughout the world. There are two major benefits to moving to smart card based credit card payment systems: improved security (with associated fraud reduction), and the possibility for finer control of "offline" credit card transaction approvals

So someone asks you -- is your kiosk EMV L2, or more specifically are your devices Level 2...

Here are some definitions.

EMV Level 1 covers the electrical and physical interfaces, and the transmission of data, between the terminal and the card. There is an extensive EMVCo defined level 1 approval process, which requires every card reader to have completed laboratory type approval before they can be used to perform EMV transactions. EMVCo also require this approval to be renewed at defined intervals to retain compliance.


EMV Level 2 covers the set of functions that provide all the necessary processing logic and data that is required to select and process a card application in order to perform an EMV transaction.

There is an extensive EMVCodefined level 2 approval process, which requires every EMV kernel to have completed laboratory type approval before they can be used to perform EMV transactions. EMVCo also require this approval to be renewed at defined intervals to retain compliance.

There are no level 2 certified Card Readers for example. They are all Level 1. There are however Level 2 kernels.

Reference EMVCO link

Level 2 Contact Approved Application Kernels - Within 2 Years

EMV 4.0 Approvals Within the Past Two Years

The following list contains application kernels for which EMVCo has approved the first configuration within the past two years.

EMVCo Terminal Type Approval Level 2 addresses the conformance of the terminal resident application software in whole or in part that supports the required and optional EMV specification functionality.

EMVCo is pleased to announce the following Vendors Application Kernels have received EMVCo Terminal Type Level 2 approval according to EMV 4.0.

489 Approved Kernel Configurations/140 Vendors


The EMVCO site also lists devices which meet the EMV L1 certs.

http://www.emvco.com/approvals.aspx?id=84#S

Level 1 Contact Approved Interface Modules

EMVCo Type Approval Level 1 addresses the conformance of Interface Modules (IFM) to the EMV defined set of electrical, mechanical and communication protocol characteristics. EMVCo is pleased to announce the following vendors' interface modules (IFMs) have received EMVCo Terminal Level 1 approval according to EMV 4.0 specifications.

For further details regarding these products, including the test result summary, please contact the relevant vendor. You may also contact the EMVCo via communication facility found on this website. Please go to the home page and select "Contact Us" and follow the prompts to submit your query.

Please note that an IFM marked with an asterisk (*) has some restrictions. These restrictions are listed on the first page of the LOA. Contact the vendor to retrieve a copy of the LOA.

661 IFM Approvals/242 Vendors



Recent Entries

Wireless transactions and PCI DSS 1.2 Compliance
Article covering wireless transaction and protocols in context of PCI compliance. Amazing that 11% use WPA2. Gist of article is…
EMV Level 2 - Just what does it mean?
The purpose and goal of the EMV standard is to specify interoperability between EMV compliant IC cards and EMV compliant…
CUPPS: The Platform of the Future (Airline Kiosk)
CUPPS has been architected as the platform of the future, able to accommodate many things even beyond the agent-facing applications…
EMV takes aim at U.S.
Nice article on SecureIDnews covering EMV. by Andy Williams, Associate Editor, Avisian PublicationsLike a massive tidal wave, EMV continues to roll…
Tokenization and Enterprise Security
Nice article on tokenization which also highlights lack of formal standards for tokenization at this time. Credit Card Tokenization: Put All…
Wal-Mart's Kiosk Trial Raises Serious PCI, Data Ownership Issues
Wal-Mart this month became the latest major retailer to experiment with self-service kiosks, selling space in 77 stores for units…
Proximity (NFC) Mobile Payment Technology - Security Whitepaper
The opportunities offered by the advent of proximity mobile payments are clear; differentiated payment services, increased transaction volumes, faster transactions,…
Look Beyond Hospitality Touch Screen Solutions
Whether you realize it or not, touch technology quickly is becoming the intuitive input delivery method of choice. Look no…
Level 4: The small-merchant PCI challenge
While sensational data breaches experienced by big-box retailers and processors fill the headlines, 85 percent of reported data compromises involve…
ATM Card Skimming and Pin Capture
ATM Card Skimming is a method used by criminals to capture data from the magnetic stripe on the back of…
Background - Use of Electronic Health Records in U.S. Hospitals
Report from New England Journal of Medicine on Electronic Health Records. Concludes - very low levels of adoption in U.S.…
PCI DSS in real life -- Requirement 1 Firewall
Excerpt: Critical to the selection was choosing a vendor that best met PCI DSS (Payment Card Industry Data Security Standard)…
User Interface & Content - Can I Use My Website?
Web sites, self-service can play nicely together according to Jim Kruper of Kioware.  With the increasing number of devices that…
Resource Link - Understanding credit card transaction fees
Merchants accounts, gateways and rates. Having your kiosk process credits cards swiped locally (card present) come with regulatory standard considerations…
Whitepaper - Introduction to CFM or Customer Flow Management
CFM or Customer Flow Management systems are found in more verticals/markets than any other application. Here is a technical document…
Compliance Resource: ETA and Electronic Transaction Compliance
Worth noting Heartland Payment Systems and RBS Worldpay have been removed from Visa Inc.'s list of PCI compliant service providers and…
Going beyond current PCI security standards
Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior…
ADA Requirements - Changes in California
In late 2008 the California legislature passed a stronger version of ADA which was Senate Bill 1608. This bill became…
Opinion - Why is Redbox Afraid of the iPhone?
Over the last few years, Redbox has been able to build an impressive DVD rental network by being innovative and…
Research Report - Touchscreen Check-In: Kiosks Speed Hospital Registration
March 2009 -- Patient self-service kiosks are being used with growing frequency in hospital ambulatory settings and emergency departments. These interactive…



  |