EMV. Terminal Type Approval IFM Level 1. Administrative Process. Version 4.3b December 2016

Transcription

1 EMV Terminal Type Approval IFM Level 1 Administrative Process Version 4.3b December 2016

2 EMV IFM Level 1 Legal Notice - Version 4.3b Page i / iv Legal Notice This document summarizes EMVCo s present plans for evaluation services and related policies and is subject to change by EMVCo at any time. This document does not create any binding obligations upon EMVCo or any third party regarding the subject matter of this document, which obligations will exist, if at all, only to the extent set forth in separate written agreements executed by EMVCo or such third parties. In the absence of such a written agreement, no product provider, test laboratory or any other third party should rely on this document, and EMVCo shall not be liable for any such reliance. No product provider, test laboratory or other third party may refer to a product, service or facility as EMVCo approved, in form or in substance, nor otherwise state or imply that EMVCo (or any agent of EMVCo) has in whole or part approved a product provider, test laboratory or other third party or its products, services, or facilities, except to the extent and subject to the terms, conditions and restrictions expressly set forth in a written agreement with EMVCo, or in an approval letter, compliance certificate or similar document issued by EMVCo. All other references to EMVCo approval are strictly prohibited by EMVCo. Under no circumstances should EMVCo approvals, when granted, be construed to imply any endorsement or warranty regarding the security, functionality, quality, or performance of any particular product or service, and no party shall state or imply anything to the contrary. EMVCo specifically disclaims any and all representations and warranties with respect to products that have received evaluations or approvals, and to the evaluation process generally, including, without limitation, any implied warranties of merchantability, fitness for purpose or non-infringement. All warranties, rights and remedies relating to products and services that have undergone evaluation by EMVCo are provided solely by the parties selling or otherwise providing such products or services, and not by EMVCo, and EMVCo will have no liability whatsoever in connection with such products and services. This document is provided "AS IS" without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in this document. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON- INFRINGEMENT, AS TO THIS DOCUMENT. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to this document. EMVCo undertakes no responsibility to determine whether any implementation of this document may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of this document should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, this document may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement this document is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party's infringement of any intellectual property rights in connection with this document.

3 EMV IFM Level 1 Revision Log Version 4.3b - Version 4.3b Page ii / iv Revision Log Version 4.3b The following changes have been made to the document since the publication of Version 4.3a. Some of the numbering and cross references in this version have been updated to reflect changes introduced by the published bulletins. The numbering of existing requirements did not change, unless explicitly stated otherwise. Section Reason for change 2.5 ICS replacement rules 2.6 Fee Table 4 Process Alignment

4 EMV IFM Level 1 Contents - Version 4.3b Page iii / iv Contents 1 Introduction Audience Normative References EMV Specifications Definitions Notational Conventions Abbreviations Terminology and Conventions Type Approval Overview Scope of Level 1 Type Approval Structure of the Type Approval Process The Interface Module (IFM) Concept Mechanical ICC Interface Electrical ICC Interface Logical ICC Interface APDU Interface Mechanical Construction Rest of Terminal Type Approval Life Cycle Concept IFM Life Cycle and Type Approval Milestones ICS Submission rules ICS Submission ICS replacement EMVCo type approval fee structure Roles and Responsibilities EMVCo CATA Secretariat Testing Laboratory Auditor Team IFM Provider EMVCo Type Approval Procedure Registration Contract with EMVCo IFM Provider and Testing Laboratory Operations... 23

5 EMV IFM Level 1 Contents - Version 4.3b Page iv / iv Contract Requirements between Test Laboratories and Vendors Type Approval Test Report IFM Provider Preparation for Approval Request IFM Provider Dossier EMVCo Review and Approval Approval with Conditions Compliance Time Frame Type Approval Renewal Process Basic Policy Restricted Renewal Policy Level 1 renewal versus Level 2 renewal Labs for renewal testing ICS Submission Test Version and Specification Change Test Changes without Specification Update and Application Note Test Changes Due to Specification Update and Application Note IFM Change Management Major and Minor Changes Change of Name and Address Re-Issuance of LoA Appendix Vendor Forms... 35

6 Introduction - Version 4.3b Page 1 / 35 1 Introduction EMVCo, LLC ( EMVCo ) is the owner of the EMV Integrated Circuit Card Specification for Payment Systems (version 4.3), hereinafter called EMV Specification. This specification is divided in 4 books: Book 1: Application Independent ICC to Terminal Interface Requirements Book 2: Security and Key Management Book 3: Application Specification Book 4: Cardholder, Attendant, and Acquirer Interface Requirements The Book 1 (Part II) and Book 2 define the complete flow of a transaction between an Integrated Circuit Card (ICC) and a terminal, from the selection of an application in the ICC to the completion of the transaction. The Book 3 defines the format of ICC commands used during the transaction flow between the ICC and terminal. Also defined is the transaction flow and associated data for an application compliant with the EMV specifications. Finally, the Book 4 defines the characteristics of a Terminal that supports an ICC conforming to the two previous specifications mentioned. EMVCo s objective is that terminals used for any transaction within the payment systems of EMVCo s members (i.e. American Express, China UnionPay, Discover Financial Services, JCB, MasterCard International and VISA International) are conform to the EMV Specification. The present document, EMVCo Terminal Type Approval: Level 1 Administrative Process, describes the overall terminal level 1 type approval process and the templates and forms to be completed by the participants in the process 1.1 Audience The target audience for this document includes: IFM providers; Testing laboratories accredited to perform the type approval tests; Auditors acting on behalf of EMVCo.

7 Introduction - Version 4.3b Page 2 / Normative References EMV Specifications Table 1.1: EMV Specifications Reference Publication Name Version [D01] EMV Integrated Circuit Card Specifications for Payment Systems Book 1 Application Independent ICC to Terminal Interface Requirements version 4.3, November [TB1] EMV Terminal Type Approval Bulletin 185 First Ed September Definitions The following terms are used in this specification: Table 1.2: Definitions Term Accreditation Answer to reset (ATR) Application protocol data unit (APDU) Auditor Block Byte Card Definition Formal recognition by EMVCo that an auditor or testing laboratory is competent to carry out specific functions defined as defined by EMVCo type approval procedures. String of bytes sent by the ICC in response to the reset by the terminal. These bytes convey information to the terminal that defines certain characteristics of the communication to be established between the ICC and the terminal. A message sent from the IFD to the card or conversely. It may contain either a command message or a response message. Independent, impartial entity that verifies test laboratory conformance to EMVCo-defined type approval procedures. A succession of characters comprising two or three fields defined as prologue field, information field, and epilogue field. 8 bits. A payment card as defined by a payment system.

8 Introduction - Version 4.3b Page 3 / 35 Term Definition Compliance Conformance Delta Testing Device under test (DUT) Implementation conformance statement (ICS) Implementation under test (IUT) Integrated circuit card (ICC) Integrated circuit(s) Interface device (IFD) Interface module (IFM) IFM interoperability Interface module provider See Conformance. Meeting all the requirements and also any implemented optional requirements. The difference between the test plan version the product was approved against versus the current version of the test plan, when the product is reaching its Renewal date. System, module, part, or component actually tested or to be tested. A form completed by the IFM provider listing all optional functions as specified in the reference specification implemented in the IFM. It includes the IFM s type identification and external operating conditions. A virtual or abstract device, implementing the EMV specification, to be submitted for testing. A card into which one or more integrated circuits are inserted to perform processing and memory functions. Electronic component(s) designed to perform processing and/or memory functions. The part of a terminal into which the ICC is inserted, including such mechanical and electrical devices that may be considered part of it. A virtual or abstract device that contains the necessary hardware and software to power the ICC and to support communication between the terminal and the ICC up to the transport layer. The three main functional components are the mechanical, electrical and logical ICC interfaces. The minimum requirement as defined in EMV Specification which permits the ICC and the IFM to communicate with each other in a predictable and consistent manner globally. The entity that submits the interface modules for level 1 testing.

9 Introduction - Version 4.3b Page 4 / 35 Term International Electrotechnical Commission (IEC) International Organization for Standardization (ISO) Laboratory Definition Formerly known as the International Electromechanical Commission, a standards group that works with the International Organization for Standardization (ISO) and covers the field of electrical and electronic engineering, with all other subject areas being attributed to ISO. ISO collaborates closely with the IEC on all matters of electrotechnical standardization. An international body that provides standards for financial transactions and telecommunication messages. ISO works in conjunction with the International Telecommunication Union (ITU) for standards that affect telecommunications. ISO supports specific technical committees and work groups to promulgate and maintain financial service industry standards. A facility that performs type approval testing. Letter of accreditation Written statement that confirms a testing laboratory is performing type approval tests in conformance to the rules defined by EMVCo. Letter of approval Level 1 test Level 1 test report Lower tester (LT) Magnetic stripe Major modification Message Written statement that documents the decision of EMVCo that a specified product type has demonstrated sufficient conformance to the EMV Specification on the date of testing. The execution of a defined set of electrical, mechanical, and communication protocol tests versus requirements described in part 1 of the EMV Integrated Circuit Card Specification for Payment Systems. The report documenting the results of level 1 testing on an IFM performed by an accredited laboratory. The ICC simulator that allows the IUT to react under normal and error conditions. The stripe on the physical card containing magnetically encoded information. Technical change to an IFM or its functionality that implies that the IFM provider can no longer guarantee conformance of the modified IFM with the requirements of part 1 of the EMV Integrated Circuit Card Specification for Payment Systems. A string of bytes sent by the terminal to the card or vice versa, excluding transmission-control characters.

10 Introduction - Version 4.3b Page 5 / 35 Term Minor modification Nibble Open system interconnection (OSI) Procedure Proficiency Protocol Prototype Quality system Reference specification (EMV Specification) Registration number Renewal Definition Technical change to an IFM or its functionality that does not affect the functionality of the modified IFM with respect to the requirements of part 1 of the EMV Integrated Circuit Card Specification For Payment Systems. The four most significant or least significant bits of a byte. A seven-layer model, defined by ISO/IEC 7498, for describing interconnected systems. The seven layers are the physical, data link, network, transport, session, presentation, and application layers. Specified way to perform a set of tasks. Ability of a testing laboratory to perform the specified tests in an exact and reproducible fashion and to provide an accurate test report. Method of communication between the ICC and the terminal, represented in this specification by T=0 (character protocol) and T=1 (block protocol). Implementation of a design for evaluation purposes but where type approval is not required. Implemented procedures that mandate the operations to be performed by an organization s staff in order to assure accomplishment of the organization s activity with an acceptable level of quality. A set of documents defining the requirements to which the IFM shall comply. The reference specification consists of the current EMV Integrated Circuit Card Specification for Payment Systems and any additional documentation required to perform type approval. A unique identification number assigned by EMVCo to an IFM provider. Extension given to the IFM Approval at the end of its validity date after evaluation that the specified product has demonstrated sufficient conformance to the current EMV specification at the time of the renewal.

11 Introduction - Version 4.3b Page 6 / 35 Term Request for approval Response Restricted Renewal Sample Service provider State H State L System integrator System under test (SUT) Definition A form that accompanies an IFM submitted to EMVCo for type approval. A message returned by the ICC to the terminal after the processing of a command message received by the ICC. Extension given to the IFM Approval at the end of its validity date, after failing full Renewal testing. The specified product has demonstrated sufficient conformance to current critical EMV functionality at the time of the Renewal. A terminal, including the IUT, picked out of production for testing. The entity that provides a product or a service to customers, using terminals and a payment system. Voltage high on a signal line. This condition may indicate a logic one or logic zero depending on the logic convention used with the ICC. Voltage low on a signal line. This condition may indicate a logic one or logic zero depending on the logic convention used with the ICC. the entity that integrates IFM(s) and devices containing IFM(s) into a system for use by a service provider. System, module, part, or component actually tested or to be tested (either a part of the terminal or the entire terminal), including the IUT. T=0 Character-oriented asynchronous half-duplex transmission protocol. T=1 Block-oriented asynchronous half-duplex transmission protocol. Terminal application layers (TAL) Terminal Test The part of the terminal that initiates a command. It sends an instruction via the terminal transport layer (TTL) to the ICC in the form of a 5-byte header called the command header. The device used in conjunction with the ICC at the point of transaction to perform a financial transaction. It incorporates the IFD and may also include other components and interfaces, such as host communications. Any activity that aims at verifying the conformance of a selected product or process to a given requirement under a given set of conditions.

12 Introduction - Version 4.3b Page 7 / 35 Term Test bench Test case Testing laboratory Type approval Type approval documentation Type approval process Type approval test Type approval test information Type approval test report Type identification Upper tester (UT) Warm reset Definition A defined combination of a set of test methods and test equipment used for type approval tests. A description of the actions required to achieve a specific test objective. A facility approved by EMVCo to perform level 1 testing. Acknowledgment by EMVCo that the specified product has demonstrated sufficient conformance to the EMV Specification for its stated purpose. Full set of documents and procedures issued by EMVCo to enable the type approval process. Section provides the list of documents associated with terminal level 1 type approval. The processes that test a product type for compliance with specification. The execution of a defined set of tests against requirements described in a specification to determine compliance with that specification. List of documents and procedures provided to the testing laboratories to facilitate the type approval process. The result of type approval testing on a product. Information describing the form, fit and functionality of the IFM type, to be delivered to the test laboratory together with the IFM samples. The internal (or back external) application of the IFM that emulates a real application in order to test the IUT under all possible conditions. The reset that occurs when the reset (RST) signal is applied to the ICC while the clock (CLK) and supply voltage (VCC) lines are maintained in their active state.

13 Introduction - Version 4.3b Page 8 / Notational Conventions Abbreviations The abbreviations listed in Table 1. are used in this specification. Table 1.3: Abbreviations Abbreviation Description APDU ICC ICS IFD IFM Application Protocol Data Unit Integrated Circuit card Implementation Conformance Statement Interface Device Interface Module Terminology and Conventions The following words are used often in this specification and have a specific meaning: Shall May Defines a product or system capability which is mandatory. Defines a product or system capability which is optional or a statement which is informative only and is out of scope for this specification. Should Defines a product or system capability which is recommended. The following conventions apply: Requirement Numbering Requirements in this specification are uniquely numbered with the number appearing next to each requirement: For example: Example The PCD shall verify the BCC included in the UID CLn. The PCD shall consider an incorrect BCC as a transmission error. A requirement may have different numbers in different versions of the specifications. Hence, all references to a requirement should include the version of the specification as well as the requirement s number. Requirements may include informative statements. In this case the statement is written in the italic font and the verb may instead of shall is used.

14 Type Approval Overview - Version 4.3b Page 9 / 35 2 Type Approval Overview Type approval is the process that tests a product type for compliance with the EMV Specification. The following sections identify the scope, purpose, structure, IFM concept, and roles and responsibilities 2.1 Scope of Level 1 Type Approval EMVCo testing comprises two levels. Level 1 is based on EMV Integrated Circuit Card Specification for Payment Systems (book I-part I). Level 2 is based on of the EMV Integrated Circuit Card Specification for Payment Systems (book I-part II and books II, II and IV) The IFM is the part of the device that is tested for compliance with level 1. If the IFM alone does not constitute an operable device, other components that allow the operation of the IFM may also be submitted for testing. Testing and approval, however, apply only to the designated IFM, not to other components. The approval shall list the designated IFM with reference to the device the IFM was contained. Figure below describes the terminal architecture and identifies the level 1 capabilities. Level 2 is out of the scope of the terminal level 1 type approval process. Figure 2.1: Terminal architecture and level capabilities 2.2 Structure of the Type Approval Process The type approval process is based on set of documents called type approval documentation. Figure 2.2 shows the tree structure of these documents and the intended readers.

15 Type Approval Overview - Version 4.3b Page 10 / 35 Figure 2.2 Type approval documentation The technical documents include the following: EMVCo Type Approval Terminal Level 1 Loopback Upper Tester Specification details the test-specific functions that an IFM shall support for testing purposes. EMVCo Type Approval Terminal Level 1 Mechanical and Electrical Test Cases details the mechanical and electrical tests that a laboratory must perform based on EMV-established requirements (intended for all participants in the type approval process). EMVCo Type Approval Terminal Level 1 Protocol Test Cases details the protocol tests that a laboratory must perform based on EMV-established requirements (intended for all participants in the type approval process). The administrative documents include the following: EMVCo Type Approval Terminal Level 1 Administrative Process details the administrative procedures that each participant in the type approval process must follow, provides necessary forms and templates, and gives an overview of the laboratory accreditation procedure (intended for all participants in the type approval process).

16 Type Approval Overview - Version 4.3b Page 11 / 35 EMVCo Type Approval Terminal Level 1 Accreditation Procedure outlines the procedures that an auditor must follow in accrediting a laboratory to perform type approval tests (intended for auditors and EMVCo). EMVCo Type Approval Terminal Level 1 Laboratory Requirements details all requirements that a laboratory must fulfill to earn type approval testing accreditation (intended for laboratories, auditors, and EMVCo). 2.3 The Interface Module (IFM) Concept Level 1-type approval tests evaluate the part of a terminal that consists of: An interface device (IFD), also called an ICC reader or card connector assembly The necessary hardware and software to power the ICC and to support communication between the terminal and the ICC up to the fourth OSI layer (transport layer) This abstract configuration of IFD, hardware, and software has been designated the interface module (IFM). The physical implementation of the IFM includes all physical parts of the terminal related to the IFM. Figure 2.3 is a model of an IFM contained within a terminal and shows what is external for a level 1 approval. This diagram does not imply that a real IFM must have functionally separate parts but is for illustration purposes only. Figure 2.3 IFM and Terminal model Perimeter A is the smallest subpart that may be identified as an IFM by the IFM provider, if it fulfills all the level 1 requirements of the EMV Specification.

17 Type Approval Overview - Version 4.3b Page 12 / 35 Perimeter B IFM is contained within this device for the purpose of testing. Note : Depending on a vendor IFM design A & B may be one and the same identification. Perimeter C includes all additional hardware for the terminal, outside the scope of level 1 terminal type approval. This includes: Any supporting hardware and software that enables the terminal functions, including the IFM function Any hardware and software system into which the terminal must be integrated to form an actual payment terminal (such as an ATM) Any other hardware and software system in which the terminal is physically integrated to form a payment and service-providing system (such as an automatic gas station or vending machine) Perimeter D and E are relevant only for the definition of the communication interfaces and the method of software loading and are out of scope. Perimeter F includes the entire supporting environment (such as mechanical fixation, supporting furniture, etc.). Figure 2.4 represents the three main functional parts that may form an IFM (incorporated in a terminal, in an ATM, etc.). The diagram does not mean to imply that an IFM must have functionally separate parts. Figure 2.4 Functional elements of an IFM The three main functional elements of an IFM are the mechanical ICC interface, the electromechanical ICC interface, and the logical ICC interface. The terminal level 1-type approval tests must apply to these functional parts, but any functions that these parts perform beyond the IFM functionality are not tested in the type approval procedure. The mechanical construction is not considered a functional part of the IFM. The rest of terminal covers all hardware and software that, together with the IFM, forms an operable system such as terminal or, an ATM.

18 Type Approval Overview - Version 4.3b Page 13 / 35 Implementations of the specified IFM functionality can be divided into three classes of IFM(s): Modular IFM: The components and software modules supporting the IFM functions can be clearly identified and separated, and the control lines of the mechanical and electrical interfaces and the APDU interface are physically accessible. The components and interfaces constitute a separate subassembly within the terminal. Implementation of the modular IFM into different terminals (following the rules for implementation) or the change of functionality of the rest of the terminal does not interfere with any specified IFM functionality or performance. Distributed IFM: The components and software modules supporting the IFM functions can be clearly identified and may be distributed within the rest of the terminal. The control lines of the mechanical and electrical interfaces and the APDU interface are physically accessible. Changing the IFM implementation or the functionality of the rest of the terminal does not interfere with any specified IFM functionality or performance. Integrated IFM: The components and software modules supporting the IFM functions cannot be clearly identified and separated, and the control lines of the mechanical and electrical interfaces and the APDU interface may not physically exist or may not be physically accessible. Changing the IFM implementation or the functionality of the rest of the terminal may influence IFM functionality or performance Mechanical ICC Interface The mechanical ICC interface is the part of an IFM or terminal where an ICC is physically inserted, exactly positioned, and electrically contacted. The physical, mechanical, and card movement requirements outlined in the EMV Specification are all applicable to this interface. Additional mechanical and electrical hardware- and software-enabling functionality s outside the scope of the EMV Specification are not covered by this document Electrical ICC Interface The electrical ICC interface is the functional component or part of the IFM that controls the electrical signals to and from the ICC contacts. The electrical requirements outlined in the EMV Specification are applicable to this interface Logical ICC Interface Card Session, Physical Transportation of Characters, Transmission Protocols requirements outlined in the EMV specification are applicable to the logical ICC interface part of the IFM or terminal upon which the functional tests will be applied APDU Interface The APDU Interface is that part of the terminal through which the logical ICC interface communicates with the rest of the terminal using APDU commands and responses. For verification testing against the EMV Specification, the APDU interface must be directly accessed or indirectly verified.

19 Type Approval Overview - Version 4.3b Page 14 / Mechanical Construction The mechanical construction comprises all parts and components physically supporting the mechanical, electrical, and logical interfaces, the physical ICC transport, the outer case structure, and other construction parts not covered by the EMV Specification Rest of Terminal The rest of terminal contains all hardware, software, and functionality that, combined with the IFM, creates an operable system (such as a terminal, an ATM, etc.). The rest of terminal is not defined in the EMV Specification and is not part of the type approval tests.

20 Type Approval Overview - Version 4.3b Page 15 / Type Approval Life Cycle Concept IFM Life Cycle and Type Approval Milestones An IFM life cycle can be identified according to the position of the type approval milestone: (Figure 2.5). Figure 2.5 Functional elements of an IFM Design Phase The IFM is developed by an entity directly related to the IFM or terminal provider and/or the manufacturer of the IFM(s). Most importantly, IFM design and development must be in accordance with the EMV Specification, as well as any other applicable specifications (e.g., government standards). Prototyping Phase The IFM design is checked and tested against all related specifications. EMVCo recommends that conformance testing against the EMV Specification is conducted on the prototype before proceeding to type approval, preferably with tools equivalent to those used for type approval tests. The IFM provider must identify which options its IFM design has incorporated from the EMV Specification and gather the information to be submitted in the type approval process. Before starting production, reference implementations of the IFM type must be submitted for type approval tests to demonstrate conformance with the required specifications. Type Approval Test Phase EMVCo judges conformance of the IFM design against the EMV-specifications. To determine conformance, reference implementations of the IFM type must undergo predefined tests in a specified test environment (test laboratory). The Samples, submitted to Test Laboratory must be representative of final product.

21 Type Approval Overview - Version 4.3b Page 16 / 35 After the letter of approval has been granted, it is valid as long as the following applies: The IFM design is the same in production as the device, which was tested and approved. If the approval is not revoked by EMVCo. The current production IFM maintains the same characteristics as the tested sample based upon the samples test report. The renewal date is not past. Any change in the IFM design, as specified in the section titled Major and Minor changes of this document, may create a new IFM, whether it occurs before, during, or after production. Type approval of that new IFM is not presumed. Approval Renewal Phase Renewal Prior to the renewal date, vendors may request a renewal by submitting the originally approved product to EMVCo for renewal testing. The purpose of this renewal testing is to ensure that these products pass the most current EMVCo testing. By passing the renewal test, the product will receive an extension to the Letter of Approval. Products not passing Renewal testing can apply for a Restricted Renewal. Alternatively, after the Renewal date, they will be removed from the approved products list, and their Letter of Approval will be considered revoked. Restricted Renewal Products which fail full Renewal testing are eligible to apply for a one-time Restricted Renewal. The failed test case results from the product s Renewal test cycle can be submitted for a Restricted Renewal approval. A product which demonstrates sufficient conformance to critical EMV functionality will be granted a Restricted Renewal and listed as such on the EMVCo website on a dedicated list. Products not passing Restricted Renewal testing will be removed from the approved products list, and their Letter of Approval will be considered revoked, after the Renewal date. Only products which have previously failed Renewal testing will be considered for a Restricted Renewal. A product having already been approved for a four year extension as a Restricted Renewal will not be eligible to apply for a further Restricted Renewal. End of Design Life The end of the design life of an approved terminal/ifm type is reached when production of that type is finally stopped.

22 Type Approval Overview - Version 4.3b Page 17 / ICS Submission rules ICS Submission The initial ICS submission to the EMVCo is free of charge. The ICS submitted must be the ICS in pdf format, capable of importing/exporting XML format and shall be digitally signed by the Product Provider and the Laboratory at the time of submission to EMVCo. The Laboratory supplies the signed copy of the vendor-supplied ICS to EMVCo for review prior to the start of the type approval testing process. EMVCo will review and approve the ICS by returning the ICS in pdf digitally signed and with the official ICS number. In case the ICS is incorrectly filled, decline fee applies to Laboratory ICS replacement One free ICS replacement is allowed during the ICS life cycle. Any subsequent ICS replacement requested will be charged to the Product Provider. Same submission process applies as for initial ICS submission (Laboratory submits the changed ICS). This applies to any change in the ICS after the official approval of the ICS by EMVCo. After the start of the test session of the Product, ICS replacements (following the rules of the previous bullet) are only allowed for administrative information update (such as name of product) but not are not allowed for technical information update. Laboratory shall ensure that any ICS change requested is not made to hide a bug in the product (such as deactivation a function because this function is not working properly). ICS replacement is no more allowed after Test Report submission to EMVCo. Note: ICS decline process remains and any error reported by EMVCo will be charged to the Laboratory (as Laboratory is responsible of reviewing the ICS provided by the Product Provider). ICS decline process applies to the initial ICS submission and also to any other ICS replacement (charged or not charged to the Product Provider).

23 Type Approval Overview - Version 4.3b Page 18 / EMVCo type approval fee structure The following fee structure is appiicable: Initial Submission ICS Replacement (starting at 2 nd Replacement) Renewal (or restricted) Declined ICS/Report (Laboratory fee) LoA reissuance Note: The amount of each fees are published in Terminal Type approval Bulletin 185.

24 Roles and Responsibilities - Version 4.3b Page 19 / 35 3 Roles and Responsibilities The following sections define the roles and responsibilities for the various participants in the type approval process. 3.1 EMVCo CATA Secretariat The EMVCo CATA secretariat is responsible for communicating type approval status to third parties and for the administration and maintenance of a database that provides the following: Qualified auditor list Accredited testing laboratory list Type approval test requirements Issue IFM approval letters Approved IFM list 3.2 Testing Laboratory The testing laboratory is an entity accredited by EMVCo to test IFM provider IFMs according to type approval test requirements. 3.3 Auditor Team The auditor team comprises the persons in charge of conducting audits on behalf of EMVCo. 3.4 IFM Provider The IFM provider is the entity responsible for submitting terminals for type approval in compliance with type approval procedures and for notifying EMVCo when changes are made to type-approved terminals. 3.5 EMVCo EMVCo defines type approval requirements and evaluates operational results. provides the following services: Defines mandatory auditor accreditation requirements EMVCo Accredits organizations that perform audits to establish testing laboratory accreditation Defines mandatory testing laboratory accreditation requirements

25 Roles and Responsibilities - Version 4.3b Page 20 / 35 Sets testing laboratory audit time frame Manages testing laboratory appeals process and resolves accreditation disputes Determines the applicability of the EMV Specification and associated test requirements Evaluates device type approval summary results to determine if approval requests should be granted Notifies appropriate EMVCo working group of warranted specification corrections, clarifications, and enhancements that result from the conditional approval process Evaluates terminal and card failure complaints to determine if type approval revocation is appropriate Communicates type approval status to the EMVCo secretariat for subsequent communication to all participating payment systems.

26 Type Approval Procedure - Version 4.3b Page 21 / 35 4 Type Approval Procedure The type approval procedure followed by IFM providers, laboratories, and EMVCo. Figure 4.1 shows the diagram of Type Approval procedure. Figure 4.1 Type approval Procedure

27 Type Approval Procedure - Version 4.3b Page 22 / Registration Registration provides the vendor with entry into the EMVCo approval process in order to make the application provider aware of all formalities that need to be finalized prior to submitting their final test report to EMVCo for approval. The registration process is composed of the following steps: The IFM provider submits a registration request to the EMVCo Type Approval Secretariat. Registration request document shall be send to the EMVCo Type Approval Secretariat in pdf format (unlocked to ensure that copy and paste of information are possible) electronically signed. Scanned copies are not allowed. The EMVCo Type Approval Secretariat will send to the vendor a response with the following: o o Contract between EMVCo and application provider Appropriate contact information Contract with EMVCo The IFM provider must execute the EMVCo defined contract before IFM test results are submitted to EMVCo for evaluation. This contract stipulates, amongst other provisions, the IFM Provider s acceptance of all specifications, procedures, terms and conditions governing EMVCo Level 1 Type Approval. The IFM provider must complete and sign the EMVCo defined contract before final test results are submitted to EMVCo for evaluation and possible approval. This contract governs the relationship between EMVCo and the IFM provider and includes the application provider s acceptance of all specifications, procedures, terms and conditions governing EMVCo Level 1 Type Approval. The EMVCo contract is available on EMVCo web site for download The contract is standard for all IFM providers to ensure consistent requirements for all participants. Contract customization for individual IFM providers is not possible.

28 Type Approval Procedure - Version 4.3b Page 23 / IFM Provider and Testing Laboratory Operations The following operations shall be performed by the IFM provider and by the testing laboratory in the type approval procedure: The IFM provider is free to select any EMVCo accredited laboratory for the purpose of achieving EMVCo type approval. The vendor and test laboratory shall execute a contract defining appropriate rights and obligations. At a minimum, the contract shall contain the requirements listed in the following section. IFM provider sends an Implementation Conformance Statement (ICS) to the chosen laboratory for each implementation under test (IUT) that it submits. The ICS format and content requirements are determined by EMVCo. The ICS submitted must be the ICS in pdf format, and shall be digitally signed by the IFM Provider at the time of submission to EMVCo. The laboratory supplies a copy of the vendor-supplied ICS to EMVCo for review prior to the start of the type approval testing process, digitally signed by the Application Vendor and by the Laboratory: o As result EMVCo provide an unique ICS Reference Number IFM provider and the test laboratory must discuss IFM software requirements in order for the test laboratory to execute the EMVCo type approval test. The testing laboratory shall test the terminal in accordance with EMVCo test procedures. Testing shall be performed in Laboratory premises with the complete solution samples located in these premises. The IFM provider prepares the Request For Approval form and submits it to EMVCo. EMVCo can then issue the invoice for the IFM provider. RFA can be send only after the ICS has been approved by EMVCo. IFM provider submits payment to EMVCo based on the received invoice. The testing laboratory shall send the final test report to the IFM provider for approval before official submission to EMVCo. When agreed by the IFM Provider, the laboratory shall submit the Test Report to EMVCo, and ensures IFM Provider has already submitted his completed Request For Approval form. Note: An Approved ICS is valid 6 month. If the related request for Approval is not submitted and the invoice is not paid within that period, all related documents to this approval request are no more valid (ICS, RFA, report) and a new process shall be restarted. Note that in this case the invoice is not be reimbursed. Note: If the test session has not started yet and the ICS already been approved, when a new EMVCo release of the ICS is published, then the ICS shall be resubmitted with new latest ICS version before laboratory can submit the report.

29 Type Approval Procedure - Version 4.3b Page 24 / Contract Requirements between Test Laboratories and Vendors EMVCo requires that the IFM provider and the testing laboratory enter into a type approval test contract that includes at least the following provisions: Any laboratory requirements needed for testing including any software application required interfacing with the laboratory test equipment. Within the EMVCo documents this is referred to as an Upper Tester. Reference to the contract between the IFM provider and EMVCo Agreement of mutual cooperation in providing needed information and assistance Lead time for the execution of the type approval tests Three samples are available for testing Arrangement for the preparation and delivery of samples Right to keep all samples for the duration of the test procedure Right to keep all approved samples for a period of 4 years after the conclusion of testing. Note: samples are retained for subsequent testing purposes and the IFM provider must provide the necessary support to the laboratory to ensure the IFM remains fully functional. Recognition that no infringement on the freedom of the testing laboratory will be allowed during or after testing Agreement on use of the test report Provisions for conflict resolution Maintaining the IFM sample at the laboratory during EMVCo evaluation of test results Type Approval Test Report The results of the level 1 type approval tests are combined in one signed report called the test report, which include, at a minimum, the following items: Identification of the testing laboratory Identification of IFM provider Identification of IFM sample Identification of any other vendor equipment (e.g.. terminal model) Implementation Conformance Statement Reference Number EMVCo specification/test case version used for test Identification of all laboratory testing equipment and software versions used during the tests Dates test were performed Description of the laboratory environmental conditions during testing The laboratory should maintain all test result logs for all test cases and they should be made available for EMVCo review as requested If vendor is submitting a test report with areas he recognizes has non-conformance for an approval with conditions, the vendor needs to describe these area s along

30 Type Approval Procedure - Version 4.3b Page 25 / 35 with rational as to why these non-conformance would not affect interoperability and a proposed plan to resolve the issues A summary test report including: o o o o The type approval tests that were executed with a pass or fail indication A detailed description from the test laboratory of failed tests including logs of the test results for each reported discrepancy in the failed test. A detailed description of any exception test(s) performed or equipment utilized and a description of related test results A detailed description of the IFM modifications that may be required for the purpose of executing the EMVCo test cases.

31 Type Approval Procedure - Version 4.3b Page 26 / IFM Provider Preparation for Approval Request The IFM provider determines whether test results resulting from laboratory testing will be submitted to EMVCo for evaluation. Submitting test results to EMVCo for evaluation indicates vendor acceptance that the test results are a true representation of IFM performance. Test results may be submitted to EMVCo for evaluation up to 90 days from the date they are generated by the laboratory. Test results that exceed the 90 day validity period have expired and cannot be submitted. IFM re-testing is required to create a current test report if the validity period is exceeded and EMVCo evaluation is desired. The vendor must ensure that the Implementation Under Test (IUT) samples associated with test results submitted to EMVCo for evaluation remain unaltered and accessible in a timely manner during the evaluation process. It is recommended that the IUT remain in the possession of the laboratory until EMVCo has approved or declined the request for approval.

32 Type Approval Procedure - Version 4.3b Page 27 / IFM Provider Dossier The dossier submitted to EMVCo will comprise: o o o o o A signed copy of the Implementation Conformance Statement (ICS), received from the testing laboratory Letter requesting approval (Request For Approval form) received from IFM Provider IFM provider payment The complete and unchanged Test Report received from the testing laboratory Any additional supporting documentation the vendor believes is appropriate

33 Type Approval Procedure - Version 4.3b Page 28 / EMVCo Review and Approval Upon receiving the dossier, EMVCo will: Review the submitted Test Report and determine if type approval should be granted Notify the IFM provider of type approval or denial. Issue Letter of Approval Provide notification of IFM type approval IFM LoA identifies: the approved IFM name and its two sub-sets: o IFM hardware name, o IFM firmware/software name, the Product type name in which it was tested, the EMV Specifications version against which it was tested, the Test Plan version against which it was tested, the renewal date. 4.6 Approval with Conditions EMVCo processes may allow an approval with conditions at the discretion of EMVCo for cases of minor non conformance that do not impact interoperability Compliance Time Frame All identified items of non conformance must be rectified according to the stipulated time frame stated in the terms and conditions associated with an Approval with Conditions.

34 Type Approval Procedure - Version 4.3b Page 29 / Type Approval Renewal Process Basic Policy An IFM approval is valid for 4 years. Every 4 years, EMVCo evaluates whether the product demonstrates sufficient conformance to the current EMV specification. If the evaluation result is positive then EMVCo gives an extension to the IFM Letter of Approval. After the renewal date, IFMs not passing renewal testing or Restricted Renewal evaluation will be removed from the approved IFMs list and their Letter of Approval will be considered revoked. Six months before the renewal date of their Application Kernel, EMVCo will send a notification letter to the vendors. Upon receipt of this letter, and prior to the renewal date, IFM providers may request their renewal by submitting the originally approved product to EMVCo for renewal testing. Note : IFM providers are not allowed to apply for renewal testing before receiving the notification letter.

35 Type Approval Procedure - Version 4.3b Page 30 / 35 Renewal Test Plan The set of the renewal test will be generated based on the newly added and/or modified test cases since the older test plan the IFM was tested against and the most current test plan at the time of testing, plus regression testing. The most current test plan reference is the version available at the time of the Type Approval test session. 6 months before the renewal date, IFM providers may submit the original sample to a Test Laboratory for Renewal Testing. The objective of Renewal testing is to ensure these products pass the most current EMVCo testing. By passing the renewal test, the product will receive an extension to the Letter of Approval. If the products fail to pass the renewal testing, it will be removed from the approved IFM list and their Letter of Approval will be considered revoked Restricted Renewal Policy EMVCo offers a process to allow IFMs to receive a Restricted Renewal if they fail full Renewal testing but pass all critical tests. IFMs which reach their Renewal date, but fail to pass full Renewal testing, can apply for a Restricted Renewal. Eligible products will be required to submit details of the Renewal test case failures to an EMVCo approved reviewer (listed on the EMVCo website) who will grade the test case failures as critical, medium or minor and enter the details into an assessment report. EMVCo will then review the report to determine whether a Restricted Renewal can be granted An acceptable report would result in the IFM being assigned a Restricted Renewal and listed as such on the EMVCo website in a dedicated list. Products not passing Renewal testing will be removed from the approved products list, and their Letter of Approval will be considered revoked. A product can receive only one extension (four years for IFMs) as a Restricted Renewal. Products must always be submitted for full Renewal testing prior to consideration for Restricted Renewal Level 1 renewal versus Level 2 renewal In a single submission for both level 1 IFM and level 2 Kernel renewal, when a Level 1 IFM fails the renewal testing and a Level 2 product passes the renewal testing, the Level 1 will be considered revoked and only the Level 2 product will be renewed. In a separate submission where If the original Level 1 IFM has failed the renewal testing, the kernel vendor has to transfer the same kernel code without modification or recompilation onto a new approved and valid IFM. The OS and the checksum have to be the same as the original product Labs for renewal testing The IFM provider may select to have a different laboratory to perform renewal testing. The IFM provider must make the necessary arrangements to have the originally approved IFM transported between laboratories. The vendor is responsible for incurring the costs associated with this transfer.