top of page
Writer's pictureUtkarsh Parhate

EMV Certification Levels and Problem Solving Methodologies

In my previous article, I've discussed the fundamentals of an EMV transaction and how we can differentiate between the risk assessment that happens for Magnetic stripe card Vs a traditional EMV chip transaction. When it comes to making a EMV compliant device readily available in the market, certification is essential. The card brands are supposed to provide certification letters to the acquirers so that they can provide EMV compliant services to their merchants/ customers. The end to end EMV testing is divided into 3 levels.


  • Levels 1 and 2 are handled by EMVCo

  • These are hardware and software levels that deal with certifying payment equipment

  • Each certification is meant to ensure not only the security of the device, but also interoperability standards between brands, customer verification methods (CVMs) and other aspects of EMV deployment

  • This also applies to apps that are designed to facilitate EMV adoption


In contrast to hardware and software, Level 3 is an end-to-end certification conducted between the merchant and the brand and has to happen at the payment processing organization that provides services to their merchant/customers. From here on the article will predominantly focused on the problems that one can encounter while performing Level 3 EMV brand certification.

Connection Diagram of an L3 contact and contactless certification setup with BTT



Host validation of Data Element 61 Sub Field 11:


Problem Statement: Expected and actual values in Data Element 61 Sub Field 11 (Terminal Input Capability Indicator) does not match leading to host log failure for following test cases. M-TIP02.Test.01.Scenario.04

M-TIP02.Test.01.Scenario.05

M-TIP04.Test.01.Scenario.01


Technical Description: In 0100/0200 message, DE 61 SF 11 (Terminal Input Capability Indicator) = 3, 5, 8 or 9 Property: COMMON.CONTACT_SUPPORTED

Operator: ==

Received: 1

Expected: 9


Root Cause Analysis and Conclusion: This was a GSTP build sync issues that did not match the latest upgrade version of UL Collis TSE 240 build. After a project refresh, the issues was resolved upon retesting.


Data discrepancy - ARQC and DE 55 Tag 9F36:


Problem Statement: Expected and actual values in ARQC and DE 55 Tag 9F36 does not match leading to host log failure for below test case.

Test Case Name : M-TIP06.Test.05.Scenario.01

In the Mastercard Simulator, the ARQC is successfully validated


Property: COMMON.ARQC_VALID Operator: ==

Received:

Expected: 01


Technical Description: In 0100/0200 message, DE 55 Tag 9F36 (Application Transaction Counter) = 0027

Property: COMMON.ICC_REQUEST_DATA:TAG.9F36

Operator: ==

Received:

Expected: 00 27


Root Cause Analysis and Conclusion: This was an upgrade deficiency problem from UL side that did not handle reversal transactions as expected. Upon further investigation and ticket submission to UL, this issue was resolved upon retesting with latest UL update.



Host and Card log Failures due to inappropriate field data:


Problem Statement: Expected and actual values Data Element DE 55, 41, 37 and 35 does not match leading to host and card log failure for below test case. Test Case Name : M-TIP50.Test.01.Scenario.01


Technical Description: List of Failed Host log validations.

In 0100/0200 message,

DE 55 - Tag 9F33 (Terminal Capabilities) = PDOL Data - Tag 9F33 from GPO

DE 55 - Tag 9F1A (Terminal Country Code) = PDOL Data - Tag 9F1A from GPO


List of Failed Host log validations

In 0100/0200 message,

DE 55 - Tag 9F34 (CVM Results) is present - In 0100/0200 message,

DE 55 Tag 84 (Dedicated File Name) = In 0100/0200 message,

DE 55 - Tag 9F27 (Cryptogram Information Data) =

DE 41 (Card Acceptor Terminal ID) is present In 0100/0200 message,

DE 37 (Retrieval Reference Number) is present

DE 35 (Track 2 Data) is like


Root Cause Analysis and Conclusion: Transaction was sent to a different host - GSAP in order to pass the network validations. Transaction was declined in Cert Mode and corporate validate the MAS logs to confirm if data looks good in the simulator.


On an average, there are about 700 test transactions that should pass in pre-cert and cert environment. The letters are important in order to proceed with production deployment and readiness for EMV compliant devices in the marketplace.

4 views0 comments

Recent Posts

See All

Comentarios


bottom of page