EMV in a Nutshell: EMV Contact Reference Books

This is the third part of the EMV series. If you start with this blog I recommend you to read the previous parts first.

What is EMV?

EMV in a Nutshell: Agreements

Today’s digital age, EMV is the norm for transactions. The EMV standard is a technical specification that ensures secure and efficient transactions between payment cards and terminals. Within the EMV standard, four books determine how the card operates, depending on the card issuer’s requirements. In this blog post, we’ll dive into the four EMV books from a card-issuing perspective.

Photo by ron dyar on Unsplash

“Book 1”: Application Independent ICC to Terminal Interface Requirements

“Book 1”, is a technical document that outlines the standards and specifications for the interaction between integrated circuit cards (ICCs) and terminals in payment systems. These standards have been developed by EMVCo.

The main purpose of these specifications is to ensure global interoperability and security for payment transactions using ICCs, commonly referred to as chip cards or smart cards. Book 1 focuses on the requirements and guidelines for both the hardware and software aspects of the ICC-terminal interface. It covers various topics, including:

1. Introduction: Overview of the document’s purpose, scope, and intended audience.
2. References: A list of other relevant documents and standards that the specifications are based on or refer to.
3. Terminology and definitions: Clarification of terms and concepts used throughout the document.
4. ICC and terminal: Descriptions of the structure, components, and functions of ICCs and terminals.
5. Transaction process: A step-by-step guide to the transaction flow, from card insertion to final authorization.
6. Data elements: Definitions of data elements used in the transaction process, including their format, length, and usage.
7. Commands and responses: Descriptions of the various commands and responses exchanged between the ICC and terminal during a transaction, as well as their expected behavior.
8. Security: Guidelines for ensuring the security of payment transactions, including cryptographic algorithms, key management, and secure messaging.

The document is intended for payment system stakeholders, such as card issuers, terminal manufacturers, and software developers, who need to ensure their systems comply with these global standards. By adhering to these specifications, stakeholders can provide customers with a secure and seamless payment experience, regardless of the card brand or geographical location.

“Book 2”: Security and Key Management

“Book 2” focuses on the security of the payment card. It defines the encryption and decryption algorithms, as well as the key management process. This book ensures that payment card data is secure and protected from fraud and hacking attempts.

From a card issuer’s perspective, Book 2 is critical because it ensures that the payment card data is protected from unauthorized access. This allows the card issuer to issue cards that are secure and comply with the EMV standard, reducing the risk of fraud and data breaches. The document addresses a range of subjects, such as:

1. Introduction: An overview of the document’s purpose, scope, and target audience.
2. References: A list of other relevant documents and standards referred to or on which the specifications are based.
3. Terminology and definitions: Clarification of terms and concepts used throughout the document.
4. Security architecture: A description of the security components, including the ICC, terminal, and other entities involved in secure payment transactions.
5. Security requirements: Detailed information on the security measures and processes that must be in place to protect payment transaction data and prevent fraud.
6. Key management: Guidelines and recommendations for the generation, storage, distribution, and use of cryptographic keys to ensure secure communication between the ICC and terminal.
7. Cryptographic algorithms: Specifications of the cryptographic algorithms used in ICC-based payment systems, such as encryption, decryption, digital signatures, and secure messaging.
8. Certification and compliance: Information on the certification process for ICCs, terminals, and other components of the payment system to ensure they meet the required security standards.

Book 2 is intended for stakeholders in payment systems, including card issuers, terminal manufacturers, software developers, and security experts. By adhering to these specifications, they can ensure that their payment systems offer robust security and protect sensitive transaction data, thus providing customers with a secure and reliable payment experience worldwide.

“Book 3": Application Specification

“Book 3" defines the data elements and processing rules for each payment application. It includes information about the card issuer, the cardholder, and the transaction details. This book ensures that the payment card can be used for different types of transactions and that the processing rules are consistent across all transactions.

From a card issuer’s perspective, Book 3 is essential because it ensures that the payment card can be used for various transactions, such as debit, credit, or prepaid. It also allows the card issuer to customize the payment card’s processing rules according to their requirements, such as transaction limits or transaction types.

Book 3 delves into the details of application development and configuration for ICC-based payment systems, addressing several key topics, including:

1. Introduction: A brief overview of the document’s purpose, scope, and intended audience.
2. References: A list of related documents and standards that the specifications draw from or refer to.
3. Terminology and definitions: Explanation of terms and concepts used throughout the document.
4. Application selection: Guidelines for selecting the appropriate payment application on the ICC when multiple applications are present.
5. Data elements: An in-depth look at the data elements involved in payment transactions, including their format, length, and purpose.
6. Application processing: Detailed information on the processes and steps involved in executing a payment transaction, such as cardholder verification, risk management, and transaction authorization.
7. Commands and responses: Specifications for the various commands and responses exchanged between the ICC and the terminal during the transaction process, along with their expected behavior.
8. Exception handling: Procedures for managing and resolving unexpected situations or errors that may occur during the transaction process.

Book 3 is primarily targeted at payment system stakeholders like card issuers, terminal manufacturers, software developers, and application developers. By following these specifications, stakeholders can ensure that their payment applications are globally interoperable, secure, and provide a consistent experience for customers, regardless of the card brand or geographical location.

“Book 4”: Cardholder, Attendant, and Acquirer Interface Requirements

“Book 4” defines the interface requirements between the payment card, the cardholder, the attendant, and the acquirer. It includes information about the user interface, such as the cardholder’s PIN entry, the transaction receipt, and the error messages. This book ensures that the payment card can be used by different types of users and that the user interface is consistent across all transactions.

From the perspective of a card issuer, EMV Integrated Circuit Card Specifications for Payment Systems, Book 4: Cardholder, Attendant, and Acquirer Interface Requirements, is an essential resource that helps ensure a seamless and secure user experience for cardholders in ICC-based payment transactions. By following the guidelines and requirements outlined in the document, card issuers can effectively design and implement user-friendly interfaces for cardholders, attendants, and acquirers. This facilitates efficient communication, error handling, and transaction processing, ultimately resulting in increased customer satisfaction, reduced fraud, and improved global interoperability for their card products, regardless of brand or location.

Book 4 focuses on the interface requirements and procedures for all parties involved in an ICC-based payment transaction. The document covers several essential topics, including:

1. Introduction: A brief overview of the document’s purpose, scope, and intended audience.
2. References: A list of related documents and standards that the specifications draw from or refer to.
3. Terminology and definitions: Explanation of terms and concepts used throughout the document.
4. Cardholder interface: Guidelines and requirements for the design and functionality of the cardholder interface, such as user prompts, display messages, and input methods.
5. Attendant interface: Specifications for the interaction between attendants (e.g., cashiers or customer service representatives) and the payment system, including transaction processing and exception handling.
6. Acquirer interface: Requirements and procedures for communication between the payment terminal and the acquirer’s system, including transaction authorization, clearing, and settlement.
7. Data elements: An overview of the data elements involved in payment transactions, including their format, length, and usage in various interfaces.
8. Error handling and recovery: Procedures for managing and resolving errors or unexpected situations that may occur during the transaction process.

Book 4 is intended for payment system stakeholders such as card issuers, acquirers, terminal manufacturers, and software developers. By adhering to these specifications, stakeholders can ensure that their payment systems offer a consistent, user-friendly, and secure experience for cardholders, attendants, and acquirers, regardless of the card brand or geographical location.