EMV is a standard for interoperation of IC cards (“chip cards”) and IC capable POS terminals and ATMs, for authenticating credit and debit card transactions. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies that originally cooperated to develop the standard.
The first version of EMV standard was published in 1995. Now the standard is defined and managed by the public corporation EMVCo LLC. The current members of EMVCo are JCB International, American Express, MasterCard Worldwide, and Visa, Inc. Each of these organizations owns one quarter of EMVCo and has representatives in the EMVCo organization and EMVCo working groups.
The EMV 4.2 specifications has four (4) books namely (a) Book 1 – Application Independent ICC to Terminal Interface Requirements (b) Book 2 – Security and Key Management (c) Book 3 – Application Specification (d) Book 4 – Cardholder, Attendant, and Acquirer Interface Requirements.
Membership of the EMVco spans a variety of categories from the recently launched EMVco Associate Programme which comprises (a) Business Associates and (b) Technical Associate. EMVco subscribers typically are abreast of happenings in the working group before the general public but are required to pay an annual subscription, they also have the added advantage of direct access with EMVco to solicit support or receive guidelines with technical issues.
How to achieve EMV compliance
Recognition of compliance with the EMV standard (i.e. device certification) is issued by EMVCo following submission of results of testing performed by an accredited testing house some of which are Radio Frequency Investigation Limited, RFI (United Kingdom), TUV Product Service Limited (United Kingdom), Beijing Unionpay Card technology Co, amongst other companies/laboratories world-wide.
EMV Compliance testing has two levels: EMV Level 1, which covers physical, electrical and transport level interfaces, andEMV Level 2, which covers payment application selection and credit financial transaction processing.
After passing common EMVCo tests, the software must be certified by payment brands to comply with proprietary EMV implementations such as VISA VSDC, American Express AEIPS, MasterCard MChip, JCB JSmart, or EMV-compliant implementations of non-EMVCo members such as LINK in the UK, or Interac in Canada.
The EMVCo standards have been integrated into the broader electronic payment security standards being developed by the Secure POS Vendor Alliance, with a specific effort to develop a common interpretation of EMVCo’s place relative to, and interactions with, other existing security standards, such as PCI-DSS.