Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
HISTORICAL ARCHIVE · Originally published August 28, 2020
Archive

Understanding EMV certification In Public Transportation

A practical look at EMV certification in public transport — which certifications apply, the roles of acquirer, scheme, terminal vendor, and transit authority, and the typical timeline from prototype to revenue service.

TransitSmart Cards

This is an earlier piece from the AmbiSecure engineering archive. Where the field has moved on, the link above points to current coverage of the same topic.

EMV Certification

EMV in transit is not a single certification. The scope depends on which acceptance model the operator picks, which schemes are accepted, and where the merchant boundary sits. This article walks through the applicable certifications, the roles of acquirer / scheme / terminal vendor / transit authority, and the realistic timelines from prototype to revenue service.

"EMV is designed to significantly improve the security for consumer card payments by providing enabling features for reducing fraudulent payment."

Four Key EMV Features

  1. Authentication of chip cards to prevent counterfeit fraud
  2. Risk management parameters defining conditions for chip card usage
  3. Digital signing of payment data for transaction integrity
  4. Enhanced cardholder verification against loss and theft

The Evolution of the EMV Specifications

The specifications began in 1994 through collaboration between Europay, MasterCard, and Visa. JCB joined in 2004, and American Express in 2009. Version EMV '96 was released in 1996, with production version 3.1.1 in 1998. The current version is 4.2 from 2008.

Three levels of EMV certification

  • Level 1 — Hardware: "The physical terminal, logic, and transmission of payments are tested."
  • Level 2 — Software Kernel: "The software written to facilitate the transfer of payment information is tested."
  • Level 3 — Application: "Each card brand is tested against the entire processing solution."

EMVCo, composed of six member organizations, manages specifications and certifies Levels 1 and 2 only.

About Ambimat Electronics

Close to 4 decades of design experience as a solution provider for payment products and IoT development across smartwatches, smart homes, medical devices, robotics, retail, and security.

Looking for the current take?

This archive piece reflects thinking from August 28, 2020. For a current-generation treatment of the same topic, see our modern coverage.

Read the current article

Related historical reading

ePassport and How will chip-based e-Passports work

How chip-based ePassports work in practice — the BAC / PACE access protocols, the CSCA / DSC / PKD trust chain, and the role of the secure element inside the document.

Read article →

ePassport and Its Application

How biometric passports work in practice — chip-based identity, border-control architecture, and the standards stack that keeps the issuer chain trustworthy.

Read article →

An Introduction to Java Card Technology

An introduction to JavaCard — how Java-based applets run securely on smart cards and other small-memory secure elements, why the JavaCard runtime model exists, and what it enables for FIDO, PIV, and ePassport applets.

Read article →

Browse more historical AmbiSecure writing.

The full archive lists everything we have published, with the modern-equivalent counterpart linked wherever one exists.

Open archive