What is the L2 kernel certification process for Cloud Kernel ?
EMVCo defines the Cloud kernel certification as below.
In recognition that new type of devices are designed such as Cloud based solution or Merchant Server Solution and therefore application kernels are split over multiple devices, EMVCo has revised its type approval testing process to accommodate Split Application Kernel test submission.
ICS Identification of the various sub components of the Split Application Kernel and its location within the devices is the most crucial part of the Split Kernel submission.
All parts of the Split Application Kernel and the devices supporting these parts shall be clearly referenced in section IIa of the ICS with for each parts its checksum.
As for the other kernels (non split kernel), the devices needed for the solution but which are transparent shall be described (such as transparent PIN pad, transparent mobile, etc) in the ICS in the appropriate section.
Each checksum value shall be easily retrievable from each sub component for verification purpose during type approval (as per Appendix B rules).
As each part of the Split Application Kernel as its own checksum, an overall kernel checksum is not required.
Test Report provided by the Laboratory shall contain a clear technical description of the solution containing the split application kernel:
- All device/components and their relationship
- Preferably with a figure of the solution
Is a new L2 kernel certification required for new hardwares of mobile phone O.Ss ?
In case the vendor would like to change physically one of the sub components containing a part of the split kernel, resubmission of the whole device will be required.
The following rules will be applied to approve application kernels, submitted to EMVCo for testing as result of changing a sub component in the device:
- The changed sub component is identified in the ICS submitted
- The whole device with changed physical sub component is tested by the Laboratory with Regression template,
- Newly submitted device will also be retained by the laboratory for a period of the LoA validity + 1 year
Is the L1 certification required on the mobile phone ?
Mobile Level 1 approval is granted to a mobile product that supports NFC-based payment (e.g. mobile phones used for proximity payment). The Mobile Level 1 approval process attests the compliance of the mobile device to the EMV® Contactless Communication Protocol Specification. It also evaluates the extent to which the mobile device impacts transaction time and verifies how well the mobile device interoperates with real payment terminals.https://www.emvco.com/processes-forms/product-approval/mobile/level1/
How is Secure PIN entry handled on the mobile phone ?
Software-based PIN Entry on COTS (SPoC) Solution. This solution is provided by third party apps where Fairbit solution integrates.https://www.pcisecuritystandards.org/documents/SPoC_ProgramGuide_v1.0_April_2018.pdf
Can Consumer Device CVM be an alternative to PIN entry on the mobile phone ?
Yes it can. As per recent search by PYMNTS.COM, share of sales with ApplePay and other wallets (i.e Wallmart Pay) is on the rise.
As of 2019 year, 34.2% of U.S adults have eligible devices to perform an ApplePay transactions. With other mobile wallets (SamsungPay, AndroidPay), this rate should be around 50%.
As of 2019 year, 51% of sales from merchant locations are eligible to accept ApplePay or WalmartPay. This rate is on rise as of 2020 and especially after COVID.
So, based on these trends, we can estimate that as of 2021-2022 years, we will have 60-70% of US adults have the capability to use Consumer Device CD CVM for the transactions, and 70-80% of merchants will have the capability these transactions.
Can Apple Phones accept payment ?
Apple has tight control over the device’s NFC technology that’s used for contactless payments. So third party apps don’t have access to the NFC interface on the Apple phones.