EMVCo has published a new EMV® Specification to standardise contactless kernels, the software that point-of-sale terminals and ATMs use to process contactless transactions. This creates opportunities for merchants, solution providers and payment systems to reduce costs, and improve roll-out speed and time to market. Here’s a look at 4 key features of the EMV Contactless Kernel Specification.
1. It works within the existing terminal architecture.
What this means:
- There are more than 20 kernels used to support the processing of contactless transactions globally. The EMV Contactless Kernel Specification supports the development of a kernel that can co-exist with these kernels in existing payment acceptance terminals and readers.
Bottom line:
- Terminal manufacturers and merchants may not need to replace terminals to use the EMV contactless kernel. It is just a new piece of software that can run on existing merchant point-of-sale terminals. It doesn’t change how contactless transactions work today, or the consumer experience. As the industry transitions to using an EMV contactless kernel, existing kernels and cards will work as they do today until they are replaced.
2. It uses state-of-the art cryptography.
What this means:
- The EMV Contactless Kernel Specification takes advantage of the latest in cryptography to protect sensitive information without impacting transaction speed.
- For public key cryptography, it introduces Elliptic Curve Cryptography (ECC). ECC provides higher levels of security with smaller key sizes than RSA, which is important to supporting contactless payments moving forward.
- It introduces Advanced Encryption Standard (AES). AES combined with ECC creates a secure channel between the card and terminal. It protects sensitive data from eavesdropping and data alteration – the so-called Man-In-The-Middle attack.
Bottom line:
- This is a significant step forward in security, which offers greater protection for contactless transactions, now and in the future.
3. It supports cloud operations.
What this means:
- There are different steps involved in the processing of contactless transactions. When contactless was first developed, software on the terminal did all the processing, but technology and card capabilities has advanced since then.
- Over time, other configurations appeared, and kernel processing was split between a local terminal client and a cloud server. For example, a mobile device could be used as a reader and the kernel and terminal software could sit in a cloud server.
- By delegating some of the processing functions to the card itself, the EMV contactless kernel simplifies processing to be split across locations to support different types of implementations, such as cloud and mobile point-of-sale (mPOS), or TapToMobile.
Bottom line:
- The kernel can handle split architectures and split processing with the same transaction speed as existing terminals. This creates opportunities for innovation and efficiency. Software developers and terminal manufacturers can design the kernel and terminal infrastructure that best supports their implementations needs.
4. It is available royalty-free.
What this means:
- Like the EMV Contact Chip Specification, the EMV Contactless Kernel Specification is owned and managed by EMVCo and licensed by EMVCo royalty-free.
Bottom line:
- The specification is available for anyone in the industry to use, including proprietary and domestic payment networks.