Working Groups

Card Approval Working Group

Develops card type approval processes and testing methodology for:

  • Contact Level 1 (electrical and protocol) as defined by EMVCo Specifications
  • Contact Level 2 (functional) as defined by EMVCo CCD and CPA Specifications
  • Contactless Level 1 (analog and digital) based on EMVCo Contactless Communications Protocol Specification

Additionally, accomplishes the following:

  • Defines, develops and maintains card type approval processes for CCD and CPA compliant cards, from registering Product Providers and evaluating product submissions to issuing Letters of Approval (LoA)
  • Defines, develops and maintains functional Level 2 testing methodology for CCD and CPA compliant cards
  • Defines, develops and maintains Level 1 testing methodology for EMV based contact and contactless cards, including but not limited to CCD and CPA compliant cards
  • Defines the qualification requirements and qualifies test tools implementing EMVCo testing methodology for Level 2 CCD/CPA, Level 1 contact and contactless cards
  • Defines the accreditation requirements and accredits test laboratories and auditors performing EMVCo testing for Level 2 CCD/CPA, Level 1 contact and contactless cards
  • Evaluates and type approves CCD and CPA cards on an on-going basis
  • Responds to card type approval and card testing related queries and issues

Interoperability Working Group

  • Researches and analyses reported issues and manages resolution to appropriate EMVCo working group or payment system
  • Proactively leads EMVCo working groups to resolve and prevent recurrence of interoperability issues by suggesting and endorsing changes
  • Reviews/approves resolution plans (e.g. spec change, test case updates, temporary workaround) and monitor progress of EMVCo changes and field resolution
  • Communicates to the industry regarding known field issues by publishing the IWG Issues List and Best Practice documents
  • Responds to interoperability-related queries received via the website
  • Develops and implements processes related to the support of interoperability as defined by the Board of Managers

Level 1 Working Group

  • Maintain existing EMV Level 1 specifications for both contact and contactless
  • Maintain and enhance the Level 1 specifications for contact (Book 1) and contactless (Book D)
  • Provide and maintain the minimal Level 1 interoperability requirements for contact and contactless applications
  • Respond to Level 1 specification-related queries
  • Publish ongoing bulletins, errata and application notes when required
  • Potentially take on Level 1 related work items assigned by the Next Gen Task-Force

Level 2 Working Group

  • Maintain existing EMV Level 2 specifications for both contact and contactless
  • Maintain and enhance the Level 2 specifications for contact chip (Application Selection, Books 3, 4) and contactless (Books A, B and C’s)
  • Maintain the CPA specifications
  • Maintenance of the 'Recommendations for EMV Processing for Industry-Specific Transaction Types' document
  • Provide and maintain the minimal Level 2 interoperability requirements for contact and contactless applications
  • Respond to Level 2 specification-related queries
  • Publish ongoing bulletins, errata and application notes when required
  • Potentially take on Level 2 related work items assigned by the Next Gen Task-Force

Mobile Payments Working Group

  • Focuses on addressing and resolving technical infrastructure issues associated with enabling contactless mobile payments (CMP), determining best practices and supporting documentation
  • Take a collaborative approach to standardization efforts.  Liaise, on behalf of the payments industry, with other industry groups and market forces in CMP standardisation efforts
    • Priorities and identified those requirements, standards, specifications and processes that:
      1. Are within domain of other related standards groups; (this drives high priority liaison efforts)
      2. Are in need of development by the MPWG and that would complement its liaison activities
    • Provide the contactless mobile payments community with appropriate guidance in developing various parts of the mobile payment infrastructure (from the payment industry perspective)

Security Working Group

  • Supports and maintains elements of the specifications and guidelines related to security, primarily EMVCo Specification Book 2 as well as the security-related portions of Book 3 and Book 4.  This includes assessing emerging threats and vulnerabilities as related to the specification.
  • Conducts an annual risk assessment regarding the strength of the RSA key lengths, which results in the annual RSA key length review bulletin. 
  • Assesses other cryptographic algorithms include hashing algorithms, elliptic curve cryptography (ECC), Triple DES, and AES.
  • Responds to security-related queries received via the website.
  • Implements policy related to the above areas as defined by the Board of Managers.
  • Manages queries related to the Card Personalization Specification.

Security Evaluation Working Group

For Integrated Circuit (IC), Common Payment Application (CPA), Common Core Definition (CCD), and Platform (IC + OS) products:

  • Defines security evaluation policy & procedures
  • Maintains and enhances the security evaluation process, which includes vendor relations, security lab recognition program, review of security evaluations,  product approval, and listing/delisting of products
  • Defines and maintain security guidelines, which includes
    • Assessing emerging threats and vulnerabilities
    • Supporting the work of JIL Hardware Attacks Subgroup (JHAS)
  • Responds to security-related queries received via the website

Terminal Approval Working Group

Develops terminal approval processes and testing methodology for the following:

  • Contact Level 1 (electrical and protocol) as defined by EMVCo Specifications
  • Contact Level 2 (functional) as defined by EMVCo Specifications
  • Contactless Level 1 (analog and digital) based on EMVCo Contactless Communications Protocol  Specification
  • Contactless Level 2 (Entry Point & Application) based on EMVCo Contactless Specification

Additionally, accomplishes the following:

  • Defines and implements test plans based on the EMV specifications
  • Defines Tool qualification processes
  • Qualifies test tools implementing EMVCo test cases
  • Defines EMVCo Terminal Approval administrative processes
  • Defines laboratory accreditation process
  • Defines Auditor qualification process
  • Accredits & monitor laboratories implementing EMVCo processes
  • Manages the TAWG secretariat, Vendor’s contract signature and the issuance of the Letter of Approval (LoA)
  • Monitors the operational activity and manage its test process & tool updates
  • Identifies and implement Terminal Approval process improvements
  • Responds to terminal  type approval related queries and issues
  • Liaises with other working group to better standardize processes