- What is the relationship between the EMV Specifications and ISO/IEC 7816 standards? What differences are there, and why do they exist?
The EMV Specifications are based on, and are a subset of, the requirements in the ISO/IEC 7816 series of standards. However, ISO/IEC 7816 is a series of standards rather than an implementation oriented specification such as EMV, and a terminal supporting all of its requirements would be quite complex.
The EMV Specifications should be read in conjunction with the ISO/IEC 7816 standards. However, if any of the provisions or definitions in the EMV Specifications differ from the ISO/IEC standards, the EMV Specifications shall take precedence.
More specifically, ISO/IEC 7816-3 specifies the card/terminal interface, whereas EMV specifies the card and terminal requirements separately - this makes a direct comparison of the two documents difficult and not always meaningful.
From a terminal manufacturer's point of view, a comparison of the requirements in EMV Book 1 with the ISO/IEC 7816-3 standard should reveal the differences that need to be taken into account by the design. EMVCo does not have such a comparison available.
With regards to ISO/IEC 7816-4, which specifies the organization, security and commands for interchange, the EMV Specifications use some of the commands specified, but not all options are necessarily supported. In addition to the ISO/IEC 7816-4 defined commands, EMV has also defined additional commands that must be supported by cards and terminals.
- How often are the EMV Specifications reviewed and updated?
Generally, the EMV Specifications are not reviewed on a fixed timescale. However, between releases, the specifications are reviewed and as a result bulletins may be issued to deal with technical errors found or to clarify ambiguities. The bulletins are all available from the EMVCo web site.
- What is the purpose of the EMV Specifications?
The purpose of the EMV Specifications is to facilitate worldwide interoperability between the card and the terminal for contact chip payment transactions. The Specification describes mandatory and optional terminal behavior and the interface between the terminal and cards. Card functionality beyond this card-terminal interface is not described in the Specification. Supplemental specifications from the Payment Systems (or from EMVCo for Common Payment Application cards) provide requirements for internal card processing of the transaction. These card specification and additional vendor requirements are required along with the EMV Specification to build a complete card. Additional terminal specifications are also needed for a complete terminal design to cover areas that are unrelated to the card-terminal interface such as the terminal to host interface.
- What other documents should I be aware of besides the EMV Specifications?
The EMV Specifications are now very stable documents. However, from time-to-time changes are required in order to correct errors, add new functionality, or to clarify the existing requirements. These changes are introduced via publications in the Bulletins section of the EMVCo Website.
Up to January 2009, the following types of Bulletins were published:
Application Notes: These are intended to clarify areas of the Specifications that have given rise to questions in the past. In some cases, they contain proposals for additional or improved wording that will be included in future versions of the Specifications.
Specification Update Bulletins: These introduce changes to the Specifications that are required to correct errors or to introduce new functionality. Details of the changes to be made to the Specifications are included. The timescales for the effective date of these changes and the related type approval testing availability are also included. If a migration schedule for introduction of the changes is required, this schedule is usually published separately and referenced in the SU Bulletin.
As of January 2009 Application Notes and Specification Update Bulletins are grouped together on the web site and called Specification Bulletins. The listing on the website will also identify whether the Specification Bulletin is intended to clarify or change the specification.
Draft Specification Bulletins (Subscribers-only): Prior to final publication, draft versions of Specification Bulletins that change the specification will normally be posted on the EMVCo Subscriber website for a comment period. This allows implementers and others to express their concerns about the changes prior to the changes being finalized.
Other specifications on the EMV web site include:
- The EMV Common Payment Application Specification and related bulletins
- The EMV Card Personalization Specification
- EMV Contactless Specifications for Payment Systems Entry Point Specification
- EMV Contactless Communication Protocol Specification and related test equipment specifications
In addition, the EMVCo web site contains documents providing guidance for issuers and acquirers including the following (some documents may only be available to EMVCo Subscribers):
- EMV Issuer and Application Security Guidelines
- Recommendations for EMV Processing for Industry-Specific Transaction Types
- Optimising Contact Chip Transaction Times
- EMV Framework for Contactless Evolution
- EMV Interoperability Best Practices