This summary describes the standard process for the approval of a new CPA product. Specific processes may apply for a product change, a derivative product submission, or a product renewal. These additional processes are described in the administrative process.
Obtain the detailed CPA Administrative process
Obtain the card type approval update bulletins
Obtain the detailed Security Evaluation process
Obtain the CPA reference specification and bulletins
Obtain the CPS reference specification
Obtain the specification bulletins
Step 1: Registration
The Integrated Circuit (IC) provider and the product provider shall:
- fill out the Registration form
- download and submit a Business Review form to EMVCo.
Once EMVCo receives and accepts the forms, the IC and product provider will receive a contract. Once the contract is signed, EMVCo will assign both a registration number and a product provider registration number. Registration is a one-time process.
Obtain the Business Review Form
Step 2: Product Declaration
The product provider shall select a laboratory and execute bilateral, required agreements and contracts. The product provider shall complete an Implementation Conformance Statement (ICS) document in which it provides detailed information about the product and supported features. The laboratory will validate and submit the ICS to EMVCo for verification.
The product provider shall also select a laboratory to perform a Security Evaluation of the card product.
Obtain the CPA ICS Form
Obtain the list of EMV® accredited laboratories for CPA testing
Obtain the list of EMV® accredited laboratories for card security evaluation
Step 3: Product Validation
Once EMVCo has accepted the ICS, CCD Level 1 and CCD and CPA Level 2 testing may be performed. The test results are documented in test reports that are submitted by the laboratory to the product provider. The security evaluation of the card product is also performed, with results being sent to the product provider.
Obtain the CPA Card Images Requirement Specification
Obtain the activation and deactivation date of the test cases
Step 4 (conditional): Audit the Additional CPA Functionalities
If the CPA product also supports additional CPA functionalities, the product provider shall select an EMVCo-qualified auditor, which will perform an evaluation to determine that (1) the additional CPA functionalities are correctly implemented and (2) they do not impact the CPA behavior.
Obtain the list of EMV® accredited auditor for CPA
Obtain the Request for Additional CPA Functions Review
Step 5: Product Approval
Upon receipt of the test reports from the laboratory, the product provider decides if it will submit the product to EMVCo for approval. Assuming so, the product provider shall complete a Request for Approval form and ask the laboratory to send the test reports and the card security evaluation report to EMVCo. EMVCo will grant a Letter of Approval (LOA) when a test report demonstrates sufficient product conformance. Applicable fees must be paid before the LOA is granted.
Obtain the CPA Request for Approval Form