EMVCo White Paper on Contactless Mobile Payment 20110921111857912

© 2011 EMVCo, LLC (“EMVCo”). All rights reserved. Any and all uses of the EMV Specifications (“Materials”) shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at http://www.emvco.com/specifications.aspx.

EMV®*

Contactless Mobile Payment

EMVCo White Paper on Contactless Mobile Payment

Version 2.0 September 2011

* EMV is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo.

© 2011 EMVCo, LLC (“EMVCo”). All rights reserved. Any and all uses of the EMV Specifications (“Materials”) shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at http://www.emvco.com/specifications.aspx.

EMV Contactless Mobile Payment

EMVCo White Paper on Contactless Mobile Payment

Version 2.0 September 2011

EMV Contactless Mobile Payment EMVCo White Paper on Contactless Mobile Payment


September 2011 v 2.0 Page iii © 2011 EMVCo, LLC (“EMVCo”). All rights reserved. Any and all uses of the EMV Specifications (“Materials”) shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at

http://www.emvco.com/specifications.aspx.

Contents 1 Executive Summary............................................................................................. 1

2 References ........................................................................................................... 3

3 Contactless Mobile Payment Overview ............................................................. 5

3.1 History ........................................................................................................... 5

3.2 Meeting These Goals .................................................................................... 6

3.3 Principles ...................................................................................................... 9

4 EMVCo Technical Work and Perspective ........................................................ 11

4.1 Contactless Mobile Payment Applications .................................................. 11

4.2 Application Choice and Activation .............................................................. 11

4.3 CMP Application Lifecycle .......................................................................... 12

4.4 Payment Terminals Supporting Contactless Mobile Payment .................... 12

4.5 Secure Elements ........................................................................................ 13

4.6 Personalisation and Provisioning of CMP Applications .............................. 14

4.7 Contactless Communication Modules ........................................................ 15

4.8 Mobile Device Requirements to Support CMP ........................................... 15

5 Type Approval .................................................................................................... 17

5.2 Mobile Handsets ......................................................................................... 17

5.3 Secure Elements ........................................................................................ 18

5.3.1 Security Evaluation ......................................................................... 18 5.3.2 Functional Evaluation ...................................................................... 18

5.4 CMP Applications ....................................................................................... 19

5.5 Contactless Mobile Payment Terminal Approval ........................................ 19

6 Looking Forward ................................................................................................ 21

Annex A Summary of Contactless Mobile Payment Areas .............................. 23

Annex B Frequently Asked Questions ............................................................... 25

Annex C Actions Taken in Response to Areas Defined in the Technical Issues and Position Paper ................................................. 27

Annex D Glossary ................................................................................................ 35


Page iv v 2.0 September 2011 © 2011 EMVCo, LLC (“EMVCo”). All rights reserved. Any and all uses of the EMV Specifications (“Materials”) shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at


Figures Figure 1 – Simplified Architecture and Areas of Interest ............................................. 8Figure 2 – Simplified Provisioning Architecture ......................................................... 14

Tables Table 1 – Areas Addressed by EMVCo and Other Specification Bodies................... 23 Table 2 – Frequently Asked Questions ..................................................................... 25 Table 3 – EMVCo Actions Based on Areas of Work Identified in

Technical Issues and Position Paper ......................................................... 27


September 2011 v 2.0 Page 1 © 2011 EMVCo, LLC (“EMVCo”). All rights reserved. Any and all uses of the EMV Specifications (“Materials”) shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at


1 Executive Summary

In 2007 EMVCo published two white papers. The first paper, The Role and Scope of EMVCo in Standardising the Mobile Payments Infrastructure (1) identified the mobile landscape at the time, and outlined the role and scope of EMVCo’s involvement in the standardisation of Contactless Mobile Payment within this landscape. This involvement was structured around two main areas: Technical Development and Industry Co-ordination. The second paper, the Technical Issues and Position Paper (2), highlighted a number of technical issues that EMVCo had identified as requiring solutions in order to enable the wide scale deployment of Contactless Mobile Payment, and EMVCo’s planned actions in addressing these issues.

In the four years since EMVCo set out this vision, there has been significant movement in the industry. EMVCo has published a number of documents, and other industry bodies have also been active in the standardisation of technologies and services related to Contactless Mobile Payment.

Toward meeting the goals of providing technical development and industry co-ordination, EMVCo has published the following technical documents:

• Contactless Mobile Payment Architecture Overview (3) provides an architecture and context for other EMVCo mobile documents

• Handset Requirements for Contactless Mobile Payment (4) provides guidance to the industry regarding features required for supporting Contactless Mobile Payment capabilities.

• Application Activation User Interface – Overview, Usage Guidelines, and PPSE Requirements (5) defines how to configure a mobile device supporting multiple Contactless Mobile Payment applications to reflect the user’s choice and preferences.

• EMV Profiles of GlobalPlatform UICC Configuration (6) specifies a number of profiles for GlobalPlatform based UICCs which have been agreed upon by members of EMVCo.

This white paper provides an updated view of the Contactless Mobile Payment landscape, setting out EMVCo’s current position and detailing how the issues identified previously have been addressed. It also identifies where EMVCo has on-going work in Contactless Mobile Payment, and highlights areas in which other industry bodies are providing input.

1 Executive Summary EMV Contactless Mobile Payment EMVCo White Paper on Contactless Mobile Payment

Page 2 v 2.0 September 2011 © 2011 EMVCo, LLC (“EMVCo”). All rights reserved. Any and all uses of the EMV Specifications (“Materials”) shall be permitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at





2 References

The following documents are referenced in this white paper. All are available on www.emvco.com.

1 EMV Mobile Contactless Payment: White Paper: The Role and Scope of EMVCo in Standardising the Mobile Payments Infrastructure. Version 1.0, 2007.

2 EMV Mobile Contactless Payment: Technical Issues and Position Paper. Version 1.0, 2007.

3 EMVCo Contactless Mobile Payment: Contactless Mobile Payment Architecture Overview. Version 1.0, 2010.

4 EMV Contactless Mobile Payment: EMVCo Handset Requirements for Contactless Mobile Payment. Version 1.0, 2010.

5 EMVCo Contactless Mobile Payment: Application Activation User Interface – Overview, Usage Guidelines, and PPSE Requirements. Version 1.0, 2010.

6 EMVCo Contactless Mobile Payment: EMV Profiles of GlobalPlatform UICC Configuration. Version 1.0, 2010.

7 EMV Contactless Specifications for Payment Systems. Book C-1. Kernel 1 Specification. Version 2.1, 2011.




11 EMV Contactless Specifications for Payment Systems. Book D. EMV Contactless Communication Protocol Specification. Version 2.1, 2011.

12 EMV Card Personalization Specification. Version 1.1, 2007.

13 EMVCo Card Testing Framework for Contactless. Version 1.0, 2010.

14 EMV Security Guidelines. EMVCo Security Evaluation Process. Version 4.0, 2010.

2 References EMV Contactless Mobile Payment EMVCo White Paper on Contactless Mobile Payment






3 Contactless Mobile Payment Overview

The increasing rate of convergence between the mobile telecommunications and payments industries has led mobile payments to become a growing industry sector in recent years.

All actors within the value chain are set to benefit from the wide-scale deployment of mobile payments: the financial community, merchants, network operators, technology providers, and consumers. These benefits are set to increase as mobile payment programmes evolve beyond the medium term reality of mass market contactless mobile payment.

3.1 History In 2007, after analysis and vetting with its stakeholders, EMVCo decided that its role in Contactless Mobile Payment standardisation is two-fold. Firstly, with the growth of the contactless mobile payment sector, there was a need for EMVCo to address and resolve a number of technical infrastructure issues associated with enabling contactless payments via mobile phone handsets. This ‘technical development’ responsibility was in line with EMVCo’s traditional role within the payments industry as a technology standards body. The mobile payment technical focus of EMVCo would be an adjunct to the organisation’s work towards the development of specifications related to contactless payment and the associated common Type Approval process for cards and terminals.

Secondly, due to the nature and early lifecycle stage of the contactless mobile payment market there was a need for the payments industry to adopt a collaborative approach to standardisation. EMVCo would co-ordinate the payments industry efforts, in standardisation work with other industry groups and market forces in order that an interoperable contactless mobile payment model for EMV transactions could be defined and created. EMVCo would provide the common voice of the payments industry on contactless mobile proximity payment standardisation.

EMVCo’s role within the standardisation of contactless mobile payment could be classified under two headings and broken down into a number of key deliverables:

3 Contactless Mobile Payment Overview EMV Contactless Mobile Payment EMVCo White Paper on Contactless Mobile Payment



Technical Development:

• To define chip data security requirements

• To define a framework for Type Approval process

• To define global interoperability between Contactless Mobile Payment devices and payment acceptance infrastructure from a technical perspective

• To identify user interface issues

Industry Co-ordination

• To standardise contactless mobile proximity payment infrastructure requirements

• To fill in ‘gaps’ which exist in the standardisation of Over-the-Air (OTA) card and application management (for both secure elements and user interface applications)

• To actively engage relevant standards organisations in order to ensure EMV involvement in the standardisation for contactless mobile payment

• To speak with a common voice to vendors, operators, banks, and merchants about contactless mobile payment opportunities, challenges, and the need for standardisation.

Throughout the process of working towards the creation of a global interoperable contactless mobile payment infrastructure for EMV transactions, EMVCo has solicited feedback on its role from the payments industry in order to remain relevant to, and representative of, the sector.

3.2 Meeting These Goals In this environment, EMVCo identified the need for common specifications and common platforms in order to prevent fragmentation, which could in turn become a barrier to the widespread deployment of Contactless Mobile Payment (CMP). It was also recognised that mobile devices are not primarily financial instruments. Mobile devices are primarily communication devices, but are increasingly becoming multipurpose devices with the advent of location services and the myriad mobile applications (“apps”) which are now available. The requirements for CMP are just one set of requirements which must be balanced with the needs of other application areas for mobile devices, and it is important for EMVCo to work with the wider mobile industry in defining specifications and requirements.

EMV Contactless Mobile Payment 3 Contactless Mobile Payment Overview EMVCo White Paper on Contactless Mobile Payment



It was also clear that the lifecycles of mobile devices are significantly different from those of payment smart cards. This is the case both in the development timescales and the time in market. In order for the financial industry’s requirements for CMP to be met by mobile devices it is important that the impact on the mobile device development lifecycle is minimised. This involved developing pragmatic approaches to type approval and testing which meet the needs of both the financial and mobile industries.

In order to identify the areas in which further work was necessary, EMVCo developed a reference framework for CMP, which has been published in the Contactless Mobile Payment Architecture Overview (3). That document identified the following areas of interest in specification work:

• Contactless Mobile Payment applications

• CMP application choice and activation

• CMP application lifecycle maintenance

• Secure Elements

• Personalisation and provisioning of Contactless Mobile Payment

• Contactless communication modules

• Mobile device requirements to support CMP

• Contactless payment terminals supporting Contactless Mobile Payment

These are illustrated in Figure 1 below.




Figure 1 – Simplified Architecture and Areas of Interest

Mobile Device

Contactless Communication Module

Contactless Payment Terminal

Secure Element

CMP Application

CMP Application Lifecycle

Maintenance

Provisioning and Personalisation

Application Environment

User Interface Application

Wide Area Modem

This white paper provides more detail regarding EMVCo’s position with respect to each of these areas.

EMV Contactless Mobile Payment 3 Contactless Mobile Payment Overview EMVCo White Paper on Contactless Mobile Payment



3.3 Principles Before starting contactless mobile payment technical development and liaison activities, EMVCo developed and vetted a set of principles to guide its efforts. These principles include:

• A mobile device may support multiple contactless mobile payment applications from multiple financial issuers and carrying different brands.

• The user determines which payment instrument is to be used for a transaction.

• EMVCo does not mandate a particular Secure Element architecture or policy, but seeks to provide flexibility in order to allow the deployment the most appropriate solution for a particular market.

• Where possible EMVCo will make use of industry specifications rather than defining new specifications.

• EMVCo will seek to make use of industry type approval programmes for qualification of mobile devices.

• Contactless Mobile Payment must be compatible with existing EMVCo based contactless payment infrastructure.







4 EMVCo Technical Work and Perspective

Using EMVCo’s documented Contactless Mobile Payment architecture as a base, the following sections provide a summary of EMVCo’s development activities. Where EMVCo has not developed specific deliverables this section provides perspective on the standardisation efforts of other organisations.

Further details of how EMVCo has addressed the areas identified in the Technical Issues and Position Paper (2) are given in Annex C.

4.1 Contactless Mobile Payment Applications The heart of a Contactless Mobile Payment transaction is the CMP application. The definition of the CMP applications is the role of each of the payment systems. Likewise CMP application approval, both functional and security, is the responsibility of the payment systems.

Although EMVCo does not define the CMP application itself, the focus of the EMVCo work is to define a common environment to enable the use of CMP applications. As per the architecture in Figure 1 above, CMP applications must reside within a Secure Element in the mobile device, and this Secure Element may be shared with other applications – both CMP and non-payment applications. The EMV specifications enable the co-existence of this multiplicity of applications.

4.2 Application Choice and Activation To enable the user to choose the desired application to be used for a CMP transaction, EMVCo has developed the Application Activation User Interface specification (5). That specification defines how a user interface may gather information about the CMP applications present on a device in order to enable the user to select the application that he or she wishes to use for a transaction.

The specification also covers the method by which the user interface application may configure the mobile device in order that a contactless POS terminal will initiate a payment transaction with the user’s chosen application. The primary means by which this is done is through the Proximity Payment System Environment (PPSE). While the location of the PPSE within the mobile device is implementation specific, the Application Activation User Interface specification includes the specification of the PPSE application when implemented on a Secure Element.

4 EMVCo Technical Work and Perspective EMV Contactless Mobile Payment EMVCo White Paper on Contactless Mobile Payment



4.3 CMP Application Lifecycle Throughout the life of an EMVCo based CMP application there may be a need to reset application counters and modify parameters within the application. EMVCo regards this as a CMP application concern, and therefore the responsibility of the individual payment systems.

4.4 Payment Terminals Supporting Contactless Mobile Payment

The mobile phone offers a rich platform for interaction between a user and a CMP application during and surrounding a CMP transaction. Examples of such interactions include display of branding, transaction information, and entry of a confirmation code on the mobile device. Use of these features may require additional functionality in contactless payment terminals, beyond that which is required for acceptance of contactless cards.

It is important that CMP applications are able to work (possibly with reduced functionality) on deployed terminals; however, support of the advanced payment capabilities of CMP requires existing terminals to be updated. From an EMVCo perspective, the features being added to support CMP (such as application choice) are backward compatible with deployed contactless payment terminal infrastructure.

In order to provide interoperability between Contactless Mobile Payment and existing card payment, both contactless payment terminals and mobile devices supporting CMP are required to implement the Contactless Communication Protocol Specification (11) which is also applicable to contactless payment cards.

EMV Contactless Specifications for Payment Systems, Books C-n (7) (8) (9) (10) define the latest terminal specifications which implement any CMP specific features from each of the payment systems.

The result of this is that EMVCo will not define new type approval processes for Contactless Payment Terminals supporting CMP but will follow the standard EMVCo terminal approval procedures.

EMV Contactless Mobile Payment 4 EMVCo Technical Work and Perspective EMVCo White Paper on Contactless Mobile Payment



4.5 Secure Elements Security is important to Contactless Mobile Payment applications, just as it is to card based payment applications. From an EMVCo perspective, security of CMP should be at the same level as the security of card products. In order to support this security requirement, a CMP application must reside in a Secure Element. A Secure Element is a tamper resistant module capable of hosting applications in a secure manner.

There are a number of options for Secure Elements, including amongst others, embedded Secure Elements, UICCs (SIMs), microSD, and accessories, each of which may be based on differing hardware, firmware, operating systems, and platforms.

EMVCo does not have a requirement or preference for any particular architectural option or platform, nor does it set requirements around the number of Secure Elements which are available in a mobile device. Where certain options are widely deployed, EMVCo may develop work items around a particular platform in order to facilitate interoperability and co-existence of CMP applications on deployments of that platform. These work items do not imply an EMVCo requirement that such a platform be used.

EMVCo’s specifications around CMP have been developed to be able to support multiple, simultaneously enabled Secure Elements in a mobile device. Whilst EMVCo encourages flexibility in the architecture, no particular policy for the number and activation of Secure Elements is mandated. For example, deployments with a single active Secure Element are covered by the EMVCo specifications.

Historically, payment cards have been owned by a single issuing bank, typically carrying a single payment brand. There has been flexibility for payment systems and issuers to define the requirements on the functionality, configuration, and security requirements of the card. In the deployment of CMP, multiple CMP applications, potentially from multiple issuing banks, and carrying multiple payment brands, may co-exist on the same mobile device. As the number of Secure Elements available in a mobile device is limited, a Secure Element may host multiple CMP applications. If payment systems and issuers place incompatible requirements on the Secure Element, this will fragment the market. In order to avoid this situation, EMVCo has been addressing common requirements for Secure Elements.

EMVCo has published EMV Profiles of GlobalPlatform UICC Configuration (6), which uses the GlobalPlatform UICC profile as a basis. EMVCo is preparing a similar profile for non-UICC GlobalPlatform based Secure Elements, and may consider further profiles for other widely deployed platforms.




4.6 Personalisation and Provisioning of CMP Applications

Installing a CMP application on a mobile device (provisioning) and personalising a CMP application with data specific to the user is an essential step in the deployment of Contactless Mobile Payment. There are a number of elements to provisioning and personalisation. A simplified diagram of the actors is shown in Figure 2.

Figure 2 – Simplified Provisioning Architecture

Secure Element

Trusted Service

ManagerIssuer Mobile Device

Although EMVCo had identified this as a gap where work was needed, there has been ongoing work within the industry to address this area. For example, GlobalPlatform is defining a messaging specification for the management of Mobile-NFC Services, and the Association Française du Sans Contact Mobile (AFSCM) has written an interface specification which has been contributed to GlobalPlatform. As the industry has been addressing these issues, EMVCo will not define the interface between an issuing bank and a Trusted Service Manager (TSM).

Likewise EMVCo will not define the interface between the TSM and the mobile device or Secure Element for provisioning and personalisation. The EMV Card Personalisation Specification (12) may be used as part of the personalisation process, but is not required by EMVCo.

The GlobalPlatform specifications define mechanisms for personalisation which are appropriate to GlobalPlatform based Secure Elements. As Secure Elements may be shared by multiple CMP applications, the EMV Profiles of GlobalPlatform UICC Configuration specification (6) defines a standard environment into which CMP applications can be provisioned which is acceptable to the payment systems which are EMVCo members. EMVCo does not mandate the use of these profiles, but Secure Elements which make use of these profiles may be qualified through the EMVCo Compliance programme.

EMV Contactless Mobile Payment 4 EMVCo Technical Work and Perspective EMVCo White Paper on Contactless Mobile Payment



The Application Activation User Interface specification (5) defines how a Secure Element Contactless Management system should be configured during personalisation and provisioning in order to support the co-existence of multiple CMP applications on one mobile device and in particular the use of the GlobalPlatform Contactless Registry Service (CRS).

4.7 Contactless Communication Modules The Contactless Communication Module is responsible for the implementation of the digital and analogue contactless protocol for the mobile device implementing CMP. For interoperability between CMP applications and the acceptance infrastructure to support contactless cards, Contactless Communication Modules are required to conform to the EMV Contactless Communication Protocol Specification (CCPS) (11) defined by EMVCo.

EMVCo members have worked with the NFC Forum to ensure that the NFC Forum specifications are compatible with the CCPS, and that devices implementing the NFC Forum specifications may also meet the requirements of the CCPS.

4.8 Mobile Device Requirements to Support CMP Mobile devices support a large number of features, and these vary between devices. To support a wide scale deployment of CMP across multiple models of devices, it is helpful if there is a minimum set of core features supported across the board.

In order to provide guidance to the mobile industry about what features are required for CMP, and also areas in which development work would be helpful, EMVCo has published Handset Requirements for Contactless Mobile Payment (4). The intent of that document is to provide the industry with direction around CMP, and unless the same requirements are identified elsewhere within EMVCo documentation, EMVCo will not be testing the support of those requirements as part of an approvals programme.







5 Type Approval

EMVCo has for many years offered an extensive type approval programme for terminals, and since 2007, for chips and CCD/Common Payment Application cards. In evaluating the role EMVCo should play in type approval for mobile, two particular areas have been taken into consideration.

1. Mobile industry development cycles: The mobile industry has rapid and time constrained releases, and it is important that an EMVCo type approval programme for Contactless Mobile Payment does not negatively impact the industry’s development cycles.

2. Sharing of platforms between issuers and brands: Whereas cards are typically under the control of a single issuer supporting a single payment system brand, mobile handsets and Secure Elements may be shared between multiple issuers and payment brands.

5.2 Mobile Handsets The mobile industry has a large number of new products being put on the market each year, and has rapid and time constrained releases. In order to meet the requirements of the mobile industry, EMVCo will work with other mobile compliance bodies in order to establish compliance of the Contactless Communication Modules of mobile devices with the CCPS. EMVCo has a liaison with the NFC Forum which has recently launched a compliance programme, and is exploring other bodies which may also be appropriate in this area. The requirements and processes for a form of EMVCo accreditation in this area are being established.

In the interim a mobile handset may be submitted for Contactless Level 1 evaluation under the EMVCo Card Testing Framework for Contactless (13).

5 Type Approval EMV Contactless Mobile Payment EMVCo White Paper on Contactless Mobile Payment



5.3 Secure Elements

5.3.1 Security Evaluation The EMVCo security evaluation programme (described in EMV Security Guidelines – EMVCo Security Evaluation Process (14)) has recently been expanded from chips at the silicon level and issuance of IC (security) Certificates, to also cover the multi-application platforms at the operating system level and issuance of Platform (security) Certificates.

The Secure Elements used for CMP will be shared with non-payment applications, which may have differing security requirements. As applications may come from different providers, and may be deployed across different Secure Elements, there is an industry need for a security evaluation methodology which allows for evaluations of components (e.g. silicon, operating system, applications) by different laboratories to be combined into an evaluation of the overall product (i.e. silicon + operating system + applications). EMVCo has worked through liaison relationships with GlobalPlatform and the GSM Association to help develop the GlobalPlatform Composition Model for Security Evaluation. EMVCo will incorporate the Composition Model into the EMVCo security evaluation process in the future.

5.3.2 Functional Evaluation EMVCo type approval covers functionality defined in the Application Activation User Interface specification (5). Where a Secure Element implements the mobile PPSE and/or Secure Element Contactless Management as defined in the Application Activation User Interface specification, the PPSE and/or Secure Element Contactless Management implementation may be submitted for EMVCo testing and type approval

In order to issue an EMVCo Letter of Compliance, EMVCo will require both a successful functional evaluation of the PPSE and/or Secure Element Contactless Management implementation and a successful security evaluation of the Platform.

EMVCo has a liaison with GlobalPlatform and has developed PPSE and Secure Element Contactless Management implementation guidelines for GlobalPlatform based Secure Elements.

EMVCo type approval recognizes the GlobalPlatform Compliance Program. In order to be recognized by EMVCo as a GlobalPlatform compliant Secure Element, the Secure Element provider must select a GlobalPlatform Qualified Laboratory that is also an EMVCo Accredited Laboratory and pass GlobalPlatform testing requirements. EMVCo will review the GlobalPlatform Letter of Qualification in conjunction with the test results of the PPSE and/or Secure Element Contactless Management (GlobalPlatform Contactless Registry Service) implementation and the Platform security evaluation before issuing an EMVCo Letter of Compliance.

EMV Contactless Mobile Payment 5 Type Approval EMVCo White Paper on Contactless Mobile Payment



5.4 CMP Applications Functional and security evaluation of CMP applications is not covered by EMVCo and remains the responsibility of individual payment systems.

5.5 Contactless Mobile Payment Terminal Approval Support for Contactless Mobile Payment has been included in the EMVCo terminal specifications, and will be type approved in the EMVCo Terminal Type Approval Programme.

5 Type Approval EMV Contactless Mobile Payment EMVCo White Paper on Contactless Mobile Payment






6 Looking Forward

There has been considerable progress in the area of Contactless Mobile Payment since EMVCo first began to consider the area. The market has moved from regarding CMP as a potentially interesting area to a position where CMP is ready for commercial deployment. The specifications required to deploy interoperable CMP are in place.

This does not mean that all issues around CMP deployment are fully defined. There remain many deployment options which are available, and it is not yet clear which of these options will be most appropriate in various regions around the world. As the market further matures it is expected that new areas will be identified which need specifications in order to support continued growth of CMP. EMVCo will continue to monitor the market, to identify areas where specification work is required, and to evaluate what role EMVCo should play in developing these specifications.

EMV Contactless Mobile Payment 6 Looking Forward EMVCo White Paper on Contactless Mobile Payment




September 2011 v 2.0 Page 23 © 2011 EMVCo, LLC (“EMVCo”). All rights reserved. Any and all uses of the EMV Specifications (“Materials”) shall be permitted only pursuant to the terms and conditions of the license

agreement between the user and EMVCo found at http://www.emvco.com/specifications.aspx.

Annex A Summary of Contactless Mobile Payment Areas

Table 1 provides a summary of the areas which EMVCo has addressed in its work, and a non-exhaustive list of other specification bodies which are also contributing.

Table 1 – Areas Addressed by EMVCo and Other Specification Bodies

Component EMVCo Specifications EMVCo Approval Related Specification

Bodies

Related Approval Bodies and Processes

CMP Application Payment Systems Payment Systems

CMP Application Choice

Application Activation User Interface (5)

PPSE GlobalPlatform

NFC Forum

ETSI SCP

CMP Application Lifecycle

Payment Systems Payment Systems

Contactless Payment Terminals

EMVCo contactless terminal specifications

EMVCo contactless terminal type approval programme

EMV Contactless Mobile Payment Annex A Summary of Contactless Mobile Payment Areas EMVCo White Paper on Contactless Mobile Payment



Component EMVCo Specifications EMVCo Approval Related Specification

Bodies

Related Approval Bodies and Processes

Secure Element EMV Profiles of GlobalPlatform UICC Configuration (6)

EMVCo Security Evaluation

GlobalPlatform based Secure Element functional testing

GlobalPlatform GlobalPlatform

Common Criteria

Provisioning and Personalisation

EMVCo Card Personalisation Specification (12)

GlobalPlatform

AFSCM

Contactless Communication Modules

EMV Contactless Communication Protocol Specification (11)

CCPS NFC Forum

ETSI SCP

NFC Forum

Mobile Device Requirements

Handset Requirements for Contactless Mobile Payment (4)

GSMA




Annex B Frequently Asked Questions

Table 2 – Frequently Asked Questions

Will EMVCo define a common Contactless Mobile Payment Application?

The specification of Contactless Mobile Payment applications is the responsibility of the individual Payment Systems, and EMVCo has no plans to define a common Contactless Mobile Payment Application.

Does EMVCo require a particular type of Secure Element?

EMVCo does not require a particular type of Secure Element. EMVCo allows for all different architectural options, e.g. UICC, embedded SE, removable SE.

Does EMVCo have specifications for terminals which accept Contactless Mobile Payments?

Terminals which accept Contactless Mobile Payments are covered by the standard EMV contactless terminal specifications. EMVCo has not defined specific requirements for terminals supporting CMP.

Will EMVCo type approve mobile devices for CMP?

EMVCo is exploring options for making use of mobile industry compliance programmes to provide EMVCo accreditation in this area.

Will EMVCo type approve Secure Elements?

EMVCo has a Security Evaluation programme for Secure Elements that covers the silicon and the operating system.

EMVCo has a functional evaluation programme for implementations of the Application Activation User Interface specification (5) requirements within Secure Elements.

EMV Contactless Mobile Payment Annex B Frequently Asked Questions EMVCo White Paper on Contactless Mobile Payment



Does EMVCo require all available Secure Elements to be active at one time?

EMVCo does not specify any policy regarding the number of Secure Elements or how many should be active at any one time. EMVCo’s specifications in this area are designed to have sufficient flexibility to cover all implementations.

Does EMVCo require the use of GlobalPlatform based Secure Elements?

EMVCo does not require the use of GlobalPlatform Secure Elements; however, as GlobalPlatform is a widely deployed standard for Secure Elements, EMVCo has defined specifications for its use.

As part of the EMVCo type approval programme, EMVCo recognizes the GlobalPlatform Compliance Program for GlobalPlatform based Secure Elements.

Does EMVCo require that a mobile device be able to perform a Contactless Mobile Payment transaction when the device is off or the battery is low?

EMVCo does not require that payment applications shall operate when the mobile device is in battery off/battery low state. However, for devices that allow communication with the Secure Element when the device is switched off, the Application Activation User Interface specification (5) defines methods for intelligent selection of applications based on the ability of the application to run without the user interface being available. This issue is discussed further in the Handset Requirements for Contactless Mobile Payment (4).




Annex C Actions Taken in Response to Areas Defined in the Technical Issues and Position Paper

The EMVCo Technical Issues and Position Paper (2), published in October 2007, identified a number of areas in which EMVCo planned to undertake work. The actions EMVCo has taken in these areas since the publication of the paper are summarised in Table 3 below.

Table 3 – EMVCo Actions Based on Areas of Work Identified in Technical Issues and Position Paper

Identified Area of Work EMVCo Action

EMVCo to consider a functional requirement that provisioning and personalisation of the contactless payment application can be in a single or separate sessions. Additionally, EMVCo is to ensure there is a standard mechanism to personalise a contactless payment application based on EMV CPS.

Industry standard provisioning methods (for example, GlobalPlatform) allow for the separate provisioning and personalisation of CMP applications.

The details of personalising an application are a CMP application issue, and therefore the responsibility of the individual payment systems. EMV Card Personalization Specification (12) may be used but is not required.

EMV Contactless Mobile Payment Annex C Actions Taken in Response to Areas Defined in the Technical Issues and Position Paper EMVCo White Paper on Contactless Mobile Payment




EMVCo will consider how EMV CPS may be used with secure messaging protocols such as those of GlobalPlatform and GSM 03.48 in a mobile environment. If necessary, EMVCo will consider enhancing CPS to provide the necessary capabilities for the mobile environment, and providing best practice guidelines as appropriate.

This is supported in the EMV Profiles of GlobalPlatform UICC Configuration specification (6).

EMVCo to consider developing requirements of standard methods for registering a new application on a Secure Element, and collaborating with other bodies such as GlobalPlatform to define the appropriate method and mechanism for registration.

The Application Activation User Interface specification (5) defines a standard usage of a Secure Element Card Management system (such as GlobalPlatform Contactless Registry Service) for registering new CMP applications on a Secure Element.

EMVCo to consider developing User Interface requirements to assist the user in securely managing and monitoring the processes for provisioning, personalisation, and update of the payment application on a Secure Element in a mobile device.

The Application Activation User Interface specification (5) provides User Interface best practices in this area.

EMVCo to consider identifying the requirements of a standard configuration of operating systems to support contactless payment applications, and to work with other industries to develop a de facto standard.

EMVCo has published EMV Profiles of GlobalPlatform UICC Configuration (6). It is planned to publish an equivalent document for non-UICC GlobalPlatform Secure Elements, and further profiles may be considered.





EMVCo to consider the use of EMV Scripts and EMV CPS in the mobile environment, in particular for post issuance and post distribution updating of the payment application and its counters and parameters; additionally, EMVCo to develop best practice guidelines and User Interface requirements for the management of post-distribution provisioning mechanisms, such as those offered by GlobalPlatform. Enhancements to the PPSE will also be considered as appropriate.

EMVCo considers the use of EMV Scripts to be a CMP application specific issue, and as such to be the responsibility of the Payment Systems.

Provisioning and Personalisation is out of scope of EMVCo’s work although the EMV Card Personalisation Specification (12) may be used for this purpose.

The use of the PPSE for Contactless Mobile Payment is defined in the Application Activation User Interface specification (5).

EMVCo to consider best practices guidelines that the methods used to provision the payment application in a Secure Element also be able to remove the payment application. In the event that the Secure Element application environment does not allow for the deletion of the payment application, EMVCo to consider User Interface requirements and mechanisms to allow for the disablement of the payment application and the deletion of the payment credentials.

Deletion of applications is supported by many of the Secure Element operating systems, including GlobalPlatform, and it has not been necessary for EMVCo to define specific requirements in this area.

Disablement of a CMP application and deletion of the payment credentials within an application is a CMP application issue, and the responsibility of the Payment Systems.





EMVCo to consider a best practices guideline that the standard processes for deletion and provisioning and personalisation should be used to transfer the credentials from one mobile device Secure Element to another mobile device Secure Element.

Provisioning and personalisation is out of scope of EMVCo’s work at this time.

In order to enable interoperability between removable Secure Elements, EMVCo to consider the development of requirements for standardised commands from the user interface application and the payment application along with standard application labels which may be used to store customised information associated with the payment application. These requirements will also consider the security between the user interface application and payment application.

The Application Activation User Interface specification (5) specifies how the Secure Element Contactless Management system may be used to provide information about the CMP application in a standard manner. It also defines a command for activating and deactivating a CMP application.

EMVCo to consider development of requirements for management of customised elements on a mobile device and to collaborate with standards bodies such as the Open Mobile Alliance to define appropriate device management mechanisms.

EMVCo has a liaison with the NFC Forum which is defining the NFC Controller Interface.

EMVCo to consider defining the API between the user interface application and the payment application.

The CMP application is the responsibility of Payment Systems, and EMVCo has not defined standardised commands between the user interface application and the CMP application except for an optional command for activating and deactivating an application which is defined in the Application Activation User Interface specification (5).





EMVCo to consider a best practices guideline that the standard methods of provisioning applications on the mobile platform should be used and/or enhanced for provisioning the user interface application.

Provisioning and personalisation is out of scope of the work of EMVCo at this time. The use of the Secure Element Contactless Management system to provide information to a user interface application in a standard manner is defined in the Application Activation User Interface specification (5).

To assist with customer care interactions, EMVCo to consider defining standard application labels and/or application commands which may be used to assist in customer care.

EMVCo has not defined any specific support in this area.

EMVCo to consider user interface requirements and application commands that enable the locking and unlocking of a proximity payment application. These commands should provide for convenient and secure application usage management of multiple accounts contained on Secure Elements, including options for locking policies such as frequency of application locking and locking per application or for all applications.

EMVCo has defined a command which may be used to activate or deactivate a CMP application in the Application Activation User Interface specification (5).

The use of Confirmation Codes for locking applications is considered a CMP application issue and the responsibility of the individual Payment Systems.





The contactless payment application must have a mechanism to enable the POS terminal to interact with the chosen payment application. It is expected that the PPSE mechanism defined by EMVCo should provide this capability. This should include considerations of enhancing the PPSE as appropriate to support the mobile payment environment

The mechanisms to support a user choosing a particular CMP application, and the mechanisms for communicating the choices to the contactless terminal (including the PPSE) are defined in the Application Activation User Interface specification (5).

EMVCo to consider defining commands for a user interface application to manage the PPSE appropriately in order to reflect the user selection of the payment instrument.

The use of the PPSE for Contactless Mobile Payment is described in the Application Activation User Interface specification (5) which includes the specification of commands for managing the PPSE when it is implemented on a Secure Element.





EMVCo to account for the following set of considerations in the development of User Interface requirements and best practices guidelines:

• Any payment application supporting multiple payment credentials should provide the user with the ability to select the set of credentials to be used on a transaction-by-transaction basis. It would also be desirable to allow the user to select a default set of credentials to be used, unless an alternate set of credentials is selected for a particular transaction.

• The interaction between the mobile device and the POS terminal should not allow the merchant to override the user preferences, and the behaviour of POS terminals needs to be defined to respect the user preferences.

• Malicious readers seeking to attack the payment application need not follow the behaviour specified for a POS terminal, so mechanisms to prevent the activation of non-selected applications should be explored.

• The mechanism for selection of a particular account when multiple contactless payment applications are available should be specified, but not the user interface (beyond “guidelines” and recommendations from EMVCo).

• The API which the mobile device must send to the contactless payment application for account selection should be standardised for interoperability between user interface applications and the payment application.

These areas have been taken into consideration in the development of the Application Activation User Interface specification (5).





EMVCo to consider requirements for the mobile contactless payment application operating when the device is powered down. Such considerations include:

• Having a default application selection method, possibly based on the power state of the mobile device;

• Detection of power state and restricting functionality accordingly.

The Application Activation User Interface specification (5) provides mechanisms for identifying CMP applications that are capable of operating when the User Interface is not available (for example, when battery power is too low), and a mechanism for selecting appropriate CMP applications when the UI is not available.

EMVCo to consider how the mobile contactless payment application should provide a mechanism to the mobile device to indicate when branding should be displayed, and what branding should be displayed.

This is addressed in the Handset Requirements for Contactless Mobile Payment (4).




Annex D Glossary

AAUI Application Activation User Interface

AFSCM Association Française du Sans Contact Mobile

API Application Programming Interface

Application Activation User Interface (AAUI)

A user interface application on a mobile device that enables the consumer to manage the use of their contactless applications.

Association Française du Sans Contact Mobile (AFSCM)

A non-profit organisation which aims to facilitate the technical development and promotion of mobile contactless services. The AFSCM was founded by French mobile operators Bouygues Telecom, Orange France, and SFR.

CCD Common Core Definitions

CCPS Contactless Communication Protocol Specification

CMP Contactless Mobile Payment

Common Core Definitions (CCD)

A minimum common set of card application implementation options, card application behaviours, and data element definitions sufficient to accomplish an EMV transaction, as defined in EMV Integrated Circuit Card Specifications for Payment Systems, Book 3: Application Specification, available at www.emvco.com.

Common Payment Application An EMVCo specification that defines the data elements and functionality for an application that complies with the EMV Common Core Definitions (CCD).

Composition Model See “GlobalPlatform Composition Model”.

Annex D Glossary EMV Contactless Mobile Payment EMVCo White Paper on Contactless Mobile Payment



Contactless Communication Module

A module within a mobile device providing a contactless interface compatible with EMV Contactless Communication Protocol Specification (11).

Contactless Mobile Payment (CMP)

Integration of EMV-based contactless payment technology in mobile devices.

Contactless Mobile Payment Application

An application that is hosted in a Secure Element and that performs information exchange and processing needed to perform a Contactless Mobile Payment transaction.

Contactless Payment Terminal

A contactless reader conforming to EMV Contactless Communication Protocol Specification (11) and compliant with EMV specifications related to the use of the PPSE that is capable of conducting a payment transaction with a Contactless Mobile Payment Application.

Contactless Registry Service (CRS)

See “GlobalPlatform Contactless Registry Service”.

CRS Contactless Registry Service

EMV A global standard for credit and debit payment cards based on chip card technology. The EMV Integrated Circuit Card Specifications for Payment Systems are developed and maintained by EMVCo.

EMV CPS EMV Card Personalization Specification

EMV Contactless Mobile Payment Annex D Glossary EMVCo White Paper on Contactless Mobile Payment



EMVCo EMVCo LLC is the organization of payment systems that manages, maintains, and enhances the EMV Integrated Circuit Card Specifications for chip-based payment cards and acceptance devices, including point of sale (POS) terminals and ATMs. EMVCo also establishes and administers testing and approval processes to evaluate compliance with the EMV Specifications. EMVCo is currently owned by American Express, JCB, MasterCard, and Visa.

EMVCo Accredited Laboratory An independent, impartial entity that has received a Letter of Accreditation from EMVCo, entitling it to perform testing for specified Type Approval; in the context of this document, to perform testing for CMP Type Approval.

EMVCo Compliance Certificate

A certificate issued by EMVCo when sufficient assurance has been demonstrated for an IC, Platform, or Card Product.

EMVCo Letter of Compliance Written statement that documents the decision of EMVCo that a specified CMP Product has demonstrated sufficient conformance to the EMV Specifications as of its test date.

ETSI SCP European Telecommunications Standards Institute technical committee Smart Card Platform

GlobalPlatform A cross industry, not-for-profit association which identifies, develops, and publishes specifications to facilitate secure and interoperable deployment and management of multiple embedded applications on secure chip technology.

GlobalPlatform Composition Model

A methodology for the evaluation of composite products; that is, Secure Elements that include an open platform and one or more applications.




GlobalPlatform Contactless Registry Service (CRS)

A GlobalPlatform SECM service for managing the contactless applications on a Secure Element.

GlobalPlatform Letter of Qualification

Written statement that documents the decision of GlobalPlatform that a specified Secure Element has demonstrated sufficient conformance to the GlobalPlatform specifications as of its test date.

GlobalPlatform Qualified Laboratory

A laboratory facility that has received written validation by GlobalPlatform that such facility has satisfied all GlobalPlatform prerequisite requirements and conditions for the purposes of performing testing services on Card Products according to GlobalPlatform Card Qualification Process procedures.

GSM 03.48 A specification of the structure of Secured Packets in a general format and in implementations using Short Message Service Point to Point and Short Message Service Cell Broadcast.

GSM Association An association of mobile operators and related companies devoted to supporting the standardizing, deployment, and promotion of the GSM mobile telephone system.

GSMA GSM Association

Handset A type of mobile device, specifically a mobile phone handset.

IC Integrated Circuit

IC Certificate The EMVCo Compliance Certificate of an IC.

Letter of Compliance See “EMVCo Letter of Compliance”.

Letter of Qualification See “Global Platform Letter of Qualification”.




Mobile Device A portable electronic device with contactless and wide area communication capabilities. Mobile devices include mobile phones and other consumer electronic devices such as suitably equipped PDA.

Near Field Communication (NFC)

A short range contactless proximity technology based on ISO/IEC 18092, which provides for ISO/IEC 14443 compatible communications and enables devices to communicate with each other when brought into close range.

NFC Near Field Communication

NFC Forum A non-profit industry association that promotes the use of NFC short-range wireless interaction in consumer electronics, mobile devices, and PCs.

Open Mobile Alliance An industry forum for developing market driven, interoperable mobile service enablers.

OTA Over-the-Air

Over-the-Air (OTA) A method of distributing software to mobile phones and provisioning handsets with the settings necessary to access messaging services.

Personalising Setting selected application data to enable the use of a card by a particular cardholder.

Platform The collective name for the integrated circuit (IC) hardware with its dedicated software, Operating System (OS), Run Time Environment (RTE), and Platform environment on which one or more applications (e.g., CPA) can be executed.

Platform Certificate The EMVCo Compliance Certificate of a Platform.

POS Point of Sale




PPSE Proximity Payment System Environment

Provisioning The process of installing a payment application on a secure element.

Proximity Payment System Environment (PPSE)

A mechanism for presenting the contactless applications available for conducting a transaction to a Contactless Payment Terminal. The PPSE is the first application selected by a Contactless Payment Terminal, and based on the information provided by the PPSE, the terminal uses the highest priority application it supports to process a contactless payment.

SE Secure Element

SECM Secure Element Contactless Management

Secure Element A tamper resistant module in a mobile device capable of hosting applications in a secure manner. A Secure Element may be an integral part of the mobile device, or may be a removable element which is inserted into the mobile device for use.

Secure Element Contactless Management (SECM)

A scheme employed by a Secure Element to manage the contactless applications thereon. The scheme could vary depending on the Secure Element implementation.

SIM Subscriber Identification Module

Subscriber Identification Module

A smart card that securely stores the key identifying a mobile phone service subscriber, as well as subscription information, phone numbers, preferences, etc. It can also be used to securely store a Contactless Mobile Payment application.

Trusted Service Manager (TSM)

An entity that securely manages contactless mobile payment applications and other applications on a Secure Element, for example to support personalisation and provisioning.




TSM Trusted Service Manager

Type Approval Acknowledgment by EMVCo that the specified product has demonstrated sufficient conformance to applicable EMV specifications for its stated purpose.

UICC Universal Integrated Circuit Card

Documents

EMVCo White Paper on Contactless Mobile Payment 20110921111857912