A Four Step Guide to EMV for Merchants – Part III

Just joining this series of posts? You can catch up on what you missed:
Part I – Hardware and Environmental Considerations

Part II – Software Changes and the Impact on Merchants

In this third of four posts regarding the implementation of EMV for US based merchants, we will go beyond the hardware and software involved in facilitating the “between the card accepting terminal” and the chip card and specifically discuss Solution Set Certification.

Step 3 – Solution Set Certification – EMV Level 3 Type Approval
In the previous posts we talked about the “card accepting terminal to chip card hardware interface” as EMV Level 1 Type Approval and the “software interface between the card accepting terminal and chip card” as EMV Level 2 Type Approval, yet there is another certification that is discussed much less often – EMV Level 3 Type Approval.

In the most basic terms, EMV Level 3 Type Approval is brand specific and required for each unique solution set.  To break down that sentence a bit, by ‘brand specific’ I mean that there is a specific certification script which has to be successfully completed for each EMV card brand in order to receive Level 3 approval from that brand.
All of these approvals can be found on the EMVCo website.

I am using ‘solution set’ in this case to refer to the exact set of hardware and software components used to facilitate the entire EMV transaction set. This includes the type 1 and 2 card reader components previously mentioned as well as the POS or payment application that drives the card reader and interfaces with the card processing host.  Here are a few examples of solution sets which could be EMV Level 3 Type Approved:

  • Stand Alone Terminal– In this particular example let’s assume that a merchant wants to use a VeriFone Vx520.  These terminals already have EMV Level 1 and 2 Type Approvals.  In order to receive EMV Level 3 Approval or Solution Set Approval, the terminal would also need a payment application running on the device which supports EMV transactions with a specific acquirer.While this sounds pretty complex, it isn’t too bad.  Once the acquirers support EMV, they will provide the Vx520 and the associated Level 3 approved payment application.   Thus the merchant will immediately be ready to start processing without any need for incremental certifications.
  • Generic Point of Sale Solution– In this example let’s assume that a merchant wants to use a generically available Point of Sale (POS) and associated card accepting terminal.  This solution set is most likely applicable to smaller tier 4 merchants, franchisees, and other merchants who are able purchase a standard package from their technology vendor.  As the providers and solutions sets vary significantly by industry, I won’t go into specific examples here.In this generic or standard package approach, the technology vendor will put together the individual pieces and typically complete a Level 3 certification with that specific package. Thus merchants purchasing these packages will also be able to start processing without any need to complete further certifications. Of note, the solution set certification is going to be very specific as to the components of the package. Swapping out pieces or parts or adding incremental components will likely not be allowed as those changes may negate the certification.
  • Customer Specific POS Solution– Up until this point I have generally discussed generic retail solutions which can be used by a broad set of merchants. In this scenario we are going to talk about the case where a merchant has a very specific card processing solution. These specific card processing solutions can be driven by the acceptance of proprietary or other special card products or the utilization of a customized point of sale terminal which supports specific functionality required by a particular merchant.  In any case, the solution set is material different than any generic solution provided by the technology partner.In the Customer Specific POS Solution scenario, the exact solution set will need to be EMV Level 3 Approved for each of the applicable EMV card brands and thus this will be a material and visible step for merchants in this category.

It should be noted that Level 3 type approval will impact merchants in a variety of ways.  First, level 3 type approval can take anywhere from four to eight weeks to complete.  Clearly this new hurdle in the solution set release cycle will add a corresponding amount of time to any impacted solution set. Further, as there will be more work associated to releasing a software package, merchants should anticipate that their technology providers will look to be compensated for their effort and reimbursed for any direct certification costs. These incremental costs may be relatively small for merchants who use stand-alone terminals or generic solutions, but they may be quite large for merchants using customized solutions.

Finally, any changes which are made to the solution set will force the provider to go through another certification.  Due to the sensitive nature of the interface, even minor and seemingly unrelated software changes have in the past forced a recertification.  This recertification requirement has generally slowed down the ability of merchants to rapidly change and deploy these changes to their card processing environment.

Overall, EMV Type 3 Approval is going to impact a merchant’s ability to quickly and economically update their payment solutions.  Further, merchants should keep this component in mind when deciding on the future direction of their payment solutions as a solution set component’s ability to receive updates without negating its certification is a key strategic advantage.

Some heavy reading I know, but any discussion around EMV certification requires a bit of explanation. In our final installment of this EMV Guide for Merchants, we will look at what sorts of things merchants will need to consider, operationally, for the EMV switch. It’s good stuff, so keep an eye out for it.

Note: This series has been finished, but the good news is that you read the last post now without having to wait for it: Part IV – Training Associates and Customers


  1. Hello, My name is Jose Luis Parra, and I’m from Chile. This part (Solution Set Certification) means that if I am an application Chip provider, I need to certificate the App whit, for instance, Verifone POS? I need to certificate a new kernel?. This question is more about for guidance in the process of have a chip application like Visa, Master, etc (and of course that works in verifone’s terminals).

    Thanks a lot in advance for the answer and excuse me for my poor english.

    • Jose, my apologies for not seeing this sooner. Let me send your question over to Drago, and see if he can answer it. Thanks!

  2. I can’t find any references to “Level 3 Type Approval” on EMVCo.com. Please post a reference link.

  3. Hi, As per XPI documentation, C30 is the first command that would be sent to the verifone device to get the card data. However, C30 seems to be card type specific. For Visa there is one command and for MasterCard a different one. How will the POS terminal software ascertain beforehand the type of card until it sees the response to the C30 command?

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *