Category Archives: News & Events

PayWave approval policy change

In a recent notification, Visa has announced a change in the PayWave approval policy for contactless acceptance devices.

Starting November 1, 2018, contactless terminals passing PayWave certification will be granted a four-year period Approval Letter.

This new validity period of PayWave certified products will allow terminal providers to better manage their product certification cycles, in line with EMV Contactless Level 1 approval.  

Visit Visa Technology Partner website to obtain further information or contact Visa Approval Services

Visit EMVCo website for more information on EMV technology and specifications : www.emvco.com 

Contactless payments on mobile – try it live at Money 20/20

Alcinéo and Trustonic have developed a secure payment solution allowing merchants of all size wherever they are, to accept contactless payments the simplest way, using only their smartphone. 

The solution will be showcased at the upcoming Money 20/20 in Las Vegas, October 21-24, where the payment industry makes Money Revolution

Come and try it live at the stand of our TEE technology partner, Trustonic : 1282.

The solution can be used by all categories of merchants, including restaurants and bars, itinerant vendors or sole traders. In addition to contactless smartcard acceptance, it can take digital lunch vouchers, or process wallet-based transactions including Samsung Pay or Google Pay for example.

Once the application has been downloaded, the smartphone or tablet turns into contatless capable terminal, offering to merchants the opportunity to increase sales with customers holding their  favorite contactless mean of payment (card, smartphone, watch…). 

Visit Trustonic booth and learn more about the solution, try it, and adopt it. 

Keep in touch with us at : info@alcineo.com 

Contactless Level 2 ICS updated -Visa® and Mastercard®

Visa® and Mastercard® have issued new versions of their Contactless Level 2 ICS. 

check boxVisa PayWave Device Questionnaire and VCPS ICS-10/01/18

Mastercard MCL ICS – Sept2018

Before entering into Type Approval process, POS providers shall ensure that they use the most up-to-date version of the Implementation Conformance Statement for each of the kernels they submit to certification. 

Feel free to contact us to obtain further information at : info@alcineo.com.

Contactless payments become the “norm” in transit

The convenience of simply waving a bank card to enter the transit network is one of the main reasons why open-loop payments become so popular in major cities in the world. But it is not the only reason. What are the benefits and the challenges faced by transit authorities? Is it worth the investment? 

Benefits

The implementation of tap & go in the transit sector simplifies not only daily commuters’ journey, but also foreign visitors’ traveling experience. Travelers do not have to carry many cards or have the exact amount in cash for a ride, or waste time in queues to buy a ticket. Instead they benefit from increased punctuality, flexibility and fluidity at peak times. 

Transition from paper-based tickets to digital and contactless ticketing solution is also attractive to transport operators. Contactless fare collection systems reduce operational costs, open the door to new customers on the network, minimize fraud attempts and improve transport services quality. 

How it works

Open-loop payment infrastructure is based on EMV® contactless technology, offering contactless payment in transitpassengers the ability to tap their cards as in any retail store, or use their transit cards, smartphone or other contactless payment capable form factors alike at automatic gates. 

The first challenge for cities is to offer a convenient and discontinued public transport service, easy to use, fast and reliable. It must support a large number of passengers boarding at the same time and embed particular features such as :

  • ODA (Offline Data Authentication) – using fast Dynamic Data Authentication allow the terminal to rapidly identify the card as being unaltered and accepted for travel
  • Deferred authorization – transit merchants have the ability to send authorizations online at deferred time (at the end of the travel period)
  • Fare calculation – travel fare is calculated at the back office system according the taps of a card accumulated over the travel period.  

The main critical issue is to authenticate a card in milliseconds, to avoid any slowdown in the flow, to minimize fraud, and then be able to adequately charge the amount for the trip done. The major payment schemes have released best practices and specific requirements for contactless payments in the transit sector, that transport authorities and their technology partners must follow to securely and compliantly implement open-loop systems.

Security challenges

It is crucial for transport authorities to keep travelers’ data protected from fraud at all times during their trips on the transport network, starting at the point of entry, the contactless readers, up till the acquirer system where the transaction is completed.

Therefore enhancing security layers with PCI Standard Security requirements allow transit operators to ensure cardholder data is kept safe during the whole transaction process on their network, and add security barriers to fight fraud.

Moreover, transit merchants must rely on a robust and secure back office to safely and seamlessly store data, process transactions, track terminal issues, remotely maintain and update each terminal on the network.

One single payment technology partner for all your needs

Alcinéo has been working with stakeholders operating in the transit sector for more than a decade, supporting companies involved in the development of smart ticketing solutions at the gates or turnstiles, unattended payment kiosks and terminals, parking meters or next generation validators.

We help them to overcome the hurdles during the design, development and through certification process of their products with EMV, contactless payment schemes and PCI, and provide a bespoke support after the deployment. Our complete suite of contactless kernels has been designed to comply with the transit speed threshold and security constraints and have already been implemented into terminals operating in many transit systems worldwide.

The modular approach of our PCI PTS logical package allows them to build the most innovative solutions while complying with the latest PCI security requirements to securely process and store sensitive data.

Additionally, our Terminal Management System solution allows our customers to seamlessly manage their terminal fleet easily and remotely : remote control of terminals, real-time monitoring, firmware or application update capability, among other modular functionalities.

Do not hesitate to contact us to have more information on our dedicated solutions for contactless payments in transit, at : info@alcineo.com, or contact your Alcinéo representative.

Mastercard’s milestone for contactless acceptance terminals

Major payment schemes have released roadmaps for the global completion of EMV® contact and contactless technology migration, such as Mastercard’s milestone, to help POS vendors anticipate the development of EMV capable solutions in the near future.

Even though the migration to EMV has started in the early 90s in Europe which is now a mature market, it has only been introduced 2 years ago in the US and still need to be promoted.

Mastercard requires that from October 2018, newly deployed POS terminals support EMV contact and contactless functionalities.*

And all POS systems shall embed EMV and contactless technology by April 2023.*

*Please note that these rules and dates may defer according the regions, such as US or Canada, and the nature of the deployed terminals (POS, mPOS, unattended terminal, integrated POS…).

The other major payment schemes have also edited milestones to achieve EMV and contactless payments’ expansion. Do not hesitate to contact your Alcineo representative to obtain further information, at : info@alcineo.com.

Increase data protection at POS with AES DUKPT

Keep cardholder’s PIN safe with AES DUKPT encryption 

AES DUKPT becomes the new standard for improved data protection at POS systems. Sensitive transaction data processed in the payment network require a high-end level of security to withstand fraudulent attacks. In a new version of the PIN Security standard document, the PCI Security council announced changes in encryption methods that POS vendors must implement to process transaction data online such as cardholder’s PIN.

TDES, widely used in the payment industry, is considered as a weakened technique of PIN encryption to face the threats of elaborated fraud attempts. According the document, TDES PIN  encryption will be disallowed to the benefit of AES cryptographic algorithm. 

AES enhances encryption robustness, as compared to TDES. It offers a larger set of secret keys (from 128 to 256 bits), that can be generated during the whole lifespan of the terminal. 

PIN ProtectionThe combination of AES cryptographic algorithm and DUKPT (Derived Unique Key Per Transaction) key management scheme provide an upper level of protection for transaction data.

The challenge for terminal manufacturers is to develop innovative and convenient  payment solutions for merchants and consumers,  while complying with state-of-the-art technologies and the latest security standards.

At the forefront of data integrity challenges and software-based security, Alcinéo has already developed AES DUKPT key encryption solution for our customers’ secure payment solutions in transit, retail or mPOS environments.

The modular approach of our PCI logical package allow them to obtain customized PCI PTS compliant products, according their needs and supporting the most advanced security requirements in the payment landscape.

Do not hesitate to require further information on our PCI PTS POI package at : info@alcineo.com

The full set of documents on PIN security requirements is available on PCI Security Standard website : www.pcisecuritystandards.org.

EMVCo Bulletin 205 – operational issues

Terminal Type Approval bulletin 205, 3rd edition is available on EMVCo website. It describes operational issues raised by POS manufacturers or laboratories on Level 2 contact test cases version 4.3g or contactless test plan version 2.6b.

The document describes the nature of each issue and the resolution for laboratories and POS providers to mitigate the impact of these tests on TA results.  

For more information on EMV and payment schemes’ updates, do not hesitate to contact your Alcinéo representative at : info@alcineo.com.  

 

JCB updates its requirements program for approval processes

The Japan-based payment scheme JCB has issued an update of its requirement program for Contactless IC terminal approval tests. The new version of the document has been released on the 1st of August.   

It describes the submission processes for initial and renewal approval of compliant EMV payment terminal with JCB specifications. The main changes in the document are related to clarifications on the renewal process. 

Renewal testing requirements

The purpose of renewal testing is to demonstrate that the contactless kernel inside an approved payment terminal still meets sufficient conformance with the current specifications. 

JCB reviews the ICS of the embedded kernel and decides if renewal testing process is needed. If it considers that the product shows sufficient compliance then an extension of approval is granted for 3 years. Otherwise the device must undergo a series of tests to prove compliance with the current test plans. 

The renewal testing session shall be scheduled at the same laboratory that performed initial testing of the product. The set of renewal tests is performed using the same sample device as initial type approval, provided that the device stored at the laboratory is still functional. 

Terminal providers shall send the renewal request within 6 months prior to the end of the approval validity period, and shall ensure that the device has at least a valid EMV Contactless L1 LoA (if it is contactless only capable). 

How to ensure the renewal of terminal approval

It is crucial for POS providers to perform internally the appropriate testing campaigns prior to submitting the device to renewal process. 

Alcinéo has all the the tools identical to those used in laboratories, in order to perform the required testing campaigns in-house for our customers. Either for initial TTA or renewal testing, our team of highly-qualified ISTQB testers can perform tests cases related to EMV contact and contactless kernels, and the full suite of contactless kernels (including but not limited to : MCL, PayWave, ExpressPay, DPAS, Interac, JCB, CUP).

Newsletter – Issue 12 – The steps to EMV® CL1 approval

The development of a contactless payment terminal is not an easy task. From antenna design, to EMV® CL1 stack implementation, debug sessions and approval process, terminal manufacturers must face several challenges. 

Moreover, additional requirements from international standards to increase interoperability imply new testing process. Contactless cards and mobiles can now be used to perform additional tests. Documents on Interoperability testing and requirements can be found on EMVCo website

Read our latest newsletter to have an overview of the maze and find the way out of it :

Newsletter – Issue 12 – Best practice – the steps to EMV contactless level 1 approval