Category Archives: News & Events

Keep up-to-date : here’s EMV® latest version

Version 2.7 of EMV® contactless payments specifications is now available on EMVCo website.  You will find on the website the version 2.7 of Book A, Book B, and Books C-2 to C-7. 

In the meantime, 2 documents have been revoked from the specification documentation : 

Book D Communication Protocol was replaced with the Contactless Interface specification – defining the communication rules between a contactless card and a contactless reader or terminal. 

Book C1 has been removed from the list of EMV contactless kernels.

The purpose of EMVCo is to provide interoperable and common rules for EMV contactless implementation in a POS system. It allows terminal manufacturers to build and maintain their products developed with the latest requirements. 

Moreover, in accordance with the EMV contactless Interface Specification v3.0 released in February, the latest version 2.6b of test cases, test bench and DTE requirements must be applied during the device testing process. 

POS providers must ensure that their device testing environment is compliant with the latest requirements

Additionally, EMV Contact Terminal Type Approval version 4.3a will soon expire to the benefit of the new version 4.3c. Starting July 1stEMV contact terminals submitted to EMV L1 type approval, shall comply with the 4.3c version.  

Feel free to contact Alcinéo to have more information on our software solutions for payment and security.

How to set a fully integrated Device Testing Environment ?

EMV payment terminal certification is a major step for POS manufacturers, before product deployment. Terminal Type Approval process allows to certify the smartcard acceptance products against the latest EMV technology specifications.

The DTE is a must-have tool that POS manufacturers must supply with the sample terminals during Type Approval sessions, to set the most appropriate testing environment. It must embed a range of functions required by the entities implied in the kernel approval process. EMVCo’s objective is to guarantee interoperability while laboratories that perform the tests will expect certain automated commands.

EMVCo’s requirements for contactless Level 1 testing process : 

Interoperability Testing Loopback Application. 

The loopback application generates responses (C-APDU) and send it to the card (in reply to R-APDU). The application shall request the terminal to generate specific indicators (beeps or lights) to indicate the status of the command (Error or Success).

POS manufacturers shall ensure that the DTE provided during EMV Contactless L1 type approval implements this loopback application.

Transaction Send Application.

The DTE must be able to send sets of commands of type A or type B card transaction to the device, after card activation. This mode allows automation of commands and the testing session is shortened, as it is not interrupted by RF communication issues.

In addition to the required functionalities, it is important to set up a tool that can be used by the POS manufacturer to operate some modifications during debug sessions on the hardware part of the device.

Set Registers Values

Although Alcinéo’s DTE L1 is a tool dedicated to the digital testing sessions, it embeds a functionality to allow our customers to set the value of specific RF chip registers during analogic testing session. Antenna tuning is facilitated, as the values set with the command are not permanent, and can be modified easily with a reset of the device.

Using Alcinéo DTE L1 during EMV Contactless Level 1 Type Approval testing sessions help our customers to optimize certification process, comply with international standards requirements, and customize their solution. POS manufacturers just stay focus on their objective, to product and deploy in a cost effective and timely manner, the next generation of payment terminals.

 

Our product offering extends with PURE contactless kernel

Alcinéo has developed the PURE contactless kernel in order to provide a complete suite of payment solutions for varied markets

PURE contactless  kernel has been developed in addition to the range of contactless applications already available in our product portfolio. We deliver to our customers the largest choice in terms of contactless kernels from international payment schemes  (MCL, PayWave, Expresspay, DPas, UnionPay…) or fast expanding regional and proprietary payment schemes (EftPOS, Girocard, Total…).

Why supporting PURE is crucial for POS manufacturers :

The technology has already been adopted by more than 30 domestic schemes globally, representing 120 millions of cards in circulation.  (source : Gemalto.com)

PURE is widely supported in closed-loop payment systems and by many national payment schemes worldwide, offering the opportunity for all stakeholders to provide interoperable payment solutions in all business sectors (e.g. lunch vouchers, transit fare collection, gas stations…). 

Alcinéo helps you build innovative and secure payment solutions

The white label payment issued by Gemalto is fully compliant with EMV requirements. Alcinéo has developed the kernel application according the PURE specifications for contactless readers. The solution is ready to be certified, internally validated against the appropriate test plans. 

Alcinéo has a long-term experience in developing state-of-the-art payment solutions, easily adapting to market requirements. We support integrators and POS manufacturers at all stages of their device lifecycle :

  • advice on hardware design
  • kernel implementation
  • certification process
  • integration with payment application and acquiring networks
  • deployment and maintenance on the field 

We offer a complete range of services according particular device environment : transit system, ATM, gas stations, mobile POS, kiosk…

If you require further information on the PURE application or our Trusted Payment Solutions, feel free to contact us at : info@alcineo.com

Choose Host Simulator for end-to-end transaction processing

Execute transaction processing effortlessly with Alcinéo’s Host Simulator tool. 

Host Simulator is a software tool which forms part of Alcinéo SDK. It has been developed to answer POS manufacturers’ expectations in terms of transaction processing verification. The tool is used to validate messages returned from the acquiring network in reply to an authorization request.

Figure - Authorization request

Payment terminal providers and integrators benefit from this bespoke solution to accelerate the development of their products. They can easily check that their payment application operates the expected behavior during transaction processing. 

The functional interface of the application has been designed  to customize messages according specific elements requested by payment schemes.

The simulated responses from aquiring/host servers (“approved” or “declined” – including issuer scripts when required) are sent to the terminal with specific ARC tags.

The software is regularly updated to be continuously in line with international payment standards current requirements.

The Host Simulator is a “must-have” tool to optimize terminal development cycle. In addition to Alcinéo DTE, it simulates a full environment and allows developers to seamlessly build functional and ready to be deployed solutions.

Feel free to contact us for more information at : info@alcineo.com

Adopt a new consumer experience

When the smart#phone becomes a smart#terminal

Consumers have widely adopted contactless payments in their daily shopping experience. They may feel frustrated when the option is not available in-store and even at small or itinerant merchants.

Contactless payment on smartphoneThe mobile solution developed by Alcinéo allows merchants of all size to simply accept contactless payments, using their smartphone or tablet, without any add-on. Small businesses can benefit from all the features of a POS, hence improving cardholders’ experience, and growing the volume of purchase for their business.

MCL (Mastercard) and PayWave (Visa) microkernels are located into the Trusted Execution Environment (TEE) provided by Trustonic, in the secure OS of the mobile device. The contactless transaction is processed with the same level of security as when paying at a contactless capable POS, and cardholder’s sensitive account data is protected.

If you are interested and want to learn more about the solution, come and visit us at Trustech, held in Cannes, November 28-30.

We’ll be happy to meet you at our booth – LER C 008.

Logo Trustech

Contact us for more information : info@alcineo.com

Interac : updated terminal specifications v1.5b

Updates on contactless functionalities

Interac, the Canada-based payment network has released the latest version 1.5b of the “Dual interface reader/terminal specifications for Interac Direct Payment and NFC based transactions”.

The document sets requirements to guide vendors and developers wishing to implement the IDP specifications for contact and contactless transactions at POS systems and ATM (for contact).

Additional functionalities are described in the contactless specification part, defining the process for contactless transactions between a terminal and a mobile device supporting Interac application.

The main changes refer to the mobile payment requirements, such as a “Mobile Passcode” CVM type, or the retained cardholder data functionality, or the limit of contactless taps parameter.

These updated functionalities allow merchants to accept easily contactless payment at their POS systems, using the Interac contactless application, whether their customers hold a credit card, or a smartphone.

Other international payment schemes also set a range of functionalities to allow contactless payments using multi-form factors which drives further adoption and usage of the tap&go move, such as dual interface cards, smartphones, or other form factors like rings and wristbands.

Visit Interac website to discover Interac products, offers and services.

Feel free to contact your Alcinéo representative to obtain further information on our Interac contactless kernel, and on the range of software solutions and services for payment terminal security and interoperability.

*******************************************

Upcoming event : Trustech

Contact us at info@alcineo.com to arrange a meeting during the 3 days event in Cannes, November 28 – 30

 

TRUSTECH – Cannes – 28-30 Nov

Alcinéo will attend Trustech.

The show gathers experts of the worldwide payment sphere. As a trusted EMV software solution maker Alcinéo will present the secure software suite that will suit your needs.

Contact us at info@alcineo.com to arrange a meeting.

Meet us on our booth C008 at Lerins level to share our vision of payments.

For more information about the show, visit the website : Trustech-event 

 

Partnership with Design Shift for ultimate data protection

An Alliance between Software and Hardware to strengthen security levels

Design SHIFT, building digital security, and Alcineo today announced their partnership delivering protection of critical data based on a secure hardware platform and software data encryption with a remote key management system.

Read more

Visit Design Shift website : www.design-shift.com

Design Shift logo

EMV transactions at automated fuel dispensers

The challenges of securing electronic payments at automated fuel dispensers.

Whereas data security is at the center of concerns in all sectors, electronic transactions at automated fuel dispensers are still exposed to skimming and fraudALX payment terminal for automated fuel dispensersulent attacks.

Alcinéo partnered with ALX Technologies to design a fully integrated payment terminal, dedicated to gas pumps. The white paper describes best practices to implement EMV technology at the pump and mitigate the risk of data theft.

 

 Read the paper here.

Visit ALX Technologies website

PCI PTS 5.0 – to become mandatory by September

The up-to-date version 5.0 for PCI PTS POI was released 10 months ago.

Starting in September 2017, all new devices submitted to PCI PTS evaluation shall support the 5.0 requirements, leading to a greater level of security on the new POS systems.

There is a list of changes impacting the logical part of the PCI evaluation, that Alcinéo takes into account in its PCI PTS POI software solution. These evolutions concern the core logical module and the SRED module (Account Data Protection).

Devices must support firmware update functionality. The objective of PCI Standard Security Council is to enhance the protection of cardholders’ sensitive data.

Changes in the Security Requirements :

  • section B & K  : devices MUST support firmware updates
  • section K : the requirement for Independent Security mechanisms (K1.2) has been removed
    and additional guidances are mentioned to K 1.1 requirement

Changes in the Derived Test Requirements (defining the tests to be performed by laboratories) :

  • B9: Random Number – updated guidance on Deterministic Random Bit Generator
  • B20 : Updated to reflect additional required information to be included in the POI security policy
  • D1 : penetration protection : eliminated 10 hours minimum for exploitation time

All the changes mentioned above were released in the document from PCI SSC : POI – Summary of Requirements Changes.

Alcinéo is already developing logical modules according the 5.0 version, to provide the increased level of security required, and comply with the logical evaluation scope.
We support our customers during the development of their products and help them pass PTS evaluation. Our solution is based on a modular software approach, including Secure Boot Loader, Key Manager, Crypto Engine, and Secure Manager.

You will find all the necessary documents, Security Requirements, Vendor Questionnaire and summary of changes between v4.1 and v5.0, in the document library on the PCI website : 
www.pcisecuritystandards.org