...

UniPayGateway

March 14, 2016
Written by
James Davis
Written by James Davis
Senior Technical Writer at United Thinkers

Author of the Paylosophy blog, a veteran writer, and a stock analyst with extensive knowledge and experience in the financial services industry that allows me to cover the latest payment industry news, developments, and insights. Read more

Reviewed by
Kathrine Pensatori
Product Specialist at United Thinkers

Product specialist with more than 10 years of experience in the Payment Processing Industry. I help payment facilitators and PSPs solve their various payment processing issues. Read more

How to Choose the Best Mobile EMV Solution?

Key Takeaways

  • Integration Challenges for POS Software Providers: POS software providers face the task of integrating card-present solutions into mobile apps. When a mobile device connects to a card reader, it becomes a mobile POS system, necessitating compliance with both PCI and EMV standards.
  • EMV Certification and Compliance Requirements: EMV regulations mandate certification of the entire EMV path to ensure the integrity of the EMV kernel and card. EMV certification is a complex, time-consuming process requiring an EMV toolkit, and must be revisited with any system changes.

 

The problem of selecting the best mobile EMV solution is extremely relevant for merchants, POS software vendors, and payment gateway providers. From the standpoint of a POS software provider, the task is to integrate a card-present solution into a mobile app. If a merchant’s mobile device is connected to a card reader, it can function as a mobile POS system. However, there are several issues which have to be taken into account in this context. If EMV cards are not involved, the most serious issue is PCI compliance of the POS system. However, in the EMV world, beside PCI compliance, there are EMV regulations, intended to preserve the integrity of EMV kernel of the POS system and the EMV card. These regulations require the whole EMV path to be certified. EMV certification is a complex and time-consuming process, which, among other things, requires the purchase of a special EMV toolkit.

Types of Mobile EMV Solution

  • Fully integrated solutions, based on encrypted card readers, work perfectly well for ordinary magnetic stripe cards. They allow the merchant to get the mobile POS app out of PCI scope, but not out of the scope of EMV regulations. EMV path has to be certified initially and re-certified every time some changes are introduced into the system.
  • A standalone solution is based on a special independent EMV-certified application, provided, for instance, by a payment gateway. It allows the merchant’s POS system (mobile app) to remain out of  EMV regulations scope.
  • A semi-integrated solution requires the development of an autonomous EMV-certified embeddable component, which handles basic payment operations and transmits the data to the payment gateway. This solution allows the merchant to exclude the POS system from the EMV path; it is more flexible and more complicated than the other two.

Read more about mobile EMV solutions in the respective article on Paylosophy.com.

Useful articles to help you: