Visa Mobile Proximity Payment Testing & Compliance Requirements For Mobile Products Version 5.4 June 2016 Visa Public DISCLAIMER Visa’s testing services and polices are subject to change at any time in Visa’s sole discretion, with or without notice. This document does not create any binding obligations on Visa regarding Visa testing services or product approval. Any such obligations, to the extent they exist at all, are pursuant to separate written agreements between Visa and the party submitting products for testing and approval. In the absence of a fully-executed written agreement under which Visa has agreed to perform testing services for you or your company you should not rely on this document, nor shall Visa be liable for any such reliance (detrimental or otherwise). Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Contents 1 2 Preface ....................................................................................................................................................................................... 6 1.1 Audience ................................................................................................................................................................................................. 6 1.2 Purpose .................................................................................................................................................................................................... 6 1.3 Scope and Assumptions.................................................................................................................................................................... 6 1.4 Support and Contact Information ................................................................................................................................................. 7 1.5 Visa Business Requirements ............................................................................................................................................................ 7 1.6 Vendor Registration and Licensing............................................................................................................................................... 8 1.7 Specifications and Requirements ................................................................................................................................................ 10 1.8 Terms and Definitions ...................................................................................................................................................................... 11 1.9 Abbreviations and Terminology .................................................................................................................................................. 12 Mobile Testing Overview .................................................................................................................................................... 13 2.1 Products Accepted for Testing ..................................................................................................................................................... 14 2.2 Mobile Component Overview ....................................................................................................................................................... 14 2.3 Mobile Component Descriptions ................................................................................................................................................ 16 2.4 UICC or Embedded Secure Element Component ................................................................................................................. 20 2.5 Handsets ................................................................................................................................................................................................ 21 2.6 MicroSD ................................................................................................................................................................................................. 23 2.7 Mobile Accessory ............................................................................................................................................................................... 26 2.8 Component Specification and Compliance ............................................................................................................................. 27 3 Security Testing ..................................................................................................................................................................... 28 4 Certification Process, Laboratories and Documentation ............................................................................................ 30 5 4.1 Certification Process Overview ..................................................................................................................................................... 30 4.2 Certification Areas By Organization ........................................................................................................................................... 31 4.3 EMVCo Mobile Product Level 1 Testing ................................................................................................................................... 32 4.4 GlobalPlatform Qualification Testing ......................................................................................................................................... 32 4.5 Cross Testing ....................................................................................................................................................................................... 33 4.6 Test Plans and Test Tools ............................................................................................................................................................... 34 4.7 Test Laboratories................................................................................................................................................................................ 35 4.8 Starting the Product Submission Process ................................................................................................................................ 35 Submission of Testing Materials for Functional Testing............................................................................................. 37 June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 3 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 6 7 A 5.1 Requirements for Product Submission ..................................................................................................................................... 37 5.2 Over the Air (OTA) Testing ............................................................................................................................................................. 40 5.3 Testing Over a Contact Interface ................................................................................................................................................. 42 5.4 Utilizing Test Results between Products................................................................................................................................... 43 5.5 Tested Combinations Policy .......................................................................................................................................................... 44 Compliance Letters .............................................................................................................................................................. 46 6.1 Legal Conditions and Restrictions ............................................................................................................................................... 46 6.2 Requesting a Compliance Letter.................................................................................................................................................. 47 6.3 Compliant Products List .................................................................................................................................................................. 47 6.4 Changes to Products with a Compliance Letter .................................................................................................................... 47 Lifecycle Management and Renewal of Compliance Letters ..................................................................................... 49 7.1 Secure Element Lifecycle Management .................................................................................................................................... 49 7.2 Secure Element Renewals ............................................................................................................................................................... 51 7.3 Mobile Handset and Accessory Renewals ............................................................................................................................... 52 7.4 Secure Element Products – Renewal Process ......................................................................................................................... 52 7.5 General Conditions and Exceptions............................................................................................................................................ 53 Appendix A ............................................................................................................................................................................. 54 A.1 B C Revision History .................................................................................................................................................................................. 54 Appendix B.............................................................................................................................................................................. 55 B.1 Testing Requirements for Changes to a Compliant Mobile Product ............................................................................ 55 B.2 Testing Requirements ...................................................................................................................................................................... 57 Appendix C ............................................................................................................................................................................. 68 C.1 Submission Requirements .............................................................................................................................................................. 68 June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 4 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 1 Preface Audience 1.1 This document is intended for vendors submitting the following mobile proximity payment product configurations to Visa for testing: • Secure Element (UICC, microSD, embedded secure element) • Handset (HCE, UICC and eSE execution environments) • Mobile Accessory • Combinations of secure element, handset and accessory Purpose 1.2 This document provides detailed information related to the Visa testing submission process and the testing requirements for mobile proximity payment products. The intent of the document is to identify the forms and documents needed to correctly submit products for testing. The document also identifies testing requirements and process that are applied to specific mobile proximity payment products that a vendor may submit. Scope and Assumptions 1.3 The design of a mobile product with a payment application may vary significantly between vendors and products, so it is necessary to make certain assumptions regarding common functionality in order to perform testing on a mobile product while minimizing the effort and cost of testing. These assumptions include but are not limited to the following: June 2016 • The mobile product complies with all required EMVCo and Visa contactless specifications and Visa testing requirements. • An approved mobile payment applet developed to Visa Mobile Contactless Payment Specification (hence forth referred to as “VMPA applet”) will reside on a GlobalPlatform compliant secure element physically separated from the low level contactless analogue interface component. Based on the product configuration digital functionality may or may not be separated from the secure element. • The secure element complies with GlobalPlatform (GP) specifications and may be directly connected to the proximity communication antenna (in this case, no separate contactless digital interface component). • Products that are not developed GP specifications are outside the scope of this document. • Testing for compliance does not include testing of the user interface application (commonly referred to as a wallet). • The antenna and low level analogue interface components may be powered by the host product’s battery or independently powered. • A handset shall be in an operational state. It shall be able to perform a payment transaction without any remote activation of controls. However, it is not necessary for a © 2010 - 2016 Visa. All Rights Reserved. Page 6 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products handset to have an active subscription enabled on a Mobile Network Operator (“MNO”) since testing is not performed when the handset is connected to the MNO. • For testing purposes, it shall be possible to remotely activate the contact and the contactless interface via defined commands sent to a client application residing in the handset. Refer to VMPA Test Tool Interface Requirements (Book 6). • For handsets with an Operating System that supports Host-based Card Emulation (HCE) – Vendors must submit samples configured to support the secure element path for payment and HCE path for payment. • This document does not address additional Visa regional business requirements that may be required prior to deployment. Support and Contact Information 1.4 Visa’s goals are to provide a formal, standardized process for testing mobile payment products and to enhance communication between all participants in the product testing and compliance process. Approval Services provides a single point of contact for vendors, testing laboratories and Visa personnel. Approval Services Contact Information Contact Method Contact Information Email address: ApprovalServices@visa.com Visa Technology Partner Website: https://technologypartner.visa.com/Testing/ Address Visa Inc. (for sending legal agreements and samples for cross testing) Approval Services Mailstop M4-2D 900 Metro Center Blvd. Foster City, CA 94404, USA Visa Business Requirements 1.5 This document addresses Visa’s testing requirements for mobile components; however, there are some additional business requirements that may be required prior to any deployment in the Visa system. Vendors should contact their regional Visa representative for details. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 7 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Vendor Registration and Licensing 1.6 All mobile payment product manufacturers must register on the Visa Technology Partner website and have executed the appropriate testing agreement before they are eligible to submit a product for testing. A vendor that submits a product for Visa compliance testing is not required to license Visa mobile specifications or mobile software from Visa if; • the product does not include a secure element, or • the product includes a secure element, but the vendor does not and will not have the keys to access the security domain where the Visa-developed VMPA applet resides. An example would be a handset submission that only supports HCE - a submission in which the handset does not contain a built-in secure element or UICC that is to be included in the compliance recognition from Visa. Secure element suppliers and vendors who will be submitting products with a secure element and have the keys to the security domain where the Visa-developed VMPA applet resides must license the applicable Visa mobile specifications and software. Licensing is handled by the Visa Technology Partner website. A Visa-recognized laboratory (hereafter referred to in this document as “laboratory”) may only accept mobile payment products for official compliance testing from vendors authorized by Visa. Vendors wishing to perform debug “QA” testing at a laboratory do not need prior authorization from Visa. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 8 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products The definitions for seeking to become a Visa mobile payment product vendor are described below: Vendor Definition Chip/OS Component Supplier The entity that supplies Chip/OS packages must have executed the necessary agreements with Visa to allow it to submit chip/OS component packages (in an ID1 card format) directly to Visa for testing. Secure Element Supplier The entity that provides the final Secure Element product and takes responsibility for the entire package: operating system, application, embedding of module and, when applies, the inlay/antenna. Mobile Product Supplier The entity that manufactures a mobile product capable of hosting the Secure Element and performing a Visa mobile contactless transaction. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 9 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Specifications and Requirements 1.7 Vendors are responsible for licensing and developing their products to comply with the appropriate specifications and requirements. The major relevant documents are listed in the table below. This list is not exhaustive of all specifications and requirements that may be used in the development of a Visa-compliant mobile payment product. The vendor developing a mobile payment product is ultimately responsible for obtaining all specifications and requirements relevant to the mobile payment product it submits for testing and compliance. Documentation Acronyms Document Acronym Document Title [EMV_SEWG] EMVCo Security Evaluation Process [EMV-CCP] EMV Contactless Communication Protocol Specification. Also known as Book D [ETSI-001] ETSI TS 102 613 UICC - Contactless Front-end (CLF) Interface; part 1 physical and data link layer characteristics [MA] Multi-Access Specification for VMPA [SIM-PROF] SIM Profile Requirements for Functional Testing [VCSP] Visa Chip Security Program – Security Testing Process [VMCPS] Visa Mobile Contactless Payment Specification [VMG-IUF] Visa Mobile Gateway. Issuer Update Functional Specification [VMG-IUP] Visa Mobile Gateway. Issuer Update Protocol Specification [VMG-SCF] Visa Mobile Gateway. Secure Channel Functional Specification [VMG-SCP] Visa Mobile Gateway. Secure Channel Protocol Specification [VMPA_MFPR] Minimum Platform Functional Requirements for VMPA Implementations [VMPA_TP] Visa Mobile Contactless Payment Specification Functional Testing Requirements [VTKPM] Visa Toolkit & Process Message Specification June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 10 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Terms and Definitions 1.8 Term Definition EMVCo EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions. It accomplishes this by managing and evolving the EMV® Specifications and related testing processes. This includes, but is not limited to, card and terminal evaluation, security evaluation, and management of interoperability issues. Today there are EMV Specifications based on contact chip, contactless chip, common payment application (CPA), card personalisation, and tokenisation. This work is overseen by EMVCo’s six member organisations—American Express, Discover, JCB, MasterCard, UnionPay, and Visa. Handset Another term for a mobile device, usually a mobile phone handset microSD An extended and removable memory card which may integrate a Secure Element. A memory card integrating a Secure Element may be plugged into a mobile handset. Mobile Application The interface that manages the interactions between the handset user and the VMPA applet. Also referred to as Visa Mobile Application or wallet. Mobile Device A portable electronic device with contactless and wide area communication capabilities. Mobile devices include mobile phones and other consumer electronic devices Near Field Communications A short range contactless proximity technology based on ISO/IEC 18092, which provides for ISO/IEC 14443 compatible communications Secure Element A tamper resistant module, capable of hosting applications in a secure manner SIM Subscriber Identity Module – an application on a UICC for management of mobile telephony authentication and functionality. SWP Single Wire Protocol – the electrical and protocol interface for connecting a UICC to a contactless component. Defined by [ETSI-001] UICC Universal Integrated Circuit Card – the physical integrated circuit card which hosts the (U)SIM and other applications User Interface Input and output components on a mobile device, for example, display, keyboard and touch screen. VMPA Visa Mobile Payment Application—Visa Mobile Contactless Payment application hosted in the Secure Element VMPA Applet A software application developed to [VMCPS] and [MA] that resides on a Secure Element in a mobile device. VMPA Core A version of the VMPA applet that excludes functionality required by UICC form factors. VMPA UICC A version of the VMPA applet that includes functionality required by UICC form factors. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 11 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Abbreviations and Terminology 1.9 Abbreviation Terminology AID Application Identifier APDU Application Protocol Data Unit API Application Programming Interface AS Approval Services ATS Answer to Select CLF Contactless Front-end CPS Card Personalization Specification DES Data Encryption Standard ETSI European Telecommunication Standards Institute GP GlobalPlatform HCE Host-based Card Emulation HCI Host Controller Interface, defined by ETSI TS 102 622 IC Integrated Circuit ICCN Integrated Circuit Certificate Number ICS Implementation Conformance Statement ISD Issuer Security Domain NFC Near Field Communications OS Operating System OTA Over the Air PCN Platform Certificate Number POS Point of Sale QA Quality Assurance RF Radio Frequency SE Secure Element SIM Subscriber Identification Module SWP Single Wire Protocol, defined by [ETSI-001] TTIA Test Tool Interface Application UAT User Acceptance Testing UI User Interface UICC Universal Integrated Circuit Card (U)SIM Universal Subscriber Identification Module VMPA Visa Mobile Payment Application VMCPS Visa Mobile Contactless Payment Specification VTKPM Visa Toolkit and Process Message June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 12 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 2 Mobile Testing Overview Visa oversees testing of mobile proximity payment products that will be used to conduct Visa “payWave” payment transactions to ensure that they comply with Visa, GlobalPlatform and EMVCo specifications and requirements. Mobile products subject to such testing include, but are not limited to: • Secure Elements • Mobile Handsets • Combinations of Secure Elements and Mobile Handsets • Mobile Accessories Depending on the configuration of the product submitted the testing process may involve: • Analogue and Digital (EMVCo Contactless Level 1) • Visa Cross Testing • Visa Mobile Payment Application testing (VMPA) • Secure Element Platform Functional testing (GP) • Secure Element Platform Security testing (EMV PCN) • Secure Element Visa Chip Security Program testing (VCSP) If the mobile product meets Visa’s testing requirements, Visa issues a Compliance Letter to the vendor. Visa’s compliance recognition applies worldwide unless geographic restrictions are specified in the Compliance Letter. Note: The process described in this document does not approve vendors; it only denotes that a tested mobile product is compliant to Visa specifications and requirements. Note: A Compliance Letter is not transferable from one vendor’s product to another product or from one vendor to another vendor. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 13 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Products Accepted for Testing 2.1 This document covers the following configurations of mobile products for compliance testing: • UICC • Embedded Secure Element Component (alone /on board) • Handset (UICC Only) • Handset (HCE Only) • Handset (Secure Element and HCE) • Handset with UICC • Handset with Embedded Secure Element • microSD with an Internal Antenna • microSD without an Antenna • Handset with a microSD (Antenna within the Handset) • Mobile Accessory with embedded Secure Element (Antenna within the Mobile Accessory) • Mobile Accessory with removable Secure Element (Antenna within the Mobile Accessory) Visa will decide in its sole discretion whether to accept alternative configurations of mobile products for testing. Vendors should contact their regional Visa representative to determine if Visa will accept their alternative mobile product configuration. The Vendor must provide a complete description of the alternative mobile product to aid Visa in its decision-making. Mobile Component Overview 2.2 To simplify the description of the testing program we have divided the mobile product into component zones. These component zones identify areas within a mobile product that perform different aspects of proximity “Visa payWave” mobile payment. The configurations and components within these zones are subject to this testing program. Five zones have been identified and are described in the following sections. Following the zone descriptions are diagrams showing some of the common mobile component configurations of zones, components, and the interfaces between these zones and components. 2.2.1 A: Secure Element Component This component known as a Secure Element (SE) could also be identified by various names for the different form factor/product such as UICC, embedded SE, or removable SE. This component hosts the VMPA applet. 2.2.2 B: Contactless Interface Component This component mainly performs the conversion of interfaces from an analogue signal to digital contact based link such as SWP and HCI. As a most common implementation, the contactless interface component is expected to be a Near Field Communication device. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 14 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products This module may incorporate a router to direct the contactless communication to various Secure Elements on the handset and to the handset itself. In this case the functionality of the component extends beyond interface conversion. In some cases, the Secure Element component (A) may be capable of receiving analogue signals with an ability of analyzing them to the digital (contactless protocol) level. In such configurations, there is no component B. 2.2.3 C: Proximity Communication Antenna This component captures and transmits Radio Frequency (electromagnetic field) analogue signals with an external device such as a contactless-enabled POS terminal. 2.2.4 D: Handset Device This component incorporates the previously described components as well as others related to the mobile wireless network. It also hosts the handset part of the Visa Proximity Mobile Payment Application, such as the user interface application (referred to as the wallet). 2.2.5 E: Mobile Application This component is the software application resident on the mobile device that consumers use to interact with their mobile device to access a product or a service. For Visa cloud-based payments, Mobile Applications typically include, but are not necessarily limited to, mobile banking applications or mobile wallet applications. 2.2.6 MA: Mobile Accessory This component is a peripheral unit to a mobile device. It may or may not be physically connected to the mobile device. 2.2.7 Interaction between Components Although the mobile product components must go through testing that is required for Visa, Visa testing focuses on the secure element (hosting the VMPA applet) and the contactless interface components. The tests that are performed and the tests that are out of scope are described in this document. The following diagrams represent possible arrangements of components in a mobile product. The diagrams indicate areas tested, areas not tested, and interfaces that may be exercised during testing. The following diagrams are shown in different colors, which signify the following: June 2016 • Green: indicates the Secure Element component and some of the technologies that may be implemented in that component • Blue: indicates the Contactless Interface component and some of the technologies that may be implemented in that component • Red: indicates the Proximity Communication Interface component and some of the technologies that may be implemented in that component • Black: indicates the Handset component and some of the technologies that may be implemented in that component © 2010 - 2016 Visa. All Rights Reserved. Page 15 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products • Orange: indicates the mobile application component and some of the technologies that may be implemented in that component. The figures that follow show the component zones A, B, C, D, E, MA that are subjects of the testing and compliance process. These diagrams are simplified models used to represent what is usual and expected in today’s mobile payment products. These diagrams are not based on any specific mobile payment product. 2.3 Mobile Component Descriptions 2.3.1 Components with a Secure Element June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 16 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 2.3.2 Components with HCE Capability 2.3.3 Components with a Secure Element and HCE Capability June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 17 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 2.3.4 Components without a Contactless Interface Component - GP (contact) - GP (contactless) - OTA channel - Security Implementation - Digital - Etc A D - UI - Security Implementation - OTA Channel Phone Baseband T0 Analog C 2.3.5 Components with a Removable microSD with Internal Antenna D A C SD I/O June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 18 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 2.3.6 Components with a Removable microSD with Antenna in the Handset 2.3.7 Components with a Mobile Accessory with a Secure Element Secure Element June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 19 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products UICC or Embedded Secure Element Component 2.4 A vendor can submit a secure element for testing that is developed according to GP specifications. Prior to submitting the UICC or eSE for testing the vendor must ensure that the chip is listed on EMVCo’s Approved Chips List and the platform is listed on EMVCo’s Approved Platforms List. See Section 3.0 regarding Security Testing. The Visa Compliance Letter will address the product’s ability to host a VMPA applet and complete a Visa payWave payment transaction. At the very minimum, platforms must support the Visa Minimum Functional Platform Requirements for VMPA Implementations [VMPA_MFPR]. All other functionality (e.g. Single Wire Protocol (SWP) interface) is out of scope of Visa’s compliance testing. It is the vendor’s responsibility to ensure proper compliance to the respective standards issued by other organizations such as ETSI. 2.4.1 UICC or Embedded Secure Element Component This configuration is of a UICC or stand-alone embedded secure element. The following table describes the scope of the tests. Test Type Cross-Testing Test Extent Zone Subject to Testing Supporting Specification(s) UICC: Applicable eSE: Not Applicable Visa Application Testing Applicable A [VMCPS] GP Platform Functional Testing Applicable A Refer to GlobalPlatform Platform Certification Testing Applicable A Refer to EMVCo Visa Security Testing Applicable A [VCSP] Note: If the configuration includes built-in contactless digital protocol technology, digital testing is required. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 20 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Handsets 2.5 A vendor may submit a handset in the following product configuration: • Handset (Secure Element Only) • Handset (HCE Only) • Handset (Secure Element and HCE) • Combinations: o Handset with a UICC o Handset with an Embedded Secure Element o SE may be removable or embedded. Handsets with HCE Capability Visa has developed a Level 1 Test Application (hereafter referred to in this document as “L1 Test Application”) to be used on HCE capable handsets for Contactless Level 1 testing. The L1 test application is modeled after the UICC profiles document available from EMVCo. The L1 test application has been developed to support an Android OS. For other OS implementations contact Approval Services. The L1 test application package is available to download on the Visa Technology Partner website through a click license. The package includes the application, ICS for HCE, and the test application product setup guidelines document. HCE testing is mandatory for all HCE capable handsets submitted for testing and compliance. 2.5.1 Handset (UICC Only) This configuration is of a handset that is NFC-enabled (supports a UICC). The Compliance Letter is for the handset only. The testing and compliance process cannot be performed in a handset that is not capable of supporting a UICC. The UICC used in the handset to perform testing will not be included in the Compliance Letter. The UICC is only used to facilitate testing of the handset and is not an evaluated component of the submitted handset. Contactless protocols tested include Type A and Type B. The following table describes the scope of the tests. Test Type Test Extent Analog Applicable B+C [EMV-CCP] Digital Applicable B+C [EMV-CCP] Cross-Testing Applicable June 2016 Zone Subject to Testing © 2010 - 2016 Visa. All Rights Reserved. Supporting Specification(s) Page 21 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 2.5.2 Handset (HCE Only) This configuration is of a handset that is NFC-enabled and the handset OS is HCE capable. For testing purposes, the vendor is required to provide the handset configured to use the HCE path for Contactless Level 1 testing. For cross testing, the handsets provided should be in such a state that Approval Services may be able to load a test application. Contactless protocols tested include Type A and Type B. The following table describes the scope of the tests. Test Type Test Extent Zone Subject to Testing Supporting Specification(s) Testing Path Analog Applicable B+C [EMV-CCP] HCE Digital Applicable B+C [EMV-CCP] HCE Cross-Testing Applicable HCE 2.5.3 Handset (Secure Element and HCE) This configuration is of a handset that is NFC-enabled (supports a removable or an embedded SE) and the handset OS is HCE capable. For testing purposes, the vendor is required to provide an additional handset configured to use the HCE path for Level 1 Contactless testing. For cross testing, the handsets provided should be in such a state that Approval Services may be able to load a test application. For handsets that support a removable secure element, the secure element used in the handset to perform testing will not be included in the Compliance Letter. The secure element is only used to facilitate testing of the handset and is not an evaluated component of the submitted handset. Contactless protocols tested include Type A and Type B. The secure element is a compliant product. The following table describes the scope of the tests. Test Type Test Extent Analog Applicable Digital Applicable Cross-Testing Applicable Zone Subject to Testing Supporting Specification(s) Testing Path B+C [EMV-CCP] SE B+C [EMV-CCP] SE and HCE SE - Full and HCE - Selective June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 22 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 2.5.4 Combinations A vendor may submit the following combinations to obtain a Compliance Letter that covers both the mobile device and secure element: • Handset with a UICC • Handset with an embedded Secure Element Note: The handsets described in this section does not support HCE. Either of these combinations will be subjected to the combined Secure Element and handset requirements. The following table describes the scope of the tests. The following table describes the scope of the tests. Test Type Test Extent Zone Subject to Testing Supporting Specification(s) Analog Applicable B+C [EMV-CCP] Digital Applicable B+C [EMV-CCP] Cross-Testing Applicable Visa Application Testing Applicable A [VMCPS] GP Platform Functional Applicable A Refer to GlobalPlatform Platform Certificate Testing Applicable A Refer to EMVCo Visa Security Testing Applicable A [VCSP] MicroSD 2.6 A vendor can submit a microSD for testing that is developed according to GP specifications. Prior to submitting the microSD for testing the vendor must ensure that the embedded secure elements chip is listed on EMVCo’s Approved Chips List and the platform is listed on EMVCo’s Approved Platforms List. See Section 3.0 regarding Security Testing. The embedded secure element hosts the VMPA applet and Proximity Payment System Environment (PPSE) applications. The proximity communication antenna is used to transmit and receive radio frequency (electromagnetic field) analogue signals to and from an external payment device directly to and from the microSD. This allows resident payment applications in the secure element to exchange commands related to payment transactions with an external payment device via the contactless interface. Note: The contact interface between the handset and the microSD is beyond the scope of this document. For testing purposes only, a vendor shall be required to supply a handset with a TTIA in order to execute VMPA functionality. For more information refer to Book 6 - VMPA Test Tool Interface Requirements, available to download on the Visa Technology Partner website. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 23 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products The Visa Compliance Letter will address the product’s ability to host a VMPA applet and complete a Visa payWave payment transaction. At the very minimum, platforms must support the Visa Minimum Functional Platform Requirements for VMPA Implementations [VMPA_MFPR]. All other functionality (e.g. Single Wire Protocol (SWP) interface) is out of scope of Visa’s compliance testing. It is the vendor’s responsibility to ensure proper compliance to the respective standards issued by other organizations such as ETSI. 2.6.1 MicroSD with an Internal Antenna This configuration consists of a microSD and a proximity communication antenna in a single unit. Visa approves microSDs with a secure element and internal antenna as a standalone component, independent of use in combination with any particular handset(s). However, because the testing necessarily requires use of a reference handset, the Compliance Letter shall state “as tested with” followed by the handset model name that was provided by the vendor for testing purposes. Visa does not issue Compliance Letters covering other potential combinations of the product with different handset models that were not used in testing, unless and until the vendor submits those specific combinations for testing by Visa and they are found to be compliant with Visa’s applicable testing requirements. The following table describes the scope of the tests. Test Type Test Extent Zone Subject to Testing Supporting Specification(s) Analog Applicable A+C [EMV-CCP] Digital Applicable A+C [EMV-CCP] Cross-Testing Applicable Visa Application Testing Applicable A [VMCPS] GP Platform Functional Applicable A Refer to GlobalPlatform Platform Certificate Testing Applicable A Refer to EMVCo Visa Security Testing Applicable A [VCSP] 2.6.2 MicroSD (No Antenna) This configuration consists of a microSD without the proximity communication antenna. Note: The Compliance Letter will state that the testing did not include timing tests as defined in Visa’s specifications. The following table describes the scope of the tests. Test Type Test Extent Digital Applicable Zone Subject to Testing Supporting Specification(s) A [EMV-CCP] (No Transaction Timing) Cross-Testing Applicable Visa Application Testing Applicable A [VMCPS] GP Platform Functional Applicable A Refer to GlobalPlatform June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 24 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Platform Certificate Testing Applicable A Refer to EMVCo Visa Security Testing Applicable A [VCSP] 2.6.3 MicroSD with Handset (Antenna within the Handset) This configuration consists of a microSD with an embedded secure element submitted in combination with a handset containing a contactless communication antenna. The following table describes the scope of the tests. Test Type Test Extent Zone Subject to Testing Supporting Specification(s) Analog Applicable A+C [EMV-CCP] Digital Applicable A+C [EMV-CCP] Cross-Testing Applicable Visa Application Testing Applicable A [VMCPS] GP Platform Functional Applicable A Refer to GlobalPlatform Platform Certificate Testing Applicable A Refer to EMVCo Visa Security Testing Applicable A [VCSP] MicroSD with Handset (Antenna Within the Handset) June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 25 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Mobile Accessory 2.7 A mobile accessory is a unit attached to a mobile device via various proprietary methods. A vendor can submit a secure element for testing that is developed according to GP specifications. Prior to submitting the secure element for testing the vendor must ensure that the embedded secure element’s chip is listed on EMVCo’s Approved Chips List and the platform is listed on EMVCo’s Approved Platforms List (see Security Testing). The embedded secure element hosts the approved VMPA applet and Proximity Payment System Environment (PPSE) applications. The proximity communication antenna is used to transmit and receive radio frequency (electromagnetic field) analogue signals to and from an external payment device directly to and from the secure element. This allows resident payment applications in the secure element to exchange commands related to payment transactions with an external payment device via the contactless interface. Note: The attachment interface between the handset and the accessory is beyond the scope of this document. The Compliance Letter will address the product’s ability to host the VMPA applet and complete a Visa payWave payment transaction. At the very minimum, platforms must support the Visa Minimum Functional Platform Requirements for VMPA Implementations [VMPA_MFPR]. All other functionality (e.g. Single Wire Protocol (SWP) interface) is out of scope of Visa’s compliance testing. It is the vendor’s responsibility to ensure proper compliance to the respective standards issued by other organizations such as ETSI. 2.7.1 Mobile Accessory with a Secure Element (Antenna within the Accessory) This configuration consists of a mobile accessory with a secure element (either an embedded or removable) and a proximity communication antenna in a single unit. For testing purposes only, a vendor is required to supply a handset with a Test Tool Interface Application residing on the mobile device. For more information refer to Book 6 - VMPA Test Tool Interface Requirements, available to download on the Visa Technology Partner website. Visa approves the mobile accessory with a SE as a standalone component, independent of use in combination with any particular handset(s). However, because the testing necessarily requires use of a reference handset, the Compliance Letter shall state “as tested with” followed by the handset model name that was provided by the vendor for testing purposes. Visa does not issue Compliance Letters covering other potential combinations of the product with different handset models that were not used in testing, unless and until the vendor submits those specific combinations for testing by Visa and they are found to be compliant with Visa’s applicable testing requirements. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 26 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products The following table describes the scope of the tests. Test Type Test Extent Zone Subject to Testing Supporting Specification(s) Analog Applicable A+C [EMV-CCP] Digital Applicable A+C [EMV-CCP] Cross-Testing Applicable Visa Application Testing Applicable A [VMCPS] GP Platform Functional Applicable A Refer to GlobalPlatform Platform Certificate Testing Applicable A Refer to EMVCo Visa Security Testing Applicable A [VCSP] Component Specification and Compliance 2.8 The components described in this document are developed based on specifications defined by various standards bodies such as GlobalPlatform or EMVCo. Visa acknowledges that some of these organizations have developed a compliance program for their respective specification and Visa will incorporate those programs into Visa’s compliance process. Among these various compliance programs, certain plans exist that grant testing laboratories the following: June 2016 • The right to perform the tests • The authority to provide test results • The authority to certify the component © 2010 - 2016 Visa. All Rights Reserved. Page 27 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 3 Security Testing Security testing is required for the secure element hosting the VMPA applet. It is not currently applicable to other components of a mobile product, such as the NFC device containing the contactless interface components. Security testing goes beyond the functional testing to help determine whether the secure element is vulnerable to known attacks, whether or not these are explicitly cited in the specification. Security testing is not exhaustive and focuses on the most likely vulnerabilities as revealed by previously conducted testing, knowledge of the particular application(s), and past experience with similar products. The Visa Chip Security Program (VCSP) seeks to minimize the cost and time spent in performing evaluation work and, where possible, to avoid duplication of effort. A copy of the VCSP process document can be downloaded from the Visa Technology Partner website. The VMPA applet must only be loaded on an EMVCo approved platform. EMVCo issues a platform certificate with a Platform Certificate Number (PCN) for platform products that successfully complete the EMVCo security evaluation process [EMV-SEWG]. Visa will accept new mobile products only if the secure element has successfully completed the EMVCo testing and is posted on the EMVCo Approved Chip and Approved Platform Lists. The VMPA applet residing on the EMVCo approved platform must successfully complete a Visa composite security evaluation (e.g., platform with VMPA applet) with “High” as required level of assurance (see [VCSP]) by a Visa recognized security lab. The security testing laboratory must verify that the final composite product fulfills all the platform requirements as documented in the latest EMVCo Shared Evaluation Report (SER). This document defines what security mechanisms are implemented by the platform and the scope of previously performed security testing. It provides mandatory security requirements and highlights areas of potential concern. Any pre-loaded or future (post-issuance) application loaded on the secure element must not impact the security of the Visa payment application assets. Each application must pass the byte code verifier and must meet all requirements in the latest platform security guidance documents. If the mobile product is based on an open EMVCo platform product, composite security evaluations of basic applications should comply with the GP Composition Model principles. If the mobile product is a closed platform product and there is a change, then a VCSP delta security evaluation is required. Note: Visa composite security evaluation can be authorized once the EMVCo platform security evaluation has started. In this case, the vendor must acknowledge that starting the composite evaluation prior to EMVCo approval is at own risk and cost. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 28 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products For More Information For detailed information on the EMVCo ‘Platform’ Security Evaluation process, please see EMVCo Security Evaluation Process document [EMV-SEWG] available at www.emvco.com, or contact the EMVCo Security Evaluation Secretariat at securityevaluation@emvco.com with any questions about the process. For further information on the Visa chip security testing process [VCSP], please refer to the “Visa Chip Security Program – Security Testing Process” document on the Visa Technology Partner website. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 29 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 4 Certification Process, Laboratories and Documentation 4.1 Certification Process Overview PRODUCT SUBMISSION AND COMPLIANCE TESTING PROCESS INITIAL STAGE TESTING STAGE SUBMISSION STAGE REVIEW STAGE Approval Services Reviews Questionnaire and Determines Testing Requirements Vendor and Laboratories Schedule Test Slot Laboratory Provides Test Results to Vendor Visa Reviews Test Results Vendor Notified of Testing Requirements Vendor Provides Visa Forms & Samples to Laboratories Vendor Authorizes Laboratories to Release Test Results to Visa Test Results Meet Visa’s Requirements? Complete Mobile Questionnaire No Failure Notification Issued Yes Chosen Laboratories Authorized for Visa Testing June 2016 Laboratories Perform Authorized Testing Laboratories send Test Results to Visa © 2010 - 2016 Visa. All Rights Reserved. Compliance Letter Issued Page 30 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Certification Areas By Organization 4.2 To reduce the duplication of testing for vendors, Visa’s program utilizes testing and certification programs offered by EMVCo and GlobalPlatform. Depending on the configuration and technical specifications of the mobile product, Visa may require the product to have been certified by those organizations prior to submitting the product to Visa. Visa’s program covers Secure Elements, Handsets, Accessories, and combinations thereof, with different testing requirements for each. See Appendix C for testing requirements by product configuration. EMVCo’s certification programs cover chips and platforms used for Secure Elements, whether embedded or removable. In addition, they offer Contactless EMV Level 1 testing for mobile products. GlobalPlatform’s certification program covers functional platform qualification for Secure Elements, whether embedded or removable. Furthermore, a product being tested by more than one organization may also be performed in parallel (e.g. Visa testing, GlobalPlatform testing), again at the request of the vendor and at their own risk. The following table shows which areas of testing each organization qualifies: June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 31 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products EMVCo Mobile Product Level 1 Testing 4.3 Visa requires products to receive an EMVCo issued Test Assessment Summary or Letter of Approval in lieu of testing requirements managed by Visa, if EMVCo offers the testing. If the Test Assessment Summary or Letter of Approval is not available at the time of the product submission to Visa, the vendor is responsible for providing the Test Assessment Summary or letter before Visa will determine whether the product meets Visa’s requirements and issue a Compliance Letter. Note: Visa does not issue a Compliance Letter for a product with an EMVCo Letter of Approval that does not require further testing required by Visa. Vendors are required to provide the EMVCo Level 1 ICS with the Test Assessment Summary or Letter of Approval. If Visa requires other testing on the submitted product this may be done in parallel with the EMVCo process. Visa will continue to accept EMVCo’s process as they continue to expand the scope of products accepted. GlobalPlatform Qualification Testing 4.4 A vendor can submit a secure element for testing that is developed according to GlobalPlatform (GP) specifications. GlobalPlatform manages the platform functional testing for GP platforms. Visa only accepts official GP test results performed by a GP-qualified laboratory. Self-testing results are not accepted as proof of specification compliance. Vendors shall provide a SCO Form and Qualification Letter from GP to Visa in support of their Visa submission process. Visa requires Secure Elements to have a Qualification Letter issued by GlobalPlatform prior to the issuance of the Visa Compliance Letter. Vendors who are unable to receive a Letter of Qualification from GP because their product does not support all mandatory GP requirements may request a Compliance Assessment Report (CAR) from GP. Visa will only review a final GP CAR. As an exception process, vendors who provide a GP CAR to Visa where the product meets Visa’s minimum functional platform requirements may be eligible to receive a Compliance Letter from Visa without a Letter of Qualification from GP. Refer to Visa Minimum Platform Functional Requirements for VMPA Implementations [VMPA_MFPR] for technical requirements. More information about the GlobalPlatform compliance testing process can be found on their website at http://www.globalplatform.org/complianceupdates.asp. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 32 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Cross Testing 4.5 Visa performs cross testing (also referred to as interoperability testing). Cross testing is part of the official testing process and the performance during this testing will be part of the final compliance consideration. Products that fail to communicate with various devices may not be eligible for compliance. For more information refer to the Vendor Guide For Interoperability Testing on the Visa Technology Partner website. Note: Visa is not permitted to disclose information about the terminals used to obtain the cross testing results. EMVCo also offers cross testing, referred to as terminal interoperability testing, as part of its mobile product level 1 type approval process. Visa accepts an EMVCo Letter of Approval in lieu of cross testing. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 33 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Test Plans and Test Tools 4.6 Test plans and commercial test tools with associated test scripts are available to assist vendors in quality assurance (QA) testing. These test tools are not intended as a replacement for Visa testing. Successful completion of all the test scripts by the vendor does not imply compliance, nor does it duplicate Visa’s full testing process. Visa reserves the right to develop and run additional tests that are not defined as part of the current test plans or tools. Visa testing may include subjecting the product to additional physical and situation-specific tests as needed. Commercial test tools and test scripts are available from test tool suppliers. Vendors must have licensed the Visa mobile specification and software before acquiring the mobile test tools. Information about Visa test tools can be found at https://technologypartner.visa.com/Testing/TestPlans.aspx. Information about EMVCo test tools can be found at www.emvco.com. Information about GlobalPlatform test tools can be found at www.globalplatform.org. The following Visa test plans are available on the Visa Technology Partner website to licensed users: • Visa Mobile Payment Application (VMPA) • Visa Toolkit and Process Message (VTKPM) Before requesting a test plan, the following agreements need to be executed with Visa: • All applicable Visa Technology License Agreements. Technology licensing is handled on the Visa Technology Partner website. • Approval Services Testing Agreement for Mobile Proximity Payment Products (ASTA) or Approval Services Documentation License Agreement Possession and use of these materials is subject in all respects to the terms of the ASTA or documentation license agreement. Test plans and test scripts are subject to enhancements and modifications at any time. Test plan revisions will be accumulated and made available to vendors with new releases as determined by Visa. It is the vendor’s responsibility to ensure that they have the most current test plan available. Vendors should contact their tool supplier to obtain any test script updates. Test case updates are published in the query application on the Visa Technology Partner website, available to authorized users only. Visa grants permission to use the test plans solely for purposes of QA testing for use in connection with a Visa payment application. Visa may revoke its permission at any time for any or no reason. Possession and use of these materials is subject in all respects to the terms of the ASTA or documentation license agreement. Test plans and all intellectual property subsisting therein are the property of Visa. THESE MATERIALS ARE PROVIDED ON AN “AS IS” BASIS “WITH ALL FAULTS. VISA DISCLAIMS ALL WARRANTIES PERTAINING TO THESE MATERIALS, EXPRESSED OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR PURPOSES, OR NON INFRINGEMENT. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 34 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Test Laboratories 4.7 The list of Visa-Recognized Laboratory’s is available on the Visa Technology Partner website. Testing will not begin until the laboratory has received all required items. If any required item is incorrect or non-functioning, the test slot may be delayed. Please contact the Laboratory for pricing and to arrange scheduling of testing. When testing is complete, the Laboratory will provide the vendor with a report outlining the test results. The vendor is required to grant authorization for the Laboratory to provide the test reports to Approval Services. Approval Services will evaluate the test results and provide the vendor with information about the usability of the product in Visa deployments. Starting the Product Submission Process 4.8 Before submitting any mobile product for testing, vendors must execute the current Approval Services Testing Agreement for Mobile Proximity Payments (ASTA) with Approval Services (see Section 1.7). Additionally, vendors will also need to execute any agreements required by the Laboratory that performs the testing. Once the legal agreements have been executed, vendors are eligible to submit the necessary paperwork to start the testing process. A questionnaire is required by Approval Services to start the product submission process. The following table lists the forms required for product testing. All the Visa forms are available on the Visa Technology Partner website. All information must be provided in English. Note: Some forms may be combined into a single document. Documentation Required for Testing and Evaluation Form Description Approval Services Mobile Product Questionnaire Information regarding the submission of a mobile product for testing. Allows Visa to determine whether the mobile product is eligible for submission. Exhibit A: Request for Testing Services or Request for Testing Review (addendum to ASTA) Establishes Visa’s right to review results submitted by the vendor, following testing at a laboratory. Handset-only submissions will use the Request for Testing Review form. All other submissions shall use the Request for Testing Services form. Implementation Conformance Statement (ICS) Detailed information regarding the Visa payment application, platform, or interface. A separate statement is required for each: Request for Compliance Form June 2016 • Contactless Interface Analogue & Digital • VMPA (including VTKPM) Official request for Visa to begin the compliance review for a mobile product tested at a laboratory. © 2010 - 2016 Visa. All Rights Reserved. Page 35 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Form Description Single Production Batch Confirmation Form Declares that the secure elements supplied to the laboratories and Approval Services are all from the same production batch and are identical. Only required for configurations involving secure elements. Mobile Vendor Confirmation Form Attests that a compliant product has been changed and remains compliant with the Visa specifications, policies and requirements. Additional Documentation Required for Testing and Evaluation Form Description GlobalPlatform Letter of Qualification (or Conformance Assessment Report) and SCO Form Vendors whose product has gone through GlobalPlatform functional testing shall provide the long version of the LOQ including any Conformance Assessment Report (if applicable) and the SCO Form. See section 4.4. EMVCo Platform Certificate Vendors whose product has gone through EMVCo platform security testing shall provide a copy of the certificate if the platform is not published on EMVCo’s Approved Platforms List on their website. EMVCo Test Assessment Summary or Letter of Approval Vendors whose product that has gone through EMVCo Mobile Product Level1 Type Approval process shall provide a copy of the Test Assessment Summary or letter including the associated EMVCo ICS. EMVCo Mobile Product Level 1 Minor Change Declaration Form Vendors whose product has gone through EMVCo Mobile Product Level 1 Minor Change Declaration Form process may provide a copy of the signed form along with the acknowledgment from EMVCo. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 36 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 5 Submission of Testing Materials for Functional Testing This section details the materials that the vendor must submit to the laboratory for Visa functional testing. Refer to Appendix C for detailed requirements by product configuration. 5.1 Requirements for Product Submission 5.1.1 FOR ALL PRODUCT CONFIGURATIONS Products submitted for testing must be in the final configuration that will be deployed commercially. The exception is Embedded Secure Element Components, which are accepted for testing prior to embedding in a handset or mobile accessory. All debugging code must be removed from the product before it is submitted for testing. Failure to remove this code may cause the product to fail testing. 5.1.2 FOR SECURE ELEMENTS Secure Elements must contain a Visa-approved VMPA applet and PPSE applet, pre-installed and personalized. Secure elements containing a Visa-developed VMPA applet shall be provided as follows: o the Visa Library loaded (if VMPA Core is used) o the VMPA applet loaded, Container installed and VMPA personalized with images Mobile00, 30 or 35 depending on the test (as defined in [VMPA_TP]) o SIM profile configured as described in [SIM-PROF] o A Proximity Payment System Environment (PPSE) applet installed and configured. o VMPA shall be personalized according to the submitted VMPA ICS form. The ICS form shall accurately represent the personalization of the samples. EMV CPS personalization is required to personalize the VMPA applet. If the mobile product allows multiple application instances with pre-personalized images, the documentation must also explain how to select among the different applications with specific instruction on how to obtain the application image(s) needed for Visa’s testing requirements. A microSD shall be able to perform contactless transactions with the handset switched on. Visa does not require the microSD to be able to perform contactless transactions with the handset switched off; however, if this functionality is implemented, it must be stated in the accompanying documentation. All commands and status words for UICCs and microSDs must be identified in the technical documentation submitted with the UICC and microSD for testing. Failure to identify commands and status words in the technical documentation may cause the product to fail testing. Commands that can update the product must be in compliance with the Visa specifications. Products should be clearly marked with the Visa Reference Number, the VMPA applet version and build number, and mobile image the VMPA applet was personalized with. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 37 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 5.1.3 FOR HANDSETS AND ACCESSORIES The vendor must include all cables and batteries required to operate the product including detailed operating instructions and how to configure the device for NFC communication. Products should be marked to show the location of the zero point. If the product is intended to be used in a defined orientation and/or presentment, this information must be communicated to Approval Services and the laboratory as part of the product submission. Products should be clearly marked with its assigned Visa Reference Number. A user guide detailing how to operate the product and access the payment application must be provided. Vendors who are submitting a product utilizing an embedded secure element and have not licensed the Visa specifications and mobile software should consult with their embedded secure element provider on providing VMPA installed and personalized for testing a completed VMPA ICS form, and a Test Tool Interface Application. If providing a handset, it shall be configurable in a manner that allows a test environment to be setup for testing. This test environment may be comprised of one of the following: o A mechanism or test application residing on the handset (zone D) which allows the phone to remain on for multiple transactions avoiding any end-user intervention in order to perform in batch mode: contactless analogue, contactless digital, GlobalPlatform functional, and VMPA testing o A test configuration of the contactless analogue and digital interface components avoiding any interference of any other proprietary contactless application/protocol in order to perform in batch mode: contactless analogue, contactless digital, GlobalPlatform functional, Cross Testing, and VMPA testing. o A Test Tool Interface Application is required on the handset if VMPA testing is required. If there are any changes to the product after the testing authorization has been sent Approval Services is required to be notified and the testing requirements to be reassessed. If samples have been sent to the Laboratory, new samples are required to be resent to all Laboratories. 5.1.4 FOR PRODUCTS WITH HCE CAPABILITY In addition to the submission requirements mentioned above: June 2016 • The vendor must provide the Contactless Level 1 laboratory with at least two samples for testing. For products supporting a secure element and HCE, one sample should be configured to use HCE and the other sample should be configured to use the secure element. • The vendor must provide Approval Services with at least two samples for cross testing. For products supporting a secure element and HCE, one sample should be configured to use HCE and the other sample should be configured to use the secure element. • Alternatively the vendor can provide instructions to the laboratory on how to configure the product between the secure element and HCE paths. © 2010 - 2016 Visa. All Rights Reserved. Page 38 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 5.1.5 SHIPPING Vendors shall indicate, either directly on the product samples or on the shipping documentation, the Visa Reference Number of the product(s) being tested and contained in the shipment. The shipper is responsible for completing and providing all required US Customs forms, including FCC Form 740 if required. The shipper shall be liable for any and all costs associated with releasing an impounded shipment seized by US Customs due to missing or incomplete paperwork. Note: Testing will not begin until the laboratory has received all required items. If any required item is incorrect or non-functioning, the test slot may be delayed. Vendors have six months from the date Approval Services authorized the laboratory testing to submit all test results to Approval Services for review. After testing is complete, the Laboratory and/or Visa will retain the tested components for any subsequent testing that may be required. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 39 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Over the Air (OTA) Testing 5.2 Visa testing and compliance process does not test all aspects of Over-the-Air personalization (OTA) functionality (refer to [VMPA_PROC]). Approval Services tests the UICC, and handset with embedded Secure Element (SE) and their involvement with OTA functionality. Visa tests the UICC GlobalPlatform content management and personalization functionality to ensure that the UICC is able to handle all APDU commands via the contact interface in regards to OTA. Visa tests a product with embedded SE according to GlobalPlatform content management and personalization functionality to ensure that the product with embedded SE is able to handle all commands in regards to OTA. Visa tests the VMPA applet to ensure its adherence to EMV Common Personalization commands that are involved with any OTA personalization. Visa has the capability to perform OTA tests during type approval of UICC and products with embedded Secure Element. The vendor submitting a mobile product that supports OTA functionality must provide a simulated or an actual OTA host. The OTA host must provide the tester a means to issue OTA commands to the mobile product. The OTA host must also provide a means for the tester to view and analyze responses sent from the mobile product back to the OTA host. The OTA host must also provide a means to log all of the OTA commands and responses sent during a test session. The OTA host must provide a means to save the log as a file and provide a means to print the log from the current test session or from a file saved from a previous test session. For products with embedded SE such OTA functionality may include an application to be loaded and run on the product to facilitate the communication with the embedded SE. The OTA simulator shall provide a means so that the Visa Test Script Execution Tool is able to establish a connection to the simulator, or alternatively imports and executes the Visa test scripts. If the product is UICC and supports SWP/HCI interface then Visa accredited testing equipment is able to perform the OTA tests without requiring a vendor provided OTA host. Please refer to VMPA Test Tool Interface Requirements (Book 6) for detailed information. The following figure shows a high level diagram of such OTA system provided by vendors when testing a UICC. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 40 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products OTA with UICC The access point to the actual OTA host shall provide a means so that the Visa Test Script Execution Tool is able to establish a connection to the remote OTA server, or imports and executes the Visa test scripts. The following figure shows a high level diagram of such OTA system provided by vendors when testing a product with embedded SE. OTA with Embedded Secure Element If such simulated or actual OTA host is not provided the compliance statement will exclude the conformance of the product in regards to OTA functionalities. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 41 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Testing Over a Contact Interface 5.3 When Approval Services tests a microSD or mobile product with embedded Secure Element over the contact interface, Visa tests the GlobalPlatform content management and personalization functionality to ensure that the component is able to handle all APDU commands destined for the Secure Element via the contact interface. Visa also tests the Visa-approved VMPA applet to ensure its adherence to EMVCo Common Personalization commands and the Issuer Update commands that are involved with any OTA connectivity, as well as the Consumer Device commands, such as Passcode Verification over the contact interface. The vendor submitting a microSD or mobile product with embedded Secure Element must provide the tester a means to issue APDU commands over the contact interface to the product. The vendor shall provide a means so that the Visa Test Script Execution Tool is able to establish a PCSC connection to the product. Alternatively, the vendor may provide a means so that the Visa Test Script Execution Tool is able to establish a TCP/IP connection to the product. Refer to VMPA Test Tool Interface Application Requirements (Book 6) for detailed information. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 42 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Utilizing Test Results between Products 5.4 Vendors that have executed the ASTA may have the opportunity to leverage functional test reports from previously certified components and products. A product that uses shared test results may be eligible for reduced testing. If Visa discovers a defect in a previously certified product, all vendors involved in the sharing consent to Visa’s communication of all relevant information to each affected vendor and its customers, including an explanation of the nature of the defect and products at issue. Shared test results are only permitted under and are subject to the following conditions: • All vendors involved in the sharing have signed the appropriate agreements allowing results to be shared. • The components being leveraged have been tested and certified by Visa with no issues. • The components being leveraged are not already sharing test results from another product. • A product using shared results will be tied to the original product • The new product will receive the same expiration date as the product from which the results are shared. • If for any reason the original product is not renewed, any product sharing testing results will not be renewed either. • If the original product is revoked, then all products sharing testing results will be revoked. • If the original product is modified and/or updated, then all products sharing testing results may require additional testing. Note: June 2016 If a product is submitted for full testing it receives an independent certification and its expiration date is not tied to any other product. © 2010 - 2016 Visa. All Rights Reserved. Page 43 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Tested Combinations Policy 5.5 After a handset is found compliant, it is common for the handset OS and/or NFC chip firmware version to be changed as newer versions are released. In order to reduce the testing requirements, Visa implemented the concept of tested combinations. Tested combinations policy is only applicable to handsets. A tested combination is defined as either: • A Handset OS version + NFC Controller Chip Model + NFC Firmware version • A Handset OS version + NFC Controller Chip Model + NFC Firmware version + a compliant eSE component Note: For the purpose of this policy, a compliant eSE component is defined as a the chip name, OS name, OS version and the VMPA applet version, package and build. A change of handset OS version and/or NFC firmware version on a compliant handset will only require testing if the tested combination has not been evaluated by Visa. Once a handset with a new combination is found compliant, the product will receive a letter of compliance and be listed on the Compliant Products List. Additionally, the tested combination will be included on the Tested Combinations List available on the Visa Technology Partner website. Handset vendors with a compliant handset may use any tested combination from the Tested Combinations Lists without having to resubmit the handset for type approval. Note: Visa issues Letters of Compliance for products, not tested combinations. The Tested Combinations List is provided solely to inform stakeholders of specific combinations that have been tested successfully as part of the Visa testing process. For example: • A handset vendor with a currently compliant handset may upgrade its handset OS if the OS version and NFC controller chip model and NFC firmware version are already listed on the tested combinations list. • A handset vendor with a currently compliant handset may upgrade its handset NFC firmware version if the OS version and NFC controller chip model and NFC firmware version are already listed on the tested combinations list. • A handset vendor with a currently compliant handset may upgrade its handset OS and NFC firmware version if the OS version and NFC controller chip model and NFC firmware version are already listed on the tested combinations list It is the vendor’s responsibility to verify that the combination is on the tested combinations list, and the handset functions properly with the selected tested combination. Vendors that wish to receive a letter of compliance must submit the handset for testing even if such combination is already included on the tested combinations list as a result of submission by a different handset vendor. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 44 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Pre-requisite to the policy: • Vendor must have a compliant handset • The NFC Controller Chip Model must remain the same The policy applies if the following change is made: • Handset OS version and/or • NFC Firmware version The policy does not apply if the following change is made: • Change to the hardware, such as the NFC controller chip model • Change to the compliant eSE Note: These changes are subject to the standard testing process. A flowchart has been provided to assist the vendor to determine if the tested combinations policy applies: Handset has a Compliance Letter? Yes Tested Combination is Listed? Yes Compliance Letter Wanted? No No Yes No Submit Handset to Visa Approval Services June 2016 © 2010 - 2016 Visa. All Rights Reserved. Handset does not need to be Submitted Page 45 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 6 Compliance Letters This section describes the process that vendors must follow in order to obtain a Compliance Letter for a mobile payment product. Legal Conditions and Restrictions 6.1 Visa’s determination that a product complies with its specifications only applies to products that are identical to the product tested by one of Visa’s recognized laboratories or by Visa. A product should not be considered compliant to Visa’s requirements, nor promoted as compliant, if any aspect of the product is different from the specimen that was tested by a laboratory or by Visa, even if the product conforms to the basic product description contained in the Compliance Letter. For example, even though a product contains components, applications or operating systems that have the same name or model number as those tested by one of Visa’s recognized laboratories or by Visa, but the product is not identical to the features previously tested by one of Visa’s recognized laboratories or by Visa, the product should not be considered or promoted as compliant to Visa’s requirements. Visa’s Compliance Letter is granted solely in connection with a specific product and to the submitting vendor. A Compliance Letter may not be assigned, transferred or sublicensed, either directly or indirectly, by operation of law or otherwise. Only vendors that have received a Visa Compliance Letter for a mobile payment product may claim that they have a Compliance Letter. No mobile payment product manufacturer, chip supplier, or other third party may refer to a product, service or facility as “compliant” or as having a “Compliance Letter”, nor otherwise state or imply that Visa has, in whole or part, found the product to be compliant to Visa’s requirements in any aspect of a manufacturer, or supplier, or its products, services or facilities, except to the extent and subject to the terms and restrictions expressly set forth in a written agreement with Visa, or in a Compliance Letter provided by Visa Approval Services. All other references to Visa’s “Compliance Letter” or “compliance” are strictly prohibited by Visa. When given, Visa’s Compliance Letter is provided by Visa to reflect certain security and operational characteristics important to Visa’s systems as a whole, but does not, under any circumstances, include any endorsement or warranty regarding the functionality, quality or performance of any particular product or service. Visa does not warrant any products or services provided by third parties. A Compliance Letter does not, under any circumstances, include or imply any product warranties from Visa, including, without limitation, any implied warranties of merchantability, fitness for purpose or non-infringement, all of which are expressly disclaimed by Visa. All rights and remedies regarding products and services that have received a Visa Compliance Letter shall be provided by the party providing such products or services, and not by Visa. Unless otherwise agreed in writing by Visa, all property and services contemplated in this document that Visa provides to any person or entity are provided on an “as-is” basis, “with all faults” with no warranties whatsoever. Visa specifically disclaims any implied warranties of merchantability, fitness for purpose or non-infringement. The issuance of the Compliance Letter is conditioned upon the vendor having executed all necessary agreements with Visa, including without limitation, all applicable license agreements with Visa and shall be of no force and effect unless such agreements have been executed prior to the issuance of the letter. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 46 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Visa performs limited testing to ascertain a product’s compliance with any required specifications and may perform interoperability testing with other compliant or approved products. Visa’s limited testing program is not designed to ensure the proper functioning of vendor’s compliant product in all potential conditions in which it may be used. Visa’s Compliance Letter does not include or imply any guarantees, assurances or warranties that the compliant product will operate in all settings or in combination with any other compliant or approved product. Requesting a Compliance Letter 6.2 Visa will consider issuing a Compliance Letter only for mobile payment products that have successfully passed testing at a Visa-recognized laboratory and that support Visa’s mobile payment product requirements. Approval Services ensures that all agreements, tests, and reviews have taken place at a laboratory including: • All mobile payment products destined for use in Visa mobile payment projects have passed all testing as identified in this document. • All required documentation for the mobile payment products tested at a laboratory must be completed by the vendor and submitted to Visa for verification. At the vendor’s request, products that are submitted to Visa to perform cross testing that do not successfully pass cross testing may be returned to the vendor. Note – Visa does not issue a Compliance Letter for products with an EMVCo Letter of Approval that do not require additional testing required by Visa. Compliant Products List 6.3 In addition to the issuance of the Compliance Letter the mobile product will be listed on either the public or private Visa Approval Services Mobile Compliant Products List, as chosen by the vendor. The public list is published on the Visa Technology Partner website. Changes to Products with a Compliance Letter 6.4 Any derivative products that are changed must have either the name and/or versioning changed to indicate that it is a different product than what was tested and certified by Visa. Refer to Appendix B for details. A combination of two compliant mobile products, e.g. taking a compliant handset and combining it with a compliant microSD, is not recognized by Visa as “Visa-compliant” unless the actual combination has been evaluated by Visa. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 47 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products The following flow charts represent the Visa testing requirements for changes made to a product with a Compliance Letter. Complete Mobile Questionnaire Approval Services Reviews Questionnaire and Determines Testing Requirements Testing Required? Yes Vendor Notified of Testing Requirements Vendor Completes Exhibit A and Request for Compliance Forms Chosen Laboratories Authorized for Visa Testing Laboratories Perform Authorized Testing Visa Reviews Test Results Test Results Meet Visa’s Requirements? No Failure Notification Issued Yes No June 2016 Vendor Completes Mobile Conformance Form © 2010 - 2016 Visa. All Rights Reserved. Compliance Letter Issued Page 48 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products 7 Lifecycle Management and Renewal of Compliance Letters This section describes the requirements and the process of the secure element lifecycle management policy and the renewing the Compliance Letter for a mobile payment product. Secure Element Lifecycle Management 7.1 The policy changes referred to in this section apply to products submitted on or after 1 June 2015. All previously compliant products remain subject to the existing secure element renewal policy. The revised secure element lifecycle management policy applies to all secure element form factors including removable1 and embedded secure element products. Upon compliance of a secure element product, the compliance recognition end date assigned on the compliance letter will be based on the issue date of the underlying ICCN from EMVCo. The compliance recognition end date is defined as the ICCN issue date + 7 years. If the secure element is submitted on a newly certified IC, then the maximum Visa compliance recognition can approach seven years. For secure elements submitted on older IC’s, the compliance recognition timeframe will be shorter. • Base product submissions may be submitted during the ICCN’s certification period of a max of 6 years. • Derivative product submissions may be submitted prior to the base products compliance recognition end date. • Secure elements whether submitted as a base or derivative product will receive the compliance recognition end date based of the underlying ICCN. When the compliance recognition end date of a secure element has been reached, the product will no longer be recognized as compliant and will be removed from the Visa Approval Services Mobile Compliant Products List the month following the compliance recognition end date. 1 The secure element lifecycle policy does not apply to a microSD with an internal antenna product configuration. This product type will fall under the secure element renewal policy. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 49 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products The following figure illustrates the Secure Element Lifecycle Management Policy. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 50 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Secure Element Renewals 7.2 The policy referred to in this section applies to products submitted prior to 1 June 2015. Secure elements eligible for renewal must meet all of the following criteria: • The product complies with Visa’s currently supported versions of specifications and requirements. • The secure element contains a currently supported VMPA applet. Please refer to the Mobile Specifications and Applets Sunset Plan on the Visa Technology Partner website (available to licensed users). • The product Compliance Letter contains no comments, i.e., any items identified during testing that are required to be corrected in the next version of the product. • The product has successfully completed any additional testing that may be required. • The platform Letter of Qualification from GlobalPlatform was not revoked (if qualified by GlobalPlatform). • Secure elements receive an initial three year compliance recognition period and can be renewed a maximum of three times, at one year extensions for a maximum Visa compliance recognition of six years. Additional testing may be required, at three years, for compliance recognition extension if the testing has changed since the time the product was fully tested. Secure Elements 3 Years 4 Years 5 Years 6 Years Handsets & Accessories 1 June 2016 2 3 © 2010 - 2016 Visa. All Rights Reserved. 4 5 6 Page 51 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Mobile Handset and Accessory Renewals 7.3 Mobile handsets and accessories are not eligible for renewal after the initial three year compliance recognition period expires. If a vendor wishes to extend the compliance recognition the handset or accessory shall be submitted as a new product and is subject to the testing requirements at that time. Secure Element Products – Renewal Process 7.4 When a mobile product is found compliant by Visa, it is assigned a renewal date that is communicated to the vendor in the Compliance Letter and also appears on the Visa Approval Services Mobile Compliant Products List. The renewal date for a mobile product is typically three years from the time the Compliance Letter is issued, unless noted in the letter. As a mobile product approaches its renewal date Visa reviews the product details to ensure that it complies with all of Visa’s current policies and is a product the vendor continues to issue. These policies apply to all compliant products and their derivatives. When a mobile product is approaching its renewal date and it is eligible for renewal (see Sections 7.2), the vendor should contact Approval Services and ask for a Request for Renewal Form to complete. In completing and signing the form, the vendor confirms that no changes have been made to the compliant product and the vendor wishes to continue to sell the product. Once the vendor has confirmed that no changes have been made to the product, and Visa confirms that the product meets Visa’s current policies, the product is assigned a new renewal date and will continue to be listed on the Visa Approval Services Mobile Compliant Products List. When a mobile product is approaching its renewal date the product may be required to go through additional testing if the testing has changed since the product was fully tested. If testing is required, Approval Services will contact the vendor to advise what additional testing is required before the product can be considered for renewal. If a product successfully completes the required testing it will be renewed and the new renewal date will be reflected on the Visa Approval Services Mobile Compliant Products List. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 52 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products The following flow chart represents the renewal process. General Conditions and Exceptions 7.5 Visa will notify the vendor if its product does not meet the renewal criteria. It is the vendor’s responsibility to track renewal dates for its compliant products and take actions as appropriate. The product will be removed from the relevant Visa Approval Services Mobile Compliant Products List the month following the renewal date. Renewals are linked to the conditions contained in the Compliance Letter sent to the vendor when the product was initially found compliant. If problems are identified with the product after receiving a Compliance Letter (or extension if a renewal is granted), Visa reserves the right to revoke compliance or extensions at any time. If a vendor seeks an extension of compliance for a product that no longer meets Visa’s current policy, the vendor must contact their local Visa regional representative. Visa reserves the right to amend this policy without prior notice. The effective date of any such change will be communicated to vendors. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 53 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products A Appendix A A.1 Revision History Version 4.1 Date May 2015 5.1 October 2015 5.2 December 2015 5.3 February 2016 5.4 June 2016 June 2016 Added HCE testing information: Section 2, Section 5, Appendix B, Appendix C Updated Section 4.2 Updated Section 4.8 Updated Appendix B Updated Appendix B: Added base product testing requirements and updated derivatives testing requirements Minor editorial updates Section 7.2 Updated Updated Appendix B: Updated testing requirements based on Visa Chip Bulletin 13 4th edition and implementation of the second phase of EMVCo Mobile Product Level 1 Type Approval Testing. Minor editorial updates. © 2010 - 2016 Visa. All Rights Reserved. Page 54 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products B Appendix B B.1 Testing Requirements for Changes to a Compliant Mobile Product B.1.1 Appendix Structure This appendix lists the testing requirements for base mobile products and changes to a compliant mobile product. The products have been grouped by handsets, secure elements and mobile accessories. If a vendor wants to make a change that is not listed, contact ApprovalServices@visa.com to determine which process may be utilized. B.1.2 Renewal Dates If a product is a change to or sharing test results from a base product, then all renewal dates will be based on the dates for the base product. B.1.3 Limits to Change Process A change to ROM of the approved product’s secure element is considered a new submission and testing is required. The security lab must provide an Impact Assessment Letter (IAL) to Approval Services defining the scope of the security evaluation. Vendors that have received a Compliance Letter from Visa identifying issues in the specification deviation / comments sections may not use this process to make changes to a product. Vendors must correct the issue(s) identified in the Compliance Letter before submitting the next version of the product for testing. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 55 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products B.1.4 Paper Process Only No functional or security testing is required. Samples must be provided to Approval Services. Following forms must be completed, signed and provided to Approval Services: B.1.5 • Request for Compliance for Mobile • Exhibit A • Mobile Vendor Confirmation Form or the EMVCo Mobile Product Level 1 Minor Change Declaration form Definitions and Acronyms • CCPS – EMVCo Contactless Communication Protocol Specification. • CCPS Antenna – The antenna in the mobile product which facilitates the (EMV) contactless proximity communication for Visa payment transaction. • OTA Antenna - The antenna in the mobile product which facilitates the contactless communication over MNO network. • Regression testing – A subset of testing. • Delta testing – A delta test is the difference between the testing performed for the original product versus a newer test plan • IAL – Impact Assessment Letter • Embedded Secure Element (eSE) – The secure element embedded in the mobile product where the VMPA applet resides. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 56 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products B.2 Testing Requirements B.2.1 Handsets Visa recognizes EMVCo’s mobile product level 1 type approval process, specifically the issuance of a Test Assessment Summary (TAS) for contactless level 1 testing or a Letter of Approval (LoA). Visa requires that all supported execution environments have a Test Assessment Summary or Letter of Approval, if available, from EMVCo. This table is only a guideline and additional testing may be required depending on the test results. Product submissions that are comprised of a handset with another component, such as an embedded secure element or a mobile accessory, are subject to the aggregated testing requirements for each component making up the product being submitted. Therefore a handset with an embedded secure element shall be subject to the testing requirements for both the handset and the embedded secure element component. Base Product Testing Requirements - Handsets # Base Product Configuration 1 Handset with Embedded Secure Element 2 Handset only supporting SWP UICC EMVCo Contactless Level 1 Cross Testing EMVCo TAS Full or or LoA EMVCo LoA EMVCo TAS Full VMPA Notes Handset does not support HCE or UICC. Transaction See Secure Elements – Base product Testing Requirements for the eSE component. Handset does not support HCE or eSE. None Handset does not have an EMVCo LoA. EMVCo TAS 3 4 Handset only supporting HCE Handset supporting more than one execution environment June 2016 Or Full analogue, Full digital EMVCo LoA or EMVCo TAS (includes HCE) or EMVCo TAS and full digital for HCE Handset does not support a UICC or eSE. Full None Handset does not have an EMVCo LoA. Full and selective testing for HCE, or EMVCo LoA Secure Element can be embedded or UICC. Transaction if eSE, else none. © 2010 - 2016 Visa. All Rights Reserved. Handset supports HCE. If eSE see section B.2.2 for the additional requirements for eSE component. Page 57 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Derivative Testing Requirements - Handsets Multiple changes will result in the aggregation of each applicable test requirement for the changes. Card emulation is defined as any level 1 PICC parameters defined in EMVCo Contactless Communication Protocol Specification - Book D, or any settings that include, but not limited to, NFC controller clock settings, or proximity payment antenna performance (NFC). Product submissions comprising of a handset and another component, such as an eSE or a mobile accessory, are subject to the aggregated testing requirements for each component making up the product and all changes being made to those components. # 1 Derivation Handset Software Change EMVCo Contactless Level 1 EMVCo TAS or LoA Cross Testing Regression or EMVCo LoA VMPA Transaction Compliance Letter Yes Notes Card emulation affected or major OS version change. Impact to digital functionality only. See also Tested Combinations. 2 3 Handset Software Change EMVCo TAS or LoA Handset Software Change EMVCo Minor Change Declaration Form Full or EMVCo LoA Card emulation affected or major OS version change. Impact to analogue and digital functionality. Transaction Yes This derivation is treated as a base product. Card emulation not affected or not a major OS version change. None None No See also Tested Combinations. Handset does not have an EMVCo LoA. Card emulation affected. 4 NFC Controller Firmware Change EMVCo TAS Full None Yes Handset does not have an EMVCo LoA. See also Tested Combinations. 5 NFC Controller Firmware Change EMVCo Minor Change Declaration Form (first presentment only) None Card emulation not affected. Same vendor, identical NFC controller. None No Handset does not have an EMVCo LoA. Additional presentments of #4. 6 NFC Controller Hardware Change EMVCo TAS or LoA Full or EMVCo LoA Transaction Yes See also Tested Combinations. 7 NFC Controller Driver Updates EMVCo TAS Full None Yes Handset does not have an EMVCo LoA. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 58 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products # Derivation EMVCo Contactless Level 1 8 Different Base Bands Supported (with hardware changes) EMVCo TAS Regression None Yes 9 Different Base Bands Supported (without hardware changes) EMVCo Minor Change Declaration Form None None No Different Proximity Payment Antenna Manufacturer or Antenna Manufacturing Site EMVCo TAS Full 10 Cross Testing VMPA Compliance Letter Notes Handset does not have an EMVCo LoA. Handset does not have an EMVCo LoA. Only software changes. None Yes Antenna materials and design are unchanged. Handset does not have an EMVCo LoA. Antenna materials and design are unchanged. 11 Different Proximity Payment Antenna Manufacturer or Antenna Manufacturing Site 12 Proximity Payment Antenna Changes (materials or design) EMVCo TAS 13 Change of Proximity Payment Antenna Location EMVCo TAS Full None Yes Handset does not have an EMVCo LoA. 14 Change to the Proximity Payment Antenna Optimal Functional Position EMVCo TAS Regression None Yes Handset does not have an EMVCo LoA. EMVCo TAS Regression None Yes Proximity payment antenna not in battery. Handset does not have an EMVCo LoA. None None Full None None Yes Yes Driving electronics are identical to original antenna and no change of tuning. Handset does not have an EMVCo LoA. Change of Battery 15 Additional presentments of #10 for the same handset model, with the assumption that the first presentment receives a letter of compliance. (materials or size) Handset does not have an EMVCo LoA. Proximity payment antenna in battery. Change of Battery EMVCo TAS 16 Full None Yes (materials or size) June 2016 Handset does not have an EMVCo LoA. This derivation is treated as a base product. © 2010 - 2016 Visa. All Rights Reserved. Page 59 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products # Derivation Change of Battery (adding charging 17 method capability wireless transfer pack) EMVCo Contactless Level 1 19 VMPA Compliance Letter Notes Only applicable to the first submission in product family. EMVCo TAS Full None Yes Handset does not have an EMVCo LoA. This derivation is treated as a base product. Change of Battery EMVCo Minor (different capacity Change 18 with no impact to Declaration Form battery dimensions) Handset Casing Changes Cross Testing EMVCo TAS None Regression None None No Handset does not have an EMVCo LoA. Yes Casing materials, thickness, or paint (with metallic composition) changed. Handset does not have an EMVCo LoA. Only shape of casing has changed. 20 Handset Casing Changes None None None No Casing materials, thickness, and paint remain the same. Handset does not have an EMVCo LoA. Handset does not have an EMVCo LoA. 21 Contactless Level1 Specification Version 22 Change of Execution EMVCo TAS or Environment (UICC LoA to eSE) 23 24 Change of Execution Environment (eSE to UICC) Change of Execution Environment (addition of HCE) EMVCo TAS EMVCo TAS Full None Yes This derivation is treated as a base product. Embedded secure element component has received a compliance letter. Regression or EMVCo LoA Transaction Regression None Yes VMPA applet is identical to eSE component submission. Yes Handset is not submitted in combination with UICC. Handset does not have an EMVCo LoA. Handset is already compliant for SE transactions. EMVCo TAS or Full Digital (HCE) Handset does not have an EMVCo LoA. Full None Yes Requirements subject to change based on OS version. (Applies to removable or eSE’s.) 25 Change of Execution Environment (addition of SE) June 2016 Handset is already compliant for HCE. EMVCo TAS Full None Yes Handset does not have an EMVCo LoA This derivation is treated as a base product. © 2010 - 2016 Visa. All Rights Reserved. Page 60 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products B.2.2 Secure Elements This table is only a guideline and additional testing may be required depending on the test results. Base Product Testing Requirements – Secure Elements # Base Product Configuration 1 UICC 2 Embedded Secure Element Component 3 MicroSD (with Internal Antenna) EMVCo Contactless Level 1 None None Cross Testing Full None VMPA Full Full GP LOQ Yes Yes EMVCo PCN Yes Yes Visa Security Testing IAL Full Full Yes Yes IAL IAL Security testing may be required dependent on the Impact Assessment Letter (IAL). IAL Security testing may be required dependent on the Impact Assessment Letter (IAL). EMVCo TAS Full digital 4 MicroSD (without Internal Antenna) OR Full Full Yes EMVCo TAS June 2016 © 2010 - 2016 Visa. All Rights Reserved. Yes Security testing may be required dependent on the Impact Assessment Letter (IAL). Security testing may be required dependent on the Impact Assessment Letter (IAL). Full analogue Full digital OR Notes Page 61 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Derivative Testing Requirements – Secure Elements EMV Product Cross # Configuration Derivation Contactless Testing VMPA Visa GP EMVCo Security LoQ PCN Testing None No Level 1 1 All Replacing VMPA UICC14 Applet with VMPA UICC17 Applet None None All All Addition of new applications (OTA or preissuance) None None All Change to CDR/CREL/ PPSE parameters (e.g. change Type A SAK from 28 to 20) None Full 5 All Different EEPROM or Flash memory size None None None 6 microSD with Internal Proximity Payment Antenna NFC Controller Firmware Change None None 3 4 June 2016 None Notes Yes Same applet version and build date. Same applet package, e.g. VMPA 1.4.1 UICC14 to VMPA 1.4.3 UICC14. Updating VMPA applet to a higher specificatio n version 2 No Compliance Letter None None Delta No No IAL Yes Security testing may be required in addition to the Impact Assessment Letter (IAL) from the security testing laboratory. No No None No New application(s) must comply with latest Platform Security Guidance Documents. Transaction No No None No Same PCN and ROM mask. No No None No No No None Yes None Full digital OR EMVCo TAS © 2010 - 2016 Visa. All Rights Reserved. Page 62 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products EMV Product Cross # Configuration Derivation Contactless Testing VMPA Visa GP EMVCo Security LoQ PCN Testing None No Level 1 7 Different Full Proximity analogue, microSD with Payment regression Antenna Internal digital Proximity Manufactur Payment er or OR Antenna Antenna Manufacturi EMVCo TAS ng Site 8 microSD with Internal Proximity Payment Antenna 9 All June 2016 Proximity Payment Antenna Changes (materials or design) Security patch Full analogue, regression digital Full Full None No No No None None Compliance Letter Notes Yes Antenna materials and design are unchanged. Yes Driving electronics are identical to original antenna and no change of tuning. Yes Security testing may be required dependent on the Impact Assessment Letter (IAL). OR EMVCo TAS TBD TBD TBD TBD Yes © 2010 - 2016 Visa. All Rights Reserved. IAL Page 63 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products B.2.3 Mobile Accessories Visa recognizes EMVCo’s mobile product level 1 type approval process, specifically the issuance of a Test Assessment Summary (TAS) for contactless level 1 testing. Visa requires that all supported execution environments have a Test Assessment Summary if available from EMVCo. This table is only a guideline and additional testing may be required depending on the test results. Product submissions that are comprised of an accessory with another component, such as an embedded secure element, are subject to the aggregated testing requirements for each component making up the product being submitted. Therefore an accessory with an embedded secure element shall be subject to the testing requirements for both the accessory and the embedded secure element component. Base Product Testing Requirements – Mobile Accessories # 1 2 Accessory Configuration Accessory with internal antenna and embedded Secure Element Accessory with internal antenna and removable Secure Element June 2016 EMVCo Contactless Level 1 Cross Testing EMVCo TAS or Full Analogue Full Digital Full and Full Digital (HCE) EMVCo TAS or Full Analogue Full Digital and Full Digital (HCE) and VMPA HCE testing is only applicable if the product supports it. Transaction See section B.2.2 for the requirements for eSE component. Selective (HCE) Full and Notes HCE testing is only applicable if the product supports it. None Selective (HCE) © 2010 - 2016 Visa. All Rights Reserved. See section B.2.2 for the requirements for removable secure element. Page 64 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 65 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products Derivative Testing Requirements – Mobile Accessories Multiple changes will result in the aggregation of each applicable test requirement for the changes. Card emulation is defined as any level 1 PICC parameters defined in EMVCo Contactless Communication Protocol Specification - Book D, or any settings that include, but not limited to, NFC controller clock settings, or proximity payment antenna performance (NFC). Product submissions comprising of an accessory and another component, such as an embedded secure element, are subject to the aggregated testing requirements for each component making up the product and all changes being made to those components. # 1 Derivation Accessory Software Change EMVCo Contactless Cross Testing Level 1 EMVCo TAS Regression VMPA Transaction Compliance Letter Notes Yes Card emulation affected or major OS version change. Impact to digital functionality only. See also Tested Combinations. 2 Accessory Software Change EMVCo TAS Full Transaction Yes Card emulation affected or major OS version change. Impact to analogue and digital functionality. Treated as a base product. See also Tested Combinations. 3 4 5 EMVCo Minor Change Declaration Form None NFC Controller Firmware Change EMVCo TAS Full NFC Controller Firmware Change EMVCo Minor Change Declaration Form (first presentment only) None Accessory Software Change None No See also Tested Combinations. Card emulation affected. None Yes See also Tested Combinations. Card emulation not affected. None Yes Same vendor, identical NFC controller. Additional presentments of #4. 6 NFC Controller Hardware Change EMVCo TAS Full Transaction Yes 7 NFC Controller Driver Updates EMVCo TAS Full None Yes 8 Different Proximity Payment Antenna Manufacturer or Antenna Manufacturing Site EMVCo TAS Full None Yes June 2016 Card emulation not affected or not a major OS version change. © 2010 - 2016 Visa. All Rights Reserved. See also Tested Combinations. Antenna materials and design are unchanged. Page 66 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products EMVCo Contactless Cross Testing Level 1 VMPA Compliance Letter Full None Yes EMVCo TAS Full None Yes EMVCo TAS Regression None Yes EMVCo TAS Regression None Yes # Derivation 9 Proximity Payment Antenna Changes (materials or design) EMVCo TAS 10 Change of Proximity Payment Antenna Location 11 Change to the Proximity Payment Antenna Optimal Functional Position Change of Battery 12 (materials or size) Change of Battery 13 EMVCo TAS Full None Yes (materials or size) 14 15 Change of Battery EMVCo Minor (different capacity Change with no impact to Declaration Form battery dimensions) 17 18 Accessory Casing Changes Accessory Casing Changes Contactless Level1 Specification Version June 2016 Driving electronics are identical to original antenna and no change of tuning. Proximity payment antenna not in battery. Proximity payment antenna in battery. Treated as a base product. Change of Battery (adding charging method capability wireless transfer pack) 16 Notes EMVCo TAS EMVCo TAS Full None Yes None None No Regression None Yes Only applicable to the first submission. Casing materials, thickness, or paint (with metallic composition) changed. Only shape of casing has changed. None None None No Casing materials, thickness, and paint remain the same. EMVCo TAS Full TBD © 2010 - 2016 Visa. All Rights Reserved. Yes Treated as a base product. Page 67 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products C Appendix C C.1 Submission Requirements The vendor is required to provide the items listed below for Visa functional testing. For GlobalPlatform testing submission requirements refer to the GlobalPlatform site. For EMVCo testing submission requirements refer to the EMVCo site. Note: Visa reserves the right to conduct additional testing on any products that have gone through the testing and compliance process. The number of samples stated is the minimum required. Additional samples may be required or provided upon request. C.1.1 UICC Test Description Labs Number of Samples Required for Testing Personalization Profile GlobalPlatform Testing External Lab Refer to GlobalPlatform Refer to GlobalPlatform VMPA Testing External Lab 1 Handset 6 UICCs with Mobile00 12 UICCs 2 UICCs with Mobile30 VTKPM Testing 4 UICCs with Mobile35 The type (A, B and A&B) is not important for this test, so is left to vendor discretion Cross Testing Visa Lab 2 Handsets 15 UICCs Type A&B with Mobile00 15 UICCs June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 68 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products C.1.2 Embedded Secure Element Component (Without a Handset) Test Description Labs Number of Samples Required for Testing Personalization Profile GlobalPlatform Testing External Lab Refer to GlobalPlatform Refer to GlobalPlatform VMPA Testing External Lab 10 Secure Elements (as a Dual Interface ID1 or UICC) Not Applicable To test the Embedded Secure Element in contactless mode, it will be necessary to supply a form factor that permits Contactless Level 1 communication with the Secure Element and compatible with the test tools through a Test Tool Interface Application. Note: An Embedded Secure Element shall be submitted as either a dual interface ID1 card or as a UICC form factor. See Section 2. C.1.3 Handset-Only Test Description Labs Contactless Level 1 Testing: External Lab Number of Samples Required for Testing Personalization Profile 1 SWP Handset 3 UICCs Type A with Mobile00 6 UICCs AND Analog 3 UICCs Type B with Mobile00 Digital Cross Testing Visa Lab 2 Handsets 6 UICCs Type A&B with Mobile00 6 UICCs C.1.4 Handset (HCE Only) Test Description Labs Number of Samples Required for Testing Personalization Profile Contactless Level 1 Testing: External Lab 2 Handset See L1 Test Application Package Visa Lab 2 Handsets Ability to load test applet Analog Digital Cross Testing June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 69 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products C.1.5 Path Handset (Secure Element and HCE) Test Description Labs Number of Samples Required for Testing Personalization Profile Contactless Level 1 Testing: External Lab 1 SWP Handset 3 UICCs Type A with Mobile00 SE PATH Analog 6 UICCs AND Digital 3 UICCs Type B with Mobile00 Cross Testing Contactless Level 1 Testing: HCE PATH 6 UICCs 6 UICCs Type A&B with Mobile00 External Lab 1 SWP Handset (Configured for HCE) See L1 Test Application Package Visa Lab 1 Handsets Ability to load test applet Visa Lab Digital Cross Testing C.1.6 1 Handset Handset with a Compliant Embedded Secure Element Test Description Labs Number of Samples Required for Testing Personalization Profile Contactless Level 1 Testing: External Lab 1 Handset Mobile00 VMPA Testing External Lab 1 Handset with TTIA Not Applicable Cross Testing Visa Lab 2 Handsets with TTIA Mobile00 Analog Digital The embedded secure element must meet the test requirements for initialization for testing (e.g. OP_Ready State/Secure State, test keys, ISD AID, etc.) as identified in the test preparation documentation provided to vendors who have licensed the Visa specifications and software. Handset vendors who have not licensed the Visa specifications and software would consult with the embedded secure element provider on stalling VMPA and personalization and a completed VMPA ICS form. June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 70 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products C.1.7 microSD with an Internal Antenna Test Description Labs Number of Samples Required for Testing Personalization Profile Contactless Level 1 Testing: External Lab 1 Handset 3 microSDs Type A with Mobile00 6 microSDs AND Analog 3 microSDs Type B with Mobile00 Digital GlobalPlatform Testing External Lab Refer to GlobalPlatform Refer to GlobalPlatform VMPA Testing External Lab 1 Handset with TTIA 6 microSDs with Mobile00 8 microSDs 2 microSDs with Mobile30 The type (A, B and A&B) is not important for this test, so is left to vendor discretion. Cross Testing Visa Lab 2 Handset 15 microSDs Type A&B with Mobile00. 15 microSDs C.1.8 microSD (No Antenna) Test Description Labs Number of Samples Required for Testing Personalization Profile EMV Contactless Level 1 Testing: External Lab 1 Handset 3 microSDs Type A with Mobile00 6 microSDs AND 1 Handset sleeve with microSD slot and built-in antenna. (If applicable) 3 microSDs Type B with Mobile00. Digital GlobalPlatform Testing External Lab Refer to GlobalPlatform Refer to GlobalPlatform VMPA Testing External Lab 1 Handset with TTIA 6 microSDs with Mobile00 8 microSDs 2 microSDs with Mobile30 1 Handset sleeve with microSD slot and built-in antenna. (If applicable) The type (A, B and A&B) is not important for this test, so is left to vendor discretion. 2 Handsets 15 microSDs Type A&B with Mobile00. Cross Testing Visa Lab 15 microSDs 2Handset sleeves with microSD slot and built-in antenna. (If applicable) June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 71 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products C.1.9 microSD with Handset (Antenna within the Handset) Test Description Labs Number of Samples Required for Testing Personalization Profile Contactless Level 1 Testing: External Lab 1 Handset 6 microSDs 3 microSDs Type A with Mobile00 Analog AND 3 microSDs Type B with Mobile00 Digital GlobalPlatform Testing External Lab Refer to GlobalPlatform Refer to GlobalPlatform VMPA Testing External Lab 1 Handset with TTIA 8 microSDs 6 microSDs with Mobile00 2 microSDs with Mobile30 The type (A, B and A&B) is not important for this test, so is left to vendor discretion. Cross Testing Visa Lab 2 Handsets 15 microSDs 15 microSDs Type A&B with Mobile00. C.1.10 Mobile Accessory with embedded Secure Element (Antenna within the Mobile Accessory) Test Description Labs Number of Samples Required for Testing Personalization Profile Contactless Level 1 Testing: External Lab 2 Handsets 2 Accessories 1 Accessory Type A with Mobile00 AND 1 Accessory Type B with Mobile00 GlobalPlatform Testing External Lab Refer to GlobalPlatform Refer to GlobalPlatform VMPA Testing External Lab 1 Handset with TTIA 2 Accessories VMPA is pre-installed and personalized with Mobile00 on one accessory, and Mobile30 on the other. The type (A, B and A &B) is not important for this test, so is left to vendor discretion. Cross Testing Visa Lab 2 Handsets 2 Accessories 2 Accessories Type A&B with Mobile00. Analog Digital June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 72 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products C.1.11 Mobile Accessory with Removable Secure Element (Antenna within the Mobile Accessory) Test Description Labs Number of Samples Required for Testing Personalization Profile Contactless Level 1 Testing: External Lab 1 Handset 1 Accessory 6 microSDs 3 microSDs Type A with Mobile00 AND 3 microSDs Type B with Mobile00 GlobalPlatform Testing External Lab Refer to GlobalPlatform Refer to GlobalPlatform VMPA Testing External Lab 1 Handset with TTIA 1 Accessory 8 microSDs 6 microSDs with Mobile00 2 microSDs with Mobile30 The type (A, B and A&B) is not important for this test, so is left to vendor discretion. Cross Testing Visa Lab 2 Handsets 2 Accessories 15 microSDs 15 microSDs Type A&B with Mobile00. Analog Digital June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 73 of 74Page Visa Mobile Proximity Payment Testing & Compliance Requirements for Mobile Products End of Document June 2016 © 2010 - 2016 Visa. All Rights Reserved. Page 74 of 74Page