categories > software engineering_



EMV Paypass, Paywave and Expresspay, a nightmare for developers

We have been developing contactless EMV level 2 kernels since two years for the various payment schemes, and I must admit: it is a nightmare. There are obstacles everywhere. One of the biggest issues (or stupidities) is, that Visa, Mastercard and American Express cannot agree on a common specification. Not to mention the totally different certification processes. Under these circumstances, what does EMV stand for?

Maybe we start from an earlier point in EMV history. In the early days EMV was standing for Eurocard, Mastercard and Visa to develop a worldwide common standard to process card payments. That really worked well in the contact (chip card) environment. There is one specification and one certification process. EMV recommends to take around 18 month time to develop and certify a contact kernel. The certification is good for Visa, Mastercard and Amex. Perfect. That way, everybody can calculate their development cost plus around euro 50’000 for test tools and certification fees. Something between 200’000 and 400’000 Euro is a normal value.

The NFC switch

With NFC things changed. Visa, MaterCard and Amex have their own implementation specifications for the EMV Level 2 contactless kernel. Also the certification cannot be done at one single place. You must do a certification for each kernel at an accredited certification laboratory. As you can imagine you also need several test tools to be able to prepare for certification. Now you can recalculate the cost for development and certification for a contactless kernel. Just multiply everything by three. Ok, that might be a bit exaggerated, but you will face double the cost as for a contact kernel, for sure.

But know, since the contactless stuff is still in a pre-birth (embryonic) state, things like specifications, test tools and certification processes change a lot. To give you an example: with the Expresspay Contactless Kernel we had to pass around 500 test cases. After we were down to 5 unpassed tests, we received a new version of the test tool that sent us back to around 300 unpassed tests. That means they fixed over half of their tests? This game went on three times until we had a test tool that was ok and free of bugs. Annoying or nightmare-ish. Or think of developing Paypass 2.1 versus Papass 3.0. This is basically a totally new specification and you can almost redevelop everything from scratch to pass the 3.0 certification. This multiplies the cost by 3 or 4 times, for sure.

And why do we have to do this? To process maybe one percent of all the transactions contactless? That’s a lot of pain and a very small gain. I hope the industry is not starting to hate NFC before it starts. Or; does NFC really start or will it be a stillborn child of some technology freaks?

I would love to see some comments of fellow developers or card scheme people. Maybe we did everything wrong or we have a lot of suffering friends out there. Please drop a comment.

Daniel Eckstein

Daniel is the Chair of the Board and Founder of Abrantix, a visionary, lateral thinker and the driving force behind Abrantix. With his other partners he has developed the company into a leader in payment software engineering.

Comment by Konrad |

“And why do we have to do this? To process maybe one percent of all the transactions contactless?”

Depends on the region. In some countries CTLS is quite common. I used to work for a major acquirerer and sometimes it was hard to spot a non CTLS transaction in the Postilion logs 😉

Comment by LoudMouth |

Also…where are the NFC phones ?!?!? How many are out there? What is the extra cost to add all that NFC hardware not to mention the software effort?

Comment by Nolan Heiter |

The development nightmares and costs are only on hurdle to overcome. There is still a lot of fear in the public over the use of NFC. Many fear electronic pickpockets and believe that this form of financial and identity theft will grow as the popularity of NFC payments grows. Even if this perrception is erroneous, it is important if it keeps the public from adopting the technology. There will be many who want to “wait and see”.

Comment by Emmanuel Haydont |

You are right. The change of status of the Issuer Association, to Publicly Traded Companies has killed the necessary collaboration that had been at the origin of the creation of the EMVCo organization.
Where they use to compete on Business parameters only, they are since the start of contactless payment competing also on technology. This has been very counter productive and slowed the emergence of this technology and cost effective modern payment means.
Indeed it does not make send not to have common standards for NFC card acceptance and no collaboration of the industry players. It creates huge implementation and testing constraints and makes EMV Contactless imimplementations ridiculously expensive and risky.
Good luck for your projects !

Add Comment
Contact Details
What is the sum of 4 and 7?

Share article:


Settings saved

Privacy Settings

At Abrantix we take data protection seriously. Please select your preferences from the settings below so that we can present the website in compliance with the GDPR.

You are using an outdated browser. The website may not be displayed correctly. Close