Hello again! If you’ve been following my blog, you might remember my previous project about ISO 8583, where we decoded message formats like HEX, ASCII, and Binary. That deep dive into payment protocols was a big part of my journey working with payment terminals and transaction systems. Now, I want to share with you something equally important but often overlooked by beginners: the four EMV books.
If you are just starting to explore EMV (which stands for Europay, MasterCard, and Visa), understanding these four documents can make a big difference. I know they sound like something only for certification experts, but trust me, if you want to build or troubleshoot anything EMV-related, these books will help you a lot.
So today, let’s go through each EMV book one by one, in a friendly and simple way. Don’t worry, no jargon here, just real talk, based on experience and actual use cases.
What are EMV Books?
The EMV books are official specifications created by EMVCo, the group that manages EMV technology. These specs define how smart payment cards (like chip cards) and terminals (like POS machines) should behave so that everyone can speak the same “language”.
There are four books:
- Book 1: Application Independent ICC to Terminal Interface Requirements
- Book 2: Security and Key Management
- Book 3: Application Specification
- Book 4: Cardholder, Terminal and Acquirer Interaction
Each book has its own focus. When you combine them, you get a full picture of how a chip card transaction works from card insertion to completion.
Book 1: Application Independent ICC to Terminal Interface Requirements
This first book is all about how the card and the terminal talk to each other on a basic level. “ICC” means Integrated Circuit Card, in other words, the chip card. The communication here is low-level, and it happens over what’s called APDU (Application Protocol Data Units).
Key Concepts:
- APDU Commands/Responses: This is how the terminal sends instructions to the card (like “give me your application list”), and how the card replies.
- ATR (Answer to Reset): What the card sends after being powered up.
- Physical/Electrical Interface: Timing, voltage levels, how data is transmitted.
Practical Use:
If you’re working on terminal integration or EMV kernel development, you’ll refer to this book a lot when you need to send commands and decode the card’s replies.
Real-life connection: I remember during our testing phase, we had a bug where the terminal was not getting the correct response. Book 1 helped me figure out we were sending an invalid APDU structure. Without it, we would’ve been stuck.
Book 2: Security and Key Management
Now let’s talk about security because payments without security is like coffee without water, right?
Book 2 is focused on how encryption and keys are used in EMV transactions. You might have heard terms like “SDA” or “DDA”, those are types of data authentication, and they live here.
Key Concepts:
- Public Key Infrastructure (PKI): EMV uses digital certificates to make sure the card is genuine.
- Static Data Authentication (SDA): Uses a digital signature that doesn’t change.
- Dynamic Data Authentication (DDA): Adds randomness, making it harder to clone.
- Combined DDA/AC Generation (CDA): A more advanced version of DDA.
Practical Use:
This book helps you understand how the card proves it’s real, and how terminals verify that proof. If you’re setting up certification with a payment scheme, you’ll touch this book for sure.
Tip: Don’t be scared of the math. You don’t need to be a cryptographer. Just focus on understanding the flow of key usage and the purpose of each one.
Book 3: Application Specification
This one is the heart of EMV transactions. It’s like the rulebook for how a full chip card payment should happen. Book 3 describes the entire flow of the transaction — step by step — from the moment the card is inserted until the transaction is complete.
Key Concepts:
- Application Selection: Picking the correct app on the card.
- Terminal Risk Management: Should we go online or offline?
- Cardholder Verification: PIN, signature, or no CVM.
- Transaction Authorization: Offline approval, or sending it online.
- EMV Tags (TLVs): Data elements like 9F02 (amount), 9F1A (country code), etc.
Practical Use:
This is the book I used most during our EMV Level 2 certification. It helped me simulate different scenarios — like what happens when the card requests offline approval or what TLV fields to expect.
Pro tip: Create a checklist based on the EMV transaction flow from this book. It will help you debug issues more easily.
Book 4: Cardholder, Terminal and Acquirer Interaction
Book 4 connects all the pieces together. It explains what happens from the cardholder’s point of view, and also how the acquirer and host systems should behave.
Key Concepts:
- User Prompts: Messages displayed on screen like “Enter PIN” or “Remove Card”.
- Acquirer Response Handling: What the terminal should do based on the host’s reply.
- Transaction Outcome Display: How to show approval or decline.
- Fallback Rules: What happens if chip fails, can we use magstripe?
Practical Use:
This is the book that helps with user experience and terminal behavior. For example, if your terminal shows “Processing…” for too long or doesn’t prompt for PIN correctly, this is the book to check. One time, our terminal skipped PIN entry for a local card. Turned out, we misread the CVM list interpretation and Book 4 saved us from failing certification.
Summary: Bringing It All Together
The four EMV books are not easy to read at first, I won’t lie. They’re long, technical, and sometimes confusing. But once you go through them with a purpose (like during a project or certification), they start to make sense. I’ve personally used them many times when building and testing our payment terminals.
To recap:
- Book 1: Low-level card-terminal communication (APDUs)
- Book 2: Security, key management, and authentication
- Book 3: Step-by-step application processing (main transaction logic)
- Book 4: Terminal-to-user and terminal-to-acquirer behavior
If you’re just starting, don’t stress yourself trying to read them all at once. Start with Book 3, it gives the best overview of how transactions work.
And one more thing, if you’re working on EMV projects, always combine your reading with testing. Seeing the tags and responses in real terminal logs makes it easier to understand the specs.
Final Words for Beginners
So there you go, the EMV books in plain words. I hope this guide gave you a better understanding and maybe even some confidence to open those PDF specs again.
Yes, they’re not exactly bedtime reading, but they are worth it. Every successful chip transaction depends on these rules and now you know the blueprint behind it.
If you’re currently doing an EMV kernel implementation or preparing for a certification, good luck! And if you ever feel overwhelmed, just remember: every expert once got confused by Book 2 too 🙂
Sources
- EMVCo Official Website: https://www.emvco.com/emv-technologies/emv-3-0-specifications/
- EMV 4.3 Specifications (Books 1–4), EMVCo — available after free registration at https://www.emvco.com
- Real experience during project certification with EMV Level 2 Contact Kernel
Let me know if you want me to create a simplified EMV flowchart or a checklist based on Book 3, I’d be happy to share it in the next post!
