In today’s fast-evolving payment landscape, achieving EMV compliance is a fundamental requirement for any terminal solution looking to be globally accepted, secure, and scalable. EMV, short for Europay, Mastercard, and Visa, is the global standard for chip-based payment transactions. Among the several levels of EMV Certification, Level 2 focuses specifically on the EMV Kernel, a crucial software component responsible for the secure processing of chip card transactions.

For Mastercard, Level 2 certification is not just a technical checkbox; it’s a rigorous compliance mandate that ensures that the payment terminal’s software behavior aligns with Mastercard’s global specifications. At EazyPay Tech, we specialize in supporting OEMs, terminal manufacturers, fintech companies, and software developers in achieving Mastercard EMV Level 2 Certification efficiently. Our experience spans across EMV Software design, EMV Kernel integration, and end-to-end testing services, making us the preferred partner for mission-critical payment software certification.

This comprehensive guide is designed to help you understand the detailed requirements of Mastercard L2 certification, the role of EMV Kernel and EMV Software, the testing and validation environment, and how EazyPayTech helps reduce costs, time, and complexity associated with the certification process.

EMV Kernel and Level 2 Certification

The EMV Kernel is at the heart of the chip card transaction process. It acts as the software engine that runs the logic and flows required by EMV specifications. The kernel is responsible for crucial transaction steps such as application selection, cardholder verification, terminal risk management, and transaction authorization.

Unlike hardware-level certification (Level 1), EMV Level 2 focuses entirely on the software logic implemented in the terminal that interfaces with EMV chip cards. This logic is what determines the security, reliability, and correctness of how transactions are processed. Without a certified Level 2 EMV Kernel, terminals cannot legally or functionally process EMV transactions in markets where such standards are mandatory.

Mastercard mandates scheme-specific adaptations and validation steps beyond the EMVCo Level 2 approval. In other words, your EMV Kernel may be compliant with EMVCo specifications, but unless it also passes Mastercard-specific brand tests, your terminal cannot be deployed in Mastercard acceptance environments.

Why Mastercard Specific EMV Certification is Critical

Each payment scheme like Mastercard, Visa, or Amex has its own implementation guidelines and required test cases that build upon the global EMVCo standards.

For Mastercard, this means adherence to Mastercard Card Application Specifications (M/Chip) and the successful completion of Mastercard’s Brand Compliance Testing (BCT).

Failing to meet these scheme level compliance requirements results in product launch delays, added development costs and in some cases, full redevelopment of the EMV Kernel logic. 

Mastercard’s EMV L2 tests ensure proper tag usage, transaction flow consistency, cardholder verification method hierarchy, terminal risk parameters, and data exchange integrity.

At EazyPay Tech, we offer full-cycle services that include EMV Software adaptation, Mastercard-compliant kernel development, pre-certification readiness checks, and test campaign support.

Our services are designed to help you gain EMV Certification faster without compromising on performance or compliance.

Mastercard Contact Certification Process: 

To certify the EMV Contactless Kernel for Mastercard PayPass as per Mastercard’s Book C-2 and EMVCo Type Approval Requirements. The kernel must meet Mastercard’s behavioral and functional requirements across all supported contactless transaction types (Magstripe, EMV, qVSDC, etc.).

1. Company Registration with Mastercard

2. Submit Product Details to Mastercard

• What is submitted:
  
  • Kernel name and version.
  • Supported EMV modes (EMV, magstripe, qVSDC).
  • Supported profiles (Consumer Device Cardholder Verification Method (CDCVM), No-CVM, etc.).
  • Terminal Type and OS (e.g., Android, Linux, etc.).
  • Kernel configuration files (Terminal Profile, ReaderCapabilities, etc.).
  • Implementation Conformance Statement (ICS).
• Tool: EMVCo ICS templates + Mastercard-specific forms.

2. Formal Testing at Mastercard-Accredited Test Lab

• The lab uses Mastercard-approved test tool (e.g., UL, Galitt, FIME, etc.).
  
• Test Scope Includes:
  
  • Behavioral Testing: Validates that kernel processes contactless transactions as per Mastercard Book C-2 specs.
    • Transaction flow validation.
    • Response handling (AIDs, PDOL, CDOL1/2, CVM).
  • Interoperability: Ensures compatibility with Mastercard cards (physical & digital).
  • Error Path Testing: Verifies robustness in edge cases and abnormal conditions.
  • Security Tests: Evaluates CVM handling, cryptogram generation (ARQC), and key management logic.
• Test Vectors Include:
  
  • Pre-personalized Mastercard test cards.
  • Simulation scripts for contactless reader response validation.

3. Debugging and Issue Resolution

• Failure Example Scenarios
  • Incorrect AIP/ATC setting.
  • Improper PDOL parsing or terminal data mismatch.
  • Inconsistent CVM Result reporting (especially for CDCVM).
• Developer Actions
  • Modify kernel configuration or internal logic (e.g., DOL parsing, risk management).
  • Re-run failed test cases until all mandatory and conditional tests pass.
• Support: Lab may provide detailed logs and protocol trace (APDU/EMV tags) for analysis.

4. Receive Level 2 Approval

• Lab submits final test report to Mastercard.
• Mastercard evaluates test logs and compliance report.
• If accepted:
  • Issuance of L2 Letter of Approval (LOA).
  • Kernel is listed in Mastercard’s certified product directory.

Key Areas in Mastercard EMV L2 Kernel Certification

Mastercard EMV Level 2 testing is a rigorous validation process focused on the terminal’s EMV Kernel functionality, ensuring seamless, secure, and brand-compliant chip card transactions. The process examines how the terminal’s kernel software interprets, processes, and responds to a wide variety of card behaviors, data elements, and transaction flows defined under Mastercard’s brand rules and EMV specifications.

The following are the core focus areas of Mastercard EMV L2 testing, all of which must be carefully implemented, tested, and verified:

1. Application Selection and Terminal Profiles

• AID Matching & Priority Order: Ensures the terminal accurately matches the card’s Application Identifier (AID) with supported AIDs in its terminal profile.
• Multi-AID Card Handling: Verifies correct application selection logic when multiple AIDs are present on the card.
• Mastercard Product Coverage: Tests terminal behavior across Mastercard-branded products, including:
  • Mastercard Credit/Debit
  • Maestro
  • Mastercard Prepaid

2. Cardholder Verification Method (CVM) Handling

• CVM List Processing: Ensures the terminal correctly interprets and executes the card’s CVM list.
• PIN Handling:
  • Online PIN (sent to issuer)
  • Offline Encrypted/Plaintext PIN (verified locally)
• Fallback to Signature or No CVM: Correct fallback mechanisms when preferred CVM is not supported or fails.
• Support for CDCVM (Consumer Device CVM): Particularly important in mobile/contactless implementations.

3. Terminal Risk Management

• Floor Limit Logic: Verifies the transaction amount threshold beyond which online authorization is required.
• Random Transaction Selection: Checks proper handling of randomized selection for online authorization.
• Velocity Checking: Ensures transaction frequency checks are working as defined.
• TAC (Terminal Action Codes): Validates terminal’s action codes for Denial, Online, and Default scenarios.
• TVR (Terminal Verification Results) Population: Confirms accurate setting of bits to reflect kernel behavior during transaction.

4. EMV Transaction Flow Control

• GPO (Get Processing Options): Ensures correct processing of PDOL (Processing Data Object List).
• Record Reading: Validates correct and complete reading of AFL (Application File Locator) records.
• GENERATE AC (Application Cryptogram):
  • Accurate handling of ARQC, AAC, and TC.
  • Construction and parsing of CDOL1/CDOL2.
• Issuer Script Processing: Terminal must correctly interpret and execute scripts received from the issuer in the authorization response.
• Error Handling: The kernel must recover and respond gracefully to abnormal or missing card responses.

5. Data Object List (DOL) and TLV Compliance

• Construction of CDOL1, CDOL2, DDOL, TDOL: Ensures the data object lists are correctly formatted as per Mastercard specs.
• Tag-Level Validation: Every tag used in the transaction must be:
  • Present (where required)
  • Correct in length and value
  • Appropriately encoded using TLV structure
• 9F10 and Cryptogram Formats: Must follow Mastercard-specific formats for Issuer Application Data (IAD) and cryptograms.

6. Offline Data Authentication

• Static Data Authentication (SDA): Verifies signed data elements using certificate-based validation.
• Dynamic Data Authentication (DDA): Confirms terminal’s ability to verify a dynamic signature generated by the card.
• Combined DDA + Application Cryptogram Generation (CDA): Complex implementation requiring both signature verification and AC generation.

7. Contactless Support (if implemented)

• PayPass/MCL Kernel Behavior:
  • Correct profile selection for Mastercard and Maestro contactless.
  • Proper handling of mobile tap cards and NFC-enabled devices.
• PPSE (Proximity Payment System Environment) Processing: Ensures contactless AID discovery and selection.
• CDCVM & Contactless CVM Limits: Validates proper enforcement of card brand thresholds for CVM bypass or enforcement.
• Tap Retry and Fallback: Ensures graceful degradation to contact interface or magstripe fallback in case of tap failure.

8. Mastercard-Specific Behavior and Tag Rules

• M/Chip Data Format Validation: Ensures correct encoding of Mastercard-specific tags (e.g., 9F10, 9F26, 9F27).
• Brand-Mandated Error Codes: Terminal must generate Mastercard-specific status words and error tags for incomplete or invalid transactions.
• Transaction Logging: Ensures detailed traceability of all APDU commands and tag values for BCT log submission.

9. Multi-Application Handling (if applicable)

• Multiple AID/Kernel Instances: Ensures proper isolation and management if the terminal supports multiple EMV kernels or applications.
• Correct AID Switching Logic: Validates transaction flow when switching between payment schemes (Mastercard, Visa, etc.).

10. Interoperability & Edge Case Handling

• Card Variants: Kernel must be tested against different card profiles (new, expired, corrupted).
• Incorrect APDU Handling: Proper terminal response to malformed or unexpected APDUs.
• Timeouts and User Aborts: Kernel must manage incomplete transactions with user-friendly error messaging and state resets.

Tools and Infrastructure for Mastercard EMV Software (Kernel ) Testing

Successfully achieving Mastercard EMV Level 2 (L2) Certification requires not just compliance expertise but also a robust and highly reliable testing infrastructure. The process involves extensive validation against Mastercard and EMVCo specifications, and any gaps in tooling or test coverage can delay certification and increase costs.

At EazyPay Tech, we understand that precision in EMV software testing comes from the right combination of tools, lab environment, and expert know-how. Our fully equipped EMV testing lab ensures that your terminal software or EMV kernel is tested under real-world conditions, across a wide range of scenarios.

Below are the core tools and infrastructure components we use and recommend for a streamlined, accurate, and efficient Mastercard L2 testing journey

 1. Mastercard TIP Tool (Terminal Integration Process)

• The Mastercard TIP Tool is an essential part of the certification process.
• It generates the Brand Conformance Test (BCT) report, which is required for Mastercard submission.
• Provides structured test cases that cover all critical transaction scenarios, CVM paths, cryptogram flows, and brand-specific behaviors.
• Supports log analysis and reporting in line with Mastercard’s validation criteria.

2. EMV Test Cards and Transaction Scripts

• A wide range of physical EMV test cards are used to simulate diverse card behaviors including
  • Valid and expired cards
  • Cards with corrupted data
  • Offline-only and online-only cards
  • Contact and contactless variants
• Scripts are used to drive specific transaction flows, such as ARQC generation, fallback to offline, and issuer script processing.
• Enables both positive and negative test case validation.

3. EMV Simulators

To replicate complex transaction flows without depending on live banking environments, EazyPayTech uses globally recognized EMV simulation tools, such as:

• UL EMVPro
  
  • Supports end-to-end transaction simulation for contact/contactless
  • Deep APDU-level tracing and tag validation
  • M/Chip and Visa qVSDC support
• Collis EMV Test Suite
  
  • Widely used for both terminal and card validation
  • Integrates with card readers and test platforms
  • Includes Visa, Mastercard, and other brand test plans
• KEOLABS EMV Test Bench
  
  • Includes smart card protocol analysis, script automation, and waveform capture
  • Ideal for debugging electrical-level issues and APDU timing
• Testech / Smartware / FIME Tools
  
  • Useful for specialized edge-case and proprietary testing environments

These tools allow for rapid test iteration, kernel debugging, and real-time traceability of every EMV step from application selection to script processing.

 4. Certified EMV Hardware and Terminal Environment

• Our testing is performed using real production-grade EMV terminals, including:
  • POS devices with contact + contactless interfaces
  • SoftPOS Android terminals
  • Self-service kiosks and wearable payment environments
• These terminals run certified EMV Level 1 stacks, ensuring that L2 testing results reflect genuine user scenarios.
• Enables compatibility testing across multiple form factors, input methods, and kernel versions.

📊 5. APDU Log Capture and Tag-Level Diagnostics

• Every transaction step is captured in detailed APDU logs, including:
  • SELECT AID
  • GET PROCESSING OPTIONS (GPO)
  • READ RECORDS
  • GENERATE AC
  • EXTERNAL AUTHENTICATE
• APDU command/response pairs are decoded and analyzed against EMV and Mastercard specs.
• Tag-level traceability helps pinpoint issues in:
  • TLV encoding
  • DOL construction
  • CVM selection
  • Cryptogram validation
• Enables rapid debugging and root-cause analysis using side-by-side test scripts and log comparisons.

6. Failure Injection & Negative Testing Framework

• Negative test cases help ensure robust kernel behavior under adverse conditions:
  • Missing tags or malformed APDUs
  • Card timeouts or application not found
  • Incorrect CVM or failed offline authentication
• Simulated faults are used to validate error-handling paths, TVR settings, and fallback logic as per Mastercard guidelines.

How EazyPay Tech Accelerates EMV Certification for Mastercard

EazyPay Tech’s EMV Software solutions and consultancy expertise form a comprehensive ecosystem designed to assist you at every stage of the Mastercard EMV L2 certification process. We begin by assessing your product’s readiness and identifying the gaps between your existing EMV Kernel and Mastercard’s requirements.

Our development team can build EMV-compliant kernels from the ground up or customize existing kernels for Mastercard-specific compliance. Whether you are building a new POS terminal, retrofitting legacy hardware, or deploying a mobile-based SoftPOS solution, we ensure your EMV Kernel meets the latest L2 specifications.

We also manage communications with EMVCo-accredited laboratories and Mastercard representatives on your behalf. Our consultants work alongside your technical team to ensure test case definitions are understood, anomalies are resolved promptly, and corrective patches are implemented swiftly.

Real-World Use Cases and Platforms

EazyPay Tech supports a wide array of platforms and use cases in the payment ecosystem. These include traditional POS terminals, smart ATMs, vending machines, self-service kiosks, QR code and Soundbox devices, and SoftPOS solutions running on Android or Linux-based devices.

Our EMV Software libraries and Kernel SDKs are optimized for embedded operating systems, real-time systems (RTOS), and mobile platforms. This adaptability allows us to provide one-stop EMV Certification solutions irrespective of the device class or form factor.

With the rise of mobile-first and tap-to-pay applications, our EMV Kernel stack is also tailored to meet PCI MPoC standards, enabling secure, card-present transactions on smartphones and tablets. These innovations make us a reliable partner for both hardware OEMs and fintech app developers.

Addressing Common EMV Kernel Certification Pitfalls

EMV Certification is notoriously meticulous. Many organizations fail due to avoidable mistakes like incorrect AID configurations, incomplete support for CVM fallback scenarios, and invalid TLV tag construction. The complexity of EMV Software often leads to overlooked conditions in transaction processing, especially in multi-application environments.

We help preempt these issues through rigorous pre-certification audits, automated regression tests, and use-case validations. By thoroughly analyzing command-response flows, tag handling, and data list constructions, we catch bugs and inconsistencies before they reach the formal evaluation stage.

Moreover, we track updates to Mastercard’s certification bulletins and test case repositories, ensuring that your product is not only compliant today but remains up to date as requirements evolve.

Certifying your EMV Kernel for Mastercard L2 compliance is a mission-critical step in your product’s success in global payment markets. This process is not only time-sensitive but also technically demanding. Attempting it without expert support can result in lost time, budget overruns, and failed launches.

At EazyPayTech, we bring deep industry knowledge, certified tools, and hands-on experience in EMV Software and EMV Certification. From kernel development to lab coordination and final approval, we serve as your extended technical team, accelerating your time-to-market while ensuring full compliance.

Our proven track record spans across global markets, terminal types, and payment innovations. Let us help you deliver Mastercard-certified payment devices that are secure, efficient, and ready for the future of commerce.

Get in Touch

Looking to certify your terminal for Mastercard Level 2? Need expert EMV Kernel development or EMV Software support?

Contact EazyPay Tech for end-to-end EMV Certification services:

• EMV L1, L2, L3 for POS, SoftPOS, ATM, Kiosks
• Contact and Contactless Kernel development
• Mastercard PayPass and MPoC support

📩 Email us at info@eazypaytech.com 🌐 Visit www.eazypaytech.com