EMV Biometric Card Specifications for Payment Systems - Biometric Card Provider Requirements

EMV® Biometric Card Specifications for Payment Systems Biometric Card Provider Requirements Version 1.0 January 2025 © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Confidential EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Legal Notice Page 2 /15 The EMV® Specifications are provided “AS IS” without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in these Specifications. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AS TO THESE SPECIFICATIONS. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to the Specifications. EMVCo undertakes no responsibility to determine whether any implementation of the EMV® Specifications may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of the EMV® Specifications should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, the Specifications may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement these Specifications is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party’s infringement of any intellectual property rights in connection with the EMV® Specifications. © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Contents 1 General 1.1 Scope 1.2 Audience 1.3 Related Information 1.4 Abbreviations 1.5 Terminology and Conventions 1.6 Overview 2 Terms and Concepts 2.1 Capture Transaction, Attempt and Presentation 2.2 Enrolment 2.3 Verification 2.3.1 2.3.2 2.3.3 Reliability Liveness Convenience 2.4 Nominal Confidence 3 Requirements 3.1 Nominal Circumstances 3.2 Verification Requirements 3.2.1 3.2.2 3.2.3 Reliability Presentation Attack Detection (Liveness) Convenience Page 3 /15 6 6 6 7 7 8 8 9 9 9 9 10 11 12 12 14 14 14 14 15 15 © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Tables Table 1.1: Table 1.2: Table 2.1: Table 2.3: Related Information Abbreviations Reliability Error Rates Liveness Error Rates Page 4 /15 7 7 10 11 © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Requirements Requirements 3.1: Nominal Circumstances Requirements 3.2: Reliability Requirements 3.3: Presentation Attack Detection Requirements 3.4: Convenience Page 5 /15 14 14 15 15 © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 6 /15 1 General This chapter contains information that helps the reader understand and use this specification. 1.1 Scope With biometric cards, cardholders can authenticate a payment transaction using a fingerprint rather than a PIN or signature. The card features an embedded fingerprint sensor that captures the cardholder’s fingerprint and then matches it with the fingerprint template stored on the card. The cardholder’s biometric data never leaves the card. The biometric card is accepted on existing EMV terminals without changes on the POS infrastructure. The EMV biometric card program consists of performance and security requirements and test and approval processes. This document describes the performance requirements for biometric verification. 1.2 Audience This document is intended for use by: • Accredited laboratories • Biometric sensor vendors • Card vendors • Any other biometric card provider It may also be useful for financial institution staff responsible for launching a biometric card product. © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 7 /15 1.3 Related Information The following references are used in this document. It is noted that the latest version applies unless a publication date is explicitly stated. Reference [EMVCLD] [ISO-19795-1] [ISO-2382-37] [ISO-30107-3] Table 1.1: Related Information Document Title EMV Level 1 Specifications for Payment Systems, EMV Contactless Interface Specification Information technology — Biometric performance testing and reporting — Part 1: Principles and framework Information technology — Vocabulary — Part 37: Biometrics Biometric presentation attack detection — Part 3: Testing and reporting 1.4 Abbreviations The abbreviations listed in Table 1.2 are used in this specification. Abbreviation FAR FRR IAPAR PAD PAI Table 1.2: Abbreviations Description False Accept Rate False Reject Rate Impostor Attack Presentation Accept Rate Presentation Attack Detection Presentation Attack Instrument © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 8 /15 1.5 Terminology and Conventions The following words are used often in this specification and have a specific meaning: shall Defines a product or system capability which is mandatory. should Defines a product or system capability which is recommended. may Defines a product or system capability which is optional or a statement which is informative only and is out of scope for this specification. Requirement Numbering Requirements in this specification are uniquely numbered with the number appearing next to each requirement: For example: 5.1.1.2 The maximum FAR shall be 0.01% with a confidence level of 95%. A requirement may have different numbers in different versions of the specifications. Hence, all references to a requirement should include the version of the specification as well as the requirement’s number. 1.6 Overview The first chapter of the document is this chapter, providing you with an overview. The second chapter introduces terms and concepts used around biometric cards and biometric verification. The third chapter defines performance requirements around biometric verification. © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 9 /15 2 Terms and Concepts 2.1 Capture Transaction, Attempt and Presentation Capture transaction, attempt, and presentation are defined in [ISO-19795-1] and are reminded below. A capture transaction may consist of one or more attempts to either enroll or verify. Each attempt may itself consists of one or more presentations and each presentation may capture one or more (biometric) samples. To illustrate this: • When a system allows three attempts to enroll or verify, an enrolment or verification transaction consists of one attempt, or two attempts if the first attempt is unsuccessful, or three attempts if the first two attempts are unsuccessful. • An enrolment or verification attempt can require a specific number of presentations, for instance, three separate placements of a finger on a sensor within a set period. In general, a system may capture multiple samples during a single presentation. For instance, a fingerprint system may capture multiple fingers in a single presentation. In the case of biometric card, a single fingerprint presentation is required during a payment transaction. A single attempt and a single capture transaction are possible during a payment transaction. 2.2 Enrolment Enrolment, also known as registration, is the act of capturing one or more biometric samples, extracting the biometric features to create biometric references and storing these references into the biometric template – all in accordance with an enrolment policy. Requirements for enrolment are out of scope for this document. 2.3 Verification Once enrolled, customers will present their card with the finger on the biometric sensor. From the captured sample, the sensor and associated software extract the biometric features into a biometric probe and compare this probe against the biometric template. If there is a sufficient match, the customer is verified or authenticated. This process is referred to as “Verification”. The quality of the service – here biometric verification that is reliable and convenient enough for payment – is determined by the reliability and the convenience of the verification. © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 10 / 15 2.3.1 Reliability The uniqueness of the biometric characteristics, amongst other elements, will determine whether a person is correctly authenticated or not. Being too relaxed when comparing the captured characteristics against the reference characteristics allow someone other than the genuine user to appear as the genuine user – a false positive. Being too stringent will result in a genuine user not being authenticated – a false negative. The reliability of the verification is expressed as a compromise of a false positive error rate and a false negative error rate. The different error rates are specified in [ISO-19795-1]. Definitions of False Accept Rate (FAR) and False Reject Rate (FRR) are reminded in Table 2.1. Term False Accept Rate False Reject Rate Table 2.1: Reliability Error Rates Definition Proportion of verification transactions with false biometric claims that are erroneously accepted. FAR is calculated as follows: 𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁 𝑜𝑜𝑜𝑜 𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎 𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡 𝑤𝑤𝑤𝑤𝑤𝑤ℎ 𝑓𝑓𝑓𝑓𝑓𝑓𝑓𝑓𝑓𝑓 𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐 𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁 𝑜𝑜𝑜𝑜 𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡 𝑤𝑤𝑤𝑤𝑤𝑤ℎ 𝑓𝑓𝑓𝑓𝑓𝑓𝑓𝑓𝑓𝑓 𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐 Proportion of verification transactions with true biometric claims that are erroneously rejected. FRR is calculated as follows: 𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁 𝑜𝑜𝑜𝑜 𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟 𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡 𝑤𝑤𝑤𝑤𝑤𝑤ℎ 𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡 𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐 𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁 𝑜𝑜𝑜𝑜 𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡 𝑤𝑤𝑤𝑤𝑤𝑤ℎ 𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡 𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏𝑏 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐 The maximum values for FAR and FRR are defined independently of the number of fingers that are or could be enrolled. The maximum number of enrollable fingers is an implementation option for the vendor. A biometric card solution that allows enrolment of n fingers may be tested with up to n different fingers enrolled. Note that the issuer may restrict the number of enrollable fingers to m, with 1 ≤ m ≤ n through a configuration or personalization setting. Post-enrolment Template update is allowed to improve the user experience in the field. If infinite template update is supported, a configuration to deactivate infinite template update must be supported to allow repeatable testing. © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 11 / 15 2.3.2 Liveness A fraudster may attempt to copy the fingerprints of a cardholder and get hold of the card itself. This copy would be designed to allow the sensor to collect a sample from it and extract the biometric characteristic - similar to a ‘live’ sample. When successful, the fraudster can then present this copy when paying, acting as the genuine cardholder. A Presentation Attack Instrument (PAI) is a biometric characteristic, or an object used in a presentation attack. The fingerprint encoded on the PAI comes from (one of) the finger(s) enrolled into the card. This process assumes full subject co-operation during the process of PAI creation. Three levels of attacks – and their corresponding PAIs - are defined by EMVCo to simulate those spoofing attacks: Level A, B and C. The levels of details for each type of attack are: • Level A: low resolution of ridges and valleys. • Level B: medium to high resolution of ridges and valleys. • Level C: superior resolution of ridges, valleys, and pores. The PAIs creation process is confidential and shared only with EMVCo accredited laboratories. Liveness (detection) of the biometric sample, also known as Presentation Attack Detection (PAD), stops these artefacts from being effective and so stops a fraudster from impersonating an individual using their (copied) biometrics. Similar to the reliability, PAD is a compromise between declining genuine transactions on the suspicion of an imposter attack (a false negative) and accepting a fake transaction because the checks around ‘liveness’ are not stringent enough (a false positive). Term Impostor Attack Presentation Accept Rate (IAPAR) Table 2.2: Liveness Error Rates Definition The proportion of impostor attack presentations using PAI species that are erroneously accepted. IAPAR is calculated as follows: 𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁 𝑜𝑜𝑜𝑜 𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎 𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡 𝑤𝑤𝑤𝑤𝑤𝑤ℎ 𝑎𝑎 𝑃𝑃𝑃𝑃𝑃𝑃 𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁𝑁 𝑜𝑜𝑜𝑜 𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡 𝑤𝑤𝑤𝑤𝑤𝑤ℎ 𝑎𝑎 𝑃𝑃𝑃𝑃𝑃𝑃 © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 12 / 15 2.3.3 Convenience The time during which the customer must present their biometric card and hold it in front of the contactless reader has a major impact on transaction convenience. Customers have become used to card-in-field times of less than half a second and an additional biometric verification, while taking extra time, should not unduly extend this time. For capturing and verifying the biometric, the card budget is increased with ∆Tverification. This card budget increase is independent of the number of fingers that are enrolled or whether a finger is placed on the sensor (before the measurement starts) or not. Transaction time is less of an issue for contact transactions, where the card is dipped and typically remains in the reader until authorization is completed. The requirements around convenience are therefore based on the needs for contactless and the card’s performance is measured within the operating volume at nominal conditions as defined in [EMVCLD]. 2.4 Nominal Confidence The requirements in this document are intended to provide a reasonable level of confidence to all stakeholders that the system provides a reliable and convenient service to cardholders. A practical approach is to collect a set of samples and apply statistics to derive a confidence level around the requirement. A confidence level expresses the (un)certainty on the findings resulting from this sampling, as the sampling is done on a subset of the population. A confidence level of x % associated to a maximum value means that if a poll is repeated using the same techniques, x% of the time the true population parameter will fall below this value. When the statistic is a rare event, such as a false positive, there is a simple approach to estimate the number of samples that need to be taken to obtain a given confidence level. For a 95% confidence level, this approach is referred to as ‘the Rule of 3’. Say that p is the probability that an event happens, for instance a false positive; then 1-p is the probability that the event doesn’t happen and (1-p)N is the probability that the event does not happen in N consecutive trials. If we set the maximum probability equal to 0.05, which is the equivalent of a confidence level of 95% (0.05 = 1 - 0.95), then we get the following equation: (1-p)N ≤ 0.05. For a given probability of p, this allows to determine the (minimum) value of N, with N the number of consecutive trials needed to get the 95% confidence level. © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 13 / 15 Through some additional steps1, it’s then possible to come to the following equation: N ≥ 3/p To test with a confidence level of 95% that the probability of an event is p or less, one needs to perform N trials, where N is equal to 3 times the inverse of the probability p and, over these N trials, the event should never happen. For instance, to test that a false positive happens no more than 1 in 10,000 with 95% confidence level, one needs to make 30,000 independent trials and none of these trials should result in a false positive. 1 ln{(1-p)N } ≤ ln{0.05}; N ln{(1-p) } ≤ -2.99 ≈-3 ;N (-p) ≤ -3; Np ≥ 3 © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 14 / 15 3 Requirements 3.1 Nominal Circumstances The following requirements apply. Requirements 3.1: Nominal Circumstances Nominal Circumstances For nominal temperature, the ambient temperature shall be between 20 and 26o C (i.e., between 68 and 79o F) For nominal humidity the (relative) humidity shall be between 40% and 60% at the above nominal temperature. 3.2 Verification Requirements This chapter contains the biometric verification requirements for the biometric card. 3.2.1 Reliability The following requirements apply. Reliability Requirements 3.2: Reliability The maximum FAR shall be 0.01%. The maximum FRR shall be 5%. Confidence Level (%) 95 95 © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Specifications for Payment Systems Biometric Card Provider Requirements 1.0 Page 15 / 15 3.2.2 Presentation Attack Detection (Liveness) The following requirements apply, for a given set of reference artefacts. Requirements 3.3: Presentation Attack Detection Presentation Attack Detection For level A attacks, the overall IAPAR (average of all individual PAI IAPARs) shall be less than or equal to 1%. For level A attacks, no individual PAI IAPAR shall be above 3% For level B attacks, the overall IAPAR (average of all individual PAI IAPARs) shall be less than or equal to 15%. For level B attacks, no individual PAI IAPAR shall be above 20% with the exception of two PAIs. For those two exceptions, the individual PAI IAPAR shall be less than or equal to 40%. 3.2.3 Convenience The following requirements apply. Requirements 3.4: Convenience Convenience ∆Tverification, the maximal incremental time to allow for biometric capture and verification, shall be 800 milliseconds. © 2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.