SB n° 314 Update to TRMD

EMV® Specification Bulletin No. 314 Second Edition May 2026 Update to Terminal Risk Management Data (Book C-8) Applicability This Specification Bulletin applies to: EMV® Contactless Specifications for Payment Systems, Book C-8, Kernel 8 Specification, version 1.1, June 2023 Related Documents • EMV Contactless Specifications for Payment Systems Kernel 8 Guidance v1.0.1 Effective Date: • 1 July 2026 (DSB314 2nd edition - Background) This Specification Bulletin extends the usage of the Terminal Risk Management Data in addition to the two bits introduced in the 1st edition. The changes made in the 1st edition are shown in blue, and the changes between the 1st and 2nd editions are shown in red. Description The Terminal Risk Management Data (TRMD) indicates reader capabilities, requirements, and preferences to the Card. This Specification Bulletin proposes introducing introduces three use cases two additional bits to TRMD: a Deferred Authorisation bit, and a Transit Gate bit, and a byte for use by Payment Systems. These enhancements aim to improve the exchange of transaction context between terminals and Cards in the following transaction environments, and as with the existing bits, their implementation may vary across payment systems. When supported, they enable the provision of enhanced transaction context to the Cards. Deferred Authorisation: Deferred Authorisation is generally used in environments where immediate online authorisation is not always feasible, such as transit systems and inflight sales. Transit Gate: This bit may be used to indicate to the Card that the transaction is being initiated from a Contactless terminal normally located at public transportation entry or exit points. Byte Reserved for Use by Payment Systems: This byte is intended for proprietary use by Payment Systems. Note: The Kernel 8 Guidance document (v1.0.1) will also be updated to reflect the changes made by this Specification Bulletin. © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Page 1 [Details of the change] Add 'Deferred Authorisation' bit and ‘Transit Gate’ bit to the Table A.29 - Terminal Risk Management Data. Byte Byte 1 Byte 2 Byte 3 Byte 4 Byte 5 Byte 6 Byte 7 Byte 8 Bit b8 b7 b6 b5 b4 b3 b2-1 b8 b7 b6 b5 b4 b3 b2 b1 b8-1 b8 b7 b6 b5 b4-1 b8-1 b8-1 b8-1 b8-1 RFU Meaning Enciphered PIN verified online (Contactless) Signature (Contactless) RFU No CVM required (Contactless) CDCVM (Contactless) Each bit RFU CVM Limit exceeded Enciphered PIN verified online (Contact) Signature (Contact) Enciphered PIN verification performed by ICC (Contact) No CVM required (Contact) CDCVM (Contact) Plaintext PIN verification performed by ICC (Contact) RFU Each bit RFU CDCVM bypass requested SCA exempt Deferred Authorisation Transit Gate Each bit RFU Each bit RFU Each bit RFU Each bit RFU Each bit RFU Reserved for use by Payment Systems © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Page 2 Legal Notice The EMV® Specifications are provided “AS IS” without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in these Specifications. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AS TO THESE SPECIFICATIONS. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to the Specifications. EMVCo undertakes no responsibility to determine whether any implementation of the EMV® Specifications may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of the EMV® Specifications should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, the Specifications may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement these Specifications is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party’s infringement of any intellectual property rights in connection with the EMV® Specifications © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Page 3