ℹ️
Tracked metadata: Sourced from EMVCo's public document index. PCI Watch records each document's details and its extracted text so changes can be tracked over time; the document PDF itself is hosted by EMVCo.
View on EMVCo.com →

Book C-5 Kernel Specification

v2.12 Specifications
Contactless Acceptance Device
Extracted document text

EMVCo's index flattens the document's layout, so this text is best used for searching and comparing versions rather than reading end-to-end.

This document is large; EMVCo's index truncates its extracted text, so the excerpt below is partial.

© 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV ® Contactless Specifications for Payment Systems Book C-5 Kernel 5 Specification Version 2.12 June 2026 EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page ii © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Legal Notice Unless the user has an applicable separate agreement with EMVCo or with the applicable payment system, any and all uses of these Specifications is subject to the terms and conditions of the EMVCo Terms of Use agreement available at www.emvco.com and the following supplemental terms and conditions. The license granted in the EMVCo Terms of Use specifically excludes (a) the right to disclose, distribute or publicly display these Specifications or otherwise make these Specifications available to any third party, and (b) the right to make, use, sell, offer for sale, or import any software or hardware that practices, in whole or in part, these Specifications. Further, EMVCo does not grant any right to use the Kernel Specifications to develop contactless payment applications designed for use on a Card (or components of such applications). As used in these supplemental terms and conditions, the term “Card” means a proximity integrated circuit card or other device containing an integrated circuit chip designed to facilitate contactless payment transactions. Additionally, a Card may include a contact interface and/or magnetic stripe used to facilitate payment transactions. To use the Specifications to develop contactless payment applications designed for use on a Card (or components of such applications), please contact the applicable payment system. To use the Specifications to develop or manufacture products, or in any other manner not provided in the EMVCo Terms of Use, please contact EMVCo. These Specifications are provided "AS IS" without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in these Specifications. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AS TO THESE SPECIFICATIONS. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to the Specifications. EMVCo undertakes no responsibility to determine whether any implementation of these Specifications may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of these Specifications should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, the Specifications may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement these Specifications is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party's infringement of any intellectual property rights in connection with these Specifications. EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page iii © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Revision History The following changes have been made to Book C-5 since the publication of version 2.11. Change bars are used in this specification to denote the sections that have been updated. Some of the numbering and cross references in this specification have been updated to reflect the modifications made in the new version. In addition to the below, minor editorial clarifications and corrections may be added for readability. No. Revision Date Chapter Contents of Revision 1 June, 2026 All Previously released Specification Bulletins listed below have been incorporated SB 313-Update-to-C-5 (second edition) SB316-Update-to-C-5 SB322-Update-to-C-5 EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page iv © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Contents 1 Introduction ........................................................................................................ 1 1.1 Scope .......................................................................................................... 1 1.2 Audience ..................................................................................................... 1 1.3 Volumes of the Contactless Specifications .................................................. 1 1.4 Reference Materials .................................................................................... 1 1.5 Overview ..................................................................................................... 2 1.6 Conventions ................................................................................................ 3 1.7 Terminology ................................................................................................ 3 2 Overview of the Kernel 5 Approach .................................................................. 4 2.1 Two Transaction Modes .............................................................................. 4 2.1.1 EMV Mode ....................................................................................... 4 2.1.2 Legacy Mode ................................................................................... 5 2.2 Transaction Processing ............................................................................... 6 2.3 High Level Transaction Flow ....................................................................... 8 2.4 Implementation Options and Acquirer Options .......................................... 11 2.4.1 Implementation Options ................................................................. 11 2.4.2 Acquirer Options ............................................................................ 12 3 Kernel Processing ........................................................................................... 14 3.1 Kernel Activation ....................................................................................... 14 3.2 Transaction Initialisation ............................................................................ 20 3.3 Initiate Application Processing ................................................................... 23 3.4 Read Application Data............................................................................... 26 3.5 Terminal Risk Management....................................................................... 29 3.5.1 Contactless Limit Check ................................................................ 29 3.5.2 CVM Required Limit Check............................................................ 29 3.5.3 Floor Limit Check ........................................................................... 30 3.5.4 Random Transaction Selection ...................................................... 30 3.5.5 Exception File Check ..................................................................... 31 3.6 Processing Restrictions ............................................................................. 32 3.6.1 Application Usage Control Check .................................................. 32 3.6.2 Application Expiration Date Check ................................................. 32 3.6.3 Application Effective Date Check ................................................... 33 3.7 Terminal Action Analysis ........................................................................... 34 3.8 Completion – EMV Mode .......................................................................... 36 3.8.1 GENERATE AC Command ............................................................ 36 3.8.2 Offline Data Authentication ............................................................ 39 3.8.3 CVM Processing ............................................................................ 40 3.8.4 Transaction Outcome .................................................................... 42 EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page v © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3.9 Completion – Legacy Mode ....................................................................... 45 3.9.1 GENERATE AC Command ............................................................ 45 3.9.2 CVM Processing ............................................................................ 46 3.9.3 Online Request Outcome .............................................................. 47 3.10 Issuer Update Processing ......................................................................... 49 3.10.1 Issuer Update Initialisation ............................................................. 49 3.10.2 Critical Script Processing ............................................................... 50 3.10.3 Second GENERATE AC Command ............................................... 51 3.10.4 Transaction Outcome .................................................................... 53 3.10.5 Non-critical Script Processing ........................................................ 55 3.11 Error Handling ........................................................................................... 57 3.11.1 Processing Errors .......................................................................... 57 3.11.2 Communication Errors ................................................................... 57 3.11.3 Transaction Cancellation ............................................................... 58 3.12 Transaction Outcomes .............................................................................. 59 3.12.1 Approved ....................................................................................... 59 3.12.2 Online Request .............................................................................. 61 3.12.3 Online Request (“Two Presentments”) ........................................... 63 3.12.4 Online Request (“Present and Hold”) ............................................. 65 3.12.5 Declined ........................................................................................ 67 3.12.6 Try Another Interface ..................................................................... 68 3.12.7 End Application .............................................................................. 69 3.12.8 End Application (with restart – communication error) ..................... 70 3.12.9 Try Again (with restart - CDCVM) .................................................. 71 3.12.10 Select Next ............................................................................... 72 4 APDU command description ........................................................................... 73 4.1 First GENERATE APPLICATION CRYPTOGRAM .................................... 74 4.2 Second GENERATE APPLICATION CRYPTOGRAM ............................... 77 4.3 GET PROCESSING OPTIONS ................................................................. 79 4.4 READ RECORD........................................................................................ 81 4.5 SELECT .................................................................................................... 82 Annex A Coding of Data Elements Used in Transaction Flow ................. 83 A.1 Application Interchange Profile (AIP) (Tag ‘82’) ......................................... 83 A.2 Cardholder Verification Status (Tag ‘9F50’) ............................................... 84 A.3 Combination Options ................................................................................. 85 A.4 CVM Results (Tag ‘9F34’) ......................................................................... 86 A.5 Device Information (Tag ‘9F6E’) ................................................................ 87 A.6 Issuer Update Parameter (Tag ‘9F60’) ...................................................... 89 A.7 Partner Discretionary Data (Tag ‘9F7C’).................................................... 89 A.8 Terminal Compatibility Indicator (Tag ‘9F52’) ............................................ 91 EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page vi © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. A.9 Terminal Interchange Profile (static/dynamic) (Tag ‘9F53’) ........................ 92 A.10 Terminal Verification Results (Tag ‘95’) ..................................................... 93 Annex B Data Elements Dictionary............................................................ 96 Annex C Kernel 5 Transaction Record .................................................... 110 Annex D Default Terminal Action Code values ....................................... 114 Annex E Glossary ..................................................................................... 117 EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page vii © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Figures Figure 2-1: High-Level Sample Transaction Flow...................................................... 9 Tables Table 1-1: Conventions used for data format ............................................................. 3 Table 1-2: Terminology .............................................................................................. 3 Table 3-1: Static Kernel Configuration Parameters ................................................. 15 Table 3-2: Dynamic Transaction Parameters .......................................................... 18 Table 4-1: List of APDU commands used by the Kernel .......................................... 73 Table 4-2: Legacy Mode - Data Objects Included in Response to First GENERATE AC ......................................................................................................... 74 Table 4-3: EMV Mode - Data Objects Included in Response to First GENERATE AC for [TC returned] or [ARQC returned, CDA requested] .......................... 75 Table 4-4: EMV Mode - Data Objects Included in Response to First GENERATE AC for [ARQC returned, CDA not requested] .............................................. 75 Table 4-5: EMV Mode - Data Objects Included in Response to First GENERATE AC for [AAC returned] ................................................................................. 76 Table 4-6: Data Objects Included in Response to Second GENERATE AC ............. 77 Table 4-7: Data Objects Included in Response to GET PROCESSING OPTIONS .. 80 Table A-1: Application Interchange Profile .............................................................. 83 Table A-2: Cardholder Verification Status ............................................................... 84 Table A-3: Combination Options ............................................................................. 85 Table A-4-1: CVM Results ...................................................................................... 86 Table A-4-2: Setting of CVM Results ...................................................................... 87 Table A-5: Device Information................................................................................. 87 Table A-6: Issuer Update Parameter........................................................................ 89 Table A-7: Partner Discretionary Data ..................................................................... 89 Table A-8: Terminal Compatibility Indicator............................................................. 91 Table A-9: Terminal Interchange Profile .................................................................. 92 Table A-10: Terminal Verification Results ................................................................ 93 Table B-1: Data Elements Dictionary ...................................................................... 96 Table C-1: Minimum Data Elements returned as Transaction Record ................... 110 Table D-1: Default Terminal Action Code values................................................... 114 EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page viii © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Requirements Requirement – Static Configuration Parameters ...................................................... 14 Requirement – Dynamic Transaction Parameters .................................................... 14 Requirement – Transaction continuation .................................................................. 20 Requirement – SELECT response analysis ............................................................. 20 Requirement – Variable Initialisation ........................................................................ 21 Requirement – Terminal Interchange Profile ............................................................ 21 Requirement – Legacy Mode Detection ................................................................... 22 Requirement – PDOL Processing and GPO Command ........................................... 23 Requirement – GPO Response Analysis ................................................................. 24 Requirement – Reading Records ............................................................................. 26 Requirement – Presence of Mandatory Data Elements ........................................... 26 Requirement – Contactless Limit Check .................................................................. 29 Requirement – CVM Required Limit Check.............................................................. 29 Requirement – Floor Limit Check ............................................................................. 30 Requirement – Random Transaction Selection ........................................................ 30 Requirement – Exception File Check ....................................................................... 31 Requirement – Application Usage Control ............................................................... 32 Requirement – Application Expiration Date .............................................................. 32 Requirement – Application Effective Date ................................................................ 33 Requirement – Terminal Action Analysis ................................................................. 34 Requirement – Terminal Action Analysis Completion ............................................... 35 Requirement – CDOL1 Processing .......................................................................... 36 Requirement – GENERATE AC ............................................................................... 36 Requirement – GENERATE AC Response Analysis ................................................ 37 Requirement – Card Removal.................................................................................. 39 Requirement – CDA Signature Verification .............................................................. 40 Requirement – CVM Evaluation ............................................................................... 40 Requirement – CVM Consistency Check ................................................................. 41 Requirement – CDCVM Contactless Transaction Limit and Contactless Limit Check .............................................................................................................. 42 Requirement – Decision of Transaction Outcome .................................................... 43 Requirement – Setting of Outcome Parameters ....................................................... 44 Requirement – Providing of Transaction Outcome ................................................... 44 Requirement – CDOL1 Processing .......................................................................... 45 Requirement – GENERATE AC ............................................................................... 45 Requirement – CVM Required Check ...................................................................... 46 Requirement – CVM Evaluation ............................................................................... 47 Requirement – Decision of Online Request Outcome .............................................. 47 Requirement – CVM Consistency Check ................................................................. 48 Requirement – Providing of Transaction Outcome ................................................... 48 EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page ix © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Requirement – SELECT response analysis ............................................................. 49 Requirement – Critical Script Processing ................................................................. 50 Requirement – Critical Script Processing Completion .............................................. 51 Requirement – CDOL2 Processing .......................................................................... 52 Requirement – GENERATE AC ............................................................................... 52 Requirement – GENERATE AC Response Analysis ................................................ 53 Requirement – Transaction Outcome ...................................................................... 53 Requirement – Non-critical Script Processing .......................................................... 55 Requirement – Non-critical Script Processing Completion ....................................... 56 Requirement – Processing Errors - Default .............................................................. 57 Requirement – Communication Errors – Issuer Updates ......................................... 57 Requirement – Communication Errors – General..................................................... 58 Requirement – Transaction cancellation by Reader ................................................. 58 Requirement – Approved Outcome .......................................................................... 59 Requirement – Online Request Outcome ................................................................ 61 Requirement – Online Request Outcome (“Two Presentments”) ............................. 63 Requirement – Online Request Outcome (“Present and Hold”) ................................ 65 Requirement – Declined Outcome ........................................................................... 67 Requirement – Try Another Interface Outcome ........................................................ 68 Requirement – End Application................................................................................ 69 Requirement – Communication Errors ..................................................................... 70 Requirement – CDCVM to be Performed ................................................................. 71 Requirement – Select Next ...................................................................................... 72 EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page 1 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 1 Introduction This chapter contains information that helps the reader understand and use this specification. 1.1 Scope This document, the EMV Contactless Specifications for Payment Systems, Kernel 5 Specification, describes one of several Kernels defined for use with Entry Point. 1.2 Audience This specification is intended for use by reader providers and financial institution staff responsible for implementing financial applications. 1.3 Volumes of the Contactless Specifications This specification is part of a multi-volume set: Book A: Architecture and General Requirements Book B: Entry Point Specification Book C-n: Kernel Specifications Book E: Security and Key Management EMV L1 Contactless : EMV Contactless Interface Specification 1.4 Reference Materials The following specifications and standards contain provisions that are referenced in this specification. The latest version shall apply unless a publication date is explicitly stated. If any provision or definition in this specification differs from those in the listed specifications and standards, the provision or definition herein shall take precedence. [EMV] EMV Integrated Circuit Card Specifications for Payment Systems, including: EMV ® Contactless Specifications for Payment Systems 1 Introduction Kernel C-5 Specification v2.12 1.5 Overview June 2026 Page 2 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. [EMV Book 1] EMV Integrated Circuit Card Specifications for Payment Systems, Book 1, Application Independent ICC to Terminal Interface Requirements [EMV Book 2] EMV Integrated Circuit Card Specifications for Payment Systems, Book 2, Security and Key Management [EMV Book 3] EMV Integrated Circuit Card Specifications for Payment Systems, Book 3, Application Specification [EMV Book 4] EMV Integrated Circuit Card Specifications for Payment Systems, Book 4, Cardholder, Attendant, and Acquirer Interface Requirements 1.5 Overview This volume includes the following chapters and annexes: Chapter 1 contains general information that helps the reader understand and use this specification. Chapter 2 provides an overview of the Kernel 5 approach, including implementation/acquirer options and a high level transaction flow description. Chapter 3 specifies transaction processing for Kernel 5. Chapter 4 lists and describes the APDU commands used by Kernel 5. Annex A defines data elements that are specific to Kernel 5. Annex B is a dictionary of data elements used by Kernel 5 during the transaction processing. Annex C lists data elements that are required in the transaction record for approved, declined, and online requested transactions. Annex D defines the default Terminal Action Codes used by Kernel 5. Annex E is a glossary of terms and abbreviations used in this specification. EMV ® Contactless Specifications for Payment Systems 1 Introduction Kernel C-5 Specification v2.12 1.6 Conventions June 2026 Page 3 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 1.6 Conventions Table 1-1: Conventions used for data format Convention Meaning a Alphabetic an Alphanumeric ans Alphanumeric Special b Binary cn Compressed Numeric n Numeric n y Numeric value of y digits (Example n 12 means 12 digits numeric value) YYMMDD Year, Month, Day x Numeric value in decimal ‘x’ Numeric value in hexadecimal “abc” Data string var. Variable value For data elements which have multiple bytes in this specification, the first byte or byte 1 is the leftmost byte, while the last byte is the rightmost byte. 1.7 Terminology Table 1-2: Terminology Terminology Meaning Shall, “is mandatory” Denotes a mandatory requirement. Should, may, can, “is optional” Denotes an optional requirement. if test_condition then action_true else action_false Denotes a conditional test action, action_true is performed when test_condition result is true, action_false is performed when test_condition result is false. and Logical AND which connects two conditional requirements or Logical OR which connects two conditional requirements = Logical comparison of two values N/A Not applicable EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page 4 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 2 Overview of the Kernel 5 Approach This section is a high-level description of Kernel 5 features, capabilities, and processes. Further details about the Transaction Flow and its implementation can be found in Section 3. 2.1 Two Transaction Modes Kernel 5 shall always support EMV Mode and Legacy Mode. 2.1.1 EMV Mode EMV Mode is designed for Chip Grade payment infrastructures. The support of EMV Mode is mandatory on the Kernel side (Acquirer). The card will select to conduct the transaction in EMV Mode when the card supports it. The EMV Mode has many similarities with the transaction flow designed for contact EMV chips and defined in [EMV]. It is however simplified and adapted for contactless ergonomics. Here are the main features: • Online/offline capability: EMV Mode transactions can be completed either online or offline. When completed online, the card is normally not informed about the final transaction outcome. • Offline Data Authentication: The kernel shall support CDA when at least one of the conditions below is fulfilled: o the Kernel is offline-capable; o the Kernel is installed in a transit reader (where Cardholder Verification is bypassed); o the Kernel accepts CDCVM verification. Other data authentication methods (SDA, DDA) are not supported. • Online Data Authentication: An ARQC cryptogram is generated by the card and verified by the Issuer host system. • Cardholder Verification: The card determines the CVM requirement based on issuer preference and acquirer requirement and the Kernel performs the selected CVM. EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.1 Two Transaction Modes June 2026 Page 5 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 2.1.2 Legacy Mode Legacy Mode is available for Chip Grade acquirers to satisfy specific market requirements. Please refer to payment system rules for further details. Here are the main features: • Online/offline capability: Legacy Mode transactions are always authorised online. The card is not informed about the final transaction outcome. • Offline Data Authentication: N/A • Online Data Authentication: An ARQC cryptogram is generated by the card and verified by the Issuer host system. • Cardholder Verification: If the amount exceeds the CVM Required Limit, the Kernel analyses the CVM List from the card to determine the CVM requirement. EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.2 Transaction Processing June 2026 Page 6 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 2.2 Transaction Processing The transaction processing is summarised below. 1. Entry Point determines the most relevant Combination {ADF Name, AID, Kernel ID, Application Priority Indicator} to process the transaction, based on Reader Combinations and the card’s ADF parameters in the PPSE Response (Application Priority Indicator, Kernel Identifier). 2. Entry Point activates the Kernel to process the transaction. The reader provides transaction data and the relevant configuration parameters to the Kernel. a. Based on the card response to the SELECT (DF Name) command, the Kernel can determine whether it is a legacy card or not. 3. The Kernel sends the GET PROCESSING OPTIONS command to the card to initialise the card application. a. Card returns the Application Interchange Profile (AIP) and the Application File Locator (AFL). b. For non-legacy cards, the card response enables to detect that the card has selected the EMV Mode. 4. The Kernel reads the card data as indicated by the AFL. 5. The Kernel performs Terminal Risk Management, which consists of several verifications: a. Contactless Limit Check b. CVM Limit Check c. Floor Limit Check (EMV Mode only) d. Random Transaction Selection (EMV Mode only) e. Exception File Check (option only applying to EMV Mode) These verifications update the Terminal Verification Results (TVR). 6. The Kernel performs Processing Restrictions, which consists of several verifications: a. Application Usage Control (EMV Mode only) b. Application Expiration Date c. Application Effective Date These verifications update the Terminal Verification Results (TVR). EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.2 Transaction Processing June 2026 Page 7 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 7. Based on the TVR value, as well as Terminal Action Codes (TAC) and Issuer Action Codes (IAC), the Kernel computes the first transaction outcome. a. If the outcome is a Decline, the transaction is declined offline and the Kernel provides a Declined Outcome to the Entry Point. b. In the case of Legacy Mode, unless the payment application declines the transaction, then the outcome is Online Authorisation. 8. The Kernel then completes the transaction in the following steps: a) If the transaction is in EMV Mode: • The Kernel issues a GENERATE AC command including Combined Data Authentication (CDA) request when supported. • If the card approves or sends the transaction for authorisation (TC/ARQC), the card response includes a CDA signature (if requested by the Kernel) as well as the decision of the card regarding the Cardholder Verification Method (CVM) to be applied. • The Kernel verifies the CDA signature (if any) and if valid, executes the card decision (TC/ARQC) and CVM policy.The Kernel then provides an Approved or Online Request Outcome corresponding to the decision for this transaction to the Entry Point. b) If the transaction is in Legacy Mode: • The Kernel issues a GENERATE AC command requesting an online authorisation (ARQC) without CDA. • The card returns the ARQC cryptogram. • If the CVM Required Limit is exceeded, the Kernel analyses the CVM list from the card to find an appropriate method. • The Kernel provides an Online Request Outcome to the Entry Point for this transaction for online authorisation. 9. Optionally, if the transaction is in EMV Mode and the Transaction Outcome is Online Request, the reader may reactivate the Kernel when the online response from the Issuer contains any information. At this point, the card may still be in the field (e.g. “present-and-hold”) or requested to be presented again (e.g. “two presentments”). • For “present-and-hold”: when returning the ARQC cryptogram, the card informs simultaneously the Kernel that it shall be maintained in the contactless field during the online authorisation. After receiving the online response, Issuer Scripts and/or Issuer Authentication Data can be transmitted to the card. EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.3 High Level Transaction Flow June 2026 Page 8 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. • For “two presentments”: when returning the ARQC cryptogram, the card informs simultaneously the Kernel that it supports a second presentment. After receiving the online response, the cardholder is asked by Entry Point to present the card again, and Issuer Scripts and/or Issuer Authentication Data can be transmitted to the card. 2.3 High Level Transaction Flow Figure 2-1 below illustrates the high level transaction flow of Kernel 5. The purpose is to provide a summarised overview of the normal Kernel 5 processing and is not prescriptive. Note that specific processes like Issuer Update is not represented in this figure which features only a nominal transaction flow. Details about each step of the transaction can be found in Section 3. EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.3 High Level Transaction Flow June 2026 Page 9 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Figure 2-1: High-Level Sample Transaction Flow CARD REMOVAL Legacy Card? Legacy mode supported? Transaction Flow Select NextYes No GET PROCESSING OPTIONS READ RECORD(s) Terminal Risk Management: - Contactless Limit Check - CVM Limit Check - Floor Limit Check - Random Selection - Exception File Check Yes Processing Restrictions - Application Usage Control - Application Expiration Date - Application Effective Date (Card exception) (Card exception) Terminal Action Analysis GENERATE AC (ARQC) GENERATE AC (CDA) Declined EMV/Legacy Mode, Declined CDA Verification NOK EMV Mode, Approved/Online Legacy Mode, Online TC/ARQC CVM Process (Legacy Mode) CVM Process (EMV Mode) Online Request Approved TC ARQC End Application (1st tap) AAC SELECT (PPSE) SELECT (DF) Discovery Process handled by Entry Pont NOK Declined NOK Try Another Interface NOK (when terminal supports contact I/F) EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.3 High Level Transaction Flow June 2026 Page 10 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. online response SELECT (ADF) contain Issuer Script Template 1? (tag ‘71’) contain Issuer Authentication Data (tag ‘91’) orIssuer Script Template 2? (tag ‘72’) 2nd GENERATE AC IssuerScriptCommands contain Issuer Script Template 2? (tag ‘72’) End Application IssuerScriptCommands DeclinedApproved Case of"present-and-hold" Case of "two presentment" No Yes Yes Yes No Prepared Outcome is "Approved" Prepared Outcome is "Declined" SW=9000 Incorrect FCI Prepare Outcome -SW≠9000 -incorrectformat Correct FCI No EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.4 Implementation Options and Acquirer Options June 2026 Page 11 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 2.4 Implementation Options and Acquirer Options 2.4.1 Implementation Options The provider of Kernel 5 will choose whether to support or not the following options in the Kernel 5 implementation: • Offline Data Authentication o This implementation option enables support of CDA to authenticate the card. CDA is only used for EMV Mode. o Kernel 5 implementations for offline-capable readers, transit readers, or readers accepting CDCVM shall support this option. • Exception File Check o This implementation option enables Kernel 5 to check during the transaction whether the card appears in the Acquirer Exception File. o Exception File Check is only used for EMV Mode. o Implementations for transit readers shall support this option. o The Data Exchange mechanism enable readers to update Acquirer Exception File. Readers supporting Exception File Check should support Data Exchange. o The exact implementation of this option is left at the discretion of the implementer. It may, for instance, take advantage of the Data Exchange mechanism described in Book A. • Random Transaction Selection o This implementation option enables readers to select transactions randomly for online authorisation. o Random Transaction Selection is only used for EMV Mode. o Implementations for offline with online capable readers shall support this option. • Issuer Update o This implementation option enables to convey EMV data (Issuer Authentication Data and/or Issuer Scripts, which are/is optionally present in the Authorisation Response Message) to the contactless card, upon completion of the Authorisation process. EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.4 Implementation Options and Acquirer Options June 2026 Page 12 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. o An Issuer Update may be transmitted to the card in one of two forms: either as a single presentment of the card (i.e. card remains in the contactless field while the authorisation process is ongoing), or as a second presentment of the card after the authorisation. Readers supporting Issuer Update shall support both ergonomics, as the choice is indicated by the card. o Issuer Update is only used for EMV Mode. • Cardholder Verification Method The Kernel 5 shall support all Cardholder Verification Methods described in this specification except following case applies: o If the Reader supports only Transit Reader, the Reader shall not support any Cardholder Verification Methods 1 . o If the Reader supports offline environment only, the Reader provider may choose whether to support or not the following Cardholder Verification Method in the Reader implementation: - Online PIN o If the Reader supports ATM only, the Reader provider may choose whether to support or not the following Cardholder Verification Method in the Reader implementation: - Signature - CDCVM o If the Reader supports Unattended Merchant Terminal only, the Reader provider may choose whether to support or not the following Cardholder Verification Method in the Reader implementation: - Signature - Online PIN 2.4.2 Acquirer Options In addition to the Implementation Options, which define the features for a specific Kernel 5 implementation, the Acquirer may also choose to support from these implemented features for deployment. The Acquirer Options are defined below: 1 If the Reader provider would like to apply Cardholder Verification Method to Transit only Reader, please contact JCB. EMV ® Contactless Specifications for Payment Systems 2 Overview of the Kernel 5 Approach Kernel C-5 Specification v2.12 2.4 Implementation Options and Acquirer Options June 2026 Page 13 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Acquirer Options are parameterised in the Combination Options parameter (see Annex A.3) or in the static Terminal Interchange Profile (see Annex A.9) for each supported Reader Combination. • Legacy Mode o This option activates Legacy Mode flow for the associated Reader Combination. • Offline Data Authentication o This option activates CDA for EMV Mode. The option shall be activated if any of the conditions below is true: ▪ the reader is offline-capable. ▪ the reader is a transit reader as configured in the Terminal Interchange Profile (see Section A.9). ▪ the reader accepts “CDCVM” as a Cardholder Verification Method in the Terminal Interchange Profile (see Section A.9). o The option is available only if Offline Data Authentication (implementation option) is supported in EMV Mode. • Exception File Check o This option activates Acquirer Exception File Check during the transaction. o The option is available only if Exception File Check (implementation option) is supported in EMV Mode. • Random Transaction Selection o This option activates Random Transaction Selection during Terminal Risk Management. o The option is available only if Random Transaction Selection (implementation option) is supported in EMV Mode. • Issuer Update o This option activates Issuer Update to convey EMV data (Issuer Authentication Data and/or Issuer Scripts, which are/is optionally present in the Authorisation Response Message) to the contactless card, upon completion of the Authorisation process. o The option is available only if Issuer Update (implementation option) is supported in EMV Mode. EMV ® Contactless Specifications for Payment Systems Kernel C-5 Specification v2.12 June 2026 Page 14 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3 Kernel Processing This chapter provides detailed transaction processing requirements for Kernel 5 including information related to EMV functions. 3.1 Kernel Activation When activated, Kernel 5 requires certain data elements to be available in order to process the transaction. A data element or flag may be: • Static (Configuration parameter): The value of this data is persistent from one transaction to the next (See Table 3-1). Updates of the values are exceptional and always outside the scope of Kernel 5 processing. A static data element may be set: o per POS System (e.g. Terminal Country Code), or o per RID (e.g. CAPK key), or o per AID (e.g. static Terminal Interchange Profile) • Dynamic (Transaction parameter): Per transaction, e.g. Amount, Authorised (Numeric) and Unpredictable Number (See Table 3-2). Requirement – Static Configuration Parameters 3.1.1.1 When the Kernel is activated, the reader shall provide to the Kernel the Configuration Data (see Table 3-1 : Static Kernel Configuration Parameters) associated with the selected Combination. Requirement – Dynamic Transaction Parameters 3.1.1.2 When the Kernel is activated, the reader shall provide to the Kernel: • The Dynamic Transaction Parameters (see Table 3-2 : Dynamic Transaction Parameters); and • FCI received from the card as per section 3.4 in [EMV CL Book B] (when applicable). EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.1 Kernel Activation June 2026 Page 15 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Table 3-1: Static Kernel Configuration Parameters Name Description Varies by Presence 2 Format Specified Tag Length (bytes) CDCVM Contactless Transaction Limit Indicates the limit for which contactless transactions can be conducted when CVM is CDCVM (EMV Mode only). AID O n12 Kernel 5 - 6 Combination Options Defines some acquirer options for the combination, e.g. modes supported. AID M b Kernel 5 See A.3 - 2 Contactless Floor Limit Used in Kernel 5 Terminal Risk Management (EMV Mode only). Present if the Combination supports Floor Limit Check or Random Transaction Selection. AID C n12 Kernel 5 - 6 Contactless Transaction Limit Used in Kernel 5 Terminal Risk Management. Indicates the limit for which contactless transactions can be conducted when CVM is other than CDCVM (EMV Mode), or when Transaction Mode is Legacy Mode. AID O n12 Kernel 5 - 6 CVM Required Limit Used in Kernel 5 Terminal Risk Management. AID O n12 Kernel 5 - 6 Maximum Target Percentage to be Used for Biased Random Selection Present if the Combination supports Random Transaction Selection (EMV Mode only). AID C n2 EMV - 1 2 M = mandatory ; C = conditional ; O = optional EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.1 Kernel Activation June 2026 Page 16 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Name Description Varies by Presence 2 Format Specified Tag Length (bytes) Removal Timeout Present if the Combination supports Issuer Update as Acquirer Option (EMV Mode only). In case of Online Request with “Present and Hold” outcome, this parameter corresponds to the time after which cardholder is asked to remove the card. Value is given in units of 100ms. AID C n4 Kernel - 2 Target Percentage to be Used for Biased Random Selection Present if the Combination supports Random Transaction Selection (EMV Mode only). AID C n2 EMV - 1 Terminal Action Code - Default Used in Kernel 5 Terminal Action Analysis (EMV Mode only). AID O b EMV - 5 Terminal Action Code - Denial Used in Kernel 5 Terminal Action Analysis. AID O b EMV - 5 Terminal Action Code - Online Used in Kernel 5 Terminal Action Analysis (EMV Mode only). AID O b EMV - 5 Terminal Interchange Profile (static) Defines the Cardholder Verification Methods and other reader capabilities (online capability, contact EMV capability) for the Combination. AID M b Kernel 5 See A.9 - 3 Threshold Value for Biased Random Selection Present if the Combination supports Random Transaction Selection (EMV Mode only). AID C n12 EMV - 6 Acquirer Identifier Uniquely identifies the acquirer within each payment system. POS M n 6-11 EMV ‘9F01’ 6 Merchant Category Code Classifies the type of business being done by the merchant, represented according to ISO 8583:1993 for Card Acceptor Business Code. POS C n 4 EMV ‘9F15’ 2 EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.1 Kernel Activation June 2026 Page 17 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Name Description Varies by Presence 2 Format Specified Tag Length (bytes) Merchant Name and Location Indicates the name and location of the merchant. POS M ans EMV ‘9F4E’ var. Terminal Country Code Indicates the country of the terminal, represented according to ISO 3166. Requested in CDOL1. POS M n3 EMV ‘9F1A’ 2 Terminal Type Indicates the environment of the terminal, its communications capability, and its operational control. POS M n 2 EMV ‘9F35’ 1 Transaction Currency Code Indicates the currency code of the transaction according to ISO 4217. Requested in CDOL1. POS M n 3 EMV ‘5F2A’ 2 Transaction Currency Exponent Indicates the implied position of the decimal point from the right of the transaction amount represented according to ISO 4217. Required to determine if Status Check is requested. POS M n 1 EMV ‘5F36’ 1 Certification Authority Public Key Present (up to 6 different instances) if Offline Data Authentication is supported for at least one of the Combinations with this RID (EMV Mode only). Each CA Public Key in the list is composed of the following mandatory fields: - CAPK Index (b, 1 byte) - CAPK Modulus (b, max. 248 bytes) - CAPK Exponent (b, 1 or 3 bytes) - CAPK SHA-1 Checksum (b, 20 bytes) RID C b EMV - var. EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.1 Kernel Activation June 2026 Page 18 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Table 3-2: Dynamic Transaction Parameters Name Description Presence 3 Format Specified Tag Length (bytes) Amount, Authorised (Numeric) Authorised amount of the transaction. Requested in CDOL1. M n12 EMV ‘9F02’ 6 Amount, Other (Numeric) Secondary amount associated with the transaction representing a cashback amount. Requested in CDOL1. M n12 EMV ‘9F03’ 6 Authorisation Response Code (ARC) Code that defines the disposition of a message. ARC shall be present if the Kernel is restarted after an Online Request Outcome. ARC shall not be present if it is a new transaction. C an2 EMV ‘8A’ 2 Issuer Authentication Data Data sent to the card for online issuer authentication. Issuer Authentication Data may be present if the Kernel is restarted after an Online Request Outcome. Issuer Authentication Data shall not be present if it is a new transaction. O b EMV ‘91’ 8-16 Issuer Script Template 1 Contains proprietary issuer data for transmission to the card before the second GENERATE AC command. Several occurrences of this data element may be present. Issuer Script Template 1 may be present if the Kernel is restarted after an Online Request Outcome. Issuer Script Template 1 shall not be present if it is a new transaction. O b EMV ‘71’ var. max. 128 3 M = mandatory ; C = conditional ; O = optional EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.1 Kernel Activation June 2026 Page 19 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Name Description Presence 3 Format Specified Tag Length (bytes) Issuer Script Template 2 Contains proprietary issuer data for transmission to the card after the second GENERATE AC command. Several occurrences of this data element may be present. Issuer Script Template 2 may be present if the Kernel is restarted after an Online Request Outcome. Issuer Script Template 2 shall not be present if it is a new transaction. O b EMV ‘72’ var. max. 128 Transaction Date Local date that the transaction was authorised. Requested in CDOL1. M n6 EMV ‘9A’ 3 Transaction Time Local time that the transaction was authorised. Possibly requested in CDOL1. M n6 EMV ‘9F21’ 3 Transaction Type Indicates the type of financial transaction, represented by the first two digits of the ISO 8583:1987 Processing Code. Requested in CDOL1. Possible values are: - ‘00’ for a purchase transaction - ‘01’ for a cash advance transaction - ‘09’ for a purchase with cashback - ‘20’ for a refund transaction M n2 EMV ‘9C’ 1 Unpredictable Number Value to provide variability and uniqueness to the generation of a cryptogram. Requested in CDOL1. M b EMV ‘9F37’ 4 EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.2 Transaction Initialisation June 2026 Page 20 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3.2 Transaction Initialisation During Transaction Initialisation, Kernel 5 initialises internal variables and performs verifications. Requirement – Transaction continuation 3.2.1.1 If Authorisation Response Code (Tag ‘8A’) is present in the Dynamic Transaction Parameters (see Table 3-2), Then the Kernel shall proceed with Requirement 3.2.1.2. Otherwise the Kernel shall proceed with Requirement 3.2.1.3. 3.2.1.2 If any of the following is present in the Dynamic Transaction Parameters (see Table 3-2), - Issuer Authentication Data (‘91’) - At least one occurrence of Issuer Script Template 1 (‘71’) - At least one occurrence of Issuer Script Template 2 (‘72’) Then the Kernel shall restore transaction data from the Online Transaction Context and proceed with Issuer Update Processing, as described in section 3.10. Otherwise the Kernel shall provide an End Application outcome as described in section 3.12.7. Requirement – SELECT response analysis 3.2.1.3 If the FCI is absent Or if the FCI is not parsed correctly (see table 45 in [EMV Book 1]) Or if the PDOL data element is absent, or present but empty, Then the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section 3.12.10. EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.2 Transaction Initialisation June 2026 Page 21 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Requirement – Variable Initialisation 3.2.1.4 The Kernel shall reset the following data elements: • Terminal Verification Results (Tag ‘95’) to ‘00 00 00 00 00’ • Terminal Compatibility Indicator (Tag ‘9F52’) to ‘00’, 3.2.1.5 The Kernel shall reset the following internal variables: • Online Transaction Context • Transaction Mode to ‘Undefined Mode’ Requirement – Terminal Compatibility Indicator 3.2.1.6 The Kernel shall set Terminal Compatibility Indicator (Tag ’9F52’) to ’02’ Requirement – Terminal Interchange Profile 3.2.1.7 The Kernel shall initialise a dynamic Terminal Interchange Profile (Tag ‘9F53’) from the value of the static Terminal Interchange Profile (static configuration parameter – no tag) and perform the following: • Clear Byte 1 Bit 8 (“CVM required by reader”). • If Issuer Update is not supported as an implementation option, Then clear Byte 2 Bit 8 (‘Issuer Update supported’). Note: The dynamic Terminal Interchange Profile (Tag ‘9F53’) is updated by the Kernel during subsequent processing. At this stage, the Kernel will detect whether the presented card is a legacy card, and if so, ensure that it has the capability to process such cards. EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.2 Transaction Initialisation June 2026 Page 22 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Requirement – Legacy Mode Detection 3.2.1.8 If the PDOL contains Terminal Compatibility Indicator (Tag ‘9F52’), Then the Kernel shall proceed with section 3.3: Initiate Application Processing. Otherwise the card is a legacy card and the Kernel shall proceed with Requirement 3.2.1.9. 3.2.1.9 If the Combination Options indicates ‘Legacy Mode Supported’ for this AID, Then the Kernel shall set Transaction Mode to ‘Legacy Mode’ and proceed with section 3.3: Initiate Application Processing. Otherwise the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section 3.12.10. EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.3 Initiate Application Processing June 2026 Page 23 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3.3 Initiate Application Processing The PDOL provided by the card in response to the SELECT command contains a list of tags that the card requests to the reader. The reader provides the card with the PDOL-related data elements when issuing the GPO command to the card. Requirement – PDOL Processing and GPO Command 3.3.1.1 The Kernel shall process the PDOL and send the command data for the GET PROCESSING OPTIONS as described in [EMV Book 3]. 3.3.1.2 If the PDOL requires a data element that is not recognised by the Kernel (not referenced in Annex B), Then the Kernel shall fill in the corresponding PDOL related data with zeroes. The Application Interchange Profile (AIP) and Application File Locator (AFL) returned by the card in response to the GPO command contain information on the card configuration and data records to be read. The card response may use either Format 1 or Format 2, as described in [EMV Book 3]. The Kernel detects that EMV Mode is selected by the card by checking the value of AIP returned by the card. The Kernel also ensures that the card supports CDA. Other AIP bits are not analysed by the Kernel. EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.3 Initiate Application Processing June 2026 Page 24 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Requirement – GPO Response Analysis 3.3.1.3 If the Status Word returned by the card is ‘6F00’, Then the Kernel shall terminate the transaction and provide an End Application Outcome with the following Outcome parameter values: End Application: • Start: N/A • Online Response Data: N/A • CVM: N/A • UI Request on Outcome Present: Yes Message Identifier: '06' (“CARD ERROR”) Status: Ready to Read • UI Request on Restart Present: No • Data Record Present: No • Discretionary Data Present: No • Alternate Interface Preference: N/A • Receipt: N/A • Field Off Request: N/A • Removal Timeout: Zero 3.3.1.4 If the Status Word returned by the card is different from ‘9000’ and ‘6F00’, Then the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section 3.12.10. 3.3.1.5 If the AIP (Tag ‘82’) is absent from the GET PROCESSING OPTIONS response, Then the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section 3.12.10. EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.3 Initiate Application Processing June 2026 Page 25 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Requirement – GPO Response Analysis 3.3.1.6 If the Transaction Mode is equal to ‘Undefined Mode’, Then If the AIP (Tag ‘82’) returned by the card has Byte 2 Bit 8 set to ‘1’ (‘EMV Mode Selected’), And the Terminal Compatibility Indicator Byte 1 Bit 2 is set to ‘1’ (‘EMV Mode Supported’), Then the Kernel shall set Transaction Mode to ‘EMV Mode’. Else the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section3.12.10. 3.3.1.7 If the AFL (Tag ‘94’) is absent from the data returned to the GET PROCESSING OPTIONS response Then the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section 3.12.10. 3.3.1.8 If the AFL (Tag ‘94’) is present in the GET PROCESSING OPTIONS RESPONSE And its value is incorrectly formatted (e.g. not multiple of 4 bytes, invalid SFI value...), Then the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section 3.12.10. 3.3.1.9 If any of the conditions below is true: • the Transaction Mode is equal to ‘Legacy Mode’ • the Transaction Mode is equal to ‘EMV Mode’ and Offline Data Authentication (implementation or acquirer option) is not supported • the Transaction Mode is equal to ‘EMV Mode’ and the AIP (Tag ‘82’) indicates that CDA is not supported (Byte 1 bit 1 is ‘0’) Then the Kernel shall set TVR Byte 1 bit 8 (‘Offline Data Authentication was not performed’) to ‘1’. EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.4 Read Application Data June 2026 Page 26 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3.4 Read Application Data The Kernel uses the AFL to determine which records to request from the card. The Kernel does not need to process any data at this point, except to determine if all the mandatory data elements are present. Requirement – Reading Records 3.4.1.1 If the AFL has been provided by the card, the Kernel shall read the records indicated in the AFL using the READ RECORD command and process the response as defined in [EMV Book 3]. At this point, the Kernel needs to determine if all mandatory data elements are present. Even if the Kernel reads data objects that are not recognised by the Kernel (that is, their tags are unknown by the Kernel), the Kernel shall not terminate the transaction. Requirement – Presence of Mandatory Data Elements 3.4.1.2 If any of the following mandatory Data Elements is absent from the card: • CDOL1 (Tag ‘8C’) • Track2 Equivalent Data (Tag ‘57’) • Application Expiration Date (Tag ‘5F24’) • Application Primary Account Number (PAN) (Tag ‘5A’) Then the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section 3.12.10. If Offline Data Authentication is supported, CDA is the one and only mandatory Data Authentication Method 4 supported by the Kernel in ‘EMV Mode’, hence the Kernel shall ensure that all the appropriate data elements are present. 4 SDA/DDA is not supported for EMV Mode. EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.4 Read Application Data June 2026 Page 27 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3.4.1.3 If the Transaction Mode is ‘EMV Mode’ And Offline Data Authentication is supported (implementation and acquirer option) And the AIP (Tag ‘82’) indicates that CDA is supported (Byte 1 bit 1 is ‘1’) And any of the following Data Elements is absent from the card: • Certification Authority Public Key Index (Tag ‘8F’) • Issuer Public Key Certificate (Tag ‘90’) • Issuer Public Key Exponent (Tag ‘9F32’) • Issuer Public Key Remainder (Tag ‘92’), when required (based on the sizes of tags ‘9F46’ and ‘90’, when both are present) • ICC Public Key Certificate (Tag ‘9F46’) • ICC Public Key Exponent (Tag ‘9F47’) • ICC Public Key Remainder (Tag ‘9F48’), when required (based on the ICC Public Key Length and the size of tag ‘9F46’, when both are present) Then the Kernel shall set TVR Byte 1 bit 6 (‘ICC Data Missing’) and Byte 1 bit 3 (‘CDA Failed’) to ‘1’ 5 . (except for when Issuer Public Key Remainder (Tag ‘92’) and ICC Public Key Remainder (Tag ‘9F48’) are not required.) 6 5 If CDA is failed due to 5.4.1.3, the Kernel shall set TVR Byte 1 bit 3 (‘CDA Failed’) to ‘1’ before Generate AC. 6 If the kernel performs the validation of certificates during CDA Signature verification, it is not mandatory to check the absence of data elements and to set the TVR value described in the requirement 3.4.1.3 EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.4 Read Application Data June 2026 Page 28 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3.4.1.4 If the Transaction Mode is ‘EMV Mode’ And Offline Data Authentication is supported (implementation and acquirer option) And the AIP (Tag ‘82’) indicates that CDA is supported (Byte 1 bit 1 is ‘1’) And the Certification Authority Public Key corresponding to the CAPK index (Tag ‘8F’) provided by the card is not present in the Kernel configuration data, Then the Kernel shall set TVR Byte1 bit 8 (‘Offline Data Authentication is not performed’) and Byte 5 bit 3 (‘CA public key missing’) to ‘1’. (Note: the kernel recovers the Issuer public key or ICC public key later during the transaction to optimise the performance. If this processing is failed, kernel shall set TVR Byte1bit3 (CDA failed) to “1” after Generate AC processing in accordance with the section 3.8.2.1.) EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.5 Terminal Risk Management June 2026 Page 29 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3.5 Terminal Risk Management Terminal Risk Management consists of verifications that compare the transaction amount with reader based limits, and take appropriate action if the limit is exceeded. The Acquirer's Exception List may also be checked. Terminal Risk Management is mandatory and always performed. 3.5.1 Contactless Limit Check Requirement – Contactless Limit Check 3.5.1.1 If the Transaction Mode is ‘Legacy Mode’ And the Contactless Transaction Limit is present And the value of Amount, Authorised (Numeric) (Tag ‘9F02’) is greater than or equal to this limit, Then the Kernel shall terminate the transaction and provide a Select Next Outcome as described in Section 3.12.10. 3.5.2 CVM Required Limit Check Requirement – CVM Required Limit Check 3.5.2.1 If the CVM Required Limit is present And the Transaction Type corresponds to a Purchase or Cash- Advance transaction (i.e. value is ‘00’, ‘01’ or ‘09’) And the value of Amount, Authorised (Numeric) (Tag ‘9F02’) is greater than or equal to this limit, Then the Kernel shall indicate ‘CVM Required by Reader’ (Byte 1, bit 8) in the dynamic Terminal Interchange Profile (Tag ‘9F53’). EMV ® Specifications for Payment Systems 3 Kernel Processing Kernel C-5 Specification v2.12 3.5 Terminal Risk Management June 2026 Page 30 © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV ® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. 3.5.3 Floor Limit Check Requirement – Floor Limit Check 3.5.3.1 If any of the conditions below is true: • The Transaction Mode is ‘Legacy Mode’ • The Terminal Type (Tag ‘9F35’) indicates that the reader is online-only (value = ‘x1’ or ‘x4’) • The Amount, Authorised is a single unit of currency 7 and the Combination Options Byte 1 Bit 7 is set to 1b (‘Status Check Supported’) Then the Kernel shall set TVR Byte 4 bit 8 (‘Transaction exceeds Floor Limit’) to ‘1’. 3.5.3.2