Ever wonder about EMVCo’s role in the development and implementation of its technical specifications? Take a listen to Bastien LaJay, EMVCo’s director of technology and Glenbrook’s George Peabody as they discuss EMVCo’s standard for QR code-based transaction initiation in the card system. While developed card markets are shifting to contactless cards and NFC-using mobile phone wallets to kick off payments, the QR code offers a flexible, very low cost alternative. There’s a lot to learn here.
Most of us are familiar with QR codes to retrieve product information from websites or print media, or perhaps when authenticating a mobile device to a web page.
In payments, many of the caffeine-reliant among us use the Starbucks app with its 2D barcode to initiate the transaction. It makes it so easy to know when we have enough gold stars to ask the barista for a drink on the house.
Some merchant apps use a QR code for the consumer to present when initiating a payment transaction that calls on card on file payment credentials. Walmart Pay for example.
In China – and really throughout Asia – providers like Alipay and WeChat Pay have been hugely successful with QR code-using payment apps.
In Japan, the proliferation of closed loop QR code-based payment tools, each encoding data differently, has created a cacophony of incompatible approaches. A new industry collaboration effort is attempting to lower the technical noise level by using a common technology provider.
The card industry, named because of those 85.60 mm × 53.98 mm (3 3/8 × 2 1/8 inches) pieces of plastic we carry around, is, of course, far more than the cards it uses to initiative a transaction. Their rules and global networks are unparalleled in reach and sophistication.
But at the edge of those networks, the card is becoming unnecessary (think mobile wallets) and useless in those markets lacking a terminal infrastructure. To make sure card network transactions can take hold in card-less regions, the card brands put their technical specification organization to work, EMVCo.
In 2017, EMVCo released its QR code specification, designed to encode and represent the card message structure in QR code format.
A major hallmark of the EMV specification in cards is the generation of dynamic data, of a cryptogram unique to that transaction, that prevents replay attacks. The QR code spec supports such dynamic data as well as the issuer tokenization framework also codified by EMVCo. Even the payment account reference number (PAR) is accommodated here.
To accelerate use of QR code EMVCo recently built self-assessment tools for both merchant- and consumer-presented that validate the QR format. Certification to individual networks and acquirers is not supported by the EMVCo tools.