Level 2 EMVCo Card Type Approval


UL’s Transaction Security laboratory is one of the first laboratories engaged in testing CCD/CPA products to have been successfully approved by EMVCo when the Card Type Approval process was first established. Thanks to its long-standing accreditation with EMVCo for product approval, UL has extensive experience with the EMVCo Card Type Approval process. You, as a customer, can rely on UL’s profound technical knowledge of the CCD/CPA specifications.


This Common Core Definitions (CCD) and Common Payment Application Specification (CPA) Card Type Approval focuses on functional evaluation of a card product.


UL’s engineers actively participate in the development of the ISO and EMVCo testing standards for contactless smart cards, and are extremely knowledgeable about the latest trends and developments.

Being one of the first accredited EMVCo contact and contactless laboratories, UL is well positioned to support you in interpreting these standards with its pre-qualification services during your product development cycle.

An EMV Operating System (OS) allows the development of debit card and credit card functions. A card compliant with this specification will be used as a debit card or a credit card, in connection with an EMV-approved payment terminal.

A separate EMVCo Card Type Approval process has been defined for CCD (Common Core Definitions) and CPA (Common Payment Application Specification). The CCD and CPA Card Type Approval processes focus on the testing and approval, with the functional evaluation of a card product.

The product approval is managed by the EMVCo Card Type Approval secretariat. It is a prerequisite that the card successfully complete EMVCo Level 1 testing and Security Evaluation in order to acquire full approval of the product.

The security evaluation of a chip and a card product is included in these processes for completeness of the approval. The EMV Security Guidelines – EMVCo Security Evaluation Process contains the details on the chip security evaluation and card security evaluation. The Security Evaluation Process applies to both CCD and CPA cards. Next to the functional testing services, as described in this proposal, UL also provides these security evaluation services.

The testing needs to be performed separately for each protocol when the product supports both protocols. Regression testing may apply, depending on product configuration.

Services include:

  • EMVCo Level 2 Common Core Definitions (CCD)
  • EMVCo Level 2 Common Payment Application Specification (CPA)



Payment Card Contactless Card Smart Card Payment Application Payment Applet Universal Integrated Circuit Card (UICC) Secure Element (SE) NFC mobile devices