07 May 2018

EMV L2 Kernel Case Study: The TableSafe Story, Caught in the Moving Gears of a Progressive Payments Industry

In a world that’s constantly changing it is never easy to transform consumer behavior.   However, TableSafe, a company that in 2011 set out to modernize the way people pay for their meal at full-service restaurants has found a way to be a catalyst for change.  
TableSafe has developed a powerful pay-at-the-table platform purpose-built for the hospitality industry. TableSafe’s RAIL™ payment system was designed to enable restaurant guests to securely pay from the table using nearly any payment type - from traditional credit cards, to more modern mobile wallets. The RAIL hardware, a low-profile device housed inside a patented billfold similar to the traditional leather billfold, allows guests to control the entire payment process. Features include auto-tip calculation, splitting the bill multiple ways, receiving email receipts, and most importantly paying for the meal without the credit card ever leaving the guest’s hands. And for restaurant operators, it provides additional benefits including increased efficiency for wait staff and back-of-house operations, the ability to obtain instant guest feedback and address issues before the guest even leaves the restaurant.

Back in 2010, the first generation of the RAIL, which had garnered broad interest and industry buzz, was poised to redefine the world of payments in the full-service restaurant industry.  Then EMV technology was introduced in the United States. Motivated by the rising costs of magnetic stripe-based credit card fraud, EMVCo (comprised of Europay, Mastercard and VISA) mandated that all retail merchants provide a method of accepting EMV-based transactions by October 1, 2015.  If they did not comply any fraud or chargeback liability would shift to the merchant.  It also caused TableSafe to re-evaluate their product and ultimately decide to pull their first generation out of the market and redesign the platform. 

Now, along with PCI and point-to-point encryption (P2PE), keeping with their commitment to provide the most secure pay-at-the-table solution, TableSafe decided to provide a platform that would not only accept EMV-based transactions, but would enable the merchant to accept emerging payment methods including NFC-based and QR-code initiated transactions. This not only involved additional development time but also required the completion of EMV Level 1, EMV Level 2, and EMV Level 3 payment certifications. Additionally, interfacing TableSafe’s firmware to achieve these certifications would be challenging as the RAIL was not a simple POS terminal or “dummy” device.  The comprehensive payment agnostic platform that TableSafe developed required working with a leading payment technology solution provider in order to successfully pass the stringent EMVCo certifications. 

“With security and freedom of payment method being primary benefits of using the RAIL, it was clear our solution needed to comply with EMV standards as a baseline requirement,” said Michael Weaver, Chief Technology Officer of TableSafe. “To accelerate our design and certification efforts it was clear we needed a partner with extensive experience and a strong development team.”

Cardtek Selected to Serve Up EMV for TableSafe

Cardtek was called upon to assist TableSafe with its EMV integration and to position the RAIL for successful certification from EMVCo.

Cardtek has a long history of providing solutions that deliver payment services such as terminal and card management, as well as digital enablement and tokenization for card issuers to manage all types of EMV and mobile payment tokens. The company was one of the first in the world to develop EMV Level 2 Kernel in 2002.

Cardtek also had the pre-certification expertise and equipment to develop, test, and verify the Level 2 Kernel on the RAIL – before it would be officially tested for certification. Additionally, with offices and dedicated teams in Chicago and Istanbul, Cardtek was able to offer more hours of work per day than competitors – which was critical to TableSafe’s expedited completion schedule. Lastly, Cardtek had strong relationships with multiple certification labs from previous projects, which were also key to accelerating TableSafe’s project.

“Cardtek’s experience and insight proved to be invaluable to our EMV certification effort,” said Weaver. “We needed a partner that possessed the necessary software products for EMV, but also offered custom software design capabilities and expert consulting on EMV projects. Cardtek delivered on all fronts.” 

EMV Certification Can be an Expensive Venture

The EMV Level 2 contactless certification process is particularly thorny. Due to the complexities of contactless payments, it’s typically more time-consuming and licensing fees can prove to be costly. 

Previously, when contact chip cards were the only EMV choice, EMVCo had a single specification that covered all the card schemes - including American Express, Discover, Mastercard, VISA, China UnionPay, JCB, and RuPay. Now each card scheme’s contactless requires their own certification, as well as a licensing fee. 

Cardtek pricing, like many payment technology providers, included a license fee for Level 2 contact, and then individual license fees for each card scheme supported. In addition, there were implementation fees for EMV Contact Level 2 and each of the card company’s own contactless product offerings, including MasterCard’s PayPass, Visa’s payWave, American Express’ expresspay, and Discover’s D-Pas. The combination of license fees, implementation fees, and third party testing fees make a project of this nature quite costly. 

Rolling Up the Sleeves and Digging in to EMV Integration

An Implementation Conformance Statement (ICS) filing must first be completed for EMV Contact Level 2 with each card scheme and for each selected contactless scheme, detailing each of the terminal features that will ultimately be tested. The number of certification tests varies on the features supported by the terminal. The form is filed in advance with the certification authorities, so EMVCo is notified of what to test for when the terminal is submitted. The ICS form for each card scheme is also sent to the card companies for in-house contactless testing. Cardtek was instrumental in guiding TableSafe through this important first process. 

Once the ICS form filing process for TableSafe was complete, Cardtek ported the kernel library for each Level 2 Kernel onto the RAIL device. The Hardware Abstraction Layer, or HAL, then allowed the Level 2 Kernel to pull necessary items from the hardware for the Level 2 Kernel to utilize. HAL enabled interaction with the device without changing the hardware or violating the Level 1 certification. 

Throughout the EMV Level 2 process, Cardtek prepared and arranged weekly meetings, using Microsoft Project Report, to update TableSafe on the project’s successes and delays. The detailed working document indicated each step, the estimated time for delivery, and who was responsible for completion. 

After months of developing the Level 2 Kernel, Cardtek underwent pre-certification testing, porting the kernel and delivering it to the domestic testing group. The tests are designed to act the same as the actual certification process, enabling the company to identify and fix any issues.  

Once the development was completed and pre-certification tests were passed, Cardtek processed the final testing before personalization, which integrated TableSafe’s latest certified libraries, in case any changes occurred during the Level 2 porting. 

After several months of working side-by-side with TableSafe troubleshooting, developing custom solutions, and thoroughly pre-testing the RAIL, TableSafe’s innovative payment agnostic platform was finally ready for certification.

Cardtek Helps Plate EMV for the Restaurant Industry

In October 2017, TableSafe launched the first EMV-certified and PCI compliant pay-at-the-table platform for full-service restaurants and the broader hospitality industry. The RAIL is fully integrated with leading POS systems and is now approved to process chip and signature payments, but also designed to accept future NFC and QR-based payment options as the consumer use of these alternative methods develops. 
The RAIL provides restaurants with the highest level of payment security in the industry. In addition to providing EMV and PCI certification, point-to-point encryption (P2PE) and other security features, the RAIL ensures the guest’s payment information never resides on the restaurant’s point of sale terminal. By combining these features, the risk of credit breach is virtually eliminated.

“EMV certification is a tremendous milestone in our history – and perhaps for the full-service restaurant industry as a whole,” said Weaver. “Until now, there hasn’t been a suitable way for full-service restaurants to seamlessly accept EMV payments at the table without abandoning a sense of elegance, style and tradition that’s so important to the dining experience.” 




Please subscribe to our newsletter to stay up-to-date on latest industry news and learn more about PayCore solutions.

Join our Newsletter