0
Scenario 1: Abi travels from India to Waterloo carrying his only credit card and stays at the hotel. If the transaction is declined for no reason other than his credit limit, what happens?
Scenario 2: An expired terminal (yeah, terminals do have a lifespan) is still in the market, and transactions are happening on it. Assuming a fraudulent transaction occurs using the customer's card, who is liable to pay? Would it be the customer, merchant, acquiring bank, payment network, or the issuer?
In the above scenarios, the respective payment certification board of the payment network, such as Discover, Amex, Mastercard, Visa, or RuPay, will determine the reason and determine who is liable if there is fraud. Without a structured payment industry standards body in place, resolving either scenario becomes a matter of dispute rather than process, and payment disputes cost everyone time and money.
While the payment network certification body manages the compliance of its own rules, it also depends on 2 more certification boards:
Together, these three layers of card certification governance form the backbone of how the payments industry maintains trust across a web of interdependent participants.
Each layer covers a distinct domain - network compliance, interoperability, and security - and none of them operates in isolation.
This blog discusses, in general, the complexities and responsibilities of a Certification Board, not a particular one.
The payment ecosystem comprises various interdependent stakeholders: acquiring bank, issuing bank, payment network, and standard bodies such as EMVCo, card manufacturer, chip manufacturer, terminal manufacturer, security testing lab, physical and OS testing lab, card personalization bureau, card applet, and terminal kernel vendors.
Now think of each of these players having several products - D-PAS, Quick Chip, M/Chip, RuPay, payWave, BHIM, UPI, PayPass - serving thousands of banks, millions of customers, and merchants around the world. Now it gets interesting.
Each of these products enters the market through a certification process governed by different bodies. Each has its own test specifications, approved labs, and compliance timelines.
A single card product may need to satisfy EMVCo requirements for chip interoperability, PCI requirements for data security, and payment scheme requirements for brand compliance - all before it reaches the issuing bank, let alone the cardholder.
Managing all these tests and certifications requires a system and process, called a "Certification Board," very similar to how our universities maintain our certificates. Payment network certification oversight of this kind is what keeps the ecosystem functioning predictably across borders, products, and participants. Now that we know a central certification board is needed, let us look at some of its functions, significance, and benefits.
The payment certification board serves as a facilitator, initiator, and validator among banks, vendors, and test labs to ensure that technical and brand requirements are met.
The board coordinates between stakeholders who may have different requirements.
A terminal vendor trying to certify quickly, a payment network enforcing compliance, and a test lab working within its limits.
Without a structured body to coordinate these relationships, the process defaults to informal negotiation, introducing back-and-forth and delays.
The level of detail about the product is important to maintain. Once the product is on the market, its major functionalities should not be changed without re-certification.
If an already certified and deployed terminal changes without the payment network's agreement, any fraudulent issue arising from a transaction is to be handled by the acquiring bank that deployed the terminal.
The certification board maintains the traceability, enabling the determination of whether the terminal in the field matches the one that was certified.
Without that record, liability resolution becomes difficult to trace.
Given the nature of international transactions, national financial rules like India's RBI, technology upscaling, and inter-party transfers, there will be occasions where the payment network has to waive some of its general rules for countries or even specific banks.
These waivers generally have an expiry period, after which the product must revert to the general rules.
Card certification governance of waivers is an easy function to underestimate until a waiver expires unnoticed and a bank finds itself out of compliance.
Tracking waiver status alongside certification details helps clarify liability boundaries and protects both the bank and its customers.
The details of which laboratory and payment network tested the product, along with which test specification and tools were used, must be maintained. Without this information, if a field issue arises at a later stage, it becomes very difficult to determine who is liable.
The payment network certification oversight, which covers lab traceability, is one of the least visible but most important roles the board performs. When a field failure occurs months or years after certification, having a complete record of the test environment, the specification version, and the approved lab is what makes a liability determination possible at all.
The ever-growing number of security attacks poses a threat to card personalization companies, which must be certified through stringent audit procedures.
A Bluetooth-enabled system in a personalization facility can pose a threat, leading to the loss of user information. It is not easy to closely monitor a physical facility in real time.
The payment certification board addresses this by collecting facility details, auditing its physical and logical security procedures, and confirming compliance before the facility is permitted to personalize credit and debit cards for end customers.
The audit process is periodic, not one-time, which means a facility must maintain its security posture continuously, not just during the initial period.
As digital payment volumes grow and new payment products enter the market at a faster pace, the role of a structured payment industry standards body becomes more, not less, important.
More products mean more certification events. More certification events mean more opportunities for gaps to appear in traceability, waiver tracking, and lab accountability.
The scenarios that opened this blog, a declined transaction abroad and a fraudulent transaction on an expired terminal, are not edge cases.
They represent the kinds of failures that happen when any part of the card certification governance chain is weak or incomplete. The Certification Board exists precisely to prevent those failures from becoming unresolvable disputes.
Overall, the certification board ensures interoperability, traceability, liability management, and product compliance among stakeholders, supported by administrative and technical processes.
The result is a payments environment where banks can focus on their customers and their transactions, while the certification and compliance machinery operates reliably in the background.
The conclusion is that banks should focus on customers and transactions, while compliance and certifications are made easier by a well-oiled certification board.
.png)
