When you certify a SmartPOS terminal, the environment classification isn’t a minor detail — it’s a first-order architectural decision that determines CVM behavior, risk management rules, scheme mandates, and the entire L3 certification scope. Get it wrong and you’ll fail certification. Get it right and the rest of the design follows logically.
This post breaks down the three terminal environment classifications — Attended, Semi-Attended, and Unattended — from an L3 certification and POS architecture perspective, and explains why they matter far more than most teams realize.
Why Environment Classification Matters
Card schemes (Visa, Mastercard, Amex, Discover) define specific rules based on whether a terminal operates in an attended, semi-attended, or unattended environment. These rules affect:
- Cardholder Verification Methods (CVM) — which methods are allowed, required, or prohibited
- Transaction limits — contactless CVM limits, floor limits, and offline thresholds
- Risk management parameters — Terminal Action Codes (TACs), floor limits, velocity checks
- PIN handling — whether online/offline PIN is required, optional, or excluded
- Fallback behavior — what happens when chip fails, contactless fails, or CVM is not possible
- L3 certification test cases — the test suite and expected behaviors differ per environment
The environment classification is declared during L3 certification and encoded in the terminal configuration. It is not a runtime decision — it is baked into the terminal’s identity.
Attended Environment
An attended terminal operates in the presence of a merchant or staff member who can interact with the cardholder during the transaction.
Characteristics
- A human operator is present and can assist the cardholder
- The terminal is physically accessible to both the operator and the cardholder
- The operator can verify identity, request alternative payment, or handle exceptions
- Typical locations: retail counters, restaurants, manned checkout lanes
CVM Implications
Attended environments support the full CVM list:
- Online PIN — cardholder enters PIN, verified by issuer in real time
- Offline PIN (plaintext or enciphered) — verified by the chip card itself
- Signature — where still supported by the scheme
- No CVM — for low-value contactless (below CVM limit)
- CDCVM (Consumer Device CVM) — for mobile wallets (Apple Pay, Google Pay)
The operator can prompt the cardholder to try another CVM if one fails — a fallback path that doesn’t exist in unattended environments.
L3 Certification Scope
Attended terminals must demonstrate correct CVM sequencing, PIN bypass handling (where allowed), signature prompting, and proper fallback when the preferred CVM is unavailable. Scheme-specific test cases validate that the terminal respects the CVM priority list defined in the card’s application.
Semi-Attended Environment
A semi-attended terminal operates in an environment where a merchant or staff member is nearby but not directly involved in every transaction.
Characteristics
- Staff are present in the general area but not necessarily standing at the terminal
- The cardholder interacts with the terminal independently for most transactions
- Staff can intervene if needed (e.g., for exceptions, refunds, or identity checks)
- Typical locations: self-checkout lanes in supermarkets, hotel check-in kiosks with reception nearby, fast-food ordering kiosks in a staffed restaurant
CVM Implications
Semi-attended environments typically support:
- Online PIN — cardholder enters PIN without operator assistance
- No CVM — for contactless below the CVM limit
- CDCVM — for mobile wallets
- Signature — generally not practical (no operator to verify)
- Offline PIN — may or may not be supported, depending on scheme and risk appetite
The key distinction from attended: signature-based CVM is effectively unusable because no one is present to verify it. This narrows the CVM list and changes the fallback chain.
L3 Certification Scope
Semi-attended certification requires demonstrating that the terminal handles CVM correctly without operator intervention. Test cases focus on contactless CVM limit enforcement, PIN entry flows without operator prompts, and proper decline behavior when the required CVM cannot be performed.
Unattended Environment
An unattended terminal operates with no merchant or staff present. The cardholder is entirely on their own.
Characteristics
- No human operator available during the transaction
- The terminal must handle all scenarios autonomously — including errors, declines, and CVM
- Physical security is critical: the terminal may be outdoors, in public spaces, or in harsh environments
- Typical locations: parking meters, vending machines, EV chargers, fuel pumps, transit gates, ticketing kiosks
CVM Implications
Unattended environments have the most restricted CVM list:
- Online PIN — supported where a PIN pad is integrated into the unattended device
- No CVM — for contactless below the CVM limit (often lower thresholds than attended)
- CDCVM — for mobile wallets
- Signature — not supported (no one to verify)
- Offline PIN — depends on scheme rules and device capability
Schemes often impose lower contactless transaction limits for unattended terminals. Some schemes require online-only authorization (no offline approvals) in unattended environments due to the higher fraud risk.
L3 Certification Scope
Unattended L3 certification is the most demanding. The terminal must prove it can:
- Handle all transactions without operator intervention
- Enforce stricter risk parameters (lower floor limits, mandatory online authorization)
- Correctly decline when the required CVM cannot be performed
- Manage timeouts, communication failures, and card removal gracefully
- Support scheme-specific unattended rules (e.g., Visa’s unattended terminal processing requirements)
Side-by-Side Comparison
| Aspect | Attended | Semi-Attended | Unattended |
|---|---|---|---|
| Operator present | Yes, at terminal | Nearby, not at terminal | No |
| Online PIN | Supported | Supported | Supported (if PIN pad present) |
| Offline PIN | Supported | Scheme-dependent | Scheme-dependent |
| Signature | Supported | Not practical | Not supported |
| No CVM (contactless) | Below CVM limit | Below CVM limit | Below CVM limit (often lower) |
| CDCVM | Supported | Supported | Supported |
| Contactless limits | Standard | Standard or reduced | Often reduced |
| Offline authorization | Allowed | Scheme-dependent | Often prohibited |
| L3 test complexity | Standard | Moderate | Highest |
| Typical deployment | Retail, hospitality | Self-checkout, kiosks | Vending, parking, fuel, transit |
Impact on Terminal Configuration
The environment classification directly drives terminal configuration parameters that are set before deployment and validated during L3 certification:
Terminal Type (Tag 9F35): Encodes the environment and capability. For example:
22— Attended, online-only, no PIN pad23— Attended, online-only, with PIN pad34— Unattended, online-only, with PIN pad
Terminal Action Codes (TACs): Define how the terminal responds to specific risk conditions. Unattended terminals typically have stricter TACs — more conditions trigger a decline or force online authorization.
CVM Capability (Tags 9F33, 9F40): Declare which CVMs the terminal supports. These must accurately reflect both the hardware capability and the environment classification. Declaring signature support on an unattended terminal would be a certification failure.
Floor Limits and Thresholds: Unattended terminals often operate with zero floor limits (mandatory online authorization for every transaction), while attended terminals may allow offline approvals up to a defined amount.
Common Mistakes in L3 Certification
Having seen this go wrong more than once, here are the mistakes that cost teams time and money:
Declaring the wrong environment type. Configuring a self-checkout kiosk as “attended” because staff are in the store. Schemes look at whether the operator is at the terminal, not in the building.
Supporting signature CVM on unattended terminals. If no one can verify a signature, don’t declare it as a supported CVM. L3 test tools will catch this.
Using attended contactless limits on unattended devices. Schemes publish different CVM limits for unattended environments. Using the attended threshold will fail certification.
Ignoring scheme-specific unattended rules. Visa, Mastercard, and others each have their own unattended processing requirements. A terminal certified for Visa unattended may still need additional configuration for Mastercard unattended.
Not testing CVM fallback paths. What happens when the preferred CVM fails and the terminal is unattended? The fallback logic must decline gracefully — not prompt for a signature that no one can provide.
Architectural Implications
The environment classification influences more than just EMV parameters. It shapes the entire terminal architecture:
- UI design: Unattended terminals need clear, self-explanatory interfaces. No operator means no one to explain what “insert card” means when the chip read fails.
- Error handling: Every error path must resolve autonomously in unattended mode. Timeouts, partial completions, and communication failures all need deterministic recovery.
- Physical security: Unattended terminals are exposed to tampering, skimming, and environmental damage. The physical design and PCI PTS requirements are stricter.
- Monitoring and alerting: Without an operator, the terminal must report its own health — paper jams, connectivity loss, tamper alerts, and transaction anomalies must be surfaced remotely.
Key Takeaways
Environment classification is an architectural decision, not a checkbox. It determines CVM behavior, risk parameters, contactless limits, and the L3 certification path.
Semi-attended is not “attended lite.” It has real CVM restrictions (no signature) and requires the terminal to handle most scenarios without operator intervention.
Unattended certification is the most demanding. Stricter risk parameters, no fallback to operator assistance, and scheme-specific rules all add complexity.
Terminal configuration must match the declared environment. Terminal Type, TACs, CVM capabilities, and floor limits must all be consistent with the classification — and L3 test tools will validate this.
Get the classification right early. Changing the environment type after development is underway means reworking CVM logic, risk parameters, UI flows, and potentially re-certifying.
Further Reading
- POINT OF SALE ARCHITECTURE — Volume 1 — the primary reference for terminal architecture, EMV flows, and certification
- EMVCo Book 4: Cardholder, Attendant, and Acquirer Interface Requirements
- Visa Terminal Integration Process (TIP) Guide — environment-specific requirements
- Mastercard Terminal Integration Process — unattended and semi-attended rules
- Types of POS Terminals and Where They Fit — companion post on terminal form factors
- EMV for Developers — EMV fundamentals on this site