Professional Documents
Culture Documents
Application Overview
Version 1.4.0
Effective: 31 October 2001
Visa Public
1998, 1999, 2001 Visa International Service Association. All rights reserved. Permission to copy and implement the
material contained herein is granted subject to the conditions that (i) any copy or re-publication must bear this legend
in full, (ii) any derivative work must bear a notice that it is not the Visa Integrated Circuit Card Specification published
by Visa, and (iii) Visa shall have no responsibility or liability whatsoever to any other party arising from the use or
publication of the material contained herein.
Visa makes no representation or warranty regarding whether any particular physical implementation of any part of
this Specification does or does not violate, infringe, or otherwise use the patents, copyrights, trademarks, trade secrets,
know-how, and/or other intellectual property of third parties, and thus any person who implements any part of this
Specification should consult an intellectual property attorney before any such implementation. Any party seeking to
implement this Specification is solely responsible for determining whether their activities require a license to any
technology including, but not limited to, patents on public key encryption technology. Visa International Service
Association shall not be liable for any party’s infringement of any intellectual property right.
31 Oct 2001
Draft 12/18/00 Visa Public i
Contents Visa Integrated Circuit Card
Application Overview, Version 1.4.0
ii
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Contents
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public iii
Contents Visa Integrated Circuit Card
Application Overview, Version 1.4.0
iv
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Contents
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public v
Contents Visa Integrated Circuit Card
Application Overview, Version 1.4.0
vi
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Contents
Application Overview, Version 1.4.0
Chapter 13 • Completion
13.1 Card Data . . . . . . . . . . . . . . . . . . . . . . . . . . . 13–3
31 Oct 2001
Draft 12/18/00 Visa Public vii
Contents Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Appendix A • Acronyms
Glossary
Index
viii
Draft 12/18/00 Visa Public 31 Oct 2001
Figures
31 Oct 2001
Draft 12/18/00 Visa Public ix
Figures Visa Integrated Circuit Card
Application Overview, Version 1.4.0
x
Draft 12/18/00
Visa Public 31 Oct 2001
Tables
31 Oct 2001
Draft 12/18/00 Visa Public xi
Tables Visa Integrated Circuit Card
Application Overview, Version 1.4.0
xii
Draft 12/18/00 Visa Public 31 Oct 2001
About This Specification 1
The Visa Integrated Circuit Card Specification (VIS) provides the technical
details of chip card and terminal functionality related to Visa Smart Debit
and Visa Smart Credit (VSDC) transactions (Visa’s chip-based credit and
debit programs). It focuses on the functions performed by the chip card and
terminal as well as the interaction between the chip card and terminal at the
point of transaction.
The objective of the Visa Integrated Circuit Card Specification is to:
●
Communicate the implementation details of Europay, MasterCard, and
Visa (EMV) specifications to ease vendor development efforts
● Aid members and vendors in understanding the changes that chip brings
to the credit and debit payment services, especially in terms of the
processing taking place between the chip card and terminal at the point of
transaction
●
Provide Visa’s minimum requirements for chip-based credit and debit
programs
● Identify options that members and vendors can implement to meet
market needs
● Support Visa’s payment service rules and International Operating
Regulations for Visa Smart Debit and Visa Smart Credit (VSDC)
●
Define Visa’s implementation of optional EMV features
Because VIS is based on EMV, the two specifications should be used together
for reference and development purposes. However, VIS builds on the EMV
requirements in order to support the Visa payment service rules. To facilitate
understanding of the differences between these two specifications, please
refer to Chapter 2, Processing Overview.
31 Oct 2001
Draft 12/18/00 Visa Public 1–1
About This Specification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
1.1 Audience
This document is intended for members, vendors, and readers seeking a
technical understanding of the functionality of chip cards and terminals
supporting Visa Smart Debit and Visa Smart Credit programs.
1–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.3 Terminology
Application Overview, Version 1.4.0
1.3 Terminology
This section provides clarification on several terms used throughout the
specification.
1.3.1 Mandatory/Required/Recommended/Optional
Visa’s philosophy is to facilitate market requirements while ensuring global
interoperability. To this end, Visa’s minimum requirements reflect the EMV
mandatory items in addition to specific requirements outlined in the Visa
payment service rules or International Operating Regulations. All other
functionality is optional and not required.
Visa’s minimum requirements are designated using the terms “mandatory”,
“required”, and “shall.” Recommended functionality is designated in the
document using the term “should.” Elective data elements and functions are
designated using the terms “optional” or “may.”
Markets can customize their programs beyond the minimum requirements
through adoption of the optional functions and through proprietary
processing. Proprietary processing, however, must not interfere with global
interoperability.
31 Oct 2001
Draft 12/18/00 Visa Public 1–3
About This Specification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
1–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.4 Document Structure
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 1–5
About This Specification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
1–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.6 Impact Summary
Application Overview, Version 1.4.0
1.6.1 Terminal
This section includes mandatory and optional changes. The testing of
terminals to support mandatory changes shall be aligned with the EMV 2000,
Version 4.0, migration requirements. Refer to the EMVCo website for
information on testing schedules.
1.6.1.1 Mandatory
● If the Directory method of Application Selection fails, the terminal shall
switch to the List of AIDs method.
● The terminal shall not allow Partial Selection during Application
Selection if the terminal indicators show it is not supported for the AID.
● During SDA and DDA, the terminal shall save the Data Authentication
Code (if present) and ICC Dynamic Number after recovery.
● If the SDA Tag List is one of the data elements read from the card, the
terminal shall validate that the only tag it contains is the tag for the AIP.
● ATMs supporting Offline PIN shall support CVM List processing.
1.6.1.2 Optional
● Visa Operating Regulations may permit the terminal to eliminate certain
common applications from consideration during Application Selection.
● The EMV Combined DDA/Generate AC option is included as a terminal
option.
● The public key encipherment used in the Offline Enciphered PIN
processing may occur either in the PIN pad or in the card reader. Secure
transfer of the PIN from the PIN pad to the card reader is required.
● Terminal support for Visa Low-value Payment feature of VSDC.
31 Oct 2001
Draft 12/18/00 Visa Public 1–7
About This Specification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
1.6.2 Card
This section includes mandatory and optional changes. Contact the CAA for
information on testing schedules. Changes are backward compatible and cards
tested under versions 1.3.1 and 1.3.2 will continue to work in the new devices.
1.6.2.1 Mandatory
● If a card is personalized with an SDA Tag List, the only tag in the list
must be “82”, the tag for the Application Interchange Profile. Prior to
adding this requirement to EMV a survey was conducted to determine if
the SDA tag list was being utilized. The results indicated that it was not
in use and that the requirement could be added to EMV. To ensure
interoperability and backward compatibility cards should begin
compliance immediately. An SDA tag list that does not comply will result
in Offline Data Authentication failure in EMV 4.0 terminals.
● Support of Cardholder Verification must be indicated in the Application
Interchange Profile and a CVM List is required.
● Cumulative amounts are no longer incremented for offline declines.
● The Online Authorization Indicator is no longer reset after offline
approval.
1.6.2.2 Optional
● The Issuer Public Key length may equal that of the corresponding Visa CA
Public Key.
● The ICC Public Key length may equal that of the corresponding Issuer
Public Key.
● The EMV Combined DDA/Generate AC option is included as a VSDC card
option.
●
The EMV optional session key generation method is referenced as a VIS
option.
● A new cryptogram generation method, Cryptogram Version 14, is
referenced as a VIS option.
●
An Application Default Action bit has been added to allow issuers to
decline the transaction and block the application if the PIN Try Limit was
exceeded on a previous transaction.
NOTE: Cryptogram Version 14 is not currently supported in VisaNet
systems and Issuer’s wishing to implement this option must be
aware that they will not be eligible for VisaNet Authentication
Services.
1–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.6 Impact Summary
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 1–9
About This Specification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
1–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.7 Reference Materials
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 1–11
About This Specification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
1–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.7 Reference Materials
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 1–13
Processing Overview 2
This chapter provides an overview of a Visa Smart Debit and Visa Smart
Credit (VSDC) transaction. This is followed by a transaction flow showing the
order in which these functions may be performed and the commands sent by
the terminal to the card for communications. Charts at the end of the chapter
show functional and command support requirements for cards and terminals.
Regions may have additional restrictions and requirements.
31 Oct 2001
Draft 12/18/00 Visa Public 2–1
Processing Overview Visa Integrated Circuit Card
Application Overview, Version 1.4.0
2–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.1 Functional Overview
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 2–3
Processing Overview Visa Integrated Circuit Card
Application Overview, Version 1.4.0
2–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.1 Functional Overview
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 2–5
Processing Overview Visa Integrated Circuit Card
Application Overview, Version 1.4.0
KEY
Card Terminal
Mandatory
process SELECT
List of Supported Command/Response
Application Selection
Applications READ RECORD
Mandatory Command/Response
process w/
optional Supported Functions
GET PROCESSING OPTIONS Initiate Application
steps & Pointers to
Command/Response Processing
Application Data
1 Offline Data
Generate Dynamic INTERNAL AUTHENTICATE Authentication
Cryptogram Command/Response
1 - If DDA SDA or DDA
2 - If Offline
Enciphered PIN
3 - Optional for
Offline PIN Processing
4 - If Offline PIN Restrictions
Generate Unpred.
Number GET CHALLENGE Command/Response2
3 Cardholder
PIN Try Counter GET DATA Command/Response Verification
Validate PIN VERIFY Command/Response4
Last Online
Application GET DATA Terminal Risk
Transaction Counter Command/Response Management
(ATC) Register
Online Processing
N
Validate ARPC EXTERNAL AUTHENTICATE
Issuer Authentication
Cryptogram Command/Response
2–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.2 Mandatory and Optional Functionality
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 2–7
Processing Overview Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Online Processing
● Online Capability Mandatory (EMV)
● Issuer Authentication Optional (EMV)
2–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.2 Mandatory and Optional Functionality
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 2–9
Processing Overview Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Online Processing
● Online Capability Optional (EMV and VIS)
● Advice Messages Optional (EMV and VIS)
● Issuer Authentication Conditional—If online capable
Completion Mandatory
Miscellaneous Functions
●
Cardholder amount validation Recommended (EMV)
● Voice Referrals Recommended
●
Card initiated referrals Not supported (VIS)
● Merchant forced acceptance Optional (EMV)
● Prompt for chip read Mandatory (EMV)
2–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.2 Mandatory and Optional Functionality
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 2–11
Processing Overview Visa Integrated Circuit Card
Application Overview, Version 1.4.0
2.3.1 Overview
Risk management features may differ from those supported for non-VLP
VSDC and are selected by the issuer. VLP supports a cumulative amount limit
and a per transaction amount limit. Since VLP consists of many low-value
transactions, adding these transactions to standard VSDC velocity checking
counters could cause VSDC transactions to be processed online more
frequently than intended by issuers. Therefore, standard VSDC velocity
checking counters are not incremented by VLP transactions.
The amount of spending power is reset to the spending limit at any online
capable VSDC terminal if an online authorization or status check transaction
is approved by the issuer and the card.
A reset without a financial transaction can also take place at a dedicated
online unattended device, which performs an online status check.
For details on VLP, refer to Appendix G of the Card Volume and Appendix D of
the Terminal Volume of this specification.
2–12
Draft 12/18/00 Visa Public 31 Oct 2001
Application Selection 3
31 Oct 2001
Draft 12/18/00 Visa Public 3–1
Application Selection Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Application Definition File (ADF) The ADF is a file, which is the entry point to application elementary files (AEF),
which contain data elements for the application. The ADF contains information
about the application such as the name of the application, language preferred and
the priority of the application relative to other applications on the card.
Application Elementary Files AEF contains data elements used by the application in processing.
(AEF)
Application Identifier (AID) The AID is composed of the Registered Application Provider Identifier (RID) and
the Proprietary Application Identifier Extension (PIX). The AID identifying the Visa
Debit Credit application is “A0000000031010”.
Directory Definition File (DDF) A DDF is a file that designates the structure of files beneath it.
Directory File A directory file is a file listing files contained within the directory. The terminal uses
a READ RECORD command to access directory files.
File Control Information (FCI) The FCI is information from the card about the application that is provided in
response to the SELECT command issued by the terminal.
Payment Systems Directory The Payment Systems Directory is a directory file containing entries for
applications that conform to Europay, MasterCard, and Visa (EMV) specifications.
Payment Systems Environment The PSE is a DDF named “1PAY.SYS.DDF01”. The directory file designating the
(PSE) structure of the files beneath the PSE is known as the Payment Systems
Directory.
Processing Options Data Object The PDOL is a list of tags and lengths for terminal data needed by the card. It is
List (PDOL) obtained from the card by the terminal using the SELECT command. The terminal
provides the data requested in the list to the card in the GET PROCESSING
OPTIONS command.
Short File Identifier (SFI) The SFI is a pointer to Elementary Files (EF)
3–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.2 Terminal Data
Application Overview, Version 1.4.0
Application Identifier (AID) The AID is composed of the Registered Application Provider Identifier (RID) and
the Proprietary Application Identifier Extension (PIX). The AID identifying the Visa
Debit Credit application is “A0000000031010”.
Application Selection Indicator Indicates whether the associated AID in the terminal must exactly match the AID
in the card including the length of the AID, or only up to the length of the AID in the
terminal. There is only one Application Selection Indicator per AID in the terminal
and its format is at the discretion of the terminal vendor.
List of supported applications The terminal shall maintain a list of application AIDs supported by the terminal.
3.3 Commands
SELECT
The terminal sends the SELECT command to the card to obtain information
from the card about an application supported by the card. This information
may be issuer preferences as to the priority in which the application is
selected, the name of the application, and the language in which information
is displayed to the cardholder.
In the card response to the SELECT command, response codes are used to
indicate processing results. The card’s response contains the Processing
Options Data Object List (PDOL), if present on the card. The PDOL is used
during Initiate Application Processing.
READ RECORD
The terminal sends the READ RECORD command to the card to read the
records in the PSE (if Directory Selection is supported) or other DDFs in the
List of AIDs Selection Method. The command includes the Short File
Identifier (SFI) of the file to be read and the record number of the record
within the file.
In response to the READ RECORD command, the card provides the requested
record to the terminal.
31 Oct 2001
Draft 12/18/00 Visa Public 3–3
Application Selection Visa Integrated Circuit Card
Application Overview, Version 1.4.0
3–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.5 Identifying and Selecting the Application
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 3–5
Application Selection Visa Integrated Circuit Card
Application Overview, Version 1.4.0
3.6 Flow
Figure 3–1: Application Selection
Y
Terminal
Terminal displays
Cardholder
supports selection applications by
Y selected
by cardholder? priority and asks
application?
cardholder to
select
Terminal
displays highest
Terminal
supports priority Cardholder
confirmation by Y application on Y
confirms?
cardholder? list for
confirmation
N
Terminal
identifies
Applications
highest priority
available without Y
application not
confirmation?
requiring
confirmation Y
N
N
T
Terminal proceeds to
B
Initiate Application
Processing
3–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.7 Subsequent Related Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 3–7
Initiate Application Processing 4
31 Oct 2001
Draft 12/18/00 Visa Public 4–1
Initiate Application Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Application File Locator (AFL) Indicates the file location and range of records that contain card data to be read
by the terminal for use in transaction processing.
Application Interchange Profile A list that indicates the capability of the card to support specific functions in the
(AIP) application (Static Data Authentication (SDA), Dynamic Data Authentication
(Standard DDA), Cardholder Verification, Issuer Authentication, and Combined
DDA/AC Generation.
File Control Information (FCI) The FCI is information from the card about the application that is provided in
response to the SELECT command issued by the terminal.
Geographic Indicator Visa proprietary data element indicating whether a card supports domestic
transactions, international transactions or both.
Issuer Country Code Visa proprietary data element indicating the issuer’s country code. Used in the
Geographic Restrictions check if this check is supported by the card. It may also
be used to determine which records from the card should be read by the terminal
based on whether a transaction is domestic or international.
Processing Options Data Object The PDOL is an optional list of tags and lengths for terminal data requested by the
List (PDOL) card. It is part of the FCI obtained from the card by the terminal using the SELECT
command. The terminal provides the data requested in the list to the card in the
GET PROCESSING OPTIONS command.
4–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 4.2 Terminal Data
Application Overview, Version 1.4.0
Terminal Country Code Terminal data indicating the country of the terminal. It is provided to the card in the
GET PROCESSING OPTIONS command if requested by the card.
31 Oct 2001
Draft 12/18/00 Visa Public 4–3
Initiate Application Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
4–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 4.7 Flow
Application Overview, Version 1.4.0
4.7 Flow
Figure 4–1: Initiate Application Processing Flow
Card Terminal
N Y
N GET PROCESSING
OPTIONS response N
Card responds to GET
PROCESSING
Domestic Transactions
N OPTIONS with
Allowed
“Conditions of use not
satisfied” Terminal
receives AFL and AIP
Y
Y
Y
31 Oct 2001
Draft 12/18/00 Visa Public 4–5
Initiate Application Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
4–6
Draft 12/18/00 Visa Public 31 Oct 2001
Read Application Data 5
During Read Application Data, the terminal reads the card data necessary to
process the transaction and determines the data to be authenticated during
Static Data Authentication (SDA) or Dynamic Data Authentication (DDA).
This chapter is organized into the following sections:
5.1 Card Data
5.2 Terminal Data
5.3 READ RECORD Command
5.4 Processing
5.5 Flow
5.6 Prior Related Processing
5.7 Subsequent Related Processing
31 Oct 2001
Draft 12/18/00 Visa Public 5–1
Read Application Data Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Application File Locator (AFL) Indicates the file location and range of records containing card data to be read by
the terminal for use in transaction processing.
Each entry designates the first record and last record numbers to read from the
file and which records are to be used for authentication during Offline Data
Authentication.
The terminal uses the card data structures described in Table 5–2 during
Read Application Data.
Application Elementary Files Card data files containing data used for application processing. An AEF consists
(AEF) of a sequence of records that are addressed by record number. The terminal
reads these records using the READ RECORD command. The READ RECORD
command contains a designation of the SFI and record number to be read, which
the terminal obtains from the AFL.
Short File Identifier (SFI) The SFI is a number used to uniquely identify application data files. It is listed in
the AFL and used by the terminal to identify the files to be read.
5–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 5.2 Terminal Data
Application Overview, Version 1.4.0
5.4 Processing
The terminal uses the Application File Locator (AFL) from the card to
determine which records to read from the card.
For each AFL entry, the terminal uses the READ RECORD command to
request the first record designated to be read. When the requested record is
received from the card, the terminal saves the data objects from the record for
subsequent processing. If the AFL entry has specified that the record is
needed in authentication of static data during Offline Data Authentication,
the terminal puts the record data into the static data authentication input
list. The terminal continues reading records from the file until it reads the last
record designated to be read.
The terminal processes subsequent AFL entries in the same manner until all
AFL entries have been processed. At this point, the terminal proceeds to
Offline Data Authentication.
31 Oct 2001
Draft 12/18/00 Visa Public 5–3
Read Application Data Visa Integrated Circuit Card
Application Overview, Version 1.4.0
5.5 Flow
Figure 5–1 shows how Read Application Data might be performed.
Card Terminal
Terminal completes
Initiate Application
Processing
Terminal requests
Card passes record READ RECORD
record using READ
to terminal. command
RECORD command
Requested record in
READ RECORD
response
Record
to be used for offline data
authentication?
Terminal
concatenates data
N into SDA input list
Record read
= last record number N
in AFL entry?
Terminal proceeds to
Offline Data
Authentication
(see Chapter 6)
5–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 5.6 Prior Related Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 5–5
Offline Data Authentication 6
31 Oct 2001
Draft 12/18/00 Visa Public 6–1
Offline Data Authentication Visa Integrated Circuit Card
Application Overview, Version 1.4.0
6–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.1 Keys and Certificates
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–3
Offline Data Authentication Visa Integrated Circuit Card
Application Overview, Version 1.4.0
6–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.1 Keys and Certificates
Application Overview, Version 1.4.0
The relationship between keys, certificates, and signatures for SDA is shown
in Figure 6–1.
Issuer PK Terminal
Certificate
(PKI signed w/
SKCA )
ICC Card
Application
31 Oct 2001
Draft 12/18/00 Visa Public 6–5
Offline Data Authentication Visa Integrated Circuit Card
Application Overview, Version 1.4.0
The relationship between the data and the cryptographic keys for DDA is
shown in Figure 6–2.
Certificate Authority
Issuer Acquirer
(Visa)
Initial Issuer Private Issuer Public
Visa CA Visa CA Visa CA
Private Key - Public Key - Public Key -
Setup Key - SK I Key - PK I
SKCA PKCA PKCA
Terminal
Issuer PK
Certificate
(PKI signed w/
SKCA )
ICC Public
Key Cert
(PKICC signed
w/ SKI)
Card
INTERNAL AUTHENTICATE*
Card or first GENERATE AC**
command - Uses PKCA to get PKI
from Issr PK Cert.
- Calculates Dynamic - Uses PKI to get PKICC
Signature using SK ICC from ICC PK Cert.
- Validates static data
hash in ICC PK Cert.
INTERNAL AUTHENTICATE* or
GENERATE AC** response Terminal
with Dynamic Signature
- Validates Dynamic
* INTERNAL AUTHENTICATE Signature using PK ICC
fcommand for Standard DDA
** GENERATE AC command for
Combined DDA/AC Generation
6–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.2 Determining Whether to Perform SDA or DDA
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–7
Offline Data Authentication Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Certificate Authority (CA) Public The Payment System public keys stored in the terminal and used to recover the
Keys Issuer PK Certificate from the card, which has been signed, with the Certificate
Authority Private Key.
Certificate Authority (CA) Public Used with the RID to designate which Visa CA Public Key to use for offline data
Key Index (PKI) authentication.
Registered Application Identifier A portion of the Application Identifier that identifies the Payment System.
(RID)
Terminal Verification Results Status of processing functions as seen from the terminal perspective.
(TVR)
Certificate Authority Public Key Each Visa Public Key used for offline data authentication in SDA is identified by
Index (PKI) the Certificate Authority Public Key Index (PKI) in conjunction with the RID portion
of the AID.
Issuer Public Key Certificate The Issuer Public Key Certificate contains the Issuer Public Key signed with the
Visa CA Private Key.
Issuer Public Key Exponent The exponent used in the RSA algorithm to recover the PK Certificate.
Issuer Public Key Remainder If required, the Issuer Public Key Remainder contains the portion of the Issuer
Public Key, which does not fit into the Issuer Public Key Certificate.
SDA Failure Indicator An internal indicator set and saved by the card if SDA fails and the transaction is
declined offline.
Signed Static Application Data The SAD is a signature enciphered with the Issuer Private Key, which contains a
(SAD) hash of important card data.
6–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.3 Static Data Authentication (SDA)
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–9
Offline Data Authentication Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Card Terminal
6–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.4 Dynamic Data Authentication (DDA)
Application Overview, Version 1.4.0
Default Dynamic Data If the card does not provide a DDOL, the terminal uses a default DDOL containing
Authentication Data Object List the tag for the terminal unpredictable number.
(default DDOL)
Unpredictable Number An unpredictable, transaction-unique number generated by the terminal and sent
to the card in the INTERNAL AUTHENTICATE command.
31 Oct 2001
Draft 12/18/00 Visa Public 6–11
Offline Data Authentication Visa Integrated Circuit Card
Application Overview, Version 1.4.0
All of the SDA data except for the Signed Static Application Data is also used
for DDA. In addition, the data described in Table 6–5 is used for DDA.
DDA Failure Indicator An internal indicator set and saved by the card if Standard DDA fails and the
transaction is declined offline.
Dynamic Data Authentication List of tags for terminal data objects to be passed to the card in DDA processing.
Data Object List (DDOL)
ICC Dynamic Number A unique number generated by the card and validated by the terminal as part of
the dynamic signature in Combined DDA/AC Generation.
ICC Public Key Certificate The ICC Public Key Certificate contains the ICC Public Key signed with the Issuer
Private Key.
ICC Public Key Exponent The exponent used in the RSA algorithm to recover the ICC PK Certificate.
ICC Public Key Remainder If required, the ICC Public Key Remainder contains the portion of the ICC Public
Key that does not fit into the ICC Public Key Certificate.
All of the data elements used in Standard DDA data except for the DDOL are
also used for Combined DDA/AC Generation. In addition, the data described
in Table 6–6 is used.
Application Cryptogram A 3DES cryptogram returned by the card in the GENERATE AC response. With
Combined DDA/AC Generation if an ARQC or TC is returned, it is validated as
part of the dynamic signature.
Cryptogram Information Data Information on the type of cryptogram provided by the card and validated by
terminal in Combined DDA/AC Generation.
6–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.4 Dynamic Data Authentication (DDA)
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–13
Offline Data Authentication Visa Integrated Circuit Card
Application Overview, Version 1.4.0
6–14
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.4 Dynamic Data Authentication (DDA)
Application Overview, Version 1.4.0
Card Terminal
INTERNAL AUTHENTICATE
response with
dynamic signature
31 Oct 2001
Draft 12/18/00 Visa Public 6–15
Offline Data Authentication Visa Integrated Circuit Card
Application Overview, Version 1.4.0
6–16
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.6 Subsequent Related Processing
Application Overview, Version 1.4.0
Completion
After an online authorization, the card may reset the SDA Failure Indicator
and DDA Failure Indicator based upon Issuer Authentication options and
results.
If SDA or DDA failed and the transaction is to be declined offline because an
online authorization could not be completed, the SDA Failure Indicator or
DDA Failure Indicator is set.
Combined DDA/AC Generation
If Combined DDA/AC Generation failed and the Application Cryptogram
returned was an ARQC, a second GENERATE AC command requesting an
AAC is sent to the card. If Combined DDA/AC Generation failed and the
Application Cryptogram returned was a TC, the transaction is declined offline
with no second GENERATE AC requested.
31 Oct 2001
Draft 12/18/00 Visa Public 6–17
Processing Restrictions 7
31 Oct 2001
Draft 12/18/00 Visa Public 7–1
Processing Restrictions Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Application Version Number This data element (tag “9F08”) indicates the version of the application on the card.
It is used in application version number checking by the terminal. Cards complying
with this specification should use the value of 140
Application Usage Control AUC is an optional data element. This data element indicates any restrictions set
(AUC) forth by the issuer on the geographic usage and services permitted for the card
application. It is used in Application Usage Control checking by the terminal.
Issuer Country Code The Issuer Country Code is a Europay, MasterCard, and Visa (EMV) specification
data element indicating the country of the card issuance. It is used in Application
Usage Control checking by the terminal.
Application Effective Date The Application Effective Date is the date when the application becomes activated
for use.
Application Expiration Date The Application Expiration Date is the date after which use of the application is no
longer permitted.
7–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 7.2 Terminal Data
Application Overview, Version 1.4.0
Application Version Number This data element (terminal tag ‘9F09’) indicates the version of the application In
the terminal. Terminals complying with this specification should use the value of
140.
Terminal Capabilities Indicates the capabilities of the terminal in regard to card data input, verification of
the cardholder, and security. It is used in Application Usage Control checking by
the terminal.
Terminal Country Code This data element indicates the country in which the terminal is located. It is used
in Application Usage Control checking by the terminal.
Transaction Date This is the local date (in the terminal) on which the transaction processing is
taking place. It is used in application effective and expiration date checks by the
terminal.
Transaction Type This data element indicates the type of financial transaction. It is used in
Application Usage Control checking by the terminal.
31 Oct 2001
Draft 12/18/00 Visa Public 7–3
Processing Restrictions Visa Integrated Circuit Card
Application Overview, Version 1.4.0
7–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 7.6 Application Expiration Date
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 7–5
Processing Restrictions Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Y N
Application
Version Numbers Y
Identical?
Terminal sets
Application
Do any requested service not
Usage Control and
Y restrictions Y allowed for card
Issuer Country Code
apply? product bit to “1” in
present?
TVR
N
N
Application
Terminal sets application not yet
Effective Date < N effective bit to “1” in TVR
Current Date?
Application
Terminal sets expired aplication
Expiration Date > N bit to “1” in TVR
Current Date?
Terminal proceeds to
cardholder verification
7–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 7.7 Prior Related Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 7–7
Cardholder Verification 8
31 Oct 2001
Draft 12/18/00 Visa Public 8–1
Cardholder Verification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
8–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.1 Card Data
Application Overview, Version 1.4.0
Application Interchange Profile Contains an indicator showing whether the card supports cardholder verification.
(AIP) This indicator must be set to “1”.
Cardholder Verification Method A prioritized list of methods of cardholder verification for the card application. A
(CVM) List card may contain multiple CVM Lists for use in different circumstances such as
international and domestic transactions. A CVM List contains the following:
● Amount X—An amount that may be used in CVM usage conditions
● Amount Y—A second amount that may be used in CVM usage conditions
● CVM entries—The CVM List may contain more than one entry, with each entry
containing the following subfields:
Subfield Description
CVM Code Designates the action to take if the CVM fails. Choices are to
process the next CVM entry or to fail CVM processing.
CVM Type The type of CVM to perform, for example, offline PIN.
CVM Conditions when this CVM entry should be used, for example,
Conditions if the terminal supports the CVM Type (offline PIN).
Refer to the Visa Integrated Circuit Card Specification, Chapter 8, Cardholder
Verification, for an example showing how issuers might define a CVM List.
31 Oct 2001
Draft 12/18/00 Visa Public 8–3
Cardholder Verification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Application Default Action A data element used by the card to determine what action, if any, to take if offline
(ADA) PIN tries are exceeded.
Card Verification Results (CVR) Contains indicators, which the card sets for the following conditions:
● Offline PIN verification performed
● Offline PIN verification failed
● PIN Try Limit exceeded
● Application blocked because PIN Try Limit exceeded
PIN Try Counter Number of offline PIN tries remaining. The card decrements the PIN Try Counter
each time a cardholder-entered offline PIN fails verification. The card resets the
PIN Try Counter to the PIN Try Limit when the cardholder-entered PIN matches
the Reference PIN stored in the card or when a script command to reset the
counter is successfully processed. The terminal may request the PIN Try Counter
from the card prior to PIN entry so the terminal may determine whether the PIN
tries have already been exceeded and notify the cardholder if only one PIN try
remains.
PIN Try Limit Issuer-specified maximum number of consecutive incorrect PIN tries allowed for a
single application.
Reference PIN The cardholder PIN, which is stored in a secure location on the card.
8–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.1 Card Data
Application Overview, Version 1.4.0
Certificate Authority Public Key With the RID, designates the Visa CA Public Key to use to recover the Issuer PK
Index (PKI) Certificate.
ICC PIN Encipherment or ICC Used to decipher the enciphered PIN after it is received at the card. Stored in a
Private Key secret location on the card.
ICC PIN Encipherment or ICC Encrypted with the Issuer Private Key. Contains the card’s public key to be used in
Public Key (PK) Certificate PIN encipherment.
ICC PIN Encipherment or ICC Used in the algorithm that deciphers the enciphered PIN.
Public Key Exponent
ICC PIN Encipherment or ICC Contains the portion, if necessary, of the public key that does not fit into the public
Public Key Remainder key certificate.
Issuer Public Key Data Used to decipher the ICC PIN Encipherment or ICC PK Certificate. This is the
same certificate and other Issuer Public Key data used for DDA and SDA (see
Chapter 6, Offline Data Authentication).
Registered Application Provider Used by the terminal with the Certificate Authority Public Key Index to identify the
Identifier (RID) Visa CA Public Key to be used to recover the Issuer PK Certificate.
31 Oct 2001
Draft 12/18/00 Visa Public 8–5
Cardholder Verification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Enciphered Personal Transaction PIN enciphered at the PIN pad for online verification or for offline
Identification Number (PIN) verification.
Data
Personal Identification Number Secret key used by the PIN pad to encipher the entered offline PIN and by the
(PIN) Pad Secret Key card reader to decipher the enciphered PIN. This key is required when the PIN
pad and card reader are not integrated into a single tamper-evident device. This
key is different from the key used for Offline Enciphered PIN.
Terminal Verification Results Indicators are set in the TVR for the following conditions:
(TVR) ● Cardholder verification was not successful
● Unrecognized CVM
● PIN Try Limit exceeded
● PIN entry required and PIN pad not present or not working
● PIN entry required, PIN pad present, but PIN was not entered
● Online PIN entered
Transaction Personal Contains data entered by the cardholder for PIN verification.
Identification Number (PIN)
Visa CA Public Keys Must be present if the terminal supports Offline Enciphered PIN.
8–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.3 Commands
Application Overview, Version 1.4.0
8.3 Commands
The following commands are used for offline PIN processing:
GET DATA
Used by the terminal to obtain the PIN Try Counter from the card in order to
determine whether the PIN Try Limit was exceeded on a previous transaction
or is close to being exceeded.
The GET DATA command contains the tag of the PIN Try Counter.
The GET DATA response contains the PIN Try Counter. If the PIN Try
Counter is in a proprietary data file, the card returns an error response to
GET DATA and the terminal bypasses the checking of the PIN Try Counter
and continues with Offline PIN processing.
GET CHALLENGE
Used by the terminal to obtain an unpredictable number from the card for use
in Offline Enciphered PIN. The card and terminal support the GET
CHALLENGE command if they support Offline Enciphered PIN.
The GET CHALLENGE response contains a card-generated unpredictable
number.
VERIFY
Used for Offline Enciphered PIN and Offline Plaintext PIN.
The VERIFY command contains the cardholder-entered PIN and initiates the
card comparison of this PIN with the Reference PIN stored on the card.
The card response indicates one of the following conditions:
● The PINs match
●
The PINs do not match and the number of PIN tries remaining is “n”. If
“n” is equal to “0”, PIN tries have been exceeded on the current
transaction
●
The PIN tries were exceeded on a previous transaction
The card and terminal support the VERIFY command if they support Offline
PIN processing.
31 Oct 2001
Draft 12/18/00 Visa Public 8–7
Cardholder Verification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
8.4 Processing
Cardholder Verification processing is divided into two parts: the processing of
the card’s CVM List and the execution of the CVMs specified in the CVM List.
8–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.4 Processing
Application Overview, Version 1.4.0
Card Terminal C
Card
Terminal sets chip
provided CVM N D N
data missing in TVR
List?
Y
A
Terminal sets
Y unrecognized CVM
code in TVR B
Terminal sets
“cardholder
A
verification not
successful” in TVR
Perform PIN
Processing
CVM = PIN? Y (Figure 8-2)
Terminal proceeds to
D Terminal Risk
Management
N
31 Oct 2001
Draft 12/18/00 Visa Public 8–9
Cardholder Verification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
8–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.4 Processing
Application Overview, Version 1.4.0
In support of this process, the issuer may either generate a card-unique ICC
PIN Encipherment key pair or may use the same ICC key pair used for DDA.
8.4.2.4 Signature
When signature is the CVM, the terminal prints a receipt with a line for the
cardholder to sign.
31 Oct 2001
Draft 12/18/00 Visa Public 8–11
Cardholder Verification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Card Terminal
Perform PIN
Processing
CVM is online or
offline PIN
Perform CVM
Is PIN PAD Code action
N
operable? (see A in
Figure 8-1)
Type of PIN?
Offline or
Online PIN?
Online
Offline PIN PIN Offline
PIN
8–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.4 Processing
Application Overview, Version 1.4.0
Card Terminal
Offline PIN
Processing
GET Offline
Card generates Y
CHALLENGE Enciphered
unpredictable number
command PIN?
Y
Decipher PIN using
ICC PIN
N
Encipherment (or
ICC) Private Key VERIFY
successful?
B N
Entered
Decrement PIN Try Y
N PIN = Reference
Counter by 1.
PIN? PIN Try Limit
Exeeded?
Y
N
PIN Try Limit
Exceeded? Reset PIN Try VERIFY Return to
Counter to PIN Try response PIN Prompt
Limit Figure 8-2
Y Y A Y
Set VERIFY return
code to Fail with no
retries remaining
ADA Set VERIFY return
N code to Successful
“If PIN Try Limit
exceeded, block Completion Perform
applic” = 1? CVM Code
action
31 Oct 2001
Draft 12/18/00 Visa Public 8–13
Cardholder Verification Visa Integrated Circuit Card
Application Overview, Version 1.4.0
8–14
Draft 12/18/00 Visa Public 31 Oct 2001
Terminal Risk Management 9
31 Oct 2001
Draft 12/18/00 Visa Public 9–1
Terminal Risk Management Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Application Primary Account Valid cardholder account number used in terminal exception file checking.
Number (PAN)
Application Transaction Counter A count of the number of transactions processed by the card since
(ATC) personalization. It is used in terminal velocity checking.
Last Online ATC Register The ATC value of the last transaction that went online. If terminal velocity checking
or new card checking by the terminal is required by the card, this data element
and both of the data elements listed below must be present.
Lower Consecutive Offline Limit This data element (tag “9F14”) is the Issuer-specified preference for the maximum
number of consecutive offline transactions allowed before a transaction must be
sent online if the terminal is online capable. It is used in terminal velocity
checking.
Upper Consecutive Offline Limit This data element (tag “9F23”) is the Issuer-specified preference for the maximum
number of consecutive offline transactions allowed before transactions must be
declined offline. It is used in terminal velocity checking.
9–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 9.2 Terminal Data
Application Overview, Version 1.4.0
Amount, Authorized This numeric data element stores the amount (excluding adjustments) for the
current transaction. It is used in floor limit checking.
Maximum Target Percentage to Value used for random selection of transactions for online processing.
be used for Biased Random
Selection
Target Percentage to be used Value used for random selection of transactions for online processing.
for Random Selection
Terminal Floor Limit This data element (tag ‘9F1B’) indicates the floor limit in the terminal associated
with the Application Identifier for the application. It is used in floor limit checking
and random selection of transactions for online processing.
Terminal Verification Results A series of indicators in which the results of offline processing from a terminal
(TVR) perspective are recorded. It is used to record the results of all terminal risk
management checks.
Threshold Value for Biased Value used for random selection of transactions for online processing.
Random selection
Transaction Log To prevent split sales, the terminal may have a transaction log of approved
transactions. This log minimally contains the Application PAN and transaction
amount and optionally contains the Application PAN Sequence Number and
Transaction Date. The number of transactions to be stored and maintenance of
the log is outside the scope of this specification. This log, if present, may be used
in terminal floor limit checking.
Transaction Status Information Indicates the functions performed by the terminal. This data element is not
(TSI) provided in the online authorization and clearing messages but is used by the
terminal to indicate that terminal risk management was performed.
31 Oct 2001
Draft 12/18/00 Visa Public 9–3
Terminal Risk Management Visa Integrated Circuit Card
Application Overview, Version 1.4.0
9–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 9.8 Terminal Velocity Checking
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 9–5
Terminal Risk Management Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Card Terminal
Transaction
Terminal exception
log present
file present?
in terminal?
Y Y
Y N N Y
N N
Merchant
Terminal Terminal sets transaction
elected to force
randomly selects selected randomly for
transaction Y
transaction for online online processsing bit
online?
processing? to “1” in TVR
Y
N
Terminal sets merchant
forced transaction online bit N
to “1” in TVR B
9–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 9.9 New Card Checking
Application Overview, Version 1.4.0
Card B Terminal
ATC
minus Last Online
ATC Register > Upper N
Consecutive Offline
Limit
Y
Terminal sets Upper
Consecutive Offline Limit
Exceeded bit to “1”
in TVR
31 Oct 2001
Draft 12/18/00 Visa Public 9–7
Terminal Risk Management Visa Integrated Circuit Card
Application Overview, Version 1.4.0
9–8
Draft 12/18/00 Visa Public 31 Oct 2001
Terminal Action Analysis 10
In Terminal Action Analysis, the terminal applies rules set by the issuer in
the card and by the acquirer in the terminal to the results of offline processing
to determine whether the transaction should be approved offline, declined
offline, or sent online for an authorization.
Terminal Action Analysis involves two steps:
1. Review Offline Processing Results—The terminal reviews the results
of offline processing, recorded by the terminal in the Terminal Verification
Results, to determine whether the transaction should go online, be
approved offline, or be declined offline. This process considers
issuer-defined criteria from the card called Issuer Action Codes (IACs)
and Visa-defined criteria in the terminal called Terminal Action Codes
(TACs).
2. Request Cryptogram Processing—The terminal requests a
cryptogram from the card.
A decision for an offline approval or request for online processing made during
Terminal Action Analysis is not final. As a result of Card Action Analysis (see
Chapter 11, Card Action Analysis), the card may override the terminal’s
decision. Decisions to decline offline may not be overridden.
This chapter is organized into the following sections:
10.1 Card Data
10.2 Terminal Data
10.3 GENERATE APPLICATION CRYPTOGRAM (AC) Command
10.4 Processing
10.5 Prior Related Processing
10.6 Subsequent Related Processing
31 Oct 2001
Draft 12/18/00 Visa Public 10–1
Terminal Action Analysis Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Issuer Action Codes (IACs) The IACs are three data elements called IAC Denial, IAC Online, and IAC Default.
Each IAC consists of a series of bits, which correspond to the bits in the Terminal
Verification Results (TVR).
● IAC Denial bits set to “1” reflect the TVR conditions for which the transaction is
to be declined offline
● IAC Online bits set to “1” represent online authorization conditions
● IAC Default bits set to “1” are the conditions for an offline decline if online
processing is not available
Similar codes called Terminal Action Codes (TACs) are defined in the terminal.
The card data element shown in Table 10–2 is used in cryptogram processing.
Card Risk Management Data The CDOL1 contains the tags and lengths of the terminal data objects that are
Object List 1 (CDOL1) needed by the card to generate the first application cryptogram and for other
processing.
10–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 10.2 Terminal Data
Application Overview, Version 1.4.0
Terminal Action Codes (TACs) The TACs are three data elements called TAC Denial, TAC Online, and TAC
Default. Like the IACs, each TAC consists of a series of bits, which correspond to
the bits in the Terminal Verification Results (TVR).
● TAC Denial bits set to “1” reflect the TVR conditions for which the transaction is
to be declined offline
● TAC Online “1”bits represent online authorization conditions
● TAC Default “1” bits are the conditions for an offline decline if online processing
is not available
The required TAC settings are defined by Visa in the Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0, Chapter 10.
Terminal Verification Results The TVR is a series of bits, which are set during transaction processing to
(TVR) represent offline processing results.
The terminal data elements described in Table 10–4 are used in cryptogram
processing.
Terminal Data Elements The terminal data elements specified in the CDOL1 from the card are included in
the GENERATE APPLICATION CRYPTOGRAM (AC) command.
31 Oct 2001
Draft 12/18/00 Visa Public 10–3
Terminal Action Analysis Visa Integrated Circuit Card
Application Overview, Version 1.4.0
10.4 Processing
Terminal Action Analysis processing has two steps:
● The review of offline processing results
● The request for an Application Cryptogram
10–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 10.4 Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 10–5
Terminal Action Analysis Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Card Terminal
Any transaction
conditions which card
or terminal have
set to Decline?
Any Y
transaction
Online capable conditions that the card
N Y
terminal? or terminal have set to
Decline if no
online?
Any
transaction N
conditions which card
N
or terminal have
set for Online
Auth?
10–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 10.5 Prior Related Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 10–7
Card Action Analysis 11
Card Action Analysis allows issuers to perform velocity checking and other
risk management that is internal to the card. Visa proprietary card risk
management features described in this section include checking:
●
Activity on previous transactions
● New card
●
Velocity counters
This chapter is organized into the following sections:
11.1 Card Data
11.2 Terminal Data
11.3 GENERATE APPLICATION CRYPTOGRAM (AC) Command
11.4 Processing
11.5 Flow
11.6 Prior Related Processing
11.7 Subsequent Related Processing
31 Oct 2001
Draft 12/18/00 Visa Public 11–1
Card Action Analysis Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Application Cryptogram A cryptogram returned by the card in the response to the GENERATE
APPLICATION CRYPTOGRAM (AC) command.
● An Application Authentication Cryptogram returned for declines is known as an
AAC
● A Transaction Certificate returned for approvals is known as a TC
● An Authorization Request Cryptogram returned when online processing is
requested is known as an ARQC
Data Requested in Card Risk The terminal provides the data requested by the card in the CDOL1. Refer to the
Management Data Object List Visa Integrated Circuit Card Specification, Appendix E, Cryptogram Versions
(CDOL1) Supported, for a list of data required.
11–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 11.4 Processing
Application Overview, Version 1.4.0
11.4 Processing
At the end of Terminal Action Analysis, the terminal issues the GENERATE
AC command to the card to request an application cryptogram and to provide
data requested by the card in the CDOL1. This processing is described in
Chapter 10, Terminal Action Analysis.
The GENERATE AC command, which the card receives from the terminal,
contains the Cryptogram Type, which the terminal is requesting. This
Cryptogram Type indicates the terminal’s transaction decision (approve
offline, decline offline, send online).
The GENERATE AC command received from the terminal also indicates if
Combined DDA/AC Generation is to be performed.
31 Oct 2001
Draft 12/18/00 Visa Public 11–3
Card Action Analysis Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Card Responds
AAC ARQC TC
Decline — —
Terminal AAC
Requests
Decline Go Online —
ARQC
11–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 11.4 Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 11–5
Card Action Analysis Visa Integrated Circuit Card
Application Overview, Version 1.4.0
11.5 Flow
Figure 11–1: Card Action Analysis
Terminal
D Y Requested Decline
(AAC)?
Y
N
Terminal
Card Response = Y requested Go Online
Decline (AAC) (ARQC)?
Terminal requested
approval (TC)
Card
D Y Response = Decline
(AAC)?
GEN AC response =
Combined DDA/AC Approve (TC)
Generation?
N
Y D
Create Dynamic
Respond to GENERATE
Signature of ARQC or
TC AC
11–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 11.6 Prior Related Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 11–7
Online Processing 12
Online Processing allows the issuer’s host computer to review and authorize
or decline transactions using the issuer’s host-based risk management
parameters. In addition to performing traditional online fraud and credit
checks, host authorization systems may perform Online Card Authentication
using a card-generated dynamic cryptogram and should consider offline
processing results in the authorization decision.
The response from the issuer may include post-issuance updates to the card
and an issuer-generated cryptogram, which the card can validate to assure
that the response came from the valid issuer. This validation is called Issuer
Authentication.
This chapter describes the card and terminal online processing functions,
which are new with Visa Smart Debit and Visa Smart Credit (VSDC). Online
processing functions, which are also performed with magnetic stripe-read and
key-entered transactions, are outside the scope of this document and not
described.
This chapter is organized in the following manner:
12.1 Card Data
12.2 Terminal Data
12.3 Online Request and Response Data
12.4 Commands
12.5 Processing
12.6 Prior Related Processing
12.7 Subsequent Related Processing
31 Oct 2001
Draft 12/18/00 Visa Public 12–1
Online Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Application Interchange Profile The AIP received during Initiate Application Processing contains a bit that
(AIP) indicates whether the card supports Issuer Authentication.
The card uses the card data described in Table 12–2 during Issuer
Authentication.
Authorization Request The cryptogram generated by the card earlier in the transaction. The ARQC and
Cryptogram (ARQC) the Authorization Response Code are the input to the Authorization Response
Cryptogram (ARPC) validation process.
Unique DEA Keys (UDK) The DES keys used for ARPC validation. These are the same keys used to
generate the ARQC.
Card Verification Results (CVR) Contains a bit that is set if Issuer Authentication fails.
12–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 12.2 Terminal Data
Application Overview, Version 1.4.0
Terminal Verification Results Contains a bit that is set when Issuer Authentication is unsuccessful.
(TVR)
Transaction Status Information Contains a bit that is set when Issuer Authentication is performed.
(TSI)
31 Oct 2001
Draft 12/18/00 Visa Public 12–3
Online Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
12.4 Commands
The following commands are used during Online Processing:
GENERATE APPLICATION CRYPTOGRAM (AC) Command Response
The terminal receives the card’s response to the GENERATE APPLICATION
CRYPTOGRAM (AC) command, which contains the Application Cryptogram.
The GENERATE AC command is sent to the card during Terminal Action
Analysis. The GENERATE AC command may indicate that Combined
DDA/AC Generation be performed.
The card returns the GENERATE AC response at the end of Card Action
Analysis. The response is received by the terminal at the beginning of Online
Processing. The response includes the first Application Cryptogram and the
Cryptogram Type. If the response is an ARQC or a TC and Combined DDA/AC
Generation is performed, the response is a dynamic signature.
EXTERNAL AUTHENTICATE Command
If Issuer Authentication is to be performed, the terminal issues the
EXTERNAL AUTHENTICATE command with the Issuer Authentication
Data requesting that the card validate the Authorization Response
Cryptogram (ARPC), which is included in the command.
The response from the card indicates whether Issuer Authentication passed or
failed.
12–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 12.5 Processing
Application Overview, Version 1.4.0
12.5 Processing
Standard Online Processing includes processing the online request,
processing the online response, and optionally performing Issuer
Authentication. If Combined DDA/AC Generation is to be performed,
processing includes validation of the dynamic signature.
31 Oct 2001
Draft 12/18/00 Visa Public 12–5
Online Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
12–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 12.5 Processing
Application Overview, Version 1.4.0
Online
Card Terminal Authorization
Card Action Analysis
Systems
(see Chapter 11) A
GENERATE AC Y
Card sets cryptogram AAC (decline
to send online, command cryptogram)
approve offline, or response returned?
Terminal proceeds
decline offline to Completion
N
(see chapter 13)
Combined
DDA/Gen. AC Y
requested?
A N Y Valid Dynamic
Signature?
N ARQC N
returned?
Terminal indicates
in TVR DDA/AC
Y Generation failed
Perform online
Send transaction
Online authorization
online for
Response processing and
authorization
return response
Online
Response
EXTERNAL
AUTHENTICATE Terminal sets Issuer
command Auth. results
response indicators N
Terminal proceeds to
Completion
(see chapter 13)
31 Oct 2001
Draft 12/18/00 Visa Public 12–7
Online Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
12–8
Draft 12/18/00 Visa Public 31 Oct 2001
Completion 13
31 Oct 2001
Draft 12/18/00 Visa Public 13–1
Completion Visa Integrated Circuit Card
Application Overview, Version 1.4.0
13–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.1 Card Data
Application Overview, Version 1.4.0
Issuer Application Data Includes Visa discretionary data and issuer discretionary data for transmission to
the Issuer, including the CVR.
Card Verification Results (CVR) A Visa proprietary data element containing indicators, which are set based upon
the results of offline processing for current and previous transactions. The CVR is
included in the clearing transaction as “proof” of card processing.
31 Oct 2001
Draft 12/18/00 Visa Public 13–3
Completion Visa Integrated Circuit Card
Application Overview, Version 1.4.0
The card uses the internal card data elements described in Table 13–2 during
Completion. Other data elements used are listed in the Visa Integrated Circuit
Card Specification, Chapter 12, Completion.
Application Default Action A Visa proprietary data element indicating the action a card should take when
(ADA) exception conditions occur.
CDOL2 A list of data objects (tags and lengths) for the terminal to pass to the card with the
second GENERATE AC command.
Authorization Response Code Provided to the card to indicate if the transaction is approved or declined and if the
authorization was performed offline or online.
Terminal Verification Results Contains indicators that are set to record offline processing results, such as SDA
(TVR) failure or floor limit exceeded, from a terminal perspective.
13–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.4 Processing
Application Overview, Version 1.4.0
13.4 Processing
Completion involves three steps:
● The terminal determines the transaction disposition and issues a second
GENERATE AC command to the card if an online authorization was
completed.
● The card determines the final transaction response and resets card
indicators based card parameters and Issuer Authentication status.
● The terminal completes the transaction.
31 Oct 2001
Draft 12/18/00 Visa Public 13–5
Completion Visa Integrated Circuit Card
Application Overview, Version 1.4.0
13–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.4 Processing
Application Overview, Version 1.4.0
Based on the results of this processing, the terminal issues the final
GENERATE AC command to the terminal. The Cryptogram Type requested
in the final GENERATE AC command indicates whether the transaction is to
be declined (AAC) or approved (TC). This command also includes an
Authorization Response Code, shown in Table 13–4, which indicates that an
online authorization was not completed.
Terminal Authorization
Requests Response Code Transaction Disposition
31 Oct 2001
Draft 12/18/00 Visa Public 13–7
Completion Visa Integrated Circuit Card
Application Overview, Version 1.4.0
● TC (Approval) Requested
If the terminal requests an approval (TC) in the final GENERATE AC
command, the card responds with either an approval or a decline response
based on the status of Issuer Authentication processing and card’s Issuer
Authentication options.
The card converts the approval to a decline if either of the following conditions
is true:
● Issuer Authentication failed and the ADA indicates that the transaction
should be declined if Issuer Authentication fails
● Issuer Authentication is mandatory, was not performed, and the ADA
indicates that the transaction should be declined if Issuer Authentication
is mandatory and not performed
If neither of the above conditions is true, the card responds with an approval.
Refer to the Visa Integrated Circuit Card Specification, Chapter 13,
Completion, for details on how indicators and counters are set and reset for
these conditions.
13–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.4 Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 13–9
Completion Visa Integrated Circuit Card
Application Overview, Version 1.4.0
13.5 Flow
Figure 13–1: Completion
Card Terminal
Terminal analyzes first
GENERATE AC
response
Set Authorization
Response Code to
Y1 (approve) or
Card returned Z1 (decline) based
N on card response and
ARQC?
results of Combined
DDA/AC Generation if
performed
Set Authorization
Response Code to
Y3 (approval) or
Y
Z3 (decline)
Final
Card receives Final Set Application
GENERATE AC
Generate AC Cryptogram to TC
Command
(approval) or AAC
(decline)
Card may
convert online
Auth Resp.
approval to a
Code = Y3 or
N decline based
Terminal requests AAC
Z3 (Unable to go
on Issuer
online)? or TC in Final
Authentication
GENERATE AC
results
Final A
GENERATE AC
Card responds to Final Response
GENERATE AC with TC Terminal completes
(approve) or AAC transaction
(decline)
13–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.6 Prior Related Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 13–11
Issuer-to-Card Script Processing 14
31 Oct 2001
Draft 12/18/00 Visa Public 14–1
Issuer-to-Card Script Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
14–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 14.1 Script-Related Keys
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 14–3
Issuer-to-Card Script Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
These data encipherment keys are required if the Visa recommended method
of secure messaging is supported and the issuer script commands may include
confidential data such as Offline PIN values.
Application Transaction Counter The ATC is used in the generation of the Message Authentication Code (MAC)
(ATC) and Data Encipherment session keys.
Card Verification Results (CVR) The CVR contains flags related to script processing, which are updated with the
script results.
Issuer Script Command The Issuer Script Command Counter is used to count the Script Update
Counter commands received during a transaction.
Issuer Script Failure Indicator The Issuer Script Failure Indicator is set when Issuer Script processing fails and
remains set until it is reset after a subsequent online transaction.
14–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 14.3 Terminal Data
Application Overview, Version 1.4.0
Issuer Script Results The Issuer Script Results contains the results of Issuer Script processing and is
sent to the issuer in a clearing message or other online message.
Terminal Verification Results The TVR contains indicators that are set if Issuer Script processing fails.
(TVR)
Transaction Status Information The TSI contains an indicator that is set if an issuer script is processed.
(TSI)
Issuer Script Command The Issuer Script command contains the command transmitted from the issuer,
which is sent to the card.
Issuer Script Identifier The Issuer Script Identifier is a number used to uniquely identify an issuer script.
Issuer Script Template 2 The Issuer Script Template 2 contains proprietary issuer data for transmission to
the card after the final GENERATE AC command.
31 Oct 2001
Draft 12/18/00 Visa Public 14–5
Issuer-to-Card Script Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
14.5 Commands
The following script commands for Issuer Script processing are supported:
APPLICATION BLOCK
This command blocks the use of the selected application. If the application is
blocked during the processing of a transaction, the card and terminal continue
to process the transaction through Completion. During any subsequent
application selection, the card does not allow the blocked application to be
available for application selection to perform a financial transaction. The
terminal may select an application that was blocked in order to unblock the
application. However, if this occurs, the card is required to return an
Application Authentication Cryptogram (AAC) in response to a GENERATE
APPLICATION CRYPTOGRAM (AC) command.
APPLICATION UNBLOCK
This command reverses the status of an application that is blocked.
Unblocking of an application occurs only at a special device designated by the
issuer.
CARD BLOCK
The CARD BLOCK command permanently disables all applications on the
card.
PIN CHANGE/UNBLOCK
The PIN CHANGE/UNBLOCK command provides the issuer with the
capability either to unblock the Reference PIN (reset the PIN Try Counter) or
to simultaneously change and unblock the Reference PIN.
PIN changes using PIN CHANGE/UNBLOCK or other methods should only
be performed within a secure environment controlled by the issuer.
14–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 14.5 Commands
Application Overview, Version 1.4.0
PUT DATA
The PUT DATA command allows specific primitive data objects in the card to
be updated. In this version of the Visa Integrated Circuit Card Specification,
only the following data elements should be allowed to be updated using Issuer
Script processing:
●
Lower Consecutive Offline
● Upper Consecutive Offline Limit
● Consecutive Transaction Limit (International)
● Consecutive Transaction Limit (International—Country)
● Cumulative Total Transaction Amount Limit
● Cumulative Total Transaction Amount Upper Limit
● Cumulative Total Transaction Amount Limit (Dual Currency)
● Currency Conversion Factor
● VLP Single Transaction Limit
● VLP Funds Limit
If terminal velocity checking is not supported, all of these card data elements,
if present, are stored in proprietary internal files. If terminal velocity checking
is supported, the Lower Consecutive Offline Limit and the Upper Consecutive
Offline Limit are stored in records and accessible to the terminal using the
READ RECORD command.
UPDATE RECORD
The UPDATE RECORD command is used to update a record in a file with the
data provided in the command’s data field.
The UPDATE RECORD command is required to update the PIN Verification
Value (PVV) in the track data on the chip to support a PIN change. It is also
required for updates to the Upper and Lower Consecutive Offline Limits if
Terminal Velocity Checking is supported by the card. Issuer script commands
cannot be used to update the data on the physical magnetic stripe.
31 Oct 2001
Draft 12/18/00 Visa Public 14–7
Issuer-to-Card Script Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
14.6 Processing
Issuer-to-Card Script Processing is comprised of issuer scripts, command
processing, and secure messaging.
14–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 14.6 Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 14–9
Issuer-to-Card Script Processing Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Card Terminal
Terminal completes
Online Processing
and Completion
Issuer Script
present in N
response?
Card processes
command including Script Terminal sends
performing secure Command command to card
messaging
Y
Response Another
Command Card sets response code shows N command
processing Y error? present?
code for success
successful?
Y
N
Script N
Command
Response
Terminal sets Issuer
Script Processing
Performed in TSI bit
Terminal completes
transaction
processing
14–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 14.8 Prior Related Processing
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 14–11
Acronyms A
Acronym Meaning
a alpha
AC Application Cryptogram
an alphanumeric
31 Oct 2001
Draft 12/18/00 Visa Public A–1
Acronyms Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Acronym Meaning
Auth. authentication
b binary
C conditional
CA Certificate Authority
Cert. certificate
cn compressed numeric
Cons. consecutive
Cum. cumulative
A–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Acronyms
Application Overview, Version 1.4.0
Acronym Meaning
DF dedicated file
hex. hexadecimal
IA Issuer Authentication
31 Oct 2001
Draft 12/18/00 Visa Public A–3
Acronyms Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Acronym Meaning
IC integrated circuit
Int’l international
M mandatory
n numeric
A–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Acronyms
Application Overview, Version 1.4.0
Acronym Meaning
No. number
O optional
P1 Parameter 1
P2 Parameter 2
PK public key
R required
31 Oct 2001
Draft 12/18/00 Visa Public A–5
Acronyms Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Acronym Meaning
TC Transaction Certificate
TLV tag-length-value
Txn. transaction
var. variable
YDDD year, day where Y = right-most digit of the year (0–9) and DDD = Julian
day of the year (001–366)
A–6
Draft 12/18/00 Visa Public 31 Oct 2001
Glossary
This is a glossary of terms used in this specification; it is not intended as a data dictionary.
For descriptions of specific card and issuer data elements, refer to Appendix A of the Card
and Terminal volumes of this specification.
acquirer
A Visa member that signs a merchant or disburses currency to a cardholder in a cash
disbursement, and directly or indirectly enters the resulting transaction into interchange.
ANSI
American National Standards Institute. A U.S. standards accreditation organization.
application
A computer program and associated data that reside on an integrated circuit chip and
satisfy a business function. Examples of applications include payment, stored value, and
loyalty.
application block
Instructions sent to the card by the issuer, to shut down the selected application on a card
to prevent further use of that application. This process does not preclude the use of other
applications on the card.
ATM
An unattended terminal that has electronic capability, accepts PINs, and disburses
currency or checks.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–1
Glossary Visa Integrated Circuit Card
Application Overview, Version 1.4.0
authentication
A cryptographic process that validates the identity and integrity of data.
authorization
A process where an issuer or a representative of the issuer approves a transaction.
authorization controls
Information in the chip application enabling the card to act on the issuer’s behalf at the
point of transaction. The controls help issuers manage their below-floor-limit exposure to
fraud and credit losses. Also known as offline authorization controls.
authorization request
A merchant’s or acquirer’s request for an authorization.
authorization response
The issuer’s reply to an authorization request. Types of authorization responses are:
● approval
● decline
● pickup
●
referral
Glossary–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card BASE I Authorization System
Application Overview, Version 1.4.0
BASE II
The VisaNet system that provides deferred clearing and settlement services to members.
byte
8 bits of data.
card authentication
A means of validating whether a card used in a transaction is the genuine card issued by
the issuer.
card block
Instructions, sent to the card by the Issuer, which shut down all proprietary and
non-proprietary applications that reside on a card to prevent further use of the card.
cardholder
An individual to whom a card is issued or who is authorized to use that card.
cardholder verification
The process of determining that the presenter of the card is the valid cardholder.
cash disbursement
Currency, including travelers cheques, paid to a cardholder using a card.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–3
Glossary Visa Integrated Circuit Card
Application Overview, Version 1.4.0
cashback
Cash obtained in conjunction with, and processed as, a purchase transaction.
CCPS
Chip Card Payment Service, the former name for Visa Smart Debit and Visa Smart Credit
(VSDC).
chargeback
A transaction that an issuer returns to an acquirer.
chip
An electronic component designed to perform processing or memory functions.
chip-capable
A card acceptance device that is designed and constructed to facilitate the addition of a
chip reader/writer.
chip card
A card embedded with a chip that communicates information to a point-of-transaction
terminal.
clearing
The collection and delivery to the issuer of a completed transaction record from an
acquirer.
cleartext
See plaintext.
cryptogram
A numeric value that is the result of data elements entered into an algorithm and then
encrypted. Commonly used to validate data integrity.
cryptographic key
The numeric value entered into a cryptographic algorithm that allows the algorithm to
encrypt or decrypt a message.
cryptography
The art or science of keeping messages secret or secure, or both.
Glossary–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card CVM List
Application Overview, Version 1.4.0
CVM List
An issuer-defined list contained within a chip application establishing the hierarchy of
methods for verifying the authenticity of a cardholder.
data authentication
Validation that data stored in the integrated circuit card has not been altered since card
issuance. See also Offline Data Authentication.
decryption
The process of transforming ciphertext into cleartext.
DES key
A secret parameter of the Data Encryption Standard algorithm.
digital signature
A cryptogram generated by encrypting a message digest (or hash) with a private key that
allows the message content and the sender of the message to be verified.
Easy Entry
A replication of the magnetic stripe information on the chip to facilitate payment as part of
multi-application programs. Easy Entry is not EMV-compliant and is being phased out.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–5
Glossary Visa Integrated Circuit Card
Application Overview, Version 1.4.0
EMV specifications
Technical specifications developed jointly by Europay International, MasterCard
International, and Visa International to create standards and ensure global
interoperability for use of chip technology in the payment industry.
encryption
The process of transforming cleartext into ciphertext.
expired card
A card on which the embossed, encoded, or printed expiration date has passed.
floor limit
A currency amount that Visa has established for single transactions at specific types of
merchants, above which online authorization is required.
hash
The result of a non-cryptographic operation, which produces a unique value from a data
stream.
interchange
The exchange of clearing records between members.
interoperability
The ability of all card acceptance devices and terminals to accept and read all chip cards
that are properly programmed.
Glossary–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card issuer
Application Overview, Version 1.4.0
issuer
A Visa member that issues Visa or Electron cards, or proprietary cards bearing the PLUS
or Visa Electron Symbol.
Issuer Authentication
Validation of the issuer by the card to ensure the integrity of the authorization response.
See Authorization Response Cryptogram (ARPC).
key generation
The creation of a new key for subsequent use.
key management
The handling of cryptographic keys and other related security parameters during the
entire life cycle of the keys, including their generation, storage, distribution, entry and use,
deletion or destruction, and archiving.
magnetic stripe
The stripe on the back of the card that contains the magnetically coded account
information necessary to complete a non-chip electronic transaction.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–7
Glossary Visa Integrated Circuit Card
Application Overview, Version 1.4.0
multi-application
The presence of multiple applications on a chip card (for example, payment, loyalty, and
identification).
nibble
The four most significant or least significant bits of a byte of data.
offline approval
A transaction that is positively completed at the point of transaction between the card and
terminal without an authorization request to the issuer.
offline authorization
A method of processing a transaction without sending the transaction online to the issuer
for authorization.
offline-capable
A card acceptance device that is able to perform offline approvals.
offline decline
A transaction that is negatively completed at the point of transaction between the card
and terminal without an authorization request to the issuer.
offline-only terminal
A card acceptance device that is not capable of sending transactions online for issuer
authorization.
offline PIN
A PIN value stored on the card that is validated at the point of transaction between the
card and the terminal.
online authorization
A method of requesting an authorization through a communications network other than
voice to an issuer or issuer representative.
Glossary–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card online-capable terminal
Application Overview, Version 1.4.0
online-capable terminal
A card acceptance device that is able to send transactions online to the issuer for
authorization.
online PIN
A method of PIN verification where the PIN entered by the cardholder into the terminal
PIN pad is DES-encrypted and included in the online authorization request message sent
to the issuer.
personalization
The process of populating a card with the application data that makes it ready for use.
plaintext
Data in its original unencrypted form.
point-of-transaction terminal
A device used at the point of transaction that has a corresponding point-of-transaction
capability. See also Card Acceptance Device.
post-issuance update
A command sent by the issuer through the terminal via an authorization response to
update the electronically stored contents of a chip card.
private key
As part of an asymmetric cryptographic system, the key that is kept secret and known only
to the owner.
public key
As part of an asymmetric cryptographic system, the key known to all parties.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–9
Glossary Visa Integrated Circuit Card
Application Overview, Version 1.4.0
purchase transaction
A retail purchase of goods or services; a point-of-sale transaction.
quasi-cash transaction
A transaction representing a merchant’s sale of items, such as gaming chips or money
orders, that are directly convertible to cash.
random selection
An EMV online-capable terminal function that allows for the selection of transactions for
online processing. Part of Terminal Risk Management.
receipt
A paper record of a transaction generated for the cardholder at the point of transaction.
referral response
An authorization response where the merchant or acquirer is instructed to contact the
issuer for further instructions before completing the transaction.
reversal
A BASE II or online financial transaction used to negate or cancel a transaction that has
been sent through interchange.
secret key
A key that is used in a symmetric cryptographic algorithm (that is, DES), and cannot be
disclosed publicly without compromising the security of the system. This is not the same as
the private key in a public/private key pair.
secure messaging
A process that enables messages to be sent from one entity to another, and protects against
unauthorized modification or viewing.
Glossary–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card session key
Application Overview, Version 1.4.0
session key
A temporary cryptographic key computed in volatile memory and not valid after a session
is ended.
settlement
The reporting of settlement amounts owed by one member to another or to Visa, as a result
of clearing.
smart card
A commonly used term for a chip card.
transaction
An exchange of information between a cardholder and a merchant or an acquirer that
results in the completion of a financial transaction.
Triple DES
The data encryption algorithm used with a double-length DES key.
V.I.P. System
VisaNet Integrated Payment System, the online processing component of VisaNet.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–11
Glossary Visa Integrated Circuit Card
Application Overview, Version 1.4.0
VisaNet
The systems and services, including the V.I.P. and BASE II systems, through which Visa
delivers online financial processing, authorization, clearing, and settlement services to
members.
Glossary–12
Draft 12/18/00 Visa Public 31 Oct 2001
Index
A Application Version Number, 7–4
Application Version Number (‘9F08’), 7–2
AAC, 10–4 to 10–5, 11–2, 11–4, 11–7, 12–8 to 13–1,
Application Version Number (‘9F09’), 7–3
13–3, 13–5 to 13–9, 14–6
ARPC, 12–2 to 12–4, 12–6
AC. See Application Cryptogram
ARQC, 6–14, 10–4 to 10–5, 11–2, 11–4, 12–2 to 12–6,
ADA. See Application Default Action
12–8 to 13–1, 13–3
ADF. See Application Definition File
ATC, 4–4, 9–2, 9–4 to 9–5, 12–2, 13–3, 14–4
AEF. See Application Elementary Files
ATM, 1–7, 13–9
AFL. See Application File Locator
AUC. See Application Usage Control
AID, 3–2 to 3–3
Authorization Request Cryptogram. See ARQC
AIP. See Application Interchange Profile
Authorization Response Code, 12–2 to 12–3, 12–6,
Amount X, 8–3 13–1, 13–4, 13–6
Amount Y, 8–3 Authorization Response Cryptogram. See ARPC
Amount, Authorized, 9–3 to 9–4 authorization response message, 14–8
Application Authentication Cryptogram. See AAC
APPLICATION BLOCK command, 2–11, 14–6 B
Application Cryptogram, 6–11 to 6–12, 10–4, 11–2, biometrics, 8–1
11–5, 12–2, 12–4 to 12–5, 13–3 to 13–4, 13–6
Application Default Action, 8–4, 8–14, 13–4, 13–8 C
Application Definition File, 3–2 CA Public Key Index. See Certificate Authority Public
Application Effective Date, 7–2, 7–4 Key Index
Application Elementary Files, 3–2, 5–2 candidate list, building the, 3–4
Application Expiration Date, 7–2, 7–5 Card Action Analysis, 2–4, 2–8, 2–10, 6–14, 10–1,
Application File Locator, 4–1 to 4–2, 4–4, 5–2 to 5–3 11–1 to 11–7, 12–4, 12–8, 13–5
Application Identifier. See AID card data, 11–2
Application Interchange Profile, 4–1 to 4–2, 4–4, 8–3, processing, 11–3
8–8, 9–1, 12–2 processing flow, 11–6
Application PAN. See PAN terminal data, 11–2
Application Primary Account Number. See PAN CARD BLOCK command, 2–11, 14–6
Application Selection, 1–7, 2–1, 2–7, 2–9, 3–1 to 3–7, card data
4–4, 4–6, 14–6 for Application Selection, 3–2
card data, 3–2 for Card Action Analysis, 11–2
functions, 3–1 for Completion, 13–4
identifying and selecting the application, 3–4 for Initiate Application Processing, 4–2 to 4–3
processing flow, 3–6 for Issuer-to-Card Script processing, 14–4
terminal data, 3–3 for Online Processing, 12–2
Application Selection Indicator, 1–7, 3–3 for Processing Restrictions, 7–2
Application Transaction Counter. See ATC for Read Application Data, 5–2
APPLICATION UNBLOCK command, 2–11, 8–14, for Terminal Action Analysis, 10–2
14–6 for Terminal Risk Management, 9–2
Application Usage Control, 7–2, 7–4 to 7–5
31 Oct 2001
Draft 12/18/00 Visa Public Index–1
D Visa Integrated Circuit Card
Application Overview, Version 1.4.0
Index–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card E
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00 issuer script, 12–3, 12–5, 13–9
Index–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card R
Application Overview, Version 1.4.0
31 Oct 2001
Draft 12/18/00
SELECT command, 2–12, 3–3 to 3–5
Terminal Risk Management, 2–3, 2–8, 2–10, 8–8, VLP Single Transaction Limit, 14–7
9–1 to 9–8, 10–7
card data, 9–2 Y
processing flow, 9–6 Y3 Authorization Response Code, 13–7
terminal data, 9–3
terminal velocity checking, 9–5, 14–7
Z
terminal velocity checking. See velocity checking, Z1 Authorization Response Code, 13–1, 13–6
terminal Z3 Authorization Response Code, 13–7
Terminal Verification Results. See TVR
terminated transactions, 1–3
Threshold Value for Biased Random Selection, 9–3
Transaction Certificate. See TC
Transaction Date, 7–3 to 7–5
transaction flow, sample, 2–6
Transaction Log, 9–3 to 9–4
Transaction PIN, 8–6, 8–10
Transaction Status Information (TSI), 9–3, 12–3, 12–6,
14–5
Transaction Type, 7–3
TSI. See Transaction Status Information
TVR, 6–8 to 6–9, 7–4 to 7–5, 8–6, 8–8, 9–3 to 9–5,
10–3 to 10–4, 12–3, 12–5 to 12–6, 13–4 to 13–6, 14–5
U
UDKs, 12–2, 12–6
UDKs. See Unique DEA Keys
Unique Data Encipherment DEA Key. See ENC UDK
Unique DEA Keys A and B. See UDKs
Unique Message Authentication Code Key. See MAC
UDK
Unpredictable Number, 6–11
UPDATE RECORD command, 2–12, 14–7
Upper Consecutive Offline Limit, 11–7
Upper Consecutive Offline Limit “9F23”, 9–2, 9–5
Upper Consecutive Offline Limit “9F59”, 14–7
V
velocity checking, card, 11–1, 11–3, 11–7, 13–8
velocity checking, terminal, 9–5
VERIFY command, 2–12, 8–7, 8–10
Visa CA Private Key. See Visa Private Key
Visa CA Public Key. See Visa Public Key
Visa documentation, 1–11
Visa Integrated Circuit Card Specification, 1–1
impact summary, 1–7
revisions, 1–6
update, 1–2
Visa Low-value Payment, 1–7, 1–9, 2–12
Visa Private Key, 6–3 to 6–4, 6–8
Visa Public Key, 6–3, 6–8 to 6–9, 6–11, 6–13, 8–6
VLP Funds Limit, 14–7
Index–6
Draft 12/18/00 Visa Public 31 Oct 2001