Professional Documents
Culture Documents
PayPass MChip Reader Card Application Interface Specification V2 0
PayPass MChip Reader Card Application Interface Specification V2 0
Proprietary Rights
Trademarks
Media
Address
MasterCard Worldwide
2200 MasterCard Boulevard
O'Fallon MO 63368-7263
USA
www.mastercard.com
ii
2008 MasterCard
Table of Contents
Table of Contents
Using this Manual ............................................................................... vii
Purpose ..................................................................................................................... vii
Scope ........................................................................................................................ vii
Audience................................................................................................................... vii
Related Documentation ........................................................................................... viii
Reference Materials................................................................................................... ix
Abbreviations ..............................................................................................................x
Notational Conventions ............................................................................................ xii
Transition Flow Diagrams ....................................................................................... xiii
Document Word Usage ........................................................................................... xiii
Requirement Numbering ......................................................................................... xiv
Guidance on Terminology ....................................................................................... xiv
Document Overview..................................................................................................xv
Introduction ................................................................................ 1
1.1
1.2
1.3
1.4
Commands ................................................................................. 5
2.1
2.2
Introduction........................................................................................................5
COMPUTE CRYPTOGRAPHIC CHECKSUM .............................................................6
2.2.1
2.2.2
2.2.3
2.2.4
2.3
GENERATE AC....................................................................................................7
2.3.1
2.3.2
2.3.3
2.3.4
2.4
2008 MasterCard
iii
Table of Contents
2.4.4
2.5
2.6
Overview..........................................................................................................17
Pre-Processing..................................................................................................17
Protocol Activation ..........................................................................................18
Application Selection.......................................................................................18
3.4.1
3.4.2
SELECT .............................................................................................................13
2.6.1
2.6.2
2.6.3
2.6.4
4.3
Processing ......................................................................................................26
Data Objects...................................................................................................26
Status Bytes ...................................................................................................27
COMPUTE CRYPTOGRAPHIC CHECKSUM .......................................................27
iv
2008 MasterCard
Table of Contents
2008 MasterCard
Scope
This document provides the specifications necessary to achieve interoperability between
PayPass cards and PayPass M/Chip readers. It contains the following definitions as
applied to both PayPass M/Chip and PayPass Mag Stripe purchase transactions:
The definition of commands, responses and data objects exchanged between the card
and PayPass reader
The definition of the command sequence in order to support the purchase transaction
flow
Other transaction types (e.g. refunds) may be supported by the PayPass reader however they
are not discussed in this document.
Audience
This document is intended for use by vendors that want to implement the PayPass M/Chip
application on an acceptance device.
This document is also intended for type approval services that test the actual
implementations against this specification.
2008 MasterCard
vii
Related Documentation
For the purposes of developing PayPass readers this specification should be read in
conjunction with the following MasterCard documents:
Document
Content
The content of this specification overlaps with that of the EMV Entry Point Specification.
For the purposes of developing PayPass readers, the developer has the option of either
Implementing the requirements of the EMV Entry Point Specification in place of those
given in Chapter 3 of this document. The requirements in the remaining chapters of
this document have still to be implemented.
The different documents specifying PayPass reader behavior are summarized in the
following figure:
viii
2008 MasterCard
Reference Materials
The following references are used in this document. The latest version applies unless a
publication date is explicitly stated.
[ISO 639-1]
[ISO 3166-1]
[ISO 4217]
[ISO/IEC 7813]
[ISO/IEC 7816-4]
[ISO/IEC 7816-5]
[ISO 8583:1987]
[ISO 8583:1993]
[ISO/IEC 8859]
[EMV BOOK 1]
[EMV BOOK 2]
[EMV BOOK 3]
[EMV BOOK 4]
[EMVCLPRO]
[EMVEPS]
[PPTIR]
2008 MasterCard
ix
Abbreviations
The following abbreviations are used in this specification:
Abbreviation
Description
AAC
AC
Application Cryptogram
AFL
AID
Application Identifier
AIP
an
Alphanumeric
ans
Alphanumeric Special
ARQC
ATC
Binary
BCD
Conditional
C-APDU
CA
Certification Authority
CDA
CDOL
CID
CLA
cn
Compressed Numeric
CVC
CVM
CVR
DD
Discretionary Data
DDA
DF
Dedicated File
DOL
EMV
FCI
IAD
ICC
INS
ISO
Lc
Le
LRC
2008 MasterCard
Abbreviation
Description
Mandatory
Numeric
NATCTRACK1
NATCTRACK2
NCA
NI
NIC
Optional
PAN
PCVC3TRACK1
PCVC3TRACK2
PDOL
PIN
PPSE
PUNATCTRACK1
PUNATCTRACK2
P1
Parameter 1
P2
Parameter 2
R-APDU
RFU
RID
SDA
SDAD
SSAD
SFI
SW1
SW2
TC
Transaction Certificate
TLV
TVR
UDOL
UN
Unpredictable Number
var.
Variable length
2008 MasterCard
xi
Notational Conventions
The following notations apply in this document:
Notation
Description
1001b
digit
"M/Chip profile is
supported"
Track 1 Data
Data object names are written in italics to distinguish them from the
text.
GENERATE AC
The following table lists symbols that are used throughout this document:
Symbol
Meaning
kTRACK1
kTRACK2
tTRACK1
tTRACK2
nUN
mTRACK1
mTRACK2
qTRACK1
qTRACK2
xii
2008 MasterCard
The symbols are identified with a number. Paragraphs in the textual description starting
with Symbol n correspond to the symbol bearing the same number in the transition flow
diagram. The following example illustrates how it works.
TEST
OK
NOK
must
Defines a product or system capability that is mandatory.
should
Defines a product or system capability that is recommended.
may
Defines a product or system capability that is optional.
2008 MasterCard
xiii
Requirement Numbering
Requirements in this document are uniquely numbered with the number appearing next to
each requirement: For example:
4.3.2.3
If the PDOL is not present, the PayPass reader must use a command data field of
'8300'.
Guidance on Terminology
PayPass Card
Due to the legacy of the plastic card industry and the fact that the most common
PayPass compliant form factor is card based, the term "card" is used frequently
throughout this document. However, the contactless nature of PayPass permits noncard form factors.
The functionality of PayPass cards and devices is driven by the chip inside and is
independent of the form factor in which the chip resides. Therefore the default
reference for the consumer token in this document is "PayPass card" or "card", as
appropriate.
PayPass Reader
The term "PayPass reader" is used to refer to the device supporting the PayPass
M/Chip application and providing the contactless interface used by the PayPass card.
Although this can be an integral part of the terminal, it is considered in this
specification as a separate logical entity.
Terminal
The term "terminal" is used in this document to mean the POS device, as distinct from
the PayPass reader that provides the contactless interface. The terminal and the
PayPass reader may exist in a single integrated device, but are considered separately in
this document.
MasterCard
In this document, the term "MasterCard" is used to refer to MasterCard International
Incorporated and/or its affiliated entities. It does not refer to the MasterCard payment
brand.
xiv
2008 MasterCard
Document Overview
This document is organized as follows:
Section
Description
1 Introduction
2 Commands
3 Application Activation
4 PayPass M/Chip
Transaction Processing
This chapter defines the data object handling for the PayPass
reader.
2008 MasterCard
xv
Introduction
MasterCard Proximity Payment
Introduction
This chapter provides a high-level summary of PayPass M/Chip.
1.1
1.2
All PayPass M/Chip readers support and process PayPass cards that only support the
PayPass Mag Stripe profile.
All PayPass M/Chip cards support the PayPass Mag Stripe profile when presented
at a PayPass Mag Stripe only reader.
2008 MasterCard
Introduction
Architecture
1.3
Architecture
This specification considers the PayPass reader to be a peripheral device of the terminal.
The PayPass reader performs the interaction with the PayPass card and the cardholder. The
architecture is summarized in Figure 1.1.
Figure 1.1PayPass Terminal-Reader Architecture
Note
1.4
The processing carried out by the PayPass reader during a PayPass transaction, including
the interaction with the PayPass card and with the terminal may be summarized as follows:
The terminal enables the PayPass reader and provides the necessary transaction data
(e.g. transaction amount).
Initializes its internal data base and, depending on the transaction amount, sets any
internal flags for which the corresponding transaction limit has been exceeded.
Creates a list of applications that are supported by both the card and PayPass
reader.
Picks the highest priority application from the list of mutually supported
applications, and selects it on the card.
Based on the response from the PayPass card, the PayPass reader continues with either
a PayPass Mag Stripe or PayPass M/Chip transaction.
2008 MasterCard
Introduction
Transaction Processing Summary
For a PayPass M/Chip transaction, the PayPass reader continues with the following
steps:
o
The PayPass reader reads the data records of the PayPass card.
The PayPass reader performs Terminal Risk Management and Terminal Action
Analysis, and selects a cardholder verification method for the transaction.
The PayPass reader requests an application cryptogram from the PayPass card.
For a PayPass Mag Stripe transaction, the PayPass reader continues with the
following steps:
o
The PayPass reader reads the data records from the PayPass card.
The PayPass reader stores the CVC3-related data in the discretionary data fields
of the Track 1 Data and Track 2 Data.
If the outcome of the above processing was successful, the reader provides a visible
and audible indication of a successful PayPass interaction to the cardholder. The
PayPass reader completes the transaction by preparing the necessary Data Record and
Transaction Outcome information and returning it to the terminal.
If the outcome of the above processing was not successful, the reader, if appropriate,
provides an indication of the failure to the cardholder. The PayPass reader either:
o
The decision to provide failure indication and either retry or return control to the
terminal is implementation dependent.
The different stages of the transaction are summarized in Figure 1.2.
2008 MasterCard
Introduction
Transaction Processing Summary
2008 MasterCard
Commands
Introduction
Commands
This chapter defines the commands and responses supported by PayPass M/Chip.
2.1
Introduction
The INS byte of the C-APDU is structured according to [EMV BOOK 1]. The coding of
INS and its relationship to CLA are shown in Table 2.1.
Table 2.1Coding of the Instruction Byte
CLA
INS
Meaning
'80'
'2A'
'80'
'AE'
GENERATE AC
'80'
'A8'
'00'
'B2'
READ RECORD
'00'
'A4'
SELECT
The status bytes returned by the PayPass card are coded as specified in Section 6.3.5 of
[EMV BOOK 3]. In addition to the status bytes specific for every command, the PayPass
card may return the status bytes shown in Table 2.2.
Table 2.2Generic Status Bytes
SW1
SW2
Meaning
'6D'
'00'
'6E'
'00'
'6F'
'00'
No precise diagnosis
2008 MasterCard
Commands
Compute Cryptographic Checksum
2.2
Value
CLA
'80'
INS
'2A'
P1
'8E'
P2
'80'
Lc
var.
Data
Le
'00'
The data field of the command message is coded according to the UDOL following the rules
as defined in Section 5.2. If the PayPass card does not have a UDOL, the PayPass reader
uses the Default UDOL.
2008 MasterCard
Commands
Generate AC
2.3
SW1
SW2
Meaning
'67'
'00'
Wrong length
'69'
'85'
'6A'
'86'
'90'
'00'
Normal processing
GENERATE AC
2.3.1 Definition and Scope
The GENERATE AC command sends transaction-related data to the card, which then
computes and returns an Application Cryptogram. Depending on the risk management in
the card, the cryptogram returned by the PayPass card may differ from that requested in the
command message. The PayPass card may return an AAC (transaction declined), an
ARQC (online authorization request) or a TC (transaction approved).
Value
CLA
'80'
INS
'AE'
P1
P2
'00'
Lc
var.
Data
Le
'00'
2008 MasterCard
Commands
Generate AC
b7
b6
b5
b4
b3
b2
b1
Meaning
AAC
TC
ARQC
RFU
x
RFU
CDA requested
x
RFU
The data field of the command message is coded according to CDOL1 following the rules as
defined in Section 5.2.
Format 1
In the case of format 1, the data object returned in the response message is a primitive data
object with tag equal to '80'. The value field consists of the concatenation without
delimiters (tag and length) of the value fields of the data objects specified in Table 2.7.
Format 1 is only used if CDA is not performed.
Table 2.7GENERATE AC Response Message Data Field (Format 1)
Value
Presence
CID
ATC
AC
IAD
2008 MasterCard
Commands
Generate AC
Format 2
In the case of format 2, the data object returned in the response message will vary depending
on whether CDA was performed or not.
CDA Not Performed
If CDA is not performed, the data object returned in the response message for an AAC,
ARQC or TC is a constructed data object with tag equal to '77', as specified in Table 2.8.
Table 2.8GENERATE AC Response Message Data Field (Format 2) No CDA
Tag
Value
Presence
'77'
'9F27'
CID
'9F36'
ATC
'9F26'
AC
'9F10'
IAD
CDA Performed
If CDA is performed, the data object returned in the response message for an ARQC or TC
is a constructed data object with tag equal to '77'. It contains at least the three mandatory
data objects specified in Table 2.9, and optionally the IAD.
Table 2.9GENERATE AC Response Message Data Field (Format 2) CDA
Tag
Value
Presence
'77'
'9F27'
CID
'9F36'
ATC
'9F4B'
SDAD
'9F10'
IAD
SW2
Meaning
'67'
'00'
Wrong length
'69'
'85'
'6A'
'86'
'90'
'00'
Normal processing
2008 MasterCard
Commands
Get Processing Options
2.4
Value
CLA
'80'
INS
'A8'
P1
'00'
P2
'00'
Lc
var.
Data
Le
'00'
The data field of the command message is the Command Template with tag '83' and with a
value field coded according to the PDOL provided by the PayPass card in the response to
the SELECT command. If the PDOL is not provided by the PayPass card, the length field of
the template is set to zero. Otherwise the length field is the total length of the value fields of
the data objects transmitted to the card. The value fields are concatenated according to the
rules defined in Section 5.2.
Format 1
In the case of format 1, the data object returned in the response message is a primitive data
object with tag equal to '80'. The value field consists of the concatenation without
delimiters (tag and length) of the value fields of the AIP and the AFL, as shown in
Table 2.12.
10
2008 MasterCard
Commands
Get Processing Options
Presence
AIP
AFL
Format 2
In the case of format 2, the data object returned in the response message is a constructed
data object with tag '77' (Response Message Template). The value field may include several
TLV coded objects, but always includes the AIP (tag '82') and AFL (tag '94'), as shown in
Table 2.13.
Table 2.13GET PROCESSING OPTIONS Response Message Data Field
(Format 2)
Tag
Value
Presence
'77'
'82'
AIP
'94'
AFL
SW2
Meaning
'67'
'00'
Wrong length
'69'
'85'
'6A'
'86'
'90'
'00'
Normal processing
2008 MasterCard
11
Commands
Read Record
2.5
READ RECORD
2.5.1 Definition and Scope
The READ RECORD command reads a file record in a linear file. The response of the
PayPass card consists of returning the record.
Value
CLA
'00'
INS
'B2'
P1
Record Number
P2
Lc
Not present
Data
Not present
Le
'00'
b7
b6
b5
b4
b3
b2
b1
Meaning
SFI
P1 is a record number
Length
12
Record Template
2008 MasterCard
Commands
Select
2.6
SW1
SW2
Meaning
'6A'
'82'
'6A'
'83'
'6A'
'86'
Incorrect parameters P1 P2
'90'
'00'
Normal processing
SELECT
2.6.1 Definition and Scope
The SELECT command is used to select the PPSE directory and the PayPass application.
The response from the PayPass card consists of returning the FCI.
Value
CLA
'00'
INS
'A4'
P1
'04'
P2
'00'
Lc
Data
File Name
Le
'00'
The data field of the command message contains the PPSE directory name
("2PAY.SYS.DDF01") or the ADF Name (or AID) of the application in the PayPass card 1.
Depending on the value of the File Name, the SELECT command is referred to as SELECT PPSE or SELECT AID
command.
2008 MasterCard
13
Commands
Select
Select PPSE
Table 2.20 defines the FCI returned by a successful selection of the PPSE directory. The
FCI contains the list of PayPass applications (ADF Names) supported by the card.
Table 2.20SELECT Response Message Data Field (FCI) of the PPSE
Tag
Value
Presence
'6F'
FCI Template
'84'
DF Name
'A5'
'BF0C'
The FCI Issuer Discretionary Data is a constructed data object of which the value field is
comprised of one or more Application Templates (tag '61') as described in Table 2.21.
Table 2.21FCI Issuer Discretionary Data
'BF0C'
Length
Length of
directory
entry 1
'61'
Directory
entry 1
'61'
Length of
directory
entry n
Directory
entry n
Each directory entry is the value field of an Application Template and contains the
information according to Table 2.22 and Table 2.23.
Table 2.22Directory Entry Format
Tag
Value
Presence
'4F'
'87'
'50'
Application Label
b7-b5
b4-b1
RFU
000
No priority assigned
xxxx
14
Definition
2008 MasterCard
Commands
Select
Value
Presence
'6F'
FCI Template
'84'
DF Name (AID)
'A5'
FCI Proprietary Template
'50'
Application Label
'87'
Application Priority Indicator
'5F2D'
Language Preference
'9F38'
PDOL
'9F11'
Issuer Code Table Index
'9F12'
Application Preferred Name
'BF0C'
FCI Issuer Discretionary Data
'XXXX'
1 or more additional data objects from
application provider, Issuer or ICC
supplier
M
M
M2
O
O
O
O
O
O
O
O
SW2
Meaning
'62'
'83'
'67'
'00'
Wrong length
'6A'
'81'
'6A'
'82'
'6A'
'86'
'90'
'00'
Normal processing
The FCI Proprietary Template may be empty. In this case the length must be set to zero.
These specifications do not specify how to block the PPSE or PayPass application. For a dual-interface card
(contact and contactless), this may be done by using the contact interface.
2008 MasterCard
15
Application Activation
Overview
Application Activation
This chapter describes the procedure for identifying and activating the PayPass application
on the card, and other transaction pre-processing.
3.1
Overview
Application activation begins when the terminal enables the PayPass reader to perform a
contactless transaction. Application activation can be divided into the following areas:
3.2
1.
Pre-processing, in which the transaction amount is checked against defined limits for
each supported application
2.
3.
Application selection, in which first the PPSE and then the PayPass application are
selected on the card
Pre-Processing
When the PayPass reader has been enabled by the terminal and the values of the transaction
related data objects listed in 5.4.1.4 are defined, then the following steps are performed.
3.2.1.1
3.2.1.2
The following steps are completed for each AID supported by the PayPass reader.
3.2.1.3
3.2.1.4
3.2.1.5
If the Amount, Authorized is greater than the Terminal Contactless Floor Limit for
that AID, then the Terminal Contactless Floor Limit Exceeded Flag must be set
for that AID.
2008 MasterCard
17
Application Activation
Protocol Activation
3.2.1.6
3.3
If the Amount, Authorized is greater than or equal to the Terminal CVM Required
Limit for that AID, then the Terminal CVM Required Limit Exceeded Flag must be
set for that AID.
Protocol Activation
3.3.1.1
Power up the contactless interface and start the polling and collision detection
mechanisms as defined in [EMVCLPRO].
Provide a visible indication to the cardholder that the reader is active and that
the card can be presented.
Otherwise, the PayPass reader must not proceed with the rest of application
activation. It must instead continue with the Completion function as described in
Section 4.3.15.
3.4
Application Selection
The application selection process is described in detail in the following sections from the
standpoint of both the card and the PayPass reader. The application selection mechanism
minimizes the number of commands between the card and PayPass reader. If no errors are
encountered, only two SELECT commands (see Section 2.6) are necessary. The process is
described in two steps, and is summarized in Figure 3.1.
1. The PayPass reader selects the PPSE and creates a list of applications that are supported
by both the card and the PayPass reader. This list is referred to as the "candidate list"
(see Section 3.4.1).
2.
From the candidate list, the application to be run is chosen and selected on the card (see
Section 3.4.2).
PayPass Card
PayPass Reader
1. SELECT PPSE
2. List of AIDs
3. SELECT AID
4. FCI
18
2008 MasterCard
Application Activation
Application Selection
As an alternative to the application selection method described here, the PayPass reader
may also support a proprietary application selection method that is outside the scope of this
specification. If so, then the proprietary method may be performed either:
3.4.1.2
The PayPass reader must select the PPSE on the card using the SELECT command
as described in Section 2.6. If the card returns status bytes other than '9000', then
the PayPass reader must continue with step 3.4.2.1. Otherwise, the PayPass
reader must continue with step 3.4.1.3.
3.4.1.3
The PayPass reader must retrieve all the directory entries from the FCI Issuer
Discretionary Data (tag 'BF0C') in the FCI returned by the card. Additional tags
returned in the FCI that are not listed in Table 2.20 must be discarded by the
PayPass reader. The PayPass reader must process each directory entry by
comparing the ADF Name in the directory entry with the AIDs supported by the
PayPass reader.
If the directory entry is not coded according to Table 2.22 then the PayPass reader
must ignore the directory entry. If the ADF Name matches the AID of one of the
applications supported by the PayPass reader, then the directory entry is added to
the candidate list.
The ADF Name in the directory entry matches an AID in the PayPass reader if the
ADF Name has the same length and value as the AID, or the ADF Name begins
with the entire AID.
3.4.1.4
The PayPass reader must remove from the candidate list all applications that
require cardholder confirmation (b8 = '1' in the Application Priority Indicator (see
Table 2.23)).
3.4.1.5
The PayPass reader must remove from the candidate list all applications for which
the Terminal Contactless Transaction Limit Exceeded Flag has been set in the preprocessing phase.
3.4.1.6
The PayPass reader must order the candidate list according to the following rules:
Applications that have the same priority are listed in the order in which they
were listed in the PPSE directory entries in the FCI Issuer Discretionary
Data (see Table 2.21).
2008 MasterCard
19
Application Activation
Application Selection
Applications with no priority must come last and in the order in which they
were listed in the PPSE directory entries in the FCI Issuer Discretionary
Data (see Table 2.21).
If the candidate list is empty, the PayPass reader must set the Transaction
Outcome to "End Application" and continue with the Completion function as
specified in Section 4.3.15 in order to terminate the transaction.
Otherwise, the PayPass reader must continue with step 3.4.2.2.
3.4.2.2
The PayPass reader must pick the first application from the candidate list and
select this application with a SELECT command coded according to Section 2.6.2
using the ADF Name found in the directory entry of the application.
If the SELECT command fails (i.e. SW1-SW2 '9000'), then the PayPass reader
must remove the application from the candidate list and resume processing at
step 3.4.2.1.
Having completed application selection, the PayPass reader can begin the main PayPass
M/Chip Transaction Processing, as described in Chapter 4.
20
2008 MasterCard
4.1
Transaction Flow
4.1.1.1
The PayPass reader must execute the transaction flow as described in Figure 4.1
and Figure 4.2, and in the corresponding text below.
Note
The transaction flow described in Figure 4.1 and Figure 4.2 assumes normal
processing without exceptions.
Exception processing is described in Section 4.2.
Symbol 1
FCI and SW1-SW2 Processing
The PayPass reader performs certain checks on the data received in reply to the SELECT
AID command as described in Section 4.3.1.
Symbol 2
GET PROCESSING OPTIONS Command Processing
The PayPass reader initiates the transaction by issuing the GET PROCESSING OPTIONS
command as described in Section 4.3.2. The PayPass card returns the AIP and the AFL.
Symbol 3
M/Chip profile?
The PayPass reader verifies if the "M/Chip profile is supported" bit in the AIP is set. If the
bit is set, the PayPass reader continues by selecting the method of offline data
authentication to be used (see Symbol 7). If the bit is not set, then it continues by reading
from the PayPass card the PayPass Mag Stripe application data (see Symbol 4).
Symbol 4
Read Mag Stripe Application Data
Based on the AFL previously received from the card, the PayPass reader reads the necessary
data using the READ RECORD command as specified in Section 4.3.3.
Symbol 5
Mag Stripe Application Version Number Checking
The PayPass reader verifies the compatibility of its application with the
PayPass Mag Stripe application in the PayPass card as specified in Section 4.3.4.
2008 MasterCard
21
Symbol 6
COMPUTE CRYPTOGRAPHIC CHECKSUM Processing
The PayPass reader continues with the COMPUTE CRYPTOGRAPHIC CHECKSUM command as
specified in Section 4.3.5. The PayPass reader then sets the Transaction Outcome to
"Online Request".
Note
Symbol 7
Offline Data Authentication Method Selection
The PayPass reader selects the offline data authentication method to be used in the
transaction. As described in Section 4.3.6, it compares the functionality available on the
card, as indicated in the AIP, with its own capabilities. The result of this process is a
decision to perform CDA, SDA or not to perform any offline data authentication.
Symbol 8
Read M/Chip Application Data
The PayPass reader reads the necessary data using READ RECORD commands as specified in
Section 4.3.7.
Symbol 9
Processing Restrictions
The PayPass reader performs the Processing Restrictions function as specified in
Section 4.3.8. This includes application version number checking, application usage control
checking and application effective/expiry dates checking.
Symbol 10 Terminal Risk Management
The PayPass reader performs Terminal Risk Management as specified in Section 4.3.9.
Symbol 11 M/Chip CVM Selection
The PayPass reader selects a cardholder verification method as specified in Section 4.3.10.
The result of this function is stored as the Transaction CVM.
Symbol 12 Terminal Action Analysis
The PayPass reader performs Terminal Action Analysis in order to decide whether the
transaction should be approved offline, declined offline, or transmitted online. The PayPass
reader makes this decision based on the content of the TVR, the Issuer Action Codes and
Terminal Action Codes as specified in Section 4.3.11.
Symbol 13 GENERATE AC
The PayPass reader issues a GENERATE AC command, as described in Section 4.3.12,
requesting a TC, ARQC or an AAC based on the results of Terminal Action Analysis.
The PayPass card performs its card risk management when it receives the GENERATE AC
command, and may decide to complete the transaction online (ARQC), offline (TC) or
decline the transaction (AAC).
Note
After the completion of the GENERATE AC response, the PayPass card may be
removed from the PayPass reader.
22
2008 MasterCard
2008 MasterCard
23
24
2008 MasterCard
2008 MasterCard
25
4.2
Exception Processing
This section specifies exceptions to normal processing that cause termination of the normal
transaction flow.
4.2.1 Processing
4.2.1.1
If the PayPass reader encounters an exception during its processing, then it must
set the Transaction Outcome to "End Application" and continue with the
Completion function as specified in Section 4.3.15.
It is the responsibility of the issuer to ensure that data in the PayPass card is of the
correct format. No format checking other than that specifically defined is
mandated for the PayPass reader. However, if during normal processing the
PayPass reader recognizes that data read from the PayPass card is incorrectly
formatted, it must terminate the transaction as defined in requirement 4.2.1.1.
4.2.2.2
Unless explicitly stated in Section 4.3, during a PayPass Mag Stripe transaction
the PayPass reader must not validate the individual data objects returned in the
Track 1 Data and Track 2 Data. Specifically, validation of the values 2 and 6 in
the first digit of the service code present in Track 1 Data or Track 2 Data to
determine if a contact chip transaction is required must not be performed. Any
existing data validation carried out to support individual payment products is
outside the scope of this specification.
However, if in the course of copying the dynamic data into Track 1 Data or
Track 2 Data, the PayPass reader is not able to localize the discretionary data field
due to one or more format errors, the PayPass reader must terminate the
transaction as defined in requirement 4.2.1.1.
4.2.2.3
If, during transaction processing, the PayPass reader encounters more than one
occurrence of a single primitive data object, it must terminate the transaction as
specified in requirement 4.2.1.1.
4.2.2.4
If, during transaction processing, the PayPass reader receives in a response from
the PayPass card a data object that is listed in Table A.1 as having the PayPass
reader as source, it must terminate the transaction as specified in
requirement 4.2.1.1.
26
2008 MasterCard
If, during transaction processing, the PayPass card returns any SW1-SW2 other
than '9000', the PayPass reader must terminate the transaction as according to
requirement 4.2.1.1, unless otherwise specified.
During a PayPass Mag Stripe transaction, if the PayPass reader does not receive
a valid response from the PayPass card to a COMPUTE CRYPTOGRAPHIC
CHECKSUM command (i.e. no response message or an invalid response message),
it must wait 300 ms before terminating the transaction as specified in
requirement 4.2.1.1.
If it is the second consecutive transaction for which no valid response message
from the PayPass card for the COMPUTE CRYPTOGRAPHIC CHECKSUM command
is received, the PayPass reader must wait 2 * 300 ms before terminating the
transaction as specified in requirement 4.2.1.1.
In general, if it is the nth (n = 1, 2, 3, ) consecutive transaction for which no
valid response message from the PayPass card for the COMPUTE CRYPTOGRAPHIC
CHECKSUM command is received, the PayPass reader must wait 2m * 300 ms (m
being the minimum of n-1 and 5) before terminating the transaction as specified in
requirement 4.2.1.1.
2008 MasterCard
27
4.3
4.3.1.1
If the PayPass card returns any SW1-SW2 other than '9000' in response to the
SELECT AID command, then the PayPass reader must terminate the transaction as
specified in requirement 4.2.1.1.
Note
Requirement 4.3.1.1 applies only if the PayPass reader implements the EMV
Entry Point. Otherwise, the status bytes in response to the SELECT AID
command are processed as described previously in requirement 3.4.2.2.
4.3.1.2
The PayPass reader must verify that the FCI is correctly formatted, as specified in
Table 2.24. If this is not the case, then the PayPass reader must terminate
processing as specified in requirement 4.2.1.1.
4.3.1.3
The PayPass reader must extract the PDOL (if present) from the FCI and store it
for later use during the GET PROCESSING OPTIONS Command Processing.
4.3.1.4
The PayPass reader must extract the DF Name (tag '84'), Application Label
(tag '50') (if present), the Language Preference (tag '5F2D') (if present), the Issuer
Code Table Index (tag '9F11') (if present) and the Application Preferred Name
(tag '9F12') (if present) from the FCI, and store them for later use in the
Completion function. Additional tags returned in the FCI that are not listed in
Table 2.24 must be discarded by the PayPass reader.
4.3.1.5
If the Language Preference (tag '5F2D') data object is included in the FCI, then
the PayPass reader must perform language selection as specified in Section 11.1
of [EMV BOOK 4], except for interactive cardholder language selection. If no
match is found and the PayPass reader supports more than one language, it must
automatically select the local language.
The PayPass reader sets all bits in the TVR and CVM Results to 0b.
4.3.2.2
If the Terminal CVM Required Limit Flag is set, then the Terminal Capabilities
must be instantiated with Terminal Capabilities CVM Required. Otherwise the
Terminal Capabilities must be instantiated with Terminal Capabilities No CVM
Required.
28
2008 MasterCard
4.3.2.3
The PayPass reader must format the GET PROCESSING OPTIONS command as
specified in Section 2.4.2.
4.3.2.4
If the PDOL is not present (see requirement 4.3.1.3), the PayPass reader must use
a command data field of '8300'.
4.3.2.5
If the PDOL is present, the PayPass reader must use the PDOL to create a
concatenated list of data objects without tags or lengths following the rules
specified in Section 5.2. The PayPass reader must verify that all of the tags in the
PDOL belong to data objects available to the PayPass reader. If this is not the
case, the PayPass reader must provide a data object with the length specified and a
value of all hexadecimal zeros for all such tags encountered. The PayPass reader
must use the concatenated list as value field of the data object with tag '83'.
4.3.2.6
The PayPass reader must verify that the response message to the GET
PROCESSING OPTIONS command is correctly formatted as specified in
Section 2.4.3. If this is not the case, the PayPass reader must terminate the
transaction as specified in requirement 4.2.1.1.
4.3.2.7
The PayPass reader must retrieve from the response message the AIP (tag '82')
and AFL (tag '94') data objects. If they are not both included, the PayPass reader
must terminate the transaction as specified in requirement 4.2.1.1. If the PayPass
card response contains a constructed data object as described in Table 2.13, any
additional data objects returned in the data field must be discarded by the PayPass
reader.
4.3.2.8
If the PayPass Mag Stripe Indicator for the selected AID indicates that the
PayPass Mag Stripe profile is not supported and the "M/Chip profile is
supported" bit in the AIP is not set, then the PayPass reader must terminate the
transaction as specified in requirement 4.2.1.1.
4.3.2.9
Note
2008 MasterCard
29
If the value of the four most significant bytes of the AFL is different from
'08010100', then the PayPass reader must process each entry in the AFL from left
to right. A READ RECORD command as described in Section 2.5 must be issued
for each record between the starting record number and the ending record number,
inclusively. The PayPass reader must ignore the fourth byte of each entry in the
AFL.
The PayPass reader must then proceed with requirement 4.3.3.3.
4.3.3.2
If the value of the four most significant bytes of the AFL is equal to '08010100',
then the PayPass reader must not interpret the AFL and instead must only issue a
READ RECORD command as described in Section 2.5 for the first record in the file
with SFI 1.
4.3.3.3
The PayPass reader must store all recognized data objects read, whether
mandatory or optional, for later use in the transaction processing. Data objects
that are not recognized by the PayPass reader (that is, their tags are unknown by
the PayPass reader) must be discarded.
4.3.3.4
If any of the mandatory data objects listed in Table 4.1 is not present, the PayPass
reader must terminate the transaction as specified in requirement 4.2.1.1.
Table 4.1Mandatory PayPass Mag Stripe Data Objects
Tag
Value
'9F6B'
Track 2 Data
'9F66'
PUNATCTRACK2
'9F65'
PCVC3TRACK2
'9F67'
NATCTRACK2
4.3.3.5
The PayPass reader must copy the discretionary data field of the Track 1 Data (if
present) into DDCARD,TRACK1. The PayPass reader must copy the discretionary data
field of the Track 2 Data into DDCARD,TRACK2.
4.3.3.6
The PayPass reader must verify that the number of non-zero bits in
PUNATCTRACK2 (kTRACK2) is greater than or equal to the number of digits of the
ATC to be included in the discretionary data field of the Track 2 Data (t TRACK2). If
kTRACK2 < tTRACK2, the PayPass reader must terminate the transaction, as specified
in requirement 4.2.1.1. Otherwise, the PayPass reader must set nUN equal to
kTRACK2 - t TRACK2.
4.3.3.7
The PayPass reader must verify that nUN is less than or equal to 8. If nUN is
greater than 8, the PayPass reader must terminate the transaction as specified in
requirement 4.2.1.1.
30
2008 MasterCard
4.3.3.8
The PayPass reader must verify that the number of non-zero bits in PCVC3TRACK2
is greater than or equal to 3 (i.e. qTRACK2 3). If this is not the case, the PayPass
reader must terminate the transaction as specified in requirement 4.2.1.1.
4.3.3.9
If Track 1 Data is included in the data returned from the card, the PayPass reader
must verify that also PCVC3TRACK1, PUNATCTRACK1 and NATCTRACK1 are returned.
If at least one of these data objects is not available, the PayPass reader must
terminate the transaction as specified in requirement 4.2.1.1.
4.3.3.10 If Track 1 Data is available, the PayPass reader must verify that the number of
non-zero bits in PUNATCTRACK1 (kTRACK1) is greater than or equal to the number of
digits of the ATC to be included in the discretionary data field of Track 1 Data
(tTRACK1). If kTRACK1 < t TRACK1, the PayPass reader must terminate the transaction
as specified in requirement 4.2.1.1.
4.3.3.11 If Track 1 Data is available, the PayPass reader must verify that kTRACK1 - tTRACK1
is equal to nUN. If this is not the case, the PayPass reader must terminate the
transaction as specified in requirement 4.2.1.1.
4.3.3.12 If Track 1 Data is available, the PayPass reader must verify that the number of
non-zero bits in PCVC3TRACK1 is greater than or equal to 3 (i.e. qTRACK1 3). If this
is not the case, the PayPass reader must terminate the transaction as specified in
requirement 4.2.1.1.
4.3.3.13 The PayPass reader must retrieve from the Track 2 Data the PAN and Expiry
Date. If Track 1 Data is returned from the card, the PayPass reader must verify
that the PAN and Expiry Date included in the Track 1 Data are the same as the
PAN and Expiry Date included in the Track 2 Data. If this is not the case, the
PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.
If the Mag Stripe Application Version Number (Card) is not present in the card, or
if the PayPass reader does not recognize or support the application version of the
card, the PayPass reader must use its latest version to perform the transaction.
Otherwise, PayPass reader must use the appropriate code and/or commands to
perform the transaction with the card.
2008 MasterCard
31
4.3.5.2
4.3.5.3
If the UDOL is returned by the PayPass card during the Read Mag Stripe
Application Data processing, the PayPass reader must create a concatenated list of
data objects without tags or lengths following the rules specified in Section 5.2.
4.3.5.4
If the UDOL is not returned by the PayPass card during the Read Mag Stripe
Application Data processing, the PayPass reader must use the Default UDOL to
construct the data field of the command message. Refer to Section 5.4 for the
definition of the Default UDOL.
4.3.5.5
The PayPass reader must verify that the response message of the COMPUTE
CRYPTOGRAPHIC CHECKSUM command is correctly formatted as specified in
Section 2.2.3. If it is not correctly formatted, the PayPass reader must terminate
the transaction as indicated in requirement 4.2.4.1.
4.3.5.6
The PayPass reader must retrieve the CVC3TRACK2 (tag '9F61') and the ATC
(tag '9F36') from the Response Message Template (tag '77'). If one of these data
objects is not available, the PayPass reader must terminate the transaction as
indicated in requirement 4.2.4.1.
4.3.5.7
The PayPass reader must convert the binary encoded CVC3TRACK2 to the BCD
encoding of the corresponding number expressed in base 10. The PayPass reader
must copy the qTRACK2 least significant digits of the BCD encoded CVC3TRACK2 in
the eligible positions of the discretionary data field of Track 2 Data. The eligible
positions are indicated by the qTRACK2 non-zero bits in PCVC3TRACK2.
4.3.5.8
The PayPass reader must replace the nUN least significant eligible positions of the
discretionary data field of Track 2 Data by the nUN least significant digits of UN
(Numeric). The eligible positions in the discretionary data field are indicated by
the nUN least significant non-zero bits in PUNATCTRACK2.
4.3.5.9
If tTRACK2 0, the PayPass reader must convert the ATC to the BCD encoding of
the corresponding number expressed in base 10. The PayPass reader must replace
the tTRACK2 most significant eligible positions of the discretionary data field of
Track 2 Data by the tTRACK2 least significant digits of the BCD encoded ATC. The
eligible positions in the discretionary data field are indicated by the tTRACK2 most
significant non-zero bits in PUNATCTRACK2.
4.3.5.10 The PayPass reader must copy nUN into the least significant digit of the
discretionary data field of the Track 2 Data.
32
2008 MasterCard
4.3.5.11 If Track 1 Data is available, the PayPass reader must retrieve the CVC3TRACK1
from the Response Message Template (tag '77'). If the Track 1 Data is available
and the CVC3TRACK1 is not available, the PayPass reader must terminate the
transaction as indicated in requirement 4.2.4.1.
4.3.5.12 Data objects returned in the Response Message Template (tag '77') with tags other
than '9F60', '9F61' and '9F60' must be discarded by the PayPass reader.
4.3.5.13 If Track 1 Data is available, the PayPass reader must convert the binary encoded
CVC3TRACK1 to the BCD encoding of the corresponding number expressed in
base 10. The PayPass reader must convert the qTRACK1 least significant digits of
the BCD encoded CVC3TRACK1 into the ASCII format and copy the qTRACK1 ASCII
encoded CVC3TRACK1 characters into the eligible positions of the discretionary data
field of the Track 1 Data. The eligible positions are indicated by the qTRACK1 nonzero bits in PCVC3TRACK1.
4.3.5.14 If Track 1 Data is available, the PayPass reader must convert the BCD encoded
UN (Numeric) into the ASCII format and replace the nUN least significant eligible
positions of the discretionary data field of the Track 1 Data by the nUN least
significant characters of the ASCII encoded UN (Numeric). The eligible positions
in the discretionary data field are indicated by the nUN least significant non-zero
bits in PUNATCTRACK1.
4.3.5.15 If Track 1 Data is available and tTRACK1 0, the PayPass reader must convert the
ATC to the BCD encoding of the corresponding number expressed in base 10.
The PayPass reader must convert the tTRACK1 least significant digits of the ATC
into the ASCII format. The PayPass reader must replace the tTRACK1 most
significant eligible positions of the discretionary data field of the Track 1 Data by
the tTRACK1 ASCII encoded ATC characters. The eligible positions in the
discretionary data field are indicated by the tTRACK1 most significant non-zero bits
in PUNATCTRACK1.
4.3.5.16 If Track 1 Data is available, the PayPass reader must convert nUN into the ASCII
format and copy the ASCII encoded nUN character into the least significant
position of the discretionary data field of the Track 1 Data.
4.3.5.17 The PayPass reader must execute the requirements 4.3.5.7, 4.3.5.8, 4.3.5.9 and
4.3.5.10 and the requirements 4.3.5.13, 4.3.5.14, 4.3.5.15 and 4.3.5.16 in the order
as specified above.
2008 MasterCard
33
If the AIP indicates that the PayPass card supports CDA (AIP[1][1] = 1b) and the
Terminal Capabilities indicate that the PayPass reader supports CDA (Terminal
Capabilities[3][4] = 1b), the PayPass reader must select CDA as the ODA to be
performed. Offline Data Authentication Method Selection is complete.
Otherwise, the PayPass reader must continue with requirement 4.3.6.2.
4.3.6.2
If the AIP indicates that the PayPass card supports SDA (AIP[1][7] = 1b) and the
Terminal Capabilities of the PayPass reader indicate support for SDA (Terminal
Capabilities[3][8] = 1b), the PayPass reader must select SDA as the ODA to be
performed. Offline Data Authentication Method Selection is complete.
Otherwise, the PayPass reader must continue with requirement 4.3.6.3.
4.3.6.3
If neither SDA nor CDA is selected as the ODA to be performed, the PayPass
reader must set the Offline Data Authentication Was Not Performed bit in the
TVR to 1b.
If the AFL returned by the PayPass card is not one of the pre-defined values
described in Table 4.2, the PayPass reader must process each entry in the AFL
from left to right. A READ RECORD command as described in Section 2.5 must be
issued for each record between the starting record number and the ending record
number, inclusively.
The PayPass reader must then proceed with requirement 4.3.7.6.
If the AFL returned by the PayPass card is one of the pre-defined values described
in Table 4.2, the PayPass reader must proceed with requirement 4.3.7.2.
Table 4.2Pre-defined AFL Values
ODA supported
AFL Value
SDA
CDA
4.3.7.2
The PayPass reader must always read record 1 included in the file with SFI 2.
4.3.7.3
34
2008 MasterCard
4.3.7.4
4.3.7.5
4.3.7.6
The PayPass reader must store all recognized data objects read, whether
mandatory or optional, for later use in the transaction processing. Data objects
that are not recognized by the PayPass reader (that is, their tags are unknown by
the PayPass reader) must not be stored separately, but records containing such
data objects may still participate in their entirety in offline data authentication,
depending upon the coding of the AFL.
4.3.7.7
All mandatory data objects must be present in the card. If any mandatory data
object is not present, the PayPass reader must terminate the transaction as
specified in requirement 4.2.1.1. The mandatory data objects are listed in
Table 4.3.
Table 4.3Mandatory PayPass M/Chip Data Objects
4.3.7.8
Tag
Value
'5F24'
'5A'
PAN
'8C'
CDOL1
'9F4A'
Proprietary data files (i.e. files with SFI outside the range 1 to 10) may or may not
conform to this specification (refer to Table 2.17). Records in proprietary files
may be represented in the AFL and may participate in offline data authentication if
they are readable without conditions by the READ RECORD command coded
according to Section 2.5.2.
If the Terminal Contactless Floor Limit Exceeded Flag has been set during the
pre-processing phase, then the "Transaction Exceeds Floor Limit" bit of the TVR
must be set to 1b.
The PayPass reader may support an exception file as specified in Section 6.3.5 of
[EMV BOOK 4].
2008 MasterCard
35
Note
The M/Chip CVM Selection function involves only the selection of the CVM
to be performed. Cardholder verification is not performed until after the
Completion function, and the PayPass reader has returned control to the
terminal.
The conditions expressed by the CVM Condition Code (second byte of the
CVR) are not satisfied.
Data required by the conditions expressed by the CVM Condition Code is not
present.
The CVM Condition Code is outside the range of codes understood by the
PayPass reader (refer to requirement 4.3.10.6).
If there are no more CVRs in the list, then the PayPass reader must set the
Transaction CVM to "No CVM" and set the "Cardholder verification was not
successful" bit in the TVR. In the CVM Results, the PayPass reader must set
byte 1 to "No CVM" and byte 3 to "failed". M/Chip CVM Selection is complete.
36
2008 MasterCard
4.3.10.5 If the conditions expressed by the CVM Condition Code are satisfied, then the
PayPass reader must proceed according to the following steps:
1. If the CVM Code (first byte of the CVR) is recognized (refer to requirement
4.3.10.7), then the PayPass reader must proceed with step 2.
If the CVM Code is not recognized, then the PayPass reader must set the
'Unrecognized CVM' bit in the TVR and proceed with step 3.
2. If the CVM Code is supported (refer to requirement 4.3.10.8) and is not "Fail
CVM", then the PayPass reader must proceed as follows:
The PayPass reader must set the Transaction CVM as indicated by the
CVM Code.
In the CVM Results, the PayPass reader must copy the CVR to bytes 1
and 2, and must set byte 3 to "unknown".
If the CVM Code is "Enciphered PIN verified online", then the PayPass
reader must set the "Online PIN entered" bit in the TVR.
If the CVM Code is "Fail CVM" or if the CVM Code is not supported, then
the PayPass reader must proceed with step 3.
3. The PayPass reader must examine b7 of the CVM Code.
If b7 is set to 1b, processing continues with the next CVR, if present.
If b7 is set to 0b, or if there are no more CVRs in the list, then the PayPass
reader must set the Transaction CVM to "No CVM" and set the "Cardholder
verification was not successful" bit in the TVR.
The PayPass reader must set byte 3 of the CVM Results to "failed".
If the CVM Code is "Fail CVM", then the PayPass reader must copy the CVR
to bytes 1 and 2 of the CVM Results.
If the CVM Code is not "Fail CVM", then the PayPass reader must set byte 1
of the CVM Results to "No CVM".
M/Chip CVM Selection is complete.
4.3.10.6 The PayPass reader must understand the CVM Condition Codes defined in
Annex C.3 of [EMV BOOK 3]. The PayPass reader may also understand
proprietary CVM Condition Codes not defined in Annex C.3 of [EMV BOOK 3].
4.3.10.7 The PayPass reader must recognize the CVM Codes defined in Annex C.3 of
[EMV BOOK 3]. The PayPass reader may also recognize proprietary CVM
Codes not defined in Annex C.3 of [EMV BOOK 3].
4.3.10.8 The PayPass reader must verify support of a CVM Code as follows:
For CVM Codes defined in Annex C.3 of [EMV BOOK 3], support must be
indicated in the Terminal Capabilities.
For CVM Codes not defined in Annex C.3 of [EMV BOOK 3], support may
be known implicitly.
2008 MasterCard
37
38
2008 MasterCard
4.3.12.9 If CDA was requested in the GENERATE AC command and the PayPass card did
not generate an AAC, the PayPass reader must verify that the SDAD (tag '9F4B')
is included in the Response Message Template (tag '77'). If the SDAD tag is not
included, the PayPass reader must terminate the transaction as specified in
requirement 4.2.1.1. Additional data objects returned in the data field that are not
listed in Table 2.9 must be used by the PayPass reader during the verification of
the SDAD.
Value
'8F'
'90'
'92'
'9F32'
9F46'
'9F47'
'9F48'
4.3.13.2 The PayPass reader must retrieve the Certification Authority Public Key, the
Issuer Public Key and the ICC Public Key as described in Sections 6.2, 6.3 and
6.4 of [EMV BOOK 2] from the PayPass card data that was read in a previous step
(see Section 4.3.7).
4.3.13.3 If the ICC Public Key is not retrieved successfully, then the PayPass reader must
terminate the transaction as specified in requirement 4.2.1.1.
4.3.13.4 Using the retrieved ICC Public Key in conjunction with the corresponding
algorithm, the PayPass reader must verify the SDAD and recover the AC as
described in Section 6.6.2 of [EMV BOOK 2].
4.3.13.5 If the SDAD is not successfully verified, then CDA has failed. The PayPass
reader must terminate the transaction as specified in requirement 4.2.1.1.
The Issuer Public Key Remainder or the ICC Public Key Remainder could be absent when the public key
modulus can be recovered in its entirety from the public key certificate.
2008 MasterCard
39
Value
'8F'
'90'
'92'
'9F32'
'93'
4.3.14.2 The PayPass reader must perform SDA by retrieving the Certification Authority
Public Key and Issuer Public Key and then verifying the SSAD as described in
Section 5 of [EMV BOOK 2].
4.3.14.3 If SDA is not successful, the PayPass reader must terminate the transaction as
specified in requirement 4.2.1.1.
4.3.15 Completion
With the Completion function, the PayPass reader prepares the data objects to be returned
to the terminal. The PayPass reader ends the Completion processing as described in
Section 9.5 ("Removal") of [EMVCLPRO], and hands over control to the terminal.
4.3.15.1 The PayPass reader must indicate to the terminal the outcome of its transaction
processing by means of the Transaction Outcome.
4.3.15.2 If a PayPass M/Chip transaction is performed, then the PayPass reader must
indicate to the terminal the outcome of the M/Chip CVM Selection function by
means of the Transaction CVM.
The Issuer Public Key Remainder could be absent when the public key modulus can be recovered in its
entirety from the public key certificate.
40
2008 MasterCard
Tag
Data Object
Presence
'57'
'9F6E'
'84'
DF Name
'50'
Application Label
'9F12'
'9F11'
'9F26'
AC
'9F27'
CID
'9F10'
IAD
'9F36'
ATC
M
6
'95'
TVR
'9F37'
UN
'5F2A'
'9C'
Transaction Type
'9A'
Transaction Date
'9F02'
Transaction Amount
'9F1A'
'9F34'
CVM Results
'82'
AIP
The TVR as sent to the PayPass card by the PayPass reader in the GENERATE AC command.
2008 MasterCard
41
Tag
Data Object
Presence
'9F6B'
Track 2 Data
'56'
Track 1 Data
C
7
DDCARD,TRACK1
DDCARD,TRACK27
C
M
'9F6E'
'84'
DF Name
'50'
Application Label
'9F12'
'9F11'
The format of the Data Record is implementation dependent. If the PayPass reader uses the TLV format, then
implementation specific values may be used for the tags of DDCARD,TRACK1 and DDCARD,TRACK2.
42
2008 MasterCard
5.1
5.2
5.1.1.1
When moving data from one entity to another (for example card to PayPass
reader) or when concatenating data, the data must always be passed in decreasing
order, regardless of how it is stored internally. The leftmost byte (byte 1) is the
most significant byte.
5.1.1.2
Bytes or bits specified as Reserved for Future Use (RFU) must be set to the value
indicated, or to zero if no value is given.
5.1.1.3
An entity receiving data specified as RFU must not examine or depend upon the
coding of these bytes or bits.
DOL Handling
To minimize processing in the card, the data field of the command messages is not TLV
encoded. The application in the card indicates the requested data, including format and
length, by sending a DOL to the PayPass reader. DOLs used in this specification include:
5.2.1.1
DOL Handling must be performed according to the rules specified in Section 5.4
of [EMV BOOK 3].
2008 MasterCard
43
5.3
pm-1
pm-2
pm-3
p5
p4
p3
p2
p1
Each bit in the bitmap refers to a position in the discretionary data. The least significant bit
of the bitmap, i.e. the rightmost bit b1, corresponds to position p1; as indicated in Figure 5.2.
Figure 5.2Relation between Discretionary Data and Bitmap
Discretionary Data
br
br-1
br-2
bm+1
pm
p5
p4
p3
p2
p1
bm
b5
b4
b3
b2
b1
Bitmap
The bitmap is composed of a number of bytes, and therefore the number of bits in the
bitmap is always a multiple of 8. To accommodate all the positions in a field, the number of
bytes in the bitmap will normally contain more bits than the number of positions. If the
number of bits in the bitmap is denoted by q, then
q = (r+1)*8
where r is the integer quotient of (m-1)/8
For Track 2 Data mTRACK2 is a maximum of 13 digits, resulting in a bitmap of 16 bits or 2
bytes. For Track 1 Data the maximum value of mTRACK1 is 48 resulting in a bitmap of length
6 bytes or 48 bits.
An example is given in Figure 5.3, for mTRACK2=13, tTRACK2=2 and PUNATCTRACK2 = '031A',
referring to position p10p9p5p4p2. Based on this, kTRACK2 equals 5 and nUN equals 3.
Figure 5.3Example PUNATCTRACK2 = '031A'
Discretionary Data
p8
p7
p6
p5
p4
p3
p2
p1
b9
b8
b7
b6
b5
b4
b3
b2
b1
b16
b15
b14
'0'
'1'
'A'
Bitmap = '031A'
44
2008 MasterCard
5.4
5.4.1.2
5.4.1.3
The following data objects must be unique to the PayPass reader and must be
configured independently of the AID.
Separate instances of the following data objects must be configured for each AID
supported by the PayPass reader.
Default UDOL (if PayPass Mag Stripe transactions supported for that AID)
Terminal Type
If the PayPass reader supports offline data authentication, it must be able to store
six CA Public Keys per RID and must associate with each such key the following
key-related information to be used with the key.
The PayPass reader must be able to locate any such key (and key-related
information) given the RID and Certification Authority Public Key Index provided
by the ICC.
5.4.1.4
The PayPass reader must support the following transaction related data objects of
which the value must be available before application activation.
2008 MasterCard
45
5.4.1.5
5.4.1.6
5.4.1.7
Transaction Date
Transaction Time
Transaction Type
Separate instances of the following flags must be must be available for each AID.
Their values are set during application activation.
The PayPass reader must support the following transaction related data objects of
which the value is set during application activation and transaction processing.
Terminal Capabilities
Transaction CVM
Transaction Outcome
Unpredictable Number
Unless otherwise indicated (by the labels MSDA and MCDA), all card data objects
included in Table A.1 (i.e. data objects listed with source "Card") must be
supported by the PayPass reader. The PayPass reader must recognize the tag and
must be able to store the value of the data object if it is returned by the card.
Data objects with the label MSDA in the support column must be supported if the
PayPass reader supports SDA.
Data objects with the flag MCDA in the support column must be supported if the
PayPass reader supports CDA.
May be generated before application activation if the EMV Entry Point is used.
46
2008 MasterCard
2008 MasterCard
47
Source
Tag
Format,
Length (bytes)
Support
Additional Terminal
Capabilities
Indicates the data input and output capabilities of the terminal and PayPass
reader.
The Additional Terminal Capabilities is coded according to Annex A.3 of
[EMV BOOK 4].
Reader
'81'
b,
Amount, Authorized
(Binary)
Reader
Amount, Authorized
(Numeric)
Reader
Amount, Other
(Binary)
Reader
Amount, Other
(Numeric)
Reader
Application
Cryptogram
Card
'81'
48
b,
'9F02'
n 12,
'9F04'
b,
'9F03'
n 12,
'9F26'
b,
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Application Currency Indicates the currency in which the account is managed in accordance with
Code
[ISO 4217].
Card
'9F42'
n 3,
Application Currency Indicates the implied position of the decimal point from the right of the
Exponent
amount represented in accordance with [ISO 4217].
The decimal point location of amounts expressed in the currency code
specified in the Application Currency Code.
Card
Card
Application
Expiration Date
Card
2008 MasterCard
2
'9F44'
n 1,
'5F25'
n 6 (YYMMDD),
'5F24'
n 6 (YYMMDD),
49
Source
Tag
Format,
Length (bytes)
Support
Application File
Locator (AFL)
Card
'94'
var.,
The fourth byte indicates the number of records involved in offline data
authentication starting with the record number coded in the second byte.
The fourth byte may range from zero to the value of the third byte less the
value of the second byte plus 1.
50
var. up to 252
Card
'4F'
b,
Reader
'9F06'
5-16
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Application
Interchange Profile
Card
'82'
b,
Application Label
b7
b6
b5
b4
b3
b2
b1
Meaning
PayPass profile
RFU
Card
'50'
ans,
1-16
Application
Preferred Name
Preferred name associated with the AID (e.g. a domestic debit brand name).
Application Primary
Account Number
(PAN)
Application Primary
Account Number
(PAN) Sequence
Number
Application Priority
Indicator
Card
'9F12'
ans,
1-16
Card
'5A'
cn var. up to 19,
var. up to 10
Card
'5F34'
n 2,
2008 MasterCard
Card
'87'
b,
51
Source
Tag
Format,
Length (bytes)
Support
Application Template Contains one or more data objects relevant to an application directory entry, in
according with [ISO/IEC 7816-5].
Card
'61'
b,
Application
Counter maintained by the application in the card (incrementing the ATC is
Transaction Counter managed by the card).
(ATC)
Card
Application Usage
Control
Card
Application Version
Number
Card
var. up to 252
'9F36'
b,
2
'9F07'
b,
'9F08'
b,
2
Reader
'9F09'
b,
2
Card Risk
Management Data
Object List 1
(CDOL1)
A data object in the card that provides the reader with a list of data objects that
must be passed to the card in the first GENERATE AC command.
Card
Cardholder
Verification Method
(CVM) List
Card
Cardholder
Verification Method
(CVM) Results
Reader
52
b,
var. up to 252
'8E'
b,
var. up to 252
Certification
A check value calculated on the concatenation of all parts of the Certification
Authority Public Key Authority Public Key (RID, Certification Authority Public Key Index,
Check Sum
Certification Authority Public Key Modulus, Certification Authority Public
Key Exponent) using SHA-1.
'8C'
'9F34'
b,
3
Reader
b,
MSDA,CDA
20
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Certification
Value of the exponent part of the Certification Authority Public Key.
Authority Public Key
Exponent
Reader
b,
MSDA,CDA
Certification
Identifies the certification authority's public key in conjunction with the RID.
Authority Public Key
Index
Card
'8F'
Reader
'9F22'
1 or 3
MSDA,CDA
b,
1
MSDA,CDA
b,
1
Certification
Value of the modulus part of the Certification Authority Public Key.
Authority Public Key
Modulus
Reader
Command Template
Reader
MSDA,CDA
b,
NCA (up to 248)
'83'
b,
var.
Cryptogram
Information Data
Card
CVC3TRACK1
Card
Card
Data Authentication
Code (DAC)
Card
DDCARD,TRACK1
Reader
CVC3TRACK2
2008 MasterCard
'9F27'
b,
1
'9F60'
b,
2
'9F61'
b,
2
'9F45'
MSDA
b,
2
ans,
var. up to 56
53
Source
Tag
Format,
Length (bytes)
Support
Reader
ans,
Card
Default UDOL
The Default UDOL is the UDOL to be used for constructing the value field of
the COMPUTE CRYPTOGRAPHIC CHECKSUM command if the UDOL in the card
is not present. The Default UDOL must always be present and must contain
as its only entry the tag and length of the UN (Numeric).
DDCARD,TRACK2
var. up to 8 bytes
'84'
b,
5-16
Reader
b,
Card
var.
var. up to 222
File Control
Identifies the data object proprietary to this specification in the FCI template,
Information (FCI)
in accordance with [ISO/IEC 7816-4].
Proprietary Template
Card
File Control
Information (FCI)
Template
Card
'A5'
var.,
var.
'6F'
var.,
var. up to 252
Integrated Circuit
Time-variant number generated by the card, to be captured by the reader.
Card (ICC) Dynamic
Number
Card
Integrated Circuit
Card (ICC) Public
Key Certificate
Card
Integrated Circuit
Card (ICC) Public
Key Exponent
Exponent used for the verification of the Signed Dynamic Application Data.
'9F4C'
b,
MCDA
8
'9F46'
b,
MCDA
NI
54
'BF0C'
Card
'9F47'
b,
MCDA
1 or 3
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Integrated Circuit
Card (ICC) Public
Key Remainder
Card
'9F48'
b,
MCDA
NIC-NI + 42
Interface Device
Unique and permanent serial number assigned to the IFD by the manufacturer.
(IFD) Serial Number
Reader
Issuer Action Code Specifies the issuer's conditions that cause a transaction to be rejected if it
Default
might have been approved online, but the terminal was unable to process the
transaction online.
Card
Issuer Action Code Specifies the issuer's conditions that cause the denial of a transaction without
Denial
attempt to go online.
Card
Issuer Action Code Specifies the issuer's conditions that cause a transaction to be transmitted
Online
online.
Card
Issuer Application
Data
Card
Indicates the code table, in accordance with [ISO 8859], for displaying the
Application Preferred Name.
The Issuer Code Table Index is coded as specified in Annex C.4 of [EMV
BOOK 3].
Card
Issuer Country Code Indicates the country of the issuer, in accordance with [ISO 3166-1].
'9F1E'
an,
8
'9F0D'
b,
5
'9F0E'
b,
5
'9F0F'
b,
5
'9F10'
b,
var. up to 32
'9F11'
n 2,
Card
'5F28'
n 3,
2
Issuer Public Key
Certificate
Exponent used for the verification of the Signed Static Application Data.
Card
'90'
MSDA,CDA
b,
NCA
Card
'9F32'
MSDA,CDA
b,
1 or 3
2008 MasterCard
Card
'92'
MSDA,CDA
b,
NI - NCA + 36
55
Source
Tag
Format,
Length (bytes)
Support
Language Preference 1-4 languages stored in order of preference, each represented by two
alphabetical characters, in accordance with [ISO 639].
Card
'5F2D'
an,
Mag Stripe
Application Version
Number
Card
2-8
Version number assigned by the payment system for the specific PayPass
Mag Stripe functionality of the application.
'9F6C'
b,
2
Reader
'9F6D'
2
Merchant Category
Code
Reader
PayPass Mag
Stripe Indicator
Indicates for each AID whether the PayPass Mag Stripe profile is supported
or not by the PayPass reader. Its value is implementation specific.
Reader
Implementation
specific
Card
'9F6E'
b,
PayPass Third Party The PayPass Third Party Data contains proprietary information from a third
Data
party. If present, the PayPass Third Party Data must be present in a file read
using the READ RECORD command.
The value field of the PayPass Third Party Data is not interpreted by the
PayPass reader.
The value field must be coded with the following sub-fields, in the order
shown:
Sub-field
Format
n 3, 2 bytes
b, 2 bytes
Proprietary data
b, 1 to 28 bytes
5-32
Contains a list of resident data objects (tags and lengths) resident in the reader
that are needed by the card in processing the GET PROCESSING OPTIONS
command.
Card
Response Message
Template Format 1
Contains the data objects (without tags and lengths) returned by the card in
response to a command.
Card
56
n 4,
2
Processing Options
Data Object List
(PDOL)
'9F15'
'9F38'
b,
var.
'80'
var.,
var.
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Response Message
Template Format 2
Contains the data objects (with tags and lengths) returned by the card in
response to a command.
Card
'77'
var.
Service Code
Card
var.
'5F30'
n 3,
2
Signed Dynamic
Application Data
Signed Static
Application Data
Static Data
Authentication Tag
List
List of tags of primitive data objects defined in this specification for which the
value fields must be included in the Signed Static or Dynamic Application
Data.
Card
Terminal Action
Code Default
Reader
Terminal Action
Code Denial
Reader
Terminal Action
Code Online
Reader
Terminal
Capabilities
Indicates the card data input, CVM, and security capabilities of the terminal
and PayPass reader. This data element is instantiated with values depending
on the transaction amount.
Reader
Card
'9F4B'
MCDA
b,
NIC
Card
'93'
MSDA
b,
NI
'9F4A'
var.
-
b,
5
-
b,
5
-
b,
5
'9F33'
b,
Indicates the card data input, CVM, and security capabilities of the terminal
and PayPass reader when the transaction amount is greater than or equal to
the Terminal CVM Required Limit.
The Terminal Capabilities CVM Required is coded according to Annex A.2
of [EMV BOOK 4].
2008 MasterCard
Reader
b,
57
Source
Tag
Format,
Length (bytes)
Support
Terminal
Capabilities No
CVM Required
Reader
b,
Indicates the card data input, CVM, and security capabilities of the terminal
and PayPass reader when the transaction amount is below the Terminal CVM
Required Limit.
The Terminal Capabilities No CVM Required is coded according to
Annex A.2 of [EMV BOOK 4].
Terminal Contactless Indicates the transaction amount limit for the related AID above which
Floor Limit
PayPass transactions must be authorized online.
Reader
Terminal Contactless Indicates the transaction amount limit for the related AID above which the
Transaction Limit
selection of the AID on the card is not allowed.
Reader
Terminal CVM
Required Limit
Reader
n 12,
Specifies the transaction amount limit for the related AID at or below which
the reader must set "No CVM" to be its only supported verification method.
n 12,
6
-
n 12,
Terminal Contactless Indicates for the related AID if the Terminal Contactless Floor Limit is
Floor Limit Exceeded exceeded.
Flag
Reader
Implementation
specific
Terminal Contactless Indicates for the related AID if the Terminal Contactless Transaction Limit is
Transaction Limit
exceeded.
Exceeded Flag
Reader
Implementation
specific
Terminal CVM
Required Limit
Exceeded Flag
Indicates for the related AID if the Terminal CVM Required Limit is exceeded.
Reader
Implementation
specific
Terminal Country
Code
Reader
'9F1A'
n 3,
Terminal Type
Reader
Terminal Verification Status of the different functions from the terminal perspective.
Results
The Terminal Verification Results is coded according to Annex C.5 of [EMV
BOOK 3].
Reader
58
2
'9F35'
n 2,
1
'95'
b,
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Card
'9F62'
b,
Card
Track 1 Data
Card
Sub-field
Format
1 byte
var. up to 19 bytes
1 byte
2 to 26 bytes
1 byte
4 bytes
Service Code
3 bytes
Discretionary Data
6
'9F63'
b,
6
'56'
ans,
var. up to 76
The Track 1 Data may be present in the file read using the READ RECORD
command during a PayPass Mag Stripe transaction. The PayPass reader
copies the required digits of the UN (Numeric), CVC3TRACK1, ATC and nUN into
the discretionary data field of the Track 1 Data and stores the modified Track
1 Data in the Data Record to be sent to the terminal.
Track 1
Discretionary Data
2008 MasterCard
Card
'9F1F'
ans,
var.
59
Source
Tag
Format,
Length (bytes)
Support
Track 1 Number of
ATC Digits
(NATCTRACK1)
Card
'9F64'
b,
Card
Card
Track 2 Data
Card
1
'9F65'
b,
2
'9F66'
b,
2
'9F6B'
b,
var. up to 19
Sub-field
Format
n, var. up to 19 digits
n 4
Service Code
n 3
Discretionary Data
The Track 2 Data is present in the file read using the READ RECORD command
during a PayPass Mag Stripe transaction. The PayPass reader copies the
required digits of the UN (Numeric), CVC3TRACK2, ATC and nUN into the
discretionary data field of the Track 2 Data and stores the modified Track 2
Data in the Data Record to be sent to the terminal.
Track 2
Discretionary Data
60
Card
'9F20'
cn var.,
var.
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Track 2 Equivalent
Data
Card
'57'
b,
Contains the data objects of the track 2, in accordance with [ISO/IEC 7813],
excluding start sentinel, end sentinel, and LRC as follows:
Sub-field
Format
n, var. up to 19 digits
n, 4
Service Code
n, 3
Discretionary Data
n, var.
var. up to 19
Track 2 Number of
ATC Digits
(NATCTRACK2)
Card
Transaction
Category Code
Reader
Transaction
Currency Code
Indicates the currency code of the transaction, in accordance with [ISO 4217].
Reader
Transaction
Currency Exponent
Indicates the implied position of the decimal point from the right of the
transaction amount represented, in accordance with [ISO 4217].
Reader
Transaction CVM
Data object used to indicate to the terminal the outcome of the CVM Selection
function. Possible values are:
No CVM
Signature
Online PIN
The coding of the value is implementation specific.
Reader
'9F67'
b,
1
'9F53'
an,
1
'5F2A'
n 3,
2008 MasterCard
'5F36'
n 1,
1
-
Implementation
specific
61
Source
Tag
Format,
Length (bytes)
Support
Transaction Date
Reader
'9A'
n 6 (YYMMDD),
3
Transaction Outcome Data object used to indicate to the terminal the outcome of the transaction
processing. Possible values are:
Reader
Implementation
specific
Reader
'9F21'
n 6 (HHMMSS),
Approved
3
Transaction Type
Unpredictable
Number
Indicates the type of financial transaction, represented by the first two digits of
[ISO 8583:1987] Processing Code.
Reader
Reader
62
'9C'
n 2,
1
'9F37'
b,
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Unpredictable
The UDOL is the DOL that specifies the data objects to be included in the data
Number Data Object field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command. The UDOL
must at least include the UN (Numeric). The UDOL is not mandatory for the
List (UDOL)
card. There will always be a Default UDOL, including as its only entry the
tag and length of the UN (Numeric) (tag '9F6A').
Card
'9F69'
b,
Unpredictable
Number (Numeric)
Reader
var.
'9F6A'
n,
Legend:
MSDA
MCDA
2008 MasterCard
63
64
2008 MasterCard