PayPass MChip Reader Card Application Interface Specification V2 0

PayPass M/Chip
Reader Card Application Interface

Specification
Version 2.0 September 2008
Proprietary Rights
The information contained in this document is proprietary and

confidential to MasterCard International Incorporated, one or more of
its affiliated entities (collectively "MasterCard"), or both.
This material may not be duplicated, published, or disclosed, in whole
or in part, without the prior written permission of MasterCard.
Trademarks
Trademark notices and symbols used in this manual reflect the

registration status of MasterCard trademarks in the United States.
Please consult with the Customer Operations Services team or the
MasterCard Law Department for the registration status of particular
product, program, or service names outside the United States.
All third-party product and service names are trademarks or registered
trademarks of their respective owners.
Media
This document is available in both electronic and printed format.
Address
MasterCard Worldwide
2200 MasterCard Boulevard
O'Fallon MO 63368-7263
USA
www.mastercard.com
ii
2008 MasterCard
PayPass M/Chip Reader Card Application Interface Specification
Table of Contents
Table of Contents
Using this Manual ............................................................................... vii
Purpose ..................................................................................................................... vii
Scope ........................................................................................................................ vii
Audience................................................................................................................... vii
Related Documentation ........................................................................................... viii
Reference Materials................................................................................................... ix
Abbreviations ..............................................................................................................x
Notational Conventions ............................................................................................ xii
Transition Flow Diagrams ....................................................................................... xiii
Document Word Usage ........................................................................................... xiii
Requirement Numbering ......................................................................................... xiv
Guidance on Terminology ....................................................................................... xiv
Document Overview..................................................................................................xv
Introduction ................................................................................ 1
1.1
1.2
1.3
1.4
MasterCard Proximity Payment.........................................................................1

M/Chip Profile and Mag Stripe Profile..............................................................1
Architecture........................................................................................................2
Transaction Processing Summary......................................................................2
Commands ................................................................................. 5
2.1
2.2
Introduction........................................................................................................5
COMPUTE CRYPTOGRAPHIC CHECKSUM .............................................................6
2.2.1
2.2.2
2.2.3
2.2.4
2.3
GENERATE AC....................................................................................................7
2.3.1
2.3.2
2.3.3
2.3.4
2.4
Definition and Scope .......................................................................................6

Command Message..........................................................................................6
Data Field Returned in the Response Message................................................6
Status Bytes .....................................................................................................7
Definition and Scope .......................................................................................7
Command Message..........................................................................................7
Data Field Returned in the Response Message................................................8
Status Bytes .....................................................................................................9
GET PROCESSING OPTIONS ...............................................................................10

2.4.1
2.4.2
2.4.3
Definition and Scope .....................................................................................10

Command Message........................................................................................10
Data Field Returned in the Response Message..............................................10
2008 MasterCard
iii
Table of Contents
2.4.4
2.5
READ RECORD ..................................................................................................12

2.5.1
2.5.2
2.5.3
2.5.4
2.6

Command Message........................................................................................13
Status Bytes ...................................................................................................15
Application Activation ............................................................. 17

3.1
3.2
3.3
3.4
Overview..........................................................................................................17
Pre-Processing..................................................................................................17
Protocol Activation ..........................................................................................18
Application Selection.......................................................................................18
3.4.1
3.4.2

Command Message........................................................................................12
Status Bytes ...................................................................................................13
SELECT .............................................................................................................13
2.6.1
2.6.2
2.6.3
2.6.4
Status Bytes ...................................................................................................11
Building the Candidate List ...........................................................................19

Final Selection ...............................................................................................20
PayPass M/Chip Transaction Processing........................... 21

4.1
4.2
Transaction Flow .............................................................................................21

Exception Processing .......................................................................................26
4.2.1
4.2.2
4.2.3
4.2.4
4.3
Processing ......................................................................................................26
Data Objects...................................................................................................26
Status Bytes ...................................................................................................27
COMPUTE CRYPTOGRAPHIC CHECKSUM .......................................................27
Functions Used in Transaction Processing ......................................................28

4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
FCI and SW1-SW2 Processing......................................................................28

GET PROCESSING OPTIONS Processing ..........................................................28
Read Mag Stripe Application Data ................................................................30
Mag Stripe Application Version Number Checking......................................31
COMPUTE CRYPTOGRAPHIC CHECKSUM Processing .....................................32
Offline Data Authentication Method Selection .............................................34
Read M/Chip Application Data .....................................................................34
Processing Restrictions ..................................................................................35
Terminal Risk Management...........................................................................35
M/Chip CVM Selection .................................................................................36
Terminal Action Analysis..............................................................................38
GENERATE AC Processing.............................................................................38
Retrieve ICC Key and Verify SDAD (CDA) ................................................39
Static Data Authentication .............................................................................40
iv
2008 MasterCard
Table of Contents
4.3.15 Completion ....................................................................................................40
Data Object Handling............................................................... 43

5.1
5.2
5.3
5.4
Data Object Format..........................................................................................43

DOL Handling .................................................................................................43
Bitmaps Used in Discretionary Data................................................................44
Data Object Management ................................................................................45
Annex A Data Objects Dictionary ...................................................... 47
2008 MasterCard
Using this Manual

Purpose
Using this Manual

Purpose
MasterCard PayPass technology enables fast, easy and globally accepted payments
through the use of contactless chip technology on the traditional MasterCard card platform.
PayPass M/Chip is designed specifically for authorization networks that currently support
chip card authorizations for credit or debit applications.
This document defines the behavior of the contactless reader used in PayPass M/Chip and
PayPass Mag Stripe transactions.
This definition replaces the interface specification given in Part II of the PayPass M/Chip
Technical Specifications, v1.3.
Scope
This document provides the specifications necessary to achieve interoperability between
PayPass cards and PayPass M/Chip readers. It contains the following definitions as
applied to both PayPass M/Chip and PayPass Mag Stripe purchase transactions:
The definition of commands, responses and data objects exchanged between the card
and PayPass reader
The definition of the command sequence in order to support the purchase transaction
flow
The definition of the internal processing of the PayPass reader
Other transaction types (e.g. refunds) may be supported by the PayPass reader however they
are not discussed in this document.
Audience
This document is intended for use by vendors that want to implement the PayPass M/Chip
application on an acceptance device.
This document is also intended for type approval services that test the actual
implementations against this specification.
2008 MasterCard
vii
Using this Manual

Related Documentation
Related Documentation
For the purposes of developing PayPass readers this specification should be read in
conjunction with the following MasterCard documents:
Document
Content
MasterCard PayPass Terminal

Implementation Requirements
Lists requirements for reader development and for

reader integration in retail systems. Describes the user
interface.
PayPass M/Chip Acquirer

Implementation Requirements
Lists requirements for acquirers implementing the

PayPass M/Chip program, including reader/terminal
functionality and configuration.
PayPass Performance Measurement
Defines the method by which transaction time is

measured during the testing of PayPass cards and
readers.
MasterCard PayPass Application

Note #2, 30 January 2008
Lists the minimum performance, in terms of transaction

time, required of PayPass cards and readers.
The content of this specification overlaps with that of the EMV Entry Point Specification.
For the purposes of developing PayPass readers, the developer has the option of either
Implementing all of the requirements in this document, or
Implementing the requirements of the EMV Entry Point Specification in place of those
given in Chapter 3 of this document. The requirements in the remaining chapters of
this document have still to be implemented.
The different documents specifying PayPass reader behavior are summarized in the
following figure:
viii
2008 MasterCard
Using this Manual

Reference Materials
Reference Materials
The following references are used in this document. The latest version applies unless a
publication date is explicitly stated.
[ISO 639-1]
Codes for the representation of names and languages Part 1:

Alpha-2 Code
[ISO 3166-1]
Codes for the representation of names of countries and their

subdivisions Part 1: Country codes
[ISO 4217]
Codes for the representation of currencies and funds
[ISO/IEC 7813]
Identification cards Financial transaction cards
[ISO/IEC 7816-4]
Information technology Identification cards Integrated circuit(s)

cards with contacts - Part 4: Interindustry commands for
interchange
[ISO/IEC 7816-5]
Identification cards Integrated circuit(s) cards with contacts

Part 5: Numbering system and registration procedure for application
identifiers.
[ISO 8583:1987]
Bank card originated messages Interchange message specifications

Content for financial transactions
[ISO 8583:1993]
Financial transaction card originated messages Interchange

message specifications
[ISO/IEC 8859]
Information processing 8-bit single-byte coded graphic character

sets
[EMV BOOK 1]
Integrated Circuit Card Specification for Payment Systems:

Application Independent ICC to Terminal Interface Requirements,
Version 4.2, June 2008
[EMV BOOK 2]
Integrated Circuit Card Specification for Payment Systems: Security

and Key Management, Version 4.2, June 2008
[EMV BOOK 3]

Application Specification, Version 4.2, June 2008
[EMV BOOK 4]

Cardholder, Attendant and Acquirer Interface Requirements,
Version 4.2, June 2008
[EMVCLPRO]
EMV Contactless Specifications for Payment Systems - EMV

Contactless Communication Protocol Specification, v2.0
[EMVEPS]
EMV Contactless Specifications for Payment Systems EMV Entry

Point Specification, May 2008
[PPTIR]
MasterCard PayPass Terminal Implementation Requirements,

Nov 2007
2008 MasterCard
ix
Using this Manual

Abbreviations
Abbreviations
The following abbreviations are used in this specification:
Abbreviation
Description
AAC
Application Authentication Cryptogram
AC
Application Cryptogram
AFL
Application File Locator
AID
Application Identifier
AIP
Application Interchange Profile
an
Alphanumeric
ans
Alphanumeric Special
ARQC
Authorization Request Cryptogram
ATC
Application Transaction Counter
Binary
BCD
Binary Coded Decimal
Conditional
C-APDU
Command Application Protocol Data Unit
CA
Certification Authority
CDA
Combined DDA/AC Generation
CDOL
Card Risk Management Data Object List
CID
Cryptogram Information Data
CLA
Class byte of command message
cn
Compressed Numeric
CVC
Card Validation Code
CVM
Cardholder Verification Method
CVR
Cardholder Verification Rule
DD
Discretionary Data
DDA
Dynamic Data Authentication
DF
Dedicated File
DOL
Data Object List
EMV
Europay MasterCard Visa
FCI
File Control Information
IAD
Issuer Application Data
ICC
Integrated Circuit Card
INS
Instruction byte of command message
ISO
International Organization for Standardization
Lc
Number of bytes present in the data field of the C-APDU
Le
Maximum length of bytes expected in the data field of the R-APDU
LRC
Longitudinal Redundancy Check
2008 MasterCard
Using this Manual

Abbreviations
Abbreviation
Description
Mandatory
Numeric
NATCTRACK1
Track 1 Number of ATC Digits
NATCTRACK2
Track 2 Number of ATC Digits
NCA
Length of the Certification Authority Public Key Modulus
NI
Length of the Issuer Public Key Modulus
NIC
Length of the ICC Public Key Modulus
Optional
PAN
Primary Account Number
PCVC3TRACK1
Track 1 Bitmap for CVC3
PCVC3TRACK2
Track 2 Bitmap for CVC3
PDOL
Processing Options Data Object List
PIN
Personal Identification Number
PPSE
Proximity Payment System Environment
PUNATCTRACK1
Track 1 Bitmap for UN and ATC
PUNATCTRACK2
Track 2 Bitmap for UN and ATC
P1
Parameter 1
P2
Parameter 2
R-APDU
Response Application Protocol Data Unit
RFU
Reserved for Future Use
RID
Registered Application Provider Identifier
SDA
Static Data Authentication
SDAD
Signed Dynamic Application Data
SSAD
Signed Static Application Data
SFI
Short File Identifier
SW1
Status Byte One
SW2
Status Byte Two
TC
Transaction Certificate
TLV
Tag Length Value
TVR
Terminal Verification Results
UDOL
Unpredictable Number Data Object List
UN
Unpredictable Number
var.
Variable length
2008 MasterCard
xi
Using this Manual

Notational Conventions
Notational Conventions
The following notations apply in this document:
Notation
Description
'0' to '9' and 'A' to 'F'
Hexadecimal notation. Values expressed in hexadecimal form are

enclosed in single quotes (i.e. '_').
1001b
Binary notation. Values expressed in binary form are followed by a

lower case "b".
digit
Any of the ten Arabic numerals from 0 to 9
"M/Chip profile is
supported"
Labels for flags, decision outcomes, or individual bits of a data object

are enclosed in double quotes.
Track 1 Data
Data object names are written in italics to distinguish them from the
text.
GENERATE AC
C-APDUs are written in SMALL CAPITALS to distinguish them from the

text.
The following table lists symbols that are used throughout this document:
Symbol
Meaning
kTRACK1
Number of non-zero bits in the Track 1 Bitmap for UN (Numeric) and

ATC (PUNATCTRACK1)
kTRACK2
Number of non-zero bits in the Track 2 Bitmap for UN (Numeric) and

ATC (PUNATCTRACK2)
tTRACK1
The symbol tTRACK1 represents the value of NATCTRACK1 and indicates

the number of digits of the ATC to be included in the discretionary data
field of the Track 1 Data.
tTRACK2
The symbol tTRACK2 represents the value of NATCTRACK2 and indicates

the number of digits of the ATC to be included in the discretionary data
field of the Track 2 Data.
nUN
The symbol nUN represents the number of positions available in the

discretionary data fields of the Track 1 Data and Track 2 Data for
transporting UN (Numeric) to the issuer.
mTRACK1
The symbol mTRACK1 indicates the number of characters present in the

discretionary data field of the Track 1 Data.
mTRACK2
The symbol mTRACK2 indicates the number of digits present in the

qTRACK1
Number of non-zero bits in the Track 1 Bitmap for CVC3

(PCVC3TRACK1). The symbol qTRACK1 represents the number of CVC3
digits included in the discretionary data field of the Track 1 Data.
qTRACK2
Number of non-zero bits in the Track 2 Bitmap for CVC3

(PCVC3TRACK2). The symbol qTRACK2 represents the number of CVC3
digits included in the discretionary data field of the Track 2 Data.
xii
2008 MasterCard
Using this Manual

Transition Flow Diagrams
Transition Flow Diagrams

The following symbols are used in the flow diagrams in this document:
The symbols are identified with a number. Paragraphs in the textual description starting
with Symbol n correspond to the symbol bearing the same number in the transition flow
diagram. The following example illustrates how it works.
The decision symbol is used in a flow diagram, identified with number 2.
TEST
OK
NOK
An explanation of the check done in symbol 2 is given:

Symbol 2
An explanation of how the application checks that the condition is satisfied.
Document Word Usage

The following words are used often in this manual and have a specific meaning:
must
Defines a product or system capability that is mandatory.
should
Defines a product or system capability that is recommended.
may
Defines a product or system capability that is optional.
2008 MasterCard
xiii
Using this Manual

Requirement Numbering
Requirement Numbering
Requirements in this document are uniquely numbered with the number appearing next to
each requirement: For example:
4.3.2.3
If the PDOL is not present, the PayPass reader must use a command data field of
'8300'.
Guidance on Terminology
PayPass Card
Due to the legacy of the plastic card industry and the fact that the most common
PayPass compliant form factor is card based, the term "card" is used frequently
throughout this document. However, the contactless nature of PayPass permits noncard form factors.
The functionality of PayPass cards and devices is driven by the chip inside and is
independent of the form factor in which the chip resides. Therefore the default
reference for the consumer token in this document is "PayPass card" or "card", as
appropriate.
PayPass Reader
The term "PayPass reader" is used to refer to the device supporting the PayPass
M/Chip application and providing the contactless interface used by the PayPass card.
Although this can be an integral part of the terminal, it is considered in this
specification as a separate logical entity.
Terminal
The term "terminal" is used in this document to mean the POS device, as distinct from
the PayPass reader that provides the contactless interface. The terminal and the
PayPass reader may exist in a single integrated device, but are considered separately in
this document.
MasterCard
In this document, the term "MasterCard" is used to refer to MasterCard International
Incorporated and/or its affiliated entities. It does not refer to the MasterCard payment
brand.
xiv
2008 MasterCard
Using this Manual

Document Overview
Document Overview
This document is organized as follows:
Section
Description
1 Introduction
This chapter provides a high-level summary of PayPass

M/Chip.
2 Commands
This chapter defines the commands and responses supported by

PayPass M/Chip.
3 Application Activation
This chapter describes the procedure for identifying and

activating the PayPass application on the card, and other
transaction pre-processing.
4 PayPass M/Chip
Transaction Processing
This chapter describes the transaction processing of the

PayPass reader after it has been enabled by the terminal and the
PayPass application has been selected on the card. It specifies
how the PayPass reader implements the transaction flow, and
lists requirements to ensure interoperability. While other
transaction types may be supported, this chapter focuses on the
interaction between the PayPass card and the PayPass reader
during a purchase transaction.
5 Data Object Handling
This chapter defines the data object handling for the PayPass
reader.
Annex A Data Objects Dictionary
This annex lists the data objects supported by the PayPass

reader.
2008 MasterCard
xv
Introduction
MasterCard Proximity Payment
Introduction
This chapter provides a high-level summary of PayPass M/Chip.
1.1
MasterCard Proximity Payment

MasterCard has developed a program intended to allow consumers to make payment
transactions at point of sale using contactless technology. The generic term "contactless
technology" is used when the point of interaction is between 1 mm and 10 m. Although the
proximity payment program covers multiple technologies and ranges, this document deals
only with the technical specifications of the MasterCard PayPass product built with a
contactless chip with a range from 1 mm to 4 cm.
1.2
M/Chip Profile and Mag Stripe Profile

Within PayPass transactions we distinguish two different profiles: M/Chip and Mag Stripe.
The PayPass Mag Stripe profile is designed for contactless payments using authorization
networks that currently support only magnetic stripe authorization for credit or debit
applications. The PayPass Mag Stripe card stores Track 1 Data and Track 2 Data. The
PayPass reader fills the discretionary data field with a dynamic CVC3 during each
transaction. The dynamic CVC3 is generated by the PayPass Mag Stripe card using a
secret key and a unique transaction counter provided by the PayPass card, and an
unpredictable number generated by the PayPass reader. The PayPass Mag Stripe card
provides better security than magnetic stripe technology because the dynamic CVC3 is used
by the issuer to authenticate the PayPass Mag Stripe card during online authorization
processing.
The PayPass M/Chip profile is designed for contactless payments in markets that are
oriented towards offline acceptance. To manage the offline risk the PayPass reader
performs terminal risk management and offline authentication of the PayPass card. The
PayPass M/Chip card performs its own card risk management and accepts or declines the
transaction offline.
To ensure global acceptance of PayPass, unless agreed by MasterCard:
All PayPass M/Chip readers support and process PayPass cards that only support the
PayPass Mag Stripe profile.
All PayPass M/Chip cards support the PayPass Mag Stripe profile when presented
at a PayPass Mag Stripe only reader.
2008 MasterCard
Introduction
Architecture
1.3
Architecture
This specification considers the PayPass reader to be a peripheral device of the terminal.
The PayPass reader performs the interaction with the PayPass card and the cardholder. The
architecture is summarized in Figure 1.1.
Figure 1.1PayPass Terminal-Reader Architecture
Note
1.4
Transaction Processing Summary
There is no requirement to create devices following the architecture

described here. This logical architecture is only used to specify an externally
observable behavior. A terminal and PayPass reader integrated in one
physical device can also meet the requirements listed in this specification.
The processing carried out by the PayPass reader during a PayPass transaction, including
the interaction with the PayPass card and with the terminal may be summarized as follows:
The terminal enables the PayPass reader and provides the necessary transaction data
(e.g. transaction amount).
The PayPass reader:

o
Initializes its internal data base and, depending on the transaction amount, sets any
internal flags for which the corresponding transaction limit has been exceeded.
Creates a list of applications that are supported by both the card and PayPass
reader.
Picks the highest priority application from the list of mutually supported
applications, and selects it on the card.
These steps may be done according to [EMVEPS] or according to the application

activation described in Chapter 3 of this document.
The PayPass reader initiates the transaction on the PayPass card.
Based on the response from the PayPass card, the PayPass reader continues with either
a PayPass Mag Stripe or PayPass M/Chip transaction.
2008 MasterCard
Introduction
For a PayPass M/Chip transaction, the PayPass reader continues with the following
steps:
o
The PayPass reader determines which form of ODA to perform.
The PayPass reader reads the data records of the PayPass card.
The PayPass reader performs Terminal Risk Management and Terminal Action
Analysis, and selects a cardholder verification method for the transaction.
The PayPass reader requests an application cryptogram from the PayPass card.
The PayPass reader performs offline data authentication as appropriate.
For a PayPass Mag Stripe transaction, the PayPass reader continues with the
following steps:
o
The PayPass reader reads the data records from the PayPass card.
The PayPass reader issues the COMPUTE CRYPTOGRAPHIC CHECKSUM command

to the PayPass card.
The PayPass reader stores the CVC3-related data in the discretionary data fields
of the Track 1 Data and Track 2 Data.
If the outcome of the above processing was successful, the reader provides a visible
and audible indication of a successful PayPass interaction to the cardholder. The
PayPass reader completes the transaction by preparing the necessary Data Record and
Transaction Outcome information and returning it to the terminal.
If the outcome of the above processing was not successful, the reader, if appropriate,
provides an indication of the failure to the cardholder. The PayPass reader either:
o
Retries the above processing, or
Prepares the necessary Transaction Outcome information and returns it to the

terminal. The PayPass reader then hands control back to the terminal.
The decision to provide failure indication and either retry or return control to the
terminal is implementation dependent.
The different stages of the transaction are summarized in Figure 1.2.
2008 MasterCard
Introduction
Figure 1.2Transaction Processing Overview
2008 MasterCard
Commands
Introduction
Commands
This chapter defines the commands and responses supported by PayPass M/Chip.
2.1
Introduction
The INS byte of the C-APDU is structured according to [EMV BOOK 1]. The coding of
INS and its relationship to CLA are shown in Table 2.1.
Table 2.1Coding of the Instruction Byte
CLA
INS
Meaning
'80'
'2A'
COMPUTE CRYPTOGRAPHIC CHECKSUM
'80'
'AE'
GENERATE AC
'80'
'A8'
GET PROCESSING OPTIONS
'00'
'B2'
READ RECORD
'00'
'A4'
SELECT
The status bytes returned by the PayPass card are coded as specified in Section 6.3.5 of
[EMV BOOK 3]. In addition to the status bytes specific for every command, the PayPass
card may return the status bytes shown in Table 2.2.
Table 2.2Generic Status Bytes
SW1
SW2
Meaning
'6D'
'00'
Instruction code not supported or invalid
'6E'
'00'
Class not supported
'6F'
'00'
No precise diagnosis
2008 MasterCard
Commands
Compute Cryptographic Checksum
2.2
COMPUTE CRYPTOGRAPHIC CHECKSUM

2.2.1 Definition and Scope
The COMPUTE CRYPTOGRAPHIC CHECKSUM command initiates the computation of the
dynamic CVC3 on the card. The computation is based on the UN (Numeric) sent by the
PayPass reader, the ATC of the PayPass card and the relevant secret key stored in the card.
The response of the PayPass card consists of returning the CVC3TRACK2, the CVC3TRACK1
(optional) and the ATC to the PayPass reader.
2.2.2 Command Message

The COMPUTE CRYPTOGRAPHIC CHECKSUM command message is coded according to
Table 2.3.
Table 2.3COMPUTE CRYPTOGRAPHIC CHECKSUM Command Message
Code
Value
CLA
'80'
INS
'2A'
P1
'8E'
P2
'80'
Lc
var.
Data
UDOL related data
Le
'00'
The data field of the command message is coded according to the UDOL following the rules
as defined in Section 5.2. If the PayPass card does not have a UDOL, the PayPass reader
uses the Default UDOL.
2.2.3 Data Field Returned in the Response Message

The data field of the response message is a constructed data object with tag '77' (Response
Message Template). The value field may include several TLV coded data objects, but
always includes the CVC3TRACK2 (tag '9F61') and the ATC (tag '9F36'). The value field may
also include the CVC3TRACK1 (tag '9F60').
2008 MasterCard
Commands
Generate AC
2.2.4 Status Bytes

The status bytes that may be sent in response to the COMPUTE CRYPTOGRAPHIC CHECKSUM
command are listed in Table 2.4.
Table 2.4Status Bytes for COMPUTE CRYPTOGRAPHIC CHECKSUM Command
2.3
SW1
SW2
Meaning
'67'
'00'
Wrong length
'69'
'85'
Conditions of use not satisfied
'6A'
'86'
Incorrect parameters P1-P2
'90'
'00'
Normal processing
GENERATE AC
The GENERATE AC command sends transaction-related data to the card, which then
computes and returns an Application Cryptogram. Depending on the risk management in
the card, the cryptogram returned by the PayPass card may differ from that requested in the
command message. The PayPass card may return an AAC (transaction declined), an
ARQC (online authorization request) or a TC (transaction approved).

The GENERATE AC command message is coded according to Table 2.5.
Table 2.5GENERATE AC Command Message
Code
Value
CLA
'80'
INS
'AE'
P1
Reference Control Parameter (see Table 2.6)
P2
'00'
Lc
var.
Data
CDOL related data
Le
'00'
2008 MasterCard
Commands
Generate AC
Table 2.6GENERATE AC Reference Control Parameter

b8
b7
b6
b5
b4
b3
b2
b1
Meaning
AAC
TC
ARQC
RFU
x
RFU
Other values RFU

0
CDA not requested
CDA requested
x
RFU
Other values RFU
The data field of the command message is coded according to CDOL1 following the rules as
defined in Section 5.2.

The data field in the response message to the GENERATE AC command is coded according
to either format 1 or format 2, as follows.
Format 1
In the case of format 1, the data object returned in the response message is a primitive data
object with tag equal to '80'. The value field consists of the concatenation without
delimiters (tag and length) of the value fields of the data objects specified in Table 2.7.
Format 1 is only used if CDA is not performed.
Table 2.7GENERATE AC Response Message Data Field (Format 1)
Value
Presence
CID
ATC
AC
IAD
2008 MasterCard
Commands
Generate AC
Format 2
In the case of format 2, the data object returned in the response message will vary depending
on whether CDA was performed or not.
CDA Not Performed
If CDA is not performed, the data object returned in the response message for an AAC,
ARQC or TC is a constructed data object with tag equal to '77', as specified in Table 2.8.
Table 2.8GENERATE AC Response Message Data Field (Format 2) No CDA
Tag
Value
Presence
'77'
Response Message Template
'9F27'
CID
'9F36'
ATC
'9F26'
AC
'9F10'
IAD
CDA Performed
If CDA is performed, the data object returned in the response message for an ARQC or TC
is a constructed data object with tag equal to '77'. It contains at least the three mandatory
data objects specified in Table 2.9, and optionally the IAD.
Table 2.9GENERATE AC Response Message Data Field (Format 2) CDA
Tag
Value
Presence
'77'
'9F27'
CID
'9F36'
ATC
'9F4B'
SDAD
'9F10'
IAD
2.3.4 Status Bytes

The status bytes that may be sent in response to the GENERATE AC command are listed in
Table 2.10.
Table 2.10Status Bytes for GENERATE AC Command
SW1
SW2
Meaning
'67'
'00'
Wrong length
'69'
'85'
'6A'
'86'
'90'
'00'
Normal processing
2008 MasterCard
Commands
Get Processing Options
2.4
GET PROCESSING OPTIONS

The GET PROCESSING OPTIONS command initiates the transaction within the card.

The GET PROCESSING OPTIONS command message is coded according to Table 2.11.
Table 2.11GET PROCESSING OPTIONS Command Message
Code
Value
CLA
'80'
INS
'A8'
P1
'00'
P2
'00'
Lc
var.
Data
PDOL related data
Le
'00'
The data field of the command message is the Command Template with tag '83' and with a
value field coded according to the PDOL provided by the PayPass card in the response to
the SELECT command. If the PDOL is not provided by the PayPass card, the length field of
the template is set to zero. Otherwise the length field is the total length of the value fields of
the data objects transmitted to the card. The value fields are concatenated according to the
rules defined in Section 5.2.

The data field in the response message to the GET PROCESSING OPTIONS command is coded
according to either format 1 or format 2, as follows.
Format 1
In the case of format 1, the data object returned in the response message is a primitive data
object with tag equal to '80'. The value field consists of the concatenation without
delimiters (tag and length) of the value fields of the AIP and the AFL, as shown in
Table 2.12.
10
2008 MasterCard
Commands
Get Processing Options
Table 2.12GET PROCESSING OPTIONS Response Message Data Field

(Format 1)
Value
Presence
AIP
AFL
Format 2
In the case of format 2, the data object returned in the response message is a constructed
data object with tag '77' (Response Message Template). The value field may include several
TLV coded objects, but always includes the AIP (tag '82') and AFL (tag '94'), as shown in
Table 2.13.
Table 2.13GET PROCESSING OPTIONS Response Message Data Field
(Format 2)
Tag
Value
Presence
'77'
'82'
AIP
'94'
AFL
2.4.4 Status Bytes

The status bytes that may be sent in response to the GET PROCESSING OPTIONS command
are listed in Table 2.14.
Table 2.14Status Bytes for GET PROCESSING OPTIONS Command
SW1
SW2
Meaning
'67'
'00'
Wrong length
'69'
'85'
'6A'
'86'
'90'
'00'
Normal processing
2008 MasterCard
11
Commands
Read Record
2.5
READ RECORD
The READ RECORD command reads a file record in a linear file. The response of the
PayPass card consists of returning the record.

The READ RECORD command message is coded according to Table 2.15.
Table 2.15READ RECORD Command Message
Code
Value
CLA
'00'
INS
'B2'
P1
Record Number
P2
See Table 2.16
Lc
Not present
Data
Not present
Le
'00'
Table 2.16 specifies the coding of P2 of the READ RECORD command.

Table 2.16P2 of READ RECORD Command
b8
b7
b6
b5
b4
b3
b2
b1
Meaning
SFI
P1 is a record number

The data field in the PayPass card response contains the record requested by the command.
For SFIs in the range 1-10, the record is a TLV constructed data object with tag '70' as
shown in Table 2.17.
Table 2.17READ RECORD Response Message Data Field
'70'
Length
12
Record Template
2008 MasterCard
Commands
Select
2.5.4 Status Bytes

The status bytes that may be sent in response to the READ RECORD command are listed in
Table 2.18.
Table 2.18Status Bytes for READ RECORD Command
2.6
SW1
SW2
Meaning
'6A'
'82'
Incorrect parameters P1 P2; file not found
'6A'
'83'
Incorrect parameters P1 P2; record not found
'6A'
'86'
Incorrect parameters P1 P2
'90'
'00'
Normal processing
SELECT
The SELECT command is used to select the PPSE directory and the PayPass application.
The response from the PayPass card consists of returning the FCI.

The SELECT command message is coded according to Table 2.19.
Table 2.19SELECT Command Message
Code
Value
CLA
'00'
INS
'A4'
P1
'04'
P2
'00'
Lc
Length of data field
Data
File Name
Le
'00'
The data field of the command message contains the PPSE directory name
("2PAY.SYS.DDF01") or the ADF Name (or AID) of the application in the PayPass card 1.
Depending on the value of the File Name, the SELECT command is referred to as SELECT PPSE or SELECT AID
command.
2008 MasterCard
13
Commands
Select

The data field of the response message contains the FCI of the PPSE or PayPass application
selected by the command.
Select PPSE
Table 2.20 defines the FCI returned by a successful selection of the PPSE directory. The
FCI contains the list of PayPass applications (ADF Names) supported by the card.
Table 2.20SELECT Response Message Data Field (FCI) of the PPSE
Tag
Value
Presence
'6F'
FCI Template
'84'
DF Name
'A5'
FCI Proprietary Template
'BF0C'
FCI Issuer Discretionary Data
The FCI Issuer Discretionary Data is a constructed data object of which the value field is
comprised of one or more Application Templates (tag '61') as described in Table 2.21.
Table 2.21FCI Issuer Discretionary Data
'BF0C'
Length
Length of
directory
entry 1
'61'
Directory
entry 1
'61'
Length of
directory
entry n
Directory
entry n
Each directory entry is the value field of an Application Template and contains the
information according to Table 2.22 and Table 2.23.
Table 2.22Directory Entry Format
Tag
Value
Presence
'4F'
ADF Name (AID)
'87'
Application Priority Indicator (see Table 2.23).
'50'
Application Label
Table 2.23Application Priority Indicator Format

b8
b7-b5
b4-b1
Application may be selected without confirmation of cardholder

xxx
RFU
000
Other values RFU

0000
No priority assigned
xxxx
Order in which the application is to be listed or selected, ranging

from 1-15, with 1 being the highest priority.
14
Definition
2008 MasterCard
Commands
Select
Select PayPass Application

Table 2.24 defines the FCI returned in response to a successful selection of a PayPass
application.
Table 2.24SELECT Response Message Data Field (FCI) of a PayPass
Application
Tag
Value
Presence
'6F'
FCI Template
'84'
DF Name (AID)
'A5'
FCI Proprietary Template
'50'
Application Label
'87'
Application Priority Indicator
'5F2D'
Language Preference
'9F38'
PDOL
'9F11'
Issuer Code Table Index
'9F12'
Application Preferred Name
'BF0C'
FCI Issuer Discretionary Data
'XXXX'
1 or more additional data objects from
application provider, Issuer or ICC
supplier
M
M
M2
O
O
O
O
O
O
O
O
2.6.4 Status Bytes

The status bytes returned by the PPSE or PayPass application for the SELECT command are
listed in Table 2.25.
Table 2.25Status Bytes for SELECT Command
SW1
SW2
Meaning
'62'
'83'
Selected file invalidated 3
'67'
'00'
Wrong length
'6A'
'81'
Function not supported
'6A'
'82'
File not found
'6A'
'86'
'90'
'00'
Normal processing
The FCI Proprietary Template may be empty. In this case the length must be set to zero.
These specifications do not specify how to block the PPSE or PayPass application. For a dual-interface card
(contact and contactless), this may be done by using the contact interface.
2008 MasterCard
15
Application Activation
Overview
This chapter describes the procedure for identifying and activating the PayPass application
on the card, and other transaction pre-processing.
3.1
Overview
Application activation begins when the terminal enables the PayPass reader to perform a
contactless transaction. Application activation can be divided into the following areas:
3.2
1.
Pre-processing, in which the transaction amount is checked against defined limits for
each supported application
2.
Protocol activation, in which contactless protocol of the PayPass reader is activated

and prepared for card discovery
3.
Application selection, in which first the PPSE and then the PayPass application are
selected on the card
Pre-Processing
When the PayPass reader has been enabled by the terminal and the values of the transaction
related data objects listed in 5.4.1.4 are defined, then the following steps are performed.
3.2.1.1
The PayPass reader must set Transaction CVM to "No CVM".
3.2.1.2
The PayPass reader must set the Transaction Outcome to "Declined".
The following steps are completed for each AID supported by the PayPass reader.
3.2.1.3
The PayPass reader must clear the following flags:
Terminal Contactless Transaction Limit Exceeded Flag
Terminal Contactless Floor Limit Exceeded Flag
Terminal CVM Required Limit Exceeded Flag
3.2.1.4
If the Amount, Authorized is greater than or equal to the Terminal Contactless

Transaction Limit for that AID, then the Terminal Contactless Transaction Limit
Exceeded Flag must be set for that AID.
3.2.1.5
If the Amount, Authorized is greater than the Terminal Contactless Floor Limit for
that AID, then the Terminal Contactless Floor Limit Exceeded Flag must be set
for that AID.
2008 MasterCard
17
Protocol Activation
3.2.1.6
3.3
If the Amount, Authorized is greater than or equal to the Terminal CVM Required
Limit for that AID, then the Terminal CVM Required Limit Exceeded Flag must be
set for that AID.
Protocol Activation
3.3.1.1
If the PayPass reader has completed pre-processing, and if the Terminal

Contactless Transaction Limit Exceeded Flag has not been set for at least one AID
supported by the PayPass reader, then the PayPass reader must:
Power up the contactless interface and start the polling and collision detection
mechanisms as defined in [EMVCLPRO].
Provide a visible indication to the cardholder that the reader is active and that
the card can be presented.
Otherwise, the PayPass reader must not proceed with the rest of application
activation. It must instead continue with the Completion function as described in
Section 4.3.15.
3.4
Application Selection
The application selection process is described in detail in the following sections from the
standpoint of both the card and the PayPass reader. The application selection mechanism
minimizes the number of commands between the card and PayPass reader. If no errors are
encountered, only two SELECT commands (see Section 2.6) are necessary. The process is
described in two steps, and is summarized in Figure 3.1.
1. The PayPass reader selects the PPSE and creates a list of applications that are supported
by both the card and the PayPass reader. This list is referred to as the "candidate list"
(see Section 3.4.1).
2.
From the candidate list, the application to be run is chosen and selected on the card (see
Section 3.4.2).
Figure 3.1Application Selection
PayPass Card
PayPass Reader
1. SELECT PPSE
2. List of AIDs
3. SELECT AID
4. FCI
18
2008 MasterCard
As an alternative to the application selection method described here, the PayPass reader
may also support a proprietary application selection method that is outside the scope of this
specification. If so, then the proprietary method may be performed either:
Immediately prior to step 3.4.1.1, or
Immediately prior to step 3.4.2.1 if the candidate list is empty.
3.4.1 Building the Candidate List

The steps taken by the PayPass reader to establish the candidate list are given in this
section.
3.4.1.1
The PayPass reader must initialize an empty candidate list.
3.4.1.2
The PayPass reader must select the PPSE on the card using the SELECT command
as described in Section 2.6. If the card returns status bytes other than '9000', then
the PayPass reader must continue with step 3.4.2.1. Otherwise, the PayPass
reader must continue with step 3.4.1.3.
3.4.1.3
The PayPass reader must retrieve all the directory entries from the FCI Issuer
Discretionary Data (tag 'BF0C') in the FCI returned by the card. Additional tags
returned in the FCI that are not listed in Table 2.20 must be discarded by the
PayPass reader. The PayPass reader must process each directory entry by
comparing the ADF Name in the directory entry with the AIDs supported by the
PayPass reader.
If the directory entry is not coded according to Table 2.22 then the PayPass reader
must ignore the directory entry. If the ADF Name matches the AID of one of the
applications supported by the PayPass reader, then the directory entry is added to
the candidate list.
The ADF Name in the directory entry matches an AID in the PayPass reader if the
ADF Name has the same length and value as the AID, or the ADF Name begins
with the entire AID.
3.4.1.4
The PayPass reader must remove from the candidate list all applications that
require cardholder confirmation (b8 = '1' in the Application Priority Indicator (see
Table 2.23)).
3.4.1.5
The PayPass reader must remove from the candidate list all applications for which
the Terminal Contactless Transaction Limit Exceeded Flag has been set in the preprocessing phase.
3.4.1.6
The PayPass reader must order the candidate list according to the following rules:
The applications must be listed in order of priority, as indicated by the

Application Priority Indicator (see Table 2.23), where the application with
the highest priority is listed first.
Applications that have the same priority are listed in the order in which they
were listed in the PPSE directory entries in the FCI Issuer Discretionary
Data (see Table 2.21).
2008 MasterCard
19
Applications with no priority must come last and in the order in which they
were listed in the PPSE directory entries in the FCI Issuer Discretionary
Data (see Table 2.21).
3.4.2 Final Selection

3.4.2.1
If the candidate list is empty, the PayPass reader must set the Transaction
Outcome to "End Application" and continue with the Completion function as
specified in Section 4.3.15 in order to terminate the transaction.
Otherwise, the PayPass reader must continue with step 3.4.2.2.
3.4.2.2
The PayPass reader must pick the first application from the candidate list and
select this application with a SELECT command coded according to Section 2.6.2
using the ADF Name found in the directory entry of the application.
If the SELECT command fails (i.e. SW1-SW2 '9000'), then the PayPass reader
must remove the application from the candidate list and resume processing at
step 3.4.2.1.
Having completed application selection, the PayPass reader can begin the main PayPass
M/Chip Transaction Processing, as described in Chapter 4.
20
2008 MasterCard
PayPass M/Chip Transaction Processing

Transaction Flow
PayPass M/Chip Transaction

Processing
This chapter describes the transaction processing of the PayPass reader after it has been
enabled by the terminal and the PayPass application has been selected on the card. It
specifies how the PayPass reader implements the transaction flow, and lists requirements to
ensure interoperability. While other transaction types may be supported, this chapter
focuses on the interaction between the PayPass card and the PayPass reader during a
purchase transaction.
4.1
Transaction Flow
4.1.1.1
The PayPass reader must execute the transaction flow as described in Figure 4.1
and Figure 4.2, and in the corresponding text below.
Note
The transaction flow described in Figure 4.1 and Figure 4.2 assumes normal
processing without exceptions.
Exception processing is described in Section 4.2.
Symbol 1
FCI and SW1-SW2 Processing
The PayPass reader performs certain checks on the data received in reply to the SELECT
AID command as described in Section 4.3.1.
Symbol 2
GET PROCESSING OPTIONS Command Processing
The PayPass reader initiates the transaction by issuing the GET PROCESSING OPTIONS
command as described in Section 4.3.2. The PayPass card returns the AIP and the AFL.
Symbol 3
M/Chip profile?
The PayPass reader verifies if the "M/Chip profile is supported" bit in the AIP is set. If the
bit is set, the PayPass reader continues by selecting the method of offline data
authentication to be used (see Symbol 7). If the bit is not set, then it continues by reading
from the PayPass card the PayPass Mag Stripe application data (see Symbol 4).
Symbol 4
Read Mag Stripe Application Data
Based on the AFL previously received from the card, the PayPass reader reads the necessary
data using the READ RECORD command as specified in Section 4.3.3.
Symbol 5
Mag Stripe Application Version Number Checking
The PayPass reader verifies the compatibility of its application with the
PayPass Mag Stripe application in the PayPass card as specified in Section 4.3.4.
2008 MasterCard
21

Transaction Flow
Symbol 6
COMPUTE CRYPTOGRAPHIC CHECKSUM Processing
The PayPass reader continues with the COMPUTE CRYPTOGRAPHIC CHECKSUM command as
specified in Section 4.3.5. The PayPass reader then sets the Transaction Outcome to
"Online Request".
Note
After the completion of the COMPUTE CRYPTOGRAPHIC CHECKSUM response, the

PayPass card can be removed from the PayPass reader.
Symbol 7
Offline Data Authentication Method Selection
The PayPass reader selects the offline data authentication method to be used in the
transaction. As described in Section 4.3.6, it compares the functionality available on the
card, as indicated in the AIP, with its own capabilities. The result of this process is a
decision to perform CDA, SDA or not to perform any offline data authentication.
Symbol 8
Read M/Chip Application Data
The PayPass reader reads the necessary data using READ RECORD commands as specified in
Section 4.3.7.
Symbol 9
Processing Restrictions
The PayPass reader performs the Processing Restrictions function as specified in
Section 4.3.8. This includes application version number checking, application usage control
checking and application effective/expiry dates checking.
Symbol 10 Terminal Risk Management
The PayPass reader performs Terminal Risk Management as specified in Section 4.3.9.
Symbol 11 M/Chip CVM Selection
The PayPass reader selects a cardholder verification method as specified in Section 4.3.10.
The result of this function is stored as the Transaction CVM.
Symbol 12 Terminal Action Analysis
The PayPass reader performs Terminal Action Analysis in order to decide whether the
transaction should be approved offline, declined offline, or transmitted online. The PayPass
reader makes this decision based on the content of the TVR, the Issuer Action Codes and
Terminal Action Codes as specified in Section 4.3.11.
Symbol 13 GENERATE AC
The PayPass reader issues a GENERATE AC command, as described in Section 4.3.12,
requesting a TC, ARQC or an AAC based on the results of Terminal Action Analysis.
The PayPass card performs its card risk management when it receives the GENERATE AC
command, and may decide to complete the transaction online (ARQC), offline (TC) or
decline the transaction (AAC).
Note
After the completion of the GENERATE AC response, the PayPass card may be
removed from the PayPass reader.
22
2008 MasterCard

Transaction Flow
Symbol 14 Card Generated AAC?

If the PayPass reader requested an ARQC or TC, and if the PayPass card has generated an
AAC, the PayPass reader sets the Transaction Outcome to "Try Another Interface" and
continues with the Completion function. If the PayPass reader requested an AAC, and if
the PayPass card has generated an AAC, the PayPass reader sets the Transaction Outcome
to "Declined" and continues with the Completion function.
Otherwise, the PayPass reader continues by checking if CDA was used in the PayPass card
response.
Symbol 15 Combined DDA/AC Generation?
If CDA is being performed, the PayPass reader continues by retrieving the ICC Public Key
from the data read from the PayPass card and by verifying the SDAD. If CDA has not been
performed, the PayPass reader continues by verifying that the PayPass card generated an
ARQC.
Symbol 16 Retrieve ICC Public Key and Verify SDAD (CDA)
The PayPass reader retrieves the ICC Public Key and verifies the SDAD generated by the
PayPass card as specified in Section 4.3.13.
Symbol 17 Card Generated ARQC (CDA)?
The PayPass reader checks if the card generated an ARQC. If this is the case, the PayPass
reader sets the Transaction Outcome to "Online Request" for online capable terminals, and
to "Declined" for offline-only terminals. If the PayPass card generated a TC, the PayPass
reader sets the Transaction Outcome to "Approved". The PayPass reader continues with the
Completion function.
Symbol 18 Card Generated ARQC (No CDA)?
The PayPass reader checks if the PayPass card generated an ARQC. If this is the case, the
PayPass reader sets the Transaction Outcome to "Online Request" for online capable
terminals, and to "Declined" for offline-only terminals. The PayPass reader then continues
with the Completion function. If the PayPass card generated a TC, the PayPass reader
continues by performing SDA.
Symbol 19 Static Data Authentication
The PayPass reader performs SDA as specified in Section 4.3.14. The PayPass reader sets
the Transaction Outcome to "Approved".
Symbol 20 Completion
The PayPass reader executes the Completion function as specified in Section 4.3.15, and
hands control back to the terminal.
2008 MasterCard
23

Transaction Flow
Figure 4.1Transaction Flow for PayPass reader (Part 1)
24
2008 MasterCard

Transaction Flow
Figure 4.2Transaction Flow for PayPass reader (Part 2)
2008 MasterCard
25

Exception Processing
4.2
This section specifies exceptions to normal processing that cause termination of the normal
transaction flow.
4.2.1 Processing
4.2.1.1
If the PayPass reader encounters an exception during its processing, then it must
set the Transaction Outcome to "End Application" and continue with the
Completion function as specified in Section 4.3.15.
4.2.2 Data Objects

Data objects returned by the PayPass card are checked by the PayPass reader as follows:
4.2.2.1
It is the responsibility of the issuer to ensure that data in the PayPass card is of the
correct format. No format checking other than that specifically defined is
mandated for the PayPass reader. However, if during normal processing the
PayPass reader recognizes that data read from the PayPass card is incorrectly
formatted, it must terminate the transaction as defined in requirement 4.2.1.1.
4.2.2.2
Unless explicitly stated in Section 4.3, during a PayPass Mag Stripe transaction
the PayPass reader must not validate the individual data objects returned in the
Track 1 Data and Track 2 Data. Specifically, validation of the values 2 and 6 in
the first digit of the service code present in Track 1 Data or Track 2 Data to
determine if a contact chip transaction is required must not be performed. Any
existing data validation carried out to support individual payment products is
outside the scope of this specification.
However, if in the course of copying the dynamic data into Track 1 Data or
Track 2 Data, the PayPass reader is not able to localize the discretionary data field
due to one or more format errors, the PayPass reader must terminate the
transaction as defined in requirement 4.2.1.1.
4.2.2.3
If, during transaction processing, the PayPass reader encounters more than one
occurrence of a single primitive data object, it must terminate the transaction as
specified in requirement 4.2.1.1.
4.2.2.4
If, during transaction processing, the PayPass reader receives in a response from
the PayPass card a data object that is listed in Table A.1 as having the PayPass
reader as source, it must terminate the transaction as specified in
requirement 4.2.1.1.
26
2008 MasterCard

4.2.3 Status Bytes

4.2.3.1
If, during transaction processing, the PayPass card returns any SW1-SW2 other
than '9000', the PayPass reader must terminate the transaction as according to
requirement 4.2.1.1, unless otherwise specified.
4.2.4 COMPUTE CRYPTOGRAPHIC CHECKSUM

Specific exception processing is required for the COMPUTE CRYPTOGRAPHIC CHECKSUM
command.
4.2.4.1
During a PayPass Mag Stripe transaction, if the PayPass reader does not receive
a valid response from the PayPass card to a COMPUTE CRYPTOGRAPHIC
CHECKSUM command (i.e. no response message or an invalid response message),
it must wait 300 ms before terminating the transaction as specified in
If it is the second consecutive transaction for which no valid response message
from the PayPass card for the COMPUTE CRYPTOGRAPHIC CHECKSUM command
is received, the PayPass reader must wait 2 * 300 ms before terminating the
transaction as specified in requirement 4.2.1.1.
In general, if it is the nth (n = 1, 2, 3, ) consecutive transaction for which no
valid response message from the PayPass card for the COMPUTE CRYPTOGRAPHIC
CHECKSUM command is received, the PayPass reader must wait 2m * 300 ms (m
being the minimum of n-1 and 5) before terminating the transaction as specified in
2008 MasterCard
27

Functions Used in Transaction Processing
4.3

4.3.1 FCI and SW1-SW2 Processing
Transaction processing begins with the analysis of the response to the SELECT AID
command.
4.3.1.1
If the PayPass card returns any SW1-SW2 other than '9000' in response to the
SELECT AID command, then the PayPass reader must terminate the transaction as
Note
Requirement 4.3.1.1 applies only if the PayPass reader implements the EMV
Entry Point. Otherwise, the status bytes in response to the SELECT AID
command are processed as described previously in requirement 3.4.2.2.
4.3.1.2
The PayPass reader must verify that the FCI is correctly formatted, as specified in
Table 2.24. If this is not the case, then the PayPass reader must terminate
processing as specified in requirement 4.2.1.1.
4.3.1.3
The PayPass reader must extract the PDOL (if present) from the FCI and store it
for later use during the GET PROCESSING OPTIONS Command Processing.
4.3.1.4
The PayPass reader must extract the DF Name (tag '84'), Application Label
(tag '50') (if present), the Language Preference (tag '5F2D') (if present), the Issuer
Code Table Index (tag '9F11') (if present) and the Application Preferred Name
(tag '9F12') (if present) from the FCI, and store them for later use in the
Completion function. Additional tags returned in the FCI that are not listed in
Table 2.24 must be discarded by the PayPass reader.
4.3.1.5
If the Language Preference (tag '5F2D') data object is included in the FCI, then
the PayPass reader must perform language selection as specified in Section 11.1
of [EMV BOOK 4], except for interactive cardholder language selection. If no
match is found and the PayPass reader supports more than one language, it must
automatically select the local language.
4.3.2 GET PROCESSING OPTIONS Processing

The PayPass reader issues the GET PROCESSING OPTIONS command to initiate the
transaction in the card.
4.3.2.1
The PayPass reader sets all bits in the TVR and CVM Results to 0b.
4.3.2.2
If the Terminal CVM Required Limit Flag is set, then the Terminal Capabilities
must be instantiated with Terminal Capabilities CVM Required. Otherwise the
Terminal Capabilities must be instantiated with Terminal Capabilities No CVM
Required.
28
2008 MasterCard

4.3.2.3
The PayPass reader must format the GET PROCESSING OPTIONS command as
specified in Section 2.4.2.
4.3.2.4
If the PDOL is not present (see requirement 4.3.1.3), the PayPass reader must use
a command data field of '8300'.
4.3.2.5
If the PDOL is present, the PayPass reader must use the PDOL to create a
concatenated list of data objects without tags or lengths following the rules
specified in Section 5.2. The PayPass reader must verify that all of the tags in the
PDOL belong to data objects available to the PayPass reader. If this is not the
case, the PayPass reader must provide a data object with the length specified and a
value of all hexadecimal zeros for all such tags encountered. The PayPass reader
must use the concatenated list as value field of the data object with tag '83'.
4.3.2.6
The PayPass reader must verify that the response message to the GET
PROCESSING OPTIONS command is correctly formatted as specified in
Section 2.4.3. If this is not the case, the PayPass reader must terminate the
4.3.2.7
The PayPass reader must retrieve from the response message the AIP (tag '82')
and AFL (tag '94') data objects. If they are not both included, the PayPass reader
must terminate the transaction as specified in requirement 4.2.1.1. If the PayPass
card response contains a constructed data object as described in Table 2.13, any
additional data objects returned in the data field must be discarded by the PayPass
reader.
4.3.2.8
If the PayPass Mag Stripe Indicator for the selected AID indicates that the
PayPass Mag Stripe profile is not supported and the "M/Chip profile is
supported" bit in the AIP is not set, then the PayPass reader must terminate the
4.3.2.9
If the PayPass card returns SW1-SW2 = '6985' in response to the GET

PROCESSING OPTIONS command, then the PayPass reader must remove the
application from the candidate list and return to application selection as described
in requirement 3.4.2.1.
Note
Requirement 4.3.2.9 applies only if the PayPass reader implements

application activation as specified in Chapter 3. If the EMV Entry Point is
used, then SW1-SW2 = '6985' is handled as described in 4.2.3.1.
2008 MasterCard
29

4.3.3 Read Mag Stripe Application Data

Data contained in the files of the PayPass card are required by the PayPass reader to
complete the COMPUTE CRYPTOGRAPHIC CHECKSUM command processing. The PayPass
reader uses the READ RECORD command to read the files and records indicated in the AFL.
4.3.3.1
If the value of the four most significant bytes of the AFL is different from
'08010100', then the PayPass reader must process each entry in the AFL from left
to right. A READ RECORD command as described in Section 2.5 must be issued
for each record between the starting record number and the ending record number,
inclusively. The PayPass reader must ignore the fourth byte of each entry in the
AFL.
The PayPass reader must then proceed with requirement 4.3.3.3.
4.3.3.2
If the value of the four most significant bytes of the AFL is equal to '08010100',
then the PayPass reader must not interpret the AFL and instead must only issue a
READ RECORD command as described in Section 2.5 for the first record in the file
with SFI 1.
4.3.3.3
The PayPass reader must store all recognized data objects read, whether
mandatory or optional, for later use in the transaction processing. Data objects
that are not recognized by the PayPass reader (that is, their tags are unknown by
the PayPass reader) must be discarded.
4.3.3.4
If any of the mandatory data objects listed in Table 4.1 is not present, the PayPass
reader must terminate the transaction as specified in requirement 4.2.1.1.
Table 4.1Mandatory PayPass Mag Stripe Data Objects
Tag
Value
'9F6B'
Track 2 Data
'9F66'
PUNATCTRACK2
'9F65'
PCVC3TRACK2
'9F67'
NATCTRACK2
4.3.3.5
The PayPass reader must copy the discretionary data field of the Track 1 Data (if
present) into DDCARD,TRACK1. The PayPass reader must copy the discretionary data
field of the Track 2 Data into DDCARD,TRACK2.
4.3.3.6
The PayPass reader must verify that the number of non-zero bits in
PUNATCTRACK2 (kTRACK2) is greater than or equal to the number of digits of the
ATC to be included in the discretionary data field of the Track 2 Data (t TRACK2). If
kTRACK2 < tTRACK2, the PayPass reader must terminate the transaction, as specified
in requirement 4.2.1.1. Otherwise, the PayPass reader must set nUN equal to
kTRACK2 - t TRACK2.
4.3.3.7
The PayPass reader must verify that nUN is less than or equal to 8. If nUN is
greater than 8, the PayPass reader must terminate the transaction as specified in
30
2008 MasterCard

4.3.3.8
The PayPass reader must verify that the number of non-zero bits in PCVC3TRACK2
is greater than or equal to 3 (i.e. qTRACK2 3). If this is not the case, the PayPass
4.3.3.9
If Track 1 Data is included in the data returned from the card, the PayPass reader
must verify that also PCVC3TRACK1, PUNATCTRACK1 and NATCTRACK1 are returned.
If at least one of these data objects is not available, the PayPass reader must
terminate the transaction as specified in requirement 4.2.1.1.
4.3.3.10 If Track 1 Data is available, the PayPass reader must verify that the number of
non-zero bits in PUNATCTRACK1 (kTRACK1) is greater than or equal to the number of
digits of the ATC to be included in the discretionary data field of Track 1 Data
(tTRACK1). If kTRACK1 < t TRACK1, the PayPass reader must terminate the transaction
as specified in requirement 4.2.1.1.
4.3.3.11 If Track 1 Data is available, the PayPass reader must verify that kTRACK1 - tTRACK1
is equal to nUN. If this is not the case, the PayPass reader must terminate the
4.3.3.12 If Track 1 Data is available, the PayPass reader must verify that the number of
non-zero bits in PCVC3TRACK1 is greater than or equal to 3 (i.e. qTRACK1 3). If this
is not the case, the PayPass reader must terminate the transaction as specified in
4.3.3.13 The PayPass reader must retrieve from the Track 2 Data the PAN and Expiry
Date. If Track 1 Data is returned from the card, the PayPass reader must verify
that the PAN and Expiry Date included in the Track 1 Data are the same as the
PAN and Expiry Date included in the Track 2 Data. If this is not the case, the
PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.
4.3.4 Mag Stripe Application Version Number Checking

The applications within both the PayPass card and the PayPass reader maintain a
Mag Stripe Application Version Number assigned by the payment system. The PayPass
reader verifies the compatibility of its Mag Stripe Application Version Number (Reader)
with the Mag Stripe Application Version Number (Card) in the card.
4.3.4.1
If the Mag Stripe Application Version Number (Card) is not present in the card, or
if the PayPass reader does not recognize or support the application version of the
card, the PayPass reader must use its latest version to perform the transaction.
Otherwise, PayPass reader must use the appropriate code and/or commands to
perform the transaction with the card.
2008 MasterCard
31

4.3.5 COMPUTE CRYPTOGRAPHIC CHECKSUM Processing

The PayPass reader issues the COMPUTE CRYPTOGRAPHIC CHECKSUM command to the
PayPass card to obtain the CVC3TRACK2, the CVC3TRACK1 (optional) and the ATC from the
card.
4.3.5.1
The PayPass reader must generate an UN (Numeric) of 8 digits in length and of

which the 8-nUN most significant digits are set equal to 0.
4.3.5.2
The PayPass reader must format the COMPUTE CRYPTOGRAPHIC CHECKSUM

command as specified in Section 2.2.2.
4.3.5.3
If the UDOL is returned by the PayPass card during the Read Mag Stripe
Application Data processing, the PayPass reader must create a concatenated list of
data objects without tags or lengths following the rules specified in Section 5.2.
4.3.5.4
If the UDOL is not returned by the PayPass card during the Read Mag Stripe
Application Data processing, the PayPass reader must use the Default UDOL to
construct the data field of the command message. Refer to Section 5.4 for the
definition of the Default UDOL.
4.3.5.5
The PayPass reader must verify that the response message of the COMPUTE
CRYPTOGRAPHIC CHECKSUM command is correctly formatted as specified in
Section 2.2.3. If it is not correctly formatted, the PayPass reader must terminate
the transaction as indicated in requirement 4.2.4.1.
4.3.5.6
The PayPass reader must retrieve the CVC3TRACK2 (tag '9F61') and the ATC
(tag '9F36') from the Response Message Template (tag '77'). If one of these data
objects is not available, the PayPass reader must terminate the transaction as
indicated in requirement 4.2.4.1.
4.3.5.7
The PayPass reader must convert the binary encoded CVC3TRACK2 to the BCD
encoding of the corresponding number expressed in base 10. The PayPass reader
must copy the qTRACK2 least significant digits of the BCD encoded CVC3TRACK2 in
the eligible positions of the discretionary data field of Track 2 Data. The eligible
positions are indicated by the qTRACK2 non-zero bits in PCVC3TRACK2.
4.3.5.8
The PayPass reader must replace the nUN least significant eligible positions of the
discretionary data field of Track 2 Data by the nUN least significant digits of UN
(Numeric). The eligible positions in the discretionary data field are indicated by
the nUN least significant non-zero bits in PUNATCTRACK2.
4.3.5.9
If tTRACK2 0, the PayPass reader must convert the ATC to the BCD encoding of
the corresponding number expressed in base 10. The PayPass reader must replace
the tTRACK2 most significant eligible positions of the discretionary data field of
Track 2 Data by the tTRACK2 least significant digits of the BCD encoded ATC. The
eligible positions in the discretionary data field are indicated by the tTRACK2 most
significant non-zero bits in PUNATCTRACK2.
4.3.5.10 The PayPass reader must copy nUN into the least significant digit of the
32
2008 MasterCard

4.3.5.11 If Track 1 Data is available, the PayPass reader must retrieve the CVC3TRACK1
from the Response Message Template (tag '77'). If the Track 1 Data is available
and the CVC3TRACK1 is not available, the PayPass reader must terminate the
transaction as indicated in requirement 4.2.4.1.
4.3.5.12 Data objects returned in the Response Message Template (tag '77') with tags other
than '9F60', '9F61' and '9F60' must be discarded by the PayPass reader.
4.3.5.13 If Track 1 Data is available, the PayPass reader must convert the binary encoded
CVC3TRACK1 to the BCD encoding of the corresponding number expressed in
base 10. The PayPass reader must convert the qTRACK1 least significant digits of
the BCD encoded CVC3TRACK1 into the ASCII format and copy the qTRACK1 ASCII
encoded CVC3TRACK1 characters into the eligible positions of the discretionary data
field of the Track 1 Data. The eligible positions are indicated by the qTRACK1 nonzero bits in PCVC3TRACK1.
4.3.5.14 If Track 1 Data is available, the PayPass reader must convert the BCD encoded
UN (Numeric) into the ASCII format and replace the nUN least significant eligible
positions of the discretionary data field of the Track 1 Data by the nUN least
significant characters of the ASCII encoded UN (Numeric). The eligible positions
in the discretionary data field are indicated by the nUN least significant non-zero
bits in PUNATCTRACK1.
4.3.5.15 If Track 1 Data is available and tTRACK1 0, the PayPass reader must convert the
ATC to the BCD encoding of the corresponding number expressed in base 10.
The PayPass reader must convert the tTRACK1 least significant digits of the ATC
into the ASCII format. The PayPass reader must replace the tTRACK1 most
significant eligible positions of the discretionary data field of the Track 1 Data by
the tTRACK1 ASCII encoded ATC characters. The eligible positions in the
discretionary data field are indicated by the tTRACK1 most significant non-zero bits
in PUNATCTRACK1.
4.3.5.16 If Track 1 Data is available, the PayPass reader must convert nUN into the ASCII
format and copy the ASCII encoded nUN character into the least significant
position of the discretionary data field of the Track 1 Data.
4.3.5.17 The PayPass reader must execute the requirements 4.3.5.7, 4.3.5.8, 4.3.5.9 and
4.3.5.10 and the requirements 4.3.5.13, 4.3.5.14, 4.3.5.15 and 4.3.5.16 in the order
as specified above.
2008 MasterCard
33

4.3.6 Offline Data Authentication Method Selection

Based on the capabilities of the PayPass card, the PayPass reader selects a method of
offline data authentication to be used for the transaction.
The PayPass reader performs Offline Data Authentication Method Selection as follows:
4.3.6.1
If the AIP indicates that the PayPass card supports CDA (AIP[1][1] = 1b) and the
Terminal Capabilities indicate that the PayPass reader supports CDA (Terminal
Capabilities[3][4] = 1b), the PayPass reader must select CDA as the ODA to be
performed. Offline Data Authentication Method Selection is complete.
Otherwise, the PayPass reader must continue with requirement 4.3.6.2.
4.3.6.2
If the AIP indicates that the PayPass card supports SDA (AIP[1][7] = 1b) and the
Terminal Capabilities of the PayPass reader indicate support for SDA (Terminal
Capabilities[3][8] = 1b), the PayPass reader must select SDA as the ODA to be
performed. Offline Data Authentication Method Selection is complete.
4.3.6.3
If neither SDA nor CDA is selected as the ODA to be performed, the PayPass
reader must set the Offline Data Authentication Was Not Performed bit in the
TVR to 1b.
4.3.7 Read M/Chip Application Data

The PayPass reader reads the files and records indicated in the AFL using the READ
RECORD command.
4.3.7.1
If the AFL returned by the PayPass card is not one of the pre-defined values
described in Table 4.2, the PayPass reader must process each entry in the AFL
from left to right. A READ RECORD command as described in Section 2.5 must be
issued for each record between the starting record number and the ending record
number, inclusively.
The PayPass reader must then proceed with requirement 4.3.7.6.
If the AFL returned by the PayPass card is one of the pre-defined values described
in Table 4.2, the PayPass reader must proceed with requirement 4.3.7.2.
Table 4.2Pre-defined AFL Values
ODA supported
AFL Value
SDA
'08010100 10010101 18010200'
CDA
'08010100 10010101 18010200 20010200'
4.3.7.2
The PayPass reader must always read record 1 included in the file with SFI 2.
4.3.7.3
If the offline data authentication method to be performed for the transaction is

SDA or CDA (see Section 4.3.6), the PayPass reader must read record 1 included
in the file with SFI 3.
34
2008 MasterCard

4.3.7.4

SDA, the PayPass reader must read record 2 included in the file with SFI 3.
4.3.7.5

CDA, the PayPass reader must read record 1 and 2 included in the file with SFI 4.
4.3.7.6
The PayPass reader must store all recognized data objects read, whether
mandatory or optional, for later use in the transaction processing. Data objects
that are not recognized by the PayPass reader (that is, their tags are unknown by
the PayPass reader) must not be stored separately, but records containing such
data objects may still participate in their entirety in offline data authentication,
depending upon the coding of the AFL.
4.3.7.7
All mandatory data objects must be present in the card. If any mandatory data
object is not present, the PayPass reader must terminate the transaction as
specified in requirement 4.2.1.1. The mandatory data objects are listed in
Table 4.3.
Table 4.3Mandatory PayPass M/Chip Data Objects
4.3.7.8
Tag
Value
'5F24'
Application Expiry Date
'5A'
PAN
'8C'
CDOL1
'9F4A'
SDA Tag List
Proprietary data files (i.e. files with SFI outside the range 1 to 10) may or may not
conform to this specification (refer to Table 2.17). Records in proprietary files
may be represented in the AFL and may participate in offline data authentication if
they are readable without conditions by the READ RECORD command coded
according to Section 2.5.2.
4.3.8 Processing Restrictions

4.3.8.1
The Processing Restrictions function must be performed as specified in

Section 10.4 of [EMV BOOK 3] and Section 6.3.3 of [EMV BOOK 4]. It includes
the checking of the following data objects: Application Version Number,
Application Usage Control, Application Effective Date, Application Expiry Date.
4.3.9 Terminal Risk Management

4.3.9.1
If the Terminal Contactless Floor Limit Exceeded Flag has been set during the
pre-processing phase, then the "Transaction Exceeds Floor Limit" bit of the TVR
must be set to 1b.
The PayPass reader may support an exception file as specified in Section 6.3.5 of
[EMV BOOK 4].
2008 MasterCard
35

4.3.10 M/Chip CVM Selection

Cardholder verification is performed to ensure that the person presenting the PayPass card
is indeed the person to whom the application in the PayPass card was issued. This section
specifies how the PayPass reader selects the CVM to be performed by the terminal. The
M/Chip CVM Selection function makes use of the CVM List (tag '8E') returned by the
PayPass card in the response to the READ RECORD command. The PayPass reader
compares the contents of the card's CVM List with the CVMs it supports.
The result of the M/Chip CVM Selection processing is communicated to the terminal during
the Completion function by means of the Transaction CVM.
Note
The M/Chip CVM Selection function involves only the selection of the CVM
to be performed. Cardholder verification is not performed until after the
Completion function, and the PayPass reader has returned control to the
terminal.
The PayPass reader performs M/Chip CVM Selection as follows:

4.3.10.1 If the "Cardholder verification is supported" bit in the AIP is not set, then the
PayPass reader must set the Transaction CVM to "No CVM". In the CVM
Results, the PayPass reader must set byte 1 to "No CVM" and byte 3 to
"successful". M/Chip CVM Selection is complete.
4.3.10.2 If the CVM List is not present in the card or the CVM List has no CVRs, then the
PayPass reader must set the "ICC Data Missing" bit in the TVR and the
Transaction CVM to "No CVM". In the CVM Results, the PayPass reader must
set byte 1 to "No CVM" and byte 3 to "unknown". M/Chip CVM Selection is
complete.
4.3.10.3 The PayPass reader must process each CVR in the order in which they appear in
the CVM List according to requirements 4.3.10.4 and 4.3.10.5. M/Chip CVM
Selection is completed when a CVM is successfully selected or when the CVM
List is exhausted.
4.3.10.4 When processing each CVR, if any of the following is true, then the PayPass
reader must bypass the CVR and proceed to the next CVR in the CVM List:
The conditions expressed by the CVM Condition Code (second byte of the
CVR) are not satisfied.
Data required by the conditions expressed by the CVM Condition Code is not
present.
The CVM Condition Code is outside the range of codes understood by the
PayPass reader (refer to requirement 4.3.10.6).
If there are no more CVRs in the list, then the PayPass reader must set the
Transaction CVM to "No CVM" and set the "Cardholder verification was not
successful" bit in the TVR. In the CVM Results, the PayPass reader must set
byte 1 to "No CVM" and byte 3 to "failed". M/Chip CVM Selection is complete.
36
2008 MasterCard

4.3.10.5 If the conditions expressed by the CVM Condition Code are satisfied, then the
PayPass reader must proceed according to the following steps:
1. If the CVM Code (first byte of the CVR) is recognized (refer to requirement
4.3.10.7), then the PayPass reader must proceed with step 2.
If the CVM Code is not recognized, then the PayPass reader must set the
'Unrecognized CVM' bit in the TVR and proceed with step 3.
2. If the CVM Code is supported (refer to requirement 4.3.10.8) and is not "Fail
CVM", then the PayPass reader must proceed as follows:
The PayPass reader must set the Transaction CVM as indicated by the
CVM Code.
In the CVM Results, the PayPass reader must copy the CVR to bytes 1
and 2, and must set byte 3 to "unknown".
If the CVM Code is "Enciphered PIN verified online", then the PayPass
reader must set the "Online PIN entered" bit in the TVR.
M/Chip CVM Selection is complete.
If the CVM Code is "Fail CVM" or if the CVM Code is not supported, then
the PayPass reader must proceed with step 3.
3. The PayPass reader must examine b7 of the CVM Code.
If b7 is set to 1b, processing continues with the next CVR, if present.
If b7 is set to 0b, or if there are no more CVRs in the list, then the PayPass
reader must set the Transaction CVM to "No CVM" and set the "Cardholder
verification was not successful" bit in the TVR.
The PayPass reader must set byte 3 of the CVM Results to "failed".
If the CVM Code is "Fail CVM", then the PayPass reader must copy the CVR
to bytes 1 and 2 of the CVM Results.
If the CVM Code is not "Fail CVM", then the PayPass reader must set byte 1
of the CVM Results to "No CVM".
M/Chip CVM Selection is complete.
4.3.10.6 The PayPass reader must understand the CVM Condition Codes defined in
Annex C.3 of [EMV BOOK 3]. The PayPass reader may also understand
proprietary CVM Condition Codes not defined in Annex C.3 of [EMV BOOK 3].
4.3.10.7 The PayPass reader must recognize the CVM Codes defined in Annex C.3 of
[EMV BOOK 3]. The PayPass reader may also recognize proprietary CVM
Codes not defined in Annex C.3 of [EMV BOOK 3].
4.3.10.8 The PayPass reader must verify support of a CVM Code as follows:
For CVM Codes defined in Annex C.3 of [EMV BOOK 3], support must be
indicated in the Terminal Capabilities.
For CVM Codes not defined in Annex C.3 of [EMV BOOK 3], support may
be known implicitly.
For Combination CVMs, both CVM Codes must be supported.
"Fail CVM" must always be supported.
2008 MasterCard
37

4.3.11 Terminal Action Analysis

With the Terminal Action Analysis function the PayPass reader makes the decision as to
whether the transaction should be approved offline, declined offline, or transmitted online.
4.3.11.1 Terminal Action Analysis must be performed as specified in Section 10.7 of
[EMV BOOK 3].
4.3.12 GENERATE AC Processing

As a result of the Terminal Action Analysis processing, the PayPass reader requests the
PayPass card to generate an Application Cryptogram with the GENERATE AC command.
4.3.12.1 The PayPass reader must format the GENERATE AC command as specified in
Section 2.3.2.
4.3.12.2 The PayPass reader must use the CDOL1 to create a concatenated list of data
objects without tags or lengths following the rules specified in Section 5.2.
4.3.12.3 If the result of the Terminal Action Analysis (see Section 4.3.11) is "approved
offline" (TC), and the result of Offline Data Authentication Method Selection is
CDA (see Section 4.3.6), then the PayPass reader must indicate "CDA requested"
in the Reference Control Parameter of the GENERATE AC command.
4.3.12.4 If the result of the Terminal Action Analysis (see Section 4.3.11) is "declined
offline" (AAC) or "transmitted online" (ARQC), and the result of Offline Data
Authentication Method Selection is CDA (see Section 4.3.6), then the PayPass
reader must not indicate "CDA requested" in the Reference Control Parameter of
the GENERATE AC command.
4.3.12.5 If the result of Offline Data Authentication Method Selection is not CDA (see
Section 4.3.6), then the PayPass reader must not indicate "CDA requested" in the
Reference Control Parameter of the GENERATE AC command.
4.3.12.6 The PayPass reader must verify that the response message of the GENERATE AC
command is correctly formatted as specified in Section 2.3.3. If it is not correctly
formatted, the PayPass reader must terminate the transaction as specified in
4.3.12.7 The PayPass reader must retrieve the CID (tag '9F27') and the Application
Transaction Counter (tag '9F36') from the response message of the GENERATE AC
command. If one of these data objects is not available, the PayPass reader must
4.3.12.8 If CDA was not requested in the GENERATE AC command and the data object
returned in the response message is a Response Message Template (tag '77'), the
PayPass reader must verify that the Application Cryptogram (tag '9F26') is
included. If the Application Cryptogram is not included, the PayPass reader must
terminate the transaction as specified in requirement 4.2.1.1. Additional data
objects returned in the data field that are not listed in Table 2.8 must be discarded
by the PayPass reader.
38
2008 MasterCard

4.3.12.9 If CDA was requested in the GENERATE AC command and the PayPass card did
not generate an AAC, the PayPass reader must verify that the SDAD (tag '9F4B')
is included in the Response Message Template (tag '77'). If the SDAD tag is not
included, the PayPass reader must terminate the transaction as specified in
requirement 4.2.1.1. Additional data objects returned in the data field that are not
listed in Table 2.9 must be used by the PayPass reader during the verification of
the SDAD.
4.3.13 Retrieve ICC Key and Verify SDAD (CDA)

When the method of offline data authentication used is CDA, the PayPass reader retrieves
the ICC Public Key and verifies the SDAD returned by the PayPass card as part of the
response to the GENERATE AC command.
4.3.13.1 The PayPass reader must verify that all mandatory data objects for performing
CDA have been returned from the PayPass card (refer to Table 4.4). If this is not
the case, then the PayPass reader must terminate the transaction as specified in
Table 4.4Mandatory Data Objects for CDA
Tag
Value
'8F'
Certification Authority Public Key Index
'90'
Issuer Public Key Certificate
'92'
Issuer Public Key Remainder 4
'9F32'
Issuer Public Key Exponent
9F46'
ICC Public Key Certificate
'9F47'
ICC Public Key Exponent
'9F48'
ICC Public Key Remainder 4
4.3.13.2 The PayPass reader must retrieve the Certification Authority Public Key, the
Issuer Public Key and the ICC Public Key as described in Sections 6.2, 6.3 and
6.4 of [EMV BOOK 2] from the PayPass card data that was read in a previous step
(see Section 4.3.7).
4.3.13.3 If the ICC Public Key is not retrieved successfully, then the PayPass reader must
4.3.13.4 Using the retrieved ICC Public Key in conjunction with the corresponding
algorithm, the PayPass reader must verify the SDAD and recover the AC as
described in Section 6.6.2 of [EMV BOOK 2].
4.3.13.5 If the SDAD is not successfully verified, then CDA has failed. The PayPass
The Issuer Public Key Remainder or the ICC Public Key Remainder could be absent when the public key
modulus can be recovered in its entirety from the public key certificate.
2008 MasterCard
39

4.3.14 Static Data Authentication

When the method of offline data authentication used is SDA, the PayPass reader retrieves
the Issuer Public Key and verifies the SSAD returned by the PayPass card during the Read
M/Chip Application Data function (Section 4.3.7).
4.3.14.1 The PayPass reader must verify that all mandatory data objects for performing
SDA have been returned from the PayPass card (refer to Table 4.5). If this is not
the case, then the PayPass reader must terminate the transaction as specified in
Table 4.5Mandatory Data Objects for SDA
Tag
Value
'8F'
'90'
Issuer Public Key Certificate
'92'
Issuer Public Key Remainder 5
'9F32'
Issuer Public Key Exponent
'93'
Signed Static Application Data
4.3.14.2 The PayPass reader must perform SDA by retrieving the Certification Authority
Public Key and Issuer Public Key and then verifying the SSAD as described in
Section 5 of [EMV BOOK 2].
4.3.14.3 If SDA is not successful, the PayPass reader must terminate the transaction as
4.3.15 Completion
With the Completion function, the PayPass reader prepares the data objects to be returned
to the terminal. The PayPass reader ends the Completion processing as described in
Section 9.5 ("Removal") of [EMVCLPRO], and hands over control to the terminal.
4.3.15.1 The PayPass reader must indicate to the terminal the outcome of its transaction
processing by means of the Transaction Outcome.
4.3.15.2 If a PayPass M/Chip transaction is performed, then the PayPass reader must
indicate to the terminal the outcome of the M/Chip CVM Selection function by
means of the Transaction CVM.
The Issuer Public Key Remainder could be absent when the public key modulus can be recovered in its
entirety from the public key certificate.
40
2008 MasterCard

4.3.15.3 If the Transaction Outcome is "Online Request" or "Approved", the PayPass

reader must provide a Data Record to the terminal containing the necessary
elements for authorization and clearing. The data objects required will depend on
the transaction profile.
The Data Record that the PayPass reader must return for a PayPass M/Chip
transaction is as shown in Table 4.6. The Data Record that the PayPass reader
must return for a PayPass Mag Stripe transaction is as shown in Table 4.7.
Data objects whose presence is listed as conditional (C) must be present in the
Data Record if they are present on the card.
Table 4.6Data Record Detail for PayPass M/Chip
Tag
Data Object
Presence
'57'
Track 2 Equivalent Data
'9F6E'
PayPass Third Party Data
'84'
DF Name
'50'
Application Label
'9F12'
'9F11'
'9F26'
AC
'9F27'
CID
'9F10'
IAD
'9F36'
ATC
M
6
'95'
TVR
'9F37'
UN
'5F2A'
Transaction Currency Code
'9C'
Transaction Type
'9A'
Transaction Date
'9F02'
Transaction Amount
'9F1A'
Terminal Country Code
'9F34'
CVM Results
'82'
AIP
The TVR as sent to the PayPass card by the PayPass reader in the GENERATE AC command.
2008 MasterCard
41

Table 4.7Data Record Detail for PayPass Mag Stripe
Tag
Data Object
Presence
'9F6B'
Track 2 Data
'56'
Track 1 Data
C
7
DDCARD,TRACK1
DDCARD,TRACK27
C
M
'9F6E'
PayPass Third Party Data
'84'
DF Name
'50'
Application Label
'9F12'
'9F11'
The format of the Data Record is implementation dependent. If the PayPass reader uses the TLV format, then
implementation specific values may be used for the tags of DDCARD,TRACK1 and DDCARD,TRACK2.
42
2008 MasterCard
Data Object Handling

Data Object Format

This chapter defines the data object handling for the PayPass reader.
5.1
Data Object Format

Data objects moved from the card to the PayPass reader are encapsulated in TLV encoded
data objects. Data objects moved from the PayPass reader to the card are identified by a
DOL sent to the PayPass reader by the card or by the definition of the command message.
Data objects that have the numeric (n) format are BCD encoded, right justified with leading
hexadecimal zeros. Data objects that have the compressed numeric (cn) format are BCD
encoded, left justified and padded with trailing 'F's. Note that the length indicator in the
numeric and compressed numeric format notations (e.g. n 4) specifies the number of digits
and not the number of bytes.
Data objects that have the alphanumeric (an) or alphanumeric special (ans) format are
ASCII encoded, left justified and padded with trailing hexadecimal zeros.
5.2
5.1.1.1
When moving data from one entity to another (for example card to PayPass
reader) or when concatenating data, the data must always be passed in decreasing
order, regardless of how it is stored internally. The leftmost byte (byte 1) is the
most significant byte.
5.1.1.2
Bytes or bits specified as Reserved for Future Use (RFU) must be set to the value
indicated, or to zero if no value is given.
5.1.1.3
An entity receiving data specified as RFU must not examine or depend upon the
coding of these bytes or bits.
DOL Handling
To minimize processing in the card, the data field of the command messages is not TLV
encoded. The application in the card indicates the requested data, including format and
length, by sending a DOL to the PayPass reader. DOLs used in this specification include:
The PDOL used with the GET PROCESSING OPTIONS command
The CDOL1 used with the GENERATE AC command
The UDOL used with the COMPUTE CRYPTOGRAPHIC CHECKSUM command.
5.2.1.1
DOL Handling must be performed according to the rules specified in Section 5.4
of [EMV BOOK 3].
2008 MasterCard
43

Bitmaps Used in Discretionary Data
5.3
Bitmaps Used in Discretionary Data

PayPass uses bitmaps to indicate positions in the discretionary data field. These bitmaps
are used when the PayPass reader needs to put data into one of the discretionary data fields.
The bits indicate the positions into which certain data should be loaded.
Figure 5.1 indicates the numbering of the different positions in the discretionary data. In
this example there are m positions within the discretionary data field, labeled p1 to pm.
Figure 5.1Numbering of Positions within the Discretionary Data
Discretionary Data
pm
pm-1
pm-2
pm-3
p5
p4
p3
p2
p1
Each bit in the bitmap refers to a position in the discretionary data. The least significant bit
of the bitmap, i.e. the rightmost bit b1, corresponds to position p1; as indicated in Figure 5.2.
Figure 5.2Relation between Discretionary Data and Bitmap
Discretionary Data
br
br-1
br-2
bm+1
pm
pm-1 pm-2 pm-3
p5
p4
p3
p2
p1
bm
bm-1 bm-2 bm-3
b5
b4
b3
b2
b1
Bitmap
The bitmap is composed of a number of bytes, and therefore the number of bits in the
bitmap is always a multiple of 8. To accommodate all the positions in a field, the number of
bytes in the bitmap will normally contain more bits than the number of positions. If the
number of bits in the bitmap is denoted by q, then
q = (r+1)*8
where r is the integer quotient of (m-1)/8
For Track 2 Data mTRACK2 is a maximum of 13 digits, resulting in a bitmap of 16 bits or 2
bytes. For Track 1 Data the maximum value of mTRACK1 is 48 resulting in a bitmap of length
6 bytes or 48 bits.
An example is given in Figure 5.3, for mTRACK2=13, tTRACK2=2 and PUNATCTRACK2 = '031A',
referring to position p10p9p5p4p2. Based on this, kTRACK2 equals 5 and nUN equals 3.
Figure 5.3Example PUNATCTRACK2 = '031A'
Discretionary Data
p8
p7
p6
p5
p4
p3
p2
p1
b9
b8
b7
b6
b5
b4
b3
b2
b1
p13 p12 p11 p10 p9

0
b16
b15
b14
'0'
b13 b12 b11 b10

'3'
'1'
'A'
Bitmap = '031A'
44
2008 MasterCard

Data Object Management
5.4

This section describes the management of the data objects listed in Table A.1.
5.4.1.1
5.4.1.2
5.4.1.3
The following data objects must be unique to the PayPass reader and must be
configured independently of the AID.
IFD Serial Number
Terminal Country Code
Separate instances of the following data objects must be configured for each AID
supported by the PayPass reader.
Additional Terminal Capabilities
Application Version Number
Default UDOL (if PayPass Mag Stripe transactions supported for that AID)
Mag Stripe Application Version Number (if PayPass Mag Stripe

transactions supported for that AID)
Merchant Category Code
PayPass Mag Stripe Indicator
Terminal Action Codes
Terminal Type
Terminal Capabilities No CVM Required
Terminal Capabilities CVM Required
Terminal Contactless Transaction Limit
Terminal Contactless Floor Limit
Terminal CVM Required Limit
If the PayPass reader supports offline data authentication, it must be able to store
six CA Public Keys per RID and must associate with each such key the following
key-related information to be used with the key.
Certification Authority Public Key Check Sum
Certification Authority Public Key Exponent
Certification Authority Public Key Modulus
The PayPass reader must be able to locate any such key (and key-related
information) given the RID and Certification Authority Public Key Index provided
by the ICC.
5.4.1.4
The PayPass reader must support the following transaction related data objects of
which the value must be available before application activation.
2008 MasterCard
45

5.4.1.5
5.4.1.6
5.4.1.7
Amount Authorized (Binary)
Amount Authorized (Numeric)
Amount Other (Binary)
Amount Other (Numeric)
Transaction Category Code
Transaction Currency Code
Transaction Currency Exponent
Transaction Date
Transaction Time
Transaction Type
Separate instances of the following flags must be must be available for each AID.
Their values are set during application activation.
Terminal Contactless Transaction Limit Exceeded Flag
Terminal Contactless Floor Limit Exceeded Flag
Terminal CVM Required Limit Exceeded Flag
The PayPass reader must support the following transaction related data objects of
which the value is set during application activation and transaction processing.
Cardholder Verification Method (CVM) Results
DDCARD,TRACK1 and DDCARD,TRACK2
Terminal Capabilities
Terminal Verification Results
Transaction CVM
Transaction Outcome
Unpredictable Number
Unpredictable Number (Numeric)
Unless otherwise indicated (by the labels MSDA and MCDA), all card data objects
included in Table A.1 (i.e. data objects listed with source "Card") must be
supported by the PayPass reader. The PayPass reader must recognize the tag and
must be able to store the value of the data object if it is returned by the card.
Data objects with the label MSDA in the support column must be supported if the
PayPass reader supports SDA.
Data objects with the flag MCDA in the support column must be supported if the
PayPass reader supports CDA.
May be generated before application activation if the EMV Entry Point is used.
46
2008 MasterCard
Data Objects Dictionary
Annex A Data Objects Dictionary

This annex lists the data objects supported by the PayPass reader.
2008 MasterCard
47
Table A.1Data Objects Dictionary

Data Object Name Description
Source
Tag
Format,
Length (bytes)
Support
Additional Terminal
Capabilities
Indicates the data input and output capabilities of the terminal and PayPass
reader.
The Additional Terminal Capabilities is coded according to Annex A.3 of
[EMV BOOK 4].
Reader
'81'
b,
Amount, Authorized
(Binary)
Authorized amount of the transaction (excluding adjustments).
Reader
Amount, Authorized
(Numeric)
Authorized amount of the transaction (excluding adjustments).

This amount is expressed with implicit decimal point corresponding to the
minor unit of currency as defined by [ISO 4217] (e.g. the six bytes
'00 00 00 00 01 23' represent USD 1.23 when the currency code is '846').
Reader
Amount, Other
(Binary)
Secondary amount associated with the transaction representing a cash back

amount.
minor unit of currency as defined by [ISO 4217] (e.g. the four bytes
'00 00 00 7B' are the hexadecimal representation of the decimal number 123,
and represents EUR 1.23 when the currency code is '978').
Reader
Amount, Other
(Numeric)
Secondary amount associated with the transaction representing a cash back

amount.
minor unit of currency as defined by [ISO 4217] (e.g. the 6 bytes
'00 00 00 00 01 23' represent GBP 1.23 when the currency code is '826').
Reader
Application
Cryptogram
Cryptogram returned by the Card in response to the GENERATE AC command.
Card
'81'

minor unit of currency as defined by [ISO 4217] (e.g. the four bytes
'00 00 00 7B' are the hexadecimal representation of the decimal number 123
and represent GBP 1.23 when the currency code is '826').
48
b,
'9F02'
n 12,
'9F04'
b,
'9F03'
n 12,
'9F26'
b,
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Application Currency Indicates the currency in which the account is managed in accordance with
Code
[ISO 4217].
Card
'9F42'
n 3,
Application Currency Indicates the implied position of the decimal point from the right of the
Exponent
amount represented in accordance with [ISO 4217].
The decimal point location of amounts expressed in the currency code
specified in the Application Currency Code.
Card
Application Effective Date from which the application may be used.

Date
The date is expressed in the YYMMDD format. For MasterCard branded
applications if the value of YY ranges from '00' to '49' the date reads
20YYMMDD. If the value of YY ranges from '50' to '99', the date reads
19YYMMDD.
Card
Application
Expiration Date
Card
Date after which application expires.

The date is expressed in the YYMMDD format. For MasterCard applications,
if the value of YY ranges from '00' to '49' the date reads 20YYMMDD. If the
value of YY ranges from '50' to '99' the date reads 19YYMMDD.
2008 MasterCard
2
'9F44'
n 1,
'5F25'
n 6 (YYMMDD),
'5F24'
n 6 (YYMMDD),
49
Source
Tag
Format,
Length (bytes)
Support
Application File
Locator (AFL)
Card
'94'
var.,
Indicates the location (SFI range of records) of the Application Elementary

Files associated with a particular AID, and read by the terminal during a
transaction.
The AFL is a list of entries of 4 bytes each. Each entry codes an SFI and a
range of records as follows:
The five most significant bits of the first byte indicate the SFI.
The second byte indicates the first (or only) record number to be read for
that SFI.
The third byte indicates the last record number to be read for that SFI.
When the third byte is greater than the second byte, all the records
ranging from the record number in the second byte to and including the
record number in the third byte must be read for that SFI. When the third
byte is equal to the second byte, only the record number coded in the
second byte must be read for that SFI.
The fourth byte indicates the number of records involved in offline data
authentication starting with the record number coded in the second byte.
The fourth byte may range from zero to the value of the third byte less the
value of the second byte plus 1.
Application Identifier Identifies the application as described in [ISO/IEC 7816-5].

(AID)
50
var. up to 252
Card
'4F'
b,
Reader
'9F06'
5-16
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Application
Interchange Profile
Card
'82'
b,
Indicates the capabilities of the card to support specific functions in the

application.
The AIP is returned in the response message of the GET PROCESSING OPTIONS.
It is coded as specified in Annex C.1 of [EMV BOOK 3]. This specification
extends the definition by allocating the RFU bit b8 in byte 2 to indicate the
PayPass profile supported (M/Chip profile or Mag Stripe profile).
Byte 2 of the AIP for PayPass transactions is therefore as specified here:
b8
Application Label
b7
b6
b5
b4
b3
b2
b1
Meaning
PayPass profile
M/Chip profile is supported
Only Mag Stripe profile

supported
x
RFU
Other values RFU
Name associated with the AID, in accordance with [ISO/IEC 7816-5].
Card
'50'
ans,
1-16
Application
Preferred Name
Preferred name associated with the AID (e.g. a domestic debit brand name).
Application Primary
Account Number
(PAN)
Valid cardholder account number.
Application Primary
Account Number
(PAN) Sequence
Number
Identifies and differentiates cards with the same Application PAN.
Application Priority
Indicator
Indicates the priority of a given application or group of applications in a

directory.
Card
'9F12'
ans,
1-16
Card
'5A'
cn var. up to 19,
var. up to 10
Card
'5F34'
n 2,
2008 MasterCard
Card
'87'
b,
51
Source
Tag
Format,
Length (bytes)
Support
Application Template Contains one or more data objects relevant to an application directory entry, in
according with [ISO/IEC 7816-5].
Card
'61'
b,
Application
Counter maintained by the application in the card (incrementing the ATC is
Transaction Counter managed by the card).
(ATC)
Card
Application Usage
Control
Indicates issuer's specified restrictions on the geographic use and services

allowed for the application.
The Application Usage Control is coded as specified in Annex C.2 of [EMV
BOOK 3].
Card
Application Version
Number
Version number assigned by the payment system for the application.
Card
var. up to 252
'9F36'
b,
2
'9F07'
b,
'9F08'
b,
2
Reader
'9F09'
b,
2
Card Risk
Management Data
Object List 1
(CDOL1)
A data object in the card that provides the reader with a list of data objects that
must be passed to the card in the first GENERATE AC command.
Card
Cardholder
Verification Method
(CVM) List
Identifies the methods of verification of the cardholder supported by the

application.
The CVM List is coded as specified in Annex C.3 of [EMV BOOK 3].
Card
Cardholder
Verification Method
(CVM) Results
Indicates the results of the last CVM performed.

The CVM Results are coded as specified in Annex A.4 of [EMV BOOK 4].
Reader
52
b,
var. up to 252
'8E'
b,
var. up to 252
Certification
A check value calculated on the concatenation of all parts of the Certification
Authority Public Key Authority Public Key (RID, Certification Authority Public Key Index,
Check Sum
Certification Authority Public Key Modulus, Certification Authority Public
Key Exponent) using SHA-1.
'8C'
'9F34'
b,
3
Reader
b,
MSDA,CDA
20
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Certification
Value of the exponent part of the Certification Authority Public Key.
Authority Public Key
Exponent
Reader
b,
MSDA,CDA
Certification
Identifies the certification authority's public key in conjunction with the RID.
Index
Card
'8F'
Reader
'9F22'
1 or 3
MSDA,CDA
b,
1
MSDA,CDA
b,
1
Certification
Value of the modulus part of the Certification Authority Public Key.
Modulus
Reader
Command Template
Reader
Identifies the data fields of a command message.
MSDA,CDA
b,
NCA (up to 248)
'83'
b,
var.
Cryptogram
Information Data
Indicates the type of cryptogram and the actions to be performed by the

terminal
Card
CVC3TRACK1
The CVC3TRACK1 is a 2-byte cryptogram returned by the card in the response to

the COMPUTE CRYPTOGRAPHIC CHECKSUM command.
Card
The CVC3TRACK2 is a 2-byte cryptogram returned by the card in the response to

the COMPUTE CRYPTOGRAPHIC CHECKSUM command.
Card
Data Authentication
Code (DAC)
An issuer-assigned value that is retained by the terminal during the

verification process of the Signed Static Application Data.
Card
DDCARD,TRACK1
If Track 1 Data is present, then DDCARD,TRACK1 contains a copy of the

discretionary data field of Track 1 Data as returned by the card in the file read
using the READ RECORD command during a PayPass Mag Stripe transaction
(i.e. without UN (Numeric), ATC, CVC3TRACK1 and nUN included).
Reader
CVC3TRACK2
2008 MasterCard
'9F27'
b,
1
'9F60'
b,
2
'9F61'
b,
2
'9F45'
MSDA
b,
2
ans,
var. up to 56
53
Source
Tag
Format,
Length (bytes)
Support
DDCARD,TRACK2 contains a copy of the discretionary data field of Track 2 Data

as returned by the card in the file read using the READ RECORD command
during a PayPass Mag Stripe transaction (i.e. without UN (Numeric), ATC,
CVC3TRACK2 and nUN included).
Reader
ans,
Dedicated File (DF)

Name
Identifies the name of the DF, as described in [ISO/IEC 7816-4].
Card
Default UDOL
The Default UDOL is the UDOL to be used for constructing the value field of
the COMPUTE CRYPTOGRAPHIC CHECKSUM command if the UDOL in the card
is not present. The Default UDOL must always be present and must contain
as its only entry the tag and length of the UN (Numeric).
DDCARD,TRACK2
var. up to 8 bytes
'84'
b,
5-16
Reader
b,
The value of the Default UDOL must be: '9F6A04'.

File Control
Information (FCI)
Issuer Discretionary
Data
Issuer discretionary part of the FCI.
Card
var.
var. up to 222
File Control
Identifies the data object proprietary to this specification in the FCI template,
Information (FCI)
in accordance with [ISO/IEC 7816-4].
Proprietary Template
Card
File Control
Information (FCI)
Template
Card
Identifies the FCI template, in accordance with [ISO/IEC 7816-4].
'A5'
var.,
var.
'6F'
var.,
var. up to 252
Integrated Circuit
Time-variant number generated by the card, to be captured by the reader.
Card (ICC) Dynamic
Number
Card
Integrated Circuit
Card (ICC) Public
Key Certificate
ICC Public Key certified by the issuer.
Card
Integrated Circuit
Card (ICC) Public
Key Exponent
Exponent used for the verification of the Signed Dynamic Application Data.
'9F4C'
b,
MCDA
8
'9F46'
b,
MCDA
NI
54
'BF0C'
Card
'9F47'
b,
MCDA
1 or 3
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Integrated Circuit
Card (ICC) Public
Key Remainder
Card
'9F48'
b,
MCDA
Remaining digits of the ICC Public Key Modulus.
NIC-NI + 42
Interface Device
Unique and permanent serial number assigned to the IFD by the manufacturer.
(IFD) Serial Number
Reader
Issuer Action Code Specifies the issuer's conditions that cause a transaction to be rejected if it
Default
might have been approved online, but the terminal was unable to process the
transaction online.
Card
Issuer Action Code Specifies the issuer's conditions that cause the denial of a transaction without
Denial
attempt to go online.
Card
Issuer Action Code Specifies the issuer's conditions that cause a transaction to be transmitted
Online
online.
Card
Issuer Application
Data
Contains proprietary application data for transmission to the issuer in an

online transaction.
Card
Issuer Code Table

Index
Indicates the code table, in accordance with [ISO 8859], for displaying the
Application Preferred Name.
The Issuer Code Table Index is coded as specified in Annex C.4 of [EMV
BOOK 3].
Card
Issuer Country Code Indicates the country of the issuer, in accordance with [ISO 3166-1].
'9F1E'
an,
8
'9F0D'
b,
5
'9F0E'
b,
5
'9F0F'
b,
5
'9F10'
b,
var. up to 32
'9F11'
n 2,
Card
'5F28'
n 3,
2
Issuer Public Key
Certificate
Issuer public key certified by a certification authority.
Issuer Public Key

Exponent
Exponent used for the verification of the Signed Static Application Data.
Issuer Public Key

Remainder
Remaining digits of the Issuer Public Key Modulus.
Card
'90'
MSDA,CDA
b,
NCA
Card
'9F32'
MSDA,CDA
b,
1 or 3
2008 MasterCard
Card
'92'
MSDA,CDA
b,
NI - NCA + 36
55
Source
Tag
Format,
Length (bytes)
Support
Language Preference 1-4 languages stored in order of preference, each represented by two
alphabetical characters, in accordance with [ISO 639].
Card
'5F2D'
an,
Mag Stripe
Application Version
Number
Card
2-8
Version number assigned by the payment system for the specific PayPass
Mag Stripe functionality of the application.
'9F6C'
b,
2
Reader
'9F6D'
2
Merchant Category
Code
Classifies the type of business being done by the merchant, represented in

accordance with [ISO 8583:1993] for Card Acceptor Business Code.
Reader
PayPass Mag
Stripe Indicator
Indicates for each AID whether the PayPass Mag Stripe profile is supported
or not by the PayPass reader. Its value is implementation specific.
Reader
Implementation
specific
Card
'9F6E'
b,
PayPass Third Party The PayPass Third Party Data contains proprietary information from a third
Data
party. If present, the PayPass Third Party Data must be present in a file read
using the READ RECORD command.
The value field of the PayPass Third Party Data is not interpreted by the
PayPass reader.
The value field must be coded with the following sub-fields, in the order
shown:
Sub-field
Format
Country Code according to [ISO 3166-1]
n 3, 2 bytes
Unique identifier assigned by MasterCard
b, 2 bytes
Proprietary data
b, 1 to 28 bytes
5-32
Contains a list of resident data objects (tags and lengths) resident in the reader
that are needed by the card in processing the GET PROCESSING OPTIONS
command.
Card
Response Message
Template Format 1
Contains the data objects (without tags and lengths) returned by the card in
response to a command.
Card
56
n 4,
2
Processing Options
Data Object List
(PDOL)
'9F15'
'9F38'
b,
var.
'80'
var.,
var.
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Response Message
Template Format 2
Contains the data objects (with tags and lengths) returned by the card in
response to a command.
Card
'77'
var.
Service Code
Service code as defined in Track 1 Data and Track 2 Data.
Card
var.
'5F30'
n 3,
2
Signed Dynamic
Application Data
Digital signature on critical application parameters for CDA.
Signed Static
Application Data
Digital signature on critical application parameters for SDA.
Static Data
Authentication Tag
List
List of tags of primitive data objects defined in this specification for which the
value fields must be included in the Signed Static or Dynamic Application
Data.
Card
Terminal Action
Code Default
Specifies the acquirer's conditions that cause a transaction to be rejected if it

might have been approved online, but the terminal is unable to process the
transaction online.
Reader
Terminal Action
Code Denial
Specifies the acquirer's conditions that cause the denial of a transaction

without attempt to go online.
Reader
Terminal Action
Code Online
Specifies the acquirer's conditions that cause a transaction to be transmitted

online.
Reader
Terminal
Capabilities
Indicates the card data input, CVM, and security capabilities of the terminal
and PayPass reader. This data element is instantiated with values depending
on the transaction amount.
Reader
Card
'9F4B'
MCDA
b,
NIC
Card
'93'
MSDA
b,
NI
'9F4A'
var.
-
b,
5
-
b,
5
-
b,
5
'9F33'
b,
The Terminal Capabilities is coded according to Annex A.2 of

[EMV BOOK 4].
Terminal
Capabilities CVM
Required
and PayPass reader when the transaction amount is greater than or equal to
the Terminal CVM Required Limit.
The Terminal Capabilities CVM Required is coded according to Annex A.2
of [EMV BOOK 4].
2008 MasterCard
Reader
b,
57
Source
Tag
Format,
Length (bytes)
Support
Terminal
Capabilities No
CVM Required
Reader
b,
and PayPass reader when the transaction amount is below the Terminal CVM
Required Limit.
The Terminal Capabilities No CVM Required is coded according to
Annex A.2 of [EMV BOOK 4].
Terminal Contactless Indicates the transaction amount limit for the related AID above which
Floor Limit
PayPass transactions must be authorized online.
Reader
Terminal Contactless Indicates the transaction amount limit for the related AID above which the
Transaction Limit
selection of the AID on the card is not allowed.
Reader
Terminal CVM
Required Limit
Reader
n 12,
Specifies the transaction amount limit for the related AID at or below which
the reader must set "No CVM" to be its only supported verification method.
n 12,
6
-
n 12,
Terminal Contactless Indicates for the related AID if the Terminal Contactless Floor Limit is
Floor Limit Exceeded exceeded.
Flag
Reader
Implementation
specific
Terminal Contactless Indicates for the related AID if the Terminal Contactless Transaction Limit is
Transaction Limit
exceeded.
Exceeded Flag
Reader
Implementation
specific
Terminal CVM
Required Limit
Exceeded Flag
Indicates for the related AID if the Terminal CVM Required Limit is exceeded.
Reader
Implementation
specific
Terminal Country
Code
Indicates the country of the terminal, represented in accordance with

[ISO 3166-1].
Reader
'9F1A'
n 3,
Terminal Type
Indicates the environment of the terminal, its communications capability, and

its operational control.
The Terminal Type is coded according to Annex A.1 of [EMV BOOK 4].
Reader
Terminal Verification Status of the different functions from the terminal perspective.
Results
The Terminal Verification Results is coded according to Annex C.5 of [EMV
BOOK 3].
Reader
58
2
'9F35'
n 2,
1
'95'
b,
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Track 1 Bitmap for

CVC3
(PCVC3TRACK1)
PCVC3TRACK1 indicates to the PayPass reader the positions in the discretionary

data field of the Track 1 Data where the qTRACK1 CVC3TRACK1 digits have to be
copied.
Card
'9F62'
b,
Track 1 Bitmap for

UN and ATC
(PUNATCTRACK1)
PUNATCTRACK1 indicates to the PayPass reader the positions in the

discretionary data field of the Track 1 Data where the nUN UN (Numeric)
digits and tTRACK1 ATC digits have to be copied.
Card
Track 1 Data
Track 1 Data contains the data objects of the track 1 according to

[ISO/IEC 7813] Structure B, excluding start sentinel, end sentinel and LRC.
It is described as follows:
Card
Sub-field
Format
Format Code ('42' (B))
1 byte
Identification Number (PAN)
var. up to 19 bytes
Field Separator ('5E' (^))
1 byte
Name (see ISO/IEC 7813)
2 to 26 bytes
Field Separator ('5E' (^))
1 byte
Expiry Date (YYMM)
4 bytes
Service Code
3 bytes
Discretionary Data
balance of available bytes
6
'9F63'
b,
6
'56'
ans,
var. up to 76
The Track 1 Data may be present in the file read using the READ RECORD
command during a PayPass Mag Stripe transaction. The PayPass reader
copies the required digits of the UN (Numeric), CVC3TRACK1, ATC and nUN into
the discretionary data field of the Track 1 Data and stores the modified Track
1 Data in the Data Record to be sent to the terminal.
Track 1
Discretionary Data
Discretionary part of track 1 according to [ISO/IEC 7813].
2008 MasterCard
Card
'9F1F'
ans,
var.
59
Source
Tag
Format,
Length (bytes)
Support
Track 1 Number of
ATC Digits
(NATCTRACK1)
The value of NATCTRACK1 represents the number of digits of the ATC to be

included in the discretionary data field of the Track 1 Data.
Card
'9F64'
b,
Track 2 Bitmap for

CVC3
(PCVC3TRACK2)
PCVC3TRACK2 indicates to the PayPass reader the positions in the discretionary

data field of the Track 2 Data where the qTRACK2 CVC3TRACK2 digits have to be
copied.
Card
Track 2 Bitmap for

UN and ATC
(PUNATCTRACK2)
PUNATCTRACK2 indicates to the PayPass reader the positions in the

discretionary data field of the Track 2 Data where the nUN UN (Numeric)
digits and tTRACK2 ATC digits have to be copied.
Card
Track 2 Data
Track 2 Data contains the data objects of the track 2 according to

[ISO/IEC 7813], excluding start sentinel, end sentinel and LRC. It is
described as follows:
Card
1
'9F65'
b,
2
'9F66'
b,
2
'9F6B'
b,
var. up to 19
Sub-field
Format
Identification Number (PAN)
n, var. up to 19 digits
Field Separator ('D')
Expiry Date (YYMM)
n 4
Service Code
n 3
Discretionary Data
n, balance of available digits
Padded with 'F' to ensure whole bytes.
The Track 2 Data is present in the file read using the READ RECORD command
during a PayPass Mag Stripe transaction. The PayPass reader copies the
required digits of the UN (Numeric), CVC3TRACK2, ATC and nUN into the
discretionary data field of the Track 2 Data and stores the modified Track 2
Data in the Data Record to be sent to the terminal.
Track 2
Discretionary Data
Discretionary part of track 2 according to [ISO/IEC 7813].
60
Card
'9F20'
cn var.,
var.
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Track 2 Equivalent
Data
Card
'57'
b,
Contains the data objects of the track 2, in accordance with [ISO/IEC 7813],
excluding start sentinel, end sentinel, and LRC as follows:
Sub-field
Format
Primary Account Number
n, var. up to 19 digits
Field Separator ('D')
Expiration Date (YYMM)
n, 4
Service Code
n, 3
Discretionary Data
n, var.
Padded with 'F' if needed to ensure whole bytes.
var. up to 19
Track 2 Number of
ATC Digits
(NATCTRACK2)
The value of NATCTRACK2 represents the number of digits of the ATC to be

included in the discretionary data field of the Track 2 Data.
Card
Transaction
Category Code
This is a data object defined by MasterCard which indicates the type of

transaction being performed, and which may be used in Card Risk
Management.
Reader
Transaction
Currency Code
Indicates the currency code of the transaction, in accordance with [ISO 4217].
Reader
Transaction
Currency Exponent
Indicates the implied position of the decimal point from the right of the
transaction amount represented, in accordance with [ISO 4217].
Reader
Transaction CVM
Data object used to indicate to the terminal the outcome of the CVM Selection
function. Possible values are:
No CVM
Signature
Online PIN
The coding of the value is implementation specific.
Reader
'9F67'
b,
1
'9F53'
an,
1
'5F2A'
n 3,
2008 MasterCard
'5F36'
n 1,
1
-
Implementation
specific
61
Source
Tag
Format,
Length (bytes)
Support
Transaction Date
Reader
'9A'
n 6 (YYMMDD),
Local date that the transaction was authorized.
3
Transaction Outcome Data object used to indicate to the terminal the outcome of the transaction
processing. Possible values are:
Reader
Implementation
specific
Reader
'9F21'
n 6 (HHMMSS),
Approved
The PayPass reader is satisfied that the transaction is

acceptable with the selected card application and wants
the transaction to be offline approved.
Online Request The PayPass reader has found that the transaction
requires an online authorization.
Declined
The PayPass reader has found that the transaction is not
acceptable with the selected card application and wants
the transaction to be offline declined.
Try Another
The PayPass reader is unable to complete the transaction
Interface
with the selected card application, but knows that another
interface (e.g. contact or magnetic-stripe) may be
available.
End Application The PayPass reader experienced an application error (e.g.
missing data)
The coding of the value is implementation specific.

Transaction Time
Local time that the transaction was authorized.
3
Transaction Type
Unpredictable
Number
Indicates the type of financial transaction, represented by the first two digits of
[ISO 8583:1987] Processing Code.
Reader
Value to provide variability and uniqueness to the generation of a cryptogram

during a PayPass M/Chip transaction.
Reader
62
'9C'
n 2,
1
'9F37'
b,
2008 MasterCard
Source
Tag
Format,
Length (bytes)
Support
Unpredictable
The UDOL is the DOL that specifies the data objects to be included in the data
Number Data Object field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command. The UDOL
must at least include the UN (Numeric). The UDOL is not mandatory for the
List (UDOL)
card. There will always be a Default UDOL, including as its only entry the
tag and length of the UN (Numeric) (tag '9F6A').
Card
'9F69'
b,
Unpredictable
Number (Numeric)
Reader
Unpredictable number generated by the PayPass reader during a PayPass

Mag Stripe Transaction. The UN (Numeric) is passed to the card in the data
field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command.
The (8-nUN) most significant digits must be set to zero.
var.
'9F6A'
n,
Legend:
MSDA
This data object is mandatory if the PayPass reader supports SDA.
MCDA
This data object is mandatory if the PayPass reader supports CDA.
2008 MasterCard
63
*** End of Document ***
64
2008 MasterCard

PayPass MChip Reader Card Application Interface Specification V2 0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PayPass MChip Reader Card Application Interface Specification V2 0

Uploaded by

Copyright:

Available Formats

PayPass M/Chip

Reader Card Application Interface

Version 2.0 September 2008

The information contained in this document is proprietary and

Trademark notices and symbols used in this manual reflect the

This document is available in both electronic and printed format.

Version 2.0 September 2008