Professional Documents
Culture Documents
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Disclaimer 2
This D-PAS: U.S. Chip Terminal Guide (this “Guide”) provides guidelines to assist Merchants and Value
Added Resellers (VARs), including, but not limited to, Independent Software Vendors (ISVs) and
Payment Gateways, in meeting chip card point-of-sale (POS) terminal requirements that are specific to
the U.S. market when accepting Discover Network and its partners’ chip card products. This guide is
®
subject to change by Discover at any time without notice to any party. Neither this Guide nor any other
document or communication creates any binding obligations upon Discover or any third party regarding
testing services or Discover approval, which obligations will exist, if at all, pursuant to separate written
agreements executed by Discover and such third parties.
This Guide is provided “AS IS”, “WHERE IS” and “WITH ALL FAULTS”. Neither Discover, nor Diners Club
®
International (DCI), nor any of their affiliates, subsidiaries, directors, officers or employees (collectively,
the “Discover Parties”) assume or accept any liability for any errors or omissions contained in the Guide.
The Discover parties specifically disclaim and make no representations or warranties of any kind, express
or implied, with respect to this Guide. The Discover parties disclaim all representations and warranties,
including the implied warranties of Merchants’ ability and fitness for a particular purpose. The Discover
parties further specifically disclaim all representations and warranties with respect to intellectual property
subsisting in or relating to the Guide or any part thereof, including but not limited to any and all implied
warranties of title, non-infringement or suitability for any purpose (whether or not the Discover parties
have been advised, have reason to know or are otherwise in fact aware of any information).
The contents of this Guide are proprietary and constitute trade secrets of Discover. This Guide is
provided to Participants of the Discover and DCI Networks and their authorized Partners for their
exclusive use and shall not be reproduced, published or otherwise disclosed, in whole or in part, to any
party outside Discover without the prior written consent of Discover.
®
DFS Services LLC, Discover means our officers, directors and employees as well as the network,
systems and processes, including hardware, software and personnel maintained by us to support card
issuance and card acceptance programs operated by Issuers, Merchants and Acquirers for the benefit of
Cardholders and Merchants, respectively; or, where used to describe products, enhancements or
services, means the consumer-facing brand of Discover.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
What’s Inside 3
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 1: Getting to Know D-PAS in the U.S. 4
1.1 Introduction
®
The Discover D-Payment Application Specification (D-PAS) is an EMV-compliant smart card payment
solution for contact, contactless and mobile payments. Discover supports and conforms to current EMV
standards, enabling easy implementation and integration of the D-PAS solution.
* The United States of America, includes fifty States, the District of Columbia and all other U.S. territories,
Protectorates, and non-domestic U.S. military bases including American Samoa, Federated States of
Micronesia, Guam, Marshall Islands, Northern Mariana Islands, Palau, Puerto Rico and the U.S.
Virgin Islands.
1.4 References
1
Title Source Reference
Discover Contact and Contactless D-PAS: Terminal Requirements 1 DFS D-PAS: US DB TA, v 1.0
for U.S. Debit Cards Technical Addendum
Terminal Requirements for JCB J/Smart™ Cards 1 DN CT D-PAS: JCB JS TA, v 1.0
Technical Addendum
Discover Contact EMV: Terminal Requirements for UnionPay 1 UnionPay UICS TA v 1.0
Contact Chip Cards Technical Addendum
Discover Contact D-PAS: Discover Quick Chip DN.com DFS CT D-PAS QC v 2.0
Implementation Guide v2.0 (July 12, 2016)
EMVCo emvco.com
U.S. Payments Forum http://www.uspaymentsforum.org/
1
Source: 1 means references can be provided upon request to IntegratedPayments@Discover.com.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 2: Understanding Chip Card Transactions 5
PULSE’s liability shift date for ATM transactions on Discover / PULSE EMV contact cards at U.S.
terminals will be effective October 1, 2017. After this date, ATM Acquirers will be financially liable for
counterfeit card fraud if a contact EMV card is presented at an ATM that is not EMV enabled. To ensure
simple and consistent dispute management for PULSE participants, PULSE has chosen ATM liability shift
dates for PULSE cards that are consistent with the signature brand on the card.
The switch to EMV is vital to prevent payment fraud, and Discover is here to help. Our resources and
EMV best practices accelerate EMV certification, maximize Cardholder security and drive Merchant
profitability. For more information, visit DiscoverNetwork.com/Chip-Card or contact
IntegratedPayments@Discover.com.
Merchant or Acquirer2
2 ®
Liability is transferred to the party with the direct relationship with Discover . As of date of publication of this guide, the EMV Fraud
Liability Shift is in effect for contact chip transactions only.
3
The Discover Network policy is scheduled to go into effect in October 2020 for automated fuel dispensers (AFD).
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 2: Understanding Chip Card Transactions 6
Chip cards still have a magnetic stripe on the back of the card to permit processing transactions at
locations without EMV-enabled terminals and fallback processing in the event of a chip failure.
Note: Discover Zip is a contactless payment solution deployed in the U.S. (Discover Zip cards and
payment devices should be accepted wherever contactless payments are enabled.)
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 2: Understanding Chip Card Transactions 7
• The EMVCo Contactless Indicator, shown below, is used on Contactless Cards and Contactless
Payment Devices such as key fobs.
• The EMVCo Contactless Symbol, shown below, is used on contactless terminals and may also be
used in marketing materials.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 2: Understanding Chip Card Transactions 8
The following table lists the differences between chip card and magnetic stripe card transactions.
Multiple card authentication methods. Basic level of authentication including Card Verification
Value (CVV).
Multiple Cardholder verification methods supported, Visual Cardholder verification (request of ID, check
including use of offline and online Personal Identification signature panel).
Number (PIN).
Issuer and Acquirer / Processor establishes and manages Issuer manages most risk parameters.
risk parameters.
Secure offline authorization if supported by the terminal and Offline authorization possible but risky as the authenticity of
network, and approved by the card. the card cannot be confirmed.
Use of dynamic data prevents cloning. Use of static data that can be easily copied.
Added level of security of chip cards and chip-enabled Magnetic stripe cards and terminals are susceptible to
terminals prevents counterfeit fraud. Use of PIN reduces counterfeit fraud.
fraud from lost and stolen cards.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 2: Understanding Chip Card Transactions 9
The diagrams below provide an overview of the D-PAS transaction process for contact and
contactless transactions.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 2: Understanding Chip Card Transactions 10
Step Contact Chip and PIN Transaction Contact Chip and Signature Transaction
1 The Cardholder inserts the contact chip card into the The Cardholder inserts the contact chip card into the
terminal / reader. terminal / reader.
2 The transaction amount is displayed on the The transaction amount is displayed on the
terminal / reader. terminal / reader.
The cardholder validates the amount The Cardholder validates the amount.
The terminal reader prompts the Cardholder to
enter PIN.
3 The Cardholder enters PIN on the terminal or PIN pad. The Merchant terminal processes the purchase
The PIN is displayed as ********. transaction offline or online, depending on the purchase
Note: PIN “Merchants / Acquirers must support up to amount, card and terminal parameters.
8-digit PIN.
4 • If offline PIN, terminal sends PIN to chip card, The Merchant terminal displays to the Cardholder
chip card validates PIN and provides response back the results of the validation as either “Approved”
to terminal. or “Declined”.
• If online PIN, terminal sends encrypted PIN to Issuer.
Issuer returns authorization response to terminal.
The Merchant terminal validates the PIN and provides
Cardholder with the results of the validation.
5 The Merchant terminal processes the purchase For an approved transaction, the Merchant terminal
transaction offline or online, depending on the purchase prints a transaction receipt or creates a digital version.
amount, and card and terminal parameters.
6 On successful processing, the Merchant terminal The terminal instructs the Cardholder to remove the
displays “Approved” or “Declined”. chip card.
7 For an approved transaction, the Merchant terminal can The Cardholder signs the transaction receipt or digital
print a transaction receipt if requested, or email an version that can be emailed to cardholder.
electronic copy.
8 The terminal instructs the Cardholder to remove the
chip card.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 2: Understanding Chip Card Transactions 11
This description may differ depending on the contactless POS terminal and reader model.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 12
Note: Terminals that always use a fixed transaction amount (such as vending machines) do not perform
risk management checks. If you have any questions contact your Acquirer / Processor.
For the U.S. Common Debit AID, Merchants and Acquirers may have proprietary software installed on
POS devices to manage the selection of the Common AID over the proprietary / global AIDs–the specifics
of which are outside the scope of this document.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 13
Below is a list of AIDs for the Discover Network and its partners that must be supported in terminals used
by Merchants and VARs in the United States:
3.4 Offline Data Authentication (ODA) (Step 4 for Contact and Contactless D-PAS)
In this step, the terminal ensures that:
• The chip card has not been altered since its personalization.
• The data on the chip card was created by the authentic Issuer.
ODA must be implemented on all terminals/readers that support offline authorized transactions.
For contact D-PAS, depending on the capabilities of the chip card and the terminal, the terminal may
perform one of the following Offline Data Authentication (ODA) methods:
• Static Data Authentication (SDA)
• Dynamic Data Authentication (DDA)
• Combined DDA (CDA)
Note: CDA is the most secure method while SDA is a less secure method that will eventually
be phased out.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 14
For contactless D-PAS, CDA is the only method that may be performed.
Offline data validation of the card is performed using encryption keys. A key is a numeric value that is
used as part of a mathematical operation to encrypt or decrypt data. To perform offline data
authentication, terminals must be loaded with DFS Certification Authority Public Keys (CA PKs), JCB CA
PKs and UnionPay CA PKs. Acquirers and Merchants are responsible for registering, managing and
updating keys provided by Discover Network.
®
Please note that both the D-PAS proprietary AID and the Discover Debit U.S. Common AID use the
same DFS CA PKs. See Appendix A for DFS Test Payment System Public Keys.
DFS Production Payment System Public Keys and J/Smart and UICS Test and Production Keys can be
requested from IntegratedPayments@Discover.com. A Non-Disclosure Agreement (NDA) may
be required.
Important: Do not code CA PKs expiry dates in the terminal as they are subject to change by
EMVCo and DFS.
ODA Requirements Important: All newly deployed offline-capable contact chip terminals are required to support DDA in
addition to supporting SDA. Terminals should also support CDA whenever possible. In addition,
Merchants and VARs should consider local market requirements and industry practices when deciding
which methods to support.
DFS CA PK To support ODA, the terminal must be able to store up to six DFS CA PKs and their associated data
Requirements elements for each payment brand’s Registered Application Provider Identifier (RID) represented in the
Terminal.
3.5 Cardholder Verification (Step 6 for Contact D-PAS and Step 5 for Contactless D-PAS)
Cardholder Verification determines whether the person presenting the chip card is the legitimate
Cardholder by using a CVM that is mutually supported by both the chip card and the terminal. Most
terminals have the capability to support all CVMs. However, consult with your Processor to understand
their ability to support all CVMs, especially the online PIN method.
Cardholder verification is mandatory for contact D-PAS transactions. However, it is conditional for
contactless D-PAS.
If the Terminal Contactless CVM limit is present and the Transaction amount is greater than the Terminal
CVM limit, the Terminal requires CVM to be performed.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 15
The following table describes the CVM types that are available to Merchants and Acquirers.
Online PIN If “Online PIN” is the selected CVM and is supported by the terminal, the terminal prompts the
Cardholder for PIN entry and then enciphers the PIN for inclusion in the authorization message later in
the transaction. The remaining processing for the online PIN transaction is conducted in accordance
with existing DFS regulations.
Offline PIN If “Offline PIN” is the selected CVM for the transaction, the terminal prompts for PIN entry, and the PIN
(Plaintext and is transmitted from the terminal to the chip card for verification. The PIN can be sent either exactly as it
Enciphered) was entered by the Cardholder (plaintext PIN) or encrypted (enciphered PIN). If the chip card cannot
successfully verify the PIN, the chip card informs the terminal of the number of PIN try attempts
remaining. Enciphering the PIN is strongly recommended. Offline PIN CVM type is not an option for
contactless transactions.
Combined Offline If “Combined Offline PIN and Signature” is the selected CVM for the transaction, the terminal must
PIN and Signature complete the processes for both the offline PIN CVM and Signature CVM. This CMV type is not an
option for contactless transactions.
Signature If “Signature” is the selected CVM for the transaction, CVM processing is considered complete from a
D-PAS perspective. Other processing related to this CVM is executed in accordance with existing DFS
regulations (e.g., comparing the Cardholder signature obtained to the signature on the card).
No CVM If “No CVM” is the selected CVM for the transaction, CVM processing is complete from the D-PAS
perspective. This CVM must be supported by unattended terminals, please refer to section 3.5.1.1.
Consumer Device For contactless payment devices only. Cardholder verification can be completed on the contactless
CVM (CDCVM) payment device prior to initiating any payment transactions. Verification methods vary by device, such
as password and biometrics, among other methods. If CDCVM is used, it must be noted in the
Terminal Verification Results (TVRs).
Note: DFS allows no-signature or PIN for card-present sales of $50.00 or less, including applicable taxes,
gratuities, surcharges, cash overs and / or Discover Pay with Rewards.
Assess Terminal Identify the capabilities of the terminal for supporting each CVM.
Capabilities
Identify the Relative A PIN can reduce transaction processing time by eliminating the signature requirement.
Importance of Gaining In addition, an offline PIN can make throughput faster, by eliminating online verification processes
Processing Efficiency and network latencies.
Retain Traditional CVM Merchants and VARs should be aware that magnetic stripe cards will continue to be encountered
Processing at the point-of-sale, so traditional processes for swiping the card and signing for the transaction
Capabilities will still need to be supported.
Important: For Acquirers and Merchants to take full advantage of the Fraud Liability Shift for lost or
stolen cards, they must support both offline and online PIN authentication for contact chip cards.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 16
®
Discover requires Acquirers and Merchants to support offline and online PIN at parity with Discover
when PIN is being supported for any other Payment Networks.
Note: Unattended POS Devices are often online-capable to allow issuer authorization and
batch data capture.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 17
Floor Limits Mandatory Merchants / VARs may use the chip card terminal floor limits associated with
each Merchant category or choose a zero floor limit.
It is recommended that terminals that are capable of storing multiple floor
limits specify separate floor limits for magnetic stripe and chip card
transactions. To support a floor limit other than $0 (or local equivalent), the
terminal must be able to store a separate floor limit for magnetic stripe and
chip card transactions.
Random Transaction Mandatory Acquirers are advised to work with their Merchants to identify the terminal
Selection settings for random transaction selection.
It is recommended that terminal parameters are adjusted to ensure that a
bias is applied.
Exception File Optional It is recommended that exception file checking is performed at offline-only
terminals. Talk to your Acquirer Processor for more details.
Transaction Optional Merchants can implement a function that allows the Attendant to manually
Forced Online force a transaction online. This function can be employed if the Attendant is
suspicious of the Cardholder and wants to ensure that the Issuer authorizes
the transaction. If Merchants would like to implement transaction forced
online functionality, Merchants and VARs should work with their Acquirer
Processor to set guidelines for when this functionality should be used.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 18
3.7 First Terminal Action Analysis (Contact D-PAS Step 8 and Contactless D-PAS Step 7)
A terminal / reader device performs the first Terminal Action Analysis step using different considerations
for contact or contactless D-PAS transactions.
Rules governing the levels of acceptable risk for various transaction conditions are set for:
• The terminal by the Payment Brand and the Acquirer via rules called Terminal Action
Codes (TACs).
• The chip card by the Issuer via card rules called Issuer Action Codes (IACs).
For the purposes of this Guide, DFS is the Payment Brand responsible for setting the TACs. The
applicable D-PAS contact TAC values listed in the following table must be stored in terminals as a
prerequisite to the acceptance of chip cards. Terminals must store only the set of TAC values that is
relevant to the functionality supported by the terminal.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 19
Transaction completion (Step 13) occurs when the terminal receives either an approval or decline
response to one of its cryptogram requests. The terminal then executes the approval or decline requested
by the chip card. At the conclusion of processing, the transaction result is displayed to the Cardholder.
The receipt is printed or emailed (and signed if required), and the terminal stores any required
transaction data.
Contactless D-PAS Step 9 is the final step of the transaction. This step tells the Cardholder the final
decision and processes additional functions depending on the decision taken. The results could be one of
the following:
• Offline processing: Approval or decline – Transaction is not sent to the issuer for decisioning.
• Online processing: Approval or decline – Transaction is sent to the Issuer for decisioning.
• Switch to another interface.
From To Comments
Contactless D-PAS Contact D-PAS The terminal may switch to contact chip interface due to several reasons.
The transaction is restarted as a standard Contact D-PAS transaction.
Contactless D-PAS Magnetic Stripe If the switch to contact D-PAS is not possible, the transaction must switch to
Transaction a magnetic stripe transaction. Magnetic stripe transactions have a higher risk
than D-PAS; therefore, it must follow specific rules:
• The transaction must go online.
• The transaction must be identified with a specific fallback indicator
value. See 3.10 for more details.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 20
AID Mandatory
Approval Code Mandatory: Include either an online approval code or an offline approval code created
by the terminal.
Cryptogram Optional
Application Preferred Name or Optional
Application Label
PIN Verification Statement Optional
®
Note: In addition to the EMV receipt requirements listed above, Discover has additional receipt
requirements that are listed in the Operating Regulations. Please consult your Processor for complete
receipt requirements.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 21
Unknown AID or AID No If the terminal is not able to recognize any of the applications supported
Not Found by card, the terminal should allow the transaction to be processed as
magnetic stripe.
Chip Card Error Yes A technical error in communication between the card and terminal has
prevented a chip transaction taking place. The terminal should prompt the
Cardholder to swipe the card.
Blocked Application No The terminal should terminate the transaction and it should not allow the
Cardholder to initiate a magnetic stripe transaction.
Blocked Card No The terminal should terminate the transaction and it should not allow the
Cardholder to initiate a magnetic stripe transaction.
Switch Interface Yes If a transaction cannot be completed as contactless D-PAS, and if a switch
Request from to contact D-PAS interface is not possible, the transaction must switch to a
Contactless D-PAS magnetic stripe.
to MS
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 22
1. Inserting or tapping the cardholder chip card or contactless device: In this scenario, the terminal
should retain pre-authorization data elements necessary to complete the sale. This includes:
• Chip related data
• Account number
• Expiration date
Because of PCI requirements, the terminal should extract and retain only the necessary data from
the chip.
2. As a card on file: Use existing magnetic stripe processing
Important: Gas stations accepting chip cards or contactless devices, should continue to submit a one-
dollar pre-authorization at Automated Fuel Dispensers (AFD) and completing an authorization advice
message with the actual sale amount within 60 minutes of fuel delivery.
1. Inserting or tapping the cardholder chip card or contactless device: In this scenario, the terminal
should retain data elements necessary to complete the sale. This includes:
• Chip related data
• Account number
• Expiration date
Because of PCI requirements, the terminal should extract and retain only the necessary data from
the chip.
2. As a card on file: Use existing magnetic stripe processing
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 3: Implementing D-PAS 23
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 4: Point-of-Sale Solution Selection 24
Merchants and Issuers should carefully consider the type of point-of-sale (POS) solution that best works
for their business model and the needs of their Customers. They also should consider the certification
requirements for each option, including device certification and end-to-end certification. The following
table outlines solutions available in the market. Please contact your Terminal Manufacturer and
Processor for more details and options.
Stand-Alone Chip-enabled terminal device or peripheral is connected directly to the Acquirer Processor.
Updates are managed by the Acquirer. Ideal for small Merchants currently using
stand-alone terminals.
Semi-Integrated Chip-enabled terminal device or peripheral is integrated into a new or existing POS software
application. The payment device can be connected through a payment gateway or directly to the
Acquirer. Terminal updates are managed either by the Payment Gateway or the Acquirer.
Integrated Chip-enabled reader is fully integrated into the POS solution or a stand-alone peripheral.
Merchant, Payment Gateway and/or Acquirer / Processor may be responsible for managing
terminal updates.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 4: Point-of-Sale Solution Selection 25
Certification initiator
Certification Type What it includes
Contact EMV Contactless EMV
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 4: Point-of-Sale Solution Selection 26
®
Discover D-PAS or
Payment Device
Discover-Approved
Smart Card Simulator Terminals
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 4: Point-of-Sale Solution Selection 27
Production validation test transactions are executed using live but unfunded D-PAS and J/Smart test
cards at deployed terminals or terminals in a live laboratory environment. To request production validation
test cards, please contact IntegratedPayments@Discover.com.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 5: Production Rollout 28
Certification
Check with your terminal provider, acquirer and processor to confirm who is responsible for renewing Level 1 and
Level 2 certifications.
Complete E2E certification for each unique terminal application and configuration combination if utilizing a fully-
integrated solution.
Confirm that your partner completed E2E certification if utilizing a semi-integrated solution.
Confirm who is responsible for updating your terminals: adding new AIDs, updating or replacing CA PKs, etc.
Verify AIDs have been loaded on the EMV terminals. (See Table 5.2 for details).
Ensure production CA PKs were loaded and replaced test CA PKs.
Ratify the Application Version Number Check is “0001.” It is recommended that terminals hold one additional
Application Version Number slot open for future use.
Confirm the terminal can store up to six CA PKs per card brand.
Ensure TACs were properly coded.
Support for the minimum chip card-related data elements for authorization and batch data capture.
If supporting contact and contactless D-PAS, terminals must not allow both interfaces to be activated
simultaneously. If one interface is powered on, the other interface must be switched off.
Support Zip AID to allow for application switch from Contactless D-PAS to magnetic stripe.
Set terminal amount limits (if any) based on Merchant decision and direction received from your Processor. Please
®
note that Discover does not have any transaction amount limit established for contactless D-PAS transactions.
Add decal signage at your POS advertising your merchant accepts contactless payments
Train your employees on how to process contact and contactless transactions. Review the resources that Discover
has created to assist you with this task www.discovernetwork.com/chip-card/merchants/resource_center.html
Request production validation EMV test cards by contacting IntegratedPayments@Discover.com.
Complete production validation test transactions.
Validate purchase, refund and cancellations.
Confirm receipt is printing EMV-related data.
Follow fallback to magnetic stripe processing.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 5: Production Rollout 29
® ®
Discover Zip
Quasi Credit
Common AID
Discover U.S.
D-PAS (Proprietary) JCB J/Smart Contactless
Common debit
Credit
Debit
U.S.
Magnetic Strip
PIN
If PIN is supported for any payment brand, Online PIN and Offline PIN must be supported for Discover Network
Support
PIN Bypass Supported
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 5: Production Rollout 30
Unionpay integrated
circuit cards (UICS)
® ®
Discover Zip
Common AID
Quasi Credit
D-PAS (Proprietary) Discover® U.S. Common debit JCB J/Smart Contactless
Magnetic Strip
Credit
Debit
U.S.
Contact EMV
TACs for ODA ODA Not ODA ODA Not ODA ODA Not
ODA Supported / ODA
Contact Supported Supported Supported Supported Supported Supported
Not Supported
Interface
Denial 0010000000 0010000000 0010000000 0010000000 0010000000
0010000000
Online FCE09CF800 30E09CF800 FCE09CF800 FFFFFFFFFF FC60ACF800
D84004F800
Default DC00002000 1000002000 DC00002000 FFFFFFFFFF FC6024A800
or D84000A800
FC60242800
Offline Allowed, please contact Online Authorization is required Allowed, please contact
Transaction processor for details. DFS limit for all Transactions originating processor for details. DFS Online Authorization is
Limit is $300.00 from Discover U.S. Common limit is $300.00 required for all UP
Debit AID Transactions.
(with MCC exceptions) (with MCC exceptions)
EMV Fraud October 2015, all industries October 2015, all industries As of publication date,
As of publication date, JCB
Liability Shift except AFD except AFD UnionPay has not
has not announced EMV FLS
October 2020, AFD October 2020, AFD announced EMV FLS for
for the U.S for transactions
the U.S for transactions
processed through
processed through
Discover Network
Discover Network
CVM Online
Online
Supported PIN,
PIN, No
Online PIN, Offline Enciphered Online PIN, No CVM, Online PIN, Offline Offline
CVM,
PIN, Offline Plaintext PIN, Enciphered PIN, Offline Plain Plaintext
Signature (via No CVM) Offline
Signature, No CVM Text PIN, Signature, No CVM PIN,
Plaintext
Signature,
PIN
No CVM
Terminal ODA support is optional. All offline-capable contact
ODA All offline-capable contact chip All offline-capable contact chip
If support ODA, terminal must chip Terminals are
Requirement Terminals are required to Terminals are required to
support both SDA and DDA. CDA required to support SDA
support SDA and DDA, it is support SDA and DDA, it is
support is optional. If it is and DDA, it is
recommended that they also recommended that they also
supported by the terminal, it must recommended that they
support CDA. support CDA.
be supported using also support CDA.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 5: Production Rollout 31
Discover® Zip®
Common AID
Quasi Credit
Discover® U.S.
D-PAS (Proprietary) JCB J/Smart Contactless
Common debit
Credit
Debit
U.S.
Magnetic Strip
Contactless EMV
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Chapter 5: Production Rollout 32
Discover® Zip®
Common AID
Quasi Credit
D-PAS Discover® U.S.
JCB J/Smart Contactless
(Proprietary) Common debit
Credit
Debit
U.S.
Magnetic Strip
Others
TDOL and
Terminal D-PAS, J/Smart & UICS does not require default terminal TDOL and terminal exception file
Exception File
No CVM Per DFS Operating Regulations, transactions below $50 do not require CVM.
Policy Please contact your processor to confirm requirements for No CVM.
Production
Required, using unfunded cards
Validation
CAPKS
J/Smart test
Test Yes, same for both Discover Proprietary and
CAPK with UCIS Test keys
Environment Debit Common AIDs
length 1408 bits
J/Smart
Production Yes, same for both Discover Proprietary and
Production UCIS Production Keys
Environment Debit Common AIDs
CAPKs
Test Cards
Test
Environment,
One pack contains Contact and Contactless D-PAS including Debit, J/Smart & UICS test cards.
physical
test cards
Production
Environment,
Available upon request. One pack contains Contact D-PAS, J/Smart & UICS test cards.
unfunded
cards
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Appendix A 33
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Appendix A 34
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Appendix A 35
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Appendix B 36
DPAS Acronyms
Acronym Meaning
AC Application Cryptogram
AFD Automated Fuel Dispenser
AID Application Identifier
CA Certification Authority
CAPK Certification Authority Public Key
CAPKI Certification Authority Public Key Index
CDDA Combined Dynamic Data Authentication and Application Cryptogram Generation
CVM Card Verification Method
DDA Dynamic Data Authentication
DDOL Dynamic Data Authentication Data Object
DFS Discover Financial Services
D-PAS D-Payment Application Specification
E2E End-to-End
EMV Europay, MasterCard, Visa
ICC Integrated Circuit Cards
ISO International Organization for Standardization
NFC Near Field Communication
ODA Offline Data Authentication
OEM Original Equipment Manufacturer
PAN Primary Account Number
PIN Personal Identification Number
POS Point-of-Sale
RID Registered Application Provider Identifier
RFF Radio Frequency Field
SDA Status Data Authentication
TAC Terminal Action Code
TDOL Transaction Certificate Data Object List
TVR Terminal Verification Results
UICS UnionPay Integrated Circuit Chip Card Specifications
VAR Value-Added Reseller
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Appendix C 37
DPAS Terminology
Term Definition
AC A cryptogram computed by the chip card application and used by the Issuer to verify that a
request came from the card.
Acquirer An entity that processes credit and debit card payments on behalf of a Merchant.
Acquirer Processor A third-party entity designated by an Acquirer and approved by DFS for the purpose of
performing certain Acquirer obligations under the Acquirer Agreement and/or the Program
Guides, subject to the limitations and requirements set forth in the Acquirer Agreement, the
Acquirer Processor Agreement and the Program Guides.
AID An application identifier made up of the Registered Application Provider Identifier (RID) and
the Proprietary Identifier Extension (PIX).
Application PAN A valid Cardholder account number.
Authorization The process used to determine whether to approve a card sale or cash advance in
response to an authorization request.
Authorization Request A request submitted by a Merchant or Acquirer, through DFS or another person acting on
our behalf, to the Issuer for authorization of a card sale or cash advance.
CA PK The key of the CA asymmetric key pair that can be made public. Consists of a:
• CA PK Exponent – The value of the exponent part of the CA PK.
• CA PK Modulus – The value of the modulus part of the CA PK.
Cardholder A user of a credit, debit or prepaid payment card product.
CDA An offline authentication method performed by the terminal to verify a card via a
dynamic signature that is generated offline by the card and a cryptogram. The offline
DDA is a dynamic signature. The online Application Cryptogram Authentication is the
second signature.
Chip Card A card with an embedded integrated chip that is a contact chip payment device, a
contactless chip payment device or a dual interface payment device.
Chip Card Transaction A card transaction that takes place with a chip card at a chip card terminal that complies
with relevant operating regulations and technical specifications.
CVM Method used to ensure that the person presenting the card is the person to whom the
application in the card was issued.
DDA Offline Dynamic Data Authentication performed by the terminal to verify the dynamic
signature generated by the card for the transaction.
Note: The generated dynamic signature is different for each transaction.
EMV The global standard for credit and debit payment cards based on chip card technology.
EMV is a trademark owned by EMVCo, LLC.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Appendix C 38
EMVCo The corporation that manages, maintains and enhances the EMV ICC specifications
for chip-based payment cards and acceptance devices, including POS terminals
and ATMs.
Floor Limit An amount designated in a Merchant Agreement as the amount below which the Merchant
is not required to obtain an online authorization for a card sale.
®
ICC A card that has a chip embedded in it. Chip cards and Discover Contactless D-PAS Cards
embed such a chip.
ISO An agency that establishes and publishes international technical standards.
Issuer An entity that has signed a DFS Credit Issuer Agreement for the purpose of issuing
DFS payment cards in accordance with the DFS Operating Regulations and other
program documents.
JCB A financial services company based in Tokyo, Japan also known as JCB Co., Ltd. that
operates as the JCB payment network in Japan and also issues JCB payment partners on
its network for acceptance on its network.
Key A binary value that is used as part of an algorithm to encrypt or decrypt data.
Landing Zone The landing zone is the strongest RF point close to the reader. It is identified by the EMVCo
contactless symbol.
Merchant An entity engaged in commercial operations that comply with the requirements set out in the
Discover Operating Regulations and other program documents.
Merchant Agreement A signed, written agreement between an Acquirer and a Merchant that:
• Permits the Merchant to accept cards as payment for goods and services and cash at
the Acquirer’s discretion, but not in exchange for cash, cash equivalents or the funding
of value used for future purchases (“quasi-cash”) unless specifically approved in the
Acquirer Agreement.
• Describes the terms pursuant to which Acquirer shall pay Settlement Amounts to the
Merchant for card transactions accepted by the Merchant.
• Provides a sublicense to the Merchant governing the Merchant’s use of the
program marks.
• Describes the program services provided by Acquirer to the Merchant to support
card acceptance.
ODA The process of validating a contactless EMV card offline at POS via CDA.
PAN The unique identifying number that is assigned by the Issuer to the card at the time of
card issuance.
Payment Brand An organization that manages a network to facilitate payments between Cardholders and
Merchants.
Payment Device Contactless D-PAS products can be issued in many different forms such as key fobs,
stickers or mobile phones. These devices are collectively known as “contactless
payment devices.”
PIN The personal identification number or code assigned by an Issuer that may be used by the
Cardholder to facilitate a card sale or cash advance on a POS device.
PIX An optional data element assigned by the application provider of up to 11 bytes which is
part of the structure of the AID.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Appendix C 39
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Appendix D 40
Issuer Identification Number (IIN) Ranges that Operate on the Discover network:
®
Discover iin (bin) Range Table
Start End Issuing Network Credit / Debit Min Digits Max Digits
30000000 30599999 DCI Credit 16 19
30950000 30959999 DCI Credit 16 19
35280000 35899999a JCB Credit 16 19
36000000 36999999b DCI Credit 14 19
38000000 39999999 DCI Credit 16 19
60110000 60110399 DN Both 16 19
60110400 60110499 PayPal Credit 16 19
60110500 60110999 DN Both 16 19
60112000 60114999 DN Both 16 19
60117400 60117499 DN Both 16 19
60117700 60117999 DN Both 16 19
60118600 60119999 DN Both 16 19
62212600 62292599c UnionPay Both 16 19
62400000 62699999c UnionPay Credit 16 19
62820000 62889999c UnionPay Credit 16 19
64400000 65059999 DN Both 16 19
65060000 65060099 PayPal Credit 16 19
65060100 65060999 DN Both 16 19
65061000 65061099 PayPal Credit 16 19
65061100 65999999 DN Both 16 19
a. This IIN Range (35280000 to 35899999) shall be enabled only by Merchants, Acquirers or their Processors in connection with
Merchant relationships, POS Devices or otherwise, within the 50 States of the United States of America and the District of
Columbia, Puerto Rico, the US Virgin Islands, the Northern Mariana Islands, Palau, and Guam, subject to certain exceptions in
Acquirer Agreements where applicable.
b. The PAN length for this IIN Range (36000000 to 36999999) is 14 digits.
c. The UnionPay IIN Ranges shall be enabled only by Merchants, Acquirers, or their Processors in connection with Merchant
relationships, POS Devices or otherwise, in the United States, Mexico, and the Caribbean*
* The United States of America, includes fifty States, the District of Columbia and all other U.S. territories, Protectorates, and non-
domestic U.S. military bases including American Samoa, Federated States of Micronesia, Guam, Marshall Islands, Northern
Mariana Islands, Palau, Puerto Rico and the U.S. Virgin Islands.
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.