R4 Discover D-PASU.S.terminalGuide2017

D-PAS U.S.
Chip Terminal Guide

_________
Version 1.1 / May 2017
© 2017 DFS Services LLC ½ Confidential & Proprietary. Do Not Copy or Distribute.
Disclaimer 2
This D-PAS: U.S. Chip Terminal Guide (this “Guide”) provides guidelines to assist Merchants and Value
Added Resellers (VARs), including, but not limited to, Independent Software Vendors (ISVs) and
Payment Gateways, in meeting chip card point-of-sale (POS) terminal requirements that are specific to
the U.S. market when accepting Discover Network and its partners’ chip card products. This guide is
®
subject to change by Discover at any time without notice to any party. Neither this Guide nor any other
document or communication creates any binding obligations upon Discover or any third party regarding
testing services or Discover approval, which obligations will exist, if at all, pursuant to separate written
agreements executed by Discover and such third parties.
This Guide is provided “AS IS”, “WHERE IS” and “WITH ALL FAULTS”. Neither Discover, nor Diners Club
®
International (DCI), nor any of their affiliates, subsidiaries, directors, officers or employees (collectively,
the “Discover Parties”) assume or accept any liability for any errors or omissions contained in the Guide.
The Discover parties specifically disclaim and make no representations or warranties of any kind, express
or implied, with respect to this Guide. The Discover parties disclaim all representations and warranties,
including the implied warranties of Merchants’ ability and fitness for a particular purpose. The Discover
parties further specifically disclaim all representations and warranties with respect to intellectual property
subsisting in or relating to the Guide or any part thereof, including but not limited to any and all implied
warranties of title, non-infringement or suitability for any purpose (whether or not the Discover parties
have been advised, have reason to know or are otherwise in fact aware of any information).
The contents of this Guide are proprietary and constitute trade secrets of Discover. This Guide is
provided to Participants of the Discover and DCI Networks and their authorized Partners for their
exclusive use and shall not be reproduced, published or otherwise disclosed, in whole or in part, to any
party outside Discover without the prior written consent of Discover.
®
DFS Services LLC, Discover means our officers, directors and employees as well as the network,
systems and processes, including hardware, software and personnel maintained by us to support card
issuance and card acceptance programs operated by Issuers, Merchants and Acquirers for the benefit of
Cardholders and Merchants, respectively; or, where used to describe products, enhancements or
services, means the consumer-facing brand of Discover.
What’s Inside 3
Chapter 1 Getting to Know D-PAS Page 4
1.1 Introduction Page 4
1.2 Purpose of this Guide Page 4
1.3 Target Audience Page 4

1.4 References Page 4
Chapter 2 Understanding Chip Card Transactions Page 5

2.1 EMV Fraud Liability Shift Page 5
2.2 Chip Card Technology Page 6

2.3 Contactless Technology Page 6
2.4 EMVCo Role in Chip Card Specifications Page 7

2.5 D-Payment Application Specification (D-PAS) Page 8
2.6 Understanding Chip Transactions Page 8
Chapter 3 Implementing D-PAS Page 12
3.1 Important Chip Card Implementation Considerations Page 12
3.2 Pre-Transaction Processing (Contactless) Page 12
3.3 Application Selection Page 12
3.4 Offline Data Authentication (ODA) Page 13
3.5 Cardholder Verification Page 14
3.6 Terminal Risk Management Page 17

3.7 First Terminal Action Analysis Page 18
3.8 Transaction Completion Page 19
3.9 Conclusion of Processing / Chip Card Page 20

Deactivation and Removal
3.10 Technical Fallback Page 21
3.11 Special Considerations for Merchants in the Restaurant / Page 22

Bar, Lodging, Car Rental and Petro Industries
Chapter 4 Point-of-Sale Solution Selection Page 23
4.1 Device Certification Page 23

4.2 End-to-End Certification Requirements Page 24
4.2.1 Discover Quick Chip Page 25
4.3 Production Validation Requirements Page 26
Chapter 5 Production Rollout Page 27

5.1 Production Rollout Check List Page 27
5.2 AID Parameters Page 28
Appendix A DFS CA Test Payment System Public Keys Page 32
1. Key Length 1152 Bits – PKI 91 Test Page 33


Appendix B DPAS Acronyms Page 35
Appendix C DPAS Terminology Page 36
Appendix D DFS IIN / BIN Table Page 39
Chapter 1: Getting to Know D-PAS in the U.S. 4
1.1 Introduction
®
The Discover D-Payment Application Specification (D-PAS) is an EMV-compliant smart card payment
solution for contact, contactless and mobile payments. Discover supports and conforms to current EMV
standards, enabling easy implementation and integration of the D-PAS solution.
1.2 Purpose of this Guide

This Guide focuses on the U.S. market. It provides high-level guidance to assist Merchants, VARs and
other relevant parties with terminal development to support both contact and contactless chip transactions
in accordance with D-PAS solutions at the terminal level. Please consult with your Processor or Discover
for detailed policy, technical specifications and operating regulations.
1.3 Target Audience

This Guide is primarily intended for Merchants and Value Added Resellers (VARs), including, but not
limited to, Independent Software Vendors (ISVs), Payment Gateways VARs and/or other entities
responsible for implementing components and services required for accepting contact and contactless
chip cards, mobile wallets and contactless devices on Merchant acceptance terminals in the U.S.*
* The United States of America, includes fifty States, the District of Columbia and all other U.S. territories,
Protectorates, and non-domestic U.S. military bases including American Samoa, Federated States of
Micronesia, Guam, Marshall Islands, Northern Mariana Islands, Palau, Puerto Rico and the U.S.
Virgin Islands.
1.4 References
1
Title Source Reference
Discover Contact and Contactless D-PAS: Terminal Requirements 1 DFS D-PAS: US DB TA, v 1.0
for U.S. Debit Cards Technical Addendum
Terminal Requirements for JCB J/Smart™ Cards 1 DN CT D-PAS: JCB JS TA, v 1.0
Technical Addendum
Discover Contact EMV: Terminal Requirements for UnionPay 1 UnionPay UICS TA v 1.0
Contact Chip Cards Technical Addendum
Discover Contact D-PAS: Discover Quick Chip DN.com DFS CT D-PAS QC v 2.0
Implementation Guide v2.0 (July 12, 2016)
EMVCo emvco.com
U.S. Payments Forum http://www.uspaymentsforum.org/
1
Source: 1 means references can be provided upon request to IntegratedPayments@Discover.com.
Chapter 2: Understanding Chip Card Transactions 5
2.1 EMV Fraud Liability Shift

®
In October 2012, Discover announced the alignment of its EMV fraud liability shift policies for contact
® ®
chip cards across Discover, Diners Club International and PULSE . The Discover Network policy
became effective in October 16, 2015 for all point-of-sale (POS) locations and is scheduled to go into
effect in October 2020 for all automated fuel dispensers (AFD).
PULSE’s liability shift date for ATM transactions on Discover / PULSE EMV contact cards at U.S.
terminals will be effective October 1, 2017. After this date, ATM Acquirers will be financially liable for
counterfeit card fraud if a contact EMV card is presented at an ATM that is not EMV enabled. To ensure
simple and consistent dispute management for PULSE participants, PULSE has chosen ATM liability shift
dates for PULSE cards that are consistent with the signature brand on the card.
The switch to EMV is vital to prevent payment fraud, and Discover is here to help. Our resources and
EMV best practices accelerate EMV certification, maximize Cardholder security and drive Merchant
profitability. For more information, visit DiscoverNetwork.com/Chip-Card or contact
IntegratedPayments@Discover.com.
Before October 2015

Liability In most cases, the issuer bears the initial responsibility
Issuer for fraudulent activity if a lost, stolen or counterfeit card
is used at POS.
After October 20153
Merchant or Acquirer2
Counterfeit Fraud Liability Lost or Stolen Fraud Liability
Type of Card Type of Terminal Type of Card Type of Terminal
Chip and PIN Chip and Chip and PIN

Non EMV-
Preferring Card Signature Card Preferring Card Chip and Non EMV-
Enabled Terminal
Signature Enabled
Terminal Terminal
2 ®
Liability is transferred to the party with the direct relationship with Discover . As of date of publication of this guide, the EMV Fraud
Liability Shift is in effect for contact chip transactions only.
3
The Discover Network policy is scheduled to go into effect in October 2020 for automated fuel dispensers (AFD).
2.2 Chip Card Technology

Chip cards, also known as smart cards or integrated circuit cards (ICC), are plastic cards embedded with
a computer chip. Chip cards are capable of storing information, completing calculations, making decisions
and running applications.
Chip cards still have a magnetic stripe on the back of the card to permit processing transactions at
locations without EMV-enabled terminals and fallback processing in the event of a chip failure.
2.3 Contactless Technology

Contactless technology is being adopted by Merchants that are looking for a faster, easier and more
convenient payment method. The execution of a contactless payment transaction requires a contactless
card or payment device and terminal / reader. Each contactless card or payment device and terminal,
carry a microchip connected to an antenna that enables the exchange of data via near field
communication (NFC).
2.3.1 Contactless Transaction Modes

• Contactless D-PAS EMV mode is an operating mode based on the use of the Contactless D-PAS
application to create transaction-specific cryptograms that can be used to authenticate the card and
the transaction. Contactless transactions can be processed either online or offline.
® ®
• Contactless D-PAS Magnetic Stripe (MS) mode uses functionality of Discover Zip v2.0. The Zip
application provides cardholder information based on MS data to the terminal/reader. The terminal
processes the transaction online and executes the Issuer decision.
Note: Discover Zip is a contactless payment solution deployed in the U.S. (Discover Zip cards and
payment devices should be accepted wherever contactless payments are enabled.)
2.3.2 Contactless Logos

EMVCo licenses the Contactless Indicator and Contactless Symbol (collectively the “Contactless Marks”)
for use in accordance with its reproduction requirements. See the EMVCo website for more details.
• The EMVCo Contactless Indicator, shown below, is used on Contactless Cards and Contactless
Payment Devices such as key fobs.
• The EMVCo Contactless Symbol, shown below, is used on contactless terminals and may also be
used in marketing materials.
2.4 EMVCo Role in Chip Card Specifications

Chip cards and EMV-enabled terminals adhere to standard specifications to ensure interoperability
among countries and Payment Networks. EMVCo is the entity that manages and evolves EMV
specifications, tests processes and fosters worldwide interoperability of secure payment transactions.
The EMV specifications govern chip cards, common payment application (CPA), card personalization
and tokenization.
®
EMVCo is co-owned by six member organizations: American Express, Discover , JCB, MasterCard,
UnionPay and Visa. The organization is supported by Issuers, Merchants, Acquirers, Acquirer Processors
and other industry stakeholders who participate as EMVCo Associates. For more information about
4
EMVCo and chip card specifications visit www.emvco.com .
4
Source: EMVCo www.emvco.com
2.5 D-Payment Application Specification (D-PAS)

®
D-PAS is a specification that enables secure transactions among Discover chip cards, payment devices,
terminals and Acquirers. Discover provides a comprehensive program to support markets that are
migrating from magnetic stripe cards to chip card transactions, including:
• D-PAS program documents that define the requirements for chip cards and terminals, including:
- Discover Contact and Contactless D-PAS: Terminal Requirements for U.S. Debit Cards
Technical Addendum
- Terminal Requirements for JCB J/Smart™ Cards Technical Addendum
- Discover Contact EMV: Terminal Requirements for UnionPay Contact Chip Cards
Technical Addendum
• Test cards
• Production validation cards
• Network support for chip card transactions
• Testing and certification requirements
2.6 Understanding Chip Card Transactions

A chip card transaction differs from a traditional magnetic stripe card transaction in how it interacts
with a terminal.
• A magnetic stripe card is swiped through the terminal to initiate the transaction.
• A contact chip card is inserted into the chip reader and must remain in the terminal for the
duration of the transaction.
• A contactless chip card or payment device is tapped to initiate the transaction.
The following table lists the differences between chip card and magnetic stripe card transactions.
Chip Card Transaction Typical Magnetic Stripe Credit Card Transactions
Multiple card authentication methods. Basic level of authentication including Card Verification
Value (CVV).
Multiple Cardholder verification methods supported, Visual Cardholder verification (request of ID, check
including use of offline and online Personal Identification signature panel).
Number (PIN).
Issuer and Acquirer / Processor establishes and manages Issuer manages most risk parameters.
risk parameters.
Secure offline authorization if supported by the terminal and Offline authorization possible but risky as the authenticity of
network, and approved by the card. the card cannot be confirmed.
Use of dynamic data prevents cloning. Use of static data that can be easily copied.
Added level of security of chip cards and chip-enabled Magnetic stripe cards and terminals are susceptible to
terminals prevents counterfeit fraud. Use of PIN reduces counterfeit fraud.
fraud from lost and stolen cards.
The diagrams below provide an overview of the D-PAS transaction process for contact and
contactless transactions.
Note that some steps may occur simultaneously.
2.6.1 How a Contact D-PAS Transaction Works

The most common transactions between a contact chip card and a terminal consist of:
• Chip and Personal Identification Number (PIN) with verification either offline or online
• Chip and Signature
The following table provides a high-level description of each of these transactions.
Step Contact Chip and PIN Transaction Contact Chip and Signature Transaction
1 The Cardholder inserts the contact chip card into the The Cardholder inserts the contact chip card into the
terminal / reader. terminal / reader.
2 The transaction amount is displayed on the The transaction amount is displayed on the
terminal / reader. terminal / reader.
The cardholder validates the amount The Cardholder validates the amount.
The terminal reader prompts the Cardholder to
enter PIN.
3 The Cardholder enters PIN on the terminal or PIN pad. The Merchant terminal processes the purchase
The PIN is displayed as ********. transaction offline or online, depending on the purchase
Note: PIN “Merchants / Acquirers must support up to amount, card and terminal parameters.
8-digit PIN.
4 • If offline PIN, terminal sends PIN to chip card, The Merchant terminal displays to the Cardholder
chip card validates PIN and provides response back the results of the validation as either “Approved”
to terminal. or “Declined”.
• If online PIN, terminal sends encrypted PIN to Issuer.
Issuer returns authorization response to terminal.
The Merchant terminal validates the PIN and provides
Cardholder with the results of the validation.
5 The Merchant terminal processes the purchase For an approved transaction, the Merchant terminal
transaction offline or online, depending on the purchase prints a transaction receipt or creates a digital version.
amount, and card and terminal parameters.
6 On successful processing, the Merchant terminal The terminal instructs the Cardholder to remove the
displays “Approved” or “Declined”. chip card.
7 For an approved transaction, the Merchant terminal can The Cardholder signs the transaction receipt or digital
print a transaction receipt if requested, or email an version that can be emailed to cardholder.
electronic copy.
8 The terminal instructs the Cardholder to remove the
chip card.
2.6.2 How a Contactless D-PAS Transaction Works

The steps below provide an example of a typical transaction executed between a NFC-enabled chip and
pin card (or device) and a reader connected to a standalone terminal.
Step Contactless D-PAS Transaction
1 The Merchant enters the purchase amount on the terminal.

2 The transaction amount is displayed on the terminal and on the reader.
3 The first LED (if present) begins to flash to indicate that the reader is ready to perform a contactless transaction.
4 The Cardholder presents the card or device close to the landing zone of the terminal / reader.
5 The reader exchanges commands and responses with the card or device to execute the contactless transaction.
6 The result of the exchange between the card or device and the reader, together with EMV transaction data, is sent to
the terminal.
7 When the data capture is completed, all four LED lights on the reader (if present) normally illuminate in green, and
the reader sounds an audible alert.
8 The Cardholder removes the card or device from the landing zone.
9 Depending on the card or device and terminal capabilities, as well as the risk management parameters, the
Cardholder Verification Method (CVM) will be online PIN, signature or no CVM.
10 The terminal completes the transaction online or offline.
11 The transaction result is displayed on the terminal to the Cardholder and the Merchant. It also can be displayed on
the reader.
12 A receipt can be printed, if requested, or an electronic copy can be sent by email.
This description may differ depending on the contactless POS terminal and reader model.
Chapter 3: Implementing D-PAS 12
3.1 Important Chip Card Implementation Considerations

This chapter provides an overview of the chip card transaction steps that impact Merchants and VARs,
including the technical requirements and best practices to successfully implement D-PAS. Not every
transaction step is referenced in this chapter. For additional information on each transaction flow step,
contact IntegratedPayments@Discover.com.
3.2 Pre-Transaction Processing (Mandatory Step for Contactless D-PAS only)

To minimize the time that a card must be in the RF field, the terminal / reader performs preliminary risk
management checks by comparing the Transaction amount to limits set in the terminal.
Note: Terminals that always use a fixed transaction amount (such as vending machines) do not perform
risk management checks. If you have any questions contact your Acquirer / Processor.
3.3 Application Selection (Step 1 for Contact and Contactless D-PAS)

There are various ways the application selection step is performed. In a typical credit card transaction, the
card and the terminal analyze the supported Application Identifiers (AIDs). If multiple applications are
supported, the terminal identifies the priority selected by the Issuer and may allow the Cardholder to
choose the application to use. The terminal or peripheral selected for chip card implementation must have
the intended AIDs loaded for chip transactions to work.
For the U.S. Common Debit AID, Merchants and Acquirers may have proprietary software installed on
POS devices to manage the selection of the Common AID over the proprietary / global AIDs–the specifics
of which are outside the scope of this document.
Below is a list of AIDs for the Discover Network and its partners that must be supported in terminals used
by Merchants and VARs in the United States:
Specification Name AID Uses Territory

®
D-PAS A0000001523010 D-PAS Contact and Contactless AID. Discover All
®
Card, Diners and network-to-network partners
(BCcard, DinaCard, elo, Interswitch, etc.)
D-PAS A0000001524010 Discover U.S. Common Debit AID* U.S.
D-PAS A0000003241010 ZIP AID Magnectic Strip Contactless All
J/Smart A0000000651010 JCB J/Smart Contact AID U.S.
UICS A000000333010102 UnionPay Credit Cards AID U.S., Mexico, Bahamas
UICS A000000303010103 UnionPay Quasi Credit Cards AID U.S., Mexico, Bahamas
UICS A000000333010101 UnionPay Debit Cards AID U.S., Mexico, Bahamas
UICS A000000333010108 U.S. UnionPay Common Debit AID U.S.
UICS = UnionPay Integrated Circuit Chip Card Specifications

*A common AID allows Merchants and Acquirers to route debit card transactions over multiple unaffiliated networks. The Discover
U.S. Common Debit AID is available for Discover/PULSE-issued cards with another card brand as a secondary routing network.
Important AID Notes

• The AID must be set to support partial match AID selection for D-PAS and J/Smart (not allowed
for UICS).
• The terminal must support the list of AID methods for building the candidate list.
• The application version number check requires that the terminal store the D-PAS application
version number of “0001”.
• It is recommended that terminals hold one additional application version number slot open for
future use.
3.4 Offline Data Authentication (ODA) (Step 4 for Contact and Contactless D-PAS)
In this step, the terminal ensures that:
• The chip card has not been altered since its personalization.
• The data on the chip card was created by the authentic Issuer.
ODA must be implemented on all terminals/readers that support offline authorized transactions.
For contact D-PAS, depending on the capabilities of the chip card and the terminal, the terminal may
perform one of the following Offline Data Authentication (ODA) methods:
• Static Data Authentication (SDA)
• Dynamic Data Authentication (DDA)
• Combined DDA (CDA)
Note: CDA is the most secure method while SDA is a less secure method that will eventually
be phased out.
For contactless D-PAS, CDA is the only method that may be performed.
Offline data validation of the card is performed using encryption keys. A key is a numeric value that is
used as part of a mathematical operation to encrypt or decrypt data. To perform offline data
authentication, terminals must be loaded with DFS Certification Authority Public Keys (CA PKs), JCB CA
PKs and UnionPay CA PKs. Acquirers and Merchants are responsible for registering, managing and
updating keys provided by Discover Network.
®
Please note that both the D-PAS proprietary AID and the Discover Debit U.S. Common AID use the
same DFS CA PKs. See Appendix A for DFS Test Payment System Public Keys.
DFS Production Payment System Public Keys and J/Smart and UICS Test and Production Keys can be
requested from IntegratedPayments@Discover.com. A Non-Disclosure Agreement (NDA) may
be required.
Important: Do not code CA PKs expiry dates in the terminal as they are subject to change by
EMVCo and DFS.
Chip Card Terminal Requirements for ODA
ODA Requirements Important: All newly deployed offline-capable contact chip terminals are required to support DDA in
addition to supporting SDA. Terminals should also support CDA whenever possible. In addition,
Merchants and VARs should consider local market requirements and industry practices when deciding
which methods to support.
DFS CA PK To support ODA, the terminal must be able to store up to six DFS CA PKs and their associated data
Requirements elements for each payment brand’s Registered Application Provider Identifier (RID) represented in the
Terminal.
3.5 Cardholder Verification (Step 6 for Contact D-PAS and Step 5 for Contactless D-PAS)
Cardholder Verification determines whether the person presenting the chip card is the legitimate
Cardholder by using a CVM that is mutually supported by both the chip card and the terminal. Most
terminals have the capability to support all CVMs. However, consult with your Processor to understand
their ability to support all CVMs, especially the online PIN method.
Cardholder verification is mandatory for contact D-PAS transactions. However, it is conditional for
contactless D-PAS.
If the Terminal Contactless CVM limit is present and the Transaction amount is greater than the Terminal
CVM limit, the Terminal requires CVM to be performed.
The following table describes the CVM types that are available to Merchants and Acquirers.
CVM Type Description
Online PIN If “Online PIN” is the selected CVM and is supported by the terminal, the terminal prompts the
Cardholder for PIN entry and then enciphers the PIN for inclusion in the authorization message later in
the transaction. The remaining processing for the online PIN transaction is conducted in accordance
with existing DFS regulations.
Offline PIN If “Offline PIN” is the selected CVM for the transaction, the terminal prompts for PIN entry, and the PIN
(Plaintext and is transmitted from the terminal to the chip card for verification. The PIN can be sent either exactly as it
Enciphered) was entered by the Cardholder (plaintext PIN) or encrypted (enciphered PIN). If the chip card cannot
successfully verify the PIN, the chip card informs the terminal of the number of PIN try attempts
remaining. Enciphering the PIN is strongly recommended. Offline PIN CVM type is not an option for
contactless transactions.
Combined Offline If “Combined Offline PIN and Signature” is the selected CVM for the transaction, the terminal must
PIN and Signature complete the processes for both the offline PIN CVM and Signature CVM. This CMV type is not an
option for contactless transactions.
Signature If “Signature” is the selected CVM for the transaction, CVM processing is considered complete from a
D-PAS perspective. Other processing related to this CVM is executed in accordance with existing DFS
regulations (e.g., comparing the Cardholder signature obtained to the signature on the card).
No CVM If “No CVM” is the selected CVM for the transaction, CVM processing is complete from the D-PAS
perspective. This CVM must be supported by unattended terminals, please refer to section 3.5.1.1.
Consumer Device For contactless payment devices only. Cardholder verification can be completed on the contactless
CVM (CDCVM) payment device prior to initiating any payment transactions. Verification methods vary by device, such
as password and biometrics, among other methods. If CDCVM is used, it must be noted in the
Terminal Verification Results (TVRs).
Note: DFS allows no-signature or PIN for card-present sales of $50.00 or less, including applicable taxes,
gratuities, surcharges, cash overs and / or Discover Pay with Rewards.
3.5.1 CVM Support Considerations

When identifying which CVMs to support in the terminal, first check with your Acquirer and Processor to
verify which CVMs they support, and then take the following decision factors into consideration.
Decision Factor Description
Assess Terminal Identify the capabilities of the terminal for supporting each CVM.
Capabilities
Identify the Relative A PIN can reduce transaction processing time by eliminating the signature requirement.
Importance of Gaining In addition, an offline PIN can make throughput faster, by eliminating online verification processes
Processing Efficiency and network latencies.
Retain Traditional CVM Merchants and VARs should be aware that magnetic stripe cards will continue to be encountered
Processing at the point-of-sale, so traditional processes for swiping the card and signing for the transaction
Capabilities will still need to be supported.
Important: For Acquirers and Merchants to take full advantage of the Fraud Liability Shift for lost or
stolen cards, they must support both offline and online PIN authentication for contact chip cards.
®
Discover requires Acquirers and Merchants to support offline and online PIN at parity with Discover
when PIN is being supported for any other Payment Networks.
3.5.1.1 Special Considerations for Unattended Terminals

An unattended POS device is a device that delivers goods or services when the Cardholder is present but
a Cashier is not. Examples of unattended POS devices are fuel dispensers, parking meters and vending
machines. Many unattended POS devices that execute low-value transactions do not have
communication capabilities; therefore, it is imperative that “No CVM” is supported as a CVM method.
Note: Unattended POS Devices are often online-capable to allow issuer authorization and
batch data capture.
3.5.1.2 Special Consideration for Automated Fuel Dispensers (AFD)

It is recommended that AFDs support Online PIN, Offline PIN (plaintext and / or enciphered) and No-
CVM. Since AFDs are considered self-service terminals or unattended, AFD operators should ensure
support of the No-CVM cardholder verification method.
3.5.2 PIN Pad Configuration

Merchants and VARs should consider the following PIN pad best practices:
• If the PIN pad is separate from the terminal, the addition of a chip card reader with PIN pad enables
Cardholders to keep possession of their card throughout the transaction, thus reducing
opportunities for card skimming.
• Cardholders should be able to reach the landing zone on a contactless PIN pad or reader.
• The placement of a PIN pad should be accessible to all Cardholders.
• PIN pads should be designed and placed in a way that prevents fraudsters from “shoulder surfing”
the PIN.
3.5.3. PIN Bypass

The U.S. Market is a “chip and choice” environment, with both signature and PIN preferring Issuers. PIN
entry bypass is an optional function supported by EMV that enables a manual override of the PIN CVM
process. This option is used when PIN is selected as the preferred CVM, but the Merchant wants to allow
a Cardholder to sign instead. An example of PIN bypass is when the Cardholder has forgotten their PIN.
If PIN bypass is used, this must be noted in the TVR. Merchants and VARs should check with their
Processors before enabling PIN bypass.
3.6 Terminal Risk Management (Contact D-PAS Step 7)

Chip-enabled terminals complete several checks to confirm that transaction processing is occurring within
the risk limits set by the Payment Brand, Acquirer Processor and the Issuer. The following table outlines
both mandatory and optional checks to be programmed in the terminal. Note that the Acquirer Processor
may have already pre-programmed these parameters in the terminal.
Check Mandatory / Description

Optional
Floor Limits Mandatory Merchants / VARs may use the chip card terminal floor limits associated with
each Merchant category or choose a zero floor limit.
It is recommended that terminals that are capable of storing multiple floor
limits specify separate floor limits for magnetic stripe and chip card
transactions. To support a floor limit other than $0 (or local equivalent), the
terminal must be able to store a separate floor limit for magnetic stripe and
chip card transactions.
Random Transaction Mandatory Acquirers are advised to work with their Merchants to identify the terminal
Selection settings for random transaction selection.
It is recommended that terminal parameters are adjusted to ensure that a
bias is applied.
Exception File Optional It is recommended that exception file checking is performed at offline-only
terminals. Talk to your Acquirer Processor for more details.
Transaction Optional Merchants can implement a function that allows the Attendant to manually
Forced Online force a transaction online. This function can be employed if the Attendant is
suspicious of the Cardholder and wants to ensure that the Issuer authorizes
the transaction. If Merchants would like to implement transaction forced
online functionality, Merchants and VARs should work with their Acquirer
Processor to set guidelines for when this functionality should be used.
3.7 First Terminal Action Analysis (Contact D-PAS Step 8 and Contactless D-PAS Step 7)
A terminal / reader device performs the first Terminal Action Analysis step using different considerations
for contact or contactless D-PAS transactions.
3.7.1 Contact D-PAS

The terminal stores the results of the previous steps and analyzes them to make a recommendation to
the chip card as to whether it should decline, send online or approve the transaction.
Rules governing the levels of acceptable risk for various transaction conditions are set for:
• The terminal by the Payment Brand and the Acquirer via rules called Terminal Action
Codes (TACs).
• The chip card by the Issuer via card rules called Issuer Action Codes (IACs).
For the purposes of this Guide, DFS is the Payment Brand responsible for setting the TACs. The
applicable D-PAS contact TAC values listed in the following table must be stored in terminals as a
prerequisite to the acceptance of chip cards. Terminals must store only the set of TAC values that is
relevant to the functionality supported by the terminal.
Note that there are no TACs for contactless transactions.

®
Refer to Section 5.2 Discover EMV Program Matrix for TAC values for Discover Network D-PAS and
®
Discover Debit U.S. Common AID, JCB J/Smart and UnionPay UICS.
3.7.2 Contactless D-PAS

This step is completed with the contactless card or payment device outside of the landing zone and
includes card / device application recommendations collected during Step 2 – Initiate Application
Processing. As part of this step the following checks are performed by the terminal: card decision, CDA
check results, application expiry date check and processing restrictions results.
3.8 Transaction Completion (Contact D-PAS Step 13 & Contactless Step 9)

3.8.1 Transaction Completion for Contact D-PAS
In Step 10, the terminal sends the transaction online to the Issuer. As a response to the online processing
request, the Issuer then returns an Authorization Response, which approves or declines the transaction.
The terminal may perform a Second Terminal Action Analysis (Step 11). The contact card may also
perform a Second Card Action Analysis (Step 12).
Transaction completion (Step 13) occurs when the terminal receives either an approval or decline
response to one of its cryptogram requests. The terminal then executes the approval or decline requested
by the chip card. At the conclusion of processing, the transaction result is displayed to the Cardholder.
The receipt is printed or emailed (and signed if required), and the terminal stores any required
transaction data.
3.8.2 Transaction Completion for Contactless D-PAS

Please note that for Contactless D-PAS, online processing (Step 8) is conditional. It must be performed
only if the final decision taken by the card is to perform an online transaction.
Contactless D-PAS Step 9 is the final step of the transaction. This step tells the Cardholder the final
decision and processes additional functions depending on the decision taken. The results could be one of
the following:
• Offline processing: Approval or decline – Transaction is not sent to the issuer for decisioning.
• Online processing: Approval or decline – Transaction is sent to the Issuer for decisioning.
• Switch to another interface.
3.8.3 Switch to Another Interface (Contactless D-PAS Only)

If the transaction cannot be processed using the contactless interface, and the contactless card or
payment device supports another interface, then the terminal will indicate that the cardholder use an
alternate interface.
From To Comments
Contactless D-PAS Contact D-PAS The terminal may switch to contact chip interface due to several reasons.
The transaction is restarted as a standard Contact D-PAS transaction.
Contactless D-PAS Magnetic Stripe If the switch to contact D-PAS is not possible, the transaction must switch to
Transaction a magnetic stripe transaction. Magnetic stripe transactions have a higher risk
than D-PAS; therefore, it must follow specific rules:
• The transaction must go online.
• The transaction must be identified with a specific fallback indicator
value. See 3.10 for more details.
3.8.4 Receipt Requirements

The following table lists the EMV data that may be added to the receipt.
Receipt Data Requirement
AID Mandatory
Approval Code Mandatory: Include either an online approval code or an offline approval code created
by the terminal.
Cryptogram Optional
Application Preferred Name or Optional
Application Label
PIN Verification Statement Optional
®
Note: In addition to the EMV receipt requirements listed above, Discover has additional receipt
requirements that are listed in the Operating Regulations. Please consult your Processor for complete
receipt requirements.
3.9 Conclusion of Processing / Chip Card Deactivation and Removal

3.9.1 Contact Deactivation and Removal (Contact D-PAS Step 15)
The terminal displays the result of the transaction to the Attendant and the Cardholder as follows:
• If the transaction has been declined, the terminal displays an appropriate message and then
indicates that the chip card can be removed from the reader.
• If the transaction has been approved, the terminal displays a message indicating that the chip
card can be removed from the reader and prints a receipt.
• If a signature was provided, the Attendant compares the signature on the receipt with the
signature on the back of the card.
3.9.2 Contactless Transaction Conclusion

The transaction result is displayed on the terminal to the Cardholder and the Merchant. It can also be
displayed on the reader. A receipt can be printed or e-mailed as required by Merchant or Cardholder.
3.10 Technical Fallback

Technical fallback may occur when a chip card is used at a chip-enabled terminal, but a technical failure
of the card or the terminal prevents the transaction from being processed using the chip’s functionality.
With all chip cards, technical fallback must be correctly identified in the authorization message so that the
Issuer can make an informed decision whether to approve or decline the technical fallback transaction. All
technical fallback transactions must be sent online.
3.10.1 Fallback Scenarios

The following table shows common scenarios encountered and whether these transactions should be
flagged as fallback or not. Please consult your Processor for specific fallback indicators.
Mode Transaction Comments

Needs to be
Flagged as
Fallback
Unknown AID or AID No If the terminal is not able to recognize any of the applications supported
Not Found by card, the terminal should allow the transaction to be processed as
magnetic stripe.
Chip Card Error Yes A technical error in communication between the card and terminal has
prevented a chip transaction taking place. The terminal should prompt the
Cardholder to swipe the card.
Blocked Application No The terminal should terminate the transaction and it should not allow the
Cardholder to initiate a magnetic stripe transaction.
Blocked Card No The terminal should terminate the transaction and it should not allow the
Cardholder to initiate a magnetic stripe transaction.
Switch Interface Yes If a transaction cannot be completed as contactless D-PAS, and if a switch
Request from to contact D-PAS interface is not possible, the transaction must switch to a
Contactless D-PAS magnetic stripe.
to MS
3.11 Special Considerations for Merchants in the Restaurant / Bar, Lodging,

Car Rental and Petro Industries
3.11.1 Handling of Pre-Authorizations
Restaurants, bars, hotels, card rentals and gas stations should continue to request pre-authorizations as
done today for magnetic stripe swiped transactions. Pre-authorizations can be processed by:
1. Inserting or tapping the cardholder chip card or contactless device: In this scenario, the terminal
should retain pre-authorization data elements necessary to complete the sale. This includes:
• Chip related data
• Account number
• Expiration date
Because of PCI requirements, the terminal should extract and retain only the necessary data from
the chip.
2. As a card on file: Use existing magnetic stripe processing
Important: Gas stations accepting chip cards or contactless devices, should continue to submit a one-
dollar pre-authorization at Automated Fuel Dispensers (AFD) and completing an authorization advice
message with the actual sale amount within 60 minutes of fuel delivery.
3.11.2 Incremental Authorizations

In some instances, the pre-authorization is not sufficient to cover the amount to be charged to the
cardholder. In this case an Incremental Authorization(s) may be used. Similar to any pre-authorization
incremental authorizations are processed by:
1. Inserting or tapping the cardholder chip card or contactless device: In this scenario, the terminal
should retain data elements necessary to complete the sale. This includes:
• Chip related data
• Account number
• Expiration date
Because of PCI requirements, the terminal should extract and retain only the necessary data from
the chip.
2. As a card on file: Use existing magnetic stripe processing
3.11.3 Sale Completion

Sale completion occurs when the final transaction amount is known and the merchant is ready to charge
the cardholder. If a pre-authorization or incremental authorization was completed with a chip card or
contactless device, the clearing message needs to include chip related data and its associated
data elements.
3.11.4 Terminal Configuration for AFDs

Transactions at AFDs must be transmitted online. Terminal parameters should be set in the following
ways to ensure transactions are always authorized online:
• Configured to act as an online-only, unattended terminal
• Utilize a $0 floor limit
• Utilize the following Terminal Action Codes (TACs):
TAC values for Offline Data Authentication Supported

Terminal Action Code – Denial = ‘0010000000’
Terminal Action Code – Online = ‘FCE09CF800’
Terminal Action Code – Default = ‘DC00002000’
TAC values for Offline Data Authentication Not Supported

Terminal Action Code – Denial = ‘0010000000’
Terminal Action Code – Online = ‘FFFFFFFFFF’
Terminal Action Code – Default = ‘FFFFFFFFFF’
Chapter 4: Point-of-Sale Solution Selection 24
Merchants and Issuers should carefully consider the type of point-of-sale (POS) solution that best works
for their business model and the needs of their Customers. They also should consider the certification
requirements for each option, including device certification and end-to-end certification. The following
table outlines solutions available in the market. Please contact your Terminal Manufacturer and
Processor for more details and options.
POS Type Description
Stand-Alone Chip-enabled terminal device or peripheral is connected directly to the Acquirer Processor.
Updates are managed by the Acquirer. Ideal for small Merchants currently using
stand-alone terminals.
Semi-Integrated Chip-enabled terminal device or peripheral is integrated into a new or existing POS software
application. The payment device can be connected through a payment gateway or directly to the
Acquirer. Terminal updates are managed either by the Payment Gateway or the Acquirer.
Integrated Chip-enabled reader is fully integrated into the POS solution or a stand-alone peripheral.
Merchant, Payment Gateway and/or Acquirer / Processor may be responsible for managing
terminal updates.
4.1 Device Certification

Device certification is completed by the Device Manufacturer or Original Equipment Manufacturer. Below
are some common terms used during the device certification process.
• EMV Kernel is a set of functions that provides all the necessary processing logic and data that is
required to perform an EMV contact or contactless transaction. The kernel will be called from the
terminal's payment application and utilize the Interface Device (IFD) to perform necessary data
4
exchanges with the card .
Note: Contactless EMV requires a kernel for each Payment Network implemented.
• Level 1 Approval (Hardware): Level 1 tests compliance with the electromechanical
characteristics (contact) or the analog characteristics (contactless) and logical protocol
5
requirements defined in the EMV Specifications.
• Level 2 Approval (Software): Level 2 type approval process tests compliance with the application
5
requirements as defined in the EMV Specifications.
- Please Note: Contactless Level 2 approvals follow the individual Payment Network
requirements. A valid contactless Level 1 Letter of Approval (LoA) is a prerequisite to
contactless Level 2 certification.
®
Discover Type Approval (for EMV contactless devices only): Verification by Discover that a specified
composite Target of Evaluation (TOE) has demonstrated sufficient conformance to the Discover
5 6
Specifications for its stated purpose and Discover specifications are used . EMVCo does not have a
single common contactless specification for terminals as there is for contact terminals.
5
Source: EMVCo www.emvco.com
6
Source: Type Approval Process V2.2
4.1.1 Device Certification Requirements

Device certification should be completed prior to beginning end-to-end (E2E) certification. Because Level
1 and Level 2 approvals do expire, EMVCo and Discover Network require approvals to be renewed at
defined intervals to maintain compliance. Please check with your Terminal Provider, Acquirer or
Processor for Level 1 and Level 2 expiry dates.
Certification initiator
Certification Type What it includes
Contact EMV Contactless EMV
Addresses hardware conformance

Level 1 EMVCo EMVCo
with EMV specifications
Addresses application The certification for Discover Network
Level 2 EMVCo
software conformance is called "Discover Type Approval"
4.2 End-to-End Certification Requirements

E2E terminal certification must be completed for each Payment Network supported by the terminal.
Each terminal application, combined with any middleware software product, should be certified by
each Processor.
The purpose of E2E testing is to:

• Demonstrate that the deployed terminals meet the requirements of both the Acquirer and the
Discover Network.
• Demonstrate the terminals’ acceptance of D-PAS.
• Send authorization requests and receive authorization responses among terminals, Acquirer host
systems and Discover Network.
• Demonstrate that terminals can process chip-based functions including PINs, fallback transactions
and CVMs as supported by the terminal.
A high-level example of an end-to-end environment is provided in the following figure. For detailed
information regarding the system architecture, requirements and configuration refer to the approved Test
Tool documentation.
Initiator Requirements E2E Fulfillment
ISV Terminal Product Already Certified

Fully-Integrated Solution Contact: EMVCo Level 1 and Level 2
Contactless and Mobile: EMVCo Level 1 and DFS type approval
Gateway Test Plan
Supporting Semi-Integrated Provided by processor
Solutions • Contact D-PAS test plan
• Contactless D-PAS test Plan Acquirer / Processor
Original Equipment End-to-End Test Tool
Manufacturer (OEM)
EMV-Capable POS 1. Issuer host simulator
Terminal / Peripheral 2. Card simulator or test card plastics
3. Test tool
Consult with your Processor before buying any E2E tool.
Acquirer / Processor defines use of physical or card simulator.
®
Discover D-PAS or
Payment Device
Acquirer Host Acquirer Test Tool
Discover-Approved
Smart Card Simulator Terminals
4.2.1 Discover® Quick Chip

The objective of Discover Quick Chip is to offer Merchants increased flexibility in connection with EMV
implementation that may help merchants streamline chip card transaction processing on chip-enabled
terminals. Please contact IntegratedPayments@Discover.com to obtain a copy of the Discover Contact
D-PAS: Discover Quick Chip Implementation Guide, which describes the modified D-PAS deployment
procedures that are required to implement Discover Quick Chip.
4.3 Production Validation Requirements

Production validation is required to verify that D-PAS- and J/Smart-certified terminals, and the associated
infrastructure, are performing correctly in the production environment. Production validation must be
performed in a live environment as part of an initial pilot or rollout for each unique combination of terminal,
application and Processor.
Production validation test transactions are executed using live but unfunded D-PAS and J/Smart test
cards at deployed terminals or terminals in a live laboratory environment. To request production validation
test cards, please contact IntegratedPayments@Discover.com.
4.3.1 Steps to Complete Production Validation:

To complete production validation, please follow these steps:
• Process a $1.00 sales amount of higher – Please use all the cars provided for this purpose.
• A “Decline” response such as “Restricted Card” is expected.
• Responses such as “Application not found” or “Application error” indicated that the terminal is not
enabled to accept Discover Network Chip cards.
®
• Notify Discover that testing was completed so that we can validate the test transactions. Please
email IntegratedPayments@Discover.com.
Chapter 5: Production Rollout 28
5.1 Production Rollout Check List

The following list highlights important steps in ensuring a successful EMV rollout for Merchants and
VARs. This not intended to be a compressive list. Please consult with your Processor or Discover
Network for more details.
Certification
Check with your terminal provider, acquirer and processor to confirm who is responsible for renewing Level 1 and
Level 2 certifications.
Complete E2E certification for each unique terminal application and configuration combination if utilizing a fully-
integrated solution.
Confirm that your partner completed E2E certification if utilizing a semi-integrated solution.
Terminal Configuration / Terminal Management
Confirm who is responsible for updating your terminals: adding new AIDs, updating or replacing CA PKs, etc.
Verify AIDs have been loaded on the EMV terminals. (See Table 5.2 for details).
Ensure production CA PKs were loaded and replaced test CA PKs.
Ratify the Application Version Number Check is “0001.” It is recommended that terminals hold one additional
Application Version Number slot open for future use.
Confirm the terminal can store up to six CA PKs per card brand.
Ensure TACs were properly coded.
Support for the minimum chip card-related data elements for authorization and batch data capture.
If supporting Contactless D-PAS
If supporting contact and contactless D-PAS, terminals must not allow both interfaces to be activated
simultaneously. If one interface is powered on, the other interface must be switched off.
Support Zip AID to allow for application switch from Contactless D-PAS to magnetic stripe.
Set terminal amount limits (if any) based on Merchant decision and direction received from your Processor. Please
®
note that Discover does not have any transaction amount limit established for contactless D-PAS transactions.
Add decal signage at your POS advertising your merchant accepts contactless payments
Training and Pilot
Train your employees on how to process contact and contactless transactions. Review the resources that Discover
has created to assist you with this task www.discovernetwork.com/chip-card/merchants/resource_center.html
Request production validation EMV test cards by contacting IntegratedPayments@Discover.com.
Complete production validation test transactions.
Validate purchase, refund and cancellations.
Confirm receipt is printing EMV-related data.
Follow fallback to magnetic stripe processing.
Other Important Consideration

®
Ensure support for all Discover IIN/BIN ranges. (See Appendix D).
Validate acceptance of a variable PAN length of up to 19 bytes.
Support for terminal floor limits.
Terminals accepting a PIN must comply with the PCI PED security requirements.
5.2 Discover® EMV Program Matrix (V2.0 Published Jan 2017)

The following table summarizes AID parameters supported by Discover for the U.S. market.
Unionpay integrated circuit cards (UICS)
® ®
Discover Zip
Quasi Credit
Common AID
Discover U.S.
D-PAS (Proprietary) JCB J/Smart Contactless
Common debit
Credit
Debit
U.S.
Magnetic Strip
AID A0000003 A0000003 A0000003 A0000003

A0000001523010 A0000001524010 A0000000651010 A0000003241010
33010102 33010103 33010101 33010108
Partial Allowed and
Match Allowed and strongly encouraged Not allowed strongly
encouraged
Example of Discover Card,
®
Issuers Diners and Net to Discover Debit
® JCB branded
Net Partners (BC Card, PULSE UnionPay branded cards Discover Card
cards
Card, RuPay, elo issuers.
Interswitch, etc.).
Interfaces Contactless
Contact EMV & Contactless EMV Contact EMV Contact EMV
Supported Magnetic Strip
Application 0001
0001 0200 (for EMV
Version (Recommend
(Recommend v4.x compliance) 0020 (For both v3.1.1 & v4.x Compliance)
Number terminals hold
terminals hold one 0120 (for EMV
one additional slot
additional slot open v3.1.1
open for DFS
for DFS future use.) compliance)
future use.)
Fallback to
Magnetic Supported when chip cannot be read (damaged). Supported when chip cannot be read (damaged).
Stripe
For AID Transaction should be initiated by magnetic strip but should not Transaction should be initiated by magnetic strip but
Not Found be coded as fallback. should not be coded as fallback.
For
Application Not allowed
Blocked
PIN
PIN
If PIN is supported for any payment brand, Online PIN and Offline PIN must be supported for Discover Network
Support
PIN Bypass Supported
(Continued on next page.)
Unionpay integrated
circuit cards (UICS)
® ®
Discover Zip
Common AID
Quasi Credit
D-PAS (Proprietary) Discover® U.S. Common debit JCB J/Smart Contactless
Magnetic Strip
Credit
Debit
U.S.
Contact EMV
TACs for ODA ODA Not ODA ODA Not ODA ODA Not
ODA Supported / ODA
Contact Supported Supported Supported Supported Supported Supported
Not Supported
Interface
Denial 0010000000 0010000000 0010000000 0010000000 0010000000
0010000000
Online FCE09CF800 30E09CF800 FCE09CF800 FFFFFFFFFF FC60ACF800
D84004F800
Default DC00002000 1000002000 DC00002000 FFFFFFFFFF FC6024A800
or D84000A800
FC60242800
Offline Allowed, please contact Online Authorization is required Allowed, please contact
Transaction processor for details. DFS limit for all Transactions originating processor for details. DFS Online Authorization is
Limit is $300.00 from Discover U.S. Common limit is $300.00 required for all UP
Debit AID Transactions.
(with MCC exceptions) (with MCC exceptions)
EMV Fraud October 2015, all industries October 2015, all industries As of publication date,
As of publication date, JCB
Liability Shift except AFD except AFD UnionPay has not
has not announced EMV FLS
October 2020, AFD October 2020, AFD announced EMV FLS for
for the U.S for transactions
the U.S for transactions
processed through
processed through
Discover Network
Discover Network
CVM Online
Online
Supported PIN,
PIN, No
Online PIN, Offline Enciphered Online PIN, No CVM, Online PIN, Offline Offline
CVM,
PIN, Offline Plaintext PIN, Enciphered PIN, Offline Plain Plaintext
Signature (via No CVM) Offline
Signature, No CVM Text PIN, Signature, No CVM PIN,
Plaintext
Signature,
PIN
No CVM
Terminal ODA support is optional. All offline-capable contact
ODA All offline-capable contact chip All offline-capable contact chip
If support ODA, terminal must chip Terminals are
Requirement Terminals are required to Terminals are required to
support both SDA and DDA. CDA required to support SDA
support SDA and DDA, it is support SDA and DDA, it is
support is optional. If it is and DDA, it is
recommended that they also recommended that they also
supported by the terminal, it must recommended that they
support CDA. support CDA.
be supported using also support CDA.
(Continued on next page
Discover® Zip®
Common AID
Quasi Credit
Discover® U.S.
D-PAS (Proprietary) JCB J/Smart Contactless
Common debit
Credit
Debit
U.S.
Magnetic Strip
Contactless EMV
TACs for Do not apply. Do not apply.

Contactless Contactless D-PAS do Contactless D-PAS do
Interface not require TACs. not require TACs.
Online Authorization is
Allowed, please
required for all
Offline contact processor for
Transactions
Transaction details. DFS limit is
originating from
Limit $300.00 (with
Discover U.S.
MCC exceptions)
Common Debit AID
Contactless
Transaction No limit No limit
Limit
As of publication of As of publication of
this document, this document,
EMV FLS Contactless Contactless
transactions do not transactions do not fall
fall into EMV FLS into EMV FLS
Online PIN
Online PIN
CVM No CVM
Signature
Supported Signature (via
No CVM
No CVM)
ODA support is
All offline-capable optional.
Terminal
contactless Terminals
ODA If support ODA,
are required to
Requirement terminal must support
support CDA.
CDA.
Discover® Zip®
Common AID
Quasi Credit
D-PAS Discover® U.S.
JCB J/Smart Contactless
(Proprietary) Common debit
Credit
Debit
U.S.
Magnetic Strip
Others
Default DDOL Must include the Unpredictable Number.
TDOL and
Terminal D-PAS, J/Smart & UICS does not require default terminal TDOL and terminal exception file
Exception File
No CVM Per DFS Operating Regulations, transactions below $50 do not require CVM.
Policy Please contact your processor to confirm requirements for No CVM.
Production
Required, using unfunded cards
Validation
CAPKS
J/Smart test
Test Yes, same for both Discover Proprietary and
CAPK with UCIS Test keys
Environment Debit Common AIDs
length 1408 bits
J/Smart
Production Yes, same for both Discover Proprietary and
Production UCIS Production Keys
Environment Debit Common AIDs
CAPKs
Test Cards
Test
Environment,
One pack contains Contact and Contactless D-PAS including Debit, J/Smart & UICS test cards.
physical
test cards
Production
Environment,
Available upon request. One pack contains Contact D-PAS, J/Smart & UICS test cards.
unfunded
cards
Appendix A 33
DFS CA Test Payment System Public Keys

1. Key Length 1152 Bits – PKI 91 Test
Field Name Length Description Value
RID 5b Identifies the payment system A0 00 00 01 52

to which the CA PK is
associated
CA Public Key Index 1b Identifies the CA PK in 5B
conjunction with the RID
CA Hash Algorithm 1b Indicates the hash algorithm 01
Indicator used to produce the Hash
Result in the digital signature
scheme
CA Public Key 1b Indicates the algorithm to be 01
Algorithm Indicator used with the CA PK
CA Public Key 144b Value of the modulus part of D3 F4 5D 06 5D 4D 90 0F 68 B2 12 9A FA 38 F5 49
Modulus the CA PK AB 9A E4 61 9E 55 45 81 4E 46
8F 38 20 49 A0 B9 77 66 20 DA 60 D6 25
37 F0 70 5A 2C 92 6D BE AD 4C A7 CB 43 F0 F0
DD 80 95 84 E9 F7 EF BD A3 77 87 47 BC 9E 25 C5
60 65 26 FA B5 E4 91 64
6D 4D D2 82 78 69 1C 25 95 6C 8F ED 5E 45 2F 24
42 E2 5E DC 6B 0C 1A A4 B2 E9 EC 4A D9 B2 5A
1B 83 62 95 B8 23 ED DC 5E B6
E1 E0 A3 F4 1B 28 DB 8C 3B 7E 3E 9B 59 79 CD 7E
07 9E F0 24 09 5A 1D 19 DD
CA Public Key 1b CA PK Exponent equal to 3 03
Exponent
CA Public Key 20b A check value calculated on the 4D C5 C6 CA B6 AE 96 97 4D 9D C8 B2 43 5E 21
Check Sum concatenation of all parts of the F5 26 BC 7A 60
CA PK (RID, CA Public Key
Index, CA Public Key Modulus,
CA Public Key Exponent)
using SHA-1
Appendix A 34
2. Key Length – 1408 Bits – PKI 92 Test
RID 5 Identifies the payment A0 00 00 01 52

system to which the CA PK
is associated
CA Public Key Index 1 Identifies the CA PK in 5C
CA Hash Algorithm 1 Indicates the hash algorithm 01
Indicator used to produce the Hash
Result in the digital
signature scheme
CA Public Key 1 Indicates the algorithm to be 01
Algorithm Indicator used with the CA PK
CA Public Key 176 Value of the modulus part of 83 3F 27 5F CF 5C A4 CB 6F 1B F8 80 E5 4D CF EB
Modulus the CA PK 72 1A 31 66 92 CA FE B2 8B 69 8C AE CA FA 2B
2D 2A D8 51 7B 1E FB 59 DD EF C3 9F 9C 3B 33
DD EE 40 E7 A6 3C 03 E9 0A 4D D2 61 BC 0F 28
B4 2E A6 E7 A1 F3 07 17 8E 2D 63 FA 16 49 15 5C
3A 5F 92 6B 4C 7D 7C 25 8B CA 98 EF 90 C7 F4 11
7C 20 5E 8E 32 C4 5D 10 E3 D4 94 05 9D 2F 29 33
89 1B 97 9C E4 A8 31 B3 01 B0 55 0C DA E9 B6 70
64 B3 1D 8B 48 1B 85 A5 B0 46 BE 8F FA 7B DB 58
DC 0D 70 32 52 52 97 F2 6F F6 19 AF 7F 15 BC EC
0C 92 BC DC BC 4F B2 07 D1 15 AA 65 CD 04 C1
CF 98 21 91
CA Public Key 1b CA Public Key Exponent 03
Exponent equal to 3
CA Public Key Check 20 A check value calculated on 60 15 40 98 CB BA 35 0F 5F 48 6C A3 10 83 D1 FC
Sum the concatenation of all parts 47 4E 31 F8
of the CA PK (RID, CA Public
Key Index, CA Public Key
Modulus, CA Public Key
Exponent) using SHA-1
Appendix A 35
3. Key Length – 1984 Bits – PKI 93 Test
RID 5b Identifies the payment A0 00 00 01 52

system to which the CA PK
is associated
CA Public Key Index 1b Identifies the CA PK in 5D
CA Hash 1b Indicates the hash 01
Algorithm Indicator algorithm used to produce
the Hash Result in the
digital signature scheme
CA Public Key 1b Indicates the algorithm to 01
Algorithm Indicator be used with the CA PK
CA Public Key 248b Value of the modulus part AD 93 8E A9 88 8E 51 55 F8 CD 27 27 49 17 2B 3A 8C
Modulus of the CA PK 50 4C 17 46 0E FA 0B ED 7C BC 5F D3 2C 4A 80 FD
81 03 12 28 1B 5A 35 56 28 00 CD C3 25 35 8A 96 39
C5 01 A5 37 B7 AE 43 DF 26 3E 6D 23 2B 81 1A CD
B6 DD E9 79 D5 5D 6C 91 11 73 48 39 93 A4 23 A0 A5
B1 E1 A7 02 37 88 5A 24 1B 8E EB B5 57 1E 2D 32 B4
1F 9C C5 51 4D F8 3F 0D 69 27 0E 10 9A F1 42 2F 98
5A 52 CC E0 4F 3D F2 69 B7 95 15 5A 68 AD 2D 6B 66
0D DC D7 59 F0 A5 DA 7B 64 10 4D 22 C2 77 1E CE
7A 5F FD 40 C7 74 E4 413 79 D1 13 2F AF 04 CD F5
5B 95 04 C6 DC E9 F6 17 76 D8 1C 7C 45 F1 9B 9E
FB 37 49 AC 7D 48 6A 5A D2 E7 81 FA 9D 08 2F B2 67
76 65 B9 9F A5 F1 55 31 35 A1 FD 2A 2A 9F BF 62 5C
A8 4A 7D 73 65 21 43 11 78 F1 31 00 A2 51 6F 9A 43
CE 09 5B 03 2B 88 6C 7A 6A B1 26 E2 03 BE 7
CA Public Key 1b CA Public Key Exponent 03
Exponent equal to 3
CA Public Key 20b A check value calculated on B5 1E C5 F7 DE 9B B6 D8 BC E8 FB 5F 69 BA 57 A0
Check Sum the concatenation of all 42 21 F3 9B
parts of the CA PK (RID,
CA Public Key Index, CA
Public Key Modulus, CA
Public Key Exponent)
using SHA-1
Appendix B 36
DPAS Acronyms
Acronym Meaning
AC Application Cryptogram
AFD Automated Fuel Dispenser
AID Application Identifier
CA Certification Authority
CAPK Certification Authority Public Key
CAPKI Certification Authority Public Key Index
CDDA Combined Dynamic Data Authentication and Application Cryptogram Generation
CVM Card Verification Method
DDA Dynamic Data Authentication
DDOL Dynamic Data Authentication Data Object
DFS Discover Financial Services
D-PAS D-Payment Application Specification
E2E End-to-End
EMV Europay, MasterCard, Visa
ICC Integrated Circuit Cards
ISO International Organization for Standardization
NFC Near Field Communication
ODA Offline Data Authentication
OEM Original Equipment Manufacturer
PAN Primary Account Number
PIN Personal Identification Number
POS Point-of-Sale
RID Registered Application Provider Identifier
RFF Radio Frequency Field
SDA Status Data Authentication
TAC Terminal Action Code
TDOL Transaction Certificate Data Object List
TVR Terminal Verification Results
UICS UnionPay Integrated Circuit Chip Card Specifications
VAR Value-Added Reseller
Appendix C 37
DPAS Terminology
Term Definition
AC A cryptogram computed by the chip card application and used by the Issuer to verify that a
request came from the card.
Acquirer An entity that processes credit and debit card payments on behalf of a Merchant.
Acquirer Processor A third-party entity designated by an Acquirer and approved by DFS for the purpose of
performing certain Acquirer obligations under the Acquirer Agreement and/or the Program
Guides, subject to the limitations and requirements set forth in the Acquirer Agreement, the
Acquirer Processor Agreement and the Program Guides.
AID An application identifier made up of the Registered Application Provider Identifier (RID) and
the Proprietary Identifier Extension (PIX).
Application PAN A valid Cardholder account number.
Authorization The process used to determine whether to approve a card sale or cash advance in
response to an authorization request.
Authorization Request A request submitted by a Merchant or Acquirer, through DFS or another person acting on
our behalf, to the Issuer for authorization of a card sale or cash advance.
CA PK The key of the CA asymmetric key pair that can be made public. Consists of a:
• CA PK Exponent – The value of the exponent part of the CA PK.
• CA PK Modulus – The value of the modulus part of the CA PK.
Cardholder A user of a credit, debit or prepaid payment card product.
CDA An offline authentication method performed by the terminal to verify a card via a
dynamic signature that is generated offline by the card and a cryptogram. The offline
DDA is a dynamic signature. The online Application Cryptogram Authentication is the
second signature.
Chip Card A card with an embedded integrated chip that is a contact chip payment device, a
contactless chip payment device or a dual interface payment device.
Chip Card Transaction A card transaction that takes place with a chip card at a chip card terminal that complies
with relevant operating regulations and technical specifications.
CVM Method used to ensure that the person presenting the card is the person to whom the
application in the card was issued.
DDA Offline Dynamic Data Authentication performed by the terminal to verify the dynamic
signature generated by the card for the transaction.
Note: The generated dynamic signature is different for each transaction.
EMV The global standard for credit and debit payment cards based on chip card technology.
EMV is a trademark owned by EMVCo, LLC.
Appendix C 38
EMVCo The corporation that manages, maintains and enhances the EMV ICC specifications
for chip-based payment cards and acceptance devices, including POS terminals
and ATMs.
Floor Limit An amount designated in a Merchant Agreement as the amount below which the Merchant
is not required to obtain an online authorization for a card sale.
®
ICC A card that has a chip embedded in it. Chip cards and Discover Contactless D-PAS Cards
embed such a chip.
ISO An agency that establishes and publishes international technical standards.
Issuer An entity that has signed a DFS Credit Issuer Agreement for the purpose of issuing
DFS payment cards in accordance with the DFS Operating Regulations and other
program documents.
JCB A financial services company based in Tokyo, Japan also known as JCB Co., Ltd. that
operates as the JCB payment network in Japan and also issues JCB payment partners on
its network for acceptance on its network.
Key A binary value that is used as part of an algorithm to encrypt or decrypt data.
Landing Zone The landing zone is the strongest RF point close to the reader. It is identified by the EMVCo
contactless symbol.
Merchant An entity engaged in commercial operations that comply with the requirements set out in the
Discover Operating Regulations and other program documents.
Merchant Agreement A signed, written agreement between an Acquirer and a Merchant that:
• Permits the Merchant to accept cards as payment for goods and services and cash at
the Acquirer’s discretion, but not in exchange for cash, cash equivalents or the funding
of value used for future purchases (“quasi-cash”) unless specifically approved in the
Acquirer Agreement.
• Describes the terms pursuant to which Acquirer shall pay Settlement Amounts to the
Merchant for card transactions accepted by the Merchant.
• Provides a sublicense to the Merchant governing the Merchant’s use of the
program marks.
• Describes the program services provided by Acquirer to the Merchant to support
card acceptance.
ODA The process of validating a contactless EMV card offline at POS via CDA.
PAN The unique identifying number that is assigned by the Issuer to the card at the time of
card issuance.
Payment Brand An organization that manages a network to facilitate payments between Cardholders and
Merchants.
Payment Device Contactless D-PAS products can be issued in many different forms such as key fobs,
stickers or mobile phones. These devices are collectively known as “contactless
payment devices.”
PIN The personal identification number or code assigned by an Issuer that may be used by the
Cardholder to facilitate a card sale or cash advance on a POS device.
PIX An optional data element assigned by the application provider of up to 11 bytes which is
part of the structure of the AID.
Appendix C 39
PKI Identifies a CA PK pair used in CDA.

Plaintext Unenciphered information.
POS Device An electronic card reader, chip card terminal, cash register or terminal and any necessary
software, located at the physical premises of a Merchant that is capable of electronically
capturing data from cards and receiving electronic evidence of authorization responses and
which may also be capable of transmitting electronic evidence of sales data.
Reader A device that can communicate with a contactless D-PAS card using the RF interface.
Readers may be physically separate from a terminal or integrated inside.
RF Field Radio Frequency Field. Contactless field generated by the Contactless Reader. The
Contactless Card must enter the RF field near the Reader landing zone to initiate a
Contactless Transaction.
RID Part of an AID that is unique to an application provider and assigned according to
ISO / IEC 7816-5.
SDA An authentication performed by the terminal to verify the static signature placed on a card
during the card personalization process.
Terminal An electronic device that accepts and processes payment transactions.
Terminal Contactless This data sets the CVM limit for a particular AID based on the amount of the transaction. If
CVM Limit the amount of the transactions is greater than or equal to this limit, the terminal will ask the
card to perform Cardholder Verification.
Token A surrogate value for a PAN that limits exposure to the PAN.
VAR An entity that adds features or services to an existing product, then resells it (usually to end-
users) as an integrated product or complete turnkey solution.
Appendix D 40
Issuer Identification Number (IIN) Ranges that Operate on the Discover network:
®
Discover iin (bin) Range Table
Start End Issuing Network Credit / Debit Min Digits Max Digits
30000000 30599999 DCI Credit 16 19
30950000 30959999 DCI Credit 16 19
35280000 35899999a JCB Credit 16 19
36000000 36999999b DCI Credit 14 19
38000000 39999999 DCI Credit 16 19
60110000 60110399 DN Both 16 19
60110400 60110499 PayPal Credit 16 19
60110500 60110999 DN Both 16 19
60112000 60114999 DN Both 16 19
60117400 60117499 DN Both 16 19
60117700 60117999 DN Both 16 19
60118600 60119999 DN Both 16 19
62212600 62292599c UnionPay Both 16 19
62400000 62699999c UnionPay Credit 16 19
62820000 62889999c UnionPay Credit 16 19
64400000 65059999 DN Both 16 19
65060000 65060099 PayPal Credit 16 19
65060100 65060999 DN Both 16 19
65061000 65061099 PayPal Credit 16 19
65061100 65999999 DN Both 16 19
a. This IIN Range (35280000 to 35899999) shall be enabled only by Merchants, Acquirers or their Processors in connection with
Merchant relationships, POS Devices or otherwise, within the 50 States of the United States of America and the District of
Columbia, Puerto Rico, the US Virgin Islands, the Northern Mariana Islands, Palau, and Guam, subject to certain exceptions in
Acquirer Agreements where applicable.
b. The PAN length for this IIN Range (36000000 to 36999999) is 14 digits.
c. The UnionPay IIN Ranges shall be enabled only by Merchants, Acquirers, or their Processors in connection with Merchant
relationships, POS Devices or otherwise, in the United States, Mexico, and the Caribbean*
* The United States of America, includes fifty States, the District of Columbia and all other U.S. territories, Protectorates, and non-
domestic U.S. military bases including American Samoa, Federated States of Micronesia, Guam, Marshall Islands, Northern
Mariana Islands, Palau, Puerto Rico and the U.S. Virgin Islands.

R4 Discover D-PASU.S.terminalGuide2017

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

R4 Discover D-PASU.S.terminalGuide2017

Uploaded by

Copyright:

Available Formats

D-PAS U.S.

Chip Terminal Guide

Version 1.1 / May 2017

Chapter 1 Getting to Know D-PAS Page 4

1.1 Introduction Page 4

1.2 Purpose of this Guide Page 4

1.3 Target Audience Page 4

Chapter 2 Understanding Chip Card Transactions Page 5

2.2 Chip Card Technology Page 6

2.4 EMVCo Role in Chip Card Specifications Page 7

2.6 Understanding Chip Transactions Page 8

Chapter 3 Implementing D-PAS Page 12

3.1 Important Chip Card Implementation Considerations Page 12

3.2 Pre-Transaction Processing (Contactless) Page 12

3.3 Application Selection Page 12

3.4 Offline Data Authentication (ODA) Page 13

3.5 Cardholder Verification Page 14

3.6 Terminal Risk Management Page 17

3.8 Transaction Completion Page 19

3.9 Conclusion of Processing / Chip Card Page 20

3.11 Special Considerations for Merchants in the Restaurant / Page 22

Chapter 4 Point-of-Sale Solution Selection Page 23

4.1 Device Certification Page 23

4.2.1 Discover Quick Chip Page 25

4.3 Production Validation Requirements Page 26

Chapter 5 Production Rollout Page 27

5.2 AID Parameters Page 28

Appendix A DFS CA Test Payment System Public Keys Page 32

1. Key Length 1152 Bits – PKI 91 Test Page 33

3. Key Length 1984 Bits – PKI 93 Test Page 33

Appendix C DPAS Terminology Page 36

Appendix D DFS IIN / BIN Table Page 39

1.2 Purpose of this Guide

1.3 Target Audience

2.1 EMV Fraud Liability Shift

Before October 2015

After October 20153

Counterfeit Fraud Liability Lost or Stolen Fraud Liability

Type of Card Type of Terminal Type of Card Type of Terminal

Chip and PIN Chip and Chip and PIN

2.2 Chip Card Technology

2.3 Contactless Technology

2.3.1 Contactless Transaction Modes

2.3.2 Contactless Logos

2.4 EMVCo Role in Chip Card Specifications

2.5 D-Payment Application Specification (D-PAS)

2.6 Understanding Chip Card Transactions

Chip Card Transaction Typical Magnetic Stripe Credit Card Transactions

Note that some steps may occur simultaneously.

2.6.1 How a Contact D-PAS Transaction Works

The following table provides a high-level description of each of these transactions.

2.6.2 How a Contactless D-PAS Transaction Works

Step Contactless D-PAS Transaction

1 The Merchant enters the purchase amount on the terminal.

3.1 Important Chip Card Implementation Considerations

3.2 Pre-Transaction Processing (Mandatory Step for Contactless D-PAS only)

3.3 Application Selection (Step 1 for Contact and Contactless D-PAS)

Specification Name AID Uses Territory

UICS = UnionPay Integrated Circuit Chip Card Specifications

Important AID Notes

Chip Card Terminal Requirements for ODA

CVM Type Description

3.5.1 CVM Support Considerations

Decision Factor Description