Professional Documents
Culture Documents
Each EMV transaction request is supposed to contain ARQC, which is a cryptogram generated from
the transaction data. In the context of EMV, a cryptogram can be thought of as a digital signature on
the financial transaction. A valid, verifiable cryptogram tells you two things:
the financial message originated from the source that it claims to be from
the contents of the message have not been altered
There are two cryptograms used in EMV: ARQC (Authorisation Request Cryptogram) and ARPC
(Authorisation Response Cryptogram). The first one, ARQC, is generated by the card (after taking
some values from the terminal), and hence it's part of a request message. The second one, ARPC, is
generated by the issuer and hence it's part of a response message.
The Card Key is unique to the card and the Session Key is unique to the transaction. It's Session Key
which is used for the final encryption in step 4.