Terminal and Card Communication

Get the CA Public Key

Decrypt the Issuer Public Key Certi cate File by the CA public Key and get the
Issuer Public Key

Verify the key in the Keystore with the public Key

Step 1 Done

Using the private key and the ICC public Key Modulus create the ICC Public Key
Certi cate File

Split this if greater than 176 .

Enter the Expiry Date,Certi cate Serial,PAN

Send the split certifcate data to Mobile

Decode ICCPublicKeyCerti cateFile

fi
fi
fi
fi
 https://www.openscdp.org/scripts/tutorial/emv/dda.html

DDF (Directory) - ADF (File) - AEF (Record)

Data Object - Tag + Length + Data Element

AEF (Record) - Group of Data Objects
ADF - Group AEFs referenced by SFI
Proximity Payment System Environment
PPSE Communication

SELECT COMMAND

GET PROCESSING OPTIONS

READ RECORD

GENERATE CRYPTOGRAM (TC+CDA)

IF the Application Identi er (ADF Name) (A0000000651010) is known, directly SELECT the ADF

Else select the DDF which will reveal all the APP ID with priority and select the ADF
SELECT using PPSE (2PAY.SYS.DDF01)
fi
APDU - Application Protocol Data Unit
After the reset, the communication between terminal and card works with APDUs.

Command APDU
The terminal sends a command APDU to the card. This command has a
mandatory header and an optional body.

CLA INS P1 P2 Lc Data Le

Header Trailer

Field Description
Class byte
CLA 0x00

Instruction byte
INS 0xA4:Select Command
0xB2:Read Record Command

Parameter 1 byte
P1 The function is dependent on INS.

Parameter 2 byte
P2 The function is dependent on INS.
Number of data bytes send to the card.
Lc The value of Lc will be calculated by the terminal. You don't have to state this
parameter.
Data Data byte
Number of data bytes expected in the response. If Le is 0x00, 256 bytes are
Le expected.

Response APDU

The card will execute the command and send a response APDU back to the
terminal. The response APDU has an optional body consisting of data and a
mandatory trailer with two status bytes "SW1" and "SW2". SW1 and SW2
result in a status word (SW). If the status word has the value 0x9000 (SW1 =
0x90, SW2=0x00), the command was successful.

Data SW 1 SW 2

Body Trailer
READ RECORD COMMAND
Code Value
CLA ‘ 00’h
INS ‘B2’h
P1 number of the record to read
P2 xxxxxx (SFI) zzz (P1 – entry number)
Lc Is Missing
Data Is Missing
Le ‘ 00’h














Case 1 to 4
Case 1
Command: Header
Response:Trailer

Case 2
Command: Header + Le
Response:Data + Trailer

Case 3
Command: Header + Data
Response: Trailer

Case 4
Command: Header + Data + Le
Response: Data + Trailer

SELECT COMMAND
Class of the command: 00 C1
Instruction code: A4
Parameter 1: 04
Parameter 2: 00
Field length: 0E
Data: 325041592E5359532E4444463031 (Hex of 2PAY.SYS.DDF01 DDF)
Expected response length: 00

00A404000E325041592E5359532E444446303100
00A404000E325041592E5359532E444446303100
00a404000e325041592e5359532e444446303100
Response
6F3B840E325041592E5359532E4444463031A529BF0C2661244F07A00000006510105016344134333
432323035303732363537303631363936348701019000

6F3B840E325041592E5359532E4444463031A529BF0C2661244F07A0000000651
0105016344134333432323035303732363537303631363936348701019000
6F File Control Information (FCI) Template

84 Dedicated File (DF) Name

325041592E5359532E4444463031

A5 File Control Information (FCI) Proprietary Template

BF0C File Control Information (FCI) Issuer Discretionary Data

61 Application Template

4F Application Identi er (AID) – card

A0000000651010

50 Application Label

JCB Prepaid








4 A 4 3 4 2 2 0 5 0 7 2 6 5 7 0 6 1 6 9 6 4

87 Application Priority Indicator

01
Application Priority Indicator
Indicates the priority of a given application or group of applications in a directory
A card can have more than 1 apps, the priority one is marked here

fi

6F3B840E325041592E5359532E4444463031A529BF0C2661244F07A0000000651
0105016344134333432323035303732363537303631363936348701019000
6F3b 84 0E

325041592E5359532E4444463031

325041592E5359532E4444463031

A5 29

BF0C 26

61 24

8407A0000000651010

50 16
346134333432323035303732363537303631363936348701
01
SELECT COMMAND (DIRECT AID SELECT)
Class of the command: 00 C2
Instruction code: A4
Parameter 1: 04
Parameter 2: 00
Field length: 07
Data: A0000000651010
Expected response length: 00

00A4040007A000000065101000
Response

6F4D8407A0000000651010A5425016344134333432323035303732
363537303631363936349F38039F52015F2D04363536459F110101
9F1216344134333432323035303732363537303631363936349000

6F File Control Information (FCI) Template

84 Dedicated File (DF) Name

A0000000651010

A5 File Control Information (FCI) Proprietary Template

50 Application Label

4 A 4 3 4 2 2 0 5 0 7 2 6 5 7 0 6 1 6 9 6 4

9F38 Processing Options Data Object List (PDOL)

9F5201
Code table according to ISO/IEC 8859 for
5F2D Language Preference
displaying the Application Preferred Name
Contains a list of terminal resident

6 5 6 E
en
data objects (tags and lengths)

JCB Prepaid
needed by the ICC in processing the

9F11 Issuer Code Table Index

GET PROCESSING OPTIONS

command (Something in terminal
needed by ICC)
01

Indicates the code table according to

9F12 Application Preferred Name

ISO/IEC 8859 for displaying the

Application Preferred Name

4A43422050726570616964

Expects : terminal capability Indicator

Expects 9F5201

1 - EMV Mode

PASS THE DATA IN THE

2 - Magstripe
NEXT COMMAND C3
3 - Both
GET PROCESSING OPTIONS COMMAND
C3
Class of the command: 80
Instruction code: A8
Parameter 1: 00
Parameter 2: 00 83 Command Template
Identi es the data eld of a
Field length: 03
command message 03 Terminal
Data: 8301 03 supports both EMV + Mag Stripe
1 - EMV Mode

Expected response length: 00 2 - Magstripe

3 - Both

[Request] 80A800000383010300
[Response] 770E8202198094081001010010020601

80A800000283010300
fi

fi

770E8202198094081001010010020601

77 E(14) 8202198094081001010010020601

Response Message Template Format 2

82 2(2) 1980

Application Interchange Pro le (AIP)

94 8(8) 1001010010020601

Application File Locator (AFL)

[State] 9000 fi
 1980
00011001 1000 0000
0
0 CardHolder
0 Verification id
1 supported
1
0 Terminal Risk
0 Management is to
1
be performed
0080 (Byte 2 Bit 8) EMV and Magstripe Modes Supported

1
0
0
0 Issuer
0
0
Authentication
0
0
Card Action Analysis
Terminal Action Analysis

Terminal Risk management

Terminal Risk Management will be done if present in Application Interchange Pro le

(AIP).

There are basically 3 actions/methods being done in this process:

Floor Limit: If a set amount is exceeded, go online for authorization. (TVR Terminal 1
Veri cation Result bit for Floor Limit will be set to 1)

Random Transaction Selection: Select random transactions for online processing ,

can include a bias for higher amounts to go online more often.(TVR bit for Random 2
Transaction Selection set to 1),

Velocity Checking - Checks counters (Lower Consecutive o ine limit, upper

consecutive o ine limit.) in the ICC to decide whether to go online. (TVR bit for 3
Velocity Checking set to 1)
fi

ffl

ffl

fi
 00

00
00 80 1000 0000
1

2
Cardholder Verification is Supported
Contactless CVM (Cardholder Veri cation Methods) limit:
an amount (in minor units) above which the terminal requires a
CVM. cardholder veri cation method (CVM) limit—is the
maximum amount a customer can pay with a contactless card
before they are prompted for a signature or PIN veri cation.

If the Limit is 100$ , any transaction leads than 100$ , needs

CVM, some cards limit is 0 that means for any transaction it
needs CVM
fi
fi
fi
Cardholder Verification is Supported
• Contactless maximum amount

• Contactless oor limit

• Contactless currency

• Contactless reader limit

• Contactless CVM limit

fl
Cardholder Verification is Supported
Contactless reader limit: maximum transaction
amount for a contactless transaction. If the amount is
higher than the contactless CVM limit set by the card
scheme, the transaction will start without prompting
the cardholder to insert a card. We recommended
leaving this setting at the default, to allow for mobile
phone and smart watch payments.
Cardholder Verification is Supported
Contactless currency: currency for which contactless
transactions are accepted. This is the currency of the
country where the store is located.

Contactless oor limit: minimum transaction amount for

an o ine contactless transaction. The default is 0.

Contactless maximum amount: maximum transaction

amount for a contactless transaction. If the amount is
higher and the terminal general maximum allows it, the
transaction will start without activating the NFC reader.
ffl
fl
Application File Locator (AFL)
Indicates the location (SFI, range of records) of the AEFs related to a given
application

Tells you where to get the Issuer Certi cate , ICC Certi cate and
other details, these infos are stored in the IC Card in a AEF identi ed
by SFI (Short File index) has a number

Returned AFL - 1001010010020601

fi
fi
fi
 Returned AFL - 1001010010020601
Every 4 bytes stick together. Take the 4 bytes and do the
decoding
10020200 18010701

Lets Take : 10010100 10 02 02 00

The ve most signi cant bits are the SFI.The three least
signi cant bits are set to zero. 10 -> 00010000 (SFI - 2)

Start Record : 01

End Record : 01

Number of records included in data authentication beginning

from the Start Record : 00
fi
fi
fi
 Returned AFL - 1001010010020601
Every 4 bytes stick together. Take the 4 bytes and do the
decoding
18 01 07 01

Lets Take : 10020601

The ve most signi cant bits are the SFI.The three least
signi cant bits are set to zero. 10 -> 00010000 (SFI - 2)

18 -> 00011000 (SFI - 3)

Start Record : 02 01

End Record : 06 07

Number of records included in data authentication beginning

from the Start Record : 01
fi
fi
fi
 Returned AFL - 1001010010020601
Every 4 bytes stick together. Take the 4 bytes and do the
decoding

Lets Take : 10020601

The ve most signi cant bits are the SFI.The three least
signi cant bits are set to zero. 10 -> 00010000 (SFI - 2)

Start Record : 02

End Record : 06

Number of records included in data authentication beginning

from the Start Record : 01
fi
fi
fi
COMMANDS TO TERMINAL
“10” - Encode to bits : 0001-0000 , Group first 5 bits
00010,000 -> Add 4 (100) -> out put becomes 00010100 ->
14

AFL - 1001010010020601
00B20114

}
FROM 1 to 1
00B20214

00B20314

00B20414

FROM 2 to 6
00B20514

00B20614
00101 000

COMMANDS TO TERMINAL
“10” - Encode to bits : 0001-0000 , Group first 5 bits
00010,000 -> Add 4 (100) -> out put becomes 00010100 ->
14

00B20214
AFL - 10020200 18010701
00B2011C

}
00011100
FROM 1 to 1
00B2021C
00011100
00B2031C
00101 000
00B2041C

FROM 2 to 6
00B2051C

00B2061C

00B2071C

 read record 1, le 2 1. 00B20114

read record 2, le 2 2. 00B20214

read record 3, le 2 3. 00B20314

read record 4, le 2 4. 00B20414

read record 5, le 2 5. 00B20514

read record 6, le 2 6. 00B20614

P1=record number, (P2-4)/8 = le number (SFI)
// read record 1, le 1 00B2010C 00
// read record 1, le 2 00B20114 00
// read record 1, le 3 00B2011C 00
// Read record 2, le 1 00B2021C 00
// Read record 1 le 4 00B20124 00
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 [Command] 00B2011400

READ RECORD Response Message Template

57 13(19) 3571114100152638 D 2401 221 1900262300000F

4
Track 2 Equivalent Data

5F20 2(2) 202F. Indicates cardholder name according to ISO 7813

Cardholder Name

9F1F 18(24) 313930303230303030303030303030363233303030303030

Track 1 Discretionary Data

• PAN = 3571114100152638 — card number itself.

• Separator eld = D — separator.

• Expiry Date = 24/01 — card expiry date. Through Jan 2024.

• Service Code = 221 — service code.

• Discretionary Data = 1900262300000F — so-called «discretionary data» where the values such as CVV/CVV2 can be
encoded.
Tag 5F20: Cardholder Name: 202F — name of the cardholder. It should be mentioned that contactless
cards never contain the cardholder name. It is done for the security purposes. For this reason, tag 5F20 is
either completely missing in the card profile, or has a certain random set of data. In our case, the cardholder
name is = «/».
313930303230303030303030303030363233303030303030 - Hex to String Gives below

190020000000000623000000

1900262300000F
fi
[Command] 00B2021400

5A 8(8) 3571114100152638

Application Primary Account Number (PAN)

5
5F34 1(1) 02

Application Primary Account Number (PAN) Sequence Number (PSN)

5F24 3(3) 240131

2401
Application Expiration Date

5F28 2(2) 0144

https://www.iso.org/obp/ui/#iso:code:3166:LK LK

Issuer Country Code

9F07 2(2) 2900

Application Usage Control (AUC)

8C 1B(27) 9F02069F03069F1A0295055F2A029A039C019F37049F35019F5303

Card Risk Management Data Object List 1 (CDOL1)

9F0D 5(5) 0000000000

Issuer Action Code - Default

9F0E 5(5) B450000000

Issuer Action Code - Denial

9F0F 5(5) 0000000000

Issuer Action Code - Online

1011 0100

0101 0000
Issuer Action Code - Online, Denial, Default

There are three kinds of every IAC/TAC list:

Online, Denial and Default.

IAC - Online

This speci es the issuer's conditions to

approve a transaction online.
fi
IAC - Default

If the Terminal has no online ability, the IAC - Default list speci es the issuers's conditions to reject a transaction.

Example:

Issuer Action Code - Default: FC40AC8000

Byte 1:

O ine data authentication was not performed (b8)

SDA failed (b7)

ICC data missing (b6)

Card appears on terminal exception le (b5)

DDA failed (b4)

CDA failed (b3)

Byte 2:

0000000000
Expired application (b7)

Byte 3:

Cardholder veri cation was not successful (b8)

PIN Try Limit exceeded (b6)

PIN entry required, PIN pad present, but PIN was not entered (b4)

Online PIN entered (b3)

Byte 4:

Transaction exceeds oor limit (b8)

Byte 5:

If TVR and IAC both have byte four b8 set to 1 the transaction will be rejected.
ffl
fi
fl
fi
fi
IAC - Denial
This speci es the issuer's conditions to reject a transaction.

Example: 1011 0100 0101 0000

Issuer Action Code - Denial: 0010180000 B450000000
Byte 1:
Byte 2:
Requested service not allowed for card product (b5)
Byte 3:
PIN entry required and PIN pad not present or not working (b5)
PIN entry required, PIN pad present, but PIN was not entered (b4)
Byte 4:
Byte 5:
The transaction will be rejected, if byte three b5 is set to 1 in the TVR and IAC.
fi
Issuer Action Code - Online: FC68BC9800

Byte 1:

O ine data authentication was not performed (b8)

SDA failed (b7)

ICC data missing (b6)

Card appears on terminal exception le (b5)

DDA failed (b4)

CDA failed (b3)

Byte 2:

Expired application (b7)

Application not yet e ective (b6)

New card (b4)

0000000000
Byte 3:

Cardholder veri cation was not successful (b8)

PIN Try Limit exceeded (b6)

PIN entry required and PIN pad not present or not working (b5)

PIN entry required, PIN pad present, but PIN was not entered (b4)

Online PIN entered (b3)

Byte 4:

Transaction exceeds oor limit (b8)

Transaction selected randomly for online processing (b5)

Merchant forced transaction online (b4)

Byte 5:

TVR byte two b7 is set to 1 (New Card). This match with byte two b7 from the Issuer Action Code - Online.

As a Result of this the Terminal will decide to proceed the transaction online.
ffl
fi
ff
fl
fi
 Application usage control
◦ Bit 8 = 1, Byte 1: Valid for domestic cash transactions;
◦ Bit 7 = 1, Byte 1: Valid for international cash transactions;
◦ Bit 6 = 1, Byte 1: Valid for domestic goods;
◦ Bit 5 = 1, Byte 1: Valid for international goods;
◦ Bit 4 = 1, Byte 1: Valid for domestic services;
◦ Bit 3 = 1, Byte 1: Valid for international services;
2900 Hex
◦ Bit 2 = 1, Byte 1: Valid at ATMs;
◦ Bit 1 = 1, Byte 1: Valid at terminals other than ATMs; 0010 1001
◦ Bit 8 = 1, Byte 2: Domestic cashback allowed;
◦ Bit 7 = 1, Byte 2: International cashback allowed;
◦ Bit 6 · Bit 1, Byte 2: RFU.

Card Risk Management Data Object List 1 (CDOL1)

9F0206 9F0306 9F1A02 9505 5F2A02 9A03 9C01 9F3704 9F3501 9F5303

9F0206
Tag 9F02, length 06: Transaction Amount.
000000001000

9F0306
Tag 9F03, length 06: Cashback Amount.
000000000000

9F1A02
Tag 9F1A, length 02: Terminal Country Code.
0144

9505
0000008000

Tag 95, length 05: Terminal Veri cation Results (TVR)

5F2A02
Tag 5F2A, length 02: Transaction Currency Code.
0144

9A03
Tag 9A, length 03: Transaction Date.
220106

9C01
Tag 9C, length 01: Transaction Type.
00

9F3704
Tag 9F37, length 04: Unpredictable Number (UN)
0317D95C

9F3501
Tag 9F35, length 01: Terminal Type.
22

9F5303 778000
fi
 00

00
00 80 1000 0000
Terminal Type
[Command] 00B203140

6
4705476E184A6E5D250F6E4BCF93D812AAD0E36A7C19A45124CAB0EA50
7F52FABD869EA9F527214A9BC5876466C2BEC3BDEF3A0864F0AFEB4CD
E5CC640972DE24FD4150656B6C495B0D32773DE7E08E23DB41EE7B6AFA
16C6179825FFE19F214CE8C7F8AB48EADA08038D5087E6205B8F5BD4FD
EA6568F68B9EAD46BC4B79FAC56841B0716FA6D75FAD3E9AED4151D578
1D6E4E0695DABBF692F73137E76168D69A761A65EEC105F035B4B337B4
52307C1784A3AE37FA1C6044338E67C0B3D8C876A33544E089EBF978154
B1099B87895DD431A025BE51F3A9B09EB184A90633D7E6E56BB7959FC4
CB51087B3CB2575B266C01F82B5D0246

Issuer Public Key Certi cate

Issuer Public Key Certi cate - Encrypted by CA Public Key ,

check to get the public key
Issuer Public Key Certi cate encrypted by CA
fi
fi
fi
CA Public Key for index 13 from JCB
a3270868367e6e29349fc2743ee545ac53bd3029782488997650108524fd051e3b6ea
ca6a9a6c1441d28889a5f46413c8f62f3645aaeb30a1521eef41fd4f3445bfa1ab29f9ac
1a74d9a16b93293296cb09162b149bac22f88ad8f322d684d6b49a12413fc1b6ac70e
dedb18ec1585519a89b50b3d03e14063c2ca58b7c2ba7fb22799a33bcde6afcbeb4a
7d64911d08d18c47f9bd14a9fad8805a15de5a38945a97919b7ab88efa11a88c0cd92
c6ee7dc352ab0746abf13585913c8a4e04464b77909c6bd94341a8976c4769ea6c0d
30a60f4ee8fa19e767b170df4fa80312dba61db645d5d1560873e2674e1f620083f301
80bd96ca589
Decrypt this value (Encrypted Issuer Certi cate)
4705476E184A6E5D250F6E4BCF93D812AAD0E36A7C19A45124CAB0EA507F52FABD869EA9F527
214A9BC5876466C2BEC3BDEF3A0864F0AFEB4CDE5CC640972DE24FD4150656B6C495B0D3277
3DE7E08E23DB41EE7B6AFA16C6179825FFE19F214CE8C7F8AB48EADA08038D5087E6205B8F5B
D4FDEA6568F68B9EAD46BC4B79FAC56841B0716FA6D75FAD3E9AED4151D5781D6E4E0695DAB
BF692F73137E76168D69A761A65EEC105F035B4B337B452307C1784A3AE37FA1C6044338E67C0
B3D8C876A33544E089EBF978154B1099B87895DD431A025BE51F3A9B09EB184A90633D7E6E56B
B7959FC4CB51087B3CB2575B266C01F82B5D0246
fi
Item Name Data Description Format 6a02357111411228000da80101b001a2efcca4c83709
Length 1ef7708097decb0375c6aabdb8f98ac7069e3a581ba0
(byte)
Recovered Data 1 Fixed to 6A (Hex). b 64ad8bde7f1b73bfd25145a8f722371056ceebcfa43b5
Header
42ba9a77f7abe3422535cfe7d695387f0fae18354cb90
Certificate Format 1 Fixed to 02 (Hex). Indicates that this is a certificate b c39a61e1589592323cfc8ee9547e3863e535870d4df13
signed by JCB/CA.
4b79828414aa88495a18e52d79417097c4947e820489
Issuer Identifier 4 The first 3 to 8 digits of a PAN, which identifies the cn8 fbd47abd5e3c704f535ca2555d9f31aed3c9377ee741f
Issuer. Pad with F-digits (Hex) if it is less than 4
bytes. 38495d614386bf0465bea8d9318517304b7845e53338
Certificate Expiration 2 Indicates the expiration date of the certificate using n4
Date the format MMYY.
c140af467fd8eecc102de2115dbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
Certificate Serial No. 3 The serial number of the certificate b
bbbbbbbbbbbbbb84b8774f3d8bf694c46791fcc93c94
Hash Algorithm 1 Fixed to 01 (Hex). Indicates SHA-1. b
49b8a4df1cbc
Indicator
Issuer Public Key 1 Fixed to 01 (Hex). Indicates RSA. b
Algorithm Indicator
Issuer Public Key 1 The length of the Issuer Public Key modulus (Ni) b
Length
Issuer Public Key 1 The length of the IssuerPublic Key exponent b
Exponent Length
Issuer Public Key or Nca-36 The first (Nca-36) bytes of the Issuer Public Key b
Leftmost Digits of modulus. If Niis less than or equal to Nca-36, the
Issuer Public Key Issuer Public Key is left aligned and padded with BB-
Hash Result 20 Hash Result Format b
Refer to Section 5.2.3.
Recovered Data 1 Fixed to BC (Hex).
Trailer

 Issuer Public Key

a2efcca4c837091ef7708097decb0375c6aabdb8f98ac7069e3a581ba064ad8bde7f
1b73bfd25145a8f722371056ceebcfa43b542ba9a77f7abe3422535cfe7d695387f0f
ae18354cb90c39a61e1589592323cfc8ee9547e3863e535870d4df134b79828414a
a88495a18e52d79417097c4947e820489fbd47abd5e3c704f535ca2555d9f31aed3
c9377ee741f38495d614386bf0465bea8d9318517304b7845e53338c140af467fd8e
ecc102de2115d
[Command] 00B2041400
7
8F 1(1) 13

Certi cation Authority Public Key Index (PKI)

9F32 1(1) 03

Issuer Public Key Exponent

9F4A 1(1) 82

Static Data Authentication Tag List (SDA)

fi
[Command] 00B2051400

8
9F46 B0(176)
863C8631CA5FA16EDDDB29F769AEB2812251BCE2CE9B4E92
44FEA638A3B5E160F0B089A4FB772126BC2B8D1D1D32A85A
0E1F98387B518DED0A38D3460690F00448E74E4D5C727DCB8
05022C24FD3D01EB60DA5D695817758410066502ABAB94370
7584E7AF0629BE91973C397CA230D0B6112C4301CD24E44D
BFAAE8C8A55E0752A5E34B6C57B2AD799854535D474BBA60
B09F486F1B5070B7AA6CFE43154B9EB4DB7A5E7B072CCEE8
E57B5AA13D2723

Integrated Circuit Card (ICC) Public Key Certi cate

fi
[Command] 00B2061400
9
[9F47 1(1) 03

Integrated Circuit Card (ICC) Public Key Exponent

9F48 2A(42)
22576A59047E93D5FB1D613D927B98CA29E65C65832B
A725BC0054302A558074223FF6999620806876B3

Integrated Circuit Card (ICC) Public Key Remainder

Encrypted ICC Certi cate encrypted by Issuer Private Key
Issuer Public Key
a2efcca4c837091ef7708097decb0375c6aabdb8f98ac7069e3a581ba064ad8
bde7f1b73bfd25145a8f722371056ceebcfa43b542ba9a77f7abe3422535cfe7d
695387f0fae18354cb90c39a61e1589592323cfc8ee9547e3863e535870d4df1
34b79828414aa88495a18e52d79417097c4947e820489fbd47abd5e3c704f53
5ca2555d9f31aed3c9377ee741f38495d614386bf0465bea8d9318517304b78
45e53338c140af467fd8eecc102de2115d
Decrypt this value
863C8631CA5FA16EDDDB29F769AEB2812251BCE2CE9B4E9244FEA638A3B5
E160F0B089A4FB772126BC2B8D1D1D32A85A0E1F98387B518DED0A38D3460
690F00448E74E4D5C727DCB805022C24FD3D01EB60DA5D695817758410066
502ABAB943707584E7AF0629BE91973C397CA230D0B6112C4301CD24E44DB
FAAE8C8A55E0752A5E34B6C57B2AD799854535D474BBA60B09F486F1B5070
B7AA6CFE43154B9EB4DB7A5E7B072CCEE8E57B5AA13D2723
fi
Field Name Length Description
Recovered Data Header 1 Hex Value '6A' b
Certificate Format 1 Hex Value '04' b
Application PAN 10 PAN (padded to the right with Hex 'F's) cn
20
Certificate Expiration Date 2 MMYY after which this certificate is invalid n4
Certificate Serial Number 3 Binary number unique to this certificate assigned b
by the issuer
Hash Algorithm Indicator 1 Identifies the hash algorithm used to produce the b
Hash Result in the digital signature scheme 18
ICC Public Key Algorithm Indicator 1 Identifies the digital signature algorithm to be b
used with the ICC Public Key 18
ICC Public Key Length 1 Identifies the length of the ICC Public Key b
Modulus in bytes
ICC Public Key Exponent Length 1 Identifies the length of the ICC Public Key b
Exponent in bytes
ICC Public Key or Leftmost Digits of NI – 42 If NIC ≤ NI – 42, consists of the full ICC Public b
the ICC Public Key Key padded to the right with NI – 42 – NIC bytes
Hash Result 20 Hash of the ICC Public Key and its related b
information
Recovered Data Trailer 1 Hex Value 'BC'
Field Name
Recovered Data Header
Certificate Format
Application PAN
Certificate Expiration Date
Certificate Serial Number
Hash Algorithm Indicator
ICC Public Key Algorithm
Indicator
ICC Public Key Length
ICC Public Key Exponent
Length
ICC Public Key or Leftmost NI – 42 If NIC ≤ NI – 42, consists of
Digits of the ICC Public Key
Hash Result
Recovered Data Trailer
Length Description Form
at
1 Hex Value '6A' b
6a043571114100152638 0124152638010
1 Hex Value '04' b
1b001c0979fb8dd76a800df35b9c59d9d1ae
10 PAN (padded to the right with cn 20
Hex 'F's)
a918fc135c50e713723fbca0087ae44eae3b
2 MMYY after which this n4 6d92931a6689a288cdf1c632fde4617b7cd6
certificate is invalid
3 Binary number unique to this b
80dd587b5bfb11224b6107eea7c61cbda91
certificate assigned by the
issuer
e746d4adde5d1ec5e25305a1cb0ee1a71be
1 Identifies the hash algorithm
used to produce the Hash
b
0027a9533d20404c2659163c2c014f528b14
Result in the digital signature
1 Identifies the digital signature b 2810d94a19c0ec3142970a89dc359b5349d
algorithm to be used with the
ICC Public Key 18
1 Identifies the length of the b
1d48d1a863dcaf0388717e8191eb661981ee
ICC Public Key Modulus in
bytes a86bcd694ad6cf56043b02a083b0bc
1 Identifies the length of the b
ICC Public Key Exponent in
bytes
b
the full ICC Public Key
padded to the right with NI –
20 Hash of the ICC Public Key b
and its related information
1 Hex Value 'BC'
ff
f
ICC Public Key
c0979fb8dd76a800df35b9c59d9d1aea918fc135c50e713723fbca0087ae44ea
e3b6d92931a6689a288cdf1c632fde4617b7cd680dd587b5bfb11224b6107ee
a7c61cbda91e746d4adde5d1ec5e25305a1cb0ee1a71be0027a9533d20404c
2659163c2c014f528b142810d94a19c0ec3142970a89dc359b5349d1d48d1a
863dcaf0388717e8122576A59047E93D5FB1D613D927B98CA29E65C65832
BA725BC0054302A558074223FF6999620806876B3
Veri cation of Hash 043571114100152638 01241526380101b001c0
Field Name Len Description 979fb8dd76a800df35b9c59d9d1aea918fc135c50e71
Certificate Format 1 Hex Value '04' b 3723fbca0087ae44eae3b6d92931a6689a288cdf1c63
Application PAN 10 PAN (padded to the right with Hex 'F's) cn 2fde4617b7cd680dd587b5bfb11224b6107eea7c61c
20 bda91e746d4adde5d1ec5e25305a1cb0ee1a71be00
Certificate Expiration
Date
2 MMYY after which this certificate is
invalid
n4 27a9533d20404c2659163c2c014f528b142810d94a1
Certificate Serial 3 Binary number unique to this certificate b 9c0ec3142970a89dc359b5349d1d48d1a863dcaf038
Number assigned by the issuer 8717e8122576A59047E93D5FB1D613D927B98CA29
Hash Algorithm 1 Identifies the hash algorithm used to b E65C65832BA725BC0054302A558074223FF699962
Indicator produce the Hash Result in the digital
signature scheme 18
0806876B3
ICC Public Key 1 Identifies the digital signature b
Algorithm Indicator algorithm to be used with the ICC

ICC Public Key Length

Public Key 18
1 Identifies the length of the ICC Public b <Data1> + <Data2>
Key Modulus in bytes

ICC Public Key 1 Identifies the length of the ICC Public b

Data located by SDA Tag List
Exponent Length Key Exponent in bytes the AFL
ICC Public Key or NI – If NIC ≤ NI – 42, consists of the full b
Leftmost Digits of the 42 ICC Public Key padded to the right
ICC Public Key with NI – 42 – NIC bytes of value 'BB'
19
If NIC > NI – 42, consists of the NI −
42 most significant bytes of the ICC 91eb661981eea86bcd694ad6cf56043b02a083b0
Public Key

fi
ff
f
 PART 4
Cryptogram - GENERATE AC + TC
GENERATE APPLICATION CRYPTOGRAM TC + CDA
[Command] P1= Generate TC (01xx) + CDA signature Request (xxx1)= 0101 0000 = 50 CDOL1
80AE500021000000001000000000000000014400000080000144220106000317D95C22778000

9F27 1(1) 40

10
Cryptogram Information Data (CID)

9F36 2(2) 0069

Application Transaction Counter (ATC)

9F4B B0(176)
5005D4FFD77A93ACEFFB5A83E937CFA5EA301391A0287CD3C8BB86F1AAF660F7F243A00E4353E
A51ADB32C57C71F9C9187026ADFAD287AD4688865EF6C35380CF1FFDA7BF4ABFDA0DEF1AE3FC
A614AB4677BFDED704EE075B9066A57426AF69CE4AF315F0BA7F4E60739480388BA274CCF7F6A
63D809462E51281CFB3FD7299C4410C8C1882BB13867C19AC549B35822B34C46047D37ED057CC
779A2FA29278D1FB90F9580B07744F72CE33F41E8016C

Signed Dynamic Application Data (SDAD)

9F50 1(1) 00

O ine Accumulator Balance

9F10 17(23) 1601040790400040014522000000237200000005000000

Issuer Application Data (IAD)

9F5F 6(6) 000004762800 returned the O ine Balance

DS Slot Availability
ffl
ffl
Field Description

Class byte
CLA
0x80

Instruction byte
INS
0xAE: GENERATE CRYPTOGRAM

Parameter 1 byte
P1
The function is dependent on INS 50 (TC -1 , RFU -1)

P2 0

Lc 21 Hex (33)

Data 000000001000000000000000014400000080000144220106000317D95C227
78000

Le Number of data bytes expected in the response. If Le is 0x00, 256 bytes are expected.

 Value 50 - 0101 0000

.3Book 36Commands for Financial TransactionApplication Specification6.5Commands

The
b7 b6 b5 b4 b3 b2 b1 Meaning
refere
0 0 AAC

0 1 TC

1 0 ARQC

1 1 RFU

x RFU

0 CDA signature not requested

1 CDA signature requested

x x x x RFU

Card Risk Management Data Object List 1 (CDOL1)

9F0206
Authorised amount of the transaction 000000001000

9F0306
Secondary amount cashback amount 000000000000
9F1A02
Indicates the country of the terminal 0144 (SriLanka)
9505
Terminal Veri cation Results 0000008000 Ref Next Page
5F2A02
Transaction Currency Code 0144 (SriLanka)
9A03
Transaction Date 220106
9C01
Transaction Type 00
9F3704
Unpredictable Number 0317D95C
9F3501
Terminal Type 22 Ref Next Page Others Have
0000000000000000 ICC Dynamic Number
9F5303 The dynamic Terminal Interchange Pro le 778000 1F0302 Cardholder Veri cation Method
000000001000 000000000000 0144 0000008000 0144
220106 00 0317D95C 22 778000

fi
fi

fi
Terminal Type - (9F3501) 22

0010 0010
 Terminal Veri cation Results 00 00 00 80 00

b b b b b b b b b b b b b b b b
Meaning Meaning
8 7 6 5 4 3 2 1 8 7 6 5 4 3 2 1

Offline data authentication was not Card and terminal have different application
1 1
performed versions

1 SDA failed 1 Expired application

1 ICC data missing 1 Application not yet effective

Requested service not allowed for card

1 Card number appears on hotlist 1
product

1 DDA failed 1 New card

1 CDA failed 0 RFU

1 RFU (Now SDA was selected) 0 RFU

0 RFU 0 RFU

00 00
fi
b8 b7 b6 b5 b4 b3 b2 b1 Meaning

1 Cardholder verification was not successful

1 Unrecognised CVM

1 PIN try limit exceeded

1 PIN entry required, but no PIN pad present or not working

1 PIN entry required, PIN pad present, but PIN was not entered

1 On-line PIN entered

0 RFU

0 RFU

00
 1000 0000
b8 b7 b6 b5 b4 b3 b2 b1 Meaning

1 Transaction exceeds floor limit

1 Lower consecutive offline limit exceeded

1 Upper consecutive offline limit exceeded

1 Transaction selected randomly of on-line processing

1 Merchant forced transaction on-line

0 RFU

0 RFU

0 RFU

80
b8 b7 b6 b5 b4 b3 b2 b1 Meaning

1 Default TDOL Used

1 Issuer authentication failed

1 Script processing failed before nal Generate AC

1 Script processing failed after nal Generate AC

1 Relay resistance threshold exceeded (Contactless Kernel 2)

1 Relay resistance time limits exceeded (Contactless Kernel 2)

0 0 Relay resistance protocol not supported (Contactless Kernel 2)

0 1 Relay resistance protocol not performed (Contactless Kernel 2)

1 0 Relay resistance protocol performed (Contactless Kernel 2)

1 1 RFU

00
fi
fi
 OUTPUT OF AC GENERATE + TC

Tag Length Value Presence

9F27' 1 Cryptogram Information Data M

9F36' 2 Application Transaction Counter M

9F4B' NIC Signed Dynamic Application Data M

9F10' Var. up Issuer Application Data O

to 32

Signed Dynamic Application Data Decrypt by ICC Public Key

Signed Dynamic Application Data (SDAD)
5005D4FFD77A93ACEFFB5A83E937CFA5EA301391A0287CD3C8BB86F1AAF660F7F243
A00E4353EA51ADB32C57C71F9C9187026ADFAD287AD4688865EF6C35380CF1FFDA7B
F4ABFDA0DEF1AE3FCA614AB4677BFDED704EE075B9066A57426AF69CE4AF315F0BA7
F4E60739480388BA274CCF7F6A63D809462E51281CFB3FD7299C4410C8C1882BB1386
7C19AC549B35822B34C46047D37ED057CC779A2FA29278D1FB90F9580B07744F72CE3
3F41E8016C

ICC Public Key - Exp 3

c0979fb8dd76a800df35b9c59d9d1aea918fc135c50e713723fbca0087ae
44eae3b6d92931a6689a288cdf1c632fde4617b7cd680dd587b5bfb1122
4b6107eea7c61cbda91e746d4adde5d1ec5e25305a1cb0ee1a71be0027
a9533d20404c2659163c2c014f528b142810d94a19c0ec3142970a89dc3
59b5349d1d48d1a863dcaf0388717e8122576A59047E93D5FB1D613D9
27B98CA29E65C65832BA725BC0054302A558074223FF699962080687
6B3
Field Name Length Description

Recovered Data Header 1 Hex value '6A'

Signed Data Format 1 Hex value '05'

Identifies the hash algorithm used to produce

Hash Algorithm Indicator 1
the Hash Result in the digital signature scheme
Identifies the length of the ICC Dynamic Data in
ICC Dynamic Data Length 1
bytes
Dynamic data generated by and/or stored in the
ICC Dynamic Data LDD
ICC
NIC - LDD -
Pad Pattern (NIC - LDD - 25) padding bytes of value 'BB'
25
Hash of the Dynamic Application Data and its
Hash Result 20
related infromation

Recovered Data Trailer 1 Hex value'BC'

6a05012608ae4b542e80dfc1404 Field Name Length
0f2d04175639a33269dbe331c21
b60b17708c0d617455a66fe9d02 Recovered Data Header. 6a 1

64abbbbbbbbbbbbbbbbbbbbbb Signed Data Format. 05 1

bbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbb Hash Algorithm Indicator. 01 1

bbbbbbbbbbbbbbbbbbbbbbbbb ICC Dynamic Data Length. 38 1

bbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbb ICC Dynamic Data LDD
bbbbbbbbbbbbbbbbbbbbbbbbb NIC - LDD -
Pad Pattern
bbbbbbbbbbbbbbbbbbbbbbbbb 25

bbbbbbbbbbbbbbbbbbbbbbbbb Hash Result 20

bbbb7b598e90b5533d4aabebef5
Recovered Data Trailer 1
7b3550fb285e17593bc
ICC Dynamic Data (Dynamic data
generated by the ICC) SDAD = sign S IC ( nonce IC , CID, AC,
TDHC,

H(nonceIC, CID, AC, TDHC,
nonceTerminal))
08ae4b542e80dfc14040f2d04175639a33269dbe331c
21b60b17708c0d617455a66fe9d0264a

ae 4b 54 2e 80 df c1 40 - ICC Dynamic Number (Nonce)

40 - Cryptogram Information Data

f2 d0 41 75 63 9a 33 26 TC

9d be 33 1c 21 b6 0b 17 70 8c 0d 61 74 55 a6 6f e9 d0 26 4a Transaction Data
Hash Code
05
SDAD = signSIC ( nonceIC, CID, AC, TDHC,

01
H(nonceIC, CID, AC, TDHC, nonceTerminal))

26

08

ae 4b 54 2e 80 df c1 40 - ICC Dynamic Number

40 - Cryptogram Information Data

f2 d0 41 75 63 9a 33 26 TC

9d be 33 1c 21 b6 0b 17 70 8c 0d 61 74 55 a6 6f e9 d0 26 4a Transaction Data Hash Code

Transaction Data Hash code = hash of

-The values of the data elements speci ed by, and in the order they appear in the PDOL, and sent by
the terminal in the GET PROCESSING OPTIONS command

- The values of the data elements speci ed by, and in the order they appear in the CDOL1, and sent
by the terminal in the rst GENERATE AC command.

- The tags, lengths, and values of the data elements returned by the ICC in the response to the
GENERATE AC command in the order they are returned, with

the exception of the Signed Dynamic Application Data.

fi
fi
fi
[Command]
80AE500021000000001000000000000000014400000080000144220106000317D95C22778000
1
2 9F27 1(1) 40

Cryptogram Information Data (CID)

3 9F36 2(2) 0069

Application Transaction Counter (ATC)

9F4B B0(176)
5005D4FFD77A93ACEFFB5A83E937CFA5EA301391A0287CD3C8BB86F1AAF660F7F243A00E4353E
A51ADB32C57C71F9C9187026ADFAD287AD4688865EF6C35380CF1FFDA7BF4ABFDA0DEF1AE3FC
A614AB4677BFDED704EE075B9066A57426AF69CE4AF315F0BA7F4E60739480388BA274CCF7F6A
63D809462E51281CFB3FD7299C4410C8C1882BB13867C19AC549B35822B34C46047D37ED057CC
779A2FA29278D1FB90F9580B07744F72CE33F41E8016C

Signed Dynamic Application Data (SDAD)

4 9F50 1(1) 00

Cardholder Veri cation Status (k5)

5 9F10 17(23) 1601040790400040014522000000237200000005000000

Issuer Application Data (IAD)

7 9F5F 6(6) 000004762800 returned the O ine Balance

DS Slot Availability
fi
ffl
9F50 1(1) 00
1
Cardholder Veri cation Status (k5)
fi
PDOL
80A800000283010300
CDOL
GENERATE APPLICATION CRYPTOGRAM TC + CDA
80AE50002100000000100000000000000001440000008000014
4220106000317D95C22778000
9F27 01 40 9F10 17
9F36 02 0069
160104079040004001452200
9F50 01 00 05000000
9F5F 06 000004762800
830103

000000001000000000000000014400000080000144220106000317D95C2278000

9F270140

9F36020069

9F500100

9F10171601040790400040014522000000237200000005000000

9F5F06000004762800
6a05012608ae4b542e80dfc1404 Field Name Data
0f2d04175639a33269dbe331c21
Recovered Data Header. 6a
b60b17708c0d617455a66fe9d02
Signed Data Format. 5
64abbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbb Hash Algorithm Indicator. 1

bbbbbbbbbbbbbbbbbbbbbbbbb ICC Dynamic Data Length. 26Hex 38

bbbbbbbbbbbbbbbbbbbbbbbbb ICC Dynamic Data (Dynamic
bbbbbbbbbbbbbbbbbbbbbbbbb data generated by and/or LDD
stored in the ICC)
bbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbb Pad Pattern NIC-LDD-25
bbbbbbbbbbbbbbbbbbbbbbbbb Hash Result 20
bbbbbbbbbbbbbbbbbbbbbbbbb
bbbb7b598e90b5533d4aabebef5 Recovered Data Trailer 1

7b3550fb285e17593bc
Cryptogram Information Data (CID) - it's 0x40, which
means the AC is an TC
 Cryptogram Information Data (CID)

40 - 0100 0000

For b7 b6 b5 b4 b3 b2 b1 Meaning
both
0 0 AAC
0 1 TC
1 0 ARQC
1 1 RFU
x x Payment System-specific cryptogram
0 No advice required
1 Advice required
x x x Reason/advice code
0 0 0 No information given
0 0 1 Service not allowed
0 1 0 PIN Try Limitexceeded
0 1 1 Issuerauthentication failed
1 x x Other values RFU
6a05012608ae4b542e80dfc14040f2d04175639a33269d
be331c21b60b17708c0d617455a66fe9d0264abbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbb7b598e90b5533d4aabebef57b3550fb285e1
7593bc
Hash
Tag 9F37, length

+
04: Unpredictable
05012608ae4b542e80dfc14040f2d04175639a33269dbe331c21b60b17708
c0d617455a66fe9d0264abbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
Number (UN)
7b598e90b5533d4a
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 0317D95C abebef57b3550fb28
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
5e17593
bbbbbbbbbbbbbbbbbb
Issuer Application Data (IAD)
9F10 17(23) 1601040790400040014522000000237200000005000000

The Issuer Application Data (IAD) object is an important

data object used for transmitting information from the
card to the Issuer. This information is used by the Issuer
to make a decision on how to complete the transaction.
In accordance with the requirements of the EMV 4.2
standard, the length of the data field of the IAD object
does not exceed 32 bytes.
IC Card generates 3 types of application cryptogram: ARQC, TC and AAC.

Issuer Application Data included in the response message to the GENERATE AC

command consists of the following mandatory data. These data shall be
concatenated in the following order.

(1) Length Indicator

(2) DKI
(3) Cryptogram Version Number
(4) CVR
The Length Indicator is a 1-byte data indicating the length of the data formed by
concatenating (2), (3) and (4).

16 01 04 07 90 40 00 40 014522 000000237200000005000000

Length - 0x17 - 23
16 01 04 07 90 40 00 40 01 45 22 000000237200000005000000

16 is the length of issuer descretionary data

01 is derivation key index

04 is the cryptogram version (4 in this case ).

0790400040014522000000237200000005000000 is the CVR here

The DKI is a 1-byte data that specifies the master key defined in Section 6.2.2.
When the Issuer uses multiple master keys, this data is used to specify a master
key. If this data is not used, the default value of ‘00’ shall be used.
The Cryptogram Version Number is a 1-byte data that specifies the session key
generation method, AC generation method, ARPC generation method, and secure
messaging method.
CVR is the data that records the results of processing within the IC Card, such as
Card Action Analysis and Completion.
When the card responds to a GENERATE AC command that does not request
CDA, these data shall be stored according to Format 1 (tag ‘80’) defined in Part
II, Section 6.5.5 of EMV4.1 Book 3. When the card responds to a GENERATE
AC command that requests CDA, these data shall be stored according to Format
defined in Part II, Section 6.6.1 of EMV4.1 Book2.
For CDOL1 and CDOL2, which define the content of the data included in the
GENERATE AC command message, refer to Sections 5.8 and 5.10, respect

Card Verification Results (CVR) is one of the

most important data objects that stores the
results of risk management procedures
performed by the card. Based on this data,
the card decides how to complete the
operation. The CVR data object is a
mandatory element of the IAD object that the
card passes to its Issuer during an online
transaction.
9F36

Application Transaction Counter (ATC) 0069

Counter maintained by the applica on in the ICC
(incremen ng the ATC is managed by the ICC)

\
ti
ti
 O ine Accumulator Balance
00
‘9F50' 6

Represents the amount of o ine spending available in the Card.

The O ine Accumulator Balance is retrievable by the GET DATA command, if

allowed by the Card con guration
ffl
ffl
fi
ffl
 9F5F

O ine Balance

In the case of a prepaid card, represents the value stored

in card. May be returned in the GENERATE AC response.
ffl
(Purchase Transactions)
Implementation-Conditional:With the exception of ATMs, support for the
purchase of goods and services is Implementation-Mandatory. However,
cashback functionality described below isImplementation-Conditional on
reader support for cashback.

For transactions to purchase goods or services, with or without cashback,

the EMV mode-enabled kernel shall use:

• Transaction Type ‘00’.

• Amount, Authorised shall be the sum of the purchase

amount and the cashback amount (if present).

• Amount, Other shall be the cashback amount (if present).

Note: Acquirers-merchants may require a di erent Terminal Transaction

Quali ers (TTQ) value and di erent reader risk parameters for purchase
transactions with cashback than is used for purchase transactions without
cashback. The reader should allow the acquirer-merchant to con gure the
TTQ and reader risk parameters for purchase transactions with cashback
independently from purchase transactions without cashback.
fi
ff
ff
fi
(Manual Cash Transactions) [5.19]

Implementation-Conditional:

If the reader supports manual cash transactions, then this functionality shall be
implemented.

Kernel 3 Spec v2.6

For manual cash transactions, the EMV mode-enabled kernel shall use:

• Transaction Type ‘01’.

• Amount, Authorised shall be the transaction amount.

Note: Acquirers-merchants may require a di erent Terminal Transaction Quali ers

(TTQ) value and di erent reader risk parameters for manual cash transactions
than is used for purchase transactions (with or without cashback). The reader
should allow the acquirer-merchant to con gure the TTQ and reader risk
parameters for manual cash transactions independently from purchase
transactions.
ff
fi
ff
fi
 ARQC ARPC
ARQC - Authentication Request Cryptogram

ARPC - Authentication Response Cryptogram

ARQC
ARQC
CARD TERMINAL ISSUER

ARPC

Inputs are: (Card has to Embed certain Keys)

• Issuer AC master key or keys (key token or CKDS label).
• PAN, PAN sequence number, Cryptogram Information, Application Transaction Counter (ATC),
Authorization Response Code (ARC) or Card Status Updates (CSU), ARQC, and unpredictable
number.
Application cryptogram frame also allows generating

Authorization Request Cryptogram (ARQC, Online Authorization),

Transaction certi cate (TC, of ine approval)
Application Authentication Cryptogram (AAC, Of ine decline)
Application Authorisation Referral (AAR)
fi
fl
fl
Terminal uses CDOL1 to give the ICC the tags it needs to generate
an Application Cryptogram (AC). There are three types of AC:

• ARQC: this is the card telling you it needs to know the host
decision before it can give you its nal decision (GO_ONLINE);
the transaction is still in progress waiting for that data.

• AAC: this is the card telling you it made its nal decision, which
is declined, and that you don't need to contact the host
(DECLINE_OFFLINE); the transaction is now over

• TC: this is the card telling you it made its nal decision, which
is approved, and that you don't need to contact the host
(APPROVE_OFFLINE); the transaction is now over.
fi
fi
fi
Important!
If you got ARQC, you send that AC and other relevant tags to
a host for a decision. You may get up to three pieces of
information from the host. The decision (Tag 8A), the Issuer
Authentication Data (Tag 91) and issuer scripts (Tags 71 and
72). Feed this information back to the card with a
completeTransaction call.
The ICC then uses tags in CDOL to generate the second
application AC. This is the card making the final decision, it
can be either AAC (declined) or TC (approved). The
transaction is now over.

Remember that in a standard EMV transaction, it

is the card that makes the final decision, not the
host.
There may be cases where the host approves the
transaction, but the card still declines it.

Terminal Action Analysis

Terminal Risk Management
Card Action Analysis
CardHolder Verification
Issuer Authentication

“Terminal Verification Results” or TVR.

“Transaction Status Information” or TSI.