PayPass - MChip Card Application Interface Spec (V2.0)

PayPass – M/Chip Reader Card Application Interface

Specification

Version 2.0 — September 2008

Version 2.0 — September 2008 © 2008 MasterCard ii PayPass – M/Chip Reader Card Application Interface Specification

Proprietary Rights The information contained in this document is proprietary and confidential to MasterCard International Incorporated, one or more of its affiliated entities (collectively "MasterCard"), or both.

This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard.

Trademarks Trademark notices and symbols used in this manual reflect the registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States.

All third-party product and service names are trademarks or registeredtrademarks of their respective owners.

Media This document is available in both electronic and printed format.

Address MasterCard Worldwide 2200 MasterCard Boulevard O'Fallon MO 63368-7263 USA www.mastercard.com

Table of Contents

© 2008 MasterCard Version 2.0 — September 2008 PayPass – M/Chip Reader Card Application Interface Specification iii

Table of Contents Using this Manual ............................................................................... vii

Purpose ..................................................................................................................... vii Scope ........................................................................................................................ vii Audience................................................................................................................... vii Related Documentation ........................................................................................... viii Reference Materials................................................................................................... ix Abbreviations ..............................................................................................................x Notational Conventions ............................................................................................ xii Transition Flow Diagrams....................................................................................... xiii Document Word Usage ........................................................................................... xiii Requirement Numbering ......................................................................................... xiv Guidance on Terminology....................................................................................... xiv Document Overview..................................................................................................xv

1 Introduction ................................................................................ 1 1.1 MasterCard Proximity Payment.........................................................................1 1.2 M/Chip Profile and Mag Stripe Profile..............................................................1 1.3 Architecture........................................................................................................2 1.4 Transaction Processing Summary......................................................................2

2 Commands ................................................................................. 5 2.1 Introduction........................................................................................................5 2.2 COMPUTE CRYPTOGRAPHIC CHECKSUM .............................................................6

2.2.1 Definition and Scope .......................................................................................6 2.2.2 Command Message..........................................................................................6 2.2.3 Data Field Returned in the Response Message................................................6 2.2.4 Status Bytes .....................................................................................................7

2.3 GENERATE AC....................................................................................................7 2.3.1 Definition and Scope .......................................................................................7 2.3.2 Command Message..........................................................................................7 2.3.3 Data Field Returned in the Response Message................................................8 2.3.4 Status Bytes .....................................................................................................9

2.4 GET PROCESSING OPTIONS ...............................................................................10 2.4.1 Definition and Scope .....................................................................................10 2.4.2 Command Message........................................................................................10 2.4.3 Data Field Returned in the Response Message..............................................10

Table of Contents

Version 2.0 — September 2008 © 2008 MasterCard iv PayPass – M/Chip Reader Card Application Interface Specification

2.4.4 Status Bytes ...................................................................................................11 2.5 READ RECORD ..................................................................................................12

2.5.1 Definition and Scope .....................................................................................12 2.5.2 Command Message........................................................................................12 2.5.3 Data Field Returned in the Response Message..............................................12 2.5.4 Status Bytes ...................................................................................................13

2.6 SELECT .............................................................................................................13 2.6.1 Definition and Scope .....................................................................................13 2.6.2 Command Message........................................................................................13 2.6.3 Data Field Returned in the Response Message..............................................14 2.6.4 Status Bytes ...................................................................................................15

3 Application Activation ............................................................. 17 3.1 Overview..........................................................................................................17 3.2 Pre-Processing..................................................................................................17 3.3 Protocol Activation ..........................................................................................18 3.4 Application Selection.......................................................................................18

3.4.1 Building the Candidate List ...........................................................................19 3.4.2 Final Selection ...............................................................................................20

4 PayPass – M/Chip Transaction Processing........................... 21 4.1 Transaction Flow .............................................................................................21 4.2 Exception Processing .......................................................................................26

4.2.1 Processing ......................................................................................................26 4.2.2 Data Objects...................................................................................................26 4.2.3 Status Bytes ...................................................................................................27 4.2.4 COMPUTE CRYPTOGRAPHIC CHECKSUM .......................................................27

4.3 Functions Used in Transaction Processing ......................................................28 4.3.1 FCI and SW1-SW2 Processing......................................................................28 4.3.2 GET PROCESSING OPTIONS Processing..........................................................28 4.3.3 Read Mag Stripe Application Data ................................................................30 4.3.4 Mag Stripe Application Version Number Checking......................................31 4.3.5 COMPUTE CRYPTOGRAPHIC CHECKSUM Processing .....................................32 4.3.6 Offline Data Authentication Method Selection .............................................34 4.3.7 Read M/Chip Application Data .....................................................................34 4.3.8 Processing Restrictions ..................................................................................35 4.3.9 Terminal Risk Management...........................................................................35 4.3.10 M/Chip CVM Selection .................................................................................36 4.3.11 Terminal Action Analysis ..............................................................................38 4.3.12 GENERATE AC Processing.............................................................................38 4.3.13 Retrieve ICC Key and Verify SDAD (CDA) ................................................39 4.3.14 Static Data Authentication .............................................................................40

Table of Contents

© 2008 MasterCard Version 2.0 — September 2008 PayPass – M/Chip Reader Card Application Interface Specification v

4.3.15 Completion ....................................................................................................40

5 Data Object Handling............................................................... 43 5.1 Data Object Format..........................................................................................43 5.2 DOL Handling .................................................................................................43 5.3 Bitmaps Used in Discretionary Data................................................................44 5.4 Data Object Management ................................................................................45

Annex A Data Objects Dictionary ...................................................... 47

Using this ManualPurpose

© 2008 MasterCard Version 2.0 — September 2008 PayPass – M/Chip Reader Card Application Interface Specification vii

Using this Manual

Purpose MasterCard PayPass™ technology enables fast, easy and globally accepted payments through the use of contactless chip technology on the traditional MasterCard card platform. PayPass – M/Chip is designed specifically for authorization networks that currently support chip card authorizations for credit or debit applications.

This document defines the behavior of the contactless reader used in PayPass – M/Chip and PayPass – Mag Stripe transactions.

This definition replaces the interface specification given in Part II of the PayPass – M/Chip Technical Specifications, v1.3.

Scope This document provides the specifications necessary to achieve interoperability between PayPass cards and PayPass – M/Chip readers. It contains the following definitions as applied to both PayPass – M/Chip and PayPass – Mag Stripe purchase transactions:

• The definition of commands, responses and data objects exchanged between the card and PayPass reader

• The definition of the command sequence in order to support the purchase transaction flow

• The definition of the internal processing of the PayPass reader

Other transaction types (e.g. refunds) may be supported by the PayPass reader however they are not discussed in this document.

Audience This document is intended for use by vendors that want to implement the PayPass – M/Chip application on an acceptance device.

This document is also intended for type approval services that test the actual implementations against this specification.

Using this Manual Related Documentation

Version 2.0 — September 2008 © 2008 MasterCard viii PayPass – M/Chip Reader Card Application Interface Specification

Related Documentation For the purposes of developing PayPass readers this specification should be read in conjunction with the following MasterCard documents:

Document Content

MasterCard PayPass Terminal Implementation Requirements

Lists requirements for reader development and for reader integration in retail systems. Describes the user interface.

PayPass – M/Chip Acquirer Implementation Requirements

Lists requirements for acquirers implementing the PayPass – M/Chip program, including reader/terminal functionality and configuration.

PayPass Performance Measurement Defines the method by which transaction time is measured during the testing of PayPass cards and readers.

MasterCard PayPass Application Note #2, 30 January 2008

Lists the minimum performance, in terms of transaction time, required of PayPass cards and readers.

The content of this specification overlaps with that of the EMV Entry Point Specification. For the purposes of developing PayPass readers, the developer has the option of either

• Implementing all of the requirements in this document, or

• Implementing the requirements of the EMV Entry Point Specification in place of those given in Chapter 3 of this document. The requirements in the remaining chapters of this document have still to be implemented.

The different documents specifying PayPass reader behavior are summarized in the following figure:

Using this ManualReference Materials

© 2008 MasterCard Version 2.0 — September 2008 PayPass – M/Chip Reader Card Application Interface Specification ix

Reference Materials The following references are used in this document. The latest version applies unless a publication date is explicitly stated.

[ISO 639-1] Codes for the representation of names and languages – Part 1: Alpha-2 Code

[ISO 3166-1] Codes for the representation of names of countries and their subdivisions – Part 1: Country codes

[ISO 4217] Codes for the representation of currencies and funds

[ISO/IEC 7813] Identification cards – Financial transaction cards

[ISO/IEC 7816-4] Information technology – Identification cards – Integrated circuit(s) cards with contacts - Part 4: Interindustry commands for interchange

[ISO/IEC 7816-5] Identification cards – Integrated circuit(s) cards with contacts – Part 5: Numbering system and registration procedure for application identifiers.

[ISO 8583:1987] Bank card originated messages – Interchange message specifications – Content for financial transactions

[ISO 8583:1993] Financial transaction card originated messages – Interchange message specifications

[ISO/IEC 8859] Information processing – 8-bit single-byte coded graphic character sets

[EMV BOOK 1] Integrated Circuit Card Specification for Payment Systems: Application Independent ICC to Terminal Interface Requirements, Version 4.2, June 2008

[EMV BOOK 2] Integrated Circuit Card Specification for Payment Systems: Security and Key Management, Version 4.2, June 2008

[EMV BOOK 3] Integrated Circuit Card Specification for Payment Systems: Application Specification, Version 4.2, June 2008

[EMV BOOK 4] Integrated Circuit Card Specification for Payment Systems: Cardholder, Attendant and Acquirer Interface Requirements, Version 4.2, June 2008

[EMVCLPRO] EMV Contactless Specifications for Payment Systems - EMV Contactless Communication Protocol Specification, v2.0

[EMVEPS] EMV Contactless Specifications for Payment Systems – EMV Entry Point Specification, May 2008

[PPTIR] MasterCard PayPass Terminal Implementation Requirements, Nov 2007

http://en.wikipedia.org/wiki/Country_code�

Using this Manual Abbreviations

Version 2.0 — September 2008 © 2008 MasterCard x PayPass – M/Chip Reader Card Application Interface Specification

Abbreviations The following abbreviations are used in this specification:

Abbreviation Description AAC Application Authentication Cryptogram AC Application Cryptogram AFL Application File Locator AID Application Identifier AIP Application Interchange Profile an Alphanumeric ans Alphanumeric Special ARQC Authorization Request Cryptogram ATC Application Transaction Counter b Binary BCD Binary Coded Decimal C Conditional C-APDU Command Application Protocol Data Unit CA Certification Authority CDA Combined DDA/AC Generation CDOL Card Risk Management Data Object List CID Cryptogram Information Data CLA Class byte of command message cn Compressed Numeric CVC Card Validation Code CVM Cardholder Verification Method CVR Cardholder Verification Rule DD Discretionary Data DDA Dynamic Data Authentication DF Dedicated File DOL Data Object List EMV Europay MasterCard Visa FCI File Control Information IAD Issuer Application Data ICC Integrated Circuit Card INS Instruction byte of command message ISO International Organization for Standardization Lc Number of bytes present in the data field of the C-APDU Le Maximum length of bytes expected in the data field of the R-APDU LRC Longitudinal Redundancy Check

Using this ManualAbbreviations

© 2008 MasterCard Version 2.0 — September 2008 PayPass – M/Chip Reader Card Application Interface Specification xi

Abbreviation Description M Mandatory n Numeric NATCTRACK1 Track 1 Number of ATC Digits NATCTRACK2 Track 2 Number of ATC Digits NCA Length of the Certification Authority Public Key Modulus NI Length of the Issuer Public Key Modulus NIC Length of the ICC Public Key Modulus O Optional PAN Primary Account Number PCVC3TRACK1 Track 1 Bitmap for CVC3 PCVC3TRACK2 Track 2 Bitmap for CVC3 PDOL Processing Options Data Object List PIN Personal Identification Number PPSE Proximity Payment System Environment PUNATCTRACK1 Track 1 Bitmap for UN and ATC PUNATCTRACK2 Track 2 Bitmap for UN and ATC P1 Parameter 1 P2 Parameter 2 R-APDU Response Application Protocol Data Unit RFU Reserved for Future Use RID Registered Application Provider Identifier SDA Static Data Authentication SDAD Signed Dynamic Application Data SSAD Signed Static Application Data SFI Short File Identifier SW1 Status Byte One SW2 Status Byte Two TC Transaction Certificate TLV Tag Length Value TVR Terminal Verification Results UDOL Unpredictable Number Data Object List UN Unpredictable Number var. Variable length

Using this Manual Notational Conventions

Version 2.0 — September 2008 © 2008 MasterCard xii PayPass – M/Chip Reader Card Application Interface Specification

Notational Conventions The following notations apply in this document:

Notation Description '0' to '9' and 'A' to 'F' Hexadecimal notation. Values expressed in hexadecimal form are

enclosed in single quotes (i.e. '_'). 1001b Binary notation. Values expressed in binary form are followed by a

lower case "b". digit Any of the ten Arabic numerals from 0 to 9 "M/Chip profile is supported"

Labels for flags, decision outcomes, or individual bits of a data object are enclosed in double quotes.

Track 1 Data Data object names are written in italics to distinguish them from the text.

GENERATE AC C-APDUs are written in SMALL CAPITALS to distinguish them from the text.

The following table lists symbols that are used throughout this document:

Symbol Meaning kTRACK1 Number of non-zero bits in the Track 1 Bitmap for UN (Numeric) and

ATC (PUNATCTRACK1) kTRACK2 Number of non-zero bits in the Track 2 Bitmap for UN (Numeric) and

ATC (PUNATCTRACK2) tTRACK1 The symbol tTRACK1 represents the value of NATCTRACK1 and indicates

the number of digits of the ATC to be included in the discretionary data field of the Track 1 Data.

tTRACK2 The symbol tTRACK2 represents the value of NATCTRACK2 and indicates the number of digits of the ATC to be included in the discretionary data field of the Track 2 Data.

nUN The symbol nUN represents the number of positions available in the discretionary data fields of the Track 1 Data and Track 2 Data for transporting UN (Numeric) to the issuer.

mTRACK1 The symbol mTRACK1 indicates the number of characters present in the discretionary data field of the Track 1 Data.

mTRACK2 The symbol mTRACK2 indicates the number of digits present in the discretionary data field of the Track 2 Data.

qTRACK1 Number of non-zero bits in the Track 1 Bitmap for CVC3 (PCVC3TRACK1). The symbol qTRACK1 represents the number of CVC3 digits included in the discretionary data field of the Track 1 Data.

qTRACK2 Number of non-zero bits in the Track 2 Bitmap for CVC3 (PCVC3TRACK2). The symbol qTRACK2 represents the number of CVC3 digits included in the discretionary data field of the Track 2 Data.

Using this ManualTransition Flow Diagrams

© 2008 MasterCard Version 2.0 — September 2008 PayPass – M/Chip Reader Card Application Interface Specification xiii

Transition Flow Diagrams The following symbols are used in the flow diagrams in this document:

The symbols are identified with a number. Paragraphs in the textual description starting with Symbol n correspond to the symbol bearing the same number in the transition flow diagram. The following example illustrates how it works.

• The decision symbol is used in a flow diagram, identified with number 2.

2

TESTOK NOK

• An explanation of the check done in symbol 2 is given:

Symbol 2 An explanation of how the application checks that the condition is satisfied.

Document Word Usage The following words are used often in this manual and have a specific meaning:

• must

Defines a product or system capability that is mandatory.

• should

Defines a product or system capability that is recommended.

• may

Defines a product or system capability that is optional.

Using this Manual Requirement Numbering

Version 2.0 — September 2008 © 2008 MasterCard xiv PayPass – M/Chip Reader Card Application Interface Specification

Requirement Numbering Requirements in this document are uniquely numbered with the number appearing next to each requirement: For example:

4.3.2.3 If the PDOL is not present, the PayPass reader must use a command data field of '8300'.

Guidance on Terminology • PayPass Card

Due to the legacy of the plastic card industry and the fact that the most common PayPass compliant form factor is card based, the term "card" is used frequently throughout this document. However, the contactless nature of PayPass permits non-card form factors.

The functionality of PayPass cards and devices is driven by the chip inside and is independent of the form factor in which the chip resides. Therefore the default reference for the consumer token in this document is "PayPass card" or "card", as appropriate.

• PayPass Reader

The term "PayPass reader" is used to refer to the device supporting the PayPass – M/Chip application and providing the contactless interface used by the PayPass card. Although this can be an integral part of the terminal, it is considered in this specification as a separate logical entity.

• Terminal

The term "terminal" is used in this document to mean the POS device, as distinct from the PayPass reader that provides the contactless interface. The terminal and the PayPass reader may exist in a single integrated device, but are considered separately in this document.

• MasterCard

In this document, the term "MasterCard" is used to refer to MasterCard International Incorporated and/or its affiliated entities. It does not refer to the MasterCard payment brand.

Using this ManualDocument Overview

© 2008 MasterCard Version 2.0 — September 2008 PayPass – M/Chip Reader Card Application Interface Specification xv

Document Overview This document is organized as follows:

Section Description 1 Introduction This chapter provides a high-level summary of PayPass –

M/Chip. 2 Commands This chapter defines the commands and responses supported by

PayPass – M/Chip. 3 Application Activation This chapter describes the procedure for identifying and

activating the PayPass application on the card, and other transaction pre-processing.

4 PayPass – M/Chip Transaction Processing

This chapter describes the transaction processing of the PayPass reader after it has been enabled by the terminal and the PayPass application has been selected on the card. It specifies how the PayPass reader implements the transaction flow, and lists requirements to ensure interoperability. While other transaction types may be supported, this chapter focuses on the interaction between the PayPass card and the PayPass reader during a purchase transaction.

5 Data Object Handling This chapter defines the data object handling for the PayPass reader.

Annex A Data Objects Dictionary This annex lists the data objects supported by the PayPass reader.

IntroductionMasterCard Proximity Payment

© 2008 MasterCard Version 2.0 — September 2008 PayPass – M/Chip Reader Card Application Interface Specification 1

1 Introduction This chapter provides a high-level summary of PayPass – M/Chip.

1.1 MasterCard Proximity Payment MasterCard has developed a program intended to allow consumers to make payment transactions at point of sale using contactless technology. The generic term "contactless technology" is used when the point of interaction is between 1 mm and 10 m. Although the proximity payment program covers multiple technologies and ranges, this document deals only with the technical specifications of the MasterCard PayPass product built with a contactless chip with a range from 1 mm to 4 cm.

1.2 M/Chip Profile and Mag Stripe Profile Within PayPass transactions we distinguish two different profiles: M/Chip and Mag Stripe.

The PayPass – Mag Stripe profile is designed for contactless payments using authorization networks that currently support only magnetic stripe authorization for credit or debit applications. The PayPass – Mag Stripe card stores Track 1 Data and Track 2 Data. The PayPass reader fills the discretionary data field with a dynamic CVC3 during each transaction. The dynamic CVC3 is generated by the PayPass – Mag Stripe card using a secret key and a unique transaction counter provided by the PayPass card, and an unpredictable number generated by the PayPass reader. The PayPass – Mag Stripe card provides better security than magnetic stripe technology because the dynamic CVC3 is used by the issuer to authenticate the PayPass – Mag Stripe card during online authorization processing.

The PayPass – M/Chip profile is designed for contactless payments in markets that are oriented towards offline acceptance. To manage the offline risk the PayPass reader performs terminal risk management and offline authentication of the PayPass card. The PayPass – M/Chip card performs its own card risk management and accepts or declines the transaction offline.

To ensure global acceptance of PayPass, unless agreed by MasterCard:

• All PayPass – M/Chip readers support and process PayPass cards that only support the PayPass – Mag Stripe profile.

• All PayPass – M/Chip cards support the PayPass – Mag Stripe profile when presented at a PayPass – Mag Stripe only reader.

Introduction Architecture

Version 2.0 — September 2008 © 2008 MasterCard 2 PayPass – M/Chip Reader Card Application Interface Specification

1.3 Architecture This specification considers the PayPass reader to be a peripheral device of the terminal. The PayPass reader performs the interaction with the PayPass card and the cardholder. The architecture is summarized in Figure 1.1.

Figure 1.1—PayPass Terminal-Reader Architecture

Note There is no requirement to create devices following the architecture described here. This logical architecture is only used to specify an externally observable behavior. A terminal and PayPass reader integrated in one physical device can also meet the requirements listed in this specification.

1.4 Transaction Processing Summary The processing carried out by the PayPass reader during a PayPass transaction, including the interaction with the PayPass card and with the terminal may be summarized as follows:

• The terminal enables the PayPass reader and provides the necessary transaction data (e.g. transaction amount).

• The PayPass reader:

o Initializes its internal data base and, depending on the transaction amount, sets any internal flags for which the corresponding transaction limit has been exceeded.

o Creates a list of applications that are supported by both the card and PayPass reader.

o Picks the highest priority application from the list of mutually supported applications, and selects it on the card.

These steps may be done according to [EMVEPS] or according to the application activation described in Chapter 3 of this document.

• The PayPass reader initiates the transaction on the PayPass card.

• Based on the response from the PayPass card, the PayPass reader continues with either a PayPass – Mag Stripe or PayPass – M/Chip transaction.

IntroductionTransaction Processing Summary


• For a PayPass – M/Chip transaction, the PayPass reader continues with the following steps:

o The PayPass reader determines which form of ODA to perform.

o The PayPass reader reads the data records of the PayPass card.

o The PayPass reader performs Terminal Risk Management and Terminal Action Analysis, and selects a cardholder verification method for the transaction.

o The PayPass reader requests an application cryptogram from the PayPass card.

o The PayPass reader performs offline data authentication as appropriate.

• For a PayPass – Mag Stripe transaction, the PayPass reader continues with the following steps:

o The PayPass reader reads the data records from the PayPass card.

o The PayPass reader issues the COMPUTE CRYPTOGRAPHIC CHECKSUM command to the PayPass card.

o The PayPass reader stores the CVC3-related data in the discretionary data fields of the Track 1 Data and Track 2 Data.

• If the outcome of the above processing was successful, the reader provides a visible and audible indication of a successful PayPass interaction to the cardholder. The PayPass reader completes the transaction by preparing the necessary Data Record and Transaction Outcome information and returning it to the terminal.

• If the outcome of the above processing was not successful, the reader, if appropriate, provides an indication of the failure to the cardholder. The PayPass reader either:

o Retries the above processing, or

o Prepares the necessary Transaction Outcome information and returns it to the terminal. The PayPass reader then hands control back to the terminal.

The decision to provide failure indication and either retry or return control to the terminal is implementation dependent.

The different stages of the transaction are summarized in Figure 1.2.

Introduction Transaction Processing Summary


Figure 1.2—Transaction Processing Overview

CommandsIntroduction


2 Commands This chapter defines the commands and responses supported by PayPass – M/Chip.

2.1 Introduction The INS byte of the C-APDU is structured according to [EMV BOOK 1]. The coding of INS and its relationship to CLA are shown in Table 2.1.

Table 2.1—Coding of the Instruction Byte

CLA INS Meaning '80' '2A' COMPUTE CRYPTOGRAPHIC CHECKSUM '80' 'AE' GENERATE AC '80' 'A8' GET PROCESSING OPTIONS '00' 'B2' READ RECORD '00' 'A4' SELECT

The status bytes returned by the PayPass card are coded as specified in Section 6.3.5 of [EMV BOOK 3]. In addition to the status bytes specific for every command, the PayPass card may return the status bytes shown in Table 2.2.

Table 2.2—Generic Status Bytes

SW1 SW2 Meaning '6D' '00' Instruction code not supported or invalid '6E' '00' Class not supported '6F' '00' No precise diagnosis

Commands Compute Cryptographic Checksum


2.2 COMPUTE CRYPTOGRAPHIC CHECKSUM

2.2.1 Definition and Scope The COMPUTE CRYPTOGRAPHIC CHECKSUM command initiates the computation of the dynamic CVC3 on the card. The computation is based on the UN (Numeric) sent by the PayPass reader, the ATC of the PayPass card and the relevant secret key stored in the card.

The response of the PayPass card consists of returning the CVC3TRACK2, the CVC3TRACK1 (optional) and the ATC to the PayPass reader.

2.2.2 Command Message The COMPUTE CRYPTOGRAPHIC CHECKSUM command message is coded according to Table 2.3.

Table 2.3—COMPUTE CRYPTOGRAPHIC CHECKSUM Command Message

Code Value CLA '80' INS '2A' P1 '8E' P2 '80' Lc var. Data UDOL related data Le '00'

The data field of the command message is coded according to the UDOL following the rules as defined in Section 5.2. If the PayPass card does not have a UDOL, the PayPass reader uses the Default UDOL.

2.2.3 Data Field Returned in the Response Message The data field of the response message is a constructed data object with tag '77' (Response Message Template). The value field may include several TLV coded data objects, but always includes the CVC3TRACK2 (tag '9F61') and the ATC (tag '9F36'). The value field may also include the CVC3TRACK1 (tag '9F60').

CommandsGenerate AC


2.2.4 Status Bytes The status bytes that may be sent in response to the COMPUTE CRYPTOGRAPHIC CHECKSUM command are listed in Table 2.4.

Table 2.4—Status Bytes for COMPUTE CRYPTOGRAPHIC CHECKSUM Command

SW1 SW2 Meaning '67' '00' Wrong length '69' '85' Conditions of use not satisfied '6A' '86' Incorrect parameters P1-P2 '90' '00' Normal processing

2.3 GENERATE AC

2.3.1 Definition and Scope The GENERATE AC command sends transaction-related data to the card, which then computes and returns an Application Cryptogram. Depending on the risk management in the card, the cryptogram returned by the PayPass card may differ from that requested in the command message. The PayPass card may return an AAC (transaction declined), an ARQC (online authorization request) or a TC (transaction approved).

2.3.2 Command Message The GENERATE AC command message is coded according to Table 2.5.

Table 2.5—GENERATE AC Command Message

Code Value CLA '80' INS 'AE' P1 Reference Control Parameter (see Table 2.6) P2 '00' Lc var. Data CDOL related data Le '00'

Commands Generate AC


Table 2.6—GENERATE AC Reference Control Parameter

b8 b7 b6 b5 b4 b3 b2 b1 Meaning 0 0 AAC 0 1 TC 1 0 ARQC 1 1 RFU x RFU 0 Other values RFU 0 CDA not requested 1 CDA requested x x x x RFU 0 0 0 0 Other values RFU

The data field of the command message is coded according to CDOL1 following the rules as defined in Section 5.2.

2.3.3 Data Field Returned in the Response Message The data field in the response message to the GENERATE AC command is coded according to either format 1 or format 2, as follows.

Format 1

In the case of format 1, the data object returned in the response message is a primitive data object with tag equal to '80'. The value field consists of the concatenation without delimiters (tag and length) of the value fields of the data objects specified in Table 2.7.

Format 1 is only used if CDA is not performed.

Table 2.7—GENERATE AC Response Message Data Field (Format 1)

Value Presence CID M ATC M AC M IAD O

CommandsGenerate AC


Format 2

In the case of format 2, the data object returned in the response message will vary depending on whether CDA was performed or not.

CDA Not Performed

If CDA is not performed, the data object returned in the response message for an AAC, ARQC or TC is a constructed data object with tag equal to '77', as specified in Table 2.8.

Table 2.8—GENERATE AC Response Message Data Field (Format 2) – No CDA

Tag Value Presence '77' Response Message Template M '9F27' CID M '9F36' ATC M '9F26' AC M '9F10' IAD O

CDA Performed

If CDA is performed, the data object returned in the response message for an ARQC or TC is a constructed data object with tag equal to '77'. It contains at least the three mandatory data objects specified in Table 2.9, and optionally the IAD.

Table 2.9—GENERATE AC Response Message Data Field (Format 2) – CDA

Tag Value Presence '77' Response Message Template M '9F27' CID M '9F36' ATC M '9F4B' SDAD M '9F10' IAD O

2.3.4 Status Bytes The status bytes that may be sent in response to the GENERATE AC command are listed in Table 2.10.

Table 2.10—Status Bytes for GENERATE AC Command


Commands Get Processing Options


2.4 GET PROCESSING OPTIONS

2.4.1 Definition and Scope The GET PROCESSING OPTIONS command initiates the transaction within the card.

2.4.2 Command Message The GET PROCESSING OPTIONS command message is coded according to Table 2.11.

Table 2.11—GET PROCESSING OPTIONS Command Message

Code Value CLA '80' INS 'A8' P1 '00' P2 '00' Lc var. Data PDOL related data Le '00'

The data field of the command message is the Command Template with tag '83' and with a value field coded according to the PDOL provided by the PayPass card in the response to the SELECT command. If the PDOL is not provided by the PayPass card, the length field of the template is set to zero. Otherwise the length field is the total length of the value fields of the data objects transmitted to the card. The value fields are concatenated according to the rules defined in Section 5.2.

2.4.3 Data Field Returned in the Response Message The data field in the response message to the GET PROCESSING OPTIONS command is coded according to either format 1 or format 2, as follows.

Format 1

In the case of format 1, the data object returned in the response message is a primitive data object with tag equal to '80'. The value field consists of the concatenation without delimiters (tag and length) of the value fields of the AIP and the AFL, as shown in Table 2.12.

CommandsGet Processing Options


Table 2.12—GET PROCESSING OPTIONS Response Message Data Field (Format 1)

Value Presence AIP M AFL M

Format 2

In the case of format 2, the data object returned in the response message is a constructed data object with tag '77' (Response Message Template). The value field may include several TLV coded objects, but always includes the AIP (tag '82') and AFL (tag '94'), as shown in Table 2.13.

Table 2.13—GET PROCESSING OPTIONS Response Message Data Field (Format 2)

Tag Value Presence '77' Response Message Template M '82' AIP M '94' AFL M

2.4.4 Status Bytes The status bytes that may be sent in response to the GET PROCESSING OPTIONS command are listed in Table 2.14.

Table 2.14—Status Bytes for GET PROCESSING OPTIONS Command


Commands Read Record


2.5 READ RECORD

2.5.1 Definition and Scope The READ RECORD command reads a file record in a linear file. The response of the PayPass card consists of returning the record.

2.5.2 Command Message The READ RECORD command message is coded according to Table 2.15.

Table 2.15—READ RECORD Command Message

Code Value CLA '00' INS 'B2' P1 Record Number P2 See Table 2.16 Lc Not present Data Not present Le '00'

Table 2.16 specifies the coding of P2 of the READ RECORD command.

Table 2.16—P2 of READ RECORD Command

b8 b7 b6 b5 b4 b3 b2 b1 Meaning x x x x x SFI 1 0 0 P1 is a record number

2.5.3 Data Field Returned in the Response Message The data field in the PayPass card response contains the record requested by the command. For SFIs in the range 1-10, the record is a TLV constructed data object with tag '70' as shown in Table 2.17.

Table 2.17—READ RECORD Response Message Data Field

'70' Length Record Template

CommandsSelect


2.5.4 Status Bytes The status bytes that may be sent in response to the READ RECORD command are listed in Table 2.18.

Table 2.18—Status Bytes for READ RECORD Command

SW1 SW2 Meaning '6A' '82' Incorrect parameters P1 P2; file not found '6A' '83' Incorrect parameters P1 P2; record not found '6A' '86' Incorrect parameters P1 P2 '90' '00' Normal processing

2.6 SELECT

2.6.1 Definition and Scope The SELECT command is used to select the PPSE directory and the PayPass application. The response from the PayPass card consists of returning the FCI.

2.6.2 Command Message The SELECT command message is coded according to Table 2.19.

Table 2.19—SELECT Command Message

Code Value CLA '00' INS 'A4' P1 '04' P2 '00' Lc Length of data field Data File Name Le '00'

The data field of the command message contains the PPSE directory name ("2PAY.SYS.DDF01") or the ADF Name (or AID) of the application in the PayPass card1.

1 Depending on the value of the File Name, the SELECT command is referred to as SELECT PPSE or SELECT AID

command.

Commands Select


2.6.3 Data Field Returned in the Response Message The data field of the response message contains the FCI of the PPSE or PayPass application selected by the command.

Select PPSE

Table 2.20 defines the FCI returned by a successful selection of the PPSE directory. The FCI contains the list of PayPass applications (ADF Names) supported by the card.

Table 2.20—SELECT Response Message Data Field (FCI) of the PPSE

Tag Value Presence '6F' FCI Template M '84' DF Name M 'A5' FCI Proprietary Template M 'BF0C' FCI Issuer Discretionary Data M

The FCI Issuer Discretionary Data is a constructed data object of which the value field is comprised of one or more Application Templates (tag '61') as described in Table 2.21.

Table 2.21—FCI Issuer Discretionary Data

'BF0C' Length '61' Length of directory entry 1

Directory entry 1

… '61' Length of directory entry n

Directory entry n

Each directory entry is the value field of an Application Template and contains the information according to Table 2.22 and Table 2.23.

Table 2.22—Directory Entry Format

Tag Value Presence '4F' ADF Name (AID) M '87' Application Priority Indicator (see Table 2.23). M

'50' Application Label O

Table 2.23—Application Priority Indicator Format

b8 b7-b5 b4-b1 Definition 0 Application may be selected without confirmation of cardholder xxx RFU 000 Other values RFU 0000 No priority assigned xxxx Order in which the application is to be listed or selected, ranging

from 1-15, with 1 being the highest priority.

CommandsSelect


Select PayPass Application

Table 2.24 defines the FCI returned in response to a successful selection of a PayPass application.

Table 2.24—SELECT Response Message Data Field (FCI) of a PayPass Application

Tag Value Presence '6F' FCI Template M '84' DF Name (AID) M 'A5' FCI Proprietary Template M 2 '50' Application Label O '87' Application Priority Indicator O '5F2D' Language Preference O '9F38' PDOL O '9F11' Issuer Code Table Index O '9F12' Application Preferred Name O 'BF0C' FCI Issuer Discretionary Data O 'XXXX' 1 or more additional data objects from

application provider, Issuer or ICC supplier

O

2.6.4 Status Bytes The status bytes returned by the PPSE or PayPass application for the SELECT command are listed in Table 2.25.

Table 2.25—Status Bytes for SELECT Command

SW1 SW2 Meaning '62' '83' Selected file invalidated 3 '67' '00' Wrong length '6A' '81' Function not supported '6A' '82' File not found '6A' '86' Incorrect parameters P1-P2 '90' '00' Normal processing

2 The FCI Proprietary Template may be empty. In this case the length must be set to zero. 3 These specifications do not specify how to block the PPSE or PayPass application. For a dual-interface card

(contact and contactless), this may be done by using the contact interface.

Application ActivationOverview


3 Application Activation This chapter describes the procedure for identifying and activating the PayPass application on the card, and other transaction pre-processing.

3.1 Overview Application activation begins when the terminal enables the PayPass reader to perform a contactless transaction. Application activation can be divided into the following areas:

1. Pre-processing, in which the transaction amount is checked against defined limits for each supported application

2. Protocol activation, in which contactless protocol of the PayPass reader is activated and prepared for card discovery

3. Application selection, in which first the PPSE and then the PayPass application are selected on the card

3.2 Pre-Processing When the PayPass reader has been enabled by the terminal and the values of the transaction related data objects listed in 5.4.1.4 are defined, then the following steps are performed.

3.2.1.1 The PayPass reader must set Transaction CVM to "No CVM".

3.2.1.2 The PayPass reader must set the Transaction Outcome to "Declined".

The following steps are completed for each AID supported by the PayPass reader.

3.2.1.3 The PayPass reader must clear the following flags:

• Terminal Contactless Transaction Limit Exceeded Flag

• Terminal Contactless Floor Limit Exceeded Flag

• Terminal CVM Required Limit Exceeded Flag

3.2.1.4 If the Amount, Authorized is greater than or equal to the Terminal Contactless Transaction Limit for that AID, then the Terminal Contactless Transaction Limit Exceeded Flag must be set for that AID.

3.2.1.5 If the Amount, Authorized is greater than the Terminal Contactless Floor Limit for that AID, then the Terminal Contactless Floor Limit Exceeded Flag must be set for that AID.

Application Activation Protocol Activation


3.2.1.6 If the Amount, Authorized is greater than or equal to the Terminal CVM Required Limit for that AID, then the Terminal CVM Required Limit Exceeded Flag must be set for that AID.

3.3 Protocol Activation 3.3.1.1 If the PayPass reader has completed pre-processing, and if the Terminal

Contactless Transaction Limit Exceeded Flag has not been set for at least one AID supported by the PayPass reader, then the PayPass reader must:

• Power up the contactless interface and start the polling and collision detection mechanisms as defined in [EMVCLPRO].

• Provide a visible indication to the cardholder that the reader is active and that the card can be presented.

Otherwise, the PayPass reader must not proceed with the rest of application activation. It must instead continue with the Completion function as described in Section 4.3.15.

3.4 Application Selection The application selection process is described in detail in the following sections from the standpoint of both the card and the PayPass reader. The application selection mechanism minimizes the number of commands between the card and PayPass reader. If no errors are encountered, only two SELECT commands (see Section 2.6) are necessary. The process is described in two steps, and is summarized in Figure 3.1.

1. The PayPass reader selects the PPSE and creates a list of applications that are supported by both the card and the PayPass reader. This list is referred to as the "candidate list" (see Section 3.4.1).

2. From the candidate list, the application to be run is chosen and selected on the card (see Section 3.4.2).

Figure 3.1—Application Selection

PayPass Card PayPass Reader

1. SELECT PPSE

2. List of AIDs

3. SELECT AID

4. FCI

Application ActivationApplication Selection


As an alternative to the application selection method described here, the PayPass reader may also support a proprietary application selection method that is outside the scope of this specification. If so, then the proprietary method may be performed either:

• Immediately prior to step 3.4.1.1, or

• Immediately prior to step 3.4.2.1 if the candidate list is empty.

3.4.1 Building the Candidate List The steps taken by the PayPass reader to establish the candidate list are given in this section.

3.4.1.1 The PayPass reader must initialize an empty candidate list.

3.4.1.2 The PayPass reader must select the PPSE on the card using the SELECT command as described in Section 2.6. If the card returns status bytes other than '9000', then the PayPass reader must continue with step 3.4.2.1. Otherwise, the PayPass reader must continue with step 3.4.1.3.

3.4.1.3 The PayPass reader must retrieve all the directory entries from the FCI Issuer Discretionary Data (tag 'BF0C') in the FCI returned by the card. Additional tags returned in the FCI that are not listed in Table 2.20 must be discarded by the PayPass reader. The PayPass reader must process each directory entry by comparing the ADF Name in the directory entry with the AIDs supported by the PayPass reader.

If the directory entry is not coded according to Table 2.22 then the PayPass reader must ignore the directory entry. If the ADF Name matches the AID of one of the applications supported by the PayPass reader, then the directory entry is added to the candidate list.

The ADF Name in the directory entry matches an AID in the PayPass reader if the ADF Name has the same length and value as the AID, or the ADF Name begins with the entire AID.

3.4.1.4 The PayPass reader must remove from the candidate list all applications that require cardholder confirmation (b8 = '1' in the Application Priority Indicator (see Table 2.23)).

3.4.1.5 The PayPass reader must remove from the candidate list all applications for which the Terminal Contactless Transaction Limit Exceeded Flag has been set in the pre-processing phase.

3.4.1.6 The PayPass reader must order the candidate list according to the following rules:

• The applications must be listed in order of priority, as indicated by the Application Priority Indicator (see Table 2.23), where the application with the highest priority is listed first.

• Applications that have the same priority are listed in the order in which they were listed in the PPSE directory entries in the FCI Issuer Discretionary Data (see Table 2.21).

Application Activation Application Selection


• Applications with no priority must come last and in the order in which they were listed in the PPSE directory entries in the FCI Issuer Discretionary Data (see Table 2.21).

3.4.2 Final Selection 3.4.2.1 If the candidate list is empty, the PayPass reader must set the Transaction

Outcome to "End Application" and continue with the Completion function as specified in Section 4.3.15 in order to terminate the transaction.

Otherwise, the PayPass reader must continue with step 3.4.2.2.

3.4.2.2 The PayPass reader must pick the first application from the candidate list and select this application with a SELECT command coded according to Section 2.6.2 using the ADF Name found in the directory entry of the application.

If the SELECT command fails (i.e. SW1-SW2 ≠ '9000'), then the PayPass reader must remove the application from the candidate list and resume processing at step 3.4.2.1.

Having completed application selection, the PayPass reader can begin the main PayPass – M/Chip Transaction Processing, as described in Chapter 4.

PayPass – M/Chip Transaction ProcessingTransaction Flow


4 PayPass – M/Chip Transaction Processing This chapter describes the transaction processing of the PayPass reader after it has been enabled by the terminal and the PayPass application has been selected on the card. It specifies how the PayPass reader implements the transaction flow, and lists requirements to ensure interoperability. While other transaction types may be supported, this chapter focuses on the interaction between the PayPass card and the PayPass reader during a purchase transaction.

4.1 Transaction Flow 4.1.1.1 The PayPass reader must execute the transaction flow as described in Figure 4.1

and Figure 4.2, and in the corresponding text below.

Note The transaction flow described in Figure 4.1 and Figure 4.2 assumes normal processing without exceptions. Exception processing is described in Section 4.2.

Symbol 1 FCI and SW1-SW2 Processing The PayPass reader performs certain checks on the data received in reply to the SELECT AID command as described in Section 4.3.1.

Symbol 2 GET PROCESSING OPTIONS Command Processing The PayPass reader initiates the transaction by issuing the GET PROCESSING OPTIONS command as described in Section 4.3.2. The PayPass card returns the AIP and the AFL.

Symbol 3 M/Chip profile? The PayPass reader verifies if the "M/Chip profile is supported" bit in the AIP is set. If the bit is set, the PayPass reader continues by selecting the method of offline data authentication to be used (see Symbol 7). If the bit is not set, then it continues by reading from the PayPass card the PayPass – Mag Stripe application data (see Symbol 4).

Symbol 4 Read Mag Stripe Application Data Based on the AFL previously received from the card, the PayPass reader reads the necessary data using the READ RECORD command as specified in Section 4.3.3.

Symbol 5 Mag Stripe Application Version Number Checking The PayPass reader verifies the compatibility of its application with the PayPass – Mag Stripe application in the PayPass card as specified in Section 4.3.4.

PayPass – M/Chip Transaction Processing Transaction Flow


Symbol 6 COMPUTE CRYPTOGRAPHIC CHECKSUM Processing The PayPass reader continues with the COMPUTE CRYPTOGRAPHIC CHECKSUM command as specified in Section 4.3.5. The PayPass reader then sets the Transaction Outcome to "Online Request".

Note After the completion of the COMPUTE CRYPTOGRAPHIC CHECKSUM response, the PayPass card can be removed from the PayPass reader.

Symbol 7 Offline Data Authentication Method Selection The PayPass reader selects the offline data authentication method to be used in the transaction. As described in Section 4.3.6, it compares the functionality available on the card, as indicated in the AIP, with its own capabilities. The result of this process is a decision to perform CDA, SDA or not to perform any offline data authentication.

Symbol 8 Read M/Chip Application Data The PayPass reader reads the necessary data using READ RECORD commands as specified in Section 4.3.7.

Symbol 9 Processing Restrictions The PayPass reader performs the Processing Restrictions function as specified in Section 4.3.8. This includes application version number checking, application usage control checking and application effective/expiry dates checking.

Symbol 10 Terminal Risk Management The PayPass reader performs Terminal Risk Management as specified in Section 4.3.9.

Symbol 11 M/Chip CVM Selection The PayPass reader selects a cardholder verification method as specified in Section 4.3.10. The result of this function is stored as the Transaction CVM.

Symbol 12 Terminal Action Analysis The PayPass reader performs Terminal Action Analysis in order to decide whether the transaction should be approved offline, declined offline, or transmitted online. The PayPass reader makes this decision based on the content of the TVR, the Issuer Action Codes and Terminal Action Codes as specified in Section 4.3.11.

Symbol 13 GENERATE AC The PayPass reader issues a GENERATE AC command, as described in Section 4.3.12, requesting a TC, ARQC or an AAC based on the results of Terminal Action Analysis.

The PayPass card performs its card risk management when it receives the GENERATE AC command, and may decide to complete the transaction online (ARQC), offline (TC) or decline the transaction (AAC).

Note After the completion of the GENERATE AC response, the PayPass card may be removed from the PayPass reader.



Symbol 14 Card Generated AAC? If the PayPass reader requested an ARQC or TC, and if the PayPass card has generated an AAC, the PayPass reader sets the Transaction Outcome to "Try Another Interface" and continues with the Completion function. If the PayPass reader requested an AAC, and if the PayPass card has generated an AAC, the PayPass reader sets the Transaction Outcome to "Declined" and continues with the Completion function. Otherwise, the PayPass reader continues by checking if CDA was used in the PayPass card response.

Symbol 15 Combined DDA/AC Generation? If CDA is being performed, the PayPass reader continues by retrieving the ICC Public Key from the data read from the PayPass card and by verifying the SDAD. If CDA has not been performed, the PayPass reader continues by verifying that the PayPass card generated an ARQC.

Symbol 16 Retrieve ICC Public Key and Verify SDAD (CDA) The PayPass reader retrieves the ICC Public Key and verifies the SDAD generated by the PayPass card as specified in Section 4.3.13.

Symbol 17 Card Generated ARQC (CDA)? The PayPass reader checks if the card generated an ARQC. If this is the case, the PayPass reader sets the Transaction Outcome to "Online Request" for online capable terminals, and to "Declined" for offline-only terminals. If the PayPass card generated a TC, the PayPass reader sets the Transaction Outcome to "Approved". The PayPass reader continues with the Completion function.

Symbol 18 Card Generated ARQC (No CDA)? The PayPass reader checks if the PayPass card generated an ARQC. If this is the case, the PayPass reader sets the Transaction Outcome to "Online Request" for online capable terminals, and to "Declined" for offline-only terminals. The PayPass reader then continues with the Completion function. If the PayPass card generated a TC, the PayPass reader continues by performing SDA.

Symbol 19 Static Data Authentication The PayPass reader performs SDA as specified in Section 4.3.14. The PayPass reader sets the Transaction Outcome to "Approved".

Symbol 20 Completion The PayPass reader executes the Completion function as specified in Section 4.3.15, and hands control back to the terminal.

PayPass – M/Chip Transaction Processing Transaction Flow


Figure 4.1—Transaction Flow for PayPass reader (Part 1)



Figure 4.2—Transaction Flow for PayPass reader (Part 2)

PayPass – M/Chip Transaction Processing Exception Processing


4.2 Exception Processing This section specifies exceptions to normal processing that cause termination of the normal transaction flow.

4.2.1 Processing 4.2.1.1 If the PayPass reader encounters an exception during its processing, then it must

set the Transaction Outcome to "End Application" and continue with the Completion function as specified in Section 4.3.15.

4.2.2 Data Objects Data objects returned by the PayPass card are checked by the PayPass reader as follows:

4.2.2.1 It is the responsibility of the issuer to ensure that data in the PayPass card is of the correct format. No format checking other than that specifically defined is mandated for the PayPass reader. However, if during normal processing the PayPass reader recognizes that data read from the PayPass card is incorrectly formatted, it must terminate the transaction as defined in requirement 4.2.1.1.

4.2.2.2 Unless explicitly stated in Section 4.3, during a PayPass – Mag Stripe transaction the PayPass reader must not validate the individual data objects returned in the Track 1 Data and Track 2 Data. Specifically, validation of the values 2 and 6 in the first digit of the service code present in Track 1 Data or Track 2 Data to determine if a contact chip transaction is required must not be performed. Any existing data validation carried out to support individual payment products is outside the scope of this specification.

However, if in the course of copying the dynamic data into Track 1 Data or Track 2 Data, the PayPass reader is not able to localize the discretionary data field due to one or more format errors, the PayPass reader must terminate the transaction as defined in requirement 4.2.1.1.

4.2.2.3 If, during transaction processing, the PayPass reader encounters more than one occurrence of a single primitive data object, it must terminate the transaction as specified in requirement 4.2.1.1.

4.2.2.4 If, during transaction processing, the PayPass reader receives in a response from the PayPass card a data object that is listed in Table A.1 as having the PayPass reader as source, it must terminate the transaction as specified in requirement 4.2.1.1.

PayPass – M/Chip Transaction ProcessingException Processing


4.2.3 Status Bytes 4.2.3.1 If, during transaction processing, the PayPass card returns any SW1-SW2 other

than '9000', the PayPass reader must terminate the transaction as according to requirement 4.2.1.1, unless otherwise specified.

4.2.4 COMPUTE CRYPTOGRAPHIC CHECKSUM Specific exception processing is required for the COMPUTE CRYPTOGRAPHIC CHECKSUM command.

4.2.4.1 During a PayPass – Mag Stripe transaction, if the PayPass reader does not receive a valid response from the PayPass card to a COMPUTE CRYPTOGRAPHIC CHECKSUM command (i.e. no response message or an invalid response message), it must wait 300 ms before terminating the transaction as specified in requirement 4.2.1.1.

If it is the second consecutive transaction for which no valid response message from the PayPass card for the COMPUTE CRYPTOGRAPHIC CHECKSUM command is received, the PayPass reader must wait 2 * 300 ms before terminating the transaction as specified in requirement 4.2.1.1.

In general, if it is the nth (n = 1, 2, 3, …) consecutive transaction for which no valid response message from the PayPass card for the COMPUTE CRYPTOGRAPHIC CHECKSUM command is received, the PayPass reader must wait 2m * 300 ms (m being the minimum of n-1 and 5) before terminating the transaction as specified in requirement 4.2.1.1.

PayPass – M/Chip Transaction Processing Functions Used in Transaction Processing


4.3 Functions Used in Transaction Processing

4.3.1 FCI and SW1-SW2 Processing Transaction processing begins with the analysis of the response to the SELECT AID command.

4.3.1.1 If the PayPass card returns any SW1-SW2 other than '9000' in response to the SELECT AID command, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

Note Requirement 4.3.1.1 applies only if the PayPass reader implements the EMV Entry Point. Otherwise, the status bytes in response to the SELECT AID command are processed as described previously in requirement 3.4.2.2.

4.3.1.2 The PayPass reader must verify that the FCI is correctly formatted, as specified in Table 2.24. If this is not the case, then the PayPass reader must terminate processing as specified in requirement 4.2.1.1.

4.3.1.3 The PayPass reader must extract the PDOL (if present) from the FCI and store it for later use during the GET PROCESSING OPTIONS Command Processing.

4.3.1.4 The PayPass reader must extract the DF Name (tag '84'), Application Label (tag '50') (if present), the Language Preference (tag '5F2D') (if present), the Issuer Code Table Index (tag '9F11') (if present) and the Application Preferred Name (tag '9F12') (if present) from the FCI, and store them for later use in the Completion function. Additional tags returned in the FCI that are not listed in Table 2.24 must be discarded by the PayPass reader.

4.3.1.5 If the Language Preference (tag '5F2D') data object is included in the FCI, then the PayPass reader must perform language selection as specified in Section 11.1 of [EMV BOOK 4], except for interactive cardholder language selection. If no match is found and the PayPass reader supports more than one language, it must automatically select the local language.

4.3.2 GET PROCESSING OPTIONS Processing The PayPass reader issues the GET PROCESSING OPTIONS command to initiate the transaction in the card.

4.3.2.1 The PayPass reader sets all bits in the TVR and CVM Results to 0b.

4.3.2.2 If the Terminal CVM Required Limit Flag is set, then the Terminal Capabilities must be instantiated with Terminal Capabilities – CVM Required. Otherwise the Terminal Capabilities must be instantiated with Terminal Capabilities – No CVM Required.

PayPass – M/Chip Transaction ProcessingFunctions Used in Transaction Processing


4.3.2.3 The PayPass reader must format the GET PROCESSING OPTIONS command as specified in Section 2.4.2.

4.3.2.4 If the PDOL is not present (see requirement 4.3.1.3), the PayPass reader must use a command data field of '8300'.

4.3.2.5 If the PDOL is present, the PayPass reader must use the PDOL to create a concatenated list of data objects without tags or lengths following the rules specified in Section 5.2. The PayPass reader must verify that all of the tags in the PDOL belong to data objects available to the PayPass reader. If this is not the case, the PayPass reader must provide a data object with the length specified and a value of all hexadecimal zeros for all such tags encountered. The PayPass reader must use the concatenated list as value field of the data object with tag '83'.

4.3.2.6 The PayPass reader must verify that the response message to the GET PROCESSING OPTIONS command is correctly formatted as specified in Section 2.4.3. If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.2.7 The PayPass reader must retrieve from the response message the AIP (tag '82') and AFL (tag '94') data objects. If they are not both included, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. If the PayPass card response contains a constructed data object as described in Table 2.13, any additional data objects returned in the data field must be discarded by the PayPass reader.

4.3.2.8 If the PayPass – Mag Stripe Indicator for the selected AID indicates that the PayPass – Mag Stripe profile is not supported and the "M/Chip profile is supported" bit in the AIP is not set, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.2.9 If the PayPass card returns SW1-SW2 = '6985' in response to the GET PROCESSING OPTIONS command, then the PayPass reader must remove the application from the candidate list and return to application selection as described in requirement 3.4.2.1.

Note Requirement 4.3.2.9 applies only if the PayPass reader implements application activation as specified in Chapter 3. If the EMV Entry Point is used, then SW1-SW2 = '6985' is handled as described in 4.2.3.1.



4.3.3 Read Mag Stripe Application Data Data contained in the files of the PayPass card are required by the PayPass reader to complete the COMPUTE CRYPTOGRAPHIC CHECKSUM command processing. The PayPass reader uses the READ RECORD command to read the files and records indicated in the AFL.

4.3.3.1 If the value of the four most significant bytes of the AFL is different from '08010100', then the PayPass reader must process each entry in the AFL from left to right. A READ RECORD command as described in Section 2.5 must be issued for each record between the starting record number and the ending record number, inclusively. The PayPass reader must ignore the fourth byte of each entry in the AFL.

The PayPass reader must then proceed with requirement 4.3.3.3.

4.3.3.2 If the value of the four most significant bytes of the AFL is equal to '08010100', then the PayPass reader must not interpret the AFL and instead must only issue a READ RECORD command as described in Section 2.5 for the first record in the file with SFI 1.

4.3.3.3 The PayPass reader must store all recognized data objects read, whether mandatory or optional, for later use in the transaction processing. Data objects that are not recognized by the PayPass reader (that is, their tags are unknown by the PayPass reader) must be discarded.

4.3.3.4 If any of the mandatory data objects listed in Table 4.1 is not present, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

Table 4.1—Mandatory PayPass – Mag Stripe Data Objects

Tag Value '9F6B' Track 2 Data '9F66' PUNATCTRACK2 '9F65' PCVC3TRACK2 '9F67' NATCTRACK2

4.3.3.5 The PayPass reader must copy the discretionary data field of the Track 1 Data (if present) into DDCARD,TRACK1. The PayPass reader must copy the discretionary data field of the Track 2 Data into DDCARD,TRACK2.

4.3.3.6 The PayPass reader must verify that the number of non-zero bits in PUNATCTRACK2 (kTRACK2) is greater than or equal to the number of digits of the ATC to be included in the discretionary data field of the Track 2 Data (t TRACK2). If kTRACK2 < tTRACK2, the PayPass reader must terminate the transaction, as specified in requirement 4.2.1.1. Otherwise, the PayPass reader must set nUN equal to kTRACK2 - t TRACK2.

4.3.3.7 The PayPass reader must verify that nUN is less than or equal to 8. If nUN is greater than 8, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.



4.3.3.8 The PayPass reader must verify that the number of non-zero bits in PCVC3TRACK2 is greater than or equal to 3 (i.e. qTRACK2 ≥ 3). If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.3.9 If Track 1 Data is included in the data returned from the card, the PayPass reader must verify that also PCVC3TRACK1, PUNATCTRACK1 and NATCTRACK1 are returned. If at least one of these data objects is not available, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.3.10 If Track 1 Data is available, the PayPass reader must verify that the number of non-zero bits in PUNATCTRACK1 (kTRACK1) is greater than or equal to the number of digits of the ATC to be included in the discretionary data field of Track 1 Data (tTRACK1). If kTRACK1 < t TRACK1, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.3.11 If Track 1 Data is available, the PayPass reader must verify that kTRACK1 - tTRACK1 is equal to nUN. If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.3.12 If Track 1 Data is available, the PayPass reader must verify that the number of non-zero bits in PCVC3TRACK1 is greater than or equal to 3 (i.e. qTRACK1 ≥ 3). If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.3.13 The PayPass reader must retrieve from the Track 2 Data the PAN and Expiry Date. If Track 1 Data is returned from the card, the PayPass reader must verify that the PAN and Expiry Date included in the Track 1 Data are the same as the PAN and Expiry Date included in the Track 2 Data. If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.4 Mag Stripe Application Version Number Checking The applications within both the PayPass card and the PayPass reader maintain a Mag Stripe Application Version Number assigned by the payment system. The PayPass reader verifies the compatibility of its Mag Stripe Application Version Number (Reader) with the Mag Stripe Application Version Number (Card) in the card.

4.3.4.1 If the Mag Stripe Application Version Number (Card) is not present in the card, or if the PayPass reader does not recognize or support the application version of the card, the PayPass reader must use its latest version to perform the transaction. Otherwise, PayPass reader must use the appropriate code and/or commands to perform the transaction with the card.



4.3.5 COMPUTE CRYPTOGRAPHIC CHECKSUM Processing The PayPass reader issues the COMPUTE CRYPTOGRAPHIC CHECKSUM command to the PayPass card to obtain the CVC3TRACK2, the CVC3TRACK1 (optional) and the ATC from the card.

4.3.5.1 The PayPass reader must generate an UN (Numeric) of 8 digits in length and of which the 8-nUN most significant digits are set equal to 0.

4.3.5.2 The PayPass reader must format the COMPUTE CRYPTOGRAPHIC CHECKSUM command as specified in Section 2.2.2.

4.3.5.3 If the UDOL is returned by the PayPass card during the Read Mag Stripe Application Data processing, the PayPass reader must create a concatenated list of data objects without tags or lengths following the rules specified in Section 5.2.

4.3.5.4 If the UDOL is not returned by the PayPass card during the Read Mag Stripe Application Data processing, the PayPass reader must use the Default UDOL to construct the data field of the command message. Refer to Section 5.4 for the definition of the Default UDOL.

4.3.5.5 The PayPass reader must verify that the response message of the COMPUTE CRYPTOGRAPHIC CHECKSUM command is correctly formatted as specified in Section 2.2.3. If it is not correctly formatted, the PayPass reader must terminate the transaction as indicated in requirement 4.2.4.1.

4.3.5.6 The PayPass reader must retrieve the CVC3TRACK2 (tag '9F61') and the ATC (tag '9F36') from the Response Message Template (tag '77'). If one of these data objects is not available, the PayPass reader must terminate the transaction as indicated in requirement 4.2.4.1.

4.3.5.7 The PayPass reader must convert the binary encoded CVC3TRACK2 to the BCD encoding of the corresponding number expressed in base 10. The PayPass reader must copy the qTRACK2 least significant digits of the BCD encoded CVC3TRACK2 in the eligible positions of the discretionary data field of Track 2 Data. The eligible positions are indicated by the qTRACK2 non-zero bits in PCVC3TRACK2.

4.3.5.8 The PayPass reader must replace the nUN least significant eligible positions of the discretionary data field of Track 2 Data by the nUN least significant digits of UN (Numeric). The eligible positions in the discretionary data field are indicated by the nUN least significant non-zero bits in PUNATCTRACK2.

4.3.5.9 If tTRACK2 ≠ 0, the PayPass reader must convert the ATC to the BCD encoding of the corresponding number expressed in base 10. The PayPass reader must replace the tTRACK2 most significant eligible positions of the discretionary data field of Track 2 Data by the tTRACK2 least significant digits of the BCD encoded ATC. The eligible positions in the discretionary data field are indicated by the tTRACK2 most significant non-zero bits in PUNATCTRACK2.

4.3.5.10 The PayPass reader must copy nUN into the least significant digit of the discretionary data field of the Track 2 Data.



4.3.5.11 If Track 1 Data is available, the PayPass reader must retrieve the CVC3TRACK1 from the Response Message Template (tag '77'). If the Track 1 Data is available and the CVC3TRACK1 is not available, the PayPass reader must terminate the transaction as indicated in requirement 4.2.4.1.

4.3.5.12 Data objects returned in the Response Message Template (tag '77') with tags other than '9F60', '9F61' and '9F60' must be discarded by the PayPass reader.

4.3.5.13 If Track 1 Data is available, the PayPass reader must convert the binary encoded CVC3TRACK1 to the BCD encoding of the corresponding number expressed in base 10. The PayPass reader must convert the qTRACK1 least significant digits of the BCD encoded CVC3TRACK1 into the ASCII format and copy the qTRACK1 ASCII encoded CVC3TRACK1 characters into the eligible positions of the discretionary data field of the Track 1 Data. The eligible positions are indicated by the qTRACK1 non-zero bits in PCVC3TRACK1.

4.3.5.14 If Track 1 Data is available, the PayPass reader must convert the BCD encoded UN (Numeric) into the ASCII format and replace the nUN least significant eligible positions of the discretionary data field of the Track 1 Data by the nUN least significant characters of the ASCII encoded UN (Numeric). The eligible positions in the discretionary data field are indicated by the nUN least significant non-zero bits in PUNATCTRACK1.

4.3.5.15 If Track 1 Data is available and tTRACK1 ≠ 0, the PayPass reader must convert the ATC to the BCD encoding of the corresponding number expressed in base 10. The PayPass reader must convert the tTRACK1 least significant digits of the ATC into the ASCII format. The PayPass reader must replace the tTRACK1 most significant eligible positions of the discretionary data field of the Track 1 Data by the tTRACK1 ASCII encoded ATC characters. The eligible positions in the discretionary data field are indicated by the tTRACK1 most significant non-zero bits in PUNATCTRACK1.

4.3.5.16 If Track 1 Data is available, the PayPass reader must convert nUN into the ASCII format and copy the ASCII encoded nUN character into the least significant position of the discretionary data field of the Track 1 Data.

4.3.5.17 The PayPass reader must execute the requirements 4.3.5.7, 4.3.5.8, 4.3.5.9 and 4.3.5.10 and the requirements 4.3.5.13, 4.3.5.14, 4.3.5.15 and 4.3.5.16 in the order as specified above.



4.3.6 Offline Data Authentication Method Selection Based on the capabilities of the PayPass card, the PayPass reader selects a method of offline data authentication to be used for the transaction.

The PayPass reader performs Offline Data Authentication Method Selection as follows:

4.3.6.1 If the AIP indicates that the PayPass card supports CDA (AIP[1][1] = 1b) and the Terminal Capabilities indicate that the PayPass reader supports CDA (Terminal Capabilities[3][4] = 1b), the PayPass reader must select CDA as the ODA to be performed. Offline Data Authentication Method Selection is complete. Otherwise, the PayPass reader must continue with requirement 4.3.6.2.

4.3.6.2 If the AIP indicates that the PayPass card supports SDA (AIP[1][7] = 1b) and the Terminal Capabilities of the PayPass reader indicate support for SDA (Terminal Capabilities[3][8] = 1b), the PayPass reader must select SDA as the ODA to be performed. Offline Data Authentication Method Selection is complete. Otherwise, the PayPass reader must continue with requirement 4.3.6.3.

4.3.6.3 If neither SDA nor CDA is selected as the ODA to be performed, the PayPass reader must set the “Offline Data Authentication Was Not Performed” bit in the TVR to 1b.

4.3.7 Read M/Chip Application Data The PayPass reader reads the files and records indicated in the AFL using the READ RECORD command.

4.3.7.1 If the AFL returned by the PayPass card is not one of the pre-defined values described in Table 4.2, the PayPass reader must process each entry in the AFL from left to right. A READ RECORD command as described in Section 2.5 must be issued for each record between the starting record number and the ending record number, inclusively.

The PayPass reader must then proceed with requirement 4.3.7.6.

If the AFL returned by the PayPass card is one of the pre-defined values described in Table 4.2, the PayPass reader must proceed with requirement 4.3.7.2.

Table 4.2—Pre-defined AFL Values

ODA supported AFL Value SDA '08010100 10010101 18010200' CDA '08010100 10010101 18010200 20010200'

4.3.7.2 The PayPass reader must always read record 1 included in the file with SFI 2.

4.3.7.3 If the offline data authentication method to be performed for the transaction is SDA or CDA (see Section 4.3.6), the PayPass reader must read record 1 included in the file with SFI 3.



4.3.7.4 If the offline data authentication method to be performed for the transaction is SDA, the PayPass reader must read record 2 included in the file with SFI 3.

4.3.7.5 If the offline data authentication method to be performed for the transaction is CDA, the PayPass reader must read record 1 and 2 included in the file with SFI 4.

4.3.7.6 The PayPass reader must store all recognized data objects read, whether mandatory or optional, for later use in the transaction processing. Data objects that are not recognized by the PayPass reader (that is, their tags are unknown by the PayPass reader) must not be stored separately, but records containing such data objects may still participate in their entirety in offline data authentication, depending upon the coding of the AFL.

4.3.7.7 All mandatory data objects must be present in the card. If any mandatory data object is not present, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. The mandatory data objects are listed in Table 4.3.

Table 4.3—Mandatory PayPass – M/Chip Data Objects

Tag Value '5F24' Application Expiry Date '5A' PAN '8C' CDOL1 '9F4A' SDA Tag List

4.3.7.8 Proprietary data files (i.e. files with SFI outside the range 1 to 10) may or may not conform to this specification (refer to Table 2.17). Records in proprietary files may be represented in the AFL and may participate in offline data authentication if they are readable without conditions by the READ RECORD command coded according to Section 2.5.2.

4.3.8 Processing Restrictions 4.3.8.1 The Processing Restrictions function must be performed as specified in

Section 10.4 of [EMV BOOK 3] and Section 6.3.3 of [EMV BOOK 4]. It includes the checking of the following data objects: Application Version Number, Application Usage Control, Application Effective Date, Application Expiry Date.

4.3.9 Terminal Risk Management 4.3.9.1 If the Terminal Contactless Floor Limit Exceeded Flag has been set during the

pre-processing phase, then the "Transaction Exceeds Floor Limit" bit of the TVR must be set to 1b.

The PayPass reader may support an exception file as specified in Section 6.3.5 of [EMV BOOK 4].



4.3.10 M/Chip CVM Selection Cardholder verification is performed to ensure that the person presenting the PayPass card is indeed the person to whom the application in the PayPass card was issued. This section specifies how the PayPass reader selects the CVM to be performed by the terminal. The M/Chip CVM Selection function makes use of the CVM List (tag '8E') returned by the PayPass card in the response to the READ RECORD command. The PayPass reader compares the contents of the card's CVM List with the CVMs it supports.

The result of the M/Chip CVM Selection processing is communicated to the terminal during the Completion function by means of the Transaction CVM.

Note The M/Chip CVM Selection function involves only the selection of the CVM to be performed. Cardholder verification is not performed until after the Completion function, and the PayPass reader has returned control to the terminal.

The PayPass reader performs M/Chip CVM Selection as follows:

4.3.10.1 If the "Cardholder verification is supported" bit in the AIP is not set, then the PayPass reader must set the Transaction CVM to "No CVM". In the CVM Results, the PayPass reader must set byte 1 to "No CVM" and byte 3 to "successful". M/Chip CVM Selection is complete. Otherwise, the PayPass reader must continue with requirement 4.3.10.2.

4.3.10.2 If the CVM List is not present in the card or the CVM List has no CVRs, then the PayPass reader must set the "ICC Data Missing" bit in the TVR and the Transaction CVM to "No CVM". In the CVM Results, the PayPass reader must set byte 1 to "No CVM" and byte 3 to "unknown". M/Chip CVM Selection is complete. Otherwise, the PayPass reader must continue with requirement 4.3.10.3.

4.3.10.3 The PayPass reader must process each CVR in the order in which they appear in the CVM List according to requirements 4.3.10.4 and 4.3.10.5. M/Chip CVM Selection is completed when a CVM is successfully selected or when the CVM List is exhausted.

4.3.10.4 When processing each CVR, if any of the following is true, then the PayPass reader must bypass the CVR and proceed to the next CVR in the CVM List:

• The conditions expressed by the CVM Condition Code (second byte of the CVR) are not satisfied.

• Data required by the conditions expressed by the CVM Condition Code is not present.

• The CVM Condition Code is outside the range of codes understood by the PayPass reader (refer to requirement 4.3.10.6).

If there are no more CVRs in the list, then the PayPass reader must set the Transaction CVM to "No CVM" and set the "Cardholder verification was not successful" bit in the TVR. In the CVM Results, the PayPass reader must set byte 1 to "No CVM" and byte 3 to "failed". M/Chip CVM Selection is complete.



4.3.10.5 If the conditions expressed by the CVM Condition Code are satisfied, then the PayPass reader must proceed according to the following steps:

1. If the CVM Code (first byte of the CVR) is recognized (refer to requirement 4.3.10.7), then the PayPass reader must proceed with step 2. If the CVM Code is not recognized, then the PayPass reader must set the 'Unrecognized CVM' bit in the TVR and proceed with step 3.

2. If the CVM Code is supported (refer to requirement 4.3.10.8) and is not "Fail CVM", then the PayPass reader must proceed as follows:

• The PayPass reader must set the Transaction CVM as indicated by the CVM Code.

• In the CVM Results, the PayPass reader must copy the CVR to bytes 1 and 2, and must set byte 3 to "unknown".

• If the CVM Code is "Enciphered PIN verified online", then the PayPass reader must set the "Online PIN entered" bit in the TVR.

• M/Chip CVM Selection is complete.

If the CVM Code is "Fail CVM" or if the CVM Code is not supported, then the PayPass reader must proceed with step 3.

3. The PayPass reader must examine b7 of the CVM Code. If b7 is set to 1b, processing continues with the next CVR, if present. If b7 is set to 0b, or if there are no more CVRs in the list, then the PayPass reader must set the Transaction CVM to "No CVM" and set the "Cardholder verification was not successful" bit in the TVR. The PayPass reader must set byte 3 of the CVM Results to "failed". If the CVM Code is "Fail CVM", then the PayPass reader must copy the CVR to bytes 1 and 2 of the CVM Results. If the CVM Code is not "Fail CVM", then the PayPass reader must set byte 1 of the CVM Results to "No CVM". M/Chip CVM Selection is complete.

4.3.10.6 The PayPass reader must understand the CVM Condition Codes defined in Annex C.3 of [EMV BOOK 3]. The PayPass reader may also understand proprietary CVM Condition Codes not defined in Annex C.3 of [EMV BOOK 3].

4.3.10.7 The PayPass reader must recognize the CVM Codes defined in Annex C.3 of [EMV BOOK 3]. The PayPass reader may also recognize proprietary CVM Codes not defined in Annex C.3 of [EMV BOOK 3].

4.3.10.8 The PayPass reader must verify support of a CVM Code as follows:

• For CVM Codes defined in Annex C.3 of [EMV BOOK 3], support must be indicated in the Terminal Capabilities.

• For CVM Codes not defined in Annex C.3 of [EMV BOOK 3], support may be known implicitly.

• For Combination CVMs, both CVM Codes must be supported.

• "Fail CVM" must always be supported.



4.3.11 Terminal Action Analysis With the Terminal Action Analysis function the PayPass reader makes the decision as to whether the transaction should be approved offline, declined offline, or transmitted online.

4.3.11.1 Terminal Action Analysis must be performed as specified in Section 10.7 of [EMV BOOK 3].

4.3.12 GENERATE AC Processing As a result of the Terminal Action Analysis processing, the PayPass reader requests the PayPass card to generate an Application Cryptogram with the GENERATE AC command.

4.3.12.1 The PayPass reader must format the GENERATE AC command as specified in Section 2.3.2.

4.3.12.2 The PayPass reader must use the CDOL1 to create a concatenated list of data objects without tags or lengths following the rules specified in Section 5.2.

4.3.12.3 If the result of the Terminal Action Analysis (see Section 4.3.11) is "approved offline" (TC), and the result of Offline Data Authentication Method Selection is CDA (see Section 4.3.6), then the PayPass reader must indicate "CDA requested" in the Reference Control Parameter of the GENERATE AC command.

4.3.12.4 If the result of the Terminal Action Analysis (see Section 4.3.11) is "declined offline" (AAC) or "transmitted online" (ARQC), and the result of Offline Data Authentication Method Selection is CDA (see Section 4.3.6), then the PayPass reader must not indicate "CDA requested" in the Reference Control Parameter of the GENERATE AC command.

4.3.12.5 If the result of Offline Data Authentication Method Selection is not CDA (see Section 4.3.6), then the PayPass reader must not indicate "CDA requested" in the Reference Control Parameter of the GENERATE AC command.

4.3.12.6 The PayPass reader must verify that the response message of the GENERATE AC command is correctly formatted as specified in Section 2.3.3. If it is not correctly formatted, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.12.7 The PayPass reader must retrieve the CID (tag '9F27') and the Application Transaction Counter (tag '9F36') from the response message of the GENERATE AC command. If one of these data objects is not available, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.12.8 If CDA was not requested in the GENERATE AC command and the data object returned in the response message is a Response Message Template (tag '77'), the PayPass reader must verify that the Application Cryptogram (tag '9F26') is included. If the Application Cryptogram is not included, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. Additional data objects returned in the data field that are not listed in Table 2.8 must be discarded by the PayPass reader.



4.3.12.9 If CDA was requested in the GENERATE AC command and the PayPass card did not generate an AAC, the PayPass reader must verify that the SDAD (tag '9F4B') is included in the Response Message Template (tag '77'). If the SDAD tag is not included, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. Additional data objects returned in the data field that are not listed in Table 2.9 must be used by the PayPass reader during the verification of the SDAD.

4.3.13 Retrieve ICC Key and Verify SDAD (CDA) When the method of offline data authentication used is CDA, the PayPass reader retrieves the ICC Public Key and verifies the SDAD returned by the PayPass card as part of the response to the GENERATE AC command.

4.3.13.1 The PayPass reader must verify that all mandatory data objects for performing CDA have been returned from the PayPass card (refer to Table 4.4). If this is not the case, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

Table 4.4—Mandatory Data Objects for CDA

Tag Value '8F' Certification Authority Public Key Index '90' Issuer Public Key Certificate '92' Issuer Public Key Remainder 4 '9F32' Issuer Public Key Exponent 9F46' ICC Public Key Certificate '9F47' ICC Public Key Exponent '9F48' ICC Public Key Remainder 4

4.3.13.2 The PayPass reader must retrieve the Certification Authority Public Key, the Issuer Public Key and the ICC Public Key as described in Sections 6.2, 6.3 and 6.4 of [EMV BOOK 2] from the PayPass card data that was read in a previous step (see Section 4.3.7).

4.3.13.3 If the ICC Public Key is not retrieved successfully, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.13.4 Using the retrieved ICC Public Key in conjunction with the corresponding algorithm, the PayPass reader must verify the SDAD and recover the AC as described in Section 6.6.2 of [EMV BOOK 2].

4.3.13.5 If the SDAD is not successfully verified, then CDA has failed. The PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4 The Issuer Public Key Remainder or the ICC Public Key Remainder could be absent when the public key

modulus can be recovered in its entirety from the public key certificate.



4.3.14 Static Data Authentication When the method of offline data authentication used is SDA, the PayPass reader retrieves the Issuer Public Key and verifies the SSAD returned by the PayPass card during the Read M/Chip Application Data function (Section 4.3.7).

4.3.14.1 The PayPass reader must verify that all mandatory data objects for performing SDA have been returned from the PayPass card (refer to Table 4.5). If this is not the case, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

Table 4.5—Mandatory Data Objects for SDA

Tag Value '8F' Certification Authority Public Key Index '90' Issuer Public Key Certificate '92' Issuer Public Key Remainder 5 '9F32' Issuer Public Key Exponent '93' Signed Static Application Data

4.3.14.2 The PayPass reader must perform SDA by retrieving the Certification Authority Public Key and Issuer Public Key and then verifying the SSAD as described in Section 5 of [EMV BOOK 2].

4.3.14.3 If SDA is not successful, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.

4.3.15 Completion With the Completion function, the PayPass reader prepares the data objects to be returned to the terminal. The PayPass reader ends the Completion processing as described in Section 9.5 ("Removal") of [EMVCLPRO], and hands over control to the terminal.

4.3.15.1 The PayPass reader must indicate to the terminal the outcome of its transaction processing by means of the Transaction Outcome.

4.3.15.2 If a PayPass – M/Chip transaction is performed, then the PayPass reader must indicate to the terminal the outcome of the M/Chip CVM Selection function by means of the Transaction CVM.

5 The Issuer Public Key Remainder could be absent when the public key modulus can be recovered in its

entirety from the public key certificate.



4.3.15.3 If the Transaction Outcome is "Online Request" or "Approved", the PayPass reader must provide a Data Record to the terminal containing the necessary elements for authorization and clearing. The data objects required will depend on the transaction profile. The Data Record that the PayPass reader must return for a PayPass – M/Chip transaction is as shown in Table 4.6. The Data Record that the PayPass reader must return for a PayPass – Mag Stripe transaction is as shown in Table 4.7. Data objects whose presence is listed as conditional (C) must be present in the Data Record if they are present on the card.

Table 4.6—Data Record Detail for PayPass – M/Chip

Tag Data Object Presence

'57' Track 2 Equivalent Data C

'9F6E' PayPass Third Party Data C

'84' DF Name M

'50' Application Label C

'9F12' Application Preferred Name C

'9F11' Issuer Code Table Index C

'9F26' AC M

'9F27' CID M

'9F10' IAD C

'9F36' ATC M

'95' TVR 6 M

'9F37' UN M

'5F2A' Transaction Currency Code M

'9C' Transaction Type M

'9A' Transaction Date M

'9F02' Transaction Amount M

'9F1A' Terminal Country Code M

'9F34' CVM Results M

'82' AIP M

6 The TVR as sent to the PayPass card by the PayPass reader in the GENERATE AC command.



Table 4.7—Data Record Detail for PayPass – Mag Stripe

Tag Data Object Presence

'9F6B' Track 2 Data M

'56' Track 1 Data C

— DDCARD,TRACK17 C

— DDCARD,TRACK27 M

'9F6E' PayPass Third Party Data C

'84' DF Name M

'50' Application Label C

'9F12' Application Preferred Name C

'9F11' Issuer Code Table Index C

7 The format of the Data Record is implementation dependent. If the PayPass reader uses the TLV format, then

implementation specific values may be used for the tags of DDCARD,TRACK1 and DDCARD,TRACK2.

Data Object HandlingData Object Format


5 Data Object Handling This chapter defines the data object handling for the PayPass reader.

5.1 Data Object Format Data objects moved from the card to the PayPass reader are encapsulated in TLV encoded data objects. Data objects moved from the PayPass reader to the card are identified by a DOL sent to the PayPass reader by the card or by the definition of the command message.

Data objects that have the numeric (n) format are BCD encoded, right justified with leading hexadecimal zeros. Data objects that have the compressed numeric (cn) format are BCD encoded, left justified and padded with trailing 'F's. Note that the length indicator in the numeric and compressed numeric format notations (e.g. n 4) specifies the number of digits and not the number of bytes.

Data objects that have the alphanumeric (an) or alphanumeric special (ans) format are ASCII encoded, left justified and padded with trailing hexadecimal zeros.

5.1.1.1 When moving data from one entity to another (for example card to PayPass reader) or when concatenating data, the data must always be passed in decreasing order, regardless of how it is stored internally. The leftmost byte (byte 1) is the most significant byte.

5.1.1.2 Bytes or bits specified as Reserved for Future Use (RFU) must be set to the value indicated, or to zero if no value is given.

5.1.1.3 An entity receiving data specified as RFU must not examine or depend upon the coding of these bytes or bits.

5.2 DOL Handling To minimize processing in the card, the data field of the command messages is not TLV encoded. The application in the card indicates the requested data, including format and length, by sending a DOL to the PayPass reader. DOLs used in this specification include:

• The PDOL used with the GET PROCESSING OPTIONS command

• The CDOL1 used with the GENERATE AC command

• The UDOL used with the COMPUTE CRYPTOGRAPHIC CHECKSUM command.

5.2.1.1 DOL Handling must be performed according to the rules specified in Section 5.4 of [EMV BOOK 3].

Data Object Handling Bitmaps Used in Discretionary Data


5.3 Bitmaps Used in Discretionary Data PayPass uses bitmaps to indicate positions in the discretionary data field. These bitmaps are used when the PayPass reader needs to put data into one of the discretionary data fields. The bits indicate the positions into which certain data should be loaded.

Figure 5.1 indicates the numbering of the different positions in the discretionary data. In this example there are m positions within the discretionary data field, labeled p1 to pm.

Figure 5.1—Numbering of Positions within the Discretionary Data

Discretionary Data pm pm-1 pm-2 pm-3 … p5 p4 p3 p2 p1

Each bit in the bitmap refers to a position in the discretionary data. The least significant bit of the bitmap, i.e. the rightmost bit b1, corresponds to position p1; as indicated in Figure 5.2.

Figure 5.2—Relation between Discretionary Data and Bitmap

Discretionary Data

pm pm-1 pm-2 pm-3 … p5 p4 p3 p2 p1

br br-1 br-2 … bm+1 bm bm-1 bm-2 bm-3 … b5 b4 b3 b2 b1 Bitmap

The bitmap is composed of a number of bytes, and therefore the number of bits in the bitmap is always a multiple of 8. To accommodate all the positions in a field, the number of bytes in the bitmap will normally contain more bits than the number of positions. If the number of bits in the bitmap is denoted by q, then

q = (r+1)*8

where r is the integer quotient of (m-1)/8

For Track 2 Data mTRACK2 is a maximum of 13 digits, resulting in a bitmap of 16 bits or 2 bytes. For Track 1 Data the maximum value of mTRACK1 is 48 resulting in a bitmap of length 6 bytes or 48 bits.

An example is given in Figure 5.3, for mTRACK2=13, tTRACK2=2 and PUNATCTRACK2 = '031A', referring to position p10p9p5p4p2. Based on this, kTRACK2 equals 5 and nUN equals 3.

Figure 5.3—Example PUNATCTRACK2 = '031A'

Discretionary Data p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1

0 0 0 0 0 0 1 1 0 0 0 1 1 0 1 0 b16 b15 b14 b13 b12 b11 b10 b9 b8 b7 b6 b5 b4 b3 b2 b1

'0' '3' '1' 'A' Bitmap = '031A'

Data Object HandlingData Object Management


5.4 Data Object Management This section describes the management of the data objects listed in Table A.1.

5.4.1.1 The following data objects must be unique to the PayPass reader and must be configured independently of the AID.

• IFD Serial Number

• Terminal Country Code

5.4.1.2 Separate instances of the following data objects must be configured for each AID supported by the PayPass reader.

• Additional Terminal Capabilities

• Application Version Number

• Default UDOL (if PayPass – Mag Stripe transactions supported for that AID)

• Mag Stripe Application Version Number (if PayPass – Mag Stripe transactions supported for that AID)

• Merchant Category Code

• PayPass – Mag Stripe Indicator

• Terminal Action Codes

• Terminal Type

• Terminal Capabilities – No CVM Required

• Terminal Capabilities – CVM Required

• Terminal Contactless Transaction Limit

• Terminal Contactless Floor Limit

• Terminal CVM Required Limit

5.4.1.3 If the PayPass reader supports offline data authentication, it must be able to store six CA Public Keys per RID and must associate with each such key the following key-related information to be used with the key.

• Certification Authority Public Key Check Sum

• Certification Authority Public Key Exponent

• Certification Authority Public Key Index

• Certification Authority Public Key Modulus

The PayPass reader must be able to locate any such key (and key-related information) given the RID and Certification Authority Public Key Index provided by the ICC.

5.4.1.4 The PayPass reader must support the following transaction related data objects of which the value must be available before application activation.

Data Object Handling Data Object Management


• Amount Authorized (Binary)

• Amount Authorized (Numeric)

• Amount Other (Binary)

• Amount Other (Numeric)

• Transaction Category Code

• Transaction Currency Code

• Transaction Currency Exponent

• Transaction Date

• Transaction Time

• Transaction Type

5.4.1.5 Separate instances of the following flags must be must be available for each AID. Their values are set during application activation.

• Terminal Contactless Transaction Limit Exceeded Flag

• Terminal Contactless Floor Limit Exceeded Flag

• Terminal CVM Required Limit Exceeded Flag

5.4.1.6 The PayPass reader must support the following transaction related data objects of which the value is set during application activation and transaction processing.

• Cardholder Verification Method (CVM) Results

• DDCARD,TRACK1 and DDCARD,TRACK2

• Terminal Capabilities

• Terminal Verification Results

• Transaction CVM

• Transaction Outcome

• Unpredictable Number 8

• Unpredictable Number (Numeric)

5.4.1.7 Unless otherwise indicated (by the labels MSDA and MCDA), all card data objects included in Table A.1 (i.e. data objects listed with source "Card") must be supported by the PayPass reader. The PayPass reader must recognize the tag and must be able to store the value of the data object if it is returned by the card. Data objects with the label MSDA in the support column must be supported if the PayPass reader supports SDA. Data objects with the flag MCDA in the support column must be supported if the PayPass reader supports CDA.

8 May be generated before application activation if the EMV Entry Point is used.

Data Objects Dictionary


Annex A Data Objects Dictionary This annex lists the data objects supported by the PayPass reader.



Table A.1—Data Objects Dictionary

Data Object Name Description Source Tag Format, Length (bytes)

Support

Additional Terminal Capabilities

Indicates the data input and output capabilities of the terminal and PayPass reader. The Additional Terminal Capabilities is coded according to Annex A.3 of [EMV BOOK 4].

Reader '81' b, 5

M

Amount, Authorized (Binary)

Authorized amount of the transaction (excluding adjustments). This amount is expressed with implicit decimal point corresponding to the minor unit of currency as defined by [ISO 4217] (e.g. the four bytes '00 00 00 7B' are the hexadecimal representation of the decimal number 123 and represent GBP 1.23 when the currency code is '826').

Reader '81' b, 4

M

Amount, Authorized (Numeric)

Authorized amount of the transaction (excluding adjustments). This amount is expressed with implicit decimal point corresponding to the minor unit of currency as defined by [ISO 4217] (e.g. the six bytes '00 00 00 00 01 23' represent USD 1.23 when the currency code is '846').

Reader '9F02' n 12, 6

M

Amount, Other (Binary)

Secondary amount associated with the transaction representing a cash back amount. This amount is expressed with implicit decimal point corresponding to the minor unit of currency as defined by [ISO 4217] (e.g. the four bytes '00 00 00 7B' are the hexadecimal representation of the decimal number 123, and represents EUR 1.23 when the currency code is '978').

Reader '9F04' b, 4

M

Amount, Other (Numeric)

Secondary amount associated with the transaction representing a cash back amount. This amount is expressed with implicit decimal point corresponding to the minor unit of currency as defined by [ISO 4217] (e.g. the 6 bytes '00 00 00 00 01 23' represent GBP 1.23 when the currency code is '826').

Reader '9F03' n 12, 6

M

Application Cryptogram

Cryptogram returned by the Card in response to the GENERATE AC command. Card '9F26'

b, 8

M




Support

Application Currency Code

Indicates the currency in which the account is managed in accordance with [ISO 4217].

Card '9F42' n 3, 2

M

Application Currency Exponent

Indicates the implied position of the decimal point from the right of the amount represented in accordance with [ISO 4217]. The decimal point location of amounts expressed in the currency code specified in the Application Currency Code.

Card '9F44' n 1, 1

M

Application Effective Date

Date from which the application may be used. The date is expressed in the YYMMDD format. For MasterCard branded applications if the value of YY ranges from '00' to '49' the date reads 20YYMMDD. If the value of YY ranges from '50' to '99', the date reads 19YYMMDD.

Card '5F25' n 6 (YYMMDD),3

M

Application Expiration Date

Date after which application expires. The date is expressed in the YYMMDD format. For MasterCard applications, if the value of YY ranges from '00' to '49' the date reads 20YYMMDD. If the value of YY ranges from '50' to '99' the date reads 19YYMMDD.

Card '5F24'

n 6 (YYMMDD),3

M




Support

Application File Locator (AFL)

Indicates the location (SFI range of records) of the Application Elementary Files associated with a particular AID, and read by the terminal during a transaction. The AFL is a list of entries of 4 bytes each. Each entry codes an SFI and a range of records as follows: • The five most significant bits of the first byte indicate the SFI. • The second byte indicates the first (or only) record number to be read for

that SFI. • The third byte indicates the last record number to be read for that SFI.

When the third byte is greater than the second byte, all the records ranging from the record number in the second byte to and including the record number in the third byte must be read for that SFI. When the third byte is equal to the second byte, only the record number coded in the second byte must be read for that SFI.

• The fourth byte indicates the number of records involved in offline data authentication starting with the record number coded in the second byte. The fourth byte may range from zero to the value of the third byte less the value of the second byte plus 1.

Card '94' var., var. up to 252

M

Application Identifier (AID)

Identifies the application as described in [ISO/IEC 7816-5]. Card Reader

'4F' '9F06'

b, 5-16

M M




Support

Application Interchange Profile

Indicates the capabilities of the card to support specific functions in the application. The AIP is returned in the response message of the GET PROCESSING OPTIONS. It is coded as specified in Annex C.1 of [EMV BOOK 3]. This specification extends the definition by allocating the RFU bit b8 in byte 2 to indicate the PayPass profile supported (M/Chip profile or Mag Stripe profile). Byte 2 of the AIP for PayPass transactions is therefore as specified here:

b8 b7 b6 b5 b4 b3 b2 b1 Meaning

x PayPass profile

1 M/Chip profile is supported

0 Only Mag Stripe profile supported

x x x x x x x RFU

0 0 0 0 0 0 0 Other values RFU

Card '82' b, 2

M

Application Label Name associated with the AID, in accordance with [ISO/IEC 7816-5]. Card

'50' ans, 1-16

M

Application Preferred Name

Preferred name associated with the AID (e.g. a domestic debit brand name). Card '9F12'

ans, 1-16

M

Application Primary Account Number (PAN)

Valid cardholder account number. Card '5A'

cn var. up to 19, var. up to 10

M

Application Primary Account Number (PAN) Sequence Number

Identifies and differentiates cards with the same Application PAN. Card '5F34'

n 2, 1

M

Application Priority Indicator

Indicates the priority of a given application or group of applications in a directory.

Card '87'

b, 1

M




Support

Application Template Contains one or more data objects relevant to an application directory entry, in according with [ISO/IEC 7816-5].

Card '61'

b, var. up to 252

M

Application Transaction Counter (ATC)

Counter maintained by the application in the card (incrementing the ATC is managed by the card).

Card '9F36'

b, 2

M

Application Usage Control

Indicates issuer's specified restrictions on the geographic use and services allowed for the application. The Application Usage Control is coded as specified in Annex C.2 of [EMV BOOK 3].

Card '9F07'

b, 2

M

Application Version Number

Version number assigned by the payment system for the application. Card Reader

'9F08' '9F09'

b, 2 b, 2

M M

Card Risk Management Data Object List 1 (CDOL1)

A data object in the card that provides the reader with a list of data objects that must be passed to the card in the first GENERATE AC command.

Card '8C'

b, var. up to 252

M

Cardholder Verification Method (CVM) List

Identifies the methods of verification of the cardholder supported by the application. The CVM List is coded as specified in Annex C.3 of [EMV BOOK 3].

Card '8E'

b, var. up to 252

M

Cardholder Verification Method (CVM) Results

Indicates the results of the last CVM performed. The CVM Results are coded as specified in Annex A.4 of [EMV BOOK 4].

Reader '9F34'

b, 3

M

Certification Authority Public Key Check Sum

A check value calculated on the concatenation of all parts of the Certification Authority Public Key (RID, Certification Authority Public Key Index, Certification Authority Public Key Modulus, Certification Authority Public Key Exponent) using SHA-1.

Reader -

b, 20

MSDA,CDA




Support

Certification Authority Public Key Exponent

Value of the exponent part of the Certification Authority Public Key. Reader -

b, 1 or 3

MSDA,CDA

Certification Authority Public Key Index

Identifies the certification authority's public key in conjunction with the RID. Card Reader

'8F' '9F22'

b, 1 b, 1

MSDA,CDA MSDA,CDA

Certification Authority Public Key Modulus

Value of the modulus part of the Certification Authority Public Key. Reader -

b, NCA (up to 248)

MSDA,CDA

Command Template Identifies the data fields of a command message. Reader '83'

b, var.

M

Cryptogram Information Data

Indicates the type of cryptogram and the actions to be performed by the terminal

Card '9F27'

b, 1

M

CVC3TRACK1 The CVC3TRACK1 is a 2-byte cryptogram returned by the card in the response to the COMPUTE CRYPTOGRAPHIC CHECKSUM command.

Card '9F60' b, 2

M

CVC3TRACK2 The CVC3TRACK2 is a 2-byte cryptogram returned by the card in the response to the COMPUTE CRYPTOGRAPHIC CHECKSUM command.

Card '9F61' b, 2

M

Data Authentication Code (DAC)

An issuer-assigned value that is retained by the terminal during the verification process of the Signed Static Application Data.

Card '9F45'

b, 2

MSDA

DDCARD,TRACK1 If Track 1 Data is present, then DDCARD,TRACK1 contains a copy of the discretionary data field of Track 1 Data as returned by the card in the file read using the READ RECORD command during a PayPass – Mag Stripe transaction (i.e. without UN (Numeric), ATC, CVC3TRACK1 and nUN included).

Reader - ans, var. up to 56

M




Support

DDCARD,TRACK2 DDCARD,TRACK2 contains a copy of the discretionary data field of Track 2 Data as returned by the card in the file read using the READ RECORD command during a PayPass – Mag Stripe transaction (i.e. without UN (Numeric), ATC, CVC3TRACK2 and nUN included).

Reader - ans, var. up to 8 bytes

M

Dedicated File (DF) Name

Identifies the name of the DF, as described in [ISO/IEC 7816-4]. Card '84'

b, 5-16

M

Default UDOL The Default UDOL is the UDOL to be used for constructing the value field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command if the UDOL in the card is not present. The Default UDOL must always be present and must contain as its only entry the tag and length of the UN (Numeric). The value of the Default UDOL must be: '9F6A04'.

Reader - b, 3

M

File Control Information (FCI) Issuer Discretionary Data

Issuer discretionary part of the FCI. Card 'BF0C'

var. var. up to 222

M

File Control Information (FCI) Proprietary Template

Identifies the data object proprietary to this specification in the FCI template, in accordance with [ISO/IEC 7816-4].

Card 'A5'

var., var.

M

File Control Information (FCI) Template

Identifies the FCI template, in accordance with [ISO/IEC 7816-4]. Card '6F'

var., var. up to 252

M

Integrated Circuit Card (ICC) Dynamic Number

Time-variant number generated by the card, to be captured by the reader. Card '9F4C'

b, 8

MCDA

Integrated Circuit Card (ICC) Public Key Certificate

ICC Public Key certified by the issuer. Card '9F46'

b, NI

MCDA

Integrated Circuit Card (ICC) Public Key Exponent

Exponent used for the verification of the Signed Dynamic Application Data. Card '9F47'

b, 1 or 3

MCDA




Support

Integrated Circuit Card (ICC) Public Key Remainder

Remaining digits of the ICC Public Key Modulus. Card '9F48'

b, NIC-NI + 42

MCDA

Interface Device (IFD) Serial Number

Unique and permanent serial number assigned to the IFD by the manufacturer. Reader '9F1E'

an, 8

M

Issuer Action Code – Default

Specifies the issuer's conditions that cause a transaction to be rejected if it might have been approved online, but the terminal was unable to process the transaction online.

Card '9F0D'

b, 5

M

Issuer Action Code – Denial

Specifies the issuer's conditions that cause the denial of a transaction without attempt to go online.

Card '9F0E'

b, 5

M

Issuer Action Code – Online

Specifies the issuer's conditions that cause a transaction to be transmitted online.

Card '9F0F'

b, 5

M

Issuer Application Data

Contains proprietary application data for transmission to the issuer in an online transaction.

Card '9F10'

b, var. up to 32

M

Issuer Code Table Index

Indicates the code table, in accordance with [ISO 8859], for displaying the Application Preferred Name. The Issuer Code Table Index is coded as specified in Annex C.4 of [EMV BOOK 3].

Card '9F11'

n 2, 1

M

Issuer Country Code Indicates the country of the issuer, in accordance with [ISO 3166-1]. Card '5F28'

n 3, 2

M

Issuer Public Key Certificate

Issuer public key certified by a certification authority. Card '90'

b, NCA

MSDA,CDA

Issuer Public Key Exponent

Exponent used for the verification of the Signed Static Application Data. Card '9F32'

b, 1 or 3

MSDA,CDA

Issuer Public Key Remainder

Remaining digits of the Issuer Public Key Modulus. Card '92'

b, NI - NCA + 36

MSDA,CDA




Support

Language Preference 1-4 languages stored in order of preference, each represented by two alphabetical characters, in accordance with [ISO 639].

Card '5F2D'

an, 2-8

M

Mag Stripe Application Version Number

Version number assigned by the payment system for the specific PayPass – Mag Stripe functionality of the application.

Card Reader

'9F6C' '9F6D'

b, 2 b 2

M M

Merchant Category Code

Classifies the type of business being done by the merchant, represented in accordance with [ISO 8583:1993] for Card Acceptor Business Code.

Reader '9F15'

n 4, 2

M

PayPass – Mag Stripe Indicator

Indicates for each AID whether the PayPass – Mag Stripe profile is supported or not by the PayPass reader. Its value is implementation specific.

Reader - Implementation specific

M

PayPass Third Party Data

The PayPass Third Party Data contains proprietary information from a third party. If present, the PayPass Third Party Data must be present in a file read using the READ RECORD command. The value field of the PayPass Third Party Data is not interpreted by the PayPass reader. The value field must be coded with the following sub-fields, in the order shown:

Sub-field Format

Country Code according to [ISO 3166-1] n 3, 2 bytes

Unique identifier assigned by MasterCard b, 2 bytes

Proprietary data b, 1 to 28 bytes

Card '9F6E' b, 5-32

M

Processing Options Data Object List (PDOL)

Contains a list of resident data objects (tags and lengths) resident in the reader that are needed by the card in processing the GET PROCESSING OPTIONS command.

Card '9F38'

b, var.

M

Response Message Template Format 1

Contains the data objects (without tags and lengths) returned by the card in response to a command.

Card '80'

var., var.

M




Support

Response Message Template Format 2

Contains the data objects (with tags and lengths) returned by the card in response to a command.

Card '77'

var. var.

M

Service Code Service code as defined in Track 1 Data and Track 2 Data. Card '5F30'

n 3, 2

M

Signed Dynamic Application Data

Digital signature on critical application parameters for CDA. Card '9F4B'

b, NIC

MCDA

Signed Static Application Data

Digital signature on critical application parameters for SDA. Card '93'

b, NI

MSDA

Static Data Authentication Tag List

List of tags of primitive data objects defined in this specification for which the value fields must be included in the Signed Static or Dynamic Application Data.

Card '9F4A'

- var.

M

Terminal Action Code – Default

Specifies the acquirer's conditions that cause a transaction to be rejected if it might have been approved online, but the terminal is unable to process the transaction online.

Reader -

b, 5

M

Terminal Action Code – Denial

Specifies the acquirer's conditions that cause the denial of a transaction without attempt to go online.

Reader -

b, 5

M

Terminal Action Code – Online

Specifies the acquirer's conditions that cause a transaction to be transmitted online.

Reader -

b, 5

M

Terminal Capabilities

Indicates the card data input, CVM, and security capabilities of the terminal and PayPass reader. This data element is instantiated with values depending on the transaction amount. The Terminal Capabilities is coded according to Annex A.2 of [EMV BOOK 4].

Reader '9F33' b, 3

M

Terminal Capabilities – CVM Required

Indicates the card data input, CVM, and security capabilities of the terminal and PayPass reader when the transaction amount is greater than or equal to the Terminal CVM Required Limit. The Terminal Capabilities – CVM Required is coded according to Annex A.2 of [EMV BOOK 4].

Reader - b, 3

M




Support

Terminal Capabilities – No CVM Required

Indicates the card data input, CVM, and security capabilities of the terminal and PayPass reader when the transaction amount is below the Terminal CVM Required Limit. The Terminal Capabilities – No CVM Required is coded according to Annex A.2 of [EMV BOOK 4].

Reader - b, 3

M

Terminal Contactless Floor Limit

Indicates the transaction amount limit for the related AID above which PayPass transactions must be authorized online.

Reader - n 12, 6

M

Terminal Contactless Transaction Limit

Indicates the transaction amount limit for the related AID above which the selection of the AID on the card is not allowed.

Reader - n 12, 6

M

Terminal CVM Required Limit

Specifies the transaction amount limit for the related AID at or below which the reader must set "No CVM" to be its only supported verification method.

Reader - n 12, 6

M

Terminal Contactless Floor Limit ExceededFlag

Indicates for the related AID if the Terminal Contactless Floor Limit is exceeded.


M

Terminal Contactless Transaction Limit Exceeded Flag

Indicates for the related AID if the Terminal Contactless Transaction Limit is exceeded.


M

Terminal CVM Required Limit Exceeded Flag

Indicates for the related AID if the Terminal CVM Required Limit is exceeded. Reader - Implementation specific

M

Terminal Country Code

Indicates the country of the terminal, represented in accordance with [ISO 3166-1].

Reader '9F1A'

n 3, 2

M

Terminal Type Indicates the environment of the terminal, its communications capability, and its operational control. The Terminal Type is coded according to Annex A.1 of [EMV BOOK 4].

Reader '9F35'

n 2, 1

M

Terminal Verification Results

Status of the different functions from the terminal perspective. The Terminal Verification Results is coded according to Annex C.5 of [EMV BOOK 3].

Reader '95'

b, 5

M




Support

Track 1 Bitmap for CVC3 (PCVC3TRACK1)

PCVC3TRACK1 indicates to the PayPass reader the positions in the discretionary data field of the Track 1 Data where the qTRACK1 CVC3TRACK1 digits have to be copied.

Card '9F62' b, 6

M

Track 1 Bitmap for UN and ATC (PUNATCTRACK1)

PUNATCTRACK1 indicates to the PayPass reader the positions in the discretionary data field of the Track 1 Data where the nUN UN (Numeric) digits and tTRACK1 ATC digits have to be copied.

Card '9F63' b, 6

M

Track 1 Data Track 1 Data contains the data objects of the track 1 according to [ISO/IEC 7813] Structure B, excluding start sentinel, end sentinel and LRC. It is described as follows:

Sub-field Format

Format Code ('42' (B)) 1 byte

Identification Number (PAN) var. up to 19 bytes

Field Separator ('5E' (^)) 1 byte

Name (see ISO/IEC 7813) 2 to 26 bytes

Field Separator ('5E' (^)) 1 byte

Expiry Date (YYMM) 4 bytes

Service Code 3 bytes

Discretionary Data balance of available bytes

The Track 1 Data may be present in the file read using the READ RECORD command during a PayPass – Mag Stripe transaction. The PayPass reader copies the required digits of the UN (Numeric), CVC3TRACK1, ATC and nUN into the discretionary data field of the Track 1 Data and stores the modified Track 1 Data in the Data Record to be sent to the terminal.

Card '56' ans, var. up to 76

M

Track 1 Discretionary Data

Discretionary part of track 1 according to [ISO/IEC 7813]. Card '9F1F'

ans, var.

M




Support

Track 1 Number of ATC Digits (NATCTRACK1)

The value of NATCTRACK1 represents the number of digits of the ATC to be included in the discretionary data field of the Track 1 Data.

Card '9F64' b, 1

M

Track 2 Bitmap for CVC3 (PCVC3TRACK2)

PCVC3TRACK2 indicates to the PayPass reader the positions in the discretionary data field of the Track 2 Data where the qTRACK2 CVC3TRACK2 digits have to be copied.

Card '9F65' b, 2

M

Track 2 Bitmap for UN and ATC (PUNATCTRACK2)

PUNATCTRACK2 indicates to the PayPass reader the positions in the discretionary data field of the Track 2 Data where the nUN UN (Numeric) digits and tTRACK2 ATC digits have to be copied.

Card '9F66' b, 2

M

Track 2 Data Track 2 Data contains the data objects of the track 2 according to [ISO/IEC 7813], excluding start sentinel, end sentinel and LRC. It is described as follows:

Sub-field Format

Identification Number (PAN) n, var. up to 19 digits

Field Separator ('D') b

Expiry Date (YYMM) n 4

Service Code n 3

Discretionary Data n, balance of available digits

Padded with 'F' to ensure whole bytes.

The Track 2 Data is present in the file read using the READ RECORD command during a PayPass – Mag Stripe transaction. The PayPass reader copies the required digits of the UN (Numeric), CVC3TRACK2, ATC and nUN into the discretionary data field of the Track 2 Data and stores the modified Track 2 Data in the Data Record to be sent to the terminal.

Card '9F6B' b, var. up to 19

M

Track 2 Discretionary Data

Discretionary part of track 2 according to [ISO/IEC 7813]. Card '9F20'

cn var., var.

M




Support

Track 2 Equivalent Data

Contains the data objects of the track 2, in accordance with [ISO/IEC 7813], excluding start sentinel, end sentinel, and LRC as follows:

Sub-field Format

Primary Account Number n, var. up to 19 digits

Field Separator ('D') b

Expiration Date (YYMM) n, 4

Service Code n, 3

Discretionary Data n, var.

Padded with 'F' if needed to ensure whole bytes. b

Card '57'

b, var. up to 19

M

Track 2 Number of ATC Digits (NATCTRACK2)

The value of NATCTRACK2 represents the number of digits of the ATC to be included in the discretionary data field of the Track 2 Data.

Card '9F67' b, 1

M

Transaction Category Code

This is a data object defined by MasterCard which indicates the type of transaction being performed, and which may be used in Card Risk Management.

Reader '9F53'

an, 1

M

Transaction Currency Code

Indicates the currency code of the transaction, in accordance with [ISO 4217]. Reader '5F2A'

n 3, 2

M

Transaction Currency Exponent

Indicates the implied position of the decimal point from the right of the transaction amount represented, in accordance with [ISO 4217].

Reader '5F36'

n 1, 1

M

Transaction CVM Data object used to indicate to the terminal the outcome of the CVM Selection function. Possible values are: • No CVM • Signature • Online PIN The coding of the value is implementation specific.


M




Support

Transaction Date Local date that the transaction was authorized. Reader '9A'

n 6 (YYMMDD),3

M

Transaction Outcome Data object used to indicate to the terminal the outcome of the transaction processing. Possible values are:

• Approved The PayPass reader is satisfied that the transaction is acceptable with the selected card application and wants the transaction to be offline approved.

• Online Request The PayPass reader has found that the transaction requires an online authorization.

• Declined The PayPass reader has found that the transaction is not acceptable with the selected card application and wants the transaction to be offline declined.

• Try Another Interface

The PayPass reader is unable to complete the transaction with the selected card application, but knows that another interface (e.g. contact or magnetic-stripe) may be available.

• End Application The PayPass reader experienced an application error (e.g. missing data)

The coding of the value is implementation specific.


M

Transaction Time Local time that the transaction was authorized. Reader '9F21'

n 6 (HHMMSS), 3

M

Transaction Type Indicates the type of financial transaction, represented by the first two digits of [ISO 8583:1987] Processing Code.

Reader '9C'

n 2, 1

M

Unpredictable Number

Value to provide variability and uniqueness to the generation of a cryptogram during a PayPass – M/Chip transaction.

Reader '9F37'

b, 4

M




Support

Unpredictable Number Data Object List (UDOL)

The UDOL is the DOL that specifies the data objects to be included in the data field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command. The UDOL must at least include the UN (Numeric). The UDOL is not mandatory for the card. There will always be a Default UDOL, including as its only entry the tag and length of the UN (Numeric) (tag '9F6A').

Card '9F69' b, var.

M

Unpredictable Number (Numeric)

Unpredictable number generated by the PayPass reader during a PayPass – Mag Stripe Transaction. The UN (Numeric) is passed to the card in the data field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command. The (8-nUN) most significant digits must be set to zero.

Reader '9F6A' n, 8

M

Legend: MSDA This data object is mandatory if the PayPass reader supports SDA.

MCDA This data object is mandatory if the PayPass reader supports CDA.


*** End of Document ***

PayPass - MChip Card Application Interface Spec (V2.0)

Documents

Transcript of PayPass - MChip Card Application Interface Spec (V2.0)