PayPass Personalization Data Specificationsdata.cardzone.cz/contactless/PayPass PDS (V1.3).pdf ·...

PayPass Personalization Data

Specifications

Version 1.3 – May 2008

Version 1.3 – May 2008 © 2008 MasterCard ii PayPass Personalization Data Specifications

Copyright The information contained in this document is proprietary and

confidential to MasterCard International Incorporated, one or more of its affiliated entities (collectively "MasterCard") or both. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard.

Trademarks Trademark notices and symbols used in this manual reflect the

registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States.

All third-party product and service names are trademarks or registered trademarks of their respective owners.

Media This document is available in both electronic and printed format.

MasterCard Worldwide - CCOE

Chaussée de Tervuren, 198A B-1410 Waterloo Belgium E-mail: [email protected]

Table of Contents

© 2008 MasterCard Version 1.3 – May 2008 PayPass Personalization Data Specifications iii

Using this Manual......................................................................................... vii Scope........................................................................................................................... vii Audience ..................................................................................................................... vii Related Publications................................................................................................... viii Notational Conventions ............................................................................................. viii Abbreviations............................................................................................................... ix Document Overview ......................................................................................................x Revision History ............................................................................................................x

1 MasterCard PayPass – Mag Stripe Personalization Data................. 1 1.1 Data Elements for Application Selection .............................................................1 1.2 Data Elements Referenced in the AFL (DGI '0101')............................................2 1.3 Data Elements for CVC3 Generation (DGI 'A001').............................................3 1.4 Secret Key (DGI 'A002') ......................................................................................3

2 MasterCard PayPass – M/Chip Flex Personalization Data ............... 5 2.1 Contact Profiles ....................................................................................................5 2.2 Data Elements for Application Selection .............................................................5 2.3 Data Elements Referenced in the AFL.................................................................6

2.3.1 Recommended File Structure .............................................................................6 2.3.2 Data Elements that Must Not Be Included .........................................................9 2.3.3 CVM List..........................................................................................................10 2.3.4 Application Usage Control ...............................................................................10 2.3.5 Issuer Action Codes..........................................................................................11

2.4 Get Processing Options Response......................................................................12 2.5 Card Risk Management ......................................................................................13 2.6 Secret Keys.........................................................................................................16 2.7 Miscellaneous.....................................................................................................17 2.8 Counter Limits and Previous Transaction..........................................................18 2.9 Data Elements with a Fixed Initial Value ..........................................................18

3 Maestro PayPass – M/Chip Flex Personalization Data ................... 19 3.1 Contact Profiles ..................................................................................................19 3.2 Maestro PayPass Profiles...................................................................................19 3.3 Data Elements for Application Selection ...........................................................20 3.4 Data Elements Referenced in the AFL...............................................................20

3.4.1 Recommended File Structure ...........................................................................20 3.4.2 Data Elements that Must Not be Included........................................................23 3.4.3 CVM List..........................................................................................................23 3.4.4 Application Usage Control ...............................................................................23 3.4.5 Issuer Action Codes..........................................................................................24

Table of Contents

Version 1.3 – May 2008 © 2008 MasterCard iv PayPass Personalization Data Specifications

3.5 Get Processing Options Response......................................................................25 3.6 Card Risk Management ......................................................................................26 3.7 Secret Keys.........................................................................................................30 3.8 Miscellaneous.....................................................................................................31 3.9 Counter Limits and Previous Transaction..........................................................31 3.10 Data Elements with a Fixed Initial Value ..........................................................31

4 MasterCard PayPass – M/Chip 4 Personalization Data .................. 33 4.1 Contact Profiles ..................................................................................................33 4.2 Data Elements for Application Selection ...........................................................34 4.3 Data Elements Referenced in the AFL (PayPass) .............................................35

4.3.1 Recommended File Structure ...........................................................................35 4.3.2 Data Elements that Must Not Be Included .......................................................39 4.3.3 CVM List..........................................................................................................39 4.3.4 Application Usage Control ...............................................................................40 4.3.5 Issuer Action Codes..........................................................................................40

4.4 Data Elements Referenced in the AFL (Contact)...............................................42 4.5 Get Processing Options Response......................................................................43 4.6 Card Risk Management ......................................................................................44 4.7 Secret Keys.........................................................................................................47 4.8 Miscellaneous.....................................................................................................48 4.9 Counters and Previous Transaction....................................................................49 4.10 Data Elements with a Fixed Initial Value ..........................................................50

5 Maestro PayPass – M/Chip 4 Personalization Data ........................ 53 5.1 Contact Profiles ..................................................................................................53 5.2 Maestro PayPass Profiles...................................................................................53 5.3 Data Elements for Application Selection ...........................................................54 5.4 Data Elements Referenced in the AFL (PayPass) .............................................55

5.4.1 Recommended File Structure ...........................................................................55 5.4.2 Data Elements that Must Not Be Included .......................................................58 5.4.3 CVM List..........................................................................................................58 5.4.4 Application Usage Control ...............................................................................58 5.4.5 Issuer Action Codes..........................................................................................59

5.5 Data Elements Referenced in the AFL (Contact)...............................................61 5.6 Get Processing Options Response......................................................................62 5.7 Card Risk Management ......................................................................................63

5.7.1 Application Control (PayPass).........................................................................64 5.7.2 Card Issuer Action Codes.................................................................................65

Table of Contents

© 2008 MasterCard Version 1.3 – May 2008 PayPass Personalization Data Specifications v

5.8 Secret Keys.........................................................................................................68 5.9 Miscellaneous.....................................................................................................69 5.10 Counters and Previous Transaction....................................................................69 5.11 Data Elements with a Fixed Initial Value ..........................................................70

Using this ManualScope

© 2008 MasterCard Version 1.3 – May 2008 PayPass Personalization Data Specifications vii

Using this Manual This chapter contains information that helps you understand and use this document.

Scope

MasterCard PayPass™ technology enables fast, easy and globally accepted payments through the use of contactless chip technology on the traditional MasterCard card platform.

This document defines a set of personalization profiles supporting the MasterCard and Maestro products for the following PayPass program profiles:

• PayPass – Mag Stripe

• PayPass – M/Chip 4

• PayPass – Flex

The personalization of the PPSE is not considered.

The personalization data given for the PayPass – M/Chip Flex application does not include data for the co-application on the card.

The personalization data given for the PayPass – M/Chip 4 application covers the different available application versions (v1.0, v1.1a, v1.1b). However, it covers only the contactless interface. For information on the personalization data for the contact interface, refer to the M/Chip Personalization Data Specifications and Profiles for Debit and Credit.

Audience

This document is intended for:

• Issuers intending to issue PayPass cards or devices

• Personalization bureaus intending to provide facilities for PayPass applications

• Developers of Application Load File generation systems

It is assumed that the audience already has an understanding of chip card technology in general and in particular of PayPass.

Using this Manual Related Publications

Version 1.3 – May 2008 © 2008 MasterCard viii PayPass Personalization Data Specifications

Related Publications

The following publications contain information directly related to this document or are referenced by it.

Reference Document

[PPMAG] PayPass – Mag Stripe Technical Specifications, Version 3.3 – December 2007

[PPMCHIP4] PayPass – M/Chip 4 Technical Specifications, Version 1.3 – September 2005

[MCHIPPDS] M/Chip Personalization Data Specifications and Profiles for Debit and Credit

[MCHIP410] M/Chip 4 Card Application Specifications for Debit and Credit

[MCHIP411] M/Chip 4 Version 1.1 Card Application Specifications for Debit and Credit

[PPMCFLEX] PayPass – M/Chip Flex Technical Specifications, Version 1.1 – October 2006

Notational Conventions

The following conventions are used throughout the document.

Notation Description

'0' to '9' and 'A' to 'F' Hexadecimal notation. Values expressed in hexadecimal form are enclosed in single quotes (i.e. '_').

"abcd" an or ans string

[…] Optional part

xx Undefined value

Application Control[2][4] For multi-byte data elements, a byte index and a bit index are used under brackets. This example references the fourth bit of the second byte of the Application Control data element.

Using this ManualAbbreviations

© 2008 MasterCard Version 1.3 – May 2008 PayPass Personalization Data Specifications ix

Abbreviations Abbreviation Meaning

AC Application Cryptogram

AFL Application File Locator

AID Application Identifier

AIP Application Interchange Profile

ARQC Authorization Request Cryptogram

ATC Application Transaction Counter

C Conditional

CAT3 Level 3 Cardholder Activated Terminal

CDA Combined DDA/AC Generation

CDOL Card Risk Management Data Element List

CVC Card Validation Code

CVM Cardholder Verification Method

DDA Dynamic Data Authentication

EMV Europay, MasterCard, VISA

EMV CSK EMV Common Session Key derivation

M Mandatory

NATCTRACK1 Track 1 Number of ATC Digits

NATCTRACK2 Track 2 Number of ATC Digits

NCA Length of the Certification Authority Public Key Modulus

NI Length of the Issuer Public Key Modulus

NIC Length of the ICC Public Key Modulus

nUN Number of positions in the discretionary data of Track 1 Data and Track 2 Data for transporting UN

O Optional

PCVC3TRACK1 Track 1 Bit Map for CVC3

PCVC3TRACK2 Track 2 Bit Map for CVC3

PICC Proximity Integrated Circuit Card

PAN Primary Account Number

PIN Personal Identification Number

PPSE Proximity Payment System Environment

PUNATCTRACK1 Track 1 Bit Map for UN and ATC

PUNATCTRACK2 Track 2 Bit Map for UN and ATC

Using this Manual Document Overview

Version 1.3 – May 2008 © 2008 MasterCard x PayPass Personalization Data Specifications

Abbreviation Meaning

PVV PIN Verification Value

SFI Short File Identifier

TC Transaction Certificate

UN Unpredictable Number

Document Overview This document is organized in five chapters. Each section provides the complete set of personalization data to configure the indicated application according to either MasterCard or Maestro product rules.

Chapter

1 MasterCard PayPass – Mag Stripe Personalization Data

2 MasterCard PayPass – M/Chip Flex Personalization Data

3 Maestro PayPass – M/Chip Flex Personalization Data

4 MasterCard PayPass – M/Chip 4 Personalization Data

5 Maestro PayPass – M/Chip 4 Personalization Data

Revision History

Version Description

V1.2 • Table 2.3: Corrected reference for CVM List (See Section 2.3.3 instead of See Section 2.3.2).

• Table 2.15 and Table 4.16: Corrected definition of Skip CIAC – Default on CAT3 ("0: Do not skip, 1: Skip" instead of "0: Skip, 1: Do not skip").

• Indicated presence (Mandatory, Conditional or Optional) for data elements residing in the FCI and records.

• Added values for Application Usage Control. • Value of cardholder name in Track 1 Data changed to " /" (instead of

"SUPPLIED/NOT"). • Added note regarding the signing of Track 2 Equivalent Data to Table 4.3.

V1.3 • Various editorial corrections made. • Added notes regarding consistency of Track 2 Equivalent Data contents. • Modified default CDOL 2 value for PayPass – M/Chip Flex profiles. • Added notes regarding Static CVC3 setting in Maestro profiles.

MasterCard PayPass – Mag Stripe Personalization DataData Elements for Application Selection

© 2008 MasterCard Version 1.3 – May 2008 PayPass Personalization Data Specifications 1

1 MasterCard PayPass – Mag Stripe Personalization Data This chapter includes the personalization values for a PayPass – Mag Stripe card or device supporting the MasterCard brand.

1.1 Data Elements for Application Selection

Table 1.1—Application Selection

Data Element Name Tag MasterCard Recommended Value

AID '4F' 'A0000000041010'

DF Name '84' Must match value of AID

Application Label '50' "MasterCard" or "MASTERCARD"

Note a Dependent on the implementation, data elements for application selection may already be personalized during pre-personalization. In this case, the AID and Application Label must be specified when ordering the PayPass card or device.

Note b Other optional data elements of the FCI (Application Priority Indicator, Language Preference, PDOL, Issuer Code Table Index, Application Preferred Name and FCI Issuer Discretionary Data) are not used by the PayPass – Mag Stripe card or device.

MasterCard PayPass – Mag Stripe Personalization Data Data Elements Referenced in the AFL (DGI '0101')

Version 1.3 – May 2008 © 2008 MasterCard 2 PayPass Personalization Data Specifications

1.2 Data Elements Referenced in the AFL (DGI '0101')

Table 1.2—Persistent Data Elements in Record 1, SFI 1


Presence

Mag Stripe Application Version Number '9F6C' '0001' M

PCVC3TRACK1 '9F62' Determined by issuer (See notes c and d below)

M

PUNATCTRACK1 '9F63' Determined by issuer (See notes c and e below)

M

Track 1 Data '56' Determined by issuer (See notes a and b below)

M

NATCTRACK1 '9F64' Determined by issuer (See notes e and f below)

M


M


M

Track 2 Data '9F6B' Determined by issuer (See note b below)

M


M

PayPass Third Party Data '9F6E' Determined by issuer (See note g below)

O

Note a The storage of the cardholder name in the Track 1 Data is prohibited by MasterCard. It is therefore recommended to use a space character followed by the surname separator (i.e. " /").

Note b The placeholders for the dynamic data in the discretionary data (i.e. at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN) should be filled with zeroes. The least significant position of the discretionary data is used by the PayPass reader to store nUN and must not be used for any other purpose. If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification and if the PAN Sequence Number is present in the discretionary data and if the PAN Sequence Number is used for the derivation of KDCVC3, then the length of the PAN Sequence Number must be maximum 1 significant digit.

Note c The bit map must only have non-zero bits that refer to available positions in the discretionary data field of the corresponding Track Data. The least significant bit of the bit map must be set to zero.

Note d The number of non-zero bits in the bit map must be greater than or equal to 3.

MasterCard PayPass – Mag Stripe Personalization DataData Elements for CVC3 Generation (DGI 'A001')


Note e The number of non-zero bits in PUNATCTRACK1 minus the value of NATCTRACK1 must be greater than or equal to zero, less than or equal to 8 and equal to the number of non-zero bits in PUNATCTRACK2 minus the value of NATCTRACK2.

Note f If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then the value of NATCTRACK1 and the value of NATCTRACK2 must be greater than or equal to 3 for the CVC3 Validation in Stand-in Service or greater than or equal to 2 for the Dynamic CVC3 Pre-validation Service or the PayPass Mapping Service (processing only option).

Note g Optional data element containing proprietary non-payment information (e.g. loyalty information).

1.3 Data Elements for CVC3 Generation (DGI 'A001')

Table 1.3—Persistent Data Elements for CVC3 Generation

Data Element Tag MasterCard Recommended Value

IVCVC3TRACK1

'DC' Determined by issuer (See note below)

IVCVC3TRACK2

'DD' Determined by issuer (See note below)

Note It is strongly recommended to use for IVCVC3TRACK1 the two least significant bytes of the result of a MAC over the Track 1 Data as stored in Record 1, SFI 1. In the same way IVCVC3TRACK2 should be the two least significant bytes of the result of a MAC calculated over the Track 2 Data as stored in Record 1, SFI 1. If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then for IVCVC3 generation the placeholders for the dynamic data in the discretionary data of Track 1 Data and Track 2 Data (i.e. at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN) must be filled with zeroes.

1.4 Secret Key (DGI 'A002')

Table 1.4—KDCVC3


KDCVC3 – Determined by issuer

MasterCard PayPass – Mag Stripe Personalization Data Secret Key (DGI 'A002')


MasterCard PayPass – M/Chip Flex Personalization DataContact Profiles


2 MasterCard PayPass – M/Chip Flex Personalization Data

2.1 Contact Profiles For information on personalization data specific to the contact co-application, refer to [MCHIPPDS]. One of the following contact profiles must be used together with the PayPass – M/Chip Flex personalization data listed in this chapter:

• Full Chip MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM

• Full Chip MasterCard, Supports Online PIN, Signature and No CVM

• Magstripe Grade MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM

• Magstripe Grade MasterCard, Supports Online PIN, Signature and No CVM




Presence

AID '4F' 'A0000000041010' M

DF Name '84' Must match value of AID M


O

Application Priority Indicator '87' Determined by issuer O

Language Preference '5F2D' Determined by issuer O

Issuer Code Table Index '9F11' Determined by issuer O

Application Preferred Name '9F12' Determined by issuer O

FCI Issuer Discretionary Data 'BF0C' Determined by issuer O

MasterCard PayPass – M/Chip Flex Personalization Data Data Elements Referenced in the AFL


2.3 Data Elements Referenced in the AFL

2.3.1 Recommended File Structure

If one of the recommended PayPass values for the AFL (see Table 2.13) is used, then the data elements returned by the card during the read application data process must be organized as shown in this section (i.e. each data element must be included in the record as specified below).

If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in this section, then the recommended PayPass values for the AFL must not be used.

2.3.1.1 SFI 1

SFI 1 contains the data objects for PayPass – Mag Stripe transactions. The PayPass – Mag Stripe data objects must always be included in Record 1 of SFI 1. Record 1 must be the only record included in SFI 1. This applies also if the value of the AFL is different from one of the recommended PayPass values listed in Table 2.13.

Table 2.2—Record 1, SFI 1


Presence



M


M


M


M


M


M


M


M


MasterCard PayPass – M/Chip Flex Personalization DataData Elements Referenced in the AFL







2.3.1.2 SFI 2



Presence

Track 2 Equivalent Data '57' Determined by issuer (See notes a and c below)

M

Application Primary Account Number '5A' Determined by issuer (See note c below)

M

Application Expiration Date '5F24' Determined by issuer (See note c below)

M

Application Effective Date '5F25' Determined by issuer O

Issuer Country Code '5F28' Determined by issuer M

Application PAN Sequence Number '5F34' Determined by issuer M

CDOL 1 '8C' '9F02069F03069F1A0295055F2A029A039C019F37049F35019F4502'

M

CDOL 2 '8D' '9F3704' M

CVM List '8E' See Section 2.3.3 M




Presence

Application Usage Control '9F07' See Table 2.11 M

Application Version Number '9F08' '0002' M

Issuer Action Code – Default '9F0D' See Table 2.12 M

Issuer Action Code – Denial '9F0E' See Table 2.12 M

Issuer Action Code – Online '9F0F' See Table 2.12 M

Application Currency Code '9F42' Determined by issuer (See note b below)

C

SDA Tag List '9F4A' '82' M

Note a The CVC1 in the Track 2 Equivalent Data must differ from the CVC1 in the track 2 data on the magnetic stripe, except if the issuer wants to make use of the OBS chip to magnetic stripe conversion service in which case the same value must be used.

Note b This data object must be present if the CVM List contains a condition code value of '06', '07', '08' or '09'.

Note c The contents of the Track 2 Equivalent Data (Tag '57') must be consistent with the PAN (Tag '5A') and Expiration Date (Tag '5F24') data elements.

2.3.1.3 SFI 3



Presence

Certification Authority Public Key Index '8F' Determined by issuer M

Issuer Public Key Exponent '9F32' Determined by issuer M

Issuer Public Key Remainder '92' Determined by issuer (See note below)

C

Issuer Public Key Certificate '90' Determined by issuer M

Note The Issuer Public Key Remainder is present if NI > (NCA – 36).





Presence

Signed Static Application Data '93' Determined by issuer (See note below)

M

Note If SDA is not supported (AIP[1][7] = 0), then the value of the Signed Static Application Data must be set to 'FF'.

2.3.1.4 SFI 4

This file is only present when CDA is supported (AIP[1][1] = 1).



Presence

ICC Public Key Exponent '9F47' Determined by issuer M

ICC Public Key Remainder '9F48' Determined by issuer (See note below)

C

Note The ICC Public Key Remainder is present if NIC > (NI – 42).



Presence

ICC Public Key Certificate '9F46' Determined by issuer M

2.3.2 Data Elements that Must Not Be Included

Table 2.8 lists the data elements that must not be included in the records referenced in the AFL.

Table 2.8—Data Elements that Must Not Be Included

Data Element Name Tag

Cardholder Name '5F20'



2.3.3 CVM List

Table 2.9—CVM List MasterCard PayPass (Option 1)

CVM Bit 7 of byte 1 if CVM not successful

Byte 1 setting

Byte 2 setting

Meaning of Byte 2

Signature Apply next '5E' '03' If supported

Online PIN Apply next '42' '03' If supported

No CVM Fail '1F' '03' If supported



Byte 1 setting

Byte 2 setting

Meaning of Byte 2




2.3.4 Application Usage Control

Table 2.11—Application Usage Control

Byte Bit Meaning Setting

1 8 Valid for domestic cash transactions 0/1

7 Valid for international cash transactions 0/1

6 Valid for domestic goods 0/1

5 Valid for international goods 1

4 Valid for domestic services 0/1

3 Valid for international services 1

2 Valid at ATMs 0/1

1 Valid at terminals other than ATMs 1

2 8 Domestic cashback allowed 0

7 International cashback allowed 0

6-1 RFU 000000



2.3.5 Issuer Action Codes

Table 2.12—Issuer Action Codes

Byte Bit Meaning Denial Online Default

1 8 Data authentication was not performed 0 1 1

7 Offline static data authentication failed 0 1 1

6 ICC data missing 0 1 1

5 Card appears on terminal exception file 0 1 1

4 Offline dynamic data authentication failed 0 0 0

3 Combined DDA/AC Generation failed If CDA is supported (AIP[1][1] = 1) If CDA is not supported (AIP[1][1] = 0)

1 0

0 0

0 0

2-1 RFU 00 00 00

2 8 Chip card and terminal have different application versions

0 0 0

7 Expired application 0 1 1

6 Application not yet effective 0 1 0

5 Requested service not allowed for card product 0 1 1

4 New card 0 0 0

3-1 RFU 000 000 000

3 8 Cardholder verification was not successful 0 1 1

7 Unrecognized CVM 0 0 0

6 PIN Try Limit Exceeded 0 0 0

5 PIN entry required but PIN pad not present/working

0 0 0

4 PIN entry required, PIN pad present but PIN not entered

0 1 1

3 Online PIN entered 0 1 1

2-1 RFU 00 00 00

4 8 Transaction exceeds floor limit 0 1 0

7 Lower Consecutive Offline Limit exceeded 0 0 0

6 Upper Consecutive Offline Limit exceeded 0 0 0

5 Transaction selected randomly for online processing

0 0 0

4 Merchant forced transaction online 0 0 0

3-1 RFU 000 000 000

MasterCard PayPass – M/Chip Flex Personalization Data Get Processing Options Response



5 8 Default TDOL used 0 0 0

7 Issuer Authentication was unsuccessful 0 0 0

6 Script processing failed before final GENERATE AC

0 0 0

5 Script processing failed after final GENERATE AC 0 0 0

4-1 RFU 0000 0000 0000

2.4 Get Processing Options Response

Table 2.13—Persistent Data Elements for the GPO Response


AFL '94' '080101001001010118010200' for application supporting SDA '08010100100101011801020020010200' for application supporting CDA (See note below)

AIP '82' See Table 2.14

Note If the recommended values are used, then the data elements referenced in the files included in the AFL must be organized as specified in Section 2.3. If for any reason another organization is required, then the above recommended values must not be used. However the first four bytes must always be equal to '08010100'.

Table 2.14—AIP

Byte Bit Meaning Value

1 8 RFU 0

7 Offline static data authentication is supported 0: SDA not supported (See note below) 1: SDA supported

0/1

6 Offline dynamic data authentication is supported 0

5 Cardholder verification supported 1

4 Terminal risk management to be performed 1

3 Issuer authentication data supported 0

2 RFU 0

1 Combined DDA/AC Generation supported 0: CDA not supported 1: CDA supported

0/1

MasterCard PayPass – M/Chip Flex Personalization DataCard Risk Management



2 8 M/Chip profile is supported 1

7-1 RFU 0000000

Note 0 is only allowed if CDA is supported (AIP[1][1] = 1).

2.5 Card Risk Management

Table 2.15—Persistent Data Elements for Card Risk Management


Lower Consecutive Offline Limit '9F14' Determined by issuer (See note a below)

Upper Consecutive Offline Limit '9F23' Determined by issuer

Lower Cumulative Offline Transaction Amount

'CA' Determined by issuer (See note a below)

Upper Cumulative Offline Transaction Amount

'CB' Determined by issuer

Card Issuer Action Code – Decline 'C3' See Table 2.17

Card Issuer Action Code – Default 'C4' See Table 2.17

Card Issuer Action Code – Online 'C5' See Table 2.17

CDOL1 Related Data Length 'C7' '20'

CRM Country Code 'C8' Same value as Issuer Country Code

CRM Currency Code 'C9' Same value as Application Currency Code

Currency Conversion Table 'D1' Determined by issuer (See note b below)

Additional Check Table 'D3' Not used. Personalized with hexadecimal zeroes.

Application Control 'D5' See Table 2.16

Note a When the Cumulative Offline Transaction Amount exceeds the Lower Cumulative Offline Transaction Amount or the Consecutive Offline Transactions Number exceeds the Lower Consecutive Offline Limit, the PayPass – M/Chip Flex application will modify bit 2 of the PayPass Options Indicator in order to force the co-application to go online at the next transaction. The issuer should therefore pay special attention to the values of these limits at personalization.

Note b In order to disable currency conversion, it is recommended that the currency code in each entry in the Currency Conversion Table be set to the same value as the CRM Currency Code.

MasterCard PayPass – M/Chip Flex Personalization Data Card Risk Management


Table 2.16—Application Control


1 8 Magstripe grade issuer (Not used) 0

7 Skip CIAC – Default on CAT3 0: Do not skip CIAC – Default 1: Skip CIAC – Default

0/1

6 Offline only 0

5 Key for offline encrypted PIN 0

4 Offline encrypted PIN verification 0

3 Offline plaintext PIN verification 0

2 Session key derivation (Not used) 0

1 Encrypt offline counters (Not used) 0

2 8-5 RFU 0000

4 Always add to Consecutive Transactions Number 0

3 Activate Additional Check Table 0

2 Retrieval of balance 0

1 Include counters in AC (Not used) 0

3 8 Static CVC3 (Not used) 0

7 Include ATC in CVC3 generation 1

6-1 RFU 000000

MasterCard PayPass – M/Chip Flex Personalization DataCard Risk Management


Table 2.17—Card Issuer Action Codes

Byte Bit Meaning Decline Online Default

1 8 RFU 0 0 0

7 Unable To Go Online Indicated 0 0 0

6 Offline PIN Verification Not Performed 0 0 0

5 Offline PIN Verification Failed 0 0 0


3 International Transaction 0 0 0

2 Domestic Transaction 0 0 0

1 Terminal Erroneously Considers Offline PIN OK 0 0 0

2 8 Lower Consecutive Offline Limit Exceeded 0 0 0

7 Upper Consecutive Offline Limit Exceeded 0 1 1

6 Lower Cumulative Offline Limit Exceeded 0 0 0

5 Upper Cumulative Offline Limit Exceeded 0 1 1

4 Go Online On Next Transaction Was Set 0 0 0

3 Issuer Authentication Failed 0 0 0

2 Script Received 0 0 0

1 Script Failed 0 0 0

3 8-3 RFU 000000 000000 000000

2 Match Found In Additional Check Table 0 0 0

1 No Match Found In Additional Check Table 0 0 0

MasterCard PayPass – M/Chip Flex Personalization Data Secret Keys


2.6 Secret Keys The Triple DES keys listed in Table 2.18 are derived from their corresponding issuer master keys using a unique identifier from the card such as the PAN, and so are often referred to as "diversified keys".

Table 2.18—Triple DES Keys


ICC Dynamic Number Master Key (MKIDN) – Determined by issuer

ICC Derived Key for CVC3 Generation (KDCVC3)

– Determined by issuer

AC Master Key (MKAC) – Determined by issuer

Table 2.19—Session Key Counter Limits


AC Session Key Counter Limit – 'FFFF'

Table 2.20—RSA Keys


Length of ICC Public Key Modulus) – Determined by issuer

ICC Private Key – Determined by issuer

MasterCard PayPass – M/Chip Flex Personalization DataMiscellaneous


2.7 Miscellaneous

Table 2.21—Miscellaneous Persistent Data Elements


Key Derivation Index – Determined by issuer

Application Life Cycle Data '9F7E' Depending on the possible separation between the loading of the application code and the personalization data on the hardware, only part of the Application Life Cycle Data may be personalized.

Co-application Indicator 'DE' '00': M/Chip Lite 2.1 '01': M/Chip Select 2.05 '02': UKIS-compliant application '03': CCD-compliant application

Static CVC3TRACK1 'DA' '0000'

Static CVC3TRACK2 'DB' '0000'

IVCVC3TRACK1 'DC' Determined by issuer (See note below)

IVCVC3TRACK2 'DD' Determined by issuer (See note below)


MasterCard PayPass – M/Chip Flex Personalization Data Counter Limits and Previous Transaction


2.8 Counter Limits and Previous Transaction

Table 2.22—Persistent Data Elements for Counters and Previous Transactions


Application Transaction Counter Limit – 'FFFF'

Previous Transaction History – '00'

2.9 Data Elements with a Fixed Initial Value

Table 2.23—Data Elements with a Fixed Initial Value


Cumulative Offline Transaction Amount – '000000000000'

Consecutive Offline Transactions Number – '00'

Application Transaction Counter '9F36' '0000'

AC Session Key Counter – '0000'

Maestro PayPass – M/Chip Flex Personalization DataContact Profiles


3 Maestro PayPass – M/Chip Flex Personalization Data

3.1 Contact Profiles For information on personalization data specific to the contact co-application, refer to [MCHIPPDS]. The following contact profile must be used together with the PayPass – M/Chip Flex personalization data listed in this chapter:

• Full Chip Maestro, Supports Offline PIN and Online PIN

3.2 Maestro PayPass Profiles Maestro PayPass may be implemented by one of the following profiles:

• Online profile Maestro PayPass transactions are completed online, except those on offline-only terminals: − The PayPass – M/Chip Flex application always returns an ARQC in response to a

GENERATE ARQC command. − The PayPass – M/Chip Flex application always returns an ARQC in response to a

GENERATE TC command on an online capable terminal. − The PayPass – M/Chip Flex application returns a TC or AAC in response to a

GENERATE TC command on an offline-only terminal.

• Offline profile Maestro PayPass transactions are completed offline as long as the Upper Cumulative Offline Transaction Amount or Upper Consecutive Offline Limit are not exceeded. − The PayPass – M/Chip Flex application always returns an ARQC in response to a

GENERATE ARQC command. − The PayPass – M/Chip Flex application returns a TC or ARQC in response to a

GENERATE TC command on an online capable terminal. − The PayPass – M/Chip Flex application returns a TC or AAC in response to a


In the following sections, unless explicitly stated, personalization values are common for both profiles.

Maestro PayPass – M/Chip Flex Personalization Data Data Elements for Application Selection





Presence

AID '4F' 'A0000000043060' M


Application Label '50' "Maestro" or "MAESTRO" O






3.4 Data Elements Referenced in the AFL


If the recommended value for the AFL (see Table 3.12) is used, then the data elements returned by the card during the read application data process must be organized as shown in this section (i.e. each data element must be included in the record as specified below).

If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in this section, then the recommended PayPass value for the AFL must not be used.

3.4.1.1 SFI 1

SFI 1 contains the data objects for PayPass – Mag Stripe transactions. The PayPass – Mag Stripe profile is not supported for Maestro PayPass. If the recommended value for the AFL is used, then the value 'FFFF' for the Mag Stripe Application Version Number must be included in Record 1 of SFI 1. It is not necessary to include the Mag Stripe Application Version Number if the recommended value for the AFL is not used.



Presence

Mag Stripe Application Version Number '9F6C' 'FFFF' M

Maestro PayPass – M/Chip Flex Personalization DataData Elements Referenced in the AFL


3.4.1.2 SFI 2



Presence


M


M


M




CDOL 1 '8C' '9F02069F03069F1A0295055F2A029A039C019F37049F35019F4502'

M

CDOL 2 '8D' '9F3704' M

CVM List '8E' See Table 3.9 M







C





Maestro PayPass – M/Chip Flex Personalization Data Data Elements Referenced in the AFL


3.4.1.3 SFI 3



Presence




C





Presence

Signed Static Application Data '93' 'FF' M

3.4.1.4 SFI 4



Presence



C




Presence


Maestro PayPass – M/Chip Flex Personalization DataData Elements Referenced in the AFL


3.4.2 Data Elements that Must Not be Included

Table 3.8 lists the data elements that must not be included in the records referenced in the AFL.

Table 3.8—Data Elements that Must Not be Included



3.4.3 CVM List

This section describes the personalization value of the CVM List.

Table 3.9—CVM List Maestro PayPass


Byte 1 setting

Byte 2 setting

Meaning of Byte 2











2 Valid at ATMs 0/1




6-1 RFU 000000

Maestro PayPass – M/Chip Flex Personalization Data Data Elements Referenced in the AFL



Table 3.11 describes the personalization values for the Issuer Action Codes.








3 Combined DDA/AC Generation failed 1 0 0

2-1 RFU 00 00 00


0 0 0

7 Expired Application 0 1 1



4 New card 0 0 0

3-1 RFU 000 000 000



6 PIN Try Limit exceeded 0 0 0


0 0 0


0 0 0


2-1 RFU 0 0 0





0 0 0


3-1 RFU 000 000 000

Maestro PayPass – M/Chip Flex Personalization DataGet Processing Options Response





6 Script processing failed before final Generate AC 0 0 0

5 Script processing failed after final Generate AC 0 0 0

4-1 RFU 0000 0000 0000


Table 3.12—Data Elements for the GPO Response


AFL '94' '08010100100101011801020020010200' (See note below)

AIP '82' See Table 3.13

Note If the recommended value is used, then the data elements referenced in the files included in the AFL must be organized as specified in Section 3.4. If for any reason another organization is required, then the above recommended value must not be used.

Table 3.13—AIP


1 8 RFU 0

7 Offline static data authentication is supported 0





2 RFU 0

1 Combined DDA/AC Generation supported 1


7-1 RFU 0000000

Maestro PayPass – M/Chip Flex Personalization Data Card Risk Management



Table 3.14—Data Elements for Card Risk Management








Card Issuer Action Code – Decline 'C3' See Table 3.16 and Table 3.17

Card Issuer Action Code – Default 'C4' See Table 3.16 and Table 3.17

Card Issuer Action Code – Online 'C5' See Table 3.16 and Table 3.17

CDOL1 Related Data Length 'C7' '20'



Currency Conversion Table 'D1' Determined by issuer (See note b below)

Additional Check Data 'D3' Not used. Personalized with hexadecimal zeroes

Application Control 'D5' See Table 3.15

Note a When the Cumulative Offline Transaction Amount exceeds the Lower Cumulative Offline Transaction Amount or the Consecutive Offline Transactions Number exceeds the Lower Consecutive Offline Limit, the PayPass – M/Chip Flex application will modify bit 2 of the PayPass Options Indicator in order to force the co-application to go online at the next transaction. The issuer should therefore pay special attention to the values of these limits at personalization.

Note b In order to disable currency conversion, it is recommended that the currency code in each entry in the Currency Conversion Table be set to the same value as the CRM Currency Code.

Maestro PayPass – M/Chip Flex Personalization DataCard Risk Management


Table 3.15—Application Control



7 Skip CIAC – Default on CAT3 0

6 Offline only 0




2 Session key derivation (Not used) 0

1 Encrypt offline counters (Not used) 0

2 8-5 RFU 0000

4 Always add to Consecutive Transactions Number 0


2 Allow retrieval of balance 0/1

1 Include counters in AC (Not used) 0

3 8 Static CVC3 (See note below) 1


6-1 RFU 000000

Note For security reasons, it is recommended to set bit 8 of byte 3 to 1.

Maestro PayPass – M/Chip Flex Personalization Data Card Risk Management


Table 3.16 describes the personalization values for the Card Action Codes when the online profile is used.

Table 3.16—Card Issuer Action Code for Maestro PayPass (Online Profile)


1 8 RFU 0 0 0





3 International Transaction (See note below)

0 1 0

2 Domestic Transaction (See note below)

0 1 0










3 8-3 RFU 000000 000000 000000



Note The setting of the 'International Transaction' and 'Domestic Transaction' bits to '0 1 0' results in online contactless transactions on online capable terminals. With this setting, the PayPass – M/Chip Flex application will always generate an ARQC on an online-capable terminal in response to a GENERATE TC or ARQC command.

Maestro PayPass – M/Chip Flex Personalization DataCard Risk Management


Table 3.17 describes the personalization values for the Card Action Codes when the offline profile is used.

Table 3.17—Card Issuer Action Code for Maestro PayPass (Offline Profile)


1 8 RFU 0 0 0
















3 8-3 RFU 000000 000000 000000



Maestro PayPass – M/Chip Flex Personalization Data Secret Keys





ICC Dynamic Number Master Key (MKIDN) – Determined by issuer


– Not used. Personalized with hexadecimal zeroes.


Table 3.19—Session Key Counter Limits


AC Session Key Counter Limit – 'FFFF'



Length of ICC Public Key Modulus) – Determined by issuer


Maestro PayPass – M/Chip Flex Personalization DataMiscellaneous


3.8 Miscellaneous





Co-application Indicator 'DE' '00': M/Chip Lite 2.1 '01': M/Chip Select 2.05 '02': UKIS-compliant application '03': CCD-compliant application



IVCVC3TRACK1 'DC' '0000'

IVCVC3TRACK2 'DD' '0000'

3.9 Counter Limits and Previous Transaction

Table 3.22—Persistent Data Elements for Counters and Previous Transactions

Data Element Name Tag Tag




Table 3.23—Data Elements with a Fixed Initial Value

Data Element Name Tag Tag





Maestro PayPass – M/Chip Flex Personalization Data Data Elements with a Fixed Initial Value


MasterCard PayPass – M/Chip 4 Personalization DataContact Profiles


4 MasterCard PayPass – M/Chip 4 Personalization Data PayPass – M/Chip 4 is a dual-interface application. Unless otherwise stated, this chapter gives only the personalization data for the contactless interface. Where possible, data elements listed may be shared between the contact and contactless interfaces.

4.1 Contact Profiles For information on personalization data specific to the contact interface, refer to [MCHIPPDS]. One of the following contact profiles must be used together with the contactless data listed in this chapter:

• Full Chip MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM

• Full Chip MasterCard, Supports Online PIN, Signature and No CVM

• Magstripe Grade MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM

• Magstripe Grade MasterCard, Supports Online PIN, Signature and No CVM

MasterCard PayPass – M/Chip 4 Personalization Data Data Elements for Application Selection


4.2 Data Elements for Application Selection The following table lists the persistent data elements for application selection. All data elements listed are shared between the contactless and contact interface and need to be personalized only once with a value common for both interfaces.

Table 4.1—Persistent Data Elements for Application Selection


Presence

AID '4F' 'A0000000041010' M



O






MasterCard PayPass – M/Chip 4 Personalization DataData Elements Referenced in the AFL (PayPass)


4.3 Data Elements Referenced in the AFL (PayPass)


If one of the recommended values for the AFL (PayPass) (see Table 4.14) is used, then the data elements returned by the card during the read application data process must be organized as shown in this section (i.e. each data element must be included in the record as specified below).

If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in this section, then the recommended PayPass values for the AFL (PayPass) must not be used.

In either case, some records may be shared between the contact and contactless interface.

4.3.1.1 SFI 1

SFI 1 contains the data objects for PayPass – Mag Stripe transactions. The PayPass – Mag Stripe data objects must always be included in Record 1 of SFI 1. This applies also if the value of the AFL (PayPass) is different from one of the recommended PayPass values in Table 4.14. The first four bytes of the AFL (PayPass) must always be equal to '08010100'.



Presence



M


M


M


M


M


M


M


M

MasterCard PayPass – M/Chip 4 Personalization Data Data Elements Referenced in the AFL (PayPass)








4.3.1.2 SFI 2



Presence

Track-2 Equivalent Data '57' Determined by issuer (See notes a, b and d below)

M

Application Primary Account Number '5A' Determined by issuer (See note d below)

M

Application Expiration Date '5F24' Determined by issuer (See note d below)

M







Presence

CDOL 1 '8C' PayPass – M/Chip Select 4: '9F02069F03069F1A0295055F2A029A039C019F37049F35019F45029F4C089F3403' PayPass – M/Chip Lite 4: '9F02069F03069F1A0295055F2A029A039C019F37049F35019F45029F3403'

M

CDOL 2 '8D' PayPass – M/Chip Select 4: '910A8A0295059F37049F4C08' PayPass – M/Chip Lite 4: '910A8A029505'

M

CVM List '8E' See Section 4.3.3 M






Application Currency Code '9F42' Determined by issuer (See note c below)

C


Note a An issuer who supports online PIN change using the PVV on the Track 2 Equivalent Data must not include the Track 2 Equivalent Data in a record used as input for static data authentication. In this case, the recommended AFL cannot be used.

Note b The CVC1 in the Track 2 Equivalent Data must differ from the CVC1 in the track 2 data on the magnetic stripe, except if the issuer wants to make use of the OBS chip to magnetic stripe conversion service in which case the same value must be used.

Note c This data object must be present if the CVM List contains a condition code value of '06', '07', '08' or '09'.

Note d The contents of the Track 2 Equivalent Data (Tag '57') must be consistent with the PAN (Tag '5A') and Expiration Date (Tag '5F24') data elements.



4.3.1.3 SFI 3



Presence




C





Presence

Signed Static Application Data '93' Determined by issuer (See note below)

M

Note If SDA is not supported over the contactless interface (AIP(PayPass)[1][7] = 0) and if Record 2, SFI 3 is not shared with the contact interface, then the value of the Signed Static Application Data must be set to 'FF'. If SDA is not supported over the contactless interface (AIP(PayPass)[1][7] = 0) and if Record 2, SFI 3 is shared with the contact interface, then it may contain any data elements for the contact interface.

4.3.1.4 SFI 4

SFI 4 is only present when CDA is supported (AIP (PayPass)[1][7] = 1).



Presence



C






Presence



Table 4.8 lists the data elements that must not be included in the records referenced in the AFL(PayPass).




4.3.3 CVM List

This section describes the personalization values of the CVM List for the contactless interface.



Byte 1 setting

Byte 2 setting

Meaning of Byte 2




Table 4.10—CVM List for MasterCard PayPass (Option 2)


Byte 1 setting

Byte 2 setting

Meaning of Byte 2















2 Valid at ATMs 0/1




6-1 RFU 000000


This section describes the personalization values of the Issuer Action Codes for the contactless interface.








3 Combined DDA/AC Generation failed CDA supported (AIP(PayPass)[1][1] = 1) CDA not supported (AIP(PayPass)[1][1] = 0)

1 0

0 0

0 0

2-1 RFU 00 00 00





0 0 0

7 Expired application 0 1 1



4 New card 0 0 0

3-1 RFU 000 000 000





0 0 0


0 1 1


2-1 RFU 00 00 00





0 0 0


3-1 RFU 000 000 000





4-1 RFU 0000 0000 0000

MasterCard PayPass – M/Chip 4 Personalization Data Data Elements Referenced in the AFL (Contact)


4.4 Data Elements Referenced in the AFL (Contact) There are no recommended values for the AFL (Contact). The organization of the data elements included in the files referenced in the AFL (Contact) are organized as determined by the issuer.

Some records may be shared between the contact and contactless interfaces, regardless of the file organization indicated by the AFL (PayPass). This section addresses data elements referenced in the AFL (Contact) that must have the same value for both interfaces (and thus may be shared).

Note This section does not contain a complete list of all data elements referenced in the AFL (Contact).

Table 4.13 lists the data elements that must have the same value for both interfaces. These data elements may be included in records shared by both interfaces.

Table 4.13—Data Elements that Must Have the Same Value


Application Primary Account Number '5A'

Application PAN Sequence Number '5F34'

CDOL 1 '8C'

CDOL 2 '8D'

ICC Public Key Exponent (if present) '9F47'

ICC Public Key Remainder (if present) '9F48'

MasterCard PayPass – M/Chip 4 Personalization DataGet Processing Options Response



Table 4.14—Persistent Data Elements for Get Processing Options Response


AFL (PayPass) 'D9' '080101001001010118010200' for application supporting SDA '08010100100101011801020020010200' for application supporting CDA. (See note below)

AIP (PayPass) 'D8' See Table 4.15

Note If the recommended values are used, then the data elements referenced in the files included in the AFL (PayPass) must be organized as specified in Section 4.3. If for any reason a different organization is required, then the above recommended values must not be used. However the first four bytes must always be equal to '08010100'.

Table 4.15—AIP (PayPass)


1 8 RFU 0

7 Offline static data authentication is supported 0: SDA not supported (See note a below) 1: SDA supported

0/1





2 RFU 0

1 Combined DDA/AC Generation supported (See note b below) 0: CDA not supported 1: CDA supported

0/1


7-1 RFU 0

Note a 0 is only allowed if CDA is supported (AIP[1][1] = 1).

Note b For PayPass – M/Chip Lite 4, the only allowed value is 0.

MasterCard PayPass – M/Chip 4 Personalization Data Card Risk Management


4.6 Card Risk Management Unless otherwise indicated, card risk management data elements are shared between the contact and contactless interface and must be configured in the same way as for the M/Chip 4 application.



Lower Consecutive Offline Limit '9F14' Determined by issuer



'CA' Determined by issuer



Application Control (PayPass) 'D7' See Table 4.17

Card Issuer Action Code (PayPass) – Decline

'CF' See Table 4.19

Card Issuer Action Code (PayPass) – Default

'CD' See Table 4.19

Card Issuer Action Code (PayPass) – Online

'CE' See Table 4.19

CDOL1 Related Data Length 'C7' PayPass – M/Chip Lite 4: '23' PayPass – M/Chip Select 4: '2B'



Currency Conversion Table 'D1' Determined by issuer (See note below)


Note In order to disable currency conversion, it is recommended that the currency code in each entry in the Currency Conversion Table be set to the same value as the CRM Currency Code.

MasterCard PayPass – M/Chip 4 Personalization DataCard Risk Management


Table 4.17—Application Control (PayPass)



7 Skip CIAC – Default on CAT3 0: Do not skip CIAC (PayPass) – Default 1: Skip CIAC (PayPass) – Default

0/1

6 RFU 0




2 Session key derivation (See note below) 0/1

1 Encrypt offline counters 0/1

2 8-4 RFU 00000


2 Retrieval of balance 0/1

1 Include counters in AC 0/1

3 8 Static CVC3 (Not used) 0


6-1 RFU 000000

Note The definition of bit 2 of byte 1 of Application Control (PayPass) depends on the version of the PayPass – M/Chip 4 application (v1.0, v1.1a, or v1.1b). Refer to Table 4.18 for more information.

Table 4.18—Session Key Derivation Algorithm

Version Application Control[1][2] = 0 Application Control[1][2] = 1

v1.0 MasterCard Proprietary EMV2000

v1.1a MasterCard Proprietary Value not allowed

v1.1b MasterCard Proprietary EMV CSK

MasterCard PayPass – M/Chip 4 Personalization Data Card Risk Management


Table 4.19—Card Issuer Action Codes (PayPass)


1 8 RFU 0 0 0
















3 8-3 RFU 000000 000000 000000



MasterCard PayPass – M/Chip 4 Personalization DataSecret Keys





ICC Dynamic Number Master Key (MKIDN)



SM for Integrity Master Key (MKSMI) – Determined by issuer

SM for Confidentiality Master Key (MKSMC)






Length of ICC Public Key Modulus – Determined by issuer


Length of ICC PIN Encipherment Public Key Modulus


ICC PIN Encipherment Private Key – Determined by issuer

MasterCard PayPass – M/Chip 4 Personalization Data Miscellaneous


4.8 Miscellaneous





Log Format '9F4F' The content of records in the Log of Transactions



IVCVC3TRACK1 'DC' Determined by issuer (See note below)

IVCVC3TRACK2 'DD' Determined by issuer (See note below)


MasterCard PayPass – M/Chip 4 Personalization DataCounters and Previous Transaction


4.9 Counters and Previous Transaction

Table 4.23—Counters and Previous Transaction (M/Chip 4 Version 1.0)




Bad Cryptogram Counter Limit – 'FFFF'

MAC in Script Counter Limit – '0F'

Global MAC in Script Counter Limit – 'FFFFFF'

CFDC_Limit for Integrity Session Key – Determined by issuer

CFDC_Limit for Confidentiality Session Key


CFDC_Limit for AC Session Key – Determined by issuer

Table 4.24—Counters and Previous Transaction (M/Chip 4 Version 1.1.a)







Table 4.25—Counters and Previous Transaction (M/Chip 4 Version 1.1.b)





AC Session Key Counter Limit – '0400'

SMI Session Key Counter Limit – '0400'

MasterCard PayPass – M/Chip 4 Personalization Data Data Elements with a Fixed Initial Value



Table 4.26—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.0)



Consecutive Offline Transactions Number

– '00'

Script Counter '9F5F' '00'

Log of The Current Transaction x (x=1...10 or more)

– '00…00'


Global MAC in Script Counter – '000000'

Bad Cryptogram Counter – '0000'





Table 4.27—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.1.a)






– '00…00'




MasterCard PayPass – M/Chip 4 Personalization DataData Elements with a Fixed Initial Value


Table 4.28—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.1b)






– '00…00'



SMI Session Key Counter – '0000'


Security Limits Status 'DF02" '00'

MasterCard PayPass – M/Chip 4 Personalization Data Data Elements with a Fixed Initial Value


Maestro PayPass – M/Chip 4 Personalization DataContact Profiles


5 Maestro PayPass – M/Chip 4 Personalization Data PayPass – M/Chip 4 is a dual-interface application. Unless otherwise stated, this chapter gives only the personalization data for the contactless interface. Where possible, data elements listed may be shared between the contact and contactless interfaces. The personalization profile given in this section is only applicable for the PayPass – M/Chip Select 4 platform.

5.1 Contact Profiles For information on personalization data specific to the contact interface, refer to [MCHIPPDS]. Unless otherwise indicated, the contact data that must be used together with the contactless data listed in this chapter is in the following profile:

• Full Chip Maestro, Supports Offline PIN and Online PIN

5.2 Maestro PayPass Profiles Maestro PayPass may be implemented by one of the following profiles:

• Online profile Maestro PayPass transactions are completed online, except those on offline-only terminals. The offline counters are shared between Maestro contact and Maestro PayPass transactions. The following summarizes the behaviour for the contactless interface: − The PayPass – M/Chip 4 application always returns an ARQC in response to a

GENERATE ARQC command. − The PayPass – M/Chip 4 application always returns an ARQC in response to a

GENERATE TC command on an online capable terminal. − The PayPass – M/Chip 4 application returns a TC or AAC in response to a


• Offline profile Maestro PayPass transactions are completed offline as long as the Upper Cumulative Offline Transaction Amount or Upper Consecutive Offline Limit is not exceeded. The offline counters are only used for Maestro PayPass transactions. All contact transactions are online (i.e. the card always generates an ARQC). The following summarizes the behaviour for contactless transactions: − The PayPass – M/Chip 4 application always returns an ARQC in response to a

GENERATE ARQC command. − The PayPass – M/Chip 4 application returns a TC or ARQC in response to a

GENERATE TC command on an online capable terminal.

Maestro PayPass – M/Chip 4 Personalization Data Data Elements for Application Selection


− The PayPass – M/Chip 4 application returns a TC or AAC in response to a GENERATE TC command on an offline-only terminal.

In the following sections, unless explicitly stated, personalization values are common for both profiles.




Presence

AID '4F' 'A0000000043060' M


Application Label '50' "Maestro" or "MAESTRO" O






Maestro PayPass – M/Chip 4 Personalization DataData Elements Referenced in the AFL (PayPass)


5.4 Data Elements Referenced in the AFL (PayPass)


If the recommended value for the AFL (PayPass) (see Table 5.14) is used, then the data elements returned by the card during the read application data process must be organized as shown in this section (i.e. each data element must be included in the record as specified below).

If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in this section, then the recommended PayPass value for the AFL (PayPass) must not be used.

In either case, some records may be shared between the contact and contactless interface.

5.4.1.1 SFI 1

SFI 1 contains the data objects for PayPass – Mag Stripe transactions. The PayPass – Mag Stripe profile is not supported for Maestro PayPass. If the recommended value for the AFL (PayPass) is used, then a value of 'FFFF' for the Mag Stripe Application Version Number must be included in Record 1 of SFI 1. It is not necessary to include the Mag Stripe Application Version Number if the recommended value for the AFL (PayPass) is not used.

Table 5.2—Record 1 of SFI 1


Presence

Mag Stripe Application Version Number 9F6C' 'FFFF' M

5.4.1.2 SFI 2



Presence


M


M


M



Maestro PayPass – M/Chip 4 Personalization Data Data Elements Referenced in the AFL (PayPass)



Presence


CDOL1 '8C' PayPass – M/Chip Select 4: '9F02069F03069F1A0295055F2A029A039C019F37049F35019F45029F4C089F3403' PayPass – M/Chip Lite 4: '9F02069F03069F1A0295055F2A029A039C019F37049F35019F45029F3403'

M

CDOL2 '8D' PayPass – M/Chip Select 4: '910A8A0295059F37049F4C08' PayPass – M/Chip Lite 4: '910A8A029505'

M

CVM List '8E' See Table 5.9 M







C







5.4.1.3 SFI 3



Presence




C





Presence

Signed Static Application Data '93' 'FF' M

5.4.1.4 SFI 4



Presence



C




Presence





Table 5.8 lists the data elements that must not be included in the records referenced in the AFL(PayPass).




5.4.3 CVM List

This section describes the personalization values of the CVM List Data Element for the contactless interface.

Table 5.9—CVM List


Byte 1 setting

Byte 2 setting

Meaning of Byte 2











2 Valid at ATMs 0/1




6-1 RFU 000000




Table 5.11 describes the personalization values of the Issuer Action Codes.








3 Combined DDA/AC Generation failed 1 0 0

2-1 RFU 00 00 00


0 0 0

7 Expired Application 0 1 1



4 New card 0 0 0

3-1 RFU 000 000 000





0 0 0


0 0 0


2-1 RFU 0 0 0





0 0 0


3-1 RFU 000 000 000








4-1 RFU 0000 0000 0000

Maestro PayPass – M/Chip 4 Personalization DataData Elements Referenced in the AFL (Contact)


5.5 Data Elements Referenced in the AFL (Contact) There are no recommended values for the AFL (Contact). The organization of the data elements included in the files referenced in the AFL (Contact) are organized as determined by the issuer.

Some records may be shared between the contact and contactless interfaces, regardless of the file organization indicated by the AFL (PayPass) This section addresses data elements referenced in the AFL (Contact) that:

• Must have the same value for both interfaces (and thus may be shared).

• Do not have the same value for both interfaces (and thus must not be shared).

Note This section does not contain a complete list of all data elements referenced in the AFL (Contact).

Table 5.12 lists the data elements that must have the same value for both interfaces. These data elements may be included in records shared by both interfaces.

Table 5.12—Data Elements that Must Have the Same Value


Application Primary Account Number '5A'

Application PAN Sequence Number '5F34'

CDOL 1 '8C'

CDOL 2 '8D'

ICC Public Key Exponent '9F47'

ICC Public Key Remainder '9F48'

Table 5.13 lists the data elements that do not have the same value for both interfaces. These data elements cannot be included in records shared by both interfaces.

Table 5.13—Data Elements that Do Not Have the Same Value


CVM List '8E'

Issuer Action Code – Default '9F0D'

Issuer Action Code – Denial '9F0E'

Issuer Action Code – Online '9F0F'

Signed Static Application Data '93'

ICC Public Key Certificate '9F46'

Maestro PayPass – M/Chip 4 Personalization Data Get Processing Options Response



Table 5.14—Persistent Data Elements for Get Processing Options Response


AIP (PayPass) 'D8' See Table 5.15

AFL (PayPass) 'D9' '08010100100101011801020020010200' (See note below)

Note If the recommended value is used, then the files indicated by the AFL (PayPass) must be organized as specified in Section 5.4. If for any reason another organization is required, then the above recommended value must not be used.

Table 5.15—AIP (PayPass)


1 8 RFU 0

7 Offline static data authentication is supported 0





2 RFU 0

1 Combined DDA/AC Generation supported 1


7-1 RFU 0000000

Maestro PayPass – M/Chip 4 Personalization DataCard Risk Management











Application Control (PayPass) 'D7' See Table 5.17

Card Issuer Action Code (PayPass) – Decline

'CF' See Table 5.19 and Table 5.20

Card Issuer Action Code (PayPass) – Default

'CD' See Table 5.19 and Table 5.20

Card Issuer Action Code (PayPass) – Online

'CE' See Table 5.19 and Table 5.20

Card Issuer Action Code – Decline 'C3' See Table 5.21 (See note b below)

Card Issuer Action Code – Default 'C4' See Table 5.21 (See note b below)

Card Issuer Action Code – Online 'C5' See Table 5.21 (See note b below)

CDOL1 Related Data Length 'C7' PayPass – M/Chip Lite 4: '23' PayPass – M/Chip Select 4: '2B'

CRM Country Code 'C8' Same value as Issuer Country Code.

CRM Currency Code 'C9' Same value as Application Currency Code.

Currency Conversion Table 'D1' Determined by issuer (See note c below)


Note a If the offline profile is used, then the offline counters are only used for Maestro PayPass transactions. As the Maestro application always goes online, there is no need to use the lower limits to force Maestro transactions online. Therefore, both lower limits (Lower Consecutive Offline Limit and Lower Cumulative Offline Limit) should be personalized to zero. If the online profile is used, then the lower limits are only used for contact Maestro transactions.

Note b If the offline profile is used, then values in Table 5.21 overrule the values of the Card Issuer Action Codes defined in [MCHIPPDS].

Maestro PayPass – M/Chip 4 Personalization Data Card Risk Management


Note c In order to disable currency conversion, it is recommended that the currency code in each entry in the Currency Conversion Table be set to the same value as the CRM Currency Code.

5.7.1 Application Control (PayPass)

Table 5.17 lists the personalization values for the Application Control (PayPass).

Table 5.17—Application Control (PayPass)



7 Skip CIAC – Default on CAT3 0

6 RFU 0




2 Session key derivation (See note a below) 0/1

1 Encrypt offline counters 0/1

2 8-4 RFU 00000


2 Retrieval of balance 0/1

1 Include counters in AC 0/1

3 8 Static CVC3 (See note b below) 1


6-1 RFU 000000

Note a The definition of bit 2 of byte 1 depends on the version of the PayPass – M/Chip 4 application (v1.0, v1.1a, or v1.1b). Refer to Table 5.18 for more information.

Note b For security reasons, it is recommended to set bit 8 of byte 3 to 1.

Table 5.18—Session Key Derivation Algorithm

Version Application Control(PayPass)[1][2] = 0 Application Control(PayPass)[1][2] = 1

v1.0 MasterCard Proprietary EMV2000

v1.1a MasterCard Proprietary Value not allowed

v1.1b MasterCard Proprietary EMV CSK



5.7.2 Card Issuer Action Codes

Table 5.19 lists the values of the Card Issuer Action Codes for the contactless interface when the online profile is used.

Table 5.19—Card Issuer Action Codes (PayPass) (Online Profile)


1 8 RFU 0 0 0






0 1 0


0 1 0










3 8-3 RFU 000000 000000 000000



Note The setting of the 'International Transaction' and 'Domestic Transaction' bits to '0 1 0' results in online contactless transactions on online capable terminals. With this setting, the PayPass – M/Chip 4 application will always generate an ARQC during a contactless transaction on an online-capable terminal.

Maestro PayPass – M/Chip 4 Personalization Data Card Risk Management


Table 5.20 lists the values of the Card Issuer Action Codes for the contactless interface when the offline profile is used.

Table 5.20—Card Issuer Action Codes (PayPass) (Offline Profile)


1 8 RFU 0 0 0
















3 8-3 RFU 000000 000000 000000





Table 5.21 lists the values of the Card Issuer Action Codes for the contact interface when the offline profile is used. The values are set in such a way every contact transaction is forced online.

Table 5.21—Card Issuer Action Codes (Contact) (Offline Profile)


1 8 RFU 0 0 0






0 1 1


0 1 1










3 8-3 RFU 000000 000000 000000



Note The setting of the 'International Transaction' and 'Domestic Transaction' bits to '0 1 1' results in online-only contact transactions. With this setting, the PayPass – M/Chip 4 application will always generate an ARQC during a contact transaction on an online-capable terminal, and will decline every contact transaction on an offline-only terminal or when the terminal is unable to go online.

Maestro PayPass – M/Chip 4 Personalization Data Secret Keys



Table 5.22—Triple DES keys


ICC Dynamic Number Master Key (MKIDN)


SM for Integrity Master Key (MKSMI) – Determined by issuer

SM for Confidentiality Master Key (MKSMC)




– Not used. Personalized with hexadecimal zeroes.

Table 5.23—RSA keys


Length of ICC Public Key Modulus – Determined by issuer


Length of ICC PIN Encipherment Public Key Modulus


ICC PIN Encipherment Private Key – Determined by issuer

Maestro PayPass – M/Chip 4 Personalization DataMiscellaneous


5.9 Miscellaneous




Application Life Cycle Data '9F7E' Depending on the possible separation between the loading of the application code and the personalization data, only part of the Application Life Cycle Data may be personalized.

Log Format '9F4F' Content of records in Log of Transactions.



IVCVC3TRACK1 'DC' '0000'

IVCVC3TRACK2 'DD' '0000'

5.10 Counters and Previous Transaction

Table 5.25—Counters and Previous Transaction (M/Chip 4 Version 1.0)











Maestro PayPass – M/Chip 4 Personalization Data Data Elements with a Fixed Initial Value


Table 5.26—Counters and Previous Transaction (M/Chip 4 Version 1.1.a)







Table 5.27—Counters and Previous Transaction (M/Chip 4 Version 1.1.b)





AC Session Key Counter Limit – '0400'

SMI Session Key Counter Limit – '0400'


Table 5.28—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.0)






– '00…00'








Maestro PayPass – M/Chip 4 Personalization DataData Elements with a Fixed Initial Value


Table 5.29—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.1.a)






– '00…00'




Table 5.30—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.1b)






– '00…00'



SMI Session Key Counter – '0000'


Security Limits Status 'DF02" '00'


End of Document

PayPass Personalization Data Specificationsdata.cardzone.cz/contactless/PayPass PDS (V1.3).pdf ·...

Documents

Transcript of PayPass Personalization Data Specificationsdata.cardzone.cz/contactless/PayPass PDS (V1.3).pdf ·...