Pin Managment for IC Card Member Implementation Guide
Transcript of Pin Managment for IC Card Member Implementation Guide
Welcome to PIN Management for IC Cards Member Implementation Guide
The PIN Management for IC Cards Member Implementation Guide is now available.
The Visa *Confidential* label indicates that the information in this document is intended for use by Visa employees, member banks, and external business partners that have signed a Nondisclosure Agreement (NDA) with Visa. This information is not for public release.
Effective: 27 June 2002
Visa International 2002 40060-01
Visa *Confidential*
PIN Management for IC Cards
Member Implementation Guide
Version 1.0
Effective: 27 June 2002
Contents
27 Jun 2002 Visa *Confidential* i
Contents
About This Guide....................................................................... 1
Audience ............................................................................................. 1 Scope .................................................................................................. 1 Document Organisation..................................................................... 2 Related Documents ............................................................................ 3 For More Information ........................................................................ 3
1. Service Overview ............................................................ 1–1
1.1 Key Concepts........................................................................ 1–1 1.2 Service Features .................................................................. 1–2 1.3 Service Requirements.......................................................... 1–7 1.4 Enrolment Procedures......................................................... 1–8
2. Issuer Implementation .................................................... 2–1
2.1 PIN Management Messages................................................ 2–1 2.2 Offline and Online PINs...................................................... 2–1 2.3 Reversals and Advice of Reversals ..................................... 2–2 2.4 Unsafe PINs ......................................................................... 2–2 2.5 PIN Reissuance.................................................................... 2–3 2.6 Cardholder Notification....................................................... 2–3 2.7 Reporting.............................................................................. 2–3 2.8 Integrated Billing ................................................................ 2–4 2.9 Training................................................................................ 2–4
3. Acquirer Implementation................................................ 3–1
3.1 PIN Management Messages................................................ 3–1 3.2 ATM Screens ........................................................................ 3–1 3.3 Reporting.............................................................................. 3–3 3.4 Integrated Billing ................................................................ 3–3 3.5 Training................................................................................ 3–3
4. Certification Requirements ............................................ 4–1
4.1 Certification Environment .................................................. 4–1 4.2 Certification Process............................................................ 4–2
A. Message Formats and Flows .........................................A–1
A.1 BASE I Message Formats ...................................................A–2 A.2 SMS Message Formats ........................................................A–9
PIN Management for IC Cards Member Implementation Guide 40060-01
ii Visa *Confidential* 27 Jun 2002
A.3 Updated Field Descriptions ..............................................A–16 A.4 PIN Management Message Flows ....................................A–20
B. Certification Scripts........................................................B–1
B.1 BASE I Certification Script.................................................B–1 B.2 SMS Certification Script .....................................................B–3
Glossary ..................................................................................... 1
Figures
27 Jun 2002 Visa *Confidential* i
Figures Figure 1-1: PIN Management Message Flow ............................... 1–2 Figure A-1: PIN Management Request/Response......................A–20 Figure A-2: PIN Management Reversal .....................................A–21 Figure A-3: Acquirer Not Participating ......................................A–22 Figure A-4: Issuer Not Participating .........................................A–23 Figure A-5: Issuer Unavailable ...................................................A–24 Figure A-6: Time-Out, Issuer Does Not Respond.......................A–25 Figure A-7: Message Undeliverable to Acquirer ........................A–26 Figure A-8: PIN Management Reversal – Issuer
Unavailable...........................................................................A–27
PIN Management for IC Cards Member Implementation Guide 40060-01
ii Visa *Confidential* 27 Jun 2002
Tables
27 Jun 2002 Visa *Confidential* i
Tables Table 1-1: Existing Response Codes ............................................. 1–6 Table 3-1: Existing Response Codes ............................................. 3–2 Table A-1: BASE I Request/Response...........................................A–2 Table A-2: BASE I Reversal ..........................................................A–5 Table A-3: BASE I Advice of Reversal ..........................................A–7 Table A-4: SMS Request/Response ...............................................A–9 Table A-5: SMS Reversal .............................................................A–12 Table A-6: SMS Advice of Reversal.............................................A–14 Table B-1: BASE I PIN Management Certification Script..........B–2 Table B-2: SMS PIN Management Certification Script ..............B–4
PIN Management for IC Cards Member Implementation Guide 40060-01
ii Visa *Confidential* 27 Jun 2002
About This Guide Audience
27 Jun 2002 Visa *Confidential* 1
About This Guide
This guide is intended to assist Visa Members with implementing PIN Management for single-application integrated circuit (IC) cards in preparation for the UK rollout of offline PIN verification at the point of sale. The EU Region will offer this service on a market-by-market basis following the initial UK pilot in 2003.
Audience This guide is directed to staff responsible for implementing PIN Management for IC cards at their financial institution.
It assumes that the reader has a basic knowledge of IC cards, ATM processing and the VisaNet V.I.P. System.
Scope Changes that issuers and acquirers must make to implement PIN Management for IC Cards are addressed in this guide, including those related to:
• Sending and receiving PIN Management messages
• Co-ordinating offline and online PINs
• Developing customer service procedures for cardholders who have forgotten their PINs
• Designing new ATM screens to accommodate PIN Change/Unlock and PIN Unlock transactions
NOTE: The term PIN Unlock is used in this guide as EU members have elected to use this term at their ATMs and in cardholder materials. The term PIN Unblock is used for the processing code in PIN Management messages and in VisaNet technical documentation to be consistent with EMV and industry standards.
Implications for ATM vendors and third-party processors are mentioned where applicable; however, changes to their systems are outside the scope of this document.
PIN Management for IC Cards Member Implementation Guide 40060-01
2 Visa *Confidential* 27 Jun 2002
It is assumed that members have already implemented full data option IC card processing; for example, that issuers can send Post-Issuance Script commands and acquirers can receive the script commands and transmit them to the IC card at their ATMs.
Document Organisation The information in this guide is divided into the following chapters and appendices:
Chapter 1, Service Overview—Defines PIN management concepts, describes the processing of both PIN Change/Unlock and PIN Unlock messages, and explains the changes to BASE I and Single Message System (SMS) message formats for PIN management. The enrolment procedure for the service is also covered.
Chapter 2, Issuer Implementation—Summarises the systems changes needed to implement the service from an issuer’s perspective, including handling unsafe PINs and alternate routing. Customer service procedures that need to be developed are identified, such as PIN reissuance. Additionally, reporting and training activities are described.
Chapter 3, Acquirer Implementation—Provides information on systems changes needed by the acquirer. Reporting and training activities are also covered.
Chapter 4, Certification Requirements—Explains the certification environment, as well as requirements for pre-certification and certification with VisaNet.
Appendix A, Message Formats and Flows—Provides PIN Management message formats for BASE I and the Single Message System, as well as message flows for common processing scenarios.
Appendix B, Certification Scripts—Contains sample PIN Management certification scripts for BASE I and SMS.
A glossary is also included.
About This Guide Related Documents
27 Jun 2002 Visa *Confidential* 3
Related Documents The following documents contain technical information related to PIN Management for IC Cards:
• V.I.P. System BASE I Technical Specifications
• V.I.P. System BASE I Processing Specifications
• V.I.P. System SingleConnect SMS ATM Processing Specifications
• V.I.P. System SMS ATM Technical Specifications
• V.I.P. System Services
For More Information Contact your Visa representative.
PIN Management for IC Cards Member Implementation Guide 40060-01
4 Visa *Confidential* 27 Jun 2002
Service Overview Key Concepts
27 Jun 2002 Visa *Confidential* 1–1
1. Service Overview
As payment markets shift to widespread use of integrated circuit (IC) cards with PIN as the primary cardholder verification method, it becomes increasingly important for cardholders to have convenient access to their PINs. This is especially true for credit cardholders who may not know the PIN associated with their card.
This service is designed to provide Visa cardholders with the capability to change or unlock their PINs at participating ATMs. This new functionality is expected to facilitate the rollout of PINs at the point of sale by offering an easy and secure means for cardholders to select their own PINs.
1.1 Key Concepts The following concepts are key to understanding PIN Management for IC Cards.
Offline PIN—A numeric value stored on an IC card used to identify the cardholder when PIN verification takes place offline between the card and terminal.
Offline PIN Verification—The process of verifying a PIN entered into a terminal by the cardholder through interaction between the card and terminal. The PIN entered by the cardholder is compared to a numeric value stored on the card.
Online PIN—A numeric value stored at the Issuer’s host that is used to identify the cardholder when PIN verification takes place through an online message routed between the acquirer and the issuer.
Online PIN Verification—The process of verifying a PIN entered into a terminal by the cardholder by sending it to the issuer for verification. The PIN entered by the cardholder is compared to a numeric value stored at the issuer’s host.
PIN Change/Unlock—A PIN Management message used to change the offline PIN on an IC card. The status of the PIN-try counter is included in the request message, so the issuer may optionally reset the PIN-try counter using the same response message.
PIN Management Message—An online message used to handle PIN-related functions, such as changing or unlocking a PIN.
PIN Management for IC Cards Member Implementation Guide 40060-01
1–2 Visa *Confidential* 27 Jun 2002
PIN Unlock—A PIN Management message used to reset the PIN-try counter on IC cards. When the PIN-try counter reaches its maximum allowable value as set by the issuer, the card may become blocked. This will prevent subsequent transactions.
Post-Issuance Script—A command sent from the card issuer to the card through VisaNet to change a parameter set in the chip on the card. The IC card will verify that it is the genuine issuer that has provided the Post-Issuance Script.
1.2 Service Features PIN Management for IC Cards is designed for single-application IC cards. Issuers, acquirers and ATM manufacturers must comply with EMV standards for IC card processing.
PIN Management messages work in both dual and single-message processing environments and are subject to normal ATM processing edits. PIN blocks are encrypted using the existing acquirer and issuer encryption working keys. Figure 1-1 illustrates the flow of PIN Management messages.
Figure 1-1: PIN Management Message Flow
ATM Acquirer Issuer
(1) (2) (3)
(6) (5) (4)
PIN Change/Unlock Message Flow
The following list corresponds to the numbered arrows in Figure 1-1 and describes the high-level processing steps for a PIN change.
1. The cardholder inserts their IC card into the ATM, enters the current PIN, and then selects the PIN Change/Unlock function at the ATM, entering the new PIN twice. Both entries of the new PIN must match or the cardholder is requested to re-enter the new PIN.
The ATM:
! Encrypts both the current and new PINs entered by the cardholder using the acquirer’s working key
! Receives the Authorisation Request Cryptogram (ARQC) generated by the card
Service Overview Service Features
27 Jun 2002 Visa *Confidential* 1–3
! Sends the transaction data, including information from the chip, such as the ARQC and the status of the PIN-try counter, to the acquirer
2. The acquirer:
! Creates a PIN Management request message (0100/0200) with processing code 70 – PIN Change/Unblock
! Includes the ARQC, chip information and other transaction data in the request message
! Sends the authorisation request message to VisaNet
3. The V.I.P. System decrypts the PIN blocks using the acquirer’s working key and re-encrypts the PIN blocks using the issuer’s working key. The V.I.P. System then routes the message to the issuer.
NOTE: The V.I.P. System does not perform CVV or PVV processing or Chip Card Payment Service (CCPS) CAM/CVV processing for PIN Management messages. Only PIN translation is performed.
The issuer must be available as no Stand-In Processing is performed on PIN Management messages. If the issuer is unavailable or times out, a response code of 91 – Issuer Unavailable is returned.
4. The issuer receives the PIN Management request message then decrypts and verifies the cardholder’s current PIN, validates the ARQC and performs other edits as determined by the issuer’s host system, such as checking the account status. If the PIN change is approved, the issuer prepares a Post-Issuance Script command to change the offline PIN to the new PIN requested by the cardholder. The issuer may optionally create a script command to reset the PIN-try counter if the card has been blocked due to excessive PIN tries as this information is carried in the PIN Management request. The issuer then creates an Authorisation Response Cryptogram (ARPC) and sends a PIN Management response message (0110/0210) containing the script commands to VisaNet.
The issuer changes the online PIN stored at its host to reflect the new PIN value.
5. VisaNet routes the response message to the acquirer.
6. The acquirer sends the response message to the ATM. The Post-Issuance Script command is applied to the card where the new offline PIN value is stored. The PIN-try counter is reset if the script command to change this card parameter was also sent by the issuer. The cardholder removes the card from the ATM.
PIN Management for IC Cards Member Implementation Guide 40060-01
1–4 Visa *Confidential* 27 Jun 2002
If the PIN Change/Unlock function is not completed at the ATM for any reason, the ATM generates a reversal message and sends it to the acquirer. The acquirer sends the reversal to VisaNet where it is routed to the issuer. If the issuer is unavailable, VisaNet creates an advice of reversal message for the issuer.
The issuer must develop procedures for the action that should be taken upon receipt of a reversal or advice of reversal. See Section 2.3, “Reversals and Advice of Reversals,” for a discussion of the issues.
PIN Unlock Message Flow
The following list describes the high-level processing steps to unlock a cardholder’s PIN and corresponds to the numbered arrows in Figure 1-1.
1. The cardholder inserts their IC card into the ATM, enters the current PIN, and then selects the PIN Unlock function at the ATM.
NOTE: Assuming that the cardholder had previously forgotten their PIN, they must have contacted their issuer prior to the transaction to obtain the correct PIN. Issuers must develop procedures to verify the cardholder’s identity and provide a copy of the correct PIN in advance of this transaction being performed. Refer to Section 3.3, “Customer Service Procedures,” for more information.
The ATM:
! Encrypts the PIN entered by the cardholder using the acquirer’s working key
! Receives the Authorisation Request Cryptogram (ARQC) generated by the card
! Sends the transaction data, including information from the chip, such as the ARQC and the status of the PIN-try counter, to the acquirer
2. The acquirer:
! Creates a PIN Management request message (0100/0200) with processing code 72 – PIN Unblock
! Includes the ARQC, chip information and other transaction data in the request message
! Sends the authorisation request message to VisaNet
3. The V.I.P. System decrypts the PIN block using the acquirer’s working key and re-encrypts the PIN block using the issuer’s working key. The V.I.P. System then routes the request message to the issuer.
Service Overview Service Features
27 Jun 2002 Visa *Confidential* 1–5
NOTE: The V.I.P. System does not perform CVV or PVV processing or Chip Card Payment Service (CCPS) CAM/CVV processing for PIN Management messages. Only PIN translation is performed.
The issuer must be available as no Stand-In Processing is performed on PIN Management messages. If the issuer is unavailable or times out, a response code of 91 – Issuer Unavailable is returned.
4. The issuer receives the PIN Management request message and verifies the cardholder’s current PIN, validates the ARQC and performs other edits as determined by the issuer’s host system, such as checking the account status.
The issuer prepares a Post-Issuance Script command to reset the PIN-try counter on the card to zero, creates an Authorisation Response Cryptogram (ARPC) and sends a PIN Management response message (0110/0210) to VisaNet.
5. VisaNet routes the response message to the acquirer.
6. The acquirer sends the response message to the ATM. The Post-Issuance Script command is applied to the card where the PIN-try counter is reset to zero. The cardholder removes the card from the ATM.
If the PIN Unlock function is not completed at the ATM for any reason, the ATM generates a reversal message and sends it to the acquirer. The acquirer sends the reversal to VisaNet where it is routed to the issuer. If the issuer is unavailable, VisaNet creates an advice of reversal message for the issuer.
PIN Management Messages
PIN Management for IC Cards uses standard V.I.P. System authorisation message pairs to handle PIN management functions: 0100/0110 messages in BASE I and 0200/0210 messages in SMS.
New values have been defined for existing fields. There are also required values for existing fields and fields that must be present in the messages. This information is summarised in the following sections.
New Values in Existing Fields
New processing codes and response codes are used in PIN Management messages.
Two new processing codes have been defined for field 3:
‘700000’ – PIN Change/Unblock
‘720000’ – PIN Unblock
PIN Management for IC Cards Member Implementation Guide 40060-01
1–6 Visa *Confidential* 27 Jun 2002
Two new response codes have been defined for field 39:
P5 – Decline of request
P6 – Unsafe PIN
The following BASE I response codes have been added to SMS in support of PIN Management:
58 – Transaction not allowed at terminal (Acquirer not participating)
85 – No reason to decline a request (Approval of request)
Other existing response codes that are valid for this service are shown in Table 1-1. The standard VisaNet response code definition is listed first, and the meaning specific to PIN Management messages follows in parentheses.
Other standard response codes used in VisaNet ATM processing may also apply. Any response codes added to ATM processing in the future will automatically apply to PIN Management as well.
Table 1-1: Existing Response Codes
BASE I SMS
12 – Invalid transaction1
55 – Incorrect PIN
57 – Transaction not permitted to cardholder (Issuer not participating)
58 – Transaction not allowed at terminal (Acquirer not participating)
81 – PIN cryptographic error
83 – Unable to verify PIN2
85 – No reason to decline a request (Approval of request)
91 – Issuer unavailable or switch inoperative (STIP not applicable or available to this transaction)
96 – System malfunction
12 – Invalid transaction1
55 – Incorrect PIN
57 – Transaction not permitted to cardholder (Issuer not participating)
81 – Cryptographic error in PIN
86 – Cannot verify PIN2
91 –Destination unavailable or time out when no stand-in
96 – System malfunction
1 – Response code 12 is returned to the acquirer when the chip fields in either F55 or the 3rd bitmap (F152) are dropped from the request message. The PIN Change/Unlock request message is not forwarded to the issuer if either F55 or the 3rd bitmap is not present.
2 – When SMS receives response code 83 from BASE I, it converts the 83 to an 86 before forwarding the message to the acquirer.
Service Overview Service Requirements
27 Jun 2002 Visa *Confidential* 1–7
Required Values in Existing Fields
These values are required for existing fields in PIN Management messages:
Field 18, Merchant Type, must be 6011 – ATM
Field 22, POS Entry Mode, must be ‘05’ or ‘95’
Field 25, POS Condition Code, must be ‘00’
Field 52, must contain the existing PIN
Field 55, if used, must contain tag ‘CO’ with the new PIN
NOTE: The new PIN may alternatively be sent in field 152, Secondary PIN Data, the 3rd bit map for chip data. Field 55 or 152 must be present if the processing code in field 3.1 is ‘70’.
Field 136, Cryptogram, must be present
Field 142, Issuer Script, must be present if the response code from the issuer is ‘85’
NOTE: Multiple script commands may be included in this field, such as one to change the offline PIN and one to reset the PIN-try counter to zero.
Field 143, Issuer Script Results, must be present in the Reversal message
Field 147, Cryptogram Amount, must be present
Other Relevant Fields
The information stored in the chip, such as status of the PIN-try counter and cardholder verification method, is captured during terminal processing. The data is transmitted to the issuer in Field 130, Terminal Capability Profile, and Field 131, Terminal Verification Results.
See Appendix A, Message Formats and Flows, for additional details.
1.3 Service Requirements PIN Management for IC Cards requires changes to both issuer and acquirer host systems. Certification with VisaNet for PIN Management messages is required for participating issuers and acquirers. In addition, both issuers and acquirers must have previously certified for the full data option for IC card processing.
PIN Management for IC Cards Member Implementation Guide 40060-01
1–8 Visa *Confidential* 27 Jun 2002
Refer to Chapter 2, Issuer Implementation, and Chapter 3, Acquirer Implementation for details. Testing and certification requirements are covered in Chapter 4. PIN Management message formats can be found in Appendix A.
1.4 Enrolment Procedures Please contact your Relationship Manager to enrol in this service.
Issuer Implementation PIN Management Messages
27 Jun 2002 Visa *Confidential* 2–1
2. Issuer Implementation
This chapter discusses steps that issuers must take to implement PIN Management for IC Cards. Issuer implementation activities include developing the capabilities to:
• Receive and respond to PIN Management messages
• Co-ordinate offline and online PINs
• Detect and decline unsafe PINs
• Reissue PINs to cardholders prior to performing a PIN Change/Unlock or PIN Unlock at an ATM
• Notify cardholders of the availability of PIN Management for IC Cards
Additionally, reporting and training activities are described.
2.1 PIN Management Messages Issuers must update their host systems to be able to receive and respond to PIN Management messages as described in Section 1.1, “Service Features”, and Appendix A. Certification with VisaNet is required for this service. Refer to Chapter 4 for more information on testing and certification.
The V.I.P. System technical documentation also provides information on PIN Management messages and transaction processing.
2.2 Offline and Online PINs A critical feature of the project to implement PIN Management for IC Cards is the capability to coordinate cardholders’ offline and online PINs. When an issuer approves a PIN Change/Unlock request message, the online PIN must be changed in the issuer’s host system to match the new offline PIN. In addition, in the event that Issuer Script in the response message is not applied to the card due to technical difficulties, the issuer must be prepared to back out the new PIN and restore the previous online PIN in their host system upon receipt of a reversal or an advice of reversal.
PIN Management for IC Cards Member Implementation Guide 40060-01
2–2 Visa *Confidential* 27 Jun 2002
If the online PIN in the issuer’s host system is not in sync with the offline PIN on the card, the cardholder will experience declined transactions due to incorrect PIN at terminals that use online PIN verification.
2.3 Reversals and Advice of Reversals If for any reason the PIN Change/Unlock cannot be completed once the issuer has sent an authorisation response approving the transaction, the V.I.P. System generates a reversal or advice of reversal for the issuer. Issuers must develop procedures for the action that should be taken upon receipt of the reversal or advice of reversal, considering the customer service implications of the situation.
For example, the issuer may choose to change the online PIN stored at its host back to the PIN as it existed prior to the transaction, reversing the failed PIN change. Alternatively, the decision might be taken not to apply the reversal and proactively contact the cardholder regarding the situation.
2.4 Unsafe PINs It is the issuer’s responsibility to detect unsafe PINs that have been selected by cardholders. Examples might include: 1234, 9999, the cardholder’s first name, etc. Issuers should refer to their internal information security guidelines for the definition of unsafe PINs.
Once the definition of an unsafe PIN has been determined, appropriate edits for the new PIN block contained in PIN Management messages should be implemented. Any unsafe PINs selected by cardholders should be declined with a response code of P6 – Unsafe PIN.
Cardholders will receive an ATM screen stating that their PIN selection has been declined as an unsafe PIN and that they should select another PIN.
Cardholder education materials should be developed that explain the issuer’s guidelines for PIN selection. This information should be provided to cardholders when their PIN is reissued for the purpose of performing a PIN Change/Unlock at an ATM.
Issuer Implementation PIN Reissuance
27 Jun 2002 Visa *Confidential* 2–3
2.5 PIN Reissuance Cardholders must know their current PIN in order to change or unblock it at an ATM. Thus, procedures must be developed to reissue PINs to cardholders who have forgotten their PINs. Issuers typically have existing PIN reissuance procedures that can be utilised or modified for this purpose.
Issuers should review the current procedure with the following questions in mind:
• How is the cardholder’s identity verified?
• How is the PIN provided to the cardholder?
• How long does it take for the cardholder to receive the PIN?
• Does this process effectively meet the customer service requirements for the new PIN Change/Unlock and PIN Unlock functions?
• What modifications should be made to the existing process to support PIN Management for IC Cards?
2.6 Cardholder Notification Cardholders should be notified of the availability of the service, along with the procedures they need to follow if they have forgotten their PIN or would like to select a new one. Typical methods include statement inserts and statement messages. Information on the service might also be provided in new account materials sent to cardholders and included in card activation materials.
A procedural change that you may want to consider is to mail system-generated PINs prior to the IC cards when cards are initially issued. Information on PIN change procedures can be enclosed with the PIN. This gives the cardholder the ability to immediately change their PIN when they receive their card, in the event that they prefer not to use the system-generated PIN.
2.7 Reporting The two new PIN Management transaction types: PIN Change/Unlock and PIN Unlock, should be added to any internal reporting that displays transaction data and counts of transaction types.
PIN Management for IC Cards Member Implementation Guide 40060-01
2–4 Visa *Confidential* 27 Jun 2002
You should also add these transactions to transaction history that can be viewed on screen in the card management system by customer service representatives.
The new transaction data elements will be available in the Visa Transaction Research Service (VTRS) using Visa Online (VOL).
2.8 Integrated Billing The new fees associated with PIN Management for IC Cards will appear on your Integrated Billing statement. They include:
• Issuer Participation fee
• PIN Change transaction fee
• PIN Unlock transaction fee
2.9 Training Customer service, back-office and branch staff should be trained as part of the implementation of PIN Management for IC Cards prior to your live date. The following topics should be considered:
• Features of the service: PIN Change/Unlock and PIN Unlock
• High-level description of PIN Management message processing
• Changes to PIN reissuance procedures, if any
• New ATM screens, if your organisation is also participating as an acquirer
• Cardholder notification materials
• Changes to the card management system
• Changes to reporting
Acquirer Implementation PIN Management Messages
27 Jun 2002 Visa *Confidential* 3–1
3. Acquirer Implementation
This chapter describes the PIN Management for IC Cards implementation activities for acquirers. They include:
• Developing the capability to send PIN Management request messages and process PIN Management response messages
• Designing new ATM screens for PIN Change/Unlock and PIN Unlock transactions
• Adding the new transaction types to ATM reporting
• Training staff
3.1 PIN Management Messages Acquirers must update their host systems to be able to send PIN Change/Unlock and PIN Unlock messages as described in Section 1.1, “Service Features,” and Appendix A. You must also be able to process the response messages from issuers.
Certification with VisaNet is required for this service. Refer to Chapter 4 for more information on testing and certification.
The V.I.P. System technical documentation also provides information on PIN Management messages and transaction processing.
3.2 ATM Screens ATM screens must be added for the following functions:
• PIN Change/Unlock
NOTE: The PIN entry screen must capture both the current and new PIN. The new PIN must be entered twice and edited either at the ATM or the acquirer’s host system to ensure that the same PIN was entered both times. Only one new PIN block is sent to the issuer.
• PIN Unlock
PIN Management for IC Cards Member Implementation Guide 40060-01
3–2 Visa *Confidential* 27 Jun 2002
• New response codes, including:
! Request declined by issuer (P5)
! Unsafe PIN selection by the cardholder (P6)
The following BASE I response codes have been added to SMS in support of PIN Management:
• 58 – Transaction not allowed at terminal (Acquirer not participating)
• 85 – No reason to decline a request (Approval of request)
Your ATM screens must also accommodate the existing VisaNet response codes that are used for this service as shown in Table 3-1. The response codes must either be mapped to existing screens with appropriate language or a new screen added.
Other standard response codes used in VisaNet ATM processing may also apply. Any response codes added to ATM processing in the future will automatically apply to PIN Management as well.
Table 3-1: Existing Response Codes
BASE I SMS
12 – Invalid transaction1
55 – Incorrect PIN
57 – Transaction not permitted to cardholder (Issuer not participating)
58 – Transaction not allowed at terminal (Acquirer not participating)
81 – PIN cryptographic error
83 – Unable to verify PIN2
85 – No reason to decline a request (Approval of request)
91 – Issuer unavailable or switch inoperative (STIP not applicable or available to this transaction)
96 – System malfunction
12 – Invalid transaction1
55 – Incorrect PIN
57 – Transaction not permitted to cardholder (Issuer not participating)
81 – Cryptographic error in PIN
86 – Cannot verify PIN2
91 –Destination unavailable or time out when no stand-in
96 – System malfunction
1 – Response code 12 is returned to the acquirer when the chip fields in either F55 or the 3rd bitmap (F152) are dropped from the request message. The PIN Change/Unlock request message is not forwarded to the issuer if either F55 or the 3rd bitmap is not present.
2 – When SMS receives response code 83 from BASE I, it converts the 83 to an 86 before forwarding the message to the acquirer.
Acquirer Implementation Reporting
27 Jun 2002 Visa *Confidential* 3–3
3.3 Reporting The two new PIN Management transaction types, PIN Change/Unlock and PIN Unlock, should be added to ATM reporting that displays transaction data and counts of transaction types.
The new transaction data elements will be available in the Visa Transaction Research Service (VTRS) using Visa Online (VOL).
3.4 Integrated Billing The Acquirer Incentive associated with PIN Management for IC Cards will appear as a credit on your Integrated Billing statement.
3.5 Training Customer service, back-office and branch staff should be trained as part of the implementation of PIN Management for IC Cards prior to your live date. The following topics should be considered:
• Features of the service: PIN Change/Unlock and PIN Unlock
• High-level description of PIN Management message processing
• New ATM screens
• Frequently asked questions from customers and non-customers
• Changes to reports
PIN Management for IC Cards Member Implementation Guide 40060-01
3–4 Visa *Confidential* 27 Jun 2002
Certification Requirements Certification Environment
27 Jun 2002 Visa *Confidential* 4–1
4. Certification Requirements
This chapter addresses the PIN Management for IC Cards requirements for certification, including:
• Certification Environment
• Pre-Certification
• V.I.P. Certification
4.1 Certification Environment Once you have completed internal testing of coding changes to support PIN Management for IC Cards, you will need to begin preparing for certification with VisaNet. The first step in the certification process is to ensure that all of the necessary components are in place. The following components are required for the certification environment:
• VisaNet Certification Management Service (VCMS) connectivity
• VisaNet Access Point (VAP) 10.23 or greater
• VTS2000 release 3.4 or greater or Visa Test System (Sapphire Edition) version 11.0 or greater.
• PIN Management for IC cards certification scripts
• Personalised test chip cards
Contact your Visa representative to obtain certification scripts.
For more information, refer to the following documents:
• Visa Certification Management Service (VCMS) Testing and Certification Guide-V.I.P. System
• VCMS User’s Manual-BASE I System
• VTS2000 User’s Guide or the Visa Test System (Sapphire Edition) User’s Guide
PIN Management for IC Cards Member Implementation Guide 40060-01
4–2 Visa *Confidential* 27 Jun 2002
4.2 Certification Process
You must perform a series of transactions, referred to as a test or certification script, to demonstrate your host system is able to send and receive the new data and fields required in the PIN Management messages. Sample test scripts are provided in Appendix B.
NOTE: Your organisation must be certified for Visa ATM Services and the full data option for IC card processing prior to certifying for PIN Management for IC Cards.
Certification information for PIN Management for IC cards is gathered via Visa Online. After your implementation of the service is initiated at Visa, you will receive a set of PIN Management certification questions through Visa Online. The certification questions are answered and returned online. Your Implementation Manager then uses the information to set up the testing and certification process for your organisation at the regional certification lab.
Message Formats and Flows BASE I Message Formats
27 Jun 2002 Visa *Confidential* A–1
A. Message Formats and Flows
This appendix contains the BASE I and SMS message formats for PIN Management transactions, including request, response, reversal and advice of reversal messages.
NOTE: Two fields are included in these messages that don’t specifically affect PIN Management processing:
− Track 2 data
− Currency Code (Field 49)
These fields remain in use for data consistency with other ATM messages.
The message format tables use the following abbreviations to indicate if fields are required:
M – Mandatory
C – Conditional
O – Optional
PIN Management for IC Cards Member Implementation Guide 40060-01
A–2 Visa *Confidential* 27 Jun 2002
A.1 BASE I Message Formats Table A-1 shows the BASE I 0100/0110 message format for the PIN Management request/response message pair.
Table A-1: BASE I Request/Response
Field Number
Field Name
0100
0110
Comments
Bitmap, third M M
2 Primary Account Number (PAN) M M
3 Processing Code M M ‘700000’ – PIN Change/Unblock ‘720000’ – PIN Unblock
7 Transmission Date and Time M M
11 Systems Trace Audit Number M M
14 Date, Expiration C
18 Merchant Type M Must be 6011
19 Acquiring Institution Country Code M M
22 Point of Service Entry Mode Code M Must be ‘05’ or ‘95’
23 Card Sequence Number C C
25 Point of Service Condition Code M M Must be ‘00’
26 Point of Service PIN Capture Code C
32 Acquiring Institution ID Code M M
33 Forwarding Institution ID Code C Required for SMS bridge transactions. It will not be forwarded to the Issuer.
35 Track 2 Data C Chip data image of Track 2 data
37 Retrieval Reference Number M M
Message Formats and Flows BASE I Message Formats
27 Jun 2002 Visa *Confidential* A–3
Field Number
Field Name
0100
0110
Comments
39 Response Code M Values must be: 12 = Invalid transaction 55 = Incorrect PIN 81 = PIN cryptographic error 83 = Unable to verify PIN 85 = Approval of request P5 = Decline of request P6 = Unsafe PIN 57 = Issuer not participating 58 = Acquirer not participating 91 = Issuer unavailable or timed-out
41 Card Acceptor Terminal ID M M Identification of ATM
42 Card Acceptor ID Code M M Identification of ATM
43 Card Acceptor Name/Location M Name/Location of ATM
44.1 Response Source/Reason Code M
49 Currency Code, Transaction M M
52 PIN Data M Existing PIN
53 Security Related Control Info M Information about existing PIN and new requested PIN
55 Field 55 (BER-TLV) C C Location for new PIN or Field 152, Field 55 or Field 152 must be present if the processing code in Field 3.1 is ‘70’
BER-TLV Tag is ‘CO’
The field is formatted: COXXFFFFFFFFFFFFFFFF where: CO is the tag, XX is the is the fixed length of the data, FFFFFFFFFFFFFFFF is the encrypted secondary PIN block
59 National POS Geographic Data C
60 Additional POS Information M
130 Terminal Capability Profile C
131 Terminal Verification Results C
PIN Management for IC Cards Member Implementation Guide 40060-01
A–4 Visa *Confidential* 27 Jun 2002
Field Number
Field Name
0100
0110
Comments
132 Unpredictable Number C
133 Terminal Serial Number C
134 Visa Discretionary Data C
135 Issuer Discretionary Data C
136 Cryptogram C Must be present
137 Application Transaction Counter C C
138 Application Interchange Profile C
139 ARPC Response Cryptogram and Code
C
142 Issuer Script C Must be present, if response code from issuer is ‘85’
144 Cryptogram Transaction Type C
145 Terminal Country Code C
146 Terminal Transaction Date C
147 Cryptogram Amount C Must be present; a zero amount is used in generating the ARQC and ARPC
148 Cryptogram Currency Code C
149 Cryptogram Cashback Amount C
152 Secondary PIN Data C Field 152 or Field 55 must be present if Field 3.1 is equal to ‘70’
Message Formats and Flows BASE I Message Formats
27 Jun 2002 Visa *Confidential* A–5
The BASE I reversal message format is shown in Table A-2.
Table A-2: BASE I Reversal
Field Number
Field Name
0400
0410
Comments
Bitmap, third M M
2 Primary Account Number (PAN) M M
3 Processing Code M M ‘700000’ – PIN Change/Unblock ‘720000’ – PIN Unblock
7 Transmission Date and Time M M
11 Systems Trace Audit Number M M
14 Date, Expiration C
18 Merchant Type M Must be 6011
19 Acquiring Institution Country Code M M
22 Point of Service Entry Mode Code M
23 Card Sequence Number C C
25 Point of Service Condition Code M M Must be ‘00’
26 Point of Service PIN Capture Code C
32 Acquiring Institution ID Code M M
33 Forwarding Institution ID Code C Required for SMS bridge transactions. It will not be forwarded to the issuer.
37 Retrieval Reference Number M M
39 Response Code M
41 Card Acceptor Terminal ID M M
42 Card Acceptor ID Code M M
43 Card Acceptor Name/Location M
44.1 Additional Response Data M
49 Currency Code, Transaction M M
PIN Management for IC Cards Member Implementation Guide 40060-01
A–6 Visa *Confidential* 27 Jun 2002
Field Number
Field Name
0400
0410
Comments
55 Field 55 (BER-TLV) C C
59 National Geographic Data C
60 Additional POS Information M
90 Original Data Elements M C
131 Terminal Verification Results C It is present in 0400 if issuer authentication failed
133 Terminal Serial Number C If present in original, it is required in 0400 request
134 Visa Discretionary Data C
137 Application Transaction Counter C C
143 Issuer Script Results C Must be present for reversal
Message Formats and Flows BASE I Message Formats
27 Jun 2002 Visa *Confidential* A–7
The BASE I advice of reversal message format is shown in Table A-3.
Table A-3: BASE I Advice of Reversal
Field Number
Field Name
0420
Bitmap, third M
2 Primary Account Number (PAN) M
3 Processing Code M
7 Transmission Date and Time M
11 Systems Trace Audit Number M
14 Date, Expiration C
18 Merchant Type M
19 Acquiring Institution Country Code M
22 Point of Service Entry Mode Code M
23 Card Sequence Number C
25 Point of Service Condition Code M
26 Point of Service PIN Capture Code C
32 Acquiring Institution ID Code M
33 Forwarding Institution ID Code C
37 Retrieval Reference Number M
39 Response Code M
41 Card Acceptor Terminal ID M
42 Card Acceptor ID Code M
43 Card Acceptor Name/Location M
44.1 Additional Response Data M
49 Currency Code, Transaction M
55 Field 55 (BER-TLV) C
59 National Geographic Data C
60 Additional POS Information M
PIN Management for IC Cards Member Implementation Guide 40060-01
A–8 Visa *Confidential* 27 Jun 2002
Field Number
Field Name
0420
90 Original Data Elements M
131 Terminal Verification Results C
133 Terminal Serial Number C
134 Visa Discretionary Data C
137 Application Transaction Counter C
143 Issuer Script Results C
Message Formats and Flows SMS Message Formats
27 Jun 2002 Visa *Confidential* A–9
A.2 SMS Message Formats Table A-4 shows the SMS 0200/0210 message format for the PIN Management Service request/response message pair.
Table A-4: SMS Request/Response
Field Number
Field Name
0200
0210
Comments
Bitmap, Secondary M M
Third Bitmap, M M
2 Primary Account Number (PAN) M M
3 Processing Code M M ‘700000’ – PIN Change/Unblock ‘720000’ – PIN Unblock
7 Transmission Date and Time M M
11 Systems Trace Audit Number M M
12 Time, Local Transaction M
13 Date, Local Transaction M
14 Date, Expiration O
15 Date, Settlement M SMS provided
18 Merchant Type M Must be 6011
19 Acquiring Institution Country Code M M
21 Forwarding Institution Country Code C
22 Point of Service Entry Mode Code M Must be ‘05’ or ‘95’
23 Card Sequence Number C C
25 Point of Service Condition Code M M Must be ‘00’
26 Point of Service PIN Capture Code C
32 Acquiring Institution ID Code M M
33 Forwarding Institution ID Code C Required for SMS bridge transactions. It will not be forwarded to the issuer.
PIN Management for IC Cards Member Implementation Guide 40060-01
A–10 Visa *Confidential* 27 Jun 2002
Field Number
Field Name
0200
0210
Comments
35 Track 2 Data C Chip data image of Track 2 data
37 Retrieval Reference Number M M
39 Response Code M Values must be: 12 = Invalid transaction 55 = Incorrect PIN 81 = PIN cryptographic error 85 = Approval of request 86 = Unable to verify PIN P5 = Decline of request P6 = Unsafe PIN 57 = Issuer not participating 58 = Acquirer not participating 91 = Issuer unavailable or timed-out 96 = System malfunction
NOTE: When SMS receives response code 83 from BASE I, it converts the 83 to an 86 before forwarding the message to the acquirer.
41 Card Acceptor Terminal ID M M Identification of ATM
42 Card Acceptor ID Code M M Identification of ATM
43 Card Acceptor Name/Location M Name/Location of ATM
49 Currency Code, Transaction C C
52 PIN Data M Existing PIN
53 Security Related Control Info M Information about existing PIN and new requested PIN
55 Field 55 (BER-TLV) C C Location for new PIN or Field 152, Field 55 or Field 152 must be present if the processing code in Field 3.1 is ‘70’
BER-TLV Tag is ‘CO’
The field is formatted: COXXFFFFFFFFFFFFFFFF where: CO is the tag, XX is the is the fixed length of the data, FFFFFFFFFFFFFFFF is the encrypted secondary PIN block
Message Formats and Flows SMS Message Formats
27 Jun 2002 Visa *Confidential* A–11
Field Number
Field Name
0200
0210
Comments
59 National POS Geographic Data C
60 Additional POS Information M
63.0 Bitmap (Field 63) M M
63.1 Network ID M M
115 Additional Trace Data O
130 Terminal Capability Profile O
131 Terminal Verification Results O
132 Unpredictable Number O
133 Terminal Serial Number O
134 Visa Discretionary Data O
135 Issuer Discretionary Data O
136 Cryptogram O Must be present
137 Application Transaction Counter O O
138 Application Interchange Profile O
139 ARPC Response Cryptogram and Code
C
142 Issuer Script C Must be present, if response code from issuer is ‘85’
144 Cryptogram Transaction Type O
145 Terminal Country Code O
146 Terminal Transaction Date O
147 Cryptogram Amount O Must be present; a zero amount is used in generating the ARQC and ARPC
148 Cryptogram Currency Code O
152 Secondary PIN Block C Field 152 or Field 55 must be present if Field 3.1 is equal to ‘70’
PIN Management for IC Cards Member Implementation Guide 40060-01
A–12 Visa *Confidential* 27 Jun 2002
The SMS reversal message format is shown in Table A-5.
Table A-5: SMS Reversal
Field Number
Field Name
0420
0430
Comments
Bitmap, Secondary M M
Third Bitmap M M
2 Primary Account Number (PAN) M M
3 Processing Code M M ‘700000’ – PIN Change/Unblock ‘720000’ – PIN Unblock
7 Transmission Date and Time M M
11 Systems Trace Audit Number M M
12 Time, Local Transaction M
13 Date, Local Transaction M
15 Date, Settlement M
18 Merchant Type M Must be 6011
19 Acquiring Institution Country Code M M
21 Forwarding Institution Country Code C
22 Point of Service Entry Mode Code M
23 Card Sequence Number C C
25 Point of Service Condition Code M M Must be ‘00’
32 Acquiring Institution ID Code M M
33 Forwarding Institution ID Code C Required for SMS bridge transactions. It will not be forwarded to the issuer.
37 Retrieval Reference Number M M
38 Authorization ID Response C
39 Response Code M
41 Card Acceptor Terminal ID M M
42 Card Acceptor ID Code M M
Message Formats and Flows SMS Message Formats
27 Jun 2002 Visa *Confidential* A–13
Field Number
Field Name
0420
0430
Comments
43 Card Acceptor Name/Location M
49 Currency Code, Transaction M
55 Field 55 (BER-TLV) C C
59 National Geographic Data C
60 Additional POS Information C
63.0 Bitmap (Field 63) M M
63.1 Network ID M M
63.3 Message Reason Code M
90 Original Data Elements M M
115 Additional Trace Data O
131 Terminal Verification Results O It is present in 0420 if issuer authentication failed
133 Terminal Serial Number O If present in original, it is required in 0420 request
134 Visa Discretionary Data O
137 Application Transaction Counter O O
143 Issuer Script Results M M Must be present for reversal
PIN Management for IC Cards Member Implementation Guide 40060-01
A–14 Visa *Confidential* 27 Jun 2002
The SMS advice of reversal message format is shown in Table A-6.
Table A-6: SMS Advice of Reversal
Field Number
Field Name
0420
0430
Bitmap, Secondary M M
Third Bitmap M M
2 Primary Account Number (PAN) M M
3 Processing Code M M
7 Transmission Date and Time M M
11 Systems Trace Audit Number M M
12 Time, Local Transaction M
13 Date, Local Transaction M
15 Date, Settlement M M
18 Merchant Type M
19 Acquiring Institution Country Code M M
21 Forwarding Institution Country Code C
22 Point of Service Entry Mode Code M
23 Card Sequence Number C C
25 Point of Service Condition Code M M
32 Acquiring Institution ID Code M M
33 Forwarding Institution ID Code C
37 Retrieval Reference Number M M
38 Authorisation ID Response C
39 Response Code M M
41 Card Acceptor Terminal ID M M
42 Card Acceptor ID Code M M
43 Card Acceptor Name/Location M
44.1 Response Source/Reason Code M
Message Formats and Flows SMS Message Formats
27 Jun 2002 Visa *Confidential* A–15
Field Number
Field Name
0420
0430
49 Currency Code, Transaction M
55 Field 55 (BER-TLV) C C
59 National Geographic Data C
60 Additional POS Information C
63.0 SMS Private Use Fields M M
63.1 Network ID M M
63.3 Message Reason Code M
63.4 STIP/Switch Reason Code M
90 Original Data Elements M M
131 Terminal Verification Results O
133 Terminal Serial Number O
134 Visa Discretionary Data O
137 Application Transaction Counter O O
143 Issuer Script Results M M
PIN Management for IC Cards Member Implementation Guide 40060-01
A–16 Visa *Confidential* 27 Jun 2002
A.3 Updated Field Descriptions These field descriptions have been updated with information related to PIN Management messages. The PIN Management changes apply to both BASE I and SMS.
Field 152 – Secondary PIN Block Attributes Fixed length 64 N, bit string; 8 bytes DescriptionDescriptionDescriptionDescription Field 152 contains a new PIN to replace an existing PIN. It is
encrypted and formatted as a block of 16 hexadecimal digits. (A new PIN is chosen to replace the current PIN when the cardholder does not remember the current PIN, or the current PIN is compromised or just wants a new PIN.)
In an acquirer-initiated request, this field format must conform to the
PIN Block Format Code in Field 53 – Security Related Control Information. In a request received by the issuer processor, the format conforms to the PIN Block Format of the issuer processor, as previously specified to Visa. This new PIN is never logged, even if it is in an encrypted form.
UsageUsageUsageUsage Field 152 is required in 0100/0200 requests only when the cardholder
chooses to replace their current PIN at an ATM. It must be present when requesting a PIN change. This field is not used in reversal requests or advices, or in any responses.
If this field is present, Field 52 – Personal Identification Number
(PIN) Data and Field 53 – Security Related Control Information must also be present. This field should not be used other than for a PIN Management request.
STIP and Switch Advices: Field 152 is omitted from advices
Field EditsField EditsField EditsField Edits Field 152 is required if Field 3.1 is 70 (PIN Change/Unblock).
The VIC’s security module edits field contents during PIN translation. If there is an error (most commonly, an acquirer key problem), the request message is not rejected; instead, the response code in Field 39 of the 0110/0210 response is set to 81.
RejecRejecRejecReject Codest Codest Codest Codes The reject codes for Field 152 are:
0489 = Field missing in a PIN Change request 0717 = Field present in a PIN Unblock request
Message Formats and Flows Updated Field Descriptions
27 Jun 2002 Visa *Confidential* A–17
Field 142 – Issuer Script Attributes Variable length
1 byte + up to 510 hexadecimal digits, maximum 256 bytes
Description Field 142 is a Visa Smart Debit/Visa Smart Credit (VSDC) field. It is also used in Chip Offline Preauthorized Card (COPAC) transactions. It contains proprietary information that the issuer processor wishes to communicate to the card. It allows dynamic changes to the content of the card without reissuing the card.
Usage Field 142 is optional in 0110 responses. It is not present in 0120
advices.
Field 142 is required in 0110/0210 responses when the issuer approved a PIN Change/Unblock request.
Field Edits If Field 142 is present, the value in the one-byte length value cannot be greater that the 510-hexadecimal-digit maximum. If the Issuer approved a PIN Change/Unblock request, Field 142 must be present in the response message.
Reject Codes The reject codes for Field 142 are: 0371 = Invalid length 0490 = Field 142 is missing in an approved PIN Change/Unblock
response 0717 = Field 142 is present in a declined PIN Change/Unblock
response
PIN Management for IC Cards Member Implementation Guide 40060-01
A–18 Visa *Confidential* 27 Jun 2002
Field 143 – Issuer Script Results Attributes Variable length
1 byte + up to 40 hexadecimal digits, maximum 21 bytes
Description Field 143 is a Visa Smart Debit/Visa Smart Credit (VSDC) field. During online processing, the issuer processor has the option of sending commands to the card in the authorization response. These commands instruct the card to update the card parameters. The card records the success or failure of the updates in the Issuer Script Results field.
Position 1-8 1-8 1-8 1-8
length reserved reserved reserved reserved
Byte 1 Byte 2 Byte 3 Byte 4
1-4 5-8 1-8
script processing script sequence reserved
Byte 5 Bytes 6-21
Length Subfield: The number of bytes following the length subfield. Field 143 Subfield Values
Position Description Values
Byte 1-4 Reserved for Visa
1-8 Reserved for Visa n/a
Byte 5
1-4 Script Processing 0000 = Script not performed 0001 = Script processing failed 0010 = Script processing successful
5-8 Script Sequence 0000 = Script sequence not specified 0000-1110 = Sequence number of script command 1-14 1110 = Sequence number of script command 15 or above
Byte 6-21 Reserved for Visa
1-8 Reserved for Visa n/a
Usage If an issuer script result is present, field 143 is used in 0400 request
and 0420 advices. Field Edits If field 143 is present, its length cannot exceed 20 bytes excluding the
length byte.
If an update failure occurs for a PIN Management message, Field 143 must be present in the 0400/0420 reversal request.
Message Formats and Flows Updated Field Descriptions
27 Jun 2002 Visa *Confidential* A–19
Reject Codes The reject codes for Field 143 are: 0371 = Invalid length 0491 = Field 143 is missing in a PIN Management reversal request
message
PIN
Man
agem
ent
for
IC C
ard
s M
emb
er Im
ple
men
tati
on
Gu
ide
4006
0-01
A–2
0 V
isa
*Con
fiden
tial*
27
Jun
200
2
A.4
PIN
Man
agem
ent
Mes
sag
e F
low
s T
his
sec
tion
illu
stra
tes
the
flow
of
PIN
Man
agem
ent
mes
sage
s.
Th
e fl
ow s
how
n in
Fig
ure
A-1
is t
ypic
al w
hen
eve
ryth
ing
is in
pro
per
orde
r. T
he
acqu
irer
an
d is
suer
are
bot
h
part
icip
atin
g in
th
e P
IN M
anag
emen
t se
rvic
e. N
o pr
oces
sin
g pr
oble
ms
are
enco
un
tere
d by
th
e V
.I.P
. Sys
tem
in t
his
sc
enar
io, a
nd
the
issu
er is
ava
ilab
le. T
he
issu
er’s
res
pon
se in
clu
des
the
Issu
er’s
Scr
ipt
(fie
ld 1
42)
wit
h c
omm
ands
to
upd
ate
the
IC c
ard.
Fig
ure
A-1
: P
IN M
anag
emen
t R
equ
est/
Res
po
nse
A
cqu
irer
V
.I.P
. Sys
tem
Is
suer
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
Is
suer
’s
Scr
ipt
Res
pon
se
Issu
er’s
S
crip
t R
espo
nse
Is
suer
’s
Scr
ipt
Res
pon
se
Mes
sag
e F
orm
ats
and
Flo
ws
PIN
Man
agem
ent M
essa
ge F
low
s
27 J
un 2
002
Vis
a *C
onfid
entia
l*
A–2
1
A r
ever
sal i
s il
lust
rate
d in
Fig
ure
A-2
. Th
e ac
quir
er w
ill s
end
a R
ever
sal m
essa
ge o
nly
wh
en a
scr
ipt
upd
ate
fail
ure
oc
curs
.
Fig
ure
A-2
: P
IN M
anag
emen
t R
ever
sal
A
cqu
irer
V
.I.P
. Sys
tem
Is
suer
R
ever
sal f
or s
crip
t u
pdat
e fa
ilu
re o
nly
R
ever
sal f
or s
crip
t u
pdat
e fa
ilu
re o
nly
Rev
ersa
l for
scr
ipt
upd
ate
fail
ure
on
ly
Is
suer
’s R
ever
sal
Res
pon
se
Issu
er’s
Rev
ersa
l R
espo
nse
Is
suer
’s R
ever
sal
Res
pon
se
PIN
Man
agem
ent
for
IC C
ard
s M
emb
er Im
ple
men
tati
on
Gu
ide
4006
0-01
A–2
2 V
isa
*Con
fiden
tial*
27
Jun
200
2
If a
n a
cqu
irer
is n
ot p
arti
cipa
tin
g in
PIN
Man
agem
ent
for
IC C
ards
, bu
t is
abl
e to
sen
d a
requ
est,
th
e V
.I.P
. Sys
tem
w
ill i
ssu
e a
resp
onse
cod
e ‘5
8’ a
s sh
own
in F
igu
re A
-3.
Fig
ure
A-3
: A
cqu
irer
No
t P
arti
cip
atin
g
A
cqu
irer
V
.I.P
. Sys
tem
Is
suer
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
R
espo
nse
C
ode
‘58’
Res
pon
d w
ith
‘58’
(T
ran
sact
ion
not
al
low
ed a
t te
rmin
al)
Mes
sag
e F
orm
ats
and
Flo
ws
PIN
Man
agem
ent M
essa
ge F
low
s
27 J
un 2
002
Vis
a *C
onfid
entia
l*
A–2
3
As
show
n in
Fig
ure
A-4
, wh
en a
n is
suer
is n
ot p
arti
cipa
tin
g in
th
e P
IN M
anag
emen
t fo
r IC
Car
ds s
ervi
ce, t
he
V.I
.P.
Sys
tem
wil
l iss
ue
a re
spon
se c
ode
‘57’
.
Fig
ure
A-4
: Is
suer
No
t P
arti
cip
atin
g
A
cqu
irer
V
.I.P
. Sys
tem
Is
suer
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
R
espo
nse
C
ode
‘57’
R
espo
nd
wit
h ‘5
7’
PIN
Man
agem
ent
for
IC C
ard
s M
emb
er Im
ple
men
tati
on
Gu
ide
4006
0-01
A–2
4 V
isa
*Con
fiden
tial*
27
Jun
200
2
If t
he
issu
er is
un
avai
labl
e, t
he
V.I
.P. S
yste
m w
ill i
ssu
e a
resp
onse
cod
e ‘9
1’ a
s il
lust
rate
d in
Fig
ure
A-5
.
Fig
ure
A-5
: Is
suer
Un
avai
lab
le
A
cqu
irer
V
.I.P
. Sys
tem
Is
suer
R
espo
nse
C
ode
‘91’
R
espo
nd
wit
h ‘9
1’
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
U
nav
aila
ble
Mes
sag
e F
orm
ats
and
Flo
ws
PIN
Man
agem
ent M
essa
ge F
low
s
27 J
un 2
002
Vis
a *C
onfid
entia
l*
A–2
5
Th
e sc
enar
io in
Fig
ure
A-6
illu
stra
tes
a ti
me-
out.
Th
e is
suer
doe
s n
ot r
espo
nd
wit
hin
th
e sp
ecif
ic t
ime
lim
it. T
he
orig
inal
req
ues
t m
essa
ge is
tim
ed-o
ut
and
Vis
a S
tan
d-In
Pro
cess
ing
(ST
IP)
proc
esse
s a
resp
onse
des
tin
ed t
o th
e ac
quir
er. A
s th
is is
a P
IN-b
ased
tra
nsa
ctio
n, t
he
V.I
.P. S
yste
m r
espo
nds
wit
h r
espo
nse
cod
e ‘9
1’. W
hen
th
e V
.I.P
. Sys
tem
rec
eive
s th
e la
te r
espo
nse
, th
e m
essa
ge is
ret
urn
ed b
ack
to t
he
issu
er. T
his
en
able
s th
e is
suer
to
amen
d th
eir
reco
rds,
bac
kin
g ou
t th
e or
igin
al r
equ
est.
Fig
ure
A-6
: T
ime-
Ou
t, Is
suer
Do
es N
ot
Res
po
nd
A
cqu
irer
V
.I.P
. Sys
tem
Is
suer
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
R
espo
nse
C
ode
‘91’
R
espo
nd
wit
h ‘9
1’
PIN
C
han
ge/U
nlo
ck
Req
ues
t
Pro
cess
L
ate
Res
pon
se
Issu
er’s
S
crip
t R
espo
nse
Ret
urn
Lat
e R
espo
nse
to
Issu
er
to B
ack-
Ou
t th
e R
equ
est
Bac
k O
ut
Req
ues
t if
a
Ret
urn
ed M
essa
geis
Rec
eive
d fr
om
VIP
PIN
Man
agem
ent
for
IC C
ard
s M
emb
er Im
ple
men
tati
on
Gu
ide
4006
0-01
A–2
6 V
isa
*Con
fiden
tial*
27
Jun
200
2
Th
e sc
enar
io il
lust
rate
d in
Fig
ure
A-7
sh
ows
a re
turn
ed m
essa
ge f
rom
th
e ac
quir
ers’
nod
e (u
nde
live
rabl
e). T
his
in
dica
tes
that
th
e ac
quir
er d
id n
ot r
ecei
ve t
he
Issu
er’s
Scr
ipt
to s
ucc
essf
ull
y co
mpl
ete
the
PIN
Ch
ange
/Un
lock
re
ques
t. W
hen
Vis
aNet
rec
eive
s th
e re
turn
ed m
essa
ge, t
he
V.I
.P. S
yste
m f
orw
ards
th
e re
turn
ed m
essa
ge t
o th
e is
suer
.
Fig
ure
A-7
: M
essa
ge
Un
del
iver
able
to
Acq
uir
er
A
cqu
irer
V
.I.P
. Sys
tem
Is
suer
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
PIN
C
han
ge/U
nlo
ck
Req
ues
t
Is
suer
’s
Scr
ipt
Res
pon
se
Issu
er’s
S
crip
t R
espo
nse
Is
suer
’s
Scr
ipt
Res
pon
se
Res
pon
se is
u
nde
live
red
and
retu
rned
to
VIP
Ret
urn
ed
Mes
sage
Pro
cess
Ret
urn
ed
Mes
sage
an
d se
nd
to I
ssu
er t
o ba
ck-
out
Req
ues
t
Bac
k ou
t R
equ
est
if
a R
etu
rned
Mes
sage
is r
ecei
ved
from
VIP
Mes
sag
e F
orm
ats
and
Flo
ws
PIN
Man
agem
ent M
essa
ge F
low
s
27 J
un 2
002
Vis
a *C
onfid
entia
l*
A–2
7
Th
e sc
enar
io in
Fig
ure
A-8
sh
ows
the
flow
of
a R
ever
sal m
essa
ge w
hen
th
e is
suer
is u
nav
aila
ble.
Th
e V
.I.P
. Sys
tem
ge
ner
ates
an
Adv
ice
mes
sage
for
late
r re
trie
val w
hen
th
e is
suer
is a
vail
able
. Th
e is
suer
may
or
may
not
ret
riev
e th
eir
advi
ces
inst
antl
y. R
etri
evin
g ad
vice
s is
typ
ical
ly p
erfo
rmed
du
rin
g of
f-pe
ak h
ours
. Als
o, s
ome
issu
ers
do n
ot
retr
ieve
th
eir
advi
ces
onli
ne,
bu
t op
t to
hav
e th
eir
advi
ces
deli
vere
d of
flin
e vi
a B
AS
E I
I T
C48
s.
Fig
ure
A-8
: P
IN M
anag
emen
t R
ever
sal –
Issu
er U
nav
aila
ble
A
cqu
irer
V
.I.P
. Sys
tem
Is
suer
R
ever
sal f
or s
crip
t u
pdat
e fa
ilu
re o
nly
R
ever
sal f
or s
crip
t u
pdat
e fa
ilu
re o
nly
R
ever
sal f
or s
crip
t u
pdat
e fa
ilu
re o
nly
VIP
cre
ates
an
A
dvic
e to
be
retr
ieve
d by
th
e Is
suer
Is
suer
s’ A
dvic
e F
ile
Issu
er s
ends
m
essa
ge t
o V
IP t
o re
trie
ve t
hei
r A
dvic
es
Sen
d R
ever
sal
Adv
ice
to I
ssu
er
Rec
eive
Rev
ersa
l A
dvic
e fr
om V
IP
PIN
Man
agem
ent
for
IC C
ard
s M
emb
er Im
ple
men
tati
on
Gu
ide
4006
0-01
A–2
8 V
isa
*Con
fiden
tial*
27
Jun
200
2
Certification Scripts BASE I Certification Script
27 Jun 2002 Visa *Confidential* B–1
B. Certification Scripts
This appendix contains sample BASE I and SMS test scripts for PIN Management certification. Prior to online testing, you should obtain the most current certification scripts from Visa Online.
NOTE: Draft test scripts are included in this appendix as examples only, so it is critical that you obtain the most current version through Visa Online.
B.1 BASE I Certification Script Table B-1 describes the sample test cases in the BASE I certification script.
PIN
Man
agem
ent
for
IC C
ard
s M
emb
er Im
ple
men
tati
on
Gu
ide
4006
0-01
B–2
V
isa
*Con
fiden
tial*
27
Jun
200
2
Tab
le B
-1:
BA
SE
I P
IN M
anag
emen
t C
erti
fica
tio
n S
crip
t
Fie
ld V
alu
es
Cas
e N
um
ber
M
essa
ge
Typ
e Id
enti
fier
C
ase
Nam
e F
3 F
18
F22
F
25
F39
C
om
men
ts
1 01
00/0
110
Aut
horis
atio
n -
PIN
Cha
nge
7000
00
6011
05
10
00
85
PIN
req
uest
app
rove
d. F
142
mus
t be
pres
ent
in r
espo
nse.
2 01
00/0
110
Aut
horis
atio
n -
PIN
Cha
nge
7000
00
6011
05
10
00
85
PIN
req
uest
app
rove
d. F
142
mus
t be
pres
ent
in r
espo
nse.
04
00/0
410
Rev
ersa
l 70
0000
60
11
0510
00
F14
3 Is
suer
scr
ipt r
esul
ts m
ust b
e pr
esen
t
3 01
00/0
110
Aut
horis
atio
n -
PIN
Unb
lock
72
0000
60
11
0510
00
85
P
IN r
eque
st a
ppro
ved.
F14
2 m
ust b
e pr
esen
t in
res
pons
e.
4 01
00/0
110
Aut
horis
atio
n -
PIN
Cha
nge
7000
00
6011
05
10
00
P5
PIN
req
uest
dec
lined
5 01
00/0
110
Aut
horis
atio
n -
PIN
Unb
lock
72
0000
60
11
0510
00
P
6 U
nsaf
e P
IN
6 01
00/0
110
Aut
horis
atio
n -
PIN
Cha
nge
7200
00
6011
05
10
00
83
Una
ble
to v
erify
PIN
7 01
00/0
110
Aut
horis
atio
n -
PIN
Unb
lock
72
0000
60
11
0510
00
81
C
rypt
ogra
phic
err
or
8 01
00/0
110
Aut
horis
atio
n -
PIN
Cha
nge
7000
00
6011
05
10
00
85
PIN
req
uest
app
rove
d. F
142
mus
t be
pres
ent
in r
espo
nse.
04
20/0
430
Rev
ersa
l Adv
ice
7000
00
6011
05
10
00
F
143
Issu
er s
crip
t res
ults
mus
t be
pres
ent
9 01
00/0
110
Aut
horis
atio
n -
PIN
Unb
lock
72
0000
60
11
0510
00
91
Is
suer
una
vaila
ble
or ti
med
out
NO
TE
: F
55 o
r F
152
will
hav
e th
e ne
w P
IN.
Certification Scripts SMS Certification Script
27 Jun 2002 Visa *Confidential* B–3
B.2 SMS Certification Script Table B-2 provides a sample SMS certification script.
SMS test case results should be verified against SMS reports and raw data.
PIN
Man
agem
ent
for
IC C
ard
s M
emb
er Im
ple
men
tati
on
Gu
ide
4006
0-01
B–4
V
isa
*Con
fiden
tial*
27
Jun
200
2
Tab
le B
-2:
SM
S P
IN M
anag
emen
t C
erti
fica
tio
n S
crip
t
Fie
ld V
alu
es
Cas
e N
um
ber
M
essa
ge
Typ
e Id
enti
fier
C
ase
Nam
e F
3 F
18
F22
F
25
F39
C
om
men
ts
1 02
00/0
210
PIN
Cha
nge
7000
00
6011
05
10
00
85
PIN
req
uest
app
rove
d. F
142
mus
t be
pres
ent i
n re
spon
se.
2 02
00/0
210
PIN
Cha
nge
7000
00
6011
05
10
00
85
PIN
req
uest
app
rove
d. F
142
mus
t be
pres
ent i
n re
spon
se.
04
00/0
410
Rev
ersa
l 70
0000
60
11
0510
00
F14
3 Is
suer
scr
ipt r
esul
ts m
ust b
e pr
esen
t
3 02
00/0
210
Pin
Unb
lock
72
0000
60
11
0510
00
85
P
IN r
eque
st a
ppro
ved.
F14
2 m
ust b
e pr
esen
t in
resp
onse
.
4 02
00/0
210
PIN
Cha
nge
7000
00
6011
05
10
00
P5
PIN
req
uest
dec
lined
5 02
00/0
210
PIN
Unb
lock
72
0000
60
11
0510
00
P
6 U
nsaf
e P
IN
6 02
00/0
210
PIN
Cha
nge
7200
00
6011
05
10
00
83
Una
ble
to v
erify
PIN
7 02
00/0
210
PIN
Unb
lock
72
0000
60
11
0510
00
81
C
rypt
ogra
phic
err
or
8 02
00/0
210
PIN
Cha
nge
7000
00
6011
05
10
00
85
PIN
req
uest
app
rove
d. F
142
mus
t be
pres
ent i
n re
spon
se.
04
20/0
430
Rev
ersa
l Adv
ice
7000
00
6011
05
10
00
F
143
Issu
er s
crip
t res
ults
mus
t be
pres
ent
9 02
00/0
210
PIN
Unb
lock
72
0000
60
11
0510
00
91
Is
suer
una
vaila
ble
or ti
med
out
NO
TE
: F
55 o
r F
152
will
hav
e th
e ne
w P
IN.
Glossary
27 Jun 2002 Visa *Confidential* Glossary–1
Glossary
Card Verification Value (CVV)
A unique check value encoded on the magnetic stripe or chip of a card. The Card Verification Value is used to validate the card information during authorisation and detect counterfeit cards. This service is not available to PIN Management for IC Cards.
Europay, MasterCard, Visa (EMV) Specifications
Technical specifications developed by the three payment schemes outlining the interactions between chip cards and terminals to ensure interoperability.
Offline PIN
A numeric value stored on the chip of an IC card used to identify the cardholder when PIN verification takes place offline between the card and terminal.
Offline PIN Verification
The process of verifying a PIN entered into a terminal by the cardholder through interaction between the card and terminal. The PIN entered by the cardholder is compared to a numeric value stored on the chip in the card.
Online PIN
A numeric value stored at the issuer’s host that is used to identify the cardholder when PIN verification takes place through an online message routed between the acquirer and the issuer.
Online PIN Verification
The process of verifying a PIN entered into a terminal by the cardholder by sending it to the issuer for verification. The PIN entered by the cardholder is compared to a numeric value stored at the issuer’s host.
PIN Management for IC Cards Member Implementation Guide 40060-01
Glossary–2 Visa *Confidential* 27 Jun 2002
PIN Change/Unlock
A PIN Management message used to change the offline PIN on an IC card. Optionally, the issuer may reset the PIN-try counter in the same response message, as the status of the PIN-try counter is included in the request message.
PIN Verification Value (PVV)
The PIN Verification Value is used in the PIN Verification Service offered by Visa to verify PINs on behalf of issuers. This service is not available to PIN Management for IC Cards as only the issuer can approve a PIN Management request.
PIN Management Message
An online message used to handle PIN-related functions, such as changing or unlocking a PIN on an IC card.
PIN Unlock
A PIN Management message used to reset the PIN-try counter on IC cards. When the PIN-try counter reaches its maximum allowable value as set by the issuer, the card application may become blocked. This will prevent subsequent transactions.
Post-Issuance Script
A command sent from the card issuer to the IC card through VisaNet to change a parameter set in the chip on the card. The IC card will verify that it is the genuine issuer that has provided the Post-Issuance Script. Also referred to as issuer script.