MChip 4 Issuer Guide To Debit and Credit Parameter Management, Dec2004
MChip 4 Issuer Guide To Debit and Credit Parameter Management, Dec2004
MChip 4 Issuer Guide To Debit and Credit Parameter Management, Dec2004
Information
Replacement What is in the new version?
The December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management replaces your existing manual. This manual describes how to use the main features of the M/Chip Select 4 and the M/Chip Lite 4 applications. Please refer to: Summary of Changes for a comprehensive list of changes reflected in this update. Using this Manual for a complete list of the contents of this manual.
Questions?
If you have questions about this manual, please contact the Customer Operations Services team or your regional help desk. Please refer to Using this Manual for more contact information. Please take a moment to provide us with your feedback about the material and usefulness of the M/Chip 4 Issuer Guide to Debit and Credit Parameter Management using the following e-mail address: publications@mastercard.com We continually strive to improve our publications. Your input will help us accomplish our goal of providing you with the information you need.
MasterCard is Listening
Summary
Change Summary
of Changes
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management, December 2004
Description of Change
Addition of MasterCard The M/Chip Select 4 and M/Chip Lite 4 applications now Electronic brand offer certain issuer-specific features to enhance the supported MasterCard Electronic brand.
Page 1 of 1
Copyright
The information contained in this manual is proprietary and confidential to MasterCard International Incorporated (MasterCard) and its members. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard. To the extent permitted by law, neither MasterCard nor any of its affiliates, employees or officers shall be liable to any recipient of this manual, or any other third party, for any loss, damages (including direct, special, punitive, exemplary, incidental or consequential damages) or costs (including attorneys fees) which arise out of, or are related to this manual. The foregoing limitation of liability shall apply to any claim or cause of action under law or equity whatsoever, including contract, warranty, strict liability, or negligence, even if MasterCard has been notified of the possibility of such damages or claim.
Trademarks
Trademark notices and symbols used in this manual reflect the registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States. All third-party product and service names are trademarks or registered trademarks of their respective owners.
Media
This document is available: On MasterCard OnLine On the MasterCard Electronic Library (CD-ROM)
MasterCard International Incorporated 2200 MasterCard Boulevard OFallon MO 63368-7263 USA 1-636-722-6100 www.mastercard.com
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
Publication Code: XV
Table of Contents
Chapter 1
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4 .......................................1-1 1.1.1 Uniform Behavior across Multiple Implementations.........................1-1 1.1.2 M/Chip Select 4the High Security Application...............................1-2 1.1.3 M/Chip Lite 4the Light Version of M/Chip Select 4.......................1-2 1.1.4 Simple Yet Powerful Card Risk Management ....................................1-2 1.1.5 How You Control Offline Risk ...........................................................1-4 1.1.6 Migration Facilities ..............................................................................1-7 1.1.7 Offline PIN Management Facilities.....................................................1-7 1.1.8 Acceptance on CAT Level 3 Terminals ..............................................1-8 1.1.9 Post-issuance Updates and Maintenance ...........................................1-9 1.1.10 Transaction Log.................................................................................1-9 1.1.11 Specific Behavior for Domestic or International Transactions........1-9 1.1.12 Additional Functionality....................................................................1-9 1.2 M/Chip Select 4, M/Chip Lite 4 and EMV 2000 ........................................1-10
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
Table of Contents
1.2.1 EMV 2000 Session Key Derivation ...................................................1-10 1.2.2 Combined DDA/AC Generation.......................................................1-10
Chapter 2
2.4 Offline Counters and Offline Limits ..........................................................2-12 2.4.1 Offline Counters................................................................................2-12 2.4.2 Offline Limits.....................................................................................2-13 2.4.3 Comparison between Offline Counters and Offline Limits.............2-14 2.5 Card Risk Management Algorithm.............................................................2-16 2.5.1 First Occurrence of GENERATE AC .................................................2-16 2.5.2 Second Occurrence of GENERATE AC ............................................2-21
Chapter 3
ii
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table of Contents
3.3.6 Lower Consecutive Offline Limit......................................................3-10 3.3.7 Upper Consecutive Offline Limit......................................................3-10 3.3.8 Currency Conversion Table and Currency Conversion Parameters ...................................................................................................3-10 3.3.9 Default ARPC Response Code ..........................................................3-11 3.3.10 Additional Check Table ..................................................................3-12 3.3.11 CDOL 1 and CDOL 2 Related Data ................................................3-12 3.3.12 Offline PIN, PIN Try Counter and PIN Try Limit...........................3-13 3.3.13 Previous Transaction History..........................................................3-13 3.3.14 Application Control.........................................................................3-13 3.4 Selecting Cryptographic Features ..............................................................3-14 3.4.1 Session Key Derivation.....................................................................3-14 3.4.2 Key for Offline Encrypted PIN .........................................................3-15 3.4.3 Offline Counters Encryption.............................................................3-17 3.4.4 Offline Counters inclusion in AC .....................................................3-17 3.4.5 Cryptogram Version Number ...........................................................3-18
Chapter 4
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
iii
Table of Contents
Chapter 5
Advanced Features
5.1 Synchronization between Online and Offline PIN Try Counters...............5-1 5.2 Support of Magstripe Grade Issuer Mode...................................................5-2 5.2.1 Magstripe Grade Issuer Mode Not Activated .....................................5-2 5.2.2 Magstripe Grade Issuer Mode Activated ............................................5-3 5.3 Behavior on CAT Level 3 Terminals ...........................................................5-6 5.4 Swapping Application File Locator Configurations ....................................5-7 5.4.1 AFL Swap Mechanism.........................................................................5-7 5.4.2 PIN De-synchronization on New Cards and Offline PIN Postactivation .......................................................................................................5-8 5.5 Consulting the Log of Transactions...........................................................5-11 5.6 Retrieving the Offline Balance...................................................................5-12 5.7 Post-Issuance Maintenance........................................................................5-13 5.7.1 PUT DATA to Modify Data Elements...............................................5-13 5.7.2 UPDATE RECORD to Modify Records .............................................5-14 5.7.3 GET DATA to Retrieve Data.............................................................5-14 5.7.4 GET PROCESSING OPTIONS to Retrieve Data ...............................5-15 5.7.5 Retrieving Records In The Transaction Log.....................................5-16 5.7.6 Sending Script Commands to the Card ............................................5-16 5.8 Additional Check Table .............................................................................5-17 5.8.1 How the M/Chip Application Checks the Additional Check Table............................................................................................................5-17 5.8.2 Additional Check Table Content ......................................................5-19 5.8.3 Example of Additional Check Table Value......................................5-21
Chapter 6
iv
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table of Contents
6.2.5 Miscellaneous......................................................................................6-7 6.2.6 Get Processing Options Response .....................................................6-7 6.2.7 Counters and Previous Transaction....................................................6-8 6.2.8 PIN Information ..................................................................................6-8 6.2.9 Data Elements With a Fixed Initial Value ..........................................6-9 6.2.10 Additional Data Elements ...............................................................6-10 6.3 Common Profiles........................................................................................6-10 6.3.1 Profile Assumptions ..........................................................................6-10 6.3.2 Full Grade Profiles ............................................................................6-16 6.3.3 Magstripe Grade Profiles ..................................................................6-55
Chapter 7
Chapter 8
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
Table of Contents
Cryptogram Information Data ............................................................8-4 Issuer Application Data ......................................................................8-4 Terminal Verification Results..............................................................8-6 Unpredictable Number .......................................................................8-6 Remaining Data Elements...................................................................8-7
8.3 Preparing the Authorization Response........................................................8-7 8.3.1 Issuer Authentication Data .................................................................8-7 8.3.2 Issuer Script.........................................................................................8-8 8.4 Personalization .............................................................................................8-9 8.4.1 Overview .............................................................................................8-9 8.4.2 Step 1: Build the Personalization Values ...........................................8-9
Chapter 9
vi
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table of Contents
A.10 CDOL 2 (Card Risk Management Data Object List 2) ........................... A-18 A.11 Consecutive Offline Transactions Number ............................................ A-19 A.12 CRM Country Code................................................................................. A-19 A 13 CRM Currency Code............................................................................... A-20 A.14 Cryptogram Information Data ................................................................ A-20 A.15 Cryptogram Version Number ................................................................. A-21 A.16 Cumulative Offline Transaction Amount ............................................... A-22 A.17 Currency Conversion Parameters........................................................... A-23 A.18 Currency Conversion Table.................................................................... A-24 A.19 CVR (Card Verification Results) ............................................................. A-25 A.20 Default ARPC Response Code................................................................ A-31 A.21 DDOL (Dynamic Data Authentication Data Object List) ...................... A-33 A.22 ICC Dynamic Number ............................................................................ A-33 A.23 Issuer Action Code Default, Denial, Online....................................... A-34 A.24 Issuer Application Data .......................................................................... A-36 A.25 Issuer Authentication Data ..................................................................... A-37 A.26 Key Derivation Index ............................................................................. A-37 A.27 Lower Consecutive Offline Limit............................................................ A-38 A.28 Lower Cumulative Offline Transaction Amount.................................... A-38 A.29 Log Format .............................................................................................. A-39 A.30 Offline Balance ....................................................................................... A-40 A.31 PIN Try Counter...................................................................................... A-40 A.32 PIN Try Limit........................................................................................... A-41 A.33 Previous Transaction History ................................................................. A-42
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
vii
Table of Contents
A.34 Script Counter ......................................................................................... A-43 A.35 Consecutive Offline Limit ....................................................................... A-44 A.36 Cumulative Offline Transaction Amount ............................................... A-44
viii
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Purpose................................................................................................................... 1 Audience................................................................................................................. 1 Overview ................................................................................................................ 2 Excerpted Text ....................................................................................................... 3 Language Use ......................................................................................................... 3 Times Expressed..................................................................................................... 4 Revisions ................................................................................................................. 4 Related Information................................................................................................ 5 Support ................................................................................................................... 6 Member Relations Representative ................................................................... 7 Regional Representative................................................................................... 7 Abbreviations.......................................................................................................... 8 Notational Conventions ................................................................................. 10 Hexadecimal Notation ............................................................................. 10 Binary Notation........................................................................................ 10 Decimal Notation ..................................................................................... 10 Data Element Notation ............................................................................ 10
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
Purpose
The M/Chip Select 4 and M/Chip Lite 4 applications offer the card issuer a wide range of possibilities for configuring the application and setting the parameters in the card. The MasterCard M/Chip 4 Issuer Guide to Debit and Credit Parameter Management describes how you use the main features of M/Chip Select 4 and M/Chip Lite 4. It also provides you with specific information about how to customize and manage these applications.
Note
This publication is a guide for both the M/Chip Select 4 and the M/Chip Lite 4 applications. However, we describe common application behavior or parameterization with the general term The M/Chip 4 application. When behavior is specific to one of the applications, we use the application name, i.e. The M/Chip Lite 4 application. or The M/Chip Select 4 application. In all cases the references in this publication are to the features and behaviors relevant in an application that fully and correctly implements the M/Chip 4 Car Application Specifications for Debit and Credit.
Dec 2004
Note
M/Chip Select 2 represents all versions of M/Chip Select v2.0.1 to v2.0.5 currently implemented on MULTOS.
Audience
MasterCard provides this manual for members and their authorized agents. Specifically, the following personnel should find this manual useful: M/Chip Select 4 and/or M/Chip Lite 4 card issuer staff M/Chip Select 4 and/or M/Chip Lite 4 personalization bureau staff M/Chip Select 4 and/or M/Chip Lite 4 support staff
Dec 2004
The terms you and your in the text refer to the card issuer.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
The information given in this manual in relation to customization, data elements, parameter management, application or issuer profiles, and any other matters, is given in order to assist in the production and operation of cards by or on behalf of the issuer. Except where any item is indicated as mandatory by MasterCard hereunder it is for the issuer to determine what action it deems appropriate in light of its own circumstances and any suggestion or recommendation in this manual should only be treated as a guide for assistance.
Dec 2004
Overview
The following table provides an overview of this manual:
Chapter Table of Contents Using this Manual 1 2 3 Introduction Card Risk Management Description A list of the manuals tabbed sections and subsections. Each entry references a section and page number. A description of the manuals purpose and its contents. This chapter introduces the M/Chip Select 4 and the M/Chip Lite 4 applications. This chapter describes Card Risk Management for the M/Chip 4 application.
Configuring the This chapter describes the features of the M/Chip 4 M/Chip 4 Application application that you configure to define the application behavior. Issuer Host Processing of Transactions Advanced Features This chapter describes the processing performed by your host as part of online authorization and clearing. It also describes the conditions when the application status is updated. This chapter describes advanced features of the M/Chip 4 application.
5 6
Personalizing the This chapter describes the different types of personalization. M/Chip 4 Application It then identifies the data elements that require personalization and the different M/Chip 4 application profiles. Migration from M/Chip Lite 2.1 Migration from M/Chip Select 2 This chapter describes the migration of your authorization and clearing system from M/Chip Lite 2.1 to M/Chip Select 4 or M/Chip Lite 4. This chapter describes the migration of your authorization and clearing system from M/Chip Select 2 to M/Chip Select 4.
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Chapter 9 Migration from M/Chip Lite 4 to M/Chip Select 4 Data Elements Dictionary
Description This chapter describes the migration your authorization and clearing system from M/Chip Lite 4 to M/Chip Select 4. This appendix provides a dictionary of data element definitions.
A B C D E
Currency Conversion This appendix describes the currency conversion process used by the M/Chip 4 application. Offline Counters This appendix introduces how the M/Chip 4 application Exception Processing manages the offline counters. Interpreting the Card This appendix describes how you interpret the Card Verification Results Verification Results. Non-critical Script Data Examples This appendix provides examples of non-critical script data.
Excerpted Text
At times, this document may include text excerpted from another document. A note before the repeated text always identifies the source document. In such cases, we included the repeated text solely for the readers convenience. The original text in the source document always takes legal precedence.
Language Use
The spelling of English words in this manual follows the convention used for U.S. English as defined in Merriam-Websters Collegiate Dictionary. MasterCard is incorporated in the United States and publishes in the United States. Therefore, this publication uses U.S. English spelling and grammar rules. An exception to the above spelling rule concerns the spelling of proper nouns. In this case, we use the local English spelling.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
Times Expressed
MasterCard is a global company with locations in many time zones. The MasterCard operations and business centers are in the United States. The operations center is in St. Louis, Missouri, and the business center is in Purchase, New York. For operational purposes, MasterCard refers to time frames in this manual as either St. Louis time or New York time. Coordinated Universal Time (UTC) is the basis for measuring time throughout the world. You can use the following table to convert any time used in this manual into the correct time in another zone:
St. Louis, Missouri USA Central Time
Standard time
UTC 15:00
9:00
9:00
10:00
14:00
For Central European Time, last Sunday in October to last Sunday in March.
Revisions
MasterCard periodically will issue revisions to this document as we implement enhancements and changes, or as corrections are required. With each revision, we include a Summary of Changes describing how the text changed. Revision markers (vertical lines in the right margin) indicate where the text changed. The month and year of the revision appears to the right of each revision marker. Occasionally, we may publish revisions or additions to this document in a Global Operations Bulletin or other bulletin. Revisions announced in another publication, such as a bulletin, are effective as of the date indicated in that publication, regardless of when the changes are published in this manual.
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Related Information
The following documents and resources provide information related to the subjects discussed in this manual. Please refer to the Quick Reference Booklet for descriptions of these documents. EMV 2000, Version 4.0 December 2000 M/Chip Functional Architecture for Debit and Credit Modification to Combined Dynamic Data Authentication and Application Cryptogram Generation, EMVCo Bulletin No. 6, December 14 2001 M/Chip Lite Card Profile, Version 2.1 October 2000 M/Chip 4 Security & Key Management
Members that use the Cirrus service and logo or that process online debit transactions should refer to the debit processing manuals recommended by the Customer Operations Services team. For definitions of key terms used in this document, please refer to the MasterCard Dictionary on the Member Publications home page (on MasterCard OnLine and the MasterCard Electronic Library CD-ROM). You also may access the MasterCard Dictionary from the main menu and bookmark pane of most manuals. To order MasterCard manuals, please use the Ordering Publications service on MasterCard OnLine, or contact the Customer Operations Services team.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
Support
Please address your questions to the Global Member Operations Services Support team as follows:
Phone:
1-636-722-7192 member_support@mastercard.com MasterCard International Incorporated Customer Operations Services 2200 MasterCard Boulevard OFallon MO 63368-7263 USA 434800 answerback: 434800 ITAC UI
Telex:
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Regional Representative
The regional representatives work out of the regional offices. Their role is to serve as intermediaries between the members and other departments in MasterCard. Members can inquire and receive responses in their own language and during their offices hours of operation. To find out the location of the regional office serving your area, call the Customer Operations Services team at:
Phone:
For members in the Europe region, please contact your Regional Manager.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
Abbreviations
Table 1Abbreviations Abbreviation AAC AC ADF AFL AID AIP an ans APDU ARPC ARQC ATC b BER CDOL CIAC CID cn CRM CVR DDOL DES EMV EPI FCI IAD ICC Description Application Authentication Cryptogram Application Cryptogram Application Definition File Application File Locator Application Identifier Application Interchange Profile Alphanumeric characters Alphanumeric and Special characters Application Protocol Data Unit Authorization Response Cryptogram Authorization Request Cryptogram Application Transaction Counter Binary Basic Encoding Rules Card Risk Management Data Object List Card Issuer Action Code Cryptogram Information Data Compressed Numeric Card Risk Management Card Verification Results Dynamic Data Authentication Data Object List Data Encryption Standard Europay MasterCard Visa Europay International File Control Information Issuer Application Data Integrated Circuit Card
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Abbreviation LCOL M MAC MCI MKAC MKIDN MKSMC MKSMI n O PAN PDOL PIN PIX PSE RFU RID SDL SFI SHA SW1 - SW2, SW12 TC TLV TVR UCOL var.
Description Lower Consecutive Offline Limit Mandatory Message Authentication Code MasterCard International AC Master Key ICC Dynamic Number Master Key SM for Confidentiality Master Key SM for Integrity Master Key Numeric Characters Optional Primary Account Number Processing Options Data Object List Personal Identification Number Proprietary Application Identifier Extension Payment System Environment Reserved for Future Use Registered Application Provider Identifier Specification and Description Language Short File Identifier Secure Hash Algorithm Status bytes 1-2 Transaction Certificate Tag Length Value Terminal Verification Results Upper Consecutive Offline Limit Variable
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
Notational Conventions
Hexadecimal Notation
Values expressed in Hexadecimal form are enclosed in single quotes (i.e. ). For example, 27509 decimal is expressed in hexadecimal as 6B75.
Binary Notation
Values expressed in binary form are followed by a b and enclosed in single quotes (i.e. b). For example, 08 hexadecimal is expressed in binary as 00001000b.
Decimal Notation
Values expressed in decimal form are not enclosed in single quotes. For example, 08 hexadecimal is expressed in decimal as 8.
Both of these bullets represent bytes 1, 2, 3, 4, and 5 of the Card Verification Results.
10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Introduction
This chapter introduces the M/Chip Select 4 and M/Chip Lite 4 applications.
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4 .......................................1-1 1.1.1 Uniform Behavior across Multiple Implementations.........................1-1 1.1.2 M/Chip Select 4the High Security Application...............................1-2 1.1.3 M/Chip Lite 4the Light Version of M/Chip Select 4.......................1-2 1.1.4 Simple Yet Powerful Card Risk Management ....................................1-2 1.1.5 How You Control Offline Risk ...........................................................1-4 1.1.6 Migration Facilities ..............................................................................1-7 1.1.7 Offline PIN Management Facilities.....................................................1-7 1.1.7.1 Update of Offline PIN Try Counter...........................................1-8 1.1.7.2 Personalization as No Offline Signature Application.............1-8 1.1.7.3 Protections against Wedge Device Attacks...............................1-8 1.1.8 Acceptance on CAT Level 3 Terminals ..............................................1-8 1.1.9 Post-issuance Updates and Maintenance ...........................................1-9 1.1.10 Transaction Log.................................................................................1-9 1.1.11 Specific Behavior for Domestic or International Transactions........1-9 1.1.12 Additional Functionality....................................................................1-9 1.2 M/Chip Select 4, M/Chip Lite 4 and EMV 2000 ........................................1-10 1.2.1 EMV 2000 Session Key Derivation ...................................................1-10 1.2.2 Combined DDA/AC Generation.......................................................1-10
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
1-i
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
Dec 2004
These specifications cover the complete card to terminal interface used for offline and online EMV transactions, describing the behavior defining: The card interface At the application layer (C/R-APDUs) The behavior of the application in relation to the personalization values
Dec 2004
This approach offers the following benefits for Type Approval services and for your selection of an implementation provider: The test case definition is independent of the actual implementation. Implementations are validated against the M/Chip 4 applications standard test cases. All implementations compliant with these specifications should behave in the same way with regard to the matters set out in the specifications. You should therefore be able to manage several implementations of the same application, originating from different card application developers, without seeing any difference between them in such regard. You may therefore develop a single host system, to process all cards irrespective of their origin.
Dec 2004
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
1-1
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
The following features are almost identical for the M/Chip Select 4 and M/Chip Lite 4 applications: Card Risk Management Interface for online messages
1-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
The Card Verification Results is a transaction-dependent data element, which reflects the current status of the M/Chip 4 applications and the results of various internal checks performed on the current transaction parameters. It is composed of two parts, containing the following: Three bytes for information (part 1) Three bytes for Card Risk Management (part 2)
Figure 1.1 illustrates the two parts of the Card Verification Results data element.
Figure 1.1Parts 1 and 2 of the Card Verification Results
b1
Part reserved for general Information
b2
b3
b4
b5
b6
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
1-3
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
The entire Card Verification Results is included in the Issuer Application Data communicated to you: During an online transaction, when it is possible to connect to the issuer. In the clearing message for a transaction, if chip data is included in clearing messages.
The second, decision-making part of the Card Verification Results is used for Card Risk Management. It is internally compared to the Card Issuer Action Codes to decide which cryptogram to give in the response to the GENERATE AC (i.e. whether to decline or accept a transaction, or whether to go online to the issuer.) This organization of the Card Verification Results simplifies the following: Customization of the application behavior during the personalization, as only the decision-making part of the Card Verification Results is relevant. Interpretation of a transactions Card Verification Results value.
The M/Chip 4 applications support currency conversion for five currencies that you define at personalization.
1-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
Consecutive Offline Transactions Number The Consecutive Offline Transactions Number represents the number of transactions accepted offline, for which the value was not added to the Cumulative Offline Transaction Amount. This is the case for transactions performed in a currency not recognized by the M/Chip 4 applications. In such cases, the Consecutive Offline Transactions Number counter is incremented.
When an offline counter does not fall within one of its limits, the M/Chip 4 applications enable you to modify the application behavior, with typical modifications as follows: If the offline counter is less than or equal to the lower limit, the transaction is accepted offline even on an online capable terminal. If the offline counter is above the lower limit, the transaction goes online to the issuer on an online capable terminal, but is still accepted if it is not possible to go online (i.e. the terminal is offline only or it was not possible to go online to the issuer). If the offline counter is above the upper limit, the transaction goes online to the issuer on an online capable terminal, but is declined if it is not possible to go online.
Figure 1.2 illustrates typical usage of the offline limits and offline counters.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
1-5
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
offline counter
You receive the values of the offline counters during online transactions. Based on the amount already spent offline by the cardholder and on the cardholders account balance, you can choose to accept the online transaction and, when appropriate: Reset the offline counters to zero. Set the counters to the upper limits. Add the current transaction to the offline counters. Leave the counters unchanged.
During personalization, you determine the following: Whether offline counters are sent in clear or encrypted Whether to include the offline counters as input to the Application Cryptogram
1-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
To support the migration of issuers and acquirers to chip, the M/Chip 4 applications support the magnetic stripe grade mode. If you support the magnetic stripe grade issuer mode, you are able to perform online transactions without cryptography. This feature is useful in situations where: You use the Chip to Magnetic Stripe Conversion service. You do not use a security module for online transactions (except for the online PIN verification module).
Dec 2004
For the migration from M/Chip 2 to M/Chip Select 4 or to the M/Chip Lite 4, both M/Chip 4 applications support EPI/MCI session key derivation.
Note
This publication uses the following naming conventions. The EMV 96 session key derivation method is called EPI/MCI session key derivation. The session key derivation defined in EMV 2000 is called EMV 2000 session key derivation.
Note
Dec 2004
However, there are minor modifications to the input to the ARQC, TC, and AAC resulting from the extension of the length of the Card Verification Results to six bytes. For the migration from M/Chip Lite 4 to M/Chip Select 4, the M/Chip Select 4 application supports the same online messages, including the cryptograms.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
1-7
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
Dec 2004
1-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Introduction
1.1 Overview of M/Chip Select 4 and M/Chip Lite 4
Dec 2004
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
1-9
Introduction
1.2 M/Chip Select 4, M/Chip Lite 4 and EMV 2000
The M/Chip Select 4 application is fully compliant with the EMV 2000 standard. The M/Chip Lite 4 application implements the EMV 2000 session key derivation, but does not support the Combined DDA/AC generation. The M/Chip Lite 4 application is fully compliant with the EMV 2000 standard.
1-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
2.1 Introduction..................................................................................................2-1 2.1.1 Offline Card Risk Management ..........................................................2-1 2.1.2 Online Card Risk Management...........................................................2-2 2.2 Card Verification Results..............................................................................2-2 2.3 Card 2.3.1 2.3.2 2.3.3 2.3.4 Issuer Action Codes ............................................................................2-6 Content of the Card Issuer Action Codes ..........................................2-7 Card Issuer Action CodeDecline ..................................................2-10 Card Issuer Action CodeOnline....................................................2-11 Card Issuer Action CodeOffline....................................................2-11
2.4 Offline Counters and Offline Limits ..........................................................2-12 2.4.1 Offline Counters................................................................................2-12 2.4.2 Offline Limits.....................................................................................2-13 2.4.3 Comparison between Offline Counters and Offline Limits.............2-14 2.5 Card Risk Management Algorithm.............................................................2-16 2.5.1 First Occurrence of GENERATE AC .................................................2-16 2.5.1.1 Terminal Requests an AAC at First GENERATE AC................2-17 2.5.1.2 Terminal Requests a TC at First GENERATE AC ....................2-17 2.5.1.2.1 Online-Capable Terminals..............................................2-20 2.5.1.2.2 Non-online Capable Terminals ......................................2-20 2.5.1.3 Terminal Requests an ARQC at First GENERATE AC.............2-21 2.5.2 Second Occurrence of GENERATE AC ............................................2-21 2.5.2.1 Unable to Go Online. ..............................................................2-24 2.5.2.2 Issuer Authentication Data Present .........................................2-26 2.5.2.2.1 Issuer Authentication Data Verification Succeeds .........2-27 2.5.2.2.2 Issuer Authentication Data Verification Fails.................2-27 2.5.2.3 Issuer Authentication Data Not Present ..................................2-27
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-i
2.1 Introduction
Card Risk Management is the process the M/Chip 4 applications use to determine how to respond to the application cryptogram (AC) request sent by the terminal. Card Risk Management has two components: Offline Card Risk Management Online Card Risk Management
You define these conditions at card personalization and can modify them later. The M/Chip 4 applications consider a transaction from various perspectives, including the following: Has offline PIN verification been performed? Has offline PIN verification failed? Has the PIN Try Limit been exceeded? Is this a domestic or international transaction? Has the terminal erroneously considered that the offline PIN is OK? Has the offline consecutive limit been exceeded? Has the offline cumulative amount been exceeded? Should the transaction go online because the Go Online on Next Transaction bit was set? Did issuer authentication fail in a previous transaction? Was the issuer script received or failed in a previous transaction? Was a match found in the additional check table?
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-1
Is the terminal a CAT level 3 terminal? Was the transaction unable to go online?
You can use the response to each of these questions to determine Offline Risk Management, i.e. to take one of the following decisions: To approve the transactions offline, on your behalf To send a transaction online to the issuer for online authorization on an online-capable terminal To decline the transaction offline, on your behalf.
The Card Verification Results is a six-byte internal data element divided in two parts: Part 1 (bytes 1 to 3) is for information Part 2 (bytes 4 to 6) is for Card Risk Management
2-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
b1
Part reserved for general information
b2
b3
b4
b5
b6
You receive the complete Card Verification Results included in the Issuer Application Data: During an online transaction, if the connection to the issuer is possible In the clearing record of a transaction, when chip data is cleared
The information part of the Card Verification Results provides you with information. It plays no role in Card Risk Management. The decision-making information part of the Card Verification Results is used for Card Risk Management. It is internally compared to the Card Issuer Action Codes to decide which cryptogram is given in the response to the GENERATE AC, i.e. to decide between: Declining a transaction Going online to the issuer Accepting a transaction
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-3
The Card Verification Results is a transaction-dependent data element reflecting the current status of the M/Chip 4 application and the results of several internal checks done on the current transaction parameters. Tables 2.1 2.3 provide the content of the decision-making information part of the Card Verification Results for the M/Chip 4 application. Table 2.1 describes the content of byte 4 of the Card Verification Results. Byte 4 contains decision-making information for the current transaction.
Table 2.1Card Verification Results, Byte 4 b8
x
b7
b6
b5
b4
b3
b2
b1
Meaning
Reserved
0
x
0 1
x
0 1
x
0 1 x 0 1 x 0 1 x 0 1 x 0 1
Terminal Does Not Erroneously Consider Offline PIN OK Terminal Erroneously Considers Offline PIN OK
2-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 2.2 describes the content of byte 5 of the Card Validation Results. Byte 5 contains decision-making information from the current transaction and from the transaction that preceded it (i.e. current transaction 1).
Table 2.2Card Verification Results, Byte 5 b8 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1
a b
b7
b6
b5
b4
b3
b2
b1
Meaning
Lower Consecutive Offline Limit Exceeded
Lower Consecutive Offline Limit Not Exceeded Lower Consecutive Offline Limit Exceeded
Upper Consecutive Offline Limit Exceeded
Upper Consecutive Offline Limit Not Exceeded Upper Consecutive Offline Limit Exceeded
Lower Cumulative Offline Limit Exceeded
Lower Cumulative Offline Limit Not Exceeded Lower Cumulative Offline Limit Exceeded
Upper Cumulative Offline Limit Exceeded
Upper Cumulative Offline Limit Not Exceeded Upper Cumulative Offline Limit Exceeded
Go Online On Next Transaction Was Set a
Go Online On Next Transaction Was Not Set Go Online On Next Transaction Was Set
Issuer Authentication Failed a
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-5
Table 2.3 describes the content of byte 6 of the Card Validation Results. Byte 6 contains decision-making information from the current transaction.
Table 2.3Card Verification Results, Byte 6 b8 x 0 b7 x 0 b6 x 0 b5 x 0 b4 x 0 b3 x 0 x 0 1 x 0 1 b2 b1 Meaning
Reserved
No Match Found In Additional Check Table Match Found In Additional Check Table
No Match Found In Additional Check Table
Match Found In Additional Check Table No Match Found In Additional Check Table
2-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
The M/Chip 4 applications compare the Card Issuer Action Codes with the decision-making information part of the Card Verification Results in Figure 2.2.
Figure 2.2Card Verification Results and Card Issuer Action Codes CVR
b2
b3
CIACDecline
CIACOnline
CIACDefault
b4
b1
b1
b1
b5
b2
b2
b2
b6
b3
b3
b3
The following sections provide the content and a description of the functionality of the Card Issuer Action Codes.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-7
Table 2.4 describes the content of byte 1. Byte 1 contains information for the current transaction.
Table 2.4Card Issuer Action Code, Byte 1 b8 x x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 b7 b6 b5 b4 b3 b2 b1 Meaning
Reserved-No Meaning Unable To Go Online Indicated
Do Not Take Action If Unable To Go Online Indicated Take Action If Unable To Go Online Indicated
Offline PIN Verification Not Performed
Do Not Take Action If Offline PIN Verification Not Performed Take Action If Offline PIN Verification Not Performed
Offline PIN Verification Failed
Do Not Take Action If Offline PIN Verification Failed Take Action If Offline PIN Verification Failed
PTL Exceeded
Do Not Take Action If Terminal Erroneously Considers Offline PIN OK Take Action If Terminal Erroneously Considers Offline PIN OK
Table 2.5 describes the content of byte 2. Byte 2 contains information from the current transaction and from the transaction that preceded it (i.e. current transaction 1).
2-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Do Not Take Action If Lower Consecutive Offline Limit Exceeded Take Action If Lower Consecutive Offline Limit Exceeded
Upper Consecutive Offline Limit Exceeded
Do Not Take Action If Upper Consecutive Offline Limit Exceeded Take Action If Upper Consecutive Offline Limit Exceeded
Lower Cumulative Offline Limit Exceeded
Do Not Take Action If Lower Cumulative Offline Limit Exceeded Take Action If Lower Cumulative Offline Limit Exceeded
Upper Cumulative Offline Limit Exceeded
Do Not Take Action If Upper Cumulative Offline Limit Exceeded Take Action If Upper Cumulative Offline Limit Exceeded
Go Online On Next Transaction Was Set
Do Not Take Action If Go Online On Next Transaction Was Set Take Action If Go Online On Next Transaction Was Set
Issuer Authentication Failed
Do Not Take Action If Issuer Authentication Failed Take Action If Issuer Authentication Failed
Script Received
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-9
Table 2.6 describes the content of byte 3. Byte 3 contains decision-making information from the current transaction.
Table 2.6Card Issuer Action Code, Byte 3 b8 x b7 x b6 x b5 x b4 x b3 x x 0 1 x 0 1 b2 b1 Meaning
Reserved-No Meaning Match Found in Additional Check Table
Do Not Take Action if Match Found in Additional Check Table Take Action if Match Found in Additional Check Table
No Match Found in Additional Check Table
Do Not Take Action if No Match Found in Additional Check Table Take Action if No Match Found in Additional Check Table
Verifies the Card Verification Results [46] against either the Card Issuer Action CodeOnline or the Card Issuer Action CodeDefault depending on the terminal online/offline capability.b
a b
Decision-making informationcurrent transaction, current + last online transaction. As described in the Terminal Requests a TC at First GENERATE AC and in the Terminal Requests an ARQC at First GENERATE AC sections.
2-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
There are few reasons for declining a transaction before attempting to go online to the issuer. In a standard configuration the Card Issuer Action Code Decline is likely to be personalized with a value of zeros. See section 6.3.3.3.1 for the explanation of other settings.
Dec 2004
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-11
If A bit in the Card Issuer Action Code Default and its corresponding bit in the Card Verification Results [4-6] a are both set The bits do not match
a
If the transaction is performed in a currency not recognized by the M/Chip 4 application, the transaction value cannot be accumulated. In this case, the M/Chip 4 application counts the transaction using the second offline counter: the Consecutive Offline Transactions Number. The Consecutive Offline Transactions Number represents the number of transactions accepted offline without being accumulated in the Cumulative Offline Transaction Amount. Each time a transaction is accepted offline, the M/Chip 4 application only updates one of the counters.
2-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
offline transaction
yes
no
Checked against the Consecutive Offline Transactions Number. Checked against the Cumulative Offline Transaction Amount.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-13
behavior 3
upper limit
behavior 2
lower limit
behavior 1
offline counter
The M/Chip 4 application enables you to modify the M/Chip 4 application behavior if an offline counter reaches one of its limits.
2-14
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Figure 2.5 illustrates typical ways in which offline limits are used: If the offline counter is below the lower limit, the transaction is accepted offline (i.e. the M/Chip 4 application computes a TC), even on an online capable terminal (behavior 1 in Figure 2.4). If the offline counter reaches the lower limit, the transaction goes online to the issuer on an online capable terminal. It is still accepted if it is not possible to go online (e.g. because the terminal is offline only or because it was not possible to go online to the issuer) (behavior 2 in Figure 2.4). If the offline counter reaches the upper limit, the transaction goes online to the issuer on an online capable terminal but the transaction is declined if it is not possible to go online (behavior 3 in Figure 2.4).
upper limit
lower limit
go online on online terminals decline offline transactions go online on online terminals accept offline transactions if impossible to go online
offline counter
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-15
You receive the offline counters during online transactions. Based on the amount already spent offline by the cardholder and on the cardholders account balance, you can decide to accept the online transaction and optionally reset the counters.
The following sections give an overview of the Card Risk Management performed by the M/Chip 4 applications. Refer to the M/Chip 4 Card Application Specifications for Debit and Credit for a detailed definition.
2-16
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
The international or domestic character of the transaction The state of the offline counters against the offline limits Your decision, when taken, to force the transaction online Any issuer authentication failure during a previous transaction Any failure during the processing of script commands during a previous transaction If a match was found in the additional check table
Such a declined transaction is not counted in the offline counters as it has no impact on the M/Chip 4 application status and therefore no impact on the Card Risk Management of the transactions that follow. The only traces of such a transaction in the M/Chip 4 applications are the incremented Application Transaction Counter (incremented in the GET PROCESSING OPTIONS), and the transaction details written in the chip transaction log file.
Note
It is unlikely that you would see such a transaction as clearing records are not sent for declined transactions.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-17
Figure 2.6 illustrates the Card Risk Management performed by the M/Chip 4 application at first GENERATE AC, when the terminal requests offline approval of the transaction.
Figure 2.6First GENERATE AC, TC Requested
TC requested
decline
decision AAC
do not decline
online capable
offline only
yes
no
offline
offline
online
update counter
decline
decision ARQC
decision TC
decision AAC
2-18
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
The M/Chip 4 application first checks that there has not been a critical event by checking the Card Verification Results against the Card Issuer Action Code Decline.
If Then the M/Chip 4 application Declines the transaction. Computes an AAC.
A bit in the Card Issuer Action Code Decline and its corresponding bit in the Card Verification Results [4-6] are both set.
Next, the M/Chip 4 application checks whether it can accept the transaction offline or whether it has to go online to the issuer. To do so, the M/Chip 4 application reflects the transaction value in either the Cumulative Offline Transaction Amount or the Consecutive Offline Transactions Number (depending on the transaction currency) and compares these values with the offline limits.
If The offline counters exceed the limits. Then the M/Chip 4 application Updates the Card Verification Results: Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded.
The next step depends upon the type of terminal used for the transaction. An Offline Only terminal has terminal types of 23, 26 or 36. Any terminal type that is not of type 23, 26 or 36, is considered an Online Capable terminal.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-19
2.5.1.2.1 Online-Capable Terminals The M/Chip 4 application checks the Card Verification Results against the Card Issuer Action CodeOnline.
If Then the M/Chip 4 application
A bit in the Card Issuer Action Code Computes an ARQC. Online and its corresponding bit in the Card Verification Results [4-6] are both set The bits do not match Approves the transaction. Computes a TC. Updates Cumulative Offline Transaction Amount or the Consecutive Offline Transactions Number (depending on the transaction currency) with transaction amount.
2.5.1.2.2 Non-online Capable Terminals There are two scenarios for non-online capable terminals. The M/Chip 4 application does not check the Card Issuer Action Code Default for non-online capable terminals where: The terminal is a CAT-level 3 terminal (terminal type of 26) and You personalized the M/Chip 4 application to skip the check on the Card Issuer Action CodeDefault on CAT3.
In this case, the M/Chip 4 application: Approves the transaction Computes a TC Updates Cumulative Offline Transaction Amount (if it is in the counter currency or convertible) with the transaction amount, or the Consecutive Offline Transactions Number.
For non-online capable terminals where: The terminal is not a CAT-level 3 terminal or You do not want to skip the check on CAT3, checks the Card Issuer Action Code.
2-20
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
If
Then the M/Chip 4 application Declines the transaction. Computes an AAC. Approves the transaction. Computes a TC. Updates Cumulative Offline Transaction Amount (if it is in the counter currency or convertible) with the transaction amount, or the Consecutive Offline Transactions Number.
A bit in the Card Issuer Action Code Default and its corresponding bit in the Card Verification Results [4-6] are both set The bits do not match
A bit in the Card Issuer Action Code Decline and its corresponding bit in the Card Verification Results [4-6] are both set. The bits do not match
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-21
Figure 2.7 illustrates the Card Risk Management performed by the M/Chip 4 application at second GENERATE AC.
Figure 2.7Second Card Risk Management at Second GENERATE AC
yes
unable to go online?
no
unable to go online
no
yes
The M/Chip 4 application first checks if it was possible to send the transaction online to the issuer. If it was not possible to go online, the M/Chip 4 application considers the transaction as an offline transaction (i.e. unable to go online). The Unable to Go Online. section describes the Card Risk Management for this scenario. If the transaction goes online successfully to the issuer, the M/Chip 4 application expects you to provide a response. The response, the Issuer Authentication Data, contains your decision (ARPC Response Code) to accept or decline the transaction and the Message Authentication Code (Authorization Response Cryptogram) for this decision. Two scenarios may then occur: Your response is complete. Your response is incomplete.
2-22
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
In the first scenario, when your response is complete: You received the chip data in the authorization request. You computed the response (i.e. the Issuer Authentication Data). You sent the response to the terminal and it is complete.
The Issuer Authentication Data Present section describes the Card Risk Management for this scenario. The second scenario occurs when you operate in the magstripe grade issuer mode (or you use the chip to magstripe conversion service) or if the acquirer is partial grade: It was possible to reach the issuer, and to get a response. The response does not contain the chip data (i.e. the Issuer Authentication Data).
The Issuer Authentication Data Not Present section describes the Card Risk Management for this scenario.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-23
unable to go online
no
yes
decision AAC
offline
update counter
decision TC
decision AAC
2-24
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
In this situation, the terminal will either decline the transaction or request an approval. If the terminal requests a transaction decline, the M/Chip 4 application computes an AAC. Such a declined transaction has no impact on the M/Chip 4 application status, is not counted in the offline counters and therefore does not impact the Card Risk Management of subsequent transactions. If the terminal requests a transaction approval, the M/Chip 4 application checks whether it can accept the transaction by reflecting the transaction value in either the Cumulative Offline Transaction Amount or the Consecutive Offline Transactions Number (depending on the transaction currency) and comparing these values with the offline limits.
If The offline counters exceed the limits. Then the M/Chip 4 application Updates the Card Verification Results: Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded.
The M/Chip 4 application then checks the Card Issuer Action CodeDefault.
If Then the M/Chip 4 application Declines the transaction. Computes an AAC. Approves the transaction. Computes a TC. Updates Cumulative Offline Transaction Amount with the transaction amount (depending on the transaction currency) or the Consecutive Offline Transactions Number.
A bit in the Card Issuer Action Code Default and its corresponding bit in the Card Verification Results [4-6] are both set The bits do not match
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-25
verify cryptogram
valid
invalid
yes
update counters
no
yes
no
yes
update PTC
no
yes
no
decision TC
decision AAC
2-26
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
When the Issuer Authentication Data is present, the M/Chip 4 application first verifies the cryptogram that you computed. It then takes actions depending upon the outcome of this verification. 2.5.2.2.1 Issuer Authentication Data Verification Succeeds If the Issuer Authentication Data verification succeeds, it indicates that you acknowledged the status of the M/Chip 4 application as part of the Card Verification Results received in the Issuer Application Data. The M/Chip 4 application can therefore reset the following flags and counters: Issuer Authentication Failed on Online Transaction Flag Script Received on Online Transaction Flag Script Failed on Online Transaction Flag and Number of Issuer Script Commands Received on Last Online Transaction.
The M/Chip 4 application can then perform any of the following actions as : Update of the offline counters Set or reset of Go Online on Next Transaction Update of the PIN Try Counter Approval (TC) or decline (AAC) of the transaction.
2.5.2.2.2 Issuer Authentication Data Verification Fails If the Issuer Authentication Data verification fails, it indicates that the issuer decision cannot be trusted. This should be an extremely rare occurrence. In such an event, the M/Chip 4 application performs the following: Declines the transaction Computes an AAC Tracks the critical event and may modify the Card Risk Management of the next transactions (for instance, the M/Chip 4 application may go online on the next transaction so that you are informed of the verification failure).
Dec 2004
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-27
terminal asks TC
yes
no
no
reset status
decision AAC
yes
update counters
no
yes
no
update PTC
no is mandatory
yes
no
decision TC
decision AAC
2-28
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
When there is no Issuer Authentication Data, the M/Chip 4 application first verifies that the terminal wishes the transaction to be accepted and that you support the magstripe grade issuer mode. The magstripe grade issuer mode allows the card to accept transaction when the Issuer Authentication Data is not present. You select this at personalization.
If The M/Chip 4 application does not support the magstripe grade issuer mode. The terminal requests an AAC. The terminal requests a TC and the M/Chip 4 application supports the magstripe grade issuer mode Then the M/Chip 4 application Declines the transaction. Computes an AAC. Declines the transaction. Computes an AAC. Issuer Authentication Failed on Online Transaction Flag Script Received on Online Transaction Flag Script Failed on Online Transaction Flag and
Number Of Issuer Script Commands Received on Last Online Transaction Performs default actions as defined at personalization: Update of the offline counters Set/reset of the Go Online on Next Transaction Flag Approval (TC) of transaction or decline (AAC) of transaction
Note
If the acquirer is partial grade but the issuer is full grade, the transaction would be rejected by the card. However, the partial grade terminal will override the issuer decision. Such a transaction has no impact on the M/Chip 4 application status and therefore no impact on the Card Risk Management of the transactions that follow.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
2-29
3.1 Overview ......................................................................................................3-1 3.2 Configuring the Application Control Data Element....................................3-1 3.2.1 Application Control Coding................................................................3-1 3.2.2 Application Control Usage..................................................................3-4 3.2.2.1 Magstripe Grade Issuer Activated .............................................3-4 3.2.2.2 Skip CIAC Default on CAT3 ...................................................3-4 3.2.2.3 Key for Offline Encrypted PIN Verification ..............................3-4 3.2.2.4 Offline Encrypted PIN Verification ...........................................3-5 3.2.2.5 Offline Plaintext PIN Verification..............................................3-5 3.2.2.6 Session Key Derivation..............................................................3-6 3.2.2.7 Encrypt Offline Counters...........................................................3-6 3.2.2.8 Activate Additional Check Table...............................................3-7 3.2.2.9 Allow Balance Retrieval.............................................................3-7 3.2.2.10 Include Counters in AC ...........................................................3-7 3.3 Configuring Card Risk Management Data Elements...................................3-8 3.3.1 Card Issuer Action Codes ...................................................................3-8 3.3.2 CRM Country Code .............................................................................3-8 3.3.3 CRM Currency Code ...........................................................................3-9 3.3.4 Lower Cumulative Offline Transaction Amount ................................3-9 3.3.5 Upper Cumulative Offline Transaction Amount................................3-9 3.3.6 Lower Consecutive Offline Limit......................................................3-10 3.3.7 Upper Consecutive Offline Limit......................................................3-10 3.3.8 Currency Conversion Table and Currency Conversion Parameters ...................................................................................................3-10 3.3.9 Default ARPC Response Code ..........................................................3-11 3.3.10 Additional Check Table ..................................................................3-12 3.3.11 CDOL 1 and CDOL 2 Related Data ................................................3-12 3.3.12 Offline PIN, PIN Try Counter and PIN Try Limit...........................3-13 3.3.13 Previous Transaction History..........................................................3-13 3.3.14 Application Control.........................................................................3-13 3.4 Selecting Cryptographic Features ..............................................................3-14
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-i
3.4.1 Session Key Derivation.....................................................................3-14 3.4.1.1 Additional Personalization for EMV 2000 Session Key Derivation..............................................................................................3-15 3.4.1.2 Switching between Session Key Derivation Methods ............3-15 3.4.2 Key for Offline Encrypted PIN .........................................................3-15 3.4.2.1 RSA Key = DDA Key ...............................................................3-16 3.4.2.2 RSA Key = Dedicated PIN Encryption Key.............................3-16 3.4.3 Offline Counters Encryption.............................................................3-17 3.4.4 Offline Counters inclusion in AC .....................................................3-17 3.4.5 Cryptogram Version Number ...........................................................3-18
3-ii
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
3.1 Overview
You can customize your M/Chip 4 application in the following ways: By defining the settings of the Application Control data element By defining the settings of the Card Risk Management data elements By selecting specific cryptographic features
b7
b6
B5
b4
b3
b2
b1
Meaning
Magstripe grade issuer activated
0 1 x 0 1 x 0
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-1
b8
b7
b6
B5 x 0 1
b4
b3
b2
b1
Meaning
Key for offline encrypted PIN verification
Table 3.2 describes the coding for byte 1 of the Application Control for the M/Chip Lite 4 application.
Table 3.2Application Control for M/Chip Lite 4, Byte 1 b8 x 0 1 x 0 1 x 0 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning
Magstripe grade issuer activated
3-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
b8
b7
b6
b5
b4 x 0
b3
b2
b1
Meaning
Reserved
Table 3.3 describes the coding for byte 2 of the Application Control for both the M/Chip 4 applications.
Table 3.3Application Control for M/Chip 4 Applications, Byte 2 b8 x 0 b7 x 0 b6 x 0 b5 x 0 b4 x 0 x 0 1 x 0 1 x 0 1 b3 b2 b1 Meaning
Reserved
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-3
applications treat CAT level 3 terminals in the same way as other offline-only terminals.
Note
3-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
If Key for Offline Encrypted PIN Verification bit = 1b Key for Offline Encrypted PIN Verification bit = 0b
Then the M/Chip 4 Select application. Uses a dedicated PIN Encryption key for offline encrypted PIN decryption. Uses the DDA key for offline encrypted PIN decryption. The advantage of using the DDA key for encrypted PIN is that personalization can be simplified and transaction time is shorter.
Note
The M/Chip Lite 4 application does not use this bit. In an M/Chip Lite 4 implementation, the Key for Offline Encrypted PIN Verification bit must therefore be set to '0b'.
Note
The M/Chip Lite 4 application does not use this bit. In an M/Chip Lite 4 implementation, the Offline Encrypted PIN Verification bit must therefore be set to '0b'.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-5
If Offline Plaintext PIN Verification bit = 1b Offline Plaintext PIN Verification bit = 0b
Then the M/Chip 4 application. Supports offline plaintext PIN. Does not support offline plaintext PIN.
3-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
If you choose to include the offline counters in the AC computation, the counters cannot be altered. If you are migrating from M/Chip Select 2 and M/Chip Lite 2.1, MasterCard recommends that you exclude the counters.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-7
Note
If the offline counters are sent encrypted in the Issuer Application Data, the counters input to the AC computation are also encrypted.
This section briefly describes the impact of each data element on Card Risk Management.
Refer to the Card Issuer Actions Codes section in chapter 2 for further details.
An action (decline or go online) can be triggered based on the Card Issuer Action Code settings for the International transaction or Domestic transaction bits.
3-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
An action (decline or go online) can be triggered based on the Card Issuer Action Code settings of the Lower Cumulative Offline Limit exceeded bit.
An action (decline or go online) can be triggered based on the Card Issuer Action Code settings of the Upper Cumulative Offline Limit exceeded.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-9
An action (decline or go online) can be triggered based on the Card Issuer Action Code settings of the Lower Consecutive Offline Limit exceeded.
An action (decline or go online) can be triggered based on the Card Issuer Action Code settings of the Upper Consecutive Offline Limit exceeded.
3-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 3.4 provides the values that you must use for the personalization of the Default ARPC Response Code.
Table 3.4Mandatory Values for Default ARPC Response Code Bit Byte 1 8-5 4-1 Byte 2 8-6 5 4 3 2-1 Reserved Approve online transaction Update PIN Try Counter Set go online on next transaction Update counters reset counters to zero 000b mandatory 1b mandatory 0b mandatory 0b recommended 10b mandatory Reserved PIN Try Counter 0000b mandatory 0000b mandatory Meaning Value
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-11
If the M/Chip 4 application also uses the Additional Check Table, other information from CDOL 1 Related Data may also influence the Card Risk Management.
3-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
3.3.12 Offline PIN, PIN Try Counter and PIN Try Limit
The PIN Try Counter is an internal counter that counts the number of offline PIN tries remaining. Whenever the correct PIN is entered, the PIN Try Counter is reset to the PIN Try Limit. You can customize the M/Chip 4 applications as follows: To support offline PIN To set the PIN Try Limit To trigger an action (decline or go online) in the following situations: When offline PIN verification is not performed When the offline PIN verification performed is incorrect When there are no PIN tries remaining
You can customize the M/Chip 4 application to trigger a specific action (e.g. go online) if one of the above events took place.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-13
In addition, the M/Chip Select 4 application offers the following options: Selection of the length of the RSA keys DDA key or a dedicated PIN encryption key as key for offline encrypted PIN
Only one session key method can be active at any one time. The active session key method is specified in the Application Control [1][2].
If Application Control Session Key Derivation bit = 1b Session Key Derivation bit = 0b Then the M/Chip 4 application. Uses the session key derivation method as specified in EMV 2000. Uses the EPI/MCI session key derivation method. This
is the method already used by the M/Chip Select 2 and M/Chip Lite 2.1 applications.
Independently of the profile and session key derivation method, you must also personalize the symmetric master keys in Table 3.6 in the card application.
3-14
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 3.63-DES Master Keys for Session Key Derivation Data Element SM for Integrity Master Key (MKSMI) SM for Confidentiality Master Key (MKSMC) AC Master Key (MKAC) Length 16 16 16
M/Chip 4 Card Application Specifications for Debit and Credit. M/Chip 4 Security and Key Management.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-15
The Application Control data element specifies the active encryption method.
Table 3.8Records Content for Offline Encrypted PIN with the DDA Key Tag 8F 9F32 92 90 9F47 9F48 9F46 Data Element Certification Authority Public Key Index Issuer Public Key Exponent Issuer Public Key Remainder Issuer Public Key Certificate ICC Public Key Exponent ICC Public Key Remainder ICC Public Key Certificate
3-16
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 3.9Records Content for Offline Encrypted PIN with a Dedicated Key Tag 8F 9F32 92 90 9F2F 9F2E 9F2D Data Element Certification Authority Public Key Index Issuer Public Key Exponent Issuer Public Key Remainder Issuer Public Key Certificate ICC PIN Encipherment Public Key Exponent ICC PIN Encipherment Public Key Remainder ICC PIN Encipherment Public Key Certificate
Note
It is possible to switch from the encrypted counters to plaintext counters, or from plaintext counters to encrypted counters, by changing the value of the Application Control.
Note
It is possible to switch from an input to the cryptogram including the counters to an input without counters or from an input without counters to an input with counters, by changing the value of the Application Control.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
3-17
3-18
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
4.1 Online Authorization ...................................................................................4-1 4.1.1 Verifying the ARQC ............................................................................4-1 4.1.2 Interpreting the Issuer Application Data............................................4-1 4.1.2.1 Key Derivation Index ................................................................4-2 4.1.2.2 Cryptogram Version Number ....................................................4-2 4.1.2.3 Card Verification Results............................................................4-3 4.1.2.4 DAC/ICC Dynamic Number 2 Bytes .........................................4-4 4.1.2.5 Encrypted Counters ...................................................................4-4 4.1.3 Making The Decision..........................................................................4-5 4.1.4 Building The Issuer Authentication Data...........................................4-5 4.1.4.1 Authorization Response Cryptogram ........................................4-6 4.1.4.2 ARPC Response Code................................................................4-7 4.1.4.2.1 Approve Online Transaction............................................4-8 4.1.4.2.2 Update PIN Try Counter...................................................4-8 4.1.4.2.3 Set Go Online on Next Transaction.................................4-8 4.1.4.2.4 Update Counters...............................................................4-9 4.1.5 Script Processing .................................................................................4-9 4.1.6 Issuer Referral ...................................................................................4-10 4.2 Clearing ......................................................................................................4-11 4.2.1 Check that Transactions Were Approved Online............................4-11 4.2.2 Potential De-synchronization between AC and Terminal Verification Results......................................................................................4-11 4.3 Update of Application Status .....................................................................4-13 4.3.1 Reset of Script Counter .....................................................................4-13 4.3.2 Setting of Go Online on Next Transaction Bit..............................4-13 4.3.3 Setting of Issuer Authentication Failed, Script Received, Script Failed Bits.......................................................................................4-14 4.3.4 Update of Offline Counters ..............................................................4-14
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-i
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-1
The number of offline chip transactions performed and the cumulated offline amount since the previous online chip transaction The reason the transaction was sent online for authorization Whether the terminal performed the offline Card Authentication Method
Table 4.1 identifies M/Chip 4 application data elements concatenated (without TLV coding) in the Issuer Application Data. The following sections provide a brief description of each of these data elements.
Table 4.1Issuer Application Data for the M/Chip 4 Application Data Element Key Derivation Index Cryptogram Version Number Card Verification Results DAC/ICC Dynamic Number 2 Bytes Plaintext/Encrypted Counters Length 1 1 6 2 8
The following five sections describe the contents of the Issuer Application Data in more detail.
4-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 4.2Cryptogram Version Number b8 x 0 b7 x 0 b6 x 0 b5 x 1 x 0 x 0 x 0 1 x 0 1 b4 b3 b2 b1 Meaning Cryptogram version 4, other values RFU Reserved Other value RFU Session key used for AC computation EPI/MCI session key EMV2000 session key Counters included in AC computation Counters not included in AC data Counters included in AC data
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-3
if an issuer script was received and whether it passed or failed in the previous transaction if issuer authentication failed in the previous online transaction if a match was found in the additional check table
Two left-most bytes of N/A the ICC Dynamic Number DAC 0000 DAC 0000
If the counters are sent in clear (Application Control [1][1] is set to 0b [Do not encrypt offline counters]), this data element is the concatenation of the Cumulative Offline Transaction Amount, the Consecutive Offline Transactions Number and FF. If the counters are sent encrypted (Application Control [1][1] is set to 1b [Encrypt offline counters]), this data element contains the encrypted counters (eight bytes). Refer to the M/Chip 4 Security and Key Management manual for details. The Cryptogram Version Number [1] value of 1b indicates that the counters are included in the Application Cryptogram data.
4-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Full grade issuers may decide to change the M/Chip 4 application behavior by using the ARPC Response Code to instruct the application to: respond with TC or AAC reset the Card Risk Management counters go online at the next transaction update the PIN Try Counter to synchronize the PIN Try Counter on the card and on your online host
Magstripe grade issuers, where the magstripe grade issuer mode is activated, handle online transaction without Issuer Authentication Data differently and use the Default ARPC Response Code to instruct the application to determine the next actions. Refer to section Supporting the Magstripe Grade Issuer in chapter 5 for more detail.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-5
Figure 4.1 illustrates your transfer of the Issuer Authentication Data information to the M/Chip 4 application in the Authorization Response message.
Figure 4.1Issuer Authentication Data Transaction
Network
Issuer
auth. request
auth. response
The Issuer Authentication Data contains two data elements: Authorization Response Cryptogram (ARPC) ARPC Response Code
4-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 4.4 describes the content of byte 2 of the ARPC Response Code.
Table 4.4ARPC Response Code, Byte 2 b8 x 0 b7 x 0 b6 x 0 x 0 1 x 0 1 x 0 1 x 0 1 0 1 x 0 0 1 1 b5 b4 b3 b2 b1 Meaning Reserved Other value RFU Approve online transaction Do not approve online transaction Approve online transaction Update PIN Try Counter Do not update PIN Try Counter Update PIN Try Counter Set go online on next transaction Reset go online on next transaction Set go online on next transaction Update counters Do not update offline counters Reset counters to zero Set counters to upper offline limits Add transaction to counter
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-7
The following tables describe how the M/Chip 4 application interprets each of the bits in the ARPC Response Code data element. 4.1.4.2.1 Approve Online Transaction
If Approve Online Transaction is set (i.e. ARPC Response Code [2][5] = 1b) and the terminal requests a TC. Approve Online Transaction is not set (i.e. ARPC Response Code [2][5] = 0b). Then the M/Chip 4 application Approves the transaction. Computes a TC. Declines the transaction. Computes an AAC.
Update PIN Try Counter is not set (i.e. ARPC Response Code [2][4] = 0b).
Set Go Online on Next Transaction is not set (i.e. ARPC Response Code [2][3] = 0b).
4-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Sets the two offline counters to the Upper Consecutive Offline Limit and the Upper Cumulative Offline Transaction Amount. Accumulates the transaction: In the Cumulative Offline Transaction Amount if the transaction is in the Counter Currency or in a currency the M/Chip 4 application can convert In the Consecutive Offline Transactions Number if the transaction is in a currency that the application does not recognize
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-9
You can issue the following script commands during online authorization:
APPLICATION BLOCK to block the application because of Credit Losses, Lost or Stolen cards or cards that were never received APPLICATION UNBLOCK to unblock a blocked application PIN UNBLOCK or PIN CHANGE PUT DATA to update the Card Risk Management data elements UPDATE RECORD to update a record read by the terminal.
The transmission of scripts requires the use of secure messaging. You may use the UPDATE RECORD command during script processing when the command length does not exceed the supported network length, and when you know the file and record structure of the card (you do not receive this information during an online transaction). In other cases, the UPDATE RECORD command should be performed in a specific environment. Refer to the Post Issuance Maintenance section in chapter 5 for further information. Magstripe grade issuers do not support script processing. However, they can use post issuance maintenance to maintain their cards.
You can decide to approve or decline the transaction after the referral. MasterCard takes this approach because some terminals may reject transactions approved by the issuer after a referral if the card does not return a TC.
4-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
4.2 Clearing
The following sections help you (or your representative) to interpret the data contained in the ICC System Related Data (DE 55) data element during the clearing process.
If an M/Chip 4 application receives Issuer Authentication Data, it can only compute a TC when the following are true: Issuer authentication was performed. You explicitly requested the approval in the Issuer Authentication Data (i.e. ARPC Response Code [2][5] = 1b [Approve online transaction]).
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-11
card
terminal
issuer
TVR1=value 1
AC1=MAC(TVR1)
AC1
To resolve this problem, you can reset the bits in the Terminal Verification Results that may have been modified by the terminal after presentation to the card, prior to Application Cryptogram verification, as illustrated by Figure 4.3.
Figure 4.3Solution to the AC and Terminal Verification Results Inconsistency in EMV
card
terminal
issuer
TVR1=value 1
AC1=MAC(TVR1)
AC1
AC1=MAC(TVR1)
4-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
In the M/Chip 4 application, the only bit in the Terminal Verification Results that can be modified by the terminal after presentation to the card but before inclusion in the ICC System Related Data (DE 55) data element is the Terminal Verification Results [5][5] (Script Processing Failed After Final GENERATE AC).
Or if the transaction goes online (i.e. if Authorization Response Code is neither equal to Y3 nor Z3)
and Issuer Authentication Data is not present and the terminal requests a TC and the magstripe grade issuer mode is supported (i.e. Application
if the Authorization Response Cryptogram verification is successful, it is set to the value you requested in the ARPC Response Code if the Authorization Response Cryptogram verification is not successful, it keeps the value it had in the previous transaction
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-13
supported, it is set to the value you requested in the Default ARPC Response Code
otherwise it keeps the value it had in the previous transaction.
4.3.3 Setting of Issuer Authentication Failed, Script Received, Script Failed Bits
The M/Chip 4 application resets the Issuer Authentication Failed, Script Received, Script Failed Bits in the Previous Transaction History (Previous Transaction History [3-1]):
If a transaction goes online (i.e. if Authorization Response Code is neither
Or if the transaction goes online (i.e. if Authorization Response Code is neither equal to Y3 nor Z3)
and Issuer Authentication Data is not present and the terminal requests a TC and the magstripe grade issuer mode is supported.
4-14
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Or the transaction goes online (i.e. if Authorization Response Code is neither equal to Y3 nor Z3)
and Issuer Authentication Data is not present and the terminal requests a TC and the magstripe grade issuer mode is supported and Update Counters is set in the Default ARPC Response Code.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
4-15
Advanced Features
This chapter describes advanced features of the M/Chip 4 application.
5.1 Synchronization between Online and Offline PIN Try Counters...............5-1 5.2 Support of Magstripe Grade Issuer Mode...................................................5-2 5.2.1 Magstripe Grade Issuer Mode Not Activated .....................................5-2 5.2.2 Magstripe Grade Issuer Mode Activated ............................................5-3 5.2.2.1 Approve Online Transaction .....................................................5-3 5.2.2.2 Update PIN Try Counter............................................................5-4 5.2.2.3 Set Go Online on Next Transaction..........................................5-4 5.2.2.4 Update Counters ........................................................................5-5 5.3 Behavior on CAT Level 3 Terminals ...........................................................5-6 5.4 Swapping Application File Locator Configurations ....................................5-7 5.4.1 AFL Swap Mechanism.........................................................................5-7 5.4.2 PIN De-synchronization on New Cards and Offline PIN Postactivation .......................................................................................................5-8 5.4.2.1 How PIN Value De-synchronization Occurs ............................5-9 5.4.2.2 How the M/Chip 4 Application Resolves PIN Value Desynchronization.......................................................................................5-9 5.4.2.2.1 Temporary Configuration ...............................................5-10 5.4.2.2.2 Regular Configuration.....................................................5-10 5.5 Consulting the Log of Transactions...........................................................5-11 5.6 Retrieving the Offline Balance...................................................................5-12 5.7 Post-Issuance Maintenance........................................................................5-13 5.7.1 PUT DATA to Modify Data Elements...............................................5-13 5.7.2 UPDATE RECORD to Modify Records .............................................5-14 5.7.3 GET DATA to Retrieve Data.............................................................5-14 5.7.4 GET PROCESSING OPTIONS to Retrieve Data ...............................5-15 5.7.5 Retrieving Records In The Transaction Log.....................................5-16 5.7.6 Sending Script Commands to the Card ............................................5-16 5.7.6.1 MAC in Script Counter Limit....................................................5-16 5.8 Additional Check Table .............................................................................5-17
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-i
Advanced Features
5.8.1 How the M/Chip Application Checks the Additional Check Table............................................................................................................5-17 5.8.2 Additional Check Table Content ......................................................5-19 5.8.3 Example of Additional Check Table Value......................................5-21
5-ii
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.1 Synchronization between Online and Offline PIN Try Counters
M/Chip 4
Issuer host
offline PTC=1
online PTC=3
During an online transaction, you can synchronize both counters by sending the offline PIN Try Counter (in the Card Verification Results [3][4-1]) in the authorization request. If you want to change the offline PIN Try Counter, you can send the new value in the authorization response in the ARPC Response Code. The ARPC Response Code [2][4] is set to 1b to indicate that the offline PIN Try Counter must be updated. The new counter value is contained in the ARPC Response Code [1][41].
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-1
Advanced Features
5.2 Support of Magstripe Grade Issuer Mode
You may also find the magstripe grade issuer mode useful when the card is used mainly on a partial grade network (partial grade acquirer) where the offline counters would otherwise not be reset. For issuers using the magstripe grade issuer mode on a partial grade network, when the counter lower limits are reached, the card will always attempt to go online when used at an online capable terminal. When it is not possible to go online to the issuer, the M/Chip 4 application will approve the transaction. When the counter reaches the upper limit, the card must always go online to the issuer. If the card is used regularly on full grade terminals, you do not need to support the magstripe grade issuer mode. On a partial grade terminal, after online authorization by the issuer, the terminal accepts the transaction, even if the card rejects the transaction because Issuer Authentication Data is missing. The M/Chip 4 application optionally supports the magstripe grade issuer mode, indicated by the following settings: If the Application Control [1][8] = 1b, the magstripe grade issuer mode is activated. If the Application Control [1][8] = 0b, the magstripe grade issuer mode is not activated.
5-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.2 Support of Magstripe Grade Issuer Mode
Issuer Authentication Failed Script Received Flag Script Failed Flag Cumulative Offline Transaction Amount Consecutive Offline Transactions Number
This can prevent the acceptance of future offline transactions, for example when the Consecutive Offline Transactions Number equals the Upper Consecutive Offline Limit.
The following tables describe how the M/Chip 4 application interprets each of the bits in the Default ARPC Response Code data element to determine which actions to perform.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-3
Advanced Features
5.2 Support of Magstripe Grade Issuer Mode
Warning
You must set the Default ARPC Response Code [2][4] to 0b (Do not update PIN Try Counter).
Dec 2004
Set Go Online on Next Transaction is not set (i.e. Default ARPC Response Code [2][3] = 0b).
5-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.2 Support of Magstripe Grade Issuer Mode
Sets the two offline counters to the Upper Consecutive Offline Limit and the Upper Cumulative Offline Transaction Amount. Accumulates the transaction: in the Cumulative Offline Transaction Amount if the transaction is in the Counter Currency or in a currency the M/Chip 4 application can convert in the Consecutive Offline Transactions Number if the transaction is in a currency that the application does not recognize.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-5
Advanced Features
5.3 Behavior on CAT Level 3 Terminals
Definition A CAT level 3 terminal has a Terminal Type of 26 (Merchant-controlled, unattended and offline only).
The Offline Counters and Offline Limits section in chapter 2 explains how the typical behavior of the application is to accept offline transactions until the Upper Consecutive Offline Limit or the Upper Cumulative Offline Transaction Amount is reached. Once an upper limit is reached, offline transactions are declined. If you set the Application Control [1][7] to 1b at personalization, the M/Chip 4 application skips the CIAC Default check on CAT level 3 terminals. As a result, the M/Chip 4 application can approve a transaction even when the offline limits are exceeded. The M/Chip 4 application counts such approved transactions in the offline counters, in the same way as any other offline transaction. If you set the Application Control [1][7] to 0b at personalization, the M/Chip 4 application does not skip the CIAC Default check on the CAT level 3 terminals. It treats CAT level 3 terminals in the same way as any other offline only terminal. Enabling the unlimited acceptance of transactions on CAT level 3 terminals has an impact on offline risk management as the upper offline limits can be exceeded on CAT level 3 terminals. The issuer must decide between: Giving priority to the service availability by allowing offline transactions to go over the limits on CAT level 3 terminals Giving priority to the offline risk management by forbidding offline transactions over the limits on CAT level 3 terminals
Note
When this feature is used at the terminal, you are informed that part of Card Risk Management was skipped when the terminal simulated a CAT level 3 terminal after fraudulent tampering, by the Card Verification Results [2][4] (set to 1b) contained in the Issuer Application Data.
5-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.4 Swapping Application File Locator Configurations
Figure 5.2 illustrates the swap between the temporary and regular Application File Locator configurations.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-7
Advanced Features
5.4 Swapping Application File Locator Configurations
records for temp for temp for temp AFL for temp for temp and reg for temp and reg for temp and reg AFL for reg for temp and reg for temp and reg for reg for reg for reg
This mechanism is useful because it provides the issuer with a solution to the problem of PIN de-synchronization on new cards and offline PIN postactivation. There are alternative solutions that you may use.
The values of the offline and online Reference PIN must always be identical, as the cardholder cannot distinguish between them, as illustrated in Figure 5.3.
5-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.4 Swapping Application File Locator Configurations
M/Chip 4
Issuer host
offline PIN=1234
online PIN=1234
This section describes the situation you may encounter with PIN desynchronization on new cards after issuance, and the solution to correct the problem.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-9
Advanced Features
5.4 Swapping Application File Locator Configurations
5.4.2.2.1 Temporary Configuration You activate the temporary configuration when the card is issued. It has the following characteristics: Offline PIN verification is not supported. Signature verification is supported for offline only terminals. Online PIN verification is used for online terminals.
At issuance, the card will behave as follows: On offline only terminals, signature verification is used. On online capable terminals, the transaction goes online and Online PIN verification is used.
As a result, when the offline Reference PIN is not synchronized with the online Reference PIN: There is no confusion for the cardholder as the offline Reference PIN is not used. As soon as the card goes to an online capable terminal, the issuer will synchronize the offline Reference PIN value with the online Reference PIN value using a script command.
5.4.2.2.2 Regular Configuration You activate the regular configuration in one of the following situations: The values of the offline and online PIN value are synchronized. You wish to migrate to offline PIN.
In the regular configuration, the offline PIN verification can replace signature verification depending on the brand carried by the application. Therefore, the value of the CVM List for the regular configuration differs from that used in the temporary configuration. The different values for the temporary and regular CVM Lists lead to different values in the associated records referred to in the Application File Locator: The regular CVM List is stored in another record referenced by the new AFL. Modifying the CVM List implies modification to other records, essentially the records for SDA, as the CVM List is one of the data elements signed by the issuer.
5-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.5 Consulting the Log of Transactions
If the M/Chip 4 application has not completed at least ten transactions in its lifetime, some of the entries do not represent transactions, but are empty. These empty entries are not retrievable with the READ RECORD (SW1 SW2 = 6A83). The actual implementation is left to the card application developer. To allow for future flexibility in the content of the Transaction Log, the M/Chip 4 application uses the new data element, Log Format (Tag 9F51). The Log Format identifies the content of records in the Log of Transactions. The Log Format is coded in the same way as a Data Object List and its value is fixed for the M/Chip 4 application as defined in the Log Format section of appendix A. The terminal can access the Log Format with a GET DATA, immediately after application selection. The terminal reads the content of the Log of Transactions with the following steps: 1. Select the M/Chip 4 application.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-11
Advanced Features
5.6 Retrieving the Offline Balance
2. Receive the Log Format, as the response to a GET DATA, using Tag 9F51. The Log Format specifies how to interpret the Transaction Logs. 3. Receive the Transaction Logs, as the response to successive READ RECORD C-APDUs, using SFI 11. Record number 1 provides the log for the most recent transaction. Record number 2 provides the log for the most recent transaction 1, record number 3 provides the log for the most recent transaction 2, etc up to ten records (unless the number of records has been extended for the specific implementation). When all records have been retrieved, the card responds with the SW1 SW2 6A83 Record not found.
Note
When the card is new, all Transaction Log records are empty. The terminal can read the Transaction Log without initiating a payment transaction.
Note
5-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.7 Post-Issuance Maintenance
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-13
Advanced Features
5.7 Post-Issuance Maintenance
Tag C5 C7 C8 C9 D1 D3 D5 D6
Data Element Card Issuer Action Code Online CDOL1 Related Data Length CRM Country Code CRM Currency Code Currency Conversion Table Additional Check Data Application Control Default ARPC Response Code
Length 3 1 2 2 25 18 2 2
5-14
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.7 Post-Issuance Maintenance
Data Element Upper Consecutive Offline Limit Log Format Offline Balance Application Life Cycle Data Upper Cumulative Offline Transaction Amount Card Issuer Action Code Decline Card Issuer Action Code Default Card Issuer Action Code Online Counters CDOL1 Related Data Length CRM Country Code CRM Currency Code Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount Currency Conversion Table Additional Check Data Application Control Default ARPC Response Code
Length 1 17 6 48 6 3 3 3 10 1 2 2 6 6 25 18 2 2
Dec 2004 Dec 2004 Dec 2004
The M/Chip 4 application can update the data elements listed in Table 5.4 using the PUT DATA command.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-15
Advanced Features
5.7 Post-Issuance Maintenance
5-16
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.8 Additional Check Table
5.8.1 How the M/Chip Application Checks the Additional Check Table
The M/Chip 4 application checks the Additional Check Table by performing the following steps illustrated in Figure 5.5. 1. Extracts a value from the CDOL 1 Related Data. This value can be up to seven consecutive bytes. You define the part that is extracted from CDOL 1 Related Data at personalization, by setting the following parameters: position in CDOL 1 Related Data length in CDOL 1 Related Data.
position length
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-17
Advanced Features
5.8 Additional Check Table
2. Masks the extracted value to a Bit Mask to force some of the bits to 0b. 3. Compares the masked value with values stored in the Additional Check Table. 4. If the requested value matches a value in the table, sets the Card Verification Results [6][2] (Match found in additional check table) bit to 1b otherwise sets the Card Verification Results [6][1] bit to 1b (No match found in additional check table.) 5. Takes an action depending whether a match is found or not, as defined in the settings of the Card Issuer Action Codes. Refer to the Card Issuer Action Codes section in chapter 2 for further information.
5-18
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.8 Additional Check Table
+
bit mask table value 1 value 2 value 3 CVR comparison masked value =?
match found
1 0
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-19
Advanced Features
5.8 Additional Check Table
Table 5.5Additional Check Table Data Element Position in CDOL 1 Related Data Length 1 Format Binary Description Contains the position of the portion of CDOL 1 Related Data that is compared to the table entries. If the first byte in CDOL 1 Related Data is checked against the entries in the table, the value of Position in CDOL 1 Related Data is 01. Length in CDOL 1 Related Data 1 Binary Contains the length of the portion of CDOL 1 Related Data that is compared to the table entries. Contains the number of values (including the Bit Mask) in the Table Content that are used for the comparison. Contains the concatenation of the values used for the comparison, optionally padded with FF to make up 15 bytes. The first value is used as a Bit Mask.
Number Of Entries
Binary
Entries
15
Binary
Bit Mask
Binary
Value 1
Binary
Binary
5-20
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Advanced Features
5.8 Additional Check Table
entries
offset
length
number
bit mask
val1
val2
...
padding
Note
The M/Chip 4 application accepts extensions to the CDOL 1. It is therefore possible to apply the check on any value that can be requested from the terminal.
To do so, you define the value of the Additional Check Table as 0D0203FFFF00560250FFFFFFFFFFFFFFFFFF. Table 5.6 describes each of the sub-components of this value.
Table 5.6Explanation of Example Addition Check Table Value Data Element Position in CDOL 1 Related Data Length in CDOL 1 Related Data Number Of Entries Entries Bit Mask FFFF The comparison is performed on the complete value of the Terminal Country Code. The Bit Mask is therefore equal to FFFF. Value 0D 02 03 Description Terminal Country Code is located in the thirteenth byte of the CDOL 1 Related Data, i.e. 0D in hexadecimal. The length of the Terminal Country Code is two bytes. The two values in the table used for the comparison are the Terminal Country Code for Belgium and France.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
5-21
Advanced Features
5.8 Additional Check Table
Description The value of the country code for Belgium. The value of the country code for France.
5-22
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
6.1 Personalization Commands and Values ......................................................6-1 6.2 Data Element Personalization Values..........................................................6-2 6.2.1 Persistent Data Elements for Application Selection...........................6-2 6.2.2 Persistent Data Elements Referenced in the AFL...............................6-2 6.2.3 Persistent Data Elements For Card Risk Management.......................6-4 6.2.4 Secret KeysTriple DES Keys ...........................................................6-5 6.2.5 Miscellaneous......................................................................................6-7 6.2.6 Get Processing Options Response .....................................................6-7 6.2.7 Counters and Previous Transaction....................................................6-8 6.2.8 PIN Information ..................................................................................6-8 6.2.9 Data Elements With a Fixed Initial Value ..........................................6-9 6.2.10 Additional Data Elements ...............................................................6-10 6.3 Common Profiles........................................................................................6-10 6.3.1 Profile Assumptions ..........................................................................6-10 6.3.1.1 Cirrus ........................................................................................6-10 6.3.1.2 MasterCard, MasterCard Electronic, and Maestro ...................6-10 6.3.1.3 Settings for Offline PIN Verification........................................6-11 6.3.1.3.1 Modifications to the CVM List ........................................6-11 6.3.1.3.2 Modifications to the Application Control.......................6-12 6.3.1.4 Application Interchange Profile ..............................................6-14 6.3.1.5 Previous Transaction History...................................................6-15 6.3.2 Full Grade Profiles ............................................................................6-16 6.3.2.1 Default ARPC Response Code.................................................6-16 6.3.2.2 Full ChipMasterCardCVM List (Signature + Online PIN + No CVM).....................................................................................6-17 6.3.2.3 Full ChipMasterCardCVM List (Offline Plaintext PIN + Signature + Online PIN + No CVM) ..........................................6-21 6.3.2.3.1 Explanation of Issuer Action Code and Card Issuer Action Code Settings (Full Grade) .................................................6-25 6.3.2.4 Full ChipMaestroCVM List (Online PIN + Signature)......6-27 6.3.2.5 Full Chip Maestro CVM List (Offline Plaintext PIN + Online PIN + Signature) .......................................................................6-30
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-i
6.3.2.6 Full ChipCirrusCVM List (Online PIN).............................6-35 6.3.2.7 Full ChipMasterCardElectronicCVM List (Online PIN + Offline PIN + Signature) ............................................................6-38 6.3.2.8 Full ChipMasterCard ElectronicCVM List (Online PIN + Signature)....................................................................................6-43 6.3.2.9 Full ChipMasterCard ElectronicCVM List (Offline PIN + Signature)....................................................................................6-47 6.3.2.10 Full ChipMasterCard ElectronicCVM List (Signature)....6-51 6.3.3 Magstripe Grade Profiles ..................................................................6-55 6.3.3.1 Default ARPC Response Code.................................................6-55 6.3.3.2 Magstripe GradeMasterCardCVM List (Signature + Online PIN + No CVM).........................................................................6-55 6.3.3.3 Magstripe GradeMasterCardCVM List (Offline Plaintext PIN + Signature + Online PIN + No CVM)...........................6-60 6.3.3.3.1 Explanation of Issuer Action Code and Card Issuer Action Code Settings (Magstripe Grade).............................6-64 6.3.3.4 Magstripe GradeMaestroCVM List (Online PIN + Signature) ..............................................................................................6-65 6.3.3.5 Magstripe GradeMaestroCVM List (Offline Plaintext PIN + Online PIN + Signature).............................................................6-70 6.3.3.6 Magstripe GradeCirrusCVM List (Online PIN) ................6-74 6.3.3.7 Magstripe GradeMasterCard ElectronicCVM List (Online PIN + Offline PIN + Signature)...............................................6-78 6.3.3.8 Magstripe GradeMasterCard ElectronicCVM List (Online PIN + Signature)......................................................................6-82 6.3.3.9 Magstripe GradeMasterCard ElectronicCVM List (Offline PIN + Signature)......................................................................6-86 6.3.3.10 Magstripe GradeMasterCard ElectronicCVM List (Signature).............................................................................................6-90
6-ii
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
personalizer
personalization commands
store data(654... append record(32...
ICC
The card personalizer can hide the implementation details of the card personalization completely from the issuer. In such a case, the personalization role of the issuer is limited to: The preparation of the personalization values for the application data elements The transmission of these values to the card personalizer
The scope of this document is limited to describing the preparation of personalization values for the M/Chip 4 application data elements.
Note
This does not apply to card platforms like MULTOS, where the application load unit is personalized.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-1
Lite and Select The value must be the same as the value for the DF Name in the FCI. Lite and Select Refer to the M/Chip Functional Architecture for Debit and Credit. The M/Chip 4 application does not use the PDOL to receive data from the terminal in the GET PROCESSING OPTIONS. A PDOL, Tag 9F38, in the FCI is not allowed.
A5
Lite and Select 3 numeric a Lite and Select 6 numeric a Lite and Select 6 numeric a Lite and Select Binary a
6-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Element Issuer Action Code default Issuer Action Code denial Issuer Action Code online Application Version Number CDOL 1
Length 5 5 5 2 var.
Application
Format/Value Supported
Lite and Select Binary a b Lite and Select Binary a b Lite and Select Binary a b Lite and Select Binary a Lite and Select Binary. Default values: M/Chip Lite 4 = 9F02069F03069F1A0295055F2A029A039 C019F37049F35019F45029F3403 M/Chip Select 4 = 9F02069F03069F1A0295055F2A029A039 C019F37049F35019F45029F4C089F3403.
For extensions, refer to the Additional Check Table Usage section in chapter 4. 8D CDOL 2 var. Lite and Select Binary. Values are: M/Chip Lite 4 = 910A8A029505 M/Chip Select 4 = 910A8A0295059F37049F4C08. 5F20 8E 5F28 9F4A 57 9F49 8F 9F32 92 93 Cardholder Name c 2 26 Lite and Select Alphanumeric and special characters a Lite and Select Binary a b Lite and Select 3 numeric a Lite and Select Binary d If used, only value allowed = 82. Track-2 Equivalent Data var. up to 19 Lite and Select Binary a DDOL Certification Authority Public Key Index Issuer Public Key Exponent Issuer Public Key Remainder 3 1 var. var. (NI NCA + 36) Select Binary. Mandatory value = 9F3704.
Cardholder Verification var. up to 252 Method (CVM) List Issuer Country Code SDA tag list 2 0 or 1
Lite and Select Binary d Lite and Select Binary d Lite and Select Binary d Lite and Select Binary a d
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-3
Data Element Issuer Public Key Certificate ICC Public Key Exponent ICC Public Key Remainder ICC Public Key Certificate
Application
Format/Value Supported
Refer to the M/Chip Functional Architecture for Debit and Credit. Refer to 6.3 Common Profiles. The cardholder name as encoded in track-1 of the magnetic stripe, if there is a Track-1 on the magstripe. Refer to the M/Chip 4 Security and Key Management manual.
If offline encrypted PIN is supported and if the RSA key for PIN decryption is not the RSA key for signature generation, the data elements listed in Table 6.3 are also referenced in the Application File Locator.
Table 6.3Additional Persistent Data Elements Referenced in the AFL, For Offline Encrypted PIN With a Dedicated Key Format/Value supported Binary a Binary a Binary a
Length var.
Application Select
ICC PIN Encipherment Public Key Remainder var. (NPE NI + Select 42) ICC PIN Encipherment Public Key Certificate var. (NI) Select
Note
The Lower Consecutive Offline Limit, Tag 9F14, and the Upper Consecutive Offline Limit, Tag 9F23, must not appear in a record covered by the AFL. The M/Chip 4 application does not support EMV terminal velocity checking using the LCOL or UCOL.
6-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.4Persistent Data Elements for Card Risk Management Tag 9F14 9F23 CA CB C3 C4 C5 C7 Data Element Lower Consecutive Offline Limit Upper Consecutive Offline Limit Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount Length 1 1 6 6 Application Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Format/Value Supported Binary a Binary a 12 numeric a 12 numeric a Binary b Binary b Binary b Default values: M/Chip Lite 4 = 23 M/Chip Select 4 = 2B.
Card Issuer Action Code Decline 3 Card Issuer Action Code Default Card Issuer Action Code Online CDOL1 Related Data Length 3 3 1
For extensions, refer to the Additional Check Table Usage section in chapter 4. The value must be consistent with the value of CDOL 1. C8 C9 D1 D3 D5 D6
a b
CRM Country Code CRM Currency Code Currency Conversion Table Additional Check Data Application Control Default ARPC Response Code
Refer to appendix A, Data Dictionary. Refer to the 6.3 Common Profiles section.
2 2 25 18 2 2
Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select
Binary a Binary a Binary a. Refer to appendix B. Binary. Refer to chapter 5. Binary a Binary a
Length 16
Application
Select
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-5
Table 6.6Triple DES Master Keys for EPI/MCI and EMV 2000 Session Key Derivation Data Element SM for Integrity Master Key (MKSMI) SM for Confidentiality Master Key (MKSMC) AC Master Key (MKAC)
a
Length 16 16 16
Application
Format/Value Supported
Lite and Select Binary a Lite and Select Binary a Lite and Select Binary a
Table 6.7Personalization Data for EMV2000 Session Key Derivation Data Element CFDC_limit for Integrity Session Key CFDC_limit for Confidentiality Session Key CFDC_limit for AC Session Key
a
Length 1 1 1
Application
Format/Value Supported
Lite and Select Binary a Lite and Select Binary a Lite and Select Binary a
Table 6.8RSA keys (for M/Chip Select 4 only) Data Element Length of ICC Public Key Modulus (NIC) ICC Private Key Length of ICC PIN Encipherment Public Key Modulus (NPE) ICC PIN Encipherment Private Key
a b
Length 1 IS b 1 IS b
Format/Value Supported IS a IS a IS a IS a
The personalization of the Length of ICC PIN Encipherment Public Key Modulus (NPE) and the ICC PIN Encipherment Private Key may be optional on some implementation but must be consistent with the value set for the Application Control at personalization.
6-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Note
The M/Chip Select 4 application accepts any RSA key with modulus in the range [80;128], for both DDA and PIN verification. The storage format of the RSA keys is implementation-specific (RSA computations may choose whether to use the Chinese Remainder Theorem). The card application developer must provide storage format details for the RSA keys.
6.2.5 Miscellaneous
Table 6.9Miscellaneous Persistent Data Elements Tag Data Element Key Derivation Index Length Application Format/Value Supported 1 48 Lite and Select Lite and Select Binary. Refer to the M/Chip 4 Security and Key Management manual. Binary, refer to appendix A. Depending on the possible separation between the loading of the application code and the personalization data on the hardware, only part of the Application Life Cycle Data may be personalized.
Application File Locator Var. The length of the Application File Lite and Locator depends on the organization of Select data elements in records. The record capacity, and therefore the memory needed for the Application File Locator, is specific to each implementation. Application Interchange 2 Profile
Refer to the M/Chip Functional Architecture for Debit and Credit. Refer to the 6.3 Common Profiles section.
82
a b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-7
Lite and Select Binary 0x Issuer-specific Lite and Select Binary, see below
The value of this PIN Try Limit is used to (re)initialize the value of the PIN Try Counter after each successful offline PIN entry or at the reception of a PIN CHANGE/UNBLOCK command.
The reference PIN is stored in a PIN block. Figure 6.2 illustrates the format of the PIN block where: C = Control field, with a value of binary 2 (0010b) N = PIN length, a 4-bit binary number with permissible values of 0100b to 1100b P = PIN digit, a 4-bit field with permissible values of 0000b to 1001b
6-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
P/F = PIN/filler, determined by PIN length F = Filler, a 4-bit binary number with value of 1111b.
12, numeric Lite and Select b b b b b b b b b b b b Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select Lite and Select
Log of The Current Transaction x (x=1...10 20 or more) ATC for Integrity Session Key (ATCSK,i ) CFDC for Integrity Session Key (CFDCSK,i) ATC for Confidentiality Session Key (ATCSK,c) CFDC for Confidentiality Session Key (CFDCSK,c) ATC for AC Session Key (ATCSK,AC) CFDC for AC Session Key (CFDCSK,AC) Application Transaction Counter Global MAC in Script Counter Bad Cryptogram Counter (M/Chip Select 4 only) 2 1 2 1 2 1 2 3 2
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-9
6.3.1.1 Cirrus
This document makes the following assumptions for the profile of Cirrus cards: The application is M/Chip Lite 4. The M/Chip Lite 4 application does not support offline CAM: No SDA No DDA No CDA No offline plaintext PIN verification No offline encrypted PIN verification
Dec 2004
When the application is M/Chip Select 4 and it supports offline PIN, the offline PIN verification must be: Either offline plaintext PIN verification only
6-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
When the application is M/Chip Select 4 and it supports offline encrypted PIN, it may use for PIN encipherment: A DDA public key or A dedicated public key
MasterCard issuers support Voice Authorization. For issuers who support Voice Authorization, the Issuer Action Codes [4][8] (Transaction exceeds floor limit) is set to (0b, 1b, 1b). MasterCard Electronic and Maestro issuers do not support Voice Authorization. For issuers who do not support Voice Authorization, the Issuer Action Codes [4][8] (Transaction exceeds floor limit) is set to (0b, 1b, 0b). MasterCard Electronic has the following value sets: Lower Consecutive Offline Limit (9F14) is 00 Upper Consecutive Offline Limit (9F23) is 00 Lower Cumulative Offline Transaction Amount (CA) is 000000000000 Upper Cumulative Offline Transaction Amount (CB) is 000000000000
Dec 2004
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-11
Table 6.14CVM List (Offline Plaintext PIN + Online PIN + Signature + No CVM) Bit 7 of Byte 1 if CVM Unsuccessful Byte 1 Setting Apply next Apply next Apply next fail 41 5E 42 1F
Byte 2 Setting 03 03 03 03
Table 6.15CVM List (Offline Encrypted PIN + Offline Plaintext PIN + Online PIN + Signature + No CVM) Bit 7 of Byte 1 if CVM Unsuccessful Byte 1 Setting Apply next Apply next Apply next Apply next fail 44 41 5E 42 1F
CVM Offline encrypted PIN Offline Clear PIN Signature Online PIN No CVM
Byte 2 Setting 03 03 03 03 03
6.3.1.3.2 Modifications to the Application Control When offline encrypted PIN verification is activated, Application Control [1][4] = 1b. If the RSA key used for PIN decipherment is the CDA/DDA key, Application Control [1][5] = 0b If the RSA key used for PIN decipherment is a dedicated key, Application Control [1][5] = 1b.
Example Add offline encrypted PIN with dedicated ICC PIN Encipherment public key to the profile with the Application Control as defined in Table 6.16.
6-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.16Example Application Control (1) Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 2 1 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Allow retrieval of balance Include counters in AC Setting 0b 1b 0b 0b 0b 1b 1b 1b 00000b 0b 0b 1b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-13
Byte 2
Bit 8-4 3 2 1
Meaning Reserved Activate additional check table Allow retrieval of balance Include counters in AC
Setting 00000b 0b 0b 1b
Table 6.19AIP for M/Chip Lite 4 Byte 1 Bit 8 7 Meaning Initiate Offline static data authentication is supported Setting 0b 1b = MasterCard and Maestro. 0b = Cirrus.
6-14
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 6 5 4 3 2 1
Meaning Offline dynamic data authentication is supported Cardholder verification is supported Terminal risk management is to be performed Issuer authentication is supported RFU Combined DDA-GENERATE AC supported RFU
Setting 0b 1b 1b 0b 0b 0b 00
8-1
Table 6.21 describes the modifications to the Previous Transaction History that are required when the new card feature is not supported.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-15
Table 6.21Previous Transaction History when New Card Not Supported Byte 1 Bit 8-7 6 5 4 3 2 1 Meaning Reserved Application disabled Application blocked Go Online On Next Transaction Issuer Authentication Failed Script Received Script Failed Setting 00b 0b 0b 0b 0b 0b 0b
6-16
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte 2 Setting 03 03 03
Alternatively, Online PIN and Signature can be reversed to give the following table:
Table 6.24CVM List (Alternative) Bit 7 of Byte 1 if CVM Unsuccessful Byte 1 Setting Apply next Apply next fail 42 5E 1F
Byte 2 Setting 03 03 03
Table 6.25Application Control Byte 1 Bit 8 7 6 5 4 3 2 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Setting 0b 1b 0b 0b 0b 0b 0b = EPI/MCI 1b = EMV 2000
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-17
Byte
Bit 1
8-4 3
00000b 0b = Do not activate additional check table 1b = Activate additional check table
2 1
Table 6.26Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 Meaning Data authentication was not performed Decline 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b RFU RFU 0b 0b Default 1b 1b 1b 1b 1b = Select 0b = Lite 0b 0b 0b 1b 0b 1b 1b = Select 0b = Lite 1b = Select 0b = Lite
Offline static data authentication failed 0b ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed 0b 0b 0b
Chip card and terminal have different 0b application versions Expired application Application not yet effective Requested service not allowed for card product 0b 0b 0b
6-18
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 4 3 2 1
Meaning New card RFU RFU RFU Cardholder verification was not successful
Decline 0b 0b 0b 0b 0b
Online 0b 0b 0b 0b 1b 0b 0b 0b 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 1b 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Unrecognized Cardholder Verification 0b Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-19
Byte
Bit 6 5 4 3 2 1
Decline 0b 0b 0b 0b 0b 0b
Online 0b 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 0b 0b
Table 6.27Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Decline 0b 0b 0b 0b 0b 0b 0b Online 0b 0b 0b 0b 0b Default 0b 0b 0b 0b 0b
0b or 1b 0b 0b or 1b 0b 0b 1b 1b 1b 1b 1b 0b 0b 0b 1b 0b 1b 0b 0b
Terminal Erroneously Considers Offline PIN OK 0b Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed 0b 0b 0b 0b 0b 0b
6-20
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 2 1
Meaning Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table
Decline 0b 0b
Online 1b 1b
Default 0b 0b 000000b
8-3 2 1
000000b 000000b
0b or 1b 0b or 1b 0b or 1b 0b or 1b 0b or 1b 0b or 1b
6.3.2.3 Full ChipMasterCardCVM List (Offline Plaintext PIN + Signature + Online PIN + No CVM)
Table 6.28CVM List Bit 7 of Byte 1 if CVM Unsuccessful Apply next Apply next Apply next Apply next fail Byte 1 Setting 42 41 5E 42 1F Byte 2 Setting 01 03 03 03 03
CVM Online PIN Offline Clear PIN Signature Online PIN No CVM
Alternatively, Online PIN and Signature can be reversed to give the following table:
Table 6.29CVM List (Alternative) Bit 7 of Byte 1 if CVM Unsuccessful Apply next Apply next Apply next Apply next fail Byte 1 Setting 42 41 42 5E 1F Byte 2 Setting 01 03 03 03 03
CVM Online PIN Offline Clear PIN Online PIN Signature No CVM
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-21
Table 6.30Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Setting 0b 1b 0b
Key for offline encrypted PIN verification 0b Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table 0b 1b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b = Do not activate additional check table 1b = Activate additional check table
2 1
Table 6.31Issuer Action Codes Byte 1 Bit 8 7 6 5 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Decline 0b 0b 0b Online 1b 1b 1b 1b Default 1b 1b 1b 1b
6-22
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 4 3 2 1
Meaning
Decline
Online 0b = Lite
Offline dynamic data authentication 0b failed Combined DDA/AC generation failed RFU RFU Chip card and terminal have different application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded a 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b/1b
1b = Select
8 7 6 5 4 3 2 1
8 7 6 5 4 3 2 1
PIN entry required but PIN pad not 0b present/working PIN entry required, PIN pad present 1b/0b but PIN not entered a Online PIN entered RFU RFU Transaction exceeds floor limit 0b 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-23
Byte
Bit 7 6 5 4 3 2 1
Meaning Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful
GENERATE AC
Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b
Online 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Script processing failed before final 0b Script processing failed after final GENERATE AC RFU RFU RFU RFU 0b 0b 0b 0b 0b
Refer to the 6.3.2.3.1 Explanation of Issuer Action Code and Card Issuer Action Code Settings (Full Grade) section for an explanation of the settings.
Table 6.32Card Issuer Action Codes Byte 1 Bit 8 7 6 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Decline 0b 0b 0b Online 0b 0b 0b Default 0b 0b 0b
6-24
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 5 4 3 2 1
Meaning Offline PIN Verification Failed a PTL Exceeded a International Transaction Domestic Transaction
Decline 0b or 1b 0b or 1b 0b 0b
Online 0b or 1b 0b or 1b 0b or 1b 0b or 1b 1b 1b 1b 1b 1b 1b 0b 1b 1b 000000b 0b or 1b 0b or 1b
Default 0b or 1b 0b or 1b 0b 0b 1b 0b 1b 0b 1b 0b 0b 0b 0b 000000b 0b or 1b 0b or 1b
Terminal Erroneously Considers Offline PIN OK 0b Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b or 1b
8 7 6 5 4 3 2 1
8-3 2 1
Refer to the 6.3.2.3.1 Explanation of Issuer Action Code and Card Issuer Action Code Settings (Full Grade) section for an explanation of the settings.
6.3.2.3.1 Explanation of Issuer Action Code and Card Issuer Action Code Settings (Full Grade) The settings for the Issuer Action Code [3] [6] and Card Issuer Action Code [1][4] (PIN Try Limit Exceeded) are as follows:
Setting If issuers .
0b, 0b, 0b
Accept offline magstripe signature-based transaction even when the Online PIN Try Limit is exceeded on the issuer authorization host and want the same card behavior for both chip and magstripe.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-25
Setting
If issuers .
1b, 0b, 0b
Decline any transaction when the Online PIN Try Limit is exceeded on the issuer authorization host and want the same card behavior for both chip and magstripe. Require chip transactions to go online when the terminal detects that offline PIN Try Limit is exceeded but will accept transactions with signature, even if the terminal does not receive a valid online issuer authorization, or if the terminal was offline only. Require chip transactions to go online when the terminal detects that offline PIN Try Limit is exceeded and will only accept signaturebased transactions if the terminal first obtains a valid online issuer approval.
0b, 1b, 0b
0b, 1b, 1b
The settings for the Issuer Action Codes [3][4] (PIN entry required, PIN pad present but PIN not entered) and Card Issuer Action Codes [1] [5] (offline PIN verification failed) are as follows:
Setting 1b, 0b, 0b 0b, 0b, 0b 0b, 1b, 0b If issuers . Do not accept PIN entry bypass. Accept offline signature-based transactions when PIN entry is bypassed. Accept signature-based transactions when PIN entry is bypassed, even if the terminal did not get a valid online issuer authorization, or if the terminal was offline only.
6-26
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte 1 Setting 42 1E
Byte 2 Setting 00 03
Table 6.34Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 2 1 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Setting 0b 0b 0b
Key for offline encrypted PIN verification 0b Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Allow retrieval of balance Include counters in AC 0b 0b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b 0b = Do not include counters in AC 1b = Include counters in AC 0b = Do not activate additional check table 1b = Activate additional check table
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-27
Table 6.35Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6 5 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Decline 0b 0b 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b 1b 0b 0b 1b RFU RFU 0b 0b 1b = Select 0b = Lite Default 1b 1b 1b 1b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 1b 0b 0b 1b 1b = Select 0b = Lite 1b = Select 0b = Lite
Chip card and terminal have different 0b application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU Cardholder verification was not successful 0b 0b 0b 0b 0b 0b 0b 0b
Unrecognized Cardholder Verification 0b Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working 0b 0b
6-28
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 4 3 2 1
Meaning PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used
Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Online 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 1b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6 5 4 3 2 1
0b 0b 0b 0b 0b 0b
Script processing failed after final GENERATE AC RFU RFU RFU RFU
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-29
Table 6.36Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b Online 0b 0b 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 1b 0b 0b 0b 000000b Default 0b 0b 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b 0b
0b or 1b 0b 0b or 1b 0b
6.3.2.5 Full Chip Maestro CVM List (Offline Plaintext PIN + Online PIN + Signature)
New cards must support only Online PIN and Offline PIN. The following settings, except for Signature-related settings, are valid for new cards.
Dec 2004
6-30
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.37CVM Bit 7 of Byte 1 if CVM Unsuccessful Byte 1 Setting Byte 2 Setting Apply next fail Apply next Apply next Apply next fail 42 02 44 41 42 1E 01 04 03 03 00 03
CVM Online PIN Online PIN Offline Encrypted PIN Offline Clear PIN Online PIN Signature
Meaning of Byte 2 If unattended cash. If manual cash. If supported. If supported. Always. If supported.
Dec 2004
Note that Offline Encrypted PIN should be included only if the card supports it. In addition, Signature is not permitted for new cards.
Table 6.38Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Setting 0b 0b 0b 0b 0b 1b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b = Do not activate additional check table. 1b = Activate additional check table
0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-31
Byte
Bit 1
Table 6.39Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Decline 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b Default 1b 1b 1b 1b 1b = Select 0b = Lite 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Card appears on terminal exception 0b file Offline dynamic data authentication 0b failed Combined DDA/AC generation failed RFU RFU Chip card and terminal have different application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
6-32
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte 3
Bit 8 7 6 5 4 3 2 1
Meaning Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded
Decline 0b 0b 0b
Online 1b 0b 1b 1b 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 1b 0b 1b 1b 1b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
PIN entry required but PIN pad not 0b present/working PIN entry required, PIN pad present 0b but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful
GENERATE AC
0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6 5 4 3
Script processing failed before final 0b Script processing failed after final GENERATE AC RFU RFU 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-33
Byte
Bit 2 1
Decline 0b 0b
Online 0b 0b
Default 0b 0b
Table 6.40Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Decline 0b 0b 0b 0b 0b 0b 0b Online 0b 0b 1b 1b 1b 0b or 1b 0b or 1b 1b 1b 1b 1b 1b 1b 0b 1b 1b 000000b 0b or 1b 0b or 1b Default 0b 0b 1b 1b 1b 0b 0b 1b 0b 1b 0b 1b 0b 0b 0b 0b 000000b 0b or 1b 0b or 1b
Terminal Erroneously Considers Offline PIN 0b OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b or 1b
6-34
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte 1 Setting 02
Byte 2 Setting 00
Table 6.42Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Setting 0b 0b 0b 0b 0b 0b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b = Do not activate additional check table 1b = Activate additional check table
2 1
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-35
Table 6.43Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6 5 4 3 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Combined DDA/AC generation failed RFU RFU Decline 0b 0b 0b 0b 0b 0b 0b 0b Online 1b 0b 1b 1b 0b 0b 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b 1b 0b 0b 0b 1b 1b Default 1b 0b 1b 1b 0b 0b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 1b 0b 0b 0b 1b 1b
Chip card and terminal have different application 0b versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
PIN entry required, PIN pad present but PIN not 0b entered Online PIN entered 0b
6-36
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 2 1
Meaning RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final GENERATE
AC
Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Online 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6 5 4 3 2 1
Script processing failed after final GENERATE AC 0b RFU RFU RFU RFU 0b 0b 0b 0b
Table 6.44Card Issuer Action Codes Byte 1 Bit 8 7 6 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Decline 0b 0b 0b Online 0b 0b 0b Default 0b 1b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-37
Byte
Bit 5 4 3 2 1
Meaning Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction
Decline 0b 0b 0b 0b
Online 0b 0b 1b 1b 0b 0b 0b 0b 0b 1b 0b 0b 0b 000000b 0b 0b
Default 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b 0b
Terminal Erroneously Considers Offline PIN OK 0b Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b 0b
8 7 6 5 4 3 2 1
8-3 2 1
Dec 2004
Byte 1 Setting 42 44 41
Byte 2 Setting 01 03 03
Offline Apply next Encrypted PIN Offline Clear PIN Apply next
6-38
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte 1 Setting 42 1E
Byte 2 Setting 03 03
The CVM entry for Online PIN where the Byte 2 setting is 01 should be included if the card is intended to be accepted at ATM. The entry for Offline Encrypted PIN should be included only if the card supports it.
Table 6.46Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Setting 0b 0b 0b 1b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters 0b = DDA key 1b = Dedicated key 0b = DDA key 1b = Dedicated key
00000b 0b = Do not activate additional check table 1b = Activate additional check table
2 1
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-39
Table 6.47Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6 5 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Combined DDA/AC generation failed RFU RFU Chip card and terminal have different application versions Expired application Application not yet effective Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b 1b 0b 1b 0b Default 1b 1b 1b 1b 1b = Select 0b = Lite 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 1b 0b 1b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Dec 2004
Requested service not allowed for 0b card product New card RFU RFU RFU Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working 0b 0b 0b 0b 0b 0b 0b 0b
6-40
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 4 3 2 1
Meaning PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded
Decline 0b 0b 0b 0b 0b 0b 0b
Online 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 1b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Dec 2004
8 7 6 5 4 3 2 1
Transaction selected randomly for 0b online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final GENERATE AC 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Script processing failed after final 0b GENERATE AC RFU RFU RFU RFU 0b 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-41
Table 6.48Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0000000b 0b or 1b 0b or 1b Online 0b 0b 0b 1b 1b 0b or 1b 0b or 1b 0b 1b 1b 1b 1b 1b 0b 1b 1b 0000000b 0b or 1b 0b or 1b Default 0b 1b 0b 1b 1b 0b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 0000000b 0b or 1b 0b or 1b
Dec 2004
6-42
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Dec 2004
Byte 2 Setting 03 03
Table 6.50Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Setting 0b 0b 0b 0b 0b 0b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b = Do not activate additional check table 1b = Activate additional check table 0b 0b = Do not include counters in AC 1b = Include counters in AC
2 1
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-43
Table 6.51Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6 5 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Decline 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b 1b 0b 0b 0b Default 1b 1b 1b 1b 1b = Select 0b = Lite 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 1b 0b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Dec 2004
Card appears on terminal exception 0b file Offline dynamic data authentication 0b failed Combined DDA/AC generation failed RFU RFU Chip card and terminal have different application versions Expired application Application not yet effective 0b 0b 0b 0b 0b
Requested service not allowed for 0b card product New card RFU RFU RFU Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded 0b 0b 0b 0b 0b 0b 0b/1b
6-44
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 4 3 2 1
Meaning
Decline
Online 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 1b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Dec 2004
PIN entry required, PIN pad present0b but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Transaction selected randomly for 0b online processing Merchant forced transaction online 0b RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful
GENERATE AC
0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Script processing failed before final 0b Script processing failed after final GENERATE AC RFU RFU RFU RFU 0b 0b 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-45
Table 6.52Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Decline 0b 0b 0b 0b 0b 0b 0b Online 0b 0b 0b 0b 0b 0b or 1b 0b or 1b 0b 1b 1b 1b 1b 1b 0b 1b 1b 000000b Default 0b 0b 0b 0b 0b 0b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 000000b 0b or 1b 0b or 1b
Dec 2004
Terminal Erroneously Considers Offline PIN 0b OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table 0b 0b 0b 0b 0b 0b 0b 0b 000000b
0b or 1b 0b or 1b
6-46
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Dec 2004
Byte 1 Setting 42 44 41 1E
Byte 2 Setting 01 03 03 03
Offline Apply next Encrypted PIN Offline Clear PIN Signature Apply next Fail
The CVM entry for Online PIN should be included if the card is intended to be accepted at ATM. The entry for Offline Encrypted PIN should be included only if the card supports it.
Table 6.54Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Setting 0b 0b 0b 1b 0b = EPI/MCI 1b = EMV 2000. 0b = Do not encrypt offline counters 1b = Encrypt offline counters 0b = DDA key 1b = Dedicated Key 0b = if not supported 1b = if supported
00000b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-47
Byte
Bit 3 2 1
Meaning Activate additional check table Allow retrieval of balance Include counters in AC
Setting 0b 0b = Do not include counters in AC 1b = Include counters in AC 0b = Do not activate additional check table 1b = Activate additional check table
Dec 2004
Table 6.55Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Decline 0b 0b 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b RFU RFU 0b 0b 1b = Select 0b = Lite Default 1b 1b 1b 1b 0b 0b 0b 1b 0b 1b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Chip card and terminal have different 0b application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU 0b 0b 0b 0b 0b
6-48
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 2 1
Decline 0b 0b 0b
Online 0b 0b 1b 0b 1b 0b 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 1b 0b 1b 0b 1b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Dec 2004
8 7 6 5 4 3 2 1
Unrecognized Cardholder Verification 0b Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6 5
0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-49
Byte
Bit 4 3 2 1
Decline 0b 0b 0b 0b
Online 0b 0b 0b 0b
Default 0b 0b 0b 0b
Dec 2004
Table 6.56Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b Online 0b 0b 0b 1b 1b 1b 1b 0b 1b 1b 1b 1b 1b 0b 0b 0b 000000b Default 0b 0b 0b 1b 1b 1b 1b 0b 0b 1b 0b 1b 0b 0b 0b 0b 000000b
6-50
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 2 1
Meaning Match Found In Additional Check Table No Match Found In Additional Check Table
Decline
Online
Default 0b 0b
Dec 2004
0b or 1b 0b 0b or 1b 0b
CVM Signature
Byte 1 Setting 1E
Byte 2 Setting 03
Table 6.58Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 2 1 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Setting 0b 0b 0b
Key for offline encrypted PIN verification 0b Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Allow retrieval of balance Include counters in AC 0b 0b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b 0b = Do not include counters in AC 1b = Include counters in AC 0b = Do not activate additional check table 1b = Activate additional check table
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-51
Table 6.59Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6 5 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Decline 0b 0b 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b 1b 0b 0b 0b RFU RFU 0b 0b 1b = Select 0b = Lite Default 1b 1b 1b 1b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 1b 0b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Dec 2004
Chip card and terminal have different 0b application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU Cardholder verification was not successful 0b 0b 0b 0b 0b 0b 0b 0b
Unrecognized Cardholder Verification 0b Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working 0b 0b
6-52
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 4 3 2 1
Meaning PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final
GENERATE AC
Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Online 0b 0b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Dec 2004
8 7 6 5 4 3 2 1
8 7 6 5 4 3 2 1
Script processing failed after final GENERATE AC RFU RFU RFU RFU
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-53
Table 6.60Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b Online 0b 0b 0b 0b 0b 1b 1b 0b 1b 1b 1b 1b 1b 0b 0b 0b 000000b Default 0b 0b 0b 0b 0b 1b 1b 0b 0b 1b 0b 1b 0b 0b 0b 0b 000000b 0b 0b
Dec 2004
0b or 1b 0b 0b or 1b 0b
6-54
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte 1 Setting 5E 42 1F
Byte 2 Setting 03 03 03
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-55
Alternatively, Online PIN and Signature can be reversed to give the following table.
Table 6.63CVM List (Alternative) Bit 7 of Byte 1 if CVM Unsuccessful Apply next Apply next fail
Dec 2004
Byte 1 Setting 42 5E 1F
Byte 2 Setting 03 03 03
Table 6.64Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Setting 1b 1b 0b 0b 0b 0b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b = Do not activate additional check table 1b = Activate additional check table
2 1
6-56
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.65Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6 5 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Combined DDA/AC generation failed RFU RFU Chip card and terminal have different application versions Expired application Application not yet effective Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b Default 1b 1b 1b 1b 1b = Select 0b = Lite 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Requested service not allowed for 0b card product New card RFU RFU RFU Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working 0b 0b 0b 0b 1b 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-57
Byte
Bit 4 3 2 1
Meaning PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded
Decline 1b 0b 0b 0b 0b 0b 0b
Online 0b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Transaction selected randomly for 0b online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final GENERATE AC 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Script processing failed after final 0b GENERATE AC RFU RFU RFU RFU 0b 0b 0b 0b
6-58
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.66Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0000000b 0b or 1b 0b or 1b Online 0b 0b 0b 0b 0b 0b or 1b 0b or 1b 0b 1b 1b 1b 1b 1b 0b 1b 1b 0000000b 0b or 1b 0b or 1b Default 0b 0b 0b 0b 0b 0b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 0000000b 0b or 1b 0b or 1b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-59
6.3.3.3 Magstripe GradeMasterCardCVM List (Offline Plaintext PIN + Signature + Online PIN + No CVM)
Table 6.67CVM List Bit 7 of Byte 1 if CVM Unsuccessful Byte 1 Setting Apply next Apply next Apply next Apply next fail 42 41 5E 42 1F
CVM Online PIN Offline Clear PIN Signature Online PIN No CVM
Byte 2 Setting 01 03 03 03 03
Alternatively, Online PIN and Signature can be reversed to give the following table.
Table 6.68CVM List (Alternative) Bit 7 of Byte 1 if CVM Unsuccessful Byte 1 Setting Apply next Apply next Apply next Apply next fail 42 41 42 5E 1F
Dec 2004
CVM Online PIN Offline Clear PIN Online PIN Signature No CVM
Byte 2 Setting 01 03 03 03 03
Table 6.69Application Control Byte 1 Bit 8 7 6 5 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Setting 1b 1b 0b 0b
6-60
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 4 3 2 1
Meaning Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table
Setting 0b 1b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
8-4 3
00000b 0b = Do not activate additional check table 1b = Activate additional check table
2 1
Table 6.70Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Decline 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b Default 1b 1b 1b 1b 1b = Select 0b = Lite 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Card appears on terminal exception 0b file Offline dynamic data authentication 0b failed Combined DDA/AC generation failed RFU RFU 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-61
Byte 2
Bit 8 7 6 5 4 3 2 1
Meaning Chip card and terminal have different application versions Expired application Application not yet effective
Decline 0b 0b 0b
Online 0b 1b 1b 1b 0b 0b 0b 0b 0b 0b 0b/1b 0b 0b 1b 0b 0b 1b 0b 0b 1b 1b 0b
Default 0b 1b 0b 1b 0b 0b 0b 0b 0b 0b 0b/1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b
Requested service not allowed for 0b card product New card RFU RFU RFU Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded a 0b 0b 0b 0b 1b 0b 0b/1b
8 7 6 5 4 3 2 1
PIN entry required but PIN pad not 0b present/working PIN entry required, PIN pad present but PIN not entered a Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded 1b/0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3
Transaction selected randomly for 0b online processing Merchant forced transaction online 0b RFU 0b
6-62
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 2 1
Meaning RFU RFU Default TDOL used Issuer Authentication was unsuccessful
GENERATE AC
Decline 0b 0b 0b 0b
Online 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Script processing failed before final 0b Script processing failed after final GENERATE AC RFU RFU RFU RFU 0b 0b 0b 0b 0b
Refer to the 6.3.3.3.1 Explanation of Issuer Action Code and Card Issuer Action Code Settings (Magstripe Grade) section for an explanation of the settings.
Table 6.71Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed a PTL Exceeded a International Transaction Domestic Transaction Decline 0b 0b 0b Online 0b 0b 0b Default 0b 0b 0b 0b 0b or 1b 0b 0b 1b 0b 1b
0b or 1b 0b 0b or 1b 0b or 1b 0b 0b 0b or 1b 0b or 1b 1b 1b 1b
Terminal Erroneously Considers Offline PIN 0b OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-63
Byte
Bit 6 5 4 3 2 1
Meaning Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table
Decline 0b 0b 0b 0b 0b 0b 000000b
Online 1b 1b 1b 0b 1b 1b 000000b
Default 0b 1b 0b 0b 0b 0b 000000b 0b or 1b 0b or 1b
8-3 2 1
0b or 1b 0b or 1b
Refer to the 6.3.3.3.1 Explanation of Issuer Action Code and Card Issuer Action Code Settings (Magstripe Grade) section for an explanation of the settings.
6.3.3.3.1 Explanation of Issuer Action Code and Card Issuer Action Code Settings (Magstripe Grade) The settings for the Issuer Action Code [3] [6] and Card Issuer Action Code [1][4] (PIN Try Limit Exceeded) are as follows:
Setting 0b, 0b, 0b If issuers . Accept offline magstripe signature-based transaction even when the Online PIN Try Limit is exceeded on the issuer authorization host and want the same card behavior for both chip and magstripe. Decline any transaction when the Online PIN Try Limit is exceeded on the issuer authorization host and want the same card behavior for both chip and magstripe. Require chip transactions to go online when the terminal detects that offline PIN Try Limit is exceeded but will accept transactions with signature, even if the terminal does not receive a valid online issuer authorization, or if the terminal was offline only. Require chip transactions to go online when the terminal detects that offline PIN Try Limit is exceeded and will only accept signaturebased transactions if the terminal first obtains a valid online issuer approval.
1b, 0b, 0b
0b, 1b, 0b
0b, 1b, 1b
6-64
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
The settings for the Issuer Action Codes [3][4] (PIN entry required, PIN pad present but PIN not entered) and Card Issuer Action Codes [1] [5] (offline PIN verification failed) are as follows:
Setting 1b, 0b, 0b 0b, 0b, 0b If issuers . Do not accept PIN entry bypass. Accept offline signature-based transactions when PIN entry is bypassed.
Byte 1 Setting 42 1E
Byte 2 Setting 00 03
Table 6.73Application Control Byte 1 Bit 8 7 6 5 4 3 2 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Setting 1b 0b 0b 0b 0b 0b 0b = EPI/MCI 1b = EMV 2000
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-65
Byte
Bit 1
Meaning Encrypt offline counters Reserved Activate additional check table Allow retrieval of balance Include counters in AC
8-4 3 2 1
00000b 0b 0b = Do not include counters in AC 1b = Include counters in AC 0b = Do not activate additional check table 1b = Activate additional check table
6-66
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.74Issuer Action Codes Byte 1 Bit 8 7 6 5 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Decline 0b 0b 0b Online 1b 1b 1b 1b Default 1b 1b 1b 1b
4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6
Offline dynamic data authentication 0b failed Combined DDA/AC generation failed RFU RFU Chip card and terminal have different application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded 0b 0b 0b 0b 0b 1b 0b 0b 0b 0b 1b 0b 0b
1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b
1b = Select 0b = Lite 0b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-67
Byte
Bit 5 4 3 2 1
Meaning
Decline
Online 1b 0b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 1b 0b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
PIN entry required but PIN pad not 0b present/working PIN entry required, PIN pad present 1b but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful
GENERATE AC
0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6 5 4 3 2 1
Script processing failed before final 0b Script processing failed after final GENERATE AC RFU RFU RFU RFU 0b 0b 0b 0b 0b
6-68
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.75Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b 0b Online 0b 0b 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 1b 0b 0b 0b 000000b 0b 0b Default 0b 0b 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-69
6.3.3.5 Magstripe GradeMaestroCVM List (Offline Plaintext PIN + Online PIN + Signature)
New cards must support only Online PIN and Offline PIN. The following settings, except for Signature-related settings, are valid for new cards.
Table 6.76CVM List Bit 7 of Byte 1 if CVM Unsuccessful Apply next Fail
Dec 2004
Byte 1 Setting 42 02 44 41 42 1E
Byte 2 Setting 01 04 03 03 00 03
Meaning of Byte 2 If unattended cash If manual cash If supported If supported Always If supported
Dec 2004 Dec 2004
Offline Encrypted PIN Apply next Offline Clear PIN Online PIN Signature Apply next Apply next Fail
Note that Offline Encrypted PIN should be included only if the card supports it. In addition, Signature is not permitted for new cards.
Table 6.77Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Setting 1b 0b 0b 0b 0b 1b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b
6-70
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 3 2 1
Meaning Activate additional check table Allow retrieval of balance Include counters in AC
Setting 0b 0b = Do not include counters in AC 1b = Include counters in AC 0b = Do not activate additional check table 1b = Activate additional check table
Table 6.78Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 Meaning Decline Online 1b 1b 1b 1b RFU RFU Chip card and terminal have different application versions Expired application Application not yet effective 0b 0b 0b 0b 0b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 0b 0b 0b 0b Default 1b 1b 1b 1b 1b = Select 0b = Lite 0b 0b 0b 1b 0b 0b 0b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Data authentication was not performed 0b Offline static data authentication failed 0b ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Combined DDA/AC generation failed 0b 0b 0b
Requested service not allowed for card 1b product New card RFU RFU 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-71
Byte
Bit 1
Meaning RFU Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used
Decline 0b 1b 0b 1b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Online 0b 0b 0b 0b 1b 0b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 1b 0b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6 5 4 3 2 1
8 7 6 5 4
0b 0b 0b
6-72
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 3 2 1
Decline 0b 0b 0b
Online 0b 0b 0b
Default 0b 0b 0b
Table 6.79Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table Decline 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b or 1b Online 0b 0b 1b 0b 0b 0b or 1b 0b or 1b 1b 1b 1b 1b 1b 1b 0b 1b 1b 0b 0b or 1b Default 0b 0b 1b 0b 0b 0b 0b 1b 0b 1b 0b 1b 0b 0b 0b 0b 0b 0b or 1b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-73
Byte
Bit 1
Decline 0b or 1b
Online 0b or 1b
Default 0b or 1b
Byte 1 Setting 02
Byte 2 Setting 00
Table 6.81Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 2 1 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Allow retrieval of balance Include counters in AC Setting 1b 0b 0b 0b 0b 0b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b 0b = Do not include counters in AC 1b = Include counters in AC 0b = Do not activate additional check table 1b = Activate additional check table
6-74
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.82Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6 5 4 3 2 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Combined DDA/AC generation failed RFU RFU Chip card and terminal have different application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU Cardholder verification was not successful Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 1b 0b 0b 0b 0b 1b Online 1b 0b 1b 1b 0b 0b 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 1b 0b Default 1b 0b 1b 1b 0b 0b 0b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 1b 0b
PIN entry required but PIN pad not present/working 1b PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU 1b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-75
Byte
Bit 1
Meaning RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded
Decline 0b 0b 0b 0b
Online 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Transaction selected randomly for online processing 0b Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final GENERATE AC Script processing failed after final GENERATE AC RFU RFU RFU RFU 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
Table 6.83Card Issuer Action Codes Byte 1 Bit 8 7 6 5 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed Decline 0b 0b 0b 0b Online 0b 0b 0b 0b Default 0b 1b 0b 0b
6-76
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 4 3 2 1
Meaning PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table
Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b 0b
Online 0b 1b 1b 0b 0b 0b 0b 0b 1b 0b 0b 0b 000000b 0b 0b
Default 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b 0b 0b
8 7 6 5 4 3 2 1
8-3 2 1
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-77
6.3.3.7 Magstripe GradeMasterCard ElectronicCVM List (Online PIN + Offline PIN + Signature)
Table 6.84CVM List Bit 7 of Byte 1 if CVM Unsuccessful Apply next
Dec 2004
Byte 1 Setting 42 44 41 42 1E
Byte 2 Setting 01 03 03 03 03
Offline Encrypted Apply next PIN Offline Clear PIN Apply Next Online PIN Signature Apply Next Fail
The CVM entry for Online PIN where the Byte 2 setting is 01 should be included if the card is intended to be accepted at ATM. The entry for Offline Encrypted PIN should be included only if the card supports it.
Table 6.85Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Setting 1b 0b 0b 0b = DDA key 1b = Dedicated Key 0b = if not supported 1b = if supported
Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved 1b
0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b
6-78
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 3 2 1
Meaning Activate additional check table Allow retrieval of balance Include counters in AC
Setting 0b 0b = Do not include counters in AC 1b = Include counters in AC 0b = Do not activate additional check table 1b = Activate additional check table
Dec 2004
Table 6.86Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Decline 0b 0b 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b RFU RFU 0b 0b 1b = Select 0b = Lite Default 1b 1b 1b 1b 0b 0b 0b 1b 0b 1b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Chip card and terminal have different 0b application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU 0b 0b 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-79
Byte
Bit 2 1
Decline 0b 0b 1b
Online 0b 0b 0b 0b 1b 0b 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 1b 0b 1b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Dec 2004
8 7 6 5 4 3 2 1
Unrecognized Cardholder Verification 0b Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final
GENERATE AC
0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6
6-80
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 5 4 3 2 1
Meaning Script processing failed after final GENERATE AC RFU RFU RFU RFU
Decline 0b 0b 0b 0b 0b
Online 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 0b
Dec 2004
Table 6.87Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b Online 0b 0b 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 1b 0b 0b 0b Default 0b 0b 0b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-81
Byte 3
Bit 8-3 2 1
Meaning Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table
Decline 000000b
Online 000000b
Default 000000b 0b 0b
Dec 2004
0b or 1b 0b 0b or 1b 0b
Byte 1 Setting 42 1E
Byte 2 Setting 00 03
Table 6.89Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Setting 1b 0b 0b
Key for offline encrypted PIN verification 0b Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table 0b 0b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b = Do not activate additional check table 1b = Activate additional check table
6-82
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 2 1
Table 6.90Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 Meaning Data authentication was not performed Decline 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b 0b RFU RFU 0b 0b 1b = Select 0b = Lite Default 1b 1b 1b 1b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Offline static data authentication failed 0b ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed 0b 0b 0b
Chip card and terminal have different 0b application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU Cardholder verification was not successful 0b 0b 0b 0b 0b 0b 0b 1b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-83
Byte
Bit 7 6 5 4 3 2 1
Meaning
Decline
Online 0b 0b 0b 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 0b 1b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Dec 2004
Unrecognized Cardholder Verification 0b Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final
GENERATE AC
0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6 5 4 3 2
6-84
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 1
Meaning RFU
Decline 0b
Online 0b
Default 0b
Dec 2004
Table 6.91Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b Online 0b 0b 0b 0b 0b 1b 1b 0b 1b 1b 1b 1b 1b 0b 0b 0b 000000b Default 0b 1b 0b 0b 0b 1b 1b 0b 0b 1b 0b 1b 0b 0b 0b 0b 000000b 0b 0b
0b or 1b 0b 0b or 1b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-85
Dec 2004
Byte 1 Setting 42 44 41 1E
Byte 2 Setting 01 03 03 03
The CVM entry for Online PIN should be included if the card is intended to be accepted at ATM. The entry for Offline Encrypted PIN should be included only if the card supports it.
Table 6.93Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Setting 1b 0b 0b 0b =DDA key 1b =Dedicated Key 0b = if not supported 1b = supported
Key for offline encrypted PIN verification Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table 1b
0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b = Do not activate additional check table 1b = Activate additional check table
6-86
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 2 1
Table 6.94Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Decline 0b 0b 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b RFU RFU 0b 0b 1b = Select 0b = Lite Default 1b 1b 1b 1b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Chip card and terminal have different 0b application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU 0b 0b 0b 0b 0b 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-87
Byte 3
Bit 8 7 6 5 4 3 2 1
Decline 1b
Online 0b 0b 1b 0b 1b 1b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 1b 0b 0b 1b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Dec 2004
Unrecognized Cardholder Verification 0b Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
8 7 6 5 4 3 2 1
8 7 6 5 4 3
0b 0b 0b 0b
6-88
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Byte
Bit 2 1
Decline 0b 0b
Online 0b 0b
Default 0b 0b
Dec 2004
Table 6.95Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b Online 0b 0b 1b 1b 0b 1b 1b 0b 1b 1b 1b 1b 1b 0b 0b 0b 000000b Default 0b 1b 1b 1b 0b 1b 1b 0b 0b 1b 0b 1b 0b 0b 0b 0b 000000b 0b 0b
0b or 1b 0b 0b or 1b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-89
Dec 2004
CVM Signature
Byte 1 Setting 1E
Byte 2 Setting 03
Table 6.97Application Control Byte 1 Bit 8 7 6 5 4 3 2 1 2 8-4 3 2 1 Meaning Magstripe grade issuer activated Skip CIAC-default on CAT3 Reserved Setting 1b 0b 0b
Key for offline encrypted PIN verification 0b Offline encrypted PIN verification Offline plaintext PIN verification Session key derivation Encrypt offline counters Reserved Activate additional check table Allow retrieval of balance Include counters in AC 0b 0b 0b = EPI/MCI 1b = EMV 2000 0b = Do not encrypt offline counters 1b = Encrypt offline counters
00000b 0b 0b = Do not include counters in AC 1b = Include counters in AC 0b = Do not activate additional check table 1b = Activate additional check table
6-90
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.98Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8 7 6 5 Meaning Data authentication was not performed Offline static data authentication failed ICC data missing Card appears on terminal exception file Offline dynamic data authentication failed Decline 0b 0b 0b 0b 0b Online 1b 1b 1b 1b 1b = Select 0b 0b = Lite 0b 0b 0b 1b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b RFU RFU 0b 0b 1b = Select 0b = Lite Default 1b 1b 1b 1b 0b 0b 0b 1b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 1b = Select 0b = Lite 1b = Select 0b = Lite
Dec 2004
Chip card and terminal have different 0b application versions Expired application Application not yet effective Requested service not allowed for card product New card RFU RFU RFU Cardholder verification was not successful 0b 0b 0b 0b 0b 0b 0b 1b
Unrecognized Cardholder Verification 0b Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working 0b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-91
Byte
Bit 4 3 2 1
Meaning PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU RFU RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final
GENERATE AC
Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Online 0b 0b 0b 0b 1b 0b 0b 1b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Default 0b 0b 0b 0b 1b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
Dec 2004
8 7 6 5 4 3 2 1
8 7 6 5 4 3 2 1
Script processing failed after final GENERATE AC RFU RFU RFU RFU
6-92
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 6.99Card Issuer Action Codes Byte 1 Bit 8 7 6 5 4 3 2 1 2 8 7 6 5 4 3 2 1 3 8-3 2 1 Meaning Reserved-No Meaning Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Failed PTL Exceeded International Transaction Domestic Transaction Terminal Erroneously Considers Offline PIN OK Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Issuer Authentication Failed Script Received Script Failed Reserved-No Meaning Match Found In Additional Check Table No Match Found In Additional Check Table Decline 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 000000b Online 0b 0b 0b 0b 0b 1b 1b 0b 1b 1b 1b 1b 1b 0b 0b 0b 000000b Default 0b 1b 0b 0b 0b 1b 1b 0b 0b 1b 0b 1b 0b 0b 0b 0b 000000b 0b 0b
Dec 2004
0b or 1b 0b 0b or 1b 0b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
6-93
7.1 Overview ......................................................................................................7-1 7.2 Authorization Request and Clearing Data Handling...................................7-1 7.2.1 Application Interchange Profile..........................................................7-2 7.2.1.1 M/Chip Select 4..........................................................................7-2 7.2.2 M/Chip Lite 4 ................................................................................7-2 7.2.2 Application Cryptogram......................................................................7-2 7.2.2.1 Step 1: Derive the Session Key .................................................7-2 7.2.2.2 Step 2 : Build the MAC Input ....................................................7-3 7.2.2.2.1 Online Counters not Included in the MAC......................7-3 7.2.2.2.2 Online Counters Included in MAC ..................................7-4 7.2.2.3 Step 3: Compute the MAC.........................................................7-4 7.2.3 Cryptogram Information Data ............................................................7-4 7.2.4 Issuer Application Data ......................................................................7-4 7.2.4.1 Length of Issuer Application Data ............................................7-4 7.2.4.2 Key Derivation Index ................................................................7-5 7.2.4.3 Cryptogram Version Number ....................................................7-5 7.2.4.4 Card Verification Results............................................................7-6 7.2.4.5 DAC/ICC Dynamic Number 2 Bytes .........................................7-6 7.2.4.5.1 M/Chip Select 4 ................................................................7-6 7.2.4.5.2 M/Chip Lite 4 ....................................................................7-7 7.2.4.6 Plaintext/Encrypted Counters....................................................7-7 7.2.5 Terminal Verification Results..............................................................7-7 7.2.6 Unpredictable Number .......................................................................7-7 7.2.7 Remaining Data Elements...................................................................7-7 7.3 Preparing the Authorization Response........................................................7-8 7.3.1 Issuer Authentication Data .................................................................7-8 7.3.1.1 Step 1: Build the ARPC Response Code ...................................7-8 7.3.1.2 Step 2: Build the Authorization Response Cryptogram............7-8 7.3.2 Issuer Script.........................................................................................7-9 7.3.2.1 Step 1: Build the Cryptogram Input..........................................7-9 7.3.2.2 Step 2: Compute the Cryptogram..............................................7-9 7.3.2.3 Step 3: Build the C-APDUs........................................................7-9
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
7-i
7.3.2.4 Step 4: Build the Script ..............................................................7-9 7.4 Personalization ...........................................................................................7-10 7.4.1 Overview ...........................................................................................7-10 7.4.2 Step 1: Build the Personalization Values .........................................7-10
7-ii
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
7.1 Overview
This chapter describes the differences between M/Chip Lite 2.1 and M/Chip Select 4 or M/Chip Lite 4 applications for you to consider when preparing your migration. The first sections describes differences that impact your authorization and clearing systems, covering the following tasks: Handling the authorization request and clearing data Preparing the authorization response
These sections only consider the sub-elements in the ICC System Related Data (DE 55) data element. The final section describes the impact of the migration on the application personalization values.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
7-1
Tag 9F1A
Format b2
Different? No
7-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
If the M/Chip 4 application is personalized to allow the use of the EMV 2000 session key derivation algorithm, session key derivation is different to M/Chip Lite 2.1. Refer to the M/Chip 4 Security and Key Management manual for details of this method.
The impact of the migration is as follows: For clearing, the M/Chip 4 application Terminal Verification Results may require modification, as described in the Clearing section in chapter 4, Issuer Host Processing of Transactions. There is no impact for authorization. The Card Verification Results length in the M/Chip 4 applications is longer than in the M/Chip Lite 2.1, as indicated in bold in Table 7.2.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
7-3
7.2.2.2.2 Online Counters Included in MAC If the offline counters are included in the MAC input, the MAC input for the M/Chip 4 applications contains eight additional bytes as follows: The concatenation of the Cumulative Offline Transaction Amount, the Consecutive Offline Transactions Number and FF if the counters are sent in clear (i.e. if the Application Control [1][1] = 0b) The encrypted counters (eight bytes), if the counters are sent encrypted (i.e. if the Application Control [1][1] = 1b). Refer to the M/Chip 4 Security and Key Management manual for details.
7-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
b7
x 0
b6
x 0
b5
x 1
b4
b3
b2
b1
Meaning
Version 4, other value RFU
x 0
x 0 x
0
1 x 0 1
In M/Chip Lite 2.1, the recommended value for the Cryptogram Version Number is 01. Therefore, the values of the Cryptogram Version Number differentiate between application versions as follows:
If . Cryptogram Version Number [8-5] = 0000b Cryptogram Version Number [8-5] = 0001b Indicates M/Chip Lite 2.1 Application. M/Chip Select 4 or M/Chip Lite 4 Application.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
7-5
For the M/Chip 4 applications, the values of the Cryptogram Version Number indicate the session key derivation type used and whether online counters are included in AC data as follows:
If Cryptogram Version Number [8-5] = 0001b and Indicates Cryptogram Version Number [2]= 0b Cryptogram Version Number [2]= 1b Cryptogram Version Number [1]= 0b Cryptogram Version Number [1]= 1b EPI/MCI session key derivation. EMV2000 session key derivation. Counters are not included in AC data. Counters are included in AC data, as they appear in the Issuer Application Data, i.e. in plaintext or encrypted.
Note
The M/Chip 4 applications control the value of the Cryptogram Version Number and will adapt to any modification of the cryptographic features activated. A modification of the Application Control [1][2] or of the Application Control [2][1] via a script will be automatically reflected in the value of the Cryptogram Version Number provided by the application.
7-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
7.2.4.5.2 M/Chip Lite 4 The DAC/ICC Dynamic Number 2 Bytes is unchanged between M/Chip Lite 2.1 and M/Chip Lite 4.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
7-7
7-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
7-9
7.4 Personalization
7.4.1 Overview
Neither the M/Chip Lite 2.1 application nor the M/Chip 4 applications specify personalization commands and therefore this section cannot describe potential differences in the execution of these commands. However, personalization can be broken down into two steps: 1. Build the personalization values. 2. Personalize the application with the personalization values. The following section describes the impact of the migration on step 1 only.
Note
Depending on the actual implementation of each application, there may be other data elements requiring personalization. This section does not consider such data elements.
7-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table 7.6Personalization Data Elements Data Element AID FCI Application Currency Code (or CRM Currency Code) Application Effective Date Application Expiration Date Application Usage Control Application Primary Account Number Application PAN Sequence Number Issuer Action Code Default Issuer Action Code Denial Issuer Action Code Online Application Version Number CDOL 1 CDOL 2 Cardholder Name Lite 2.1 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Lite 4 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y N Select 4 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Migration Impact No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. New bit for CDA in M/Chip Select 4. New bit for CDA in M/ Chip Select 4. New bit for CDA in M/ Chip Select 4. No impact. Values differ for the three applications. Values differ for the three applications. No impact. New CVM for Encrypted PIN for M/Chip Select 4. No impact. No impact. No impact. New data element for M/ Chip Select 4. No impact. No impact. No impact. No impact. No impact. New data element for M/ Chip Select 4.
Cardholder Verification Method Y (CVM) List Issuer Country Code SDA Tag List Track-2 Equivalent Data DDOL Certification Authority Public Key Index Issuer Public Key Certificate Issuer Public Key Exponent Issuer Public Key Remainder Signed Application Data ICC Public Key Certificate Y Y Y N Y Y Y Y Y N
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
7-11
Data Element ICC Public Key Exponent ICC Public Key Remainder ICC PIN Encipherment Public Key Certificate ICC PIN Encipherment Public Key Exponent ICC PIN Encipherment Public Key Remainder Application Control Default ARPC Response Code
Lite 2.1 N N N N N Y N
Lite 4 N N N N N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y
Select 4 Y Y O O O Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Migration Impact New data element for M/ Chip Select 4. New data element for M/ Chip Select 4. New data element for M/ Chip Select 4. New data element for M/ Chip Select 4. New data element for M/ Chip Select 4. Values differ for the three applications. New data element for M/Chip Select 4 and M/Chip Lite 4. No impact. No impact. No impact. No impact. Values differ for the three applications. Values differ for the three applications. Values differ for the three applications. New data element for M/Chip Select 4 and M/Chip Lite 4. New data element for M/Chip Select 4. No impact. No impact. No impact. New data element for M/Chip Select 4 and M/Chip Lite 4. New data element for M/Chip Select 4 and M/Chip Lite 4.
Lower Consecutive Offline Limit Y Upper Consecutive Offline Limit Y Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount Card Issuer Action Code Default Card Issuer Action Code Online Card Issuer Action Code Decline Currency Conversion Table ICC Dynamic Number Master Key (MKIDN) SM for Integrity Master Key (MKSMI) SM for Confidentiality Master Key (MKSMC) AC Master Key (MKAC) Y Y Y Y Y N N Y Y Y
CFDC_limit for Integrity Session N Key CFDC_limit for Confidentiality Session Key N
7-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Element CFDC_limit for AC Session Key Length of ICC Public Key Modulus (NIC) ICC Private Key Length of ICC PIN Encipherment Public Key Modulus (NPE) ICC PIN Encipherment Private Key CRM Country Code Key Derivation Index Application Life Cycle Data Previous Transaction History Application File Locator
Lite 2.1 N N N N
Lite 4 Y N N N
Select 4 Y Y Y O
Migration Impact New data element for M/Chip Select 4 and M/Chip Lite 4. New data element for M/Chip Select 4. New data element for M/Chip Select 4. New data element for M/Chip Select 4.
N N Y N N Y
N Y Y Y Y Y
O Y Y Y Y Y
New data element for M/Chip Select 4. New data element for M/Chip Select 4. No impact. New data element for M/Chip Select 4 and M/Chip Lite 4. New data element for M/Chip Select 4 and M/Chip Lite 4. The value of the Application File Locator depends on the organization of data in files, which is up to the issuer. No impact for M/Chip Lite 4; New value for M/Chip Select 4. No impact. No impact. No impact. No longer used in M/Chip 4 implementations. No longer used in M/Chip 4 implementations. No longer used in M/Chip 4 implementations.
Application Interchange Profile Y PIN Try Limit PIN Try Counter Reference PIN Last Online Application Transaction Counter (9F13) Card TVR Action Code Non-Domestic Control Factor Y Y Y Y Y Y
Y Y Y Y N N N
Y Y Y Y N N N
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
7-13
8.1 Overview ......................................................................................................8-1 8.2 Authorization Request and Clearing Data Handling...................................8-1 8.2.1 Application Interchange Profile..........................................................8-2 8.2.2 Application Cryptogram......................................................................8-2 8.2.2.1 Step 1: Derive the Session Key .................................................8-2 8.2.2.2 Step 2: Build the MAC Input .....................................................8-3 8.2.2.2.1 Online Counters not Included in the MAC......................8-3 8.2.2.2.2 Online Counters Included in the MAC ............................8-4 8.2.2.3 Step 3: Compute the MAC.........................................................8-4 8.2.3 Cryptogram Information Data ............................................................8-4 8.2.4 Issuer Application Data ......................................................................8-4 8.2.4.1 Length of Issuer Application Data ............................................8-5 8.2.4.2 Key Derivation Index ................................................................8-5 8.2.4.3 Cryptogram Version Number ....................................................8-5 8.2.4.4 Card Verification Results............................................................8-6 8.2.4.5 DAC/ICC Dynamic Number 2 Bytes .........................................8-6 8.2.4.6 Plaintext/Encrypted Counters....................................................8-6 8.2.5 Terminal Verification Results..............................................................8-6 8.2.6 Unpredictable Number .......................................................................8-6 8.2.7 Remaining Data Elements...................................................................8-7 8.3 Preparing the Authorization Response........................................................8-7 8.3.1 Issuer Authentication Data .................................................................8-7 8.3.1.1 Building the ARPC Response Code...........................................8-7 8.3.1.2 Building the Authorization Response Cryptogram...................8-7 8.3.2 Issuer Script.........................................................................................8-8 8.3.2.1 Step 1: Build the Cryptogram Input..........................................8-8 8.3.2.2 Step 2: Compute the Cryptogram..............................................8-8 8.3.2.3 Step 3: Build the C-APDUs........................................................8-8 8.3.2.4 Step 4: Build the Script ..............................................................8-9 8.4 Personalization .............................................................................................8-9 8.4.1 Overview .............................................................................................8-9
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
8-i
8-ii
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
8.1 Overview
The following section is dedicated to the differences between M/Chip Select 2 and M/Chip Select 4 applications for consideration when preparing the migration. The first sections describes differences that impact your authorization and clearing systems, covering the following tasks: Handling the authorization request and clearing data Preparing the authorization response.
These sections only consider the chip sub-elements in the ICC System Related Data (DE 55) data element. The final section describes the impact of the migration on the application personalization values.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
8-1
Tag 9F1A
Format b2
Different? No
8-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
The impact of the migration is as follows: For Clearing, the Terminal Verification Results for the M/Chip Select 4 application may require modification, as described in the Clearing section in chapter 4, Issuer Host Processing of Transactions. There is no impact for authorization. The Card Verification Results length in the M/Chip Select 4 application is longer than in the M/Chip Select 2, as indicated in bold in Table 8.2.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
8-3
8.2.2.2.2 Online Counters Included in the MAC If the offline counters are included in the MAC input, the MAC input for the M/Chip Select 4 application contains eight additional bytes as follows: The concatenation of the Cumulative Offline Transaction Amount, the Consecutive Offline Transactions Number and FF if the counters are sent in clear (i.e. if the Application Control [1][1] = 0b) The encrypted counters (eight bytes), if the counters are sent encrypted (i.e. if the Application Control [1][1] = 1b). Refer to the M/Chip 4 Security and Key Management manual for details.
Data Element Length of Issuer Application Data Key Derivation Index Cryptogram Version Number Card Verification Results DAC/ICC Dynamic Number 2 Bytes Plaintext/Encrypted Counters
8-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
For the M/Chip Select 4 application, the values of the Cryptogram Version Number indicate the session key derivation type used and whether online counters are included in AC data as follows:
If Cryptogram Version Number [8-5] = 0001b and Cryptogram Version Number [2]= 0b Cryptogram Version Number [2]= 1b Cryptogram Version Number [1]= 0b Cryptogram Version Number [1]= 1b Indicates EPI/MCI session key derivation. EMV2000 session key derivation. Counters are not included in AC data. Counters are included in AC data, as they appear in the Issuer Application Data, i.e. in plaintext or encrypted.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
8-5
Note
The M/Chip Select 4 application controls the value of the Cryptogram Version Number and will adapt to any modification of the cryptographic features activated. A modification of the Application Control [1][2] or of the Application Control [2][1] via a script will be automatically reflected in the value of the Cryptogram Version Number provided by the application.
8-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
8-7
If the M/Chip Select 4 application is personalized to allow the use of the EMV 2000 session key derivation algorithm, the computation of the Authorization Response Cryptogram is different from M/Chip Select 2. This difference relates to session key derivation and not to the input to the cryptogram or the algorithm used to compute it.
You build the issuer script with the following steps: 1. Build the cryptogram input. 2. Compute the cryptogram. 3. Build the C-APDUs. 4. Build the script.
8-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
8.4 Personalization
8.4.1 Overview
The current M/Chip Select 2 application does not use personalization commands. Instead, it uses the application load unit for personalization and this unit is loaded onto the card. Therefore, this section cannot describe potential differences in the personalization process. Personalization can be broken down into two steps: 1. Build the personalization values. 2. Personalize the application with the personalization values. The following section describes the impact of the migration on step 1 only.
Note
Depending on the actual implementation of each application, there may be other data elements requiring personalization. This section does not consider such data elements.
Table 8.5Personalization Data Elements Data Element AID FCI Select 2 Y Y Select 4 Y Y Migration Impact No impact. No impact.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
8-9
Data Element
Select 2
Select 4 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y O O O Y
Migration Impact No impact. No impact. No impact. No impact. No impact. No impact. New bit for CDA. New bit for CDA. New bit for CDA. No impact. Values differ for the two applications. Values differ for the two applications. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. No impact. Values differ for the two applications.
Application Currency Code (or CRM Currency Y Code) Application Effective Date Application Expiration Date Application Usage Control Application Primary Account Number Application PAN Sequence Number Issuer Action Code Default Issuer Action Code Denial Issuer Action Code Online Application Version Number CDOL 1 CDOL 2 Cardholder Name Cardholder Verification Method (CVM) List Issuer Country Code SDA Tag List Track-2 Equivalent Data DDOL Certification Authority Public Key Index Issuer Public Key Certificate Issuer Public Key Exponent Issuer Public Key Remainder Signed Application Data ICC Public Key Certificate ICC Public Key Exponent ICC Public Key Remainder ICC PIN Encipherment Public Key Certificate ICC PIN Encipherment Public Key Exponent Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y O O
8-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Element Default ARPC Response Code Lower Consecutive Offline Limit Upper Consecutive Offline Limit Lower Cumulative Offline Transaction Amount Upper Cumulative Offline Transaction Amount Card Issuer Action Code Default Card Issuer Action Code Online Card Issuer Action Code Decline Currency Conversion Table ICC Dynamic Number Master Key (MKIDN) SM for Integrity Master Key (MKSMI) SM for Confidentiality Master Key (MKSMC) AC Master Key (MKAC) CFDC_limit for Integrity Session Key CFDC_limit for Confidentiality Session Key CFDC_limit for AC Session Key Length of ICC Public Key Modulus (NIC) ICC Private Key Length of ICC PIN Encipherment Public Key Modulus (NPE) ICC PIN Encipherment Private Key CRM Country Code Key Derivation Index Application Life Cycle Data Previous Transaction History Application File Locator
Select 2 N Y Y Y Y Y Y Y Y Y Y Y Y N N N Y Y O O N Y N N Y
Select 4 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y O O Y Y Y Y Y
Migration Impact New data element. Values differ for the two applications. Values differ for the two applications. No impact. No impact. Values differ for the two applications. Values differ for the two applications. Values differ for the two applications. Values differ for the two applications. No impact. No impact. No impact. No impact. New data element. New data element. New data element. Maximum length increased to 128 bytes. No impact. Maximum length increased to 128 bytes. No impact. New data element. No impact. New data element. New data element. The value of the Application File Locator depends on the method you choose for organizing data in your files. The maximum length increased to 32 bytes.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
8-11
Data Element Application Interchange Profile PIN Try Limit PIN Try Counter Reference PIN Last Online Application Transaction Counter (9F13) Card TVR Action Code Non-Domestic Control Factor Maximum Offline Transaction Amount Decline if Data Authentication Failed DAC/ICC Present Online Terminal Types MCC and TCC Tables and Related Data CDOL1 and CDOL2 Offsets CDOL Data Lengths CDOL1 and CDOL2 AC Truncation Lengths PDOL and DDOL Lengths
Select 2 Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Select 4 Y Y Y Y N N N N N N N N N N N N
Migration Impact New value for M/Chip Select 4. No impact. No impact. No impact. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation. No longer used in M/Chip 4 Implementation.
8-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
9.1 Overview ......................................................................................................9-1 9.2 Authorization Request and Clearing Data Handling...................................9-1 9.3 Online Interface ...........................................................................................9-1
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
9-i
9.1 Overview
This chapter describes the differences between M/Chip Lite 4 and M/Chip Select 4 applications for you to consider when preparing your migration. The following sections describes differences that impact your authorization and clearing systems, covering the following tasks: Handling the authorization request Preparing the authorization response Handling the clearing data
None of the differences summarized in Table 9.1 impact the online interface.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
9-1
Data Dictionary
This appendix provides a dictionary of data element definitions.
A.1 Additional Check Table.............................................................................. A-1 A.2 Application Control .................................................................................... A-3 A.3 Application Interchange Profile ................................................................. A-6 A.4 Application Life Cycle Data........................................................................ A-7 A.5 Application Transaction Counter Limit ...................................................... A-9 A.6 ARPC Response Code............................................................................... A-10 A.7 Card Issuer Action CodeDecline, Default, Online............................... A-12 A.8 CDOL 1 (Card Risk Management Data Object List 1) ............................. A-15 A.9 CDOL 1 Related Data Length ................................................................... A-17 A.10 CDOL 2 (Card Risk Management Data Object List 2) ........................... A-18 A.11 Consecutive Offline Transactions Number ............................................ A-19 A.12 CRM Country Code................................................................................. A-19 A 13 CRM Currency Code............................................................................... A-20 A.14 Cryptogram Information Data ................................................................ A-20 A.15 Cryptogram Version Number ................................................................. A-21 A.16 Cumulative Offline Transaction Amount ............................................... A-22 A.17 Currency Conversion Parameters........................................................... A-23 A.18 Currency Conversion Table.................................................................... A-24 A.19 CVR (Card Verification Results) ............................................................. A-25 A.20 Default ARPC Response Code................................................................ A-31 A.21 DDOL (Dynamic Data Authentication Data Object List) ...................... A-33
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-i
Data Dictionary
A.22 ICC Dynamic Number ............................................................................ A-33 A.23 Issuer Action Code Default, Denial, Online....................................... A-34 A.24 Issuer Application Data .......................................................................... A-36 A.25 Issuer Authentication Data ..................................................................... A-37 A.26 Key Derivation Index ............................................................................. A-37 A.27 Lower Consecutive Offline Limit............................................................ A-38 A.28 Lower Cumulative Offline Transaction Amount.................................... A-38 A.29 Log Format .............................................................................................. A-39 A.30 Offline Balance ....................................................................................... A-40 A.31 PIN Try Counter...................................................................................... A-40 A.32 PIN Try Limit........................................................................................... A-41 A.33 Previous Transaction History ................................................................. A-42 A.34 Script Counter ......................................................................................... A-43 A.35 Consecutive Offline Limit ....................................................................... A-44 A.36 Cumulative Offline Transaction Amount ............................................... A-44
A-ii
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.1 Additional Check Table
Value Number Length In CDOL 1 Related Of Entries - 1 Data Padding 15 Number Of Entries * Length In CDOL 1 Related Data
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-1
Data Dictionary
A.1 Additional Check Table
Position in CDOL 1 Related Data This data element contains the position of the portion of CDOL 1 Related Data that is compared to the table entries. The position of the first byte is 1. Length in CDOL 1 Related Data This data element contains the length of the portion of CDOL 1 Related Data that is compared to the table entries. Number of Entries This data element contains the number of values (including the bit mask) in the Additional Check Table that are used for the comparison. Entries This data element contains the concatenation of the values used for the comparison, optionally padded with FF to make up 15 bytes. The first value is used as a bit mask. Table A.1 illustrates the Additional Check Table.
Figure A.1Additional Check Table
entries
position
length
number
bit mask
val1
val2
...
padding
A-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.2 Application Control
Application: Format:
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-3
Data Dictionary
A.2 Application Control
b8
b7
b6
b5
b4
b3
b2 x 0 1
b1
x 0 1
Encrypt offline counters Do not encrypt offline counters Encrypt offline counters
Table A.3 describes the coding for byte 1 of the Application Control for the M/Chip Lite 4 application.
Table A.3Application Control for M/Chip Lite 4, Byte 1 b8 x 0 1 x 0 1 x 0 x 0 x 0 x 0 1 x 0 1 x b7 b6 b5 b4 b3 b2 b1 Meaning Magstripe grade issuer activated Magstripe grade issuer not activated Magstripe grade issuer activated Skip CIAC-default on CAT3 Do not skip CIAC-default on CAT3 Skip CIAC-default on CAT3 Reserved Other value RFU Reserved Other value RFU Reserved Other value RFU Offline plaintext PIN verification Not supported Supported Session key derivation EPI/MCI EMV 2000 Encrypt offline counters
A-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.2 Application Control
b8
b7
b6
b5
b4
b3
b2
b1 0 1
Table A.4 describes the coding for byte 2 of the Application Control for the M/Chip Lite 4 and M/Chip Select 4 applications.
Table A.4Application Control for M/Chip Lite 4 and M/Chip Select 4, Byte 2 b8 x 0 b7 x 0 b6 x 0 b5 x 0 b4 x 0 x 0 1 x 0 1 x 0 1 b3 b2 b1 Meaning Reserved Other values RFU Activate additional check table Do not activate additional check table Activate additional check table Allow retrieval of balance Do not allow retrieval of balance Allow retrieval of balance Include counters in AC Do not include counters in AC Include counters in AC
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-5
Data Dictionary
A.3 Application Interchange Profile
Table A.6 describes the coding for the first byte of the Application Interchange Profile for the M/Chip Lite 4 application, supporting SDA.
Table A.6Application Interchange Profile for M/Chip 4 Select, Byte 1 b8 0 1 0 1 b7 b6 b5 B4 b3 b2 b1 Meaning Reserved no meaning Offline static data authentication is supported Offline Dynamic data authentication is not supported Cardholder verification is supported
A-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.4 Application Life Cycle Data
b8
b7
b6
b5
B4 1
b3
b2
b1
0 0 0
Table A.7 describes the coding for the first byte of the Application Interchange Profile for the M/Chip Lite 4 application, supporting SDA.
Table A.7Application Interchange Profile for M/Chip 4 Select and M/Chip Lite 4, Byte 2 b8 0 b7 0 b6 0 b5 0 b4 0 b3 0 b2 0 b1 0 Meaning Reserved no meaning
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-7
Data Dictionary
A.4 Application Life Cycle Data
Table A.8Application Life Cycle DataEnter Caption Text Data Element Version Number Type Approval ID Application Issuer ID Application Code ID Length 1 7 20 20 Format 00 for M/Chip Lite 4 01 for M/Chip Select 4. binary binary binary
The seven bytes reserved for the Type Approval ID contain an identifier given by MasterCard when the application passes the Type Approval process. Twenty bytes are reserved to identify the application issuer, which is usually the card issuer. Using this value, the issuer should be able to identify the personalizer and the personalization batch. The last 20 bytes are used to uniquely identify the application code. This identifier supports differentiation between different application behavior. Typically, this data element contains the identifier of the application provider and the identifier of the application code. It is the responsibility of the application provider to ensure that this data element always differentiates between the two different application behaviors. The easiest way to implement this feature is to modify the value of this data element, each time there is a modification to the following: Application (version identifier) Application code (release identifier) Platform on which the application is actually running (e.g. virtual machine version x or y) Hardware on which the platform or the application is actually running
The way in which these data elements are stored in the application is left to the implementation. The last data element may be coded in the application itself (i.e. in the code) whilst the others are set as part of personalization.
A-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.5 Application Transaction Counter Limit
Application: Format:
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-9
Data Dictionary
A.6 ARPC Response Code
Application: Format:
A-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.6 ARPC Response Code
Table A.10 describes the content of byte 2 of the ARPC Response Code.
Table A.10ARPC Response Code, Byte 2 b8 x 0 b7 x 0 b6 x 0 x 0 1 x 0 1 x 0 1 x 0 1 0 1 x 0 0 1 1 b5 b4 b3 b2 b1 Meaning Reserved Other value RFU Approve online transaction Do not approve online transaction Approve online transaction Update PIN Try Counter Do not update PIN Try Counter Update PIN Try Counter Set go online on next transaction Reset go online on next transaction Set go online on next transaction Update counters Do not update offline counters Reset counters to zero Set counters to upper offline limits Add transaction to counter
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-11
Data Dictionary
A.7 Card Issuer Action CodeDecline, Default, Online
A-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.7 Card Issuer Action CodeDecline, Default, Online
b8
b7
b6
b5 0 1
b4
b3
b2
b1
Meaning Do Not Take Action If Offline PIN Verification Failed Take Action If Offline PIN Verification Failed
x 0 1 x 0 1 x 0 1 x 0 1
PTL Exceeded Do Not Take Action If PTL Exceeded Take Action If PTL Exceeded International Transaction Do Not Take Action If International Transaction Take Action If International Transaction Domestic Transaction Do Not Take Action If Domestic Transaction Take Action If Domestic Transaction Terminal Erroneously Considers Offline PIN OK Do Not Take Action If Terminal Erroneously Considers Offline PIN OK Take Action If Terminal Erroneously Considers Offline PIN OK
Table A.12 describes the content of byte 2. Byte 2 contains information from the current transaction and from the transaction that preceded it (i.e. current transaction 1).
Table A.12Card Issuer Action Code, Byte 2 b8 x 0 1 x 0 1 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning Lower Consecutive Offline Limit Exceeded Do Not Take Action If Lower Consecutive Offline Limit Exceeded Take Action If Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Do Not Take Action If Upper Consecutive Offline Limit Exceeded Take Action If Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Do Not Take Action If Lower Cumulative Offline Limit Exceeded
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-13
Data Dictionary
A.7 Card Issuer Action CodeDecline, Default, Online
b8
b7
b6 1
b5
b4
b3
b2
b1
x 0 1 x 0 1 x 0 1 x 0 1 x 0 1
Upper Cumulative Offline Limit Exceeded Do Not Take Action If Upper Cumulative Offline Limit Exceeded Take Action If Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set Do Not Take Action If Go Online On Next Transaction Was Set Take Action If Go Online On Next Transaction Was Set Issuer Authentication Failed Do Not Take Action If Issuer Authentication Failed Take Action If Issuer Authentication Failed Script Received Do Not Take Action If Script Received Take Action If Script Received Script Failed Do Not Take Action If Script Failed Take Action If Script Failed
Table A.13 describes the content of byte 3. Byte 3 contains decision-making information from the current transaction.
Table A.13Card Issuer Action Code, Byte 3 b8 x b7 x b6 x b5 x b4 x b3 x x 0 1 x 0 1 b2 b1 Meaning Reserved-No Meaning Match Found In Additional Check Table Do Not Take Action If Match Found In Additional Check Table Take Action If Match Found In Additional Check Table No Match Found In Additional Check Table Do Not Take Action If No Match Found In Additional Check Table Take Action If No Match Found In Additional Check Table
A-14
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.8 CDOL 1 (Card Risk Management Data Object List 1)
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-15
Data Dictionary
A.8 CDOL 1 (Card Risk Management Data Object List 1)
Table A.15 defines the initial content of CDOL 1 for the M/Chip Lite 4 application.
Table A.15CDOL 1 Initial Content for M/Chip Lite 4 Data Element Amount, Authorised (Numeric) Amount, Other (Numeric) Terminal Country Code Terminal Verification Results Transaction Currency Code Transaction Date Transaction Type Unpredictable Number Terminal Type Data Authentication Code CVM Results Total CDOL1 Length Tag 9F02 9F03 9F1A 95 5F2A 9A 9C 9F37 9F35 9F45 9F34 Length 6 6 2 5 2 3 1 4 1 2 3 35 bytes
The M/Chip Lite 4 and M/Chip Select 4 applications allow the extension of the CDOL 1 with additional data elements, i.e. append new data elements to the CDOL 1 initial content. The applications must support a minimum of ten additional bytes in the CDOL 1 Related Data.
A-16
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.9 CDOL 1 Related Data Length
Both applications allow the extension of this value by at least ten bytes. The personalization value for CDOL 1 Related Data Length must be consistent with the personalization value for CDOL 1.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-17
Data Dictionary
A.10 CDOL 2 (Card Risk Management Data Object List 2)
Table A.17 defines the content of the CDOL 2 for the M/Chip Lite 4 application.
Table A.17CDOL 2 Content for M/Chip Lite 4 Data Element Issuer Authentication Data Authorisation Response Code Terminal Verification Results Tag 91 8A 95 Length 10 2 5
A-18
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.11 Consecutive Offline Transactions Number
Application: Format:
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-19
Data Dictionary
A 13 CRM Currency Code
A-20
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.15 Cryptogram Version Number
Application Format:
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-21
Data Dictionary
A.16 Cumulative Offline Transaction Amount
A-22
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.17 Currency Conversion Parameters
Table A.19Currency Conversion Parameters Position byte 1-2 byte 3-4 byte 5 Data Currency Code Conversion Rate Conversion Exponent Length 2 2 1 Value Issuer-specific Decimal, BCD coding of multiplication factor Binary coding of 10-power (most significant bit is the sign)
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-23
Data Dictionary
A.18 Currency Conversion Table
A-24
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.19 CVR (Card Verification Results)
M/Chip Select 4 and M/Chip Lite 4. Six bytes, binary. See below for format. The first three bytes of the Card Verification Results are used for information only. Bytes 4 to 6 are used for information and decision-making. They are checked against the Card Issuer Action CodeDecline, Card Issuer Action Code Online and Card Issuer Action CodeDefault during Card Risk Management.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-25
Data Dictionary
A.19 CVR (Card Verification Results)
Table A.21 describes the content of byte 1. This is the most significant byte. Byte 1 does not contain decision-making information.
Table A.21Card Verification Results, Byte 1 b8 x 0 0 1 1 b7 x 0 1 0 1 x 0 0 1 1 x 0 1 0 1 x 0 x 0 1 x 0 1 b6 b5 b4 b3 b2 b1 Meaning AC Returned in Second Generate AC AAC TC Not requested RFU AC Returned in First Generate AC AAC TC ARQC RFU Reserved Other value RFU Offline PIN Verification Performed Offline PIN Verification Not Performed Offline PIN Verification Performed Offline Encrypted PIN Verification Performed Offline Encrypted PIN Verification Not Performed x 0 1 M/Chip Select 4: Offline Encrypted PIN Verification Performed M/Chip Lite 4: Value Not Allowed
Offline PIN Verification Successful Offline PIN Verification Not Successful Offline PIN Verification Successful
A-26
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.19 CVR (Card Verification Results)
Table A.22 describes the content of byte 2. Byte 2 does not contain decisionmaking information.
Table A.22Card Verification Results, Byte 2 b8 x 0 1 x 0 1 b7 b6 b5 b4 b3 b2 b1 Meaning DDA Returned DDA Not Returned M/Chip Select 4: DDA Returned M/Chip Lite 4: Value Not Allowed
Combined DDA/AC Generation Returned In First Generate AC Combined DDA/AC Generation Not Returned In First Generate AC x 0 1 M/Chip Select 4: Combined DDA/AC Generation Returned In First Generate AC M/Chip Lite 4: Value Not Allowed
Combined DDA/AC Generation Returned In Second Generate AC Combined DDA/AC Generation Not Returned In Second Generate AC x 0 1 x 0 1 x 0 x 0 x 0 M/Chip Select 4: Combined DDA/AC Generation Returned In Second Generate AC M/Chip Lite 4: Value Not Allowed
Issuer Authentication Performed a Issuer Authentication Not Performed Issuer Authentication Performed CIAC-Default Skipped On CAT3 No CIAC-Default Skipped On CAT3 CIAC-Default Skipped On CAT3 Reserved All other values RFU
Successful or unsuccessful.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-27
Data Dictionary
A.19 CVR (Card Verification Results)
Table A.23 describes the content of byte 3. Byte 3 does not contain decisionmaking information.
Table A.23Card Verification Results, Byte 3 b8 x b7 x b6 x b5 x x x x x b4 b3 b2 b1 Meaning Right nibble of Script Counter Right nibble of PIN Try Counter
Table A.24 describes the content of byte 4. Byte 4 contains decision-making information for the current transaction.
Table A.24Card Verification Results, Byte 4 b8 x 0 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 b7 b6 b5 b4 b3 b2 b1 Meaning Reserved Other Value RFU Unable To Go Online Indicated Unable To Go Online Not Indicated Unable To Go Online Indicated Offline PIN Verification Not Performed Offline PIN Verification Performed Offline PIN Verification Not Performed Offline PIN Verification Failed No Failure Of Offline PIN Verification Offline PIN Verification Failed PTL Exceeded PTL Not Exceeded PTL Exceeded International Transaction Domestic Transaction International Transaction Domestic Transaction International Transaction Domestic Transaction
A-28
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.19 CVR (Card Verification Results)
b8
b7
b6
b5
b4
b3
b2
b1 x 0 1
Meaning Terminal Erroneously Considers Offline PIN OK Terminal Does Not Erroneously Consider Offline PIN OK Terminal Erroneously Considers Offline PIN OK
Table A.25 describes the content of byte 5. Byte 5 contains decision-making information from the current transaction and from the transaction that preceded it (i.e. current transaction 1).
Table A.25Card Verification Results, Byte 5 b8 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x 0 1 x b7 b6 b5 b4 b3 b2 b1 Meaning Lower Consecutive Offline Limit Exceeded Lower Consecutive Offline Limit Not Exceeded Lower Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Exceeded Upper Consecutive Offline Limit Not Exceeded Upper Consecutive Offline Limit Exceeded Lower Cumulative Offline Limit Exceeded Lower Cumulative Offline Limit Not Exceeded Lower Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Exceeded Upper Cumulative Offline Limit Not Exceeded Upper Cumulative Offline Limit Exceeded Go Online On Next Transaction Was Set a Go Online On Next Transaction Was Not Set Go Online On Next Transaction Was Set Issuer Authentication Failed a No Issuer Authentication Failed Issuer Authentication Failed Script Received b No Script Received Script Received Script Failed b
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-29
Data Dictionary
A.19 CVR (Card Verification Results)
b8
b7
b6
b5
b4
b3
b2
b1 0 1
a b
Table A.26 describes the content of byte 6. Byte 6 contains decision-making information from the current transaction.
Table A.26Card Verification Results, Byte 6 b8 x 0 b7 x 0 b6 x 0 b5 x 0 b4 x 0 b3 x 0 x 0 1 x 0 1 b2 b1 Meaning Reserved Other value RFU Match Found In Additional Check Table No Match Found In Additional Check Table Match Found In Additional Check Table No Match Found In Additional Check Table Match Found In Additional Check Table No Match Found In Additional Check Table
A-30
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.20 Default ARPC Response Code
Application: Format:
M/Chip Select 4 and M/Chip Lite 4. 2 bytes, binary. Table A.27 describes the content for byte 1 of the Default ARPC Response Code.
Table A.27Default ARPC Response Code, Byte 1 b8 x 0 b7 x 0 b6 x 0 b5 x 0 x x x x b4 b3 b2 b1 Meaning Reserved Other value RFU PIN Try Counter
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-31
Data Dictionary
A.20 Default ARPC Response Code
Table A.28 describes the content for byte 2 of the Default ARPC Response Code.
Table A.28Default ARPC Response Code, Byte 2 b8 x 0 b7 x 0 b6 x 0 x 0 1 X 0 1 x 0 1 x 0 1 0 1 x 0 0 1 1 b5 b4 b3 b2 b1 Meaning Reserved Other value RFU Approve online transaction Do not approve online transaction Approve online transaction Update PIN Try Counter Do not update PIN Try Counter Value not allowed. Set go online on next transaction Reset go online on next transaction Set go online on next transaction Update counters Do not update offline counters Reset counters to zero Set counters to upper offline limits Add transaction to counter
A-32
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.21 DDOL (Dynamic Data Authentication Data Object List)
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-33
Data Dictionary
A.23 Issuer Action Code Default, Denial, Online
A-34
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.23 Issuer Action Code Default, Denial, Online
Byte 3
Bit 8 7 6 5 4 3 21
Meaning Cardholder verification was not successful Unrecognized Cardholder Verification Method (CVM) PIN Try Limit exceeded PIN entry required but PIN pad not present/working PIN entry required, PIN pad present but PIN not entered Online PIN entered RFU Transaction exceeds floor limit Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Transaction selected randomly for online processing Merchant forced transaction online RFU Default TDOL used Issuer Authentication was unsuccessful Script processing failed before final GENERATE AC Script processing failed after final GENERATE AC RFU
8 7 6 5 4 31
8 7 6 5 41
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-35
Data Dictionary
A.24 Issuer Application Data
Application: Format:
For the M/Chip Lite 4 application, the Issuer Application Data is the concatenation (without TLV coding) of the data elements identified in Table A.32.
Table A.32Issuer Application Data for M/Chip Lite 4 Data Element Key Derivation Index Cryptogram Version Number Card Verification Results DAC Plaintext/Encrypted Counters Length 1 1 6 2 8
A-36
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.25 Issuer Authentication Data
Application: Format:
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-37
Data Dictionary
A.27 Lower Consecutive Offline Limit
A-38
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.29 Log Format
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-39
Data Dictionary
A.30 Offline Balance
Balance is 0 (000000000000).
A-40
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.32 PIN Try Limit
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-41
Data Dictionary
A.33 Previous Transaction History
A-42
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Data Dictionary
A.34 Script Counter
b8
b7
b6
b5
b4
b3
b2
b1 1
Only the right nibble of the Script Counter is used. The number of script commands is not limited to 15. The Script Counter is cyclic: 0F + 1 = 00. The Script Counter is updated when a script command is processed, i.e.:
PUT DATA UPDATE RECORD PIN CHANGE/UNBLOCK APPLICATION BLOCK APPLICATION UNBLOCK.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
A-43
Data Dictionary
A.35 Consecutive Offline Limit
Z3)
or if the transaction went online (i.e. if Authorisation Response Code < > Y3 or and Issuer Authentication Data is not present and the terminal requests a TC and the magstripe grade issuer mode is activated.
A-44
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Currency Conversion
This appendix describes the currency conversion process.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
B-i
Currency Conversion
B.1 Currency Conversion Process
Table B.1Currency Conversion Table Data Element Currency Conversion Table Currency Conversion Parameter 1 Currency Conversion Parameter 2 Currency Conversion Parameter 3 Currency Conversion Parameter 4 Currency Conversion Parameter 5 Length 25 5 5 5 5 5
To deactivate an entry in the Currency Conversion Table, the CRM Currency Code can be used as the Currency Code for this entry (first two bytes). Table B.2 describes the Currency Conversion Parameters.
Table B.2Currency Conversion Parameters Position Byte 1 2 Byte 3 4 Byte 5 Data Currency Code Conversion Rate Conversion Exponent Length 2 2 1 Value Issuer-specific Decimal, BCD coding of multiplication factor Binary coding of 10-power (most significant bit is the sign)
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
B-1
Currency Conversion
B.1 Currency Conversion Process
Table B.3 provides an example of Currency Conversion Parameter values. The cumulative counter in this example is the USD (U.S. Dollar).
Table B.3Currency Conversion Parameters Conversion Parameter 1 Data JPY (Yen) Rate: 1 JPY = 0.008 USD Conversion Exponent Value 0392 0008 83 Conversion Parameter 2 Data GBP Rate: 1 GBP = 1.5 USD Conversion Exponent Value 0826 0015 81
For Conversion Parameter 1 in Table B.3, the Conversion Exponent value of 83 is the equivalent of 1000 0011b in binary representation. 8 indicates the sign, 3 indicates the 10 to the power of three. An example of conversion using Conversion Parameter 1 is as follows: Transaction amount is 55555 JPY: 000000055555 Transaction currency code 0392 Amount in Counter Currency = (000000055555 x 0008)/1000 = 000000000444. For Conversion Parameter 2 in Table B.3, the Conversion Exponent value of 81 is the equivalent of 1000 0001b in binary representation. 8 indicates the sign, 1 indicates the 10 to the power of one. An example of conversion using Conversion Parameter 2 is as follows: Transaction amount is 125 GBP: 000000000125 Transaction currency code 0826 Amount in Counter Currency = (000000000125 x 0015)/10 = 000000000187.
B-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
C.1 Overview..................................................................................................... C-1 C.2 Cumulated Transactions Limit.................................................................... C-1 C.3 Consecutive Offline Transactions Limit ..................................................... C-1 C.4 How to Prohibit Offline Transactions Based on Transaction Currency ... C-2
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
C-i
C.1 Overview
This section describes some characteristics of the management of offline counters by the M/Chip 4 application.
Note
The settings for the Card Issuer Action Codes can be used to deactivate offline limits. If offline limits are deactivated, the M/Chip 4 application does not take any action when the limits are exceeded.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
C-1
C-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
D.1 Interpreting the Card Verification Results .................................................D-1 D.1.1 Cryptogram TC in Response to First GENERATE AC ......................D-1 D.1.2 Cryptogram ARQC in Response to First GENERATE AC.................D-5 D.1.3 Cryptogram TC in Response to Second GENERATE AC .................D-8
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
D-i
As there is no clearing record for an AAC, this section does not describe the case when the cryptogram is an AAC as the Card Verification Results are unlikely to be interpreted
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
D-1
Table D.2 describes byte 2. Byte 2 does not contain decision-making information.
Table D.2Card Verification Results Byte 2 Bit Setting for First GENERATE AC, Giving a TC Bits b8 Setting For M/Chip Select 4: If DDA is returned, set to '1b', otherwise, set to '0b'. For M/Chip Lite 4: Always set to '0b. For M/Chip Select 4: If the TC was wrapped in the RSA signature for the first GENERATE AC, set to 1b, otherwise set to 0b. For M/Chip Lite 4: Always set to '0b. For M/Chip Select 4: For first GENERATE AC (combined DDA/AC generation not returned in second GENERATE AC), set to 0b. For M/Chip Lite 4: Always set to '0b. For first GENERATE AC (Issuer Authentication not performed), set to 0b. If CIAC Default skipped on a CAT LEVEL 3 terminal, set to 1b, otherwise, set to '0b'. Always set to 000b. Reserved for future use.
b7
b6
b5 b4 b3-b1
Table D.3 describes byte 3. Byte 3 does not contain decision-making information.
Table D.3Card Verification Results Byte 3 Bit Setting for First GENERATE AC, Giving a TC Bits b8-5 Setting For the first GENERATE AC, the left nibble represents the number of script commands sent to the M/Chip 4 application since the Script Counter was last reset. The initial value of the Script Counter is set at personalization. It is usually set to 00. The number of PIN tries remaining.
b4-1
D-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table D.4 describes byte 4. Byte 4 contains decision-making information for the current transaction.
Table D.4Card Verification Results Byte 4 Bit Setting for First GENERATE AC, Giving a TC Bits b8 b7 b6 b5 b4 b3 b2 b1 Setting Always set to 0b. Reserved for future use. For first GENERATE AC (Unable to go online not indicated), always set to 0b. If offline PIN verification is not performed for the current transaction, set to 1b, otherwise, set to 0b. If the last offline PIN verification performed unsuccessfully for the current transaction, set to 1b, otherwise, set to '0b'. If the PIN Try Counter = 00, set to 1b, otherwise, set to '0b'. For international transactions, set to 1b, otherwise, set to '0b'. For domestic transactions, set to 1b, otherwise, set to '0b'. If the terminal erroneously considers the offline PIN OK, set to 1b, otherwise, set to '0b'.
Table D.5 describes byte 5. Byte 5 contains decision-making information for the current and last online transaction.
Table D.5Card Verification Results Byte 5 Bit Setting for First GENERATE AC, Giving a TC Bits b8 b7 b6 b5 Setting If the Consecutive Offline Transactions Number a > Lower Consecutive Offline Limit, set to 1b, otherwise, set to '0b'. As for b8, but using Upper Consecutive Offline Limit in place of Lower Consecutive Limit. If Cumulative Offline Transaction Amount b > Lower Cumulative Offline Transaction Amount, set to 1b otherwise set to '0b'. As for b6, but using Upper Consecutive Offline Limit in place of Lower Consecutive Limit.
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
D-3
Bits b4
Setting The value set in last online transaction with online connection (when the Authorisation Response Code is neither equal to Y3 nor Z3) and Issuer Authentication Data is present and the Authorisation Response Cryptogram verification is successful and Set Go Online on Next Transaction is set in the ARPC Response Code.
Or the value that was set in last online transaction with online connection (when the Authorization Response Code is neither equal to Y3 nor Z3) b3 and Issuer Authentication Data is not present and the terminal requests a TC and the magstripe grade issuer mode is supported and Set Go Online On Next Transaction is set in the Default ARPC Response Code.
If Issuer Authentication failed in a previous transaction (i.e. Issuer Authentication Data was present but the cryptogram verification was unsuccessful), and the Previous Transaction History [3] c has yet to be reset, set to 1b, otherwise, set to 0b. If a script command was previously sent to the M/Chip 4 application, and the Previous Transaction History [2] d has yet to be reset, set to 1b, otherwise, set to 0b. If a script command was previously sent to the M/Chip 4 application and has failed, and the Previous Transaction History [1] e has yet to be reset, set to 1b, otherwise, set to 0b.
Including this transaction, if not cumulated in the amount. Including this transaction, if cumulated in the amount. Issuer Authentication Failed on Online Transaction Script on Online Transaction. Script Failed on Online Transaction.
b2 b1
a b c d e
Table D.6 describes byte 6. Byte 6 contains decision-making information for the current transaction.
Table D.6Card Verification Results Byte 6 Bit Setting for First GENERATE AC, Giving a TC Bits b8-3 b2 b1 Setting Always 000000b. If a match was found performing the tests identified in the additional check table, set to 1b, otherwise, set to 0b. If no match was found performing the tests identified in the additional check table, set to 1b, otherwise, set to 0b.
D-4
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
b1
Table D.8 describes byte 2. Byte 2 does not contain decision-making information.
Table D.8Card Verification Results Byte 2 Bit Setting for First GENERATE AC, Giving an ARQC Bits b8 Setting For M/Chip Select 4: If DDA is performed, set to '1b', otherwise, set to '0b'. For M/Chip Lite 4: Always set to '0b'. For M/Chip Select 4: If the ARQC was wrapped in the RSA signature for the first GENERATE AC, set to 1b otherwise, set to 0b. For M/Chip Lite 4: Always set to '0b'.
b7
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
D-5
Bits b6
Setting For first GENERATE AC (combined DDA/AC generation not returned in second GENERATE AC), always set to 0b. For M/Chip Lite 4: Always set to '0b'.
b5 b4 b3-b1
For first GENERATE AC (Issuer Authentication not performed), always set to 0b. Always set to '0b'. No ARQC on CAT level 3 terminal. Always set to 000b. Reserved for future use.
Table D.9 describes byte 3. Byte 3 does not contain decision-making information.
Table D.9Card Verification Results Byte 3 Bit Setting for First GENERATE AC, Giving an ARQC Bits b8-5 Setting For the first GENERATE AC, the left nibble represents the number of script commands sent to the M/Chip 4 application since the Script Counter was last reset. The initial value of the Script Counter is set at personalization. It is usually set to 00. The number of PIN tries remaining.
b4-1
Table D.10 describes byte 4. Byte 4 contains decision-making information for the current transaction.
Table D.10Card Verification Results Byte 4 Bit Setting for First GENERATE AC, Giving an ARQC Bits b8 b7 b6 b5 b4 b3 b2 b1 Setting Always set to 0b. Reserved for future use. For first GENERATE AC (Unable to go online not indicated), always set to 0b. If offline PIN verification is not performed for the current transaction, set to 1b otherwise, set to 0b. If the last offline PIN verification was performed unsuccessfully for the current transaction, set to 1b otherwise, set to '0b'. If the PIN Try Counter has value 00, set to 1b, otherwise, set to '0b'. For international transactions, set to 1b, otherwise, set to '0b'. For domestic transactions, set to 1b, otherwise, set to '0b'. If the terminal erroneously considers the offline PIN OK, set to 1b, otherwise, set to '0b'.
D-6
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table D.11 describes byte 5. Byte 5 contains decision-making information for the current and last online transaction.
Table D.11Card Verification Results Byte 5 Bit Setting for First GENERATE AC, Giving an ARQC Bits b8 b7 b6 b5 b4 Setting If the Consecutive Offline Transactions Number a > Lower Consecutive Offline Limit, set to 1b, otherwise set to 0b. As for b8, but using Upper Consecutive Offline Limit in place of Lower Consecutive Limit. If the Cumulative Offline Transaction Amount b > Lower Cumulative Offline Transaction Amount, set to 1b, otherwise set to '0b'. As for b6, but using Upper Consecutive Offline Limit in place of Lower Consecutive Limit. The value set in last online transaction with online connection (if Authorization Response Code is neither equal to Y3 nor Z3) and Issuer Authentication Data is present and the Authorization Response Cryptogram verification is successful and Set Go Online on Next Transaction is set in the ARPC Response Code.
Or the value that was set in last online transaction with online connection (if Authorization Response Code is neither equal to Y3 nor Z3) b3 and Issuer Authentication Data is not present and the terminal requests a TC and the magstripe grade issuer mode is supported and Set Go Online on Next Transaction is set in the Default ARPC Response Code.
If Issuer Authentication has failed in a previous transaction (i.e. Issuer Authentication Data was present but the cryptogram verification was not successful), and the Previous Transaction History 3] c has yet to be reset, set to 1b, otherwise, set to '0b'. If a script command was previously sent to the M/Chip 4 application, and the Previous Transaction History [2] d has yet to be reset, set to 1b, otherwise, set to '0b'. If a script command was previously sent to the M/Chip 4 application and has failed, and the Previous Transaction History [1] e has yet to be reset, set to 1b, otherwise set to '0b'.
Including this transaction, if not cumulated in the amount. Including this transaction, if cumulated in the amount Issuer Authentication Failed on Online Transaction. Script on Online Transaction. Script Failed on Online Transaction.
b2 b1
a b c d e
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
D-7
Table D.12 describes byte 6. Byte 6 contains decision-making information for the current transaction.
Table D.12Card Verification Results Byte 6 Bit Setting for First GENERATE AC, Giving an ARQC Bits b8-3 b2 b1 Setting Always set to 000000b. If a match was found performing the tests identified in the additional check table, set to 1b, otherwise, set to 0b. If no match was found performing the tests identified in the additional check table, set to 1b, otherwise set to 0b.
b1
D-8
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table D.14 describes byte 2. Byte 2 does not contain decision-making information.
Table D.14Card Verification Results Byte 2 Bit Setting for Second GENERATE AC, Giving a TC Bits b8 Setting For M/Chip Select 4: If DDA is performed, set to '1b', otherwise, set to '0b'. For M/Chip Lite 4: Always set to '0b'. For M/Chip Select 4: If the ARQC was wrapped in the RSA signature for the first GENERATE AC, set to 1b, otherwise, set to 0b. For M/Chip Lite 4: Always set to '0b'. For M/Chip Select 4: If the TC is wrapped in the RSA signature for the second GENERATE AC, set to 1b, otherwise set to 0b. For M/Chip Lite 4: Always set to '0b'. If the Issuer Authentication Data is present for the current transaction, set to '1b', otherwise set to 0b. For second GENERATE AC (CIAC Default skipped on CAT3), always set to 0b. Always set to 000b.
b7
b6
b5 b4 b3-b1
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
D-9
Table D.15 describes byte 3. Byte 3 does not contain decision-making information.
Table D.15Card Verification Results Byte 3 Bit Setting for Second GENERATE AC, Giving a TC Bits b8-5 Setting The Script Counter is reset to 0000b in either of the following situations: When Issuer Authentication is successful When the Magstripe grade issuer mode is supported and the Authorization Response Code is neither equal to Y3 nor Z3 (Unable to go online). The Script Counter is not reset and contains the same value as in the first GENERATE AC response in any of the following situations: b4-1 When Issuer Authorization failed in the current transaction When the Magstripe grade issuer mode is not supported When the Authorization Response Code is Unable to go online (Y3 or Z3)
The number of PIN tries remaining. (This is the same value as for the first GENERATE AC except if you have updated the value with a specific setting in the ARPC Response Code).
Table D.16 describes byte 4. Byte 4 contains decision-making information for the current transaction.
Table D.16Card Verification Results Byte 4 Bit Setting for Second GENERATE AC, Giving a TC Bits b8 b7 b6 b5 b4 b3 b2 b1 Setting Always set to 0b. Reserved for future use. If the terminal could not go online to the issuer (i.e. if Authorization Response Code = Y3 or Z3) for the current transaction, set to 1b, otherwise set to 0b. If offline PIN verification is not performed for the current transaction, set to 1b, otherwise set to 0b. If the last offline PIN verification was performed unsuccessfully for the current transaction, set to 1b, otherwise set to '0b'. If the PIN Try Counter has value 00, set to 1b, otherwise set to '0b'. For international transactions, set to 1b, otherwise, set to '0b'. For domestic transactions, set to 1b, otherwise set to '0b'. If the terminal erroneously considers offline PIN OK, set to 1b, otherwise set to '0b'.
D-10
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
Table D.17 describes byte 5 contains decision-making information for the current and last online transaction.
Table D.17Card Verification Results Byte 5 Bit Setting for Second GENERATE AC, Giving a TC Bits b8 b7 b6 b5 b4 Setting If the Consecutive Offline Transactions Number a > Lower Consecutive Offline Limit, set to 1b, otherwise set to '0b'. As for b8, but using Upper Consecutive Offline Limit in place of Lower Consecutive Limit. If Cumulative Offline Transaction Amount b > Lower Cumulative Offline Transaction Amount, set to 1b, otherwise, set to '0b'. As for b6, but using Upper Consecutive Offline Limit in place of Lower Consecutive Limit.
If unable to go online (i.e. the Authorization Response Code = Y3 or Z3), contains the same value as for the first GENERATE AC. If able to go online (i.e. the Authorization Response Code is not equal to Y3 or Z3), set to reflect your decision, i.e. the value of the Set Go Online on Next Transaction bit:
b3
In the ARPC Response Code, if Issuer Authentication Data is present In the Default ARPC Response Code, if Issuer Authentication Data is not present
If the Issuer Authentication failed in the current transaction or in a previous transaction (i.e. Issuer Authentication Data was present but the cryptogram verification was not successful), and the Previous Transaction History [3] c has yet to be reset, set to 1b, otherwise set to '0b'. If a script command was previously sent to the application, and the Previous Transaction History [2] d has not been reset, set to 1b, otherwise, set to '0b'. If a script command was previously sent to the application and failed, and the Previous Transaction History [1] e has not been reset, set to 1b, otherwise, set to '0b'.
Including this transaction, if not cumulated in the amount. Including this transaction, if cumulated in the amount Issuer Authentication Failed on Online Transaction. Script on Online Transaction. Script Failed on Online Transaction.
b2 b1
a b c d e
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
D-11
Table D.18 describes byte 6. Byte 6 contains decision-making information for the current transaction.
Table D.18Card Verification Results Byte 6 Bit Setting for Second GENERATE AC, Giving a TC Bits b8-3 b2 b1 Setting Always 000000b. Reserved for future use. If match found performing the tests identified in the additional check table, set to 1b, otherwise set to 0b. If no match found performing the tests identified in the additional check table, set to 1b, otherwise set to 0b.
D-12
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
E-i
E.1 Examples
This appendix provides two examples of the Issuer Script Data non-critical script, Tag 72.
E.1.1 Example 1
This example uses the PUT DATA command to update the Card Issuer Action Code Decline, Tag C3 to 00 00 00. String of eight btye data blocks to be used for MAC calculation: 04 DA 00 C3 0B 00 0A AA BB CC DD EE FF 99 88 00 00 00 80 00 00 00 00 00 CLA INS P1 P2 Lc ATC = 04 = DA = 00 = C3 = 0B = 00 0A
RAND = AA BB CC DD EE FF 99 88 Plaintext Data = 00 00 00 Padding = 80 00 00 00 00 00 Using the above string of data, the calculated MAC = 21 5B 54 FA F6 88 2D 10 When sent as non-critical script, the issuer script message would be: Issuer Script Data 7212861004DA00C30B000000215B54FAF6882D10
Description:
Tag(72) + length(12) + Issuer Script Command Tag(86) + length(10) + ADPU & Data(04 DA 00 C3 0B 00 00 00) + MAC(215B54FAF6882D10)
M/Chip 4 Issuer Guide to Debit and Credit Parameter Management December 2004
E-1
E.1.2 Example 2
This example shows a non-critical script to block an application. String of eight-btye data blocks to be used for MAC calculation: 84 1E 00 00 08 00 05 A3 77 91 88 1B A6 97 E0 80 CLA INS P1 P2 Lc ATC = 84 = 1E = 00 = 00 = 08 = 00 05
RAND = A3 77 91 88 1B A6 97 E0 Padding = 80 Using the above string of data, the calculated MAC = 6B AA 5A 95 6E A7 E4 1C When sent as non-critical script, the issuer script message would be: Issuer Script Data 72 0F 86 0D 84 1E 00 00 08 6B AA 5A 95 6E A7 E4 1C
Description
Tag(72) + length(0F) + Issuer Script Command Tag(86) + length(0D) + ADPU(84 1E 00 00 08) + MAC(6BAA5A956EA7E41C)
E-2
December 2004 M/Chip 4 Issuer Guide to Debit and Credit Parameter Management