PayPass - MChip Reader Card Application Interface Specification (V2.0)

PayPass M/Chip
Reader Card Application Interface Specification
Version 2.0 September 2008
Proprietary Rights
The information contained in this document is proprietary and confidential to MasterCard International Incorporated, one or more of its affiliated entities (collectively "MasterCard"), or both. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard.
Trademarks
Trademark notices and symbols used in this manual reflect the registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States. All third-party product and service names are trademarks or registered trademarks of their respective owners.
Media Address
This document is available in both electronic and printed format. MasterCard Worldwide 2200 MasterCard Boulevard O'Fallon MO 63368-7263 USA www.mastercard.com
2008 MasterCard
ii
PayPass M/Chip Reader Card Application Interface Specification
Table of Contents
Table of Contents
Using this Manual ............................................................................... vii
Purpose ..................................................................................................................... vii Scope ........................................................................................................................ vii Audience................................................................................................................... vii Related Documentation ........................................................................................... viii Reference Materials................................................................................................... ix Abbreviations ..............................................................................................................x Notational Conventions ............................................................................................ xii Transition Flow Diagrams ....................................................................................... xiii Document Word Usage ........................................................................................... xiii Requirement Numbering ......................................................................................... xiv Guidance on Terminology ....................................................................................... xiv Document Overview..................................................................................................xv
Introduction ................................................................................ 1
1.1 1.2 1.3 1.4 MasterCard Proximity Payment.........................................................................1 M/Chip Profile and Mag Stripe Profile..............................................................1 Architecture........................................................................................................2 Transaction Processing Summary......................................................................2
Commands ................................................................................. 5
2.1 2.2 Introduction........................................................................................................5 COMPUTE CRYPTOGRAPHIC CHECKSUM .............................................................6
2.2.1 2.2.2 2.2.3 2.2.4 Definition and Scope .......................................................................................6 Command Message..........................................................................................6 Data Field Returned in the Response Message................................................6 Status Bytes .....................................................................................................7 Definition and Scope .......................................................................................7 Command Message..........................................................................................7 Data Field Returned in the Response Message................................................8 Status Bytes .....................................................................................................9 Definition and Scope .....................................................................................10 Command Message........................................................................................10 Data Field Returned in the Response Message..............................................10
2.3
GENERATE AC....................................................................................................7
2.3.1 2.3.2 2.3.3 2.3.4
2.4
GET PROCESSING OPTIONS ...............................................................................10

2.4.1 2.4.2 2.4.3
2008 MasterCard
iii
Table of Contents
2.4.4
Status Bytes ...................................................................................................11 Definition and Scope .....................................................................................12 Command Message........................................................................................12 Data Field Returned in the Response Message..............................................12 Status Bytes ...................................................................................................13 Definition and Scope .....................................................................................13 Command Message........................................................................................13 Data Field Returned in the Response Message..............................................14 Status Bytes ...................................................................................................15
2.5
READ RECORD ..................................................................................................12

2.5.1 2.5.2 2.5.3 2.5.4
2.6
SELECT .............................................................................................................13
2.6.1 2.6.2 2.6.3 2.6.4
Application Activation ............................................................. 17

3.1 3.2 3.3 3.4 Overview..........................................................................................................17 Pre-Processing..................................................................................................17 Protocol Activation ..........................................................................................18 Application Selection.......................................................................................18
3.4.1 3.4.2 Building the Candidate List ...........................................................................19 Final Selection ...............................................................................................20
PayPass M/Chip Transaction Processing........................... 21

4.1 4.2 Transaction Flow .............................................................................................21 Exception Processing .......................................................................................26
4.2.1 4.2.2 4.2.3 4.2.4 Processing ......................................................................................................26 Data Objects...................................................................................................26 Status Bytes ...................................................................................................27 COMPUTE CRYPTOGRAPHIC CHECKSUM .......................................................27 FCI and SW1-SW2 Processing......................................................................28 GET PROCESSING OPTIONS Processing ..........................................................28 Read Mag Stripe Application Data ................................................................30 Mag Stripe Application Version Number Checking......................................31 COMPUTE CRYPTOGRAPHIC CHECKSUM Processing .....................................32 Offline Data Authentication Method Selection .............................................34 Read M/Chip Application Data .....................................................................34 Processing Restrictions ..................................................................................35 Terminal Risk Management...........................................................................35 M/Chip CVM Selection .................................................................................36 Terminal Action Analysis..............................................................................38 GENERATE AC Processing.............................................................................38 Retrieve ICC Key and Verify SDAD (CDA) ................................................39 Static Data Authentication .............................................................................40
4.3
Functions Used in Transaction Processing ......................................................28

4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.3.7 4.3.8 4.3.9 4.3.10 4.3.11 4.3.12 4.3.13 4.3.14
2008 MasterCard
iv
Table of Contents
4.3.15 Completion ....................................................................................................40
Data Object Handling............................................................... 43

5.1 5.2 5.3 5.4 Data Object Format..........................................................................................43 DOL Handling .................................................................................................43 Bitmaps Used in Discretionary Data................................................................44 Data Object Management ................................................................................45
Annex A Data Objects Dictionary ...................................................... 47
2008 MasterCard
Using this Manual

Purpose
Using this Manual

Purpose
MasterCard PayPass technology enables fast, easy and globally accepted payments through the use of contactless chip technology on the traditional MasterCard card platform. PayPass M/Chip is designed specifically for authorization networks that currently support chip card authorizations for credit or debit applications. This document defines the behavior of the contactless reader used in PayPass M/Chip and PayPass Mag Stripe transactions. This definition replaces the interface specification given in Part II of the PayPass M/Chip Technical Specifications, v1.3.
Scope
This document provides the specifications necessary to achieve interoperability between PayPass cards and PayPass M/Chip readers. It contains the following definitions as applied to both PayPass M/Chip and PayPass Mag Stripe purchase transactions: The definition of commands, responses and data objects exchanged between the card and PayPass reader The definition of the command sequence in order to support the purchase transaction flow The definition of the internal processing of the PayPass reader
Other transaction types (e.g. refunds) may be supported by the PayPass reader however they are not discussed in this document.
Audience
This document is intended for use by vendors that want to implement the PayPass M/Chip application on an acceptance device. This document is also intended for type approval services that test the actual implementations against this specification.
2008 MasterCard
vii
Using this Manual

Related Documentation
Related Documentation
For the purposes of developing PayPass readers this specification should be read in conjunction with the following MasterCard documents:
Document MasterCard PayPass Terminal Implementation Requirements PayPass M/Chip Acquirer Implementation Requirements PayPass Performance Measurement Content Lists requirements for reader development and for reader integration in retail systems. Describes the user interface. Lists requirements for acquirers implementing the PayPass M/Chip program, including reader/terminal functionality and configuration. Defines the method by which transaction time is measured during the testing of PayPass cards and readers. Lists the minimum performance, in terms of transaction time, required of PayPass cards and readers.
MasterCard PayPass Application Note #2, 30 January 2008
The content of this specification overlaps with that of the EMV Entry Point Specification. For the purposes of developing PayPass readers, the developer has the option of either Implementing all of the requirements in this document, or Implementing the requirements of the EMV Entry Point Specification in place of those given in Chapter 3 of this document. The requirements in the remaining chapters of this document have still to be implemented.
The different documents specifying PayPass reader behavior are summarized in the following figure:
2008 MasterCard
viii
Using this Manual

Reference Materials
Reference Materials
The following references are used in this document. The latest version applies unless a publication date is explicitly stated. [ISO 639-1] [ISO 3166-1] [ISO 4217] [ISO/IEC 7813] [ISO/IEC 7816-4] Codes for the representation of names and languages Part 1: Alpha-2 Code Codes for the representation of names of countries and their subdivisions Part 1: Country codes Codes for the representation of currencies and funds Identification cards Financial transaction cards Information technology Identification cards Integrated circuit(s) cards with contacts - Part 4: Interindustry commands for interchange Identification cards Integrated circuit(s) cards with contacts Part 5: Numbering system and registration procedure for application identifiers. Bank card originated messages Interchange message specifications Content for financial transactions Financial transaction card originated messages Interchange message specifications Information processing 8-bit single-byte coded graphic character sets Integrated Circuit Card Specification for Payment Systems: Application Independent ICC to Terminal Interface Requirements, Version 4.2, June 2008 Integrated Circuit Card Specification for Payment Systems: Security and Key Management, Version 4.2, June 2008 Integrated Circuit Card Specification for Payment Systems: Application Specification, Version 4.2, June 2008 Integrated Circuit Card Specification for Payment Systems: Cardholder, Attendant and Acquirer Interface Requirements, Version 4.2, June 2008 EMV Contactless Specifications for Payment Systems - EMV Contactless Communication Protocol Specification, v2.0 EMV Contactless Specifications for Payment Systems EMV Entry Point Specification, May 2008 MasterCard PayPass Terminal Implementation Requirements, Nov 2007
[ISO/IEC 7816-5]
[ISO 8583:1987] [ISO 8583:1993] [ISO/IEC 8859] [EMV BOOK 1]
[EMV BOOK 2] [EMV BOOK 3] [EMV BOOK 4]
[EMVCLPRO] [EMVEPS] [PPTIR]
2008 MasterCard
ix
Using this Manual

Abbreviations
Abbreviations
The following abbreviations are used in this specification:
Abbreviation AAC AC AFL AID AIP an ans ARQC ATC b BCD C C-APDU CA CDA CDOL CID CLA cn CVC CVM CVR DD DDA DF DOL EMV FCI IAD ICC INS ISO Lc Le LRC Description Application Authentication Cryptogram Application Cryptogram Application File Locator Application Identifier Application Interchange Profile Alphanumeric Alphanumeric Special Authorization Request Cryptogram Application Transaction Counter Binary Binary Coded Decimal Conditional Command Application Protocol Data Unit Certification Authority Combined DDA/AC Generation Card Risk Management Data Object List Cryptogram Information Data Class byte of command message Compressed Numeric Card Validation Code Cardholder Verification Method Cardholder Verification Rule Discretionary Data Dynamic Data Authentication Dedicated File Data Object List Europay MasterCard Visa File Control Information Issuer Application Data Integrated Circuit Card Instruction byte of command message International Organization for Standardization Number of bytes present in the data field of the C-APDU Maximum length of bytes expected in the data field of the R-APDU Longitudinal Redundancy Check
2008 MasterCard
Using this Manual

Abbreviations
Abbreviation M n NATCTRACK1 NATCTRACK2 NCA NI NIC O PAN PCVC3TRACK1 PCVC3TRACK2 PDOL PIN PPSE PUNATCTRACK1 PUNATCTRACK2 P1 P2 R-APDU RFU RID SDA SDAD SSAD SFI SW1 SW2 TC TLV TVR UDOL UN var.
Description Mandatory Numeric Track 1 Number of ATC Digits Track 2 Number of ATC Digits Length of the Certification Authority Public Key Modulus Length of the Issuer Public Key Modulus Length of the ICC Public Key Modulus Optional Primary Account Number Track 1 Bitmap for CVC3 Track 2 Bitmap for CVC3 Processing Options Data Object List Personal Identification Number Proximity Payment System Environment Track 1 Bitmap for UN and ATC Track 2 Bitmap for UN and ATC Parameter 1 Parameter 2 Response Application Protocol Data Unit Reserved for Future Use Registered Application Provider Identifier Static Data Authentication Signed Dynamic Application Data Signed Static Application Data Short File Identifier Status Byte One Status Byte Two Transaction Certificate Tag Length Value Terminal Verification Results Unpredictable Number Data Object List Unpredictable Number Variable length
2008 MasterCard
xi
Using this Manual

Notational Conventions
Notational Conventions
The following notations apply in this document:
Notation '0' to '9' and 'A' to 'F' 1001b digit "M/Chip profile is supported" Track 1 Data GENERATE AC Description Hexadecimal notation. Values expressed in hexadecimal form are enclosed in single quotes (i.e. '_'). Binary notation. Values expressed in binary form are followed by a lower case "b". Any of the ten Arabic numerals from 0 to 9 Labels for flags, decision outcomes, or individual bits of a data object are enclosed in double quotes. Data object names are written in italics to distinguish them from the text. C-APDUs are written in SMALL CAPITALS to distinguish them from the text.
The following table lists symbols that are used throughout this document:
Symbol kTRACK1 kTRACK2 tTRACK1 Meaning Number of non-zero bits in the Track 1 Bitmap for UN (Numeric) and ATC (PUNATCTRACK1) Number of non-zero bits in the Track 2 Bitmap for UN (Numeric) and ATC (PUNATCTRACK2) The symbol tTRACK1 represents the value of NATCTRACK1 and indicates the number of digits of the ATC to be included in the discretionary data field of the Track 1 Data. The symbol tTRACK2 represents the value of NATCTRACK2 and indicates the number of digits of the ATC to be included in the discretionary data field of the Track 2 Data. The symbol nUN represents the number of positions available in the discretionary data fields of the Track 1 Data and Track 2 Data for transporting UN (Numeric) to the issuer. The symbol mTRACK1 indicates the number of characters present in the discretionary data field of the Track 1 Data. The symbol mTRACK2 indicates the number of digits present in the discretionary data field of the Track 2 Data. Number of non-zero bits in the Track 1 Bitmap for CVC3 (PCVC3TRACK1). The symbol qTRACK1 represents the number of CVC3 digits included in the discretionary data field of the Track 1 Data. Number of non-zero bits in the Track 2 Bitmap for CVC3 (PCVC3TRACK2). The symbol qTRACK2 represents the number of CVC3 digits included in the discretionary data field of the Track 2 Data.
tTRACK2
nUN
mTRACK1 mTRACK2 qTRACK1
qTRACK2
2008 MasterCard
xii
Using this Manual

Transition Flow Diagrams
Transition Flow Diagrams

The following symbols are used in the flow diagrams in this document:
The symbols are identified with a number. Paragraphs in the textual description starting with Symbol n correspond to the symbol bearing the same number in the transition flow diagram. The following example illustrates how it works. The decision symbol is used in a flow diagram, identified with number 2.
TEST OK NOK
An explanation of the check done in symbol 2 is given: Symbol 2 An explanation of how the application checks that the condition is satisfied.
Document Word Usage

The following words are used often in this manual and have a specific meaning: must Defines a product or system capability that is mandatory. should Defines a product or system capability that is recommended. may Defines a product or system capability that is optional.
2008 MasterCard
xiii
Using this Manual

Requirement Numbering
Requirement Numbering
Requirements in this document are uniquely numbered with the number appearing next to each requirement: For example: 4.3.2.3 If the PDOL is not present, the PayPass reader must use a command data field of '8300'.
Guidance on Terminology
PayPass Card Due to the legacy of the plastic card industry and the fact that the most common PayPass compliant form factor is card based, the term "card" is used frequently throughout this document. However, the contactless nature of PayPass permits noncard form factors. The functionality of PayPass cards and devices is driven by the chip inside and is independent of the form factor in which the chip resides. Therefore the default reference for the consumer token in this document is "PayPass card" or "card", as appropriate. PayPass Reader The term "PayPass reader" is used to refer to the device supporting the PayPass M/Chip application and providing the contactless interface used by the PayPass card. Although this can be an integral part of the terminal, it is considered in this specification as a separate logical entity. Terminal The term "terminal" is used in this document to mean the POS device, as distinct from the PayPass reader that provides the contactless interface. The terminal and the PayPass reader may exist in a single integrated device, but are considered separately in this document. MasterCard In this document, the term "MasterCard" is used to refer to MasterCard International Incorporated and/or its affiliated entities. It does not refer to the MasterCard payment brand.
2008 MasterCard
xiv
Using this Manual

Document Overview
Document Overview
This document is organized as follows:
Section 1 Introduction 2 Commands 3 Application Activation Description This chapter provides a high-level summary of PayPass M/Chip. This chapter defines the commands and responses supported by PayPass M/Chip. This chapter describes the procedure for identifying and activating the PayPass application on the card, and other transaction pre-processing. This chapter describes the transaction processing of the PayPass reader after it has been enabled by the terminal and the PayPass application has been selected on the card. It specifies how the PayPass reader implements the transaction flow, and lists requirements to ensure interoperability. While other transaction types may be supported, this chapter focuses on the interaction between the PayPass card and the PayPass reader during a purchase transaction. This chapter defines the data object handling for the PayPass reader. This annex lists the data objects supported by the PayPass reader.
4 PayPass M/Chip Transaction Processing
5 Data Object Handling Annex A Data Objects Dictionary
2008 MasterCard
xv
Introduction
MasterCard Proximity Payment
Introduction
This chapter provides a high-level summary of PayPass M/Chip.
1.1
MasterCard Proximity Payment

MasterCard has developed a program intended to allow consumers to make payment transactions at point of sale using contactless technology. The generic term "contactless technology" is used when the point of interaction is between 1 mm and 10 m. Although the proximity payment program covers multiple technologies and ranges, this document deals only with the technical specifications of the MasterCard PayPass product built with a contactless chip with a range from 1 mm to 4 cm.
1.2
M/Chip Profile and Mag Stripe Profile

Within PayPass transactions we distinguish two different profiles: M/Chip and Mag Stripe. The PayPass Mag Stripe profile is designed for contactless payments using authorization networks that currently support only magnetic stripe authorization for credit or debit applications. The PayPass Mag Stripe card stores Track 1 Data and Track 2 Data. The PayPass reader fills the discretionary data field with a dynamic CVC3 during each transaction. The dynamic CVC3 is generated by the PayPass Mag Stripe card using a secret key and a unique transaction counter provided by the PayPass card, and an unpredictable number generated by the PayPass reader. The PayPass Mag Stripe card provides better security than magnetic stripe technology because the dynamic CVC3 is used by the issuer to authenticate the PayPass Mag Stripe card during online authorization processing. The PayPass M/Chip profile is designed for contactless payments in markets that are oriented towards offline acceptance. To manage the offline risk the PayPass reader performs terminal risk management and offline authentication of the PayPass card. The PayPass M/Chip card performs its own card risk management and accepts or declines the transaction offline. To ensure global acceptance of PayPass, unless agreed by MasterCard: All PayPass M/Chip readers support and process PayPass cards that only support the PayPass Mag Stripe profile. All PayPass M/Chip cards support the PayPass Mag Stripe profile when presented at a PayPass Mag Stripe only reader.
2008 MasterCard
Introduction
Architecture
1.3
Architecture
This specification considers the PayPass reader to be a peripheral device of the terminal. The PayPass reader performs the interaction with the PayPass card and the cardholder. The architecture is summarized in Figure 1.1. Figure 1.1PayPass Terminal-Reader Architecture
Note
There is no requirement to create devices following the architecture described here. This logical architecture is only used to specify an externally observable behavior. A terminal and PayPass reader integrated in one physical device can also meet the requirements listed in this specification.
1.4
Transaction Processing Summary

The processing carried out by the PayPass reader during a PayPass transaction, including the interaction with the PayPass card and with the terminal may be summarized as follows: The terminal enables the PayPass reader and provides the necessary transaction data (e.g. transaction amount). The PayPass reader: o o o Initializes its internal data base and, depending on the transaction amount, sets any internal flags for which the corresponding transaction limit has been exceeded. Creates a list of applications that are supported by both the card and PayPass reader. Picks the highest priority application from the list of mutually supported applications, and selects it on the card.
These steps may be done according to [EMVEPS] or according to the application activation described in Chapter 3 of this document. The PayPass reader initiates the transaction on the PayPass card. Based on the response from the PayPass card, the PayPass reader continues with either a PayPass Mag Stripe or PayPass M/Chip transaction.
2008 MasterCard
Introduction
For a PayPass M/Chip transaction, the PayPass reader continues with the following steps: o o o o o The PayPass reader determines which form of ODA to perform. The PayPass reader reads the data records of the PayPass card. The PayPass reader performs Terminal Risk Management and Terminal Action Analysis, and selects a cardholder verification method for the transaction. The PayPass reader requests an application cryptogram from the PayPass card. The PayPass reader performs offline data authentication as appropriate.
For a PayPass Mag Stripe transaction, the PayPass reader continues with the following steps: o o o The PayPass reader reads the data records from the PayPass card. The PayPass reader issues the COMPUTE CRYPTOGRAPHIC CHECKSUM command to the PayPass card. The PayPass reader stores the CVC3-related data in the discretionary data fields of the Track 1 Data and Track 2 Data.
If the outcome of the above processing was successful, the reader provides a visible and audible indication of a successful PayPass interaction to the cardholder. The PayPass reader completes the transaction by preparing the necessary Data Record and Transaction Outcome information and returning it to the terminal. If the outcome of the above processing was not successful, the reader, if appropriate, provides an indication of the failure to the cardholder. The PayPass reader either: o o Retries the above processing, or Prepares the necessary Transaction Outcome information and returns it to the terminal. The PayPass reader then hands control back to the terminal.
The decision to provide failure indication and either retry or return control to the terminal is implementation dependent. The different stages of the transaction are summarized in Figure 1.2.
2008 MasterCard
Introduction
Figure 1.2Transaction Processing Overview
2008 MasterCard
Commands
Introduction
Commands
This chapter defines the commands and responses supported by PayPass M/Chip.
2.1
Introduction
The INS byte of the C-APDU is structured according to [EMV BOOK 1]. The coding of INS and its relationship to CLA are shown in Table 2.1. Table 2.1Coding of the Instruction Byte
CLA '80' '80' '80' '00' '00' INS '2A' 'AE' 'A8' 'B2' 'A4' Meaning COMPUTE CRYPTOGRAPHIC CHECKSUM GENERATE AC GET PROCESSING OPTIONS READ RECORD SELECT
The status bytes returned by the PayPass card are coded as specified in Section 6.3.5 of [EMV BOOK 3]. In addition to the status bytes specific for every command, the PayPass card may return the status bytes shown in Table 2.2. Table 2.2Generic Status Bytes
SW1 '6D' '6E' '6F' SW2 '00' '00' '00' Meaning Instruction code not supported or invalid Class not supported No precise diagnosis
2008 MasterCard
Commands
Compute Cryptographic Checksum
2.2
COMPUTE CRYPTOGRAPHIC CHECKSUM

2.2.1 Definition and Scope
The COMPUTE CRYPTOGRAPHIC CHECKSUM command initiates the computation of the dynamic CVC3 on the card. The computation is based on the UN (Numeric) sent by the PayPass reader, the ATC of the PayPass card and the relevant secret key stored in the card. The response of the PayPass card consists of returning the CVC3TRACK2, the CVC3TRACK1 (optional) and the ATC to the PayPass reader.
2.2.2 Command Message

The COMPUTE CRYPTOGRAPHIC CHECKSUM command message is coded according to Table 2.3. Table 2.3COMPUTE CRYPTOGRAPHIC CHECKSUM Command Message
Code CLA INS P1 P2 Lc Data Le Value '80' '2A' '8E' '80' var. UDOL related data '00'
The data field of the command message is coded according to the UDOL following the rules as defined in Section 5.2. If the PayPass card does not have a UDOL, the PayPass reader uses the Default UDOL.
2.2.3 Data Field Returned in the Response Message

The data field of the response message is a constructed data object with tag '77' (Response Message Template). The value field may include several TLV coded data objects, but always includes the CVC3TRACK2 (tag '9F61') and the ATC (tag '9F36'). The value field may also include the CVC3TRACK1 (tag '9F60').
2008 MasterCard
Commands
Generate AC
2.2.4 Status Bytes

The status bytes that may be sent in response to the COMPUTE CRYPTOGRAPHIC CHECKSUM command are listed in Table 2.4. Table 2.4Status Bytes for COMPUTE CRYPTOGRAPHIC CHECKSUM Command
SW1 '67' '69' '6A' '90' SW2 '00' '85' '86' '00' Meaning Wrong length Conditions of use not satisfied Incorrect parameters P1-P2 Normal processing
2.3
GENERATE AC
The GENERATE AC command sends transaction-related data to the card, which then computes and returns an Application Cryptogram. Depending on the risk management in the card, the cryptogram returned by the PayPass card may differ from that requested in the command message. The PayPass card may return an AAC (transaction declined), an ARQC (online authorization request) or a TC (transaction approved).

The GENERATE AC command message is coded according to Table 2.5. Table 2.5GENERATE AC Command Message
Code CLA INS P1 P2 Lc Data Le Value '80' 'AE' Reference Control Parameter (see Table 2.6) '00' var. CDOL related data '00'
2008 MasterCard
Commands
Generate AC
Table 2.6GENERATE AC Reference Control Parameter

b8 0 0 1 1 b7 0 1 0 1 x 0 0 1 x 0 x 0 x 0 x 0 b6 b5 b4 b3 b2 b1 Meaning AAC TC ARQC RFU RFU Other values RFU CDA not requested CDA requested RFU Other values RFU
The data field of the command message is coded according to CDOL1 following the rules as defined in Section 5.2.

The data field in the response message to the GENERATE AC command is coded according to either format 1 or format 2, as follows.
Format 1
In the case of format 1, the data object returned in the response message is a primitive data object with tag equal to '80'. The value field consists of the concatenation without delimiters (tag and length) of the value fields of the data objects specified in Table 2.7. Format 1 is only used if CDA is not performed. Table 2.7GENERATE AC Response Message Data Field (Format 1)
Value CID ATC AC IAD Presence M M M O
2008 MasterCard
Commands
Generate AC
Format 2
In the case of format 2, the data object returned in the response message will vary depending on whether CDA was performed or not. CDA Not Performed If CDA is not performed, the data object returned in the response message for an AAC, ARQC or TC is a constructed data object with tag equal to '77', as specified in Table 2.8. Table 2.8GENERATE AC Response Message Data Field (Format 2) No CDA
Tag '77' Value Response Message Template '9F27' '9F36' '9F26' '9F10' CID ATC AC IAD Presence M M M M O
CDA Performed If CDA is performed, the data object returned in the response message for an ARQC or TC is a constructed data object with tag equal to '77'. It contains at least the three mandatory data objects specified in Table 2.9, and optionally the IAD. Table 2.9GENERATE AC Response Message Data Field (Format 2) CDA
Tag '77' Value Response Message Template '9F27' '9F36' '9F4B' '9F10' CID ATC SDAD IAD Presence M M M M O
2.3.4 Status Bytes

The status bytes that may be sent in response to the GENERATE AC command are listed in Table 2.10. Table 2.10Status Bytes for GENERATE AC Command
2008 MasterCard
Commands
Get Processing Options
2.4
GET PROCESSING OPTIONS

The GET PROCESSING OPTIONS command initiates the transaction within the card.

The GET PROCESSING OPTIONS command message is coded according to Table 2.11. Table 2.11GET PROCESSING OPTIONS Command Message
Code CLA INS P1 P2 Lc Data Le Value '80' 'A8' '00' '00' var. PDOL related data '00'
The data field of the command message is the Command Template with tag '83' and with a value field coded according to the PDOL provided by the PayPass card in the response to the SELECT command. If the PDOL is not provided by the PayPass card, the length field of the template is set to zero. Otherwise the length field is the total length of the value fields of the data objects transmitted to the card. The value fields are concatenated according to the rules defined in Section 5.2.

The data field in the response message to the GET PROCESSING OPTIONS command is coded according to either format 1 or format 2, as follows.
Format 1
In the case of format 1, the data object returned in the response message is a primitive data object with tag equal to '80'. The value field consists of the concatenation without delimiters (tag and length) of the value fields of the AIP and the AFL, as shown in Table 2.12.
2008 MasterCard
10
Commands
Get Processing Options
Table 2.12GET PROCESSING OPTIONS Response Message Data Field (Format 1)

Value AIP AFL Presence M M
Format 2
In the case of format 2, the data object returned in the response message is a constructed data object with tag '77' (Response Message Template). The value field may include several TLV coded objects, but always includes the AIP (tag '82') and AFL (tag '94'), as shown in Table 2.13. Table 2.13GET PROCESSING OPTIONS Response Message Data Field (Format 2)
Tag '77' Value Response Message Template '82' '94' AIP AFL Presence M M M
2.4.4 Status Bytes

The status bytes that may be sent in response to the GET PROCESSING OPTIONS command are listed in Table 2.14. Table 2.14Status Bytes for GET PROCESSING OPTIONS Command
2008 MasterCard
11
Commands
Read Record
2.5
READ RECORD
The READ RECORD command reads a file record in a linear file. The response of the PayPass card consists of returning the record.

The READ RECORD command message is coded according to Table 2.15. Table 2.15READ RECORD Command Message
Code CLA INS P1 P2 Lc Data Le Value '00' 'B2' Record Number See Table 2.16 Not present Not present '00'
Table 2.16 specifies the coding of P2 of the READ RECORD command. Table 2.16P2 of READ RECORD Command
b8 x b7 x b6 x b5 x b4 x 1 0 0 b3 b2 b1 Meaning SFI P1 is a record number

The data field in the PayPass card response contains the record requested by the command. For SFIs in the range 1-10, the record is a TLV constructed data object with tag '70' as shown in Table 2.17. Table 2.17READ RECORD Response Message Data Field
'70' Length Record Template
2008 MasterCard
12
Commands
Select
2.5.4 Status Bytes

The status bytes that may be sent in response to the READ RECORD command are listed in Table 2.18. Table 2.18Status Bytes for READ RECORD Command
SW1 '6A' '6A' '6A' '90' SW2 '82' '83' '86' '00' Meaning Incorrect parameters P1 P2; file not found Incorrect parameters P1 P2; record not found Incorrect parameters P1 P2 Normal processing
2.6
SELECT
The SELECT command is used to select the PPSE directory and the PayPass application. The response from the PayPass card consists of returning the FCI.

The SELECT command message is coded according to Table 2.19. Table 2.19SELECT Command Message
Code CLA INS P1 P2 Lc Data Le Value '00' 'A4' '04' '00' Length of data field File Name '00'
The data field of the command message contains the PPSE directory name ("2PAY.SYS.DDF01") or the ADF Name (or AID) of the application in the PayPass card 1.
Depending on the value of the File Name, the SELECT command is referred to as SELECT PPSE or SELECT AID command.
2008 MasterCard
13
Commands
Select

The data field of the response message contains the FCI of the PPSE or PayPass application selected by the command.
Select PPSE
Table 2.20 defines the FCI returned by a successful selection of the PPSE directory. The FCI contains the list of PayPass applications (ADF Names) supported by the card. Table 2.20SELECT Response Message Data Field (FCI) of the PPSE
Tag '6F' Value FCI Template '84' 'A5' DF Name FCI Proprietary Template 'BF0C' FCI Issuer Discretionary Data Presence M M M M
The FCI Issuer Discretionary Data is a constructed data object of which the value field is comprised of one or more Application Templates (tag '61') as described in Table 2.21. Table 2.21FCI Issuer Discretionary Data
'BF0C' Length '61' Length of directory entry 1 Directory entry 1 '61' Length of directory entry n Directory entry n
Each directory entry is the value field of an Application Template and contains the information according to Table 2.22 and Table 2.23. Table 2.22Directory Entry Format
Tag '4F' '87' '50' Value ADF Name (AID) Application Priority Indicator (see Table 2.23). Application Label Presence M M O
Table 2.23Application Priority Indicator Format

b8 0 xxx 000 0000 xxxx b7-b5 b4-b1 Definition Application may be selected without confirmation of cardholder RFU
Other values RFU

No priority assigned Order in which the application is to be listed or selected, ranging from 1-15, with 1 being the highest priority.
2008 MasterCard
14
Commands
Select
Select PayPass Application

Table 2.24 defines the FCI returned in response to a successful selection of a PayPass application. Table 2.24SELECT Response Message Data Field (FCI) of a PayPass Application
Tag '6F' Value FCI Template '84' DF Name (AID) 'A5' FCI Proprietary Template '50' Application Label '87' Application Priority Indicator '5F2D' Language Preference '9F38' PDOL '9F11' Issuer Code Table Index '9F12' Application Preferred Name 'BF0C' FCI Issuer Discretionary Data 'XXXX' 1 or more additional data objects from application provider, Issuer or ICC supplier Presence M M M2 O O O O O O O O
2.6.4 Status Bytes

The status bytes returned by the PPSE or PayPass application for the SELECT command are listed in Table 2.25. Table 2.25Status Bytes for SELECT Command
SW1 '62' '67' '6A' '6A' '6A' '90' SW2 '83' '00' '81' '82' '86' '00' Meaning Selected file invalidated 3 Wrong length Function not supported File not found Incorrect parameters P1-P2 Normal processing
2 3
The FCI Proprietary Template may be empty. In this case the length must be set to zero. These specifications do not specify how to block the PPSE or PayPass application. For a dual-interface card (contact and contactless), this may be done by using the contact interface.
2008 MasterCard
15
Application Activation
Overview
This chapter describes the procedure for identifying and activating the PayPass application on the card, and other transaction pre-processing.
3.1
Overview
Application activation begins when the terminal enables the PayPass reader to perform a contactless transaction. Application activation can be divided into the following areas: 1. 2. 3. Pre-processing, in which the transaction amount is checked against defined limits for each supported application Protocol activation, in which contactless protocol of the PayPass reader is activated and prepared for card discovery Application selection, in which first the PPSE and then the PayPass application are selected on the card
3.2
Pre-Processing
When the PayPass reader has been enabled by the terminal and the values of the transaction related data objects listed in 5.4.1.4 are defined, then the following steps are performed. 3.2.1.1 3.2.1.2 The PayPass reader must set Transaction CVM to "No CVM". The PayPass reader must set the Transaction Outcome to "Declined".
The following steps are completed for each AID supported by the PayPass reader. 3.2.1.3 The PayPass reader must clear the following flags: 3.2.1.4 Terminal Contactless Transaction Limit Exceeded Flag Terminal Contactless Floor Limit Exceeded Flag Terminal CVM Required Limit Exceeded Flag
If the Amount, Authorized is greater than or equal to the Terminal Contactless Transaction Limit for that AID, then the Terminal Contactless Transaction Limit Exceeded Flag must be set for that AID. If the Amount, Authorized is greater than the Terminal Contactless Floor Limit for that AID, then the Terminal Contactless Floor Limit Exceeded Flag must be set for that AID.
3.2.1.5
2008 MasterCard
17
Protocol Activation
3.2.1.6
If the Amount, Authorized is greater than or equal to the Terminal CVM Required Limit for that AID, then the Terminal CVM Required Limit Exceeded Flag must be set for that AID.
3.3
Protocol Activation
3.3.1.1 If the PayPass reader has completed pre-processing, and if the Terminal Contactless Transaction Limit Exceeded Flag has not been set for at least one AID supported by the PayPass reader, then the PayPass reader must: Power up the contactless interface and start the polling and collision detection mechanisms as defined in [EMVCLPRO]. Provide a visible indication to the cardholder that the reader is active and that the card can be presented.
Otherwise, the PayPass reader must not proceed with the rest of application activation. It must instead continue with the Completion function as described in Section 4.3.15.
3.4
Application Selection
The application selection process is described in detail in the following sections from the standpoint of both the card and the PayPass reader. The application selection mechanism minimizes the number of commands between the card and PayPass reader. If no errors are encountered, only two SELECT commands (see Section 2.6) are necessary. The process is described in two steps, and is summarized in Figure 3.1. 1. The PayPass reader selects the PPSE and creates a list of applications that are supported by both the card and the PayPass reader. This list is referred to as the "candidate list" (see Section 3.4.1). 2. From the candidate list, the application to be run is chosen and selected on the card (see Section 3.4.2).
Figure 3.1Application Selection
PayPass Card
1. SELECT PPSE 2. List of AIDs 3. SELECT AID 4. FCI
PayPass Reader
2008 MasterCard
18
As an alternative to the application selection method described here, the PayPass reader may also support a proprietary application selection method that is outside the scope of this specification. If so, then the proprietary method may be performed either: Immediately prior to step 3.4.1.1, or Immediately prior to step 3.4.2.1 if the candidate list is empty.
3.4.1 Building the Candidate List

The steps taken by the PayPass reader to establish the candidate list are given in this section. 3.4.1.1 3.4.1.2 The PayPass reader must initialize an empty candidate list. The PayPass reader must select the PPSE on the card using the SELECT command as described in Section 2.6. If the card returns status bytes other than '9000', then the PayPass reader must continue with step 3.4.2.1. Otherwise, the PayPass reader must continue with step 3.4.1.3. The PayPass reader must retrieve all the directory entries from the FCI Issuer Discretionary Data (tag 'BF0C') in the FCI returned by the card. Additional tags returned in the FCI that are not listed in Table 2.20 must be discarded by the PayPass reader. The PayPass reader must process each directory entry by comparing the ADF Name in the directory entry with the AIDs supported by the PayPass reader. If the directory entry is not coded according to Table 2.22 then the PayPass reader must ignore the directory entry. If the ADF Name matches the AID of one of the applications supported by the PayPass reader, then the directory entry is added to the candidate list. The ADF Name in the directory entry matches an AID in the PayPass reader if the ADF Name has the same length and value as the AID, or the ADF Name begins with the entire AID. 3.4.1.4 The PayPass reader must remove from the candidate list all applications that require cardholder confirmation (b8 = '1' in the Application Priority Indicator (see Table 2.23)). The PayPass reader must remove from the candidate list all applications for which the Terminal Contactless Transaction Limit Exceeded Flag has been set in the preprocessing phase. The PayPass reader must order the candidate list according to the following rules: The applications must be listed in order of priority, as indicated by the Application Priority Indicator (see Table 2.23), where the application with the highest priority is listed first. Applications that have the same priority are listed in the order in which they were listed in the PPSE directory entries in the FCI Issuer Discretionary Data (see Table 2.21).
3.4.1.3
3.4.1.5
3.4.1.6
2008 MasterCard
19
Applications with no priority must come last and in the order in which they were listed in the PPSE directory entries in the FCI Issuer Discretionary Data (see Table 2.21).
3.4.2 Final Selection

3.4.2.1 If the candidate list is empty, the PayPass reader must set the Transaction Outcome to "End Application" and continue with the Completion function as specified in Section 4.3.15 in order to terminate the transaction. Otherwise, the PayPass reader must continue with step 3.4.2.2. 3.4.2.2 The PayPass reader must pick the first application from the candidate list and select this application with a SELECT command coded according to Section 2.6.2 using the ADF Name found in the directory entry of the application. If the SELECT command fails (i.e. SW1-SW2 '9000'), then the PayPass reader must remove the application from the candidate list and resume processing at step 3.4.2.1. Having completed application selection, the PayPass reader can begin the main PayPass M/Chip Transaction Processing, as described in Chapter 4.
2008 MasterCard
20
PayPass M/Chip Transaction Processing

Transaction Flow

This chapter describes the transaction processing of the PayPass reader after it has been enabled by the terminal and the PayPass application has been selected on the card. It specifies how the PayPass reader implements the transaction flow, and lists requirements to ensure interoperability. While other transaction types may be supported, this chapter focuses on the interaction between the PayPass card and the PayPass reader during a purchase transaction.
4.1
Transaction Flow
4.1.1.1
Note
The PayPass reader must execute the transaction flow as described in Figure 4.1 and Figure 4.2, and in the corresponding text below.
The transaction flow described in Figure 4.1 and Figure 4.2 assumes normal processing without exceptions. Exception processing is described in Section 4.2.
Symbol 1 FCI and SW1-SW2 Processing The PayPass reader performs certain checks on the data received in reply to the SELECT AID command as described in Section 4.3.1. Symbol 2 GET PROCESSING OPTIONS Command Processing The PayPass reader initiates the transaction by issuing the GET PROCESSING OPTIONS command as described in Section 4.3.2. The PayPass card returns the AIP and the AFL. Symbol 3 M/Chip profile? The PayPass reader verifies if the "M/Chip profile is supported" bit in the AIP is set. If the bit is set, the PayPass reader continues by selecting the method of offline data authentication to be used (see Symbol 7). If the bit is not set, then it continues by reading from the PayPass card the PayPass Mag Stripe application data (see Symbol 4). Symbol 4 Read Mag Stripe Application Data Based on the AFL previously received from the card, the PayPass reader reads the necessary data using the READ RECORD command as specified in Section 4.3.3. Symbol 5 Mag Stripe Application Version Number Checking The PayPass reader verifies the compatibility of its application with the PayPass Mag Stripe application in the PayPass card as specified in Section 4.3.4.
2008 MasterCard
21

Transaction Flow
Symbol 6 COMPUTE CRYPTOGRAPHIC CHECKSUM Processing The PayPass reader continues with the COMPUTE CRYPTOGRAPHIC CHECKSUM command as specified in Section 4.3.5. The PayPass reader then sets the Transaction Outcome to "Online Request".
Note After the completion of the COMPUTE CRYPTOGRAPHIC CHECKSUM response, the PayPass card can be removed from the PayPass reader.
Symbol 7 Offline Data Authentication Method Selection The PayPass reader selects the offline data authentication method to be used in the transaction. As described in Section 4.3.6, it compares the functionality available on the card, as indicated in the AIP, with its own capabilities. The result of this process is a decision to perform CDA, SDA or not to perform any offline data authentication. Symbol 8 Read M/Chip Application Data The PayPass reader reads the necessary data using READ RECORD commands as specified in Section 4.3.7. Symbol 9 Processing Restrictions The PayPass reader performs the Processing Restrictions function as specified in Section 4.3.8. This includes application version number checking, application usage control checking and application effective/expiry dates checking. Symbol 10 Terminal Risk Management The PayPass reader performs Terminal Risk Management as specified in Section 4.3.9. Symbol 11 M/Chip CVM Selection The PayPass reader selects a cardholder verification method as specified in Section 4.3.10. The result of this function is stored as the Transaction CVM. Symbol 12 Terminal Action Analysis The PayPass reader performs Terminal Action Analysis in order to decide whether the transaction should be approved offline, declined offline, or transmitted online. The PayPass reader makes this decision based on the content of the TVR, the Issuer Action Codes and Terminal Action Codes as specified in Section 4.3.11. Symbol 13 GENERATE AC The PayPass reader issues a GENERATE AC command, as described in Section 4.3.12, requesting a TC, ARQC or an AAC based on the results of Terminal Action Analysis. The PayPass card performs its card risk management when it receives the GENERATE AC command, and may decide to complete the transaction online (ARQC), offline (TC) or decline the transaction (AAC).
Note After the completion of the GENERATE AC response, the PayPass card may be removed from the PayPass reader.
2008 MasterCard
22

Transaction Flow
Symbol 14 Card Generated AAC? If the PayPass reader requested an ARQC or TC, and if the PayPass card has generated an AAC, the PayPass reader sets the Transaction Outcome to "Try Another Interface" and continues with the Completion function. If the PayPass reader requested an AAC, and if the PayPass card has generated an AAC, the PayPass reader sets the Transaction Outcome to "Declined" and continues with the Completion function. Otherwise, the PayPass reader continues by checking if CDA was used in the PayPass card response. Symbol 15 Combined DDA/AC Generation? If CDA is being performed, the PayPass reader continues by retrieving the ICC Public Key from the data read from the PayPass card and by verifying the SDAD. If CDA has not been performed, the PayPass reader continues by verifying that the PayPass card generated an ARQC. Symbol 16 Retrieve ICC Public Key and Verify SDAD (CDA) The PayPass reader retrieves the ICC Public Key and verifies the SDAD generated by the PayPass card as specified in Section 4.3.13. Symbol 17 Card Generated ARQC (CDA)? The PayPass reader checks if the card generated an ARQC. If this is the case, the PayPass reader sets the Transaction Outcome to "Online Request" for online capable terminals, and to "Declined" for offline-only terminals. If the PayPass card generated a TC, the PayPass reader sets the Transaction Outcome to "Approved". The PayPass reader continues with the Completion function. Symbol 18 Card Generated ARQC (No CDA)? The PayPass reader checks if the PayPass card generated an ARQC. If this is the case, the PayPass reader sets the Transaction Outcome to "Online Request" for online capable terminals, and to "Declined" for offline-only terminals. The PayPass reader then continues with the Completion function. If the PayPass card generated a TC, the PayPass reader continues by performing SDA. Symbol 19 Static Data Authentication The PayPass reader performs SDA as specified in Section 4.3.14. The PayPass reader sets the Transaction Outcome to "Approved". Symbol 20 Completion The PayPass reader executes the Completion function as specified in Section 4.3.15, and hands control back to the terminal.
2008 MasterCard
23

Transaction Flow
Figure 4.1Transaction Flow for PayPass reader (Part 1)
2008 MasterCard
24

Transaction Flow
Figure 4.2Transaction Flow for PayPass reader (Part 2)
2008 MasterCard
25

Exception Processing
4.2
This section specifies exceptions to normal processing that cause termination of the normal transaction flow.
4.2.1 Processing
4.2.1.1 If the PayPass reader encounters an exception during its processing, then it must set the Transaction Outcome to "End Application" and continue with the Completion function as specified in Section 4.3.15.
4.2.2 Data Objects

Data objects returned by the PayPass card are checked by the PayPass reader as follows: 4.2.2.1 It is the responsibility of the issuer to ensure that data in the PayPass card is of the correct format. No format checking other than that specifically defined is mandated for the PayPass reader. However, if during normal processing the PayPass reader recognizes that data read from the PayPass card is incorrectly formatted, it must terminate the transaction as defined in requirement 4.2.1.1. Unless explicitly stated in Section 4.3, during a PayPass Mag Stripe transaction the PayPass reader must not validate the individual data objects returned in the Track 1 Data and Track 2 Data. Specifically, validation of the values 2 and 6 in the first digit of the service code present in Track 1 Data or Track 2 Data to determine if a contact chip transaction is required must not be performed. Any existing data validation carried out to support individual payment products is outside the scope of this specification. However, if in the course of copying the dynamic data into Track 1 Data or Track 2 Data, the PayPass reader is not able to localize the discretionary data field due to one or more format errors, the PayPass reader must terminate the transaction as defined in requirement 4.2.1.1. 4.2.2.3 If, during transaction processing, the PayPass reader encounters more than one occurrence of a single primitive data object, it must terminate the transaction as specified in requirement 4.2.1.1. If, during transaction processing, the PayPass reader receives in a response from the PayPass card a data object that is listed in Table A.1 as having the PayPass reader as source, it must terminate the transaction as specified in requirement 4.2.1.1.
4.2.2.2
4.2.2.4
2008 MasterCard
26

4.2.3 Status Bytes

4.2.3.1 If, during transaction processing, the PayPass card returns any SW1-SW2 other than '9000', the PayPass reader must terminate the transaction as according to requirement 4.2.1.1, unless otherwise specified.
4.2.4 COMPUTE CRYPTOGRAPHIC CHECKSUM

Specific exception processing is required for the COMPUTE CRYPTOGRAPHIC CHECKSUM command. 4.2.4.1 During a PayPass Mag Stripe transaction, if the PayPass reader does not receive a valid response from the PayPass card to a COMPUTE CRYPTOGRAPHIC CHECKSUM command (i.e. no response message or an invalid response message), it must wait 300 ms before terminating the transaction as specified in requirement 4.2.1.1. If it is the second consecutive transaction for which no valid response message from the PayPass card for the COMPUTE CRYPTOGRAPHIC CHECKSUM command is received, the PayPass reader must wait 2 * 300 ms before terminating the transaction as specified in requirement 4.2.1.1. In general, if it is the nth (n = 1, 2, 3, ) consecutive transaction for which no valid response message from the PayPass card for the COMPUTE CRYPTOGRAPHIC CHECKSUM command is received, the PayPass reader must wait 2m * 300 ms (m being the minimum of n-1 and 5) before terminating the transaction as specified in requirement 4.2.1.1.
2008 MasterCard
27

Functions Used in Transaction Processing
4.3

4.3.1 FCI and SW1-SW2 Processing
Transaction processing begins with the analysis of the response to the SELECT AID command. 4.3.1.1 If the PayPass card returns any SW1-SW2 other than '9000' in response to the SELECT AID command, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.
Requirement 4.3.1.1 applies only if the PayPass reader implements the EMV Entry Point. Otherwise, the status bytes in response to the SELECT AID command are processed as described previously in requirement 3.4.2.2.
Note
4.3.1.2
The PayPass reader must verify that the FCI is correctly formatted, as specified in Table 2.24. If this is not the case, then the PayPass reader must terminate processing as specified in requirement 4.2.1.1. The PayPass reader must extract the PDOL (if present) from the FCI and store it for later use during the GET PROCESSING OPTIONS Command Processing. The PayPass reader must extract the DF Name (tag '84'), Application Label (tag '50') (if present), the Language Preference (tag '5F2D') (if present), the Issuer Code Table Index (tag '9F11') (if present) and the Application Preferred Name (tag '9F12') (if present) from the FCI, and store them for later use in the Completion function. Additional tags returned in the FCI that are not listed in Table 2.24 must be discarded by the PayPass reader. If the Language Preference (tag '5F2D') data object is included in the FCI, then the PayPass reader must perform language selection as specified in Section 11.1 of [EMV BOOK 4], except for interactive cardholder language selection. If no match is found and the PayPass reader supports more than one language, it must automatically select the local language.
4.3.1.3 4.3.1.4
4.3.1.5
4.3.2 GET PROCESSING OPTIONS Processing

The PayPass reader issues the GET PROCESSING OPTIONS command to initiate the transaction in the card. 4.3.2.1 4.3.2.2 The PayPass reader sets all bits in the TVR and CVM Results to 0b. If the Terminal CVM Required Limit Flag is set, then the Terminal Capabilities must be instantiated with Terminal Capabilities CVM Required. Otherwise the Terminal Capabilities must be instantiated with Terminal Capabilities No CVM Required.
2008 MasterCard
28

4.3.2.3 4.3.2.4 4.3.2.5
The PayPass reader must format the GET PROCESSING OPTIONS command as specified in Section 2.4.2. If the PDOL is not present (see requirement 4.3.1.3), the PayPass reader must use a command data field of '8300'. If the PDOL is present, the PayPass reader must use the PDOL to create a concatenated list of data objects without tags or lengths following the rules specified in Section 5.2. The PayPass reader must verify that all of the tags in the PDOL belong to data objects available to the PayPass reader. If this is not the case, the PayPass reader must provide a data object with the length specified and a value of all hexadecimal zeros for all such tags encountered. The PayPass reader must use the concatenated list as value field of the data object with tag '83'. The PayPass reader must verify that the response message to the GET PROCESSING OPTIONS command is correctly formatted as specified in Section 2.4.3. If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. The PayPass reader must retrieve from the response message the AIP (tag '82') and AFL (tag '94') data objects. If they are not both included, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. If the PayPass card response contains a constructed data object as described in Table 2.13, any additional data objects returned in the data field must be discarded by the PayPass reader. If the PayPass Mag Stripe Indicator for the selected AID indicates that the PayPass Mag Stripe profile is not supported and the "M/Chip profile is supported" bit in the AIP is not set, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. If the PayPass card returns SW1-SW2 = '6985' in response to the GET PROCESSING OPTIONS command, then the PayPass reader must remove the application from the candidate list and return to application selection as described in requirement 3.4.2.1.
Requirement 4.3.2.9 applies only if the PayPass reader implements application activation as specified in Chapter 3. If the EMV Entry Point is used, then SW1-SW2 = '6985' is handled as described in 4.2.3.1.
4.3.2.6
4.3.2.7
4.3.2.8
4.3.2.9
Note
2008 MasterCard
29

4.3.3 Read Mag Stripe Application Data

Data contained in the files of the PayPass card are required by the PayPass reader to complete the COMPUTE CRYPTOGRAPHIC CHECKSUM command processing. The PayPass reader uses the READ RECORD command to read the files and records indicated in the AFL. 4.3.3.1 If the value of the four most significant bytes of the AFL is different from '08010100', then the PayPass reader must process each entry in the AFL from left to right. A READ RECORD command as described in Section 2.5 must be issued for each record between the starting record number and the ending record number, inclusively. The PayPass reader must ignore the fourth byte of each entry in the AFL. The PayPass reader must then proceed with requirement 4.3.3.3. 4.3.3.2 If the value of the four most significant bytes of the AFL is equal to '08010100', then the PayPass reader must not interpret the AFL and instead must only issue a READ RECORD command as described in Section 2.5 for the first record in the file with SFI 1. The PayPass reader must store all recognized data objects read, whether mandatory or optional, for later use in the transaction processing. Data objects that are not recognized by the PayPass reader (that is, their tags are unknown by the PayPass reader) must be discarded. If any of the mandatory data objects listed in Table 4.1 is not present, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. Table 4.1Mandatory PayPass Mag Stripe Data Objects
Tag '9F6B' '9F66' '9F65' '9F67' Value Track 2 Data PUNATCTRACK2 PCVC3TRACK2 NATCTRACK2
4.3.3.3
4.3.3.4
4.3.3.5
The PayPass reader must copy the discretionary data field of the Track 1 Data (if present) into DDCARD,TRACK1. The PayPass reader must copy the discretionary data field of the Track 2 Data into DDCARD,TRACK2. The PayPass reader must verify that the number of non-zero bits in PUNATCTRACK2 (kTRACK2) is greater than or equal to the number of digits of the ATC to be included in the discretionary data field of the Track 2 Data (t TRACK2). If kTRACK2 < tTRACK2, the PayPass reader must terminate the transaction, as specified in requirement 4.2.1.1. Otherwise, the PayPass reader must set nUN equal to kTRACK2 - t TRACK2. The PayPass reader must verify that nUN is less than or equal to 8. If nUN is greater than 8, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.
4.3.3.6
4.3.3.7
2008 MasterCard
30

4.3.3.8
The PayPass reader must verify that the number of non-zero bits in PCVC3TRACK2 is greater than or equal to 3 (i.e. qTRACK2 3). If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. If Track 1 Data is included in the data returned from the card, the PayPass reader must verify that also PCVC3TRACK1, PUNATCTRACK1 and NATCTRACK1 are returned. If at least one of these data objects is not available, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.
4.3.3.9
4.3.3.10 If Track 1 Data is available, the PayPass reader must verify that the number of non-zero bits in PUNATCTRACK1 (kTRACK1) is greater than or equal to the number of digits of the ATC to be included in the discretionary data field of Track 1 Data (tTRACK1). If kTRACK1 < t TRACK1, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. 4.3.3.11 If Track 1 Data is available, the PayPass reader must verify that kTRACK1 - tTRACK1 is equal to nUN. If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. 4.3.3.12 If Track 1 Data is available, the PayPass reader must verify that the number of non-zero bits in PCVC3TRACK1 is greater than or equal to 3 (i.e. qTRACK1 3). If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. 4.3.3.13 The PayPass reader must retrieve from the Track 2 Data the PAN and Expiry Date. If Track 1 Data is returned from the card, the PayPass reader must verify that the PAN and Expiry Date included in the Track 1 Data are the same as the PAN and Expiry Date included in the Track 2 Data. If this is not the case, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.
4.3.4 Mag Stripe Application Version Number Checking

The applications within both the PayPass card and the PayPass reader maintain a Mag Stripe Application Version Number assigned by the payment system. The PayPass reader verifies the compatibility of its Mag Stripe Application Version Number (Reader) with the Mag Stripe Application Version Number (Card) in the card. 4.3.4.1 If the Mag Stripe Application Version Number (Card) is not present in the card, or if the PayPass reader does not recognize or support the application version of the card, the PayPass reader must use its latest version to perform the transaction. Otherwise, PayPass reader must use the appropriate code and/or commands to perform the transaction with the card.
2008 MasterCard
31

4.3.5 COMPUTE CRYPTOGRAPHIC CHECKSUM Processing

The PayPass reader issues the COMPUTE CRYPTOGRAPHIC CHECKSUM command to the PayPass card to obtain the CVC3TRACK2, the CVC3TRACK1 (optional) and the ATC from the card. 4.3.5.1 4.3.5.2 4.3.5.3 The PayPass reader must generate an UN (Numeric) of 8 digits in length and of which the 8-nUN most significant digits are set equal to 0. The PayPass reader must format the COMPUTE CRYPTOGRAPHIC CHECKSUM command as specified in Section 2.2.2. If the UDOL is returned by the PayPass card during the Read Mag Stripe Application Data processing, the PayPass reader must create a concatenated list of data objects without tags or lengths following the rules specified in Section 5.2. If the UDOL is not returned by the PayPass card during the Read Mag Stripe Application Data processing, the PayPass reader must use the Default UDOL to construct the data field of the command message. Refer to Section 5.4 for the definition of the Default UDOL. The PayPass reader must verify that the response message of the COMPUTE CRYPTOGRAPHIC CHECKSUM command is correctly formatted as specified in Section 2.2.3. If it is not correctly formatted, the PayPass reader must terminate the transaction as indicated in requirement 4.2.4.1. The PayPass reader must retrieve the CVC3TRACK2 (tag '9F61') and the ATC (tag '9F36') from the Response Message Template (tag '77'). If one of these data objects is not available, the PayPass reader must terminate the transaction as indicated in requirement 4.2.4.1. The PayPass reader must convert the binary encoded CVC3TRACK2 to the BCD encoding of the corresponding number expressed in base 10. The PayPass reader must copy the qTRACK2 least significant digits of the BCD encoded CVC3TRACK2 in the eligible positions of the discretionary data field of Track 2 Data. The eligible positions are indicated by the qTRACK2 non-zero bits in PCVC3TRACK2. The PayPass reader must replace the nUN least significant eligible positions of the discretionary data field of Track 2 Data by the nUN least significant digits of UN (Numeric). The eligible positions in the discretionary data field are indicated by the nUN least significant non-zero bits in PUNATCTRACK2. If tTRACK2 0, the PayPass reader must convert the ATC to the BCD encoding of the corresponding number expressed in base 10. The PayPass reader must replace the tTRACK2 most significant eligible positions of the discretionary data field of Track 2 Data by the tTRACK2 least significant digits of the BCD encoded ATC. The eligible positions in the discretionary data field are indicated by the tTRACK2 most significant non-zero bits in PUNATCTRACK2.
4.3.5.4
4.3.5.5
4.3.5.6
4.3.5.7
4.3.5.8
4.3.5.9
4.3.5.10 The PayPass reader must copy nUN into the least significant digit of the discretionary data field of the Track 2 Data.
2008 MasterCard
32

4.3.5.11 If Track 1 Data is available, the PayPass reader must retrieve the CVC3TRACK1 from the Response Message Template (tag '77'). If the Track 1 Data is available and the CVC3TRACK1 is not available, the PayPass reader must terminate the transaction as indicated in requirement 4.2.4.1. 4.3.5.12 Data objects returned in the Response Message Template (tag '77') with tags other than '9F60', '9F61' and '9F60' must be discarded by the PayPass reader. 4.3.5.13 If Track 1 Data is available, the PayPass reader must convert the binary encoded CVC3TRACK1 to the BCD encoding of the corresponding number expressed in base 10. The PayPass reader must convert the qTRACK1 least significant digits of the BCD encoded CVC3TRACK1 into the ASCII format and copy the qTRACK1 ASCII encoded CVC3TRACK1 characters into the eligible positions of the discretionary data field of the Track 1 Data. The eligible positions are indicated by the qTRACK1 nonzero bits in PCVC3TRACK1. 4.3.5.14 If Track 1 Data is available, the PayPass reader must convert the BCD encoded UN (Numeric) into the ASCII format and replace the nUN least significant eligible positions of the discretionary data field of the Track 1 Data by the nUN least significant characters of the ASCII encoded UN (Numeric). The eligible positions in the discretionary data field are indicated by the nUN least significant non-zero bits in PUNATCTRACK1. 4.3.5.15 If Track 1 Data is available and tTRACK1 0, the PayPass reader must convert the ATC to the BCD encoding of the corresponding number expressed in base 10. The PayPass reader must convert the tTRACK1 least significant digits of the ATC into the ASCII format. The PayPass reader must replace the tTRACK1 most significant eligible positions of the discretionary data field of the Track 1 Data by the tTRACK1 ASCII encoded ATC characters. The eligible positions in the discretionary data field are indicated by the tTRACK1 most significant non-zero bits in PUNATCTRACK1. 4.3.5.16 If Track 1 Data is available, the PayPass reader must convert nUN into the ASCII format and copy the ASCII encoded nUN character into the least significant position of the discretionary data field of the Track 1 Data. 4.3.5.17 The PayPass reader must execute the requirements 4.3.5.7, 4.3.5.8, 4.3.5.9 and 4.3.5.10 and the requirements 4.3.5.13, 4.3.5.14, 4.3.5.15 and 4.3.5.16 in the order as specified above.
2008 MasterCard
33

4.3.6 Offline Data Authentication Method Selection

Based on the capabilities of the PayPass card, the PayPass reader selects a method of offline data authentication to be used for the transaction. The PayPass reader performs Offline Data Authentication Method Selection as follows: 4.3.6.1 If the AIP indicates that the PayPass card supports CDA (AIP[1][1] = 1b) and the Terminal Capabilities indicate that the PayPass reader supports CDA (Terminal Capabilities[3][4] = 1b), the PayPass reader must select CDA as the ODA to be performed. Offline Data Authentication Method Selection is complete. Otherwise, the PayPass reader must continue with requirement 4.3.6.2. If the AIP indicates that the PayPass card supports SDA (AIP[1][7] = 1b) and the Terminal Capabilities of the PayPass reader indicate support for SDA (Terminal Capabilities[3][8] = 1b), the PayPass reader must select SDA as the ODA to be performed. Offline Data Authentication Method Selection is complete. Otherwise, the PayPass reader must continue with requirement 4.3.6.3. If neither SDA nor CDA is selected as the ODA to be performed, the PayPass reader must set the Offline Data Authentication Was Not Performed bit in the TVR to 1b.
4.3.6.2
4.3.6.3
4.3.7 Read M/Chip Application Data

The PayPass reader reads the files and records indicated in the AFL using the READ RECORD command. 4.3.7.1 If the AFL returned by the PayPass card is not one of the pre-defined values described in Table 4.2, the PayPass reader must process each entry in the AFL from left to right. A READ RECORD command as described in Section 2.5 must be issued for each record between the starting record number and the ending record number, inclusively. The PayPass reader must then proceed with requirement 4.3.7.6. If the AFL returned by the PayPass card is one of the pre-defined values described in Table 4.2, the PayPass reader must proceed with requirement 4.3.7.2. Table 4.2Pre-defined AFL Values
ODA supported SDA CDA AFL Value '08010100 10010101 18010200' '08010100 10010101 18010200 20010200'
4.3.7.2 4.3.7.3
The PayPass reader must always read record 1 included in the file with SFI 2. If the offline data authentication method to be performed for the transaction is SDA or CDA (see Section 4.3.6), the PayPass reader must read record 1 included in the file with SFI 3.
2008 MasterCard
34

4.3.7.4 4.3.7.5 4.3.7.6
If the offline data authentication method to be performed for the transaction is SDA, the PayPass reader must read record 2 included in the file with SFI 3. If the offline data authentication method to be performed for the transaction is CDA, the PayPass reader must read record 1 and 2 included in the file with SFI 4. The PayPass reader must store all recognized data objects read, whether mandatory or optional, for later use in the transaction processing. Data objects that are not recognized by the PayPass reader (that is, their tags are unknown by the PayPass reader) must not be stored separately, but records containing such data objects may still participate in their entirety in offline data authentication, depending upon the coding of the AFL. All mandatory data objects must be present in the card. If any mandatory data object is not present, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. The mandatory data objects are listed in Table 4.3. Table 4.3Mandatory PayPass M/Chip Data Objects
Tag '5F24' '5A' '8C' '9F4A' Value Application Expiry Date PAN CDOL1 SDA Tag List
4.3.7.7
4.3.7.8
Proprietary data files (i.e. files with SFI outside the range 1 to 10) may or may not conform to this specification (refer to Table 2.17). Records in proprietary files may be represented in the AFL and may participate in offline data authentication if they are readable without conditions by the READ RECORD command coded according to Section 2.5.2.
4.3.8 Processing Restrictions

4.3.8.1 The Processing Restrictions function must be performed as specified in Section 10.4 of [EMV BOOK 3] and Section 6.3.3 of [EMV BOOK 4]. It includes the checking of the following data objects: Application Version Number, Application Usage Control, Application Effective Date, Application Expiry Date.
4.3.9 Terminal Risk Management

4.3.9.1 If the Terminal Contactless Floor Limit Exceeded Flag has been set during the pre-processing phase, then the "Transaction Exceeds Floor Limit" bit of the TVR must be set to 1b.
The PayPass reader may support an exception file as specified in Section 6.3.5 of [EMV BOOK 4].
2008 MasterCard
35

4.3.10 M/Chip CVM Selection

Cardholder verification is performed to ensure that the person presenting the PayPass card is indeed the person to whom the application in the PayPass card was issued. This section specifies how the PayPass reader selects the CVM to be performed by the terminal. The M/Chip CVM Selection function makes use of the CVM List (tag '8E') returned by the PayPass card in the response to the READ RECORD command. The PayPass reader compares the contents of the card's CVM List with the CVMs it supports. The result of the M/Chip CVM Selection processing is communicated to the terminal during the Completion function by means of the Transaction CVM.
Note The M/Chip CVM Selection function involves only the selection of the CVM to be performed. Cardholder verification is not performed until after the Completion function, and the PayPass reader has returned control to the terminal.
The PayPass reader performs M/Chip CVM Selection as follows: 4.3.10.1 If the "Cardholder verification is supported" bit in the AIP is not set, then the PayPass reader must set the Transaction CVM to "No CVM". In the CVM Results, the PayPass reader must set byte 1 to "No CVM" and byte 3 to "successful". M/Chip CVM Selection is complete. Otherwise, the PayPass reader must continue with requirement 4.3.10.2. 4.3.10.2 If the CVM List is not present in the card or the CVM List has no CVRs, then the PayPass reader must set the "ICC Data Missing" bit in the TVR and the Transaction CVM to "No CVM". In the CVM Results, the PayPass reader must set byte 1 to "No CVM" and byte 3 to "unknown". M/Chip CVM Selection is complete. Otherwise, the PayPass reader must continue with requirement 4.3.10.3. 4.3.10.3 The PayPass reader must process each CVR in the order in which they appear in the CVM List according to requirements 4.3.10.4 and 4.3.10.5. M/Chip CVM Selection is completed when a CVM is successfully selected or when the CVM List is exhausted. 4.3.10.4 When processing each CVR, if any of the following is true, then the PayPass reader must bypass the CVR and proceed to the next CVR in the CVM List: The conditions expressed by the CVM Condition Code (second byte of the CVR) are not satisfied. Data required by the conditions expressed by the CVM Condition Code is not present. The CVM Condition Code is outside the range of codes understood by the PayPass reader (refer to requirement 4.3.10.6).
If there are no more CVRs in the list, then the PayPass reader must set the Transaction CVM to "No CVM" and set the "Cardholder verification was not successful" bit in the TVR. In the CVM Results, the PayPass reader must set byte 1 to "No CVM" and byte 3 to "failed". M/Chip CVM Selection is complete.
2008 MasterCard
36

4.3.10.5 If the conditions expressed by the CVM Condition Code are satisfied, then the PayPass reader must proceed according to the following steps: 1. If the CVM Code (first byte of the CVR) is recognized (refer to requirement 4.3.10.7), then the PayPass reader must proceed with step 2. If the CVM Code is not recognized, then the PayPass reader must set the 'Unrecognized CVM' bit in the TVR and proceed with step 3. 2. If the CVM Code is supported (refer to requirement 4.3.10.8) and is not "Fail CVM", then the PayPass reader must proceed as follows: The PayPass reader must set the Transaction CVM as indicated by the CVM Code. In the CVM Results, the PayPass reader must copy the CVR to bytes 1 and 2, and must set byte 3 to "unknown". If the CVM Code is "Enciphered PIN verified online", then the PayPass reader must set the "Online PIN entered" bit in the TVR. M/Chip CVM Selection is complete.
If the CVM Code is "Fail CVM" or if the CVM Code is not supported, then the PayPass reader must proceed with step 3. 3. The PayPass reader must examine b7 of the CVM Code. If b7 is set to 1b, processing continues with the next CVR, if present. If b7 is set to 0b, or if there are no more CVRs in the list, then the PayPass reader must set the Transaction CVM to "No CVM" and set the "Cardholder verification was not successful" bit in the TVR. The PayPass reader must set byte 3 of the CVM Results to "failed". If the CVM Code is "Fail CVM", then the PayPass reader must copy the CVR to bytes 1 and 2 of the CVM Results. If the CVM Code is not "Fail CVM", then the PayPass reader must set byte 1 of the CVM Results to "No CVM". M/Chip CVM Selection is complete. 4.3.10.6 The PayPass reader must understand the CVM Condition Codes defined in Annex C.3 of [EMV BOOK 3]. The PayPass reader may also understand proprietary CVM Condition Codes not defined in Annex C.3 of [EMV BOOK 3]. 4.3.10.7 The PayPass reader must recognize the CVM Codes defined in Annex C.3 of [EMV BOOK 3]. The PayPass reader may also recognize proprietary CVM Codes not defined in Annex C.3 of [EMV BOOK 3]. 4.3.10.8 The PayPass reader must verify support of a CVM Code as follows: For CVM Codes defined in Annex C.3 of [EMV BOOK 3], support must be indicated in the Terminal Capabilities. For CVM Codes not defined in Annex C.3 of [EMV BOOK 3], support may be known implicitly. For Combination CVMs, both CVM Codes must be supported. "Fail CVM" must always be supported.
2008 MasterCard
37

4.3.11 Terminal Action Analysis

With the Terminal Action Analysis function the PayPass reader makes the decision as to whether the transaction should be approved offline, declined offline, or transmitted online. 4.3.11.1 Terminal Action Analysis must be performed as specified in Section 10.7 of [EMV BOOK 3].
4.3.12 GENERATE AC Processing

As a result of the Terminal Action Analysis processing, the PayPass reader requests the PayPass card to generate an Application Cryptogram with the GENERATE AC command. 4.3.12.1 The PayPass reader must format the GENERATE AC command as specified in Section 2.3.2. 4.3.12.2 The PayPass reader must use the CDOL1 to create a concatenated list of data objects without tags or lengths following the rules specified in Section 5.2. 4.3.12.3 If the result of the Terminal Action Analysis (see Section 4.3.11) is "approved offline" (TC), and the result of Offline Data Authentication Method Selection is CDA (see Section 4.3.6), then the PayPass reader must indicate "CDA requested" in the Reference Control Parameter of the GENERATE AC command. 4.3.12.4 If the result of the Terminal Action Analysis (see Section 4.3.11) is "declined offline" (AAC) or "transmitted online" (ARQC), and the result of Offline Data Authentication Method Selection is CDA (see Section 4.3.6), then the PayPass reader must not indicate "CDA requested" in the Reference Control Parameter of the GENERATE AC command. 4.3.12.5 If the result of Offline Data Authentication Method Selection is not CDA (see Section 4.3.6), then the PayPass reader must not indicate "CDA requested" in the Reference Control Parameter of the GENERATE AC command. 4.3.12.6 The PayPass reader must verify that the response message of the GENERATE AC command is correctly formatted as specified in Section 2.3.3. If it is not correctly formatted, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. 4.3.12.7 The PayPass reader must retrieve the CID (tag '9F27') and the Application Transaction Counter (tag '9F36') from the response message of the GENERATE AC command. If one of these data objects is not available, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. 4.3.12.8 If CDA was not requested in the GENERATE AC command and the data object returned in the response message is a Response Message Template (tag '77'), the PayPass reader must verify that the Application Cryptogram (tag '9F26') is included. If the Application Cryptogram is not included, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. Additional data objects returned in the data field that are not listed in Table 2.8 must be discarded by the PayPass reader.
2008 MasterCard
38

4.3.12.9 If CDA was requested in the GENERATE AC command and the PayPass card did not generate an AAC, the PayPass reader must verify that the SDAD (tag '9F4B') is included in the Response Message Template (tag '77'). If the SDAD tag is not included, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. Additional data objects returned in the data field that are not listed in Table 2.9 must be used by the PayPass reader during the verification of the SDAD.
4.3.13 Retrieve ICC Key and Verify SDAD (CDA)

When the method of offline data authentication used is CDA, the PayPass reader retrieves the ICC Public Key and verifies the SDAD returned by the PayPass card as part of the response to the GENERATE AC command. 4.3.13.1 The PayPass reader must verify that all mandatory data objects for performing CDA have been returned from the PayPass card (refer to Table 4.4). If this is not the case, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. Table 4.4Mandatory Data Objects for CDA
Tag '8F' '90' '92' '9F32' 9F46' '9F47' '9F48' Value Certification Authority Public Key Index Issuer Public Key Certificate Issuer Public Key Remainder 4 Issuer Public Key Exponent ICC Public Key Certificate ICC Public Key Exponent ICC Public Key Remainder 4
4.3.13.2 The PayPass reader must retrieve the Certification Authority Public Key, the Issuer Public Key and the ICC Public Key as described in Sections 6.2, 6.3 and 6.4 of [EMV BOOK 2] from the PayPass card data that was read in a previous step (see Section 4.3.7). 4.3.13.3 If the ICC Public Key is not retrieved successfully, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. 4.3.13.4 Using the retrieved ICC Public Key in conjunction with the corresponding algorithm, the PayPass reader must verify the SDAD and recover the AC as described in Section 6.6.2 of [EMV BOOK 2]. 4.3.13.5 If the SDAD is not successfully verified, then CDA has failed. The PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.
The Issuer Public Key Remainder or the ICC Public Key Remainder could be absent when the public key modulus can be recovered in its entirety from the public key certificate.
2008 MasterCard
39

4.3.14 Static Data Authentication

When the method of offline data authentication used is SDA, the PayPass reader retrieves the Issuer Public Key and verifies the SSAD returned by the PayPass card during the Read M/Chip Application Data function (Section 4.3.7). 4.3.14.1 The PayPass reader must verify that all mandatory data objects for performing SDA have been returned from the PayPass card (refer to Table 4.5). If this is not the case, then the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1. Table 4.5Mandatory Data Objects for SDA
Tag '8F' '90' '92' '9F32' '93' Value Certification Authority Public Key Index Issuer Public Key Certificate Issuer Public Key Remainder 5 Issuer Public Key Exponent Signed Static Application Data
4.3.14.2 The PayPass reader must perform SDA by retrieving the Certification Authority Public Key and Issuer Public Key and then verifying the SSAD as described in Section 5 of [EMV BOOK 2]. 4.3.14.3 If SDA is not successful, the PayPass reader must terminate the transaction as specified in requirement 4.2.1.1.
4.3.15 Completion
With the Completion function, the PayPass reader prepares the data objects to be returned to the terminal. The PayPass reader ends the Completion processing as described in Section 9.5 ("Removal") of [EMVCLPRO], and hands over control to the terminal. 4.3.15.1 The PayPass reader must indicate to the terminal the outcome of its transaction processing by means of the Transaction Outcome. 4.3.15.2 If a PayPass M/Chip transaction is performed, then the PayPass reader must indicate to the terminal the outcome of the M/Chip CVM Selection function by means of the Transaction CVM.
The Issuer Public Key Remainder could be absent when the public key modulus can be recovered in its entirety from the public key certificate.
2008 MasterCard
40

4.3.15.3 If the Transaction Outcome is "Online Request" or "Approved", the PayPass reader must provide a Data Record to the terminal containing the necessary elements for authorization and clearing. The data objects required will depend on the transaction profile. The Data Record that the PayPass reader must return for a PayPass M/Chip transaction is as shown in Table 4.6. The Data Record that the PayPass reader must return for a PayPass Mag Stripe transaction is as shown in Table 4.7. Data objects whose presence is listed as conditional (C) must be present in the Data Record if they are present on the card. Table 4.6Data Record Detail for PayPass M/Chip
Tag '57' '9F6E' '84' '50' '9F12' '9F11' '9F26' '9F27' '9F10' '9F36' '95' '9F37' '5F2A' '9C' '9A' '9F02' '9F1A' '9F34' '82' Data Object Track 2 Equivalent Data PayPass Third Party Data DF Name Application Label Application Preferred Name Issuer Code Table Index AC CID IAD ATC TVR UN Transaction Currency Code Transaction Type Transaction Date Transaction Amount Terminal Country Code CVM Results AIP
6
Presence C C M C C C M M C M M M M M M M M M M
The TVR as sent to the PayPass card by the PayPass reader in the GENERATE AC command.
2008 MasterCard
41

Table 4.7Data Record Detail for PayPass Mag Stripe

Tag '9F6B' '56' '9F6E' '84' '50' '9F12' '9F11' Data Object Track 2 Data Track 1 Data DDCARD,TRACK1
7
Presence M C C M C M C C C
DDCARD,TRACK27 PayPass Third Party Data DF Name Application Label Application Preferred Name Issuer Code Table Index
The format of the Data Record is implementation dependent. If the PayPass reader uses the TLV format, then implementation specific values may be used for the tags of DDCARD,TRACK1 and DDCARD,TRACK2.
2008 MasterCard
42
Data Object Handling

Data Object Format

This chapter defines the data object handling for the PayPass reader.
5.1
Data Object Format

Data objects moved from the card to the PayPass reader are encapsulated in TLV encoded data objects. Data objects moved from the PayPass reader to the card are identified by a DOL sent to the PayPass reader by the card or by the definition of the command message. Data objects that have the numeric (n) format are BCD encoded, right justified with leading hexadecimal zeros. Data objects that have the compressed numeric (cn) format are BCD encoded, left justified and padded with trailing 'F's. Note that the length indicator in the numeric and compressed numeric format notations (e.g. n 4) specifies the number of digits and not the number of bytes. Data objects that have the alphanumeric (an) or alphanumeric special (ans) format are ASCII encoded, left justified and padded with trailing hexadecimal zeros. 5.1.1.1 When moving data from one entity to another (for example card to PayPass reader) or when concatenating data, the data must always be passed in decreasing order, regardless of how it is stored internally. The leftmost byte (byte 1) is the most significant byte. Bytes or bits specified as Reserved for Future Use (RFU) must be set to the value indicated, or to zero if no value is given. An entity receiving data specified as RFU must not examine or depend upon the coding of these bytes or bits.
5.1.1.2 5.1.1.3
5.2
DOL Handling
To minimize processing in the card, the data field of the command messages is not TLV encoded. The application in the card indicates the requested data, including format and length, by sending a DOL to the PayPass reader. DOLs used in this specification include: The PDOL used with the GET PROCESSING OPTIONS command The CDOL1 used with the GENERATE AC command The UDOL used with the COMPUTE CRYPTOGRAPHIC CHECKSUM command. DOL Handling must be performed according to the rules specified in Section 5.4 of [EMV BOOK 3].
5.2.1.1
2008 MasterCard
43

Bitmaps Used in Discretionary Data
5.3
Bitmaps Used in Discretionary Data

PayPass uses bitmaps to indicate positions in the discretionary data field. These bitmaps are used when the PayPass reader needs to put data into one of the discretionary data fields. The bits indicate the positions into which certain data should be loaded. Figure 5.1 indicates the numbering of the different positions in the discretionary data. In this example there are m positions within the discretionary data field, labeled p1 to pm. Figure 5.1Numbering of Positions within the Discretionary Data Discretionary Data
pm pm-1 pm-2 pm-3 p5 p4 p3 p2 p1
Each bit in the bitmap refers to a position in the discretionary data. The least significant bit of the bitmap, i.e. the rightmost bit b1, corresponds to position p1; as indicated in Figure 5.2. Figure 5.2Relation between Discretionary Data and Bitmap
Discretionary Data pm br br-1 br-2 bm+1 bm pm-1 pm-2 pm-3 bm-1 bm-2 bm-3 Bitmap p5 b5 p4 b4 p3 b3 p2 b2 p1 b1
The bitmap is composed of a number of bytes, and therefore the number of bits in the bitmap is always a multiple of 8. To accommodate all the positions in a field, the number of bytes in the bitmap will normally contain more bits than the number of positions. If the number of bits in the bitmap is denoted by q, then q = (r+1)*8 where r is the integer quotient of (m-1)/8 For Track 2 Data mTRACK2 is a maximum of 13 digits, resulting in a bitmap of 16 bits or 2 bytes. For Track 1 Data the maximum value of mTRACK1 is 48 resulting in a bitmap of length 6 bytes or 48 bits. An example is given in Figure 5.3, for mTRACK2=13, tTRACK2=2 and PUNATCTRACK2 = '031A', referring to position p10p9p5p4p2. Based on this, kTRACK2 equals 5 and nUN equals 3. Figure 5.3Example PUNATCTRACK2 = '031A' Discretionary Data p13 p12 p11 p10 p9 0 b16 0 b15 '0' 0 b14 0 0 0 '3' Bitmap = '031A' 1 1 b9 p8 0 b8 p7 0 b7 '1' p6 0 b6 p5 1 b5 p4 1 b4 p3 0 b3 'A' p2 1 b2 p1 0 b1
b13 b12 b11 b10
2008 MasterCard
44

Data Object Management
5.4

This section describes the management of the data objects listed in Table A.1. 5.4.1.1 The following data objects must be unique to the PayPass reader and must be configured independently of the AID. 5.4.1.2 IFD Serial Number Terminal Country Code
Separate instances of the following data objects must be configured for each AID supported by the PayPass reader.
Additional Terminal Capabilities Application Version Number
Default UDOL (if PayPass Mag Stripe transactions supported for that AID) Mag Stripe Application Version Number (if PayPass Mag Stripe transactions supported for that AID) Merchant Category Code PayPass Mag Stripe Indicator Terminal Action Codes Terminal Type Terminal Capabilities No CVM Required Terminal Capabilities CVM Required Terminal Contactless Transaction Limit Terminal Contactless Floor Limit Terminal CVM Required Limit
5.4.1.3
If the PayPass reader supports offline data authentication, it must be able to store six CA Public Keys per RID and must associate with each such key the following key-related information to be used with the key. Certification Authority Public Key Check Sum Certification Authority Public Key Exponent Certification Authority Public Key Index Certification Authority Public Key Modulus
The PayPass reader must be able to locate any such key (and key-related information) given the RID and Certification Authority Public Key Index provided by the ICC. 5.4.1.4 The PayPass reader must support the following transaction related data objects of which the value must be available before application activation.
2008 MasterCard
45

5.4.1.5
Amount Authorized (Binary) Amount Authorized (Numeric) Amount Other (Binary) Amount Other (Numeric) Transaction Category Code Transaction Currency Code Transaction Currency Exponent Transaction Date Transaction Time Transaction Type
Separate instances of the following flags must be must be available for each AID. Their values are set during application activation. Terminal Contactless Transaction Limit Exceeded Flag Terminal Contactless Floor Limit Exceeded Flag Terminal CVM Required Limit Exceeded Flag
5.4.1.6
The PayPass reader must support the following transaction related data objects of which the value is set during application activation and transaction processing. Cardholder Verification Method (CVM) Results DDCARD,TRACK1 and DDCARD,TRACK2 Terminal Capabilities Terminal Verification Results Transaction CVM Transaction Outcome Unpredictable Number
8
Unpredictable Number (Numeric)
5.4.1.7
Unless otherwise indicated (by the labels MSDA and MCDA), all card data objects included in Table A.1 (i.e. data objects listed with source "Card") must be supported by the PayPass reader. The PayPass reader must recognize the tag and must be able to store the value of the data object if it is returned by the card. Data objects with the label MSDA in the support column must be supported if the PayPass reader supports SDA. Data objects with the flag MCDA in the support column must be supported if the PayPass reader supports CDA.
May be generated before application activation if the EMV Entry Point is used.
2008 MasterCard
46
Data Objects Dictionary
Annex A Data Objects Dictionary

This annex lists the data objects supported by the PayPass reader.
2008 MasterCard
47
Table A.1Data Objects Dictionary

Data Object Name Description Additional Terminal Capabilities Indicates the data input and output capabilities of the terminal and PayPass reader. The Additional Terminal Capabilities is coded according to Annex A.3 of [EMV BOOK 4]. Authorized amount of the transaction (excluding adjustments). This amount is expressed with implicit decimal point corresponding to the minor unit of currency as defined by [ISO 4217] (e.g. the four bytes '00 00 00 7B' are the hexadecimal representation of the decimal number 123 and represent GBP 1.23 when the currency code is '826'). Authorized amount of the transaction (excluding adjustments). This amount is expressed with implicit decimal point corresponding to the minor unit of currency as defined by [ISO 4217] (e.g. the six bytes '00 00 00 00 01 23' represent USD 1.23 when the currency code is '846'). Secondary amount associated with the transaction representing a cash back amount. This amount is expressed with implicit decimal point corresponding to the minor unit of currency as defined by [ISO 4217] (e.g. the four bytes '00 00 00 7B' are the hexadecimal representation of the decimal number 123, and represents EUR 1.23 when the currency code is '978'). Secondary amount associated with the transaction representing a cash back amount. This amount is expressed with implicit decimal point corresponding to the minor unit of currency as defined by [ISO 4217] (e.g. the 6 bytes '00 00 00 00 01 23' represent GBP 1.23 when the currency code is '826'). Cryptogram returned by the Card in response to the GENERATE AC command. Reader '9F02' Source Reader Tag '81' Format, Length (bytes) b, 5 Support M
Amount, Authorized (Binary)
Reader
'81'
b, 4
Amount, Authorized (Numeric)
n 12, 6
Amount, Other (Binary)
Reader
'9F04'
b, 4
Amount, Other (Numeric)
Reader
'9F03'
n 12, 6
Application Cryptogram
Card
'9F26'
b, 8
2008 MasterCard
48
Data Object Name Description Application Currency Indicates the currency in which the account is managed in accordance with Code [ISO 4217]. Application Currency Indicates the implied position of the decimal point from the right of the Exponent amount represented in accordance with [ISO 4217]. The decimal point location of amounts expressed in the currency code specified in the Application Currency Code. Application Effective Date from which the application may be used. Date The date is expressed in the YYMMDD format. For MasterCard branded applications if the value of YY ranges from '00' to '49' the date reads 20YYMMDD. If the value of YY ranges from '50' to '99', the date reads 19YYMMDD. Application Expiration Date Date after which application expires. The date is expressed in the YYMMDD format. For MasterCard applications, if the value of YY ranges from '00' to '49' the date reads 20YYMMDD. If the value of YY ranges from '50' to '99' the date reads 19YYMMDD.
Source Card Card
Tag '9F42' '9F44'
Format, Length (bytes) n 3, 2 n 1, 1
Support M M
Card
'5F25'
n 6 (YYMMDD), 3
Card
'5F24'
n 6 (YYMMDD), 3
2008 MasterCard
49
Data Object Name Description Application File Locator (AFL) Indicates the location (SFI range of records) of the Application Elementary Files associated with a particular AID, and read by the terminal during a transaction. The AFL is a list of entries of 4 bytes each. Each entry codes an SFI and a range of records as follows: The five most significant bits of the first byte indicate the SFI. The second byte indicates the first (or only) record number to be read for that SFI. The third byte indicates the last record number to be read for that SFI. When the third byte is greater than the second byte, all the records ranging from the record number in the second byte to and including the record number in the third byte must be read for that SFI. When the third byte is equal to the second byte, only the record number coded in the second byte must be read for that SFI.
Source Card
Tag '94'
Format, Length (bytes) var., var. up to 252
Support M
The fourth byte indicates the number of records involved in offline data authentication starting with the record number coded in the second byte. The fourth byte may range from zero to the value of the third byte less the value of the second byte plus 1. Card Reader '4F' '9F06' b, 5-16 M M
Application Identifier Identifies the application as described in [ISO/IEC 7816-5]. (AID)
2008 MasterCard
50
Data Object Name Description Application Interchange Profile Indicates the capabilities of the card to support specific functions in the application. The AIP is returned in the response message of the GET PROCESSING OPTIONS. It is coded as specified in Annex C.1 of [EMV BOOK 3]. This specification extends the definition by allocating the RFU bit b8 in byte 2 to indicate the PayPass profile supported (M/Chip profile or Mag Stripe profile). Byte 2 of the AIP for PayPass transactions is therefore as specified here:
b8 x 1 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 b7 b6 b5 b4 b3 b2 b1 Meaning PayPass profile M/Chip profile is supported Only Mag Stripe profile supported
Source Card
Tag '82'
Format, Length (bytes) b, 2
Support M
RFU Other values RFU Card Card Card '50' '9F12' '5A' ans, 1-16 ans, 1-16 cn var. up to 19, var. up to 10 M M M
Application Label Application Preferred Name Application Primary Account Number (PAN) Application Primary Account Number (PAN) Sequence Number Application Priority Indicator
Name associated with the AID, in accordance with [ISO/IEC 7816-5]. Preferred name associated with the AID (e.g. a domestic debit brand name). Valid cardholder account number.
Identifies and differentiates cards with the same Application PAN.
Card
'5F34'
n 2, 1
Indicates the priority of a given application or group of applications in a directory.
Card
'87'
b, 1
2008 MasterCard
51
Data Object Name Description Application Template Contains one or more data objects relevant to an application directory entry, in according with [ISO/IEC 7816-5]. Application Counter maintained by the application in the card (incrementing the ATC is Transaction Counter managed by the card). (ATC) Application Usage Control Indicates issuer's specified restrictions on the geographic use and services allowed for the application. The Application Usage Control is coded as specified in Annex C.2 of [EMV BOOK 3]. Version number assigned by the payment system for the application.
Source Card Card
Tag '61' '9F36'
Format, Length (bytes) b, var. up to 252 b, 2
Support M M
Card
'9F07'
b, 2
Application Version Number
Card Reader
'9F08' '9F09' '8C'
b, 2 b, 2 b, var. up to 252
M M M
Card Risk Management Data Object List 1 (CDOL1) Cardholder Verification Method (CVM) List Cardholder Verification Method (CVM) Results
A data object in the card that provides the reader with a list of data objects that must be passed to the card in the first GENERATE AC command.
Card
Identifies the methods of verification of the cardholder supported by the application. The CVM List is coded as specified in Annex C.3 of [EMV BOOK 3]. Indicates the results of the last CVM performed. The CVM Results are coded as specified in Annex A.4 of [EMV BOOK 4].
Card
'8E'
b, var. up to 252
Reader
'9F34'
b, 3
Certification A check value calculated on the concatenation of all parts of the Certification Authority Public Key Authority Public Key (RID, Certification Authority Public Key Index, Check Sum Certification Authority Public Key Modulus, Certification Authority Public Key Exponent) using SHA-1.
Reader
b, 20
MSDA,CDA
2008 MasterCard
52
Data Object Name Description Certification Value of the exponent part of the Certification Authority Public Key. Authority Public Key Exponent Certification Identifies the certification authority's public key in conjunction with the RID. Authority Public Key Index
Source Reader
Tag -
Format, Length (bytes) b, 1 or 3
Support MSDA,CDA
Card Reader Reader
'8F' '9F22' -
b, 1 b, 1 b, NCA (up to 248)
MSDA,CDA MSDA,CDA MSDA,CDA
Certification Value of the modulus part of the Certification Authority Public Key. Authority Public Key Modulus Command Template Cryptogram Information Data CVC3TRACK1 CVC3TRACK2 Data Authentication Code (DAC) DDCARD,TRACK1 Identifies the data fields of a command message. Indicates the type of cryptogram and the actions to be performed by the terminal The CVC3TRACK1 is a 2-byte cryptogram returned by the card in the response to the COMPUTE CRYPTOGRAPHIC CHECKSUM command. The CVC3TRACK2 is a 2-byte cryptogram returned by the card in the response to the COMPUTE CRYPTOGRAPHIC CHECKSUM command. An issuer-assigned value that is retained by the terminal during the verification process of the Signed Static Application Data. If Track 1 Data is present, then DDCARD,TRACK1 contains a copy of the discretionary data field of Track 1 Data as returned by the card in the file read using the READ RECORD command during a PayPass Mag Stripe transaction (i.e. without UN (Numeric), ATC, CVC3TRACK1 and nUN included).
Reader Card Card Card Card Reader
'83' '9F27' '9F60' '9F61' '9F45' -
b, var. b, 1 b, 2 b, 2 b, 2 ans, var. up to 56
M M M M MSDA M
2008 MasterCard
53
Data Object Name Description DDCARD,TRACK2 DDCARD,TRACK2 contains a copy of the discretionary data field of Track 2 Data as returned by the card in the file read using the READ RECORD command during a PayPass Mag Stripe transaction (i.e. without UN (Numeric), ATC, CVC3TRACK2 and nUN included). Identifies the name of the DF, as described in [ISO/IEC 7816-4]. The Default UDOL is the UDOL to be used for constructing the value field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command if the UDOL in the card is not present. The Default UDOL must always be present and must contain as its only entry the tag and length of the UN (Numeric). The value of the Default UDOL must be: '9F6A04'. File Control Information (FCI) Issuer Discretionary Data Issuer discretionary part of the FCI.
Source Reader
Tag -
Format, Length (bytes) ans, var. up to 8 bytes
Support M
Dedicated File (DF) Name Default UDOL
Card Reader
'84' -
b, 5-16 b, 3
M M
Card
'BF0C'
var. var. up to 222
File Control Identifies the data object proprietary to this specification in the FCI template, Information (FCI) in accordance with [ISO/IEC 7816-4]. Proprietary Template File Control Information (FCI) Template Identifies the FCI template, in accordance with [ISO/IEC 7816-4].
Card
'A5'
var., var.
Card
'6F'
var., var. up to 252
Integrated Circuit Time-variant number generated by the card, to be captured by the reader. Card (ICC) Dynamic Number Integrated Circuit Card (ICC) Public Key Certificate Integrated Circuit Card (ICC) Public Key Exponent ICC Public Key certified by the issuer.
Card
'9F4C'
b, 8
MCDA
Card
'9F46'
b, NI
MCDA
Exponent used for the verification of the Signed Dynamic Application Data.
Card
'9F47'
b, 1 or 3
MCDA
2008 MasterCard
54
Data Object Name Description Integrated Circuit Card (ICC) Public Key Remainder Remaining digits of the ICC Public Key Modulus.
Source Card
Tag '9F48'
Format, Length (bytes) b, NIC-NI + 42
Support MCDA
Interface Device Unique and permanent serial number assigned to the IFD by the manufacturer. (IFD) Serial Number Issuer Action Code Specifies the issuer's conditions that cause a transaction to be rejected if it Default might have been approved online, but the terminal was unable to process the transaction online. Issuer Action Code Specifies the issuer's conditions that cause the denial of a transaction without Denial attempt to go online. Issuer Action Code Specifies the issuer's conditions that cause a transaction to be transmitted Online online. Issuer Application Data Issuer Code Table Index Contains proprietary application data for transmission to the issuer in an online transaction. Indicates the code table, in accordance with [ISO 8859], for displaying the Application Preferred Name. The Issuer Code Table Index is coded as specified in Annex C.4 of [EMV BOOK 3].
Reader Card
'9F1E' '9F0D'
an, 8 b, 5
M M
Card Card Card Card
'9F0E' '9F0F' '9F10' '9F11'
b, 5 b, 5 b, var. up to 32 n 2, 1
M M M M
Issuer Country Code Indicates the country of the issuer, in accordance with [ISO 3166-1]. Issuer Public Key Certificate Issuer Public Key Exponent Issuer Public Key Remainder Issuer public key certified by a certification authority. Exponent used for the verification of the Signed Static Application Data. Remaining digits of the Issuer Public Key Modulus.
Card Card Card Card
'5F28' '90' '9F32' '92'
n 3, 2 b, NCA b, 1 or 3 b, NI - NCA + 36
M MSDA,CDA MSDA,CDA MSDA,CDA
2008 MasterCard
55
Data Object Name Description Language Preference 1-4 languages stored in order of preference, each represented by two alphabetical characters, in accordance with [ISO 639]. Mag Stripe Application Version Number Version number assigned by the payment system for the specific PayPass Mag Stripe functionality of the application.
Source Card Card Reader
Tag '5F2D' '9F6C' '9F6D' '9F15' '9F6E'
Format, Length (bytes) an, 2-8 b, 2 b 2 n 4, 2 Implementation specific b, 5-32
Support M M M M M M
Merchant Category Code PayPass Mag Stripe Indicator
Classifies the type of business being done by the merchant, represented in accordance with [ISO 8583:1993] for Card Acceptor Business Code. Indicates for each AID whether the PayPass Mag Stripe profile is supported or not by the PayPass reader. Its value is implementation specific.
Reader Reader Card
PayPass Third Party The PayPass Third Party Data contains proprietary information from a third Data party. If present, the PayPass Third Party Data must be present in a file read using the READ RECORD command. The value field of the PayPass Third Party Data is not interpreted by the PayPass reader. The value field must be coded with the following sub-fields, in the order shown:
Sub-field Country Code according to [ISO 3166-1] Unique identifier assigned by MasterCard Proprietary data Format n 3, 2 bytes b, 2 bytes b, 1 to 28 bytes
Processing Options Data Object List (PDOL) Response Message Template Format 1
Contains a list of resident data objects (tags and lengths) resident in the reader that are needed by the card in processing the GET PROCESSING OPTIONS command. Contains the data objects (without tags and lengths) returned by the card in response to a command.
Card
'9F38'
b, var.
Card
'80'
var., var.
2008 MasterCard
56
Data Object Name Description Response Message Template Format 2 Service Code Signed Dynamic Application Data Signed Static Application Data Static Data Authentication Tag List Terminal Action Code Default Terminal Action Code Denial Terminal Action Code Online Terminal Capabilities Contains the data objects (with tags and lengths) returned by the card in response to a command. Service code as defined in Track 1 Data and Track 2 Data. Digital signature on critical application parameters for CDA. Digital signature on critical application parameters for SDA. List of tags of primitive data objects defined in this specification for which the value fields must be included in the Signed Static or Dynamic Application Data. Specifies the acquirer's conditions that cause a transaction to be rejected if it might have been approved online, but the terminal is unable to process the transaction online. Specifies the acquirer's conditions that cause the denial of a transaction without attempt to go online. Specifies the acquirer's conditions that cause a transaction to be transmitted online. Indicates the card data input, CVM, and security capabilities of the terminal and PayPass reader. This data element is instantiated with values depending on the transaction amount. The Terminal Capabilities is coded according to Annex A.2 of [EMV BOOK 4]. Terminal Capabilities CVM Required Indicates the card data input, CVM, and security capabilities of the terminal and PayPass reader when the transaction amount is greater than or equal to the Terminal CVM Required Limit. The Terminal Capabilities CVM Required is coded according to Annex A.2 of [EMV BOOK 4].
Source Card Card Card Card Card
Tag '77' '5F30' '9F4B' '93' '9F4A'
Format, Length (bytes) var. var. n 3, 2 b, NIC b, NI var.
Support M M MCDA MSDA M
Reader
b, 5
Reader Reader Reader
'9F33'
b, 5 b, 5 b, 3
M M M
Reader
b, 3
2008 MasterCard
57
Data Object Name Description Terminal Capabilities No CVM Required Indicates the card data input, CVM, and security capabilities of the terminal and PayPass reader when the transaction amount is below the Terminal CVM Required Limit. The Terminal Capabilities No CVM Required is coded according to Annex A.2 of [EMV BOOK 4].
Source Reader
Tag -
Support M
Terminal Contactless Indicates the transaction amount limit for the related AID above which Floor Limit PayPass transactions must be authorized online. Terminal Contactless Indicates the transaction amount limit for the related AID above which the Transaction Limit selection of the AID on the card is not allowed. Terminal CVM Required Limit Specifies the transaction amount limit for the related AID at or below which the reader must set "No CVM" to be its only supported verification method.
Reader Reader Reader Reader
n 12, 6 n 12, 6 n 12, 6 Implementation specific Implementation specific Implementation specific n 3, 2 n 2, 1
M M M M
Terminal Contactless Indicates for the related AID if the Terminal Contactless Floor Limit is Floor Limit Exceeded exceeded. Flag Terminal Contactless Indicates for the related AID if the Terminal Contactless Transaction Limit is Transaction Limit exceeded. Exceeded Flag Terminal CVM Required Limit Exceeded Flag Terminal Country Code Terminal Type Indicates for the related AID if the Terminal CVM Required Limit is exceeded.
Reader
Reader
Indicates the country of the terminal, represented in accordance with [ISO 3166-1]. Indicates the environment of the terminal, its communications capability, and its operational control. The Terminal Type is coded according to Annex A.1 of [EMV BOOK 4].
Reader Reader
'9F1A' '9F35'
M M
Terminal Verification Status of the different functions from the terminal perspective. Results The Terminal Verification Results is coded according to Annex C.5 of [EMV BOOK 3].
Reader
'95'
b, 5
2008 MasterCard
58
Data Object Name Description Track 1 Bitmap for CVC3 (PCVC3TRACK1) Track 1 Bitmap for UN and ATC (PUNATCTRACK1) Track 1 Data PCVC3TRACK1 indicates to the PayPass reader the positions in the discretionary data field of the Track 1 Data where the qTRACK1 CVC3TRACK1 digits have to be copied. PUNATCTRACK1 indicates to the PayPass reader the positions in the discretionary data field of the Track 1 Data where the nUN UN (Numeric) digits and tTRACK1 ATC digits have to be copied. Track 1 Data contains the data objects of the track 1 according to [ISO/IEC 7813] Structure B, excluding start sentinel, end sentinel and LRC. It is described as follows:
Sub-field Format Code ('42' (B)) Identification Number (PAN) Field Separator ('5E' (^)) Name (see ISO/IEC 7813) Field Separator ('5E' (^)) Expiry Date (YYMM) Service Code Discretionary Data Format 1 byte var. up to 19 bytes 1 byte 2 to 26 bytes 1 byte 4 bytes 3 bytes balance of available bytes
Source Card
Tag '9F62'
Support M
Card
'9F63'
b, 6
Card
'56'
ans, var. up to 76
The Track 1 Data may be present in the file read using the READ RECORD command during a PayPass Mag Stripe transaction. The PayPass reader copies the required digits of the UN (Numeric), CVC3TRACK1, ATC and nUN into the discretionary data field of the Track 1 Data and stores the modified Track 1 Data in the Data Record to be sent to the terminal. Track 1 Discretionary Data Discretionary part of track 1 according to [ISO/IEC 7813]. Card '9F1F' ans, var. M
2008 MasterCard
59
Data Object Name Description Track 1 Number of ATC Digits (NATCTRACK1) Track 2 Bitmap for CVC3 (PCVC3TRACK2) Track 2 Bitmap for UN and ATC (PUNATCTRACK2) Track 2 Data The value of NATCTRACK1 represents the number of digits of the ATC to be included in the discretionary data field of the Track 1 Data. PCVC3TRACK2 indicates to the PayPass reader the positions in the discretionary data field of the Track 2 Data where the qTRACK2 CVC3TRACK2 digits have to be copied. PUNATCTRACK2 indicates to the PayPass reader the positions in the discretionary data field of the Track 2 Data where the nUN UN (Numeric) digits and tTRACK2 ATC digits have to be copied. Track 2 Data contains the data objects of the track 2 according to [ISO/IEC 7813], excluding start sentinel, end sentinel and LRC. It is described as follows:
Sub-field Identification Number (PAN) Field Separator ('D') Expiry Date (YYMM) Service Code Discretionary Data Padded with 'F' to ensure whole bytes. Format n, var. up to 19 digits b n 4 n 3 n, balance of available digits
Source Card
Tag '9F64'
Support M
Card
'9F65'
b, 2
Card
'9F66'
b, 2
Card
'9F6B'
b, var. up to 19
The Track 2 Data is present in the file read using the READ RECORD command during a PayPass Mag Stripe transaction. The PayPass reader copies the required digits of the UN (Numeric), CVC3TRACK2, ATC and nUN into the discretionary data field of the Track 2 Data and stores the modified Track 2 Data in the Data Record to be sent to the terminal. Track 2 Discretionary Data Discretionary part of track 2 according to [ISO/IEC 7813]. Card '9F20' cn var., var. M
2008 MasterCard
60
Data Object Name Description Track 2 Equivalent Data Contains the data objects of the track 2, in accordance with [ISO/IEC 7813], excluding start sentinel, end sentinel, and LRC as follows:
Sub-field Primary Account Number Field Separator ('D') Expiration Date (YYMM) Service Code Discretionary Data Padded with 'F' if needed to ensure whole bytes. Format n, var. up to 19 digits b n, 4 n, 3 n, var. b
Source Card
Tag '57'
Format, Length (bytes) b, var. up to 19
Support M
Track 2 Number of ATC Digits (NATCTRACK2) Transaction Category Code Transaction Currency Code Transaction Currency Exponent Transaction CVM
The value of NATCTRACK2 represents the number of digits of the ATC to be included in the discretionary data field of the Track 2 Data. This is a data object defined by MasterCard which indicates the type of transaction being performed, and which may be used in Card Risk Management. Indicates the currency code of the transaction, in accordance with [ISO 4217]. Indicates the implied position of the decimal point from the right of the transaction amount represented, in accordance with [ISO 4217]. Data object used to indicate to the terminal the outcome of the CVM Selection function. Possible values are: No CVM Signature Online PIN The coding of the value is implementation specific.
Card
'9F67'
b, 1
Reader
'9F53'
an, 1
Reader Reader Reader
'5F2A' '5F36' -
n 3, 2 n 1, 1 Implementation specific
M M M
2008 MasterCard
61
Data Object Name Description Transaction Date Local date that the transaction was authorized.
Source Reader Reader
Tag '9A' -
Format, Length (bytes) n 6 (YYMMDD), 3 Implementation specific
Support M M
Transaction Outcome Data object used to indicate to the terminal the outcome of the transaction processing. Possible values are:
Approved
The PayPass reader is satisfied that the transaction is acceptable with the selected card application and wants the transaction to be offline approved. Online Request The PayPass reader has found that the transaction requires an online authorization. Declined The PayPass reader has found that the transaction is not acceptable with the selected card application and wants the transaction to be offline declined. Try Another The PayPass reader is unable to complete the transaction Interface with the selected card application, but knows that another interface (e.g. contact or magnetic-stripe) may be available. End Application The PayPass reader experienced an application error (e.g. missing data) Reader Reader Reader '9F21' '9C' '9F37' n 6 (HHMMSS), 3 n 2, 1 b, 4 M M M
The coding of the value is implementation specific. Transaction Time Transaction Type Unpredictable Number Local time that the transaction was authorized. Indicates the type of financial transaction, represented by the first two digits of [ISO 8583:1987] Processing Code. Value to provide variability and uniqueness to the generation of a cryptogram during a PayPass M/Chip transaction.
2008 MasterCard
62
Data Object Name Description Unpredictable The UDOL is the DOL that specifies the data objects to be included in the data Number Data Object field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command. The UDOL must at least include the UN (Numeric). The UDOL is not mandatory for the List (UDOL) card. There will always be a Default UDOL, including as its only entry the tag and length of the UN (Numeric) (tag '9F6A'). Unpredictable Number (Numeric) Unpredictable number generated by the PayPass reader during a PayPass Mag Stripe Transaction. The UN (Numeric) is passed to the card in the data field of the COMPUTE CRYPTOGRAPHIC CHECKSUM command. The (8-nUN) most significant digits must be set to zero.
Source Card
Tag '9F69'
Format, Length (bytes) b, var.
Support M
Reader
'9F6A'
n, 8
Legend:
MSDA MCDA This data object is mandatory if the PayPass reader supports SDA. This data object is mandatory if the PayPass reader supports CDA.
2008 MasterCard
63
*** End of Document ***
2008 MasterCard
64

PayPass - MChip Reader Card Application Interface Specification (V2.0)

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

PayPass - MChip Reader Card Application Interface Specification (V2.0)

Hochgeladen von

Copyright:

Verfügbare Formate

PayPass M/Chip

Reader Card Application Interface Specification

Version 2.0 September 2008

Version 2.0 September 2008