Beruflich Dokumente
Kultur Dokumente
Requirements
10 April 2014
Notices
Following are policies pertaining to proprietary rights, trademarks, translations, and details about
the availability of additional information online.
Proprietary Rights
The information contained in this document is proprietary and confidential to MasterCard International
Incorporated, one or more of its affiliated entities (collectively MasterCard), or both.
This material may not be duplicated, published, or disclosed, in whole or in part, without the prior
written permission of MasterCard.
Trademarks
Trademark notices and symbols used in this document reflect the registration status of MasterCard
trademarks in the United States. Please consult with the Customer Operations Services team or the
MasterCard Law Department for the registration status of particular product, program, or service names
outside the United States.
All third-party product and service names are trademarks or registered trademarks of their respective
owners.
Disclaimer
MasterCard makes no representations or warranties of any kind, express or implied, with respect to
the contents of this document. Without limitation, MasterCard specifically disclaims all representations
and warranties with respect to this document and any intellectual property rights subsisting therein or
any part thereof, including but not limited to any and all implied warranties of title, non-infringement,
or suitability for any purpose (whether or not MasterCard has been advised, has reason to know, or is
otherwise in fact aware of any information) or achievement of any particular result. Without limitation,
MasterCard specifically disclaims all representations and warranties that any practice or implementation of
this document will not infringe any third party patents, copyrights, trade secrets or other rights.
Translation
A translation of any MasterCard manual, bulletin, release, or other MasterCard document into a language
other than English is intended solely as a convenience to MasterCard customers. MasterCard provides any
translated document to its customers AS IS and makes no representations or warranties of any kind
with respect to the translated document, including, but not limited to, its accuracy or reliability. In no
event shall MasterCard be liable for any damages resulting from reliance on any translated document.
The English version of any MasterCard document will take precedence over any translated version in
any legal proceeding.
Information Available Online
MasterCard provides details about the standards used for this documentincluding times expressed,
language use, and contact informationon the Publications Support page available on MasterCard
Connect. Go to Publications Support for centralized information.
Where to Look
Added information that the contactless interface must not be used for
transactions identified with specific MCCs
Chapter 3, Issuer
Requirements
Removed Maestro cards must not support Purchase with Cash Back on the
contactless interface. from the topic Purchase with Cash Back
Chapter 3, section
Card Requirements,
topic Personalization
Requirements
Chapter 3, section
Card Requirements,
topic PayPassM/Chip
Personalization
Requirements
Description of Change
Where to Look
BP ALL The issuer should not use the same combination of PAN and
PAN Sequence Number on separate cardholder devices, even if linked.
Issuers may choose to use an Application PAN on the contactless interface
which is different to the PAN present on the magnetic stripe or that appears
on the face of the card.
Added the following information regarding Card Delivery:
In order to fully benefit from new payment opportunities that contactless
offers, issuers must inform cardholders that contactless functionality is
available and provide directions on using it with the card.
DE 3Processing Code
DE 4Amount, Transaction
DE 54Additional Amounts
Description of Change
Where to Look
Chapter 4, section
Terminals, topic
Approvals and Testing
Inserting a card
Chapter 4, Terminals,
topic Terminal Design and
Ergonomics
Chapter 4, section
Terminals,
topic Transaction
TypesPurchase with
Cash Back
Chapter 4, section
Terminals, topic Manual
Cash Advance
Chapter 4, section
Terminals, topic Reader
Specifications
Chapter 4, section
Terminals, topic Visual
Card Checks
Chapter 4, section
Authorization Requirements
Chapter 4, section
Terminals
Description of Change
Where to Look
Updated references:
From: chargeback protection amount
To: CVM limit
Throughout document
Table of Contents
Chapter 1
Purpose.................................................................................................................................... 1-1
Scope ....................................................................................................................................... 1-1
Audience.................................................................................................................................. 1-2
Requirements and Best Practices ............................................................................................. 1-2
Terminology............................................................................................................................. 1-3
Reference Information ............................................................................................................. 1-4
Conventions............................................................................................................................. 1-5
Chapter 2
Chapter 3
Chapter 4
Table of Contents
Chapter 5
Chapter 1
This section provides information on the purpose, overview, and conventions used within
this manual as well as other related information.
Purpose.......................................................................................................................................... 1-1
Scope ............................................................................................................................................. 1-1
Audience........................................................................................................................................ 1-2
Requirements and Best Practices ................................................................................................... 1-2
Terminology................................................................................................................................... 1-3
Reference Information ................................................................................................................... 1-4
Conventions................................................................................................................................... 1-5
1-i
Purpose
This document provides the MasterCard requirements and best practices
for issuers and acquirers when using contactless chip technology with their
MasterCard M/Chip products.
It contains the requirements relating to MasterCard, Debit MasterCard and
Maestro PayPass card programs, and the requirements for performing
contactless transactions at attended and unattended terminals.
This document does not provide an introduction to PayPass or explanation as
to how PayPass works, nor does it duplicate or reproduce existing standards
such as EMV or the existing MasterCard requirements for other technologies.
The purpose of the manual is to:
Define the PayPass requirements that MasterCard has established for use
with MasterCard brands
Scope
This document does not discuss general brand rules or requirements, except to
explain how certain rules are implemented in PayPass.
In general, the brand rules continue to apply to PayPass transactions except
when modified for PayPass and as explained in this document. For example,
chargeback rights are the same for PayPass except in connection with CVM
limits described here. For full details of the rules and requirements for specific
card brands, refer to the relevant documentation on MasterCard Connect (see
the Reference Information below).
These requirements have been written for PayPassM/Chip deployments. In
that context they also cover PayPassMag Stripe functionality. They do not
apply to PayPass-Mag Stripe only deployments.
1-1
The following products, services, or environments are not in the scope of this
document because they are already addressed in other dedicated documents:
EMV contact chip card interface and transactions (for example, M/Chip
Requirements)
Personalization Data
MasterCard Cash
Audience
This document is intended for use by MasterCard customers and product
vendors involved in PayPass implementation projects who already have a
general understanding of how the contactless chip product works.
The target audience includes:
All
MC
MS
Terminology
The following terms and their meanings are used throughout this manual.
PayPass Cards and Devices
PayPass devices can be issued in form factors other than that of a traditional
payment card, for example: mobile phones, key fobs, watches. Throughout
this document a reference to PayPass cards includes other devices unless
specifically excluded.
A dual interface card refers to a chip card that can perform both EMV contact
and contactless chip transactions.
A hybrid card refers to a card that has a magnetic stripe and a chip with a
contact interface. The chip carries an EMV payment application that supports
the same payment product that is encoded on the magnetic stripe.
PayPass Terminals and Readers
Functionality for the acceptance of PayPass cards may be provided by the
PayPass reader or by the accompanying terminal. Throughout this document
a reference to a PayPass terminal includes both the reader and terminal
functionality and unless specifically stated does not imply the function should
be in a specific part of the terminal system.
A hybrid terminal refers to a payment device that can accept transactions using
both contact chip and magnetic stripe technologies.
Magnetic Stripe Grade Issuers
Magnetic stripe grade issuers receive additional information produced during
a chip transaction, but do not process it. If the magnetic stripe grade issuer
uses the Chip Conversion service, the issuer does not receive the additional
information.
On Device Cardholder Verification
Devices such as a mobile phone may allow the cardholder to verify themselves
to the device, for example by entering a PIN, either before or during a PayPass
transaction. When required, the device confirms to the terminal that cardholder
verification has been performed during the transaction processing. This is
known as On Device Cardholder Verification but is also referred to as mPIN.
1-3
Reference Information
The following references are used in, or are relevant to, this document. The
latest version applies unless a publication date is explicitly stated.
Chargeback Guide
M/Chip Requirements
Conventions
A generic reference to PayPass includes all applicable products. The terms
MasterCard PayPass or Maestro PayPass are used to identify specific product
requirements.
A reference to the MasterCard product or MasterCard brand includes MasterCard
and Debit MasterCard unless specifically addressed.
MasterCard brands refers to MasterCard and Maestro products.
Values expressed in hexadecimal form (0 to 9 and A to F) are enclosed
in single quotes. For example, a hexadecimal value of ABCD is indicated as
ABCD.
Values expressed in binary form are followed by a lower case b. For example,
1001b.
EMV Card commands are indicated in bold capitals, for example, GENERATE
AC.
Specific byte/bit references within a data object are included in square brackets.
For example, [1][3] means the third bit of the first byte of the given data object.
1-5
Chapter 2
PayPass Introduction
2-i
PayPass Introduction
Introduction
Introduction
PayPass is the proximity payments program from MasterCard Worldwide.
It allows cardholders to make payments without having to hand over, dip or
swipe a payment card. To make a payment, the cardholder simply taps their
PayPass card onto a PayPass terminal. The details are read from the card over
a contactless interface using radio frequency communications and a transaction
is performed over the existing MasterCard payment networks and infrastructure.
Primary characteristics of PayPass transactions are speed and convenience for
merchants and cardholders.
PayPass is supported on the MasterCard and Maestro brands. The PayPass
contactless functionality can be used at any merchant location that has PayPass
terminals and accepts the underlying payment brand. The merchant segments
where PayPass is expected to be most attractive include those environments
with high transaction volumes and where fast transaction times are important.
PayPass contactless functionality can also be used at ATMs.
Participation
To issue PayPass cards or acquire PayPass transactions customers must enroll
in the PayPass program.
Vendors are required to obtain a license agreement before developing and
selling PayPass cards and devices.
All cards, devices and readers used for performing PayPass transactions must
have been approved and licensed by MasterCard. Customers must only
purchase and deploy cards and terminals from properly licensed vendors.
Detailed information about the type approval process can be found in the
PayPass Vendor Product Approval Process Guide (Cards and Devices) and the
PayPass Vendor Product Approval Process Guide (Terminals) documents.
Issuers and acquirers must start a project with the relevant MasterCard project
team in order to define and complete various certification steps that are required.
Unless otherwise stated within the Project Implementation Plan issuers will
complete Issuer NIV, CPV and Issuer End-to-end Demonstration and acquirers
will complete Acquirer NIV, TIP and Acquirer End-to-end Demonstration.
Questions about the PayPass license process should be directed to
contactless@mastercard.com.
2-1
PayPass Introduction
PayPass Operating Modes
PayPassM/Chip mode
PayPass Cards
PayPass functionality may be:
All PayPass cardholder devices are valid for acceptance at PayPass terminals;
not just cards.
PayPass Introduction
PayPass Acceptance
The contactless interface may be used for Purchase with Cash Back transactions
based on the existing product rules. Cardholder verification is always required
for Purchase with Cash Back transactions.
The contactless interface may be used for payment transactions based on the
existing product rules.
The contactless interface must not be used for transactions identified with the
following MCCs:
PayPass Acceptance
PayPass cards may be accepted at attended and unattended terminals. PayPass
cards may be used at ATMs.
Card Checking
PayPass transactions are carried out by the cardholder; therefore, the card does
not need to be given to the merchant. Since the PayPass card may remain in
the hands of the cardholder, the merchant is exempt from the visual inspection
requirement to determine if the PayPass card is valid. The card only needs
to be given to the merchant after the contactless interaction is complete if
signature verification is to be performed.
Transaction Amount
The transaction amount is usually known before the PayPass transaction is
initiated to ensure fast processing of PayPass transactions. The amount should
be displayed to the cardholder.
If the transaction amount exceeds the maximum amount for PayPass
transactions, for the product or terminal, the terminal or merchant should
prompt the cardholder to use a different technology to complete the transaction
(for example an EMV contact chip transaction). This ensures cardholders are not
denied service when they have a valid MasterCard product for the transaction.
2-3
PayPass Introduction
PayPass Transaction Flow
Limits
Appendix C of the Chargeback Guide lists, per market, a limit to be used for
contactless transactions. Transactions equal to or less than this limit do not
need cardholder verification. In addition, receipts need only be provided on
request of the cardholder.
For Maestro PayPass, apart from some markets listed in Appendix C of the
Chargeback Guide, transactions are not allowed above this limit. In that
context, it is referred to as a ceiling limit.
In this document the term CVM limit is used generically to refer to this limit.
A maximum transaction amount, above which contactless transactions are
not permitted, may be published separately for MasterCard PayPass in some
specific markets.
Floor limits for contactless transactions are for EVM contact chip
(PayPassM/Chip) or magnetic stripe (PayPassMag Stripe) transactions.
The floor limit may vary per market.
Fallback
If the contactless technology fails the transaction may be completed by any
other technology available. A subsequent transaction is not considered a
technical fallback transaction.
PayPass Introduction
PayPass Transaction Flow
If there are no available applications, given any relevant transaction limits, then
the PayPass transaction cannot proceed.
For MasterCard products, the same Application Identifiers (AID) are used
for PayPass transactions as for EMV contact chip transactions. There are no
PayPass specific AIDs.
Card Authentication
For all PayPass transactions the card being used is authenticated. For
PayPassM/Chip transactions the card can be authenticated:
OR
CDA
OR
SDA1
While older cards may support SDA, the only offline card authentication
method allowed for new cards is CDA. All PayPassM/Chip terminals support
CDA. PayPass does not support DDA.
For online PayPassM/Chip transactions the issuer should perform online
authentication by verifying the application cryptogram received in the online
authorization.
For PayPassMag Stripe transactions, transactions are authorized online by
the issuer, either in real time or deferred. The PayPass card produces a unique
password, referred to as dynamic CVC3, for each transaction. The value is
placed by the terminal in issuer defined positions within the existing track
data fields. The issuer should perform online authentication by verifying the
dynamic CVC3 received in the online authorization.
1.
SDA authenticates the card, but not the transaction data. New PayPass cards cannot be issued supporting
SDA. Newly deployed PayPass terminals do not support SDA, and are not configured to support SDA.
2-5
PayPass Introduction
PayPass Transaction Flow
Cardholder Verification
PayPass purchase transactions for amounts less than or equal to the CVM limit
do not require cardholder verification.
For transaction amounts above the CVM limit, cardholder verification is required
or the acquirer may be liable for disputed transactions.
For MasterCard PayPass, acceptable cardholder verification methods are:
Online PIN
Signature
Online PIN
2-6
PayPass Introduction
Other Transaction Environments
If PayPassMag Stripe transactions are not authorized online, then the acquirer
may be liable for any disputed transactions.
If online PIN has been identified as the cardholder verification method for the
transaction, the PIN is verified as part of the online authorization request.
End of Transaction
A PayPassM/Chip terminal ends the interaction with the card once the
response to the first GENERATE AC command is received by the terminal.
A PayPassMag Stripe terminal ends the interaction with the card once the
response to the COMPUTE CRYPTOGRAPHIC CHECKSUM command is
received by the terminal. This is not the end of the PayPass transaction.
The PayPass terminal completes the transaction based on:
OR
When the printing of a receipt is supported by the point of sale, for PayPass
transactions less than or equal to the CVM limit, a receipt must be available if
requested by the cardholder. A receipt must be provided for transactions above
the CVM limit amount if the terminal is capable of producing a receipt. See
Transaction Processing Rules for exemptions.
Neither Issuer Authentication Data nor issuer scripts are returned to the card
during a PayPassM/Chip transaction.
2-7
Chapter 3
Issuer Requirements
3-i
Issuer Requirements
Card Requirements
Card Requirements
Various requirements and best practices exist for the PayPass card.
Approvals and Testing
All PayPass cards issued are required by MasterCard to have MasterCard vendor
product approval. It is the issuers responsibility to confirm all products have
received this approval. A full PayPass card Letter of Approval is only granted to
a card when it has successfully completed all of the following:
When ordering cards from a card manufacturer, the issuer must ensure that the
card manufacturer has a current PayPass Letter of Approval for the product
being purchased. The Letter of Approval is valid for the duration of the time
the cards are held in stock prior to being issued.
All PayPass products must have a valid PayPass Letter of Approval at the time
the product is issued.
R
ALL
Issuers must ensure that all PayPass cards are covered by a valid Letter
of Approval at the time they are issued.
ALL
PayPass Cards
If PayPassM/Chip is implemented on an ISO 7816 compliant ID-1 plastic card
then the card must support an EMV contact chip and optionally a magnetic
stripe.
R
ALL
PayPassM/Chip cards that are of ID-1 format and ISO 7816 compliant
must be dual interface cards supporting EMV contact chip transactions.
3-1
Issuer Requirements
Card Requirements
A MasterCard PayPass card that supports EMV contact chip transactions on the
contact interface normally also supports PayPassM/Chip.
BP
MC
Non-card Devices
PayPass functionality can be present in form factors other than traditional
payment cards. Examples of different forms are:
Mobile phones
Key fobs
Watches
All PayPass non-card devices conduct PayPass transactions in the same way
as PayPass cards. They may support special functionality, such as On Device
Cardholder Verification.
When PayPassM/Chip cards use offline risk management features, an
interaction with the card is required to manage the offline risk management
counters. This cannot be performed in a normal PayPass transaction since
response data from the issuer is not returned to the card. This interaction may
be achieved:
3-2
Issuer Requirements
Card Requirements
ALL
ALL
If linked to a card, the expiration date of the PayPass device must not
exceed the expiration date of the card to which it is linked.
ALL
BP
ALL
ALL
ALL
Card Application
PayPassM/Chip must be implemented using approved applications. Examples
are:
M/Chip Advance
PayPassM/Chip 4
Mobile PayPass
PayPassM/Chip Flex
ALL
MC
3-3
Issuer Requirements
Card Requirements
MS
MS
MC
ATM
The CVM used for ATM transactions is online PIN.
Issuers should support ATM transactions on the contactless interface.
Because not all ATMs validate the settings of the card, issuers should be aware
that they may receive transactions from ATMs even if:
BP
ALL
3-4
Issuer Requirements
Card Requirements
To meet special market requirements MasterCard may approve cards that are
online only or offline only; however, issuers should be aware that these cards
do not work in some terminals.
R
ALL
BP
ALL
BP
ALL
Service Codes
A value for the service code may be found several times on a PayPassM/Chip
card. For example:
Track 1 Data (tag 56) and Track 2 Data (tag 9F6B) accessed via the
contactless interface
Track 2 Equivalent Data (tag 57) accessed via the contactless interface
Track 2 Equivalent Data (tag 57) accessed via the EMV contact chip
interface
ALL
Issuers should use a value of the service code appropriate for the
product.
BP
ALL
Issuers should use the same value of the service code each time the
service code is used.
Expiry Dates
The expiry date of the card should be consistent across all technologies
supported.
BP
ALL
3-5
Issuer Requirements
Card Requirements
MC
MasterCard credit cards issued outside the Europe region must not be
configured to support Purchase with Cash Back through the contactless
interface.
Application Selection
PayPass terminals normally perform application selection using the PPSE on
the card. All PayPass cards must contain a PPSE.
Issuers must configure the Application Priority Indicator in each directory entry
of the FCI of the PPSE to show the preferred sequence of choice of all PayPass
applications on the card. Issuers must set a different priority for each directory
entry in the FCI of the PPSE. Cardholder confirmation must not be requested.
The AID value used for PayPass is the same AID used for the EMV contact chip
interface. There are no specific AIDs for PayPass.
Supported AIDs are:
MasterCard A0000000041010
Maestro A0000000043060
Identification of PayPass cards use the product AID without any extension, as
shown above. PIX extensions may be used by issuers and are considered as
a successful match by the terminal when partial AID matching is supported.
However, it is recommended not to use PIX extensions, as some legacy PayPass
terminals do not support partial AID matching.
If the same account is accessed through the contact and contactless interfaces,
the AID used on each interface may be different if supported by the card
implementation.
The Application Label (tag 50) must be present in a PayPass card. This may
appear on any receipts.
A MasterCard card must be configured with an appropriate Application
Label such as MasterCard, MASTERCARD, Debit MasterCard, or DEBIT
MASTERCARD.
A Maestro card must be configured with an appropriate Application Label such
as Maestro or MAESTRO.
3-6
Issuer Requirements
Card Requirements
Issuers may personalize the Application Preferred Name (tag 9F12) and Issuer
Code Table Index (tag 9F11). The Application Preferred Name may be used
on receipts instead of the Application Label if the terminal supports the code
table indicated.
R
ALL
ALL
Issuers must set a unique value for the Application Priority Indicator in
each directory entry in the FCI of the PPSE.
ALL
Issuers must not set the Cardholder Confirmation bit in the Application
Priority Indicator in the FCI of the PPSE.
ALL
BP
ALL
Card Authentication
MasterCard requires the use of dynamic CVC3 by all PayPassMag
Stripe capable cards. This includes PayPassM/Chip cards that perform
PayPassMag Stripe transactions.
For PayPassM/Chip online transactions the application cryptogram should be
validated to prevent counterfeit fraud.
For MasterCard PayPassM/Chip:
New cards issued in the Europe or U.S. regions must support CDA and
must not support SDA
New cards issued outside of the Europe or U.S. regions that do not support
CDA must operate as online only. Cards must not support SDA. Cards that
do not support CDA may experience interoperability issues and may not
work with some merchants such as mass transit agencies.
MS
MC
MC
3-7
Issuer Requirements
Card Requirements
MC
BP
MC
Issuers outside the Europe and U.S. regions are strongly recommended
to use CDA on MasterCard PayPassM/Chip cards.
ALL
MC
BP
ALL
The payment system public keys for PayPassM/Chip have the same values
and expiry dates as those used for MasterCard EMV contact chip transactions. It
is recommended to use the same Issuer Key pair for transactions on the contact
and contactless interface of a PayPassM/Chip card; therefore, the same Issuer
Public Key certificate may be used.
It is recommended to use the same ICC Key pair for transactions on the contact
and contactless interface of a PayPassM/Chip card. The ICC Public Key
Certificate cannot be shared between the contact and contactless interface
even if the same keys are used since some of the data elements signed in the
certificate are different.
BP
ALL
Issuers should use the same Issuer and ICC Public Keys across both
the contact and contactless interface.
Cardholder Verification
A signature or PIN is not required for a PayPass transaction less than or equal
to the CVM limit regardless of the setting of the Service Code for PayPassMag
Stripe, or CVM List for PayPassM/Chip.
For transactions greater than the CVM limit, cardholder verification is normally
requested. If transactions are completed offline with no cardholder verification
above the CVM limit then the acquirer may be liable for disputed transactions.
For PayPassMag Stripe transactions, the cardholder verification method
is determined by the terminal in a similar manner to swiped magnetic stripe
transactions. The terminal is not required to refer to the Service Code, which
appears in multiple data elements. If the device supports On Device Cardholder
Verification, this is communicated to the terminal as part of the transaction.
For PayPassM/Chip transactions, the CVM is determined by the PayPass
reader application in the terminal based on the terminal capabilities and CVM
List or other data in the cardholder device.
3-8
Issuer Requirements
Card Requirements
NOTE
For the remainder of this section a distinction is made between cardholder
devices that support On Device Cardholder Verification (mobile phones) and
all other cardholder devices (cards).
3-9
Issuer Requirements
Card Requirements
ALL
ALL
MC
MC
MC
MS
If the issuer allows Maestro PayPass transactions above the CVM limit,
then cards must support Online PIN in the CVM List read through the
contactless interface.
MS
If the issuer allows Maestro PayPass transactions above the CVM limit,
then mobile phones must support Online PIN in the CVM List read
through the contactless interface, or On Device Cardholder Verification,
or both.
BP
MS
Support for Online PIN is recommended for all Maestro PayPass cards
and mobile phones.
BP
ALL
BP
ALL
CVM List entries should not make use of the X and Y values to
influence the availability of a particular CVM.
ALL
Magnetic stripe based PVV methods should not be used for online PIN
verification if PIN change is supported.
3-10
Issuer Requirements
Card Requirements
ALL
ALL
MasterCard prohibits encoding the cardholder name in the data read through the
contactless interface to prevent unauthorized disclosure. It is recommended to
use a space character followed by the surname separator / in the Track 1 Data.
R
ALL
The name of the cardholder must not be readable over the contactless
interface.
BP
ALL
Issuers should use / for the cardholder name in the data read
through the contactless interface.
Third Party Data may be used by a terminal for proprietary processing. Issuers
that intend to participate in a scheme utilizing this data object must request a
Unique Identifier from MasterCard. A sub-field of this data object is also used to
carry the Device Type. Refer to Data Requirements for more information. If
Third Party Data is personalized on the card, it is recommended that it be added
to the FCI Issuer Discretionary Data that is returned during application selection.
BP
ALL
ALL
3-11
Issuer Requirements
Card Requirements
ALL
ALL
U.S. and Canada region issuers must ensure that each newly issued or
reissued PayPass-enabled card, access device, and mobile payment
device is personalized with the appropriate Device Type value.
Issuers should be aware that the contents of the Proprietary Data subfield of
Third Party Data can be freely read and therefore should not contain sensitive
cardholder information.
BP
ALL
Data objects may be personalized in the card organized in the pre-defined file
structure detailed in the PayPass Personalization Data Specifications to allow
efficient data capture by the PayPass terminal resulting in a faster transaction.
R
ALL
If data objects are not organized according to the rules specified for
the pre-defined file structure, then the pre-defined values for the AFL
must not be used.
ALL
Maestro cards that do not have a CVC1 encoded on the magnetic stripe do not
need to include a Chip CVC.
However to protect against the risk of counterfeiting, it must not be possible to
reproduce the Track 2 on the magnetic stripe from the PayPass data in the chip.
This means that some aspect of the magnetic stripe data must be unique to the
stripe, unpredictable and validated during the authorization.
3-12
Issuer Requirements
Card Requirements
ALL
ALL
The genuine CVC1, as found on the physical magnetic stripe, must not
appear in any data element that can be read through the contactless
interface.
MS
Issuers of Maestro PayPass cards that do not have a Chip CVC in Track
2 Equivalent Data must ensure that the Track 2 data found on the
magnetic stripe cannot be reproduced from the PayPass data on the
chip. Some aspect of the magnetic stripe data must be unique to the
magnetic stripe, unpredictable and validated during the authorization.
ALL
The issuer should not use the same combination of PAN and PAN
Sequence Number on separate cardholder devices, even if linked.
1.
Data Element
Tag
9F42
5F24
5F25
5F34
5A
9F07
CDOL1
8C
CDOL2
8D
If present
3-13
Issuer Requirements
Card Requirements
Data Element
Tag
CVM List
8E
9F0D
9F0E
9F0F
5F28
9F4A
ALL
The data elements shown in the table above, if present, must all be
stored in records that are signed.
ALL
3-14
MC
MC
The last digit of both Track 1 and Track 2 must not be used by the
issuer.
Issuer Requirements
Issuer Host Requirements
MC
ALL
ALL
Card Delivery
PayPass data can be read by any reader that can power the contactless chip
and send the correct commands.
In order to fully benefit from new payment opportunities that contactless offers,
issuers must inform cardholders that contactless functionality is available and
provide directions on using it with the card.
R
ALL
ALL
3-15
Issuer Requirements
Issuer Host Requirements
Authorization Decisions
Authorization requests are approved against the account balance or open to
buy position in the usual way. In addition, issuers should check the authenticity
of the PayPass card by validating the dynamic CVC3 or application cryptogram
received.
The issuer should take into account that bits that are not set in the TVR included
in the authorization request of a PayPassM/Chip transaction may not always
reflect the final outcome of the terminal tests performed. An example of this is
when card authentication may have been completed after the GENERATE AC
command was issued to the card or after the TVR was signed.
As part of the authorization decision process, issuers should also consider the
number of transactions without cardholder verification that have been done
consecutively.
Issuers should also consider the presence of transit indicators in DE 48
(Additional Data), subelement 64 (Transit Program) of the authorization
message during the decision process.
Issuers should be prepared to receive correctly identified contactless ATM
transactions, even if not enabled on the card. Characteristics of contactless
transactions performed on ATM are described in MasterCard Contactless ATM
Implementation Requirements.
Although the information in DE 55 is normally consistent with other fields, there
may be some difference for certain data elements. Issuers should not routinely
decline transactions when differences occur in the data.
3-16
BP
ALL
BP
ALL
Issuers should always perform online CAM by checking that the ARQC
contained in a PayPassM/Chip online authorization request is correct.
ALL
BP
ALL
DE 3Processing Code
DE 4Amount, Transaction
DE 54Additional Amounts
Issuer Requirements
Issuer Host Requirements
MC
Issuers must always perform online CAM by checking that the CVC3
contained in a PayPass Mag Stripe online authorization request is
correct.
MC
BP
ALL
BP
ALL
3-17
Issuer Requirements
Issuer Host Requirements
The issuer may wish to accept and process Authorization Advice/0120 messages
in order to maintain up to date ATC values as part of ATC management.
BP
ALL
BP
ALL
Authorization Responses
A referral response must not be given to a PayPass authorization request.
Since the consumer remains in control of the PayPass card throughout the
transaction, the opportunity for merchants to pick up these cards is limited.
Issuers should not use a capture card authorization response to PayPass
transactions.
As a result of contactless-specific risk management the issuer may wish to
decline and prompt the cardholder to perform a contact transaction with CVM
where possible. In this case the issuer should use an authorization response
code 65 exceeds withdrawal count limit.
The issuer should therefore be aware that if a response code other than 65
exceeds withdrawal count limit is used the terminal might not prompt for a
subsequent contact transaction to be performed.
For PayPassM/Chip authorization responses, the issuer should not generate
Issuer Authentication Data, because the PayPass terminal is not able to pass
it to the PayPass card.
For PayPassM/Chip authorization responses, the issuer should not include
issuer scripts because the PayPass terminal is not able to pass them to the
PayPass card.
3-18
ALL
BP
ALL
BP
ALL
BP
ALL
Issuer Requirements
Clearing Requirements
ALL
Issuers that use a PAN mapping service must return the genuine PAN
in the authorization response message, even if an alternative PAN was
used in the authorization request.
BP
ALL
Refunds
MasterCard PayPass issuers must be able to support the processing of a refund
transaction initiated via the contactless interface.
R
MC
Clearing Requirements
PayPass transactions are identified in clearing messages.
Clearing Messages
PayPass issuers must ensure host systems are capable of correctly receiving and
processing existing subfields within the clearing message containing specific
values of the data input capability and the data input profile, DE 22 (POS
Entry Code).
DE 22, subfield 1 identifies the terminal capabilities and must contain:
DE 22, subfield 7 identifies the card data input profile for this transaction and
must contain:
ALL
3-19
Issuer Requirements
Chargeback and Exception Processing
3-20
Chapter 4
Acquirer Requirements
4-i
Acquirer Requirements
General Requirements
General Requirements
This section contains high-level requirements related to the PayPass acceptance
environment and the brands and transaction modes that are supported.
PayPass Acceptance
PayPass acceptance means that all cardholder devices are valid for acceptance
at terminals, not just PayPass cards.
A terminal that supports EMV chip contact transactions that is contactless-enabled
must support PayPassM/Chip contactless transactions.
R
ALL
Must not accept Maestro in PayPassMag Stripe mode. The terminal may
support PayPassMag Stripe for MasterCard.
MC
MS
MS
4-1
Acquirer Requirements
Terminals
ALL
BP
ALL
ALL
Terminals
Acquirers and merchants must only use approved PayPass terminals.
Approvals and Testing
All PayPass products need to obtain approval before deployment. Subsequent
changes to terminal software could affect compliance with PayPass Terminal
Vendor testing and must be discussed and reviewed with MasterCard.
R
ALL
All existing contactless readers that comply with PayPassM/Chip version 3.0
or EMVCo Book C-2 must support the Terminal Risk Management Data data
object (as defined in Data Requirements) before 1 January 2015.
R
ALL
Reader Specifications
R
ALL
ALL
All PayPass readers submitted for M-TIP testing must have a valid
Terminal Quality Management (TQM) Label.
ALL
Acquirer Requirements
Terminals
ALL
ALL
Terminal Branding
PayPass terminals must meet the MasterCard branding requirements. PayPass
terminals use common interfaces to provide a consistent consumer and
merchant experience.
In order to give the cardholder clear information as to where to tap the PayPass
device on the PayPass terminal, acquirers must use the PayPass landing zone.
The landing zone must indicate with the contactless identifier where the
cardholder has to tap or hold the MasterCard PayPass card.
If space permits, MasterCard PayPass and other scheme branding may also be
placed on the landing zone as long as branding rules are maintained and the
contactless symbol is not obscured in any way. If space on the landing zone
does not allow room for scheme branding, then it should be placed elsewhere
at the point of interaction. It should not distract the customer from identifying
the contactless symbol and the landing zone.
R
ALL
4-3
Acquirer Requirements
Terminals
BP
ALL
BP
ALL
ALL
The terminal must use visible and audible cues to the cardholder that
the PayPass interaction has been successful and is complete.
The terminal may be located in a position where liquid spillage may occur.
It is recommended for such environments that the terminal be sealed to
prevent liquids from causing damage to the internal components.
ALL
ALL
BP
ALL
Inserting a card
ALL
Acquirer Requirements
Terminals
Visually check the valid date and the expiration date on the face of the card
Compare the embossed account number on the face of the card with the
number displayed or printed from the POS terminal
Compare any photograph on the card with the person presenting the card
Check that the card is signed (This does not necessarily mean that a
signature is not required to complete the transaction)
Any automation of the above visual checks by the POS system, such as Swipe
and Verify checks, must be capable of being overridden or disabled for the
acceptance of PayPass transactions.
Transaction Types
Purchase
ALL
Terminals may support cash back for MasterCard PayPass, and Maestro PayPass
according to the product rules. Cardholder verification and online authorization
are always required for Purchase with Cash Back transactions.
R
ALL
Refunds
Acquirers must be able to process refund transactions initiated via the contactless
interface. A refund must be to the same account as the original transaction.
Cardholder verification is not required for refunds. Authorization is not required
for refunds.
20132014 MasterCard. Proprietary. All rights reserved.
PayPassM/Chip Requirements 10 April 2014
4-5
Acquirer Requirements
Terminals
If card refunds are supported by a merchant that has deployed at least one
contactless terminal, then refunds initiated through the contactless interface
must be supported. Merchant support for PayPass refunds is recommended at a
minimum of one PayPass enabled terminal in a merchant location.
For PayPassM/Chip transactions, refunds initiated through the contactless
interface must be performed by reading the Track 2 details and then requesting
an AAC. The refund is then cleared in the normal way. This prevents card risk
management counters from being adversely impacted.
For PayPassMag Stripe transactions, refunds initiated over the contactless
interface must be performed by reading track details via the contactless interface
and clearing the refund transaction in the normal way.
R
ALL
ALL
ALL
ALL
4-6
Acquirer Requirements
Terminals
ALL
ALL
ALL
ALL
ALL
ALL
MC
MS
Gratuities
ALL
4-7
Acquirer Requirements
Terminals
BP
ALL
BP
ALL
PayPass Limits
In the technical specifications, three limits are used by terminals in processing
PayPass transactions. The same limit may have different values for different
products. The limits are configurable for each AID accepted at the terminal.
The Terminal Contactless Transaction Limit is a maximum transaction amount
above which a contactless transaction must not be performed.
Purchase transactions less than or equal to the Terminal CVM Required Limit
do not require cardholder verification and, unless specifically requested by the
cardholder, do not require a printed receipt. For PayPass transactions above
the Terminal CVM Required Limit, normal cardholder verification and receipt
printing procedures apply.
The Terminal Contactless Floor Limit is a transaction amount above which
online issuer authorization is required.1
1.
4-8
Acquirers should be aware that the transaction limits discussed here are managed and supported
differently in the different versions of the PayPassM/Chip reader.
Acquirer Requirements
Terminals
ALL
BP
ALL
Terminals that allow transactions above the Terminal CVM Required Limit must
not support No CVM above this limit.
R
ALL
BP
ALL
ALL
4-9
Acquirer Requirements
Terminals
ALL
For Maestro PayPass, in a given market, one of the following scenarios will
apply:
Details of the markets where transactions above the CVM limit are allowed are
shown in Appendix C of the Chargeback Guide.
PayPass Mode Selection
The cardholder decides whether to use PayPass or an alternative interface on
the card. The terminal does not drive this decision.
If the cardholder chooses to use PayPass, and both the card and terminal
support PayPassM/Chip, then this mode must be used to complete the
transaction.
R
4-10
ALL
Acquirer Requirements
Terminals
Data Usage
PayPass acquirers must only use data read from the contactless interface for
PayPass transactions. Data obtained from the contactless interface must not be
used for another purchase transaction type.
R
ALL
Data read from the contactless interface must not be used for purchase
transactions other than PayPass. This restriction does not include
refunds and transit debt recovery.
ALL
ALL
Acquirers must respect local privacy laws when storing data on the
card.
ALL
Merchants and acquirers must make sure that Track 1 Data is processed
as Track 1 and Track 2 Data is processed as Track 2.
ALL
Service Codes
MasterCard PayPass issuers may choose to use service code values in the
PayPass data different from those typically used for magnetic stripe cards.
A service code read during the PayPass transaction that indicates the presence
of a chip card does not mean that the terminal must prompt for an EMV contact
chip transaction.
20132014 MasterCard. Proprietary. All rights reserved.
PayPassM/Chip Requirements 10 April 2014
4-11
Acquirer Requirements
Terminals
A service code read during the PayPass transaction indicating that PIN is
required does not mean that PIN is required for a PayPass transaction below
the CVM limit.
A service code read during the PayPass transaction indicating that the
transaction must be processed online does not mean that the terminal must
seek online authorization for transactions below the appropriate floor limit.
R
ALL
Terminals must not prompt for an EMV contact chip transaction just
because the service code read during the PayPass transaction indicates
a chip is present on the card.
ALL
Terminals must not prompt for PIN for purchase transactions less than
or equal to the CVM limit just because the service code read during the
PayPass transaction indicates that a PIN is required.
ALL
Terminals must not seek online authorization just because the service
code read during the PayPass transaction indicates that the card is
online only.
Cardholder Name
PayPass cards must not include the cardholder name in the data read through
the contactless interface. Terminal systems that normally obtain and make use
of the cardholder name from Track 1 data obtained from a magnetic stripe read
must be able to accommodate this difference.
R
ALL
Terminals that process Track 1 data must be able to handle the data
without a fully populated cardholder name.
Application Selection
Terminals must maintain an independent list of AIDs accepted by the terminal
for PayPass.
The highest priority available payment application is selected automatically by
the PayPass terminal. PayPass terminals must support application selection
using the cards PPSE and without cardholder assistance. If priorities have
not been set in the card, then the application selected will be determined by
the terminal.
Cardholder confirmation must not be supported by the terminal for PayPass
transactions.
R
ALL
The PayPass reader must select the PPSE on the card as part of
application selection.
ALL
Acquirer Requirements
Offline Card Authentication
ALL
ALL
The AID value used for PayPass is the same AID used for the contact interface.
There are no specific AIDs for PayPass.
Supported AIDs are:
MasterCard A0000000041010
Maestro A0000000043060
ALL
The only valid offline CAM method for newly deployed PayPassM/Chip
terminals is CDA.
ALL
ALL
ALL
4-13
Acquirer Requirements
Cardholder Verification
The terminal must associate each key with the following key-related information
that is used with the key.
ALL
All offline capable PayPassM/Chip terminals must hold all the active
and current MasterCard public keys.
ALL
Terminals must only accept keys that the terminal can authenticate as
originating from the genuine acquirer.
ALL
Acquirers must be able to verify that all the appropriate keys are loaded
into all terminals that generate transactions which they acquire.
ALL
This table shows the Payment System Public Keys that are currently in use.
Key Index
Key Length
Expiry Date
04
1152 bits
31 December 2017
05
1408 bits
31 December 2021
06
1984 bits
31 December 2021
Key lengths and expiration dates are reviewed annually. MasterCard notifies
members of any changes in the Global Security Bulletin.
There is no requirement to store the expiry date of keys in the terminal. Expired
keys must be removed from terminals within six months. Where keys are held
in the terminals with an expiry date, it is imperative that keys remain valid until
the published expiry date, as amended from time to time.
Cardholder Verification
Cardholder verification is not required for a PayPass purchase transaction less
than or equal to the CVM limit.
For transactions greater than the CVM limit, a CVM is required. If transactions
above the CVM limit are completed without cardholder verification, then the
acquirer may be liable for disputed transactions. Merchants should request
cardholder verification above this value.
Acquirer Requirements
Cardholder Verification
NOTE
There are some MCCs where no CVM has been part of the product proposition
above the CVM limit up to a specific transaction limit: tollways, parking, etc.
For Maestro PayPass, attended terminals that support transactions above the
CVM limit:
Attended POS terminals in the Europe region that are capable of accepting
contactless chip transactions above the CVM limit must support one or both of
the following PIN verification methods.
Online PIN
Acquirers and merchants that currently support Online PIN should also support
On Device Cardholder Verification.
For PayPassM/Chip transactions, the reader must complete CVM Processing
for all transaction amounts, both above and below the Terminal CVM Required
Limit. The CVM is determined by the CVM List or other data supplied by the
card and the CVM capabilities indicated by the PayPass reader application of
the terminal. The CVM capabilities may be different above and below the
Terminal CVM Required Limit.
The use of No CVM must be positively identified by the EMV process. It does
not mean skip CVM processing.
PayPass terminals must not permit PIN Entry Bypass.
PayPass terminals must not support offline PIN on the contactless interface.
Offline PIN may be supported at the same terminal but only for EMV contact
chip transactions. Terminals must ensure that offline PIN is never selected as
the CVM for a PayPass transaction.
R
ALL
MC
4-15
Acquirer Requirements
Cardholder Verification
MC
BP
MC
BP
MC
MS
MS
MS
BP
MS
ALL
MC
ALL
ALL
ALL
CAT Level 1 terminals must support online PIN for all PayPass transactions, and
may also support On Device Cardholder Verification.
CAT Level 2 and CAT Level 3 terminals must use No CVM for all PayPass
transactions.
Dual capability devices may be deployed (see section on Cardholder Activated
Terminals).
4-16
Acquirer Requirements
Terminal Risk Management
ALL
CAT Level 1 terminals must support online PIN and may also support
On Device Cardholder Verification.
ALL
CAT Level 2 and CAT Level 3 terminals must support only No CVM
for PayPass transactions.
When online PIN is used to verify the cardholder, if the authorization is declined
by the issuer because the PIN is incorrect, the transaction should be restarted
and the cardholder prompted to re-enter their PIN.
BP
ALL
When online PIN is the chosen cardholder verification method for the
transaction, the PIN must be entered or the transaction will be terminated. This
is because PIN entry is canceled or the terminal has timed out.
R
ALL
ALL
4-17
Acquirer Requirements
Authorization Responses
The mandatory TACs used for PayPass transactions are provided in Data
Requirements.
If the terminal supports EMV contact chip transactions, the terminal must
maintain the PayPass TACs independently.
R
ALL
Authorization Responses
If a response to an authorization is not received, transactions are approved
at the acquirers risk.
For PayPassM/Chip there is no second terminal or card risk management
possible, as there is for EMV contact chip transactions.
Referrals or Call Me issuer responses are not required to be supported by
acquirers for PayPass. Referral responses may be declined by the acquirer
or merchant.
Retaining the card at an attended terminal is optional as it may be impractical
for an attendant to retain a card that is not initially handed over to the merchant
during the transaction.
Cardholder Receipts
For transactions less than or equal to the Terminal CVM Required Limit, a
PayPass merchant, card acceptor, must make a receipt available if requested by
the cardholder. This means the facility to produce receipts must be available
unless some special circumstances apply. Refer to MasterCard Rules for
exemptions.
Receipts may be offered at the end of a transaction, rather than the cardholder
or merchant needing to confirm if they would like a receipt before continuing.
Above the Terminal CVM Required Limit, a receipt must always be provided if
the terminal has that capability. This requirement applies regardless of whether
the transaction is approved or declined.
Any receipt should specifically identify PayPass transactions. The input method
should be shown as Contactless, CONTACTLESS, or RF for PayPass transactions.
When a signature is not required for cardholder verification as part of the
transaction, the receipt must not include any text or placeholder for provision
of a signature.
4-18
Acquirer Requirements
Subsequent Contact Transactions
ALL
ALL
BP
ALL
BP
ALL
ALL
ALL
ALL
BP
ALL
4-19
Acquirer Requirements
Terminated Transactions
Terminated Transactions
A terminal may allow a merchant to cancel a transaction:
OR
ALL
For CAT Level 1 terminals, the CVM is either Online PIN or On Device
Cardholder Verification as offline PIN is not supported for PayPass and
signature is not possible at an unattended terminal
For CAT Level 2, Level 3, and Level 4 terminals, it is recommended that the
Terminal CVM Required Limit and Terminal Contactless Transaction Limit be
set to the maximum allowed transaction value appropriate for these devices,
and where indicated in the Transaction Processing Rules.
BP
All
4-20
Acquirer Requirements
Automated Teller Machines
MC
Vending Machines
PayPass-only acceptance is permitted on vending machines identified with
Merchant Category Code 5499.
Such vending machines can operate with one of two possible purchasing
processes:
credit first, where the payment is made before selecting the goods or
service
Acquirers should note that only PayPass readers installed on vending machines
using a select first ordering and payment process will be capable of supporting
both online and offline authorization of contactless transactions. Such readers
may also behave as offline only or online only.
PayPass readers installed on credit first vending machines cannot authorize
contactless transactions offline and consequently must always request online
authorization.
R
ALL
ALL
4-21
Acquirer Requirements
Acquirer Network Requirements
Data Elements
Acquirer databases must also identify the terminal as being PayPass capable.
This impacts DE 61 and DE 22 in authorization messages and DE 22 in clearing
messages. Other data elements contain the same data values as for existing
transactions.
PayPass transactions from PayPassM/Chip terminals are either:
OR
ALL
Authorization Responses
Referrals are not required to be supported by acquirers for Paypass transactions.
Any referral response received may be treated as a decline.
Service Codes
MasterCard PayPass issuers may choose to use service code values in the
PayPass application different from those typically used for magnetic stripe
cards. For this reason acquirers need to ensure that all processing systems
support all service codes.
Acquirer Requirements
Authorization Requirements
BP
ALL
Authorization Requirements
Specific values in existing subfields within the authorization message specify
the terminal capability, DE 61, and the profile of operation, DE 22.
Authorization Messages
PayPass transactions require new values in these data elements in authorization
messages:
Terminals and other parts of the acquirer system must be able to determine
when transaction data has been obtained using the contactless interface in
order to properly process and identify the transaction to the issuer.
Acquirers should capture the Device Type indicator where present on a PayPass
device and send this to the issuer in DE 48 (Additional Data), subelement 23
(Payment Initiation Channel). The Device Type indicator may be included in
the Third Party Data.
Acquirers must support full-grade EMV for all PayPassM/Chip
implementations. Partial grade acquiring is not permitted. For PayPassM/Chip
transactions, DE 55 is mandatory in authorization messages.
Requirements for acquirer generated reversals for online authorizations are
for current processing.
The presence of CVM Results (tag 9F34) is mandatory for all authorization
messages containing DE 55 that are transmitted from acquirer chip systems
certified by MasterCard on or after 13 April 2012. The presence of CVM Results
is mandatory for all authorization messages containing DE 55 effective 1 April
2017.
R
ALL
ALL
4-23
Acquirer Requirements
Clearing Requirements
BP
ALL
ALL
ALL
Clearing Requirements
Clearing Messages
Specific values in existing subfields within the clearing message specify the
data input capability and the data input profile, DE 22. PayPass transactions
require new values in these subfields.
DE 22, subfield 1 identifies the terminal capabilities and must contain:
DE 22, subfield 7 identifies the card data input profile for this transaction and
must contain:
ALL
BP
ALL
ALL
ALL
Acquirer Requirements
Exception Processing
Exception Processing
Acquirers do not need to fulfill a retrieval request for a transaction identified
as a PayPass transaction that is equal to or less than the CVM limit, except in
certain transit situations.
No new chargeback reason codes have been introduced specifically to
support PayPass. Updates to the existing reason codes are documented in
the Chargeback Guide.
On-behalf Services
MasterCard offers the PayPass Mapping Servicean optional service that helps
issuers process different PayPass account numbers by translating them into
primary account numbers that can be processed with minimal impact.
R
ALL
4-25
Chapter 5
Data Requirements
5-i
Data Requirements
Terminal Action Codes
Meaning
Denial
Online
Default
SDA selected
RFU
Expired application
New Card
RFU
Unrecognized CVM
Byte 1 8
Byte 2 8
31
Byte 3 8
5-1
Data Requirements
Terminal Action Codes
RFU
LCOL exceeded
UCOL exceeded
RFU
RFU
21
Byte 4 8
31
Byte 5 8
41
5-2
Meaning
Denial
Online
Default
Byte 3 6
Byte 3 5
Byte 3 4
Byte 3 3
Data Requirements
Terminal Action Codes
For Maestro PayPass in markets that support Online PIN for transactions greater
than the CVM limit, the following settings must be used:
Byte/Bit
Meaning
Byte 3 8
Denial
Online
Default
MasterCard and Maestro PayPass Terminal Action Codes for Offline Only Terminals
Byte/Bit
Meaning
Denial
Online
Default
RFU
Expired application
New Card
RFU
Unrecognized CVM
Byte 1 8
21
Byte 2 8
31
Byte 3 8
5-3
Data Requirements
Terminal Action Codes
RFU
LCOL exceeded
UCOL exceeded
RFU
RFU
21
Byte 4 8
31
Byte 5 8
41
Where supported by the terminal application, the TAC settings defined below
must be used for PayPass refund transactions.
Where supported by the terminal application, the TAC settings defined below
must be used for PayPass cash advance or cash disbursement transactions.
5-4
Data Requirements
Payment Scheme Specific Data Objects
9F5D
Length
Format
Descriptions
Byte
Bit
Description
Byte 1
b8-5
Version number
0000: VERSION 0
Other values: RFU
b4-1
Byte 2
b8-4
RFU
b3
b2
b1
CDA Indicator
0: CDA SUPPORTED AS IN EMV
1: CDA SUPPORTED OVER TC, ARQC AND AAC
5-5
Data Requirements
Payment Scheme Specific Data Objects
Byte 3
b8-1
5-6
Tag
9F1D
Length
Format
Descriptions
Data Requirements
Payment Scheme Specific Data Objects
Byte
Bit
Meaning
Value
b8
b7
0/1
b6
Signature (paper)
(Contactless)
0/1
b5
Enciphered PIN
verification performed
by ICC (Contactless)
b4
No CVM required
(Contactless)
0/1
b3
On device cardholder
verification (Contactless)
0/1
b21
RFU
00
b8
0/1
b7
0/1
b6
Signature (paper)
(Contact)
0/1
b5
Enciphered PIN
verification performed
by ICC (Contact)
0/1
b4
No CVM required
(Contact)
0/1
b3
On device cardholder
verification (Contact)
b21
RFU
00
b8
0/1
b7
0/1
b61
RFU
000000
b81
RFU
00000000
5-7
Data Requirements
Payment Scheme Specific Data Objects
Byte
Bit
Meaning
Value
b81
RFU
00000000
b81
RFU
00000000
b81
RFU
00000000
b81
RFU
00000000
9F6E
Length
532
Format
Descriptions
Length
Format
Value
Country Code
n3
Unique Identifier
Device Type
0 or 2
an
Proprietary Data
126 or 28
Device Type
Device Types are assigned as follows:
5-8
Data Requirements
Payment Scheme Specific Data Objects
Device
Value
Card
01
Key Fob
02
Watch
03
Mobile Tag
04
Wristband
05
06
07
08
09
10
11
12
13
1499
Track 1 Data
1.
Tag
56
Length
var. up to 76
As removable secure elements (SE) may be moved from a mobile phone to a tablet or eBook by the
consumer, this value represent the initial intended use of this SE.
5-9
Data Requirements
Payment Scheme Specific Data Objects
Format
ans
Descriptions
Length
Format
Format Code
42
var up to 19
digits
Field Separator
5E
Name
2-26
Field Separator
5E
Expiry Date
YYMM
Service Code
digits
Discretionary Data
var
ans
Track 2 Data
Tag
9F6B
Length
var. up to 19
Format
Descriptions
5-10
Data Field
Length
Format
var up to 19
Field Separator
b (D)
Expiry Date
n (YYMM)
Service Code
Data Requirements
Payment Scheme Specific Data Objects
Data Field
Length
Format
Discretionary Data
var
5-11
Appendix A Abbreviations
This section provides a listing of abbreviations used throughout the manual.
Abbreviations.................................................................................................................................A-1
A-i
Abbreviations
Abbreviations
Abbreviations
The following is a listing of abbreviations used throughout the manual.
Abbreviation
Description
AAC
ADF
AFL
AID
Application Identifier
ARQC
ATC
ATM
CA
Certification Authority
CAM
CAT
CDA
CDOL
CPV
CVC
CVC1
CVC3
CVM
DDA
DE
Data Element
EMV
FCI
IAC
ICC
ISO
MCC
nUN
PIN
A-1
Abbreviations
Abbreviations
PIX
POS
Point of Sale
PPSE
PVV
RFU
RID
SDA
SDS
SFI
TAC
TC
Transaction Cryptogram
TVR
UN
Unpredictable Number