News

Terminals with EMV specifications

Today, most terminals except ATMs, SAT1 – and SAT2-terminals support the ability to perform transactions in offline mode, i.e. they belong to the second class of terminals. The offline mode of the terminal includes support for offline card authentication methods (SDA support is mandatory everywhere, DDA support is mandatory in Europe, and CDA is recommended), risk management procedures (checking the value of Terminal Floor Limit stop lists, Random Transaction Selection, and Velocity Checking procedures), and storing and uploading...

read more

EMV technology implementation

In addition to dynamic card authentication, the CDA method also ensures the integrity of the most critical information exchange data in the “card — terminal” dialog (CID and transaction details). This is achieved by combining the card authentication procedure with the GENERATE AC command, during which the most important data is exchanged between the card and the terminal.The offline authentication method is selected by the terminal based on the AIP data and the terminal capabilities defined by the value of the third byte of the...

read more

Features of migration to microprocessor cards

Migration of a Bank to issue and service MPC is an expensive and technically complex task that falls into several subtasks. These include: setting the migration task for the IPC; selecting the IPC hardware and software platform, card provider, and application configuration; upgrading the application software of the Central transaction processing system (both online and clearing messages); upgrading the card personalization system; upgrade of terminal equipment; the modernization of cryptographic hardware (Hardware Security Module or HSM)....

read more

EMV Card Personalization Specification

The card’s life cycle (Card Production Life Cycle, or CPLC for short) consists of five main phases. At various stages of the card’s lifecycle, the chip manufacturer, the card supplier, the card Issuer, and finally the card holder work with the card. However, the distribution of actions performed with the card at different stages of the cycle depends significantly on whether the card is static or supports an open operating system, such as Java Card, whether executable application modules/applets are loaded into ROM or EEPR0M, and...

read more

Issue Script Processing EMV Procedure

Using the CSU element is an alternative to the issue Script Processing procedure. This element allows the Issuer to change the card state and change the values of its parameters. If the Issuer authentication is successful and the terminal requests a vehicle from the card, and bit 8 of byte 2 ‘Issuer Approves Online Transaction’ in the received CSU element is equal to 1, the card approves the transaction and returns the vehicle cryptogram. If the Issuer authentication is successful and bit 8 of byte 2 ‘Issuer Approves Online...

read more

ARPC verification in the EMV standard

The CCD application uses parameters called non – velocity checking indicator (NVI) in the CVR): Issuer Authentication Failed (authentication of the Issuer failed); Last Online Transaction not completed (the last online transaction was not completed, i.e. the ARQC was sent to the Issuer, but no response was received from the card Issuer); Issue Script Processing Failed (Script Processing failed); Go Online on Next Transaction was set (a flag indicating that the next transaction should be performed in online authorization mode). These...

read more

ARQC cryptogram for card authentication method

The terminal requests the ARQC cryptogram Let’s now consider the case when the terminal offers the card to perform an operation online, transferring the decision to authorize the transaction to the card Issuer. It is obvious that online transaction execution is not possible for “offline only” terminals (in this case, Terminal Toure takes one of the values ’13’h, ’23’h, ’16’h, ’26’h, ’36’h). To suggest that the card perform a transaction in real time, the terminal...

read more

Offline PIN verification on the EMV Software SDK

As previously mentioned, there are two different methods of offline PIN verification (pin verification by card): checking the PIN code transmitted to the card in plain text (‘000001’)); verification of the PIN code transmitted to the card in encrypted form (‘OOOOOO’). EMV Software. Pin Verification In some cases, when performing a transaction, there are situations when the client forgot/does not know their PIN code. It may also happen that the terminal does not support offline PIN verification. Sometimes in such cases,...

read more

Cardholder Verification (CVM)

Matching the version numbers of the card and terminal applications Payment systems assign two-byte version numbers to the card application and terminal application using the Application Version Number data object (Tag ‘9F08’) stored on the card and the Application Version Number data object (Tag ‘9F09’) stored on the terminal. The terminal checks whether the application version numbers match as follows: among the data read by the terminal on the card, an object with the Tag field equal to ‘9F08’is searched...

read more

Mechanism for the Issuer to verify the EMV standard

Byte 1 TVR (leftmost) B8 B7 BB B5 B4 BZ B2 s Value 1 Offline data authentication was not performed (offline card authentication was not performed) 1 Offline SDA failed (SDA authentication failed) 1 ICC data missing (some data related to the chip is missing) 1 Card appears on terminal exception file (the card is found in the stop list) B8 B7 BB B5 B4 BZ B2 s Value 1 Offline DDA failed (DDA authentication failed) 1 CDA/AC Generation failed (CDA authentication failed) 0 Reserved for use 0 Reserved for use Byte 2 of the TVR B8 B7 BB B5 B4 BZ B2 s...

read more