CDA Modified Terminal Behaviour
|
|
- Shon Wells
- 6 years ago
- Views:
Transcription
1 Specification Update Bulletin No. 44 First Edition February 2007 CDA Modified Terminal Behaviour This bulletin modifies terminal behaviour for CDA in order to allow improved CDA transaction performance. This bulletin also modifies terminal behaviour for CDA failures based upon when in the transaction sequence the terminal detects the failure. It requires a terminal to use the results of Terminal Action Analysis when CDA failures are detected prior to Terminal Action Analysis. CDA failures detected after Terminal Action Analysis always result in an offline decline. This bulletin also clarifies other aspects relating to CDA processing. Applicability This Specification Update Bulletin applies to: EMV Integrated Circuit Card Specifications for Payment Systems Version 4.1 Book 2 Security and Key Management EMV Integrated Circuit Card Specifications for Payment Systems Version 4.1 Book 3 Application Specification EMV Integrated Circuit Card Specifications for Payment Systems Version 4.1 Book 4 Cardholder, Attendant, and Acquirer Interface Requirements Related Documents This Specification Update Bulletin should be read in conjunction with: EMV Specification Update Bulletin 20 Type Approval Bulletin No 52: Terminal Level 2 Test Cases v4.1.b Update - CDA modified behaviour. Page 1
2 Description This bulletin modifies terminal behaviour for CDA to allow improved transaction performance by reducing the occurrences of CDA during some transactions; modifies terminal behaviour for CDA failures based upon when in the transaction sequence the terminal detects the failure; modifies terminal behaviour for when the card responds with an AAC; modifies terminal behaviour with respect to Unpredictable Numbers in CDOLs; clarifies other aspects relating to CDA processing. An annex to this bulletin provides an updated version of Book 2 page 68 incorporating the changes identified in this bulletin. Transaction Performance This bulletin defines a modification to terminal behaviour such that even though the card and terminal both support CDA (as indicated in the AIP and Terminal Capabilities), the terminal need not request CDA for online authorisations. Similarly, following successful online authorisation the terminal need not request a CDA signature on a TC in the second GENERATE AC command 1. However if the terminal is unable to go online and requests a TC in the second GENERATE AC command, then the terminal shall request a CDA signature on this TC. If CDA is not performed because the terminal has requested an ARQC without CDA, then the terminal shall set the TVR bit to indicate that Offline Data Authentication was not performed on the transaction. A CDA-capable card is still expected to reply with a CDA signature if (and only if) so requested by the terminal, except when responding with an AAC. CDA Failures This bulletin defines terminal behaviour in the event of a CDA failure. This behaviour depends on when in the transaction sequence the terminal detects the failure. It requires that a terminal uses the results of Terminal Action Analysis if CDA failures are detected prior to Terminal Action Analysis. CDA failures detected after Terminal Action Analysis always result in an offline decline. Please note that EMV Book 3 Section 10.7 recommends that as a minimum the TAC - Online and TAC - Default bits for CDA failed be set to 1 so that transactions where CDA fails prior to Terminal Action Analysis will not be approved offline. Please note also that if the Issuer and ICC Public Keys are recovered after the final Terminal Action Analysis, then any recovery failures will result in an offline decline. 1 Such a request would not normally be expected because the transaction will have been approved online but a CDA signature might be deemed useful for business reasons. Page 2
3 AAC responses This bulletin modifies terminal behaviour so that when the terminal requests an ARQC or TC with a CDA signature the terminal will not consider CDA to have failed on account of the card responding with an AAC. Unpredictable Numbers This bulletin modifies terminal behaviour so that the terminal does not check that CDOL1 and CDOL2 identify the Unpredictable Number. Issuers are advised that CDA cards must still identify the Unpredictable Number in both CDOL1 and CDOL2. Clarifications This bulletin clarifies that when CDA fails after the card has responded with a TC to the first GENERATE AC command, then the decline processing does not require that the terminal issue a second GENERATE AC for an AAC; clarifies the reference to the description of the retrieval of the ICC Private Key; corrects an omission in EMV Specification Update Bulletin 20 and thereby in EMV 4.1 Book 3, where the Terminal Action Analysis processing fails to mention that CDA is not requested when the cryptogram being requested is an AAC; clarifies that in the case of CDA the process of offline data authentication continues beyond the first GENERATE AC command. Specification Change Notice Please modify Book 2 Section 6.6 with the following text inserted immediately before Section In the case of the first GENERATE AC command: When requesting an ARQC, the terminal may request it with or without a CDA signature. When an ARQC is requested without a CDA signature, then the terminal shall set the TVR bit for 'Offline data authentication was not performed' to 1 2 prior to issuance of the GENERATE AC command. When an ARQC is requested without a CDA signature, the processes described in sections and are not performed. When requesting a TC, the terminal shall request it with a CDA signature. When requesting an AAC, the terminal shall request it without a CDA signature. In the case of the second GENERATE AC command: The terminal shall set the TVR bit for 'Offline data authentication was not performed' to 0 3 prior to issuance of the GENERATE AC command. If the terminal is processing the transaction as unable to go online then the TVR bit setting shall be done before the associated terminal action analysis. When requesting a TC: If the terminal is processing the transaction as unable to go online (and the result of terminal action analysis is to request a TC), then the terminal shall request a TC with a CDA signature. 2 This updated TVR is used if requested in CDOL1. 3 This updated TVR is used if requested in CDOL2. Page 3
4 If the terminal is not processing the transaction as unable to go online, then the terminal may request the TC with or without a CDA signature. When requesting an AAC, the terminal shall request it without a CDA signature. Please append the following text to the first sentence of the first step of Section 6.6.1: with the CDA signature requested bit in the GENERATE AC command set to 1. Please change the last paragraph of EMV Book 3 Section 10.7 to the following: "If CDA is to be performed (as described in section 10.3 of this book and Section 6.6 of Book 2), the terminal shall set the bit for CDA signature Requested in the GENERATE AC command to 1. Note that Specification Update Bulletin 20 and its incorporation into EMV in version clarified that the terminal should not request CDA when the terminal requests an AAC in the GENERATE AC command. This clarification was erroneously omitted in one location in the specification but is correct above. Clarification to actions taken on CDA failure Please replace the text between the second paragraph and final paragraph of EMV Book 4 Section with the following: "When the selected form of offline data authentication is CDA and CDA fails prior to the final Terminal Action Analysis (for example, Issuer Public Key recovery fails prior to Terminal Action Analysis) preceding the issuance of a first GENERATE AC command, or second GENERATE AC command in the case unable to go online, the terminal shall set the TVR bit for CDA failed to 1 and request the cryptogram type determined by Terminal Action Analysis. In this case, the GENERATE AC command shall not request a CDA signature and no further CDA processing is performed. When the selected form of offline data authentication is CDA and a CDA failure is detected after the final Terminal Action Analysis preceding the issuance of a first or second GENERATE AC command, the terminal shall set the CDA failed bit in the TVR to 1 and the following rules apply: If CDA fails in conjunction with the first GENERATE AC: If the Cryptogram Information Data (CID) bit indicates that the card has returned a TC, the terminal shall decline the transaction and not perform a second GENERATE AC command. If the CID bit indicates that the card has returned an ARQC, the terminal shall complete the transaction processing by performing an immediate second GENERATE AC command requesting an AAC. If CDA fails in conjunction with the second GENERATE AC, the terminal shall decline the transaction. Page 4
5 Please replace the beginning of Book 2 Section 6.6 with the following text (where the use of underscore denotes new text inserted and the use of strikethrough denotes old text deleted): "6.6 Combined DDA/Application Cryptogram Generation (CDA) CDA consists of a dynamic signature generated by the ICC (similar to DDA but including Application Cryptogram (AC) generation) followed by verification of the signature by the terminal. It is applicable to both the first and second GENERATE AC commands and requires the retrieval of the relevant public keys as described in Sections 6.2, 6.3 and 6.4. Since the public keys are not required until the CDA signature is verified as part of processing the response to the first GENERATE AC, retrieval of the public keys may happen any time before verifying the CDA signature. During retrieval of the public keys, errors may result in CDA failure (TVR bit for CDA failed is set to 1). These errors include but are not limited to failure of public key retrieval and invalid format of records to be authenticated (see Book 3 Section 10.3). For the first GENERATE AC command, and for the second GENERATE AC command in the case unable to go online, the cryptogram type requested by the terminal is always determined by the final Terminal Action Analysis preceding the GENERATE AC command. If any of the above errors are detected prior to the final Terminal Action Analysis, then the terminal shall not request CDA in the GENERATE AC command. When the GENERATE AC command is issued with a CDA request, then if any of the above errors are detected subsequently, the eventual result will be an offline decline in accordance with the paragraphs beginning "If CDA fails in conjunction" in Book 4 Section In this section In sections and it is assumed that: Both the ICC and the terminal support CDA. The cryptogram to be requested is not an Application Authentication Cryptogram (AAC), i.e. Terminal Action Analysis has not resulted in offline decline. The TVR bit for CDA failed is not set to 1 prior to final Terminal Action Analysis. Except when returning an AAC, the ICC always replies with a CDA signature when requested by the terminal. AAC Responses Please modify the 3 rd paragraph of Section as follows: If the ICC has responded with an AAC, then CDA has failed, and the terminal shall decline the transaction. Unpredictable Numbers Page 5
6 Please delete all but the first sentence in Step 1 of Section At the beginning of Section 6 on page 49, please replace the end of the second bullet..and identified by Card Risk Management Data Object List 1 (CDOL1) or Card Risk Management Data Object List 2 (CDOL2). with the following footnote In order to ensure that the ICC uses the correct value for the Unpredictable Number the Issuer must ensure that both CDOL1 and CDOL2 contain tag 9F37. Sample CDA Flows In order to synchronize the CDA flows with the specification changes and clarifications described above, please replace Figures 3, 4, and 5 with the flows on the following pages: Page 6
7 Figure 3: CDA Sample Flow Part 1 of 3 Offline Data Authentication Processing Terminal & card support CDA? Check other Offline Data Authentication methods Any CDA errors detected yet? Terminal recovers CA, Issuer, and ICC Public Keys from certificates. Note: Key recovery may be done at any time before 1st GEN AC response processing. Recovery failures are acted on either during Terminal Action Analysis or in 1st GEN AC response processing. Approve Offine (TC) Terminal Action Analysis result... Decline Offline (AAC) Set CDA Failure in TVR Issue GEN AC for TC/ARQC requesting CDA Go Online (ARQC) Terminal requests CDA for ARQC? Set Offline Data Auth. Not Performed to 1 in TVR. Issue GEN AC for AAC without requesting CDA. Complete Terminal Action Analysis and GEN AC processing without CDA according to Book 3 Figure 7. A Set Offline Data Auth. Not Performed to 1 in TVR. Issue GEN AC for ARQC without requesting CDA. Continue with non- CDA processing. A Card 1 st GENERATE AC Processing CDA requested in P1 of GEN AC? TC or ARQC ICC response... AAC Card returns GEN AC response with Signed Dynamic Applic. Data Card returns GEN AC response without Signed Dynamic Applic. Data Page 7
8 Figure 4: CDA Sample Flow Part 2 of 3 1st GENERATE AC Response Processing A O GEN AC response... AAC ARQC/TC TC GEN AC response... CDA requested in GEN AC? Recover Signed Dynamic Application Data Perform approval processing. Do not issue 2 nd GEN AC. ARQC O Any CDA errors detected? Perform online authorization Set CDA Failure in TVR Unable to Go Online -Approval Online processing result... Online Decline or Unable to Go Online - Decline Set Offline Data Auth. Not Performed to 0 in TVR. Issue 2nd GEN AC for a TC requesting CDA. Online Approval Terminal requests CDA for online approvals? Issue 2nd GEN AC for a TC without requesting CDA. GEN AC response... ARQC Issue 2nd GEN AC for an AAC without requesting CDA. Continue with non- CDA processing. TC/ AAC Perform decline processing. Do not issue 2 nd GEN AC. B Continue with non- CDA processing. Page 8
9 Figure 5: CDA Sample Part 3 of 3 B 2nd GENERATE AC Response Processing GEN AC response... AAC TC Recover Signed Dynamic Applic. Data Recovery successful? Set CDA Failure in TVR Perform approval processing Perform decline processing Complete transaction processing Page 9
10 Clarification of Retrieval of ICC Private Key To clarify the reference to the process of retrieving the ICC Private Key, in EMV Book 2 Section first sentence, please replace "as described above" with "as described in Section 6.2, 6.3, and 6.4." Clarification that in the case of CDA the process of offline data authentication continues beyond the first GENERATE AC command The EMV specifications define three types of offline data authentication: SDA, DDA and CDA. When performing SDA or DDA the terminal completes the offline data authentication process prior to issuing the first GENERATE AC command. This means that the Terminal Action Analysis can always be informed of the results of SDA or DDA. When performing CDA the terminal will normally not complete the offline data authentication process until after receiving the response to the first GENERATE AC command 4 and in this case the results of CDA cannot be used in the Terminal Action Analysis. This bulletin clarifies this scenario by adding a note to Section 10.3 of the EMV Integrated Circuit Card Specifications for Payment Systems Version 4.1 Book 3. When performing CDA it is permitted that the terminal commence the processing of the Public Key Certificates before or after issuing the first GENERATE AC command. If processing before and this processing fails, then the CDA failed bit in the TVR is set to 1 and this result can be used in Terminal Action Analysis. Insert the following note in Section 10.3 of EMV Integrated Circuit Card Specifications for Payment Systems Version 4.1 Book 3 at the end of the Sequence of Execution clause: Note: Although the terminal shall commence performing CDA before completion of Terminal Action Analysis, the terminal will not normally finish performing CDA until after it has received the response to the GENERATE AC command. (This is a necessary consequence of the design of CDA.) 4 Or even the second GENERATE AC command Page 10
11 Updated Book 2 Page 68 After the changes in this bulletin are applied, page 68 of Book 2 can be replaced with the following text: 6.6 Combined DDA/Application Cryptogram Generation (CDA) CDA consists of a dynamic signature generated by the ICC (similar to DDA but including Application Cryptogram (AC) generation) followed by verification of the signature by the terminal. It is applicable to both the first and second GENERATE AC commands and requires the retrieval of the relevant public keys as described in Sections 6.2, 6.3 and 6.4. Since the public keys are not required until the CDA signature is verified as part of processing the response to the first GENERATE AC, retrieval of the public keys may happen any time before verifying the CDA signature. During retrieval of the public keys, errors may result in CDA failure (TVR bit for CDA failed is set to 1). These errors include but are not limited to failure of public key retrieval and invalid format of records to be authenticated (see Book 3 Section 10.3). For the first GENERATE AC command, and for the second GENERATE AC command in the case unable to go online, the cryptogram type requested by the terminal is always determined by the final Terminal Action Analysis preceding the GENERATE AC command. If any of the above errors are detected prior to the final Terminal Action Analysis, then the terminal shall not request CDA in the GENERATE AC command. When the GENERATE AC command is issued with a CDA request, then if any of the above errors are detected subsequently, the eventual result will be an offline decline in accordance with the paragraphs beginning "If CDA fails in conjunction" in Book 4 Section In sections and it is assumed that: Both the ICC and the terminal support CDA. The cryptogram to be requested is not an Application Authentication Cryptogram (AAC), i.e. Terminal Action Analysis has not resulted in offline decline. The TVR bit for CDA failed is not set to 1 prior to final Terminal Action Analysis. Except when returning an AAC, the ICC always replies with a CDA signature when requested by the terminal. In the case of the first GENERATE AC command: When requesting an ARQC, the terminal may request it with or without a CDA signature. When an ARQC is requested without a CDA signature, then the terminal shall set the TVR bit for 'Offline data authentication was not performed' to 1 5 prior to issuance of the GENERATE AC command. When an ARQC is requested without a CDA signature, the processes described in sections and are not performed. 5 This updated TVR is used if requested in CDOL1. Page 11
12 When requesting a TC, the terminal shall request it with a CDA signature. When requesting an AAC, the terminal shall request it without a CDA signature. In the case of the second GENERATE AC command: The terminal shall set the TVR bit for 'Offline data authentication was not performed' to 0 6 prior to issuance of the GENERATE AC command. If the terminal is processing the transaction as unable to go online then the TVR bit setting shall be done before the associated terminal action analysis. When requesting a TC: If the terminal is processing the transaction as unable to go online (and the result of terminal action analysis is to request a TC), then the terminal shall request a TC with a CDA signature. If the terminal is not processing the transaction as unable to go online, then the terminal may request the TC with or without a CDA signature. When requesting an AAC, the terminal shall request it without a CDA signature Dynamic Signature Generation The generation of the combined dynamic signature and Application Cryptogram takes place in the following steps. 1. The terminal issues a first or second GENERATE AC command with the CDA signature requested bit in the GENERATE AC command set to 1 according to sections and 9.3 of Book If the ICC is to respond with a TC or ARQC, the ICC performs the following steps: a. The ICC generates the TC or ARQC. b. The ICC applies the hash algorithm specified by the Hash Algorithm Indicator to the concatenation from left to right of the following data elements: 6 This updated TVR is used if requested in CDOL2. Page 12
EMV Contactless Specifications for Payment Systems
EMV Contactless Specifications for Payment Systems Book C-5 Kernel 5 Specification Version 2.6 February 2016 Kernel 5 Spec v2.6 Legal Notice Unless the user has an applicable separate agreement with EMVCo
More informationCommon Payment Application Contactless Extension CPACE. Functional Specification. Terminal Kernel
Common Payment Application Contactless Extension CPACE Functional Specification Terminal Kernel 12.07.2018 2016-2017-2018 Bancomat, Bancontact Company, BankAxept, Borica, Euro 6000, girocard/src, Groupement
More informationEMV Contactless Specifications for Payment Systems
EMV Contactless Specifications for Payment Systems Book C-7 Kernel 7 Specification Version 2.6 February 2016 February 2016 Page i Legal Notice Unless the user has an applicable separate agreement with
More informationEMVS Kernel Capabilities
Version: 1.00 (20-Aug-2008) Copyright 2008 SETIS Automação e Sistemas The copyright to the document herein is the property of SETIS Automação e Sistemas, Brazil. The content may be used and/or copied only
More informationPayPass M-TIP Test Case User Guide. July 2014
PayPass M-TIP Test Case User Guide July 2014 Copyright The information contained in this manual is proprietary and confidential to MasterCard International Incorporated (MasterCard) and its members. This
More informationEMV 96 Integrated Circuit Card Application Specification for Payment Systems
EMV 96 Integrated Circuit Card Application Specification for Payment Systems Version 3.0 June 30, 1996 1996 Europay International S.A., MasterCard International Incorporated, and Visa International Service
More informationEMVCo Letter of Approval - Terminal Level 2
June 14, 2011 Roland Svahn Acquis AB Segelbåtsvägen 7 11164 Stockholm Sweden Re: EMV Application Kernel: Approval Number(s): EMVCo Letter of Approval - Terminal Level 2 APEMV 2.5 2-02100-1-1S-RFI-0611-4.2.c
More informationS-TUU a OS-TUU a
July 01, 2009 Chuck Hayes Triton Systems of Delaware, Inc 522 E. Railroad Street Long Beach MS 39560 USA Re: EMVCo Letter of Approval -- Terminal Level 2 Approval Number(s): 2-01693-1-1S-TUU-0709-4.2.a
More informationEMV ContactlessSpecifications for Payment Systems
EMV ContactlessSpecifications for Payment Systems Book C-3 Kernel 3 Specification Version 2.6 February 2016 Legal Notice Unless the user has an applicable separate agreement with EMVCo or with the applicable
More informationEMVCo Letter of Approval - Contact Terminal Level 2
May 17, 2018 Richard Pohl Triton Systems of Delaware, LLC 21405 B Street Long Beach MS 39560 UNITED STATES OF AMERICA Re: EMV Application Kernel: Approval Number(s): EMVCo Letter of Approval - Contact
More informationJR/T Translated English of Chinese Standard: JR/T
Translated English of Chinese Standard: JR/T0025.6-2013 www.chinesestandard.net Sales@ChineseStandard.net JR FINANCIAL INDUSTRY STANDARD OF THE PEOPLE S REPUBLIC OF CHINA ICS 35.240.40 A 11 Registration
More informationEMVCo Letter of Approval - Contact Terminal Level 2
July 01, 2015 Kyoungtae Kang AIONBANK, Inc. Unit 502, Small and Medium Business DMC Tower, 189 Seongam-ro, Mapo-gu Seoul 121-904 S.KOREA Re: EMV Application Kernel: Approval Number(s): EMVCo Letter of
More informationEMVCo Letter of Approval - Terminal Level 2
January 23, 2014 S.G. Jung BITEL CO., LTD 11F Yohyun BD 242-29, nhyun-dong Gangnam-ku, Seoul 135-830 South Korea Re: EMV Application Kernel: Approval Number(s): EMVCo Letter of Approval - Terminal Level
More informationEMVCo Letter of Approval - Contact Terminal Level 2
February 25, 2016 CHARLY SEVAJOL ALX TECHNOLOGIES 302 rue de THOR PARC EUREKA MONTPELLIER 34000 FRANCE Re: EMV Application Kernel: Approval Number(s): EMVCo Letter of Approval - Contact Terminal Level
More informationEMVCo Letter of Approval - Contact Terminal Level 2 - Renewal
August 02, 2017 Guenter Reich DPS Engineering GmbH Eiffestrasse 78 Hamburg D-20537 GERMANY Re: EMVCo Letter of Approval - Contact Terminal Level 2 - Renewal EMV Application Kernel: Approval Number(s):
More informationEMV Contactless Specifications for Payment Systems
EMV Contactless Specifications for Payment Systems Book C-6 Kernel 6 Specification Version 2.6 February 2016 pursuant to the EMVCo Terms of Use agreement found at www.emvco.com, as supplemented by the
More informationEMV2000 Integrated Circuit Card Specifications for Payment Systems
EMV2000 Integrated Circuit Card Specifications for Payment Systems Book 4 Cardholder, Attendant, and Acquirer Interface Requirements Version 4.0 December, 2000 2000 EMVCo, LLC ( EMVCo ). All rights reserved.
More informationPayPass M/Chip Application Note #17
This application note provides the errata for: PayPass M/Chip Acquirer Implementation Requirements, Version 1.0 dated July 2008 This application note is dated and replaces completely PayPass M/Chip Application
More informationCommon Payment Application Contactless Extension CPACE. Functional Specification. CPACE for Dual Interface Cards
Common Payment Application Contactless Extension CPACE Functional Specification CPACE for Dual Interface Cards 18.10.2017 Groupement des Cartes Bancaires CB, ServiRed, SIBS MB, Sistema 4B. All rights reserved.
More informationAcquirer JCB Dual Interface EMV Test Card Set
Acquirer JCB Dual Interface EMV Test Card Set.00 July, 2018 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing and delivering this document
More informationFirst Data EMV Test Card Set. Version 2.00
First Data EMV Test Card Set.00 February, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationPayPass M/Chip 4. Card Technical Specification
PayPass M/Chip 4 Card Technical Specification Version 1.3.1 - September 2008 Proprietary Rights The information contained in this document is proprietary and confidential to MasterCard International Incorporated,
More informationM/Chip Advance V1.1 Personalization Guide
M/Chip Advance V1.1 Personalization Guide v01.71 (November, 2017) All copyrights are reserved by KONA I Co., Ltd. This manual can be revised without any notification. Unauthorized copying is strictly prohibited
More informationFirst Data EMV Test Card Set. Version 1.30
First Data EMV Test Card Set.30 January, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationEMV Integrated Circuit Card Specifications for Payment Systems
EMV Integrated Circuit Card Specifications for Payment Systems Book 4 Version 4.1 May 2004 EMV Integrated Circuit Card Specifications for Payment Systems Book 4 Version 4.1 May 2004 1994-2004 EMVCo, LLC
More informationEMV Contactless Specifications for Payment Systems
EMV Contactless Specifications for Payment Systems Book B Entry Point Specification Version 2.6 July 2016 pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV is
More informationInterac USA Interoperability EMV Test Card Set
Interac USA Interoperability EMV Test Card Set.00 April, 2018 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information
More informationFirst Data DCC Test Card Set. Version 1.30
First Data DCC Test Card Set.30 April, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationRe: EMVCo Letter of Approval - Contact Terminal Level 2
December 03, 2015 Antonio Fernandez Donaire Dynasty Technology Group S.A.U. Av. Manoteras, 6 Madrid 28050 Spain Re: EMVCo Letter of Approval - Contact Terminal Level 2 EMV Application Kernel: DYNASTY JAVA
More informationFirst Data U.S. Debit Test Card Set. Version 1.20
First Data U.S. Debit Test Card Set August, 2016 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from
More informationAcquirer JCB EMV Test Card Set
Acquirer JCB EMV Test Card Set July, 2017 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationEMV Integrated Circuit Card Specifications for Payment Systems
EMV Integrated Circuit Card Specifications for Payment Systems Book 4 Version 4.3 November 2011 EMV * Integrated Circuit Card Specifications for Payment Systems Book 4 Version 4.3 November 2011 * EMV
More informationFirst Data Dual Interface EMV Test Card Set. Version 1.20
First Data Dual Interface EMV Test Card Set August, 2016 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationPractical EMV PIN interception and fraud detection
Practical EMV PIN interception and fraud detection Andrea Barisani Daniele Bianco 27 Unusual Car Navigation Tricks Injecting RDS-TMC Traffic Information
More informationOSCAR POS INTEGRATION SPECIFICATION FOR SEPA COMPLIANT TERMINALS
OSCAR POS INTEGRATION SPECIFICATION FOR SEPA COMPLIANT TERMINALS 26/03/2012 1/200 Revision History Version Date Author Object 0.9 16.06.2011 CB/SRC Integration of TMS Messages, Diagnosis added in Retailer
More informationOSCAR POS INTEGRATION SPECIFICATION FOR SEPA COMPLIANT TERMINALS
OSCAR POS INTEGRATION SPECIFICATION FOR SEPA COMPLIANT TERMINALS 10/07/2014 version 3.2 1/154 Revision History Version Date Author Object 1.0 22.08.2011 CB/SRC Integration of comments and SEPA-FAST Part
More informationAUTHORISATION AND SETTLEMENT TECHNICAL SPECIFICATIONS
AUTHORISATION AND SETTLEMENT TECHNICAL SPECIFICATIONS VERSION 1.4 OCTOBER 2017 The Authorisation And Settlement Technical Specifications contains information proprietary to Global Payments. No part of
More informationEMV Integrated Circuit Card Specifications for Payment Systems
EMV Integrated Circuit Card Specifications for Payment Systems Book 1 Terminal Interface Requirements Version 4.1 May 2004 EMV Integrated Circuit Card Specifications for Payment Systems Book 1 Terminal
More informationTransaction Response Code (iso-8583 Field 39)
Transaction Response Code (iso-8583 Field 39) ISO 8583 Financial transaction card originated messages Interchange message Part 3: Maintenance procedures for messages, data elements and code values either
More informationPayPass Testing Environment
PayPass Testing Environment Version 3 Level 2 Reader Testing 16 May 2012 Proprietary Rights The information contained in this document is proprietary and confidential to MasterCard International Incorporated,
More informationUnionPay QuickPass Terminal Product Certification Rules
Document No.: UPCA--02V.0 PU UnionPay QuickPass Terminal Product Certification Rules Issued on July, 205 Implemented from July, 205 Issued by China UnionPay Co., Ltd. UnionPay QuickPass Terminal Product
More informationMobile MasterCard. PayPass User Interface Application Design Guide. User Experience, Use Cases, Screen Layouts and Design. Version 1.
Mobile MasterCard PayPass User Interface Application Design Guide Version 1.0 September 2011 User Experience, Use Cases, Screen Layouts and Design How to use this document 3 Core 4 Extended This document
More informationTO: FROM: DATE: SUBJECT: Revisions General 2.1 The Mismatch does
TO: FROM: T10 Membership Paul A Suhler, Quantum Corporation David Black, EMC DATE: 22 October 2008 SUBJECT: T10/08-46r1, SPC-4: Correction to IKEv2-SCSI Certificate Request Payload 1 Revisions 0 Initial
More informationCEPTEST Application Note
CEPTEST Application Note Version 1.0 Running Stress Tests Museumstr. 76 CH-8400 Winterthur Tel. 052 212 63 03 Fax 052 212 66 78 www.celsi.ch Version 1.0, 6th of March, 2006 1 1 Introduction.................................3
More informationBarclaycard Smartpay B. Test Cards and Test Data
Barclaycard Smartpay B Test Cards and Test Data Document Ref. 0785 - Summary Specifies the test cards and test data that can be used with the Barclaycard Smartpay staging environment. Version 04 draft
More informationVisa paywave Implementation Overview and European Pilot Operating Principles Member Letter: VE 08/08 Type: General 16 April 2008
Principal and Group Members Centre Manager Senior Visa Officer Marketing Staff Visa paywave Implementation Overview and European Pilot Operating Principles Member Letter: VE 08/08 Type: General 16 April
More informationHacking new NFC cards
Hacking new NFC cards NTAG2x, Ultralight EV1/C, Desfire EV2, ISO-15693, meal EMV cards abyssal see #brmlab IRC for contact 6.12.2018 New cards Mifare Ultralight C, Ultralight EV1 descendant of simple Ultralight
More informationPayment systems. Andrew Paverd & Tuomas Aura CS-C3130 Information security. Aalto University, Autumn 2018
Payment systems Andrew Paverd & Tuomas Aura CS-C3130 Information security Aalto University, Autumn 2018 Outline 1. EMV card payment 2. (More card security features) 3. (Anonymous digital cash) 4. Bitcoin
More information7. Best Practice. 7.1 Introduction. 7.2 Documentation. 7.3 Terminal Categories
Version 2.5 Technical Reference Guide Open Terminal Requirement Specification 2006 07 01 7. Best Practice 7.1 Introduction The purpose of this chapter is to list a number of useful hints and guidelines
More informationEmmy. User Guide. 1. Emmy Terminal Features. 2. Important information to protect your business. 3. Getting Started
User Guide 1. Emmy Terminal Features 2. Important information to protect your business The following steps should be followed at all times to protect you and your customers from fraud. You must ensure
More information1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)
To: INCITS Technical Committee T10 From: David L. Black, EMC Email: black_david@emc.com Date: October 29, 2008 Subject: SPC-4: Digital Signature Authentication (08-423r0) 1) Revision history Revision 0
More informationMTR CORPORATION. User Guide for E-Tendering System R3.16 TABLE OF CONTENTS SYSTEM REQUIREMENT... 1 NEW SUPPLIER / CONTRACTOR REGISTRATION...
MTR CORPORATION User Guide for E-Tendering System R3.16 TABLE OF CONTENTS SYSTEM REQUIREMENT... 1 NEW SUPPLIER / CONTRACTOR REGISTRATION... 2 LOGON FOR REGISTERED SUPPLIER / CONTRACTOR... 6 UPDATE USER
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationKEYMAN. Security key and certificate management message. Edition 2016
EANCOM 2002 S4 Security key and certificate management message Edition 2016 1. Introduction... 2 2. Message Structure Chart... 3 3. Branching Diagram... 4 4. Segments Description... 5... 6 6. Example(s)...
More informationSigne Certification Authority. Certification Policy Degree Certificates
Signe Certification Authority Certification Policy Degree Certificates Versión 1.0 Fecha: 2/11/2010 Table of contents 1 FOREWORD 1.1 GENERAL DESCRIPTION 1.2 DOCUMENT NAME AND IDENTIFICATION 2 PARTICIPATING
More informationAlternative means of transmitting and receiving of data files
Annex 4 to the CERTIS rules Alternative means of transmitting and receiving of data files Version 4 effective from 1 March 2017 Version 4 effective from 1 March 2017 Page 1 of 5 CONTENTS 1. Introduction...
More informationAUTACK. Secure authentication and acknowledgement message. Edition 2016
EANCOM 2002 S4 Secure authentication and acknowledgement message Edition 2016 1. Introduction... 2 2. Message Structure Chart... 3 3. Branching Diagram... 4 4. Segments Description... 5 5. Segments Layout...
More informationTerms and Conditions for Remote Data Transmission
Terms and Conditions for Remote Data Transmission (As amended on 15 November 2013) 1. Scope of services (1) The Bank is available to its Customer (account holder) for remote transmission of data by electronic
More informationPAYMENT SYSTEM RESPONSE CODES
PAYMENT SYSTEM RESPONSE CODES Bank s Text Text APPROVED 00 Approved 08 Honour with ID 11 Approved VIP (not used) 16 Approved, Update Track 3 (not used) 77 Approved (ANZ only) DECLINED 01 Refer to Card
More informationTechnical Specifications
Technical Specifications Version 1.8 May 2015 Global Payments is a trading name of GPUK LLP. GPUK LLP. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or
More informationSecurity Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets
Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets TABLE OF CONTENTS 1 SCOPE OF DOCUMENT... 1 2 INTRODUCTION... 1 3 SECURITY LEVELS... 1 3.1 CRYPTOGRAPHIC MODULE SPECIFICATION...
More informationApple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Version 4.0 Effective Date: September 18, 2013 Table of Contents
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationDCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification
DCCKI Interface Design Specification and DCCKI Repository Interface Design Specification 1 INTRODUCTION Document Purpose 1.1 Pursuant to Section L13.13 of the Code (DCCKI Interface Design Specification),
More informationISO/IEC PDTS 21425, C++ Extensions for Ranges, National Body Comments
Document No: WG21 N4694 Date: 2017-08-10 Project: Programming Language C++ Extensions for Ranges References: Reply to: Casey Carter ISO/IEC PDTS 21425, C++ Extensions for Ranges, National
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.3 Effective
More informationInternet Engineering Task Force (IETF) Request for Comments: 6818 Updates: 5280 January 2013 Category: Standards Track ISSN:
Internet Engineering Task Force (IETF) P. Yee Request for Comments: 6818 AKAYLA Updates: 5280 January 2013 Category: Standards Track ISSN: 2070-1721 Abstract Updates to the Internet X.509 Public Key Infrastructure
More informationSFTP Batch Processor. Version 1.1
SFTP Batch Processor Version 1.1 CONTENTS 1. OVERVIEW... 2 2. SFTP CONNECTION... 3 3. INPUT FILE SPECIFICATION... 4 4. OUTPUT FILE SPECIFICATION... 6 5. BATCHING SCENARIOS... 8 7. MESSAGE FIELD PROPERTIES...
More informationMagento Extension User Guide: Web Services Version 3.6.1
Version 3.6.1 This document explains how to install the official Secure Trading extension on your Magento store. Published: 3 August 2017 Table of Contents 1 Introduction... 3 1.1 Features... 3 1.2 Requirements...
More informationREGISTRATION DATA INTERFACE SPECIFICATION
REGISTRATION DATA INTERFACE SPECIFICATION DEFINITIONS Data Transfer Catalogue DCC Status DCC Status File Electricity Registration Data Provider FTP FTPS Gas Registration Data Provider Hot Standby Router
More informationUniversal Companion Document Industry Adoption of X
Universal Companion Document Industry Adoption of X9.100-187 Version 1.3 April 1, 2014 Version 1.3 of the Universal Companion Document utilizes ANSI X9.100-187-2013 as the base standard. Document Revision
More informationTerminal Architecture for PSAM Applications (TAPA) Application Architecture Specification. Version 2.1. February 2001
Terminal Architecture for PSAM Applications (TAPA) Application Architecture Specification Version 2.1 February 2001 i TABLE OF CONTENTS 1. REVISION LOG...1 2. DOCUMENT OVERVIEW...3 2.1 PURPOSE...3 2.2
More informationVerifying emrtd Security Controls
Blackhat Europe 2010 Verifying emrtd Security Controls Raoul D Costa 1 3M 2010. All Rights Reserved. Agenda Overview of ICAO / EU Specifications emrtds decomposed emrtd Infrastructure (PKI) Inspecting
More informationAuthorize.Net Magento 2.x Payment Module
Authorize.Net Magento 2.x Payment Module User Guide Revision 1.0.1 September 17, 2018 Sep 17 2018 Authorize.Net Global Payment Management for Magento 2.x 1 Contents Document History... 4 1. Introduction...
More informationUSA Debit EMV Test Plan. Version 1.30
USA Debit EMV Test Plan.30 June 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing and delivering this document and the associated test cards
More informationUsing existing security infrastructures
Using existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang (South
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationISO INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO 8583-1 First edition 2003-06-15 Financial transaction card originated messages Interchange message specifications Part 1: Messages, data elements and code values Messages initiés
More informationPKCS #15: Conformance Profile Specification
Table of Contents PKCS #15: Conformance Profile Specification RSA Laboratories August 1, 2000 1 INTRODUCTION... 2 1 REFERENCES AND RELATED DOCUMENTS... 2 2 DEFINITIONS... 2 3 SYMBOLS AND ABBREVIATIONS...
More informationWIC EBT Technical Implementation Guide 2012 Version
WIC EBT Technical Implementation Guide 2012 Version This guidance is to provide the implementation framework for Online and Smart Card WIC EBT. FNS expects all stakeholders supporting WIC EBT to incorporate
More informationIP Pay. End User System Reference Manual. Document revision October 2008
IP Pay End User System Reference Manual Document revision 1.3 6 October 2008 1 Table of Contents Introduction 3 DECLINE Response Codes 4 AVS Result Codes 7 CVV2/CVC/CID Result Codes 9 CAVV Result Codes
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationDigital Signatures Act 1
Issuer: Riigikogu Type: act In force from: 01.07.2014 In force until: 25.10.2016 Translation published: 08.07.2014 Digital Signatures Act 1 Amended by the following acts Passed 08.03.2000 RT I 2000, 26,
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationPayment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0
Payment Card Industry (PCI) Data Security Standard Summary of s from PCI DSS Version 1.2.1 to 2.0 October 2010 General General Throughout Removed specific references to the Glossary as references are generally
More informationNRE/VDX. Web Admin Manual: Managing Requests
NRE/VDX Web Admin Manual: Managing Requests OCLC, 2014. OCLC owns the copyright in this document including the content, page layout, graphical images, logos, and photographs and also owns all trademarks
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9796-2 Third edition 2010-12-15 Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationClover Flex Security Policy
Clover Flex Security Policy Clover Flex Security Policy 1 Table of Contents Introduction General description Installation Guidance Visual Shielding Device Security Decommissioning Key Management System
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More information(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and
SUB-LRA AGREEMENT BETWEEN: (1) Jisc (Company Registration Number 05747339) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and (2) You, the Organisation using the Jisc
More informationApple Inc. Certification Authority Certification Practice Statement
Apple Inc. Certification Authority Certification Practice Statement Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA Apple Application Integration - G3 Sub-CA Version 6.2 Effective
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More information2007 Japanese Design Law Amendment
APAA DESIGN COMMITTEE COUNTRY REPORT on JAPAN By Hiroyuki NAKAGAWA (In Adelaide, Australia on 18 Nov. 2007) 2007 Japanese Design Law Amendment The Japanese design law was amended on April 1, 2007, in the
More informationBuilding on existing security
Building on existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang
More informationCB TEST PRODUCTS & SERVICES CATALOGUE
Groupement des Cartes Bancaires "CB" CB TEST PRODUCTS & SERVICES CATALOGUE "In as much as the intellectual property code authorizes, under the terms of paragraphs 2 and 3 of article L. 122-5, on the one
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013 Table of Contents 1. Introduction... 5 1.1. Trademarks... 5
More informationDECISION OF THE EUROPEAN CENTRAL BANK
L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System
More informationPIN Security Requirements
Payment Card Industry (PCI) PIN Security Requirements PCI SSC Modifications Summary of Significant Changes from v2.0 to v3.0 August 2018 PCI SSC Modifications to PCI PIN Security Requirements In the table
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More information