PayPass Testing Environment

Transcription

1 PayPass Testing Environment Version 3 Level 2 Reader Testing 16 May 2012

2 Proprietary Rights The information contained in this document is proprietary and confidential to MasterCard International Incorporated, one or more of its affiliated entities (collectively MasterCard ), or both. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard. Trademarks Trademark notices and symbols used in this manual reflect the registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States. All third-party product and service names are trademarks or registered trademarks of their respective owners. MasterCard Worldwide Chip Centre of Excellence Chaussée de Tervuren 198A B-1410 Waterloo Belgium.

3 Table of Contents 1 Introduction Purpose Audience Reader Guidance Related Information Acronyms Terminology Test Tool Environment Description Card simulator DEK-DET xml files Requirements for Product Test Environment What s new? Test Environment architecture for an intelligent reader Test Environment architecture for an Integrated Terminal Requirements for the PayPass Product Requirements for the Test Environment Interface Requirements for the transaction related data Requirements for the configuration data sets Requirements for Product Test Environment (Data Exchange) Test Environment architecture Requirements for the PayPass Product Requirements for the Test Environment Interface Annex A: Configuration and Transaction related data sets Default Transaction related data Default Transaction related data values (Mag-Stripe) Default Transaction related data values (EMV) Default Configuration data sets Default Configuration Data values (Mag-Stripe) Default Configuration Data values (EMV) Configuration data sets Configuration data set definitions (Mag-Stripe) Configuration data set definitions (EMV) PayPass Testing Environment 16 May 2012 i

4 Table of Contents Configuration data set definitions (Mag-Stripe Data Exchange) Configuration data set definitions (EMV Data Exchange) Annex B: CA Public Keys CA Public keys related to the RID A CA Public keys related to the RID B Annex C: Data Exchange XMLs definition XML graphic view XML attribute definition XML example Document Type Definition ii PayPass Testing Environment 16 May 2012

5 Introduction 1 Introduction Purpose This chapter provides an introduction to the PayPass Testing Environment for readers implementing [PayPassV3]. MasterCard requires that PayPass Products implementing [PayPassV3] and submitted for PayPass Type Approval Level 2 (PayPass TTA L2) are to be tested against the relevant specification. To test the compliance of the PayPass Product implementation to [PayPassV3], the PayPass Product has to be tested in a determined PayPass Testing Environment, as described below and further detailed in this document. Figure 1-1: Schematic View of the PayPass Testing Environment Configuration data sets Test Environment Interface DEK-DET xml files Transaction related data PayPass Product Card simulator Product Test Environment Test Tool Environment The PayPass Testing Environment is composed of two parts: The Test Tool Environment is qualified by MasterCard. It allows the control and the observation of the interface between the PayPass Product and the card simulator. The Test Tool Environment also includes DEK-DET xml files in order to test PayPass Products that support Data Exchange. The Product Test Environment is composed itself of four sub-parts: o The Test Environment Interface allows the configuration of the PayPass Product data and parameters and the observation of the PayPass transaction data output. When the PayPass Product supports Data Exchange, the Test Environment Interface acts as a Terminal application simulator receiving the DEKs and returning DETs as defined in the DEK-DET xml files. The Test Environment Interface must be provided by the vendor at the same time as the PayPass Product samples. PayPass Testing Environment 16 May

6 Introduction o o o The library of configuration data sets (e.g.: AIDs, Terminal Action Codes ) as defined in the current document. The transaction related data objects (e.g.: amount, transaction currency ) as defined in the current document. The PayPass product itself embedding the PayPass application to be tested. The PayPass product could be an Intelligent reader or an Integrated terminal. Audience The purpose of this document is to describe the requirements of the PayPass Testing Environment. This document is structured as follows: Chapter 2: Laboratory Test Tool Description Chapter 3: Requirements for Product Test Environment Chapter 4: Requirements for Product Test Environment (Data Exchange) Reader Guidance This document is intended for use by Vendors, that is, by manufacturers and suppliers of PayPass Products. This document is aimed at the Program Manager or Project Manager responsible for the delivery of their PayPass Products through the PayPass Vendor Product Approval Process. This document describes the PayPass Testing Environment for PayPass Products supporting all types of PayPass applications. Information specific to Products not supporting the EMV implementation option is indicated with the following symbol in the margin: Mag Stripe If the vendor submits a PayPass Product not supporting the EMV implementation option, he can skip the information specific to Products supporting this option. Such information is indicated with the following symbol in the margin: M/Chip 1-2 PayPass Testing Environment 16 May 2012

7 Introduction Related Information The following reference materials may be of use to the reader of this document. NOTE: MasterCard reserves the right to release updates to these documents and any documents it references. Vendors must therefore check for the latest documentation versions and the impact of any amendments they contain before starting the vendor testing process. EMV Contactless Protocol EMV Contactless Communication Protocol Specification 2.0.x (where x can be any value.) PayPassV3 PayPass M/Chip Reader Card Application Interface Specification V3.x Mag Stripe M/Chip The EMV implementation option is not implemented. The EMV implementation option is implemented. Acronyms The following acronyms are used in this document: Acronym Description EMV Europay MasterCard Visa TTA L1 Terminal Type Approval Level 1 TTA L2 Terminal Type Approval Level 2 PayPass Testing Environment 16 May

8 Introduction Terminology This section explains the terms used in this specification. Contactless Card Reader Product integrating a PCD, to be connected to a Terminal, to allow the Terminal to perform the financial transaction. A Contactless Card Reader may also include other components such as PED, PayPass Application, contact interface module, printer. (Fully) Integrated Terminal A PayPass Product integrating a PCD and the PayPass Application and which can process a Payment transaction without needing to be connected to a Contactless Card Reader. It may also include other components and interfaces such as PIN Entry Devices (PED), printer or host communications. Intelligent (Contactless Card) Reader A Contactless Card Reader which also integrates a PayPass Application. Operational Terminal Any terminal hardware/software not part of the submitted product that enables terminal functionality, i.e. hardware into which a submitted product must be integrated to form a payment/service providing system e.g. vending machine. PayPass Application The software module or kernel residing on a PayPass Product and which implements the [PayPassV3]. PayPass Product A product or combination of products incorporating at least a PCD or a PayPass Application. Only PayPass Products integrating a PCD and a PayPass Application and a PED, if available on that PayPass Product, will be approved by MasterCard. PayPass Product Component Component whose assessment is relevant for PayPass Product Approval. There are three PayPass Product Components: the PCD, the PayPass Application and the PIN Entry Device (if any). PayPass Terminal A Fully Integrated Terminal or the combination of a Contactless Card Reader and a terminal covering the PayPass Application. Proximity Coupling Device (PCD) A product component constituted of a combination of hardware and software and which implements [EMV Contactless Protocol]. The PCD uses inductive coupling to provide power to the PICC and also controls the data exchange with the PICC, up to and including the transport layer. Sample A PayPass Product picked out of production for testing. Transparent Contactless Card Reader A Contactless Card Reader that does not integrate the PayPass Application. 1-4 PayPass Testing Environment 16 May 2012

9 Test Tool Environment Description 2 Test Tool Environment Description Card simulator This section details the elements included in the Test Tool Environment: - the card simulator and - the DEK-DET xml files (when PayPass Product supports Data Exchange) Card simulator DEK-DET xml files The card probe test application simulates different card profiles to check whether the submitted PayPass Product supports all the mandatory features of the [PayPassV3]. TTA L2, as performed by a Test Laboratory, includes confidence tests with PayPass TIP cards. This enhances interoperability and increases the confidence that the PayPass Product will function correctly during integration and network testing. The list of the tool vendors selling the MasterCard TIP test cards for TTA L2 testing can be obtained by contacting Testing_Terminal@PayPass.com. DEK-DET xml files The DEK-DET xml files only apply when the PayPass Product supports the Data Exchange implementation option. They are provided by MasterCard. More details about the xml format are provided further in the document. PayPass Testing Environment 16 May

10

11 Requirements for Product Test Environment 3 Requirements for Product Test Environment This chapter details the requirements the Product Test Environment must meet when a Product is submitted for PayPass Type Approval Level 2. This chapter does not deal with Data Exchange. The Product Test Environment additional requirements specific to Data Exchange are detailed in the next chapter "Requirements for Product Test Environment (Data Exchange)". What s new? The previous TTA Level 2 test suites included many implementation options like Online capable or Integrated Terminal. Those options were listed in the Implementation Conformance Statement the vendor had to fill-in before entering the TTA Level 2 test process. The PayPass Product was approved for a determined configuration, for example Online Capable and Integrated Terminal. The current [PayPassV3] explicitly states that only 2 implementation options exist: EMV and Data Exchange. The PayPass product under test must therefore support all features defined in the specification with the only exception of the 2 implementation options. In other words, all PayPass Products must support for example - online capable and offline-only transactions. Similarly Integrated Terminal is no longer an option so the Integrated Terminals must be tested in a manner similar to intelligent readers. This may be a problem when for example the test requires the transaction amount to not be passed to the Product. Some Integrated Terminals may not allow a transaction to start unless the amount has been entered. The below sections describe one way to implement the Product Test Environment requirements depending on whether the Product is an intelligent reader or an integrated terminal. PayPass Testing Environment 16 May

12 Requirements for Product Test Environment Test Environment architecture for an intelligent reader When deployed, the set-up of an intelligent reader is described below. Figure 3-1: Intelligent reader set-up Terminal PayPass Product (intelligent reader) Card During the TTA Level 2 tests, the Terminal and Card are replaced respectively by the Test Environment Interface and the Card Simulator as shown on the figure below. Figure 3-2: PayPass Testing Environment for an intelligent reader Configuration data sets Test Environment Interface Transaction related data PayPass Product Card simulator Product Test Environment Test Tool Environment Before running the tests, the Product must be set-up with the appropriate configuration data set. The next figure shows how this is done. 3-2 PayPass Testing Environment 16 May 2012

13 Requirements for Product Test Environment Figure 3-3: loading the configuration data set in the intelligent reader Configuration data sets Test Environment Interface Test conf #1 PayPass Product Product Test Environment Once the PayPass Product is configured, the transaction can be launched. This may be done through an Activation command embedding the transaction related data objects. The transaction output data are then returned to the Test Environment Interface. Figure 3-4: launching the transaction Test Environment Interface Test Environment Interface Transaction related data (Amount, Currency, Date, ) Output data Test conf #1 PayPass Product Test conf #1 PayPass Product PayPass Testing Environment 16 May

14 Requirements for Product Test Environment Test Environment architecture for an Integrated Terminal The set-up of an Integrated Terminal is described below. Figure 3-5: Integrated Terminal set-up PayPass Product (integrated reader) Card Terminal Intelligent reader The terminal logic talks to the intelligent reader portion and will only send the instructions that are relevant for the specific usage of the integrated terminal. As an example: if the integrated terminal is only used as portable POS, it will not start a transaction before the amount has been entered. This type of decision logic and I/O control is implemented in the terminal logic. In order to have access to (test) the full functionality of the kernel, the terminal logic must be bypassed. The extent to which it can be bypassed impacts the Test Environment. Depending on the integrated terminal architecture, the Product may not accept the transaction to be launched through an Activation command embedding the transaction related data objects. If so, it is still possible to load the transaction related data objects (including or not the amount, currency ) during a parameter setting phase, before doing the transaction. This is illustrated in the figure below. 3-4 PayPass Testing Environment 16 May 2012

15 Requirements for Product Test Environment Figure 3-6: loading the parameters in an integrated terminal Configuration data sets Test Environment Interface Test conf #1 Transaction related data (amount, currency, ) PayPass Product Product Test Environment Once the configuration data set and the transaction related data (including or not the amount, currency ) are loaded in the PayPass product, the test operator can launch the transaction. At the end of the transaction, the outcome data are passed to the Test Environment Interface for verification. Figure 3-7: launching the transaction Test conf #1 PayPass Product Transaction related data Test Environment Interface Output data Test conf #1 PayPass Product Transaction related data Card simulator PayPass Testing Environment 16 May

16 Requirements for Product Test Environment Requirements for the PayPass Product PayPass Product The PayPass Product must comply with the [PayPassV3]. All features must be implemented apart from the implementation options defined in the specifications that are by definition optional. The PayPass Product must also meet the following requirements. A1. Data Record & Discretionary Data A2. Outcome Parameter Set The PayPass Product must comply with the requirements defined in [PayPassV3] section Lists of Data Objects in OUT. That is, the reader must return the Data Record and the Discretionary Data. Note that the Discretionary Data includes the Error Indication data object. The [PayPassV3] section Simple Payment Transaction lists the relevant information from the Outcome Parameter Set to be passed to the Terminal in the transaction output data. For testing needs, the PayPass product must provide all Outcome Parameter Set information to the Test Environment Interface, that is: Status Start Online Response Data CVM UI Request on Outcome Present UI Request on Restart Present Data Record Present Discretionary Data Present Receipt Alternate Interface Preference Field Off Request Removal Timeout A3. MSG signal The PayPass Product must permit to observe the MSG signal output as returned by the kernel. Note that in some cases the kernel will return several MSG signals in the same transaction (see diagram flow S14, card read OK then clear display ). In such a case all MSG signals must be provided in a chronological order. A4. Phone message Table A5. Error Indication For all AIDs, the reader must support the Phone Message Table defined in [PayPassV3] section Phone Message Table. As described in the requirement A1 above, the Error Indication data object must be returned in the Discretionary Data. 3-6 PayPass Testing Environment 16 May 2012

17 Requirements for Product Test Environment A6. Select Next The PayPass Product must also permit to observe the Outcome Parameter Set and the Error Indication as provided by the kernel to the Application Selection module when the kernel detects an issue leading to a Select Next outcome. Please see the example below. MasterCard AID is selected the kernel detects an issue leading to a Select Next outcome the PayPass Product must return the Outcome Parameter Set and the Error Indication data Select Next: Maestro AID is selected the kernel completes the transaction successfully A7. Default Transaction Type In some circumstances, the Transaction Type may not be provided to the reader. When this occurs the reader must use a configurable default Transaction Type value. During the tests, the default Transaction Type value shall be 09 (Purchase with Cashback). PayPass Testing Environment 16 May

18 Requirements for Product Test Environment Requirements for the Test Environment Interface Test Environment Interface Ideally, the Test Environment Interface is integrated in a single environment, running on a PC (Personal Computer). The Test Environment Interface must also meet the following requirements. B1. Configuration data setting B2. Transaction related data setting B3. Transaction data outputs The Test Environment Interface must permit to load the Configuration data sets define further in Annex A: Configuration and Transaction related data sets. The vendor must provide the related data sets to the laboratory. The Test Environment Interface must permit to easily configure the transaction related data objects (Amount, Transaction Currency ) as defined in Annex A: Configuration and Transaction related data sets. The Test Environment Interface must provide access to the transaction data outputs: Data record Discretionary data Outcome Parameter Set Error Indication (see also requirement A1 above) MSG signal (see also requirement A2 above) B4. Symbolic values The Test Environment must display the symbolic values (e.g. "CAM FAILED") instead of the hexadecimal values (e.g.: '02') for the below transaction data outputs: B5. ASCII / hexadecimal Outcome Parameter Set Error Indication MSG signal (i.e.: User Interface Request Data) The displayed symbolic values must be the ones given in [PayPassV3] section 'Data Dictionary'. This will allow the test operator to easily verify test pass criteria like: In Outcome Parameter Set, Status must indicate Online Request. When displayed, Track 1 must appear in ASCII notation. Other data elements must appear in hexadecimal notation. B6. Cut & paste Means must be provided so that the Transaction data output can be cut & paste into a document (e.g. using CTRL C on screen capture). B7. Autorun The Testing Environment must permit configuration of the Autorun parameter. By default, the value must be No. B8. STOP/ABORT The Test Environment must permit to send a STOP or an ABORT signal to the reader during a transaction (when, for example, the card does not respond to a CAPDU but endlessly returns S(WTX) blocks). The Test Environment must also permit observation of the STOP_ACK signal returned by the reader. If the Product is an Integrated terminal, the STOP or ABORT signal may be triggered by pressing a key on the terminal itself. 3-8 PayPass Testing Environment 16 May 2012

19 Requirements for Product Test Environment Requirements for the transaction related data Transaction related data The Test Environment must permit to configure the transaction-related data objects. C1. Transaction related data objects C2. Updating the data objects The test environment must permit the sending of the transaction related data objects as defined in the [PayPassV3], that is: Amount, Authorized (Numeric) Amount, Other (Numeric) Balance Read Before Gen AC Balance Read After Gen AC Merchant Custom Data Transaction Currency Code Transaction Currency Exponent Transaction Date Transaction Time Transaction Type Data Exchange data objects, when supported The Test Environment must permit to easily edit the list and value of the transaction related data objects. C3. Zero length The test environment must permit to send transaction related data objects without any value (i.e.: zero length) C4. Additional objects C5. Transaction related data values The test environment must also permit to send additional data objects not listed above. The section Annex A: Configuration and Transaction related data sets defines the default transaction related data values. PayPass Testing Environment 16 May

20 Requirements for Product Test Environment Requirements for the configuration data sets Configuration data sets The kernel database must be configurable with any of the permitted data items specified in [PayPassV3]. The Test Environment must be able to store these data objects so they can be easily re-used from one transaction to another. This section defines the testing configuration requirements the submitted PayPass Product must meet when testing the PayPass Application. The requirements are split into 2 categories: - requirements common to PayPass Mag-Stripe and PayPass M/Chip products - requirements for PayPass M/Chip products The following Product Test Environment requirements are common to PayPass Mag-Stripe and PayPass M/Chip products. D1. List of AIDs Unless otherwise specified in section Annex A: Configuration and Transaction related data sets, the submitted PayPass Product must contain the list of AIDs listed in Table 3-1: Supported AIDs. D2. Kernel ID For all AIDs, the Kernel ID must indicate Kernel 2 unless otherwise specified in the configuration data sets. D3. Transaction Type The following Transaction Types must be supported for all AIDs: Payment ( 00 ) Cash ( 01 ) Purchase with Cashback ( 09 ) Refund ( 20 ) Table 3-1: Supported AIDs Transaction Types: Payment, Cash, Cashback, Refund MasterCard AID A Maestro AID A Test AID B Kernel PayPass Testing Environment 16 May 2012

21 Requirements for Product Test Environment D4. Zero length The Test Environment must permit to send a configuration data object without any value (i.e.: zero length) D5. Additional objects D6. Configuration data set values The Test Environment must also permit to send additional configuration data objects not listed in the specifications The section Annex A: Configuration and Transaction related data sets defines the Configuration data sets. They must be provided to the lab. PayPass Testing Environment 16 May

22 Requirements for Product Test Environment M/Chip The following Product Test Environment requirements apply to PayPass M/Chip Products only. D7. Configuration options D8. Certificate Revocation list Unless otherwise specified in the Annex A: Configuration and Transaction related data sets section, here is how the configuration options must be set: EMV mode only : see Kernel Configuration data element in table 3-5 Mag-Stripe mode only : see Kernel Configuration data element in table 3-5 Balance reading and display : activated Torn transaction recovery : activated IDS : as defined in the Annex A: Configuration and Transaction related data sets section. The Certificate Revocation List must include the data defined in Table 3-2: Certificate Revocation List data. The Product Test Environment must permit to add and remove an item from the Certificate Revocation list. D9. CA Public Keys The CA Public Keys related data elements are defined in section Annex B: CA Public Keys. The following requirements concern functionalities that are not specified in [PayPassV3]. As stated in [PayPassV3] section 6 Kernel State Diagrams, they can be considered optional for the implementation. D10. Exception file If supported by the submitted PayPass Product, the exception file must include the following data: PAN: PAN sequence number: PayPass Testing Environment 16 May 2012

23 Requirements for Product Test Environment Table 3-2: Certificate Revocation List data RID: A CA PK Index: F8 Certificate Serial Number: RID: B CA PK Index: F8 Certificate Serial Number: PayPass Testing Environment 16 May

24

25 Requirements for Product Test Environment (Data Exchange) 4 Requirements for Product Test Environment (Data Exchange) This chapter details the Product Test Environment requirements specific to Data Exchange. When a PayPass Product supports Data Exchange, it must fulfill the below requirements as well as those defined in the previous chapter "Requirements for Product Test Environment". Test Environment architecture This section does not distinguish between the Test Environment architecture for intelligent readers and integrated terminals. This section will consider the PayPass Product separate from the Terminal as shown in the below figure. For further details about Test Environment architecture for an integrated terminal please see the previous chapter "Requirements for Product Test Environment". Figure 4-1: Test environment architecture Terminal DEKs DETs PayPass Product Card During the TTA Level 2 tests, the Terminal and Card are replaced respectively by the Test Environment Interface and the Card Simulator as shown on "Figure 4-2: PayPass Testing Environment (Data Exchange supported)". Figure 4-2: PayPass Testing Environment (Data Exchange supported) Configuration data sets Test Environment Interface DEK-DET xml files Transaction related data PayPass Product Card simulator Product Test Environment Test Tool Environment PayPass Testing Environment 16 May

26 Requirements for Product Test Environment (Data Exchange) In addition to the features already detailed in the previous chapter "Requirements for Product Test Environment", the Test Environment Interface simulates a live Terminal application using the information provided by the PayPass Product through the DEK signals to update the PayPass Product data via DET signals. This Terminal application simulator may run in the Test Environment Interface or in the Product itself. This document will assume that it runs in the Test Environment Interface. The Terminal application simulator (Test Environment Interface) uses as input the DEK-DET xml file provided by MasterCard. These files, usually one per test case, provide the list of DET signals to be returned for every DEK signal expected during the Data Exchange test. The DEK-DET xml file format is defined further in "Annex C: Data Exchange XMLs definition". Before running the tests, the Product must therefore be set-up with the appropriate configuration data set and DEK-DET xml file, as shown in the figure below. Figure 4-3: loading test data Configuration data sets Test Environment Interface DEK-DET xml file #1 DEK-DET xml files Test conf #1 PayPass Product Product Test Environment Test Tool Environment 4-2 PayPass Testing Environment 16 May 2012

27 Requirements for Product Test Environment (Data Exchange) Once the PayPass Product is configured, the transaction can be started. The Transaction Related Data are passed to the kernel. The kernel may request data from the Test Environment Interface by sending DEKs signals. The Test Environment Interface will return the requested data in DETs signals. The transaction output data are then returned to the Test Environment Interface. Figure 4-4: Data Exchange transaction DEK-DET xml file Test Environment #1 Interface Transaction related data (Amount, Currency, ) DEKs DETs Output data Test conf #1 PayPass Product Card simulator Product Test Environment Test Tool Environment PayPass Testing Environment 16 May

28 Requirements for Product Test Environment (Data Exchange) Requirements for the PayPass Product PayPass Product The PayPass Product supporting Data Exchange must meet the following requirements. A'1. Transaction log The Product must generate a transaction log including: CAPDUs RAPDUs DEKs DETs The transaction log must list the APDU/DEK/DET signals in the order they have been treated by the PayPass Product. Especially the log must show when a DEK was sent. A'2. Unexpected DEK The transaction log must include a message like "Unexpected DEK" when the DEK sent was not expected, i.e.: the DEK is not listed in the DEK-DET xml file. 4-4 PayPass Testing Environment 16 May 2012

29 Requirements for Product Test Environment (Data Exchange) Requirements for the Test Environment Interface Test Environment Interface Ideally, the Test Environment Interface is integrated in a single environment, running on a PC (Personal Computer). When the PayPass Product supports Data Exchange, the Test Environment Interface must also meet the following requirements. B'1. XML format The Test Environment Interface must be capable of interpreting the DEK-DET xml files. Further details about the XML format are given in "Annex C: Data Exchange XMLs definition". The PayPass Product provider is free to perform any type of conversion to accommodate the xml files provided to its implementation choice (e.g.: different tags) but he must keep in mind that the xml files may change quite often and should automate these conversions. B'2. B'3. B'4. B'5. First DEK match basis Unpredictable Number DEK identifier '5F53' Unexpected DEK When the Test Environment Interface receives a DEK signal from the PayPass Product it must read the related DEK-DET xml file from the beginning until the same DEK is found. The DET(s) associated to this DEK is (are) then returned to the PayPass Product. The value of the Unpredictable Number actually used during a test is by nature not known at the DEK-DET xml file generation. Routines developed by the PayPass Product supplier to parse and use the DEK-DET xml files shall therefore ignore the Unpredictable Number value provided in the files and keep as only applicable criteria the presence and the length of the data element. Some DEKs defined in the xml files will include a tag '5F53' coded on 1 byte in the Data To Send list. This tag is a key used to differentiate the DEKs in the xml file. When the PayPass Product sends a DEK that is not listed in the DEK-DET xml file, the Test Environment Interface must inform the PayPass Product that an "Unexpected DEK was received" (See also requirement A'2). B'6. Tag Order In order to correctly match the DEK value, some ordering requirements are needed. They are listed below. When filling the DEK, the PayPass product must: 1) Follow the specification order (e.g.: CDOL missing data (S4.ED29 in [PayPassV3]) are requested in Data Needed before the DSDOL missing data (S4.ED33). 2) Follow the Tags To Read Yet order. When several data items identified in Tags To Read Yet are available they must be put in the Data To Send list in the order they appear in the Tags To Read Yet list. PayPass Testing Environment 16 May

30 Requirements for Product Test Environment (Data Exchange) B'7. Several DETs The DEK-DET xml file could include several DETs for the same DEK meaning that the Test Environment Interface shall return several DETs upon reception of the related DEK. The Test Environment Interface shall return all the DET signals in the same order as in the DEK-DET xml file. B'8. No DET When the DEK-DET xml file includes an empty DET, the Test Environment Interface shall not return any DET upon reception of the related DEK. B'9. B'10. Transaction log file Transaction log tags The transaction log (see also requirement A'1) must be made available at the end of each test, be easily readable by the test operator and allow a simple Copy in text format (Ctrl + C). The Test Environment Interface must allow saving the transaction log. The DEK-DET tags recorded in the transaction log must be the tags defined in [PayPassV3] (e.g.: 'FF8104') even if the PayPass Product implementation uses proprietary tags. 4-6 PayPass Testing Environment 16 May 2012

31 Annex A: Configuration and Transaction related data sets 5 Annex A: Configuration and Transaction related data sets This annex defines the data sets required during the tests. It is split into 3 subsections: - Default Transaction related data (e.g.: amount is by default 15.00) - Default Configuration data sets (e.g.: TACs are by default set to all zeroes) - Configuration data sets: the list of Mag-Stripe and EMV data sets. Note: this section uses the "Services" 'IsEmpty', 'IsPresent' and 'IsKnown' defined in [PayPassV3]. Default Transaction related data This section lists the transaction related data commonly used in the Level2 tests. Additional requirements are available in the section Requirements for the transaction related data. Default Transaction related data values (Mag-Stripe) The table below defines the default transaction related data values for PayPass Mag- Stripe transactions. Table 3: Default transaction related data values Mag-Stripe Data Object Name Value Amount Authorized (Numeric) (15.00) Default Transaction related data values (EMV) The table below defines the EMV default transaction related data values. It is only applicable when the PayPass Product supports the EMV implementation option. Table 4: Default transaction related data values EMV Data Object Name Value Amount Authorized (Numeric) (15.00) Amount Other (Numeric) Balance Read Before Gen AC All zeroes Tag not present PayPass Testing Environment 16 May

32 Annex A: Configuration and Transaction related data sets Balance Read After Gen AC Tag not present Merchant Custom Data Any value different from zero Transaction Category Code Any value in line with the Merchant Category Code Transaction Currency Code 0978 (euro) Transaction Currency Exponent 2 Transaction Date Current (if fixed, must be later than December 2010) Transaction Time Current (may be fixed) Transaction Type 00 (goods and services) 5-2 PayPass Testing Environment 16 May 2012

33 Annex A: Configuration and Transaction related data sets Default Configuration data sets Default Configuration Data values (Mag-Stripe) The below table defines the default Configuration data set for Mag-Stripe transactions. This corresponds to the data set "PPS_MStripe1" defined further. The Terminal Country Code is a terminal-dependent data item so it should have the same value (defined below) for all AIDs and all Transaction Types. Unless otherwise specified, all other data item values must be the same for all AIDs and for the following Transaction Types: - Payment ( 00 ) - Cash ( 01 ) - Purchase with Cashback ( 09 ) - Refund ( 20 ). Table 5: Default Configuration Data set Mag-Stripe Data Object Name Default UDOL Hold Time Value Kernel Configuration Test value 9F6A04 Tag not present If the product does not support EMV: MasterCard AID: 20 Maestro AID: 20 Test AID: 20 If the Product supports EMV: MasterCard AID: 60 Maestro AID: 60 Test AID: 60 Kernel ID 02 Mag-Stripe Application Version Number Mag-Stripe CVM Capability CVM Required Mag-Stripe CVM Capability No CVM Required Message Hold Time Mobile Support Indicator Reader CTL (No On-device CVM) (Signature) 00 (nocvm) Tag not present No value (i.e.: IsEmpty(T)=True) Reader CTL (On-device CVM) PayPass Testing Environment 16 May

34 Annex A: Configuration and Transaction related data sets Reader CVM Required Limit Terminal Country Code Terminal Identification Transaction Type= 00 (payment): MasterCard AID: Maestro AID: Test AID: Other Transaction Types: MasterCard AID: Maestro AID: Test AID: (terminal-dependent data item) No value (i.e.: IsEmpty(T)=True) --- The details below only apply to products supporting Data Exchange --- Proceed To First Write Flag Tags To Read Time Out Value Tag not present Tag not present Tag not present Default Configuration Data values (EMV) The below table defines the EMV default Configuration data set. It is only applicable when the product supports the EMV implementation option. This corresponds to the data set "PPS_MChip1" defined further. The Interface Device Serial Number and the Terminal Country Code are terminaldependent data items so they should have the same value for all AIDs and all Transaction Types. Unless otherwise specified, all other data item values must be the same for all AIDs and for the following Transaction Types: - Payment ( 00 ) - Cash ( 01 ) - Purchase with Cashback ( 09 ) - Refund ( 20 ). Table 6: Default Configuration Data set EMV supported Data Object Name Account Type Acquirer Identifier Test value No value (i.e.: IsEmpty(T)=True) No value (i.e.: IsEmpty(T)=True) Additional Terminal Capabilities ' Application Version Number 0002 Balance Read Before Gen AC Balance Read After Gen AC Tag not present Tag not present 5-4 PayPass Testing Environment 16 May 2012

35 Annex A: Configuration and Transaction related data sets Card Data Input Capability 00 CVM Capability CVM Required CVM Capability No CVM Required Default UDOL Hold Time Value 60 (Signature and OnlinePIN) 08 (nocvm) 9F6A04 Tag not present Interface Device Serial Number Any value (terminal-dependent data item) Kernel Configuration MasterCard AID: 20 Maestro AID: A0 (EMV only) Test AID: 20 Kernel ID 02 Mag-Stripe Application Version Number Mag-Stripe CVM Capability CVM Required Mag-Stripe CVM Capability No CVM Required Max Lifetime of Torn Transaction Log Record Max Number of Torn Transaction Log Records Merchant Category Code Merchant Identifier Merchant Name and location Message Hold Time Mobile Support Indicator (Signature) 00 (nocvm) Any value different from zero No value (i.e.: IsEmpty(T)=True) No value (i.e.: IsEmpty(T)=True) Tag not present No value (i.e.: IsEmpty(T)=True) Reader Contactless Floor Limit Reader CTL (No On-device CVM) Reader CTL (On-device CVM) Reader CVM Required Limit Security Capability Transaction Type= 00 (payment): MasterCard AID: Maestro AID: Test AID: Other Transaction Types: MasterCard AID: Maestro AID: Test AID: (CDA) PayPass Testing Environment 16 May

36 Annex A: Configuration and Transaction related data sets Terminal Action Codes Terminal Capabilities Terminal Country Code Terminal Identification Terminal Type All zeroes No value (i.e.: IsEmpty(T)=True) 0056 (terminal-dependent data item) No value (i.e.: IsEmpty(T)=True) When Transaction Type = 01 (Cash), Terminal Type must be 14 (Unattended, online-only) for all AIDs. For the following Transaction Types, Terminal Type must be 22 (attended, online capable) for all AIDs - 00 (Payment) - 09 (Purchase with Cashback) - 20 (Refund) --- The details below only apply to products supporting Data Exchange --- DS AC Type DS Input (Card) DS Input (Term) DS ODS Info DS ODS Info For Reader DS ODS Term DS Requested Operator ID DSVN Term Proceed To First Write Flag Tags To Read Tags To Write After Gen AC Tags To Write Before Gen AC Time Out Value No value (i.e.: IsEmpty(T)=True) No value (i.e.: IsEmpty(T)=True) No value (i.e.: IsEmpty(T)=True) No value (i.e.: IsEmpty(T)=True) No value (i.e.: IsEmpty(T)=True) No value (i.e.: IsEmpty(T)=True) Tag not present No value (i.e.: IsEmpty(T)=True) Tag not present Tag not present Tag not present Tag not present Tag not present 5-6 PayPass Testing Environment 16 May 2012

37 Annex A: Configuration and Transaction related data sets Configuration data sets This section lists the Configuration data sets used in the Level2 tests. A simple means to set them must be provided. Additional requirements are available in the section Requirements for the configuration data sets. The configuration data sets are split into 2 categories: - Testing Configurations for all products - Testing Configurations for products supporting the EMV implementation option Configuration data set definitions (Mag-Stripe) The following Device Testing Environment requirements apply to all PayPass products: Unless otherwise specified, the values defined in the below configuration data sets apply to all AIDs and any Transaction Type. Configuration Data set ID PPS_MStripe1 PPS_MS_MonoAppli PPS_perf_MS Description The submitted PayPass Product follows the configuration requirement listed in 'Table 5: Default Configuration Data set Mag-Stripe'. If the reader supports EMV, all other data items not listed in 'Table 5: Default Configuration Data set Mag-Stripe' must be absent (i.e.: IsPresent(T)=false). Same as PPS_MStripe1 except: The list of AIDs only includes the MasterCard AID A Same as PPS_MStripe1 plus, for all AIDs: Reader CTL (No On-device CVM): Reader CTL (On-device CVM): Reader CVM Required Limit: PayPass Testing Environment 16 May

38 Annex A: Configuration and Transaction related data sets PPS_NoDefault_1 PPS_NoDefault_2 PPS_NoDefault_3 Same as PPS_MStripe1 except: For both MasterCard and Maestro AIDs, the TLV database must not contain the data objects listed in the table Configuration Data in TLV Database that Require Default Value where Implementations indicates Always : - Default UDOL - Kernel Configuration - Kernel ID - Mag-stripe Application Version Number (Reader) - Mag-stripe CVM Capability CVM Required - Mag-stripe CVM Capability No CVM Required - Message Hold Time - Reader CTL (No On-device CVM) - Reader CTL (On-device CVM) - Reader CVM Required Limit - Terminal Country Code (this one is a terminal-dependent data object so it will be absent from the TLV database for all AIDs) Same as PPS_NoDefault_1 except: The TLV database must NOT contain the Interface Device Serial Number data object ('9F1E'). For MasterCard AID, the TLV database must contain the following data object value: - Reader CTL (No On-device CVM): For Maestro AID, the TLV database must contain the following data object values: - Reader CTL (On-device CVM): Reader CVM Required limit: Kernel Configuration is 60 (On-device cardholder verification supported) Same as PPS_NoDefault_1 except: The TLV database must NOT contain the Interface Device Serial Number data object ('9F1E') For all AIDs: - Reader CTL (No On-device CVM): Reader CVM Required limit must be set to For Maestro AID: - Kernel Configuration is 40 (only Mag Stripe mode supported) For MasterCard AID: - Mag-stripe CVM Capability No CVM Required set to 10 - Kernel Configuration is 40 (only Mag Stripe mode supported) For Test AID: - Kernel Configuration is 60 (On-device cardholder verification supported; only Mag Stripe mode supported) 5-8 PayPass Testing Environment 16 May 2012

39 Annex A: Configuration and Transaction related data sets PPS_MS_prop PPS_MS_prop2 PPS_MS_prop3 PPS_MS_Limit_1 Same as PPS_MStripe1 except for: - the proprietary tag 9F05 (EMV tag Application Discretionary Data) is present in the TLV database with no value (i.e.: IsKnown=False, IsPresent=True, IsEmpty=True). The update condition includes RA. - the proprietary tag 9F17 (EMV tag PIN try counter) is present in the TLV database with no value (i.e.: IsKnown=False, IsPresent=True, IsEmpty=True). The update condition includes RA. - The proprietary tag 81 (EMV tag Amount Authorized (binary)) is present in the TLV database with any value (i.e.: IsKnown=False, IsPresent=True, IsEmpty=False). The update condition does not include RA. - The kernel data object Terminal Identification ( 9F1C ) is not present in the TLV database. Same as PPS_MStripe1 except: - For MasterCard AID: the tag 9F65 (PCVC3track2) is present in the TLV database with any value. - For Maestro AID: the tag 94 (AFL) is present in the TLV database (This configuration does not apply when the Product supports Data Exchange) Same as PPS_MStripe1 except: - the proprietary tag DF62 is present in the TLV database with no value (i.e.: IsKnown=False, IsPresent=True, IsEmpty=True). The update condition includes RA. Same as PPS_MStripe1 except for: 1. MasterCard AID: Reader CTL (no On-device CVM) = Reader CTL (On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = Maestro AID: Reader CTL (no On-device CVM) = Reader CTL (On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = Test AID: Reader CTL (no On-device CVM) = Reader CTL (On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = PayPass Testing Environment 16 May

40 Annex A: Configuration and Transaction related data sets PPS_MS_Limit_2 Same as PPS_MStripe1 except for: 1. MasterCard AID: Reader CTL (no On-device CVM) = 2.00 Reader CTL (On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = Maestro AID: Reader CTL (no On-device CVM) = 2.00 Reader CTL (On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = Test AID: Reader CTL (no On-device CVM) = 2.00 Reader CTL (On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = PPS_MS_Limit_3 Same as PPS_MStripe1 except for: 1. MasterCard AID: Reader CTL (no On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = Maestro AID: Reader CTL (no On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = Test AID: Reader CTL (no On-device CVM) = Terminal/Reader CVM Required Limit = Terminal/Reader Contactless floor limit = PPS_MS_Limit_3b Same as PPS_MS_Limit_3 except for: MasterCard AID: Kernel Configuration is 40 (On-device cardholder verification NOT supported, Mag-Stripe mode only) PPS_Select1 Same as PPS_MStripe1 plus: The combination data sets are as per the below tables. The Kernel7 is void. That is, a GET PROCESSING OPTIONS command will never be sent whenever the Kernel7 is selected PayPass Testing Environment 16 May 2012

41 Annex A: Configuration and Transaction related data sets Transaction Types: Payment, Cash MasterCard AID A Maestro AID A Test AID B Kernel 2 Transaction Type: Cashback MasterCard AID A Maestro AID A Test AID B Kernel 2 No Kernel 7 No Transaction Type: Refund MasterCard AID A Maestro AID A Test AID B Kernel 2 No No Transaction Type 88 MasterCard AID A Maestro AID A Test AID B Kernel 2 No No No PayPass Testing Environment 16 May

42 Annex A: Configuration and Transaction related data sets Configuration data set definitions (EMV) M/Chip The following Device Testing Environment requirements apply to PayPass Products supporting the EMV implementation option: Unless otherwise specified, the values defined in the below configuration data sets apply to all AIDs and any Transaction Type. Configuration Data Set ID PPS_MChip1 PPS_MChip2 PPS_MChip3 PPS_MChip4 PPS_MChip5 PPS_MChip6 Description The submitted PayPass Product follows the configuration requirement listed in Table 6: Default Configuration Data set EMV supported. Same as PPS_MChip1 except for: TAC online = '7C D8 FC F8 F0' (for All AIDs TAC) Terminal Type = Online-only 11 (MasterCard AID) Terminal Type = Offline with online capability 12 (Maestro AID) Terminal Type = Offline-only 13 (Test AID). Same as PPS_MChip1 except for: TAC denial = 7C D8 FC F8 F0 (for All AIDs TAC) Terminal Type = Online-only 14 (MasterCard AID) Terminal Type = Offline with online capability 15 (Maestro AID) Terminal Type = Offline-only 16 (Test AID) Same as PPS_MChip1 except for: TAC online = (for All AIDs TAC) Terminal Type = Online-only 21 (MasterCard AID) Terminal Type = Offline with online capability 22 (Maestro AID) Terminal Type = Offline-only 23 (Test AID). Same as PPS_MChip1 except for: TAC denial = (for All AIDs TAC) Terminal Type = Online-only 24 (MasterCard AID) Terminal Type = Offline with online capability 25 (Maestro AID) Terminal Type = Offline-only 26 (Test AID). Same as PPS_MChip1 except for: TAC default = (for All AIDs TAC) Terminal Type = Online-only 34 (MasterCard AID) Terminal Type = Offline with online capability 35 (Maestro AID) Terminal Type = Offline-only 36 (Test AID) PayPass Testing Environment 16 May 2012