Visa Integrated
Circuit Card Terminal
Specification
The Visa Integrated Circuit Card (ICC) Terminal
Specification has been updated. Please see the Chapter 1,
Section 1.6, “Impact Summary” for information on what has
changed from Visa ICC Specification (VIS) version 1.3.2.
Terminal Specification
Version 1.4.0
Effective: 31 October 2001
Visa Public
1998, 1999, 2001 Visa International Service Association. All rights reserved. Permission to copy and implement the
material contained herein is granted subject to the conditions that (i) any copy or re-publication must bear this legend
in full, (ii) any derivative work must bear a notice that it is not the Visa Integrated Circuit Card Specification published
by Visa, and (iii) Visa shall have no responsibility or liability whatsoever to any other party arising from the use or
publication of the material contained herein.
Visa makes no representation or warranty regarding whether any particular physical implementation of any part of
this Specification does or does not violate, infringe, or otherwise use the patents, copyrights, trademarks, trade secrets,
know-how, and/or other intellectual property of third parties, and thus any person who implements any part of this
Specification should consult an intellectual property attorney before any such implementation. Any party seeking to
implement this Specification is solely responsible for determining whether their activities require a license to any
technology including, but not limited to, patents on public key encryption technology. Visa International Service
Association shall not be liable for any party’s infringement of any intellectual property right.
31 Oct 2001
Draft 12/18/00 Visa Public i
Contents Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
ii
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Contents
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public iii
Contents Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
iv
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Contents
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public v
Contents Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
vi
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Contents
Terminal Specification, Version 1.4.0
Chapter 13 • Completion
13.1 Card Data . . . . . . . . . . . . . . . . . . . . . . . . . . . 13–2
31 Oct 2001
Draft 12/18/00 Visa Public vii
Contents Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
13.6 Online Processing Requested, Transaction Was Not Sent Online . . . . . 13–8
viii
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Contents
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public ix
Contents Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Appendix E • Acronyms
Glossary
Index
x
Draft 12/18/00 Visa Public 31 Oct 2001
Figures
31 Oct 2001
Draft 12/18/00 Visa Public xi
Figures Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
xii
Draft 12/18/00 Visa Public 31 Oct 2001
Tables
31 Oct 2001
Draft 12/18/00 Visa Public xiii
Tables Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
xiv
Draft 12/18/00 Visa Public 31 Oct 2001
About This Specification 1
The Visa Integrated Circuit Card Specification (VIS) provides the technical
details of chip card and terminal functionality related to Visa Smart Debit
and Visa Smart Credit (VSDC) transactions, Visa’s chip-based credit and
debit programs. It focuses on the functions performed by the chip card and
terminal as well as the interaction between the chip card and terminal at the
point of transaction.
The objective of the Visa Integrated Circuit Card Specification is to:
●
Communicate the implementation details of Europay, MasterCard, and
Visa (EMV) specifications to ease vendor development efforts
● Aid members and vendors in understanding the changes that chip brings
to the credit and debit payment services, especially in terms of the
processing taking place between the chip card and terminal at the point of
transaction
●
Provide Visa’s minimum requirements for chip-based credit and debit
programs
● Identify options that members and vendors can implement to meet
market needs
● Support Visa’s payment service rules and International Operating
Regulations for Visa Smart Debit and Visa Smart Credit (VSDC)
●
Define Visa’s implementation of optional EMV features
Because VIS is based on EMV, the two specifications should be used together
for reference and development purposes. However, VIS builds on the EMV
requirements in order to support the Visa payment service rules. To facilitate
understanding of the differences between these two specifications, please
refer to Chapter 2, Processing Overview.
31 Oct 2001
Draft 12/18/00 Visa Public 1–1
About This Specification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
1.1 Audience
This document is intended for members, vendors, and readers seeking a
technical understanding of the functionality of chip cards and terminals
supporting Visa Smart Debit and Visa Smart Credit programs.
1–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.3 Terminology
Terminal Specification, Version 1.4.0
1.3 Terminology
This section provides clarification on several terms used throughout the
specification.
1.3.1 Mandatory/Required/Recommended/Optional
Visa’s philosophy is to facilitate market requirements while ensuring global
interoperability. To this end, Visa’s minimum requirements reflect the EMV
mandatory items in addition to specific requirements outlined in the Visa
payment service rules or International Operating Regulations. All other
functionality is optional and not required.
Visa’s minimum requirements are designated using the terms “mandatory”,
“required”, and “shall.” Recommended functionality is designated in the
document using the term “should.” Elective data elements and functions are
designated using the terms “optional” or “may.”
Markets can customize their programs beyond the minimum requirements
through adoption of the optional functions and through proprietary
processing. Proprietary processing, however, must not interfere with global
interoperability.
31 Oct 2001
Draft 12/18/00 Visa Public 1–3
About This Specification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
1–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.4 Document Structure
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 1–5
About This Specification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
1–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.6 Impact Summary
Terminal Specification, Version 1.4.0
1.6.1 Terminal
This section includes mandatory and optional changes. The testing of
terminals to support mandatory changes shall be aligned with the EMV 2000,
Version 4.0, migration requirements. Refer to the EMVCo website for
information on testing schedules.
1.6.1.1 Mandatory
● If the Directory method of Application Selection fails, the terminal shall
switch to the List of AIDs method.
● The terminal shall not allow Partial Selection during Application
Selection if the terminal indicators show it is not supported for the AID.
● During SDA and DDA, the terminal shall save the Data Authentication
Code (if present) and ICC Dynamic Number after recovery.
● If the SDA Tag List is one of the data elements read from the card, the
terminal shall validate that the only tag it contains is the tag for the AIP.
● ATMs supporting Offline PIN shall support CVM List processing.
1.6.1.2 Optional
● Visa Operating Regulations may permit the terminal to eliminate certain
common applications from consideration during Application Selection.
● The EMV Combined DDA/Generate AC option is included as a terminal
option.
● The public key encipherment used in the Offline Enciphered PIN
processing may occur either in the PIN pad or in the card reader. Secure
transfer of the PIN from the PIN pad to the card reader is required.
● Terminal support for Visa Low-value Payment feature of VSDC.
31 Oct 2001
Draft 12/18/00 Visa Public 1–7
About This Specification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
1.6.2 Card
This section includes mandatory and optional changes. Contact the CAA for
information on testing schedules. Changes are backward compatible and cards
tested under versions 1.3.1 and 1.3.2 will continue to work in the new devices.
1.6.2.1 Mandatory
● If a card is personalized with an SDA Tag List, the only tag in the list
must be “82”, the tag for the Application Interchange Profile. Prior to
adding this requirement to EMV a survey was conducted to determine if
the SDA tag list was being used. The results indicated that it was not in
use and that the requirement could be added to EMV. To ensure
interoperability and backward compatibility, cards should begin
compliance immediately. An SDA tag list that does not comply will result
in Offline Data Authentication failure in EMV 4.0 terminals.
● Support of Cardholder Verification must be indicated in the Application
Interchange Profile, and a CVM List is required.
● Cumulative amounts are no longer incremented for offline declines.
● The Online Authorization Indicator is no longer reset after offline
approval.
1.6.2.2 Optional
● The Issuer Public Key length may equal that of the corresponding Visa CA
Public Key.
● The ICC Public Key length may equal that of the corresponding Issuer
Public Key.
● The EMV Combined DDA/Generate AC option is included as a VSDC card
option.
●
The EMV optional session key generation method is referenced as a VIS
option.
● A new cryptogram generation method, Cryptogram Version 14, is
referenced as a VIS option.
NOTE: Cryptogram Version 14 is not currently supported in VisaNet
systems and Issuers wishing to implement this option must be
aware that they will not be eligible for VisaNet Authentication
Services.
1–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.6 Impact Summary
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 1–9
About This Specification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
1–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.7 Reference Materials
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 1–11
About This Specification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
1–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 1.7 Reference Materials
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 1–13
Processing Overview 2
This chapter provides an overview of a Visa Smart Debit and Visa Smart
Credit (VSDC) transaction. This is followed by a transaction flow showing the
order in which these functions may be performed and the commands sent by
the terminal to the card for communications. Charts at the end of the chapter
show functional and command support requirements for cards and terminals.
Regions may have additional restrictions and requirements.
31 Oct 2001
Draft 12/18/00 Visa Public 2–1
Processing Overview Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
2–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.1 Functional Overview
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 2–3
Processing Overview Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
2–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.1 Functional Overview
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 2–5
Processing Overview Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Mandatory SELECT
process List of Supported Command/Response
Application Selection
Applications READ RECORD
Command/Response
Mandatory
Supported Functions
process w/ GET PROCESSING OPTIONS Initiate Application
& Pointers to
optional Command/Response Processing
Application Data
steps
1 Offline Data
Generate Dynamic INTERNAL AUTHENTICATE
Authentication
1 - If DDA Cryptogram Command/Response SDA or DDA
2 - If Offline
Enciphered
PIN
3 - Optional for Processing
Offline PIN Restrictions
4 - If Offline PIN
Generate Unpred.
Number 2
GET CHALLENGE Command/Response
3 Cardholder
PIN Try Counter GET DATA Command/Response Verification
4
Validate PIN VERIFY Command/Response
Last Online
Application GET DATA Terminal Risk
Transaction Counter Command/Response Management
(ATC) Register
Online Processing
N
Validate ARPC EXTERNAL AUTHENTICATE
Issuer Authentication
Cryptogram Command/Response
2–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.2 Terminal Mandatory and Optional Functionality
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 2–7
Processing Overview Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Online Processing
● Online Capability Optional (EMV and VIS)
● Advice Messages Optional (EMV and VIS)
● Issuer Authentication Conditional—If online capable
Completion Mandatory
Miscellaneous Functions
● Cardholder amount validation Recommended (EMV)
● Voice Referrals Recommended
●
Card initiated referrals Not supported (VIS)
● Merchant forced acceptance Optional (EMV)
●
Chip card informational Optional (EMV)
advices
Conditional—At discretion of country or region (VIS)
● Prompt for chip read Mandatory (EMV)
2–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 2.2 Terminal Mandatory and Optional Functionality
Terminal Specification, Version 1.4.0
Issuer Script Commands If sent from the Issuer, terminal must parse the script into commands and
send them to the card one at a time. The terminal has no knowledge of what
● APPLICATION BLOCK (EMV)
command is being sent. (EMV)
● APPLICATION UNBLOCK (EMV)
● CARD BLOCK (EMV)
● PUT DATA (VIS)
● UPDATE RECORD (VIS)
● PIN CHANGE/UNBLOCK (EMV)
31 Oct 2001
Draft 12/18/00 Visa Public 2–9
Application Selection 3
31 Oct 2001
Draft 12/18/00 Visa Public 3–1
Application Selection Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Application Definition File (ADF) The ADF is a file, which is the entry point to application elementary files (AEF),
which contain data elements for the application. The ADF may contain information
about the application such as language preference and application priority. It may
also contain a Processing Options Data Objects List (PDOL) of terminal data
elements requested by the card for processing.
Application Elementary Files AEF contains data elements used by the application in processing.
(AEF)
Application Identifier (AID) The AID is composed of the Registered Application Provider Identifier (RID) and
the Proprietary Application Identifier Extension (PIX). It identifies the application
as described in ISO/IEC 7816-5.
All Visa AIDs shall begin with a RID expressed as hexadecimal A000000003. The
Visa RID is concatenated with a Visa assigned PIX to identify the application.
● 1010—Visa Debit and Visa Credit
● 2010—Visa Electron
● 3010—Interlink
● 8010—Plus
● 999910—Proprietary ATM applications
The card AID shall have a suffix if more than one Visa debit or credit application is
present on a single card. For example, a card with both a Visa credit and a Visa
debit application might use the suffix as follows:
Example:
A000000003101001—first Visa application (for Visa Credit)
A000000003101002—second Visa application (for Visa Debit)
Application Label Mnemonic associated with AID according to ISO/IEC 7816-5. Used in application
selection. Application Label is required in the File Control Information (FCI) of an
Application Definition File (ADF) and mandatory in an ADF directory entry. It will
become mandatory in the ADF according to the EMVCo migration plan.
3–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.1 Card Data
Terminal Specification, Version 1.4.0
Application Preferred Name Mnemonic associated with AID. If the Application Preferred Name is present and
the Issuer Code Table Index entry is supported by the terminal, the Application
Preferred Name rather than the Application Label is displayed to the cardholder
during Application Selection.
Application Priority Indicator Indicates the priority of a given application or group of applications in a directory.
Directory Definition File (DDF) The DDF file is a file, which defines the directory structure beneath it. The FCI for
a DDF contains a pointer to a Directory File.
Directory File A directory file is a file listing DDFs and ADFs contained within the directory. It is
accessed by the READ RECORD command.
For detailed information on directory files, refer to the EMV 4.0, Book 1, Section 8.
File Control Information (FCI) The FCI is provided in response to the SELECT command. This information
varies depending on the type of file selected.
Issuer Code Table Index Indicates the code table (character set) support, according to International
Organisation for Standardisation (ISO) 8859, required in the terminal to display
the Application Preferred Name.
Payment Systems Environment The PSE begins with a DDF given the name “1PAY.SYS.DDF01”. The directory
(PSE) file associated with this DDF is known as the Payment Systems Directory.
Processing Options Data The PDOL is a list of tags and lengths for terminal-resident data objects
Objects List (PDOL) requested by the card and provided by the terminal in the GET PROCESSING
OPTIONS command during Initiate Application Processing.
Short File Identifier (SFI) The SFI is a pointer to elementary files (EF).
●
1–10 Reserved for EMV
● 11–20 Payment system specific
●
21–30 Issuer specific
31 Oct 2001
Draft 12/18/00 Visa Public 3–3
Application Selection Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Application Identifier (AID) The AID, tag “9F06” in the terminal, is composed of the Registered Application
Provider Identifier (RID), and the Proprietary Application Identifier Extension
(PIX). It identifies the application as described in ISO/IEC 7816-5.
All Visa AIDs shall begin with a RID expressed as hexadecimal A000000003. The
Visa RID is concatenated with a Visa-assigned PIX to identify the application.
● 1010—Visa Debit and Visa Credit
● 2010—Visa Electron
● 3010—Interlink
● 8010—Plus
● 999910—Proprietary ATM applications
Application Selection Indicator Indicates whether the associated AID in the terminal must match the AID in the
card exactly including the length of the AID (Partial Selection is not supported), or
only up to the length of the AID in the terminal (Partial Selection is supported).
There is only one Application Selection Indicator per AID in the terminal and its
format is at the discretion of the terminal vendor.
Application Selection Indicators for Visa AIDs must indicate support for Partial
Selection.
List of supported applications The terminal shall maintain a list of applications supported by the terminal and
their respective AIDs.
PSE File Name The name of the PSE (1PAY.SYS.DDF01) is used in Application Selection if the
terminal supports directory selection.
3–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.3 Commands
Terminal Specification, Version 1.4.0
3.3 Commands
SELECT
The SELECT command shall be performed as described in the EMV 4.0,
Book 1, Section 7.3.
The terminal sends the SELECT command to the card to obtain information
from the card on which applications are supported by the card and issuer
preferences such as the priority in which the application is selected, name of
the application, and language preference. The command either contains the
name of the Payment Systems Environment (used for the directory selection
method), a DDF name or a requested AID (used for the List of the AIDs
method).
The P1 parameter of the SELECT command indicates whether the application
is being selected by name. The P2 parameter indicates whether additional
applications with the same AID are being requested in support of AID suffixes
(where multiple applications with the same AID are supported by the card).
The command response may have the following SW1 SW2 return codes:
● 9000—Successful return from SELECT
● 6A81—Card is blocked or command not supported
● 6A82—Selected file not found
– PSE not found (Directory Selection Method not supported by the card)
– Last file when P2 parameter specified additional applications with the
same AID (command contains AID)
● 6283—Application is blocked
The card’s response includes the PDOL, if present on the card. The PDOL will
be used during Initiate Application Processing.
READ RECORD
The READ RECORD command shall be performed as described in the
EMV 4.0, Book 1, Section 7.2.
In the Directory Selection Method, the terminal reads the directory, an
Elementary File associated with the PSE, which lists all of the EMV payment
applications on the card and the card returns the requested record in the
response. The command includes the Short File Identifier (SFI) of the file to be
read and the record number of the record within the file.
31 Oct 2001
Draft 12/18/00 Visa Public 3–5
Application Selection Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Match Match
Terminal AID Card AID Option 1 Option 2
A0000000031010 A000000003101001 N Y
A0000000031010 A000000003101002 N Y
Note: The suffixes “01” and “02” make the AIDs unique. They are simply labels and need
not be in order.
3–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.4 Building the Candidate List
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 3–7
Application Selection Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Payment
PSE Systems
Directory
Record 1 Record 2
DDF DDF
Directory
Record 1
Entry 1 Entry 2
ADF ADF
3–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.4 Building the Candidate List
Terminal Specification, Version 1.4.0
Terminal Card
Terminal AID Application Card AID Application
The SELECT command is used with the terminal AID and parameter P2 set
to “02” to indicate that the card should provide the next application with the
same terminal AID.
Steps 1–5 are repeated until the terminal has attempted to select all of the
applications it supports.
31 Oct 2001
Draft 12/18/00 Visa Public 3–9
Application Selection Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
3–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.5 Identifying and Selecting the Application
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 3–11
Application Selection Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
3.6 Flow
Figure 3–2: Application Selection Processing Flow (1 of 3)
List of AIDs
Terminal Method
N
supports PSE
Card responds B
Y
with FCI and A
“9000” if (card Terminal clears the
not blocked and candidate list and
SELECT Y
PSE found and issues SELECT with
command
not blocked) or DFNAME =
(card not 1PAY.SYS.DDF01 Place current directory
blocked and and resumption
DDF found) information on directory
stack Y
C B
Get SFI for Directory from
FCI and set record # to 1
Card responds
READ
with Directory Terminal issues
RECORD
Entry and READ RECORD
command
“9000” if found
READ
Directory stack Candidate
RECORD Record Found? N Y
empty? List Empty?
response
Y
N
N
Get entry
Choose
Get previous Application
directory from list and and SELECT
A N ADF? continue processing
Y
Y
Terminal
supports?
C
3–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.6 Flow
Terminal Specification, Version 1.4.0
List of AIDs
Card Selection Terminal
Method
Terminal
SELECT Card Blocked?
Y terminates card
response (SW1SW2 =
6A81) session
File
found for AID?
(SW1SW2 NE
6A82)
Y
N
Application
blocked? Y
(SW1SW2 =
6283)?
Add Application to
Candidate List
Choose
Application
Name in FCI Another AID in and SELECT
Y N
exact match? terminal list?
N
N
Name in FCI
partial match?
Y Y
Partial Selection N
supported for AID?
B B
31 Oct 2001
Draft 12/18/00 Visa Public 3–13
Application Selection Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Choose
Card Application
Terminal
& SELECT
Terminal
displays highest
Terminal
priority Cardholder
confirmation Y
support? application on confirms?
list for
confirmation
Terminal
displays
Terminal Application
applications by
supports Y
priority and selected?
selection?
asks cardholder
to select
N
Terminal identifies
Applications highest priority
available without Y application not
confirmation? requiring Y
confirmation
Y
N
N
T N
Successful
SELECT Terminal removes
SELECT Y
response application from list
(“9000”)?
Terminal proceeds to
B
Initiate Application
Processing
3–14
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 3.7 Subsequent Related Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 3–15
Initiate Application Processing 4
During Initiate Application Processing, the terminal signals to the card that
transaction processing is beginning. The terminal accomplishes this by
sending the GET PROCESSING OPTIONS command to the card. When
issuing this command, the terminal supplies the card with any data elements
requested by the card in a Processing Options Data Objects List (PDOL). The
PDOL (a list of tags and lengths of data elements) is optionally provided by
the card to the terminal during Application Selection.
The card responds to the GET PROCESSING OPTIONS command with the
Application File Locator (AFL), a list of files and records, which the terminal
needs to read from the card. The card also provides the Application
Interchange Profile (AIP), a list of functions to be performed in processing
the transaction.
Initiate Application Processing shall be performed as described in the EMV
2000 Integrated Circuit Card Specification for Payment Systems, Version 4.0
(EMV 4.0), Book 3, Section 6.1, and Book 4, Section 2.3.1.
This chapter is organized into the following sections:
4.1 Card Data
4.2 Terminal Data
4.3 GET PROCESSING OPTIONS Command
4.4 Processing
4.5 Prior Related Processing
4.6 Subsequent Related Processing
31 Oct 2001
Draft 12/18/00 Visa Public 4–1
Initiate Application Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
File Control Information (FCI) Information such as file name and language preference provided by card in
response to the SELECT command issued by the terminal.
Processing Options Data Object The PDOL is a list of tags and lengths for terminal-resident data objects needed
List (PDOL) by the card in processing the GET PROCESSING OPTIONS command during
Initiate Application Processing (Chapter 3, Application Selection).
Application Interchange Profile A data element, which indicates the capability of the card to support specific
(AIP) functions in the application (SDA, DDA, Cardholder Verification, and Issuer
Authentication).
Application File Locator (AFL) Indicates the file location and range of records, which contain card data to be read
by the terminal for use in transaction processing. For each file to be read, the AFL
contains the following information:
● Byte 1—Short File Identifier (a numeric file label)
● Byte 2—Record number of the first record to be read
● Byte 3—Record number of the last record to be read
● Byte 4—Number of consecutive records containing data to be used in Offline
Data Authentication beginning with the first record to be read as indicated in
Byte 2.
4–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 4.2 Terminal Data
Terminal Specification, Version 1.4.0
Terminal Country Code Terminal data indicating the country of the terminal. It is provided to the card in the
GET PROCESSING OPTIONS command if requested by the card in the PDOL.
Terminal Verification Results A terminal data element indicating the results of offline processing from a terminal
(TVR) perspective. This data element is transmitted in online authorization and clearing
messages.
Transaction Status Information Indicates the functions performed by the terminal. This data element is not
(TSI) provided in the online authorization and clearing messages.
31 Oct 2001
Draft 12/18/00 Visa Public 4–3
Initiate Application Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
4.4 Processing
The terminal initiates application processing by sending the GET
PROCESSING OPTIONS command to the card. The terminal:
1. Extracts the PDOL (if present) from the FCI provided by the card in
response to the SELECT command.
2. Sets the Transaction Status Information (TSI) to zero.
3. Sets the Terminal Verification Results (TVR) to zero.
4. Sends the GET PROCESSING OPTIONS command to the card. Any data
elements requested in the PDOL are passed to the card in this command.
Refer to EMV 4.0, Book 3, Section 1.4, Rules for Using a Data Object List
(DOL).
5. Receives the card response to the GET PROCESSING OPTIONS
command.
6. If Geographic Restrictions apply, the card responds with “Conditions of
use not satisfied” (SW1 SW2 = “6985”), the terminal removes the
application from the list of candidate applications for this transaction and
returns to Application Selection processing.
7. If the card responds with the AFL and the AIP, the terminal proceeds to
Read Application Data.
4–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 4.4 Processing
Terminal Specification, Version 1.4.0
Card Terminal
Terminal completes
Application Selection
(Chapter 3)
Card receives
command, does internal
processing & responds
with “9000”, AIP, & AFL
or error code
Terminal eliminates
GET Card response application from list of
= conditions of use not
PROCESSING Y eligible applications and
satisfied (SW1SW2
OPTIONS response returns to Application
6985)?
Selection (Chapter 3)
31 Oct 2001
Draft 12/18/00 Visa Public 4–5
Initiate Application Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
4–6
Draft 12/18/00 Visa Public 31 Oct 2001
Read Application Data 5
During Read Application Data, the terminal reads the card data necessary to
process the transaction and determines the data to be authenticated during
Static Data Authentication (SDA) or Dynamic Data Authentication (DDA).
Read Application Data shall be performed as described in the EMV 2000
Integrated Circuit Card Specification for Payment Systems, Version 4.0
(EMV 4.0), Book 3, Section 6.2.
This chapter is organized into the following sections:
5.1 Card Data
5.2 Terminal Data
5.3 READ RECORD Command
5.4 Processing
5.5 Prior Related Processing
5.6 Subsequent Related Processing
31 Oct 2001
Draft 12/18/00 Visa Public 5–1
Read Application Data Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Application File Locator (AFL) In Initiate Application Processing, the card sent the terminal the AFL, which
contains an entry for each file to be read. Each entry designates:
● The Short File Identifier (SFI) of the file
● The numbers of the first and last record to be read from the file
● The number of records beginning with the first record read in the file to be used
for authentication during SDA and DDA
Read Application Data reads records from the card’s Application Elementary
Files (AEF) described in Table 5–2.
Application Elementary Files Card data files containing data used for application processing. An AEF consists
(AEF) of a sequence of records, which are addressed by record number. Each AEF is
identified by a unique Short File Identifier (SFI). The terminal reads these records
using the READ RECORD command containing a designation of the SFI and
record number to be read.
5–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 5.3 READ RECORD Command
Terminal Specification, Version 1.4.0
5.4 Processing
The terminal uses the Application File Locator (AFL) to determine which
records to request from the card. For each entry in the AFL, the terminal uses
the READ RECORD command to request the first record number specified in
the AFL entry from the file specified by the SFI in this entry. After receiving
the requested record, the terminal requests subsequent records until the last
record specified in the AFL entry is received. The terminal processes the next
entry in the AFL in the same manner until all AFL entries are processed.
The AFL entry specifies how many records from the AEF are used for offline
data authentication. Beginning with the first record read from the Application
Elementary Files (AEF), the terminal shall put the record read into the list of
static data to be authenticated until the number of records specified in the
AFL entry has been put into the list.
The terminal shall store all recognized data objects for later use in processing
the transaction. Unrecognized data objects shall not be stored.
The terminal shall terminate the transaction under any of these conditions:
● More than one occurrence of a single primitive data object is encountered
while reading data from the ICC
● The completion code (SW1 SW2) returned by the card in the READ
RECORD response is not “9000”
●
All mandatory data objects are not received. Mandatory data objects are
shown in the Visa Integrated Circuit Card Specification, Appendix A,
Terminal and Acquirer Data Elements.
31 Oct 2001
Draft 12/18/00 Visa Public 5–3
Read Application Data Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
The terminal could perform Read Application Data as shown in Figure 5–1.
Card Terminal
Terminal completes
Initiate Appl. Terminal stores data
Processing for later use
Y
SDA Count = count in
AFL entry
Any more AFL
entries?
P1 = first record
number in AFL Y
P2 = SFI
SDA Count = 0? N
Decrement SDA
Count by 1
Y
5–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 5.5 Prior Related Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 5–5
Offline Data Authentication 6
31 Oct 2001
Draft 12/18/00 Visa Public 6–1
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
6–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.1 Terminal Requirements
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–3
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Terminal Capabilities Contains flags indicating the terminal’s support for SDA and DDA which may be
used in deciding whether to perform SDA or DDA
● SDA supported
● Standard DDA supported
● Combined DDA/AC Generation Supported
Transaction Status Information Contains a flag that is set when SDA or DDA is performed
(TSI)
Terminal Verification Results Contains a flag that is set when neither SDA or DDA is performed
(TVR)
6–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.2 Determining Whether to Perform SDA or DDA
Terminal Specification, Version 1.4.0
Application Interchange Profile Contains flags indicating the card’s support for SDA and DDA:
(AIP) ● SDA supported
● DDA supported
●
Combined DDA/AC Generation supported
6.2.3 Commands
No commands are used to determine whether to perform SDA or DDA.
6.2.4 Process
Only one offline data authentication method is performed in a single
transaction. Combined DDA/AC Generation receives priority over Standard
DDA and Standard DDA receives priority over SDA. If the card and terminal
do not support a common authentication method, offline data authentication
is not performed.
Card support for SDA and DDA is shown in the Application Interchange
Profile (AIP). Terminal support for SDA and DDA is shown in Terminal
Capabilities, but the terminal may use other means to determine whether it
supports these methods.
The terminal uses the following rules to determine whether to perform SDA,
Standard DDA or Combined DDA/AC Generation:
●
If both the card and the terminal support Combined DDA/AC Generation,
the terminal shall perform Combined DDA/AC Generation
● Otherwise, if both the card and the terminal support Standard DDA, the
terminal shall perform Standard DDA
● Otherwise, if both support SDA, the terminal shall perform SDA
●
If none of the previous conditions are satisfied, the terminal shall not
perform SDA or DDA and shall set the Offline Data Authentication was
Not Performed bit to “1” in the TVR
31 Oct 2001
Draft 12/18/00 Visa Public 6–5
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Figure 6–1 illustrates how the terminal could determine whether to perform
SDA, Standard DDA, or Combined DDA/AC Generation.
Y Y Y
N N
N
Terminal Terminal
Terminal supports
supports Combined DDA/ supports N
Standard DDA?
AC Generation? SDA?
Y Y
Method used is
Combined DDA
AC Generation Y Terminal sets Offline Data
Auth. was Not Performed
Method used is bit to “1” in TVR.
Standard DDA
6–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.3 Static Data Authentication (SDA)
Terminal Specification, Version 1.4.0
Data Description
Certificate Authority Public Key Used with the RID to designate which Visa CA Public Key to use for offline data
Index (PKI) authentication.
Issuer Public Key (PK) A certificate that has been signed with the Visa Private Key and includes the
Certificate Issuer Public Key. The format is shown in the EMV 2000 Integrated Circuit Card
Specification for Payment Systems, Version 4.0 (EMV 4.0), Book 2, Section 5,
Table 4. The certificate includes the following subfields:
● The Issuer Public Key Length—Must be less than or equal to the length of the
Visa CA Public Key
● The Issuer Public Key or the leftmost digits of the Issuer PK if the entire PK
does not fit in the certificate
● The hash result from hashing the Issuer PK and other data elements specified
in the EMV 4.0, Book 2, Section 5, Table 1
Issuer Public Key Remainder If necessary, it contains the portion of the Issuer Public Key that does not fit within
the Issuer Public Key Certificate.
Registered Application Identifier A portion of the Application Identifier (AID) that identifies the card scheme. The
(RID) RID is used with the PKI to designate the Visa CA Public Key to use for offline
data authentication. Visa’s RID is A000000003.
Signed Static Application Data Used in the validation of the card’s static data during SDA. The SAD is signed with
(SAD) the Issuer Private Key and includes a hash of the card static data. The SAD
format is shown in the EMV 4.0, Book 2, Section 5, Table 5. The format of the
data to be hashed is in Table IV-2 of the same document.
31 Oct 2001
Draft 12/18/00 Visa Public 6–7
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Data Description
Static Data Authentication Tag Optional field containing the tag of the AIP (tag “82”). If other tags are present,
List SDA processing fails.
Static Data to be Authenticated The data fields from the card to be used in the validation of the SAD. It consists of
the data in the records identified in the AFL as being used for data authentication
and the data identified in the optional Static Data Authentication Tag List. If
present it contains the tag for the AIP (“82”). The terminal checks that this is the
only tag present in the SDA Tag List.
Data Description
Certificate Authority Public Key Each Visa CA Public Key used for offline data authentication in SDA and DDA is
Index (PKI) identified by the PKI in conjunction with the Registered Application Identifier (RID)
of the Application Identifier (AID).
The Visa CA Public Keys The public keys stored in terminal for use in Issuer PK Certificate recovery. The
Visa RID and a PKI unique within the Visa RID are associated with each Visa CA
Public Key. Additional requirements are in Section 6.1.3 RSA Key Pairs, and
Section 6.1.4 Security Requirements, in this chapter.
Terminal Verification Results Contains a flag that is used to indicate SDA failure.
(TVR)
Registered Application Provider Identifies the scheme-specific list of public keys in the terminal. Used in
Identifier (RID) conjunction with the PKI to identify the Visa CA Public Key to use of offline data
authentication. Visa’s RID is A000000003.
6.3.3 Commands
No commands are used in SDA.
6–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.3 Static Data Authentication (SDA)
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–9
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
6–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.3 Static Data Authentication (SDA)
Terminal Specification, Version 1.4.0
Terminal data to
N
support SDA present?
Recovered
certificate passes validity N
checking?
Y
Terminal sets Offline Static
N
Terminal concatenates data Data Auth. Failed bit to “1” in
recovered from SAD and static TVR
data to be authenticated &
calculates a hash from
concatenation result
Terminal proceeds to
Processing Restrictions
(See Chapter 7)
31 Oct 2001
Draft 12/18/00 Visa Public 6–11
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
ICC Public Key (PK) Certificate Contains the ICC Public Key and a hash of the static data. This data is signed with
the Issuer Private Key.
ICC Public Key Exponent Contains the exponent to be used by the RSA algorithm that recovers the ICC PK
Certificate.
ICC Public Key Remainder If necessary, contains that part of the ICC Public Key that did not fit in the ICC PK
Certificate.
Dynamic Data Authentication Contains the tags and lengths of the terminal data to be included in the
Data Object List (DDOL) INTERNAL AUTHENTICATE command requesting a dynamic signature.
6–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.4 Dynamic Data Authentication (DDA)
Terminal Specification, Version 1.4.0
During DDA, the terminal receives the data (described in Table 6–6) from the
card in the INTERNAL AUTHENTICATE response.
Table 6–6: Offline Data Authentication—DDA Card Data in INTERNAL AUTHENTICATE Response
Signed Dynamic Application Signed Dynamic Application DataThe dynamic signature generated by the
Data card. The data signed in the Signed Dynamic Application Data includes:
●
The ICC Dynamic Data—Dynamic data from the card used in the hash
algorithm
● A hash result-which was generated from the ICC Dynamic Data and the
terminal dynamic data passed with the INTERNAL AUTHENTICATE
command
The format of the Signed Dynamic Application Data is shown in the EMV 4.0,
Book 2, Section 6, Table 13.
Default Dynamic Data Indicates the data to include in the command requesting a dynamic signature
Authentication Data Object List if a DDOL is not received from the card. The Default DDOL shall contain only
(Default DDOL) the tag and length for the Unpredictable Number. No other data objects shall
be referenced in the Default DDOL.
31 Oct 2001
Draft 12/18/00 Visa Public 6–13
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
6.4.3 Commands
6.4.4 Processing
During DDA processing, the terminal uses RSA public key decryption
technology to recover and validate the Issuer PK Certificate, the ICC PK
Certificate and the Signed Dynamic Application Data (the dynamic signature)
from the card.
The only functions performed by the card during DDA processing are the
generation of the dynamic signature and setting of the CVR bit to indicate
that Offline Dynamic Data Authentication has occurred.
6–14
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.4 Dynamic Data Authentication (DDA)
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–15
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
6–16
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.4 Dynamic Data Authentication (DDA)
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–17
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
6–18
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.4 Dynamic Data Authentication (DDA)
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–19
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
CA PK found for
RID/CA PK N
Index?
Issuer ID Number =
N first digits of
Y
Retrieval of Issuer PAN?
Public Key
Issuer
PK Certificate
N Y
& CA PK same
length?
Y Issuer PK Certificate
Y
expired?
Recover data in Issuer PK
Certificate using CA PK
N
Concatenate certificate's
Issuer PK and Issuer PK
Recovered data Remainder to get Issuer PK
has valid header, trailer, Modulus
N
format and PK Algorithm
Indicator?
Y B
C
A
6–20
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.4 Dynamic Data Authentication (DDA)
Terminal Specification, Version 1.4.0
Card B Terminal
Retrieval of ICC
Public Key
ICC PK Certificate
and Issuer PK Modulus N
same length?
Recovered
data has valid header, trailer,
N
format, and PK algorithm
indicator?
Calculated hash =
N
recovered hash?
Recovered PAN =
Application PAN? N
Certificate expired? Y
DDA Failed
Standard DDA?
Y N C
Concatenate
certificate’s ICC PK and
ICC PK Remainder to
form ICC PK Modulus
Proceed to Processing
D
Restrictions
31 Oct 2001
Draft 12/18/00 Visa Public 6–21
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Dynamic D
Card Signature Terminal
(Standard Generation (Standard DDA Only)
DDA Only)
Use Terminal’s
Use Card DDOL
Default DDOL
Recovered data
has valid header,
trailer, & format?
DDOL includes
N
Unpredictable Number?
Y
Concatenate recovered
data from Signed
INTERNAL Terminal issues INTERNAL Dynamic Application
AUTHENTICATE AUTHENTICATE command Data with DDOL data
Command with DDOL data elements
Card generates
dynamic signature
Calculate hash
using ICC Private
from
Key and returns
concatenated data
response to terminal
Dynamic
Signature
Y DDA
Verification Success
Signed Dynamic Y
Application Data & N
ICC PK Modulus
same length?
6–22
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 6.5 Prior Related Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 6–23
Offline Data Authentication Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
6–24
Draft 12/18/00 Visa Public 31 Oct 2001
Processing Restrictions 7
31 Oct 2001
Draft 12/18/00 Visa Public 7–1
Processing Restrictions Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Application Effective Date The Application Effective Date is the date when the application becomes activated
for use.
Application Expiration Date The Application Expiration Date is the date after which the application is no longer
available for use.
Application Usage Control The AUC indicates any restrictions set forth by the issuer on the geographic
(AUC) usage and services permitted for the card application. If present, it is used in
Application Usage Control checking by the terminal.
Application Version Number This data element (card tag “9F08”) indicates the version of the application on the
card. It is used in Application Version Number checking by the terminal. Cards
complying with this specification should use 140.
Issuer Country Code The Issuer Country Code is an EMV data element (tag “5F28”) indicating the
country of card issuance. If present, it is used in Application Usage Control
checking by the terminal.
7–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 7.2 Terminal Data
Terminal Specification, Version 1.4.0
Application Version Number This data element, (tag “9F09”), indicates the version of the application in the
terminal. Terminals complying with this specification should use 140.
Terminal Country Code This data element indicates the country in which the terminal is located. It is used
in Application Usage Control checking by the terminal.
Terminal Verification Results Contains bits, which are set to “1” based on the results of Processing Restrictions.
(TVR)
Transaction Date This is the local date (in the terminal) on which the transaction processing is
taking place. It is used by the terminal in effective and expiration date checking.
Transaction Type This data element indicates the type of financial transaction. (It is represented by
the first two digits of International Organisation for Standardisation
(ISO) 8583-1987, Processing Code.) It is used in Application Usage Control
checking by the terminal.
31 Oct 2001
Draft 12/18/00 Visa Public 7–3
Processing Restrictions Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
7–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 7.4 Application Usage Control
Terminal Specification, Version 1.4.0
If any of the above checks fail, the terminal indicates that the “Requested
Service is not Allowed for Card Product” in the TVR. Figure 7–3 illustrates
how the AUC from the card is used in this processing. If the indicated bit has
a value of “1”, that usage or capability is supported.
NOTE: The dashes in this chart indicate that the setting of this bit is not
applicable. When this data element is coded, all bits are either “0”
or “1”.
1 - - - - - - 1 - Valid at ATMs
31 Oct 2001
Draft 12/18/00 Visa Public 7–5
Processing Restrictions Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
7–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 7.6 Application Expiration Date
Terminal Specification, Version 1.4.0
Card Terminal B
Y
Y
N
Application
Y
Version Numbers
identical?
AUC indicates Set Requested Service
N N not Allowed for Card Y
N ATM Transaction
Allowed? Product bit to “1” in TVR
Set ICC and Terminal
Have Different
Application Versions bit
to “1” in TVR
Y
Application
AUC and Effective Date <
Issuer Country Current Date
Code present?
N
Y
B
Terminal proceeds
to Cardholder
Verification
(Chapter 8)
31 Oct 2001
Draft 12/18/00 Visa Public 7–7
Processing Restrictions Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
7–8
Draft 12/18/00 Visa Public 31 Oct 2001
Cardholder Verification 8
31 Oct 2001
Draft 12/18/00 Visa Public 8–1
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
8–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.1 Terminal Requirements
Terminal Specification, Version 1.4.0
Application Currency Code Used to determine whether the CVM Conditions involving amounts can be used.
Application Interchange Profile Contains an indicator showing whether the card supports cardholder verification.
(AIP)
31 Oct 2001
Draft 12/18/00 Visa Public 8–3
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Cardholder Verification Method Identifies a prioritized list of methods of cardholder verification for the card
(CVM) List application. A CVM List contains the following subfields:
● Amount X—Amount used in some CVM Conditions
●
Amount Y—Second amount used in some CVM Conditions
● CVM entry—The CVM List may contain multiple entries. Each entry contains
the following subfields:
Subfield Description
CVM Code Designates the action to take if the CVM fails. Choices
are process the next CVM entry or fail CVM processing.
8–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.2 Card Data
Terminal Specification, Version 1.4.0
If Offline PIN is performed, the terminal may request the PIN Try Counter
(described in Table 8–2) from the card.
PIN Try Counter Designates the number of PIN tries remaining. The card decrements the PIN Try
Counter with each unsuccessful VERIFY command received and resets it to the
PIN Try Limit if the Transaction PIN matches the Reference PIN or when a script
command to reset the counter is processed.
If the card supports Offline Enciphered PIN, the issuer may generate an ICC
PIN Encipherment public/private key pair to use solely for PIN encipherment
or may use the ICC key pair used for DDA. The card shall have the data
elements (described in Table 8–3) for whichever key pair is used.
Certificate Authority Public Key With the Registered Application Provider Identifier (RID), designates the Visa CA
Index (PKI) Public Key to use to decipher the Issuer PK Certificate.
ICC PIN Encipherment or ICC Encrypted with the Issuer Private Key and contains the public key to be used in
Public Key (PK) Certificate PIN encipherment.
ICC PIN Encipherment or ICC Contains the portion, if necessary, of the public key, which does not fit into the
Public Key Remainder public key certificate.
ICC PIN Encipherment or ICC Stored in a secure location on the card. Used to decipher the enciphered PIN after
Private Key it is received at the card.
ICC PIN Encipherment or ICC Used in the algorithm to decipher the enciphered PIN.
Public Key Exponent
Issuer Public Key (PK) Encrypted with the Visa Private Key and contains the Issuer public key to be used
Certificate to decipher the ICC PIN Encipherment or ICC PK Certificate. This is the same
certificate used for DDA and SDA.
Issuer Public Key Remainder Contains the portion, if necessary, of the public key, which does not fit into the
public key certificate.
31 Oct 2001
Draft 12/18/00 Visa Public 8–5
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Issuer Public Key Exponent Used in the algorithm to decipher the ICC PIN Encipherment or ICC PK
Certificate.
Registered Application Provider The portion of the Application Identifier (AID), which Identifies the scheme. With
Identifier (RID) the PKI, the RID designates the Visa CA Public Key to use to decipher the Issuer
PK Certificate during Offline Enciphered PIN processing.
The card data described in Table 8–4 is used internally by the card during
Offline PIN processing.
Card Verification Results (CVR) Contains indicators set by the card to reflect Cardholder Verification processing.
PIN Try Limit Issuer-specified maximum number of consecutive incorrect PIN tries allowed.
Reference PIN The cardholder PIN that is stored in a secure location on the card.
8–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.3 Terminal Data
Terminal Specification, Version 1.4.0
Amount, Authorized The amount of the transaction in the transaction currency. Also referred to as the
transaction amount.
Cardholder Verification Method Indicates the results of the last CVM performed.
(CVM) Results
Enciphered PIN Data Transaction PIN enciphered at the PIN pad for online verification or for offline
verification if the PIN pad and card reader do not share a tamper-evident device.
PIN Pad Secret Key Secret DES key used by the PIN pad during Offline Plaintext PIN processing to
encipher the keyed PIN and by the card reader to decipher the enciphered PIN.
This key is required if the card reader and PIN pad do not reside in a single
tamper-evident device. This key is not used for Offline Enciphered PIN
encipherment.
Terminal Capabilities Indicates the cardholder verification methods supported by the terminal.
Terminal Verification Results Indicators are set in the TVR for the following conditions:
(TVR) ● Cardholder verification was not successful
● Unrecognized CVM
● PIN Try Limit exceeded (on current or previous transaction)
● PIN entry required and PIN pad not present or not working
●
PIN entry required, PIN pad present, but PIN was not entered
● Online PIN entered
Transaction PIN Contains value keyed by the cardholder for PIN verification.
Transaction Status Information Contains an indicator, which is set when Cardholder Verification is performed.
(TSI)
31 Oct 2001
Draft 12/18/00 Visa Public 8–7
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
If the terminal supports Offline Enciphered PIN, it shall have data (described
in Table 8–6) which is the same data used for SDA and DDA.
Certificate Authority Public Key A unique index is associated with each Visa CA Public Key. It is used to identify
Index (PKI) the public key to use for PIN encipherment.
Registered Application Provider Used with the PKI to identify the public keys associated with the scheme. Visa’s
Identifier (RID) RID is A000000003.
Visa CA Public Keys The terminal uses the selected key to decrypt the Issuer PK Certificate from the
card.
8.4 Commands
The following commands are used for Offline PIN processing.
GET DATA
May be used by the terminal during Offline PIN processing to obtain the PIN
Try Counter from the card in order to determine whether the PIN Try Limit
was exceeded on a previous transaction or is close to being exceeded. This
retrieval of the PIN Try Counter is optional for the terminal.
The data portion of the command contains the tag for the PIN Try Counter.
The card returns an SW1 SW2 other than “9000” from the GET DATA
command if the PIN Try Counter is a proprietary data element. In this case,
the terminal shall bypass the checking of the PIN Try Counter and continue
with Offline PIN processing.
GET CHALLENGE
The GET CHALLENGE command is used to obtain an unpredictable number
from the card for use with Offline Enciphered PIN.
The terminal shall support the GET CHALLENGE command if the terminal
supports Offline Enciphered PIN.
The response data field contains the unpredictable number generated by the
card.
8–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.5 Processing
Terminal Specification, Version 1.4.0
VERIFY
Used for Offline Enciphered PIN and Offline Plaintext PIN. The VERIFY
command initiates the card comparison of the Transaction PIN and the
Reference PIN.
The terminal shall support the VERIFY command if the terminal supports
offline CVM verification.
The P2 parameter in the VERIFY command shall be:
● “80” if the CVM is Offline Plaintext PIN.
● “88” if the CVM is Offline Enciphered PIN.
The valid SW1 SW2 values in the VERIFY response are:
● “9000” if the keyed Transaction PIN matches the Reference PIN.
● “63Cx” if the PINs do not match. The “x” value representing the number of
PIN tries remaining. “63C0” means the PIN Try Limit was exceeded
during the VERIFY command processing.
● “6983” or “6984” if the PIN Try Limit was exceeded on a previous
transaction or a previous VERIFY command.
8.5 Processing
Cardholder verification involves the following two functions:
● CVM List processing—The terminal determines the CVM to use.
● CVM processing—The terminal performs the CVM selected in CVM List
processing.
31 Oct 2001
Draft 12/18/00 Visa Public 8–9
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
If a CVM List is received from the card and the card’s Application Interchange
Profile (AIP) indicates that CVM processing is supported, the terminal shall
process the CVM List. The terminal shall process each CVM List entry in the
order in which it appears in the CVM List.
1. Selecting the CVM Entry
The terminal shall select the CVM entry when all of the following are
true:
– The CVM Condition Code is understood by the terminal.
– The card data required by the condition is present (for example,
Application Currency Code when the CVM list includes a CVM
Condition with an amount check).
– The condition in the CVM Condition Code is satisfied. The “Terminal
Supports CVM” condition is satisfied if Terminal Capabilities indicates
that the CVM is supported. The conditions involving amounts require
that the Transaction Currency Code equals the Application Currency
Code.
Otherwise, the terminal shall go to the next entry.
2. Processing the CVM Entry
If the conditions expressed in the CVM Condition Code are satisfied, the
terminal shall attempt to perform the CVM. If the terminal does not
recognize the CVM, the terminal shall set Unrecognized CVM bit to “1” in
the TVR and perform the action designated in the CVM Code.
Details on processing specific CVMs are described in the next section of
this chapter.
3. CVM Success
If the CVM is performed successfully, Cardholder Verification is complete
and successful.
4. CVM Failure
If the CVM fails, the terminal shall check the CVM Code to see whether
the terminal should fail CVM processing or go to the next CVM entry:
– If the CVM Code indicates “Fail CVM,” the terminal shall set the
Cardholder Verification was not Successful bit to “1” in the TVR.
Cardholder Verification is complete.
– If the CVM Code indicates “Apply Succeeding CVM,” the terminal
shall process the CVM entry if one is present.
8–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.5 Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 8–11
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Figure 8–1 illustrates how a terminal could perform CVM List processing.
Y
N
CVM
CVM Condition N
Y A Successful?
satisfied?
N CVM Code= Y
Y Apply
Succeeding CVM
Entry? Terminal sets
Cardholder
Verification was
N
CVM Code = Performed in TSI.
Any more CVM
N Fail CVM
entries?
Terminal sets
“cardholder Visa
Y verification not specified CVM was No
default CVM for Y CVM Req’d?
successful” in
terminal?
TVR. Y
Terminal selects next
N
CVM in CMV List.
N
Terminal completes
Terminal
Cardholder
performs mag
Verification
stripe CVM
Processing
8–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.5 Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 8–13
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
8–14
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.5 Processing
Terminal Specification, Version 1.4.0
Figure 8–2 shows how Checking the PIN Try Counter could be performed.
CARD TERMINAL
Receive GET DATA GET DATA Issue GET DATA
and respond with command for PIN Try Counter
PIN try counter if
card allows
SW1 SW2 =
GET DATA response
9000?
N
Y Y
31 Oct 2001
Draft 12/18/00 Visa Public 8–15
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
If the CVM is Offline Enciphered PIN, the PIN may be RSA enciphered at
the PIN pad or may be enciphered using other means between the PIN
pad and the ICC reader and RSA enciphered at the card reader and
passed to the card in enciphered format.
3. PIN Checking using VERIFY command
When the offline PIN is entered, the terminal shall transmit a VERIFY
command containing the Transaction PIN to the card. The VERIFY P2
parameter shall be “80” to indicate Offline Plaintext PIN.
a. PIN Verification (performed by the card)
■ If the card’s PIN Try Counter is zero, the card does no PIN
compare and returns a VERIFY response with SW1 SW2 equal to
“6983” or “6984”.
■ If the Transaction PIN and the card’s Reference PIN are not equal,
the card decrements its PIN Try Counter and returns SW1 SW2
equal to “63Cx” where x is the number of PIN tries remaining.
■ If the PINs are equal, the card resets the PIN Try Counter to the
PIN Try Limit and returns SW1 SW2 of “9000”.
b. PINs Match
If the Transaction PIN matched the Reference PIN (SW1 SW2 equal
“9000”), the terminal should display the “PIN OK” message.
c. PIN Try Limit Exceeded on Previous Transaction
If the PIN Try Limit was exceeded on a previous transaction
(SW1 SW2 equal “6983” or “6984”), the terminal shall:
■ Set PIN Try Limit Exceeded to “1” in the TVR.
■ Perform the action specified in CVM Code of the CVM List entry.
8–16
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.5 Processing
Terminal Specification, Version 1.4.0
d. Non-Matching PINs
If the PINs did not match (SW1 SW2 equal “63Cx”), the terminal
action is based upon the value of “x”, which represents the number of
PIN tries remaining.
■ If zero PIN tries remain, the terminal:
– Should display the “Incorrect PIN” message.
– Shall set PIN Try Limit Exceeded to “1” in the TVR.
– Shall not transmit any further VERIFY command messages to
the card.
■ If the PIN tries remaining is nonzero, the terminal:
– Should display the “Incorrect PIN” message followed by the
“Enter PIN” message to prompt for PIN entry.
– If the PIN tries remaining is one, should display the Visa
proprietary message of “Last PIN Try” between these two
messages.
– After PIN entry, shall issue another VERIFY command to the
card and repeat the Offline PIN process.
31 Oct 2001
Draft 12/18/00 Visa Public 8–17
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Figure 8–3 illustrates how the terminal could perform Offline PIN processing.
Cardholder enters
PIN
Enciphered
PIN
Encriphered PIN? Y processing
Terminal Issues
Card receives VERIFY command VERIFY command
Verify comand with Entered PIN.
and responds
PINs Matched
N
PIN Try Limit Exceeded Previously
Terminal performs
Set PIN Try Limit
SW1 SW2 = action specified in
Y Exceeded to “1” in
6983 or 6984? CVM Code of CVM
TVR
List entry.
N
Invalid Response from VERIFY Command
Display
“Incorrect PIN”
Terminal performs
PIN Tries Terminal sets “PIN
Remaining action specified in
Y Try Limit Exceeded”
= 0? CVM Code of CMV
in TVR.
List entry.
8–18
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.5 Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 8–19
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Card Terminal
Enciphered
PIN
Processing
ICC
ICC PK
Enciphered
N Certificate N Fail CVM Processing
PIN PK Certificate
available?
available?
Y
Y
Encipher
concatenated data
with public key.
Set P2 to “88” in
VERIFY command.
Issue VERIFY
command and
VERIFY
continue processing
command
as with Offline
Plaintext PIN.
8–20
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.5 Processing
Terminal Specification, Version 1.4.0
8.5.2.4 Signature
When the CVM is signature and the terminal supports the signature process,
the CVM is considered to have passed and Cardholder Verification is
complete. At the end of the transaction, the terminal shall print a receipt with
a line for the cardholder’s signature.
If the terminal does not support the signature process, the terminal shall
proceed to the action specified in the CVM Code for the CVM List entry.
31 Oct 2001
Draft 12/18/00 Visa Public 8–21
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Terminal performs
Terminal
SIGNATURE action specified in
supports N
CVM Code of CVM
signature?
List entry.
Terminal proceeds to
Terminal Risk
Management.
8–22
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 8.6 Prior Related Processing
Terminal Specification, Version 1.4.0
Terminal proceeds to
Terminal Risk
Management
(Chapter 9)
31 Oct 2001
Draft 12/18/00 Visa Public 8–23
Cardholder Verification Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
8–24
Draft 12/18/00 Visa Public 31 Oct 2001
Terminal Risk Management 9
31 Oct 2001
Draft 12/18/00 Visa Public 9–1
Terminal Risk Management Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
9–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 9.1 Card Data
Terminal Specification, Version 1.4.0
Application Identifier (AID) Identifies the Terminal Floor Limit to be used during Terminal Risk Management
Application Primary Account Cardholder account number used in terminal exception file checking.
Number (PAN)
Application Transaction Counter A counter of the number of transaction processed by the card since the application
(ATC) was put on the card and is used in terminal velocity checking.
Last Online Application The ATC value of the last transaction that went online. If terminal velocity checking
Transaction (ATC) Register or new card checking by the terminal is required by the card, this data element
and both of the data elements listed below must be present.
Lower Consecutive Offline Limit This data element (tag “9F14”) is the issuer-specified preference for the maximum
number of consecutive offline transactions allowed before a transaction must be
sent online if the terminal is online capable. It is used in terminal velocity checking.
Upper Consecutive Offline Limit This data element (tag “9F23”) is the issuer-specified preference for the maximum
number of consecutive offline transactions allowed before transactions must be
declined offline. It is used in terminal velocity checking.
31 Oct 2001
Draft 12/18/00 Visa Public 9–3
Terminal Risk Management Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Amount, Authorized This numeric data element (tag “9F02”) stores the amount (excluding
adjustments) for the current transaction. It is used in floor limit checking.
Maximum Target Percentage to Value used in terminal risk management for random selection of transactions for
be used for Biased Random online processing.
Selection
Target Percentage to be used Value used in terminal risk management for random selection of transactions for
for Random Selection online processing.
Terminal Floor Limit This data element (tag “9F1B”) indicates the floor limit in the terminal in
conjunction with the Application Identifier for the application. It is used in floor limit
checking and random selection of transactions for online processing.
Terminal Verification Results A series of indicators in which the results of offline processing from a terminal
(TVR) perspective are recorded. It is used to record the results of all terminal risk
management checks.
Threshold Value for Biased Value used in terminal risk management for random selection of transactions for
Random Selection online processing.
Transaction Log To prevent the use of split sales to bypass floor limits, the terminal may have a
transaction log of approved transactions. This log, minimally contains the
Application PAN and transaction amount, and optionally contains the Application
PAN Sequence Number and Transaction Date. The number of transactions to be
stored and maintenance of the log is outside the scope of this specification. This
log, if present, may be used in terminal floor limit checking.
Transaction Status Information Indicates the terminal functions performed during the transaction. This data
(TSI) element is not provided in the online authorization and clearing messages, but is
used by the terminal to indicate that terminal risk management was performed.
9–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 9.3 GET DATA Command
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 9–5
Terminal Risk Management Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
If the sum of the current Amount, Authorized and the previous amount is
greater than or equal to the Terminal Floor Limit, the terminal sets the
Transaction Exceeds Floor Limit bit to “1” in the TVR.
EXAMPLE 1
The transaction amount is 20. Since the transaction
amount (20) is less than the threshold for Biased Random
Selection, random selection is performed. The terminal
random number (25) is compared to the target
percentage (20%), and because the random number is
higher the transaction is not selected for online processing.
9–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 9.8 Terminal Velocity Checking
Terminal Specification, Version 1.4.0
EXAMPLE 2
The transaction amount is 60. This is above the threshold
for Biased Random Selection but below the terminal floor
limit, so biased random selection is performed.
The transaction amount is 20 above the threshold, which is
one-third of the difference between the terminal floor limit
and the threshold for biased random selection
(100 - 40 = 60). Therefore, one-third of the difference
between the maximum target percentage and the target
percentage (50% - 20% = 30% x 1/3 = 10%) is added to the
target percentage to result in a target for this transaction
value of 30% (10% + 20%).
The terminal’s random number is 25 (less than the target
of 30), so the transaction is selected for online processing.
EXAMPLE 3
The transaction amount is 150. Because this is above the
terminal floor limit, the transaction is not subjected to
random selection. It is selected for online processing by the
terminal’s floor limit checking function.
31 Oct 2001
Draft 12/18/00 Visa Public 9–7
Terminal Risk Management Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
● If the ATC minus the Last Online ATC Register is greater than the Upper
Consecutive Offline Limit, the terminal sets the Upper Consecutive
Offline Limit Exceeded bit to “1” in the TVR.
NOTE: Similar velocity checks may be performed by the card during Card
Action Analysis. The TVR bits for Lower and Upper Consecutive
Offline Limit Exceeded are not set during the Card Action Analysis
checks.
9–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 9.10 End Terminal Risk Management
Terminal Specification, Version 1.4.0
A
Terminal
Transaction log
present
Terminal exception in terminal?
file present?
Y
Y
Amount,
Log Entry Present
N authorized + amount
which matches current Y
in log > terminal
Card appears on transaction
N floor limit
exception file?
N Y
N
Y
Terminal sets
Terminal sets Card Transaction amount > Transaction Exceeds
Y
Appears on Terminal terminal floor limit Floor Limit bit to “1” in
Exception File bit to “1” in TVR
TVR
N
N
Y
N
Terminal sets Merchant
Forced Transactions N
Online bit to “1” in TVR
B
31 Oct 2001
Draft 12/18/00
Visa Public 9–9
Terminal Risk Management Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Terminal
Lower and
Upper Consecutive
N
Offline Limits read
by terminal?
Y
Terminal sets both Lower
Consecutive Offline Limit
Exceeded and Upper
(ATC-Last
Consecutive Offline Limit
Online ATC Register) >
Exceeded bits to “1” in TVR
Lower Consecutive
Offline Limit?
(ATC-
Last Online ATC
Register) > Upper N N
Consecutive Offline
Limit
Terminal
proceeds to
Last Online
N Terminal Action
ATC Register = 0
Analysis
(Chapter 10)
Y
9–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 9.11 Prior Related Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 9–11
Terminal Action Analysis 10
In Terminal Action Analysis, the terminal applies rules set by the issuer in
the card and by the acquirer in the terminal to the results of offline processing
to determine whether the transaction should be approved offline, declined
offline, or sent online for an authorization.
Terminal Action Analysis involves two steps:
1. Review Offline Processing Results—The terminal reviews the results
of offline processing recorded in the TVR to determine whether the
transaction should go online, be approved offline, or be declined offline.
This process considers issuer-defined criteria from the card called Issuer
Action Codes (IACs) and Visa-defined criteria in the terminal called
Terminal Action Codes (TACs).
2. Request Cryptogram Processing—The terminal requests a
cryptogram from the card.
31 Oct 2001
Draft 12/18/00 Visa Public 10–1
Terminal Action Analysis Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Issuer Action Codes (IACs) Each IAC contains a series of bits, defined during issuer personalization, which
correspond to the bits in the Terminal Verification Results (TVR). The three IACs
are:
● IAC—Denial
The bits, which correspond to the TVR conditions for which the issuer would
like an offline decline. If the terminal does not receive an IAC—Denial from the
card, the terminal uses all “0”s.
● IAC—Online
The bits, which correspond to the TVR conditions for which the issuer would
like to go online for an authorization. If the terminal does not receive an
IAC—Online from the card, the terminal uses all “1”s.
● IAC—Default
The bits, which correspond to the TVR conditions for which the issuer would
like an offline decline if online processing is not available. If the terminal does
not receive an IAC—Default from the card, the terminal uses all “1”s.
10–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 10.2 Terminal Data
Terminal Specification, Version 1.4.0
The card data described in Table 10–2 is used during the Request Application
Cryptogram phase.
Card Data Management Object The CDOL1 contains the tags and lengths for the terminal data objects, which are
List 1 (CDOL1) needed by the card to generate the first application cryptogram, and for other
processing.
Authorization Response Code Indicates the terminal’s requested disposition for the transaction.
Terminal Action Codes (TAC) The TACs are Visa-defined bit-strings, which are similar to the card’s Issuer Action
Codes (IACs) except that they are stored in the terminal. The TACs are three data
elements which each consist a series of bits, which correspond to the bits in the
TVR. The TACs are:
● TAC—Denial
The acquirer sets the bits, which correspond to the TVR conditions, which
should cause an offline decline. The TAC—Denial shall contain a value of
X'0010000000'. This TAC value causes a decline for the Service Not Allowed
condition.
Note: Acquirers not supporting all of the VSDC data in the authorization
request shall decline transactions offline if DDA fails using a TAC—Denial
value of X'0810000000'.
31 Oct 2001
Draft 12/18/00 Visa Public 10–3
Terminal Action Analysis Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
The terminal shall contain the value of “D84000A800”. This TAC value
generates a decline if the transaction cannot be sent online for authorization
when:
Note: Markets not supporting offline data authentication in cards may remove
the TAC—Online and TAC—Default settings for offline data authentication not
performed resulting in a TAC—Online value of X'584004F800' and a
TAC—Default of value of X'584000A800'.
A means for updating the TACs by the acquirer shall be supported as defined in
the EMV 4.0 Book 4, Section 6.2.
Terminal Verification Results The TVR is a series of bits which are set during transaction processing to
(TVR) represent transaction processing status as seen from the perspective of the
terminal.
10–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 10.3 GENERATE APPLICATION CRYPTOGRAM (AC)
Terminal Specification, Version 1.4.0 Command
The terminal data described in Table 10–4 is used during the Request
Application Cryptogram phase.
Data Objects specified in The terminal includes the data objects specified by the issuer in the CDOL1 in the
CDOL1 by the issuer GENERATE APPLICATION CRYPTOGRAM (AC) command.
31 Oct 2001
Draft 12/18/00 Visa Public 10–5
Terminal Action Analysis Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
10.4 Processing
Terminal Action Analysis consists of two steps:
●
Review of Offline Processing Results
● Generate Cryptogram Processing
10–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 10.4 Processing
Terminal Specification, Version 1.4.0
The issuer wishes to decline transactions offline if Offline Dynamic Data Authentication fails or
if the PIN Try Limit is exceeded so the IAC—Denial bits from the card are set as below:
Offline DDA Failed PIN Try Limit Exceeded
↓ ↓
IAC—Denial 00001000 00000000 00100000 00000000 00000000
The terminal records offline processing results in the TVR. In the following transactions, the
application is expired. In Transaction 2, Offline DDA has also failed.
Transaction 1: The application is expired so the TVR is set to:
Expired Application
↓
TVR 00000000 01000000 00000000 00000000 00000000
IAC—Denial 00001000 00000000 00100000 00000000 00000000
Decline offline is not set here because the TVR and IAC—Denial have no corresponding bits that
are set to “1”.
Transaction 2: Offline DDA has failed and the application is expired so the TVR is set to:
Offline DDA Failed Expired Application ¯ ¯
↓ ↓
TVR 00001000 01000000 00000000 00000000 00000000
IAC-Denial 00001000 00000000 00100000 00000000 00000000
Offline DDA Failed is set to “1” in the IAC—Denial and the TVR so the transaction disposition is
set to decline offline.
Similar comparisons are done with the other IACs and the TACs.
31 Oct 2001
Draft 12/18/00 Visa Public 10–7
Terminal Action Analysis Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
10–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 10.4 Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 10–9
Terminal Action Analysis Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Are any
corresponding bits
set in both TVR and the
IAC-Denial or
TAC-Denial?
Online capable
terminal?
Y N
Y Y
Y
Are any
corresponding bits set in
both TVR & IAC-Default or Y
TAC-Default?
Are any
corresponding bits set
in TVR & IAC-Online or N N
TAC-Online?
Terminal sets Auth Resp
Code to Z (offline
Y Terminal sets Auth
approved)
Resp Code to Z3
P1 (Cryptogram type) (offline declined)
in GEN AC = ARQC P1 (Cryptogram type) in
(Send Online) GEN AC = TC (Approve)
P1 (Cryptogram type)
in GEN AC = AAC
DDA/ Terminal sets P1 in
Card AC Generation to Y GENERATE AC indicating
(Decline)
be done? DDA/AC Generation req'd
N
Proceed to Card
Action Analysis GENERATE AC Terminal issues 1st
(See Chapter 11) command Generate AC
10–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 10.5 Prior Related Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 10–11
Card Action Analysis 11
Card Action Analysis allows issuers to perform velocity checking and other
risk management, which is internal to the card. Visa proprietary card risk
management features described in this section include checking:
●
Activity on previous transactions
● If card is a new card
●
Velocity counters
Card Action Analysis shall be performed as described in the EMV 2000
Integrated Circuit Card Specification for Payment Systems, Version 4.0
(EMV 4.0), Book 3, Section 6.8.
This chapter is organized into the following sections:
11.1 Card Data
11.2 Terminal Data
11.3 GENERATE APPLICATION CRYPTOGRAM (AC) Command
11.4 Processing
11.5 Prior Related Processing
11.6 Subsequent Related Processing
31 Oct 2001
Draft 12/18/00 Visa Public 11–1
Card Action Analysis Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Card Risk Management Data List of data objects with their associated labels (tags) and lengths, to be passed
Object List 1 (CDOL1) from the terminal to the card application with the first GENERATE APPLICATION
CRYPTOGRAM (AC) command.
Application Transaction Counter A counter of the number of transactions initiated since the application was put on
(ATC) the card.
Issuer Application Data Contains proprietary application data for transmission to the Issuer. This includes
the CVR.
Card Verification Results A Visa proprietary data element containing indicators, which are set, based upon
the results of offline processing for current and previous transactions.
11–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 11.2 Terminal Data
Terminal Specification, Version 1.4.0
Data Requested in CDOL1 The terminal provides the data requested by the card in the CDOL1. For a list of
data required, refer to the Visa Integrated Circuit Card Specification, Appendix E,
Cryptogram Versions Supported.
31 Oct 2001
Draft 12/18/00 Visa Public 11–3
Card Action Analysis Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
11.4 Processing
The terminal does no processing during Card Action Analysis.
The GENERATE AC command, which the card receives from the terminal,
contains a parameter indicating the cryptogram type, which the terminal is
requesting. This cryptogram type indicates the terminal’s transaction decision
(approve offline, decline offline, send online).
Based on the results of this Card Risk Management performed by the card
(including checking activity on previous transactions, if card is a new card,
and velocity counters), the card determines a transaction response. The card’s
response may override the terminal’s decision indicated by the Cryptogram
Type:
● The card may override the terminal’s decision to approve offline by
deciding to either send online or decline offline.
● The card may override the terminal’s decision to go online by deciding to
decline offline.
These decision rules are shown in Table 11–4.
Card Responds
AAC ARQC TC
11–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 11.5 Prior Related Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 11–5
Online Processing 12
Online Processing allows the issuer’s host computer to review and authorize
or decline transactions using the issuer’s host-based risk management
parameters. In addition to performing traditional online fraud and credit
checks, host authorization systems may perform Online Card Authentication
using a card-generated dynamic cryptogram and may consider offline
processing results in the authorization decision.
The response from the issuer may include post-issuance updates to the card
and an issuer-generated cryptogram, which the card can validate to ensure
that the response came from the valid issuer or both. This validation is called
Issuer Authentication.
This chapter describes the terminal online processing functions, which are
new with Visa Smart Debit and Visa Smart Credit (VSDC). Online
processing functions, which are also performed with magnetic, stripe-read,
and key-entered transactions are not described.
Online processing shall be performed as described in the EMV 2000
Integrated Circuit Card Specification for Payment Systems, Version 4.0
(EMV 4.0), Book 3, Part II, Section 6.9, and Book 4, Part I, Section 2.3.8.
This chapter is organized in the following manner:
12.1 Terminal Requirements
12.2 Card Data
12.3 Terminal Data
12.4 Commands
12.5 Processing
12.6 Prior Related Processing
12.7 Subsequent Related Processing
31 Oct 2001
Draft 12/18/00 Visa Public 12–1
Online Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Application Transaction Counter A counter of the number of transactions initiated since the application was put on
(ATC) the card.
Cryptogram Information Data Contains an indicator of the type of cryptogram. An Authorization Request
Cryptogram (ARQC) is designated by b'10' in the first two bits (bits 8–7).
Issuer Application Data Issuer Application Data is a Visa-mandatory field used to transmit Visa
discretionary data to the terminal for input to the online request message or
clearing record. The terminal passes this data through to the issuer.
12–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 12.3 Terminal Data
Terminal Specification, Version 1.4.0
Application Interchange Profile The AIP contains a flag, which indicates whether the card supports Issuer
(AIP) Authentication. The AIP is received during Initiate Application Processing from the
card in the GET PROCESSING OPTIONS response.
Transaction Status Information Contains a bit for Issuer Authentication was Performed which the terminal sets
(TSI) to “1” when Issuer Authentication is performed.
Terminal Verification Results Contains a bit indicating whether Issuer Authentication Was Unsuccessful which
(TVR) the terminal sets to “1” when Issuer Authentication fails.
31 Oct 2001
Draft 12/18/00 Visa Public 12–3
Online Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Table 12–4: Visa Smart Debit Credit (VSDC) Data Objects Required in Online Message
Amount, Other Portion of transaction amount that is cashback from terminal (if
present)
Application Interchange Profile (AIP) Received from card during Initiate Application Processing
Application PAN Sequence Number Received from card during Read Application Data
12–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 12.3 Terminal Data
Terminal Specification, Version 1.4.0
The format of the online message from the terminal is outside the scope of the
Visa Integrated Circuit Card Specification. The VisaNet online message
format is described in the Visa Smart Debit/Credit System Technical Manual.
The VSDC data elements in the online message may be considered in the
issuer host decision to decline or approve the transaction. This issuer decision
logic is outside the scope of the Visa Integrated Circuit Card Specification.
Issuer Script Contains command data from the issuer to be used to update the card
application.
The Authorization Response Code in Table 12–5 is the code generated by the
issuer during online processing and used in the generation of the
Authorization Response Cryptogram (ARPC). This code shall not change in
transmission from the issuer to the terminal. The terminal shall transmit this
Authorization Response Code to the card as part of the Issuer Authentication
Data.
31 Oct 2001
Draft 12/18/00 Visa Public 12–5
Online Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
12.4 Commands
Online Processing uses the GENERATE APPLICATION CRYPTOGRAM (AC)
command response and the EXTERNAL AUTHENTICATE command and
response.
GENERATE APPLICATION CRYPTOGRAM (AC) response
Prior to sending the online request, the terminal receives the card’s response
to the GENERATE AC command.
The command response is described in the EMV 4.0, Book 3, Part I,
Section 2.5.5.4, and in Appendix B, Commands for Financial Transactions.
EXTERNAL AUTHENTICATE
If Issuer Authentication is to be performed after the online response is
received, the terminal issues an EXTERNAL AUTHENTICATE command to
ask the card to perform Issuer Authentication. The command is described in
the EMV 4.0, Book 3, Part I, Section 2.5.4 and Appendix B, Commands for
Financial Transactions.
The command contains the Issuer Authentication Data shown in Table 12–5.
The command response SW1 SW2 is “9000” if Issuer Authentication was
successful.
12.5 Processing
Online Processing includes processing the online request, processing the
online response, and optionally performing Issuer Authentication.
12–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 12.5 Processing
Terminal Specification, Version 1.4.0
3. Calculates a hash from the dynamic data elements that are in the clear.
4. Checks that the calculated hash matches the hash recovered from the
Signed Dynamic Application Data.
If any of the above steps fail, the terminal indicates Combined DDA/AC
Generation failed in the TVR and proceeds to Completion.
If all of the above steps are successful, Combined DDA/AC Generation has
passed and the terminal continues processing as described in the next section.
31 Oct 2001
Draft 12/18/00 Visa Public 12–7
Online Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
12–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 12.5 Processing
Terminal Specification, Version 1.4.0
12.5.4 Flow
The Online Processing flow is shown in Figure 12–1.
Y Valid?
N
N
ARQC &
terminal can N
process online? If AAC returned or
dynamic signature
is not valid, the
A
terminal indicates
Y DDA/AC Generation
failed in TVR
Issuer returns
Terminal transmits online auth. Authorization Request authorization
request to issuer through acquirer with ARQC
response
Authorization Response
Terminal receives authorization
with optional ARPC
response
and/or issuer script
Issuer Authentication
Data in response?
N
Y
AIP shows
card supports Issuer N
Authentication?
Y
Terminal proceeds to
Card performs Terminal issues Completion.
EXTERNAL (See Chapter 13)
Issuer EXTERNAL
AUTHENTICATE
Authentication AUTHENTICATE
command
(validates ARPC) command
Terminal receives
EXTERNAL
EXTERNAL
AUTHENTICATE
AUTHENTICATE
response
response
Terminal proceeds to
A Completion
(See Chapter 13)
31 Oct 2001
Draft 12/18/00 Visa Public 12–9
Online Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
12–10
Draft 12/18/00 Visa Public 31 Oct 2001
Completion 13
31 Oct 2001
Draft 12/18/00 Visa Public 13–1
Completion Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Card Risk Management Data A list of data objects (tags and lengths) to be passed to the card with the final
Object List 2 (CDOL2) GENERATE AC command
Issuer Action Code—Default Contains a series of bits that correspond to the bits in the TVR. The issuer sets a
bits to “1” in this IAC if the issuer would like the corresponding TVR condition to
generate an offline decline when an online authorization cannot be completed.
See Chapter 10, Terminal Action Analysis, for more information on the
IAC—Default.
13–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.1 Card Data
Terminal Specification, Version 1.4.0
Application Transaction Counter A counter of the number of transactions initiated since the application was put on
(ATC) the card.
Card Verification Results (CVR) A Visa proprietary data element containing indicators that are set based upon the
results of offline processing for current and previous transactions.
Cryptogram Information Data Contains indicators including the type of cryptogram returned by the card:
(CID) ● An Application Authentication Cryptogram (AAC) for a decline
● A Transaction Certificate (TC) for an approval
● An Authorization Request Cryptogram (ARQC) for online processing (first
GENERATE AC only)
Issuer Application Data Contains proprietary application data for transmission to the Issuer. This includes
the CVR.
31 Oct 2001
Draft 12/18/00 Visa Public 13–3
Completion Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Authorization Response Code A terminal data element provided to the card which indicates the disposition of the
transaction.
Y1 = Offline approved
Z1 = Offline declined
Y3 = Unable to go online (offline approved)
Z3 = Unable to go online (offline declined)
Terminal Verification Results A terminal data element used to record offline processing results, such as SDA
(TVR) failure or floor limit exceeded, from a terminal perspective.
Terminal Action Code—Default Contains a series of Visa-defined bits that correspond to the bits in the TVR.
When a bit is set to “1” in this TAC an offline decline is generated if the
corresponding TVR condition is true and an online authorization cannot be
completed.
See Chapter 10, Terminal Action Analysis, for additional information on the
TAC—Default.
13–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.4 Transaction Authorized Offline
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 13–5
Completion Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
13–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.5 Transaction Authorized Online
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 13–7
Completion Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Authorization
Terminal Requests Response Code Transaction Disposition
The terminal then issues the final GENERATE AC command that includes
the Authorization Response Code.
13–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.6 Online Processing Requested, Transaction Was
Terminal Specification, Version 1.4.0 Not Sent Online
31 Oct 2001
Draft 12/18/00 Visa Public 13–9
Completion Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Terminal
Card
Terminal analyzes
first GENERATE AC
response
Set Authorization
Cryptogram = Y Response Code to Z1 B
AAC? (decline)
N
Set Auth.
Combined Resp. Code
Cryptogram Y DDA/AC Gen Y
= TC? to Z1
failed?
(decline)
N N
Set P1 in Set Auth.
ARQC & Resp.Code to
DDA/AC Gen. Y GEN AC to A
failed? AAC (decline) Y1 (approve)
N
C
Transaction ((IAC-Def.
completed online? N OR TAC-Def.) & N
TVR) = 0?
Set Authorization
Y
Y Y Response Code
to Z3 & P1 to AAC
Set P1 in GEN AC to Set Authorization
TC (approval) or AAC Response Code
(decline) based on to Y3 & P1 to TC
Auth. Resp. Code
Card responded
Card responds to with a TC?
Final Receives Final
Final GENERATE AC
GENERATE AC GENERATE AC
with TC (approve) or
Response response
AAC (decline) Y
N
Terminal
Terminal processes requested an Y
Issues Script if in AAC?
auth. response
B
A
N
13–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 13.7 Prior Related Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 13–11
Issuer-to-Card Script Processing 14
31 Oct 2001
Draft 12/18/00 Visa Public 14–1
Issuer-to-Card Script Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Transaction Status The TSI a bit, which is set to “1” when Issuer-to-Card Script processing is performed.
Information (TSI)
Issuer Script Results Issuer Script Results are returned to the issuer through a clearing message, another
message such as a reversal, the next online authorization, or an offline advice message. It is
a 5–byte field defined as follows:
Byte 1 Contains the results of script processing and the sequence number of the
command, which failed script processing. This sequence number is zero if
script processing is successful.
Bytes 2–5 Contain the Issuer Script Identifier received in the Issuer Script.
Although it is preferable that the terminal transmit the full five-byte Issuer Script Results to
the acquirer, it is acceptable for the terminal to transmit only the first byte indicating script
results. If this is done, the following shows the mapping from the one-byte Issuer Script
Results transmitted by the terminal to the five-byte Issuer Script Results transmitted by the
acquirer to Visa.
Mapping Terminal Issuer Script Results to Acquirer Issuer Script Results
14–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 14.3 Online Response Data
Terminal Specification, Version 1.4.0
Issuer Script This version of the Visa Integrated Circuit Card Specification supports at most
one Issuer Script per response. The Issuer Script may contain one or more
commands. In a subsequent version of this specification, issuers may transmit
more than one Issuer Script. The tag for the script should be “72”. The format of
the Issuer Script is shown in Figures 5 and 6 of the EMV 4.0, Book 3,
Section 6.10.
14.4 Commands
The Visa-defined Issuer Script Commands support the functions listed below
and are described in detail in the Card Volume of the specification and in the
EMV 4.0, Book 3, Section 2.5, and the Visa Integrated Circuit Card
Specification, Appendix C, Commands for Financial Transactions. Issuer
proprietary commands may also be received and should be passed through to
the card.
APPLICATION BLOCK
The command blocks the use of the selected application. If during the
processing of a transaction, the application is blocked, the terminal shall
continue to process the transaction through completion.
APPLICATION UNBLOCK
Unblocking the application reverses the APPLICATION BLOCK status.
Unblocking of an application occurs only at a special device as designated by
the issuer. The processing by this device is described in the Visa Integrated
Circuit Card Specification, Chapter 14, Issuer-to-Card Script Processing.
CARD BLOCK
The CARD BLOCK command is a post-issuance command that permanently
disables all applications on the card.
If the card is blocked during the processing of a transaction, the terminal shall
continue to process the transaction through completion.
31 Oct 2001
Draft 12/18/00 Visa Public 14–3
Issuer-to-Card Script Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
PIN CHANGE/UNBLOCK
The PIN CHANGE/UNBLOCK command provides the issuer the capability
either to unblock the offline PIN or to simultaneously change and unblock the
reference PIN.
PIN changes should only be performed within a secure environment controlled
by the issuer.
PUT DATA
The PUT DATA command allows specific primitive data objects in the card to
be updated.
UPDATE RECORD
The UPDATE RECORD command is used to update a record in a file with the
data provided in the command data field.
14.5 Processing
The terminal shall process Issuer Scripts as described in the following
sections.
14–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 14.5 Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 14–5
Issuer-to-Card Script Processing Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Card Terminal
Terminal completes
Online Processing
and Completion
Issuer Script N
present in online
response?
Terminal increments Y
script command Y
sequence number
Terminal receives
Script Command
command response
Response
from card
Another
SW1 W2 = 9000 Y command
present?
Terminal completes
transaction
processing
14–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card 14.6 Prior Related Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public 14–7
Terminal and Acquirer Data Elements A
This appendix defines those data elements that may be used for financial
transaction interchange and their mapping onto data objects. This includes all
terminal or acquirer data objects listed in the EMV 2000 Integrated Circuit
Card Specification for Payment Systems, Version 4.0, and the Visa proprietary
data elements. Also included is a list of terminal data element tags.
Card data and issuer data elements are listed in the Visa Integrated Circuit
Card, Card Specification.
NOTE: Although Visa does not support certain terminal-related data objects
listed in the EMV 2000 Integrated Circuit Card Specification for
Payment Systems, Version 4.0, in this version of the Visa Integrated
Circuit Card Specification (VIS), other payment systems may choose to
support these data objects. Therefore, the terminal shall support all
terminal-related data objects listed in those specifications.
31 Oct 2001
Draft 12/18/00 Visa Public A–1
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
When data is moved from one entity to another (for example, card to
terminal), it shall always be passed in order from high order to low order,
regardless of how it is internally stored. The same rules applies when
concatenating data.
Name (Format;
Tag; Length) Requirement Description Values
A–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
F: n 12
T: 9F02
L: 6
31 Oct 2001
Draft 12/18/00 Visa Public A–3
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
A–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
Application M Indicates whether the Format and content are at the discretion of
Selection associated AID in the the terminal vendor. For Visa applications,
Indicator terminal must match the must be set to allow partial selection.
AID in the card exactly
including the length of the
F: –
AID, or only up to the
T: –
length of the AID in the
L: –
terminal.
There is only one
Application Selection
Indicator per AID in the
terminal.
31 Oct 2001
Draft 12/18/00 Visa Public A–5
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
A–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
F: b
T: 83
L: var.
Default Dynamic C DDOL to be used for Must contain tag for Unpredictable Number
Data constructing the (“9F37”) only.
If DDA is
Authentication INTERNAL
supported
Data Object List AUTHENTICATE
(DDOL) command if the DDOL in
the card is not present.
F: b
T: –
L: var.
31 Oct 2001
Draft 12/18/00 Visa Public A–7
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
A–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
F: –
T: –
L: –
31 Oct 2001
Draft 12/18/00 Visa Public A–9
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
A–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
Point of Service M Indicates the method by Codes are as indicated in ISO 8583:1987
(POS) Entry which the PAN was with the following additions. If the magnetic
Mode Code entered, according to the stripe is read instead of the ICC, the terminal
first two digits of ISO may indicate this by generating the following
8583:1987. codes for transmission to the acquirer.
F: n 2
T: 9F39 90 = Magnetic stripe read; service code
L: 1 does not begin with “2”or “6”
91 = Magnetic stripe read; service code
begins with “2”or “6”; last transaction
was a successful IC read or was not an
IC transaction
92 = Magnetic stripe read; service code
begins with “2”or “6”; last transaction
was an unsuccessful IC read
Note: The new codes 91 and 92 are not
transmitted in the POS Entry Mode Code
from the acquirer to Visa.
Proprietary M As part of the Application The currently assigned Visa PIXs used for
Application Identifier (AID), identifies VSDC are:
Identifier the application within the
1010—Visa
Extension (PIX) application provider
(scheme). 2010—Electron
F: b 3010—Interlink
T: part of AID 999910—Proprietary ATM
L: 0–11
31 Oct 2001
Draft 12/18/00 Visa Public A–11
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
Target C Value used in terminal risk Visa may establish a range of values.
Percentage to be management for random
If online/offline
Used for transaction selection.
terminal
Random
Selection
F: –
T: –
L: –
Terminal Action C Specifies payment Bit assignments are identical to those for
Code—Default scheme conditions that Terminal Verification Results (TVR). The
If offline
cause a transaction to be permissible values for the TAC—Default in
capable
declined if it might have this version of VIS is are shown in
F: b 40 terminal
been approved online, but Chapter 10, Table 10–3.
T: –
the terminal is unable to
L: 5
process the transaction
online.
Terminal Action C Specifies payment Bit assignments are identical to those for
Code—Denial scheme conditions that Terminal Verification Results (TVR). The
If offline
cause the decline of a permissible values for the TAC—Denial in
capable
transaction without this version of VIS is are shown in
F: b 40 terminal
attempting to go online. Chapter 10, Table 10–3.
T: –
L: 5
Terminal Action C Specifies payment Bit assignments are identical to those for
Code–Online scheme conditions that Terminal Verification Results (TVR). The
If online/offline
cause a transaction to be permissible values for the TAC—Online in
terminal
transmitted online. this version of VIS is are shown in
F: b 40
Chapter 10, Table 10–3.
T: –
L: 5
A–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
Terminal M Indicates the card data ● Byte 1 (Card Data Input Capability):
Capabilities input, CVM, and security
bit 8: 1 = Manual key entry
capabilities of the bit 7: 1 = Magnetic stripe
terminal. bit 6: 1 = IC with contacts
F: b 24
bits 5–1: RFU (00000)
T: 9F33
L: 3 ● Byte 2 (CVM Capability):
bit 8: 1 = Plaintext PIN for offline
CC verification
bit 7: 1 = Enciphered PIN for online
verification
bit 6: 1 = Signature (paper)
bit 5: 1 = Enciphered PIN for offline
verification
bits 4–1: RFU (00000)
● Byte 3 (Security Capability):
bit 8: 1 = Offline static data
authentication
bit 7: 1 = Offline dynamic data
authentication
bit 6: 1 = Card capture
bit 5: 1 = Combined dynamic data
authentication/application
cryptogram generation
bits 4–1: RFU (00000)
31 Oct 2001
Draft 12/18/00 Visa Public A–13
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
F: b 8–64
T: 9F1D
L: 1–8
A–14
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
31 Oct 2001
Draft 12/18/00 Visa Public A–15
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
A–16
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
Terminal ● Byte 4
Verification
bit 8: 1 = Transaction exceeds floor
Results (TVR) limit
(continued) bit 7: 1 = Lower consecutive offline
limit (“9F14”) exceeded
bit 6: 1 = Upper consecutive offline
limit (“9F23”) exceeded
bit 5: 1 = Transaction selected
randomly for online
processing
bit 4: 1 = Merchant forced
transaction online
bits 3–1: RFU (000)
● Byte 5
bit 8: 1 = Default TDOL used
bit 7: 1 = Issuer authentication was
unsuccessful
bit 6: 1 = Issuer Script processing
failed before final
GENERATE AC command
bit 5: 1 = Issuer Script processing
failed after final
GENERATE AC command
Threshold Value C Value used in terminal risk Visa may establish a range of values.
for Biased management for random
If online and
Random transaction selection.
offline terminal
Selection
F: –
T: –
L: –
31 Oct 2001
Draft 12/18/00 Visa Public A–17
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
F: b
T: 99
L: var.
A–18
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
31 Oct 2001
Draft 12/18/00 Visa Public A–19
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
A–20
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.1 Terminal and Acquirer Data Elements Table
Terminal Specification, Version 1.4.0
Name (Format;
Tag; Length) Requirement Description Values
F: n 1
T: 9F7A
L: 1
31 Oct 2001
Draft 12/18/00 Visa Public A–21
Terminal and Acquirer Data Elements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
83 Command Template
99 Transaction PIN
9A Transaction Date
9C Transaction Type
A–22
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card A.2 Terminal Data Element Tags
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public A–23
Commands for Financial Transactions B
This appendix lists the commands described in the functional chapters of this
document and in the EMV 2000 Integrated Circuit Card Specification for
Payment Systems, Version 4.0 (EMV 4.0), Book 2, Section 2.5. These
commands support transaction processing. Issuer Script Commands are not
included.
●
EXTERNAL AUTHENTICATE
● GENERATE APPLICATION CRYPTOGRAM
● GET CHALLENGE
●
GET DATA
●
GET PROCESSING OPTIONS
●
INTERNAL AUTHENTICATE
●
READ RECORD
● SELECT
●
VERIFY
These commands may be used for other purposes, such as for personalization
of cards. With the exception of the GET DATA command, this section does not
address requirements for the support of these commands for such purposes.
Issuer Script commands are generated by the issuer and included in the
authorization response message as part of issuer script. Because the
terminal’s only function is to parse the script and pass the commands to the
card, they are not described in this appendix. The Visa Integrated Circuit
Card, Appendix C, Commands for Financial Transactions, contains
information about these commands.
31 Oct 2001
Draft 12/18/00 Visa Public B–1
Commands for Financial Transactions Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
All commands are issued by the terminal to the card. After processing the
command, the card returns a command response to the terminal. The
command formats are described in the EMV 4.0, Book 3, Section 2. Each
command includes class and instruction bytes that designate the type of
command. Parameter bytes (P1 and P2) provide additional processing
information. The command may include a data field.
The command response includes two status bytes (SW1 and SW2) that
describe the command results. SW1 SW2 equals “9000” when the command
process was completed successfully. Other values for SW1 SW2 are listed with
the individual commands. The command response may optionally include a
data field. The data fields returned from VSDC cards are coded according to
Format 1 as described in the EMV 4.0, Book 3, Section 2.5.
B–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card B.3 GENERATE APPLICATION CRYPTOGRAM (AC) Command
Terminal Specification, Version 1.4.0 Response APDUs
31 Oct 2001
Draft 12/18/00 Visa Public B–3
Commands for Financial Transactions Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Data Element
PIN Try Counter (may be stored as a proprietary data element to prevent retrieval by
GET DATA)
If the data element requested in the GET DATA command is not present in
the card or is a proprietary data element, the card returns SW1 SW2 not
equal to “9000”.
Retrieval of the card life cycle data and the tagged Visa proprietary data is
performed by special devices. Terminals are not required to support the GET
DATA command to retrieve the card life cycle data. Terminals shall not use
the GET DATA command to retrieve the tagged Visa proprietary data.
B–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card B.6 GET PROCESSING OPTIONS Command—Response APDUs
Terminal Specification, Version 1.4.0
Data Element
The data field returned in the response to the GET PROCESSING OPTIONS
command is coded according to Format 1 as described in the EMV 4.0, Book 3,
Section 2.5.8.4.
31 Oct 2001
Draft 12/18/00 Visa Public B–5
Commands for Financial Transactions Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
B–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card B.10 VERIFY Command—Response APDUs
Terminal Specification, Version 1.4.0
The following data objects are returned in the response to the SELECT
command when an ADF is selected, unless otherwise noted:
● FCI Template
●
DF Name
● FCI Proprietary Template
– Application Label
– Application Priority Indicator (if present in card)
– Processing Options Data Object List (PDOL) (optional)
– Language Preference (optional)
– Issuer Code Table Index (optional)
– Application Preferred Name (optional)
– FCI Issuer Discretionary Data (optional)
Additional data objects may be returned. The terminal shall ignore these data
objects.
31 Oct 2001
Draft 12/18/00 Visa Public B–7
General Terminal Requirements C
This appendix lists the requirements for Visa Smart Debit and Visa Smart
Credit (VSDC) terminals, which are in addition to the requirements listed in
the functional chapters. The general requirements shall be implemented as
described in the EMV 2000 Integrated Circuit Card Specification for Payment
Systems, Version 4.0 (EMV 4.0), Book 4, Part I.
31 Oct 2001
Draft 12/18/00 Visa Public C–1
General Terminal Requirements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
C–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card C.1 Terminal Types and Capabilities
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public C–3
General Terminal Requirements Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
The POS Entry Mode Codes of “91” and “92” are not valid in messages from
the acquirer to VisaNet and, if used from the terminal to the acquirer, shall be
converted, by the acquirer, to “02” or “90” as appropriate.
C–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card C.5 Cardholder and Attendant Interface
Terminal Specification, Version 1.4.0
C.5.1 Receipt
National requirements for data printed on the receipt will be developed for
each country, although each country shall comply with the Visa International
Operating Regulations. The receipt shall comply with the requirements in the
EMV 4.0, Book 4.
31 Oct 2001
Draft 12/18/00 Visa Public C–5
Terminal Requirements for Visa
Low-Value Payment Feature D
The Visa Low-value Payment (VLP) feature of VSDC provides Members with
an optional source of pre-authorized spending power that is reserved for rapid
processing of offline low-value payments.
Risk management features may differ from those supported for non-VLP
VSDC and are selected by the issuer. VLP supports a total amount limit (VLP
Funds Limit) and a per transaction amount limit (VLP Single Transaction
Limit). Since VLP consists of many low-value transactions, adding these
transactions to standard VSDC velocity checking counters could cause VSDC
transactions to be processed online more frequently than intended by issuers.
Therefore, standard VSDC velocity checking counters are not incremented by
VLP transactions.
VLP transactions are either approved or declined offline by the card and
terminal. They are never sent online for authorization. Any request requiring
online authorization is processed subject to VSDC requirements and
Visa/Visa Electron program rules.
The amount of spending power (VLP Available Funds) on the card is reset to
the spending limit (VLP Funds Limit) at any online capable VSDC terminal if
an online authorization or an online status check message (single unit of
currency) is approved by the issuer and the card. A reset without a financial
transaction can also take place at a dedicated online unattended device,
identified by Merchant Category Code “5999”, which performs an online
status check. If the response to the status check is an approval by the issuer
and the card, the amount of VLP spending power is reset to the VLP spending
limit.
The general requirements shall be implemented as described in the EMV
2000 Integrated Circuit Card Specification for Payment Systems, Version 4.0
(EMV 4.0), Book 4, Part I.
31 Oct 2001
Draft 12/18/00 Visa Public D–1
Terminal Requirements for Visa Low-Value Payment Feature Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Application File Locator Indicates the location (SFI, range of records) of the AEFs
(AFL) for VLP related to a given application.
Application Interchange The AIP indicates the capabilities of the card to support
Profile (AIP) for VLP specific functions in the application. These may differ for
VLP.
CVM List for VLP Identifies a prioritized list of methods of verification of the
cardholder supported by the card application for VLP
transactions.
Issuer Action Codes (IACs) The IACs specify the Issuer’s conditions for VLP
for VLP transactions for offline decline or online processing or
offline decline if online processing requested and the
terminal is unable to go online.
VLP Funds Limit Issuer Limit for VLP available funds that may be used by
the card to reset VLP Available Funds after an online
approved transaction.
D–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.2 Terminal Data
Terminal Specification, Version 1.4.0
VLP Issuer Authorization Code on the card that indicates that the transaction is
Code approved for VLP. It is placed in the Authorization Code in
the clearing message if the transaction is approved (VLP
transactions are either approved or declined offline).
VLP Single Transaction Maximum amount allowed for a single VLP transaction.
Limit
Terminal Action Codes Payment scheme conditions that cause VLP transactions
(TACs) for VLP to be approved or declined offline.
Transaction Currency Code Indicates the currency code of the transaction according to
ISO 4217.
VLP Terminal Support A data element, which if present in the terminal, indicates
Indicator that the terminal supports VLP processing.
VLP Terminal Transaction The terminal uses this data element, if present, to
Limit determine whether a transaction can be processed as VLP.
If it is not present, the Terminal Floor Limit is used. The
transaction amount must be below either the VLP Terminal
Transaction Limit or the Terminal Floor Limit.
31 Oct 2001
Draft 12/18/00 Visa Public D–3
Terminal Requirements for Visa Low-Value Payment Feature Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
D–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.4 VLP Purchase Transaction Process
Terminal Specification, Version 1.4.0
If any card or terminal conditions are not met, the transaction is processed as
a standard VSDC transaction.
NOTE: If terminal requirements for VLP are not met, the terminal does not
provide the VLP Terminal Support Indicator to the card in GPO. If
card requirements are not met, the card provides VSDC AIP and AFL
(does not include VLP Issuer Authorization Code) rather than VLP.
AIP and AFL and standard VSDC processing takes place.
31 Oct 2001
Draft 12/18/00 Visa Public D–5
Terminal Requirements for Visa Low-Value Payment Feature Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
A second set of TACs unique for VLP means that processing results differ
from those for standard VSDC. The required TACs for VLP are listed in
Table D–3.
SDA Failure 1 0 1
Expired Application 1 0 1
New Card 0 0 0
D–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.4 VLP Purchase Transaction Process
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public D–7
Terminal Requirements for Visa Low-Value Payment Feature Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Terminal Card
SELECT command
Card responds to
Terminal selects the SELECT
SELECT response
VIS AID command
(includes PDOL requesting VLP
Terminal Support Indicator,
Amount Authorized, and
Transaction Currency Code)
D–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.5 VLP Reset Transaction Processing
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public D–9
Terminal Requirements for Visa Low-Value Payment Feature Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
If the issuer approves the transaction, the terminal requests an approval from
the card and if the card approves, the VLP Available Funds is reset to the VLP
Funds Limit.
The terminal processes any Issuer Script received in the authorization
response message.
D–10
Draft 12/18/00 Visa Public 31 Oct 2001
Acronyms E
Acronym Meaning
a alpha
AC Application Cryptogram
an alphanumeric
31 Oct 2001
Draft 12/18/00Visa Public E–1
Acronyms Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Acronym Meaning
Auth. authentication
b binary
C conditional
CA Certificate Authority
Cert. certificate
cn compressed numeric
Cons. consecutive
Cum. cumulative
E–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Acronyms
Terminal Specification, Version 1.4.0
Acronym Meaning
DF dedicated file
hex. hexadecimal
IA Issuer Authentication
31 Oct 2001
Draft 12/18/00 Visa Public E–3
Acronyms Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Acronym Meaning
IC integrated circuit
Int’l international
M mandatory
n numeric
E–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Acronyms
Terminal Specification, Version 1.4.0
Acronym Meaning
No. number
O optional
P1 Parameter 1
P2 Parameter 2
PK public key
R required
31 Oct 2001
Draft 12/18/00 Visa Public E–5
Acronyms Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Acronym Meaning
TC Transaction Certificate
TLV tag-length-value
Txn. transaction
var. variable
YDDD year, day where Y = right-most digit of the year (0–9) and DDD = Julian
day of the year (001–366)
E–6
Draft 12/18/00 Visa Public 31 Oct 2001
Glossary
This is a glossary of terms used in this specification; it is not intended as a data dictionary.
For descriptions of terminal and acquirer data elements, refer to Appendix A of the Card
and Terminal volumes of this specification.
acquirer
A Visa member that signs a merchant or disburses currency to a cardholder in a cash
disbursement, and directly or indirectly enters the resulting transaction into interchange.
ANSI
American National Standards Institute. A U.S. standards accreditation organization.
application
A computer program and associated data that reside on an integrated circuit chip and
satisfy a business function. Examples of applications include payment, stored value, and
loyalty.
application block
Instructions sent to the card by the issuer, to shut down the selected application on a card
to prevent further use of that application. This process does not preclude the use of other
applications on the card.
ATM
An unattended terminal that has electronic capability, accepts PINs, and disburses
currency or checks.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–1
Glossary Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
authentication
A cryptographic process that validates the identity and integrity of data.
authorization
A process where an issuer or a representative of the issuer approves a transaction.
authorization controls
Information in the chip application enabling the card to act on the issuer’s behalf at the
point of transaction. The controls help issuers manage their below-floor-limit exposure to
fraud and credit losses. Also known as offline authorization controls.
authorization request
A merchant’s or acquirer’s request for an authorization.
authorization response
The issuer’s reply to an authorization request. Types of authorization responses are:
● approval
● decline
● pickup
●
referral
Glossary–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card BASE I Authorization System
Terminal Specification, Version 1.4.0
BASE II
The VisaNet system that provides deferred clearing and settlement services to members.
byte
8 bits of data.
card authentication
A means of validating whether a card used in a transaction is the genuine card issued by
the issuer.
card block
Instructions, sent to the card by the Issuer, which shut down all proprietary and
non-proprietary applications that reside on a card to prevent further use of the card.
cardholder
An individual to whom a card is issued or who is authorized to use that card.
cardholder verification
The process of determining that the presenter of the card is the valid cardholder.
cash disbursement
Currency, including travelers cheques, paid to a cardholder using a card.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–3
Glossary Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
cashback
Cash obtained in conjunction with, and processed as, a purchase transaction.
CCPS
Chip Card Payment Service, the former name for Visa Smart Debit and Visa Smart Credit
(VSDC).
chargeback
A transaction that an issuer returns to an acquirer.
chip
An electronic component designed to perform processing or memory functions.
chip-capable
A card acceptance device that is designed and constructed to facilitate the addition of a
chip reader/writer.
chip card
A card embedded with a chip that communicates information to a point-of-transaction
terminal.
clearing
The collection and delivery to the issuer of a completed transaction record from an
acquirer.
cleartext
See plaintext.
cryptogram
A numeric value that is the result of data elements entered into an algorithm and then
encrypted. Commonly used to validate data integrity.
cryptographic key
The numeric value entered into a cryptographic algorithm that allows the algorithm to
encrypt or decrypt a message.
cryptography
The art or science of keeping messages secret or secure, or both.
Glossary–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card CVM List
Terminal Specification, Version 1.4.0
CVM List
An issuer-defined list contained within a chip application establishing the hierarchy of
methods for verifying the authenticity of a cardholder.
data authentication
Validation that data stored in the integrated circuit card has not been altered since card
issuance. See also Offline Data Authentication.
decryption
The process of transforming ciphertext into cleartext.
DES key
A secret parameter of the Data Encryption Standard algorithm.
digital signature
A cryptogram generated by encrypting a message digest (or hash) with a private key that
allows the message content and the sender of the message to be verified.
Easy Entry
A replication of the magnetic stripe information on the chip to facilitate payment as part of
multi-application programs. Easy Entry is not EMV-compliant and is being phased out.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–5
Glossary Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
EMV specifications
Technical specifications developed jointly by Europay International, MasterCard
International, and Visa International to create standards and ensure global
interoperability for use of chip technology in the payment industry.
encryption
The process of transforming cleartext into ciphertext.
expired card
A card on which the embossed, encoded, or printed expiration date has passed.
floor limit
A currency amount that Visa has established for single transactions at specific types of
merchants, above which online authorization is required.
hash
The result of a non-cryptographic operation, which produces a unique value from a data
stream.
interchange
The exchange of clearing records between members.
interoperability
The ability of all card acceptance devices and terminals to accept and read all chip cards
that are properly programmed.
Glossary–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card issuer
Terminal Specification, Version 1.4.0
issuer
A Visa member that issues Visa or Electron cards, or proprietary cards bearing the PLUS
or Visa Electron Symbol.
Issuer Authentication
Validation of the issuer by the card to ensure the integrity of the authorization response.
See Authorization Response Cryptogram (ARPC).
key generation
The creation of a new key for subsequent use.
key management
The handling of cryptographic keys and other related security parameters during the
entire life cycle of the keys, including their generation, storage, distribution, entry and use,
deletion or destruction, and archiving.
magnetic stripe
The stripe on the back of the card that contains the magnetically coded account
information necessary to complete a non-chip electronic transaction.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–7
Glossary Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
multi-application
The presence of multiple applications on a chip card (for example, payment, loyalty, and
identification).
nibble
The four most significant or least significant bits of a byte of data.
offline approval
A transaction that is positively completed at the point of transaction between the card and
terminal without an authorization request to the issuer.
offline authorization
A method of processing a transaction without sending the transaction online to the issuer
for authorization.
offline-capable
A card acceptance device that is able to perform offline approvals.
offline decline
A transaction that is negatively completed at the point of transaction between the card
and terminal without an authorization request to the issuer.
offline-only terminal
A card acceptance device that is not capable of sending transactions online for issuer
authorization.
offline PIN
A PIN value stored on the card that is validated at the point of transaction between the
card and the terminal.
online authorization
A method of requesting an authorization through a communications network other than
voice to an issuer or issuer representative.
Glossary–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card online-capable terminal
Terminal Specification, Version 1.4.0
online-capable terminal
A card acceptance device that is able to send transactions online to the issuer for
authorization.
online PIN
A method of PIN verification where the PIN entered by the cardholder into the terminal
PIN pad is DES-encrypted and included in the online authorization request message sent
to the issuer.
personalization
The process of populating a card with the application data that makes it ready for use.
plaintext
Data in its original unencrypted form.
point-of-transaction terminal
A device used at the point of transaction that has a corresponding point-of-transaction
capability. See also Card Acceptance Device.
post-issuance update
A command sent by the issuer through the terminal via an authorization response to
update the electronically stored contents of a chip card.
private key
As part of an asymmetric cryptographic system, the key that is kept secret and known only
to the owner.
public key
As part of an asymmetric cryptographic system, the key known to all parties.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–9
Glossary Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
purchase transaction
A retail purchase of goods or services; a point-of-sale transaction.
quasi-cash transaction
A transaction representing a merchant’s sale of items, such as gaming chips or money
orders, that are directly convertible to cash.
random selection
An EMV online-capable terminal function that allows for the selection of transactions for
online processing. Part of Terminal Risk Management.
receipt
A paper record of a transaction generated for the cardholder at the point of transaction.
referral response
An authorization response where the merchant or acquirer is instructed to contact the
issuer for further instructions before completing the transaction.
reversal
A BASE II or online financial transaction used to negate or cancel a transaction that has
been sent through interchange.
secret key
A key that is used in a symmetric cryptographic algorithm (that is, DES), and cannot be
disclosed publicly without compromising the security of the system. This is not the same as
the private key in a public/private key pair.
secure messaging
A process that enables messages to be sent from one entity to another, and protects against
unauthorized modification or viewing.
Glossary–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card session key
Terminal Specification, Version 1.4.0
session key
A temporary cryptographic key computed in volatile memory and not valid after a session
is ended.
settlement
The reporting of settlement amounts owed by one member to another or to Visa, as a result
of clearing.
smart card
A commonly used term for a chip card.
transaction
An exchange of information between a cardholder and a merchant or an acquirer that
results in the completion of a financial transaction.
Triple DES
The data encryption algorithm used with a double-length DES key.
V.I.P. System
VisaNet Integrated Payment System, the online processing component of VisaNet.
31 Oct 2001
Draft 12/18/00 Visa Public Glossary–11
Glossary Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
VisaNet
The systems and services, including the V.I.P. and BASE II systems, through which Visa
delivers online financial processing, authorization, clearing, and settlement services to
members.
Glossary–12
Draft 12/18/00 Visa Public 31 Oct 2001
Index
A ARPC, 12–5
ARQC, 10–8, 11–2, 11–4, 12–2, 12–6 to 12–7, 13–1,
AAC, 10–8 to 10–9, 11–2, 11–4, 12–7, 13–1, 13–5, B–3
13–5 to 13–11, B–3
ATC, 9–3, 9–5, 9–7, 11–2, 12–2, 12–4, 13–3, B–4
AAR, B–3
ATM, 1–7, 6–3, 7–4 to 7–5, 13–7, C–1 to C–2, C–4
account transfer, 13–7
Authorization Response Code, 10–3, 10–8, 12–5, 13–4,
advice message, 13–6, 14–2, 14–5, C–2 13–6
AFL. See Application File Locator
AID, 3–2, 9–3, D–4, D–9 B
AID matching example, 3–9 balance inquiry, 13–7
Amount entry, C–2 biometrics, 8–1
Amount X, 8–4 bypass PIN entry, 8–13, 8–21
Amount Y, 8–4
Amount, Authorized, 8–7, 9–4 to 9–5, 12–4, C
D–3 to D–4, D–9 candidate list, building the, 3–6
Amount, Other, 12–4 Card Action Analysis, 2–4, 2–8, 11–1 to 11–5, 12–10,
APPLICATION BLOCK command, 14–3 13–11
Application Cryptogram, 11–2, 12–2, 12–4, 13–3 card data, 11–2
Application Currency Code, 8–3, D–2 processing, 11–4
Application Definition File, 3–2, 3–7, B–6 to B–7 terminal data, 11–3
Application Effective Date, 7–2 CARD BLOCK command, 14–3
Application Elementary Files, 3–2, 5–2 card data
Application Expiration Date, 7–2 for Application Selection, 3–2
Application File Locator, 4–1 to 4–6, 5–2, 6–10, B–5, for Card Action Analysis, 11–2
D–2, D–4 for Cardholder Verification, 8–3
Application Interchange Profile, 4–1 to 4–6, 6–5, 8–3, for Completion, 13–2
8–9, 9–1, 12–3 to 12–4, 12–8, B–5, D–2 for Dynamic Data Authentication, 6–12
Application Label, 3–2, B–7 for Initiate Application Processing, 4–2
Application PAN Sequence Number, 12–4 for Issuer-to-Card Script Processing, 14–2
Application Preferred Name, 3–3, B–6 to B–7 for Online Processing, 12–2
Application Priority Indicator, 3–3, B–7 for Processing Restrictions, 7–2
Application Selection, 1–7, 2–1, 2–7, 3–1 to 3–15, 4–6 for Static Data Authentication, 6–7
card data, 3–2 for Terminal Action Analysis, 10–2
identifying and selecting the application, 3–10 for Terminal Risk Management, 9–3
processing flow, 3–12 to 3–14 card life cycle data, B–4
terminal data, 3–4 card override of terminal decision, 11–4
Application Selection Indicator, 1–7, 3–4 card reader, 8–7, 8–15
APPLICATION UNBLOCK command, 14–3, B–2 Card Risk Management checks, 11–4
Application Usage Control, 7–2, 7–4 to 7–6 card velocity checking. See velocity checking, card
Application Version Number (“9F08”), 7–2 cardholder confirmation, 3–10
Application Version Number (“9F09”), 7–3
31 Oct 2001
Draft 12/18/00 Visa Public Index–1
D Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Index–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card F
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public Index–3
K Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Index–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card Q
Terminal Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public Index–5
U Visa Integrated Circuit Card
Terminal Specification, Version 1.4.0
Transaction Currency Code, 8–7, 8–10, 12–4, VLP Terminal Support Indicator, D–3 to D–4, D–9
D–3 to D–4, D–9 VLP Terminal Transaction Limit, D–3 to D–4
Transaction Date, 7–3, 7–6, 12–4, C–4
transaction flow, sample, 2–6 Y
Transaction Log, 9–4 to 9–5, D–7 Y1 Authorization Response Code, 10–9, 13–4 to 13–5
Transaction PIN, 8–5, 8–7, 8–9, 8–13, 8–15 to 8–16, Y3 Authorization Response Code, 13–4, 13–8
8–19
Transaction Status Information (TSI), 4–3 to 4–4, 6–4, Z
6–10, 6–17, 8–7, 8–11, 9–4, 9–8, 12–3, 12–7 to 12–8, Z1 Authorization Response Code, 10–8, 12–10,
14–2, 14–4 13–4 to 13–5
Transaction Time, C–4 Z3 Authorization Response Code, 10–9, 13–4, 13–8
Transaction Type, 7–3, 12–4, D–4
TVR, 4–3 to 4–4, 6–4 to 6–5, 6–8, 6–10, 6–13, 6–17,
7–3, 8–7, 8–9, 8–16 to 8–17, 8–21, 9–4 to 9–8,
10–2 to 10–11, 12–3 to 12–4, 12–7 to 12–8, 13–4, 14–2,
14–5
U
unable to go online, 13–4, 13–8
Unpredictable Number, 6–13, 6–16, 8–8, 12–4
unrecognized CVM, 8–7, 8–10 to 8–12
UPDATE RECORD command, 14–4
Upper Consecutive Offline Limit “9F23”, 9–3,
9–7 to 9–8, 10–4
Use Chip Reader, C–3
V
velocity checking, card, 11–1, 11–4
velocity checking, terminal, 9–7
VERIFY command, 2–9, 8–5, 8–9, 8–16 to 8–20, B–1,
B–7
Visa Certificate Authority, 6–3
Visa documentation, 1–11
Visa Integrated Circuit Card Specification, 1–1
impact summary, 1–7
revisions, 1–6
update, 1–2
Visa Low-value Payment, 1–7, 1–9, D–1
Visa Private Key, 8–5
Visa Public Key, 6–9, 6–15, 6–18, 8–8 to 8–9
Visa Public Key Modulus, 6–9, 6–15, 6–18
VLP
duplicate data elements, D–1 to D–2, D–4, D–6
reset transaction, D–1, D–9
VLP Available Funds, D–1 to D–2, D–4, D–7,
D–9 to D–10
VLP capable, card, D–4, D–9
VLP capable, terminal, D–4, D–9
VLP Funds Limit, D–1 to D–2, D–10
VLP Issuer Authorization Code, D–3 to D–4, D–7
VLP processing, D–4
Index–6
Draft 12/18/00
VLP Single Transaction Limit, D–1, D–3