Friday, January 17, 2020
Terminal Data Capability
Terminal Data Capability [What is it? ] ââ¬â Generally, It is a data element that stores information particularly on terminal that can be individually addressed by tag ID. Data element resident in the terminal shall be under control of one of the following parties:â⬠¢ Terminal manufacturer: For example, IFD Serial Numberâ⬠¢ Acquirer/Agent: For example, Merchant Category Codeâ⬠¢ Merchant: For example, Local Date and Local Time (these may be controlled by either merchant or acquirer)Terminal should be constructed in such a way that data which is under control of acquirer is only initialised and updated by the acquirer (or its agent).[Types] 1. Application Independent[1] Data:â⬠¢ Terminal related dataâ⬠¢ Transaction related data -Unique to terminal. -Shall have parameters initialised so that it can identify what language(s) supported to process the cardââ¬â¢s language preference.2. Application Dependent[2] Data: [Characteristic] ââ¬â A terminal data shall be initialized in the terminal or obtainable at the time of a transaction. A terminal data can be of any format: alphabetic, numeric to binary. ââ¬â Some terminal data serves as a constant whereas the rest is updatable. ââ¬â Each terminal data has its own functionality and usage which facilitates an EMV transaction. ââ¬â The dependency of the terminal data in application indicates how data management is done in terminal. ââ¬â During the transaction, the terminal shall ignore any data object coming from the ICC which is terminal-sourced or issuer-sourced. [How it involved in EMV] Transaction (Exchange/Supply Data to ICC) Counter Record (updatable) ComparableReference Notes: Terminal data element, ICC data element, Issuer data element, EMV function. [Counter] [Record] Cardholder Verification Method (CVM) Results: ââ¬â Being set/updated upon Cardholder Verification completion. [P102B3] ââ¬â Consists of 3 bytes: CVM Performed, CVM Condition, and CVM Result. â⬠â There are 5 applicable CVMs in Cardholder Verification: Online PIN, Offline PIN, Signature, No CMV Required, and Combo CVM (2 CVM combination). ââ¬â After a successful CVM, CVM Results reflect the successful CVM; an unsuccessful CVM, CVM Results reflect the unsuccessful CVM. Byte 3 of CVM Results is set to ââ¬Ësuccessfulââ¬â¢, IFF: i. Applicable CVM is ââ¬ËNo CVM requiredââ¬â¢, and terminal supports it. ii. Offline PIN verification by the ICC is successful. ââ¬â Byte 3 of CVM Results is set to ââ¬Ëunknownââ¬â¢, IFF: i. Applicable CVM is ââ¬ËSignatureââ¬â¢, and terminal supports it. ii. Online PIN verification is successful. ââ¬â Byte 3 of CVM Results is set to ââ¬Ëfailedââ¬â¢, IFF: i. Previous applicable CVM is failed, and succeeding (last) application CVM failed as well. ââ¬â Byte 1 and byte 2 of CVM Results indicate method and condition of the last performed CVM throughout CMV List.In addition, byte 2 is set to ââ¬Ë00ââ¬â¢ (N o meaning) IFF byte 1 is ââ¬Ë3Fââ¬â¢ (No CVM performed). ââ¬â Table 2: shows all the possible failed/unknown CVM Results. [P49P121B4] Terminal Verification Result (TVR) Initialized to 0: Initiate Application Processing Function: Offline Data Authentication, Processing Restrictions, Cardholder Verification, Terminal Risk Management, Online Processing, Issuer-to-Card Script Processing. Use in analysis: Terminal Action Analysis. Description: Status of different function as seen from terminal. Diagram: [P165B4], TVR bytes breakdown: TVR byte |EMV Function |Status jotted on bits |When will it be set | | | |RFU |Reserved for future use | | | | | | | | | | | |1 |Offline Data | | | | |Authentication | | | | | |RFU | | | | |CDA failed |If CDA is performed but unsuccessful. [P44B4] | | | |DDA failed |If DDA is performed but unsuccessful. | | | |Card appears on terminal exception (set at Terminal Risk |If a match on presence card (Application PAN and Application PAN | | | |Management ) |Sequence Number) is found in the exception file. | | |ICC data missing (Can be set at any function) |When an optional data object that is required because of the | | | | |existence of other data objects or that is required to support | | | | |functions that must be performed (AIP) is missing. | | | |SDA failed |If SDA is performed but unsuccessful. | | | |Offline Data Authentication was not performed |If neither SDA nor DDA nor CDA is performed. | | |RFU | | | | | |Reserved for future use | |2 | | | | | |Processing Restriction | | | | | |RFU | | | | |RFU | | | | |New Card (set at Terminal Risk Management) |If Last Online ATC Register == 0. [P113B3] | | | Requested service not allowed for card product |If all test against Issuer Country Code and Terminal Country Code | | | | |fail. [T32B4] | | | |Application not yet effective |If Transaction Date > Application Effective Date | | | |Expired application |If Transaction Date > Application Expiration Date | | | |ICC and terminal have different application versions |If AVN in ICC ? AVN in Terminal. | | |RFU |Reserved for future use | | | | | | |3 | | | | | |Cardholder Verification| | | | | |RFU | | | | |Online PIN entered |If online PIN is successfully entered. | | | |PIN entry required, PIN pad present, but PIN was not entered |If CVM is online/offline PIN, but bypassed by terminal in the | | | | |direction of merchant or cardholder. | | |PIN entry required and PIN pad not present or not working |If CVM is online/offline PIN, but neither of them were supported | | | | |by terminal or malfunctioned PIN pad. | | | |PIN Try Limit exceeded |If PIN Try Counter < 1. | | | |Unrecognised CVM |If CVM is not recognized by terminal. | | | |Cardholder Verification was not successful |If CVM List is exhausted without any successful case or applicable| | | | |CVM indicates ââ¬ËFail CVM Processingââ¬â¢. | | |RFU | | | | | |Reserved for future use | |4 | | | | | |Terminal Risk | | | | |Management | | | | | |RFU | | | | |R FU | | | | |Merchant forced transaction online |An attended terminal may allow an attendant to force a transaction| | | | |online, such as in a situation where the attendant is suspicious | | | | |of the cardholder. If this function is performed, it should occur | | | | |at the beginning of the transaction. | | |Transaction selected randomly for Online Processing | | | | |Upper Consecutive Offline Limit exceeded |If ATC ? Last Online ATC Register (Precautious) or | | | | |If (ATC ââ¬â Last Online ATC Register) > Upper Consecutive Offline | | | | |Limit. [P113B3] | | | |Lower Consecutive Offline Limit exceeded |If ATC ?Last Online ATC Register (Precautious) or | | | | |If (ATC ââ¬â Last Online ATC Register) > Lower Consecutive Offline | | | | |Limit. [P113B3] | | | |Transaction exceeds floor limit |If (Amount, Authorize + Amount stored in log) > Terminal Floor | | | | |Limit. Or if (Amount, Authorize) > appropriate Terminal Floor | | | | |Limit. P111B3] | | | |RFU | | | | | | Reserved for future use | |5 | | | | | | |RFU | | | | |RFU | | | | |RFU | | | |Script Processing |Script Processing failed after final GENERATE AC |If an error occurred while ICC processing Issuer Script Template | | | | |1. | | | |Script Processing failed before final GENERATE AC |If an error occurred while ICC processing Issuer Script Template | | | | |2. | |Online Processing |Issuer authentication failed |When Issuer Authentication Data (part of authorisation response | | | | |message) from Issuer sent to ICC via EXTERNAL AUTHENTICATE/ second| | | | |GENERATE AC command failed, i. e. (SW1 SW2)! = 9090. [P120B3] | | | |Default TDOL used |If TDOL in ICC not presented and Default TDOL in terminal is used | | | | |to generate TC Hash Value. | Transaction Status Information (TSI) Initialized to 0: Initiate Application Processing Function: Offline Data Authentication, Cardholder Verification, Terminal Risk Management, Card Action Analysis, Online Processing, Issuer-to-Card Script Proce ssing. TSI byte |EMV Function |Status jotted on bits |When will it be set | | | |RFU |Reserved for future use | | | | | | | | | | | |1 | | | | | | |RFU | | | | |Script Processing was performed |If CDA is performed but unsuccessful. P44B4] | | | |Terminal Risk Management was performed |If DDA is performed but unsuccessful. | | | |Issuer Authentication was performed |If | | | |Card Risk Management was performed |When an | | | |Cardholder Verification was performed |If SDA is performed but unsuccessful. | | | |Offline Data Authentication was performed |If neither SDA nor DDA nor CDA is performed. | | |RFU | | | | | |Reserved for future use | |2 | | | | | | |RFU | | | | |RFU | | | | |New Card (set at Terminal Risk Management) |If Last Online ATC Register == 0. [P113B3] | | | |Requested service not allowed for card product |If all test against Issuer Country Code and Terminal Country Code | | | | |fail. T32B4] | | | |Application not yet effective |If Transaction Date > Application Effect ive Date | | | |Expired application |If Transaction Date > Application Expiration Date | | | |ICC and terminal have different application versions |If AVN in ICC ? AVN in Terminal. | [Comparable] [Reference] Array {What is it? } In data storage, an array is a method for storing information on multiple devices. In general, an array is a number of items arranged in some specified way ââ¬â for example, in a list of in a three-dimensional table.In computer programming languages, an array is a group of objects with the same attributes that can be addressed individually, using such techniques as subscripting. An array is a collection of similar elements, must have the same data type. In random access memory (RAM), an array is the arrangement of memory cells. {Characteristic} You need an index to locate their value. The index starts from 0 and end with the length ââ¬â 1. Data in array must be in same data type. {What is its implementation? } List, queue, stack, link list. ââ¬âà ¢â¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬â [1] No matter what application is selected, its data will not be affected. [2] If an application changed, its value changed as well. ââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âData Authentication Terminal Action Analysis Terminal Risk Management Read Application Data Online/ Offline Decision Processing Restriction ââ¬Ë()34*[pic]hK? hAKyjhK? 0J;*[pic]U[pic]hY}_hY}_;*[pic]h;q;*[pic] h;qh;qh:[5? CJaJhmâ⬠¡Initiate Application Completion Script Processing Online processing & Authorization message request Card Action Analysis Cardholder Verification Data Authentication Terminal Action Analysis Terminal Risk Management Read Application Data Online/ Offline Decision Processing Restriction Initiate Application Completion Script Processing Online processing & Authorization message request Card Action Analysis Cardholder Verification
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.