- • Terminal manufacturer: For example, IFD Serial Number
- • Acquirer/Agent: For example, Merchant Category Code
- • Merchant: For example, Local Date and Local Time (these may be controlled by either merchant or acquirer)
Terminal should be constructed in such a way that data which is under control of acquirer is only initialised and updated by the acquirer (or its agent).
[Types] 1. Application Independent[1] Data:
- • Terminal related data
- • Transaction related data -Unique to terminal. -Shall have parameters initialised so that it can identify what language(s) supported to process the card’s language preference.
2. Application Dependent[2] Data: [Characteristic] - A terminal data shall be initialized in the terminal or obtainable at the time of a transaction. A terminal data can be of any format: alphabetic, numeric to binary. - Some terminal data serves as a constant whereas the rest is updatable. - Each terminal data has its own functionality and usage which facilitates an EMV transaction. - The dependency of the terminal data in application indicates how data management is done in terminal. - During the transaction, the terminal shall ignore any data object coming from the ICC which is terminal-sourced or issuer-sourced. [How it involved in EMV] Transaction (Exchange/Supply Data to ICC) Counter Record (updatable) Comparable
Reference Notes: Terminal data element, ICC data element, Issuer data element, EMV function. [Counter] [Record] Cardholder Verification Method (CVM) Results: - Being set/updated upon Cardholder Verification completion. [P102B3] - Consists of 3 bytes: CVM Performed, CVM Condition, and CVM Result. - There are 5 applicable CVMs in Cardholder Verification: Online PIN, Offline PIN, Signature, No CMV Required, and Combo CVM (2 CVM combination). - After a successful CVM, CVM Results reflect the successful CVM; an unsuccessful CVM, CVM Results reflect the unsuccessful CVM. Byte 3 of CVM Results is set to ‘successful’, IFF: i. Applicable CVM is ‘No CVM required’, and terminal supports it. ii. Offline PIN verification by the ICC is successful. - Byte 3 of CVM Results is set to ‘unknown’, IFF: i. Applicable CVM is ‘Signature’, and terminal supports it. ii. Online PIN verification is successful. - Byte 3 of CVM Results is set to ‘failed’, IFF: i. Previous applicable CVM is failed, and succeeding (last) application CVM failed as well. - Byte 1 and byte 2 of CVM Results indicate method and condition of the last performed CVM throughout CMV List.
In addition, byte 2 is set to ‘00’ (No meaning) IFF byte 1 is ‘3F’ (No CVM performed). - Table 2: shows all the possible failed/unknown CVM Results. [P49P121B4] Terminal Verification Result (TVR) Initialized to 0: Initiate Application Processing Function: Offline Data Authentication, Processing Restrictions, Cardholder Verification, Terminal Risk Management, Online Processing, Issuer-to-Card Script Processing. Use in analysis: Terminal Action Analysis. Description: Status of different function as seen from terminal. Diagram: [P165B4], TVR bytes breakdown: TVR byte |EMV Function |Status jotted on bits |When will it be set | | | |RFU |Reserved for future use | | | | | | | | | | | |1 |Offline Data | | | | |Authentication | | | | | |RFU | | | | |CDA failed |If CDA is performed but unsuccessful. [P44B4] | | | |DDA failed |If DDA is performed but unsuccessful. | | | |Card appears on terminal exception (set at Terminal Risk |If a match on presence card (Application PAN and Application PAN | | | |Management) |Sequence Number) is found in the exception file. | | |ICC data missing (Can be set at any function) |When an optional data object that is required because of the | | | | |existence of other data objects or that is required to support | | | | |functions that must be performed (AIP) is missing. | | | |SDA failed |If SDA is performed but unsuccessful. | | | |Offline Data Authentication was not performed |If neither SDA nor DDA nor CDA is performed. | | |RFU | | | | | |Reserved for future use | |2 | | | | | |Processing Restriction | | | | | |RFU | | | | |RFU | | | | |New Card (set at Terminal Risk Management) |If Last Online ATC Register == 0. [P113B3] | | | Requested service not allowed for card product |If all test against Issuer Country Code and Terminal Country Code | | | | |fail. [T32B4] | | | |Application not yet effective |If Transaction Date > Application Effective Date | | | |Expired application |If Transaction Date > Application Expiration Date | | | |ICC and terminal have different application versions |If AVN in ICC ? AVN in Terminal. | | |RFU |Reserved for future use | | | | | | |3 | | | | | |Cardholder Verification| | | | | |RFU | | | | |Online PIN entered |If online PIN is successfully entered. | | | |PIN entry required, PIN pad present, but PIN was not entered |If CVM is online/offline PIN, but bypassed by terminal in the | | | | |direction of merchant or cardholder. | | |PIN entry required and PIN pad not present or not working |If CVM is online/offline PIN, but neither of them were supported | | | | |by terminal or malfunctioned PIN pad. | | | |PIN Try Limit exceeded |If PIN Try Counter < 1. | | | |Unrecognised CVM |If CVM is not recognized by terminal. | | | |Cardholder Verification was not successful |If CVM List is exhausted without any successful case or applicable| | | | |CVM indicates ‘Fail CVM Processing’. | | |RFU | | | | | |Reserved for future use | |4 | | | | | |Terminal Risk | | | | |Management | | | | | |RFU | | | | |RFU | | | | |Merchant forced transaction online |An attended terminal may allow an attendant to force a transaction| | | | |online, such as in a situation where the attendant is suspicious | | | | |of the cardholder. If this function is performed, it should occur | | | | |at the beginning of the transaction. | | |Transaction selected randomly for Online Processing | | | | |Upper Consecutive Offline Limit exceeded |If ATC ? Last Online ATC Register (Precautious) or | | | | |If (ATC - Last Online ATC Register) > Upper Consecutive Offline | | | | |Limit. [P113B3] | | | |Lower Consecutive Offline Limit exceeded |If ATC ?
Last Online ATC Register (Precautious) or | | | | |If (ATC - Last Online ATC Register) > Lower Consecutive Offline | | | | |Limit. [P113B3] | | | |Transaction exceeds floor limit |If (Amount, Authorize + Amount stored in log) > Terminal Floor | | | | |Limit. Or if (Amount, Authorize) > appropriate Terminal Floor | | | | |Limit. P111B3] | | | |RFU | | | | | |Reserved for future use | |5 | | | | | | |RFU | | | | |RFU | | | | |RFU | | | |Script Processing |Script Processing failed after final GENERATE AC |If an error occurred while ICC processing Issuer Script Template | | | | |1. | | | |Script Processing failed before final GENERATE AC |If an error occurred while ICC processing Issuer Script Template | | | | |2. | |Online Processing |Issuer authentication failed |When Issuer Authentication Data (part of authorisation response | | | | |message) from Issuer sent to ICC via EXTERNAL AUTHENTICATE/ second| | | | |GENERATE AC command failed, i. e. (SW1 SW2)! = 9090. [P120B3] | | | |Default TDOL used |If TDOL in ICC not presented and Default TDOL in terminal is used | | | | |to generate TC Hash Value. | Transaction Status Information (TSI) Initialized to 0: Initiate Application Processing Function: Offline Data Authentication, Cardholder Verification, Terminal Risk Management, Card Action Analysis, Online Processing, Issuer-to-Card Script Processing. TSI byte |EMV Function |Status jotted on bits |When will it be set | | | |RFU |Reserved for future use | | | | | | | | | | | |1 | | | | | | |RFU | | | | |Script Processing was performed |If CDA is performed but unsuccessful. P44B4] | | | |Terminal Risk Management was performed |If DDA is performed but unsuccessful. | | | |Issuer Authentication was performed |If | | | |Card Risk Management was performed |When an | | | |Cardholder Verification was performed |If SDA is performed but unsuccessful. | | | |Offline Data Authentication was performed |If neither SDA nor DDA nor CDA is performed. | | |RFU | | | | | |Reserved for future use | |2 | | | | | | |RFU | | | | |RFU | | | | |New Card (set at Terminal Risk Management) |If Last Online ATC Register == 0. [P113B3] | | | |Requested service not allowed for card product |If all test against Issuer Country Code and Terminal Country Code | | | | |fail. T32B4] | | | |Application not yet effective |If Transaction Date > Application Effective Date | | | |Expired application |If Transaction Date > Application Expiration Date | | | |ICC and terminal have different application versions |If AVN in ICC ? AVN in Terminal. | [Comparable] [Reference] Array {What is it? } In data storage, an array is a method for storing information on multiple devices. In general, an array is a number of items arranged in some specified way – for example, in a list of in a three-dimensional table.
In computer programming languages, an array is a group of objects with the same attributes that can be addressed individually, using such techniques as subscripting. An array is a collection of similar elements, must have the same data type. In random access memory (RAM), an array is the arrangement of memory cells. {Characteristic} You need an index to locate their value. The index starts from 0 and end with the length – 1. Data in array must be in same data type. {What is its implementation? } List, queue, stack, link list. ----------------------- [1] No matter what application is selected, its data will not be affected. [2] If an application changed, its value changed as well. -----------------------
Data Authentication Terminal Action Analysis Terminal Risk Management Read Application Data Online/ Offline Decision Processing Restriction '()34*[pic]hK? hAKyjhK? 0J;*[pic]U[pic]hY}_hY}_;*[pic]h;q;*[pic] h;qh;qh:[5? CJaJhm‡Initiate Application Completion Script Processing Online processing & Authorization message request Card Action Analysis Cardholder Verification Data Authentication Terminal Action Analysis Terminal Risk Management Read Application Data Online/ Offline Decision Processing Restriction Initiate Application Completion Script Processing Online processing & Authorization message request Card Action Analysis Cardholder Verification
