I was wondering if anyone could help me understand difference between ISO 8583 Field 22 i.e. POS Entry Mode. I already know that:
52 means ICC Card
80 in case of fallback
But what I want to know is difference between
22 (Magnetic Stripe)
and 90
Can anyone help me on this?
The length of Field 22 usually 3-digits (or 4-digits in case it is BCD packed into two Bytes) in protocols based on ISO 8583:1987 or 12-digits in case protocols based on ISO 8583:1993 version. Customized protocols could use different sub-fields content and values meaning behind.
While you use short values in the requested question, I guess, your Field 22 based on ISO 8583:1987 version and you lost the leading and/or ending zero. So, your sample values becomes 3 digits length - 052, 800, 022, and 090 or 900.
Usually the 3-digits Field 22 splited into two sub-fields:
Position 1 and 2 - Personal Account Number (PAN) Entry (or capability);
Position 3 - Personal Identification Number (PIN) Entry (or capability);
Here are the possible interpretations:
02 - PAN auto-entry via magnetic stripe, track data is not required, 2 - no PIN.
05 - PAN auto-entry via chip, 2 - no PIN.
09 - E-Commerce, 0 - unknown PIN capability.
80 - Fallback to magnetic stripe, 0 - unknown PIN capability.
90 - PAN auto-entry via magnetic stripe, track data should be transmitted within the authorization request, 0 - unknown PIN capability.
etc.
90 used in case track data present in the ISO 8583 request message, 02 - if, for same reason, acquirer or terminal device not qualified to transfer track data in the request messages.
Depending of protocol requirements could be exceptions with Field 22 values. It is usually checked during the terminal device and communication interface certifications.
I will elaborate few things here. From above comments I can see that 09 is for E commerce transactions,but as per my knowledge for E commerce transactions we should use PAN Entry mode as 01(manual entry). Because for card not present transactions entry mode has always in manually.
POS Entry mode says whether the particular transaction is E commerce or POS. The possible values are :
01 Manual entry
02 Magnetic Stripe,track 2 data will ignore
05 Smart card,track 2 data required
90 Magnetic stripe no track 2 data
91 contactless card
95 Smart card , track2 data not required
Thanks share your ideas on this
Related
I try to create field 55 and send it to bank host for make payment. I'm read all data find (by Apple Pay VISA, token) and create field 55 like this:
9F26 Application Cryptogram: 5CBD1E2494A6DE86 - Get from card
9F27 Cryptogram Information Data: 80 - Get from card
9F10 Issuer Application Data: 1F4A0132A0000000001003027300000000400000000000000000000000000000 - Get from card
9F37 Unpredictable Number: 00002352 - generate it and use in GPO requeste
9F36 Application Transaction Counter (ATC): 029B - Get from card
95 Terminal Verification Results: 0000000000 - Static data
9A Transaction Date: 210805 - Set it myself
9C Transaction Type: 00 - Static data
9F02 Amount, Authorised (Numeric): 000000000100 - Set it myself
5F2A Transaction Currency Code: 0980 - Static data
5F34 Application Primary Account Number (PAN) Sequence Number: 00 - Get from card
82 Application Interchange Profile: 0040 - Get from card
9F1A Terminal Country Code: 0804 - Static data
9F03 Amount, Other (Numeric): 000000000000 - Static data
9F33 Terminal Capabilities: E0F8C8 - Static data
4F Application Identifier (AID) – card: A0000000031010 - Get from card
9F35 Terminal Type: 22 - Static data
84 Dedicated File (DF) Name: A0000000031010 - Get from card
9F6E Unknown tag: 23880000 - Get from card
When I send it and track2 to bank I get response error with code 100 - Decline
and get push-message to phone that transaction was decline.
How I understand it's answer by card issuing bank. Can anyone help what can be trouble? May be incorrect field 55 or can be some problems on the host side of the acquirer bank (then tell me what could be?...).
Please, help! Thanks!
I am developing an android payment application which is emv compatible. In this application con-tactless card acceptance has been integrated, how ever for the certification purposes it is required to determine the CVM applied on the transaction. for a con-tactless transaction how do we determine the CVM method applied for the transaction ? for example if the transaction amount is above the CVM limit and the user entered online pin, at the end I want to determine that ,the user has entered online PIN
There is no update from terminal to mobile app on the used CVM during tap. If using a a mobile wallet( with Wallet providers Visa and MasterCard ) you will get a notification from MDES/VTS after transaction completion, in which you can see(give a try ) whether the CVM used is present along with the transaction Approved/Declined status. If that too is not available, the only way left behind is to get it from the issuer system.
If you have "lame" EMV kernel which don't provide CVM output for CTLS then your only option is to parse it from transaction output. Unfortunately every card issuer using their specific way of "handling" CVM output.
Step 1
Determine card issuer and card type. Use AID (tag 4F) to do it.
Step 2
Visa and UnionPay EMV - you need to parse tag 9F6C - Card Transaction Qualifiers where
Byte 1 bit 8 set to 1 means Online PIN. Byte 1 bit 7 set to 1 means Signature.
JCB EMV - (JCB have 2 other modes but it's not in use in my region. Possibly it's already deprecated for whole world.) you need to parse tag 9F50 - Cardholder verification status where 00 means No CVM. 10 means Signature. 20 means Online PIN.
MasterCard EMV - (MasterCard have also MSR mode but it's not in use in my region) you need to parse tag 9F34 - CVM Results. This is same tag as for contact transactions so just check and follow contact EMV book rules.
MasterCard Mobile - I'm not 100% sure but it has to be same as for MasterCard EMV.
Amex EMV - parse tag 95 - Terminal Verification Result. When Byte 3 bit 3 is set to 1 then CVM is Online PIN else No CVM.
Amex Mobile - parse tag 9F71 - Mobile CVM Results. Check corresponding EMV Contactless book for specs.
For other issuers you have to check corresponding EMV Contactless books.
I received the the following IAD after processing the GPO command, my question then, how is the 9F10 EMV token constructed? Here is the token.
06010A03A020000F04000000000000000000006232E4F9
I am required to send only the CVR portion to the acquiring switch.
Looking at the cryptogram version I assume this is from a Visa card. The TLV is 9F10 17 06010A03A020000F04000000000000000000006232E4F9 ?
17 is the total length of the data
06 is the length of issuer descretionary data
01 is derivation key index
0A is the cryptogram version (10 in this case ).
03 Length of CVR
A02000 is the CVR here
From EMV 4.3 Book 3 Common Core Definitions, Application Specification, November 2011, Page 206, C7.2
The CVR has a fixed length of 5 bytes (10 hexadecimals characters) that are the bytes 4-8 included of Issuer Application Data, EMV tag 9F10.
The 3 first bytes of 9F10 being the following.
b1 the length
b2 derivation key index
b3 the cryptogram version
It seems however that the format of this field might vary between schemes.
I read here that EVM cards will sign some transaction data.
I would like to do this with my card, using my phone, and verify that the signature on the result is correct.
To start, I issued this command ("request APDU"):
00:A4:04:00:0E:32:50:41:59:2E:53:59:53:2E:44:44:46:30:31:00
One of the "Application IDs" was this:
A00000038410
So then I issued this command ("Select Payment application"):
00:A4:04:00:07:A0:00:00:00:03:10:10:00
and it returned this "Processing Options Data Object List (PDOL)":
9F66049F02069F37045F2A02
I read here how to decode this, because I couldn't find the official spec anywhere:
9F6604 - the tag 9f 66 represents the terminal transaction qualifiers
9F0206 - tag 9f 02 stands for authorized amount. The PDOL list must have the amount, authorized, coded into 6h bytes added to it.
9F3704 - tag 9f 37 stands for unpredictable number, thus encode such a number in 4 bytes and add it to the list
and here how to decode this:
5F2A02 - TX currency code
I understand the next step is to run "Get Processing Options" but this is where I got stuck. I tried:
80:A8:00:00:02:83:00:00
80:A8:00:00:12:83:10:01:02:03:04:05:06:07:08:01:02:03:04:05:06:07:08:00
80:A8:00:00:12:83:10:F3:20:40:00:00:00:00:01:00:00:04:04:06:03:05:08:00
80:A8:00:00:02:83:10:F3:20:40:00:00:00:00:01:00:00:04:04:06:03:05:08:00
All gave back a result of 6D:00 (Instruction code not programmed or invalid).
I tried looking in "emv book 3" and "emv book 4" but neither seem to contain the relevant information.
What do I need to do next in order to make a transaction, sign, and check the result?
Your GPO commands needs to provide the PDOL values requested by the card. The requested tags are:
9F66 - 4 bytes
9F02 - 6 bytes
9F37 - 4 bytes
5F2A - 2 bytes
So the commands needs to provide these in the same order, with expected lengths.
Assuming you want to send the following sample values:
9F66: 11223344
9F02: 112233445566
9F37: 11223344
5F2A: 1122
Your GPO command will look like this:
80A800001283101122334411223344556611223344112200
Where the PDOL data is 11223344112233445566112233441122.
Hope this helps
If PDOL found in response of select application, here you need to pass the value of PDOL tags in GPO command,
can find a very good article Here. hope it helps.
i am using a A20 OLinuXino Micro 4GB from Olimex with Debian on SD Card.
I want to use the GPIOs and have some short question about the configuration of the GPIOs. The GPIO-1 connector on the board has pins numbered from 1 to 39. In the manual I have entries like that:
Pin # | Signal name | Processor pin
23 | PG9 | C19
...
39 | LRADC1 | AB22
In the fex file, I find this:
[gpio_para]
gpio_used = 1
gpio_num = 64
...
gpio_pin_10 = port:PG09<0><default><default><default>
How is defined that the processor pin C19 is routed to port PG9?
And port means exactly what?
How is defined that the port PG9 is routed to pin23 of the connector?
Can the gpio_pin_10 designation be chosen arbitrarily?
At the end I would like to use the LRADC1, to sample a signal, but the fex file doesn't have any LRADC1 entry. Why is that?
Maybe somebody could answer may questions in 2 or 3 sentences so it makes sense to the rest of what I read. Thanks!
Please take a look at A20-OLinuXino-MICRO schematics. You can find wiring:
PG09 - C19
PG10 - D18
PG11 - C18
(...)
In mentioned schematics is also section GPIO EXTENSION in which you can find which A20 SoC pin is assigned to which GPIO:
PG09 - 23 GPIO-1
PG10 - 25 GPIO-1
According to Wikipedia:
A GPIO port is a group of GPIO pins (typically 8 GPIO pins) arranged in a group and controlled as a group.
Mapping between physical pin and pin exposed through fex file to operating system is arbitrary. Of course to get correct results you have to assign GPIO ping not. I don't think that fex compiler check anything other then syntax.
In case LRADC0 (again schematics) it us used for buttons (vol +/-, menu, search, ...) and LRADC1 is exposed through GPIO-1 pin 39.