EMV Full transaction - chuwuwang/ReadingNote GitHub Wiki

Given Below are the steps required to perform a Full EMV transaction (e.g. Purchase). For Full EMV transactions the card makes the final authorization decision.

1. Tender Initialization

Transaction type is selected and the total transaction amount is determined including:

  • Tax
  • Tip
  • Cashback
  • Surcharge

2. Card Insertion

Chip initialization is performed:

  • Validate ATR (Answer To Reset)
  • Set Language
  • Set Terminal Country Code (USA=โ€840โ€)

3. Application Selection

A Candidate List is created of AIDs that are mutually supported by both the card and the EMV POS Solution:

  • U.S. Common Debit selection processing
  • If the Candidate List is empty, fallback processing is performed
  • If only one mutually supported AID is found: AID is automatically selected
  • Cardholder is required to confirm selection if Application Priority Indicator - Cardholder Approval Indicator (Tag 87 bit-8) is set to โ€˜1โ€™
  • If more than one mutually supported AID is found:
    • If a U.S. Common Debit AID is present, it may be selected
    • Otherwise, the cardholder should be prompted to select the application or, if prompting is not possible, the highest priority AID should be auto-selected

4. Read Data Records

EMV POS Solution reads data records for the AID selected:

  • Card PAN (Tag 5A)
  • Expiry Date (Tag 5F24)
  • Track 2 Equivalent Data (Tag 57)
  • Card Validation Checks (BIN, MOD10, etc.)
  • Etc.

Card Validation Checks (BIN, MOD10, etc.) are performed on data read.

5. Risk Management

The kernel and chip perform multiple risk management processes. The results are stored in the TVR (Tag 95) and CVR part of the Issuer Application Data (Tag 9F10), and will be transmitted to the issuer as part of the authorization request:

  • Processing Restrictions
  • Application Effective Date
  • Application Expiry Date
  • Application Version Number
  • Card Usage Control (based on the AUC Tag 9F07)
  • Offline Card Authentication (SDA/DDA/CDA)
  • Terminal Risk Management
  • Cardholder Verification (PIN / Signature / NO CVM)

6. 1st Generate AC

The EMV POS Solution requests an authorization from the chip. The EMV chip will respond with an Application Cryptogram:

  • Offline Approved (returns TC)
  • Offline Declined (returns AAC)
  • Online Authorization Required (returns ARQC)

7. Host Authorization

If online authorization is required, the EMV POS Solution sends the transaction to the First Data host for authorization.

If unable to go online, the EMV POS Solution may, based on Floor Limits, locally approve or decline the transaction.

Note: EMV U.S. Debit transactions cannot be approved locally.

8. Transaction Completion Processing

The authorization decision is sent to the EMV chip for final processing including.

  • Issuer Authentication Data (Tag 91)
  • Issuer Scripts (Tag 71 or Tag 72)
  • Issuer Response Code (Tag 8A) โ€“ from the issuer or locally generated

Completion processing includes:

  • External Authenticate (if an ARPC is returned by the issuer and the AIP Issuer Authentication (Tag 82 Byte-1 bit-3) flag is enabled
  • Issuer Script Processing (if any)
  • 2nd Generate AC (to determine the final transaction disposition โ€“ Approved (TC) or Declined (AAC)

9. Host Reversal Processing (if required)

If the issuer approves the transaction and any of the following occur during Transaction Completion Processing, a reversal must be sent to the First Data host:

  • PINPad not available
  • Card removed prior to the completion of processing
  • Chip Malfunction (except MasterCard โ€“ see requirement below)
  • Chip declines the transaction (2nd Generate AC)
  • Cardholder cancels transaction

10. Store Transaction Results

The transaction results including the Application Cryptogram should be stored in the transaction database.

Note: It is optional whether Decline and Reversal transactions are stored in the transaction database. In all cases the information relating to the transaction must be available for the EMV Transaction Report.

11. Remove Card

The cardholder is prompted to remove the EMV card.

12. Receipt Printing

The EMV transaction receipt is printed. The receipt must contain the following EMV information:

  • Chip Indicator (to indicate cardholder data was read from a chip)
  • AID
  • Application Preferred Name (or Application Label)
  • TVR
  • TSI
  • IAD
  • Signature Line (if the CVM was Signature or NO CVM)
  • โ€œVerified by PINโ€ (if the CVM was one of the PIN types)

13. Transaction Upload

If the transaction was locally authorized it is sent to the host prior to or at settlement.