Emv TC、ARQC、AAC Description - chuwuwang/ReadingNote GitHub Wiki

GENERATE AC (First Issuance)

The terminal completes its online/offline decision process with a GENERATE AC command (see section 6.5.5). The form of the command depends upon the decision made by the terminal:

  • If the terminal decides the transaction might be completed offline, it requests a TC from the ICC. The ICC shall reply with a TC, an ARQC, or an AAC, depending upon its own analysis of the transaction.

  • If the terminal decides the transaction should go online, it requests an ARQC from the ICC. The ICC shall reply with an ARQC, or an AAC.

  • If the terminal decides to reject the transaction, it requests an AAC from the ICC. The ICC shall reply with an AAC.

If the ICC responds with a TC or an AAC, the terminal completes the transaction offline.

If the ICC responds with an ARQC, the terminal attempts to go online, sending an authorisation request message to the issuer. Included in the authorisation request message is the ARQC for online card authentication.

GENERATE AC (Second Issuance)

Whether the terminal receives an authorisation response message as a result of online processing or an approval or rejection by using the Issuer Action Code - Default, it completes the transaction by requesting either a TC (in the case an approval was obtained) or an AAC (in case the issuer’s instruction is to reject the transaction) from the ICC. If a TC was requested, the ICC shall reply with either a TC or an AAC. If an AAC was requested, the card shall reply with an AAC.

The ICC shall permit at most two GENERATE AC commands in a transaction. If the terminal issues more than two, the third and all succeeding GENERATE AC commands shall end with SW1 SW2 = '6985', and no cryptogram shall be returned.

Terminal Action Analysis

Once terminal risk management and application functions related to a normal offline transaction have been completed, the terminal makes the first decision as to whether the transaction should be approved offline, declined offline, or transmitted online.

  • If the outcome of this decision process is to proceed offline, the terminal issues a GENERATE AC command to ask the ICC to return a TC.

  • If the outcome of the decision is to go online, the terminal issues a GENERATE AC command to ask the ICC for an Authorisation Request Cryptogram (ARQC).

  • If the decision is to reject the transaction, the terminal issues a GENERATE AC to ask for an Application Authentication Cryptogram (AAC). An offline decision made here is not final. If the terminal asks for a TC from the ICC, the ICC, as a result of card risk management, may return an ARQC or AAC.