JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser .
Application Cryptogram (ARQC) – Full Technical Deep-Dive (Edition 2025)
The
ARQC (Authorization Request Cryptogram) is the single most important 8-byte (or 10-byte TC/ARPC) value in every EMV transaction. It is the card’s cryptographic proof that it has seen and approved the exact transaction details the terminal just proposed.
Property 2025 Real-World Value Tag 9F26 Length Always 8 bytes (binary) Algorithm 3DES (legacy) or AES-128/256 (EMV 2nd Gen / Contactless Kernel 8+) Key type Session key derived from ATC + card’s Unique DEA Key (UDK) Purpose Online issuer authentication + transaction integrity Successor TC (offline approval) or AAC (decline) Failure → Immediate decline + TVR “ICC data missing” or “Cryptogram validation failed”
Step Action inside ICC Data used 2025 notes 1 Card receives GENERATE AC command from terminal CLA=80, INS=AE, P1=00/01/02 (ARQC/TC/AAC), CDOL1 data block Contactless usually P1=00 2 Card assembles the exact dollar amount, currency, date, UN, TVR, etc. from CDOL1 Example: Amount 9F02=000000012500, UN 9F37=4A3B8F1C, TVR 9505=0000008000, etc. 42–80 bytes total 3 Card concatenates all CDOL1 data objects in the exact order defined by the card Exact same order every time Order is sacred 4 Card derives the session key for this transaction Session Key = 3DES/AES(ATC ∥ 0000 or ATC ∥ FFFF, Master Key) ATC = Application Transaction Counter 5 Card pads the concatenated CDOL1 block to multiple of 8/16 bytes (ISO 9797-1 Pad 2) 80 00 00 … AES uses PKCS#7 in 2nd Gen 6 Card encrypts the padded block with session key Ciphertext = AES-128-CBC or 3DES-CBC (IV=0) 2025: 94 % of cards use AES 7 Card takes the leftmost 8 bytes of the ciphertext ARQC = first 8 bytes Sometimes 10 bytes for TC/ARPC 8 Card returns 9F26 + ARQC + other tags (ATC, IAD, etc.) Response: 77 template or raw 9F26 SW1 SW2 = 9000
Tag Length Description Example Value 9F02 6 Amount, Authorised 000000012500 ($125.00) 9F03 6 Amount, Other 000000000000 9F1A 2 Terminal Country Code 0840 (UK) / 0840 (US) 9F35 1 Terminal Type 22 (contactless) 9F1A 2 Terminal Country again (some cards) 0840 9F37 4 Unpredictable Number 4A3B8F1C 9F66 2–4 Terminal Capabilities (contactless) varies 9F6C 2 Card Transaction Qualifiers 8000 (magstripe mode) 9505 5 TVR + TSI 0000008000
→ Total signed block ≈ 50–70 bytes → after padding → 64 or 80 bytes → AES/3DES → first 8 bytes = ARQC
Card type Derivation method Session key length % of cards 2025 Visa Contactless AES-128 with ATC ∥ 0000 and ATC ∥ FFFF 16 bytes 68 % Mastercard Contactless 3DES with left/right UDK halves 16 bytes 26 % EMV 2nd Gen Payment Full AES-256 session key 32 bytes 6 %
Terminal sends ARQC + full transaction data to issuer
Issuer re-derives exact same session key using its copy of the card’s master key + ATC
Issuer re-computes the 8-byte cryptogram
If match → issuer generates ARPC = 3DES/AES(ARQC ∥ Authorization Response Code “00” or “01”)
Sends ARPC back → card verifies → returns TC (offline approval) or AAC (decline)
Attack vector Can it fake a valid ARQC? Success rate 2025 Relay attack Yes, but latency kills it (> 600 ms round-trip → terminal aborts) < 0.01 % Pre-play (guess UN + data) No – session key uses ATC which increments every tx 0 % Skimmer + replay No – ATC + UN change every tx 0 % Full chip dump + private key extract Only with physical side-channel on old chips < 0.00001 %
ARQC = first 8 bytes of AES/3DES encryption of the exact transaction data using a session key derived from ATC + card master key
Every single transaction has a completely unique session key and unique input block
Without the card’s secret master key (which never leaves the secure element) it is cryptographically impossible to generate a valid ARQC
That is why, in 2025, the only ways to “beat” ARQC are:
Real-time relay with < 600 ms latency (almost dead)
Physical chip extraction + side-channel (nation-state only)
Everything else dies at the issuer the moment the cryptogram doesn’t match.
