Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
The EMV Contactless Communication Protocol specification only defines the way of interaction between the card and the terminal in terms of organizing data exchange. The logic of the contactless card operation is specified by other specifications. In the MasterCard system, these are the MasterCard PayPass Technical Specifications (starting from the MasterCard M / Chip 4 R2 version, this specification will become part of the MasterCard M / Chip specification), and in the VISA system - VISA Contactless Payment Specification.
These specifications have a number of common features. First, they both support two contactless card modes - magnetic stripe mode and chip mode. The magnetic stripe fashion is intended for markets primarily focused on servicing magnetic stripe cards (for example, the US market). As discussed below, in this case, the contactless card chip stores the magnetic stripe data of the card. During transaction processing, the terminal reads from the application and sends the issuer magnetic stripe data, which instead of the CVC / CW value, their counterparts are used - some dynamically changing values that are cryptographic values depending on the transaction number and the random number generated by the terminal. Thus, to process transactions performed on contactless cards operating in the magnetic stripe mode,
The fashion of the chip is aimed at markets actively working with contact microprocessor cards (for example, Europe, Asia-Pacific, Latin America, etc.). In this case, the contactless card usually contains an EMV contact application and a contactless application that implements some abbreviated version of EMV. Below we will dwell in more detail on how to upgrade the EMV application in order to support the chip mode.
The second common feature of the MasterCard PayPass and VISA Contactless specifications is the refusal to use the PIN Offline method as a method of cardholder verification. This is due to the fact that:
At the same time, when processing transactions with contactless cards, it is allowed to use the PIN Online method.
Third, the MasterCard PayPass and VISA Contactless specifications use the same application selection procedure, according to which the terminal needs no more than two SELECT commands to select a contactless application. This procedure is based on the use of the PPSE (Proximity Payment System Environment) directory, which contains all contactless payment applications. The directory is named DDF Name = 2PAY.SYS.DDF01 and does not contain DDF files (contains only ADF files). The FCI Template object (Tag '6F') of this directory, returned to the terminal in response to the SELECT command, has the form shown in table. 7.2.
Thus, as a result of the SELECT command executed by the card, the terminal receives a list of all contactless applications supported by the card. Then the terminal selects the application with the highest priority and opens it with the second SELECT command.
If the terminal supports a single contactless application, then it uses the SELECT command from the beginning with the application identifier AID. In this case, a single SELECT command is sufficient to select the application.
Tab. 7.2. FCI Template Object Structure
The cardholder's ability to select a contactless application is not supported.
Another common feature of VISA and MasterCard contactless applications is as follows. Despite the fact that the contactless mod in M / Chip 4 and VSDC is implemented as a separate application, these applications have the same name (AID) as their corresponding contact applications. Moreover, contact and contactless applications have common data (offline counters, keys, etc.). In fact, contact and contactless applications implement different modes of the same payment application. However, the contactless application has a higher priority than the contact application. This advantage of contactless applications is realized when the application is selected at the operating system level of the contactless card.
Despite the common properties, the specifications of MasterCard PayPass and VISA Contactless differ significantly from each other. Let's start looking at these standards with MasterCard PayPass.
These specifications have a number of common features. First, they both support two contactless card modes - magnetic stripe mode and chip mode. The magnetic stripe fashion is intended for markets primarily focused on servicing magnetic stripe cards (for example, the US market). As discussed below, in this case, the contactless card chip stores the magnetic stripe data of the card. During transaction processing, the terminal reads from the application and sends the issuer magnetic stripe data, which instead of the CVC / CW value, their counterparts are used - some dynamically changing values that are cryptographic values depending on the transaction number and the random number generated by the terminal. Thus, to process transactions performed on contactless cards operating in the magnetic stripe mode,
The fashion of the chip is aimed at markets actively working with contact microprocessor cards (for example, Europe, Asia-Pacific, Latin America, etc.). In this case, the contactless card usually contains an EMV contact application and a contactless application that implements some abbreviated version of EMV. Below we will dwell in more detail on how to upgrade the EMV application in order to support the chip mode.
The second common feature of the MasterCard PayPass and VISA Contactless specifications is the refusal to use the PIN Offline method as a method of cardholder verification. This is due to the fact that:
- to transmit the PIN-code in a protected form (the only secure way to transmit the PIN-code via the radio interface) it will have to be encrypted on the terminal and decrypted on the card. These procedures can take several hundred milliseconds in time, which is critical for contactless payments performed in the Tar & Go;
- a fraudster can modify the value of the PIN-block (albeit encrypted) transmitted to the card in the VERIFY command. As a result, after several attempts to check the PIN-code, the card / card application may be blocked.
At the same time, when processing transactions with contactless cards, it is allowed to use the PIN Online method.
Third, the MasterCard PayPass and VISA Contactless specifications use the same application selection procedure, according to which the terminal needs no more than two SELECT commands to select a contactless application. This procedure is based on the use of the PPSE (Proximity Payment System Environment) directory, which contains all contactless payment applications. The directory is named DDF Name = 2PAY.SYS.DDF01 and does not contain DDF files (contains only ADF files). The FCI Template object (Tag '6F') of this directory, returned to the terminal in response to the SELECT command, has the form shown in table. 7.2.
Thus, as a result of the SELECT command executed by the card, the terminal receives a list of all contactless applications supported by the card. Then the terminal selects the application with the highest priority and opens it with the second SELECT command.
If the terminal supports a single contactless application, then it uses the SELECT command from the beginning with the application identifier AID. In this case, a single SELECT command is sufficient to select the application.
Tab. 7.2. FCI Template Object Structure
| '6F' | FCI Template | M | |||
| '84' | DDF Name = 2PAY.SYS.DDF01 | M | |||
| 'A5' | FCI Proprietary Template | M | |||
| 'BFOC' | FCI Issuer Discretionary Data | M | |||
| '61' | Directory Entry | M | |||
| '4F' | ADF Name (AID) | M | |||
| '50' | Application Label | M | |||
| '87' | Application Priority Indicator | c | |||
| 9F28 ' | Contactless Application Capabilities Type | c | |||
| '61' | Directory Entry | 0 | |||
| '4F' | ADF Name (AID) | 0 | |||
| '50' | Application Label | 0 | |||
| '87' | Application Priority Indicator | 0 | |||
| '9F28' | Contactless Application Capabilities Type | 0 | |||
| '61' | Directory Entry | 0 | |||
| '4F' | ADF Name (AID) | 0 | |||
| '50' | Application Label | 0 | |||
| '87' | Application Priority Indicator | 0 | |||
| '9F28' | Contactless Application Capabilities Type | 0 |
The cardholder's ability to select a contactless application is not supported.
Another common feature of VISA and MasterCard contactless applications is as follows. Despite the fact that the contactless mod in M / Chip 4 and VSDC is implemented as a separate application, these applications have the same name (AID) as their corresponding contact applications. Moreover, contact and contactless applications have common data (offline counters, keys, etc.). In fact, contact and contactless applications implement different modes of the same payment application. However, the contactless application has a higher priority than the contact application. This advantage of contactless applications is realized when the application is selected at the operating system level of the contactless card.
Despite the common properties, the specifications of MasterCard PayPass and VISA Contactless differ significantly from each other. Let's start looking at these standards with MasterCard PayPass.
