Reputation: 513
Unable to read PAN from debit card using EMV contactless (Interac Flash)
Trying to read a debit card number using standard EMV protocol on a card that supports NFC Interac Flash.
Here is my transaction sequence:
Request1: 00A404000E325041592E5359532E444446303100 (Select 2PAY.SYS.DDF01 to get PSE directory)
Response1: 6F2C840E325041592E5359532E4444463031A51ABF0C1761154F07A00000027710105007496E74657261638701019000 (AID A0000002771010 found, Interac)
Request2: 00A4040007A000000277101000 (Select AID A0000002771010)
Response2: 6F348407A0000002771010A5295007496E74657261638701015F2D02656E9F38159F59039F5A019F02069F1A025F2A029F37049F58016285 (Selected AID, response include PDOL, see image below.
https://i.sstatic.net/c9FjM.png
Request3: 80A800001583130000990000000000000001240124000001230000 (Get processing option, based on structure above)
Response3: 6985 (Command not allowed; conditions of use not satisfied.)
I am unable to get pass the 6985 error; after 2 days of spec reading and trial-and-error.
Any hints / thoughts / successful example in reading card number from a Debit Card (Interac)? Card being tested is a TD Debit Card with Interac Flash contactless function.
Thanks a lot!
--- Note: I was able to read card number from Visa and MasterCard without GET PROCESSING OPTION. But since I kept getting 6985 without GPO, I try to do it, but failed. I don't really need to do GPO, just need to get card number and expiration date. ---
Upvotes: 5
Views: 5977
Answers (2)
Reputation: 513
Here is the whole working flow, with GPO and READ RECORD instructions.
Request1: 00A404000E325041592E5359532E444446303100 Response1: 6F2C840E325041592E5359532E4444463031A51ABF0C1761154F07A00000027710105007496E74657261638701019000 Request2: 00A4040007A000000277101000 (SELECT) Response2: 6F348407A0000002771010A5295007496E74657261638701015F2D02656E9F38159F59039F5A019F02069F1A025F2A029F37049F58019000 Request3: 80A80000158313C080000000000000100001240124823DDE7A0100 (GPO) Response3: 7711820218009404100102009F6304001000009000 Request4: 00B2011400 (READ RECORD) Response4: 70615A08XXXXXXXXXXXXXXXXX5F3401015F24031711308E0C0000000000000000010302038C159F02069F03069F1A0295055F2A029A039C019F37048D09910A8A0295059F37049F0D05FCF8FCF8F09F0E0500100000009F0F05FCF8FCF8F09F070229009000
Thanks to Nicolas Riousset. My problems included incorrect PDOL response, a dead EMV card and finally in the READ RECORD, I need to read record 2 to pick up the track data. (not record 1)
Upvotes: 3
Reputation: 3619
The "Dual Interface Reader/Terminal Specification for Interac Direct Payment" version 1.4 indicates that the card should respond with SW1 SW2 = 6985 when the internal Application Transaction Counter (ATC) reaches its maximum value :
3.2.6 GET PROCESSING OPTIONS command
... If ATC reaches its maximum value (‘FFFF’), the card response to GET PROCESSING OPTION is SW1SW2 = ’69 85’.
However, the card probably rejects the GET PROCESSING OPTIONS (GPO) command because of an invalid response to its requested PDOL. Here's a comparison of the values sent in your GPO command with the ones in a valid Interac Flash transaction :
TAG LEN MEANING YOUR SAMPLE VALID SAMPLE
9F59 03 Terminal Transaction Information 000099 C08000
9F5A 01 Terminal transaction Type 00 00
9F02 06 amount, authorised 000000000000 000000001000
9F1A 02 Terminal country code 0124 0124
5F2A 02 Transaction currency code 0124 0124
9F37 04 Unpredictable number 00000123 823DDE7A
9F58 01 Merchant Type Indicator 00 01
You'll notice that :
- The Terminal Transaction Information seems invalid. It should be set according to your reader capabilities.
- The amount may not be supported by the card : you're trying to do a 0$ purchase.
- The merchant type indicator is invalid (valid values range from 01 to 05)
Once you'll have corrected these values, the card will most likely accept the GPO command, and you'll be able to read the PAN using the READ RECORD commands.
Hope this helps.
Below is an example of an accepted InteracFlash purchase, up to the accepted GPO command. PCD identifies the commands sent by the contactless reader/terminal, PICC identifies the responses from the InteracFlash card :
PCD Select File
PCD CLA: 00
PCD INS: A4
PCD P1: 04
PCD P2: 00
PCD Lc: 0E
PCD Data: 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31
PCD Le: 00
PICC Successful
PICC Data (46 bytes)
PICC Tag 6F:FCI Template
PICC Length:2C
PICC Value :84 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31
A5 1A BF 0C 17 61 15 4F 07 A0 00 00 02 77 10 10
87 01 01 50 07 49 4E 54 45 52 41 43
PICC Tag 84:Dedicated File (DF) Name
PICC Length:0E
PICC Value :32 50 41 59 2E 53 59 53 2E 44 44 46 30 31
PICC Tag A5:FCI Proprietary Template
PICC Length:1A
PICC Value :BF 0C 17 61 15 4F 07 A0 00 00 02 77 10 10 87 01
01 50 07 49 4E 54 45 52 41 43
PICC Tag BF0C:FCI Discretionary Data
PICC Length:17
PICC Value :61 15 4F 07 A0 00 00 02 77 10 10 87 01 01 50 07
49 4E 54 45 52 41 43
PICC Tag 61:Application Template
PICC Length:15
PICC Value :4F 07 A0 00 00 02 77 10 10 87 01 01 50 07 49 4E
54 45 52 41 43
PICC Tag 4F:Application Identifier
PICC Length:07
PICC Value :A0 00 00 02 77 10 10
PICC Tag 87:Application Priority Indicator
PICC Length:01
PICC Value :01
PICC Tag 50:Application Label
PICC Length:07
PICC Value :49 4E 54 45 52 41 43
PICC ASCII Value:INTERAC
PICC SW1 SW2: 90 00
PCD Select File
PCD CLA: 00
PCD INS: A4
PCD P1: 04
PCD P2: 00
PCD Lc: 07
PCD Data: A0 00 00 02 77 10 10
PCD Le: 00
PICC Successful
PICC Data (62 bytes)
PICC Tag 6F:FCI Template
PICC Length:3C
PICC Value :84 07 A0 00 00 02 77 10 10 A5 31 50 07 49 4E 54
45 52 41 43 87 01 01 9F 38 15 9F 59 03 9F 5A 01
9F 02 06 9F 1A 02 5F 2A 02 9F 37 04 9F 58 01 5F
2D 02 65 6E BF 0C 05 9F 4D 02 0B 14
PICC Tag 84:Dedicated File (DF) Name
PICC Length:07
PICC Value :A0 00 00 02 77 10 10
PICC Tag A5:FCI Proprietary Template
PICC Length:31
PICC Value :50 07 49 4E 54 45 52 41 43 87 01 01 9F 38 15 9F
59 03 9F 5A 01 9F 02 06 9F 1A 02 5F 2A 02 9F 37
04 9F 58 01 5F 2D 02 65 6E BF 0C 05 9F 4D 02 0B
14
PICC Tag 50:Application Label
PICC Length:07
PICC Value :49 4E 54 45 52 41 43
PICC ASCII Value:INTERAC
PICC Tag 87:Application Priority Indicator
PICC Length:01
PICC Value :01
PICC Tag 9F38:Processing Options Data Object List (PDOL)
PICC Length:15
PICC Value :9F 59 03 9F 5A 01 9F 02 06 9F 1A 02 5F 2A 02 9F
37 04 9F 58 01
PICC Tag 9F59:Terminal Transaction Information
PICC Length:03
PICC Tag 9F5A:Terminal transaction Type
PICC Length:01
PICC Tag 9F02:Amount, Authorized (Numeric)
PICC Length:06
PICC Tag 9F1A:Terminal Country Code
PICC Length:02
PICC Tag 5F2A:Transaction Currency Code
PICC Length:02
PICC Tag 9F37:Unpredictable Number
PICC Length:04
PICC Tag 9F58:Merchant Type Indicator
PICC Length:01
PICC Tag 5F2D:Language Preference
PICC Length:02
PICC Value :65 6E
PICC ASCII Value:en
PICC Tag BF0C:FCI Discretionary Data
PICC Length:05
PICC Value :9F 4D 02 0B 14
PICC Tag 9F4D:Log Entry
PICC Length:02
PICC Value :0B 14
PICC SW1 SW2: 90 00
PCD Get Processing Options
PCD CLA: 80
PCD INS: A8
PCD P1: 00
PCD P2: 00
PCD Lc: 15
PCD Data: 83 13 C0 80 00 00 00 00 00 00 10 00 01 24 01 24
82 3D DE 7A 01
PCD Le: 00
PICC Successful
PICC Data (23 bytes)
PICC Tag 77:Response Message Template Format 2
PICC Length:15
PICC Value :82 02 18 00 94 08 08 01 01 00 10 01 02 00 9F 63
04 00 10 00 00
PICC Tag 82:Application Interchange Profile
PICC Length:02
PICC Value :18 00
PICC Tag 94:Application File Locator (AFL)
PICC Length:08
PICC Value :08 01 01 00 10 01 02 00
PICC Tag 9F63:Card Transaction Information
PICC Length:04
PICC Value :00 10 00 00
PICC SW1 SW2: 90 00
...
Upvotes: 7
Related Questions
- Cardholder name not included when reading EMV card
- EMV Payment using nfc
- How to receive payment using NFC reader in mobile phones
- always getting 6a82 and 6d00 for reading visa emv card
- Problems reading and writing MIFARE cards
- How to read response from a credit card over NFC
- APDU command to read credit card data from visa Paywave NFC enabled card using Samsung Galaxy S4
- DESFire EV1 card emulation
- How do I read the PAN from an EMV SmartCard from Java
- Reading from a smartcard using nfc on android