Reputation: 67
ARQC PDOL and ICC data in ISO 8583 message
I have successfully generated a ARQC by satisfying the PDOL required by the ICC. The ARQC required the following PDOL tags.
9F66 TTQ
9F02 Amount Authorised
5F2A Transaction Currency Code
9A Transaction Date
9F37 Unpredictable Number
The AID returned from ICC
06 01 11 03 A00000 0F83000000000000000000006975A844
The Cryptogram Version Number as above 17 (11 Hex)
My question, when I submit the transaction to the acquiring bank for authorisation via a ISO8583 host to host connection, in the ICC related data element do I only populate the EMV tags required by the PDOL and response Tags, or do I submit all ICC tags including for example the 'Terminal Verification Results' which was not required as per PDOL ?
Based on the CVN 17 the required fields to validate Cryptogram is
9F02 Amount
9F37 Unpredictable Number
9F36 ATC
9F10 CVR
Upvotes: 0
Views: 1446
Answers (3)
Reputation: 2211
In most simple terms, what your card is doing here is generating a cryptogram based on elements in CDOL (elements, its order and size, will be mentioned in payment scheme docs for each CVN). So at the issuer end it should get the same elements to validate the cryptogram( and optionally to generate the response cryptogram ).
Upvotes: 1
Reputation: 2270
Agree with comment from Michal.
Acquirer require much more EMV tags to transfer them to Card Issuer side and identify correct card profile and finally validate Cryptogram. The list of EMV data can be different in small details and place of these EMV Values transferred in ISO 8583 message. Refer to your Acquirer ISO 8583 specification.
The short summary of EMV tags and other fields required by Acquirer Interface you may see in EMV specification Book 4, Article "Authorisation Request".
Keep in mind that contactless cards, like your Visa PayWave may need to transfer own specific Tags depending of Card Brand Specification.
Upvotes: 1
Reputation: 1237
Unfortunately this is a question you should ask to your acquirer. The usual is that you populate all the data you have, especially because some of them may be used for risk management rather than cryptogram calculation. List of mandatory data elements is usually longer than what is required purely for cryptogram generation. Second thing is that your application should not interpret proprietary data elements like Issuer Application Data unless you are required (remember there are other card application specifications and you might have trouble differentiating them on the acceptance side). Side note - AID is not IAD, 9F10 is not CVR.
Upvotes: 1
Related Questions
- Reading public data of EMV card
- Data structure of EMV cards
- problems reading the IBAN/BIC of German EC cards
- PDOL enough for online processing
- ISO8583: Appropriate value for Field 43 Card acceptor name/location
- parse EMV application interchange profile for CVM list
- Application interchange profile Interpretation
- ISO 7816-3 for contact card
- How does one substitute the CVC3, ATC and unpredictable number in EMV contactless track data?
- Standards for smartcard communication