| Current Post | Next Post | EMV Tags List |
| EMV Transactions an Introduction | EMV Transaction: Step 1.) Application Selection | EMV Tags List |
EMV stands for Europay, MasterCard and VISA, a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions.
1. Application selection
2. Initiate application processing
3. Read application data
4. Processing restrictions
5. Offline data authentication
6. Cardholder verification
7. Terminal risk management
8. Terminal action analysis
9. First card action analysis
10. Online transaction authorisation (only carried out if required by the result of the previous steps;
mandatory in ATMs)
11. Second card action analysis
12. Issuer script processing
Before starting the Transaction process, we will check some terms we need to undersatand...
Okay so let's start...
APDU - Application Protocol Data Unit
> Communication between Terminal /Card Reader and the Card is done by an instruction that is APDU(Application Protocol Data Unit ). Reading & writing data to the chip is done through this APDU.
> These APDU's are of 2 types:
1.) Command APDU
2.) Response APDU
> Communication between Terminal /Card Reader and the Card is Half-Duplex type.
Command APDU
Command APDU is used to send a command to the chip card in order to get some response or in better words, to get some useful data from it. |
||||||
| Field | Description |
|---|---|
| CLA | Instruction Class; may take any value except 'FF'. |
| INS | Instruction code within the instruction class |
| P1 | Parameter 1 byte The value and meaning depends on the instruction code (INS). |
| P2 | Parameter 2 byte The value and meaning depends on the instruction code (INS). |
| Lc | Number of data bytes send to the card. The number of data bytes sent in the command APDU (C-APDU) is denoted by Lc (length of command data field). |
| Data | Data byte |
| Le | Number of data bytes expected in the response. If Le is 0x00, at maximum 256 bytes are expected |
As only the header is mandatory & rest being conditional the C-APDU may be used in following 4 cases as needed
Response APDU
The card executes the command received and sends a response APDU back to the terminal.The response APDU has an optional body consisting of data and a mandatory trailer with two status bytes "SW1" and "SW2".SW1 and SW2 combined are the status word (SW).
If the status word has the value 0x9000 (SW1 = 0x90, SW2=0x00), the command was successfully executed by the card.
 |
||||||||||
Coding of the Status Bytes
The status bytes SW1 SW2 are returned in any response message denote the processing state of the command.
Coding of Status Bytes SW1 SW2 in detail.
The following values of SW1 SW2 apply to the Transport Protocol Data Unit (TPDU) and are not returned to the APDU:
'61xx': SW2 indicates the number of response bytes still available.
'6Cxx': Wrong length Le, SW2 indicates the exact length.
What to do in these special cases;
Nothing we simply need to fire the command ADPU again with some changed parameters as follows:
Here
TTL : Terminal Transport layer to which we send our Command APDU
ICC : Integrated Chip Card which send us back the response.
Lc : Exact Length of Data Sent by the Command
Licc : Exact Length of Data Available or Remaining in the ICC (as Determined by the ICC) to be Returned
in Response to the Command Received by the ICC.
Scenario where you get SW1= 0x61 & SW2 = XX
Scenario where you get SW1= 0x6C & SW2 = XX
We will study these scenarios in detail in later Posts (I will specify a link here.)
Links to some POS systems to use in your projects:
Verifone POS:
Vx520 device: https://amzn.to/2QYrY0A
Verifone Latest POS devices:
https://www.verifone.com/en/us/portables-and-transportables
Ingenico POS devices:
iCT220 device : https://amzn.to/3bHRcIw
iWL250 device : https://amzn.to/3byY5vA
iSC250 device : https://amzn.to/3dMcw16
Lane/5000 : https://amzn.to/2X0YkeD
Ingenico Latest POS devices:
https://www.ingenico.com/pos-solutions#smart-pos
Small Handheld mPOS devices :
Square POS Terminal: https://amzn.to/39Aioam
Paper Rolls for POS devices: https://amzn.to/2xAyjbI
**NOTE:
Only purchasing POS devices is not enough for a project. You also require to purchase the software SDK & its license from the respective device vendor, which is required to develop credit/debit/giftcard application on the device.
To compare which device are best for your project:
There are many new POS system manufacturers coming up now. But I can say from my experience Verifone & Ingenico provide one of the best POS systems in the world.
Hi Pushpak
ReplyDeleteNice job, can i have your email id.
Thanks
Rajesh Bodhe
M : 9881093140
thanks...
ReplyDeleteemail Id: patilpushpak8@gmail.com
Really a useful and clear information. Thanks for sharing .
ReplyDeleteHi push, can I add you. Good job for the blog, keep it up
ReplyDeleteGood article.thanks.
ReplyDeletedoes EMV4.2 or EMV4.3 authenticate with Pin Code in order to identify card owner?
ReplyDeletewhat's is the APDU to verify pin in EMV4.3?
ReplyDeleteHello i need price of you library, IDE Visual Studio?
ReplyDeleteGood info,keep it up
ReplyDeleteHi Pushpak,
ReplyDeleteThanks for this very informative blog. I will send you an email regarding an Unknown APDU 2PAY.SYS.DDF01 that I've run into in firmware testing (reader and Proxicard). I need some guidance in how to proceed.
Hey Pushpak,
ReplyDeleteYou are doing an excellent work by sharing your knowledge to others. Helping them in understanding indepth of this EMV module. Keep up the GREAT work.
Great blog on credit card processing, I hope to read more blogs from you. We also share the information about card processing fees and help you to save money.
ReplyDelete