Terminal Technical Manual AEIPS V4.3 Apr 2015

AEIPS%20Terminal%20Technical%20Manual%20-%20v4.3%20-%20Apr%202015

User Manual:

Open the PDF directly: View PDF .
Page Count: 94

AEIPS

Terminal Technical Manual

(AEIPS 4.3)

April 2015

American Express

Page 2 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Confidential and Trade Secret Materials

This

document

contains

sensitive,

confidential

and

trade

secret

information and

may

not

disclosed

third

parties

without

the

prior

written

consent

American

Express

Travel

Services

Company,

Inc.

The

policies,

procedures,

and

rules

this

manual

are

subject

change from

time

American

Express

Global

Network

Services.

2015

American

Express

Travel

Services

Co.,

Inc.

All

Rights

Reserved

Page 3 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table of Contents

1 SUMMARY OF CHANGES ..................................................................................................................... 10

2 INTRODUCTION ..................................................................................................................................... 11

2.1 Scope ................................................................................................................................................... 11

2.2 Audience ............................................................................................................................................. 11

2.3 Reference Materials ........................................................................................................................... 11

2.3.1 ISO ................................................................................................................................................ 11

2.3.2 EMV .............................................................................................................................................. 12

2.3.3 American Express ......................................................................................................................... 12

2.4 Use of Terms ...................................................................................................................................... 12

2.4.1 Optional, Mandatory or Conditional .............................................................................................. 12

2.4.2 Use of the Term “Chip Card” ........................................................................................................ 12

2.4.3 Cardholder or Cardmember? ........................................................................................................ 12

2.5 Document Structure ........................................................................................................................... 13

2.6 Notation ............................................................................................................................................... 13

3 TRANSACTION OVERVIEW .................................................................................................................. 14

3.1 Functional Overview .......................................................................................................................... 14

3.2 Dual Interface Support ....................................................................................................................... 15

3.3 Mandatory and Optional Functionality Summary ........................................................................... 15

3.3.1 Functions ...................................................................................................................................... 15

3.3.2 Commands .................................................................................................................................... 16

3.3.3 AEIPS Command Non-Specific Status Words ............................................................................. 17

4 APPLICATION SELECTION ................................................................................................................... 18

4.1 Overview ............................................................................................................................................. 18

4.2 Commands .......................................................................................................................................... 18

4.3 Processing Requirements ................................................................................................................. 19

4.3.1 Chip Card Insertion and Power Up Sequence .............................................................................. 19

4.3.2 Answer to Reset ............................................................................................................................ 19

4.3.3 Application Selection – Building the Candidate List ..................................................................... 19

4.3.4 Application Selection – Choosing the Required Application ......................................................... 20

5 INITIATE APPLICATION PROCESSING ............................................................................................... 21

5.1 Overview ............................................................................................................................................. 21

5.2 Commands .......................................................................................................................................... 21

5.3 Processing Requirements ................................................................................................................. 21

Page 4 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

6 READ APPLICATION DATA .................................................................................................................. 23

6.1 Overview ............................................................................................................................................. 23

6.2 Commands .......................................................................................................................................... 23

6.3 Processing Requirements ................................................................................................................. 23

7 OFFLINE DATA AUTHENTICATION ..................................................................................................... 25

7.1 Overview ............................................................................................................................................. 25

7.1.1 Static Data Authentication (SDA) .................................................................................................. 26

7.1.2 Dynamic Data Authentication (DDA) ............................................................................................ 27

7.1.3 Combined DDA / Application Cryptogram Generation (CDA) ...................................................... 27

7.2 Commands .......................................................................................................................................... 27

7.3 Processing Requirements ................................................................................................................. 28

7.3.1 American Express Scheme CA Keys ........................................................................................... 28

7.3.2 Static Data Authentication (SDA) .................................................................................................. 28

7.3.3 Dynamic Data Authentication (DDA) ............................................................................................ 29

7.3.4 Combined DDA/AC Generation (CDA) ......................................................................................... 29

8 PROCESSING RESTRICTIONS ............................................................................................................. 30

8.1 Overview ............................................................................................................................................. 30

8.2 Processing Requirements ................................................................................................................. 30

9 CARDHOLDER VERIFICATION ............................................................................................................. 32

9.1 Overview ............................................................................................................................................. 32

9.2 Commands .......................................................................................................................................... 32

9.3 Processing Requirements ................................................................................................................. 33

9.3.1 Online PIN ..................................................................................................................................... 34

9.3.2 Offline PIN ..................................................................................................................................... 34

9.3.3 Other CVM .................................................................................................................................... 36

9.4 PIN Pad Requirements ....................................................................................................................... 36

10 TERMINAL RISK MANAGEMENT ...................................................................................................... 37

10.1 Overview .......................................................................................................................................... 37

10.2 Commands ...................................................................................................................................... 37

10.3 Processing Requirements ............................................................................................................. 37

11 1ST TERMINAL ACTION ANALYSIS .................................................................................................. 39

11.1 Overview .......................................................................................................................................... 39

Page 5 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

11.2 Processing Requirements ............................................................................................................. 39

11.2.1 Offline Processing Results ............................................................................................................ 40

11.2.2 Request Application Cryptogram in 1st GENERATE AC ............................................................. 41

12 1ST CARD ACTION ANALYSIS ........................................................................................................... 42

12.1 Overview .......................................................................................................................................... 42

12.2 Commands ...................................................................................................................................... 43

12.3 Processing Requirements ............................................................................................................. 43

13 ONLINE PROCESSING ....................................................................................................................... 44

13.1 Overview .......................................................................................................................................... 44

13.2 Processing Requirements ............................................................................................................. 44

14 ISSUER AUTHENTICATION ............................................................................................................... 46

14.1 Overview .......................................................................................................................................... 46

14.2 Commands ...................................................................................................................................... 46

14.3 Processing Requirements ............................................................................................................. 46

15 2ND TERMINAL ACTION ANALYSIS .................................................................................................. 48

15.1 Overview .......................................................................................................................................... 48

15.2 Processing Requirements ............................................................................................................. 48

15.2.1 Advice Messages .......................................................................................................................... 49

15.2.2 Voice Referrals ............................................................................................................................. 49

16 2ND CARD ACTION ANALYSIS .......................................................................................................... 50

16.1 Overview .......................................................................................................................................... 50

16.2 Commands ...................................................................................................................................... 50

16.3 Processing Requirements ............................................................................................................. 51

17 ISSUER SCRIPT PROCESSING ........................................................................................................ 52

17.1 Overview .......................................................................................................................................... 52

17.2 Commands ...................................................................................................................................... 52

17.3 Processing Requirements ............................................................................................................. 53

17.4 Processing a Blocked Application ............................................................................................... 53

18 TRANSACTION COMPLETION .......................................................................................................... 54

Page 6 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

18.1 Overview .......................................................................................................................................... 54

18.2 Processing Requirements ............................................................................................................. 54

18.2.1 Voice referrals ............................................................................................................................... 54

19 PERFORMANCE REQUIREMENTS ................................................................................................... 55

20 CRYPTOGRAPHIC REQUIREMENTS ............................................................................................... 56

20.1 Unpredictable Number Generation ............................................................................................... 56

20.2 Offline Data Authentication ........................................................................................................... 56

20.3 Offline PIN Encipherment .............................................................................................................. 56

20.4 PIN Entry Device ............................................................................................................................. 56

21 ADDITIONAL PRODUCT SPECIFICS ................................................................................................ 57

21.1 Membership-Related Data Processing ......................................................................................... 57

21.1.1 Overview ....................................................................................................................................... 57

21.1.2 Data............................................................................................................................................... 57

21.1.3 Processing Requirements ............................................................................................................. 57

22 DATA ELEMENTS ............................................................................................................................... 58

22.1 Data Overview ................................................................................................................................. 58

22.2 Payment Systems Environment .................................................................................................... 58

22.2.1 PSE Select Response Data .......................................................................................................... 58

22.2.2 PSE Directory Level Data ............................................................................................................. 59

22.3 Payment Application Data ............................................................................................................. 59

22.3.1 Select Response Data .................................................................................................................. 59

22.3.2 Initiate Application Processing Data ............................................................................................. 61

22.3.3 Read Record Data ........................................................................................................................ 62

22.3.4 SDA Data ...................................................................................................................................... 67

22.3.5 DDA / CDA Data ........................................................................................................................... 68

22.3.6 Chip Card PIN Encipherment Data ............................................................................................... 69

22.3.7 Terminal Risk Management Data ................................................................................................. 70

22.4 Data Elements Table ...................................................................................................................... 72

23 GLOSSARY ......................................................................................................................................... 91

24 INDEX .................................................................................................................................................. 94

Page 7 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

List of Figures

Figure 3-1: AEIPS Transaction Flow ............................................................................................ 14

Figure 4-1: Application Selection Detail ....................................................................................... 18

Figure 5-1: Initiate Application Processing Detail ......................................................................... 21

Figure 6-1: Read Application Data Detail ..................................................................................... 23

Figure 7-1: Offline Data Authentication Detail .............................................................................. 25

Figure 7-2: Key Hierarchy ............................................................................................................ 26

Figure 8-1: Processing Restrictions Detail ................................................................................... 30

Figure 9-1: Cardholder Verification Detail .................................................................................... 32

Figure 9-2: Cardholder Verification Terminal Process Flow ......................................................... 33

Figure 9-3: Offline PIN Terminal Process Flow ............................................................................ 35

Figure 10-1: Terminal Risk Management Detail ........................................................................... 37

Figure 11-1: Terminal Action Analysis Detail................................................................................ 39

Figure 12-1: 1st Card Action Analysis Detail ................................................................................ 42

Figure 13-1: Online Processing Detail ......................................................................................... 44

Figure 14-1: Issuer Authentication Detail ..................................................................................... 46

Figure 15-1: 2nd Terminal Action Analysis Detail ......................................................................... 48

Figure 16-1: 2nd Card Action Analysis Detail ............................................................................... 50

Figure 17-1: Issuer Script Processing Detail ................................................................................ 52

Figure 18-1: Transaction Completion Detail ................................................................................. 54

Figure 22-1: AEIPS Data ............................................................................................................. 58

Page 8 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

List of Tables

Table 2-1: ISO Publications ......................................................................................................... 11

Table 2-2: EMV Publications ........................................................................................................ 12

Table 2-3: American Express Publications ................................................................................... 12

Table 3-1: AEIPS Terminal Functionality Requirements .............................................................. 15

Table 3-2: AEIPS Command Terminal Support Requirements ..................................................... 16

Table 3-3: AEIPS Command Non-Specific Status Words ............................................................ 17

Table 11-1: Issuer Action Codes and corresponding Terminal Action Codes ............................... 40

Table 22-1: PSE Response Data ................................................................................................. 59

Table 22-2: PSE Directory Level Data ......................................................................................... 59

Table 22-3: Select Response Data .............................................................................................. 60

Table 22-4: Application Priority Indicator (API) ............................................................................. 61

Table 22-5: Data Retrievable by Get Processing Options Command (GPO) ................................ 61

Table 22-6: Application Interchange Profile (AIP) ........................................................................ 62

Table 22-7: Read Record Data Objects ....................................................................................... 63

Table 22-8: Application Usage Control (AUC) .............................................................................. 64

Table 22-9: CDOL1 Data Objects ................................................................................................ 64

Table 22-10: CDOL2 Data Objects .............................................................................................. 65

Table 22-11: Authorization Response Code Values (Tag ‘8A’) .................................................... 65

Table 22-12: Cardholder Verification Methods List ...................................................................... 66

Table 22-13: Optional Data Objects ............................................................................................. 67

Table 22-14: Data used in Static Data Authentication .................................................................. 67

Table 22-15: Data Objects for Signing ......................................................................................... 68

Table 22-16: Mandatory Data for Dynamic Data Authentication ................................................... 68

Table 22-17: Public key modulus lengths for which support is mandatory .................................... 69

Table 22-18: Static Data to be Authenticated ............................................................................... 69

Table 22-19: DDOL Data Objects ................................................................................................ 69

Page 9 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-20: Mandatory Data for Chip Card PIN Encipherment ................................................... 70

Table 22-21: Data Retrievable by GET DATA Command ............................................................ 70

Table 22-22: Terminal Verification Results (TVR) Settings .......................................................... 71

Table 22-23: AEIPS Data Elements Table (DET) ......................................................................... 73

Table 23-1: Acronyms and Abbreviations .................................................................................... 91

Page 10 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

1 Summary of Changes

Summary of changes from AEIPS 4.2 Specification:

 Document structure changes

 All section numbers 1-17 incremented by 1 to 2-18

 Summary of Changes now section 1

 Data Elements moved from section 18 to 23

 Table 11-1 added.

 Table 11-1 renamed as Table 11-2

 Cryptographic Requirements moved from section 19 to 20

 Addition of sections: 19 Performance Requirements; 21 Additional Product Specifics; 24

Index

 All Tables; Figures & internal links updated to match new structure

 Document functional changes – updates

 Updates for EMV Bulletin No. 137

o Use of CDA for both 1st & 2nd GENERATE AC is now recommended.

o Mandatory check for presence of CA Public Key required for CDA, no CDA

processing if not present.

 Updates for EMV Bulleting No. 113

o Table 22-22 updated to include Byte 1 bit 2 “SDA Selected”.

o Additionally, in 7.3.2 set SDA Selected bit in TVR is SDA is performed.

 Updates for EMV 4.2 to 4.3:

o Despite EMV removing support for DDF entries to the PSE DDF directory,

Terminals need to continue to support them for compatibility with existing cards

o Introduction of CDA Mode to define CDA processing

o Terminal Risk Management is always performed regardless of the AIP setting

o DDA support in mandated in Terminals. This document also mandates CDA

 Document functional changes – new features

 Added Membership related data processing in section 21.1, with new optional data

elements (‘9F5A’ & ‘9F5B’)

Introduction of PUT DATA command for contactless CVM list update via contact interface

with tag (“9F6F”)

 Document functional changes – clarifications

 Process overviews included within individual sections instead of separate section.

Duplication removed.

 Processing for APPLICATION UNBLOCK described

 Handling online PIN

 CDA processing options fully described

 Setting TVR bits

Page 11 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

2 Introduction

This version of the American Express AEIPS Terminal Technical Manual fully conforms to EMV v4.3

[EMV4.3i - iv]. There are two volumes within AEIPS:

 AEIPS Chip Card Specification

 AEIPS Terminal Manual (this document).

2.1 Scope

The purpose of this document is to outline the terminal functionality required to process American Express

Chip Card transactions. All American Express Acquirers and Third Party Processors must ensure that the

terminal performs American Express Chip Card transactions as defined in this manual.

Any functionality beyond that defined in this document must comply with [EMV4.3i – iv] (See section 2.3.2

for additional information).

This document only specifies requirements for Terminal interaction with American Express payment

applications over a contact interface. Requirements for Terminals supporting contactless payments can be

found in the American Express Expresspay Terminal Specification [XP-TERM].

This document is primarily a technical manual but the business requirements that the technical solutions

address are also outlined.

Any terminal application intended to process an American Express Chip Card shall be certified against the

requirements in this manual. Note that EMV certification is conditional but not sufficient in meeting this

requirement.

2.2 Audience

This document is intended for American Express personnel involved with the implementation of payment

products on Integrated Circuits or “chip”, American Express Global Network Services Partners, Chip Card

application developers, Systems developers, Chip Card and Terminal vendors seeking a technical

understanding of the functionality of Chip Cards and Terminals supporting AEIPS.

2.3 Reference Materials

Reference citations in this manual are shown as labels within square brackets (e.g., [ISO3166]). Full details

of the references are given in this section.

Users of the information contained in these materials are solely responsible for identifying and obtaining any

and all patent or other intellectual property licenses that may be needed for products or services developed

in connection with these materials.

2.3.1 ISO

ISO standards may be ordered via the ISO Website at www.iso.org.

Table 2-1: ISO Publications

[ISO3166]

Codes for the representation of names and countries

[ISO4217]

Codes for the representation of currencies and funds

[ISO639]

Codes for the representation of names and languages

[ISO8583]

Financial Transaction Card Originated Messages - Interchange message specifications

[ISO7813]

Identification Cards - Financial transaction Cards

[ISO7816-4]

Identification Cards - Integrated circuit(s) Cards with contacts - Part 4: Inter-industry

commands for interchange

Page 12 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

[ISO7816-5]

Identification Cards - Integrated circuit(s) Cards with contacts -Part 5: Numbering system

and registration procedure for application identifiers

2.3.2 EMV

EMV publications may be ordered from the EMV Co. Website at www.emvco.com.

Table 2-2: EMV Publications

[EMV4.3i]

EMV ICC Specification for Payment Systems, Book 1 – Application independent ICC to

terminal interface requirements, version 4.3, November 2011

[EMV4.3ii]

EMV ICC Specification for Payment Systems, Book 2 – Security and key management,

4.3, November 2011

[EMV4.3iii]

EMV ICC Specification for Payment Systems, Book 3 – Application specification, version

4.3, November 2011

[EMV4.3iv]

EMV ICC Specification for Payment Systems, Book 4 – Cardholder, attendant and acquirer

interface requirements, version 4.3, November 2011

2.3.3 American Express

There are a number of American Express documents that are relevant to AEIPS card Issuers and Acquirers,

which can be obtained from GNSWEB, americanexpress.com/gns.

All American Express’ AEIPS manuals operate within the boundaries defined in [EMV4.3i – iv].

Table 2-3: American Express Publications

[AG]

Acquirer Chip Card Implementation Guide

[ATG]

AEIPS Terminal Guide

[XP-TERM]

Expresspay Terminal Specification (ExpressPay 3.1)

2.4 Use of Terms

2.4.1 Optional, Mandatory or Conditional

American Express’ philosophy is to facilitate market requirements while ensuring global interoperability. To

this end, AEIPS’ minimum requirements reflect the EMV mandatory items in addition to specific

requirements for American Express.

American Express’ minimum requirements are designated using the term “mandatory”, “required”, or

“must”. Participants wishing to implement parts of EMV beyond this may do so only if this manual does not

state that those parts are not supported under AEIPS.

Markets can customize their programs beyond the minimum requirements through adoption of the optional

functions and through proprietary processing. Proprietary processing, however, must not compromise

global interoperability.

If a requirement is conditional, it must meet the condition as defined in the value restrictions.

2.4.2 Use of the Term “Chip Card”

In general, the term “Chip Card” is used to represent the entity which performs the AEIPS Chip Card

application functions. This acknowledges the possibility of the chip supporting multiple applications.

2.4.3 Cardholder or Cardmember?

The words Cardholder and Cardmember refer to “A person who has entered into an agreement and

established a Card Account with an Issuer, or whose name is embossed on a Card”.

Page 13 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

2.5 Document Structure

This document is structured to guide the reader through the steps required to implement the AEIPS

Terminal requirements.

It is assumed that technical readers are familiar with the EMV specifications [EMV4.3i – iv] and that all

readers have a basic understanding of the technology. Each part of this document starts with a descriptive

section. This is the suggested minimum reading for a business understanding of the document. Subsequent

sections indicate the technical detail associated with the business function or requirement.

Section 3 provides an overview of a terminal transaction.

Sections 4 to 18 describe each of the transaction processing steps in detail, providing: an overview; list of

commands; set of processing requirements.

Section 19 describes the performance requirements.

Section 20 describes the cryptographic requirements.

Section 21 describes the additional product functionality Terminals use to support additional American

Express services.

Section 22 summarizes the Data Elements.

Section 23 contains a glossary of terms used in this document.

Section 24 is the index.

2.6 Notation

Throughout this document, the data elements that are defined in the Data Dictionary, Table 22-23, are

marked in italics, e.g., Card Verification Results.

In the transaction flow diagrams that are used throughout this document, dashed lines around boxes are

used to indicate the presence of optional functionality.

Hexadecimal numbers are represented within single quotes, e.g., ‘6A83’.

Page 14 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

3 Transaction Overview

This section provides a general non-technical overview of the complete AEIPS transaction. It is important to

understand this, since the rest of this document is structured around the transaction steps as defined in this

section.

3.1 Functional Overview

All functions mentioned in this manual are performed as described in the EMV [EMV4.3i – iv]. Figure 3-1

shows the AEIPS transaction flow from the point at which a Chip Card is inserted into a Terminal to the point

at which it is removed. Functions shown as dashed boxes are optional.

This diagram is used throughout this manual where more detail of each function is provided.

Figure 3-1: AEIPS Transaction Flow

As shown in Figure 3-1, a transaction consists of a number of processing steps which assure the AEIPS

transaction. These steps are described in detail in sections 4 to 18 below.

In summary, the AEIPS transaction flow provides the means to:

 Authorize payment

 Authenticate the card

 Authenticate the transaction at the time of the transaction and for audit purposes

 Verify the Cardholder.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Optional /

Conditional Step Mandatory

Step

Legend

Page 15 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

3.2 Dual Interface Support

A dual interface card is one that is capable of transacting over both a contact and contactless interface. The

functionality required of an American Express payment application over a contact interface is defined in this

manual. The functionality required of an American Express payment application over a contactless interface

is defined in the Expresspay Terminal Specification [XP-TERM].

Terminal and card behavior over the contactless interface is beyond the scope of the AEIPS manuals.

However, Terminals meeting this manual will successfully process dual interface cards when used on the

contact interface.

3.3 Mandatory and Optional Functionality Summary

3.3.1 Functions

AEIPS Terminals must support the mandatory functions listed in Table 3-1 below. An Acquirer can then

decide whether to make use of these functions or not. Unless noted, it should be assumed that mandatory

parts of EMV are mandatory under AEIPS. Where AIEPS requirements differ from EMV on the presence of

these functions, then this is highlighted in bold in Table 3-1. Optional functions may be supported at the

Acquirer’s discretion. Conditional functions must be supported if the associated condition is true.

Table 3-1: AEIPS Terminal Functionality Requirements

Function

Online Capable

Terminals

Online Only

Terminals

(e.g. ATMs)

Offline Only

Terminals

Application Selection

 Directory Method

 Explicit Selection Method

 Partial Name Selection Enabled

Mandatory

 Mandatory

Mandatory

 Mandatory

Mandatory

 Mandatory

Initiate Application Processing

Mandatory

Read Application Data

Mandatory

Offline Data Authentication

 SDA

 Standard DDA

 Combined DDA/AC Generation

 CRL checking of Issuer PKC

Mandatory

 Mandatory

 N/S

Optional

 Optional

 N/S

Mandatory

 Mandatory

 N/S

Processing Restrictions

 Application Version Number

 Application Usage Control

 Effective Date Check

 Expiration Date Check

Mandatory

 Mandatory

Mandatory

 Mandatory

Mandatory

 Mandatory

Cardholder Verification

 Signature

 Online PIN

 Offline PIN

 No CVM

Mandatory

 Mandatory

 Conditional*

 Optional

 Conditional**

Mandatory

 Mandatory

 Conditional*

 Optional

 Conditional**

Mandatory

 Mandatory

 N/S

 Optional

 Conditional**

Terminal Risk Management

 Velocity Checking

 New Card Check

Mandatory

 Mandatory

Mandatory

 Mandatory

Mandatory

 Mandatory

1st Terminal Action Analysis

TACs Mandatory***

1st Card Action Analysis

N/A

Page 16 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Function

Online Capable

Terminals

Online Only

Terminals

(e.g. ATMs)

Offline Only

Terminals

Online Processing

 Online Capability

 Issuer Authentication

Mandatory

N/S

2nd Terminal Action Analysis

Mandatory

2nd Card Action Analysis

N/A

Issuer Script Processing

 Secure Messaging

Mandatory

N/S

Transaction Completion

Mandatory

* Online PIN is mandatory for cash advance transactions.

** No CVM is mandatory for CATs

*** It is mandatory that TACs are present.

3.3.2 Commands

The table below indicates the command requirements for an AEIPS-compliant Terminal to support the Chip

Card commands defined in [EMV4.3iii].

Table 3-2: AEIPS Command Terminal Support Requirements

Command

AEIPS Terminal Support

EXTERNAL AUTHENTICATE

Mandatory

GENERATE AC

Mandatory

GET CHALLENGE

Mandatory

GET DATA

Mandatory

GET PROCESSING OPTIONS

Mandatory

GET RESPONSE

Mandatory

INTERNAL AUTHENTICATE

Mandatory

READ RECORD

Mandatory

SELECT

Mandatory

VERIFY

Mandatory

Page 17 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

3.3.3 AEIPS Command Non-Specific Status Words

The table below indicates the status word responses that an AEIPS-compliant card may generate in

response to errors processing commands. Additional status words representing particular errors specific to a

command can be found in the appropriate section of the document. The order column indicates the order in

which error checking will be performed by the card.

Table 3-3: AEIPS Command Non-Specific Status Words

Order

Error Condition

Status Word

When any command is attempted with an CLA byte not equal to one of ‘00’,

‘04’, ‘80’, ‘84’.

6E00

When a command is attempted with an INS byte not equal to one of:

‘A4’, ‘A8’, ‘B2’, ‘CA’, ‘20’, ‘88’, ‘AE’, ‘82’, ‘1E’, ‘24’, ‘DA’, ‘18’.

6D00

When a supported card command completes processing without error

9000

Page 18 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

4 Application Selection

Figure 4-1: Application Selection Detail

4.1 Overview

When an AEIPS Chip Card is presented to a Terminal, the Terminal determines, and optionally displays, a

list of applications supported by both Chip Card and Terminal. In the case where the list is displayed, the

Cardholder selects the desired application from the available list.

When the Terminal does not support Cardholder selection the terminal selects the application according its

priority.

During Application Selection, the Chip Card and Terminal determine which of the applications that are

supported by both will be used to conduct the transaction. Two steps are performed:

 Build the candidate list: The Terminal builds a list of mutually supported applications.

 Application selection: A single application from the candidate list is identified and selected for the

following transaction.

4.2 Commands

 SELECT

 READ RECORD

To support Application Selection as described in [EMV4.3i] Sections 11.2 and 11.3, the Terminal must

support the READ RECORD and the SELECT commands.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

List supported

applications

Card

SELECT

READ RECORD

Application

selection

Terminal

Page 19 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

4.3 Processing Requirements

Card Application selection consists of a number of stages:

 Card Insertion and Power Up Sequence

 Answer to Reset

 Application Selection – Building the Candidate List

 Application Selection – Choosing the Required Application.

4.3.1 Chip Card Insertion and Power Up Sequence

Terminals must be fully compliant to the requirements detailed in [EMV4.3i] Part I – Electromechanical

Characteristics and Logical Interface and Transmission Protocols.

4.3.2 Answer to Reset

The Chip Card reader must be fully compliant with the requirements of [EMV4.3i] Part II –

Electromechanical Characteristics and Logical Interface and Transmission Protocols. This details the

electromechanical characteristics and transmission protocols to be used for communication between Chip

Card and Terminal.

4.3.2.1 Protocol Support

Two transmission protocols are defined in the EMV Specifications:

 T = 0 – Character-oriented asynchronous half-duplex transmission protocol

 T = 1 – Block-oriented asynchronous half-duplex transmission protocol.

The Terminal must be capable of supporting both protocols.

If a Chip Card does not support a protocol which is supported by the Terminal, i.e., other than T=0 or T=1,

fallback to magnetic stripe must apply.

4.3.3 Application Selection – Building the Candidate List

Applications are identified by Application Identifiers (AIDs). AIDs are intended to identify a Chip Card

product or service provider, i.e., American Express Charge Card, American Express Credit Card, etc.

The following EMV documents detail the Terminal requirements for the support of the EMV Application

Selection process:

 [EMV4.3i] Section 12

 [EMV4.3iv] Section 11.3.

Note that EMV4.3 removes other DDF entries from the PSE DDF directory. However, terminals must

continue to process application selection of PSE with DDF entries in accordance with previous versions of

EMV and as detailed in [ISO7816-4] until the cards are replaced.

EMV specifies two methods for identifying the candidate list of applications for selection:

 Using a Terminal held list of supported AIDs, as described in [EMV4.3i] Section 12.3.3

 Using the Payment Systems Environment (PSE), as described in [EMV4.3i] Section 12.3.2.

Terminals compliant with this manual must support both methods. If the PSE is present on the card then

the PSE selection method must be attempted first.

If either the card does not have a PSE, or PSE processing does not identify a suitable application, the

Terminal must use a list of AIDs it supports to build the candidate list.

Additionally, all AEIPS compliant terminals must support the use of partial name selection, as described in

[EMV4.3i] Section 11.3.5.

If there are no applications supported by both the Chip Card and Terminal, the transaction must be

terminated.

Page 20 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

The Registered Application Provider Identifier (RID) assigned to American Express is ‘A000000025’.

4.3.4 Application Selection – Choosing the Required Application

There are three scenarios depending on the display capabilities and environment of the terminal:

 Terminal supports Cardholder selection - if the Terminal supports Cardholder selection, the

Cardholder must be presented with an application list in priority order. If the Cardholder does not

select an application, the transaction must be terminated.

 Terminal supports Cardholder confirmation - if the Terminal supports Cardholder confirmation,

then it will select the highest priority application and must ask for Cardholder confirmation. If the

Cardholder confirms, the application must be selected. Otherwise the Terminal must select the

next highest priority application, until the Cardholder confirms, or no further applications exist. If the

Cardholder does not select an application, the transaction must be terminated.

 Terminal does not support Cardholder selection or confirmation - if the Terminal does not

support application selection or confirmation by the Cardholder, the Terminal must select the

highest priority application that does not require Cardholder confirmation.

The application priority is indicated by the value of the Application Priority Indicator read from the Chip Card.

The Application Priority Indicator also defines whether a particular application requires specific Cardholder

confirmation before use in a transaction. Operational design and Terminal location should take this into

account if a Terminal is going to support such applications.

If as a result of application selection a list is presented to the Cardholder, it must be in priority sequence,

with the highest priority application listed first.

If there is no priority sequence specified in the card, the list should be in the order in which the applications

were encountered in the card, unless the terminal has its own preferred order. The same applies where

duplicate priorities are assigned to multiple applications or individual entries are missing the Application

Priority Indicator i.e. the terminal may use its own preferred order or display the duplicate priority or non-

prioritized applications in the order encountered in the card.

If there is only one AEIPS application supported by both the Chip Card and Terminal, the Terminal may

select it automatically without involving the Cardholder if the payment application does not require

cardholder confirmation

If there is only one AEIPS application supported by both the Chip Card and Terminal which requires

cardholder confirmation, then explicit Cardholder selection must ensue.

Once the Terminal has identified the application to be used for the transaction, it must be selected by the

Terminal using the SELECT command, as defined in [EMV4.3i] Section 11.3 SELECT Command-Response

APDUs.

Page 21 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

5 Initiate Application Processing

Figure 5-1: Initiate Application Processing Detail

5.1 Overview

If an AEIPS application is selected, the Terminal requests that the Chip Card presents the location of the

data to be used for the current transaction and the functions supported.

The GET PROCESSING OPTIONS command signals the Chip Card to return the Application File Locator

(AFL) and Application Interchange Profile (AIP).

The AFL is a list of parameters identifying the files and records to be read from the Chip Card used in

processing the transaction. The AIP indicates the capabilities of the Chip Card to support specific functions

of the application to be taken into consideration by the Terminal when determining how to process the

transaction.

5.2 Commands

 GET PROCESSING OPTIONS

To support Initiate Application Processing, the Terminal must support the GET PROCESSING OPTIONS

command as defined in [EMV4.3iii] Section 6.5.8.

5.3 Processing Requirements

The Terminal must determine whether the optional Processing Data Object List (PDOL) was supplied by

the Chip Card application in response to the application selection.

If the PDOL is used, the Terminal must format the GET PROCESSING OPTIONS command to include any

data elements requested in the PDOL to be sent to the Chip Card with this command.

If the PDOL is not present, the Terminal must format the GET PROCESSING OPTIONS command with the

command data field of ‘8300’.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

CardTerminal

Initiate

application

processing

GET PROCESSING

OPTIONS

Supported

functions &

pointers to

application data

Page 22 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

The Terminal must format the GET PROCESSING OPTIONS command according to [EMV4.3iii] Section

6.5.8.

During Application Initiation, the Terminal signals the Chip Card that processing of the transaction is

beginning. Initiate Application Processing must be performed as described in [EMV4.3iii] Section 10.1, and

[EMV4.3iv] Section 6.3.1 and store the AFL and AIP returned from the Chip Card.

If the response from the Chip Card returns SW1 SW2 = ‘6985’ indicating that ‘Conditions of use are not

satisfied’, the Terminal must remove the current application from the list of mutually supported applications

(the candidate list) and return to Application Selection (See Section 4).

If the response from the Chip Card does not contain both the AFL and AIP then the Terminal must remove

the current application from the list of mutually supported applications (the candidate list) and return to

Application Selection (See Section 4).

If the response from the Chip Card returns the AFL and AIP, the Terminal must proceed to Read

Application Data (See Section 6).

Page 23 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

6 Read Application Data

Figure 6-1: Read Application Data Detail

6.1 Overview

The Terminal reads the data from the location presented by the Chip Card AFL.

The Terminal reads any Chip Card data necessary for completing the transaction using the READ RECORD

command. The AFL is a list identifying the files and records that must be used in the processing of a

transaction. The files that are read may be used for application purposes or as authentication data used

during Offline Data Authentication (See Section 7).

6.2 Commands

 READ RECORD

AEIPS compliant Terminals must support the READ RECORD command as described in [EMV4.3iii]

Section 6.5.11.

6.3 Processing Requirements

The Terminal must read all data records specified in the AFL.

It is mandatory that the READ RECORD command be performed as defined in [EMV4.3i] Section 11.2.

All data read successfully from the Chip Card must be stored by the Terminal and used when required

during the transaction. If a processing error occurs during this read record phase, the transaction must be

aborted.

It is not the Terminal’s responsibility to ensure the integrity of the data read from the Chip Card unless it is a

specific requirement of the EMV specifications. As long as the data retrieved within a read record command

correctly breaks down into valid Tag/Length/Value (TLV) data elements, the Terminal can assume it is valid,

and the integrity of the data element placed in a Chip Card is the responsibility of the Issuer.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Provide

application

records

Card

READ RECORD

Read

application

data

Terminal

Page 24 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Terminal vendors must ensure that an invalid data element value does not cause the Terminal to become

unusable or lock up.

Data validation (missing or erroneous data on the Chip Card) is detailed in [EMV4.3iii] Section 7.5, in

particular the Terminal Verification Results (TVR) byte 1, bit 6 must be set according to [EMV4.3iii] Table

31.

Page 25 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

7 Offline Data Authentication

Figure 7-1: Offline Data Authentication Detail

7.1 Overview

Offline Data Authentication is a mechanism intended to prove that certain significant card data elements

have not been altered after the Chip Card was issued. “Static” data authentication proves that data is not

counterfeit and “dynamic” data authentication proves that the data is not cloned. The three forms of data

authentication are:

 Static Data Authentication (SDA)

 Dynamic Data Authentication (DDA)

 Combined DDA/Application Cryptogram Generation (CDA).

The Terminal determines whether it should authenticate the Chip Card offline using either static or dynamic

data authentication based upon the Chip Card support for these methods.

Offline Data Authentication results are used when the Chip Card and Terminal decide whether to approve

the transaction offline, go online for approval or to decline the transaction.

Offline Data Authentication uses Public Key Cryptography. Figure 7-2 shows the one-to-one and the one-to-

many relationships in the American Express Public Key Scheme. At the top of the trust tree there is the

American Express EMV Certificate Authority (CA). Directly under this, each issuing Participant has a CA and

each issues many Chip Cards. Each AEIPS-compliant Chip Card holds the Issuer’s Public Key Certificate

which is signed by an American Express EMV CA private key. Each payment application on an AEIPS-

compliant Chip Card may hold an Application DDA Private Key and Public Key Certificate which is signed by

an Issuer CA Private Key. For the cryptographic scheme to work, each Terminal need only hold the set of

American Express EMV CA Public Keys.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Card

Generate

dynamic

cryptogram

Card

Terminal

Offline data

authentication

part 1

INTERNAL

AUTHENTICATE

(only if DDA)

Page 26 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Figure 7-2: Key Hierarchy

Note: The Application DDA keys may also be used for offline PIN encipherment during cardholder

verification. Alternatively, a payment application may include a separate Application PIN encipherment

Public and Private Key if this function is supported, and is shown in the figure. Section 9 describes

cardholder verification.

7.1.1 Static Data Authentication (SDA)

SDA validates a fixed cryptographic signature over data elements held within the Chip Card to assure that

this data has not been altered since Chip Card personalization. The Terminal uses the Issuer Public Key

retrieved from the Chip Card to decrypt the data from the Chip Card and make sure that the hash obtained

Current American

Express CA key pair

Previous American

Express CA key

pairs, still in use

Issuer Key Pair (one

per BIN Range) Issuer Public Key Certificate

(Signed with American Express

CA Private Key)

Issuer Public Key Certificate

(Signed with American

Express CA Private Key)

Application DDA Key Pair

(one per card application,

can also be used for PIN

Encipherment)

Issuer Public Key Certificate

(Signed with American

Express CA Private Key)

Application PIN

Encipherment Key

Pair (one per card

application, optional)

Application DDA Public Key Certificate

(Signed with the Issuer Private Key)

AMERICAN EXPRESS

ISSUER

ACQUIRER

Live American

Express CA Public

Keys

ALL TERMINALS

Live American

Express CA Public

Keys

SDA Cards DDA / CDA Cards

Application PIN Encipherment Public

Key Certificate (Signed with the Issuer

Private Key)

Page 27 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

in this way matches a hash of the actual data objects retrieved from the Chip Card. If these hashes do not

match, then offline SDA fails.

During SDA, the Chip Card is passive and the Terminal is active. The Chip Card provides the data to be

validated but the terminal carries out all the computation.

7.1.2 Dynamic Data Authentication (DDA)

DDA is an offline authentication technique in which the Chip Card and the Terminal are both active and

capable of executing a Public/Private Key algorithm. DDA validates not only that the Chip Card data has not

been altered but also that the data is being read from a genuine card and is not a copy.

As part of DDA processing the Terminal verifies the Chip Card static data has not been altered in a similar

manner to SDA. In addition, the Terminal validates that the card is genuine in a separate process by

requesting that the Chip Card generates a cryptogram using dynamic (transaction unique) data from the

Chip Card and Terminal and a Chip Card Application DDA Private Key. The Terminal decrypts this dynamic

signature using the Chip Card Application DDA Public Key recovered from Chip Card data. A match of the

decrypted data to a hash of the original data verifies that the Chip Card is not a counterfeit.

7.1.3 Combined DDA / Application Cryptogram Generation (CDA)

CDA was introduced to EMV to enable transactions to be performed more efficiently and securely by directly

linking the Application Cryptogram used in authorization and settlement with the offline authentication

process. CDA is an offline authentication mechanism that uses a similar technique to DDA, but combines

the generation of the offline authentication signature with the generation of the Application Cryptogram. This

means that the Terminal does not perform offline data authentication processing as a separate process but

as part of the processing of the Application Cryptogram produced by the card as a result of Card Action

Analysis (Sections 12 and 16).

7.2 Commands

 READ RECORD

 INTERNAL AUTHENTICATE (DDA Only)

The data elements used for Offline Data Authentication are read from the Chip Card by the Terminal using

the READ RECORD command during the “Read Application Data” phase of the transaction. If supported,

the INTERNAL AUTHENTICATE command must be performed as specified in [EMV4.3iii] Section 6.5.9

INTERNAL AUTHENTICATE Command-Response APDUs.

Only one INTERNAL AUTHENTICATE command must be supported per transaction.

Page 28 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

7.3 Processing Requirements

AEIPS requires that all Terminals are capable of performing Offline Data Authentication except Terminals

operating in certain ‘online only’ environments, for example ATMs.

Offline Data Authentication can take three forms as described in the EMV 4.3 specifications. AEIPS-

compliant Terminals must support:

 Static Data Authentication (SDA)

 Dynamic Data Authentication (DDA)

 Combined DDA/Application Cryptogram Generation (CDA).

Offline Data Authentication must be performed as described in [EMV4.3ii] Sections 5 and 6, and [EMV4.3iii]

Section 10.3. TVR bits affected include byte 1, bits 8, 7, 4 and 3. If Offline Data Authentication is not

performed, then TVR byte 1, bit 8 must be set to “1”.

The Terminal must determine Chip Card authentication using SDA, DDA or CDA based on the Chip Card

support for these methods as indicated in the AIP of the Chip Card.

When Offline Data Authentication is to be performed, CDA has the highest priority and if the Chip Card

supports it, then CDA must be performed. If the card only supports DDA and/or SDA then DDA must be

attempted. If the Chip Card does not support either type of dynamic data authentication, but does support

Static Data Authentication (SDA), then SDA must be performed.

Any Terminal that has the ability to complete a transaction offline (i.e., without positive online authorization

from the Issuer of the Chip Card) must support and perform Offline Data Authentication (subject to the Chip

Card indicating Offline Data Authentication is supported in the AIP).

EMV optionally supports the use of a Certificate Revocation List (CRL) to enable the listing of Issuer Public

Key Certificates that a Payment Scheme has revoked. American Express does not support the use of

CRLs for this purpose at this time.

7.3.1 American Express Scheme CA Keys

In order that Offline Data Authentication can be performed by a Terminal, the Terminal must be configured

with the necessary American Express Certificate Authority (CA) Public Keys.

American Express will distribute the American Express CA Public Keys (CAPKs) to Acquirers of American

Express Chip Card transactions. The Acquirers are responsible for the distribution of the American Express

CAPKs to all Terminals that support Offline Data Authentication.

Terminals must be able to store and use a minimum of six American Express CAPKs and associated data,

permitting all keys to be available for use during the processing of a Chip Card transaction.

The CAPKs, their related data elements that a Terminal must hold along with details of the format in which

the CAPKs are distributed by American Express are shown in the American Express Terminal Guide [ATG].

7.3.2 Static Data Authentication (SDA)

If Static Data Authentication is to be performed, then the Terminal must:

 Check that the CAPK identified by the Card is configured.

 If the CAPK is not present or is invalid, then SDA fails and the Terminal must set the TVR

byte 1 bit 7 to “1” (SDA Failed).

 If Static Data Authentication is to be performed then this must be performed as described in

[EMV4.3ii] Sections 5 and 6, and [EMV4.3iii] Section 10.3.

 The Terminal must set the TVR byte 1 bit 2 “SDA selected” to “1”.

 During SDA the Terminal will validate the Signed Static Application Data read from the Chip Card. If

SDA fails, the Terminal must set the TVR byte 1, bit 7 “SDA Failed” bit to ”1”.

Page 29 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

7.3.3 Dynamic Data Authentication (DDA)

If Standard Dynamic Data Authentication, as described in [EMV4.3ii] Section 6.5, is to be performed, the

INTERNAL AUTHENTICATE command must be issued to the Chip Card as described in [EMV4.3iii]

Section 6.5.9 Command-Response APDUs.

The INTERNAL AUTHENTICATE Command must include a concatenation of the data elements identified in

the Dynamic Authentication Data Object List (DDOL) read from the Chip Card, or in the event that the DDOL

is not present in the Chip Card the Terminal must use the Default DDOL (tag ‘9F37’) present in the

Terminal. In all cases the DDOL must contain the Unpredictable Number (tag ‘9F37’) otherwise DDA is

considered by the Terminal to have failed.

If DDA is to be performed, then the Terminal must check that the CAPK identified by the Card is configured.

 If the CAPK is not present or is invalid, then DDA fails and the Terminal must set the TVR byte 1 bit

4 to “1” (DDA Failed).

During DDA the Terminal must validate the Signed Dynamic Application Data returned by the card in the

response to the INTERNAL AUTHENTICATE Command.

If DDA fails the Terminal must set the TVR byte 1, bit 4 “DDA Failed” to ”1”.

7.3.4 Combined DDA/AC Generation (CDA)

If CDA is to be performed, the INTERNAL AUTHENTICATE Command is not issued to the Chip Card.

Instead, CDA can be requested by a Terminal in the following circumstances:

 When requesting a TC as part of 1st GENERATE AC

 When requesting an ARQC as part of 1st GENERATE AC

 When requesting a TC as part of 2nd GENERATE AC.

Terminals supporting Offline Data Authentication have 4 operating modes for when requesting an online

cryptogram from the Chip Card and processing an approved online authorization:

 CDA to be requested on 1st and 2nd GENERATE AC

 CDA to be requested on 1st but not the 2nd GENERATE AC

 CDA is not requested on 1st or 2nd GENERATE AC

 CDA to be requested only on the 2nd GENERATE AC.

Terminals can be configured to support any one of the modes for AEIPS transactions. American Express

recommends that terminals request CDA on both the 1st and 2nd GENERATE AC, which corresponds to

CDA Mode 1 in [EMV4.3ii] Table 30.

If requested, CDA processing is performed following Card Action Analysis and is described in Sections 12

and 16.

If CDA is to be performed, either following the 1st and / or 2nd GENERATE AC, the Terminal must check that

the CAPK identified by the card is configured.

 If the CAPK is not present then CDA shall be considered to have failed, CDA must not be

requested in the GENAC and the Terminal must set the TVR byte 1, bit 3 “CDA Failed” to “1”.

Page 30 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

8 Processing Restrictions

Figure 8-1: Processing Restrictions Detail

8.1 Overview

The Terminal performs a number of checks to see whether the transaction should be allowed. Parameters

that can effect this decision include the effective and expiration date for the Chip Card, whether the

application versions of the Chip Card and Terminal match, and whether any Application Usage Control

restrictions are in effect. An Issuer may use Application Usage Controls to restrict a Chip Card’s use for

cash, goods or services.

The Terminal uses the data gathered from the Chip Card during Read Application Data (See Section 6) to

ascertain the particular restrictions under which this transaction can be carried out.

8.2 Processing Requirements

The Terminal must perform Processing Restrictions, as defined in [EMV4.3iii] Section 10.4 and [EMV4.3iv]

Sections 6.3.3, to see whether the transaction should be allowed.

Processing Restrictions cover the following mandatory checks to be performed by the Terminal:

 Comparison of the Chip Card Application Version Number, if present in the Chip Card, to a

Terminal-resident Application Version Number. The Terminal must store an Application Version

Number for each Application Identifier (AID) supported by the Terminal. If the Chip Card Application

Version Number and Terminal-resident Application Version Number are not the same, then the

Terminal must set the TVR byte 2 bit 8 to “1” as described in [EMV4.3iii] Section 10.4.1.

 Application Usage Control - This is used to determine if any geographical or transaction type

restrictions have been imposed on the Chip Card product, e.g., it may be used to restrict a Chip

Card’s use for domestic or international cash, or goods and services:

 Domestic Usage Check - If the Issuer Country Code read from the Chip Card is equal to the

Terminal Country Code, the transaction is defined as ‘Domestic’. The Terminal checks that

the transaction type (e.g., Cash, Goods or Services) for the transaction being processed is

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

terminal action

analysis

card action

analysis

Online

transaction

terminal action

analysis

card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Card

Processing

restrictions

Terminal

Page 31 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

permitted in a ‘Domestic’ environment according to the Chip Card’s Application Usage

Control (AUC).

 International Usage Check - If the Issuer Country Code read from the Chip Card is not

equal to the Terminal Country Code, the transaction is defined as ‘International’. The

Terminal checks that the transaction type for the transaction being processed is permitted in

an ‘International’ environment according to the Chip Card’s Application Usage Control

(AUC).

 Transaction Environment Check – If the Terminal is an ATM the Terminal checks that the

Chip Card’s AUC has the bit “Valid for use at an ATM” set to 1. If the Terminal is other than

an ATM (e.g., POS), the Terminal must verify that the Chip Card’s AUC has the bit “Valid at

Terminals other than an ATM” set to “1”.

If any of the above checks fail, the Terminal must set byte 2 bit 5 of the TVR to “1” indicating that the

“Requested Service is not Allowed for Card Product”.

 Effective and Expiration Date Checking – These checks ensure that the application is not pre-valid

and not expired. If the transaction date is prior to the Application Effective Date, the Terminal must

set the TVR byte 2 bit 6 (Application not effective yet) to “1”. If the transaction date is past the

Application Expiration Date, the Terminal must set the TVR byte 2 bit 7 (Expired application date) to

“1”.

The outcomes of the above checks are evaluated against a set of Issuer Action Codes and Terminal Action

Codes resident in the Chip Card and Terminal respectively during Terminal Action Analysis (See Section

11).

Page 32 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

9 Cardholder Verification

Figure 9-1: Cardholder Verification Detail

9.1 Overview

Cardholder Verification is used to determine that the Cardholder is legitimate and that the Chip Card has not

been lost or stolen.

The Chip Card’s Cardholder Verification Method (CVM) List is used by the Terminal to identify the highest

priority CVM that both the Chip Card and Terminal support. The Terminal reads this list, and when a match

of the conditions required by the Chip Card and the methods supported by the Terminal is found, that CVM

method is selected.

9.2 Commands

 GET DATA

 GET CHALLENGE

 VERIFY

If the Chip Card and Terminal support offline PIN the Terminal must use the GET DATA command to read

the Remaining PIN Try Counter as defined in [EMV4.3iii] Section 6.5.7 GET DATA Command-Response

APDUs. This enables the Terminal to identify a blocked PIN without having to issue a VERIFY command.

For offline PIN processing, if supported, the Terminal application must support the VERIFY command, as

defined in [EMV4.3iii] Section 6.5.12. If enciphered offline PIN is supported, the Terminal application must

also support the GET CHALLENGE command, as defined in [EMV4.3iii] Section 6.5.6.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Generate unpred.

number

Card

Cardholder

verification

Terminal

Remaining PIN

try counter

Validate PIN

GET CHALLENGE

(if offline enc. PIN)

GET DATA

(optional if offline PIN)

VERIFY

(if offline PIN)

Page 33 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

9.3 Processing Requirements

Cardholder Verification must be supported by the Terminal as defined in [EMV4.3iii] Section 10.5 and

[EMV4.3iv] Section 6.3.4.

CVM Processing is shown in Figure 9-2 and described in the following.

Figure 9-2: Cardholder Verification Terminal Process Flow

 If the AIP returned by the card in response to the GET PROCESSING OPTIONS command indicates

that Cardholder Verification is supported, the Terminal must perform Cardholder Verification processing

as defined in [EMV4.3iii] Section 10.5 and [EMV4.3iv] Section 6.3.4. In particular, processing continues

as follows:

 The Cardholder Verification Method (CVM) List present on the Chip Card drives the Cardholder

Verification processing requirements. A Terminal must not attempt to use any CVM unless it is

indicated to do so by the Cardholder Verification Method (CVM) List.

9.3 CVM Processing

Terminal &

Infrastructure

Online PIN

capable?

‘Online PIN’ is removed

from list of acceptable

CVM types Yes

Create list of supported

CVM methods

Card Supports

CVM?

Yes

CVM List processing

EMV4.3iii 10.5

Process CVM

9.3.1 Online PIN

9.3.2 Offline PIN

9.3.3 other CVM

Yes

TVR: Cardholder Verification

was not successful

CVM Results set as

EMV4.3iv 6.3.4.5

10 Terminal Risk Management

Mutually

supported CVM

found?

Page 34 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

 If either the Terminal or the associated acquiring infrastructure for the payment system Card

being processed does not support the Cardholder Verification Method of Online PIN, then the

Terminal must not include ‘Online PIN’ as one of its supported methods (see Section 9.3.1).

 The Terminal must process the Cardholder Verification Method (CVM) List as defined in

[EMV4.3iii] Section 10.5.5. Additionally, the Terminal must perform the operations described for

individual CVMs as described in the following Sections 9.3.2 and 9.3.3.

 If the result of CVM processing is a CVM fail then the Terminal must set the TVR byte 3 bit 8

(Cardholder verification was not successful) to “1” as per [EMV4.3iii] Section 10.5 and CVM

Results as [EMV4.3iv] Section 6.3.4.5.

 Else AIP indicates Cardholder Verification is not supported and processing continues with Terminal Risk

Management Section 10.

9.3.1 Online PIN

If the CVM for the transaction is Online PIN, the Terminal must prompt for PIN irrespective of the status of

the Chip Card’s Offline PIN (i.e., including the case where the Chip Card’s Offline PIN Try Limit is

exceeded). Furthermore, the terminal must perform an online transaction with the Issuer to complete CVM

checking and hence must not request an offline approval during Terminal Action Analysis (section 11).

If the Online PIN is entered and accepted by the Terminal, the Terminal must set the Terminal Verification

Results (TVR) byte 3 bit 3 (“Online PIN Entered”) to “1”, and the result of the CVM is considered to be

successful.

If a terminal is to support Online PIN then both the Point of Sale Terminal and the acquiring infrastructure

(message protocols, etc.) must be able to support inclusion of the Online PIN in the authorization request

sent to American Express. The terminal and the acquiring infrastructure must be certified for Online PIN

before the Terminal is considered capable of supporting Online PIN as a CVM.

9.3.2 Offline PIN

Offline PIN processing proceeds as shown in Figure 9-3.

Page 35 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Figure 9-3: Offline PIN Terminal Process Flow

All AEIPS-compliant Chip Cards supporting offline PIN verification also support the GET DATA command as

defined in [EMV4.3iii] Section 6.5.7, for the retrieval of the Remaining PIN Try Counter.

Following Cardholder Verification Method (CVM) List processing if the chosen CVM for the transaction is

Offline PIN or Offline Enciphered PIN, the Terminal must issue the GET DATA Command to retrieve the

Remaining PIN Try Counter from the Chip Card.

 If the value of the Remaining PIN Try Counter is zero the Terminal must perform the following:

 Set the ‘PIN Try Limit Exceeded’ bit to “1” in the TVR

 Perform the action specified by the Cardholder Verification Method (CVM) List entry (i.e.,

Fail Cardholder Verification, or apply next CVM) and proceed to Terminal Risk

Management, Section 10, or CVM List Processing in Figure 9-2.

 Else If the value of the Remaining PIN Try Counter is “1” the Terminal should display a message to

indicate that there is only one PIN Try Remaining, such as ‘Last PIN Try’.

9.3.2 Offline PIN

Prompt for PIN Entry

PIN Tries = 0? No

Issue GET DATA for PIN

Try Counter

EMV4.3iii 6.5.7

PIN returned

from PIN Pad

Issue VERIFY

EMV4.3iii 6.5.12

PIN OK?

SW=9000

PIN Tries = 1? Yes

Prompt Last PIN Try

TVR: PIN Try Limit Exceeded

Process CVM List Entry

Fail CVM?

Yes

TVR: Cardholder Verification

was not successful

CVM Results set as

EMV4.3iv 6.3.4.5

10 Terminal Risk Management

Yes

Next CVM in CVM List

processing EMV4.3iii 10.5

No Enciphered

PIN?

Issue GET CHALLENGE

EMV4.3iii 6.5.6 and

EMV4.3ii 7.1 & 7.2

Yes

PIN Tries left in SWNo

CVM Results: ‘Successful’

CVM Processing

Complete Yes

Page 36 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

 Else If the value of the Remaining PIN Try Counter is greater than zero the Terminal should prompt

for PIN Entry.

 If the CVM for the transaction is offline enciphered PIN then prior to issuing a VERIFY Command

the Terminal must issue a GET CHALLENGE Command to the Chip Card, as defined in [EMV4.3iii]

Section 6.5.6. The Terminal must proceed with enciphered PIN key selection as described in

[EMV4.3ii] Section 7.1 and processing as defined in [EMV4.3ii] Section 7.2.

 Following the entry of the Offline PIN the Terminal must issue the VERIFY Command to the Card

including the Transaction PIN Data, as defined in [EMV4.3iii] Section 6.5.12. PIN verification will

then be performed by the Chip Card.

There are four possible outcomes of the PIN Verification performed by the Chip Card that the Terminal must

handle:

1 PIN Verified OK - If the PIN is successfully verified by the Chip Card, the Card will return SW1 SW2

equal to ‘9000’ and the Terminal must confirm correct PIN entry to the Cardholder displaying a ‘PIN

OK’ message or similar. Cardholder CVM is successful and processing continues with Terminal Risk

Management.

2 PIN Incorrect and PIN Try Limit Not Exceeded - If the PIN verification by the Chip Card is not

successful and SW1 SW2 equal to ‘63Cx’ is returned by the Chip Card (where ‘x’ is the number of

PIN tries remaining), the Terminal should display a message ‘INCORRECT PIN’ and additionally a

message indicating the number of attempts remaining (e.g., ‘2 PIN TRIES REMAINING’ if x = 2). If

the Chip Card returns SW1 SW2 equal to ‘63C1’ indicating one PIN try remaining, the Terminal may

display a message ‘LAST PIN TRY’ or similar.

3. PIN Incorrect and PIN Try Limit Exceeded on this transaction - If the PIN verification by the Chip

Card is not successful and SW1 SW2 equal to “63C0” is returned by the Chip Card indicating zero

remaining PIN try attempts, the Terminal must perform the following:

 Set the TVR byte 3 bit 6 (“PIN Try Limit Exceeded”) to “1”.

 Perform the action specified by the Cardholder Verification Method (CVM) List entry (i.e., Fail

Cardholder Verification, or apply next CVM) and proceed to Terminal Risk Management,

Section 10 or CVM List Processing in Figure 9-2.

4. PIN Try Limit Exceeded on Previous Transaction - If the PIN verification by the Chip Card is not

successful and SW1 SW2 equal to ‘6983’ or ‘6984’ is returned by the Chip Card indicating that the

PIN Try Limit exceeded on a previous transaction, the Terminal must perform the following:

 Set the TVR byte 3 bit 6 (“Offline PIN Try Limit Exceeded”) to “1”.

 Perform the action specified by the Cardholder Verification Method (CVM) List entry (i.e., Fail

Cardholder Verification, or apply next CVM) and proceed to Terminal Risk Management

Section 10 or CVM List Processing in Figure 9-2.

9.3.3 Other CVM

Other CVMs (e.g. signature, No CVM, combination CVM) are processed as per [EMV4.3iii] Section 10.5.

9.4 PIN Pad Requirements

If a PIN Pad is present, it must comply with EMV requirements as defined in [EMV4.3ii] Section 11.1, the

PCI Security Standards Council PIN Transaction Security (PTS) requirements and guidelines and any

additional local market requirements. American Express has no minimum requirements for PIN Pads above

those of EMV, the PCI and the local market payment authorities or regulatory bodies.

Page 37 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

10 Terminal Risk Management

Figure 10-1: Terminal Risk Management Detail

10.1 Overview

Terminal Risk Management performs a series of checks to determine whether:

 The transaction is over the merchant Network Floor Limit

 The account number is on an optional Terminal exception file

 The Terminal limit for consecutive offline transactions has been exceeded

 The Chip Card is a new Chip Card

 The Merchant has forced the transaction online.

Some transactions are randomly selected for online processing. The results of the risk management check

are stored in a Terminal resident data element called Terminal Verification Results (TVR). All the required

EMV-defined risk management checks are performed by the Terminal. Terminal processing decisions based

on the outcome of the above checks are configurable, as determined by the Chip Card (for the Issuer) and

Terminal resident data elements (for the Merchant and Acquirer) which are the Issuer Action Codes and the

Terminal Action Codes respectively (See Section 11).

10.2 Commands

 GET DATA

To support the EMV Terminal Risk Management processes, the Terminal will support the GET DATA

command as defined in [EMV4.3iii] Section 6.5.7 GET DATA Command-Response APDUs.

10.3 Processing Requirements

Terminal Risk Management must always be performed as stated in [EMV4.3iii] Section 10.6 and [EMV4.3iv]

Section 6.3.5. Random transaction selection need not be performed by a Terminal without online capability.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Application Transaction

Counter (ATC)

Last Online ATC

Card

GET DATA

Terminal risk

management

Terminal

Page 38 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Online-capable Terminals and merchants must support random transaction selection and optionally a

Terminal Exception File. If the transaction is randomly selected for online authorization then the TVR byte 4,

bit 5 must be set to “1”. If the Terminal Exception File is used and a match is found then the TVR byte 1, bit

5 must be set to “1”.

The results of the risk management check must be stored in the TVR (as defined in Section 22.3.7).

Terminals must use the GET DATA Command as defined in [EMV4.3iii] Section 6.5.7 to retrieve the ATC

(tag ‘9F36’) and the Last Online Application Transaction Counter register (tag ‘9F13’). This is used in

Terminal Velocity Checking, as defined in [EMV4.3iii] Section 10.6.3. If the data is missing or erroneous the

TVR byte 1, bit 6 (Card data missing) must be set to “1” according to [EMV4.3iii] Section 7.5 Table 31. If the

Last Online Application Transaction Counter register value is zero then the Terminal must set the TVR byte

2, bit 4 (New Card) to “1” as per [EMV4.3iii] Section 10.6.3.

Terminals may allow a merchant to force a transaction online, for example if the merchant is suspicious. If

this occurs the Terminal must set the TVR byte 4, bit 4 (Merchant forced transaction online) to “1” as per

[EMV4.3iv] Section 6.5.3.

Where possible, terminals should be configured with a Chip Transaction Floor Limit that is distinct from the

non-Chip Transaction Floor Limit. This feature allows Chip Card transactions to have their risk managed

separately from magnetic stripe or manual entry transactions.

Page 39 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

11 1st Terminal Action Analysis

Figure 11-1: Terminal Action Analysis Detail

11.1 Overview

1st Terminal Action Analysis uses the results of Offline Data Authentication, Processing Restrictions,

Terminal Risk Management, Cardholder Verification (collectively known as offline-processing results) and

rules set in the Chip Card and Terminal to determine whether the transaction should be approved offline,

sent online for authorization, or declined offline.

The Chip Card rules are set by the Issuer in fields called Issuer Action Codes (IACs) sent to the Terminal by

the Chip Card. American Express rules are set in Terminal Action Codes (TACs) configured into the

Terminal. After determining the transaction disposition, the Terminal requests an Application Cryptogram

from the Chip Card. The Terminal processes the results with the rules to determine the type of Application

Cryptogram to request from the Chip Card.

11.2 Processing Requirements

The type of Application Cryptogram requested must be based upon the transaction disposition with a

Transaction Certificate (TC) for an approval, an Authorization Request Cryptogram (ARQC) for a request to

go online, and an Application Authentication Cryptogram (AAC) for a decline as defined in [EMV4.3iii]

Section 10.7 and [EMV4.3iv] Section 6.3.6.

Note that [EMV4.3iii] Section 10.7 states “The Terminal action analysis function may be executed at several

places during a transaction to eliminate the need for unnecessary processing”. In line with [EMV4.3iii] AEIPS

also maintains this flexibility.

1st Terminal Action Analysis comprises two stages:

 Checking of the Offline Processing Results

 Requesting a Cryptogram from the Card.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Card

1st terminal

action analysis

Terminal

GENERATE AC

Page 40 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

11.2.1 Offline Processing Results

The Terminal must examine the results of Offline processing recorded in the TVR during the Transaction so

far, for example, during Terminal Risk Management.

The review of the offline processing results must be performed against the Issuer Action Codes (IACs) read

from the Chip Card during the ‘Read Application Data’ phase of the transaction, and the Terminal Action

Codes (TACs) resident in the Terminal.

The Terminal compares bit settings in the Issuer Action Codes and Terminal Action Codes to the

corresponding bits in the TVR. Setting of the corresponding bit in either the IACs or TACs will determine the

outcome of the Terminal action analysis as described further below.

There are three sets of Issuer Action Codes and corresponding Terminal Action Codes:

Table 11-1: Issuer Action Codes and corresponding Terminal Action Codes

Issuer Action Code - Denial

Terminal Action Code - Denial

Defines conditions that determine if the Terminal must request

that the transaction be declined offline

Issuer Action Code - Online

Terminal Action Code - Online

Defines conditions that determine if the Terminal must request

that the transaction be transmitted online for authorization

Issuer Action Code – Default

Terminal Action Code - Default

Defines conditions that determine if the Terminal must request

a transaction be declined that was required to be sent online

but that the Terminal is unable to send online

The processing to be performed by the Terminal must be as follows:

The Terminal must compare the Issuer Action Codes - Denial and Terminal Action Codes - Denial with the

results of the current transaction as recorded in the TVR, and if any of the corresponding bits are set, the

transaction is requested to be declined and the Terminal must:

 Set the Cryptogram type to be requested in the GENERATE AC Command to Application

Authentication Cryptogram (AAC).

 Set the Authorization Response Code1 (ARC) to value “Z1” indicating ‘Offline Decline’.

 Proceed to Section 11.2.2.

If the Action Codes and TVR do not indicate that an AAC is required, the subsequent processing is

determined by the capability of the Terminal to go online:

1. If the Terminal has the capability to connect online for authorization, the Terminal must compare the

Issuer Action Codes - Online and Terminal Action Codes - Online with the results of the current

transaction as recorded in the TVR, and if any of the corresponding bits are set, the Transaction is

requested to be transmitted online for authorization and the Terminal must:

 Set the Cryptogram type to be requested in the GENERATE AC Command to Authorization

Request Cryptogram (ARQC).

 Proceed to Section 11.2.2.

2. If the Terminal has the capability to connect online for authorization, but none of the corresponding

bits in the Decline and Online Action Codes are set, the transaction is requested to be approved

offline and the Terminal must:

 Set the Cryptogram type to be requested in the GENERATE AC Command to Transaction

Certificate Cryptogram (TC).

 Set the Authorization Response Code (ARC) to value “Y1” indicating ‘Offline Approved’.

1 While the Authorization Response Code is not submitted to the Chip Card with the 1st GENERATE AC it is important

that the Terminal still set it during 1stTerminal Action Analysis for settlement, advice and receipt printing purposes.

Page 41 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

 Proceed to Section 11.2.2.

3. If the Terminal does not have the capability to connect online, or the online transaction cannot

complete, the Terminal must compare the Issuer Action Codes - Default and Terminal Action Codes

- Default with the results of the current transaction as recorded in the TVR, and if any of the

corresponding bits are set, the transaction is requested to be declined and the Terminal must:

 Set the Cryptogram type to be requested in the GENERATE AC Command to Application

Authentication Cryptogram (AAC).

 Set the Authorization Response Code (ARC) to value “Z3” indicating ‘Offline Decline as Unable

to go Online’.

 Proceed to Section 11.2.2.

4. If the terminal has requested and obtained an online PIN from the cardholder for verification, the

terminal must not request an offline approval from the Chip Card regardless of other risk settings

(including IACs or TACs).

5. If none of the above checks result in the Transaction being declined or sent online for authorization,

the transaction is requested to be approved offline and the Terminal must:

 Set the Cryptogram type to be requested in the GENERATE AC Command to Transaction

Certificate Cryptogram (TC).

 Set the Authorization Response Code (ARC) to value “Y3” indicating ‘Offline Approved as

Unable to go Online’.

 Proceed to Section 11.2.2.

11.2.2 Request Application Cryptogram in 1st GENERATE AC

The 1st Terminal Action Analysis processing concludes with the issuance of the 1st GENERATE AC

Command to the Chip Card, as defined in [EMV4.3iii] Section 6.5.5. The Terminal must format the

GENERATE AC Command to request a TC, an AAC, or an ARQC from the Chip Card dependent on the

results of the review of the offline processing results described in Section 11.2.1.

 A request for a TC indicates that the Terminal is requesting that the Transaction be

approved offline.

 A request for an AAC indicates that the Terminal is requesting that the transaction be

declined offline.

 A request for an ARQC indicates that the Terminal is requesting that the transaction be sent

online for authorization.

As a result of the issuance of the GENERATE AC Command by the Terminal the Chip Card will (on

completion of any Card Risk Management) return an Application Cryptogram to the Terminal. The Card may

in some circumstances override the Terminal’s decision for the Transaction disposition (Approve, Decline,

Go Online) in accordance with the rules defined in 1st Card Action Analysis (See Section 12).

An Application Cryptogram must be requested using the GENERATE AC command, as defined in

[EMV4.3iii] Section 6.5.5 GENERATE APPLICATION CRYPTOGRAM Command-Response APDUs.

If the Chip Card supports CDA and the Terminal is to request an ARQC, then the Terminal must determine

if CDA is to be requested in the 1st GENERATE AC through a configured CDA Mode, as described in

[EMV4.3ii] Annex D4.

When CDA is required the terminal must set the “CDA signature requested” bit in the Reference Control

Parameter of the GENERATE AC command and the Terminal must perform CDA upon receipt of the

GENERATE AC response as defined in [EMV4.3ii] Section 6.6.

Page 42 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

12 1st Card Action Analysis

Figure 12-1: 1st Card Action Analysis Detail

12.1 Overview

Upon receiving the 1st GENEATE AC command from the Terminal, the Chip Card performs the 1st Card

Action Analysis where Card Risk Management checks are performed to determine the response to the

request for a cryptogram. The Chip Card may convert a Terminal request for an offline approval to an online

transaction or an offline decline. Similarly, the Chip Card may convert a Terminal request for an online

transaction to an offline decline.

After completion of the checks, the Chip Card generates the Application Cryptogram using application data

and a secret key stored on the Chip Card. It returns this cryptogram to the Terminal.

For offline-approved transactions, a TC cryptogram is generated. The TC provides non-repudiation evidence

of the transaction. When a TC is generated the Terminal does not request a second cryptogram from the

Chip Card and the Terminal moves directly to the processing defined in Transaction Completion (See

Section 18).

For offline-declined transactions, the cryptogram generated by the card is an AAC. The AAC and the data

used to generate it may be transmitted in an advice message where such messages are supported.

Furthermore, a specially designated Terminal may still request online authorization using the AAC in the

message to the Issuer if the terminal application is to support the delivery of Issuer Scripts to the Chip Card

e.g. to perform functions such as unblocking the application.

For transactions to be authorized online, the Chip Card responds with an ARQC cryptogram. In this case the

Terminal moves directly to the processing described in Online Processing (See Section 13), unless the

Terminal does not have online capability, in which case it proceeds straight to 2nd Terminal Action Analysis

(See Section 15).

The Application Cryptogram (AC) produced by the Chip Card in response to a GENERATE AC command, is

used by the Issuer of the Chip Card to validate the transaction and the Chip Card.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Card

1st terminal

action analysis

Terminal

GENERATE AC 1st card action

analysis &

generate AC

Offline data

authentication

CDA sig check

response

Online

transaction

Page 43 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

If the Terminal requests CDA then the process “Offline Data Authentication CDA sig check” is performed

and the card generates a dynamic signature that is returned to the terminal with the Application Cryptogram.

The terminal validates the returned signature.

12.2 Commands

 GENERATE AC

The processing described in this section is triggered when the Terminal sends a GENERATE AC command

for the first time within a single financial transaction.

The response to the GENERATE AC command uses Format 1 as defined in [EMV4.3iii] Section 6.5.5.4.

12.3 Processing Requirements

1st Card Action Analysis processing in the Chip Card is triggered by the Terminal issuing the Chip Card a

GENERATE AC command. The Terminal is informed of the result of this process in the response data

returned by the Chip Card.

If the Terminal requested a TC from the Card, then the permitted responses from the Card include a TC,

ARQC or AAC and processing continues.

If the Terminal requested an ARQC from the Card, then the permitted responses from the Card include

either an ARQC or AAC and processing continues. Otherwise processing must terminate.

If the Terminal requested an AAC from the Card, then the permitted response from the Card includes an

AAC and processing continues. Otherwise processing must terminate.

Valid responses which include a TC or AAC signal that the transaction is to be completed offline and

processing can move to Section 18 following a CDA check, if required.

A valid response containing an ARQC signals that an online authorization is required and processing moves

to Section 13 following a CDA check, if required.

When CDA is being performed the Card will create a dynamic signature that includes the TC or ARQC. The

Terminal must use the CAPK to validate the dynamic signature as described in [EMV4.3ii] Section 6.6. If an

AAC is returned then CDA is not performed by the terminal as per [EMV4.3ii] Section 6.6.

If CDA fails, the Terminal must perform the processing defined in [EMV4.3iv] Section 6.3.2, in particular:

 The Terminal must set TVR byte 1 bit 3, indicating that CDA failed

 If the Cryptogram Information Data (CID) indicates a TC was returned by the card, the Terminal

must decline the transaction without issuing a 2nd GENERATE AC command

 If the CID indicates that an ARQC was returned by the card, the Terminal must immediately issue a

2nd GENERATE AC command, requesting an AAC (transaction decline).

Page 44 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

13 Online Processing

Figure 13-1: Online Processing Detail

13.1 Overview

If the Chip Card or Terminal determines that the transaction requires an online authorization and the

Terminal has online capability, then the Terminal transmits an online authorization message to the Issuer.

This message includes the cryptogram generated by the Chip Card, the data used to generate the

cryptogram and indicators showing offline processing results.

An online authorization request is initiated when the response to the 1st GENERATE AC command is an

ARQC.

The authorization response message transmitted back to the Terminal may include an Issuer-generated

Authorization Response Cryptogram (ARPC). The response may also include post-issuance updates to the

Chip Card called Issuer Scripts.

13.2 Processing Requirements

Online Processing must follow the procedures defined in [EMV4.3iii] Section 10.9 and [EMV4.3iv] Section

6.3.8. Online processing facilitates card authentication and authorization in the Issuer’s host computer and

to reach a decision on how to respond to the authorization request using the Issuer’s host-based risk

management parameters.

One of four Terminal actions can follow an Online Authorization Request (ARQC) being generated.

 The Terminal connects to the Acquirer and Issuer Authentication Data (tag ‘91’) is returned.

On receipt of the Chip Card data the Terminal must pass the Issuer Authentication Data received

from the Acquirer to the Chip Card in the EXTERNAL AUTHENTICATE command as part of Issuer

Authentication (See Section 14).

 The Terminal connects to the Acquirer but no Chip Card response data is returned from the

Acquirer. On receipt of the Chip Card data a magnetic stripe or ‘downgraded’ response indicator is

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

CardTerminalHost

Online

processing Online

processing

Page 45 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

received, the Terminal must derive the Authorization Response Code based on the data received

from the Acquirer. The Authorization Response Code is passed to the Chip Card in the 2nd

GENERATE AC Command. In this case, the Terminal must proceed to 2nd Terminal Action Analysis

(See Section 15) without performing Issuer Authentication.

 The Terminal is unable to connect to the Acquirer for online authorization (offline device or

communications failure). The Terminal must proceed to 2nd Terminal Action Analysis as detailed

in Section 15 without performing Issuer Authentication. The decision process for acceptance or

rejection of the transaction must be determined by checking the “Default” Issuer Action Codes in

use for that Chip Card application.

 The Terminal is connected to the Acquirer/Issuer and the Issuer responded with a ‘voice

referral response’. In many cases a voice referral will require the card to be taken to a separate

location in order for the referral to be completed (i.e., a phone point) as information on the back of a

card may be asked for during the referral process. In order for the card to be left in a clean state, the

transaction should continue and the Terminal should request either a TC or an AAC so that the card

can be withdrawn. The terminal should display a ‘call card Issuer’ or similar prompt.

Page 46 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

14 Issuer Authentication

Figure 14-1: Issuer Authentication Detail

14.1 Overview

Optionally, the Issuer may return Issuer Authentication Data in the response to the online request from the

Terminal. The Terminal sends this data to the Chip Card which uses it to authenticate that the Issuer host

and response data is genuine.

If Online Processing does not conclude with the Terminal receiving Issuer Authentication Data, the Terminal

continues to 2nd Terminal Action Analysis (See Section 15).

The response from the Issuer may also include post-issuance updates to the Chip Card known as Issuer

Scripts (See Section 17).

14.2 Commands

 EXTERNAL AUTHENTICATE

This command is used in performing Issuer Authentication. The Terminal transmits to the Chip Card a data

object called the Issuer Authentication Data, as defined in [EMV4.3iii] Section 6.5.4. This data must contain

the mandatory Authorization Response Cryptogram (ARPC) and Authorization Response Code. The Issuer

Authentication Data must consist of the following data:

 ARPC (eight bytes)

 Authorization Response Code (two bytes).

14.3 Processing Requirements

If Online Processing concludes with the Terminal receiving Issuer Authentication Data, the Terminal must

perform Issuer Authentication.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Card

Issuer

authentication

Terminal

Validate

ARPC

EXTERNAL

AUTHENTICATE

Page 47 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Issuer Authentication is performed by the Terminal passing Issuer Authentication Data, received in the Chip

Card authorization response message from the Issuer, to the Chip Card in an EXTERNAL AUTHENTICATE

command.

EXTERNAL AUTHENTICATE must be performed as described in [EMV4.3iii] Section 6.5.4. If Issuer

Authentication fails the TVR byte 5 bit 7 (Issuer authentication was unsuccessful) is set to “1” as per

[EMV4.3iii] Annex F.

Page 48 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

15 2nd Terminal Action Analysis

Figure 15-1: 2nd Terminal Action Analysis Detail

15.1 Overview

Once any online processing is complete, the Terminal decides how to complete the transaction. In 2nd

Terminal Action Analysis there are three distinct cases:

 Online (Card Authenticated by Issuer): The Issuer has successfully processed the transaction

and provided a response to the Terminal containing Issuer Authentication Data.

 Online (Card not Authenticated by Issuer): The Issuer has processed the transaction and

provided a response to the Terminal without any Issuer Authentication Data in the Response.

 Unable to go Online: The Terminal was unable to go online or the connection to the Issuer failed

before a complete Response was received.

The Terminal processes the results and requests approval or decline from the Chip Card.

2nd Terminal Action Analysis occurs only if an ARQC was produced by the card in response to the 1st

GENERATE AC command.

15.2 Processing Requirements

The Terminal must check the results from Online Processing to determine which cryptogram type (AAC or

TC) to request the card to generate.

If the Terminal went online and Issuer Authentication Data (tag ‘91’) was returned by the Issuer, the

Terminal must request a 2nd Generate Application Cryptogram and the Authorization Response Code

submitted in the command data for the 2nd GENERATE AC command must be the value provided as part of

the Issuer Authentication Data.

If the Terminal went online and receives an authorization response that does contain valid information

regarding the transaction result, but does not contain the required chip data to perform Issuer Authentication

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

2nd terminal

action analysis

Terminal

GENERATE AC

Card

Page 49 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

(Issuer Authentication Data), this is known as a downgraded transaction. In this case the terminal derives

the Authorization Response Code based on local requirements for the disposition of the response message

returned by the Acquirer. The Terminal must populate the Authorization Response Code (EMV tag ‘8A’) to

be returned to the Chip Card in the 2nd GENERATE AC command as follows:

 “00” for an approval result coded in ASCII (i.e. hexadecimal “3030”).

 “02” for a referral result coded in ASCII (i.e. hexadecimal “3032”).

 “05” for a decline coded in ASCII (i.e. hexadecimal “3035”).

If the Terminal was unable to go online it must send an Authorization Response Code (Tag ‘8A’) set to “Z3”

(unable to go online, offline declined) or “Y3” (unable to go online, offline approved) to the Card as part of

the command data in the 2nd GENERATE AC command. The Terminal must determine whether to request

offline approval or offline decline from the Chip Card dependent upon the Terminal Action Codes resident in

the Terminal and the Issuer Action Codes read from the Chip Card.

An Application Cryptogram must be requested using the GENERATE AC command, as defined in

[EMV4.3iii] Section 6.5.5.

If the Chip Card supports CDA and the Terminal is to request a TC, then the Terminal must determine if

CDA is to be requested in the 2nd GENERATE AC through a configured CDA Mode, as described in

[EMV4.3ii] Annex D4.

When CDA is required the terminal must set the “CDA signature requested” bit in the Reference Control

Parameter of the GENERATE AC command and the Terminal must perform CDA upon receipt of the

GENERATE AC response as defined in [EMV4.3ii] Section 6.6.

15.2.1 Advice Messages

When the Terminal receives a response to a GENERATE AC command, it includes the CID, a data element

that indicates if the card has requested an advice message be created. Cards may set bits requesting

advice depending on card personalization for a particular AEIPS-compliant payment application.

If the Card has indicated that an advice is required in the CID, the Terminal decides what action to take, if

any. For instance, if the Terminal is required to transmit a data capture record or a reversal message for that

transaction; it is not necessary for the Terminal to also transmit an advice. If the Terminal is required to

transmit an advice, the Terminal must determine whether to transmit an offline or online advice based upon

its capabilities and any local market requirements. American Express does not require advices to be

supported unless stipulated by local market conditions.

15.2.2 Voice Referrals

If a voice referral has been received the Terminal must complete the transaction by issuing a 2nd

GENERATE AC command for either an AAC or a TC before the card is removed and the referral is made

(section 18.2.1).

Page 50 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

16 2nd Card Action Analysis

Figure 16-1: 2nd Card Action Analysis Detail

16.1 Overview

This function is only performed if the Terminal asks the Chip Card to generate a 2nd Application Cryptogram.

The Chip Card may decline an Issuer-approved transaction based upon the Issuer Authentication results

and Issuer-encoded parameters in the Chip Card.

The Chip Card generates a TC for approved transactions and an AAC for declined transactions.

The Chip Card may set or reset certain security-related parameters in the Card at this point.

16.2 Commands

2nd Terminal Action Analysis processing concludes with the Terminal issuing a 2nd GENERATE AC

command to the Chip Card. The AC returned in response to the GENERATE AC.

Issuer Application Data will be included in the data returned by the Chip Card in response to a GENERATE

AC command. The Issuer Application Data is a mandatory data object in this manual used to transmit

proprietary data from the Chip Card to the Terminal for input to the online request message or clearing

record.

The GENERATE AC command must either indicate that the Terminal requests that the Chip Card approves

(TC requested) or declines (AAC requested) the transaction.

The 2nd GENERATE AC command may only be performed in the following cases:

 After an ARQC has been returned to the 1st GENERATE AC command

 When the application is blocked and an AAC has been returned to the 1st GENERATE AC

command.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Card

2nd terminal

action analysis

Terminal

GENERATE AC 2nd card action

analysis &

generate AC

Offline data

authentication

CDA sig check

response

Page 51 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

16.3 Processing Requirements

The Terminal is not involved in the 2nd Card Action Analysis, however it is triggered by the Terminal issuing

the Chip Card a GENERATE AC command requesting either a TC or AAC, depending on the results of 2nd

Terminal Action Analysis.

The Terminal must send a 2nd GENERATE AC Command to the Chip Card, requesting either the

transaction be declined (AAC) or approved (TC) according to the result of 2nd Terminal Action Analysis

The Terminal is informed of the result of this process in the response data returned by the Chip Card.

If the Terminal requested a TC from the Card, then the permitted responses from the Card include either a

TC or AAC and processing continues. Otherwise processing must terminate.

If the Terminal requested an AAC from the Card, then the permitted responses from the Card include an

AAC and processing continues. Otherwise processing must terminate.

At this point the transaction is ready to be completed following a CDA check, if required and any Script

Processing in Section 17. When CDA is being performed the Card will create a dynamic signature that

includes the TC. The Terminal must use the CAPK to validate the dynamic signature as described in

[EMV4.3ii] Section 6.6. If an AAC is returned then CDA is not performed by the terminal as per [EMV4.3ii]

Section 6.6.3 Figure 5.

If CDA fails, the Terminal must perform the processing defined in [EMV4.3iv] Section 6.6.2, in particular:

 The Terminal must set TVR byte 1 bit 3, indicating that CDA failed

 If the Cryptogram Information Data (CID) indicates a TC was returned by the card, the Terminal

must decline the transaction.

Page 52 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

17 Issuer Script Processing

Figure 17-1: Issuer Script Processing Detail

17.1 Overview

If the Issuer included script updates in the authorization response message returned in “Online Processing”,

the Terminal passes the script commands to the Chip Card after it has returned the final Application

Cryptogram.

Issuer Script Processing is performed to allow the Issuer to adjust or update data on the Chip Card. The

functions supported by Issuer Script Processing in an AEIPS card are:

 Maintenance of Risk Management Parameters

 Control of Chip Card Use

 Maintenance of Personal Identification Number (PIN).

EMV allows Issuer Script Processing in other places during the transaction. However, for this version of

AEIPS, a Card only processes Issuer Scripts received at this point in the transaction. That is, Issuer

Scripting would normally be expected to occur after 2nd Card Action Analysis (i.e., a ‘72’ command script).

Issuer Scripts are protected from alteration by the presence of a Message Authentication Code (MAC)

generated by the Issuer.

17.2 Commands

The Issuer Script Commands to support these functions are:

 PUT DATA

 APPLICATION BLOCK

 PIN CHANGE/UNBLOCK

 APPLICATION UNBLOCK

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Terminal Card

Apply script

Issuer script

commands

Issuer script

processing

Page 53 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Note that the Terminal processes the script commands as received in the Issuer’s response message and

passes them to the Card.

17.3 Processing Requirements

An AEIPS-compliant Terminal must support Issuer scripts labeled with either tag ‘71’ or tag ‘72’.

The Terminal must submit Issuer scripts with tag '71' to the card for processing prior to issuing the final

GENERATE AC command. Issuer scripts with tag '72' must be submitted after issuing the final GENERATE

AC command.

Issuer Scripts must only be applied after the Chip Card has successfully performed Issuer Authentication.

It is mandatory that any Issuer Scripts received be processed as described in [EMV4.3iii] Sections 6, 10.10,

and [EMV4.3iv] Section 6.3.9.

Although American Express only supports Issuer Scripts of tag ‘72’, a terminal compliant with this manual

must accept and process Issuer Scripts of both ‘71’ and ‘72’, should they be received. This means that a

failure to process a script tag ‘71’ would result in TVR byte 5 bit 6 being set to “1” although American

Express does not support tag ‘71’. A failure to process tag ‘72’ scripts results in the TVR byte 5 bit 5 being

set to “1”.

For details of how these secure messages are formatted see the American Express Chip Card Acquirer

Guide [AG].

Issuer Scripts will only contain commands to be executed by the Chip Card. The only processing

requirement of the Terminal is to extract the command or commands from the script or scripts in the order

they are received in the authorization response message and to pass them to the Chip Card to be

processed as per [EMV4.3iii] Section 10.10, then to check and report the results returned from the Chip

Card.

17.4 Processing a Blocked Application

If the card application has been blocked using the APPLICATION BLOCK command in a script sent in a

previous transaction, then the card behavior is altered such that a special transaction is required before an

APPLICATION UNBLOCK command script can be forwarded by the terminal.

Similarly, for cards personalized such that the application is blocked if the PIN is blocked, or the PIN is

blocked when the application is already blocked, then a similar procedure is required to unblock the PIN and

application.

Support for the functionality supporting APPLICATION UNBLOCK and PIN UNBLOCK (when application

blocked) is restricted to specific terminals, and is not a mandatory requirement. Terminals which support

APPLICATION BLOCK and PIN UNBLOCK must allow for these features to be enabled or disabled through

configuration. Local rules and conditions shall apply.

To support APPLICATION UNBLOCK and PIN UNBLOCK (when application blocked) the terminal must

perform the following:

 Recognize that the application is blocked when receiving SW ‘6283’ to the SELECT command and

perform the following special processing.

 Continue the transaction and receive an AAC to the GENERATE AC.

 Send the transaction online to the Issuer.

 Receive the response and perform Issuer Authentication.

 If Issuer Authentication is successful, then send tag ‘72’ received Issuer script commands to the

Chip Card after the 2nd GENERATE AC (requesting AAC) for tag ‘72’ script commands.

 The transaction is successful and the card and/or PIN unblocked when the terminal receives SW

‘9000’ to the APPLICATION UNBLOCK and/or PIN UNBLOCK script command.

Page 54 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

18 Transaction Completion

Figure 18-1: Transaction Completion Detail

18.1 Overview

The Terminal performs final processing to complete the transaction. If the Terminal transmits a clearing

message subsequent to an authorization message, the TC is transmitted in the clearing message. With

single message systems or systems involving Acquirer host data capture of approved transactions, the

Terminal or Acquirer must generate a reversal for Issuer-approved transactions which are subsequently

declined by the Chip Card.

American Express does not mandate anything beyond EMV and local market requirements for Transaction

Completion.

Once the Chip Card has responded to the final GENERATE AC command, and any scripts have been

processed, its role in the transaction is complete.

The Terminal will then perform any other functions required to complete the transaction. These include

printing of receipts, obtaining a signature (where signature was the Cardholder Verification Method used)

and storing the data for clearing.

18.2 Processing Requirements

18.2.1 Voice referrals

Transactions completed as voice referrals must complete as follows:

 If an AAC was requested to complete the transaction and the transaction approved, the ARQC

must be submitted to the clearing and settlement system, and the AAC should be discarded

 If a TC was requested to complete the transaction and the transaction approved, the TC should be

submitted.

Insert card

Application

selection

Init application

processing

Read application

data

Processing

restrictions

Cardholder

verification

Terminal risk

management

1st terminal action

analysis

1st card action

analysis

Online

transaction

2nd terminal action

analysis

2nd card action

analysis

Issuer script

processing

Transaction

completion

Online processing

Issuer

authentication

Remove card

Offline data

authentication

CDA sig check

Offline data

authentication

Unable to

go online

Offline data

authentication

CDA sig check

Terminal Card

Transaction

completion

Page 55 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

19 Performance Requirements

There are no specific performance requirements for AEIPS Terminals.

Page 56 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

20 Cryptographic Requirements

This section details the cryptographic security requirements to implement Chip Card payments as detailed in

this manual. It is more technically detailed than other sections and is not intended for business readers.

20.1 Unpredictable Number Generation

The Terminal generates an Unpredictable Number (tag ‘9F37’) at the commencement of every transaction

(i.e. as a result of the GET PROCESSING OPTIONS). The number is an essential security component

preventing attacks on the payment system, such as pre-prepared Application Cryptograms.

American Express requires that the Unpredictable Number is unpredictable and not simply different for

every transaction. Counters, repeating sequences or the results of simple logic (e.g. exclusive OR

operations) are inadequate. Vendor’s attention is drawn to [EMV4.3iv] Section 6.5.6 and to EMV

“Specification Bulletin 103” which provides notice that the Unpredictable Number is subject to further Type

Approval.

20.2 Offline Data Authentication

Terminals must be capable of performing the cryptographic processes required to deliver Offline Data

Authentication as described in Section 7 whilst meeting the performance requirements of Section 19. The

processes are described in [EMV4.3ii] Sections 5 and 6, and [EMV4.3iii] Section 10.3.

Terminals must be able to store and use a minimum of six American Express CAPKs and associated data,

as described in Section 7.3.1.

Currently, American Express does not support the use of Certificate Revocation Lists.

20.3 Offline PIN Encipherment

Terminals supporting Offline PIN CVM must be capable of processing Offline Enciphered PIN as described

in Section 9.3 and in [EMV4.3ii] Section 7.

20.4 PIN Entry Device

If a PIN Pad is present, it must comply with EMV requirements as defined in [EMV4.3ii] Section 11.1, the

PCI Security Standards Council PIN Transaction Security (PTS) requirements and guidelines and any

additional local market requirements. American Express has no minimum requirements for PIN Pads above

those of EMV, the PCI and the local market payment authorities or regulatory bodies.

Page 57 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

21 Additional Product Specifics

21.1 Membership-Related Data Processing

21.1.1 Overview

The card issuer may require a unique Membership Reference Number or Membership Product or Scheme

information be stored on the Card for processing at a Terminal that supports such a Membership scheme.

To support this functionality the Card may hold optional data elements that provide values to support such

Membership Related Data Processing.

During the Read Application Data phase of an AEIPS EMV transaction the Terminal may recover optional

tags from the Card associated with a Membership Scheme by use of the READ RECORD command and

reading the data elements from the data files that have been personalized on the Card during initial Card

Issuance.

21.1.2 Data

The following data elements held on the Chip, are used by the Terminal:

 Membership Product Identifier – The presence of the Membership Product Identifier on the card

is optional. The value of the field indicates which product (or ‘scheme’) is supported.

 Product Membership Number – the presence of the Product Membership Number on the card is

optional. The field is dependent on a valid Membership Product Identifier being available. The

value of the field, if present, indicates the membership number associated with the product.

The Membership Product Identifier indicates the Card is part of a membership scheme. The Product

Membership Number optionally indicates the membership number for the membership scheme if required

Only one Membership Product Identifier and Product Membership Number pair may exist per Card.

21.1.3 Processing Requirements

The Terminal will read the membership details from the Card during Read Application Data processing using

the READ RECORD commands. If the Terminal supports a membership scheme, then it may use the data

in the Membership Product Identifier to identify whether the card is in a scheme that the Terminal supports.

If the Terminal requires a Membership number associated with that scheme then the Terminal will use the

Product Membership Number retrieved from the Card. The Terminal can then utilize these values to perform

any Membership processing it requires. Any Membership Related Data processing must take place after

the Read Application Data phase of the transaction and must not negatively impact the remainder of the

AEIPS EMV Payment transaction flow, processing or performance.

The functionality to be performed as part of Membership Related Data is outside the scope of this Manual.

Page 58 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

22 Data Elements

22.1 Data Overview

This section describes in detail all the data held and processed by an AEIPS-compliant payment application

by looking at each group of data as described in Figure 22-1. It also describes the flexibility within which an

AEIPS-compliant payment application can operate by identifying whether the presence of particular data

items is mandatory (M), conditional (C) or optional (O). Any American Express restrictions on the values

that particular data items can be assigned are also highlighted.

Figure 22-1 below identifies the different groups of data objects that may be found on an AEIPS-compliant

Card. There card will contain at least one payment application. A Payment Systems Environment (PSE) may

be present on the Chip Card in order to enable a Terminal to perform EMV processing more efficiently.

Figure 22-1: AEIPS Data

22.2 Payment Systems Environment

The presence of the PSE is optional. However, the terminal must always support PSE processing (Section

4.3.3).

22.2.1 PSE Select Response Data

The PSE contains the following data objects as defined in [EMV4.3i] Sections 11.3.4 & 12.2.3 in the

response to the SELECT command when the Payment System Environment (PSE) Directory is selected:

PSE Payment

Application

Select Response Data

Terminal Risk Management Data

Card Risk Management Data

Issuer Application Data

Secret Data

ICC PIN Encipherment

DDA Data

Read Record Data

Initiate Application Processing Data

PSE Directory Level Data

PSE Select Response Data

Other

Applications

Select Response Data

Optional Data

Optional

Applications

ICC

AEIPS

Mandatory

Mandatory Data

Page 59 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-1: PSE Response Data

Data Item

Presence

Value Restrictions

File Control Information (FCI) Template

Dedicated File (DF) Name

1PAY.SYS.DDF01

FCI Proprietary Template

SFI of Directory Elementary File

This value must be in the range of 1-10

as specified by EMV.

Language Preference

As defined in [ISO639]

Issuer Code Table Index

As defined in [ISO8859]. Mandatory if

Application Preferred Name is present.

FCI Issuer Discretionary Data

As defined in [EMV4.3i] Section 11.3.4

The response data is returned as a nested Tag Length Value (TLV) structure, indicated by the shading in

the table above. For more detail on the structure of response data to the SELECT ADF command, see

[ISO7816-4].

22.2.2 PSE Directory Level Data

The data in Table 22-2 is stored in a payment system’s directory elementary file retrievable by the READ

RECORD command for use in application selection, as described in [EMV4.3i] Section 12 Application

Selection.

To allow the support of multiple Application Identifiers within a single EMV payment application or function,

the data in Application Template in Table 22-2 may appear several times in one or more records. See

[EMV4.3i] Section 12.2.3.

Table 22-2: PSE Directory Level Data

Data Item

Presence

Application Elementary File (AEF) Data Template

Application Template

Application Definition File (ADF)

Application Label

Application Priority Indicator*

Application Preferred Name

* Application Priority Indicator is mandatory if more than one application is personalized on the card.

22.3 Payment Application Data

The following subsections list the mandatory (M), conditional (C) and optional (O) data items that an

AEIPS-compliant Chip Card stores and are used when the application is selected and an EMV transaction is

performed.

22.3.1 Select Response Data

When the application to be used for this transaction has been chosen, the Terminal issues a SELECT ADF

command for the required application.

In response to this command, the Chip Card returns the data elements detailed in Table 22-3.

Page 60 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-3: Select Response Data

Data Item

Presence

Value Restrictions

FCI Template

DF Name

FCI Proprietary Template

Application Label

The Application label must include a reference

to American Express i.e. “AMEX” or

“AMERICAN EXPRESS”.

Application Priority Indicator

Though not a mandatory data element for all

AEIPS-compliant Cards, this manual mandates

the coding of the Application Priority Indicator

when multiple Application Identifiers are

supported. This allows the list of applications to

be presented to the Cardholder for selection in

a predefined order. Alternatively the Terminal

may select the highest priority application

supported by both Card and Terminal. See

Table 22-4.

PDOL

Defines data elements to be included in the

command data of the GET PROCESSING

OPTIONS command. May be necessary for

some dual interface implementations. PDOL

processing is described in Section 5.3.

Language Preference

If language support is available on a payment

Terminal, this option allows any customer

display associated with the payment Terminal

to display in the Card’s preferred language (as

defined in [ISO639]).

Issuer Code Table Index

If this data element is to be included, it must

be coded according to [ISO8859]. The

presence of this data element must be linked

to the presence of the Application Preferred

Name.

Application Preferred Name

This field provides an alternative application

name to the Application Label and allows the

Application Name to be displayed by the

Terminal in a preferred language. This field is

linked to the Issuer Code Table Index.

FCI Issuer Discretionary Data

As defined in [EMV4.3i] Section 11.3.4

The response data is returned as a nested Tag Length Value (TLV) structure, indicated by the shading in

the table above. For more detail on the structure of response data to the SELECT ADF command, see

[ISO7816-4].

Page 61 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-4: Application Priority Indicator (API)

Meaning

1 = Cardholder confirmation required.

RFU

Order in which the application is to be listed or selected,

ranging from 1 to 15, with 1 being the highest priority

0000 = no priority assigned

X = Configurable by Issuer, 1 or 0 = Mandatory value

22.3.2 Initiate Application Processing Data

The GET PROCESSING OPTIONS command returns two data elements to the Terminal.

[EMV4.3iii] Section 6.5.8.4 Data returned in the response message, defines two possible formats for the

GET PROCESSING OPTIONS response data. Currently this manual has no requirement to support

additional data being returned during the GET PROCESSING OPTIONS command, therefore the data is

returned in Format 1 as detailed in Table 22-5.

Table 22-5: Data Retrievable by Get Processing Options Command (GPO)

Data Item

Value Restrictions

Application Interchange Profile

The AIP specifies the application functions that are supported by the

application in the Chip Card. See Table 22-6 for configuration options.

Application File Locator

The Application File Locator will be created as a result of the

personalization of a Chip Card. The AFL indicates to the Terminal the

data to be read using the READ RECORD command and which data

records must be included in the Static Data Authentication process. See

Table 22-23 for format and structure.

Page 62 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-6: Application Interchange Profile (AIP)

Byte 1 (leftmost)

Meaning

RFU

1 = Static data authentication is supported

0 = Static data authentication is not supported

1 = DDA is supported

0 = DDA is not supported*

Cardholder verification is supported

Terminal risk management is to be performed

Issuer authentication is supported

Reserved for use by the EMV Contactless Specifications

1 = CDA is supported

0 = CDA is not supported*

X = Configurable by Issuer, 1 or 0 = Mandatory value

Byte 2 (rightmost)

Meaning

Reserved for use by the EMV Contactless Specifications

RFU by EMV Specifications

X = Configurable by Issuer, 1 or 0 = Mandatory value

22.3.3 Read Record Data

All data supplied to the Terminal for use in the processing of a financial transaction that is not dynamically

maintained by the Chip Card will be held in file records and presented to the Terminal during the appropriate

READ RECORD commands.

Page 63 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

22.3.3.1 Read Record Data Objects

Table 22-7 lists the mandatory data objects that are always present in the responses to the READ

RECORD command and are retrievable using the READ RECORD command as described in Section 6

using the Short File Identifiers (SFI) as provided in the AFL to identify the file in which the data objects are

located.

Table 22-7: Read Record Data Objects

Data Item

Comments

Application Effective Date

A “YYMMDD” defined date indicating when this application is first valid is

only checked by a Terminal. The results of this test are controlled by the

Issuer Action Codes.

Application Expiration Date

A “YYMMDD” defined date indicating when this application is no longer

valid is only checked by a Terminal. The results of this test are controlled

by the Issuer Action Codes.

Application Primary Account

Number

The account number associated with this application.

Application Version Number

Version number assigned by the Issuer for this application.

Application Usage Control

See Table 22-8

Cardholder Name

Var. 2-26

Card Risk Management Data

Object List 1 (CDOL1)

See Table 22-9

Card Risk Management Data

Object List 2 (CDOL2)

See Table 22-10

CVM List

American Express mandates, independent of the card holder verification

methods selected, the following CVM List priority order:

- Enciphered PIN Verification online, if cash and the Terminal and

application supports it.

- Enciphered PIN Verification performed by Chip Card, if the

Terminal and application supports it.

- Plain text PIN Verification performed by Chip Card, if the

Terminal and application supports it.

- Signature, if the Terminal supports it.

- No CVM required if not cash or cash back

See Table 22-12 for details.

Issuer Action Code - Default

The Issuer Action codes are read by the Terminal for use in Terminal

Action Analysis as defined in [EMV4.3iii] Section 10.7 Terminal Action

Analysis.

Issuer Action Code - Denial

Issuer Action Code - Online

Issuer Country Code

Indicates the country of the Issuer, represented according to [ISO 3166].

PAN Sequence Number

Identifies and differentiates cards with the same PAN

Track 2 Equivalent Data

American Express mandates that Track 2 Equivalent Data be present in

SFI 1 Record 1.

Page 64 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-8: Application Usage Control (AUC)

Byte 1 (leftmost)

Meaning

1 = Valid for Domestic Cash Transactions

1 = Valid for International Cash Transactions

1 = Valid for Domestic Goods

1 = Valid for International Goods

1 = Valid for Domestic Services

1 = Valid for International Services

1 = Valid at ATMs

1 = Valid at Terminals other than ATMs

X = Configurable by Issuer, 1 or 0 = Mandatory value

Byte 2 (rightmost)

Meaning

0 = Domestic Cashback not allowed

0 = International Cashback not allowed

RFU by EMV Specifications

X = Configurable by Issuer, 1 or 0 = Mandatory value

Note: The ISO Country Code of the Chip Card Issuer determines whether a transaction is domestic or international.

If the ISO Country Code for the Chip Card and the terminal are the same, then the transaction is domestic. If the

ISO Country Code in the terminal is different from the Chip Card, then the transaction is international.

Table 22-9: CDOL1 Data Objects

Cryptogram Version

Number

Data Element

Tag

Length

Amount, Authorized

'9F02'

Amount, Other

'9F03'

Terminal Country Code

'9F1A'

Terminal Verification Results

'95'

Transaction Currency Code

'5F2A'

Transaction Date

'9A'

Transaction Type

'9C'

Unpredictable Number

'9F37'

Page 65 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-10: CDOL2 Data Objects

Cryptogram

Version Number

Data Element

Tag

Length

Authorization Response Code

'8A'

Amount, Authorized

'9F02'

Amount, Other

'9F03'

Terminal Country Code

'9F1A'

Terminal Verification Results

'95'

Transaction Currency Code

'5F2A'

Transaction Date

'9A'

Transaction Type

'9C'

Unpredictable Number

'9F37'

Table 22-11: Authorization Response Code Values (Tag ‘8A’)

Value

Meaning

00, 08, 10, 11

Card should treat this code as meaning an “Issuer approved transaction”

01, 02

Card should treat this code as meaning the “Issuer Requested Referral”

Other values

Card should treat this code as meaning the “Issuer has declined the

transaction”

Value generated by the Terminal indicating to the card that the transaction

was “Unable to go online (offline declined)”

Value generated by the Terminal indicating to the card that the transaction

was “Unable to go online (offline approved)”

The Authorization Response Code is transmitted to the Chip Card in the 2nd GENERATE AC command

data. It is either returned by the Issuer when the transaction has gone online, or if this was not possible, the

Terminal generates it.

Page 66 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-12: Cardholder Verification Methods List

BYTE 1-4: Amount (“X”)

BYTE 5-8: Amount (“Y”)

BYTE 9: CVM Method Codes

Bit Value

Meaning

bit 8: 0

RFU

bit 7: 0

Fail cardholder verification if this CVM is unsuccessful

bit 7: 1

Apply succeeding CVR field if this CVM is unsuccessful

bits 6-1: 000000

Fail CVM processing

bits 6-1: 000001

Plain Text PIN verification performed by ICC

bits 6-1: 000010

Enciphered PIN verified online

bits 6-1: 000011

Plain Text PIN performed by ICC and signature (paper)

bits 6-1: 000100

Enciphered PIN verification performed by ICC

bits 6-1: 000101

Enciphered PIN performed by ICC and signature (paper)

bits 6-1: 000110-011101

RFU

bits 6-1: 011110

Signature (paper)

bits 6-1: 011111

No CVM required

bits 6-1: 100000-101111

RFU by individual payment systems

bits 6-1: 110000-111110

RFU by Issuer

bits 6-1: 111111

Not Available For Use

BYTE 10: CVM Conditions

Value

Meaning

‘00'

Always

‘01'

If unattended cash

‘02'

If not unattended cash, manual cash or purchase with cashback

‘03'

If terminal supports the CVM

‘04'

If manual cash

‘05'

If purchase with cashback

‘06'

If transaction is in Application Currency Code and is < X value

‘07'

If transaction is in Application Currency Code and is > X value

‘08'

If transaction is in Application Currency Code and is < Y value

‘09'

If transaction is in Application Currency Code and is > Y value

‘0A' – ‘7F’

RFU

‘80' – ‘FF’

Reserved for use by individual payment systems

Note: An additional 2 bytes are added following byte 10 for each additional CVM method code and

corresponding CVM condition code.

Page 67 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

22.3.3.2 Optional Read Record Data Objects

Table 22-13 lists the data objects defined in [EMV4.3iii] that may be present in READ RECORDs read by

Terminals.

Table 22-13: Optional Data Objects

Data Item

Application Currency Code

Application Dual Currency Code

Application Discretionary Data

Cardholder Name – Extended

Membership Product Identifier

Product Membership Number

Service Code

Track 1 Discretionary Data

Track 2 Discretionary Data

Notes:

If either the Amount “X” or Amount “Y” contained in the CVM List detailed in Table 22-12 is nonzero, or if the Offline

Velocity Checks detailed in Section 12 and 16 are to be performed, the Application Currency Code must be

present in the ICC.

If Product Membership Number is to be present, then Membership Product Identifier must also be present.

22.3.4 SDA Data

In order to support SDA, Table 22-14 lists the data objects that may be present in the Chip Card for use in

SDA processing. These data objects must be retrievable using the READ RECORD command as described

in Section 6 using the SFI as provided in the AFL to identify the file in which the data objects are located.

If multiple application identifiers are to be included within a single application or payment function of the

Chip Card, the data in Table 22-14 may appear several times to support each AID.

Table 22-14: Data used in Static Data Authentication

Data Item

Presence

Value Restrictions

Certification Authority Public Key Index

Issuer Public Key Certificate

Issuer Public Key Exponent

Signed Static Application Data

The data objects used for signing will be retrievable by the

Terminal using the READ RECORD command. American

Express requires that the data objects shown in Table 22-15

be included within the Signed Static Application Data during

card personalization.

Static Data Authentication Tag List

If present, the Static Data Authentication Tag List shall only

contain the tag '82' identifying the AIP, and shall be used as

defined in [EMV4.3ii], Section 5.1.1, “Static Data to be

Authenticated”.

Issuer Public Key Remainder

Issuer Public Key Remainder must be present if the length of

the Issuer’s Public Key (modulus) is greater than the

Certification Authority Public Key minus 36 bytes.

Page 68 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-15 below details the data elements used to produce the Signed Application Data and written to the

card at personalization for use in Offline Data Authentication as described in Section 7. In addition, the AIP

is appended at the end of the data list, if the SDA taglist is present.

Table 22-15: Data Objects for Signing

Data Item

Application Effective Date

Application Expiration Date

Application Primary Account Number (PAN)

PAN Sequence Number

Issuer Action Code -Default

Issuer Action Code -Denial

Issuer Action Code -Online

Application Usage Control

Issuer Country Code

CVM List

AIP

22.3.5 DDA / CDA Data

The support for Dynamic Data Authentication (Standard DDA and CDA)is mandatory. Table 22-16 lists the

data objects that must be present for DDA are as stated in [EMV4.3ii] Section 6. These data objects must

be retrievable using the READ RECORD command as described in Section 6, using the SFI as provided in

the AFL to identify the file in which the data objects are located.

Table 22-16: Mandatory Data for Dynamic Data Authentication

Data Item

Presence

Value

Dynamic Data Authentication Data Object List (DDOL)

See Table 22-19

Application DDA Public Key Certificate

Application DDA Public Key Exponent

Application DDA Public Key Remainder

Application Public Key Remainder must be

present if the length of the Application’s Public

Key (modulus) contained in the Card Signed

Application Data is greater than the Certification

Authority Public Key, minus 42 bytes.

Certification Authority Public Key Index

Issuer Public Key Certificate

Issuer Public Key Exponent

Static Data to be Authenticated

The data objects shown in Table 22-18 used for

signing will be retrievable by the Terminal using

the READ RECORD command.

Static Data Authentication Tag List

If present, the Static Data Authentication Tag

List must only contain the tag '82' identifying the

AIP, and must be used as defined in [EMV4.3ii]

Section 5.1.1 Static Data to be Authenticated.

Issuer Public Key Remainder

Issuer Public Key Remainder must be present if

the length of the Issuer’s Public Key (modulus)

is greater than the Certification Authority Public

Key minus 36 bytes.

Page 69 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

American Express requires that the Public Key Modulus as stated in Table 22-17 must be supported by the

Terminal, and that the DDOL contains data objects as stated in Table 22-19.

Table 22-17: Public key modulus lengths for which support is mandatory

Modulus

Length (bits)

Certification Authority Public Key Modulus

1408 and 1984

Issuer Public Key Modulus

1152,1408 and 1984

ICC Public Key Modulus

896, 1024 and 1152

and 1408

Table 22-18 below details the static data elements and if always present (i.e. M = Mandatory) or may be

present (O=Optional). The AIP is appended at the end of the data list, if the Static Data Authentication Tag

List is present.

Table 22-18: Static Data to be Authenticated

Data Item

Presence

Application Effective Date

Application Expiration Date

Application Primary Account Number (PAN)

PAN Sequence Number

Issuer Action Code -Default

Issuer Action Code -Denial

Issuer Action Code -Online

Application Usage Control

Issuer Country Code

CVM List

Membership Product Identifier

Product Membership Number

AIP

Table 22-19: DDOL Data Objects

Data Item

Presence

Terminal Country Code

Terminal Identification

Transaction Currency Code

Transaction Date

Transaction Type

Unpredictable Number

22.3.6 Chip Card PIN Encipherment Data

The support for an independent Chip Card PIN asymmetric key pair is optional. If it is supported, Table

22-20 lists the additional data objects that are present. These data objects are retrieved using the READ

RECORD command as described in Section 6 Read Application Data, using the SFI as provided in the AFL

to identify the file in which the data objects are located.

Page 70 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-20: Mandatory Data for Chip Card PIN Encipherment

Data Item

Presence

Value

Application PIN Encipherment Public Key

Certificate

Application PIN Encipherment Public Key

Exponent

Application PIN Encipherment Public Key

Remainder

Application Public Key Remainder must be present if the

length of the Application’s Public Key (modulus) contained

in the Card Signed Application Data is greater than the

Certification Authority Public Key, minus 42 bytes.

22.3.7 Terminal Risk Management Data

The data objects listed in Table 22-21 are not retrievable by the READ RECORD command as described in

Section 6 Read Application Data, but may be retrieved by the Terminal using the GET DATA command as

described in Section 10.

Table 22-21: Data Retrievable by GET DATA Command

Data Item

ATC

Last Online ATC Register

Remaining PIN Try Counter

The Terminal records the result of its risk management and action analysis in the TVR Data object, the

meaning of which is detailed in Table 22-22. The TVR are included in both CDOL1 (See Table 22-9) and

CDOL2 (See Table 22-10) and are therefore sent to the Chip Card as part of command data of the

GENERATE AC command.

 If the transaction amount exceeds the Terminal Floor Limit then the Terminal sets the TVR byte 4 bit

8 to “1” as per [EMV4.3iii] Section 10.6.1.

 If velocity checking is performed and the check is exceeded then the Terminal shall set the TVR

byte 4 bits 7 and 6 to “1” according to [EMV4.3iii] Section 10.6.3.

Page 71 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-22: Terminal Verification Results (TVR) Settings

Meaning

Byte

Bit(s)

Offline Data Authentication was not performed

Offline Static Data Authentication failed

Card Data Missing

Card appears on Terminal exception file

DDA failed

CDA failed

SDA selected

RFU

Card and Terminal have different application versions

Expired Application

Application not effective yet

Requested service not allowed for Card product

New Card

RFU

3 to 1

Cardholder Verification was not successful

Unrecognized CVM

Offline PIN Try Limit Exceeded

Offline PIN entry mandatory and PIN pad not present or not working

Offline PIN entry mandatory, PIN pad present, but PIN was not entered

Online PIN entered

RFU

2 to 1

Transaction Exceeds Floor Limit

Lower consecutive offline limit exceeded

Upper consecutive offline limit exceeded

Transaction selected randomly for online processing

Merchant forced transaction online

RFU

3 to 1

Default TDOL used (TDOL not supported in this manual)

Issuer Authentication was unsuccessful

Script processing failed before final GENERATE AC

Script processing failed after final GENERATE AC

RFU

4 to 1

Page 72 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

22.4 Data Elements Table

This section defines those data elements that may be used for financial transaction interchange, and their

mapping onto data elements. This section details the data elements directly relevant to implementing the

AEIPS manuals and Expresspay specifications. For a full list of all EMV data elements see [EMV4.3iii]

Annex A “Data Elements Dictionary”. The following abbreviations are used in this table (See [EMV4.3i]

Section 4.3 for further details):

 a = Alpha

 an = Alphanumeric

 ans = Alphanumeric Special

 b = Binary

 cn = Compressed Numeric

 n = Numeric

 Var = Variable.

When the length defined for the data element is greater than the length of the actual data, the following rules

apply:

 A data element in format ‘n’ is right-justified and padded with leading hexadecimal zeroes

 A data element in format ‘cn’ is left-justified and padded with trailing hexadecimal F

 A data element in format ‘an’ is left-justified and padded with trailing hexadecimal zeroes

 A data element in format ‘ans’ is left-justified and padded with trailing hexadecimal zeroes

Page 73 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Table 22-23: AEIPS Data Elements Table (DET)

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Additional Terminal

Capabilities

Indicates the data input

and output capabilities of

the terminal.

Terminal

'9F40'

As per EMV

Amount, Authorized

(Numeric)

Authorized amount of the

transaction (excluding

adjustments).

Terminal

n 12

'9F02'

A mandatory data element

the Terminal uses to populate

a CDOL as read from the

Card during Read Application

Data.

Amount, Other

(Numeric)

Secondary amount

associated with the

transaction representing

a cash back amount.

Terminal

n 12

'9F03'

A mandatory data elements

the Terminal uses to populate

a CDOL as read from the

Card during Read Application

Data.

Application

Cryptogram (AC)

Application cryptogram

computed by the Card

during a transaction.

Card

b 64

'9F26'

Can be:

ARQC

AAC

This is a transient data

element. Always returned to

the Terminal in the response

to the 1st GENERATE AC or

2nd GENERATE AC

command.

Application Currency

Code

Indicates the currency in

which the account is

managed.

Card

n 3

'9F42'

Coded according to

[ISO4217]

If either the Amount “X” or

Amount “Y” contained in the

CVM List is nonzero or if the

Offline Velocity Checks are to

be performed, then this data

element must be present in

the Card. The data element is

made available to the

Terminal via the READ

RECORD command.

Page 74 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Application DDA

Public Key Certificate

Application DDA Public

Key Certificate used

during DDA process.

Card

'9F46'

Up to

176

Used for DDA/CDA. If

DDA/CDA is to be performed

(indicated by AIP and

supported by Terminal) then

this field is mandatory. If it is

required but missing, the

Terminal must set the TVR

byte 1 bits 6 and 8 to “1” (ICC

Data Missing and ODA Not

Performed).

Application DDA

Public Key Exponent

Exponent of Application

DDA Public Key

Card

'9F47'

1 or 3

Used for DDA/CDA. If

DDA/CDA is to be performed

(indicated by AIP and

supported by Terminal) then

this field is mandatory. If it is

required but missing, the

Terminal must set the TVR

byte 1 bits 6 and 8 to “1” (ICC

Data Missing and ODA Not

Performed).

Application DDA

Public Key

Remainder

Remaining digits of

Application DDA Public

Key.

Card

'9F48'

Var

See [EMV4.3ii], Section

6.1 Keys and Certificates.

The ICC Public Key

Remainder is equivalent to

the Application DDA Public

Key Remainder in this

specification.

Used for DDA / CDA. If

DDA/CDA is to be performed,

Application Public Key

Remainder must be present if

the length of the Application’s

Public Key (modulus)

contained in the Card Signed

Application Data is greater

than the Issuer Public Key,

minus 42 bytes.

If it is required but missing,

the Terminal must set the

TVR byte 1 bits 6 and 8 to “1”

(ICC Data Missing and ODA

Not Performed).

Page 75 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Application Definition

File (ADF) Name

Identifies the name of the

DF as associated with an

application. See

Application Identifier

(AID).

Another name for the

AID.

Card

See Application Identifier

(AID)

Terminal must terminate the

transaction if this data is

missing.

Application Dual

Currency Code

Indicates the currency in

which the account is

managed.

Card

n 3

'9F50'

Coded according to

[ISO4217]

An optional data element

made available to the

Terminal via the READ

RECORD command.

Application

Discretionary Data

Issuer-specified data

relating to the Card

application.

Card

b 8-256

'9F05'

1-32

An optional data element

made available to the

Terminal via the READ

RECORD command.

Application Effective

Date

Date from which the Card

application may be used.

Card

n 6

YYMMDD

'5F25'

An optional data element

made available to the

Terminal via the READ

RECORD command.

Application

Elementary File (AEF)

Data Template

Indicates the record

template of a record

containing data

elements.

Templates are used to

define TLV structures

that contain other data

elements.

Card

Var

'70'

Var

If the AEF is incorrectly

formatted the Terminal must

terminate the transaction.

Application Expiration

Date

Date after which the Card

application expires.

Card

n 6

YYMMDD

'5F24'

A mandatory data element

made available to the

Terminal via the READ

RECORD command.

Terminal must terminate the

transaction if this data is

missing.

Page 76 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Application File

Locator (AFL)

Indicates the location

(SFI, range of records) of

the AEFs related to a

given application.

Card

Var

'94'

Var up to

The AFL is made up of a

number of 4 byte blocks of

data (1 block per AEF),

formatted as follows:

Byte 1 (identifies AEF):

Bits 8-4 = SFI

Bits 3-1 = 000

Byte 2: First record

number to be read for that

SFI (never equal to zero)

Byte 3: Last record

number to be read for that

SFI (must be greater than

or equal to byte 2)

Byte 4: Number of

consecutive records

signed in Signed

Application Data, starting

with record number in byte

2 (may be equal to zero

This data element is always

returned to the Terminal in a

valid response to GET

PROCESSING OPTIONS.

Application Identifier

(AID) Terminal

Identifies the application

as described in

[ISO7816-4].

Terminal

b 40-128

'9F06'

5-16

Terminals enabled to

accept the American

Express payment

application must be

configured with an AID of

A00000002501

Stored in the Terminal for use

during application selection.

Partial Application selection

must be enabled for this AID.

Application

Interchange Profile

(AIP)

Indicates the capabilities

of the Card to support

specific functions in the

application.

Card

b 16

'82'

A mandatory data element

made available to the

Terminal via the GET

PROCESSING OPTIONS

command.

Terminal must terminate the

transaction if this data is

missing.

Application Label

Mnemonic associated

with the AID.

Card

ans 1-16

(special

character

limited to

space)

'50'

1-16

Used in application

selection.

An optional data element

returned in response to a

SELECT command, providing

a “friendly” name for an

application.

Page 77 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Application PIN

Encipherment Public

Key Certificate

Application PIN

Encipherment key

certified by American

Express.

Card

'9F2D'

Up to

176

Used for PIN Encipherment, if

supported

Application PIN

Encipherment Public

Key Exponent

Exponent of Application

PIN Encipherment Public

Key.

Card

'9F2E'

1 or 3

Used for PIN Encipherment, if

supported

Application PIN

Encipherment Public

Key Remainder

Remaining digits of

Application PIN

Encipherment Public

Key.

Card

'9F2F'

Var

See [EMV4.3ii] Section 7.1

Keys and Certificates. The

ICC PIN Encipherment

Public Key Remainder is

equivalent to the

Application PIN

Encipherment Public Key

Remainder in [AEIPS-

CARD].

Used for PIN Encipherment, if

supported

Application Preferred

Name

Preferred mnemonic

associated with the

Application Identifier of

this application used by

the Terminal in

conjunction with the

Issuer Code Table Index.

Card

ans 1-16

(special

character

limited to

space)

'9F12'

1-16

Used in application

selection to allow the

Application Label to be

displayed in an Issuer-

defined language.

Optional Data Element

returned in response to a

SELECT command.

Application Primary

Account Number

(PAN)

American Express Card

number

Card

Var up to

cn 19

'5A'

Var up to

A mandatory data element

made available to the

Terminal via the READ

RECORD command.

Terminal must terminate the

transaction if this data is

missing.

Application

Primary Account

Number (PAN)

Sequence Number

Identifies and

differentiates Cards

(Applications) with the

same PAN.

Card

n 2

'5F34'

An optional data element

made available to the

Terminal via the READ

RECORD command.

Application Priority

Indicator

Indicates the priority of a

given application or

group of applications in a

directory.

Card

b 8

'87'

See table 23-4 for

potential settings for this

data element.

Optional Data Element

returned in response to a

SELECT command.

Page 78 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Application

Transaction Counter

(ATC)

Counter maintained by

the application in the

Card.

Card

b 16

'9F36'

Initial value is zero.

It is incremented by 1 each

time a transaction is

performed.

Used by the Terminal during

Terminal Risk Management.

This data element is read only

via the GET DATA command.

Application Usage

Control

Indicates Issuer-specified

restrictions on the

geographic usage and

services allowed for the

Card application.

Card

b 16

'9F07'

Refer to table 23-8 for

possible values of this

data element.

An optional data element

made available to the

Terminal via the READ

RECORD command.

Application Version

Number

Version number assigned

by the Issuer for the

application.

Card

b 16

'9F08'

An optional data element

made available to the

Terminal via the READ

RECORD command.

Application Version

Number

Version number of a

particular application

supported by the

Terminal

b 16

'9F09'

It is mandatory that the

Terminal store the application

version number(s) that it

supports for a given

application.

Authorization

Response Code

(ARC)

Data Element generated

by the Issuer Host

System or the Terminal

indicating the disposition

of the transaction.

Issuer or

Terminal

an 2

'8A'

Codes generated as

indicated in table 23-11.

The value present forms part

of the Issuer Authentication

Data if received from the

Issuer. The data is also sent

to the Card as part of the 2nd

GENERATE AC command

forming part of the CDOL2.

Authorization

Response

Cryptogram (ARPC)

A cryptogram generated

by the Issuer Host

System during an online

transaction

Issuer

B 64

—

A cryptogram generated by

the Issuer Host System and

included in the Issuer

Authentication Data to be

returned to the terminal and

sent to the Chip Card in the

response to an online

transaction. Refer to Issuer

Authentication Data in this

table.

Page 79 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Card Risk

Management Data

Object list 1 (CDOL1)

List of data elements (tag

and length) to be passed

to the Card application

with the 1st GENERATE

AC command.

Card

'8C'

Var up to

See table 23-9.

A mandatory data element

made available to the

Terminal via the READ

RECORD command.

Terminal must terminate the

transaction if this data is

missing.

Card Risk

Management Data

Object List 2 (CDOL2)

List of data elements (tag

and length) to be passed

to the Card application

with the 2nd GENERATE

AC command.

Card

'8D'

Var up to

See table 23-10.

A mandatory data element

made available to the

Terminal via the READ

RECORD command.

Cardholder Name

Indicates Cardholder

Name according to

[ISO7813].

Card

ans 2-26

'5F20'

2-26

An optional data element

made available to the

Terminal via the READ

RECORD command.

Cardholder Name -

Extended

Indicates the whole

Cardholder Name when

greater than 26

characters.

Card

ans 27-45

'9F0B'

27-45

According to [ISO 7813]

An optional data element

made available to the

Terminal via the READ

RECORD command.

Cardholder

Verification Method

(CVM) List

Identifies a prioritized list

of methods of verification

of the Cardholder

supported by the Card

application.

Card

'8E'

Var up to

See table 23-12.

An optional data element

made available to the

Terminal via the READ

RECORD command.

Cardholder

Verification Method

(CVM) List –

Contactless

Identifies a prioritized list

of methods of verification

of the Cardholder

supported by the Card

application.

Card

'9F6F'

Var up to

A data element made

available to the Terminal via

the READ RECORD

command for contactless

interface.

This tag is only used for

scripting routing purposes.

When personalized it will be

used as “8E”

Page 80 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

CDA Mode

Configuration parameter

defining which of the four

possible CDA Modes to

apply when Terminal

requests an ARQC

during 1st GENERATE

AC as defined by

[EMV4.3ii] Annex D4.

Terminal

—

Var

As defined by Terminal

configuration management

Configured into Terminal from

Terminal Management

System or equivalent.

Certification Authority

Public Key Checksum

A check value calculated

on the concatenation of

the following parts of the

Certification Authority

Public Key (RID,

Certification Authority

Public Key Index,

Certification Authority

Public Key Modulus,

Certification Authority

Public Key Exponent)

using SHA-1.

Terminal

—

Var

Used for Offline Data

Authentication (ODA) . If ODA

is to be performed (indicated

by AIP and supported by

Terminal) then this field is

mandatory. If it is required

but missing, the Terminal

must set the TVR byte 1 bit 8

to “1” (ODA Not Performed).

Certification Authority

Public Key Exponent

Value of the exponent

part of the Certification

Authority Public Key.

Terminal

—

1 or 3

Key length selected by

Issuer. Values assigned by

American Express.

Used for Offline Data

Authentication (ODA) . If ODA

is to be performed (indicated

by AIP and supported by

Terminal) then this field is

mandatory. If it is required

but missing, the Terminal

must set the TVR byte 1 bit 8

to “1” (ODA Not Performed).

Certification Authority

Public Key Index

Identifies the certification

authority’s public key in

conjunction with the

Registered Identification

Provider (RID) for use in

static data authentication.

Card

b 8

'8F'

Key length selected by

Issuer. Values assigned by

American Express.

Used for Offline Data

Authentication (ODA) . If ODA

is to be performed (indicated

by AIP and supported by

Terminal) then this field is

mandatory. If it is required

but missing, the Terminal

must set the TVR byte 1 bit 8

to “1” (ODA Not Performed).

Page 81 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Certification Authority

Public Key Modulus

Value of the Modulus

part of the Certification

Authority Public Key.

Terminal

—

Up to

248

Key length selected by

Issuer. Values assigned by

American Express.

Used for Offline Data

Authentication (ODA) . If ODA

is to be performed (indicated

by AIP and supported by

Terminal) then this field is

mandatory. If it is required

but missing, the Terminal

must set the TVR byte 1 bit 8

to “1” (ODA Not Performed).

Cryptogram

Information Data

Indicates the type of

cryptogram (TC, ARQC

or AAC) returned by the

Card and the actions to

be performed by the

Terminal.

Card

b 8

'9F27'

Bits 8-7:

00 = AAC

01 = TC

10 = ARQC

11 = RFU

Bit 6-5: RFU

Bit 4: 1 = Advice required

Bits 3-1 (Reason/Advice/

Referral Code):

000 = No information

given 001 = Service not

allowed

010 = PIN Try Limit

exceeded

011 = Issuer

authentication failed

1xx = RFU

This is information the

application returns to the

Terminal indicating the type of

AC being sent. It is generated

dynamically and not

subsequently stored within the

application.

Always present in a valid

response to the GENERATE

AC command.

Default Dynamic Data

Authentication Data

Object List (DDOL)

DDOL to be used by the

Terminal in the

construction of the

Internal Authenticate

command if no DDOL is

present in the card

Terminal

—

Var up to

A mandatory data element in

DDA supporting terminals.

Dynamic Data

Authentication Data

Object List (DDOL)

List of data elements (tag

and length) to be passed

to the Card when the

Card and the Terminal

are performing DDA /

CDA.

Card

'9F49'

Var up to

Available to Terminal via

READ RECORD command.

Page 82 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

File Control

Information (FCI)

Issuer Discretionary

Data

1 or more additional

proprietary data elements

from an application

provider, Issuer, or IC

card supplier, or EMV-

defined tags that are

specifically allocated to

'BF0C'

Card

Var

'BF0C'

Var up to

222

If the FCI is incorrectly

formatted the Terminal must

terminate the transaction.

File Control

Information (FCI)

Proprietary Template

Identifies the data

elements proprietary to

the [EMV 4.2i] in the FCI

Template.

Card

Var

'A5'

Var

As defined in [EMV 4.2i]

Mandatory Data Element

returned in response to a

SELECT command.

If the FCI is incorrectly

formatted the Terminal must

terminate the transaction.

File Control

Information (FCI)

Template

Identifies the FCI

template.

Card

Var

'6F'

Var up to

Mandatory Data Element

returned in response to a

SELECT command.

If the FCI is incorrectly

formatted the Terminal must

terminate the transaction.

ICC Dynamic Number

Time-variant number

generated by the Card, to

be captured by the

Terminal.

Card

'9F4C'

This is a transient Data

element generated By the

card for use in Offline Data

Authentication (see [AEIPS-

CARD] Section 7.3).

Issuer Action Code -

Default

Specifies conditions that

cause a transaction to be

declined if it might have

been approved online,

but the Terminal is

unable to process the

transaction online.

Card

b 40

'9F0D'

A data element made

available to the Terminal via

the READ RECORD

command and used during

Terminal Action Analysis to

modify the Terminal Action

Code setting.

Issuer Action Code -

Denial

Specifies conditions that

cause the decline of a

transaction without

attempting to go online.

Card

b 40

'9F0E'

A data element made

available to the Terminal via

the READ RECORD

command and used during

Terminal Action Analysis to

modify the Terminal Action

Code setting.

Page 83 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Issuer Action Code -

Online

Specifies conditions that

cause a transaction to be

transmitted online.

Card

b 40

'9F0F'

A data element made

available to the Terminal via

the READ RECORD

command and used during

Terminal Action Analysis to

modify the Terminal Action

Code setting.

Issuer Application

Data

Contains proprietary

application data for

transmission to American

Express in all transaction

messages.

Card

'9F10'

Var 32

The first byte indicates the

length of the discretionary

data. In this specification,

the discretionary data is 6

bytes long:

• Derivation Key Index (1

byte)

• Cryptogram Version

Number (1 byte)

• Card Verification Results

(4 bytes)

This is a transient data

element that is constructed by

concatenating other data

elements as indicated.

Issuer Authentication

Data

Issuer data transmitted to

Card for online Issuer

authentication.

Issuer

b 64-128

'91'

Up to 16

The Issuer Authentication

Data consists of the

following data:

• First 8 bytes=ARPC

• Last 2 bytes=

Authorization Response

Code

This data is transmitted to the

Card by the Terminal in the

EXTERNAL AUTHENTICATE

command when performing

Issuer Authentication.

Issuer Code Table

Index

Indicates the code table

to be used for displaying

the Application Preferred

Name at the Terminal.

Card

n 2

'9F11'

According to [ISO 8859]

Optional Data Element

returned in response to a

SELECT command.

Issuer Country Code

Indicates the country of

the Issuer, represented

according to [ISO 3166].

Card

n 3

'5F28'

According to [ISO 3166]

An optional data element

made available to the

Terminal via the READ

RECORD command, used

when present, during

Processing Restrictions.

Page 84 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Issuer Public Key

Certificate

Issuer’s public key

certified by a certification

authority for use in static

data authentication.

Card

b 512-

1984

'90'

Var 64-

248

Used for Offline Data

Authentication (ODA). If ODA

is to be performed (indicated

by AIP and supported by

Terminal) then this field is

mandatory. If it is required

but missing, the Terminal

must set the TVR byte 1 bit 8

to “1” (ODA Not Performed).

Issuer Public Key

Exponent

Issuer-specified data to

be used with the Issuer’s

public key algorithm for

static data authentication.

Card

'9F32'

1 or 3

Used for Offline Data

Authentication (ODA). If ODA

is to be performed (indicated

by AIP and supported by

Terminal) then this field is

mandatory. If it is required

but missing, the Terminal

must set the TVR byte 1 bit 8

to “1” (ODA Not Performed).

Issuer Public Key

Remainder

Remaining digits of the

Issuer’s public key to be

hashed.

Card

'92'

Var

See [EMV4.3ii], Sections

5.1 & 6.1 Keys and

Certificates.

Used for Offline Data

Authentication (ODA). If ODA

is to be performed (indicated

by AIP and supported by

Terminal) then this field is

mandatory if the length of the

Issuer Public Key Modulus is

greater than (the length in

bytes of the Certification

Authority Public Key Modulus

minus 36).

If it is required but missing,

the Terminal must set the

TVR byte 1 bit 8 to “1” (ODA

Not Performed).

Page 85 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Issuer Script

Template ‘71’

Contains proprietary

Issuer data for

transmission to the Card

after the 2nd

GENERATE AC

command.

Issuer

'71'

Var

Although not supported by

American Express Issuers

Terminals are expected to

process the templates safely

and accurately. This

information is processed by

ISSUER SCRIPT

PROCESSING and not

subsequently stored within an

application on the Card.

Issuer Script

Template ‘72’

Contains proprietary

Issuer data for

transmission to the Card

after the 2nd

GENERATE AC

command.

Issuer

'72'

Var

This information is processed

by ISSUER SCRIPT

PROCESSING and not

subsequently stored within an

application on the Card.

Language Preference

Table of up to four

language codes

indicating the preferred

language for Terminal

messages to be

displayed to the

Cardholder.

Card

an 2

'5F2D'

2-8

[ISO639] codes alpha-

numeric codes

Data element returned in

response to an APPLICATION

SELECT command.

Last Online ATC

ATC value of the last

transaction that went

online.

Card

b 16

'9F13'

Initial value is zero.

Updated to contain the

current value of the ATC

when a transaction has

been transmitted online

and Issuer Authentication

is successful.

Data item used by Terminal

Risk Management, retrievable

via the GET DATA command.

Maximum Target

Percentage to be

Used for Biased

Random Selection

Value used in Terminal

Risk Management for

random transaction

selection.

Terminal

—

00-99

Membership Product

Identifier

A product identifier for

the membership scheme.

Card

'9F5A’

Var up to

An optional data element

used by the Terminal to

determine whether card is in a

supported membership

scheme.

Page 86 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Merchant Category

Code

Classifies the type of

business done by the

merchant.

Terminal

n 4

'9F15'

Var up to

As per [ISO8583] for Card

Acceptor Business Code.

Merchant Identifier

When concatenated with

the Acquirer Identifier,

uniquely identifies a

given merchant

Terminal

ans 15

'9F16'

Var up to

Var

Merchant Name

Location

Indicates the name and

location of the merchant

Terminal

ans

—

Var

Point of Service

(POS) Entry Mode

Indicates source of

Cardholder account data.

Terminal

n 2

'9F39'

According to [ISO 8583]

Processing Options

Data Object List

(PDOL)

Contains a list of terminal

resident data elements

(tags and lengths)

needed by the ICC in

processing the GET

PROCESSING

OPTIONS command

Card

'9F38'

Var

May be necessary for some

Dual Interface

Implementations

Product Membership

Number

A unique number to

identify the cardholder as

part of the scheme.

Card

‘9F5B’

Var up to

An optional data element

whose presence is

conditional on tag ‘9F5A’

being present.

It is used by the Terminal to

uniquely identify the

cardholder as being part of

the membership scheme.

Registered

Application Provider

Identifier (RID)

First 5 bytes of an AID

registered as owned by

the Card Scheme or

Card Issuer.

Terminal

—

The value assigned to

American Express is

A000000025.

Remaining PIN Try

Counter

Indicates the remaining

PIN attempts.

Can be used by the

Terminal during offline

PIN processing.

Card

'9F17'

A conditional Data element

mandatory if a Reference

PIN is present. Used in

Terminal Risk Management

retrievable using the GET

DATA command.

Page 87 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Response Message

Template Format 1

Contains the data

elements (without tags

and lengths) returned by

the Card in response to a

GET PROCESSING

OPTION, or a

GENERATE AC without

signature command.

Card

Var

'80'

—

Var

See [AEIPS-CARD] Section 5

“Initiate Application

Processing”.

Response Message

Template Format 2

Contains the data

elements (with tags and

lengths) returned by the

Card in response to a

GENERATE AC with

signature command.

Card

Var

'77'

—

Var

Used if the response is being

returned in a signature as

specified for the CDA function.

Service Code

Service Code as defined

on magnetic stripe tracks

1 and 2.

Card

n 3

'5F30'

Should match the value on

the Card magstripe (if

present) and be coded

according to [ISO7813].

An optional data element

retrievable via the READ

RECORD command.

Short File Identifier

(SFI)

Identifies the SFI to be

used in the commands

related to a given AEF.

Card

b 8

'88'

Values are 1-10:

Governed by joint payment

systems11-20: American

Express specific 21-30:

Issuer Specific

SFIs are pointers contained in

a valid response to the

SELECT command to the

records readable during

READ APPLICATION DATA.

Static Data

Authentication Tag

List

List of Tags of primitive

data elements defined in

[EMV4.3iii] whose value

fields are to be included

in the signed static or

dynamic application data.

Card

—

'9F4A'

Var

Tag 82 (Application

Interchange Profile)

A data element made

available to the Terminal via

the READ RECORD

command.

Target Percentage to

be Used for Random

Selection

Value used in terminal

risk management for

random transaction

selection.

Terminal

—

00-99

Page 88 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Terminal Action Code

- Default

Specifies the Acquirer’s

conditions that cause a

transaction to be rejected

if it might have been

approved online, but the

terminal is unable to

process the transaction

online.

Terminal

b 40

Used along with Issuer Action

Codes, to decide on action to

be taken during Terminal

Action Analysis.

Terminal Action Code

- Denial

Specifies the Acquirer’s

conditions that cause a

transaction to be denied

without an attempt to go

online.

Terminal

b 40

Used along with Issuer Action

Codes, to decide on action to

be taken during Terminal

Action Analysis.

Terminal Action Code

- Online

Specifies the Acquirer’s

conditions that cause a

transaction to be

transmitted online.

Terminal

b 40

Used along with Issuer Action

Codes, to decide on action to

be taken during Terminal

Action Analysis

Terminal Capabilities

Indicates the Card data

input, CVM, and security

capabilities of the

terminal.

Terminal

'9F33'

As per EMV

Terminal Country

Code

Indicates the country of

the Terminal represented

according to [ISO3166].

Terminal

n 3

'9F1A'

A mandatory data element. It

is one of the data elements

the Terminal uses to populate

a CDOL.

Terminal Floor Limit

Indicates the Floor limit in

the terminal in

conjunction with the AID.

Terminal

'9F1B'

Var

The amount above which, all

transactions are attempted

online.

Terminal Identification

Designates the unique

location of a Terminal at

a merchant.

Terminal

an 8

'9F1C'

Var

Terminal Type

Indicates the

Environment of the

Terminal, its

communication

capability, and its

operational control.

Terminal

n 2

'9F35'

As per EMV

A mandatory data element. It

is one of the data elements

the Terminal uses to populate

a CDOL.

Page 89 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Terminal Verification

Results

Status of the different

functions as seen from

the Terminal.

Terminal

b 40

'95'

See table 23-20 for

possible values.

A mandatory data element. It

is one of the data elements

the Terminal uses to populate

a CDOL.

Threshold Value for

Biased Random

Selection

Value used in Terminal

Risk Management for

random transaction

selection.

Terminal

—

Must be 0 or a value less

than the Terminal Floor

Limit

Track 1 Discretionary

Data

Discretionary data

associated with the

magnetic stripe track 1.

Card

ans

'9F1F'

Var up to

Coded according to

[ISO7813]

Optional data element

available via READ RECORD

command.

Track 2 Discretionary

Data

Discretionary data

associated with the

magnetic stripe track 2.

Card

'9F20'

Var

Coded according to

[ISO7813].

Optional data element

available via READ RECORD

command.

Track 2 Equivalent

Data

Image of magnetic stripe

Track 2.

Card

'57'

Var up to

According to [ISO7813]

Mandatory data element

available via READ RECORD

command must be present in

SFI 1 Record 1.

Transaction Amount

Clearing amount of the

transaction, including tips

and other adjustments

Terminal

n 12

—

Transaction Currency

Code

Indicates the currency

code of the transaction

according to [ISO4217].

The implied exponent is

indicated by the minor

unit of currency

associated with the

Transaction Currency

Code in [ISO4217].

Terminal

n 3

'5F2A'

A mandatory data element. It

is one of the data elements

the Terminal uses to populate

a CDOL.

Transaction Currency

Exponent

Indicates the implied

position of the decimal

point from the right of the

transaction amount.

Terminal

n 1

'5F36'

According to [ISO4217]

Transaction Date

Local date that the

transaction was

attempted.

Terminal

n 6

YYMMDD

'9A'

A mandatory data element. It

is one of the data elements

the Terminal uses to populate

a CDOL.

Page 90 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Name

Description

Source

Presence

Format

Tag

Length

Values

Location/Usage

Transaction Type

Indicates the type of

financial transaction,

represented by the first

two digits of [ISO8583]

Processing Code. The

actual values to be used

for the Transaction Type

data element are defined

by the relevant payment

system.

Terminal

n 2

'9C'

A mandatory data element. It

is one of the data elements

the Terminal uses to populate

a CDOL.

Transaction Personal

Identification Number

(PIN) Data

Data entered by the

Cardholder to verify a

PIN offline.

Terminal

'99'

Var

A conditional data element

which must be present for

Offline PIN.

Transaction

Sequence Counter

Counter maintained by

the terminal that is

incremented by one for

each transaction.

Terminal

n 4-8

'9F41'

2-4

Var

Transaction Status

Information (TSI)

Indicates the function

performed in a

Transaction

Terminal

'9B'

Set by the Terminal during the

transaction as defined in EMV

4.2. Proper setting of TSI is a

Level II EMV certification

requirement.

Transaction Time

Local time that the

transaction was

attempted

Terminal

n 6

HHMMSS

'9F21'

Var

Unpredictable

Number

Value to provide

variability and

uniqueness to the

generation of the

application cryptogram.

Terminal

b 32

'9F37'

This is passes to the Card

application by the Terminal

and used within the

GENERATE AC process.

Page 91 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

23 Glossary

Table 23-1: Acronyms and Abbreviations

Term

Description

AAC

Application Authentication Cryptogram

Application Cryptogram

ADF

Application Directory File

AEF

Application Elementary File

AEIPS

American Express ICC Payment Manual (Terminal and Chip Card)

AFL

Application File Locator

AID

Application Identifier as defined in [ISO/IEC7816-4]

AIP

Application Interchange Profile

APDU

Application Protocol Data Unit. The unit of information passed between a

Terminal and a Smart Card according to [ISO7816].

ARPC

Authorization Response Cryptogram

ARQC

Authorization Request Cryptogram

ATC

Application Transaction Counter

Certification Authority

Cardholder

American Express Cardmember

CDA

Combined Dynamic Data Authentication / AC Generation

CDOL

Card Risk Management Data Object List

CVM

Cardholder Verification Method

CVR

Cardholder Verification Results

DDA

Dynamic Data Authentication

DDF

Directory Definition File

DDOL

Dynamic Authentication Data Object List

DEA

Data Encryption Algorithm

DES

Data Encryption Standard

DET

Data Element Table

Page 92 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Term

Description

Dedicated File

Disposition

The transaction outcome that Terminal processing indicates is preferable at a

particular point during the transaction (e.g., if the Terminal disposition is for an

offline approval it will request a TC when it issues a 1st GENERATE AC).

EMV

Europay, MasterCard and Visa. A term that is used to refer to the specifications

developed by these three bodies.

FCI

File Control Information

Financial

Transaction

The set of command-response pairs that are used to satisfy the payment

business function.

IAC

Issuer Action Code

Integrated Circuit. Component of the ‘Smart Card’.

ICC

Integrated Circuit Card. Synonymous with ‘Smart Card’ and ‘Chip Card’.

IFD

Interface Device

Issuer

An organization which prepares the application, establishes its processing

options and cryptographic keys, provides online transaction authorization, and

can modify the application after it has been issued.

Issuer Script

A set of commands sent from the Issuer to the application, which can modify the

application’s data or status.

MAC

Message Authentication Code. A short digest, which is representative of a

(usually longer) message. It may accompany the message, and may be used by

a recipient to verify the integrity of the message.

PAN

Primary Account Number

Payment Application

Depending on the context. This is the AEIPS-compliant payment functionality on

a Smart Card which may support a payment account.

PDOL

Processing Options Data Object List

Personal Identification Number

Primitive Data

Object

Data returned or sent to the Card which includes the TLV of the data item

concerned.

PSE

Payment Systems Environment

RFU

Reserved for Future Use

RID

Registered Application Provider Identifier

RSA

Rivest, Shamir and Adleman. Inventors of the RSA public key algorithm.

SDA

Static Data Authentication

Page 93 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

Term

Description

SFI

Short File Identifier [ISO7816-4]

SHA-1

Secure Hash Algorithm 1

SW1

Status Word byte 1 [ISO7816-4]

SW2

Status Word byte 2 [ISO7816-4]

Transaction Certificate

TLV

Tag, Length, Value

TVR

Terminal Verification Results

Page 94 of 94

AMERICAN EXPRESS AEIPS TERMINAL TECHNICAL MANUAL

24 Index

1st Card Action Analysis .................................. 16, 43, 44, 45

1st Terminal Action Analysis .................................. 16, 40, 42

2nd Card Action Analysis ................................. 16, 52, 53, 54

2nd Terminal Action Analysis ...................................... 16, 50

AAC ................................................ 40, 44, 47, 50, 52, 55, 57

Abbreviations ...................................................................... 94

Acronyms ............................................................................ 94

Advice Messages ................................................................ 51

Application Authentication Cryptogram ........... 40, 41, 42, 94

Application Cryptogram.................. 28, 40, 42, 50, 52, 54, 59

Application File Locator ......................................... 22, 64, 94

Application Interchange Profile ........................ 22, 64, 65, 94

Application Selection ............................ 15, 19, 20, 21, 23, 62

Application Usage Control .................... 15, 31, 32, 66, 67, 72

ARPC ...................................................................... 46, 48, 94

ARQC ............................................. 30, 40, 46, 50, 52, 57, 94

ATC ........................................................................ 39, 73, 94

Authorization Response Code ......... 41, 42, 47, 48, 50, 51, 68

Authorization Response Cryptogram ...................... 46, 48, 94

Card Risk Management ..................................... 42, 44, 66, 94

Cardholder Verification .......................................... 15, 33, 40

Cardholder Verification Method ........... 33, 34, 36, 37, 57, 69

CDA ................... 26, 28, 29, 30, 43, 45, 51, 53, 65, 71, 74, 94

CVM ..............................33, 35, 36, 37, 59, 66, 69, 70, 72, 74

Data Elements ......................................................... 61, 75, 76

EXTERNAL AUTHENTICATE ...................... 16, 46, 48, 49

GENERATE AC ..... 16, 30, 41, 42, 45, 47, 50, 52, 55, 57, 68,

73, 93

GET DATA ........................................... 16, 33, 36, 38, 39, 73

GET PROCESSING OPTIONS ...... 16, 22, 23, 34, 59, 63, 64

Initiate Application Processing ......................... 15, 22, 23, 64

Issuer Action Codes .................. 32, 38, 40, 41, 42, 47, 51, 66

Issuer Authentication .....16, 46, 47, 48, 49, 50, 51, 52, 55, 74

Issuer Authentication Data .......................... 46, 48, 49, 50, 51

Issuer Script Processing ................................................ 16, 54

Offline Data Authentication 15, 24, 26, 28, 29, 30, 40, 45, 59,

Offline Processing ............................................................... 41

Online Processing ........................... 16, 44, 46, 48, 49, 50, 54

Performance Requirements ................................................. 58

Processing Restrictions ........................................... 15, 31, 40

Read Application Data .................... 15, 23, 24, 28, 31, 41, 60

READ RECORD .... 17, 19, 24, 28, 60, 62, 64, 65, 66, 70, 71,

73, 80, 85, 90

SDA ...................................................... 15, 26, 27, 28, 29, 96

SELECT .................................... 17, 19, 21, 55, 61, 62, 63, 79

Static Data Authentication ........ 26, 27, 29, 64, 71, 72, 74, 96

TC ................ 30, 40, 42, 44, 45, 47, 50, 51, 52, 53, 57, 95, 96

Terminal Action Codes ......................... 32, 38, 40, 41, 42, 51

Terminal Risk Management .................. 16, 38, 39, 40, 41, 73

Terminal Verification Results ......... 25, 35, 38, 67, 68, 74, 96

Transaction Completion .......................................... 16, 44, 57

Unpredictable Number ................................ 30, 59, 67, 68, 72

Terminal Technical Manual AEIPS V4.3 Apr 2015

AEIPS%20Terminal%20Technical%20Manual%20-%20v4.3%20-%20Apr%202015

Navigation menu

Versions of this User Manual:

Views

Navigation