Visa Smart Debit Credit VSDC Acquirer Device Validation Toolkit ADVT User Guide (ADVT) V6.1.1 Mar 2015

User Manual:

Open the PDF directly: View PDF .
Page Count: 116 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Visa Smart Debit/Credit

Acquirer Device Validation Toolkit User Guide

Version 6.1.1

02 March 2015

Important Information on Confidentiality and Copyright

Notice: This information is proprietary and CONFIDENTIAL to Visa. It is distributed to Visa participants

for use exclusively in managing their Visa programs. It must not be duplicated, published, distributed

or disclosed, in whole or in part, to merchants, cardholders or any other person without prior written

permission from Visa.

The trademarks, logos, trade names and service marks, whether registered or unregistered (collectively

the “Trademarks”) are Trademarks owned by Visa. All other trademarks not attributed to Visa are the

property of their respective owners.

Note: This document is not part of the Visa Rules. In the event of any conflict between any content in

this document, any document referenced herein, any exhibit to this document, or any

communications concerning this document, and any content in the Visa Rules, the Visa Rules

shall govern and control.

Contents

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential i

Contents

Acquirer Device Validation Toolkit (ADVT) User Guide Introduction ............................................................. 1

Introduction ................................................................................................................................................................................ 1

Contact Information ................................................................................................................................................................. 2

Summary of Changes to the Document Since Version 6.1 (Dated September 2014) .................................... 3

Summary of Changes to the Test Cards Since Version 6.1 (Dated September 2014) ..................................... 5

ADVT Support Documentation ............................................................................................................................................ 5

Disclaimer..................................................................................................................................................................................... 6

1 Acquirer Device Validation Toolkit User Guide Overview.......................................................................... 7

1.1 Objective ............................................................................................................................................................................ 7

1.2 Audience ............................................................................................................................................................................ 7

1.3 Document Organization............................................................................................................................................... 7

1.4 ADVT Components ........................................................................................................................................................ 8

1.5 ADVT Usage ...................................................................................................................................................................... 9

1.5.1 ADVT Usage Guidelines ........................................................................................................................................ 9

1.6 New ADVT Version ....................................................................................................................................................... 12

1.7 Scope of ADVT Testing ............................................................................................................................................... 12

1.8 Future Enhancements ................................................................................................................................................. 12

1.9 Related Documents ..................................................................................................................................................... 13

1.10 EMVCo Brand-aligned Terminal Integration Testing Framework compliance ...................................... 13

2 Test Cases Introduction .................................................................................................................................... 15

2.1 Pre-requisites ................................................................................................................................................................. 15

2.1.1 Terminal Capabilities ............................................................................................................................................ 15

2.1.2 Terminal Log ........................................................................................................................................................... 15

2.1.3 Visa CA Test Public Keys ..................................................................................................................................... 16

2.1.4 Terminal Action Codes (TACs) .......................................................................................................................... 16

2.1.5 Configured for Operational Use ...................................................................................................................... 16

2.1.6 EMVCo Level 1 and 2 Approval ....................................................................................................................... 16

Contents

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

ii Visa Confidential 02 March 2015

2.2 Instructions...................................................................................................................................................................... 16

2.2.1 Mandatory vs. Conditional Test Cases .......................................................................................................... 16

2.2.2 Self-Administered Tool ....................................................................................................................................... 17

2.2.3 Initially Deployed Terminals .............................................................................................................................. 17

2.2.4 Previously Deployed Terminals ........................................................................................................................ 17

2.2.5 For Information Gathering Purposes Only Tests ....................................................................................... 18

2.2.6 Changes to Terminals .......................................................................................................................................... 18

2.2.7 Decline Responses vs. Other Errors ................................................................................................................ 18

2.2.8 Transaction Amount ............................................................................................................................................. 18

2.2.9 PIN-Based Transactions ...................................................................................................................................... 18

2.2.10 ADVT Online Testing ............................................................................................................................................ 20

2.2.11 Test Cards ................................................................................................................................................................. 21

2.2.12 Simulators ................................................................................................................................................................ 21

2.2.13 Chip Compliance Reporting Tool (CCRT) ..................................................................................................... 22

2.3 Test Case Summary ...................................................................................................................................................... 23

3 Test Cases ............................................................................................................................................................. 28

3.1 Test Case 1: Basic VSDC ............................................................................................................................................. 29

3.2 Test Case 2: 19-Digit Account Number ................................................................................................................ 32

3.3 Test Case 3: T=1, DDA, OEP, and Issuer Authentication ................................................................................ 34

3.4 Test Case 4: Terminal Risk Management ............................................................................................................. 36

3.5 Test Case 5: Application Selection ......................................................................................................................... 37

3.5.1 Test Case 5: Expected Results ........................................................................................................................... 39

3.6 Test Case 6: Dual Interface ........................................................................................................................................ 41

3.7 Test Case 7: Terminal Action Codes (TACs) ........................................................................................................ 42

3.8 Test Case 8: Fallback .................................................................................................................................................... 43

3.9 Test Case 9: “Reserved for Future Use” CVM ..................................................................................................... 45

3.10 Test Case 10: CDA......................................................................................................................................................... 47

3.11 Test Case 11: Multiple Applications ....................................................................................................................... 49

3.12 Test Case 12: Geographic Restrictions.................................................................................................................. 50

3.13 Test Case 13: Proprietary Data and 6-Digit PIN ................................................................................................ 51

3.14 Test Case 14: Long PDOL and Unrecognized Tag ............................................................................................ 53

Contents

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential iii

3.15 Test Case 15: Data Element with 2-Byte Length Field .................................................................................... 54

3.16 Test Case 16: Two Applications and Cardholder Confirmation................................................................... 55

3.17 Test Case 17: Magnetic Stripe Image .................................................................................................................... 57

3.18 Test Case 18: T=1 and DDA with 1984 Certificate ........................................................................................... 59

3.19 Test Case 19: Plus and Visa Interlink ..................................................................................................................... 60

3.20 Test Case 20: Visa Electron ........................................................................................................................................ 62

3.21 Test Case 21: PIN Try Limit Exceeded (1) ............................................................................................................. 64

3.22 Test Case 22: PIN Try Limit Exceeded (2) ............................................................................................................. 66

3.23 Test Case 23: Combination CVM and Visa Fleet Chip..................................................................................... 67

3.24 Test Case 24: Account Number with Padded Fs ............................................................................................... 69

3.25 Test Case 25: No PAN Sequence Number .......................................................................................................... 71

3.26 Test Case 26: PAN Sequence Number of 11 ...................................................................................................... 73

3.27 Test Case 27: 1144-Bit Issuer Public Key .............................................................................................................. 75

3.28 Test Case 28: Multiple Features............................................................................................................................... 76

3.29 Test Case 29: Blocked Card ....................................................................................................................................... 78

A Visa CA Test Public Keys for VSDC ................................................................................................................. 80

A.1 1152 Bit VSDC TEST Key ............................................................................................................................................. 80

A.2 1408 Bit VSDC TEST Key ............................................................................................................................................. 81

A.3 1984 Bit VSDC TEST Key ............................................................................................................................................. 82

B Terminal Action Codes (TACs) ......................................................................................................................... 84

C VSDC Stand-in Processing Conditions .......................................................................................................... 86

D Merchant Terminal Environments .................................................................................................................. 90

D.1 Stand-Alone Terminals (SATs) ................................................................................................................................. 91

D.2 Stand-Alone Terminals (SATs) with Semi-Integrated Functionality .......................................................... 92

D.3 Fully Integrated Environments ................................................................................................................................. 93

E ADVT Testing Use Cases ................................................................................................................................... 96

E.1 Use Cases ......................................................................................................................................................................... 96

E.1.1 General Terminal Use Cases ................................................................................................................................... 97

E.1.2 Acquirer/Processor Platform Use Cases .......................................................................................................... 100

E.1.3 System Integrator and Value-Added Reseller (VAR) Use Cases ............................................................. 101

F Acronyms and Glossary ................................................................................................................................... 102

Tables

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

iv Visa Confidential 02 March 2015

Tables

Table 1: Summary of Changes to the Document......................................................................................... 3

Table 2: Summary of Changes to the Test Cards ......................................................................................... 5

Table 3: ADVT Support Documentation ........................................................................................................ 5

Table 1–1: Document Organization ..................................................................................................................... 7

Table 1–2: Scope of ADVT Testing ..................................................................................................................... 12

Table 2–1: Test Case Summary ........................................................................................................................... 23

Table 3–1: Test Case 5: Expected Results ......................................................................................................... 39

Table A–1: 1152 Bit VSDC Test Key .................................................................................................................... 80

Table A–2: 1408 Bit VSDC Test Key .................................................................................................................... 81

Table A–3: 1984 Bit VSDC Test Key .................................................................................................................... 82

Table B–1: Terminal Action Codes (TACs) ........................................................................................................ 84

Table C–1: VSDC Stand-In Processing Conditions ......................................................................................... 86

Table E–1: General Terminal Use Cases ............................................................................................................ 97

Table E–2: Acquirer/Processor Platform Use Cases ..................................................................................... 100

Table E–3: System Integrator and Value-Added Reseller (VAR) Use Cases .......................................... 101

Table F–1: Acronyms ........................................................................................................................................... 102

Table F–2: Glossary .............................................................................................................................................. 105

Figures

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential v

Figures

Figure D–1: Stand-Alone Terminal ....................................................................................................................... 91

Figure D–2: Stand-Alone Terminal (SAT) with Cardholder-Facing Device ................................................ 91

Figure D–3: Stand-Alone Terminal (SAT) with Semi-Integrated Functionality ......................................... 92

Figure D–4: Integrated—POS to Acquirer .......................................................................................................... 93

Figure D–5: Integrated—In-Store Controller (ISC) to Acquirer .................................................................... 93

Figure D–6: Integrated—Regional Network Controller to Acquirer ............................................................ 94

Figures

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

vi Visa Confidential 02 March 2015

Acquirer Device Validation Toolkit (ADVT) User Guide Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 1

Acquirer Device Validation Toolkit (ADVT) User Guide

Introduction

This chapter provides the following information:

 Introduction to the Acquirer Device Validation Toolkit (ADVT) User Guide

 Contact Information

 Summary of Changes

 Disclaimer

Introduction

Visa Smart Debit/Credit (VSDC) provides a global chip-based payment service that allows clients to

strategically and competitively position themselves for the future. The program is based on the

underlying specifications developed by EMVCo LLC to ensure that all chip-based debit and credit cards

can be accepted in any EMV chip reading terminal worldwide.

From an acquiring perspective, chip introduces additional features and complexities to the card

acceptance process. During a chip-based transaction, the card and terminal proceed through a series of

steps to determine the final outcome of the transaction. These steps require additional data and

processing capabilities at the terminal level.

The interaction of cards issued in other countries and regions with a terminal deployed in a specific

location can often result in acceptance issues, even though both the cards and terminals would have

been EMV and Payment Scheme approved. These issues may often be the result of an incorrectly

configured terminal, inadequate integration testing, or misunderstandings about EMV and Visa

requirements.

To help ensure that the terminals acquirers are deploying do not unduly contribute to interoperability

problems, Visa has developed the Acquirer Device Validation Toolkit—a set of test cards or simulated

test cards and test cases to be used on new or upgraded EMV terminals to ensure correct terminal

configuration, to assist with integration testing, and to ensure that Visa’s terminal requirements are

being met.

In addition to ensuring card acceptance, these tests also enable the User Interface of live terminals to

be tested. This is necessary to make sure that user prompts such as error messages, Application

Selection menus, and PIN Entry messages are appropriate and readily comprehensible to the cardholder

and merchant.

Acquirer Device Validation Toolkit (ADVT) User Guide Introduction

Contact Information

2 Visa Confidential 02 March 2015

Contact Information

For more information on the ADVT, contact your Visa representative using the following email

addresses according to your geographical location:

 Visa Inc.:

- For copies of the ADVT, contact: STCVisaFulfillment@merrillcorp.com

- For general information, contact: chiptoolkits@visa.com

 Visa Europe:

- For copies and general information, contact: ADVTK_EU@visa.com

Visa Inc. consists of the following regions:

 Asia Pacific (AP)

 Canada

 Central Europe Middle East and Africa (CEMEA)

 Latin America

 United States (U.S.)

Visa Europe consists of the following countries and territories:

Andorra, Austria, Bear Island, Belgium, Bulgaria, Channel Islands, Croatia, Cyprus, Czech Republic,

Denmark, Estonia, Faeroe Island, Finland, France (including its “DOM-TOMs”), Germany, Gibraltar,

Greece, Greenland, Hungary, Iceland, Ireland, Isle of Man, Israel, Italy, Latvia, Liechtenstein, Lithuania,

Luxembourg, Malta, Monaco, the Netherlands, Norway, Poland, Portugal, Romania, San Marino,

Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, Vatican City, and the United Kingdom.

Acquirer Device Validation Toolkit (ADVT) User Guide Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 3

Summary of Changes to the Document Since Version 6.1 (Dated

September 2014)

This section provides an overview of the changes made since the last publication.

For a summary of changes related to the test cards, refer to the Table 2: Summary of Changes to the

Test Cards.

Table 1: Summary of Changes to the Document

Section

Change

Description

Section1.10

EMVco Brand-aligned

Terminal Integration Testing

Framework

New Section

Introduced to describe Visa’s ADVT compliance plans

with the EMVCo Terminal Integration Testing

Framework.

Section 3.4

Test Case 4: Terminal Risk

Management – Expected

Results

Correction

Under the “Online-only Devices That Do Not Support

Terminal Risk Management (TRM)” section, text

replaced with “Not Applicable”

Section 3.5.1

Test Case 5: Application

Selection – Expected Results,

Terminal Scenario 3

Clarification

Second paragraph clarified to state that:

“If a receipt is printed, the Visa AID must be on the

receipt and it is strongly recommended that the

Application Label (Visa Credit) be printed as well.”

Section 3.8

Test Case 8: Fallback –

Expected Results

Deletion

Note 3 deleted.

Section 3.17

Test Case 17: Magnetic Stripe

Image – Expected Results -

ADVT Online Testing (Online-

Capable or Online-Only

Devices including ATMs):

Correction

Second sentence of the first paragraph, change to:

“The transaction must be declined online.”

Section 3.21

Test Case 21: PIN Try Limit

Exceeded (1) – Expected

Results

Correction

Under the “Devices That Do Not Support Offline PIN”

section, text replaced with “Not Applicable”

Section 3.22

Test Case 22: PIN Try Limit

Exceeded (2) – Expected

Results

Correction

Under the “Devices That Do Not Support Offline PIN”

section, text replaced with “Not Applicable”

Acquirer Device Validation Toolkit (ADVT) User Guide Introduction

Summary of Changes to the Document Since Version 6.1 (Dated September 2014)

4 Visa Confidential 02 March 2015

Section

Change

Description

Section 3.25

Test Case 25: No PAN

Sequence Number –

Expected Results – ADVT

Online Testing

Clarification

Second paragraph clarified to indicate that:

“Since the Application PAN Sequence Number is not

present on the card, the acquirer may either exclude

the field entirely from the request message or include

it with all zeroes”

Section 3.27:

Test Case 27: 1144-Bit Issuer

Public Key – Expected Results

Correction

Under the “Devices That Do Not Support SDA”

section, text replaced with “Not Applicable”

Appendix A (Visa CA Test

Public Keys for VSDC)

Addition

Add a note in the second paragraph as follows:

“NOTE: Expiration dates are not defined for test CA

Public Keys, and it should not be assumed that a test

key has the same expiry date as the live key of the

same length. If your Terminal Management System

requires expiry dates to be provided for CA PKs then

please set the expiry date to 31 December 2025 for

all test keys.”

Acquirer Device Validation Toolkit (ADVT) User Guide Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 5

Summary of Changes to the Test Cards Since Version 6.1 (Dated

September 2014)

This section provides an overview of the changes made to the test cards since the last publication.

Refer to the ADVT Card Profiles for details.

Table 2: Summary of Changes to the Test Cards

Change

Description

Card # 28

Conversion from support of Cryptogram Version Number 10 (hex ‘0A’) to

Cryptogram Version Number 18 (hex ‘12’)

Card # 6, 11, 18 & 27

Corrections of minor personalization errors are defined in the “Corrections and

Clarifications within ADVT v6.1” bulletin, dated February 5th, 2015.

ADVT Support Documentation

ADVT support documentation now consists of two documents: This user guide and the card profiles

(the card profiles have been removed from this guide and placed in a separate document).

Table 3: ADVT Support Documentation

Document Name

Description

Audience

Acquirer Device Validation Toolkit

User Guide (This Document)

This document provides:

 An overview of the ADVT

including a description of the

components and usage criteria

 Test cases

 Appendices providing details of

the Visa CA test keys, Terminal

Action Code (TAC) values,

VisaNet Stand-in (STIP) options,

an overview of merchant

terminal environments, and

terminal testing use cases.

This document is primarily

intended for users of the ADVT,

including acquirers, processors,

merchants, and third party service

providers on behalf of acquirers.

Acquirer Device Validation Toolkit

Card Profiles

This document provides the

details required to personalize

each of the ADVT test cards.

This document is intended for

personalization bureaus and chip

tool vendors responsible for

developing ADVT test cards or

simulated/scripted equivalents.

Acquirer Device Validation Toolkit (ADVT) User Guide Introduction

Disclaimer

6 Visa Confidential 02 March 2015

Disclaimer

The Acquirer Device Validation Toolkit described herein provides a means for a Visa Acquirer (or its

agent) implementing a chip program to test their terminals before deployment. The tests prescribed

herein do not supersede the requirement for the terminals to undergo type approval testing at an

accredited EMVCo laboratory.

The Acquirer Device Validation Toolkit tests must be included in a Visa Acquirer’s chip migration project

plan as they provide additional testing and review methods that are particularly important after the

terminal has been re-configured to suit the acquirer’s requirements.

The Acquirer Device Validation Toolkit test cards and test cases are designed to determine whether the

terminal can process certain card profiles that are known to cause acceptance issues. Visa reserves the

right to add or remove tests and test requirements in its sole discretion.

The Acquirer Device Validation Toolkit is provided as a service to Acquirers to help reduce card

acceptance problems. Visa does not warrant the Toolkit or any Toolkit test results for any purpose

whatsoever, and expressly disclaims any and all warranties relating to the Toolkit. No vendor or other

third party may refer to a product, service or facility as “Visa-approved”, nor otherwise state or imply

that Visa has, in whole or part, approved any aspect of a vendor or its products, services or facilities,

except to extent and subject to the terms and restrictions expressly set forth in a written agreement

with Visa or in an approval letter provided by Visa. All other references to “Visa approval” are strictly

prohibited by Visa.

All references to Visa operating regulations in this document are deemed to be references to both Visa

International Operating Regulations and/or Visa Europe Operating Regulations, as appropriate.

Acquirer Device Validation Toolkit User Guide Overview

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 7

1 Acquirer Device Validation Toolkit User Guide Overview

This section provides an overview of the Acquirer Device Validation Toolkit and its associated User

Guide (this document).

1.1 Objective

The objective of this document is to define a toolkit that provides Visa acquirers with a high level of

confidence that the chip terminals they are deploying will not unduly contribute to interoperability

problems.

1.2 Audience

The audience for this document is Visa acquirers, their agent(s), and third-party service providers

responsible for deploying terminals in their marketplace that accept Visa Smart Debit/Credit (VSDC)

cards. It shall not be shared with or distributed to any other parties.

The term acquirer in this document is used generically to represent the entity in the marketplace

responsible for terminal deployment. Depending on the marketplace, it could represent the acquirer,

acquirer processor, merchant, or a third party service provider on behalf of an acquirer or merchant.

1.3 Document Organization

This document contains the following chapters:

Table 1–1: Document Organization

Chapter

Description

ADVT User Guide Introduction

This chapter provides background information highlighting the need

for the ADVT. It also includes:

 Contact Information

 Summary of Changes

 Disclaimer

Chapter 1: ADVT User Guide

Overview

This chapter provides an overview of the document including

objective, audience, document organization, components, usage,

scope, and related documents.

Acquirer Device Validation Toolkit User Guide Overview

ADVT Components

8 Visa Confidential 02 March 2015

Chapter

Description

Chapter 2: Test Cases Introduction

This chapter provides an introduction to the test cases. It includes pre-

requisites that need to be in place before testing can begin as well as

instructions for performing ADVT tests.

Chapter 3: Test Cases

This chapter outlines each ADVT test case, its associated test card,

objective, business justification, applicable terminal device type,

document reference, and pass criteria/user validation.

Appendix A: Visa Certificate

Authority (CA) Public Test Keys for

Visa Smart Debit Credit (VSDC)

This appendix provides the VSDC public test keys that need to be

loaded into the terminal to support the tests associated with Offline

Data Authentication (ODA) and Offline Enciphered PIN.

Appendix B: Terminal Action Code

(TAC) Settings

This appendix outlines the Terminal Action Codes (TACs) that need to

be configured in the terminal to be in compliance with Visa rules.

Appendix C: VSDC Stand-in

Processing Conditions

This appendix provides the VSDC Stand-in processing conditions that

can be used to provide valuable insight into the reason that VisaNet

Certification Management Service (VCMS)/Visa Member Test

System (VMTS) either approved or declined an online-initiated

transaction.

Appendix D: Merchant Terminal

Infrastructures

This appendix provides an overview of some of the most commonly

configured terminal infrastructures at the merchant level.

Appendix E: ADVT Testing Use Cases

This appendix provides use cases in a Questions & Answers format

that address commonly asked questions related to ADVT usage.

Appendix F: Acronyms

This appendix provides a list of commonly used acronyms in this User

Guide and in the EMV environment.

1.4 ADVT Components

The ADVT consists of:

 Test Cards or Test Card Simulators—Cards or simulators personalized with specific settings that

are intended to identify incorrectly coded or configured chip card acceptance devices.

 Documentation—Two documents:

- ADVT User Guide (This Document)—A document that outlines each test case, a description

of the test card to be used with each test case, and the expected test results. This document is

used by the acquirer or acquirer’s agent to perform testing.

- ADVT Card Profiles Definitions (Separate Document)—A document that outlines the card

personalization requirements for each test card that can be used by card personalization

bureaus and card simulator vendors to personalize the physical test cards or to develop

simulated test card scripts.

Acquirer Device Validation Toolkit User Guide Overview

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 9

Acquirers may obtain additional ADVTs (including test cards) from their Visa representative. Refer to

the Contact Information section in the ADVT User Guide Introduction chapter for details.

1.5 ADVT Usage

Important: An acquirer must utilize the ADVT before deploying a new chip card acceptance device or

after performing significant upgrades to an existing device.

As described in the Visa Core Rules and Visa Product and Service Rules (formerly Visa International

Operating Regulations) and the Visa Europe Operating Regulations, an acquirer that fails to utilize the

ADVT on a device that later causes a chip interoperability issue, may be subject to fines and penalties

as defined in the Visa Chip Interoperability Compliance Program.

Note: There is no Visa requirement that ADVT testing must be conducted for each merchant location;

however, testing is required for each unique terminal configuration.

Acquirers are required to use the ADVT before initial terminal deployment (including all variations of

hardware, software, and parameter settings) to ensure that the terminal has been set up and

configured correctly. It is expected that acquirers will run each applicable test to gain the full benefit

of the ADVT. When a test result does not match the required outcome (“Expected Results”) of the test,

it is anticipated that the acquirer will work with its technical support team (and Visa, if necessary) to

correct the problem. The acquirer will continue to perform the test until the problem is resolved and

the acquirer’s result matches the Expected Results.

In addition, since new versions of the ADVT are periodically released by Visa, it is always good practice

for acquirers to use the most recent version on terminals already deployed in the field. This helps to

further minimize potential acceptance problems with those previously deployed terminals.

1.5.1 ADVT Usage Guidelines

This section outlines the scenarios where ADVT usage is:

 Required

 Recommended

 Not Required

Where ADVT usage is required, the latest version of the ADVT shall always be used. If this is not

possible due to upgrade schedules, etc., ADVT users must consult with their Visa representative to

determine regional policies regarding proposed use of an earlier version of the ADVT.

Note: If the device integrator wishes to see the ADVT test results recognized in multiple regions, they

will need to submit a request to Visa. Granting the request is at the sole discretion of Visa, and

may not be allowed under regional policies. If the request is accepted, the compliance report

will be accessible via Chip Compliance Reporting Tool (CCRT). For information on CCRT, refer to

Section 2.2.13: Chip Compliance Reporting Tool.

Acquirer Device Validation Toolkit User Guide Overview

ADVT Usage

10 Visa Confidential 02 March 2015

Refer to Appendix E: ADVT Testing Use Cases for further information.

1.5.1.1 ADVT Usage: Required

This section outlines scenarios where use of the ADVT is required:

 New Device—Deployment of a new EMV card accepting device containing any of the following:

- New EMV kernel

- New version of payment application

- New terminal-to-host message protocol

 Modified Device—Modification or reconfiguration of an existing device to make any of the

following changes:

- Major changes to the EMV-approved kernel (as defined in EMV Bulletin 11 available on

www.emvco.com)

- Changes to the payment component of the terminal application, affecting EMV processing

- Changes to the Cardholder Verification Method (CVM) capabilities

 Merchant/Acquirer Network Architecture Change—Changes to a merchant’s or acquirer’s

network architecture. For example, in a case where a merchant has switched acquirers, even

though their terminal configuration might remain the same.

 New Terminal Hardware Model—Introduction of a new model

of terminal hardware.

 Dynamic Currency Conversion—Introduction of Dynamic Currency Conversion (DCC)

functionality.

 Cash-Back—Addition of cash-back functionality.

 Visa Request—As requested by Visa based on evidence of an acceptance or interoperability

problem affecting the device or connectivity to VisaNet.

1.5.1.2 ADVT Usage: Recommended

This section outlines scenarios where use of the ADVT is recommended:

 Acceptance/Interoperability Problem—A strong suspicion by Visa or an acquirer of the presence

of an acceptance or interoperability problem affecting the device or connectivity to VisaNet.

 Minor Modifications—Minor modifications or reconfiguration of existing terminals for any of the

following:

- Change of Language Support

- New communications interface (e.g., from dial-up to high-speed)

It is possible to have “families” of terminals which are identical from a payment point of view. Here a new “model” is taken

to mean a change which may affect card acceptance. This includes the user interface presented to either the cardholder or

merchant.

Acquirer Device Validation Toolkit User Guide Overview

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 11

- Upgrades or modifications to the acquirer host systems which affect the transmission of chip

data (at a minimum, the ADVT online tests must be performed on at least one EMV chip-

reading device; refer to Section 2.2.10: ADVT Online Testing for further information)

1.5.1.3 ADVT Usage: Not Required

This section outlines scenarios where use of the ADVT is not required:

 Terminal in Same Family—On individual terminals that all fall within the same terminal family

(e.g., payment application, EMV kernel, and chip transaction flows are all the same). Consult with

your terminal supplier to verify that the terminals fall within the same terminal family.

Note: Third party processors implementing “terminals in the same family” for different clients

within the same country or for different clients in a different country are not required to use the

ADVT on these devices.

 Currency Code/Country Code Change—Change of supported Currency Code/Country Code on

the same acquirer host platform. If on a different host platform or different protocol, testing is

required.

 Minor EMV Kernel Changes—Minor changes to the EMV-approved kernel (as defined in

EMV Bulletin 11 available on www.emvco.com).

Note: Replacing the Interface Modules (IFM) with another approved module is defined as a minor

change.

 Non-Payment Processing Software Change—Change to software that does not affect payment

processing (e.g., screen layout and report generation on a POS terminal, advertising graphics on

an ATM).

 New Peripheral Device—Addition of a new peripheral device not requiring changes to the

existing code (e.g., a new printer or cash dispenser module).

 Online PIN-Only PIN Entry Device (PED)—Addition of a new Online PIN-only PED.

 Terminal-to-Host Message Protocol Change—Change to the terminal-to-host message

protocol which does not affect authorization messages.

 CA Public Key Change—Change to CA Public Keys used for Offline Data Authentication (ADVT

testing does not use production keys).

 New Version of ADVT—Introduction of a new version of ADVT by Visa provided the device has

already undergone successful validation using an earlier version of ADVT in accordance with these

guidelines.

Acquirer Device Validation Toolkit User Guide Overview

New ADVT Version

12 Visa Confidential 02 March 2015

1.6 New ADVT Version

On release of a new version of the ADVT, acquirers will be given a six month grace period to upgrade

to the new version. During this grace period, testing will still be allowed with their existing version of

the ADVT. However, on expiration of the grace period, it is expected that acquirers will have

completed their upgrade to the latest version of the ADVT and results from earlier versions will no

longer be accepted.

Some Visa regional offices, however, may apply more stringent policies governing the period by which

earlier versions of the ADVT must be phased out and replaced by the most recent version. Contact

your Visa representative for details.

1.7 Scope of ADVT Testing

This section outlines the scope of ADVT testing comparing it to both acquirer host certification and

EMV-Level 2 testing.

Table 1–2: Scope of ADVT Testing

Within Scope

Out of Scope

Explanation

Terminal Testing

Acquirer Host

Certification

The ADVT focuses on helping to ensure terminals deployed in

the field are configured in a way that promotes the best

potential for global interoperability.

While some of the cards in the ADVT are to be used for online

testing, the ADVT is not specifically designated as a host

certification toolkit. Acquirers will continue to perform host

system certification using current procedures. Contact your

Visa representative to obtain the requirements for acquirer

host certification.

Complement to

EMV Level 2 Testing

Replacement of

EMV Level 2 Testing

It is assumed that acquirers and/or terminal vendors will

perform these tests on terminals that have already passed

EMV Level 1 and Level 2 testing. ADVT complements EMV

testing to ensure that terminals have been configured

correctly prior to deployment.

1.8 Future Enhancements

The ADVT may be expanded in the future to include additional device and/or online tests.

Acquirer Device Validation Toolkit User Guide Overview

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 13

1.9 Related Documents

This section lists documents that may be read and/or referred to in conjunction with this document:

 Europay, MasterCard, Visa (EMV) (latest version)

 Visa Core Rules and Visa Product and Service Rules (formerly Visa International Operating

Regulations) (latest version)

 Visa Europe Operating Regulations (latest version)

 Transaction Acceptance Device Requirements (TADR)—Requirements (latest version)

 Transaction Acceptance Device Guide (TADG)—Requirements and Best Practices (latest version)

 EMV Brand-aligned Terminal Integration Testing Framework (latest version)

1.10 EMVCo Brand-aligned Terminal Integration Testing Framework

compliance

Visa, in collaboration with the five other EMVCo member payment organizations, has agreed upon

compliance with the recently published EMVCo Brand-aligned Terminal Integration Testing Framework.

This Framework was developed by the EMVCo Terminal Integration Task Force (TITF) - established by

EMVCo in September 2013 for the purpose of examining the various payment systems’ (Brands)

testing processes for the integration of EMV contact and contactless acceptance devices into their

payment environments. The Framework defines the areas within the respective Brands integration

testing processes where agreement was reached on aligning of key elements, along with a plan for

implementation.

The main impacts of the TITF Framework on Visa’s ADVT process, specifically as being introduced in

this version of the User Guide, will be on the Test Case definitions in Section 3.

For more information on the EMVCo Terminal Integration Task Force’s (TITF) efforts or to download

the Framework document, please visit the EMVCo website as follows:

http://www.emvco.com/approvals.aspx?id=272

Acquirer Device Validation Toolkit User Guide Overview

EMVCo Brand-aligned Terminal Integration Testing Framework compliance

14 Visa Confidential 02 March 2015

Test Cases Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 15

2 Test Cases Introduction

This chapter provides an introduction to the test cases. It includes pre-requisites that need to be in

place before testing can begin as well as instructions for performing ADVT tests.

2.1 Pre-requisites

Prior to running the ADVT test cases, acquirers must ensure that the prerequisites in this section are

fulfilled.

2.1.1 Terminal Capabilities

Before beginning any of the tests, it is important to understand the capabilities of your terminal. This

will help you ensure you are performing the tests correctly for your specific device.

 Terminal Type—Determine if your terminal is an Automated Teller Machine (ATM) machine,

stand-alone Point of Sale (POS) device, integrated POS device, or Cardholder Activated Terminal

(i.e., an unattended device).

 Cardholder Verification Methods—Determine the Cardholder Verification Methods that your

terminal supports: Online Personal Identification Number (PIN), Offline Enciphered PIN, Offline

Plaintext PIN, Signature, No CVM Required (this CVM allows you to accept a card without any

verification of the cardholder). This is important since the expected results associated with some of

the tests is specific to the Cardholder Verification Method.

 Offline Data Authentication—Determine if your terminal supports Static Data Authentication

(SDA), Dynamic Data Authentication (DDA), and/or Combined Dynamic Data

Authentication/Generate Application Cryptogram (CDA). This is important since the expected

results associated with some of the tests is specific to Offline Data Authentication.

 Floor Limit—Determine the floor limit of your terminal. For devices with a floor limit, always use

an amount below the floor limit during testing unless the test case description specifically states

that it must go online.

2.1.2 Terminal Log

It is very useful to the testing process for the terminal to have the ability to make the values of certain

data objects (such as the Terminal Verification Results (TVR) and Transaction Status Information (TSI))

generated during the transaction available to the tester. This could take the form of a log file or some

means of printing this information on a receipt or displaying it on the screen. In some cases, a log

produced through online interaction with a host can be used.

Test Cases Introduction

Instructions

16 Visa Confidential 02 March 2015

2.1.3 Visa CA Test Public Keys

During use of the ADVT, terminals that support offline functionality (e.g., Offline Data Authentication,

Offline Enciphered PIN) must be configured with the Visa CA Test Public Keys. These test keys are

located in Appendix A: Visa CA Test Public Keys for VSDC.

Important: Prior to terminal deployment, the acquirer must ensure that the Visa CA Test Public Keys

are removed from the terminals and the production Visa CA Public Keys are installed.

2.1.4 Terminal Action Codes (TACs)

Visa supports one set of TACs for acquirers. The TACs must be loaded into the terminal and acquirers

must ensure that the TAC settings are correct. The TAC settings are provided in Appendix B: TAC

Settings. See also, Transaction Acceptance Device Requirements (latest version).

2.1.5 Configured for Operational Use

The terminals must be configured for operational use. For example, the terminal must include the Visa

Application Identifiers (AIDs) (for Visa Credit/Debit and Visa Electron, where appropriate), terminal

country code, correct date/time, and floor limits.

2.1.6 EMVCo Level 1 and 2 Approval

Prior to deployment, terminals must have passed the EMVCo Level 1 and Level 2 approval process.

2.2 Instructions

This section provides instructions for using the ADVT.

2.2.1 Mandatory vs. Conditional Test Cases

ADVT 6.1 contains 29 test cases.

Important: All devices must perform all ADVT test cases except for the following:

Test Case

Test Case Description

Requirement

Terminal Risk Management

Only applicable to devices that support Terminal Risk

Management

Fallback

Only applicable to devices that support fallback

Test Cases Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 17

Test Case

Test Case Description

Requirement

Plus and Interlink

Only applicable to devices that support Plus and/or Interlink

Visa Electron

Only applicable to devices that support Visa Electron

PIN Try Limit Exceeded 1

Only applicable to devices that support Offline PIN

PIN Try Limit Exceeded 2

Only applicable to devices that support Offline PIN

1144-Bit Issuer Public Key

Only applicable to devices that support SDA

Important: Although all test cases (except 8, 19, and 20) are mandatory for all devices, the expected

results may differ based on the device’s capabilities. For example, for a test that focuses on Combined

DDA/AC Generation (CDA) (Test Case 10), the expected results differs based on whether the device

supports CDA:

 Devices Supporting CDA—Must successfully perform CDA.

 Devices that do not Support CDA—CDA is not applicable but the device must perform a

complete transaction without any errors. This ensures that even though the device does not

support CDA, a card with CDA does not pose any acceptance problems for the device.

2.2.2 Self-Administered Tool

The ADVT is a self-administered tool. Users must work to fix the problems on their own whenever

possible and only use Visa assistance for problems that cannot be resolved between the terminal

vendor and the acquirer’s technical team.

2.2.3 Initially Deployed Terminals

For terminals being initially deployed, the intent is for acquirers to run each applicable test and make

modifications to the terminal configuration until the terminal meets the expected results of the test.

Acquirers need to run these tests on each terminal type as well as each terminal hardware and/or

software configuration.

After running all tests and making the appropriate terminal configuration modifications, acquirers

need to submit their results to Visa in accordance with the information outlined in Section 2.2.13: Chip

Compliance Reporting Tool.

See “For Information Gathering Purposes Only Tests” for the test scenarios that do not require

acquirer action.

2.2.4 Previously Deployed Terminals

Test Cases Introduction

Instructions

18 Visa Confidential 02 March 2015

If there is a need to perform ADVT testing on terminals that have already been deployed, acquirers

should run all relevant tests, gather the results, and report them to Visa in accordance with the

information outlined in Section 2.2.13: Chip Compliance Reporting Tool.

2.2.5 For Information Gathering Purposes Only Tests

Occasionally, select test cases in the ADVT may be defined as “for information gathering purposes

only.” If a terminal fails any of these tests, acquirer action to resolve the issue is not always necessary.

However, there may be some instances where Visa strongly recommends an update to the terminal to

comply with the test case. Oftentimes, this is because the functionality, although currently optional,

may later become mandatory; in all cases, the acquirer must submit the test result to Visa.

2.2.6 Changes to Terminals

If changes are made to terminal configuration or settings, the acquirer/tester must re-run the ADVT

tests as described in Section 1.5.1: ADVT Usage Guidelines.

2.2.7 Decline Responses vs. Other Errors

A decline response is different from an error message. In some cases, a decline response by the

terminal is an acceptable outcome of the test case. Error messages, where the terminal is unable to

complete the transaction (e.g., unable to perform a complete EMV transaction from Application

Selection to Completion), are generally unacceptable and can indicate a problem with the terminal or

an incorrect terminal setting/configuration. Testers should not be alarmed if decline responses occur

(as long as a decline is allowed in the expected results) but must investigate error messages (such as

“Card Error” and “Not Accepted” or the equivalent). For further information on these error messages,

refer to EMV 4.3, Book 4 - Section 11.2: Standard Messages.

2.2.8 Transaction Amount

For terminals with offline authorization capability, it is recommended to enter an amount below the

floor limit. Where the test requires an online transaction, an amount above the floor limit should be

entered.

2.2.9 PIN-Based Transactions

For Offline or Online PIN, a PIN value of ‘1234’ must be used, except for Test Case 13 which uses a PIN

of ‘123412’.

Note: When PIN is used for the transaction, the signature line does not need to be printed on the

receipt (if applicable) nor obtained from the cardholder (unless the combination CVM of Offline

PIN and signature applies).

Test Cases Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 19

Test Cases Introduction

Instructions

20 Visa Confidential 02 March 2015

2.2.10 ADVT Online Testing

In this version of the ADVT, 10 test cases (1, 2, 3, 13, 17, 19, 24, 25, 26, 28) are designated for online

testing. These tests are identified in Table 2-1: Test Case Summary and in Chapter 3: Test Cases.

This section outlines the requirements for ADVT Online Testing:

 Devices—All online-capable devices must perform these tests. This includes:

- POS devices that support both offline and online transactions

- Zero floor limit POS devices

- ATMs

 Connection to VCMS/VMTS/Test-Host Simulator—Online-capable devices must connect their

device to their test host system and generate transactions through one of the following:

- VisaNet Certification Management Service (VCMS) (for Visa Inc. clients)

- Visa Member Test System (VMTS) (for Visa Europe clients)

- Visa-confirmed third party supplied test-host simulator which mimics VCMS/VMTS

(refer to Section 2.2.12: Simulators for information on third party test-host simulators)

 Online Card Authentication—Online Card Authentication (i.e., ARQC validation) must be

performed and be successful (Field 44.8 = 2) (except Test Case 17 where the card has a proprietary

cryptogram version).

 Retrieval Reference Number (RRN)/Host Logs—Additional requirements for ADVT online

testing (such as providing an RRN or submitting host logs) may apply and, if applicable, must be

submitted in the compliance report via the Chip Compliance Reporting Tool. For information on

CCRT, refer to Section 2.2.13: Chip Compliance Reporting Tool (CCRT).

To help you determine the reason VCMS/VMTS (or the third party test host simulator)

approved/declined the online transaction, refer to Appendix C: VSDC Stand-in Processing Conditions.

Note: Access to VCMS or VMTS is provided to Visa clients only.

Important: Online-only devices (such as ATMs and U.S. POS devices) must perform the ADVT Online

Testing test cases in addition to all mandatory test cases.

Test Cases Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 21

2.2.11 Test Cards

If physical test cards are being used to perform ADVT testing, acquirers must use the applicable test

card provided to run the test case. For convenience, one card is used for each test case with the test

card number matching the test case number (i.e., for Test Case 1, the acquirer will use Test Card 1).

2.2.12 Simulators

Simulators are available to support ADVT testing:

 Card Simulators—As an alternative to using the physical test cards, acquirer can use a Visa-

confirmed third-party vendor supplied card simulator for ADVT testing. Acquirers must execute

each applicable simulated script to run the test cases. Typically, a single script is used for each test

case with the script number matching the test case number (i.e., for Test Case 1, the acquirer will

use simulated card script 1).

 Test-Host Simulator—As an alternative to connecting to VCMS or VMTS for online testing,

acquirers can connect to a Visa-confirmed third party supplied test tool which mimics

VCMS/VMTS.

- Important: To allow Visa to review the tests performed with host simulators, acquirers using

these simulators must provide Visa with the host simulator’s log of each ADVT online test. For

a list of the ADVT online test cases, refer to Section 2.2.11: ADVT Online Testing. Acquirers

submit the logs to Visa via the Chip Compliance Reporting Tool (CCRT). Refer to Section 2.2.13

for more information on CCRT.

A list of available Visa-confirmed ADVT card and test-host simulators is posted on the Visa

Technology Partner website under the Product Toolkits section in the document Visa Confirmed Third-

Party Chip Tool Suppliers: https://technologypartner.visa.com/Toolkits/

Note: For entities using card simulators, a simulator may not behave in exactly the same manner as

the physical test cards (for example, the CVR bit settings may not represent the disposition of

the previous transactions). However, this has no effect on test case results. Where a host

simulator is used, RRN values will not be available.

Test Cases Introduction

Instructions

22 Visa Confidential 02 March 2015

2.2.13 Chip Compliance Reporting Tool (CCRT)

Once the ADVT test cases have been completed, acquirers need to submit the results to Visa using the

Chip Compliance Reporting Tool (CCRT). CCRT is a web-based tool that allows chip acquirers or their

processors to complete and submit the mandatory compliance reports via a global automated online

system. Hosted on Visa Online (VOL), CCRT is designed in accordance with Visa’s three-tiered

architectural requirements and provides a high-level of application and data security.

CCRT allows users to:

 Submit new compliance reports.

 Submit logs when using test-host simulators.

 Review and update draft reports.

 Check on the status of pending reports submitted to Visa.

 Track approved reports.

 Upload reports as XML files generated by test tools (thus avoiding the need to retype report

details).

It benefits users by:

 Providing a convenient and secure online solution for ADVT results reporting.

 Reducing potential for errors in manual entry by guiding users to choose from applicable options

and providing mandatory information requirements.

 Allowing the "re-use" of reports as a starting point for new reporting, reducing time spent

completing the reports.

 Supporting online status review and automated management of reports submitted to Visa,

expediting communication between Visa and clients.

For more details on CCRT, contact your Visa representative.

Test Cases Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 23

2.3 Test Case Summary

The following table provides:

 Description—A brief description of each test case.

 Mandatory vs. Conditional—Whether the test case is mandatory or conditional

(refer to Section 2.2.1: Mandatory vs. Conditional Test Cases for more information).

 ADVT Online Testing—Whether the test case is part of ADVT Online Testing

(refer to Section 2.2.10: ADVT Online Testing for more information).

Important:

 Mandatory test cases must be performed by all devices.

 Mandatory test cases may have an ADVT Online Testing component:

- Online-Capable Devices—ADVT Online Testing requirements must be fulfilled by all online-

capable devices.

- Offline-Only Devices—ADVT Online Testing requirements are not applicable to offline-only

devices.

Table 2–1: Test Case Summary

Test Card

Number

Test Case Description

Mandatory vs.

Conditional (M/C)

ADVT Online

Testing

Basic VSDC—Basic VSDC card personalized with a unique

Primary Account Number (PAN) and the card is

personalized to require successful Issuer Authentication on

online transactions.



19-Digit PAN—Card personalized with a 19-digit PAN.



T=1, DDA, OEP, and Issuer Authentication—Card

supports the T=1 protocol and is personalized to support

the following:

 Dynamic Data Authentication (DDA) with an 1024-bit

ICC key

 Offline Enciphered PIN (OEP)

 Requires successful Issuer Authentication on online

transactions



Terminal Risk Management—Card personalized without

Terminal Risk Management and configured to decline when

the Terminal Floor Limit is Exceeded.

Test Cases Introduction

Test Case Summary

24 Visa Confidential 02 March 2015

Test Card

Number

Test Case Description

Mandatory vs.

Conditional (M/C)

ADVT Online

Testing

Application Selection—Multi-application card containing

five applications, each with a unique suffix and an

Application Preferred Name containing non-ASCII

characters. The first three applications are intentionally

expired to trigger an offline decline, and Applications four

and five both have a unique PAN for transaction

identification.

Dual Interface—Dual interface card supporting the

following:

 Contact Interface: An extended length Processing

Options Data Object List (PDOL) (45 bytes) and

Language Preferences (Japanese, Korean, and Chinese)

supported

 Contactless Interface: Supporting both MSD and

qVSDC (CVN 10) contactless transactions

Terminal Action Codes—Test ensures the Terminal Action

Codes (TACs) are correctly set up in the terminal.

Fallback—Card created to allow magnetic stripe fallback

testing on a faulty chip.

(only applicable to

devices that

support fallback)

“Reserved For Future Use” CVM—Card contains an

unrecognized method code in the CVM List (‘Reserved for

Future Use’) with instructions to apply the next CVM when

the CVM fails.

CDA—Card supporting Combined DDA/AC Generation

(CDA).

Multiple Applications—Dual interface card supporting the

following:

 Contact Interface—Three payment applications; First

with unknown Application ID, second with a blocked

application, and the third with a valid application

 Contactless Interface—Supporting both MSD and

qVSDC (CVN 17) contactless transactions

Geographic Restrictions—Card is restricted to domestic

transactions through the use of the card’s internal

Geographic Restrictions feature.

Test Cases Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 25

Test Card

Number

Test Case Description

Mandatory vs.

Conditional (M/C)

ADVT Online

Testing

Proprietary Data and 6-digit PIN—Card contains:

 PSE and has proprietary tag data within the PSE

 Proprietary data within the application

 6-digit PIN



Long PDOL and Unrecognized Tag—Card requests a long

string of data (0x64 bytes) and an unrecognized tag in

Processing Options Data Object List (PDOL).

Data Element with 2-Byte Length Field—Card with a

record length of 2 bytes (Issuer Public Key Certificate). As a

negative test, it also contains a data element (Issuer Public

Key Remainder) where its length is zero bytes.

Two Applications and Cardholder Confirmation—Card

contains two applications:

 Visa Credit: Requires cardholder confirmation

 Visa Debit: Does not require cardholder confirmation

Magnetic Stripe Image—Card supports the minimum set

of VSDC data elements (Magnetic Stripe Image) and a

Cryptogram Version Number of 12.



T=1 and DDA with 1984 Certificate—Card supports the

T=1 protocol and contains an Issuer Public Key Certificate

signed by Visa’s 1984-bit CA test key.

Plus and Visa Interlink—Card containing the following:

 Visa RID (A00000003) with the Plus PIX (8010) and a

suffix of ‘01’

 Visa RID (A00000003) with the Interlink PIX (3010)

(only applicable to

devices that

support Plus

and/or Interlink)



Visa Electron—Card is a Visa Electron card with a unusable

magnetic stripe.

(only applicable to

devices that

support

Visa Electron)

PIN Try Limit Exceeded (1)—Card contains a CVM List

with Offline PIN as the first method in the list. The PIN Try

Limit is exceeded and the CVM List provides instructions to

apply the next CVM (signature) when the first CVM fails.

Test Cases Introduction

Test Case Summary

26 Visa Confidential 02 March 2015

Test Card

Number

Test Case Description

Mandatory vs.

Conditional (M/C)

ADVT Online

Testing

PIN Try Limit Exceeded (2)—Card contains a CVM List

with Offline PIN as the first method in the list. The PIN Try

Limit is exceeded and the CVM List provides instructions to

fail cardholder verification and stop CVM processing when

the first CVM fails. The Issuer Action Codes (IACs) require

an offline decline when the PIN Try Limit is exceeded.

Combination CVM and Visa Fleet Chip—Card contains:

 CVM List where the first CVM is the combination CVM

of Signature and Offline PIN

 Visa Fleet Chip (VFC) feature to ensure cards with this

feature can be accepted at standard EMV devices

Account Number with Padded Fs—Card with a 16-digit

account number padded with hexadecimal “F’s” up to a

maximum account number length.



No PAN Sequence Number—Card without a PAN

Sequence Number.



PAN Sequence Number of 11—Card with a PAN

Sequence Number of 11.



1144-Bit Issuer Public Key—Card with an Issuer Public

Key Certificate based on an 1144-bit Issuer Public Key.

Multiple Features—Card contains a PSE, with an issuer

URL in both the PSE and application data, extra Issuer

Application Data in tag 9F 10, an Application Expiration

Date of December 31, 2025, a CVM List which does not

contain Signature, and Cryptogram Version Number 18

(hex ’12).



Blocked Card—Card that is blocked from use.

Test Cases Introduction

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 27

Test Cases

Test Case Summary

28 Visa Confidential 02 March 2015

3 Test Cases

This chapter outlines each ADVT test case.

Important: Prior to beginning the tests, be sure to read the following sections:

 Section 2.1: Pre-requisites

 Section 2.2: Instructions

(especially Section 2.2.1: Mandatory and Conditional Test Cases and

Section 2.2.10: ADVT Online Testing)

 Section 2.3: Test Case Summary

These sections contain critical information.

The following information is provided with each test case:

 Test Case Number—The number of the test case.

 Test Case Name—The name of the test case.

 Objective—The objective of the test case.

 Regional Requirement—Whether the test applies to all regions or is specific to sub-set of

regions. (Currently, all of the tests apply to all regions).

 Business Justification—The business reason for the test.

 Pre-requisite—Any specific terminal conditions that apply or configuration requirements needed

for the test case.

 Applicable Terminal Device Type—Indicates the device type that needs to be tested.

 Applicable Terminal Interface—Indicates the interface type that needs to be tested.

 Test Card—A number used to uniquely identify the test card required to execute the test. There is

a one-to-one correlation between the Test Case Number and the Test Card Number

(i.e., Test Case 1 uses Test Card 1).

 Test Evidence to be submitted—Evidence to be submitted with results on completion of the test

case.

 Document Reference—References to the specification or rule that acquirers may refer to for

background information on the test. This information is especially important in the event that the

test fails.

 Pass Criteria/User Validation—The success/failure criteria for the test.

Test Cases

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 29

3.1 Test Case 1: Basic VSDC

Test Case 1/Test Card 1 (Mandatory; ADVT Online Testing)

Test Case Number:

Test Case Name:

Basic VSDC

Objective:

To ensure acceptance of a basic VSDC card. This card contains the most commonly

used VSDC features. It is personalized to require successful Issuer Authentication on

online transactions.

Note: This is a T=0 test card that is personalized without the Payment System

Environment (PSE). If the terminal has difficulty with this test, ensure your terminal can

accept cards supporting the T=0 protocol and personalized without the PSE.

Note: Card contains an Application Label of “Visa Credit” and an Application Preferred

Name of “Credito de Visa.”

Regional Requirement:

Mandatory All Regions

ADVT Online Testing Required (see part 1d)

Business Justification:

This represents a card containing some of the most commonly used VSDC features. For

this reason, it is important to ensure universal acceptance of this card.

Pre-requisite:

Applicable Terminal

Device Type:

☒POS ☒ATM ☒MPOS

Applicable Terminal

Interface:

☒Contact ☐Contactless

Test Card:

Test Evidence to be

Submitted:

☒Receipt (where possible) ☐Card-to-Terminal Interaction Log ☒Host Simulator Log

Document Reference:

EMV 4.3, Book 1, Section 12.3.2: Using the Payment Systems Environment

Transaction Acceptance Device Requirements

Pass Criteria/User

Validation

This test has four parts (1a-1d). Complete the parts that apply to your device as follows:

 1a: All Devices

 1b: Devices that have separate insertion areas for chip and magnetic stripe

 1c: Non-Zero Floor Limit Devices (i.e., devices that have a floor limit)

 1d: ADVT Online Testing (for online-capable and online-only devices)

Important: Please ensure that all applicable cases 1a-d are performed as separate,

consecutive transactions.

Test Cases

Test Case 1: Basic VSDC

30 Visa Confidential 02 March 2015

Test Case 1/Test Card 1 (Mandatory; ADVT Online Testing)

Pass Criteria/User

Validation (con’t):

1a) All Devices:

Device must perform a complete transaction without any error messages. A

complete transaction is defined as the performance of all selected VSDC functions from

Application Selection through to Completion. Error messages (such as Not Accepted or

Card Error) are not acceptable and indicate failure of the test.

Devices Supporting Offline Data Authentication:

For devices supporting SDA, the device log must show that:

 Transaction Status Information (TSI), byte 1, bit 8 = 1 (Offline Data Authentication

was performed)

 TVR, byte 1, bit 8 = 0 (Offline Data Authentication was performed)

 TVR, byte 1, bit 7 = 0 (SDA did not fail)

Application Name and Receipt Requirements:

 If the application name is displayed and the device supports the Issuer Code Table

Index of 01, the device must display the Application Preferred Name of Credito de

Visa. For these devices, the Visa AID (A0000000031010) must be printed on the

receipt and it is strongly recommended that the Application Preferred Name

(Credito de Visa) also be printed on the receipt.

 If the application name is displayed and the device does not support the Issuer

Code Table Index of 01, the Application Label of Visa Credit must be displayed. For

these devices, the Visa AID (A0000000031010) must be printed on the receipt and it

is strongly recommended that the Application Label (Visa Credit) also be printed on

the receipt.

Note: It is a Visa Best Practice to print the application name (either Application

Preferred Name or Application Label depending on support for the Issuer Code Table

Index) on the receipt. Refer to the Transaction Acceptance Device Guide for details.

1b) Devices that Have Separate Insertion Areas for Chip and Magnetic Stripe

Transactions:

Note: This part of the test (1b) is not applicable to Combined Readers such as ATMs

where the card is inserted into a single slot for both chip and magnetic-stripe

transactions.

Attempt to read the card via its magnetic stripe. Ensure that the device prompts the

user to insert the card into the chip reader. This ensures that the device does not allow

functioning EMV chip cards to be processed as magnetic stripe.

1c) Non-Zero Floor Limit Devices (Devices that have a Floor Limit):

Perform an online transaction (above the floor limit) to help ensure that the floor limit

is set up correctly. The device must attempt to send the transaction online:

 TVR, byte 4, bit 8 = 1 (Transaction Exceeds Floor Limit)

Note: You will not be able to perform this test if you do not successfully pass part 1a.

Test Cases

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 31

Test Case 1/Test Card 1 (Mandatory; ADVT Online Testing)

Pass Criteria/User

Validation (con’t):

1d) ADVT Online Testing (Online-Capable or Online-Only Devices including

ATMs):

Device must perform an above floor limit transaction to send the transaction online to

a VCMS/VMTS/approved test-host simulator where VCMS/VMTS/approved host

simulator will perform Online Card Authentication. Online Card Authentication must

pass (Field 44.8 = 2).

VCMS/VMTS/approved host simulator will respond with an Issuer Authentication

cryptogram (Authorization Response Cryptogram—ARPC). The device must be able to

receive the cryptogram in the response data and forward it to the card where the

transaction must be approved. If the online transaction results in a decline, the user

has failed the test (indicating that the device either did not forward the cryptogram to

the card or incorrectly forwarded the cryptogram to the card).

The device log must show:

 CVR, byte 2, bit 4 = 0 (Issuer Authentication performed and not failed)

For ADVT Online Testing, additional requirements (such as providing a Retrieval

Reference Number or submitting host logs) may apply and, if applicable, must be

submitted in the compliance report via CCRT.

Test Cases

Test Case 2: 19-Digit Account Number

32 Visa Confidential 02 March 2015

3.2 Test Case 2: 19-Digit Account Number

Test Case 2/Test Card 2 (Mandatory; ADVT Online Testing)

Test Case Number:

Test Case Name:

19-Digit Account Number

Objective:

To ensure acceptance of a card with a 19-digit account number.

Note: Visa Core Rules and Visa Product and Service Rules and Visa Europe Operating

Regulations require new and existing chip reading devices to be able to read Visa

account numbers up to and including 19 digits. This includes ATMs accepting Plus

cards.

Regional Requirement:

Mandatory All Regions

ADVT Online Testing Required

Business Justification:

In addition to ensuring 19-digit account number acceptance by chip reading devices,

the purpose of this card is also to gather information on general acceptance of 19-

digit Visa PANs in the Visa acquiring environment. It is recommended that all

acquiring host systems have the ability to accept 19-digit PANs.

Pre-requisite:

n/a

Applicable Terminal

Device Type:

☒POS ☒ATM ☒MPOS

Applicable Terminal

Interface:

☒Contact ☐Contactless

Test Card:

Test Evidence to be

Submitted:

☒Receipt (where possible) ☐Card-to-Terminal Interaction Log ☒Host Simulator Log

Document Reference:

Visa Core Rules and Visa Product and Service Rules

Visa Europe Operating Regulations

Pass Criteria/User

Validation:

All Devices:

Ensure the device does not print the Primary Account Number (PAN) followed by an

‘F’ on the receipt. Because the PAN is 19 digits, the PAN field on the chip is padded

with 1 F (per EMV). This ‘F’ must not be printed on the receipt. The device fails this test

if it prints the ‘F’ as part of the PAN on the receipt.

Offline-Only Devices:

Device must perform a complete transaction without any error messages. A

complete transaction is defined as the performance of all selected VSDC functions

from Application Selection through to Completion. Error messages (such as Not

Accepted or Card Error) are not acceptable and indicate failure of the test.

Test Cases

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 33

Test Case 2/Test Card 2 (Mandatory; ADVT Online Testing)

Pass Criteria/User

Validation (con’t):

ADVT Online Testing (Online-Capable or Online-Only Devices including ATMs):

Device must perform an above floor limit transaction to send the transaction online to

a VCMS/VMTS/approved test-host simulator and be approved. If the transaction is

declined, it is not necessarily indicative of device failure. It could be that the acquiring

host system is not capable of accepting 19-digit account numbers. If this is the case,

include comments in the Test Results section within the Compliance Report via CCRT.

For ADVT Online Testing, additional requirements (such as providing a Retrieval

Reference Number or submitting host logs) may apply and, if applicable, must be

submitted in the compliance report via CCRT.

Test Cases

Test Case 3: T=1, DDA, OEP, and Issuer Authentication

34 Visa Confidential 02 March 2015

3.3 Test Case 3: T=1, DDA, OEP, and Issuer Authentication

Test Case 3/Test Card 3 (Mandatory; ADVT Online Testing)

Test Case Number:

Test Case Name:

T=1, DDA, Offline Enciphered PIN, and Issuer Authentication

Objective:

To ensure acceptance of a card that supports the T=1 protocol and card is personalized

to require successful Issuer Authentication on online transactions. Card supports DDA

and Offline Enciphered PIN (OEP).

Note: While cards can support either the T=0 or T=1 protocols, terminals must support

both.

Regional Requirement:

Mandatory All Regions

ADVT Online Testing Required

Business Justification:

There are millions of T=1 protocol cards in circulation. As such, Visa needs to ensure all

terminals are capable of accepting cards using this protocol.

Pre-requisite:

Applicable Terminal

Device Type:

☒POS ☒ATM ☒MPOS

Applicable Terminal

Interface:

☒Contact ☐Contactless

Test Card:

Test Evidence to be

Submitted:

☐Receipt (where possible) ☐Card-to-Terminal Interaction Log ☒Host Simulator Log

Document Reference:

EMV 4.3, Book 1, Section 9: Transmission Protocols

Pass Criteria/User

Validation:

Devices that Support Dynamic Data Authentication:

The device log must show:

 Transaction Status Information (TSI), byte 1, bit 8 = 1 (Offline Data Authentication

was performed)

 TVR, byte 1, bit 8 = 0 (Offline Data Authentication was performed)

 TVR, byte 1, bit 4 = 0 (DDA did not fail)

Devices that Support Offline Enciphered PIN:

The device log must show:

 CVR, byte 2, bit 3 = 1 (Offline PIN Verification performed)

 CVR, byte 2, bit 2 = 0 (Offline PIN Verification did not fail)

Test Cases

VSDC Acquirer Device Validation Toolkit User Guide (Version 6.1.1)

02 March 2015 Visa Confidential 35