HPS Integrator's Guide V 16.1.1 Jun 2016

HPS%20Integrator's%20Guide%20V%2016.1.1%20Jun-2016

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 389 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Heartland Integrator’s Guide
Version 16.1.1
June 2016
For Internal Use Only
Notice HPS Integrator’s Guide V 16.1.1
22016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
Notice
THE INFORMATION CONTAINED HEREIN IS PROVIDED TO RECIPIENT “AS IS” WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE, OR WARRANTY OF TITLE OR NON-INFRINGEMENT. ALL SUCH WARRANTIES
ARE EXPRESSLY DISCLAIMED.
HEARTLAND PAYMENT SYSTEMS SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT,
SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF
ANY INFORMATION CONTAINED HEREIN, WHETHER RESULTING FROM BREACH OF
CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, EVEN IF
HEARTLAND PAYMENT SYSTEMS HAS BEEN AISED OF THE POSSIBILITY OF SUCH
DAMAGES. HEARTLAND PAYMENT SYSTEMS RESERVES THE RIGHT TO MAKE
CHANGES TO THE INFORMATION CONTAINED HEREIN AT ANY TIME WITHOUT NOTICE.
THIS DOCUMENT AND ALL INFORMATION CONTAINED HEREIN IS PROPRIETARY
HEARTLAND PAYMENT SYSTEMS INFORMATION. UNDER ANY CIRCUMSTANCES,
RECIPIENT SHALL NOT DISCLOSE THIS DOCUMENT OR THE SYSTEM DESCRIBED
HEREIN TO ANY THIRD PARTY WITHOUT PRIOR WRITTEN CONSENT OF A DULY
AUTHORIZED REPRESENTATIVE OF HEARTLAND PAYMENT SYSTEMS. IN ORDER TO
PROTECT THE CONFIDENTIAL NATURE OF THIS PROPRIETARY INFORMATION,
RECIPIENT AGREES:
(A) TO IMPOSE IN WRITING SIMILAR OBLIGATIONS OF CONFIDENTIALITY AND
NONDISCLOSURE AS CONTAINED HEREIN ON RECIPIENT’S EMPLOYEES AND
AUTHORIZED THIRD PARTIES TO WHOM RECIPIENT DISCLOSES THIS
INFORMATION (SUCH DISCLOSURE TO BE MADE ON A STRICTLY NEED-TO-KNOW
BASIS) PRIOR TO SHARING THIS DOCUMENT AND
(B) TO BE RESPONSIBLE FOR ANY BREACH OF CONFIDENTIALITY BY THOSE
EMPLOYEES AND THIRD PARTIES TO WHOM RECIPIENT DISCLOSES THIS
INFORMATION.
RECIPIENT ACKNOWLEDGES AND AGREES THAT USE OF THE INFORMATION
CONTAINED HEREIN SIGNIFIES ACKNOWLEDGEMENT AND ACCEPTANCE OF THESE
TERMS. ANY SUCH USE IS CONDITIONED UPON THE TERMS, CONDITIONS AND
OBLIGATIONS CONTAINED WITHIN THIS NOTICE.
THE TRADEMARKS AND SERVICE MARKS RELATING TO PRODUCTS OR SERVICES OF
HEARTLAND PAYMENT SYSTEMS OR OF THIRD PARTIES ARE OWNED BY HEARTLAND
PAYMENT SYSTEMS OR THE RESPECTIVE THIRD PARTY OWNERS OF THOSE MARKS,
AS THE CASE MAY BE, AND NO LICENSE WITH RESPECT TO ANY SUCH MARK IS EITHER
GRANTED OR IMPLIED.
To verify existing content or to obtain additional information, please call or email your assigned
Heartland Payment Systems contact.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 Release Notes
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 3
Release Notes
Version 16.1.1 Release Notes
Version Release Date Revisions
16.1.1 June-2016 General release clarification updates:
Correction to the PRIMARY ACCOUNT NUMBER - minimum length is 16
digits:
Table 3-20 MasterCard Track 1 Format, pg. 49
Table 3-21 MasterCard Track 2 Format, pg. 49
Table 3-22 MasterCard Fleet Track 1 Format, pg. 51
Table 3-23 MasterCard Fleet Track 2 Format, pg. 52
Table 3-24 MasterCard Purchasing Track 1 Format, pg. 53
Table 3-25 MasterCard Purchasing Track 2 Format, pg. 54
Added clarification that EMV Void request should contain the ‘final’ chip data
from the original authorization:
Table 5-11 Full vs. Partial Credit Transactions, pg. 98
Table 5-12 Full vs. Partial Debit Transactions, pg. 99
Table A-15 Multi Service BIN Ranges, pg. 246: Updated bin ranges.
Removed Multi Service Government Air card bin ranges, as this card is no
longer used.
For Internal Use Only
Release Notes HPS Integrator’s Guide V 16.1.1
42016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 Table of Contents
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 5
Table of Contents
Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.2 Document Purpose. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.3 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.4 Payment Application Data Security Standards (PA-DSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chapter 2: General POS Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.1 Address Verification Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
AVS Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
AVS Result Code Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.2 Chargeback Protected Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.3 No Signature Required. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.4 Binary to ASCII Hex Conversion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 3: Card Brand Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.2 American Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
American Express Track 1 Format X4.16 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
American Express Track 1 Format ISO 7813 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
American Express Track 2 Format X4.16 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
American Express Track 2 Format ISO 7813 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.3 AVcard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
AVcard Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
AVcard Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.4 Centego Prepaid Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Centego Prepaid Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Centego Prepaid Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.5 Discover Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Discover Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Discover Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.6 Diner’s Club International Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Diner’s Club International Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Diner’s Club International Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.7 Drop Tank Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Drop Tank Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Drop Tank Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.8 Heartland Gift Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Heartland Gift Card Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
For Internal Use Only
Table of Contents HPS Integrator’s Guide V 16.1.1
62016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.9 EBT Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
EBT Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.10 Fleet One Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Fleet One Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.11 FleetCor Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
FleetCor Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.12 JCB Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
JCB IIN Ranges on Discover Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.13 MasterCard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
MasterCard Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
MasterCard Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3.14 MasterCard Fleet Card Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
MasterCard Fleet Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
MasterCard Fleet Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
MasterCard Fleet Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.15 MasterCard Purchasing Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
MasterCard Purchasing Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
MasterCard Purchasing Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
MasterCard Purchasing Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.16 Multi Service Track Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Multi Service Swiped Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.17 PayPal Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.18 Stored Value Solutions (SVS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
SVS Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
SVS Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.19 UnionPay Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.20 ValueLink Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
ValueLink Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
ValueLink Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.21 VISA Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
VISA Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
VISA Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.22 VISA Corporate or Business. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.23 VISA Purchasing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.24 VISA Fleet Card Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
VISA Fleet Card Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
VISA Fleet Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
VISA Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.25 Voyager Fleet Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Voyager Fleet Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Voyager Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
3.26 WEX Fleet Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 Table of Contents
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 7
WEX Fleet Card Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
WEX GSA Fleet Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
WEX Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
WEX MOD 10 Calculation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Chapter 4: E3 Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
4.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
4.2 The E3® Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
4.3 Encryption Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Encrypted Track and PAN Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Encrypted Card Security Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Encryption Transmission Block. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
4.4 E3 Specific Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Heartland Exchange. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Unique Transaction ID (UID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Merchant ID Number (MID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Account Data Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Customer Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Retrieval Reference Number (RRN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Transaction Identifier. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Authorization Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Void/Incremental Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Settlements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Header Record Field Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Detail Record Fields Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Settlement Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
POS 8583. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
NTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Z01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
4.5 E3 Hardware Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
E3 MSR Wedge (HPS-E3-M1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
E3 MSR Wedge Device Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
E3 MSR Wedge Example Output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
4.6 E3 PIN Pad (HPS-E3-P1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
E3 PIN Pad Device Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
E3 PIN Pad Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
E3 PIN Pad Responses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Ingenico iPP300 and iSC Touch Series PIN Pads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Equinox L4000 and L5000 Series PIN Pads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Chapter 5: EMV Processing Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
5.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
5.2 EMV Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
For Internal Use Only
Table of Contents HPS Integrator’s Guide V 16.1.1
82016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
Enhanced Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Card Brand Mandates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Fraud Liability Shifts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
PCI Audit Waivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
5.3 EMV Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Contact Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Contactless Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Heartland Host Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
5.4 EMV Online vs. Offline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Card Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Authorization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
5.5 Full vs. Partial EMV Transactions and Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Full vs. Partial Transaction Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Full vs. Partial Credit Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Full vs. Partial Debit Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Chapter 6: EMV Development Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
6.1 EMV Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Contact Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Contactless Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Letters of Approval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
6.2 EMV Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Integrated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Standalone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
6.3 EMV Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Test Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Test Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
VISA Smart Debit/Credit (VSDC) Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
MasterCard Terminal Integration Process (M-TIP) Testing . . . . . . . . . . . . . . . . . . . . . . . . . . 104
American Express Integrated Circuit Card Payment Specification (AEIPS) Testing . . . . . . . 105
Discover D-Payment Application Specification (D-PAS) Testing . . . . . . . . . . . . . . . . . . . . . . 105
Test Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Test Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Test Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
6.4 EMV Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Chapter 7: EMV Terminal Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
7.1 EMV Terminal to Card Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Application Protocol Data Units (APDUs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Tag, Length, Value (TLV) Data Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Kernel Application Programming Interface (API) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
7.2 EMV Data Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 Table of Contents
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 9
Data Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Terminal Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Card Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Issuer Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
7.3 Contact Transaction Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Tender Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Card Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Card Swipe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Fallback Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Application Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Available AIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Debit AIDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Initiate Application Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Read Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Offline Data Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Processing Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
PIN Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Terminal Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Terminal Action Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Card Action Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Online Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Offline Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Deferred Authorization (Store-and-Forward). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Forced Acceptance (Stand-In). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Issuer Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Issuer-to-Card Script Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Card Removal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
7.4 Contactless Transaction Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Pre-Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Discovery Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Application Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Initiate Application Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Path Determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Terminal Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Terminal Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Card Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Read Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Card Read Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Processing Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Offline Data Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Online Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
For Internal Use Only
Table of Contents HPS Integrator’s Guide V 16.1.1
10 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Issuer Update Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
7.5 EMV Receipts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Approval Receipts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Decline Receipts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Chapter 8: EMV Parameter Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
8.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
8.2 Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
8.3 POS 8583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
8.4 NTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
8.5 Z01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
8.6 Portico . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
8.7 SpiDr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Appendices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
A: Card Association BIN Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
VISA BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
VISA Purchasing BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
VISA Fleet BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
VISA Corporate or Business BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
VISA ReadyLink BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
MasterCard BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
MasterCard Purchasing BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
MasterCard Corporate BIN Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
MasterCard Fleet BIN Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
American Express BIN Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Discover IIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
PayPal IIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Fleet Card BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Stored Value Solutions (SVS) BIN Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Centego Prepaid BIN Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Drop Tank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Debit BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
EBT BIN Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
B: Industry Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Conexxus Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
MasterCard Purchasing Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
MasterCard Purchasing Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
MasterCard Purchasing Non-Fuel Product Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
MasterCard Fleet Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
MasterCard Fleet Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 Table of Contents
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 11
MasterCard Fleet Non-Fuel Product Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Heartland Product Codes for VISA Fleet Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Voyager Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Voyager Fuel Product Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Voyager Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
WEX Supported Conexxus Product Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
C: Receipt Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
General Receipt Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Additional Receipt Requirements by Card Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
D: State Codes / Region Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
E: EMV Field Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Additional Terminal Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Amount, Authorised (Numeric) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Amount, Other (Numeric) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Application Cryptogram. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Application Dedicated File (ADF) Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Application Identifier (AID) – Terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Application Interchange Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Application Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Application Preferred Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Application Primary Account Number (PAN) Sequence Number . . . . . . . . . . . . . . . . . . . . . . . . . 301
Application Transaction Counter (ATC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Application Usage Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Application Version Number (ICC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Application Version Number (Terminal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Authorisation Response Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Cardholder Verification Method (CVM) Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Cryptogram Information Data (CID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Customer Exclusive Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Dedicated File Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Form Factor Indicator (FFI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
ICC Dynamic Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Interface Device (IFD) Serial Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Issuer Action Code – Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Issuer Action Code – Denial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Issuer Action Code – Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Issuer Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Issuer Authentication Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Issuer Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Issuer Script Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Issuer Script Template 1 & 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
For Internal Use Only
Table of Contents HPS Integrator’s Guide V 16.1.1
12 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
POS Entry Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Terminal Action Code – Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Terminal Action Code – Denial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Terminal Action Code – Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Terminal Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Terminal Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Terminal Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Terminal Verification Results (TVR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Third Party Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Transaction Currency Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Transaction Date. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Transaction Sequence Counter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Transaction Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Transaction Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Transaction Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Unpredictable Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
F: EMV PDL Data Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
G: Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
H: Revision History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 List of Tables
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 13
List of Tables
2-1 Address Verification Service .......................................................................................................21
2-2 Chargeback Protected Limits......................................................................................................23
2-3 Binary to ASCII Hex Conversion.................................................................................................25
2-4 Binary ASCII Hex Conversion Example......................................................................................26
3-1 Card Brand References to BIN Ranges and Track Data ............................................................27
3-2 American Express Track 1 Format X4.16 Standard ...................................................................30
3-3 American Express Track 1 Format ISO 7813 Standard..............................................................31
3-4 American Express Track 2 Format X4.16 Standard ...................................................................33
3-5 American Express Track 2 Format ISO 7813 Standard..............................................................34
3-6 AVcard Track 1 Format...............................................................................................................36
3-7 AVcard Track 2 Format...............................................................................................................36
3-8 Centego Prepaid Track 1 Format................................................................................................37
3-9 Centego Prepaid Track 2 Format................................................................................................38
3-10 Discover Track 1 Format.............................................................................................................39
3-11 Discover Track 2 Format.............................................................................................................40
3-12 Diner’s Club International Track 1 Format ..................................................................................41
3-13 Diner’s Club International Track 2 Format ..................................................................................42
3-14 Drop Tank Track 1 Format..........................................................................................................43
3-15 Drop Tank Track 2 Format..........................................................................................................43
3-16 Heartland Gift Card Track 2 Format............................................................................................44
3-17 EBT Track 2 Format....................................................................................................................45
3-18 Fleet One Track 2 Format...........................................................................................................46
3-19 FleetCor Track 2 Format.............................................................................................................47
3-20 MasterCard Track 1 Format........................................................................................................49
3-21 MasterCard Track 2 Format........................................................................................................49
3-22 MasterCard Fleet Track 1 Format...............................................................................................51
3-23 MasterCard Fleet Track 2 Format...............................................................................................52
3-24 MasterCard Purchasing Track 1 Format.....................................................................................53
3-25 MasterCard Purchasing Track 2 Format.....................................................................................54
3-26 Multi Service Swiped Track 2 Format .........................................................................................55
3-27 SVS Track 1 Format ...................................................................................................................56
3-28 SVS Track 2 Format ...................................................................................................................56
3-29 ValueLink Track 1 Format...........................................................................................................57
3-30 ValueLink Track 2 Format...........................................................................................................58
3-31 VISA Track 1 Format ..................................................................................................................59
3-32 VISA Track 2 Format ..................................................................................................................60
3-33 VISA Fleet Track 1 Format .........................................................................................................62
3-34 VISA Fleet Track 2 Format .........................................................................................................63
3-35 Voyager Fleet Track 1 Format ....................................................................................................65
3-36 Voyager Fleet Track 2 Format ....................................................................................................66
3-37 WEX Fleet Track 2 Format .........................................................................................................69
For Internal Use Only
List of Tables HPS Integrator’s Guide V 16.1.1
14 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4-1 PAN Encryption...........................................................................................................................72
4-2 Track 1 Encryption ......................................................................................................................72
4-3 Track 2 Encryption ......................................................................................................................72
4-4 Encrypted CSC Steps .................................................................................................................73
4-5 Authorization Examples ..............................................................................................................76
4-6 POS 8583 Data Fields ................................................................................................................79
4-7 NTS Data Fields..........................................................................................................................81
4-8 Z01 Data Fields...........................................................................................................................83
4-9 E3 MSR Wedge Operation Modes..............................................................................................85
4-10 E3 MSR Wedge Operation Modes..............................................................................................87
5-1 Key Security Features.................................................................................................................92
5-2 Liability Shifts ..............................................................................................................................93
5-3 Contact Specifications ................................................................................................................94
5-4 Contactless Specifications ..........................................................................................................95
5-5 Heartland Host Specifications.....................................................................................................95
5-6 Card Authentication ....................................................................................................................96
5-7 Cardholder Verification ...............................................................................................................96
5-8 Authorization ...............................................................................................................................96
5-9 Full vs. Partial EMV Transactions and Flow ...............................................................................97
5-10 Full vs. Partial Transaction Flow .................................................................................................97
5-11 Full vs. Partial Credit Transactions .............................................................................................98
5-12 Full vs. Partial Debit Transactions ..............................................................................................99
6-1 Integrated Solutions ..................................................................................................................102
6-2 VSDC Testing ...........................................................................................................................104
6-3 M-TIP Testing ...........................................................................................................................104
6-4 AEIPS Testing...........................................................................................................................105
6-5 D-PAS Testing ..........................................................................................................................105
6-6 Test Environments ....................................................................................................................107
6-7 Test Process .............................................................................................................................107
7-1 Command APDU Format ..........................................................................................................109
7-2 Response APDU Format ..........................................................................................................109
7-3 Data Conventions .....................................................................................................................111
7-4 Terminal Data ...........................................................................................................................112
7-5 Card Data..................................................................................................................................121
7-6 Issuer Data................................................................................................................................129
7-7 Tender Processing....................................................................................................................131
7-8 Fallback Processing..................................................................................................................132
7-9 Application Selection.................................................................................................................133
7-10 Supported Application Methods ................................................................................................134
7-11 Offline Data Authentication .......................................................................................................137
7-12 Processing Restrictions ............................................................................................................138
7-13 Cardholder Verification .............................................................................................................138
7-14 PIN Support ..............................................................................................................................139
7-15 Terminal Risk Management ......................................................................................................140
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 List of Tables
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 15
7-16 Terminal Action Analysis...........................................................................................................140
7-17 Online or Offline Disposition .....................................................................................................145
7-18 Contact EMV Flow Differences .................................................................................................148
7-19 Card Verification .......................................................................................................................150
7-20 Receipt Requirements ..............................................................................................................151
8-1 EMV PDL Tables ......................................................................................................................153
A-1 VISA Purchasing BIN Ranges ..................................................................................................158
A-2 VISA Fleet BIN Ranges ............................................................................................................161
A-3 VISA Corporate or Business BIN Ranges.................................................................................162
A-4 VISA ReadyLink BIN Ranges ...................................................................................................229
A-5 MasterCard Purchasing BIN Ranges........................................................................................235
A-6 MasterCard Corporate BIN Ranges..........................................................................................237
A-7 MasterCard Fleet BIN Ranges..................................................................................................243
A-8 American Express BIN Ranges ................................................................................................243
A-9 Discover IIN Ranges .................................................................................................................244
A-10 PayPal IIN Ranges....................................................................................................................244
A-11 Voyager BIN Ranges ................................................................................................................245
A-12 WEX BIN Ranges .....................................................................................................................245
A-13 FleetCor BIN Ranges................................................................................................................245
A-14 Fleet One BIN Range................................................................................................................245
A-15 Multi Service BIN Ranges .........................................................................................................246
A-16 AVCard BIN Range...................................................................................................................246
A-17 SVS BIN Ranges ......................................................................................................................246
A-18 Centego Prepaid BIN Range ....................................................................................................247
A-19 Drop Tank BIN Range...............................................................................................................247
A-20 EBT BIN Ranges.......................................................................................................................247
B-1 Conexxus Product Codes .........................................................................................................251
B-2 MasterCard Purchasing Fuel Product Codes ...........................................................................264
B-3 MasterCard Purchasing Non-Fuel Product Codes....................................................................266
B-4 MasterCard Fleet Fuel Product Codes .....................................................................................268
B-5 MasterCard Fleet Non-Fuel Product Codes..............................................................................269
B-6 Fuel Product Codes ..................................................................................................................270
B-7 Non-Fuel Product Codes ..........................................................................................................272
B-8 WEX Supported Conexxus Product Codes ..............................................................................280
C-1 Additional Receipt Requirements by Card Types .....................................................................290
D-1 State Codes ..............................................................................................................................292
D-2 Region Codes: Canada (Province Codes)................................................................................294
E-1 POS 8583: Binary Example ......................................................................................................295
E-2 Exchange, Portico, NTS, Z01, SpiDr: ASCII Hex Example.......................................................295
E-3 Additional Terminal Capabilities................................................................................................296
E-4 Amount, Authorised (Numeric)..................................................................................................296
E-5 Amount, Other (Numeric)..........................................................................................................297
E-6 Application Cryptogram.............................................................................................................297
E-7 Application Dedicated File (ADF) Name ...................................................................................298
For Internal Use Only
List of Tables HPS Integrator’s Guide V 16.1.1
16 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
E-8 Application Identifier (AID) – Terminal ......................................................................................299
E-9 Application Interchange Profile .................................................................................................299
E-10 Application Label.......................................................................................................................300
E-11 Application Preferred Name......................................................................................................300
E-12 Application Primary Account Number Sequence Number ........................................................301
E-13 Application Transaction Counter (ATC) ....................................................................................301
E-14 Application Usage Control ........................................................................................................302
E-15 Application Version Number (ICC)............................................................................................302
E-16 Application Version Number (Terminal) ....................................................................................303
E-17 Authorisation Response Code ..................................................................................................303
E-18 Cardholder Verification Method (CVM) Results ........................................................................304
E-19 Cryptogram Information Data (CID) ..........................................................................................304
E-20 Customer Exclusive Data..........................................................................................................305
E-21 Dedicated File Name ................................................................................................................305
E-22 Form Factor Indicator................................................................................................................306
E-23 ICC Dynamic Number ...............................................................................................................306
E-24 Interface Device (IFD) Serial Number.......................................................................................307
E-25 Issuer Action Code – Default ....................................................................................................307
E-26 Issuer Action Code – Denial .....................................................................................................308
E-27 Issuer Action Code – Online .....................................................................................................308
E-28 Issuer Application Data .............................................................................................................309
E-29 Issuer Authentication Data........................................................................................................309
E-30 Issuer Country Code .................................................................................................................310
E-31 Issuer Script Results .................................................................................................................310
E-32 Issuer Script Template 1 & 2.....................................................................................................311
E-33 POS Entry Mode .......................................................................................................................311
E-34 Terminal Action Code – Default ................................................................................................312
E-35 Terminal Action Code – Denial .................................................................................................312
E-36 Terminal Action Code – Online .................................................................................................313
E-37 Terminal Capabilities ................................................................................................................313
E-38 Terminal Country Code.............................................................................................................314
E-39 Terminal Type ...........................................................................................................................314
E-40 Terminal Verification Results (TVR)..........................................................................................315
E-41 Third Party Data........................................................................................................................315
E-42 Transaction Currency Code ......................................................................................................316
E-43 Transaction Data.......................................................................................................................316
E-44 Transaction Sequence Counter ................................................................................................317
E-45 Transaction Status Information .................................................................................................317
E-46 Transaction Time ......................................................................................................................318
E-47 Transaction Type ......................................................................................................................318
E-48 Unpredictable Number ..............................................................................................................319
F-1 EMV PDL Data Examples .........................................................................................................320
G-1 Glossary....................................................................................................................................364
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 List of Figures
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 17
List of Figures
3-1 MasterCard Fleet Card: Driver Assigned Example .....................................................................50
3-2 MasterCard Fleet Card: Vehicle Assigned Example...................................................................50
3-3 VISA Fleet Card: Driver Assigned Example................................................................................61
3-4 VISA Fleet Card: Vehicle Assigned Example .............................................................................61
3-5 WEX Fleet Card Example ...........................................................................................................67
3-6 WEX GSA Fleet ..........................................................................................................................68
3-7 WEX Dept. of Defence Fleet.......................................................................................................68
3-8 WEX Dept. of Energy Fleet.........................................................................................................68
4-1 E3 MSR Wedge ..........................................................................................................................84
4-2 E3 PIN Pad .................................................................................................................................86
7-1 Contact Transaction Flow .........................................................................................................130
7-2 Contactless Transaction Flow...................................................................................................147
7-3 EMV Receipt Example ..............................................................................................................152
For Internal Use Only
List of Figures HPS Integrator’s Guide V 16.1.1
18 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 1: Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 19
Chapter 1: Overview
1.1 Introduction
Heartland Payment Systems, Inc. (Heartland) is a leading third-party provider of payment card
transaction processing, providing the following services:
Host Network transaction services
Bank Card, Fleet, Debit and Private Label card processing
Mobile and e-commerce solutions
Settlement processing
1.2 Document Purpose
The purpose of this document is to provide information in order to integrate a POS system to
Heartland. Topics include:
1.3 Audience
The primary audience for this document consists of third-party vendors responsible for
developing POS payment systems to interface with Heartland network. The secondary audience
consists of Heartland internal staff responsible for certifying or supporting POS payment
applications. All users of this document are assumed to have a basic understanding of POS
applications.
General POS Requirements Card Association BIN Ranges
Card Brand Information Industry Codes
E3 Processing Overview Receipt Requirements
EMV Processing Overview State Codes / Region Codes
EMV Development Overview EMV Field Definitions
EMV Terminal Interface EMV PDL Data Examples
EMV Parameter Interface Glossary
REQUIREMENT
This document is to be used along with Heartland’s Network platform specifications
(Exchange, POS 8583, NTS, Z01, Portico, SpiDr). Information found in the Network
specifications could override content within this document.
For Internal Use Only
1: Overview HPS Integrator’s Guide V 16.1.1
20 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
1.4 Payment Application Data Security
Standards (PA-DSS)
The Payment Card Industry (PCI) Security Standards Council (SSC) has released the Payment
Application Data Security Standards (PA-DSS) for payment applications running at merchant
locations. The PA-DSS assist software vendors to ensure their payment applications support
compliance with the mandates set by the Bank Card Companies (VISA, MasterCard, Discover,
American Express, and JCB).
In order to comply with the mandates set by the bank card companies, Heartland Payment
Systems:
Requires that the account number cannot be stored as plain, unencrypted data to meet PCI
and PA-DSS regulations. It must be encrypted while stored using strong cryptography with
associated key management processes and procedures.
Note: Refer to PCI DSS Requirements 3.4–3.6* for detailed requirements regarding
account number storage. The retention period for the Account Number in the
shadow file and open batch must be defined and at the end of that period or when
the batch is closed and successfully transmitted, the account number and all other
information must be securely deleted. This is a required process regardless of the
method of transmission for the POS.
Requires that, with the exception of the Account Number as described above and the
Expiration Date, no other Track Data is to be stored on the POS if the Card Type is a:
VISA, including VISA Fleet; MasterCard, including MasterCard Fleet; Discover, including
JCB, UnionPay, Carte Blanche, Diner's Club, and PayPal; American Express; Debit or
EBT. This requirement does not apply to WEX, FleetCor, Fleet One, Voyager, or Aviation
cards; Stored Value cards; Proprietary or Private Label cards.
Recommends that software vendors to have their applications validated by an approved
third party for PA-DSS compliance.
Requires all software vendors to sign a Non-Disclosure Agreement / Development
Agreement.
Requires all software vendors to provide evidence of the application version listed on the
PCI Council’s website as a PA-DSS validated Payment Application, or a written certification
to HPS testing to Developer's compliance with PA-DSS.
Requires that all methods of cryptography provided or used by the payment application
meet PCI SSC’s current definition of ‘Strong Cryptography’.
*Refer to www.pcisecuritystandards.org for the PCI DSS Requirements document and further
details about PA-DSS.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 2: General POS Requirements
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 21
Chapter 2: General POS Requirements
2.1 Address Verification Service
Visa, MasterCard, AMEX and Discover offer an Address Verification Service (AVS) as a
risk-management tool for merchants accepting transactions in which:
neither the card nor the cardholder are present (e.g., mail, telephone order, Internet
transactions), or
the card is present but its magnetic stripe cannot be read by a terminal at the point of sale.
AVS helps reduce the risk of accepting fraudulent transactions by issuer verification of the
cardholder’s billing address. The AVS Result Code helps the merchant determine whether to
accept a particular transaction or to take further follow-up action.
When a merchant accepts a card-not-present transaction, financial liability is also accepted by
the merchant in the event the transaction proves to be fraudulent. If the transaction is fraudulent,
the dollar value of the transaction may be “charged back” to the merchant. In addition to the
“charge back,” there are additional costs to process these exception items, plus the loss of
merchandise.
Table 2-1 Address Verification Service
AVS Request Description
Address Verification
Request
Address verification may be requested in one of two ways:
by itself, or
as part of an authorization request.
AVS By Itself (AVS Only) An AVS only request may be used under the following circumstances:
a merchant wants to verify the customer’s billing address before requesting an
authorization, or
the merchant sent an AVS and an authorization request earlier and received
an authorization approval but an AVS “try again later” response.
For Internal Use Only
2: General POS Requirements HPS Integrator’s Guide V 16.1.1
22 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
2.1.1 AVS Data Flow
2.1.2 AVS Result Code Guidelines
Not all Heartland POS message specifications support AVS Result Codes. See your specific
POS message specification for details.
For some industries, if the AVS Result Code is not a match, the payment engine automatically
declines and voids the transaction to the issuer.
For other industries, the merchant makes the decision on whether to proceed when the AVS
information is not an exact match, but the issuer approves the authorization request. See you
Heartland Representative for more information.
AVS Authorization
Request
You may process AVS requests the same way you process authorizations simply
by including the AVS information in the authorization request. The authorization
and address verification process is as follows:
Customer contacts the merchant to place an order.
The merchant confirms the usual order information including the merchandise
description, price, the customer’s account number, card expiration date, and
shipping address.
The merchant requests the cardholder’s billing address (street address and/or
ZIP Code) for the card being used. (The billing address is where the
cardholder’s monthly statement is sent for the card being used.)
The POS system includes the address information with the authorization
request to Heartland.
The issuer makes an authorization decision separately from the AVS request.
The issuer compares the cardholder billing address with the billing address it
has for that account. The issuer returns both the authorization response and a
code indicating the address verification results. Like any other transaction, if
the issuer declines the authorization request do not complete the transaction
for that account. This rule holds true even if you receive an “exact match” on
the address verification request.
Table 2-1 Address Verification Service (Continued)
AVS Request Description
CARDHOLDER MERCHANT HEARTLAND CARD BRAND
NETWORK ISSUER
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 2: General POS Requirements
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 23
2.2 Chargeback Protected Limits
The following amounts are the ICR-initiated chargeback protected amounts for approved
transactions by the bank card associations.
The merchant may choose to override these amounts. Any amount above the limits listed will not
include Chargeback Protection.
The merchant is at risk for any amount above these limits.
Table 2-2 Chargeback Protected Limits
Card Type Description
VISA VISA Consumer (including VISA Signature and Sign Preferred), VISA
Business (including VISA Signature Business), VISA Corporate, and
VISA Purchasing cards offer Chargeback Protection to $100 if the card
has been authorized for $1.00.
VISA Fleet cards offer Chargeback Protection to $150 if the card has
been authorized for $1.00.
MasterCard MasterCard Consumer cards offer Chargeback Protection to $100 if the
card has been authorized for $1.00.
MasterCard Corporate, MasterCard Corporate Fleet, and MasterCard
Purchasing cards offer Chargeback Protection to $150 if the card has
been authorized for $1.00.
Discover Card Discover Card offers Chargeback Protection to $100 if the card has been
authorized for $1.00. If the merchant has a custom agreement with
Discover to authorize for a different amount, chargeback protection is the
approved amount.
American Express American Express does not offer Chargeback Protection.
For Internal Use Only
2: General POS Requirements HPS Integrator’s Guide V 16.1.1
24 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
2.3 No Signature Required
No Signature Required is a program offered by Visa, MasterCard, AMEX and Discover for
consumer and commercial cards. The No Signature Required program allows merchants within
certain MCC codes to process transactions without having to obtain the cardholders signature or
provide the cardholder with a receipt unless the cardholder requests it.
In order to be eligible for No Signature Required, the following conditions must be met:
The cardholder must be present at the time of the transaction in a face-to-face
environment.
The merchant name and location must be included in the authorization request.
The total amount of the transaction must be less than the No Signature Required threshold
for the merchant’s MCC. Refer to the individual card associations for current information
about amounts, MCCs allowed, etc.
Online authorization must be obtained and the full track data must be included in the
authorization message. The track data can be obtained from the chip for EMV transactions
or from the magnetic stripe for swiped transactions.
To process a No Signature Required transaction with a chip card (on a chip-card-capable POS
terminal), the terminal application must set the Terminal Capabilities field to enable only the No
CVM Required card verification method (CVM). This action will cause the chip card not to require
a CVM.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 2: General POS Requirements
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 25
2.4 Binary to ASCII Hex Conversion
Since some the Host message formats allow for only printable characters to appear in
transaction data fields. Binary fields must be expanded to ensure that no values less than
hexadecimal 20 are transmitted.
To convert a binary field to its corresponding ASCII equivalent, remove 4 bits at a time and
convert them to the ASCII characters defined below. Performing this conversion procedure will
result in a doubling of the field size, i.e., a 20-digit binary field will yield a 40-character ASCII
result. After performing the conversion, the resulting ASCII data may then be populated within
the transaction data field.
Table 2-3 Binary to ASCII Hex Conversion
BIT Data ASCII Hex Characters
0000 0
0001 1
0010 2
0011 3
0100 4
0101 5
0110 6
0111 7
1000 8
1001 9
1010 A
1011 B
1100 C
1101 D
1110 E
1111 F
For Internal Use Only
2: General POS Requirements HPS Integrator’s Guide V 16.1.1
26 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
The table below shows examples of data before conversion as well as after the ASCII conversion
as the data moves from the POS to the Host.
The order of the fields is arbitrary and the values used below are only provided as an example.
Table 2-4 Binary ASCII Hex Conversion Example
Field Name RED is Before Conversion BLUE is after conversion
UNPREDICTABLE
NUMBER
Tag 9F 37 Tag 39463337
Length 04 Length 3034
Value 00010203 Value 3030303130323033
ISSUER APPLICATION
DATA
Tag 9F 10 Tag 39463130
Length 20 Length 3230
Value 00010203040506070809
0A0B0C0D0E0F1011121
31415161718191A1B1C
1D1E1F
Value 303030313032303330343035303
630373038303930413042304330
443045304631303131313231333
134313531363137313831393141
31423143314431453146
APPLICATION
CRYPTOGRAM
Tag 9F 26 Tag 39463236
Length 08 Length 3038
Value 0001020304050607 Value 303030313032303330343035303
63037
APPLICATION
TRANSACTION
COUNTER
Tag 9F 36 Tag 39463336
Length 02 Length 3032
Value 0001 Value 30303031
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 27
Chapter 3: Card Brand Information
3.1 Introduction
This chapter gives an overview of payment cards, embossing information, including Track 1 and
Track 2 layouts.
The maximum length of Track 1 is 79 characters. This length includes the START SENTINEL,
FIELD SEPARATORS, END SENTINEL and LONGITUDINAL REDUNDANCY CHECK (LRC)
fields. The Track 1 overall length will vary by card after the CARDHOLDER NAME field.
The maximum length of Track 2 is 40 characters. This length includes the START SENTINEL,
FIELD SEPARATOR, END SENTINEL, and LONGITUDINAL REDUNDANCY CHECK (LRC)
fields.
Track Data is sent unaltered.
Track data is defined by a number of International Organization for Standardization standards.
ISO/IEC 7810,ISO/IEC 7811, ISO/IEC 7812,ISO/IEC 7813,ISO 8583, and ISO/IEC 4909, now
define the physical properties of the card, including size, flexibility, location of the magstripe,
magnetic characteristics, and data formats. They also provide the standards for financial cards,
including the allocation of card number ranges to different card issuing institutions. The
standards should be referenced for details on track data.
Refer to the specific POS message specifications (Exchange, POS 8583, NTS, Z01, Portico,
SpiDr) to determine cards supported, transactions supported and data requirements.
Table 3-1 Card Brand References to BIN Ranges and Track Data
Card Type Track Preference
when Swiped BIN Ranges Track Data
American Express Track 1 Table A-8 American Express
BIN Ranges, pg. 243
3.2.1 American Express Track 1
Format X4.16 Standard, pg. 30
3.2.2 American Express Track 1
Format ISO 7813 Standard, pg. 31
3.2.3 American Express Track 2
Format X4.16 Standard, pg. 33
3.2.4 American Express Track 2
Format ISO 7813 Standard, pg. 34
AVcard No preference Tabl e A-1 6 AVCard BIN Range,
pg. 246
3.3.1 AVcard Track 1 Format, pg.
36
3.3.2 AVcard Track 2 Format, pg.
36
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
28 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
Centego Track 2 Table A-18 Centego Prepaid
BIN Range, pg. 247
3.4.1 Centego Prepaid Track 1
Format, pg. 37
3.4.2 Centego Prepaid Track 2
Format, pg. 38
Diner’s Club (Now
processed as
Discover)
No preference Tab le A- 9 Discover IIN Ranges,
pg. 244
3.6.1 Diner’s Club International
Track 1 Format, pg. 41
3.6.2 Diner’s Club International
Track 2 Format, pg. 42
Discover No preference Tab le A- 9 Discover IIN Ranges,
pg. 244
3.5.1 Discover Track 1 Format, pg.
39
3.5.2 Discover Track 2 Format, pg.
40
Drop Tank No preference Table A-19 Drop Tank BIN
Range, pg. 247
3.7.1 Drop Tank Track 1 Format,
pg. 43
3.7.2 Drop Tank Track 2 Format,
pg. 43
EBT Track 2 only Table A-20 EBT BIN Ranges,
pg. 247
3.9.1 EBT Track 2 Format, pg. 45
Fleet One Track 2 only Table A-14 Fleet One BIN
Range, pg. 245
3.10.1 Fleet One Track 2 Format,
pg. 46
FleetCor Track 2 only Table A-13 FleetCor BIN
Ranges, pg. 245
3.11.1 FleetCor Track 2 Format,
pg. 47
Heartland Gift
Card
Track 2 only Table A-17 SVS BIN Ranges,
pg. 246
3.8.1 Heartland Gift Card Track 2
Format, pg. 44
MasterCard No preference A.2 MasterCard BIN Ranges,
pg. 235
3.13.1 MasterCard Track 1 Format,
pg. 49
3.13.2 MasterCard Track 2 Format,
pg. 49
MasterCard
Corporate
No preference Table A-6 MasterCard
Corporate BIN Ranges, pg.
237
3.13.1 MasterCard Track 1 Format,
pg. 49
3.13.2 MasterCard Track 2 Format,
pg. 49
MasterCard Fleet No preference Table A-7 MasterCard Fleet
BIN Ranges, pg. 243
3.14.2 MasterCard Fleet Track 1
Format, pg. 51
3.14.3 MasterCard Fleet Track 2
Format, pg. 52
MasterCard
Purchasing
No preference Table A-5 MasterCard
Purchasing BIN Ranges, pg.
235
3.15.2 MasterCard Purchasing
Track 1 Format, pg. 53
3.15.3 MasterCard Purchasing
Track 2 Format, pg. 54
Multi Service Track 2 only Table A-15 Multi Service BIN
Ranges, pg. 246
3.16.1 Multi Service Swiped Track
2 Format, pg. 55
Table 3-1 Card Brand References to BIN Ranges and Track Data (Continued)
Card Type Track Preference
when Swiped BIN Ranges Track Data
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 29
PayPal No preference Table A-10 PayPal IIN Ranges,
pg. 244
3.5.1 Discover Track 1 Format, pg.
39
3.5.2 Discover Track 2 Format, pg.
40
PIN Debit Track 2 only A.10 Debit BIN Ranges, pg.
247
Issuer dependent.
Stored Value Track 2 Table A-17 SVS BIN Ranges,
pg. 246
3.18.1 SVS Track 1 Format, pg. 56
3.18.2 SVS Track 2 Format, pg. 56
ValueLink Track 2 Table A-17 SVS BIN Ranges,
pg. 246
3.20.1 ValueLink Track 1 Format,
pg. 57
3.20.2 ValueLink Track 2 Format,
pg. 58
VISA No preference A.1 VISA BIN Ranges, pg. 158 3.21.1 VISA Track 1 Format, pg. 59
3.21.2 VISA Track 2 Format, pg. 60
VISA Corporate or
Business
No preference Table A-3 VISA Corporate or
Business BIN Ranges, pg. 162
3.21.1 VISA Track 1 Format, pg. 59
3.21.2 VISA Track 2 Format, pg. 60
Use VISA Track layouts for VISA
Corporate or Business.
VISA Fleet Track 1 Table A-2 VISA Fleet BIN
Ranges, pg. 161
3.24.2 VISA Fleet Track 1 Format,
pg. 62
3.24.3 VISA Fleet Track 2 Format,
pg. 63
VISA Purchasing No preference Table A-1 VISA Purchasing BIN
Ranges, pg. 158
3.21.1 VISA Track 1 Format, pg. 59
3.21.2 VISA Track 2 Format, pg. 60
Use VISA Track layouts for VISA
Purchasing.
VISA ReadyLink Track 2 Table A-4 VISA ReadyLink BIN
Ranges, pg. 229
3.21.1 VISA Track 1 Format, pg. 59
3.21.2 VISA Track 2 Format, pg. 60
Use VISA Track layouts for VISA
ReadyLink.
Voyager Fleet No preference Table A-11 Voyager BIN
Ranges, pg. 245
3.25.1 Voyager Fleet Track 1
Format, pg. 65
3.25.2 Voyager Fleet Track 2
Format, pg. 66
WEX Fleet Track 2 only Table A-12 WEX BIN Ranges,
pg. 245
3.26.3 WEX Fleet Track 2 Format,
pg. 69
Table 3-1 Card Brand References to BIN Ranges and Track Data (Continued)
Card Type Track Preference
when Swiped BIN Ranges Track Data
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
30 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.2 American Express
American Express issues cards in either of following track formats.
ANSI X4.16
ISO 7813
Note: If sending the Primary Account Number (PAN), it must not contain any spaces.
3.2.1 American Express Track 1 Format X4.16
Standard
Table 3-2 American Express Track 1 Format X4.16 Standard
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 15–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CARD MEMBER NAME varies 26 A/N Field identifies the name of the cardholder and
contains a maximum of 26 characters. The
format of the field is last name followed by first
name and initial. Each cardholder name
component is separated as follows:
/ (forward slash) = Separates the first and
last name.
(space) = Separates first name from the
middle name or middle initial. Use only
when the cardholder names qualify for
separation.
. (period) = Separates the first name and
title.
Example: Last Name/First Name Initial
Embossing JOHN P. JONES JR.
Mag Stripe JONES/JOHN P.JR
FIELD SEPARATOR varies 1 A/N ^ (caret)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format. The
card expires on the last day of the month.
EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes
valid on the first day of the month.
DISCRETIONARY DATA varies 5 N
END SENTINEL varies 1 A/N ? (question mark)
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 31
3.2.2 American Express Track 1 Format ISO 7813
Standard
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment. LRC may
or may not be present.
UNUSED varies 17 A/N Reserved for future use.
Table 3-3 American Express Track 1 Format ISO 7813 Standard
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 15–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARD MEMBER NAME varies 26 A/N Field identifies the name of the cardholder and
contains a maximum of 26 characters. The
format of the field is last name followed by first
name and initial. Each cardholder name
component is separated as follows:
/ (forward slash) = Separates the first and
last name.
(space) = Separates first name from the
middle name or middle initial. Use only
when the cardholder names qualify for
separation.
. (period) = Separates the first name and
title.
Example: Last Name/First Name Initial
Embossing JOHN P. JONES JR.
Mag Stripe JONES/JOHN P.JR
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
The card expires on the last day of the month.
Table 3-2 American Express Track 1 Format X4.16 Standard (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
32 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
INTERCHANGE DESIGNATOR varies 1 N Code indicating whether the American
Express card is valid outside the country of
issue.
1 = Available for international interchange
2 = Chip card
5 = Available for interchange only in
country of issue
6 = Chip card, available for interchange
only in country of issue
7 = Not available for general interchange
9 = System test card
SERVICE CODE varies 2 N Code indicating whether the American
Express card is valid for ATM/Cash Access or
if a positive authorization is required.
01 = No restrictions
02 = No ATM service
03 = ATM Service only
06 = No restrictions; prompt for PIN, if PIN
pad is present
10 = No cash advance
11 = No cash advance or ATM service
20 = Requires positive authorization by
issuer or issuer’s agent
21 = Authorization by issuer only
22 = Authorization by issuer only; Goods &
Services
23 = Authorization by issuer only; ATM
only, PIN required
26 = Authorization by issuer only; prompt
for PIN, if PIN pad is present
EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes
valid on the first day of the month.
DISCRETIONARY DATA varies 5 N
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
UNUSED varies 17 A/N Reserved for future use.
Table 3-3 American Express Track 1 Format ISO 7813 Standard (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 33
3.2.3 American Express Track 2 Format X4.16
Standard
Table 3-4 American Express Track 2 Format X4.16 Standard
Field Name Position Length Format Value/Description
START SENTINEL 1 1 N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 15–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
The card expires on the last day of the month.
EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes
valid on the first day of the month.
DISCRETIONARY DATA varies 5 N
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment. LRC
may or may not be present.
UNUSED varies 8 N Reserved for future use.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
34 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.2.4 American Express Track 2 Format ISO 7813
Standard
Table 3-5 American Express Track 2 Format ISO 7813 Standard
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 15–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
The card expires on the last day of the month.
INTERCHANGE DESIGNATOR varies 1 N Code indicating whether the American
Express card can be used outside the country
of issue.
1 = Available for international interchange
2 = Chip card
5 = Available for interchange only in
country of issue
6 = Chip card, available for interchange
only in country of issue
7 = Not available for general interchange
9 = System test card
SERVICE CODE varies 2 N Code indicating whether the American
Express card is valid for ATM/Cash Access or
if a positive authorization is required.
01 = No restrictions
02 = No ATM service
03 = ATM Service only
06 = No restrictions; prompt for PIN, if PIN
pad is present
10 = No cash advance
11 = No cash advance or ATM service
20 = Requires positive authorization by
issuer or issuer’s agent
21 = Authorization by issuer only
22 = Authorization by issuer only; Goods
& Services
23 = Authorization by issuer only; ATM
only, PIN required
26 = Authorization by issuer only; prompt
for PIN, if PIN pad is present
EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes
valid on the first day of the month.
DISCRETIONARY DATA varies 8 N
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 35
LANGUAGE CODE varies 2 N Code indicating non-Canadian versus
Canadian cardholders and when a Canadian,
whether English or French is the spoken
language of the cardholder.
00 = Non-Canadian Card member
01 = Canadian Card members (English
Language)
02 = Canadian Card members (French
Language)
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 N Created by the encoding equipment.
Table 3-5 American Express Track 2 Format ISO 7813 Standard (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
36 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.3 AVcard
The AVcard requires a date check and a MOD-10 check.
3.3.1 AVcard Track 1 Format
3.3.2 AVcard Track 2 Format
Table 3-6 AVcard Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N ^ (caret)
ISO PREFIX 3 6 N 601029
ACCOUNT NUMBER 9 13max N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CREDIT CARD NAME varies 26max A/N Customer or company name.
FIELD SEPARATOR varies 1 A/N ^ (caret)
EXPIRATION DATE varies 4 N The date the card expires in YYMM
format.
SERVICE CODE INDICATOR varies 3 N Constant, 701
DISCRETIONARY DATA varies 15 A/N Miscellaneous Cardholder Info.
END SENTINEL varies 1 A/N ? (question mark)
Table 3-7 AVcard Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
ISO PREFIX 2 6 N 601029
ACCOUNT NUMBER 8 13max N AVcard Account Number.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N YYMM
SERVICE CODE
INDICATOR
varies 3 N Constant, 701
DISCRETIONARY DATA varies 15 Miscellaneous Cardholder Info.
END SENTINEL varies 1 A/N ? (question mark)
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 37
3.4 Centego Prepaid Card
PAN must pass MOD 10 check-digit test. (MOD 10 check on first 18 digits, 19th digit is the
check digit.)
Cards are embossed with the Account Number.
3.4.1 Centego Prepaid Track 1 Format
Note: Track data must be sent excluding the START SENTINEL, END SENTINEL, and LRC.
Note: The position ranges are valid for a 26-character cardholder name. The cardholder name is
a variable length field delimited by field separators. As a result, position ranges following
the CARDHOLDER field will change with varying CARDHOLDER field lengths.
Table 3-8 Centego Prepaid Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3–21 19 N Cardholder’s PAN.
FIELD SEPARATOR 22 1 A/N ^ (caret)
CARDHOLDER NAME 23–48 26max A/N Contains a maximum of 26 characters.
FIELD SEPARATOR 49 1 A/N ^ (caret)
EXPIRATION DATE 50–53 4 N The date the card expires in YYMM format.
SECURITY DATA 54–63 10 N Card verification value.
MEMBER NUMBER 64–74 11 A/N Club member number.
END SENTINEL 75 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
76 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
38 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.4.2 Centego Prepaid Track 2 Format
Table 3-9 Centego Prepaid Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.
FIELD SEPARATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
SECURITY DATA 26–35 10 N Card verification value.
END SENTINEL 36 1 A/N ? (question mark)
LONGITUDINAL REDUNDANCY
CHECK (LRC)
37 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 39
3.5 Discover Card
Discover Network (now known as DFS Services, LLC) allocates Issuer Identification Number
(IIN) ranges to authorized Issuers using the Discover Network. Discover Card recognition
includes the following Account Number field structures:
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.5.1 Discover Track 1 Format
Table 3-10 Discover Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies varies A/N Field identifies the name of the cardholder
and contains a maximum of 26 characters.
The format of this field is last name followed
by first name and initial. A / (forward slash)
separates the first and last name.
Example: Last Name/First Name Initial
Embossing John P. Jones III
Mag Stripe Jones III/John P
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which the
card can be used.
SECURITY CODE varies 13 A/N
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
40 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.5.2 Discover Track 2 Format
Table 3-11 Discover Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
SECURITY CODE varies 13 A/N
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 41
3.6 Diner’s Club International Card
The Diner’s Club International card must also be processed as a Discover Card.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.6.1 Diner’s Club International Track 1 Format
Table 3-12 Diner’s Club International Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 14–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies varies A/N Field identifies the name of the cardholder and
contains a maximum of 26 characters. The
format of the field is last name followed by first
name and initial. Each cardholder name
component is separated as follows:
/ (forward slash) = Separates the first and
last name.
(space) = Separates first name from the
middle name or middle initial. It is also used
to separate a title from the first name or
middle name or initial. Used to separate a
title only when the cardholder names qualify
for separation.
Example: Last Name/First Name Initial
Embossing JOHN P. JONES JR.
Mag Stripe JONES/JOHN P JR
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
INTERCHANGE
QUALIFICATION CODE
varies 3 N Code indicating the type of interchange that is
available on the card. Valid codes are as follows:
101 = Card is valid for unrestricted
international interchange.
587 = Card is valid only in territory of
issuance.
EFFECTIVE DATE varies 4 A/N The data in YYMM format.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
42 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.6.2 Diner’s Club International Track 2 Format
Table 3-13 Diner’s Club International Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 14–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
INTERCHANGE
QUALIFICATION CODE
varies 3 N Code indicating the type of interchange that
is available on the card. Valid codes are as
follows:
101 = Card is valid for unrestricted
international interchange.
587 = Card is valid only in territory of
issuance.
EFFECTIVE DATE varies 4 N The data in YYMM format.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 43
3.7 Drop Tank Card
3.7.1 Drop Tank Track 1 Format
3.7.2 Drop Tank Track 2 Format
Table 3-14 Drop Tank Track 1 Format
Field Name Position Length Format Value Description
START SENTINEL 1 1 Hex % (percent sign)
FORMAT CODE 2 1 A/N b
ACCOUNT NUMBER 3–20 18N Cardholder’s PAN (token).
FIELD SEPARATOR 21 1 A/N ^ (caret)
FILLER 22 1 A/N Space
FIELD SEPARATOR 23 1 A/N ^ (caret)
FILLER 24 1 A/N Space
END SENTINEL 25 1 A/N ? (question mark)
LRC 26 1 A/N Created by the encoding equipment.
LRC may or may not be present.
Table 3-15 Drop Tank Track 2 Format
Field Name Position Length Format Value Description
START SENTINEL 1 1 Hex ; (semicolon)
ACCOUNT NUMBER 2–19 18 N Cardholder’s PAN (token).
FIELD SEPARATOR 20 1 A/N = (equal sign)
DATE 21-24 4 N Expiration date in MMYY format.
END SENTINEL 25 1 A/N ? (question mark)
LRC 26 1 A/N Created by the encoding equipment.
LRC may or may not be present.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
44 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.8 Heartland Gift Card
PAN must pass a MOD 10 check-digit test. The 19th position is the check-digit for the
proceeding 18 digits).
Cards are embossed with the Account Number and the printed Access Code on the back.
3.8.1 Heartland Gift Card Track 2 Format
Table 3-16 Heartland Gift Card Track 2 Format
Field Name Position Length Format Value Description
START SENTINEL 1 1 3B Hex ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.
FIELD SEPARATOR 21 1 A/N = (equal sign)
DATE 22–25 4 N Expiration date in MMYY format.
Default expiration is 9999.
SECURITY DATA 26–38 13 N
END SENTINEL 39 1 A/N ? (question mark)
LRC 40 1 OF Hex Longitudinal Redundancy Check.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 45
3.9 EBT Card
The POS application must perform a MOD 10 check.
No Specific ISO – No information in the account number or track data identifies the card as
a Food Stamp or Cash Benefit card. This identification must come from POS prompts.
3.9.1 EBT Track 2 Format
Table 3-17 EBT Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.
FIELD SEPARATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
SERVICE CODE 26–28 3 N 120
DISCRETIONARY DATA 29 varies A/N
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
46 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.10 Fleet One Card
Cards are embossed with the Account Number, Company Name and Vehicle Name /
Customer Name.
3.10.1 Fleet One Track 2 Format
Table 3-18 Fleet One Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
CARD ISO/ABA PREFIX 2 6 A/N 501486
See A.6 Fleet Card BIN Ranges, pg. 245.
PROMPT CODE 8 2 NValid options are 10–19 and 99.
ACCOUNT NUMBER 10 6 NFleet company number.
CARD NUMBER 16 4 N
CHECK DIGIT 20 1 N0–9
FIELD SEPARATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22 4 N The date the card expires in YYMM format.
9912 or 4912 indicates “does not expire.”
MEMBER NUMBER 26 1 N 0–9
PIN OFFSET 27 6 N Not used.
END SENTINEL 33 1A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
34 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 47
3.11 FleetCor Card
Cards are embossed with the Account Number, Expiration Date, Company Name and
Vehicle Name/Customer Name.
3.11.1 FleetCor Track 2 Format
Table 3-19 FleetCor Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
CARD ISO/ABA PREFIX 2 6 A/N See A.6 Fleet Card BIN Ranges, pg. 245.
ISSUER IDENTIFIER 8 5 N
CARD NUMBER 13 6 N
FIELD SEPARATOR 19 1A/N = (equal sign)
EXPIRATION DATE 20 4 N The date the card expires in YYMM format.
9912 is a valid value and indicates card does
not expire.
DISCRETIONARY DATA 24 0–13 N Reserved for Future Use.
Value is either 0 or NULL.
END SENTINEL 24–37 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
25–38 1 A/N b
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
48 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.12 JCB Card
All JCB cards follow the same track format as Discover. See 3.5 Discover Card, pg. 39.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.12.1 JCB IIN Ranges on Discover Network
The JCB IIN Ranges are effective only for the domestic United States, and to the extent that
other Territories and Protectorates may be included, we will provide you with further information.
All other international markets are out of scope at this time. Additionally, ATM transactions will not
be enabled for the IIN ranges assigned to JCB. See A.4 Discover IIN Ranges, pg. 244.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 49
3.13 MasterCard
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.13.1 MasterCard Track 1 Format
3.13.2 MasterCard Track 2 Format
Table 3-20 MasterCard Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies varies A/N Contains the CVC.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
Table 3-21 MasterCard Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies varies A/N Contains the CVC.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
50 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.14 MasterCard Fleet Card Type
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number, Expiration Date and Cardholder
Name.
3.14.1 MasterCard Fleet Card Example
Figure 3-1 MasterCard Fleet Card: Driver Assigned Example
Figure 3-2 MasterCard Fleet Card: Vehicle Assigned Example
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 51
3.14.2 MasterCard Fleet Track 1 Format
Note: All MasterCard Fleet cards use the entire allocated length of the track. Therefore,
space-fill any variable length fields as necessary.
Table 3-22 MasterCard Fleet Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies 26 A/N Contains a maximum of 26 characters.
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM
format.
SERVICE CODE varies 3 A/N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies 22 A/N
PRODUCT RESTRICTION CODE varies 1 N 1 to 2 required.
PRODUCT TYPE CODE varies 1 N 1 to 5 required.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL REDUNDANCY
CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
52 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.14.3 MasterCard Fleet Track 2 Format
Table 3-23 MasterCard Fleet Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM
format.
SERVICE CODE varies 3 A/N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies 11 A/N
PRODUCT RESTRICTION CODE varies 1 N 1 to 2 required.
PRODUCT TYPE CODE varies 1 N 1 to 5 required.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL REDUNDANCY
CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 53
3.15 MasterCard Purchasing Card
PAN must pass a MOD 10 check-digit test.
Card are embossed with the Primary Account Number and the Expiration Date.
3.15.1 MasterCard Purchasing Card Example
3.15.2 MasterCard Purchasing Track 1 Format
Table 3-24 MasterCard Purchasing Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CARDHOLDER NAME varies varies A/N Contains a maximum of 26 characters.
FIELD SEPARATOR varies 1 A/N ^ (caret)
EXPIRATION DATE varies 4 N The date the card expires in YYMM
format.
SERVICE CODE varies 3 A/N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies 22 A/N Optional field.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
54 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.15.3 MasterCard Purchasing Track 2 Format
Table 3-25 MasterCard Purchasing Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 A/N Identifies the circumstances under which the
card can be used.
DISCRETIONARY DATA varies varies A/N Optional field.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 55
3.16 Multi Service Track Data
3.16.1 Multi Service Swiped Track 2 Format
3.17 PayPal Card
PayPal cards are now part of the Discover Network and follow the same track format as
Discover. See 3.5 Discover Card, pg. 39.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
Table 3-26 Multi Service Swiped Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
ISO PREFIX 2 6 N Refer to the Heartland POS Integrator’s
Guide for BIN Ranges.
ACCOUNT NUMBER 8 8 N Cardholder’s PAN.
FIELD SEPARATOR 16 1 A/N = (equal)
CASH FLAG 17 1 N
PO REQUIRED FLAG 18 1 N
TWO DIGIT DAY OF ISSUANCE 19 2 N
FIELD SEPARATOR 21 1 A/N = (equal)
DATE OF ISSUANCE 22 4 N YYMM
SERVICE RESTRICTIONS 26 1 N
FUEL FLAG 27 1 N
OIL FLAG 28 1 N
PLUS AMOUNT ON CARD 29 3 N
TYPE FLAG 32 1 N
FILLER SPACE 33 5
STRIPE VERSION NUMBER 38 1 N
END SENTINEL 39 1 A/N ? (question mark)
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
56 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.18 Stored Value Solutions (SVS)
PAN must pass MOD 10 check-digit test. (MOD 10 check on first 18 digits, 19th digit is the
check digit.)
Cards are embossed with the Account Number.
3.18.1 SVS Track 1 Format
3.18.2 SVS Track 2 Format
Table 3-27 SVS Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 5–21 19 NCardholder’s PAN.
FIELD SEPARATOR 22 1A/N ^ (caret)
CARDHOLDER NAME 23–48 26max A/N Contains a maximum of 26 characters.
FIELD SEPARATOR 49 1A/N ^ (caret)
EXPIRATION DATE 50–53 4 N The date the card expires in YYMM format.
SERVICE CODE 54–56 3 N 110
CVV DATA 57–59 3A/N Card Verification Value.
END SENTINEL 60 1A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
61 1A/N Created by the encoding equipment.
Table 3-28 SVS Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1–1 1A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 NCardholder’s PAN.
FIELD SEPARATOR 21–21 1A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
SERVICE CODE 26–28 3 N 110
CVV DATA 29–36 8 N Card Verification Value.
END SENTINEL 37–37 1A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
38–38 1A/N Created by encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 57
3.19 UnionPay Card
All UnionPay issued cards follow the same track format as Discover. See 3.5 Discover Card, pg.
39.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.20 ValueLink Card
PAN must pass MOD 10 check digit test. (MOD 10 check on first 18 digits, 19th digit is the
check digit.)
Card are embossed with the Account Number. CLGC cards (Closed Loop Gift Cards) are
embossed with 16 digits.
3.20.1 ValueLink Track 1 Format
Table 3-29 ValueLink Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.
SEPARATOR varies 1 A/N ^ (caret)
CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N
PVKI 1 N PIN Verification Key Index.
PVV 4 N PIN Verification Value.
DISCRETIONARY DATA varies varies A/N
VISA RESERVED varies 11 A/N
END SENTINEL varies 1 A/N
LRC varies 1 A/N Longitudinal Redundancy Check.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
58 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.20.2 ValueLink Track 2 Format
Table 3-30 ValueLink Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N
PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N Usually = (equal)
CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N
PVKI 1 N PIN Verification Key Index.
PVV 4 N PIN Verification Value.
DISCRETIONARY DATA varies 8 A/N
END SENTINEL varies 1 A/N
LRC varies 1 A/N Longitudinal Redundancy Check.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 59
3.21 VISA Card
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.21.1 VISA Track 1 Format
Table 3-31 VISA Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which the
card can be used.
PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two
components.
PVKI 1 PIN Verification Key Index.
PVV 4 PIN Verification Value.
DISCRETIONARY DATA varies varies A/N
VISA RESERVED varies 111
1. The length is always the last 11 positions of Track 1, excluding the END SENTINEL and LONGITUDINAL REDUNDANCY
CHECK.
A/N PIN Verification. All 11 positions are required.
Filler 1–2 Zero-fill
CVV 3–5 Card Verification Value.
Filler 6–7 Zero-fill
ACI 8 Authorization Control Indicator.
Filler 9–11 Zero-fill
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
60 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.21.2 VISA Track 2 Format
3.22 VISA Corporate or Business
For Track 1, see Table 3-31 VISA Track 1 Format, pg. 59.
For Track 2, see Table 3-32 VISA Track 2 Format, pg. 60.
3.23 VISA Purchasing
For Track 1, see Table 3-31 VISA Track 1 Format, pg. 59.
For Track 2, see Table 3-32 VISA Track 2 Format, pg. 60.
Table 3-32 VISA Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two
components.
PVKI 1 N PIN Verification Key Index (PVKI).
PVV 4 N PIN Verification Value (PVV).
DISCRETIONARY DATA varies varies A/N Contains the Card Verification Value.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL REDUNDANCY
CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 61
3.24 VISA Fleet Card Type
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number, Expiration Date, Company Name
or generic Cardholder ID.
3.24.1 VISA Fleet Card Example
Figure 3-3 VISA Fleet Card: Driver Assigned Example
Figure 3-4 VISA Fleet Card: Vehicle Assigned Example
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
62 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.24.2 VISA Fleet Track 1 Format
Table 3-33 VISA Fleet Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.
SEPARATOR varies 1 A/N ^ (caret)
CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two
components.
PVKI 1 N PIN Verification Key Index.
PVV 4 N PIN Verification Value.
DISCRETIONARY DATA varies varies A/N
VISA RESERVED varies 11 A/N
FILLER 2 A/N Zero-filled.
CVV 3 A/N Card Verification Value.
FILLER 2 A/N Zero-filled.
AUTHORIZATION
CONTROL INDICATOR
(ACI)
1 A/N Zero or A to Z required.
RESERVED 1 A/N 0 (zero)
SERVICE ENHANCEMENT
INDICATOR
1A/N
0 = Fleet, No restriction (fuel,
maintenance and non-fuel purchases)
1 = Fleet (fuel and maintenance
purchases only)
2 = Fleet (fuel only)
3–9 = Reserved
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 63
3.24.3 VISA Fleet Track 2 Format
SERVICE PROMPT 1 A/N 0 = Reserved (no prompt)
1 = Generic Identification Number and
ODOMETER1
2 = VEHICLE ID and ODOMETER
3 = DRIVER ID and ODOMETER
4 = ODOMETER
5 = No Prompt
6 = Generic Identification Number2
7–9 = Reserved (no prompt)
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by the encoding equipment.
1. SERVICE PROMPT 1: After prompt for an ID, cardholder enters 6-digit VEHICLE ID, DRIVER ID, or a generic identification
number followed by Odometer.
2. SERVICE PROMPT 6: After prompt for an ID, cardholder enters 6-digit VEHICLE ID, DRIVER ID, or generic identification number.
Table 3-34 VISA Fleet Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 13–19 N Cardholder’s PAN.
SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which the
card can be used.
PIN VERIFICATION 26
varies
if used
0 or 5 N If used, this field is composed of two
components.
PVKI 1 N PIN Verification Key Index.
PVV 4 N PIN Verification Value.
DISCRETIONARY DATA varies varies N
CARD VERIFICATION
VALUE (CVV)
3 N Identifies the Card Verification Value.
Table 3-33 VISA Fleet Track 1 Format (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
64 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
ISSUER INFORMATION varies N The length of this field depends on the
length of PIN Verification and must occupy
the third last position of the field. VISA Fleet
cards are required to use the last three
positions of this field to provide instructions
for customized prompts. For valid BIN
ranges, see A.1.2 VISA Fleet BIN Ranges,
pg. 161.
FLEET SERVICES 2 N The third to last position from the END
SENTINEL, valid value is zero.
Service Enhancement Indicator. The value
entered in this field must occupy the second
last position of the field.
0 = Fleet, No restriction (fuel,
maintenance and non-fuel purchases)
1 = Fleet (fuel and maintenance
purchases only)
2 = Fleet (fuel only)
Note: The position of this field varies
depending on the length of PIN
Verification.
1 N Indicate the SERVICE PROMPT.
0 = Reserved (no prompt)
1 = Generic Identification Number and
ODOMETER1
2 = VEHICLE ID and ODOMETER
3 = DRIVER ID and ODOMETER
4 = ODOMETER
5 = No Prompt
6 = Generic Identification Number2
7–9 = Reserved (no prompt)
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL REDUNDANCY
CHECK (LRC)
varies 1 A/N Value of 0 (zero) to F.
1. SERVICE PROMPT 1: After prompt for an ID, cardholder enters six-digit VEHICLE ID, DRIVER ID, or a generic identification
number followed by Odometer.
2. SERVICE PROMPT 6: After prompt for an ID, cardholder enters six-digit VEHICLE ID, DRIVER ID, or generic identification
number.
Table 3-34 VISA Fleet Track 2 Format (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 65
3.25 Voyager Fleet Card
PAN must pass two MOD 10 check-digit tests. The 13th position is the check-digit for the
previous eight digits. The 19th position is the check-digit for the previous 18 digits.
Cards are embossed with the Account Number, ID Number, Restriction Code and
Expiration Date.
3.25.1 Voyager Fleet Track 1 Format
Table 3-35 Voyager Fleet Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N 0 (zero)
PRIMARY ACCOUNT NUMBER 3–21 19 N Cardholder’s PAN.
FIELD SEPARATOR 22 1 A/N ^ (carat)
CARDHOLDER NAME 23–47 varies A/N Contains a maximum of 25 characters.
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
RESTRICTION CODE varies 2 N Code indicating the type of prompts that display
for a customer transaction.
00 = Do not prompt for ID Number or
odometer. All items allowed.
01 = Do not prompt for ID Number or
odometer. Fuel only.
10 = Prompt for ID Number. All items
allowed.
11 = Prompt for ID Number. Fuel only.
20 = Prompt for odometer. All items allowed.
21 = Prompt for odometer. Fuel only.
30 = Prompt for ID Number and odometer.
All items allowed.
31 = Prompt for ID Number and odometer.
Fuel only.
DISCRETIONARY DATA varies 13 N Contains a valid numeric value or be zero-filled.
END SENTINEL varies 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
varies 1 A/N Created by encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
66 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.25.2 Voyager Fleet Track 2 Format
Table 3-36 Voyager Fleet Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.
FIELD SEPARATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
RESTRICTION CODE 26–27 2 N Code indicating the type of prompts that
display for a customer transaction.
00 = Do not prompt for ID Number or
odometer. All items allowed.
01 = Do not prompt for ID Number or
odometer. Fuel only.
10 = Prompt for ID Number. All items
allowed.
11 = Prompt for ID Number. Fuel only.
20 = Prompt for odometer. All items
allowed.
21 = Prompt for odometer. Fuel only.
30 = Prompt for ID Number and
odometer. All items allowed.
31 = Prompt for ID Number and
odometer. Fuel only.
DISCRETIONARY DATA 28–38 11 N Will contain a valid numeric value or be
zero-filled.
END SENTINEL 39 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
40 1 A/N Created by encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 67
3.26 WEX Fleet Card
Account Number is seven positions in length where the first six digits must pass MOD 10
check-digit test. The seventh digit is the check-digit.
Cards are embossed with the Account Number, ISO Number, Purchase Device Sequence
Number, Expiration Date, Cardholder Name, Description and Restriction.
3.26.1 WEX Fleet Card Example
Figure 3-5 WEX Fleet Card Example
3.26.2 WEX GSA Fleet Cards
The following WEX GSA cards are to be treated just like any other WEX Fleet card.
WEX Universal cards and WEX GSA cards have the same Track 2 layout.
The card front for WEX Universal cards and WEX GSA cards differs, as the placement of
the six-digit ISO of 690046, the 13-digit Account Number, and five-digit value for the
Purchase Device Sequence Number varies by card type.
WEX Universal cards display the 690046 ISO below the 13-digit Account Number, and
label the five-digits Purchase Device Sequence Number as the PURCH. DEV. SEQ. NO.
WEX GSA Fleet cards display the 690046 ISO above the 13-digit Account Number and
place the five-digit Purchase Device Sequence Number after the 13-digit Account Number,
with no distinct label.
WEX Dept of Defense cards and Dept of Energy cards display the 690046 ISO above the
13-digit Account Number and label the five-digit Purchase Device Sequence Number as
CARD NO.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
68 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
Figure 3-8 WEX Dept. of Energy Fleet
Figure 3-6 WEX GSA Fleet Figure 3-7 WEX Dept. of Defence Fleet
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 3: Card Brand Information
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 69
3.26.3 WEX Fleet Track 2 Format
Table 3-37 WEX Fleet Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
ISO PREFIX 2 6 N See A.6 Fleet Card BIN Ranges, pg. 245.
PRIMARY ACCOUNT NUMBER 3–20 19 N Cardholder’s PAN.
FIELD SEPERATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
PROMPT TABLE KEY 26 1 N Values are 0, 1, 2, 3, 4 or 5.
PURCHASE RESTRICTION 27–28 2 N 00 = Fuel Only
01 = Unrestricted
02 = Fuel and Auto (Includes Car Wash)
•04
= Fuel and Oil
Note: Product restriction or validation is
only performed by the POS when
processing in offline mode. Product
restriction or validation is never
performed by the Host.
PURCHASE DEVICE
SEQUENCE NUMBER
29–33 5 N Distinct from the prompt Vehicle ID.
CAV1 34–37 4 N Card Authentication Value.
POS PROMPTS 38 1 N Refer to the Heartland POS Integrator’s
Guide for WEX Fleet Prompting Values.
END SENTINEL 39 1 A/N ? (question mark)
LONGITUDINAL
REDUNDANCY CHECK (LRC)
40 1 A/N Created by encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 16.1.1
70 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
3.26.4 WEX MOD 10 Calculation
WEX defines their Fleet number as:
ISO – six numeric
Client Id – four numeric
Zeros – two numeric
Account Number – six numeric
Check Digit – one numeric
To calculate the Check Digit, follow these steps:
Examine the six-digit Account Number, one digit at a time
Result 1 = Multiply digit 1 by 1
Result 2 = Multiply digit 2 by 2
Result 3 = Multiply digit 3 by 1
Result 4 = Multiply digit 4 by 2
Result 5 = Multiply digit 5 by 1
Result 6 = Multiply digit 6 by 2
If any of these Results (1 through 6) are > 9, then subtract 9 from that Result
The sum of all Results (1 through 6) = the Dividend
Divide the Dividend by 10 resulting in a Quotient and a Remainder
The Remainder = the MOD10-Value
If the MOD10-Value is not equal to 0, compute MOD10-Value = 10 minus MOD10-Value
Move MOD10-Value to Check Digit
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 71
Chapter 4: E3 Processing Overview
4.1 Introduction
Heartland Secure™ is a comprehensive credit/debit card data security solution that combines
three powerful technologies working in tandem to provide merchants with the highest level of
protection available against card-present data fraud.
Offered to Heartland customers for no additional processing fees as part of Heartland's
comprehensive solutions, Heartland Secure combines:
EMV electronic chip card technology to prove that a consumer's card is genuine.
Heartland's E3® end-to-end encryption technology, which immediately encrypts card data
as it is acquired so that no one else can read it.
Tokenization technology, which replaces card data with “tokens” that can be used for
returns and repeat purchases, but are unusable by outsiders because they have no value.
This guide focuses on Heartland's E3 end-to-end encryption solution and contains integration
information for POS systems. It serves as a companion to Heartland's host network
specifications and the E3 device programmer's manuals. These documents should be referred to
for more detailed information.
4.2 The E3® Solution
E3, an end-to-end encryption product by Heartland Payment Systems, is designed to protect
credit and debit card data from the moment of card swipe and through the Heartland network —
not just at certain points of the transaction flow.
E3 is based on Voltage Security's SecureData Payments product which provides a complete
payment transaction protection framework, built on two breakthrough technologies
encompassing encryption and key management: Voltage Format-Preserving Encryption (FPE)
and Voltage Identity-Based Encryption (IBE).
With Voltage Format-Preserving Encryption (FPE), credit card numbers and other sensitive data
are protected without the need to change the data format or structure. In addition, data properties
are maintained, such as a checksum, and portions of the data can remain in the clear.
With Voltage Identity-Based Encryption (IBE), the complexity of key management through
traditional Public Key Infrastructure (PKI) systems and symmetric key systems is eliminated —
because encryption keys are securely generated on demand and not stored, POS devices are
not subject to key injection and key rotation.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
72 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4.3 Encryption Data
4.3.1 Encrypted Track and PAN Data
Depending on the configuration of your E3-capable card acceptance device, the E3 encrypted
Track and PAN data will be formatted using one of two Track Encryption Protocol (TEP)
algorithms, TEP1 or TEP2. TEP1 is whole track encryption, while TEP2 is structure preserving
encryption.
Example: The following data was produced by an E3-capable device using Heartland's VISA
test card:
For TEP2, the following is guaranteed:
The leading six digits of the original PAN are maintained in the clear.
The trailing four digits of the original PAN are maintained in the clear.
The middle digits are used for the ciphertext value, which is guaranteed to consist solely of
digits.
The Luhn check value is preserved so that a PAN with a valid zero (0) result, creates
ciphertext that also checks as valid.
For TEP1, the device will provide a separate masked or obfuscated representation of the track
data for processing that requires the first six or last four digits of the PAN, cardholder name,
expiration date, Luhn check results, etc.
Table 4-1 PAN Encryption
Cleartext 4012002000060016
TEP2 4012002650330016
TEP1 +++++++BWmfv/HUA
Table 4-2 Track 1 Encryption
Cleartext %B4012002000060016^VI TEST CREDIT^251210118039000000000396?
TEP2 B4012007060016^VI TEST CREDIT^2512101XlwD91O5qOg+7Ftv+nLu
TEP1 3FLr83Ed5tiHN3r2CpT3kIndkhtiHRt3mtKQsozJ2rFQM8GE0ha2X7K6t
Table 4-3 Track 2 Encryption
Cleartext ;4012002000060016=25121011803939600000?
TEP2 4012007060016=2512101e3vdC5QhAEZa7UAN
TEP1 AsbjXkDWaRqLV0o5U33jffZqiPg
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 73
4.3.2 Encrypted Card Security Code
The Card Security Code (CSC) printed on the back of the card, referred to as CAV2, CVC2,
CVV2, or CID depending on the card brand, can be optionally encrypted.
The value to be encrypted is constructed as follows:
Length [1 digit]
Random Filler [x digits]
CSC [3 or 4 digits]
Note: The total length of the encrypted CSC will always be seven digits. Typically, the device will
randomly generate two or three digits of filler to ensure the CSC is seven digits.
4.3.3 Encryption Transmission Block
The Encryption Transmission Block (ETB), sometimes referred to as a Key Transmission Block
(KTB), contains the IBE encrypted version of the device's randomly generated FPE key that was
used to encrypt the card data. The ETB must be sent in the authorization requests so that the
host can decrypt the card data.
Heartland's ETB must be Base64 encoded, and for TEP1 and TEP2 it must be 276 bytes.
For example:
Table 4-4 Encrypted CSC Steps
Step Example Data
1. Obtain the CSC value (either 3 or 4 digits) 572
2. Generate a random 3-digit number 413
3. Construct the value to be encrypted 3413572
4. Encrypt the value 9037662
/wECAQEEAoFGAgEH3gcOTDT6jRZwb3NAc2VjdXJlZXhjaGFuZ2UubmV0tmpl5zBEIeyea
DRWB0IlbnWdMjK32V4QIJRoRIpu1Fm9w8fdoJt1gLt2jkkliD+0kvFOrhspWh4dsDYvSH
GgdgetU3pfAx+iBS38Wq2KvTOOlueGvXcGe0y4G/DFVgT7zBHm1YS7cseYLEtADtoSnhB
UjasCciO5ul9GhesvQo8Ah7NM8geDZdKN0QZZiLH8cmYhgHp8kamxSciDJHARUO9tFb+h
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
74 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4.4 E3 Specific Requirements
4.4.1 Heartland Exchange
This section addresses specific requirements for E3 terminals using the Heartland Exchange
Message Specification. All card types may be sent using E3 encryption.
4.4.1.1 Unique Transaction ID (UID)
Heartland's Unique Transaction ID (UID) is a software solution that eliminates the need for a
POS application to store the account number or track data for subsequent processing such as
Voids/Incrementals, and Batch Settlement. The UID is returned by the Heartland Exchange Host
in the Authorization response messages. This application is not available on other Heartland
Host platforms.
Voids/Incrementals: The Account Data Source field will be 'Z' or 'z' to indicate that the UID
is being used instead of track or Primary Account Number (PAN) data. The Customer Data
field will contain the UID which is the Retrieval Reference Number (RRN) from the
Authorization.
Batch Settlement: The Primary Account Number field in the Batch Settlement Detail
Record will be filled with all spaces to indicate that the UID is being used instead of PAN
data. The Transaction Identifier field in the Batch Settlement Detail Record is the
Transaction Identifier from the Authorization and it contains the UID.
4.4.1.2 Merchant ID Number (MID)
Merchant ID Number is a 12 character field that contains a unique number assigned by
Heartland. If your E3 implementation encrypts the MID, then the E3 sub-encryption indicator in
the Key Block Data field must indicate the MID is encrypted (01 or 02 as appropriate).
4.4.1.3 Account Data Source
The Account Data Source field is used to indicate the source and format of the data contained in
the Customer Data field. Refer to the Exchange Host Specification for a complete list of Account
Data Source codes.
4.4.1.4 Customer Data
The Customer Data field contains the Key Block data and either the Cardholder Account data or
the Unique Transaction ID. The Cardholder Account data may be either the encrypted Track 1,
encrypted Track 2, or encrypted primary account number. The unique transaction ID is never
encrypted. Refer to the Exchange Host Specification for the Customer Data format.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 75
4.4.1.5 Retrieval Reference Number (RRN)
The Retrieval Reference Number field contains a value that uniquely identifies a transaction. The
Retrieval Reference Number is sent in an authorization response. The POS then uses the RRN
in voids and incrementals to identify the original transaction.
4.4.1.6 Transaction Identifier
The Transaction Identifier field contains the UID. The Transaction Identifier is sent in an
authorization response.
4.4.1.7 Authorization Example
The following examples shows highlighted fields that are used in the POS message to Heartland
messaging:
Encrypted Track 1 Data
Encrypted Track 2 Data
KTB (Key Transmission Block)
PAN (Primary Account Number)
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
76 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
Table 4-5 Authorization Examples
Request Response
For Encrypted Card Swipes:
The following request fields require specific handling:
MID (Merchant ID Number) – This field will be either the
unencrypted, cleartext MID or the encrypted MID if supported.
Account Data Source – This field will indicate that either encrypted
Track 1 or Track 2 data is being sent:
“h” = Encrypted Track 1
“d” = Encrypted Track 2
Customer Data – This field will be <Key Block
Data><FS><Encrypted Track 1 or Track 2 Data>, where <Key Block
Data> is “v” (Voltage encryption)+ “01”, “02”, or “03” as appropriate +
KTB.
Example: v03/wECAQECAoFGAgEH2ggJTHLeIBZwb3NAc2
VjdXJlZXhjaGFuZ2UubmV0aFLxu2XTNLs6jIk3Bakt
bFZrdJ26dX85BjkkngQnmk+3tOhXRVILvASHnfmao0y
l5z7KNBx6Na7ekL+hryGQ3oPOcOVkEzei83Clsc
9QSfQJWB9ysAynGc6btccnrfjwyJn70KJ1cqQrw
623ASSWm57Hov2fMtWmPpYpQRr54oAoXZY
jUajd0sRXCn5XeD5BhpE/Wzd4Ayn+342BGUL
0N7hWKm<FS>V2uvVFzWkBTNzcX7vcrWTi4
jV9AtG2bLYJkCOi+OA2aY2OiRmw/0ZSQcH
The following response fields require
specific handling:
RRN (Retrieval Reference Number)
– This field will be used as the UID
(Unique Transaction ID) for
subsequent messages such as
voids.
Transaction Identifier This field will
be used as the UID in the batch
settlement detail record.
For Encrypted Manual Entry from E3 PIN Pad:
The following request fields require specific handling:
Merchant ID Number – This field will be the unencrypted, cleartext
MID.
Account Data Source – This field will indicate that an encrypted PAN
is being sent:
n “x” = Encrypted, manually keyed PAN, Track 1 capable
n “t” = Encrypted, manually keyed PAN, Track 2 capable
Customer Data This field will be <Key Block Data><FS><Encrypted
Primary Acct Num><FS><Exp Date><FS>, where <Key Block Data>
is “v” (Voltage encryption) + “03” (sub-encryption indicator that only
PAN is encrypted, not MID) + KTB from the E3 PIN Pad.
Example: v03/wECAQECAoFGAgEH2ggJTHLeIBZwb3NAc
2VjdXJlZXhjaGFuZ 2UubmV0aFLxu2XTNLs6jIk3Ba
ktbFZrdJ26dX85BjkkngQnm
k+3 tOhXRVILvASHnfmao0yl5z7
KNBx6Na7ekL+hryGQ3oPOcOVkE
zei83Clsc9QSf QJWB9ysAynGc6btccnfrfjwyJn70KJ1
cqQrw623ASSWm57Hov2fMtWmPpYpQRr
54oAoXZYjUajd0sRXCOn5XeD5BhpE/Wzd4Ayn+3
42BGUL0N7hWKm<FS>+++++++X8zr5YaCZ<FS>1012
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 77
Note:
Refer to section Authorization Chapter in the Heartland Exchange specification for all other
fields.
UIDs are used to retrieve a transaction’s account data for Voids, Incrementals, and Batch
Settlement. This eliminates the need to store or send encrypted or unencrypted track, PAN,
or KTB data once authorization has occurred.
For refunds/returns, Purchase Return (Transaction Code CR) must be utilized so that the
returned UID can be used for settlement.
For voice authorizations, Online Forced Purchase (Transaction Code 5S) must be utilized
so that the returned UID can be used for settlement.
4.4.1.8 Void/Incremental Example
A Void is required to cancel a previously authorized transaction. Online Auth Void (Transaction
Code 59), PIN Debit: Purchase Void (Transaction Code A3), or PIN Debit: Purchase Return Void
(Transaction Code A4) should be used depending on the type of the original authorization.
An Incremental Authorization is required in certain industries such as Hotel/Lodging when the
final amount due is more than 15% higher than the originally authorized amount.
For Voids/Incremental Requests the fields below require specific handling:
Merchant ID Number – This field will be the unencrypted, cleartext MID.
Account Data Source – This field will indicate that the UID is being sent instead of track or
PAN data:
“z” = Original authorization request contained encrypted track or PAN data.
Customer Data This field will be <Key Block Data><FS><UID>, where <Key Block Data>
is just “v03” – the KTB is not required in this case since no encrypted data is being sent,
and <UID> is the RRN from the original authorization response.
Note: Refer to the Heartland Exchange Specification for all other fields.
Void/Incremental Responses – No specific fields in the Exchange Host response require specific
handling.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
78 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4.4.2 Settlements
Batch transactions consist of a number of record types and require both request and responses.
4.4.2.1 Header Record Field Requirements
Merchant ID Number – This field will be the unencrypted, cleartext MID.
Key Block – This field will be just “v03” – the KTB is not required in this case since no
encrypted data is being sent.
4.4.2.2 Detail Record Fields Requirements
Account Data Source – This field will be the same value as was used in the original
authorization request.
Primary Account Number – This field will be filled with 22 spaces to indicate that the UID
will be used.
Transaction Identifier – This field will be the Transaction Identifier from the original
authorization response (it contains the UID).
4.4.2.3 Settlement Notes
UIDs must be used for settlement, all other record fields in both the request and responses follow
those defined in the Exchange Host Specifications.
Note: The only alternative supported on Exchange for settling E3 encrypted transactions is to
send the encrypted PANs in the detail records, but that option requires that all transactions
in the batch share the same KTB.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 79
4.4.3 POS 8583
This section addresses specific requirements for E3 terminals using the POS 8583 message
specification. All card types may be sent using E3 encryption. All transactions utilizing E3
processing will include E3 data in DE 127: Forwarding Data.
These transactions require the following:
E3 data must always appear in DE 127: Forwarding Data (using an Entry Tag value of
E3E.)
Note: Then encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted
track data and/or encrypted PAN are placed in their normal position in the authorization
message.
An account number must be more than 13 characters, the encrypted account number data
cannot exceed 19 characters.
Encrypted Track 1 data will not exceed 79 bytes.
Encrypted Track 2 data will not exceed 40 bytes.
Response codes specific to E3 transactions are:
DE 39 = 952 (Failure for E3 terminals only – encryption error)
DE 39 = 953 (Failure for E3 terminals only – too many queued / no connection)
Table 4-6 POS 8583 Data Fields
Field Name Length Value/Description
RECORD ID 2 E3
RECORD TYPE 3 001
KEY BLOCK DATA TYPE 1 v = Voltage
ENCRYPTED FIELD
MATRIX
2 03 = CustomerData
04 = CustomerData, Card Security Code
TEP TYPE 1 1 = TEP 1
2 = TEP 2
RESERVED 18 Blank-fill
CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:
1 = Length of actual CVV data
•2
7 = CVV data, right-justified, random fill, numeric
only
RESERVED 45 Blank-fill
ETB LLL 3 Length of ETB Block.
ETB BLOCK Varies ETB cannot exceed 276 bytes.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
80 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4.4.4 NTS
This section addresses specific requirements for E3 terminals processing on the NTS network
platform. All card types may be sent via E3 encryption. All transactions using E3 processing
append additional data items at the end of the record, which signals to the host that the
transaction is E3 encrypted.
These transactions require the following:
E3 data must always appear at the end of a transaction. The POS terminal will append a
0x1D at the end of the transaction followed by the E3 data. Refer to Table 4-7 NTS Data
Fields, pg. 81.
Note: Then encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted
track data and/or encrypted PAN are placed in their normal position in the authorization
message.
POS must send spaces in the CVN field. This encrypted CVN value will be in the E3 Data
Block.
An account number must not be less than 13 characters and the encrypted account
number data will not exceed 19 characters.
Encrypted Track 1 data will not exceed 79 bytes.
Encrypted Track 2 data will not exceed 40 bytes.
Response codes specific to E3 transactions are:
52 (Failure for E3 terminals only – encryption error)
53 (Failure for E3 terminals only – too many queued / no connection)
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 81
Table below shows the data items that must be appended to the end of an E3 transaction.
Table 4-7 NTS Data Fields
Field Name Length Value/Description
FIELD SEPARATOR 1 0x1D
Indicator for E3 transaction (Hex: Constant ASCII).
Must be appended at end of E3 transaction.
RECORD ID 2 E3
RECORD TYPE 3 001
KEY BLOCK DATA TYPE 1 v = Voltage
ENCRYPTED FIELD
MATRIX
2 03 = Customer Data
04 = Customer Data, Card Security Code
TEP TYPE 1 •1 = TEP 1
•2 = TEP 2
RESERVED 18 Blank-fill
CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:
1 = Length of actual CVV data
2–7 = CVV data, right-justified, random fill numeric only
RESERVED 45 Blank-fill
ETB LLL 3 Length of ETB Block.
EBT BLOCK Varies ETB should not exceed 276 bytes.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
82 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4.4.5 Z01
This section addresses specific requirements for E3 terminals processing on the Z01 network
platform. All card types may be sent via E3 encryption. All transactions using E3 processing will
append additional data items at the end of the record, which will signal to the Host that the
transaction is E3 encrypted.
These transactions require the following:
E3 data must always appear at the end of a transaction. The POS terminal will append a
0x1D at the end of the transaction followed by the E3 data as specified in Table 4-8 Z01
Data Fields, pg. 83.
Note: The encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted track
data and/or encrypted PAN are placed in their normal position in the authorization
message.
POS must send spaces in AVS RESULT AND CID RESULT. The encrypted values are in
the E3 Data Block.
An account number must not be less than 13 characters and the encrypted account
number data will not exceed 19 characters.
Encrypted Track 1 data will not include the field separator 0x1C.
Encrypted Track 2 data will not exceed 37 bytes.
Response codes specific to E3 transactions are:
URC = EG, SRC = 8 (Failure for E3 terminals only – encryption error)
URC = EH, SRC = 8 (Failure for E3 terminals only – too many queued / no connection)
Note: E3 transactions are not supported for TDC batch uploads.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 83
Table 4-8 Z01 Data Fields
Field Name Length Value/Description
FIELD SEPARATOR 1 0x1D.
Indicator for E3 transaction (Hex: Constant ASCII).
Must be appended at end of E3 transaction.
RECORD ID 2 E3
RECORD TYPE 3 001
KEY BLOCK DATA TYPE 1 v = Voltage
ENCRYPTED FIELD
MATRIX
2 03 = Customer Data
04 = Customer Data, Card Security Code
TEP TYPE 1 •1 = TEP 1
•2 = TEP 2
RESERVED 18 Blank-fill
CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:
1 = Length of actual CVV data
2–7 = CVV data, right-justified, random fill, numeric only
RESERVED 45 Blank-fill
ETB LLL 3 Length of ETB Block.
EBT BLOCK Varies ETB should not exceed 276 bytes.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
84 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4.5 E3 Hardware Devices
The following section describes two hardware devices that use E3 encryption technology that
integrates with Heartland Hosts:
E3 MSR Wedge (HPS-E3-M1)
E3 PIN Pad (HPS-E3-P1)
4.5.1 E3 MSR Wedge (HPS-E3-M1)
Hardware-encrypts card data upon swipe.
Incorporates a Tamper-Resistant Security Module (TRSM) to physically protect data and
encryption keys.
Available with USB and RS232 connectors.
Figure 4-1 E3 MSR Wedge
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 85
4.5.2 E3 MSR Wedge Device Interface
4.5.3 E3 MSR Wedge Example Output
See the following Format 2 example output from the E3 MSR Wedge:
<E1050711%B4012001000000016^VI TEST
CREDIT^251200000000000000000000?|
ycO0LNhgiu4XH7J1Lqg8BY6Vc25F3ft3qoTEeqk3wrx7KGh8JSrEUfAAW
|+++++++8q0sLWCB5|11;4012001000000016=25120000000000000000?|
7YIC67MkijZle6TL5Tdw90jCQ3F|+++++++8q0sLWCB5|00|||
/wECAQECAoFGAgEH1AESTDT6jRZwb3NAc2VjdXJlZXhjaGFuZ2UubmV0aXGRuQf68kvJ3Sb
fATjjdctZlBnX2gFQ3chN7Fq2s22bTq/rTVzl7fLQ/j1CGGohcyB
vmmYxGs6ZLDyYL+8EWZFhhjQC7tIKaYMsdua4SxeYAg9wQGHczVI+tTKFXClWEQ8kCKZ6
zHkG5+jJZhjGpO2EWSe18DH3HiKMsDwM8DcA5l5b3GT+pc7XwwK8oEdU3gjOiRo4/fdPm
F/PPBxAET1zlPUq|>
Table 4-9 E3 MSR Wedge Operation Modes
Mode Description
USB HID-KB The POS system receives data from the E3 MSR Wedge as if sent
from a standard USB keyboard. In this mode, you can see the output
by opening a text editor such as Notepad and swiping a card. The
output is in Format 2 per the programmer’s manual.
USB HID-MSR The POS system receives data from the E3 MSR Wedge via its
native USB HID interface in Format 1. For this mode, an ActiveX
control is available for web applications running on Internet Explorer
and provides commands for obtaining the desired output
components.
Also, a command-line application is available that acquires and
reformats the output as Format 2.
USB Virtual-COM or RS232 The POS system receives data from the E3 MSR Wedge via its
native serial COM port interface, which outputs in Form 2.
A virtual COM port driver is available for Windows. The RS232
wedge has a standard 9-PIN serial connector.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
86 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4.6 E3 PIN Pad (HPS-E3-P1)
The E3 PIN Pad is compatible with standard PIN entry/encryption operations, but is also capable
of functioning with MSR, Europay, MasterCard, and VISA (EMV) smart cards.
Built-in MSR encrypts at the swipe and TRSM protects the data and keys.
Hardware-encrypt manually-entered card numbers.
Available with USB and RS232 connectors.
Figure 4-2 E3 PIN Pad
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 87
Table 4-10 E3 MSR Wedge Operation Modes
POS System Direction E3 PIN Pad
<STX>E1.3111219098025<ETX>[LRC] → “SWIPE CARD OR ENTER ACCOUNT #” is
displayed on LCD.
← <ACK>
<STX>E2.030<ETX>[LRC] →
← <ACK>
If card is swiped...
<STX>E3.11%B401200000000001
6^VI TEST CREDIT^25120000000
0000000000000?|V2uvVFzWkBT
NzcX7vcrWTi4jV9AtG2bLYJkCO
i+OA2aY2OiRmw/0ZSQcH|++++
+++X8zr5YaCZ<FS>11;4012000
000000016= 251 20000000000
000000?|7QjTe2v1Qy1L84Q+n6
zudfNOXf|+++++++X8zr5YaCZ
<FS>00||<FS>/wECAQ
ECAoFGAgEH2ggJTHLeIBZwb3N
Ac2VjdXJlZXhjaGFuZ2
UubmV0aFLxu2XTNLs6jIk3Baktb
FZrdJ26dX85Bjkkng Qnmk+3tOhX
RVILvASHnfmao0yl5z7KNBx6Na
7ekL+hry GQ3oPOcOVkEzei8
3Clsc9QSfQJWB9ysAynGc6btccn
fr fjwyJn70KJ1cqQrw623ASSWm
57Hov2fMtWmPpYpQRr54
oAoXZYjUajd0sRXCOn5XeD5Bhp
E/Wzd4Ayn+3 42BGUL0N7hWKm
<ETX>[LRC]
or
If card number is manually entered...
<STX>E4.114012000000000016
<FS>
+++++++X8zr5YCZ
<FS>/wECAQECAoFGAgEH2g
gJTHLeIBZwb3NA2VjdXJlZXhj
aGFuZ2UubmV0aFLxu2XTNLs6
jIk3Baktb FZrdJ26dX85Bjkkng
Qnmk+3tOhXRVILvASHnfma
o0yl5 z7KNBx6Na7ekL+hryGQ3
oPOcOVkEzei83Clsc9QSfQJW
B9ysAynGc6btccnfrfjwyJn70KJ
1cqQrw623ASSWm57H ov2fM
tWmPYpQRr54oAoXZYjUajd0
sRXCOn5XeD5BhpE /Wzd4Ayn
+342BGUL0N7hWKm<ETX>[LRC]
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
88 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
4.6.1 E3 PIN Pad Device Interface
The POS system transmits and receives data to/from the E3 PIN Pad via its native serial COM
port interface. For the USB PIN pad, a virtual COM port driver is available for Windows. The
RS232 PIN pad has a standard 9-PIN serial connector.
All messages are framed using standard VISA protocols:
• <STX>Message<ETX>[LRC]
• <SI>Message<SO>[LRC]
4.6.1.1 E3 PIN Pad Requests
The following messages are sent to the PIN pad to request E3 encrypted card data via card
swipe and/or manual entry:
<STX>E1.[entry_flag] [disp_flag] [mask_flag] [min len] [max len] [prompt1] [prompt2]<FS>
[prossing_prompt]<ETX>[LRC]
• <STX>E2.[timeout]<ETX>[LRC]
4.6.1.2 E3 PIN Pad Responses
The following messages are returned from the PIN pad with E3 encrypted card data via card
swipe or manual entry:
Card Swipe: <STX>E3.[trk1]<FS>[trk2]<FS>[trk3]<FS>[ktb]<ETX>[LRC]
Manual Entry: <STX>E4.[result] [luhn] [obf]<FS>[enc]<FS>[ktb]<ETX>[LRC]
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 4: E3 Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 89
4.6.2 Ingenico iPP300 and iSC Touch Series PIN Pads
You must sign up for an account at the Ingenico Developer Portal and mention that you are
working with Heartland. Retail Base Application (RBA) Integration Kits, Software Development
Kits (SDKs), and integration documentation for these devices can be downloaded from their
portal.
The E3 encryption settings are contained in a digitally signed SECURITY.PGZ files. Work with
Heartland to ensure that the appropriate file is loaded to your devices prior to certification testing
or production deployment.
4.6.3 Equinox L4000 and L5000 Series PIN Pads
You must sign up for an account at the Equinox Developer Portal and mention that you are
working with Heartland. Software Development Kits (SDKs) and integration documentation for
these devices can be downloaded from their portal.
The E3 encryption settings are contained in XML files which must be specified for all forms
(screens) from which card data is obtained, and the forms must be digitally signed. Equinox can
provide a development key to sign the forms for use on a development device, but for production
devices the forms will either need to be signed by Heartland, Equinox, or another entity that has
the appropriate signing tools. Work with Heartland to ensure that the appropriate forms have
been signed and loaded to your devices prior to certification testing or production deployment.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 16.1.1
90 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 5: EMV Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 91
Chapter 5: EMV Processing Overview
5.1 Introduction
In 1996, Europay, MasterCard, and VISA first published the “EMV” specifications for the use of
chip cards for payment. EMV® is now a registered trademark of EMVCo, LLC, an organization
jointly owned and operated by American Express, Discover, JCB, MasterCard, UnionPay, and
VISA.
EMVCo manages, maintains, and enhances the EMV Integrated Circuit Card Specifications to
help facilitate global interoperability and compatibility of payment system integrated circuit cards
and acceptance devices. EMVCo maintains and extends specifications, provides testing
methodology, and oversees the testing and approval process.
The EMV Specifications provide a global standard for credit and debit payment cards based on
chip card technology. Payment chip cards contain an embedded microprocessor, a type of small
computer that provides strong security features and other capabilities not possible with traditional
magnetic stripe cards.
Chip cards are available in two forms, contact and contactless.
For contact, the chip must come into physical contact with the chip reader for the payment
transaction to occur.
For contactless, the chip must come within sufficient proximity of the reader (less than 4
cm) for the payment transaction to occur. Some cards may support both contact and
contactless interfaces, and non-card form factors such as mobile phones may also be used
for contactless payment.
Heartland recommends that vendors become familiar with general EMV processing prior to initial
implementation at Heartland. A good overview of EMV is available from EMVCo at:
http://www.emvco.com/best_practices.aspx?id=217.
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 16.1.1
92 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
5.2 EMV Migration
5.2.1 Enhanced Security
EMV is designed to significantly improve consumer card payment security by providing features
for reducing fraudulent transactions that result from counterfeit and lost and stolen cards. Due to
increased credit card breaches, this enhanced security has become a significant necessity.
The key security features are:
5.2.2 Card Brand Mandates
Effective April 2013, acquirer processors and sub-processor service providers are required to
support merchant acceptance of EMV chip transactions.
Table 5-1 Key Security Features
Key Security Feature Description
Card Authentication The terminal can authenticate the legitimacy of the card by using a
public-key infrastructure (PKI) and Rivest, Shamir, and Adleman (RSA)
cryptography to validate signed data from the card. The issuer can
authenticate the legitimacy of the card by validating a unique cryptogram
generated by the card for each payment transaction. These features will
help protect against counterfeit fraud.
Risk Management EMV introduces localized parameters to define the conditions under which
the issuer will permit the chip card to be used and force transactions online
for authorization under certain conditions such as offline limits being
exceeded.
Transaction Integrity Payment data such as purchase and cashback amounts are part of the
cryptogram generation and authentication processing, which will help
ensure the integrity of this data across authorization, settlement, and
clearing.
Cardholder Verification More robust cardholder verification processes and methods such as online
PIN (verified online by issuer) and offline PIN (verified offline by card) will
help protect against lost and stolen fraud.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 5: EMV Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 93
5.2.3 Fraud Liability Shifts
Effective October 2015 (or October 2017 for automated fuel dispensers), a merchant that does
not support EMV assumes liability for counterfeit card transactions.
There are two types of liability shifts:
5.2.4 PCI Audit Waivers
Effective October 2012, the card brands will waive PCI DSS compliance validation requirements
if the merchant invests in contact and contactless chip payment terminals. For example, VISA’s
Technology Innovation Program (TIP) provides PCI audit relief to qualifying merchants (Level 1
and Level 2 merchants that process more than 1 million VISA transactions annually) when 75
percent of the merchant’s VISA transactions originate at a dual-interface EMV chip-enabled
terminal. MasterCard offers a similar program.
Table 5-2 Liability Shifts
Liability Shift Description
Chip Liability Shift An issuer may charge back a counterfeit fraud transaction that occurred at a
non-EMV POS terminal if the valid card issued was a chip card.
Chip/PIN Liability Shift An issuer may charge back a lost or stolen fraud transaction that occurred at
an EMV POS terminal that was not PIN-capable if the card involved was a
PIN-preferring chip card. A PIN-preferring chip card is defined as an EMV chip
card that has been personalized so that a PIN CVM option (online PIN or
offline PIN) appears in the card’s CVM list with a higher priority than the
signature option.
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 16.1.1
94 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
5.3 EMV Specifications
This document provides guidelines for EMV integration, but it does not contain all the EMV
requirements. It should be used in conjunction with the following documents:
5.3.1 Contact Specifications
For EMV contact card acceptance, device manufacturers and payment application developers
must adhere to the following specifications:
Table 5-3 Contact Specifications
Source Specification
EMVCo EMV Specifications v4.3 (Nov 2011) –
http://www.emvco.com/specifications.aspx?id=223
Book 1: Application Independent ICC to Terminal Interface Requirements
Book 2: Security and Key Management
Book 3: Application Specification
Book 4: Cardholder, Attendant, and Acquirer Interface Requirements
VISA Transaction Acceptance Device Guide v3.0 (May 2015)
Integrated Circuit Card Specification v1.5 (May 2009)
MasterCard U.S. Market Terminal Requirements (April 2014)
American Express AEIPS Terminal Implementation Guide v4.3 (April 2015)
AEIPS Terminal Technical Manual v4.3 (April 2015)
Discover Contact D-PAS Acquirer Implementation Guide v3.0 (Jan 2015)
D-PAS Terminal Specification v1.0 (Jun 2009)
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 5: EMV Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 95
5.3.2 Contactless Specifications
For EMV contactless card acceptance, device manufacturers and payment application
developers must adhere to the following specifications:
5.3.3 Heartland Host Specifications
Information given in this document for each network platform is meant to be an overview only.
The latest version of these Heartland platform specifications should be used for complete
message requirements and formats:
Table 5-4 Contactless Specifications
Source Specification
EMVCo EMV Contactless Specifications v2.5 (Mar 2015) –
http://www.emvco.com/specifications.aspx?id=21
Book A: Architecture and General Requirements
Book B: Entry Point
Books C [C-1, C-2, C-3, C-4, C-5, C-6, C-7]: Kernel Specifications
Book D: Contactless Communication Protocol
VISA Transaction Acceptance Device Guide v3.0 (May 2015)
Contactless Payment Specification v2.1 (May 2009)
MasterCard U.S. Market Terminal Requirements (Apr 2014)
Contactless Reader Specification v3.1 (Jun 2015)
American Express Contactless NFC Terminal Implementation Guide v1.0 (Mar 2014)
Expresspay Terminal Specification v3.0 (Feb 2012)
Discover Contactless D-PAS Acquirer Implementation Guide v1.0
Contactless D-PAS Terminal Application Specification v1.0
Table 5-5 Heartland Host Specifications
Platform Specification
Exchange Exchange Host Specifications
Portico Portico Developer Guide
NWS Z01 Specifications
POS 8583 Specifications
SpiDr Specifications Developer’s Guide
VAPS Network Terminal Specifications (NTS)
POS 8583 Specifications
SpiDr Specifications Developer’s Guide
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 16.1.1
96 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
5.4 EMV Online vs. Offline
In the magstripe world, the term “offline” is often associated with certain types of transactions that
may occur when host communications are down, such as voice authorization, deferred
authorization (i.e. store and forward), and forced acceptance (i.e. merchant/acquirer stand-in).
Those same transactions can still occur in the EMV world as well, but there are several additional
uses of the term “offline” for EMV.
5.4.1 Card Authentication
5.4.2 Cardholder Verification
5.4.3 Authorization
Table 5-6 Card Authentication
Online Card Authentication vs. Offline Card Authentication
The transaction is sent online to an issuer who
authenticates the CVV in the track data for swiped
transactions, or CVV2 on the back of the card for
manually entered transactions.
The card may be authenticated offline by the terminal
using a PKI and RSA cryptography to verify that
certain static and/or dynamic data elements have been
digitally signed by the legitimate card issuer.
Table 5-7 Cardholder Verification
Online Cardholder Verification vs. Offline Cardholder Verification
The transaction is sent online to an issuer who
verifies that the online PIN or AVS data is correct.
An offline PIN may be securely stored on the card, so
the PIN entered on the PIN entry device may be sent
to the card in plaintext or enciphered format to be
validated by the card.
Table 5-8 Authorization
Online Authorization vs. Offline Authorization
The transaction is sent online to an issuer who
approves or declines the transaction.
Based on the amount of the transaction, and the risk
management criteria established by the card and the
terminal, a transaction may be approved or declined by
the card on behalf of the issuer, either with or without
attempt to go online to the issuer.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 5: EMV Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 97
5.5 Full vs. Partial EMV Transactions and Flow
EMV POS solutions typically support both “full” EMV transactions and “partial” EMV transactions
as follows:
5.5.1 Full vs. Partial Transaction Flow
Table 5-9 Full vs. Partial EMV Transactions and Flow
EMV Transaction Description
Full EMV Transactions Transactions such as Purchases and Pre-Authorizations where the full EMV
transaction flow (i.e. the interaction between the card and terminal) is
performed and the card participates in the authorization decision, whether
online or offline.
Partial EMV Transactions Transactions such as Returns and Reversals where the EMV transaction
flow is only partially performed to the extent necessary to get the card data
from the chip and the card does not participate in the authorization decision.
Table 5-10 Full vs. Partial Transaction Flow
EMV Transaction Step Full
EMV
Partial
EMV Notes
Card Acquisition 
Card is inserted or tapped.
Application Selection 
Initiate Application Processing 
Read Application Data 
Offline Data Authentication
Processing Restrictions
Cardholder Verification
Terminal Risk Management
Terminal Action Analysis 
For partial EMV transactions, the terminal requests an AAC
at 1st GENERATE AC to terminate card usage.
Card Action Analysis 
For partial EMV transactions, the card always returns an
AAC.
Online Processing
Issuer Authentication
Completion
Issuer Script Processing
Card Removal 
Prompt to remove card if it was inserted.
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 16.1.1
98 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
5.5.2 Full vs. Partial Credit Transactions
Table 5-11 Full vs. Partial Credit Transactions
EMV Transactions Full
EMV
Partial
EMV Notes
Bill Payment
Card Verify
Cash Advance
Incremental Authorization No chip data should be sent.
Offline Decline Advice AAC received at 1st GENERATE AC or due to failed Issuer
Authentication at 2nd GENERATE AC.
Offline Purchase Advice

Full for EMV offline approvals where TC received at 1st
GENERATE AC or after failed host communications at 2nd
GENERATE AC.
Partial for voice authorizations if PAN obtained from chip.
Online Purchase ARQC received at 1st GENERATE AC.
Pre-Authorization
Pre-Auth Completion No chip data should be sent.
Purchase Return To obtain PAN from chip if needed.
Reversal on Timeout PAN and chip data from original authorization should be sent
unless otherwise stated in the network specifications. (This is
currently not applicable for the NTS platform.)
Note: No EMV data will be returned in the response.
Void PAN and chip data from original authorization should be sent.
This should be the final chip data available from the original
authorization. Typically, this would be from the 2nd GEN AC
for contact and from the 1st GEN AC for contactless.
Note: No EMV data will be returned in the response.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 5: EMV Processing Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 99
5.5.3 Full vs. Partial Debit Transactions
Table 5-12 Full vs. Partial Debit Transactions
EMV Transactions Full
EMV
Partial
EMV Notes
Offline Decline Advice AAC received at 1st GENERATE AC or due to failed Issuer
Authentication at 2nd GENERATE AC.
Online Purchase ARQC received at 1st GENERATE AC.
Pre-Authorization
Pre-Auth Completion No chip data should be sent.
Purchase Return ARQC received at 1st GENERATE AC.
Reversal on Timeout PAN and chip data from original authorization should be sent.
Note: No EMV data will be returned in the response.
Void PAN and chip data from original authorization should be sent.
This should be the final chip data available from the original
authorization. Typically, this would be from the 2nd GEN AC for
contact and from the 1st GEN AC for contactless.
Note: No EMV data will be returned in the response for Void.
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 16.1.1
100 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 6: EMV Development Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 101
Chapter 6: EMV Development Overview
6.1 EMV Terminals
In order to develop an EMV POS solution, an approved EMV transaction acceptance device
must be used. In this document all such devices, whether they are a countertop terminal,
multi-function PIN pad, multi-lane signature capture device, automated fuel dispenser module,
etc., will be referred as a 'terminal'.
6.1.1 Contact Devices
For EMV contact card acceptance, use any terminal if all of the following criteria apply:
Contains an EMVCo Level 1 Contact approved Interface Module (IFM) evaluated against
the EMV ICC Specifications, Book 1 v4.0 or later.
Contains a MasterCard Terminal Quality Management (TQM) approved IFM.
Is running an EMVCo Level 2 Contact approved application kernel evaluated against the
EMV ICC Specifications v4.3 or later.
Contains a PCI PTS 2.x, 3.x or 4.x approved PIN Entry Device (PED) or Encrypting PIN
Pad (EPP), if you plan to support PIN.
6.1.2 Contactless Devices
For EMV contactless card acceptance, use any terminal if all of the following criteria apply:
Contains an EMVCo Level 1 Contactless approved Proximity Coupling Device (PCD)
evaluated against the EMV Contactless Specifications, Book D v2.2 or later.
Contains a MasterCard TQM approved PCD.
Is running a VISA approved payWave application kernel evaluated against the VISA
Contactless Payment Specification v2.1.1 or later.
Is running a MasterCard approved MasterCard Contactless application kernel approved
against the MasterCard Contactless Reader Specification v3.0.1 or later.
Is running an American Express approved Expresspay application kernel evaluated
against the Expresspay Terminal Specification v3.0 or later.
Is running a Discover approved D-PAS application kernel evaluated against the
Contactless D-PAS Terminal Payment Application v1.0 or later.
Contains a PCI PTS 2.x, 3.x or 4.x approved PED or EPP, if you plan to support PIN.
REQUIREMENT An EMV POS Solution cannot be certified unless the EMVCo Level 1 and Level 2 Letters of
Approval for your terminal(s) of choice are current and not about to expire.
For Internal Use Only
6: EMV Development Overview HPS Integrator’s Guide V 16.1.1
102 2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive
6.1.3 Letters of Approval
The EMVCo and PCI approval numbers and/or Letters of Approval (LoAs) can be obtained from
their respective websites:
http://www.emvco.com/approvals.aspx?id=83
https://www.pcisecuritystandards.org/approved_companies_providers/approved_pin_trans
action_security.php
The other approval numbers and/or LoAs can be obtained from the device supplier or
manufacturer.
6.2 EMV Solutions
The type of EMV POS solution to be developed is an important consideration as this will
determine the level of expertise needed, the amount of time it will take and whether a full EMV
certification will be required.
6.2.1 Integrated
Integrated solutions typically involve an Electronic Cash Register (ECR) that is connected to a
terminal containing the EMV kernel and providing all EMV functionality including card acquisition
and PIN entry.
6.2.2 Standalone
Standalone solutions consist of a terminal that runs the POS software, contains the EMV kernel
and provides all EMV functionality. PIN entry occurs on an internal or external PIN pad and if
contactless is supported, the reader may be integrated into the terminal or be a separate device.
A standalone solution is in scope for PCI and full EMV certification.
Table 6-1 Integrated Solutions
Integrated Solution Description
Fully Integrated The terminal provides the EMV functionality, but the ECR still handles
card data and host communication. Therefore, it is in scope for PCI and
full EMV certification.
Semi-Integrated The terminal not only provides the EMV functionality, but also handles the
host communication, so the ECR does not see the card data. Therefore,
the ECR is not in scope for PCI or full EMV certification. Only a minimal
EMV validation script must be run for semi-integrated solutions.
For Internal Use Only
HPS Integrator’s Guide V 16.1.1 6: EMV Development Overview
2016 Heartland Payment Systems, Inc., All Rights Reserved–HPS Confidential: Sensitive 103
6.3 EMV Certifications
Magstripe swiped and key entered transactions will continue to be certified directly through
Heartland per the existing processes already in place. However, EMV requires additional
certifications. Each card brand has its own proprietary chip applications that run on EMV cards
bearing their brand. For that reason, each card brand has its own certification requirements that
must be met and submitted for approval.
6.3.1 Test Requirements
The card brand certification requirements must be met for each distinct POS configuration that
will be deployed, which is defined by a unique combination of:
The kernel software, which includes the Level 2 Contact Application Kernel and/or Level 2
Contactless Application Kernel (payWave, MasterCard Contactless, Expresspay, etc.).
The terminal application software, which includes the payment application software and
the terminal-to-acquirer communication software.
The specific terminal configuration, which includes use of a particular EMVCo Level 2
approved kernel configuration for the specific Terminal Type, Terminal Capabilities and
other relevant terminal parameter settings.
The complete connection path from the terminal to the card brand.
The card brand certification requirements must be met when any of the following occurs:
A particular POS configuration is deployed for the first time.
A major upgrade is made to an already deployed POS configuration.
The terminal hardware and software is upgraded and the change is major according to the
EMVCo Type Approval Bulletin No. 11 (http://www.emvco.com/approvals.aspx?id=108).
Note: Replacing the IFM with another approved IFM is not considered a major change.
A contact terminal is upgraded to support contactless transactions.
The terminal application software is upgraded to support additional payment related
functionality such as the partial approval, purchase with cash back, purchase with gratuity,
cardholder application sele