HPS Integrator's Guide V 17.2 Nov 2017

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 316 [warning: Documents this large are best viewed by clicking the View PDF Link!]

POS Message Interface
Heartland Integrator’s Guide
Version 17.2
November 2017
For Internal Use Only
Notice HPS Integrator’s Guide V 17.2
22017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
Notice
THE INFORMATION CONTAINED HEREIN IS PROVIDED TO RECIPIENT “AS IS” WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, OR
WARRANTY OF TITLE OR NON-INFRINGEMENT. HEARTLAND PAYMENT SYSTEMS, LLC
(“HEARTLAND”) MAKES NO WARRANTIES OR REPRESENTATIONS THAT THE MATERIALS,
INFORMATION, AND CONTENTS HEREIN ARE OR WILL BE ERROR FREE, SECURE, OR MEET
RECIPIENT’S NEEDS. ALL SUCH WARRANTIES ARE EXPRESSLY DISCLAIMED.
RECIPIENT’S USE OF ANY INFORMATION CONTAINED HEREIN IS AT RECIPIENT’S SOLE AND
EXCLUSIVE RISK. IN NO EVENT SHALL HEARTLAND BE LIABLE FOR ANY DIRECT, INDIRECT,
SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF ANY
INFORMATION CONTAINED HEREIN, WHETHER RESULTING FROM BREACH OF CONTRACT,
BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, EVEN IF HEARTLAND HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. HEARTLAND RESERVES THE RIGHT TO
MAKE CHANGES TO THE INFORMATION CONTAINED HEREIN AT ANY TIME WITHOUT NOTICE.
THIS DOCUMENT AND ALL INFORMATION CONTAINED HEREIN IS PROPRIETARY TO HEARTLAND,
RECIPIENT SHALL NOT DISCLOSE THIS DOCUMENT OR THE SYSTEM DESCRIBED HEREIN TO
ANY THIRD PARTY UNDER ANY CIRCUMSTANCES WITHOUT PRIOR WRITTEN CONSENT OF A
DULY AUTHORIZED REPRESENTATIVE OF HEARTLAND. IN ORDER TO PROTECT THE
CONFIDENTIAL NATURE OF THIS PROPRIETARY INFORMATION, RECIPIENT AGREES:
(A) TO IMPOSE IN WRITING SIMILAR OBLIGATIONS OF CONFIDENTIALITY AND
NONDISCLOSURE AS CONTAINED HEREIN ON RECIPIENT’S EMPLOYEES AND
AUTHORIZED THIRD PARTIES TO WHOM RECIPIENT DISCLOSES THIS INFORMATION
(SUCH DISCLOSURE TO BE MADE ON A STRICTLY NEED-TO-KNOW BASIS) PRIOR TO
SHARING THIS DOCUMENT AND
(B) TO BE RESPONSIBLE FOR ANY BREACH OF CONFIDENTIALITY BY THOSE EMPLOYEES
AND THIRD PARTIES TO WHOM RECIPIENT DISCLOSES THIS INFORMATION.
RECIPIENT ACKNOWLEDGES AND AGREES THAT USE OF THE INFORMATION CONTAINED
HEREIN SIGNIFIES ACKNOWLEDGMENT AND ACCEPTANCE OF THESE TERMS. ANY SUCH USE IS
CONDITIONED UPON THE TERMS, CONDITIONS AND OBLIGATIONS CONTAINED WITHIN THIS
NOTICE.
THE TRADEMARKS AND SERVICE MARKS RELATING TO HEARTLAND’S PRODUCTS OR
SERVICES OR THOSE OF THIRD PARTIES ARE OWNED BY HEARTLAND OR THE RESPECTIVE
THIRD PARTY OWNERS OF THOSE MARKS, AS THE CASE MAY BE, AND NO LICENSE WITH
RESPECT TO ANY SUCH MARK IS EITHER GRANTED OR IMPLIED.
To verify existing content or to obtain additional information, please call or email your assigned Heartland
contact.
For Internal Use Only
HPS Integrator’s Guide V 17.2 Release Notes
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 3
Release Notes
Version 17.2 Release Notes
Chapter/Appendix Revisions
General Format and
Global Changes
Red change bars added on clarification and project updates.
For clarification purposes only: Some content modified and reformatted (with
no change bar), with no impact to development.
Chapter 6: EMV
Development Overview
Removed out of date Version 2.x for approved PED or EPP devices from the
following sections:
6.1.1 Contact Devices, p. 105
6.1.2 Contactless Devices, p. 105
Removed version numbers from the following test plan tables:
Table 6-2 VSDC Testing, p. 108
Table 6-3 M-TIP Testing, p. 108
Table 6-4 AEIPS Testing, p. 108
Table 6-5 D-PAS Testing, p. 109
Chapter 7: EMV Terminal
Interface
Table 7-4 Terminal Data, p. 116: Added clarification to ISSUER SCRIPT
RESULTS from EMVCo document that Bytes 1-5 are repeated.
Table 7-11 Available AIDs, p. 141:
Added Note stating that standard credit AIDs for Mastercard and Visa support
their fleet, business, corporate, consumer cards, etc.
For Discover U.S. Common Debit AID, removed the note that stated it was not
supported for PIN Debit. It is now supported.
CUP: Added Union Pay AIDs.
Chapter 8: EMV
Parameter Interface
Table 8-2 Platform Identifiers to EMV PDL System, p. 163: Added a row for the
8583 platform field identifiers for EMV PDL (DE41, DE42, DE62).
Appendix D: EMV Field
Definitions
Table D-22 Form Factor Indicator, p. 234: Correction, 9F6E is mandatory for
MasterCard contactless.
For Internal Use Only
Release Notes HPS Integrator’s Guide V 17.2
42017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
This page intentionally left blank for duplex printing.
For Internal Use Only
HPS Integrator’s Guide V 17.2 Table of Contents
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 5
Table of Contents
Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.2 Document Purpose. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.3 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
1.4 Payment Application Data Security Standards (PA-DSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chapter 2: General POS Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.1 Address Verification Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.1.1 AVS Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.1.2 AVS Result Code Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.2 Chargeback Protected Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.3 No Signature Required. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.4 Binary to ASCII Hex Conversion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 3: Card Brand Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.2 American Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.2.1 American Express Track 1 Format X4.16 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
3.2.2 American Express Track 1 Format ISO 7813 Standard . . . . . . . . . . . . . . . . . . . . . . . . 31
3.2.3 American Express Track 2 Format X4.16 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.2.4 American Express Track 2 Format ISO 7813 Standard . . . . . . . . . . . . . . . . . . . . . . . . 33
3.3 AVcard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.3.1 AVcard Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.3.2 AVcard Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.4 Centego Prepaid Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.4.1 Centego Prepaid Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.4.2 Centego Prepaid Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.5 Discover Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.5.1 Discover Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.5.2 Discover Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.6 Diner’s Club International Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.6.1 Diner’s Club International Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.6.2 Diner’s Club International Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.7 Drop Tank Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.7.1 Drop Tank Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.7.2 Drop Tank Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.8 Heartland Gift Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.8.1 Heartland Gift Card Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
For Internal Use Only
Table of Contents HPS Integrator’s Guide V 17.2
62017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.9 EBT Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
3.9.1 EBT Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
3.10 Fleet One Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.10.1 Fleet One Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.11 FleetCor Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.11.1 FleetCor Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.12 JCB Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.12.1 JCB IIN Ranges on Discover Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.13 Mastercard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.13.1 Mastercard Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.13.2 Mastercard Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.14 Mastercard Fleet Card Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3.14.1 Mastercard Fleet Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3.14.2 Account Number Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.14.3 Mastercard Fleet Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.14.4 Mastercard Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.15 Mastercard Purchasing Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.15.1 Mastercard Purchasing Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.15.2 Mastercard Purchasing Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.15.3 Mastercard Purchasing Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.15.4 Mills Fleet Farm PLCC Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
3.15.5 Mills Fleet Farm PLCC Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
3.16 Multi Service Track Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.16.1 Multi Service Swiped Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.17 PayPal Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
3.18 Stored Value Solutions (SVS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.18.1 SVS Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.18.2 SVS Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
3.19 UnionPay Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.20 ValueLink Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.20.1 ValueLink Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
3.20.2 ValueLink Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.21 Visa Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.21.1 Visa Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.21.2 Visa Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3.22 Visa Corporate or Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3.23 Visa Purchasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3.24 Visa Fleet Card Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.24.1 Visa Fleet Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.24.2 Visa Fleet Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.24.3 Visa Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
3.25 Voyager Fleet Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
For Internal Use Only
HPS Integrator’s Guide V 17.2 Table of Contents
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 7
3.25.1 Voyager Account Number Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
3.25.2 Voyager Fleet Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
3.25.3 Voyager Fleet Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
3.26 WEX Fleet Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.26.1 WEX Fleet Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.26.2 WEX GSA Fleet Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.26.3 WEX Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.26.4 WEX MOD 10 Calculation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Chapter 4: E3 Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
4.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
4.2 The E3® Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
4.3 Encryption Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
4.3.1 Encrypted Track and PAN Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
4.3.2 Encrypted Card Security Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4.3.3 Encryption Transmission Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4.4 E3 Specific Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.4.1 Heartland Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.4.1.1 Unique Transaction ID (UID). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.4.1.2 Merchant ID Number (MID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.4.1.3 Account Data Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.4.1.4 Customer Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.4.1.5 Retrieval Reference Number (RRN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
4.4.1.6 Transaction Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
4.4.1.7 Authorization Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
4.4.1.8 Void/Incremental Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
4.4.2 Settlements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
4.4.2.1 Header Record Field Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
4.4.2.2 Detail Record Fields Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
4.4.2.3 Settlement Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
4.4.3 POS 8583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
4.4.4 NTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
4.4.5 Z01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
4.5 E3 Hardware Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
4.5.1 E3 MSR Wedge (HPS-E3-M1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
4.5.2 E3 MSR Wedge Device Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.5.3 E3 MSR Wedge Example Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.6 E3 PIN Pad (HPS-E3-P1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
4.6.1 E3 PIN Pad Device Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
4.6.1.1 E3 PIN Pad Requests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
4.6.1.2 E3 PIN Pad Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
4.6.2 Ingenico iPP300 and iSC Touch Series PIN Pads . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
4.6.3 Equinox L4000 and L5000 Series PIN Pads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
For Internal Use Only
Table of Contents HPS Integrator’s Guide V 17.2
82017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
Chapter 5: EMV Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
5.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
5.2 EMV Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
5.2.1 Enhanced Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
5.2.2 Card Brand Mandates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
5.2.3 Fraud Liability Shifts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
5.2.4 PCI Audit Waivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
5.3 EMV Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
5.3.1 Contact Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
5.3.2 Contactless Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
5.3.3 Heartland Host Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
5.4 EMV Online vs. Offline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
5.4.1 Card Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
5.4.2 Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
5.4.3 Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
5.5 Full vs. Partial EMV Transactions and Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
5.5.1 Full vs. Partial Transaction Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
5.5.2 Full vs. Partial Credit Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
5.5.3 Full vs. Partial Debit Transactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Chapter 6: EMV Development Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
6.1 EMV Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
6.1.1 Contact Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
6.1.2 Contactless Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
6.1.3 Letters of Approval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
6.2 EMV Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
6.2.1 Integrated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
6.2.2 Standalone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
6.3 EMV Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
6.3.1 Test Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
6.3.2 Test Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
6.3.2.1 Visa Smart Debit/Credit (VSDC) Testing. . . . . . . . . . . . . . . . . . . . . . . . . . 108
6.3.2.2 Mastercard Terminal Integration Process (M-TIP) Testing . . . . . . . . . . . . 108
6.3.2.3 AMEX Integrated Circuit Card Payment Specification (AEIPS) Testing . . 108
6.3.2.4 Discover D-Payment Application Specification (D-PAS) Testing. . . . . . . . 109
6.3.3 Test Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
6.3.4 Test Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
6.3.5 Test Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
6.4 EMV Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Chapter 7: EMV Terminal Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
7.1 EMV Terminal to Card Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
For Internal Use Only
HPS Integrator’s Guide V 17.2 Table of Contents
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 9
7.1.1 Application Protocol Data Units (APDUs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
7.1.2 Tag, Length, Value (TLV) Data Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
7.1.3 Kernel Application Programming Interface (API) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
7.2 EMV Data Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
7.2.1 Data Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
7.2.2 Terminal Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
7.2.3 Card Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
7.2.4 Issuer Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
7.3 Contact Transaction Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
7.3.1 Tender Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
7.3.2 Card Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
7.3.2.1 Card Swipe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
7.3.2.2 Fallback Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
7.3.3 Application Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
7.3.3.1 Available AIDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
7.3.3.2 Debit AIDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
7.3.4 Initiate Application Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
7.3.5 Read Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
7.3.6 Offline Data Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
7.3.7 Processing Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
7.3.8 Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
7.3.8.1 PIN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
7.3.9 Terminal Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
7.3.10 Terminal Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
7.3.11 Card Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
7.3.12 Online Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
7.3.12.1 Offline Authorization (Optional, Not Used in U.S.) . . . . . . . . . . . . . . . . . . 149
7.3.12.2 Deferred Authorization (Store-and-Forward) . . . . . . . . . . . . . . . . . . . . . . 149
7.3.12.3 Forced Acceptance (Stand-In) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
7.3.13 Issuer Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
7.3.14 Issuer-to-Card Script Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
7.3.15 Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
7.3.16 Card Removal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
7.4 Contactless Transaction Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
7.4.1 Pre-Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
7.4.2 Discovery Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
7.4.3 Application Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
7.4.4 Initiate Application Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
7.4.4.1 Path Determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
7.4.4.2 Terminal Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
7.4.4.3 Terminal Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
7.4.4.4 Card Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
7.4.5 Read Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
7.4.6 Card Read Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
For Internal Use Only
Table of Contents HPS Integrator’s Guide V 17.2
10 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
7.4.7 Processing Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
7.4.8 Offline Data Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
7.4.9 Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
7.4.10 Online Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
7.4.11 Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
7.4.12 Issuer Update Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
7.5 EMV Receipts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
7.5.1 Approval Receipts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
7.5.2 Decline Receipts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Chapter 8: EMV Parameter Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
8.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
8.2 Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
8.3 POS 8583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
8.4 NTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
8.5 Z01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
8.6 Portico . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
8.7 SpiDr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Chapter 9: EMV Quick Chip Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . 169
9.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
9.2 Quick Chip Processing Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
9.3 Impact to Existing EMV Kernel and Host Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
9.4 Comparison of Standard EMV and Quick Chip Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
9.5 Online Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
9.6 Quick Chip Processing Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
9.7 Floor Limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
9.8 Amounts – Final or Pre-Determined . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
9.9 Cashback Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
9.10 CVM List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
9.11 No Signature Required Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Appendices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
A: Industry Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
A.1 Conexxus Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
A.2 Mastercard Purchasing Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
A.2.1 Mastercard Purchasing Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . 191
A.2.2 Mastercard Purchasing Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . 193
A.3 Mastercard Fleet Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
A.3.1 Mastercard Fleet Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
A.3.2 Mastercard Fleet Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . 196
For Internal Use Only
HPS Integrator’s Guide V 17.2 Table of Contents
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 11
A.4 Heartland Product Codes for Visa Fleet Processing. . . . . . . . . . . . . . . . . . . . . . . . . . 197
A.4.1 Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
A.4.2 Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
A.5 Voyager Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
A.5.1 Voyager Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
A.5.2 Voyager Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
A.6 WEX Supported Conexxus Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
B: Receipt Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
B.1 General Receipt Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
B.2 Additional Receipt Requirements by Card Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
C: State Codes / Region Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
D: EMV Field Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
D.1 Additional Terminal Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
D.2 Amount, Authorised (Numeric) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
D.3 Amount, Other (Numeric) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
D.4 Application Cryptogram. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
D.5 Application Dedicated File (ADF) Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
D.6 Application Identifier (AID) – Terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
D.7 Application Interchange Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
D.8 Application Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
D.9 Application Preferred Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
D.10 Application Primary Account Number (PAN) Sequence Number . . . . . . . . . . . . . . . . 229
D.11 Application Transaction Counter (ATC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
D.12 Application Usage Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
D.13 Application Version Number (ICC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
D.14 Application Version Number (Terminal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
D.15 Authorisation Response Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
D.16 Cardholder Verification Method (CVM) Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
D.17 Cryptogram Information Data (CID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
D.18 Customer Exclusive Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
D.19 Dedicated File Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
D.20 Form Factor Indicator (FFI). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
D.21 ICC Dynamic Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
D.22 Interface Device (IFD) Serial Number. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
D.23 Issuer Action Code – Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
D.24 Issuer Action Code – Denial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
D.25 Issuer Action Code – Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
D.26 Issuer Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
D.27 Issuer Authentication Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
D.28 Issuer Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
D.29 Issuer Script Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
D.30 Issuer Script Template 1 & 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
D.31 POS Entry Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
For Internal Use Only
Table of Contents HPS Integrator’s Guide V 17.2
12 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
D.32 Terminal Action Code – Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
D.33 Terminal Action Code – Denial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
D.34 Terminal Action Code – Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
D.35 Terminal Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
D.36 Terminal Country Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
D.37 Terminal Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
D.38 Terminal Verification Results (TVR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
D.39 Third Party Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
D.40 Transaction Currency Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
D.41 Transaction Date. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
D.42 Transaction Sequence Counter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
D.43 Transaction Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
D.44 Transaction Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
D.45 Transaction Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
D.46 Unpredictable Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
E: EMV PDL Data Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
F: Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
For Internal Use Only
HPS Integrator’s Guide V 17.2 List of Tables
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 13
List of Tables
2-1 Address Verification Service .......................................................................................................21
2-2 Chargeback Protected Limits......................................................................................................23
2-3 Binary to ASCII Hex Conversion.................................................................................................25
2-4 Binary ASCII Hex Conversion Example......................................................................................26
3-1 Card Brand References to Track Data........................................................................................28
3-2 American Express Track 1 Format X4.16 Standard ...................................................................30
3-3 American Express Track 1 Format ISO 7813 Standard..............................................................31
3-4 American Express Track 2 Format X4.16 Standard ...................................................................33
3-5 American Express Track 2 Format ISO 7813 Standard..............................................................33
3-6 AVcard Track 1 Format...............................................................................................................35
3-7 AVcard Track 2 Format...............................................................................................................35
3-8 Centego Prepaid Track 1 Format................................................................................................36
3-9 Centego Prepaid Track 2 Format................................................................................................37
3-10 Discover Track 1 Format.............................................................................................................38
3-11 Discover Track 2 Format.............................................................................................................39
3-12 Diner’s Club International Track 1 Format ..................................................................................40
3-13 Diner’s Club International Track 2 Format ..................................................................................41
3-14 Drop Tank Track 1 Format..........................................................................................................42
3-15 Drop Tank Track 2 Format..........................................................................................................42
3-16 Heartland Gift Card Track 2 Format............................................................................................43
3-17 EBT Track 2 Format....................................................................................................................44
3-18 Fleet One Track 2 Format...........................................................................................................45
3-19 FleetCor Track 2 Format.............................................................................................................46
3-20 Mastercard Track 1 Format.........................................................................................................48
3-21 Mastercard Track 2 Format.........................................................................................................48
3-22 Mastercard Fleet Account Number Information Method .............................................................50
3-23 Mastercard Fleet Track 1 Format................................................................................................51
3-24 Mastercard Fleet Track 2 Format................................................................................................52
3-25 Mastercard Purchasing Track 1 Format......................................................................................53
3-26 Mastercard Purchasing Track 2 Format......................................................................................54
3-27 Mills Fleet Farm PLCC Track 1 Format ......................................................................................55
3-28 Mills Fleet Farm PLCC Track 2 Format ......................................................................................56
3-29 Multi Service Swiped Track 2 Format .........................................................................................57
3-30 SVS Track 1 Format ...................................................................................................................58
3-31 SVS Track 2 Format ...................................................................................................................58
3-32 ValueLink Track 1 Format...........................................................................................................59
3-33 ValueLink Track 2 Format...........................................................................................................60
3-34 Visa Track 1 Format....................................................................................................................61
3-35 Visa Track 2 Format....................................................................................................................62
3-36 Visa Fleet Track 1 Format...........................................................................................................64
3-37 Visa Fleet Track 2 Format...........................................................................................................65
For Internal Use Only
List of Tables HPS Integrator’s Guide V 17.2
14 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3-38 Voyager Fleet Account Number Information Method ..................................................................67
3-39 Voyager Fleet Track 1 Format ....................................................................................................68
3-40 Voyager Fleet Track 2 Format ....................................................................................................69
3-41 WEX Fleet Track 2 Format .........................................................................................................72
4-1 PAN Encryption...........................................................................................................................76
4-2 Track 1 Encryption ......................................................................................................................76
4-3 Track 2 Encryption ......................................................................................................................76
4-4 Encrypted CSC Steps .................................................................................................................77
4-5 Authorization Examples ..............................................................................................................79
4-6 POS 8583 Data Fields ................................................................................................................83
4-7 NTS Data Fields..........................................................................................................................85
4-8 Z01 Data Fields...........................................................................................................................87
4-9 E3 MSR Wedge Operation Modes..............................................................................................89
4-10 E3 MSR Wedge Operation Modes..............................................................................................91
5-1 Key Security Features.................................................................................................................96
5-2 Liability Shifts ..............................................................................................................................97
5-3 Contact Specifications ................................................................................................................98
5-4 Contactless Specifications ..........................................................................................................99
5-5 Heartland Host Specifications.....................................................................................................99
5-6 Card Authentication ..................................................................................................................100
5-7 Cardholder Verification .............................................................................................................100
5-8 Authorization .............................................................................................................................100
5-9 Full vs. Partial EMV Transactions and Flow .............................................................................101
5-10 Full vs. Partial Transaction Flow ...............................................................................................101
5-11 Full vs. Partial Credit Transactions ...........................................................................................102
5-12 Full vs. Partial Debit Transactions ............................................................................................103
6-1 Integrated Solutions ..................................................................................................................106
6-2 VSDC Testing ...........................................................................................................................108
6-3 M-TIP Testing ...........................................................................................................................108
6-4 AEIPS Testing...........................................................................................................................108
6-5 D-PAS Testing ..........................................................................................................................109
6-6 Test Environments ....................................................................................................................110
6-7 Test Process .............................................................................................................................110
7-1 Command APDU Format ..........................................................................................................113
7-2 Response APDU Format ..........................................................................................................113
7-3 Data Conventions .....................................................................................................................115
7-4 Terminal Data ...........................................................................................................................116
7-5 Card Data..................................................................................................................................127
7-6 Issuer Data................................................................................................................................134
7-7 Tender Processing....................................................................................................................136
7-8 Fallback Processing..................................................................................................................138
7-9 Application Selection.................................................................................................................139
7-10 Supported Application Methods ................................................................................................140
7-11 Available AIDs...........................................................................................................................141
For Internal Use Only
HPS Integrator’s Guide V 17.2 List of Tables
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 15
7-12 Offline Data Authentication .......................................................................................................144
7-13 Processing Restrictions ............................................................................................................144
7-14 Cardholder Verification .............................................................................................................145
7-15 PIN Support ..............................................................................................................................146
7-16 Terminal Risk Management ......................................................................................................147
7-17 Terminal Action Analysis...........................................................................................................147
7-18 Terminal Verification Results ....................................................................................................150
7-19 Transaction Status Indicator .....................................................................................................151
7-20 Online or Offline Disposition .....................................................................................................153
7-21 Contact EMV Flow Differences .................................................................................................156
7-22 Card Verification .......................................................................................................................158
7-23 Receipt Requirements ..............................................................................................................160
8-1 EMV PDL Tables ......................................................................................................................163
8-2 Platform Identifiers to EMV PDL System ..................................................................................163
9-1 Comparison of Standard EMV and Quick Chip Processes.......................................................170
9-2 Online Processing.....................................................................................................................171
A-1 Conexxus Product Codes .........................................................................................................178
A-2 Mastercard Purchasing Fuel Product Codes ............................................................................191
A-3 Mastercard Purchasing Non-Fuel Product Codes ....................................................................193
A-4 Mastercard Fleet Fuel Product Codes ......................................................................................195
A-5 Mastercard Fleet Non-Fuel Product Codes ..............................................................................196
A-6 Fuel Product Codes ..................................................................................................................197
A-7 Non-Fuel Product Codes ..........................................................................................................199
A-8 Voyager Fuel Product Codes....................................................................................................200
A-9 Voyager Non-Fuel Product Codes ............................................................................................201
A-10 WEX Supported Conexxus Product Codes ..............................................................................207
B-1 Additional Receipt Requirements by Card Types .....................................................................217
C-1 State Codes ..............................................................................................................................220
C-2 Region Codes: Canada (Province Codes)................................................................................222
D-1 POS 8583: Binary Example ......................................................................................................223
D-2 Exchange, Portico, NTS, Z01, SpiDr: ASCII Hex Example.......................................................223
D-3 Additional Terminal Capabilities................................................................................................224
D-4 Amount, Authorised (Numeric)..................................................................................................224
D-5 Amount, Other (Numeric)..........................................................................................................225
D-6 Application Cryptogram.............................................................................................................225
D-7 Application Dedicated File (ADF) Name ...................................................................................226
D-8 Application Identifier (AID) – Terminal ......................................................................................227
D-9 Application Interchange Profile .................................................................................................227
D-10 Application Label.......................................................................................................................228
D-11 Application Preferred Name......................................................................................................228
D-12 Application Primary Account Number Sequence Number ........................................................229
D-13 Application Transaction Counter (ATC) ....................................................................................229
D-14 Application Usage Control ........................................................................................................230
D-15 Application Version Number (ICC)............................................................................................230
For Internal Use Only
List of Tables HPS Integrator’s Guide V 17.2
16 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
D-16 Application Version Number (Terminal) ....................................................................................231
D-17 Authorisation Response Code ..................................................................................................231
D-18 Cardholder Verification Method (CVM) Results ........................................................................232
D-19 Cryptogram Information Data (CID) ..........................................................................................233
D-20 Customer Exclusive Data..........................................................................................................233
D-21 Dedicated File Name ................................................................................................................234
D-22 Form Factor Indicator................................................................................................................234
D-23 ICC Dynamic Number ...............................................................................................................235
D-24 Interface Device (IFD) Serial Number .......................................................................................235
D-25 Issuer Action Code – Default ....................................................................................................236
D-26 Issuer Action Code – Denial .....................................................................................................236
D-27 Issuer Action Code – Online .....................................................................................................237
D-28 Issuer Application Data .............................................................................................................237
D-29 Issuer Authentication Data........................................................................................................238
D-30 Issuer Country Code .................................................................................................................238
D-31 Issuer Script Results .................................................................................................................239
D-32 Issuer Script Template 1 & 2.....................................................................................................239
D-33 POS Entry Mode .......................................................................................................................240
D-34 Terminal Action Code – Default ................................................................................................240
D-35 Terminal Action Code – Denial .................................................................................................241
D-36 Terminal Action Code – Online .................................................................................................241
D-37 Terminal Capabilities ................................................................................................................242
D-38 Terminal Country Code.............................................................................................................242
D-39 Terminal Type ...........................................................................................................................243
D-40 Terminal Verification Results (TVR)..........................................................................................243
D-41 Third Party Data........................................................................................................................244
D-42 Transaction Currency Code ......................................................................................................244
D-43 Transaction Data.......................................................................................................................245
D-44 Transaction Sequence Counter ................................................................................................245
D-45 Transaction Status Information .................................................................................................246
D-46 Transaction Time ......................................................................................................................246
D-47 Transaction Type ......................................................................................................................247
D-48 Unpredictable Number ..............................................................................................................247
E-1 EMV PDL Data Examples.........................................................................................................248
F-1 Glossary....................................................................................................................................292
For Internal Use Only
HPS Integrator’s Guide V 17.2 List of Figures
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 17
List of Figures
3-1 Mastercard Fleet Card: Driver Assigned Example......................................................................49
3-2 Mastercard Fleet Card: Vehicle Assigned Example....................................................................49
3-3 Visa Fleet Card: Driver Assigned Example.................................................................................63
3-4 Visa Fleet Card: Vehicle Assigned Example...............................................................................63
3-5 WEX Fleet Card Example ...........................................................................................................70
3-6 WEX GSA Fleet ..........................................................................................................................71
3-7 WEX Dept. of Defense Fleet.......................................................................................................71
3-8 WEX Dept. of Energy Fleet.........................................................................................................71
4-1 E3 MSR Wedge ..........................................................................................................................88
4-2 E3 PIN Pad .................................................................................................................................90
7-1 Contact Transaction Flow .........................................................................................................135
7-2 Contactless Transaction Flow...................................................................................................155
7-3 EMV Receipt Example ..............................................................................................................161
9-1 Quick Chip Processing Flow .....................................................................................................173
For Internal Use Only
List of Figures HPS Integrator’s Guide V 17.2
18 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
For Internal Use Only
HPS Integrator’s Guide V 17.2 1: Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 19
Chapter 1: Overview
1.1 Introduction
Heartland Payment Systems, LLC (Heartland) is a leading third-party provider of payment card
transaction processing, providing the following services:
Host Network transaction services
Bankcard, Fleet, Debit and Private Label card processing
Mobile and e-commerce solutions
Settlement processing
1.2 Document Purpose
The purpose of this document is to provide information in order to integrate a POS system to
Heartland. Topics include:
1.3 Audience
The primary audience for this document consists of third-party vendors responsible for
developing POS payment systems to interface with the Heartland network. The secondary
audience consists of Heartland internal staff responsible for certifying or supporting POS
payment applications. All users of this document are assumed to have a basic understanding of
POS applications.
General POS Requirements Industry Codes
Card Brand Information Receipt Requirements
E3 Processing Overview State Codes / Region Codes
EMV Processing Overview EMV Field Definitions
EMV Development Overview EMV PDL Data Examples
EMV Terminal Interface Glossary
EMV Parameter Interface
REQUIREMENT
This document is to be used along with Heartland’s Network platform specifications
(Exchange, POS 8583, NTS, Z01, Portico, SpiDr). Information found in the Network
specifications could override content within this document.
For Internal Use Only
1: Overview HPS Integrator’s Guide V 17.2
20 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
1.4 Payment Application Data Security
Standards (PA-DSS)
The Payment Card Industry (PCI) Security Standards Council (SSC) has released the Payment
Application Data Security Standards (PA-DSS) for payment applications running at merchant
locations. The PA-DSS assist software vendors to ensure their payment applications support
compliance with the mandates set by the bankcard companies (Visa, Mastercard, Discover,
American Express, and JCB).
In order to comply with the mandates set by the bankcard companies, Heartland:
Requires that the account number cannot be stored as plain, unencrypted data to meet PCI
and PA-DSS regulations. It must be encrypted while stored using strong cryptography with
associated key management processes and procedures.
Note: Refer to PCI DSS Requirements 3.4–3.6* for detailed requirements regarding
account number storage. The retention period for the Account Number in the
shadow file and open batch must be defined and at the end of that period or when
the batch is closed and successfully transmitted, the account number and all other
information must be securely deleted. This is a required process regardless of the
method of transmission for the POS.
Requires that, with the exception of the Account Number as described above and the
Expiration Date, no other Track Data is to be stored on the POS if the Card Type is a:
Visa, including Visa Fleet;
Mastercard, including Mastercard Fleet, and Carte Blanche;
Discover, including JCB, UnionPay, Diner's Club, and PayPal;
American Express;
Debit or EBT.
This requirement does not apply to WEX, FleetCor, Fleet One, Voyager, or Aviation cards;
Stored Value cards; Proprietary or Private Label cards.
Recommends that software vendors to have their applications validated by an approved
third party for PA-DSS compliance.
Requires all software vendors to sign a Non-Disclosure Agreement / Development
Agreement.
Requires all software vendors to provide evidence of the application version listed on the
PCI Council’s website as a PA-DSS validated Payment Application, or a written certification
to HPS testing to Developer's compliance with PA-DSS.
Requires that all methods of cryptography provided or used by the payment application
meet PCI SSC’s current definition of ‘Strong Cryptography’.
*Refer to www.pcisecuritystandards.org for the PCI DSS Requirements document and further
details about PA-DSS.
For Internal Use Only
HPS Integrator’s Guide V 17.2 2: General POS Requirements
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 21
Chapter 2: General POS Requirements
2.1 Address Verification Service
Visa, Mastercard, AMEX and Discover offer an Address Verification Service (AVS) as a
risk-management tool for merchants accepting transactions in which:
neither the card nor the cardholder are present (e.g., mail, telephone order, Internet
transactions), or
the card is present but its magnetic stripe cannot be read by a terminal at the point of sale.
AVS helps reduce the risk of accepting fraudulent transactions by issuer verification of the
cardholder’s billing address. The AVS Result Code helps the merchant determine whether to
accept a particular transaction or to take further follow-up action.
When a merchant accepts a card-not-present transaction, financial liability is also accepted by
the merchant in the event the transaction proves to be fraudulent. If the transaction is fraudulent,
the dollar value of the transaction may be “charged back” to the merchant. In addition to the
“charge back,” there are additional costs to process these exception items, plus the loss of
merchandise.
Table 2-1 Address Verification Service
AVS Request Description
Address Verification
Request
Address verification may be requested in one of two ways:
by itself, or
as part of an authorization request.
AVS By Itself (AVS Only) An AVS only request may be used under the following circumstances:
a merchant wants to verify the customer’s billing address before requesting an
authorization, or
the merchant sent an AVS and an authorization request earlier and received
an authorization approval but an AVS “try again later” response.
For Internal Use Only
2: General POS Requirements HPS Integrator’s Guide V 17.2
22 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
2.1.1 AVS Data Flow
2.1.2 AVS Result Code Guidelines
Not all Heartland POS message specifications support AVS Result Codes. See your specific
POS message specification for details.
For some industries, if the AVS Result Code is not a match, the payment engine automatically
declines and voids the transaction to the issuer.
For other industries, the merchant makes the decision on whether to proceed when the AVS
information is not an exact match, but the issuer approves the authorization request. See you
Heartland Representative for more information.
AVS Authorization
Request
You may process AVS requests the same way you process authorizations simply
by including the AVS information in the authorization request. The authorization
and address verification process is as follows:
Customer contacts the merchant to place an order.
The merchant confirms the usual order information including the merchandise
description, price, the customer’s account number, card expiration date, and
shipping address.
The merchant requests the cardholder’s billing address (street address and/or
ZIP Code) for the card being used. (The billing address is where the
cardholder’s monthly statement is sent for the card being used.)
The POS system includes the address information with the authorization
request to Heartland.
The issuer makes an authorization decision separately from the AVS request.
The issuer compares the cardholder billing address with the billing address it
has for that account. The issuer returns both the authorization response and a
code indicating the address verification results. Like any other transaction, if
the issuer declines the authorization request do not complete the transaction
for that account. This rule holds true even if you receive an “exact match” on
the address verification request.
Table 2-1 Address Verification Service (Continued)
AVS Request Description
CARDHOLDER MERCHANT HEARTLAND CARD BRAND
NETWORK ISSUER
For Internal Use Only
HPS Integrator’s Guide V 17.2 2: General POS Requirements
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 23
2.2 Chargeback Protected Limits
The following amounts are the ICR-initiated chargeback protected amounts for approved
transactions by the bank card associations.
The merchant may choose to override these amounts. Any amount above the limits listed will not
include Chargeback Protection.
The merchant is at risk for any amount above these limits.
Table 2-2 Chargeback Protected Limits
Card Type Description
Visa Visa Consumer (including Visa Signature and Sign Preferred), Visa Business
(including Visa Signature Business), Visa Corporate, and Visa Purchasing cards
offer Chargeback Protection to $100 if the card has been authorized for $1.00.
Visa Fleet cards offer Chargeback Protection to $150 if the card has been
authorized for $1.00.
Mastercard Mastercard Consumer cards offer Chargeback Protection to $100 if the card has
been authorized for $1.00.
Mastercard Corporate, Mastercard Corporate Fleet, and Mastercard Purchasing
cards offer Chargeback Protection to $150 if the card has been authorized for
$1.00.
Discover Card Discover Card offers Chargeback Protection to $100 if the card has been
authorized for $1.00. If the merchant has a custom agreement with Discover to
authorize for a different amount, chargeback protection is the approved amount.
American Express American Express does not offer Chargeback Protection.
For Internal Use Only
2: General POS Requirements HPS Integrator’s Guide V 17.2
24 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
2.3 No Signature Required
No Signature Required is a program offered by Visa, Mastercard, AMEX and Discover for
consumer and commercial cards. The No Signature Required program allows merchants within
certain MCC codes to process transactions without having to obtain the cardholders signature or
provide the cardholder with a receipt unless the cardholder requests it.
In order to be eligible for No Signature Required, the following conditions must be met:
The cardholder must be present at the time of the transaction in a face-to-face
environment.
The merchant name and location must be included in the authorization request.
The total amount of the transaction must be less than the No Signature Required threshold
for the merchant’s MCC. Refer to the individual card associations for current information
about amounts, MCCs allowed, etc.
Online authorization must be obtained and the full track data must be included in the
authorization message. The track data can be obtained from the chip for EMV transactions
or from the magnetic stripe for swiped transactions.
To process a No Signature Required transaction with a chip card (on a chip-card-capable POS
terminal), the terminal application must set the Terminal Capabilities field to enable only the No
CVM Required card verification method (CVM). This action will cause the chip card not to require
a CVM.
For Internal Use Only
HPS Integrator’s Guide V 17.2 2: General POS Requirements
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 25
2.4 Binary to ASCII Hex Conversion
Since some the Host message formats allow for only printable characters to appear in
transaction data fields. Binary fields must be expanded to ensure that no values less than
hexadecimal 20 are transmitted.
To convert a binary field to its corresponding ASCII equivalent, remove 4 bits at a time and
convert them to the ASCII characters defined below. Performing this conversion procedure will
result in a doubling of the field size, i.e., a 20-digit binary field will yield a 40-character ASCII
result. After performing the conversion, the resulting ASCII data may then be populated within
the transaction data field.
Table 2-3 Binary to ASCII Hex Conversion
BIT Data ASCII Hex Characters
0000 0
0001 1
0010 2
0011 3
0100 4
0101 5
0110 6
0111 7
1000 8
1001 9
1010 A
1011 B
1100 C
1101 D
1110 E
1111 F
For Internal Use Only
2: General POS Requirements HPS Integrator’s Guide V 17.2
26 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
The table below shows examples of data before conversion as well as after the ASCII conversion
as the data moves from the POS to the Host.
The order of the fields is arbitrary and the values used below are only provided as an example.
Table 2-4 Binary ASCII Hex Conversion Example
Field Name RED is Before Conversion BLUE is after conversion
UNPREDICTABLE
NUMBER
Tag 9 F 37 Tag 39463337
Length 04 Length 3034
Value 00010203 Value 3030303130323033
ISSUER APPLICATION
DATA
Tag 9 F 10 Tag 39463130
Length 20 Length 3230
Value 00010203040506070809
0A0B0C0D0E0F1011121
31415161718191A1B1C
1D1E1F
Value 303030313032303330343035303
630373038303930413042304330
443045304631303131313231333
134313531363137313831393141
31423143314431453146
APPLICATION
CRYPTOGRAM
Tag 9 F 26 Tag 39463236
Length 08 Length 3038
Value 0001020304050607 Value 303030313032303330343035303
63037
APPLICATION
TRANSACTION
COUNTER
Tag 9 F 36 Tag 39463336
Length 02 Length 3032
Value 0001 Value 30303031
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 27
Chapter 3: Card Brand Information
3.1 Introduction
This chapter gives an overview of payment cards, embossing information, including Track 1 and
Track 2 layouts.
The maximum length of Track 1 is 79 characters. This length includes the START SENTINEL,
FIELD SEPARATORS, END SENTINEL and LONGITUDINAL REDUNDANCY CHECK (LRC)
fields. The Track 1 overall length will vary by card after the CARDHOLDER NAME field.
The maximum length of Track 2 is 40 characters. This length includes the START SENTINEL,
FIELD SEPARATOR, END SENTINEL, and LONGITUDINAL REDUNDANCY CHECK (LRC)
fields.
Track Data is sent unaltered.
Track data is defined by a number of International Organization for Standardization standards.
ISO/IEC 7810,ISO/IEC 7811, ISO/IEC 7812,ISO/IEC 7813,ISO 8583, and ISO/IEC 4909, now
define the physical properties of the card, including size, flexibility, location of the magstripe,
magnetic characteristics, and data formats. They also provide the standards for financial cards,
including the allocation of card number ranges to different card issuing institutions. The
standards should be referenced for details on track data.
Refer to the specific POS message specifications (Exchange, POS 8583, NTS, Z01, Portico,
SpiDr) to determine cards supported, transactions supported and data requirements.
Note: For chip cards (Service Code 2xx or 6xx) Track 2 is preferred for all card brands.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
28 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
Table 3-1 Card Brand References to Track Data
Card Type Track Preference
when Swiped Track Data
American Express Track 1 3.2.1 American Express Track 1 Format X4.16 Standard, p. 30
3.2.2 American Express Track 1 Format ISO 7813 Standard,
p. 31
3.2.3 American Express Track 2 Format X4.16 Standard, p. 33
3.2.4 American Express Track 2 Format ISO 7813 Standard,
p. 33
AVcard No preference 3.3.1 AVcard Track 1 Format, p. 35
3.3.2 AVcard Track 2 Format, p. 35
Centego Track 2 3.4.1 Centego Prepaid Track 1 Format, p. 36
3.4.2 Centego Prepaid Track 2 Format, p. 37
Diner’s Club (Now
processed as Discover)
No preference 3.6.1 Diner’s Club International Track 1 Format, p. 40
3.6.2 Diner’s Club International Track 2 Format, p. 41
Discover No preference 3.5.1 Discover Track 1 Format, p. 38
3.5.2 Discover Track 2 Format, p. 39
Drop Tank No preference 3.7.1 Drop Tank Track 1 Format, p. 42
3.7.2 Drop Tank Track 2 Format, p. 42
EBT Track 2 only 3.9.1 EBT Track 2 Format, p. 44
Fleet One Track 2 only 3.10.1 Fleet One Track 2 Format, p. 45
FleetCor Track 2 only 3.11.1 FleetCor Track 2 Format, p. 46
Heartland Gift Card Track 2 only 3.8.1 Heartland Gift Card Track 2 Format, p. 43
Mastercard No preference 3.13.1 Mastercard Track 1 Format, p. 48
3.13.2 Mastercard Track 2 Format, p. 48
Mastercard Corporate No preference 3.13.1 Mastercard Track 1 Format, p. 48
3.13.2 Mastercard Track 2 Format, p. 48
Mastercard Fleet No preference 3.14.3 Mastercard Fleet Track 1 Format, p. 51
3.14.4 Mastercard Fleet Track 2 Format, p. 52
Mastercard Purchasing No preference 3.15.2 Mastercard Purchasing Track 1 Format, p. 53
3.15.3 Mastercard Purchasing Track 2 Format, p. 54
Mills Fleet Farm PLCC No preference 3.15.4 Mills Fleet Farm PLCC Track 1 Format, p. 55
3.15.5 Mills Fleet Farm PLCC Track 2 Format, p. 56
Multi Service Track 2 only 3.16.1 Multi Service Swiped Track 2 Format, p. 57
PayPal No preference 3.5.1 Discover Track 1 Format, p. 38
3.5.2 Discover Track 2 Format, p. 39
PIN Debit Track 2 only Issuer dependent.
Stored Value Track 2 3.18.1 SVS Track 1 Format, p. 58
3.18.2 SVS Track 2 Format, p. 58
ValueLink Track 2 3.20.1 ValueLink Track 1 Format, p. 59
3.20.2 ValueLink Track 2 Format, p. 60
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 29
Visa Track 2 3.21.1 Visa Track 1 Format, p. 61
3.21.2 Visa Track 2 Format, p. 62
Visa Corporate or
Business
No preference 3.21.1 Visa Track 1 Format, p. 61
3.21.2 Visa Track 2 Format, p. 62
Use Visa Track layouts for Visa Corporate or Business.
Visa Fleet Track 1 3.24.2 Visa Fleet Track 1 Format, p. 64
3.24.3 Visa Fleet Track 2 Format, p. 65
Visa Purchasing No preference 3.21.1 Visa Track 1 Format, p. 61
3.21.2 Visa Track 2 Format, p. 62
Use Visa Track layouts for Visa Purchasing.
Visa ReadyLink Track 2 3.21.1 Visa Track 1 Format, p. 61
3.21.2 Visa Track 2 Format, p. 62
Use Visa Track layouts for Visa ReadyLink.
Voyager Fleet No preference 3.25.2 Voyager Fleet Track 1 Format, p. 68
3.25.3 Voyager Fleet Track 2 Format, p. 69
WEX Fleet Track 2 only 3.26.3 WEX Fleet Track 2 Format, p. 72
Table 3-1 Card Brand References to Track Data (Continued)
Card Type Track Preference
when Swiped Track Data
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
30 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.2 American Express
American Express issues cards in either of following track formats.
ANSI X4.16
ISO 7813
3.2.1 American Express Track 1 Format X4.16
Standard
Table 3-2 American Express Track 1 Format X4.16 Standard
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 15–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CARD MEMBER NAME varies 26 A/N Field identifies the name of the cardholder and
contains a maximum of 26 characters. The
format of the field is last name followed by first
name and initial. Each cardholder name
component is separated as follows:
/ (forward slash) = Separates the first and
last name.
(space) = Separates first name from the
middle name or middle initial. Use only
when the cardholder names qualify for
separation.
. (period) = Separates the first name and
title.
Example: Last Name/First Name Initial
Embossing JOHN P. JONES JR.
Mag Stripe JONES/JOHN P.JR
FIELD SEPARATOR varies 1 A/N ^ (caret)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
The card expires on the last day of the month.
EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes
valid on the first day of the month.
DISCRETIONARY DATA varies 5 N
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
LRC may or may not be present.
UNUSED varies 17 A/N Reserved for future use.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 31
3.2.2 American Express Track 1 Format ISO 7813
Standard
Table 3-3 American Express Track 1 Format ISO 7813 Standard
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 15–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARD MEMBER NAME varies 26 A/N Field identifies the name of the cardholder
and contains a maximum of 26 characters.
The format of the field is last name followed
by first name and initial. Each cardholder
name component is separated as follows:
/ (forward slash) = Separates the first and
last name.
(space) = Separates first name from the
middle name or middle initial. Use only
when the cardholder names qualify for
separation.
. (period) = Separates the first name and
title.
Example: Last Name/First Name Initial
Embossing JOHN P. JONES JR.
Mag Stripe JONES/JOHN P.JR
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
The card expires on the last day of the month.
INTERCHANGE DESIGNATOR varies 1 N Code indicating whether the American
Express card is valid outside the country of
issue.
1 = Available for international interchange
•2 = Chip card
5 = Available for interchange only in
country of issue
6 = Chip card, available for interchange
only in country of issue
7 = Not available for general interchange
9 = System test card
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
32 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
SERVICE CODE varies 2 N Code indicating whether the American
Express card is valid for ATM/Cash Access or
if a positive authorization is required.
01 = No restrictions
02 = No ATM service
03 = ATM Service only
06 = No restrictions; prompt for PIN, if PIN
pad is present
10 = No cash advance
11 = No cash advance or ATM service
20 = Requires positive authorization by
issuer or issuer’s agent
21 = Authorization by issuer only
22 = Authorization by issuer only; Goods
& Services
23 = Authorization by issuer only; ATM
only, PIN required
26 = Authorization by issuer only; prompt
for PIN, if PIN pad is present
EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes
valid on the first day of the month.
DISCRETIONARY DATA varies 5 N
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
UNUSED varies 17 A/N Reserved for future use.
Table 3-3 American Express Track 1 Format ISO 7813 Standard (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 33
3.2.3 American Express Track 2 Format X4.16
Standard
3.2.4 American Express Track 2 Format ISO 7813
Standard
Table 3-4 American Express Track 2 Format X4.16 Standard
Field Name Position Length Format Value/Description
START SENTINEL 1 1 N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 15–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
The card expires on the last day of the month.
EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes
valid on the first day of the month.
DISCRETIONARY DATA varies 5 N
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
LRC may or may not be present.
UNUSED varies 8 N Reserved for future use.
Table 3-5 American Express Track 2 Format ISO 7813 Standard
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT
NUMBER
2varies 15–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format. The
card expires on the last day of the month.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
34 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
INTERCHANGE
DESIGNATOR
varies 1 N Code indicating whether the American Express
card can be used outside the country of issue.
1 = Available for international interchange
2 = Chip card
5 = Available for interchange only in country
of issue
6 = Chip card, available for interchange only
in country of issue
7 = Not available for general interchange
9 = System test card
SERVICE CODE varies 2 N Code indicating whether the American Express
card is valid for ATM/Cash Access or if a
positive authorization is required.
01 = No restrictions
02 = No ATM service
03 = ATM Service only
06 = No restrictions; prompt for PIN, if PIN
pad is present
10 = No cash advance
11 = No cash advance or ATM service
20 = Requires positive authorization by
issuer or issuer’s agent
21 = Authorization by issuer only
22 = Authorization by issuer only; Goods &
Services
23 = Authorization by issuer only; ATM only,
PIN required
26 = Authorization by issuer only; prompt for
PIN, if PIN pad is present
EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes
valid on the first day of the month.
DISCRETIONARY DATA varies 8 N
LANGUAGE CODE varies 2 N Code indicating non-Canadian versus Canadian
cardholders and when a Canadian, whether
English or French is the spoken language of the
cardholder.
00 = Non-Canadian Card member
01 = Canadian Card members (English
Language)
02 = Canadian Card members (French
Language)
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 N Created by the encoding equipment.
Table 3-5 American Express Track 2 Format ISO 7813 Standard (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 35
3.3 AVcard
The AVcard requires a date check and a MOD-10 check.
3.3.1 AVcard Track 1 Format
3.3.2 AVcard Track 2 Format
Table 3-6 AVcard Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N ^ (caret)
ISO PREFIX 3 6 N 601029
ACCOUNT NUMBER 9 13max N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CREDIT CARD NAME varies 26max A/N Customer or company name.
FIELD SEPARATOR varies 1 A/N ^ (caret)
EXPIRATION DATE varies 4 N The date the card expires in YYMM
format.
SERVICE CODE INDICATOR varies 3 N Constant, 701
DISCRETIONARY DATA varies 15 A/N Miscellaneous Cardholder Info.
END SENTINEL varies 1 A/N ? (question mark)
Table 3-7 AVcard Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
ISO PREFIX 2 6 N 601029
ACCOUNT NUMBER 8 13max N AVcard Account Number.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N YYMM
SERVICE CODE
INDICATOR
varies 3 N Constant, 701
DISCRETIONARY DATA varies 15 Miscellaneous Cardholder Info.
END SENTINEL varies 1 A/N ? (question mark)
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
36 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.4 Centego Prepaid Card
PAN must pass MOD 10 check-digit test. (MOD 10 check on first 18 digits, 19th digit is the check
digit.)
Cards are embossed with the Account Number.
3.4.1 Centego Prepaid Track 1 Format
Note: Track data must be sent excluding the START SENTINEL, END SENTINEL, and LRC.
Note: The position ranges are valid for a 26-character cardholder name. The cardholder name is
a variable length field delimited by field separators. As a result, position ranges following
the CARDHOLDER field will change with varying CARDHOLDER field lengths.
Table 3-8 Centego Prepaid Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3–21 19 N Cardholder’s PAN.
FIELD SEPARATOR 22 1 A/N ^ (caret)
CARDHOLDER NAME 23–48 26max A/N Contains a maximum of 26 characters.
FIELD SEPARATOR 49 1 A/N ^ (caret)
EXPIRATION DATE 50–53 4 N The date the card expires in YYMM format.
SECURITY DATA 54–63 10 N Card verification value.
MEMBER NUMBER 64–74 11 A/N Club member number.
END SENTINEL 75 1 A/N ? (question mark)
LRC 76 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 37
3.4.2 Centego Prepaid Track 2 Format
Table 3-9 Centego Prepaid Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.
FIELD SEPARATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
SECURITY DATA 26–35 10 N Card verification value.
END SENTINEL 36 1 A/N ? (question mark)
LRC 37 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
38 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.5 Discover Card
Discover Network (now known as DFS Services, LLC) allocates Issuer Identification Number
(IIN) ranges to authorized Issuers using the Discover Network.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.5.1 Discover Track 1 Format
Table 3-10 Discover Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies varies A/N Field identifies the name of the cardholder
and contains a maximum of 26 characters.
The format of this field is last name followed
by first name and initial. A / (forward slash)
separates the first and last name.
Example: Last Name/First Name Initial
Embossing John P. Jones III
Mag Stripe Jones III/John P
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which the
card can be used.
SECURITY CODE varies 13 A/N
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 39
3.5.2 Discover Track 2 Format
Table 3-11 Discover Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
SECURITY CODE varies 13 A/N
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
40 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.6 Diner’s Club International Card
The Diner’s Club International card must also be processed as a Discover Card.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.6.1 Diner’s Club International Track 1 Format
Table 3-12 Diner’s Club International Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 14–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies varies A/N Field identifies the name of the cardholder and
contains a maximum of 26 characters. The
format of the field is last name followed by first
name and initial. Each cardholder name
component is separated as follows:
/ (forward slash) = Separates the first and
last name.
(space) = Separates first name from the
middle name or middle initial. It is also
used to separate a title from the first name
or middle name or initial. Used to separate
a title only when the cardholder names
qualify for separation.
Example: Last Name/First Name Initial
Embossing JOHN P. JONES JR.
Mag Stripe JONES/JOHN P JR
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
INTERCHANGE
QUALIFICATION CODE
varies 3 N Code indicating the type of interchange that is
available on the card. Valid codes:
101 = Card is valid for unrestricted
international interchange.
587 = Card is valid only in territory of
issuance.
EFFECTIVE DATE varies 4 A/N The data in YYMM format.
END SENTINEL varies 1 A/N ? (question mark)
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 41
3.6.2 Diner’s Club International Track 2 Format
LRC varies 1 A/N Created by the encoding equipment.
Table 3-13 Diner’s Club International Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 14–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
INTERCHANGE
QUALIFICATION CODE
varies 3 N Code indicating the type of interchange that
is available on the card. Valid codes:
101 = Card is valid for unrestricted
international interchange.
587 = Card is valid only in territory of
issuance.
EFFECTIVE DATE varies 4 N The data in YYMM format.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
Table 3-12 Diner’s Club International Track 1 Format (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
42 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.7 Drop Tank Card
Use DAMM algorithm when processing these cards. Do not use MOD 10 check.
3.7.1 Drop Tank Track 1 Format
3.7.2 Drop Tank Track 2 Format
Table 3-14 Drop Tank Track 1 Format
Field Name Position Length Format Value Description
START SENTINEL 1 1 Hex % (percent sign)
FORMAT CODE 2 1 A/N b
ACCOUNT NUMBER 3–20 18N Cardholder’s PAN (token).
FIELD SEPARATOR 21 1 A/N ^ (caret)
FILLER 22 1 A/N Space
FIELD SEPARATOR 23 1 A/N ^ (caret)
FILLER 24 1 A/N Space
END SENTINEL 25 1 A/N ? (question mark)
LRC 26 1 A/N Created by the encoding equipment.
LRC may or may not be present.
Table 3-15 Drop Tank Track 2 Format
Field Name Position Length Format Value Description
START SENTINEL 1 1 Hex ; (semicolon)
ACCOUNT NUMBER 2–19 18 N Cardholder’s PAN (token).
FIELD SEPARATOR 20 1 A/N = (equal sign)
DATE 21-24 4 N Expiration date in MMYY format.
END SENTINEL 25 1 A/N ? (question mark)
LRC 26 1 A/N Created by the encoding equipment.
LRC may or may not be present.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 43
3.8 Heartland Gift Card
PAN must pass a MOD 10 check-digit test. The 19th position is the check-digit for the proceeding
18 digits).
Cards are embossed with the Account Number and the printed Access Code on the back.
3.8.1 Heartland Gift Card Track 2 Format
Table 3-16 Heartland Gift Card Track 2 Format
Field Name Position Length Format Value Description
START SENTINEL 1 1 3B Hex ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.
FIELD SEPARATOR 21 1 A/N = (equal sign)
DATE 22–25 4 N Expiration date in MMYY format.
Default expiration is 9999.
SECURITY DATA 26–38 13 N
END SENTINEL 39 1 A/N ? (question mark)
LRC 40 1 OF Hex Longitudinal Redundancy Check.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
44 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.9 EBT Card
The POS application must perform a MOD 10 check.
No Specific ISO – No information in the account number or track data identifies the card as a
Food Stamp or Cash Benefit card. This identification must come from POS prompts.
3.9.1 EBT Track 2 Format
Table 3-17 EBT Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.
FIELD SEPARATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
SERVICE CODE 26–28 3 N 120
DISCRETIONARY DATA 29 varies A/N
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 45
3.10 Fleet One Card
Cards are embossed with the Account Number, Company Name and Vehicle Name / Customer
Name.
3.10.1 Fleet One Track 2 Format
Table 3-18 Fleet One Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
CARD ISO/ABA PREFIX 2 6 A/N 501486
Refer to the Heartland BIN Guide.
PROMPT CODE 8 2 NValid options are 10–19 and 99.
ACCOUNT NUMBER 10 6 NFleet company number.
CARD NUMBER 16 4 N
CHECK DIGIT 20 1 N0–9
FIELD SEPARATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22 4 N The date the card expires in YYMM format.
9912 or 4912 indicates “does not expire.”
MEMBER NUMBER 26 1 N 0–9
PIN OFFSET 27 6 N Not used.
END SENTINEL 33 1A/N ? (question mark)
LRC 34 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
46 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.11 FleetCor Card
Cards are embossed with the Account Number, Expiration Date, Company Name and Vehicle
Name/Customer Name.
3.11.1 FleetCor Track 2 Format
Table 3-19 FleetCor Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
CARD ISO/ABA PREFIX 2 6 A/N Refer to the Heartland BIN Guide.
ISSUER IDENTIFIER 8 5 N
CARD NUMBER 13 6 N
FIELD SEPARATOR 19 1A/N = (equal sign)
EXPIRATION DATE 20 4 N The date the card expires in YYMM format.
9912 is a valid value and indicates card does
not expire.
DISCRETIONARY DATA 24 0–13 N Reserved for Future Use.
Value is either 0 or NULL.
END SENTINEL 24–37 1 A/N ? (question mark)
LRC 25–38 1 A/N b
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 47
3.12 JCB Card
All JCB cards follow the same track format as Discover. See 3.5 Discover Card, p. 38.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.12.1 JCB IIN Ranges on Discover Network
The JCB IIN Ranges are effective only for the domestic United States, and to the extent that
other Territories and Protectorates may be included, we will provide you with further information.
All other international markets are out of scope at this time. Additionally, ATM transactions will not
be enabled for the IIN ranges assigned to JCB.
Refer to the Heartland BIN Guide.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
48 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.13 Mastercard
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.13.1 Mastercard Track 1 Format
3.13.2 Mastercard Track 2 Format
Table 3-20 Mastercard Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies varies A/N Contains the CVC.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
Table 3-21 Mastercard Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies varies A/N Contains the CVC.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 49
3.14 Mastercard Fleet Card Type
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number, Expiration Date and Cardholder Name.
3.14.1 Mastercard Fleet Card Example
Figure 3-1 Mastercard Fleet Card: Driver Assigned Example
Figure 3-2 Mastercard Fleet Card: Vehicle Assigned Example
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
50 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.14.2 Account Number Information
The following section describes the method that can be used by a POS application to identify a
Mastercard Fleet Account Number.
Table 3-22 Mastercard Fleet Account Number Information Method
Method Description
Magnetic Track
Identification
The Mastercard Fleet account number is 16 characters in length. Refer to the
Heartland BIN Guide.
The 16th position of the Card's account number is the check digit. It is calculated
on the previous fifteen (15) digits. For example, Mastercard Fleet account:
556701000000000 3; has a check digit of 3.
Embossed Identification The Card's embossed account number is 16 characters in length. The Card's
account number prefix (first four digits of the embossed account number). Refer
to the Heartland BIN Guide.
The 16th position of the Card's embossed account number is the check digit.
The words ‘Fuel Only’ (optional, based on Product Restriction Code
information).
Cardholder's Name.
Expiration Date.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 51
3.14.3 Mastercard Fleet Track 1 Format
Note: All Mastercard Fleet cards use the entire allocated length of the track. Therefore, space-fill
any variable length fields as necessary.
Table 3-23 Mastercard Fleet Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies 26 A/N Contains a maximum of 26 characters.
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM
format.
SERVICE CODE varies 3 A/N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies 22 A/N
PRODUCT RESTRICTION CODE varies 1 N 1 to 2 required.
PRODUCT TYPE CODE varies 1 N 1 to 5 required.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
52 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.14.4 Mastercard Fleet Track 2 Format
Table 3-24 Mastercard Fleet Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM
format.
SERVICE CODE varies 3 A/N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies up to 11 A/N The amount of discretionary data
available in Track 2 for issuers to use is
variable depending on the PAN length for
all card brands and card types unless the
PAN is defined as a fixed length.
PRODUCT RESTRICTION CODE varies 1 N 1 to 2 required.
PRODUCT TYPE CODE varies 1 N 1 to 5 required.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 53
3.15 Mastercard Purchasing Card
PAN must pass a MOD 10 check-digit test.
Card are embossed with the Primary Account Number and the Expiration Date.
3.15.1 Mastercard Purchasing Card Example
3.15.2 Mastercard Purchasing Track 1 Format
Table 3-25 Mastercard Purchasing Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CARDHOLDER NAME varies varies A/N Contains a maximum of 26 characters.
FIELD SEPARATOR varies 1 A/N ^ (caret)
EXPIRATION DATE varies 4 N The date the card expires in YYMM
format.
SERVICE CODE varies 3 A/N Identifies the circumstances under which
the card can be used.
DISCRETIONARY DATA varies 22 A/N Optional field.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
54 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.15.3 Mastercard Purchasing Track 2 Format
Table 3-26 Mastercard Purchasing Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 A/N Identifies the circumstances under which the
card can be used.
DISCRETIONARY DATA varies varies A/N Optional field.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 55
3.15.4 Mills Fleet Farm PLCC Track 1 Format
Table 3-27 Mills Fleet Farm PLCC Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 "
START SENTINEL 2 1 A/N % (percent sign)
FORMAT CODE 3 1 B
PRIMARY ACCOUNT NUMBER 4 16 N Cardholder’s PAN.
FIELD SEPARATOR 20 1 A/N ¬
CARDHOLDER NAME 21 26 A/N Contains a maximum of 26 characters.
FIELD SEPARATOR 47 1 A/N ¬
EXPIRATION YEAR DATE 48 2 N The year the card expires.
EXPIRATION MONTH DATE 50 2 N The month the card expires.
SERVICE CODE 52 3 A/N Identifies the circumstances under which the
card can be used.
Mills Dual Card = 201
•PLCC = 701
PIN VERIFICATION 55 1 PIN Indicator (will be 0) Not used
PIN OFFSET 56 4 PIN Offset (will be 0) Not used
CARD VERIFICATION VALUE 60 11 A/N CVV
END SENTINEL 71 1 A/N ? (question mark)
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
56 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.15.5 Mills Fleet Farm PLCC Track 2 Format
Table 3-28 Mills Fleet Farm PLCC Track 2 Format
Field Name Position Length Format Value/Description
11 Space
START SENTINEL 2 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 3 16 N Cardholder’s PAN.
FIELD SEPARATOR 19 1 A/N = (equal sign)
EXPIRATION YEAR DATE 20 2 N The year the card expires.
EXPIRATION MONTH DATE 22 2 N The month the card expires.
SERVICE CODE 24 3 A/N Identifies the circumstances under which the
card can be used.
Mills Dual Card = 201
•PLCC = 701
PIN VERIFICATION 27 1 PIN Indicator (will be 0) Not used
PIN OFFSET 28 4 PIN Offset (will be 0) Not used
CARD VERIFICATION VALUE 32 3 A/N CVV
END SENTINEL 35 1 A/N ? (question mark)
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 57
3.16 Multi Service Track Data
3.16.1 Multi Service Swiped Track 2 Format
3.17 PayPal Card
PayPal cards are now part of the Discover Network and follow the same track format as
Discover. See 3.5 Discover Card, p. 38.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
Table 3-29 Multi Service Swiped Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
ISO PREFIX 2 6 N Refer to the Heartland BIN Guide.
ACCOUNT NUMBER 8 8 N Cardholder’s PAN.
FIELD SEPARATOR 16 1 A/N = (equal)
CASH FLAG 17 1 N
PO REQUIRED FLAG 18 1 N
TWO DIGIT DAY OF ISSUANCE 19 2 N
FIELD SEPARATOR 21 1 A/N = (equal)
DATE OF ISSUANCE 22 4 N YYMM
SERVICE RESTRICTIONS 26 1 N
FUEL FLAG 27 1 N
OIL FLAG 28 1 N
PLUS AMOUNT ON CARD 29 3 N
TYPE FLAG 32 1 N
FILLER SPACE 33 5
STRIPE VERSION NUMBER 38 1 N
END SENTINEL 39 1 A/N ? (question mark)
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
58 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.18 Stored Value Solutions (SVS)
PAN must pass MOD 10 check-digit test. (MOD 10 check on first 18 digits, 19th digit is the
check digit.)
Cards are embossed with the Account Number.
3.18.1 SVS Track 1 Format
3.18.2 SVS Track 2 Format
Table 3-30 SVS Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 5–21 19 NCardholder’s PAN.
FIELD SEPARATOR 22 1A/N ^ (caret)
CARDHOLDER NAME 23–48 26max A/N Contains a maximum of 26 characters.
FIELD SEPARATOR 49 1A/N ^ (caret)
EXPIRATION DATE 50–53 4 N The date the card expires in YYMM format.
SERVICE CODE 54–56 3 N 110
CVV DATA 57–59 3A/N Card Verification Value.
END SENTINEL 60 1A/N ? (question mark)
LRC 61 1A/N Created by the encoding equipment.
Table 3-31 SVS Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1–1 1A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 NCardholder’s PAN.
FIELD SEPARATOR 21–21 1A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
SERVICE CODE 26–28 3 N 110
CVV DATA 29–36 8 N Card Verification Value.
END SENTINEL 37–37 1A/N ? (question mark)
LRC 38–38 1A/N Created by encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 59
3.19 UnionPay Card
All UnionPay issued cards follow the same track format as Discover. See 3.5 Discover Card, p.
38.
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.20 ValueLink Card
PAN must pass MOD 10 check digit test. (MOD 10 check on first 18 digits, 19th digit is the check
digit.)
Card are embossed with the Account Number. CLGC cards (Closed Loop Gift Cards) are
embossed with 16 digits.
3.20.1 ValueLink Track 1 Format
Table 3-32 ValueLink Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.
SEPARATOR varies 1 A/N ^ (caret)
CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N
PVKI 1 N PIN Verification Key Index.
PVV 4 N PIN Verification Value.
DISCRETIONARY DATA varies varies A/N
VISA RESERVED varies 11 A/N
END SENTINEL varies 1 A/N
LRC varies 1 A/N Longitudinal Redundancy Check.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
60 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.20.2 ValueLink Track 2 Format
Table 3-33 ValueLink Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N
PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N Usually = (equal)
CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N
PVKI 1 N PIN Verification Key Index.
PVV 4 N PIN Verification Value.
DISCRETIONARY DATA varies 8 A/N
END SENTINEL varies 1 A/N
LRC varies 1 A/N Longitudinal Redundancy Check.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 61
3.21 Visa Card
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number and the Expiration Date.
3.21.1 Visa Track 1 Format
Table 3-34 Visa Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3varies 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (carat)
CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which the
card can be used.
PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two
components.
PVKI 1 PIN Verification Key Index.
PVV 4 PIN Verification Value.
DISCRETIONARY DATA varies varies A/N
VISA RESERVED varies 111
1. The length is always the last 11 positions of Track 1, excluding the END SENTINEL and LONGITUDINAL REDUNDANCY
CHECK.
A/N PIN Verification. All 11 positions are required.
Filler 1–2 Zero-fill
CVV 3–5 Card Verification Value.
Filler 6–7 Zero-fill
ACI 8 Authorization Control Indicator.
Filler 9–11 Zero-fill
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
62 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.21.2 Visa Track 2 Format
3.22 Visa Corporate or Business
For Track 1, see Table 3-34 Visa Track 1 Format, p. 61.
For Track 2, see Table 3-35 Visa Track 2 Format, p. 62.
3.23 Visa Purchasing
For Track 1, see Table 3-34 Visa Track 1 Format, p. 61.
For Track 2, see Table 3-35 Visa Track 2 Format, p. 62.
Table 3-35 Visa Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two
components.
PVKI 1 N PIN Verification Key Index (PVKI).
PVV 4 N PIN Verification Value (PVV).
DISCRETIONARY DATA varies varies A/N Contains the Card Verification Value.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 63
3.24 Visa Fleet Card Type
PAN must pass a MOD 10 check-digit test.
Cards are embossed with the Primary Account Number, Expiration Date, Company Name or
generic Cardholder ID.
3.24.1 Visa Fleet Card Example
Figure 3-3 Visa Fleet Card: Driver Assigned Example
Figure 3-4 Visa Fleet Card: Vehicle Assigned Example
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
64 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.24.2 Visa Fleet Track 1 Format
Table 3-36 Visa Fleet Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N B
PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.
FIELD SEPARATOR varies 1 A/N ^ (caret)
CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.
SEPARATOR varies 1 A/N ^ (caret)
CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which
the card can be used.
PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two
components.
PVKI 1 N PIN Verification Key Index.
PVV 4 N PIN Verification Value.
DISCRETIONARY DATA varies varies A/N
VISA RESERVED varies 11 A/N
FILLER 2 A/N Zero-filled.
CVV 3 A/N Card Verification Value.
FILLER 2 A/N Zero-filled.
AUTHORIZATION
CONTROL INDICATOR
(ACI)
1 A/N Zero or A to Z required.
RESERVED 1 A/N 0 (zero)
SERVICE ENHANCEMENT
INDICATOR
1A/N
0 = Fleet, No restriction (fuel,
maintenance and non-fuel purchases)
1 = Fleet (fuel and maintenance
purchases only)
2 = Fleet (fuel only)
3–9 = Reserved
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 65
3.24.3 Visa Fleet Track 2 Format
SERVICE PROMPT 1 A/N 0 = Reserved (no prompt)
1 = Generic Identification Number and
ODOMETER1
2 = VEHICLE ID and ODOMETER
3 = DRIVER ID and ODOMETER
4 = ODOMETER
5 = No Prompt
6 = Generic Identification Number2
7–9 = Reserved (no prompt)
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by the encoding equipment.
1. SERVICE PROMPT 1: After prompt for an ID, cardholder enters 6-digit VEHICLE ID, DRIVER ID, or a generic identification
number followed by Odometer.
2. SERVICE PROMPT 6: After prompt for an ID, cardholder enters 6-digit VEHICLE ID, DRIVER ID, or generic identification number.
Table 3-37 Visa Fleet Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2varies 13–19 N Cardholder’s PAN.
SEPARATOR varies 1 A/N = (equal sign)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
SERVICE CODE varies 3 N Identifies the circumstances under which the
card can be used.
PIN VERIFICATION 26
varies
if used
0 or 5 N If used, this field is composed of two
components.
PVKI 1 N PIN Verification Key Index.
PVV 4 N PIN Verification Value.
DISCRETIONARY DATA varies varies N
CARD VERIFICATION
VALUE (CVV)
3 N Identifies the Card Verification Value.
ISSUER INFORMATION varies N The length of this field depends on the
length of PIN Verification and must occupy
the third last position of the field. Visa Fleet
cards are required to use the last three
positions of this field to provide instructions
for customized prompts. Refer to the
Heartland BIN Guide.
Table 3-36 Visa Fleet Track 1 Format (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
66 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
FLEET SERVICES 2 N The third to last position from the END
SENTINEL, valid value is zero.
Service Enhancement Indicator. The value
entered in this field must occupy the second
last position of the field.
0 = Fleet, No restriction (fuel,
maintenance and non-fuel purchases)
1 = Fleet (fuel and maintenance
purchases only)
2 = Fleet (fuel only)
Note: The position of this field varies
depending on the length of PIN
Verification.
1 N Indicate the SERVICE PROMPT.
0 = Reserved (no prompt)
1 = Generic Identification Number and
ODOMETER1
2 = VEHICLE ID and ODOMETER
3 = DRIVER ID and ODOMETER
4 = ODOMETER
5 = No Prompt
6 = Generic Identification Number2
7–9 = Reserved (no prompt)
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Value of 0 (zero) to F.
1. SERVICE PROMPT 1: After prompt for an ID, cardholder enters six-digit VEHICLE ID, DRIVER ID, or a generic identification
number followed by Odometer.
2. SERVICE PROMPT 6: After prompt for an ID, cardholder enters six-digit VEHICLE ID, DRIVER ID, or generic identification
number.
Table 3-37 Visa Fleet Track 2 Format (Continued)
Field Name Position Length Format Value/Description
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 67
3.25 Voyager Fleet Card
PAN must pass two MOD 10 check-digit tests. The 13th position is the check-digit for the
previous eight digits. The 19th position is the check-digit for the previous 18 digits.
Cards are embossed with the Account Number, ID Number, Restriction Code and Expiration
Date.
3.25.1 Voyager Account Number Information
The following sections describe the method that can be used by a POS application to identify a
Voyager Account Number.
Table 3-38 Voyager Fleet Account Number Information Method
Method Description
Magnetic Track
Identification
The Voyager account number is nineteen characters in length.
The Voyager ISO is 7088.
The Card's account number prefix (the first two digits following the ISO) begins with 85, 86,
88 or 89.
The thirteenth position of the Card's account number is the first check digit. It is
calculated on the previous eight digits.
Example: Voyager account: 0004 00001 6 will have their first check digit calculated on the
85999 000. In this case the check digit is 4.
The nineteenth position of the Card's account number is a second check digit. It is
calculated on the previous eighteen digits.
Example: Voyager account: 0004 00001 6 will have the second check digit calculated on the
7088 85999 0004 00001. In this case the check digit is 6.
Embossed
Identification
The Card's embossed account number is fifteen characters in length.
The Card's account number prefix (first two positions of the embossed account number)
begins with 85, 86, 88 or 89.
The ninth position of the Card's embossed account number is the first of two check
digits. It is calculated on the previous eight digits.
Example: Voyager account number: 85999 0004 00001 6 will have the first check digit
calculated on the 85999 000. In this case the check digit is 4.
The fifteenth position of the Card's embossed account number is the second check
digit. It is calculated on the previous 14 digits plus an ISO of 7088 is added before the
account number. The ISO is not embossed on the credit card.
Example: Voyager embossed account number of: 85999 0004 00001 6 will have the check
digit calculated on the 7088 85999 0004 00001. In this case the check digit is 6.
Identification Number (optional, based on Product Restriction Code information).
Cardholder's Name.
Production Restriction Code (also located on magnetic strip).
Expiration Date.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
68 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.25.2 Voyager Fleet Track 1 Format
Table 3-39 Voyager Fleet Track 1 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N % (percent sign)
FORMAT CODE 2 1 A/N 0 (zero)
PRIMARY ACCOUNT NUMBER 3–21 19 N Cardholder’s PAN.
FIELD SEPARATOR 22 1 A/N ^ (carat)
CARDHOLDER NAME 23–47 varies A/N Contains a maximum of 25 characters.
FIELD SEPARATOR varies 1 A/N ^ (carat)
EXPIRATION DATE varies 4 N The date the card expires in YYMM format.
RESTRICTION CODE varies 2 N Code indicating the type of prompts that
display for a customer transaction.
00 = Do not prompt for ID Number or
odometer. All items allowed.
01 = Do not prompt for ID Number or
odometer. Fuel only.
10 = Prompt for ID Number. All items
allowed.
11 = Prompt for ID Number. Fuel only.
20 = Prompt for odometer. All items
allowed.
21 = Prompt for odometer. Fuel only.
30 = Prompt for ID Number and odometer.
All items allowed.
31 = Prompt for ID Number and odometer.
Fuel only.
DISCRETIONARY DATA varies 13 N Contains a valid numeric value or be
zero-filled.
END SENTINEL varies 1 A/N ? (question mark)
LRC varies 1 A/N Created by encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 69
3.25.3 Voyager Fleet Track 2 Format
Table 3-40 Voyager Fleet Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 A/N ; (semicolon)
PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.
FIELD SEPARATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
RESTRICTION CODE 26–27 2 N Code indicating the type of prompts that
display for a customer transaction.
00 = Do not prompt for ID Number or
odometer. All items allowed.
01 = Do not prompt for ID Number or
odometer. Fuel only.
10 = Prompt for ID Number. All items
allowed.
11 = Prompt for ID Number. Fuel only.
20 = Prompt for odometer. All items
allowed.
21 = Prompt for odometer. Fuel only.
30 = Prompt for ID Number and
odometer. All items allowed.
31 = Prompt for ID Number and
odometer. Fuel only.
DISCRETIONARY DATA 28–38 11 N Will contain a valid numeric value or be
zero-filled.
END SENTINEL 39 1 A/N ? (question mark)
LRC 40 1 A/N Created by encoding equipment.
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
70 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.26 WEX Fleet Card
Account Number is seven positions in length where the first six digits must pass MOD 10
check-digit test. The seventh digit is the check-digit.
Cards are embossed with the Account Number, ISO Number, Purchase Device Sequence
Number, Expiration Date, Cardholder Name, Description and Restriction.
3.26.1 WEX Fleet Card Example
Figure 3-5 WEX Fleet Card Example
3.26.2 WEX GSA Fleet Cards
The following WEX GSA cards are to be treated just like any other WEX Fleet card.
WEX Universal cards and WEX GSA cards have the same Track 2 layout.
The card front for WEX Universal cards and WEX GSA cards differs, as the placement of
the six-digit ISO of 690046, the 13-digit Account Number, and five-digit value for the
Purchase Device Sequence Number varies by card type.
WEX Universal cards display the 690046 ISO below the 13-digit Account Number, and
label the five-digits Purchase Device Sequence Number as the PURCH. DEV. SEQ. NO.
WEX GSA Fleet cards display the 690046 ISO above the 13-digit Account Number and
place the five-digit Purchase Device Sequence Number after the 13-digit Account Number,
with no distinct label.
WEX Dept of Defense cards and Dept of Energy cards display the 690046 ISO above the
13-digit Account Number and label the five-digit Purchase Device Sequence Number as
CARD NO.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 71
Figure 3-8 WEX Dept. of Energy Fleet
Figure 3-6 WEX GSA Fleet Figure 3-7 WEX Dept. of Defense Fleet
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
72 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
3.26.3 WEX Fleet Track 2 Format
Table 3-41 WEX Fleet Track 2 Format
Field Name Position Length Format Value/Description
START SENTINEL 1 1 A/N ; (semicolon)
ISO PREFIX 2 6 N Refer to the Heartland BIN Guide.
PRIMARY ACCOUNT NUMBER 3–20 19 N Cardholder’s PAN.
FIELD SEPERATOR 21 1 A/N = (equal sign)
EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.
PROMPT TABLE KEY 26 1 N Values are 0, 1, 2, 3, 4 or 5.
PURCHASE RESTRICTION 27–28 2 N 00 = Fuel Only
01 = Unrestricted
02 = Fuel and Auto (Includes Car Wash)
•04
= Fuel and Oil
Note: Product restriction or validation is
only performed by the POS when
processing in offline mode. Product
restriction or validation is never
performed by the Host.
PURCHASE DEVICE
SEQUENCE NUMBER
29–33 5 N Distinct from the prompt Vehicle ID.
CAV1 34–37 4 N Card Authentication Value.
POS PROMPTS 38 1 N Refer to the Heartland POS Integrator’s
Guide for WEX Fleet Prompting Values.
END SENTINEL 39 1 A/N ? (question mark)
LRC 40 1 A/N Created by encoding equipment.
For Internal Use Only
HPS Integrator’s Guide V 17.2 3: Card Brand Information
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 73
3.26.4 WEX MOD 10 Calculation
WEX defines their Fleet number as:
ISO – six numeric
Client Id – four numeric
Zeros – two numeric
Account Number – six numeric
Check Digit – one numeric
To calculate the Check Digit, follow these steps:
Examine the six-digit Account Number, one digit at a time
Result 1 = Multiply digit 1 by 1
Result 2 = Multiply digit 2 by 2
Result 3 = Multiply digit 3 by 1
Result 4 = Multiply digit 4 by 2
Result 5 = Multiply digit 5 by 1
Result 6 = Multiply digit 6 by 2
If any of these Results (1 through 6) are > 9, then subtract 9 from that Result
The sum of all Results (1 through 6) = the Dividend
Divide the Dividend by 10 resulting in a Quotient and a Remainder
The Remainder = the MOD10-Value
If the MOD10-Value is not equal to 0, compute MOD10-Value = 10 minus MOD10-Value
Move MOD10-Value to Check Digit
For Internal Use Only
3: Card Brand Information HPS Integrator’s Guide V 17.2
74 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 75
Chapter 4: E3 Processing Overview
4.1 Introduction
Heartland Secure™ is a comprehensive credit/debit card data security solution that combines
three powerful technologies working in tandem to provide merchants with the highest level of
protection available against card-present data fraud.
Offered to Heartland customers for no additional processing fees as part of Heartland's
comprehensive solutions, Heartland Secure combines:
EMV electronic chip card technology to prove that a consumer's card is genuine.
Heartland's E3® end-to-end encryption technology, which immediately encrypts card data
as it is acquired so that no one else can read it.
Tokenization technology, which replaces card data with “tokens” that can be used for
returns and repeat purchases, but are unusable by outsiders because they have no value.
This guide focuses on Heartland's E3 end-to-end encryption solution and contains integration
information for POS systems. It serves as a companion to Heartland's host network
specifications and the E3 device programmer's manuals. These documents should be referred to
for more detailed information.
4.2 The E3® Solution
E3, an end-to-end encryption product by Heartland, is designed to protect credit and debit card
data from the moment of card swipe and through the Heartland network — not just at certain
points of the transaction flow.
E3 is based on Voltage Security's SecureData Payments product which provides a complete
payment transaction protection framework, built on two breakthrough technologies
encompassing encryption and key management: Voltage Format-Preserving Encryption (FPE)
and Voltage Identity-Based Encryption (IBE).
With Voltage Format-Preserving Encryption (FPE), credit card numbers and other sensitive data
are protected without the need to change the data format or structure. In addition, data properties
are maintained, such as a checksum, and portions of the data can remain in the clear.
With Voltage Identity-Based Encryption (IBE), the complexity of key management through
traditional Public Key Infrastructure (PKI) systems and symmetric key systems is eliminated —
because encryption keys are securely generated on demand and not stored, POS devices are
not subject to key injection and key rotation.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
76 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
4.3 Encryption Data
4.3.1 Encrypted Track and PAN Data
Depending on the configuration of your E3-capable card acceptance device, the E3 encrypted
Track and PAN data will be formatted using one of two Track Encryption Protocol (TEP)
algorithms, TEP1 or TEP2. TEP1 is whole track encryption, while TEP2 is structure preserving
encryption.
Example: The following data was produced by an E3-capable device using Heartland's Visa test
card:
For TEP2, the following is guaranteed:
The leading six digits of the original PAN are maintained in the clear.
The trailing four digits of the original PAN are maintained in the clear.
The middle digits are used for the ciphertext value, which is guaranteed to consist solely of
digits.
The Luhn check value is preserved so that a PAN with a valid zero (0) result, creates
ciphertext that also checks as valid.
For TEP1, the device will provide a separate masked or obfuscated representation of the track
data for processing that requires the first six or last four digits of the PAN, cardholder name,
expiration date, Luhn check results, etc.
Table 4-1 PAN Encryption
Cleartext 4012002000060016
TEP2 4012002650330016
TEP1 +++++++BWmfv/HUA
Table 4-2 Track 1 Encryption
Cleartext %B4012002000060016^VI TEST CREDIT^251210118039000000000396?
TEP2 B4012007060016^VI TEST CREDIT^2512101XlwD91O5qOg+7Ftv+nLu
TEP1 3FLr83Ed5tiHN3r2CpT3kIndkhtiHRt3mtKQsozJ2rFQM8GE0ha2X7K6t
Table 4-3 Track 2 Encryption
Cleartext ;4012002000060016=25121011803939600000?
TEP2 4012007060016=2512101e3vdC5QhAEZa7UAN
TEP1 AsbjXkDWaRqLV0o5U33jffZqiPg
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 77
4.3.2 Encrypted Card Security Code
The Card Security Code (CSC) printed on the back of the card, referred to as CAV2, CVC2,
CVV2, or CID depending on the card brand, can be optionally encrypted.
The value to be encrypted is constructed as follows:
Length [1 digit]
Random Filler [x digits]
CSC [3 or 4 digits]
Note: The total length of the encrypted CSC will always be seven digits. Typically, the device will
randomly generate 2 or 3 digits of filler to ensure the CSC is seven digits.
4.3.3 Encryption Transmission Block
The Encryption Transmission Block (ETB), sometimes referred to as a Key Transmission Block
(KTB), contains the IBE encrypted version of the device's randomly generated FPE key that was
used to encrypt the card data. The ETB must be sent in the authorization requests so that the
host can decrypt the card data.
Heartland's ETB must be Base64 encoded, and for TEP1 and TEP2 it must be 276 bytes.
Example:
Table 4-4 Encrypted CSC Steps
Step Example Data
1. Obtain the CSC value (either 3 or 4 digits) 572
2. Generate a random 3-digit number 413
3. Construct the value to be encrypted 3413572
4. Encrypt the value 9037662
/wECAQEEAoFGAgEH3gcOTDT6jRZwb3NAc2VjdXJlZXhjaGFuZ2UubmV0tmpl5zBEIeyea
DRWB0IlbnWdMjK32V4QIJRoRIpu1Fm9w8fdoJt1gLt2jkkliD+0kvFOrhspWh4dsDYvSH
GgdgetU3pfAx+iBS38Wq2KvTOOlueGvXcGe0y4G/DFVgT7zBHm1YS7cseYLEtADtoSnhB
UjasCciO5ul9GhesvQo8Ah7NM8geDZdKN0QZZiLH8cmYhgHp8kamxSciDJHARUO9tFb+h
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
78 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
4.4 E3 Specific Requirements
4.4.1 Heartland Exchange
This section addresses specific requirements for E3 terminals using the Heartland Exchange
Message Specification. All card types may be sent using E3 encryption.
4.4.1.1 Unique Transaction ID (UID)
Heartland's Unique Transaction ID (UID) is a software solution that eliminates the need for a
POS application to store the account number or track data for subsequent processing such as
Voids/Incrementals, and Batch Settlement. The UID is returned by the Heartland Exchange Host
in the Authorization response messages. This application is not available on other Heartland
Host platforms.
Voids/Incrementals: The Account Data Source field will be 'Z' or 'z' to indicate that the UID
is being used instead of track or Primary Account Number (PAN) data. The Customer Data
field will contain the UID which is the Retrieval Reference Number (RRN) from the
Authorization.
Batch Settlement: The Primary Account Number field in the Batch Settlement Detail
Record will be filled with all spaces to indicate that the UID is being used instead of PAN
data. The Transaction Identifier field in the Batch Settlement Detail Record is the
Transaction Identifier from the Authorization and it contains the UID.
4.4.1.2 Merchant ID Number (MID)
Merchant ID Number is a 12 character field that contains a unique number assigned by
Heartland. If your E3 implementation encrypts the MID, then the E3 sub-encryption indicator in
the Key Block Data field must indicate the MID is encrypted (01 or 02 as appropriate).
4.4.1.3 Account Data Source
The Account Data Source field is used to indicate the source and format of the data contained in
the Customer Data field. Refer to the Exchange Host Specification for a complete list of Account
Data Source codes.
4.4.1.4 Customer Data
The Customer Data field contains the Key Block data and either the Cardholder Account data or
the Unique Transaction ID. The Cardholder Account data may be either the encrypted Track 1,
encrypted Track 2, or encrypted primary account number. The unique transaction ID is never
encrypted. Refer to the Exchange Host Specification for the Customer Data format.
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 79
4.4.1.5 Retrieval Reference Number (RRN)
The Retrieval Reference Number field contains a value that uniquely identifies a transaction. The
Retrieval Reference Number is sent in an authorization response. The POS then uses the RRN
in voids and incrementals to identify the original transaction.
4.4.1.6 Transaction Identifier
The Transaction Identifier field contains the UID. The Transaction Identifier is sent in an
authorization response.
4.4.1.7 Authorization Example
The following examples shows highlighted fields that are used in the POS message to Heartland
messaging:
Encrypted Track 1 Data
Encrypted Track 2 Data
KTB (Key Transmission Block)
PAN (Primary Account Number)
Table 4-5 Authorization Examples
Request Response
For Encrypted Card Swipes:
The following request fields require specific handling:
MID (Merchant ID Number) – This field will be either the unencrypted,
cleartext MID or the encrypted MID if supported.
Account Data Source – This field will indicate that either encrypted Track
1 or Track 2 data is being sent:
“h” = Encrypted Track 1
“d” = Encrypted Track 2
Customer Data – This field will be <Key Block Data><FS><Encrypted
Track 1 or Track 2 Data>, where <Key Block Data> is “v” (Voltage
encryption)+ “01”, “02”, or “03” as appropriate + KTB.
Example: v03/wECAQECAoFGAgEH2ggJTHLeIBZwb3NAc2
VjdXJlZXhjaGFuZ2UubmV0aFLxu2XTNLs6jIk3Bakt
bFZrdJ26dX85BjkkngQnmk+3tOhXRVILvASHnfmao0y
l5z7KNBx6Na7ekL+hryGQ3oPOcOVkEzei83Clsc
9QSfQJWB9ysAynGc6btccnrfjwyJn70KJ1cqQrw
623ASSWm57Hov2fMtWmPpYpQRr54oAoXZY
jUajd0sRXCn5XeD5BhpE/Wzd4Ayn+342BGUL
0N7hWKm<FS>V2uvVFzWkBTNzcX7vcrWTi4
jV9AtG2bLYJkCOi+OA2aY2OiRmw/0ZSQcH
The following response fields
require specific handling:
RRN (Retrieval Reference
Number) – This field will be
used as the UID (Unique
Transaction ID) for
subsequent messages such
as voids.
Transaction Identifier – This
field will be used as the UID in
the batch settlement detail
record.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
80 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
Note:
Refer to section Authorization Chapter in the Heartland Exchange specification for all other
fields.
UIDs are used to retrieve a transaction’s account data for Voids, Incrementals, and Batch
Settlement. This eliminates the need to store or send encrypted or unencrypted track, PAN,
or KTB data once authorization has occurred.
For refunds/returns, Purchase Return (Transaction Code CR) must be utilized so that the
returned UID can be used for settlement.
For voice authorizations, Online Forced Purchase (Transaction Code 5S) must be utilized
so that the returned UID can be used for settlement.
For Encrypted Manual Entry from E3 PIN Pad:
The following request fields require specific handling:
Merchant ID Number – This field will be the unencrypted, cleartext MID.
Account Data Source – This field will indicate that an encrypted PAN is
being sent:
n “x” = Encrypted, manually keyed PAN, Track 1 capable
n “t” = Encrypted, manually keyed PAN, Track 2 capable
Customer Data – This field will be <Key Block Data><FS><Encrypted
Primary Acct Num><FS><Exp Date><FS>, where <Key Block Data> is “v”
(Voltage encryption) + “03” (sub-encryption indicator that only PAN is
encrypted, not MID) + KTB from the E3 PIN Pad.
Example: v03/wECAQECAoFGAgEH2ggJTHLeIBZwb3NAc
2VjdXJlZXhjaGFuZ 2UubmV0aFLxu2XTNLs6jIk3Ba
ktbFZrdJ26dX85BjkkngQnm
k+3 tOhXRVILvASHnfmao0yl5z7
KNBx6Na7ekL+hryGQ3oPOcOVkE
zei83Clsc9QSf QJWB9ysAynGc6btccnfrfjwyJn70KJ1
cqQrw623ASSWm57Hov2fMtWmPpYpQRr
54oAoXZYjUajd0sRXCOn5XeD5BhpE/Wzd4Ayn+3
42BGUL0N7hWKm<FS>+++++++X8zr5YaCZ<FS>1012
Table 4-5 Authorization Examples (Continued)
Request Response
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 81
4.4.1.8 Void/Incremental Example
A Void is required to cancel a previously authorized transaction. Online Auth Void (Transaction
Code 59), PIN Debit: Purchase Void (Transaction Code A3), or PIN Debit: Purchase Return Void
(Transaction Code A4) should be used depending on the type of the original authorization.
An Incremental Authorization is required in certain industries such as Hotel/Lodging when the
final amount due is more than 15% higher than the originally authorized amount.
For Voids/Incremental Requests the fields below require specific handling:
Merchant ID Number – This field will be the unencrypted, cleartext MID.
Account Data Source – This field will indicate that the UID is being sent instead of track or
PAN data:
“z” = Original authorization request contained encrypted track or PAN data.
Customer Data This field will be <Key Block Data><FS><UID>, where <Key Block Data>
is just “v03” – the KTB is not required in this case since no encrypted data is being sent,
and <UID> is the RRN from the original authorization response.
Note: Refer to the Heartland Exchange Specification for all other fields.
Void/Incremental Responses – No specific fields in the Exchange Host response require specific
handling.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
82 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
4.4.2 Settlements
Batch transactions consist of a number of record types and require both request and responses.
4.4.2.1 Header Record Field Requirements
Merchant ID Number – This field will be the unencrypted, cleartext MID.
Key Block – This field will be just “v03” – the KTB is not required in this case since no
encrypted data is being sent.
4.4.2.2 Detail Record Fields Requirements
Account Data Source – This field will be the same value as was used in the original
authorization request.
Primary Account Number – This field will be filled with 22 spaces to indicate that the UID
will be used.
Transaction Identifier – This field will be the Transaction Identifier from the original
authorization response (it contains the UID).
4.4.2.3 Settlement Notes
UIDs must be used for settlement, all other record fields in both the request and responses follow
those defined in the Exchange Host Specifications.
Note: The only alternative supported on Exchange for settling E3 encrypted transactions is to
send the encrypted PANs in the detail records, but that option requires that all transactions
in the batch share the same KTB.
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 83
4.4.3 POS 8583
This section addresses specific requirements for E3 terminals using the POS 8583 message
specification. All card types may be sent using E3 encryption. All transactions utilizing E3
processing will include E3 data in DE 127: Forwarding Data.
These transactions require the following:
E3 data must always appear in DE 127: Forwarding Data (using an Entry Tag value of
E3E.)
Note: Then encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted
track data and/or encrypted PAN are placed in their normal position in the authorization
message.
An account number must be more than 13 characters, the encrypted account number data
cannot exceed 19 characters.
Encrypted Track 1 data will not exceed 79 bytes.
Encrypted Track 2 data will not exceed 40 bytes.
Response codes specific to E3 transactions are:
DE 39 = 952 (Failure for E3 terminals only – encryption error)
DE 39 = 953 (Failure for E3 terminals only – too many queued / no connection)
Table 4-6 POS 8583 Data Fields
Field Name Length Value/Description
RECORD ID 2 E3
RECORD TYPE 3 001
KEY BLOCK DATA TYPE 1 v = Voltage
ENCRYPTED FIELD
MATRIX
2 03 = CustomerData
04 = CustomerData, Card Security Code
TEP TYPE 1 1 = TEP 1
2 = TEP 2
RESERVED 18 Blank-fill
CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:
1 = Length of actual CVV data
•2
7 = CVV data, right-justified, random fill, numeric
only
RESERVED 45 Blank-fill
ETB LLL 3 Length of ETB Block.
ETB BLOCK Varies ETB cannot exceed 276 bytes.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
84 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
4.4.4 NTS
This section addresses specific requirements for E3 terminals processing on the NTS network
platform. All card types may be sent via E3 encryption. All transactions using E3 processing
append additional data items at the end of the record, which signals to the host that the
transaction is E3 encrypted.
These transactions require the following:
E3 data must always appear at the end of a transaction. The POS terminal will append a
0x1D at the end of the transaction followed by the E3 data. Refer to Table 4-7 NTS Data
Fields, p. 85.
Note: Then encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted
track data and/or encrypted PAN are placed in their normal position in the authorization
message.
POS must send spaces in the CVN field. This encrypted CVN value will be in the E3 Data
Block.
An account number must not be less than 13 characters and the encrypted account
number data will not exceed 19 characters.
Encrypted Track 1 data will not exceed 79 bytes.
Encrypted Track 2 data will not exceed 40 bytes.
Response codes specific to E3 transactions are:
52 (Failure for E3 terminals only – encryption error)
53 (Failure for E3 terminals only – too many queued / no connection)
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 85
Table below shows the data items that must be appended to the end of an E3 transaction.
Table 4-7 NTS Data Fields
Field Name Length Value/Description
FIELD SEPARATOR 1 0x1D
Indicator for E3 transaction (Hex: Constant ASCII).
Must be appended at end of E3 transaction.
RECORD ID 2 E3
RECORD TYPE 3 001
KEY BLOCK DATA TYPE 1 v = Voltage
ENCRYPTED FIELD
MATRIX
2 03 = Customer Data
04 = Customer Data, Card Security Code
TEP TYPE 1 •1 = TEP 1
•2 = TEP 2
RESERVED 18 Blank-fill
CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:
1 = Length of actual CVV data
2–7 = CVV data, right-justified, random fill numeric only
RESERVED 45 Blank-fill
ETB LLL 3 Length of ETB Block.
EBT BLOCK Varies ETB should not exceed 276 bytes.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
86 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
4.4.5 Z01
This section addresses specific requirements for E3 terminals processing on the Z01 network
platform. All card types may be sent via E3 encryption. All transactions using E3 processing will
append additional data items at the end of the record, which will signal to the Host that the
transaction is E3 encrypted.
These transactions require the following:
E3 data must always appear at the end of a transaction. The POS terminal will append a
0x1D at the end of the transaction followed by the E3 data as specified in Table 4-8 Z01
Data Fields, p. 87.
Note: The encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted track
data and/or encrypted PAN are placed in their normal position in the authorization
message.
POS must send spaces in AVS RESULT AND CID RESULT. The encrypted values are in
the E3 Data Block.
An account number must not be less than 13 characters and the encrypted account
number data will not exceed 19 characters.
Encrypted Track 1 data will not include the field separator 0x1C.
Encrypted Track 2 data will not exceed 37 bytes.
Response codes specific to E3 transactions are:
URC = EG, SRC = 8 (Failure for E3 terminals only – encryption error)
URC = EH, SRC = 8 (Failure for E3 terminals only – too many queued / no connection)
Note: E3 transactions are not supported for TDC batch uploads.
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 87
Table 4-8 Z01 Data Fields
Field Name Length Value/Description
FIELD SEPARATOR 1 0x1D.
Indicator for E3 transaction (Hex: Constant ASCII).
Must be appended at end of E3 transaction.
RECORD ID 2 E3
RECORD TYPE 3 001
KEY BLOCK DATA TYPE 1 v = Voltage
ENCRYPTED FIELD
MATRIX
2 03 = Customer Data
04 = Customer Data, Card Security Code
TEP TYPE 1 •1 = TEP 1
•2 = TEP 2
RESERVED 18 Blank-fill
CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:
1 = Length of actual CVV data
2–7 = CVV data, right-justified, random fill, numeric only
RESERVED 45 Blank-fill
ETB LLL 3 Length of ETB Block.
EBT BLOCK Varies ETB should not exceed 276 bytes.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
88 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
4.5 E3 Hardware Devices
The following section describes two hardware devices that use E3 encryption technology that
integrates with Heartland Hosts:
E3 MSR Wedge (HPS-E3-M1)
E3 PIN Pad (HPS-E3-P1)
4.5.1 E3 MSR Wedge (HPS-E3-M1)
Hardware-encrypts card data upon swipe.
Incorporates a Tamper-Resistant Security Module (TRSM) to physically protect data and
encryption keys.
Available with USB and RS232 connectors.
Figure 4-1 E3 MSR Wedge
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 89
4.5.2 E3 MSR Wedge Device Interface
4.5.3 E3 MSR Wedge Example Output
See the following Format 2 example output from the E3 MSR Wedge:
<E1050711%B4012001000000016^VI TEST
CREDIT^251200000000000000000000?|
ycO0LNhgiu4XH7J1Lqg8BY6Vc25F3ft3qoTEeqk3wrx7KGh8JSrEUfAAW
|+++++++8q0sLWCB5|11;4012001000000016=25120000000000000000?|
7YIC67MkijZle6TL5Tdw90jCQ3F|+++++++8q0sLWCB5|00|||
/wECAQECAoFGAgEH1AESTDT6jRZwb3NAc2VjdXJlZXhjaGFuZ2UubmV0aXGRuQf68kvJ3Sb
fATjjdctZlBnX2gFQ3chN7Fq2s22bTq/rTVzl7fLQ/j1CGGohcyB
vmmYxGs6ZLDyYL+8EWZFhhjQC7tIKaYMsdua4SxeYAg9wQGHczVI+tTKFXClWEQ8kCKZ6
zHkG5+jJZhjGpO2EWSe18DH3HiKMsDwM8DcA5l5b3GT+pc7XwwK8oEdU3gjOiRo4/fdPm
F/PPBxAET1zlPUq|>
Table 4-9 E3 MSR Wedge Operation Modes
Mode Description
USB HID-KB The POS system receives data from the E3 MSR Wedge as if sent
from a standard USB keyboard. In this mode, you can see the output
by opening a text editor such as Notepad and swiping a card. The
output is in Format 2 per the programmer’s manual.
USB HID-MSR The POS system receives data from the E3 MSR Wedge via its
native USB HID interface in Format 1. For this mode, an ActiveX
control is available for web applications running on Internet Explorer
and provides commands for obtaining the desired output
components.
Also, a command-line application is available that acquires and
reformats the output as Format 2.
USB Virtual-COM or RS232 The POS system receives data from the E3 MSR Wedge via its
native serial COM port interface, which outputs in Form 2.
A virtual COM port driver is available for Windows. The RS232
wedge has a standard 9-PIN serial connector.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
90 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
4.6 E3 PIN Pad (HPS-E3-P1)
The E3 PIN Pad is compatible with standard PIN entry/encryption operations, but is also capable
of functioning with MSR, Europay, Mastercard, and Visa (EMV) smart cards.
Built-in MSR encrypts at the swipe and TRSM protects the data and keys.
Hardware-encrypt manually-entered card numbers.
Available with USB and RS232 connectors.
Figure 4-2 E3 PIN Pad
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 91
Table 4-10 E3 MSR Wedge Operation Modes
POS System Direction E3 PIN Pad
<STX>E1.3111219098025<ETX>[LRC] → “SWIPE CARD OR ENTER ACCOUNT #” is
displayed on LCD.
← <ACK>
<STX>E2.030<ETX>[LRC] →
← <ACK>
If card is swiped...
<STX>E3.11%B401200000000001
6^VI TEST CREDIT^25120000000
0000000000000?|V2uvVFzWkBT
NzcX7vcrWTi4jV9AtG2bLYJkCO
i+OA2aY2OiRmw/0ZSQcH|++++
+++X8zr5YaCZ<FS>11;4012000
000000016= 251 20000000000
000000?|7QjTe2v1Qy1L84Q+n6
zudfNOXf|+++++++X8zr5YaCZ
<FS>00||<FS>/wECAQ
ECAoFGAgEH2ggJTHLeIBZwb3N
Ac2VjdXJlZXhjaGFuZ2
UubmV0aFLxu2XTNLs6jIk3Baktb
FZrdJ26dX85Bjkkng Qnmk+3tOhX
RVILvASHnfmao0yl5z7KNBx6Na
7ekL+hry GQ3oPOcOVkEzei8
3Clsc9QSfQJWB9ysAynGc6btccn
fr fjwyJn70KJ1cqQrw623ASSWm
57Hov2fMtWmPpYpQRr54
oAoXZYjUajd0sRXCOn5XeD5Bhp
E/Wzd4Ayn+3 42BGUL0N7hWKm
<ETX>[LRC]
or
If card number is manually entered...
<STX>E4.114012000000000016
<FS>
+++++++X8zr5YCZ
<FS>/wECAQECAoFGAgEH2g
gJTHLeIBZwb3NA2VjdXJlZXhj
aGFuZ2UubmV0aFLxu2XTNLs6
jIk3Baktb FZrdJ26dX85Bjkkng
Qnmk+3tOhXRVILvASHnfma
o0yl5 z7KNBx6Na7ekL+hryGQ3
oPOcOVkEzei83Clsc9QSfQJW
B9ysAynGc6btccnfrfjwyJn70KJ
1cqQrw623ASSWm57H ov2fM
tWmPYpQRr54oAoXZYjUajd0
sRXCOn5XeD5BhpE /Wzd4Ayn
+342BGUL0N7hWKm<ETX>[LRC]
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
92 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
4.6.1 E3 PIN Pad Device Interface
The POS system transmits and receives data to/from the E3 PIN Pad via its native serial COM
port interface. For the USB PIN pad, a virtual COM port driver is available for Windows. The
RS232 PIN pad has a standard 9-PIN serial connector.
All messages are framed using standard Visa protocols:
• <STX>Message<ETX>[LRC]
• <SI>Message<SO>[LRC]
4.6.1.1 E3 PIN Pad Requests
The following messages are sent to the PIN pad to request E3 encrypted card data via card
swipe and/or manual entry:
<STX>E1.[entry_flag] [disp_flag] [mask_flag] [min len] [max len] [prompt1] [prompt2]<FS>
[prossing_prompt]<ETX>[LRC]
• <STX>E2.[timeout]<ETX>[LRC]
4.6.1.2 E3 PIN Pad Responses
The following messages are returned from the PIN pad with E3 encrypted card data via card
swipe or manual entry:
Card Swipe: <STX>E3.[trk1]<FS>[trk2]<FS>[trk3]<FS>[ktb]<ETX>[LRC]
Manual Entry: <STX>E4.[result] [luhn] [obf]<FS>[enc]<FS>[ktb]<ETX>[LRC]
For Internal Use Only
HPS Integrator’s Guide V 17.2 4: E3 Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 93
4.6.2 Ingenico iPP300 and iSC Touch Series PIN Pads
You must sign up for an account at the Ingenico Developer Portal and mention that you are
working with Heartland. Retail Base Application (RBA) Integration Kits, Software Development
Kits (SDKs), and integration documentation for these devices can be downloaded from their
portal.
The E3 encryption settings are contained in a digitally signed SECURITY.PGZ files. Work with
Heartland to ensure that the appropriate file is loaded to your devices prior to certification testing
or production deployment.
4.6.3 Equinox L4000 and L5000 Series PIN Pads
You must sign up for an account at the Equinox Developer Portal and mention that you are
working with Heartland. Software Development Kits (SDKs) and integration documentation for
these devices can be downloaded from their portal.
The E3 encryption settings are contained in XML files which must be specified for all forms
(screens) from which card data is obtained, and the forms must be digitally signed. Equinox can
provide a development key to sign the forms for use on a development device, but for production
devices the forms will either need to be signed by Heartland, Equinox, or another entity that has
the appropriate signing tools. Work with Heartland to ensure that the appropriate forms have
been signed and loaded to your devices prior to certification testing or production deployment.
For Internal Use Only
4: E3 Processing Overview HPS Integrator’s Guide V 17.2
94 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
For Internal Use Only
HPS Integrator’s Guide V 17.2 5: EMV Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 95
Chapter 5: EMV Processing Overview
5.1 Introduction
In 1996, Europay, Mastercard, and Visa first published the “EMV” specifications for the use of
chip cards for payment. EMV® is now a registered trademark of EMVCo, LLC, an organization
jointly owned and operated by American Express, Discover, JCB, Mastercard, UnionPay, and
Visa.
EMVCo manages, maintains, and enhances the EMV Integrated Circuit Card Specifications to
help facilitate global interoperability and compatibility of payment system integrated circuit cards
and acceptance devices. EMVCo maintains and extends specifications, provides testing
methodology, and oversees the testing and approval process.
The EMV Specifications provide a global standard for credit and debit payment cards based on
chip card technology. Payment chip cards contain an embedded microprocessor, a type of small
computer that provides strong security features and other capabilities not possible with traditional
magnetic stripe cards.
Chip cards are available in two forms, contact and contactless.
For contact, the chip must come into physical contact with the chip reader for the payment
transaction to occur.
For contactless, the chip must come within sufficient proximity of the reader (less than 4
cm) for the payment transaction to occur. Some cards may support both contact and
contactless interfaces, and non-card form factors such as mobile phones may also be used
for contactless payment.
Heartland recommends that vendors become familiar with general EMV processing prior to initial
implementation at Heartland. A good overview of EMV is available from EMVCo at:
http://www.emvco.com/best_practices.aspx?id=217.
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 17.2
96 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
5.2 EMV Migration
5.2.1 Enhanced Security
EMV is designed to significantly improve consumer card payment security by providing features
for reducing fraudulent transactions that result from counterfeit and lost and stolen cards. Due to
increased credit card breaches, this enhanced security has become a significant necessity.
The key security features are:
5.2.2 Card Brand Mandates
Effective April 2013, acquirer processors and sub-processor service providers are required to
support merchant acceptance of EMV chip transactions.
Table 5-1 Key Security Features
Key Security Feature Description
Card Authentication The terminal can authenticate the legitimacy of the card by using a
public-key infrastructure (PKI) and Rivest, Shamir, and Adleman (RSA)
cryptography to validate signed data from the card. The issuer can
authenticate the legitimacy of the card by validating a unique cryptogram
generated by the card for each payment transaction. These features will
help protect against counterfeit fraud.
Risk Management EMV introduces localized parameters to define the conditions under which
the issuer will permit the chip card to be used and force transactions online
for authorization under certain conditions such as offline limits being
exceeded.
Transaction Integrity Payment data such as purchase and cashback amounts are part of the
cryptogram generation and authentication processing, which will help
ensure the integrity of this data across authorization, settlement, and
clearing.
Cardholder Verification More robust cardholder verification processes and methods such as online
PIN (verified online by issuer) and offline PIN (verified offline by card) will
help protect against lost and stolen fraud.
For Internal Use Only
HPS Integrator’s Guide V 17.2 5: EMV Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 97
5.2.3 Fraud Liability Shifts
Effective October 2015 (or October 2017 for automated fuel dispensers), a merchant that does
not support EMV assumes liability for counterfeit card transactions.
There are two types of liability shifts:
5.2.4 PCI Audit Waivers
Effective October 2012, the card brands will waive PCI DSS compliance validation requirements
if the merchant invests in contact and contactless chip payment terminals. For example, Visa’s
Technology Innovation Program (TIP) provides PCI audit relief to qualifying merchants (Level 1
and Level 2 merchants that process more than 1 million Visa transactions annually) when 75
percent of the merchant’s Visa transactions originate at a dual-interface EMV chip-enabled
terminal. Mastercard offers a similar program.
Table 5-2 Liability Shifts
Liability Shift Description
Chip Liability Shift An issuer may charge back a counterfeit fraud transaction that occurred at a
non-EMV POS terminal if the valid card issued was a chip card.
Chip/PIN Liability Shift An issuer may charge back a lost or stolen fraud transaction that occurred at
an EMV POS terminal that was not PIN-capable if the card involved was a
PIN-preferring chip card. A PIN-preferring chip card is defined as an EMV chip
card that has been personalized so that a PIN CVM option (online PIN or
offline PIN) appears in the card’s CVM list with a higher priority than the
signature option.
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 17.2
98 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
5.3 EMV Specifications
This document provides guidelines for EMV integration, but it does not contain all the EMV
requirements. It should be used in conjunction with the following documents:
5.3.1 Contact Specifications
For EMV contact card acceptance, device manufacturers and payment application developers
must adhere to the following specifications:
Table 5-3 Contact Specifications
Source Specification
EMVCo EMV Specifications v4.3 (Nov 2011) –
http://www.emvco.com/specifications.aspx?id=223
Book 1: Application Independent ICC to Terminal Interface Requirements
Book 2: Security and Key Management
Book 3: Application Specification
Book 4: Cardholder, Attendant, and Acquirer Interface Requirements
Visa Transaction Acceptance Device Guide v3.1 (Nov 2016)
Integrated Circuit Card Specification v1.6 (Jan 2016)
Mastercard M/Chip Requirements for Contact and Contactless (Sep 2016)
American Express AEIPS Terminal Implementation Guide v4.3 (April 2015)
AEIPS Terminal Technical Manual v4.3 (April 2015)
Discover Contact D-PAS Acquirer Implementation Guide v3.2 (Jul 2016)
D-PAS Terminal Specification v1.0 (Jun 2009)
For Internal Use Only
HPS Integrator’s Guide V 17.2 5: EMV Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 99
5.3.2 Contactless Specifications
For EMV contactless card acceptance, device manufacturers and payment application
developers must adhere to the following specifications:
5.3.3 Heartland Host Specifications
Information given in this document for each network platform is meant to be an overview only.
The latest version of these Heartland platform specifications should be used for complete
message requirements and formats:
Table 5-4 Contactless Specifications
Source Specification
EMVCo EMV Contactless Specifications v2.6 (May 2016) –
http://www.emvco.com/specifications.aspx?id=21
Book A: Architecture and General Requirements
Book B: Entry Point
Books C [C-1, C-2, C-3, C-4, C-5, C-6, C-7]: Kernel Specifications
Book D: Contactless Communication Protocol
Visa Transaction Acceptance Device Guide v3.1 (Nov 2016)
Contactless Payment Specification v2.1 (May 2009)
Mastercard M\Chip Requirements for Contact and Contactless (Sep 2016)
Contactless Reader Specification v3.1 (Jun 2015)
American Express Contactless NFC Terminal Implementation Guide v1.0 (Mar 2014)
Expresspay Terminal Specification v3.0 (Feb 2012)
Discover Contactless D-PAS Acquirer Implementation Guide v1.2 (Jul 2016)
Contactless D-PAS Terminal Application Specification v1.0 (May 2013)
Table 5-5 Heartland Host Specifications
Platform Specification
Exchange Exchange Host Specifications
Portico Portico Developer Guide
NWS Z01 Specifications
POS 8583 Specifications
SpiDr Specifications Developer’s Guide
VAPS Network Terminal Specifications (NTS)
POS 8583 Specifications
SpiDr Specifications Developer’s Guide
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 17.2
100 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
5.4 EMV Online vs. Offline
In the magstripe world, the term “offline” is often associated with certain types of transactions that
may occur when host communications are down, such as voice authorization, deferred
authorization (i.e. store and forward), and forced acceptance (i.e. merchant/acquirer stand-in).
Those same transactions can still occur in the EMV world as well, but there are several additional
uses of the term “offline” for EMV.
5.4.1 Card Authentication
5.4.2 Cardholder Verification
5.4.3 Authorization
Table 5-6 Card Authentication
Online Card Authentication vs. Offline Card Authentication
The transaction is sent online to an issuer who
authenticates the CVV in the track data for swiped
transactions, or CVV2 on the back of the card for
manually entered transactions.
The card may be authenticated offline by the terminal
using a PKI and RSA cryptography to verify that
certain static and/or dynamic data elements have been
digitally signed by the legitimate card issuer.
Table 5-7 Cardholder Verification
Online Cardholder Verification vs. Offline Cardholder Verification
The transaction is sent online to an issuer who
verifies that the online PIN or AVS data is correct.
An offline PIN may be securely stored on the card, so
the PIN entered on the PIN entry device may be sent
to the card in plaintext or enciphered format to be
validated by the card.
Table 5-8 Authorization
Online Authorization vs. Offline Authorization
The transaction is sent online to an issuer who
approves or declines the transaction.
Based on the amount of the transaction, and the risk
management criteria established by the card and the
terminal, a transaction may be approved or declined by
the card on behalf of the issuer, either with or without
attempt to go online to the issuer.
For Internal Use Only
HPS Integrator’s Guide V 17.2 5: EMV Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 101
5.5 Full vs. Partial EMV Transactions and Flow
EMV POS solutions typically support both “full” EMV transactions and “partial” EMV transactions
as follows:
5.5.1 Full vs. Partial Transaction Flow
Table 5-9 Full vs. Partial EMV Transactions and Flow
EMV Transaction Description
Full EMV Transactions Transactions such as Purchases and Pre-Authorizations where the full EMV
transaction flow (i.e. the interaction between the card and terminal) is
performed and the card participates in the authorization decision, whether
online or offline.
Partial EMV Transactions Transactions such as Returns and Reversals where the EMV transaction
flow is only partially performed to the extent necessary to get the card data
from the chip and the card does not participate in the authorization decision.
Table 5-10 Full vs. Partial Transaction Flow
EMV Transaction Step Full
EMV
Partial
EMV Notes
Card Acquisition 
Card is inserted or tapped.
Application Selection 
Initiate Application Processing 
Read Application Data 
Offline Data Authentication
Processing Restrictions
Cardholder Verification
Terminal Risk Management
Terminal Action Analysis 
For partial EMV transactions, the terminal requests an AAC
at 1st GENERATE AC to terminate card usage.
Card Action Analysis 
For partial EMV transactions, the card always returns an
AAC.
Online Processing
Issuer Authentication
Completion
Issuer Script Processing
Card Removal 
Prompt to remove card if it was inserted.
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 17.2
102 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
5.5.2 Full vs. Partial Credit Transactions
Table 5-11 Full vs. Partial Credit Transactions
EMV Transactions Full
EMV
Partial
EMV Notes
Bill Payment
Card Verify
Cash Advance
Incremental Authorization No chip data should be sent.
Offline Decline Advice AAC received at 1st GENERATE AC or due to failed Issuer
Authentication at 2nd GENERATE AC.
Offline Purchase Advice

Full for EMV offline approvals where TC received at 1st
GENERATE AC or after failed host communications at 2nd
GENERATE AC.
Partial for voice authorizations if PAN obtained from chip.
Online Purchase ARQC received at 1st GENERATE AC.
Pre-Authorization
Pre-Auth Completion No chip data should be sent.
Purchase Return To obtain PAN from chip if needed.
Reversal on Timeout PAN and chip data from original authorization should be sent
unless otherwise stated in the network specifications. (This is
currently not applicable for the NTS platform.)
Note: No EMV data will be returned in the response.
Void PAN and chip data from original authorization should be sent.
This should be the final chip data available from the original
authorization. Typically, this would be from the 2nd GEN AC
for contact and from the 1st GEN AC for contactless.
Note: No EMV data will be returned in the response.
For Internal Use Only
HPS Integrator’s Guide V 17.2 5: EMV Processing Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 103
5.5.3 Full vs. Partial Debit Transactions
Table 5-12 Full vs. Partial Debit Transactions
EMV Transactions Full
EMV
Partial
EMV Notes
Offline Decline Advice AAC received at 1st GENERATE AC or due to failed Issuer
Authentication at 2nd GENERATE AC.
Online Purchase ARQC received at 1st GENERATE AC.
Pre-Authorization
Pre-Auth Completion No chip data should be sent.
Purchase Return ARQC or AAC received at 1st GENERATE AC.
Reversal on Timeout PAN and chip data from original authorization should be sent.
Note: No EMV data will be returned in the response.
Void PAN and chip data from original authorization should be sent.
This should be the final chip data available from the original
authorization. Typically, this would be from the 2nd GEN AC for
contact and from the 1st GEN AC for contactless.
Note: No EMV data will be returned in the response for Void.
For Internal Use Only
5: EMV Processing Overview HPS Integrator’s Guide V 17.2
104 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
For Internal Use Only
HPS Integrator’s Guide V 17.2 6: EMV Development Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 105
Chapter 6: EMV Development Overview
6.1 EMV Terminals
In order to develop an EMV POS solution, an approved EMV transaction acceptance device
must be used. In this document all such devices, whether they are a countertop terminal,
multi-function PIN pad, multi-lane signature capture device, automated fuel dispenser module,
etc., will be referred as a 'terminal'.
6.1.1 Contact Devices
For EMV contact card acceptance, use any terminal if all of the following criteria apply:
Contains an EMVCo Level 1 Contact approved Interface Module (IFM) evaluated against
the EMV ICC Specifications, Book 1 v4.0 or later.
Contains a Mastercard Terminal Quality Management (TQM) approved IFM.
Is running an EMVCo Level 2 Contact approved application kernel evaluated against the
EMV ICC Specifications v4.3 or later.
Contains a PCI PTS 3.x or 4.x approved PIN Entry Device (PED) or Encrypting PIN Pad
(EPP), if you plan to support PIN.
6.1.2 Contactless Devices
For EMV contactless card acceptance, use any terminal if all of the following criteria apply:
Contains an EMVCo Level 1 Contactless approved Proximity Coupling Device (PCD)
evaluated against the EMV Contactless Specifications, Book D v2.2 or later.
Contains a Mastercard TQM approved PCD.
Is running a Visa approved payWave application kernel evaluated against the Visa
Contactless Payment Specification v2.1.1 or later.
Is running a Mastercard approved Mastercard Contactless application kernel approved
against the Mastercard Contactless Reader Specification v3.0.1 or later.
Is running an American Express approved Expresspay application kernel evaluated
against the Expresspay Terminal Specification v3.0 or later.
Is running a Discover approved D-PAS application kernel evaluated against the
Contactless D-PAS Terminal Payment Application v1.0 or later.
Contains a PCI PTS 3.x or 4.x approved PED or EPP, if you plan to support PIN.
REQUIREMENT An EMV POS Solution cannot be certified unless the EMVCo Level 1 and Level 2 Letters of
Approval for your terminal(s) of choice are current and not about to expire.
For Internal Use Only
6: EMV Development Overview HPS Integrator’s Guide V 17.2
106 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
6.1.3 Letters of Approval
The EMVCo and PCI approval numbers and/or Letters of Approval (LoAs) can be obtained from
their respective websites:
http://www.emvco.com/approvals.aspx?id=83
https://www.pcisecuritystandards.org/approved_companies_providers/approved_pin_trans
action_security.php
The other approval numbers and/or LoAs can be obtained from the device supplier or
manufacturer.
6.2 EMV Solutions
The type of EMV POS solution to be developed is an important consideration as this will
determine the level of expertise needed, the amount of time it will take and whether a full EMV
certification will be required.
6.2.1 Integrated
Integrated solutions typically involve an Electronic Cash Register (ECR) that is connected to a
terminal containing the EMV kernel and providing all EMV functionality including card acquisition
and PIN entry.
6.2.2 Standalone
Standalone solutions consist of a terminal that runs the POS software, contains the EMV kernel
and provides all EMV functionality. PIN entry occurs on an internal or external PIN pad and if
contactless is supported, the reader may be integrated into the terminal or be a separate device.
A standalone solution is in scope for PCI and full EMV certification.
Table 6-1 Integrated Solutions
Integrated Solution Description
Fully Integrated The terminal provides the EMV functionality, but the ECR still handles
card data and host communication. Therefore, it is in scope for PCI and
full EMV certification.
Semi-Integrated The terminal not only provides the EMV functionality, but also handles the
host communication, so the ECR does not see the card data. Therefore,
the ECR is not in scope for PCI or full EMV certification. Only a minimal
EMV validation script must be run for semi-integrated solutions.
For Internal Use Only
HPS Integrator’s Guide V 17.2 6: EMV Development Overview
2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive 107
6.3 EMV Certifications
Magstripe swiped and key entered transactions will continue to be certified directly through
Heartland per the existing processes already in place. However, EMV requires additional
certifications. Each card brand has its own proprietary chip applications that run on EMV cards
bearing their brand. For that reason, each card brand has its own certification requirements that
must be met and submitted for approval.
6.3.1 Test Requirements
The card brand certification requirements must be met for each distinct POS configuration that
will be deployed, which is defined by a unique combination of:
The kernel software, which includes the Level 2 Contact Application Kernel and/or Level 2
Contactless Application Kernel (payWave, Mastercard Contactless, Expresspay, etc.).
The terminal application software, which includes the payment application software and
the terminal-to-acquirer communication software.
The specific terminal configuration, which includes use of a particular EMVCo Level 2
approved kernel configuration for the specific Terminal Type, Terminal Capabilities and
other relevant terminal parameter settings.
The complete connection path from the terminal to the card brand.
The card brand certification requirements must be met when any of the following occurs:
A particular POS configuration is deployed for the first time.
A major upgrade is made to an already deployed POS configuration.
The terminal hardware and software is upgraded and the change is major according to the
EMVCo Type Approval Bulletin No. 11 (http://www.emvco.com/approvals.aspx?id=108).
Note: Replacing the IFM with another approved IFM is not considered a major change.
A contact terminal is upgraded to support contactless transactions.
The terminal application software is upgraded to support additional payment related
functionality such as the partial approval, purchase with cash back, purchase with gratuity,
cardholder application selection, etc.
The Level 2 kernel configuration is modified.
The terminal is upgraded to support an additional AID.
The acquirer modifies its network in such a way that it affects the transaction message
mapping between the POS and the acquirer host that interfaces with the card brand
networks.
The card brand requests it, for instance, in the scope of the ad-hoc resolution of a field
interoperability issue.
REQUIREMENT If an EMV POS Solution supports multiple kernel configurations, multiple certifications
will be required, one for each kernel configuration that will be used in production.
For Internal Use Only
6: EMV Development Overview HPS Integrator’s Guide V 17.2
108 2017 Heartland Payment Systems, LLC, All Rights Reserved–HPS Confidential: Sensitive
6.3.2 Test Plans
The following card brand test plans must be executed for full EMV certifications:
6.3.2.1 Visa Smart Debit/Credit (VSDC) Testing
6.3.2.2 Mastercard Terminal Integration Process (M-TIP)
Testing
6.3.2.3 AMEX Integrated Circuit Card Payment Specification
(AEIPS) Testing
Table 6-2 VSDC Testing
Test Plan Description
Acquirer Device Validation Toolkit (ADVT) User Guide Test cases for EMV contact card acceptance.
Contactless Device Evaluation Toolkit (CDET) User Guide Test cases for general contactless card acceptance.
Visa U.S. Debit ADVT-CDET Use Cases Test cases for EMV contact and contactless debit card
acceptance.
Table 6-3 M-TIP Testing
Test Plan Description
M-TIP 2.0 – M-TIP Subset Test cases for EMV contact card acceptance.
M-TIP 2.0 – Contactless Subset 6