HPS Integrator's Guide V 17.2 Nov 2017

User Manual:

Open the PDF directly: View PDF .
Page Count: 316 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Heartland Integrator’s Guide
Release Notes
Table of Contents
List of Tables
List of Figures
Chapter 1: Overview
Chapter 2: General POS Requirements
Chapter 3: Card Brand Information
Chapter 4: E3 Processing Overview
Chapter 5: EMV Processing Overview
Chapter 6: EMV Development Overview
Chapter 7: EMV Terminal Interface
Chapter 8: EMV Parameter Interface
Chapter 9: EMV Quick Chip Processing Overview
Appendices

POS Message Interface

Heartland Integrator’s Guide

Version 17.2

November 2017

For Internal Use Only

Notice HPS Integrator’s Guide V 17.2

Notice

THE INFORMATION CONTAINED HEREIN IS PROVIDED TO RECIPIENT “AS IS” WITHOUT

WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, OR

WARRANTY OF TITLE OR NON-INFRINGEMENT. HEARTLAND PAYMENT SYSTEMS, LLC

(“HEARTLAND”) MAKES NO WARRANTIES OR REPRESENTATIONS THAT THE MATERIALS,

INFORMATION, AND CONTENTS HEREIN ARE OR WILL BE ERROR FREE, SECURE, OR MEET

RECIPIENT’S NEEDS. ALL SUCH WARRANTIES ARE EXPRESSLY DISCLAIMED.

RECIPIENT’S USE OF ANY INFORMATION CONTAINED HEREIN IS AT RECIPIENT’S SOLE AND

EXCLUSIVE RISK. IN NO EVENT SHALL HEARTLAND BE LIABLE FOR ANY DIRECT, INDIRECT,

SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF ANY

INFORMATION CONTAINED HEREIN, WHETHER RESULTING FROM BREACH OF CONTRACT,

BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, EVEN IF HEARTLAND HAS BEEN

ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. HEARTLAND RESERVES THE RIGHT TO

MAKE CHANGES TO THE INFORMATION CONTAINED HEREIN AT ANY TIME WITHOUT NOTICE.

THIS DOCUMENT AND ALL INFORMATION CONTAINED HEREIN IS PROPRIETARY TO HEARTLAND,

RECIPIENT SHALL NOT DISCLOSE THIS DOCUMENT OR THE SYSTEM DESCRIBED HEREIN TO

ANY THIRD PARTY UNDER ANY CIRCUMSTANCES WITHOUT PRIOR WRITTEN CONSENT OF A

DULY AUTHORIZED REPRESENTATIVE OF HEARTLAND. IN ORDER TO PROTECT THE

CONFIDENTIAL NATURE OF THIS PROPRIETARY INFORMATION, RECIPIENT AGREES:

(A) TO IMPOSE IN WRITING SIMILAR OBLIGATIONS OF CONFIDENTIALITY AND

NONDISCLOSURE AS CONTAINED HEREIN ON RECIPIENT’S EMPLOYEES AND

AUTHORIZED THIRD PARTIES TO WHOM RECIPIENT DISCLOSES THIS INFORMATION

(SUCH DISCLOSURE TO BE MADE ON A STRICTLY NEED-TO-KNOW BASIS) PRIOR TO

SHARING THIS DOCUMENT AND

(B) TO BE RESPONSIBLE FOR ANY BREACH OF CONFIDENTIALITY BY THOSE EMPLOYEES

AND THIRD PARTIES TO WHOM RECIPIENT DISCLOSES THIS INFORMATION.

RECIPIENT ACKNOWLEDGES AND AGREES THAT USE OF THE INFORMATION CONTAINED

HEREIN SIGNIFIES ACKNOWLEDGMENT AND ACCEPTANCE OF THESE TERMS. ANY SUCH USE IS

CONDITIONED UPON THE TERMS, CONDITIONS AND OBLIGATIONS CONTAINED WITHIN THIS

NOTICE.

THE TRADEMARKS AND SERVICE MARKS RELATING TO HEARTLAND’S PRODUCTS OR

SERVICES OR THOSE OF THIRD PARTIES ARE OWNED BY HEARTLAND OR THE RESPECTIVE

THIRD PARTY OWNERS OF THOSE MARKS, AS THE CASE MAY BE, AND NO LICENSE WITH

RESPECT TO ANY SUCH MARK IS EITHER GRANTED OR IMPLIED.

To verify existing content or to obtain additional information, please call or email your assigned Heartland

contact.

For Internal Use Only

HPS Integrator’s Guide V 17.2 Release Notes

Release Notes

Version 17.2 Release Notes

Chapter/Appendix Revisions

General Format and

Global Changes

• Red change bars added on clarification and project updates.

• For clarification purposes only: Some content modified and reformatted (with

no change bar), with no impact to development.

Chapter 6: EMV

Development Overview

• Removed out of date Version 2.x for approved PED or EPP devices from the

following sections:

– 6.1.1 Contact Devices, p. 105

– 6.1.2 Contactless Devices, p. 105

• Removed version numbers from the following test plan tables:

– Table 6-2 VSDC Testing, p. 108

– Table 6-3 M-TIP Testing, p. 108

– Table 6-4 AEIPS Testing, p. 108

– Table 6-5 D-PAS Testing, p. 109

Chapter 7: EMV Terminal

Interface

• Table 7-4 Terminal Data, p. 116: Added clarification to ISSUER SCRIPT

RESULTS from EMVCo document that Bytes 1-5 are repeated.

• Table 7-11 Available AIDs, p. 141:

– Added Note stating that standard credit AIDs for Mastercard and Visa support

their fleet, business, corporate, consumer cards, etc.

– For Discover U.S. Common Debit AID, removed the note that stated it was not

supported for PIN Debit. It is now supported.

– CUP: Added Union Pay AIDs.

Chapter 8: EMV

Parameter Interface

• Table 8-2 Platform Identifiers to EMV PDL System, p. 163: Added a row for the

8583 platform field identifiers for EMV PDL (DE41, DE42, DE62).

Appendix D: EMV Field

Definitions

• Table D-22 Form Factor Indicator, p. 234: Correction, 9F6E is mandatory for

MasterCard contactless.

For Internal Use Only

Release Notes HPS Integrator’s Guide V 17.2

This page intentionally left blank for duplex printing.

For Internal Use Only

HPS Integrator’s Guide V 17.2 Table of Contents

Table of Contents

Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.2 Document Purpose. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.3 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

1.4 Payment Application Data Security Standards (PA-DSS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 2: General POS Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.1 Address Verification Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

2.1.1 AVS Data Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.1.2 AVS Result Code Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.2 Chargeback Protected Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

2.3 No Signature Required. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

2.4 Binary to ASCII Hex Conversion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Chapter 3: Card Brand Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.2 American Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3.2.1 American Express Track 1 Format X4.16 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3.2.2 American Express Track 1 Format ISO 7813 Standard . . . . . . . . . . . . . . . . . . . . . . . . 31

3.2.3 American Express Track 2 Format X4.16 Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.2.4 American Express Track 2 Format ISO 7813 Standard . . . . . . . . . . . . . . . . . . . . . . . . 33

3.3 AVcard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.3.1 AVcard Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.3.2 AVcard Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.4 Centego Prepaid Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.4.1 Centego Prepaid Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.4.2 Centego Prepaid Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.5 Discover Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.5.1 Discover Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.5.2 Discover Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3.6 Diner’s Club International Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.6.1 Diner’s Club International Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.6.2 Diner’s Club International Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3.7 Drop Tank Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.7.1 Drop Tank Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.7.2 Drop Tank Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.8 Heartland Gift Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

3.8.1 Heartland Gift Card Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

For Internal Use Only

Table of Contents HPS Integrator’s Guide V 17.2

3.9 EBT Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

3.9.1 EBT Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

3.10 Fleet One Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.10.1 Fleet One Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

3.11 FleetCor Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3.11.1 FleetCor Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3.12 JCB Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

3.12.1 JCB IIN Ranges on Discover Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

3.13 Mastercard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.13.1 Mastercard Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.13.2 Mastercard Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3.14 Mastercard Fleet Card Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

3.14.1 Mastercard Fleet Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

3.14.2 Account Number Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

3.14.3 Mastercard Fleet Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

3.14.4 Mastercard Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

3.15 Mastercard Purchasing Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

3.15.1 Mastercard Purchasing Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

3.15.2 Mastercard Purchasing Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

3.15.3 Mastercard Purchasing Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

3.15.4 Mills Fleet Farm PLCC Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

3.15.5 Mills Fleet Farm PLCC Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

3.16 Multi Service Track Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

3.16.1 Multi Service Swiped Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

3.17 PayPal Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

3.18 Stored Value Solutions (SVS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

3.18.1 SVS Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

3.18.2 SVS Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

3.19 UnionPay Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

3.20 ValueLink Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

3.20.1 ValueLink Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

3.20.2 ValueLink Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

3.21 Visa Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

3.21.1 Visa Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

3.21.2 Visa Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

3.22 Visa Corporate or Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

3.23 Visa Purchasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

3.24 Visa Fleet Card Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

3.24.1 Visa Fleet Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

3.24.2 Visa Fleet Track 1 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

3.24.3 Visa Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

3.25 Voyager Fleet Card. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

For Internal Use Only

HPS Integrator’s Guide V 17.2 Table of Contents

3.25.1 Voyager Account Number Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

3.25.2 Voyager Fleet Track 1 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

3.25.3 Voyager Fleet Track 2 Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

3.26 WEX Fleet Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

3.26.1 WEX Fleet Card Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

3.26.2 WEX GSA Fleet Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

3.26.3 WEX Fleet Track 2 Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

3.26.4 WEX MOD 10 Calculation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Chapter 4: E3 Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

4.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

4.2 The E3® Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

4.3 Encryption Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

4.3.1 Encrypted Track and PAN Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

4.3.2 Encrypted Card Security Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

4.3.3 Encryption Transmission Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

4.4 E3 Specific Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

4.4.1 Heartland Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

4.4.1.1 Unique Transaction ID (UID). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

4.4.1.2 Merchant ID Number (MID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

4.4.1.3 Account Data Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

4.4.1.4 Customer Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

4.4.1.5 Retrieval Reference Number (RRN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

4.4.1.6 Transaction Identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

4.4.1.7 Authorization Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

4.4.1.8 Void/Incremental Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

4.4.2 Settlements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

4.4.2.1 Header Record Field Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

4.4.2.2 Detail Record Fields Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

4.4.2.3 Settlement Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

4.4.3 POS 8583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

4.4.4 NTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

4.4.5 Z01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

4.5 E3 Hardware Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

4.5.1 E3 MSR Wedge (HPS-E3-M1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

4.5.2 E3 MSR Wedge Device Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

4.5.3 E3 MSR Wedge Example Output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

4.6 E3 PIN Pad (HPS-E3-P1). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

4.6.1 E3 PIN Pad Device Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

4.6.1.1 E3 PIN Pad Requests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

4.6.1.2 E3 PIN Pad Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

4.6.2 Ingenico iPP300 and iSC Touch Series PIN Pads . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

4.6.3 Equinox L4000 and L5000 Series PIN Pads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

For Internal Use Only

Table of Contents HPS Integrator’s Guide V 17.2

Chapter 5: EMV Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

5.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

5.2 EMV Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

5.2.1 Enhanced Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

5.2.2 Card Brand Mandates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

5.2.3 Fraud Liability Shifts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

5.2.4 PCI Audit Waivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

5.3 EMV Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

5.3.1 Contact Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

5.3.2 Contactless Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

5.3.3 Heartland Host Specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

5.4 EMV Online vs. Offline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

5.4.1 Card Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

5.4.2 Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

5.4.3 Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

5.5 Full vs. Partial EMV Transactions and Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

5.5.1 Full vs. Partial Transaction Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

5.5.2 Full vs. Partial Credit Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

5.5.3 Full vs. Partial Debit Transactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Chapter 6: EMV Development Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

6.1 EMV Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

6.1.1 Contact Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

6.1.2 Contactless Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

6.1.3 Letters of Approval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

6.2 EMV Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

6.2.1 Integrated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

6.2.2 Standalone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

6.3 EMV Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

6.3.1 Test Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

6.3.2 Test Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

6.3.2.1 Visa Smart Debit/Credit (VSDC) Testing. . . . . . . . . . . . . . . . . . . . . . . . . . 108

6.3.2.2 Mastercard Terminal Integration Process (M-TIP) Testing . . . . . . . . . . . . 108

6.3.2.3 AMEX Integrated Circuit Card Payment Specification (AEIPS) Testing . . 108

6.3.2.4 Discover D-Payment Application Specification (D-PAS) Testing. . . . . . . . 109

6.3.3 Test Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

6.3.4 Test Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

6.3.5 Test Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

6.4 EMV Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Chapter 7: EMV Terminal Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

7.1 EMV Terminal to Card Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

For Internal Use Only

HPS Integrator’s Guide V 17.2 Table of Contents

7.1.1 Application Protocol Data Units (APDUs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

7.1.2 Tag, Length, Value (TLV) Data Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

7.1.3 Kernel Application Programming Interface (API) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

7.2 EMV Data Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

7.2.1 Data Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

7.2.2 Terminal Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

7.2.3 Card Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

7.2.4 Issuer Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

7.3 Contact Transaction Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

7.3.1 Tender Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

7.3.2 Card Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

7.3.2.1 Card Swipe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

7.3.2.2 Fallback Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

7.3.3 Application Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

7.3.3.1 Available AIDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

7.3.3.2 Debit AIDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

7.3.4 Initiate Application Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

7.3.5 Read Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

7.3.6 Offline Data Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

7.3.7 Processing Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

7.3.8 Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

7.3.8.1 PIN Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

7.3.9 Terminal Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

7.3.10 Terminal Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

7.3.11 Card Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

7.3.12 Online Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

7.3.12.1 Offline Authorization (Optional, Not Used in U.S.) . . . . . . . . . . . . . . . . . . 149

7.3.12.2 Deferred Authorization (Store-and-Forward) . . . . . . . . . . . . . . . . . . . . . . 149

7.3.12.3 Forced Acceptance (Stand-In) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

7.3.13 Issuer Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

7.3.14 Issuer-to-Card Script Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

7.3.15 Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

7.3.16 Card Removal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

7.4 Contactless Transaction Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

7.4.1 Pre-Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

7.4.2 Discovery Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

7.4.3 Application Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

7.4.4 Initiate Application Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

7.4.4.1 Path Determination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

7.4.4.2 Terminal Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

7.4.4.3 Terminal Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

7.4.4.4 Card Action Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

7.4.5 Read Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

7.4.6 Card Read Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

For Internal Use Only

Table of Contents HPS Integrator’s Guide V 17.2

7.4.7 Processing Restrictions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

7.4.8 Offline Data Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

7.4.9 Cardholder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

7.4.10 Online Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

7.4.11 Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

7.4.12 Issuer Update Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

7.5 EMV Receipts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

7.5.1 Approval Receipts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

7.5.2 Decline Receipts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Chapter 8: EMV Parameter Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

8.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

8.2 Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

8.3 POS 8583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

8.4 NTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

8.5 Z01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

8.6 Portico . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

8.7 SpiDr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Chapter 9: EMV Quick Chip Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . 169

9.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

9.2 Quick Chip Processing Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

9.3 Impact to Existing EMV Kernel and Host Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

9.4 Comparison of Standard EMV and Quick Chip Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

9.5 Online Processing Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

9.6 Quick Chip Processing Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

9.7 Floor Limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

9.8 Amounts – Final or Pre-Determined . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

9.9 Cashback Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

9.10 CVM List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

9.11 No Signature Required Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Appendices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

A: Industry Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

A.1 Conexxus Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

A.2 Mastercard Purchasing Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

A.2.1 Mastercard Purchasing Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . 191

A.2.2 Mastercard Purchasing Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . 193

A.3 Mastercard Fleet Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

A.3.1 Mastercard Fleet Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

A.3.2 Mastercard Fleet Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . 196

For Internal Use Only

HPS Integrator’s Guide V 17.2 Table of Contents

A.4 Heartland Product Codes for Visa Fleet Processing. . . . . . . . . . . . . . . . . . . . . . . . . . 197

A.4.1 Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

A.4.2 Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

A.5 Voyager Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

A.5.1 Voyager Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

A.5.2 Voyager Non-Fuel Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

A.6 WEX Supported Conexxus Product Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

B: Receipt Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

B.1 General Receipt Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

B.2 Additional Receipt Requirements by Card Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

C: State Codes / Region Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220

D: EMV Field Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223

D.1 Additional Terminal Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

D.2 Amount, Authorised (Numeric) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

D.3 Amount, Other (Numeric) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

D.4 Application Cryptogram. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

D.5 Application Dedicated File (ADF) Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

D.6 Application Identifier (AID) – Terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

D.7 Application Interchange Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

D.8 Application Label. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

D.9 Application Preferred Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

D.10 Application Primary Account Number (PAN) Sequence Number . . . . . . . . . . . . . . . . 229

D.11 Application Transaction Counter (ATC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

D.12 Application Usage Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

D.13 Application Version Number (ICC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

D.14 Application Version Number (Terminal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

D.15 Authorisation Response Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

D.16 Cardholder Verification Method (CVM) Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

D.17 Cryptogram Information Data (CID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

D.18 Customer Exclusive Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

D.19 Dedicated File Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

D.20 Form Factor Indicator (FFI). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

D.21 ICC Dynamic Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

D.22 Interface Device (IFD) Serial Number. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

D.23 Issuer Action Code – Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

D.24 Issuer Action Code – Denial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

D.25 Issuer Action Code – Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

D.26 Issuer Application Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

D.27 Issuer Authentication Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

D.28 Issuer Country Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

D.29 Issuer Script Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

D.30 Issuer Script Template 1 & 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

D.31 POS Entry Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

For Internal Use Only

Table of Contents HPS Integrator’s Guide V 17.2

D.32 Terminal Action Code – Default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

D.33 Terminal Action Code – Denial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

D.34 Terminal Action Code – Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

D.35 Terminal Capabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

D.36 Terminal Country Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

D.37 Terminal Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

D.38 Terminal Verification Results (TVR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

D.39 Third Party Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

D.40 Transaction Currency Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

D.41 Transaction Date. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

D.42 Transaction Sequence Counter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

D.43 Transaction Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

D.44 Transaction Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

D.45 Transaction Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

D.46 Unpredictable Number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

E: EMV PDL Data Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

F: Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

For Internal Use Only

HPS Integrator’s Guide V 17.2 List of Tables

List of Tables

2-1 Address Verification Service .......................................................................................................21

2-2 Chargeback Protected Limits......................................................................................................23

2-3 Binary to ASCII Hex Conversion.................................................................................................25

2-4 Binary ASCII Hex Conversion Example......................................................................................26

3-1 Card Brand References to Track Data........................................................................................28

3-2 American Express Track 1 Format X4.16 Standard ...................................................................30

3-3 American Express Track 1 Format ISO 7813 Standard..............................................................31

3-4 American Express Track 2 Format X4.16 Standard ...................................................................33

3-5 American Express Track 2 Format ISO 7813 Standard..............................................................33

3-6 AVcard Track 1 Format...............................................................................................................35

3-7 AVcard Track 2 Format...............................................................................................................35

3-8 Centego Prepaid Track 1 Format................................................................................................36

3-9 Centego Prepaid Track 2 Format................................................................................................37

3-10 Discover Track 1 Format.............................................................................................................38

3-11 Discover Track 2 Format.............................................................................................................39

3-12 Diner’s Club International Track 1 Format ..................................................................................40

3-13 Diner’s Club International Track 2 Format ..................................................................................41

3-14 Drop Tank Track 1 Format..........................................................................................................42

3-15 Drop Tank Track 2 Format..........................................................................................................42

3-16 Heartland Gift Card Track 2 Format............................................................................................43

3-17 EBT Track 2 Format....................................................................................................................44

3-18 Fleet One Track 2 Format...........................................................................................................45

3-19 FleetCor Track 2 Format.............................................................................................................46

3-20 Mastercard Track 1 Format.........................................................................................................48

3-21 Mastercard Track 2 Format.........................................................................................................48

3-22 Mastercard Fleet Account Number Information Method .............................................................50

3-23 Mastercard Fleet Track 1 Format................................................................................................51

3-24 Mastercard Fleet Track 2 Format................................................................................................52

3-25 Mastercard Purchasing Track 1 Format......................................................................................53

3-26 Mastercard Purchasing Track 2 Format......................................................................................54

3-27 Mills Fleet Farm PLCC Track 1 Format ......................................................................................55

3-28 Mills Fleet Farm PLCC Track 2 Format ......................................................................................56

3-29 Multi Service Swiped Track 2 Format .........................................................................................57

3-30 SVS Track 1 Format ...................................................................................................................58

3-31 SVS Track 2 Format ...................................................................................................................58

3-32 ValueLink Track 1 Format...........................................................................................................59

3-33 ValueLink Track 2 Format...........................................................................................................60

3-34 Visa Track 1 Format....................................................................................................................61

3-35 Visa Track 2 Format....................................................................................................................62

3-36 Visa Fleet Track 1 Format...........................................................................................................64

3-37 Visa Fleet Track 2 Format...........................................................................................................65

For Internal Use Only

List of Tables HPS Integrator’s Guide V 17.2

3-38 Voyager Fleet Account Number Information Method ..................................................................67

3-39 Voyager Fleet Track 1 Format ....................................................................................................68

3-40 Voyager Fleet Track 2 Format ....................................................................................................69

3-41 WEX Fleet Track 2 Format .........................................................................................................72

4-1 PAN Encryption...........................................................................................................................76

4-2 Track 1 Encryption ......................................................................................................................76

4-3 Track 2 Encryption ......................................................................................................................76

4-4 Encrypted CSC Steps .................................................................................................................77

4-5 Authorization Examples ..............................................................................................................79

4-6 POS 8583 Data Fields ................................................................................................................83

4-7 NTS Data Fields..........................................................................................................................85

4-8 Z01 Data Fields...........................................................................................................................87

4-9 E3 MSR Wedge Operation Modes..............................................................................................89

4-10 E3 MSR Wedge Operation Modes..............................................................................................91

5-1 Key Security Features.................................................................................................................96

5-2 Liability Shifts ..............................................................................................................................97

5-3 Contact Specifications ................................................................................................................98

5-4 Contactless Specifications ..........................................................................................................99

5-5 Heartland Host Specifications.....................................................................................................99

5-6 Card Authentication ..................................................................................................................100

5-7 Cardholder Verification .............................................................................................................100

5-8 Authorization .............................................................................................................................100

5-9 Full vs. Partial EMV Transactions and Flow .............................................................................101

5-10 Full vs. Partial Transaction Flow ...............................................................................................101

5-11 Full vs. Partial Credit Transactions ...........................................................................................102

5-12 Full vs. Partial Debit Transactions ............................................................................................103

6-1 Integrated Solutions ..................................................................................................................106

6-2 VSDC Testing ...........................................................................................................................108

6-3 M-TIP Testing ...........................................................................................................................108

6-4 AEIPS Testing...........................................................................................................................108

6-5 D-PAS Testing ..........................................................................................................................109

6-6 Test Environments ....................................................................................................................110

6-7 Test Process .............................................................................................................................110

7-1 Command APDU Format ..........................................................................................................113

7-2 Response APDU Format ..........................................................................................................113

7-3 Data Conventions .....................................................................................................................115

7-4 Terminal Data ...........................................................................................................................116

7-5 Card Data..................................................................................................................................127

7-6 Issuer Data................................................................................................................................134

7-7 Tender Processing....................................................................................................................136

7-8 Fallback Processing..................................................................................................................138

7-9 Application Selection.................................................................................................................139

7-10 Supported Application Methods ................................................................................................140

7-11 Available AIDs...........................................................................................................................141

For Internal Use Only

HPS Integrator’s Guide V 17.2 List of Tables

7-12 Offline Data Authentication .......................................................................................................144

7-13 Processing Restrictions ............................................................................................................144

7-14 Cardholder Verification .............................................................................................................145

7-15 PIN Support ..............................................................................................................................146

7-16 Terminal Risk Management ......................................................................................................147

7-17 Terminal Action Analysis...........................................................................................................147

7-18 Terminal Verification Results ....................................................................................................150

7-19 Transaction Status Indicator .....................................................................................................151

7-20 Online or Offline Disposition .....................................................................................................153

7-21 Contact EMV Flow Differences .................................................................................................156

7-22 Card Verification .......................................................................................................................158

7-23 Receipt Requirements ..............................................................................................................160

8-1 EMV PDL Tables ......................................................................................................................163

8-2 Platform Identifiers to EMV PDL System ..................................................................................163

9-1 Comparison of Standard EMV and Quick Chip Processes.......................................................170

9-2 Online Processing.....................................................................................................................171

A-1 Conexxus Product Codes .........................................................................................................178

A-2 Mastercard Purchasing Fuel Product Codes ............................................................................191

A-3 Mastercard Purchasing Non-Fuel Product Codes ....................................................................193

A-4 Mastercard Fleet Fuel Product Codes ......................................................................................195

A-5 Mastercard Fleet Non-Fuel Product Codes ..............................................................................196

A-6 Fuel Product Codes ..................................................................................................................197

A-7 Non-Fuel Product Codes ..........................................................................................................199

A-8 Voyager Fuel Product Codes....................................................................................................200

A-9 Voyager Non-Fuel Product Codes ............................................................................................201

A-10 WEX Supported Conexxus Product Codes ..............................................................................207

B-1 Additional Receipt Requirements by Card Types .....................................................................217

C-1 State Codes ..............................................................................................................................220

C-2 Region Codes: Canada (Province Codes)................................................................................222

D-1 POS 8583: Binary Example ......................................................................................................223

D-2 Exchange, Portico, NTS, Z01, SpiDr: ASCII Hex Example.......................................................223

D-3 Additional Terminal Capabilities................................................................................................224

D-4 Amount, Authorised (Numeric)..................................................................................................224

D-5 Amount, Other (Numeric)..........................................................................................................225

D-6 Application Cryptogram.............................................................................................................225

D-7 Application Dedicated File (ADF) Name ...................................................................................226

D-8 Application Identifier (AID) – Terminal ......................................................................................227

D-9 Application Interchange Profile .................................................................................................227

D-10 Application Label.......................................................................................................................228

D-11 Application Preferred Name......................................................................................................228

D-12 Application Primary Account Number Sequence Number ........................................................229

D-13 Application Transaction Counter (ATC) ....................................................................................229

D-14 Application Usage Control ........................................................................................................230

D-15 Application Version Number (ICC)............................................................................................230

For Internal Use Only

List of Tables HPS Integrator’s Guide V 17.2

D-16 Application Version Number (Terminal) ....................................................................................231

D-17 Authorisation Response Code ..................................................................................................231

D-18 Cardholder Verification Method (CVM) Results ........................................................................232

D-19 Cryptogram Information Data (CID) ..........................................................................................233

D-20 Customer Exclusive Data..........................................................................................................233

D-21 Dedicated File Name ................................................................................................................234

D-22 Form Factor Indicator................................................................................................................234

D-23 ICC Dynamic Number ...............................................................................................................235

D-24 Interface Device (IFD) Serial Number .......................................................................................235

D-25 Issuer Action Code – Default ....................................................................................................236

D-26 Issuer Action Code – Denial .....................................................................................................236

D-27 Issuer Action Code – Online .....................................................................................................237

D-28 Issuer Application Data .............................................................................................................237

D-29 Issuer Authentication Data........................................................................................................238

D-30 Issuer Country Code .................................................................................................................238

D-31 Issuer Script Results .................................................................................................................239

D-32 Issuer Script Template 1 & 2.....................................................................................................239

D-33 POS Entry Mode .......................................................................................................................240

D-34 Terminal Action Code – Default ................................................................................................240

D-35 Terminal Action Code – Denial .................................................................................................241

D-36 Terminal Action Code – Online .................................................................................................241

D-37 Terminal Capabilities ................................................................................................................242

D-38 Terminal Country Code.............................................................................................................242

D-39 Terminal Type ...........................................................................................................................243

D-40 Terminal Verification Results (TVR)..........................................................................................243

D-41 Third Party Data........................................................................................................................244

D-42 Transaction Currency Code ......................................................................................................244

D-43 Transaction Data.......................................................................................................................245

D-44 Transaction Sequence Counter ................................................................................................245

D-45 Transaction Status Information .................................................................................................246

D-46 Transaction Time ......................................................................................................................246

D-47 Transaction Type ......................................................................................................................247

D-48 Unpredictable Number ..............................................................................................................247

E-1 EMV PDL Data Examples.........................................................................................................248

F-1 Glossary....................................................................................................................................292

For Internal Use Only

HPS Integrator’s Guide V 17.2 List of Figures

List of Figures

3-1 Mastercard Fleet Card: Driver Assigned Example......................................................................49

3-2 Mastercard Fleet Card: Vehicle Assigned Example....................................................................49

3-3 Visa Fleet Card: Driver Assigned Example.................................................................................63

3-4 Visa Fleet Card: Vehicle Assigned Example...............................................................................63

3-5 WEX Fleet Card Example ...........................................................................................................70

3-6 WEX GSA Fleet ..........................................................................................................................71

3-7 WEX Dept. of Defense Fleet.......................................................................................................71

3-8 WEX Dept. of Energy Fleet.........................................................................................................71

4-1 E3 MSR Wedge ..........................................................................................................................88

4-2 E3 PIN Pad .................................................................................................................................90

7-1 Contact Transaction Flow .........................................................................................................135

7-2 Contactless Transaction Flow...................................................................................................155

7-3 EMV Receipt Example ..............................................................................................................161

9-1 Quick Chip Processing Flow .....................................................................................................173

For Internal Use Only

List of Figures HPS Integrator’s Guide V 17.2

For Internal Use Only

HPS Integrator’s Guide V 17.2 1: Overview

Chapter 1: Overview

1.1 Introduction

Heartland Payment Systems, LLC (Heartland) is a leading third-party provider of payment card

transaction processing, providing the following services:

• Host Network transaction services

• Bankcard, Fleet, Debit and Private Label card processing

• Mobile and e-commerce solutions

• Settlement processing

1.2 Document Purpose

The purpose of this document is to provide information in order to integrate a POS system to

Heartland. Topics include:

1.3 Audience

The primary audience for this document consists of third-party vendors responsible for

developing POS payment systems to interface with the Heartland network. The secondary

audience consists of Heartland internal staff responsible for certifying or supporting POS

payment applications. All users of this document are assumed to have a basic understanding of

POS applications.

•General POS Requirements •Industry Codes

•Card Brand Information •Receipt Requirements

•E3 Processing Overview •State Codes / Region Codes

•EMV Processing Overview •EMV Field Definitions

•EMV Development Overview •EMV PDL Data Examples

•EMV Terminal Interface •Glossary

•EMV Parameter Interface •

REQUIREMENT

This document is to be used along with Heartland’s Network platform specifications

(Exchange, POS 8583, NTS, Z01, Portico, SpiDr). Information found in the Network

specifications could override content within this document.

For Internal Use Only

1: Overview HPS Integrator’s Guide V 17.2

1.4 Payment Application Data Security

Standards (PA-DSS)

The Payment Card Industry (PCI) Security Standards Council (SSC) has released the Payment

Application Data Security Standards (PA-DSS) for payment applications running at merchant

locations. The PA-DSS assist software vendors to ensure their payment applications support

compliance with the mandates set by the bankcard companies (Visa, Mastercard, Discover,

American Express, and JCB).

In order to comply with the mandates set by the bankcard companies, Heartland:

• Requires that the account number cannot be stored as plain, unencrypted data to meet PCI

and PA-DSS regulations. It must be encrypted while stored using strong cryptography with

associated key management processes and procedures.

Note: Refer to PCI DSS Requirements 3.4–3.6* for detailed requirements regarding

account number storage. The retention period for the Account Number in the

shadow file and open batch must be defined and at the end of that period or when

the batch is closed and successfully transmitted, the account number and all other

information must be securely deleted. This is a required process regardless of the

method of transmission for the POS.

• Requires that, with the exception of the Account Number as described above and the

Expiration Date, no other Track Data is to be stored on the POS if the Card Type is a:

– Visa, including Visa Fleet;

– Mastercard, including Mastercard Fleet, and Carte Blanche;

– Discover, including JCB, UnionPay, Diner's Club, and PayPal;

– American Express;

– Debit or EBT.

• This requirement does not apply to WEX, FleetCor, Fleet One, Voyager, or Aviation cards;

Stored Value cards; Proprietary or Private Label cards.

• Recommends that software vendors to have their applications validated by an approved

third party for PA-DSS compliance.

• Requires all software vendors to sign a Non-Disclosure Agreement / Development

Agreement.

• Requires all software vendors to provide evidence of the application version listed on the

PCI Council’s website as a PA-DSS validated Payment Application, or a written certification

to HPS testing to Developer's compliance with PA-DSS.

•Requires that all methods of cryptography provided or used by the payment application

meet PCI SSC’s current definition of ‘Strong Cryptography’.

*Refer to www.pcisecuritystandards.org for the PCI DSS Requirements document and further

details about PA-DSS.

For Internal Use Only

HPS Integrator’s Guide V 17.2 2: General POS Requirements

Chapter 2: General POS Requirements

2.1 Address Verification Service

Visa, Mastercard, AMEX and Discover offer an Address Verification Service (AVS) as a

risk-management tool for merchants accepting transactions in which:

• neither the card nor the cardholder are present (e.g., mail, telephone order, Internet

transactions), or

• the card is present but its magnetic stripe cannot be read by a terminal at the point of sale.

AVS helps reduce the risk of accepting fraudulent transactions by issuer verification of the

cardholder’s billing address. The AVS Result Code helps the merchant determine whether to

accept a particular transaction or to take further follow-up action.

When a merchant accepts a card-not-present transaction, financial liability is also accepted by

the merchant in the event the transaction proves to be fraudulent. If the transaction is fraudulent,

the dollar value of the transaction may be “charged back” to the merchant. In addition to the

“charge back,” there are additional costs to process these exception items, plus the loss of

merchandise.

Table 2-1 Address Verification Service

AVS Request Description

Address Verification

Request

Address verification may be requested in one of two ways:

• by itself, or

• as part of an authorization request.

AVS By Itself (AVS Only) An AVS only request may be used under the following circumstances:

• a merchant wants to verify the customer’s billing address before requesting an

authorization, or

• the merchant sent an AVS and an authorization request earlier and received

an authorization approval but an AVS “try again later” response.

For Internal Use Only

2: General POS Requirements HPS Integrator’s Guide V 17.2

2.1.1 AVS Data Flow

2.1.2 AVS Result Code Guidelines

Not all Heartland POS message specifications support AVS Result Codes. See your specific

POS message specification for details.

For some industries, if the AVS Result Code is not a match, the payment engine automatically

declines and voids the transaction to the issuer.

For other industries, the merchant makes the decision on whether to proceed when the AVS

information is not an exact match, but the issuer approves the authorization request. See you

Heartland Representative for more information.

AVS Authorization

Request

You may process AVS requests the same way you process authorizations simply

by including the AVS information in the authorization request. The authorization

and address verification process is as follows:

• Customer contacts the merchant to place an order.

• The merchant confirms the usual order information including the merchandise

description, price, the customer’s account number, card expiration date, and

shipping address.

• The merchant requests the cardholder’s billing address (street address and/or

ZIP Code) for the card being used. (The billing address is where the

cardholder’s monthly statement is sent for the card being used.)

• The POS system includes the address information with the authorization

request to Heartland.

• The issuer makes an authorization decision separately from the AVS request.

The issuer compares the cardholder billing address with the billing address it

has for that account. The issuer returns both the authorization response and a

code indicating the address verification results. Like any other transaction, if

the issuer declines the authorization request do not complete the transaction

for that account. This rule holds true even if you receive an “exact match” on

the address verification request.

Table 2-1 Address Verification Service (Continued)

AVS Request Description

CARDHOLDER MERCHANT HEARTLAND CARD BRAND

NETWORK ISSUER

For Internal Use Only

HPS Integrator’s Guide V 17.2 2: General POS Requirements

2.2 Chargeback Protected Limits

The following amounts are the ICR-initiated chargeback protected amounts for approved

transactions by the bank card associations.

The merchant may choose to override these amounts. Any amount above the limits listed will not

include Chargeback Protection.

The merchant is at risk for any amount above these limits.

Table 2-2 Chargeback Protected Limits

Card Type Description

Visa • Visa Consumer (including Visa Signature and Sign Preferred), Visa Business

(including Visa Signature Business), Visa Corporate, and Visa Purchasing cards

offer Chargeback Protection to $100 if the card has been authorized for $1.00.

• Visa Fleet cards offer Chargeback Protection to $150 if the card has been

authorized for $1.00.

Mastercard • Mastercard Consumer cards offer Chargeback Protection to $100 if the card has

been authorized for $1.00.

• Mastercard Corporate, Mastercard Corporate Fleet, and Mastercard Purchasing

cards offer Chargeback Protection to $150 if the card has been authorized for

$1.00.

Discover Card • Discover Card offers Chargeback Protection to $100 if the card has been

authorized for $1.00. If the merchant has a custom agreement with Discover to

authorize for a different amount, chargeback protection is the approved amount.

American Express • American Express does not offer Chargeback Protection.

For Internal Use Only

2: General POS Requirements HPS Integrator’s Guide V 17.2

2.3 No Signature Required

No Signature Required is a program offered by Visa, Mastercard, AMEX and Discover for

consumer and commercial cards. The No Signature Required program allows merchants within

certain MCC codes to process transactions without having to obtain the cardholders signature or

provide the cardholder with a receipt unless the cardholder requests it.

In order to be eligible for No Signature Required, the following conditions must be met:

• The cardholder must be present at the time of the transaction in a face-to-face

environment.

• The merchant name and location must be included in the authorization request.

• The total amount of the transaction must be less than the No Signature Required threshold

for the merchant’s MCC. Refer to the individual card associations for current information

about amounts, MCCs allowed, etc.

• Online authorization must be obtained and the full track data must be included in the

authorization message. The track data can be obtained from the chip for EMV transactions

or from the magnetic stripe for swiped transactions.

To process a No Signature Required transaction with a chip card (on a chip-card-capable POS

terminal), the terminal application must set the Terminal Capabilities field to enable only the No

CVM Required card verification method (CVM). This action will cause the chip card not to require

a CVM.

For Internal Use Only

HPS Integrator’s Guide V 17.2 2: General POS Requirements

2.4 Binary to ASCII Hex Conversion

Since some the Host message formats allow for only printable characters to appear in

transaction data fields. Binary fields must be expanded to ensure that no values less than

hexadecimal 20 are transmitted.

To convert a binary field to its corresponding ASCII equivalent, remove 4 bits at a time and

convert them to the ASCII characters defined below. Performing this conversion procedure will

result in a doubling of the field size, i.e., a 20-digit binary field will yield a 40-character ASCII

result. After performing the conversion, the resulting ASCII data may then be populated within

the transaction data field.

Table 2-3 Binary to ASCII Hex Conversion

BIT Data ASCII Hex Characters

0000 0

0001 1

0010 2

0011 3

0100 4

0101 5

0110 6

0111 7

1000 8

1001 9

1010 A

1011 B

1100 C

1101 D

1110 E

1111 F

For Internal Use Only

2: General POS Requirements HPS Integrator’s Guide V 17.2

The table below shows examples of data before conversion as well as after the ASCII conversion

as the data moves from the POS to the Host.

The order of the fields is arbitrary and the values used below are only provided as an example.

Table 2-4 Binary ASCII Hex Conversion Example

Field Name RED is Before Conversion BLUE is after conversion

UNPREDICTABLE

NUMBER

Tag 9 F 37 Tag 39463337

Length 04 Length 3034

Value 00010203 Value 3030303130323033

ISSUER APPLICATION

DATA

Tag 9 F 10 Tag 39463130

Length 20 Length 3230

Value 00010203040506070809

0A0B0C0D0E0F1011121

31415161718191A1B1C

1D1E1F

Value 303030313032303330343035303

630373038303930413042304330

443045304631303131313231333

134313531363137313831393141

31423143314431453146

APPLICATION

CRYPTOGRAM

Tag 9 F 26 Tag 39463236

Length 08 Length 3038

Value 0001020304050607 Value 303030313032303330343035303

63037

APPLICATION

TRANSACTION

COUNTER

Tag 9 F 36 Tag 39463336

Length 02 Length 3032

Value 0001 Value 30303031

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

Chapter 3: Card Brand Information

3.1 Introduction

This chapter gives an overview of payment cards, embossing information, including Track 1 and

Track 2 layouts.

The maximum length of Track 1 is 79 characters. This length includes the START SENTINEL,

FIELD SEPARATORS, END SENTINEL and LONGITUDINAL REDUNDANCY CHECK (LRC)

fields. The Track 1 overall length will vary by card after the CARDHOLDER NAME field.

The maximum length of Track 2 is 40 characters. This length includes the START SENTINEL,

FIELD SEPARATOR, END SENTINEL, and LONGITUDINAL REDUNDANCY CHECK (LRC)

fields.

Track Data is sent unaltered.

Track data is defined by a number of International Organization for Standardization standards.

ISO/IEC 7810,ISO/IEC 7811, ISO/IEC 7812,ISO/IEC 7813,ISO 8583, and ISO/IEC 4909, now

define the physical properties of the card, including size, flexibility, location of the magstripe,

magnetic characteristics, and data formats. They also provide the standards for financial cards,

including the allocation of card number ranges to different card issuing institutions. The

standards should be referenced for details on track data.

Refer to the specific POS message specifications (Exchange, POS 8583, NTS, Z01, Portico,

SpiDr) to determine cards supported, transactions supported and data requirements.

Note: For chip cards (Service Code 2xx or 6xx) Track 2 is preferred for all card brands.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

Table 3-1 Card Brand References to Track Data

Card Type Track Preference

when Swiped Track Data

American Express Track 1 •3.2.1 American Express Track 1 Format X4.16 Standard, p. 30

•3.2.2 American Express Track 1 Format ISO 7813 Standard,

p. 31

•3.2.3 American Express Track 2 Format X4.16 Standard, p. 33

•3.2.4 American Express Track 2 Format ISO 7813 Standard,

p. 33

AVcard No preference •3.3.1 AVcard Track 1 Format, p. 35

•3.3.2 AVcard Track 2 Format, p. 35

Centego Track 2 •3.4.1 Centego Prepaid Track 1 Format, p. 36

•3.4.2 Centego Prepaid Track 2 Format, p. 37

Diner’s Club (Now

processed as Discover)

No preference •3.6.1 Diner’s Club International Track 1 Format, p. 40

•3.6.2 Diner’s Club International Track 2 Format, p. 41

Discover No preference •3.5.1 Discover Track 1 Format, p. 38

•3.5.2 Discover Track 2 Format, p. 39

Drop Tank No preference •3.7.1 Drop Tank Track 1 Format, p. 42

•3.7.2 Drop Tank Track 2 Format, p. 42

EBT Track 2 only •3.9.1 EBT Track 2 Format, p. 44

Fleet One Track 2 only •3.10.1 Fleet One Track 2 Format, p. 45

FleetCor Track 2 only •3.11.1 FleetCor Track 2 Format, p. 46

Heartland Gift Card Track 2 only •3.8.1 Heartland Gift Card Track 2 Format, p. 43

Mastercard No preference •3.13.1 Mastercard Track 1 Format, p. 48

•3.13.2 Mastercard Track 2 Format, p. 48

Mastercard Corporate No preference •3.13.1 Mastercard Track 1 Format, p. 48

•3.13.2 Mastercard Track 2 Format, p. 48

Mastercard Fleet No preference •3.14.3 Mastercard Fleet Track 1 Format, p. 51

•3.14.4 Mastercard Fleet Track 2 Format, p. 52

Mastercard Purchasing No preference •3.15.2 Mastercard Purchasing Track 1 Format, p. 53

•3.15.3 Mastercard Purchasing Track 2 Format, p. 54

Mills Fleet Farm PLCC No preference •3.15.4 Mills Fleet Farm PLCC Track 1 Format, p. 55

•3.15.5 Mills Fleet Farm PLCC Track 2 Format, p. 56

Multi Service Track 2 only •3.16.1 Multi Service Swiped Track 2 Format, p. 57

PayPal No preference •3.5.1 Discover Track 1 Format, p. 38

•3.5.2 Discover Track 2 Format, p. 39

PIN Debit Track 2 only Issuer dependent.

Stored Value Track 2 •3.18.1 SVS Track 1 Format, p. 58

•3.18.2 SVS Track 2 Format, p. 58

ValueLink Track 2 •3.20.1 ValueLink Track 1 Format, p. 59

•3.20.2 ValueLink Track 2 Format, p. 60

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

Visa Track 2 •3.21.1 Visa Track 1 Format, p. 61

•3.21.2 Visa Track 2 Format, p. 62

Visa Corporate or

Business

No preference •3.21.1 Visa Track 1 Format, p. 61

•3.21.2 Visa Track 2 Format, p. 62

Use Visa Track layouts for Visa Corporate or Business.

Visa Fleet Track 1 •3.24.2 Visa Fleet Track 1 Format, p. 64

•3.24.3 Visa Fleet Track 2 Format, p. 65

Visa Purchasing No preference •3.21.1 Visa Track 1 Format, p. 61

•3.21.2 Visa Track 2 Format, p. 62

Use Visa Track layouts for Visa Purchasing.

Visa ReadyLink Track 2 •3.21.1 Visa Track 1 Format, p. 61

•3.21.2 Visa Track 2 Format, p. 62

Use Visa Track layouts for Visa ReadyLink.

Voyager Fleet No preference •3.25.2 Voyager Fleet Track 1 Format, p. 68

•3.25.3 Voyager Fleet Track 2 Format, p. 69

WEX Fleet Track 2 only •3.26.3 WEX Fleet Track 2 Format, p. 72

Table 3-1 Card Brand References to Track Data (Continued)

Card Type Track Preference

when Swiped Track Data

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.2 American Express

American Express issues cards in either of following track formats.

• ANSI X4.16

• ISO 7813

3.2.1 American Express Track 1 Format X4.16

Standard

Table 3-2 American Express Track 1 Format X4.16 Standard

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3varies 15–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (caret)

CARD MEMBER NAME varies 26 A/N Field identifies the name of the cardholder and

contains a maximum of 26 characters. The

format of the field is last name followed by first

name and initial. Each cardholder name

component is separated as follows:

•/ (forward slash) = Separates the first and

last name.

• (space) = Separates first name from the

middle name or middle initial. Use only

when the cardholder names qualify for

separation.

•. (period) = Separates the first name and

title.

Example: Last Name/First Name Initial

Embossing JOHN P. JONES JR.

Mag Stripe JONES/JOHN P.JR

FIELD SEPARATOR varies 1 A/N ^ (caret)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

The card expires on the last day of the month.

EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes

valid on the first day of the month.

DISCRETIONARY DATA varies 5 N

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

LRC may or may not be present.

UNUSED varies 17 A/N Reserved for future use.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.2.2 American Express Track 1 Format ISO 7813

Standard

Table 3-3 American Express Track 1 Format ISO 7813 Standard

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3varies 15–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (carat)

CARD MEMBER NAME varies 26 A/N Field identifies the name of the cardholder

and contains a maximum of 26 characters.

The format of the field is last name followed

by first name and initial. Each cardholder

name component is separated as follows:

•/ (forward slash) = Separates the first and

last name.

• (space) = Separates first name from the

middle name or middle initial. Use only

when the cardholder names qualify for

separation.

•. (period) = Separates the first name and

title.

Example: Last Name/First Name Initial

Embossing JOHN P. JONES JR.

Mag Stripe JONES/JOHN P.JR

FIELD SEPARATOR varies 1 A/N ^ (carat)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

The card expires on the last day of the month.

INTERCHANGE DESIGNATOR varies 1 N Code indicating whether the American

Express card is valid outside the country of

issue.

• 1 = Available for international interchange

•2 = Chip card

• 5 = Available for interchange only in

country of issue

• 6 = Chip card, available for interchange

only in country of issue

• 7 = Not available for general interchange

• 9 = System test card

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

SERVICE CODE varies 2 N Code indicating whether the American

Express card is valid for ATM/Cash Access or

if a positive authorization is required.

• 01 = No restrictions

• 02 = No ATM service

• 03 = ATM Service only

• 06 = No restrictions; prompt for PIN, if PIN

pad is present

• 10 = No cash advance

• 11 = No cash advance or ATM service

• 20 = Requires positive authorization by

issuer or issuer’s agent

• 21 = Authorization by issuer only

• 22 = Authorization by issuer only; Goods

& Services

• 23 = Authorization by issuer only; ATM

only, PIN required

• 26 = Authorization by issuer only; prompt

for PIN, if PIN pad is present

EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes

valid on the first day of the month.

DISCRETIONARY DATA varies 5 N

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

UNUSED varies 17 A/N Reserved for future use.

Table 3-3 American Express Track 1 Format ISO 7813 Standard (Continued)

Field Name Position Length Format Value/Description

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.2.3 American Express Track 2 Format X4.16

Standard

3.2.4 American Express Track 2 Format ISO 7813

Standard

Table 3-4 American Express Track 2 Format X4.16 Standard

Field Name Position Length Format Value/Description

START SENTINEL 1 1 N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2varies 15–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

The card expires on the last day of the month.

EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes

valid on the first day of the month.

DISCRETIONARY DATA varies 5 N

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

LRC may or may not be present.

UNUSED varies 8 N Reserved for future use.

Table 3-5 American Express Track 2 Format ISO 7813 Standard

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT

NUMBER

2varies 15–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format. The

card expires on the last day of the month.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

INTERCHANGE

DESIGNATOR

varies 1 N Code indicating whether the American Express

card can be used outside the country of issue.

• 1 = Available for international interchange

• 2 = Chip card

• 5 = Available for interchange only in country

of issue

• 6 = Chip card, available for interchange only

in country of issue

• 7 = Not available for general interchange

• 9 = System test card

SERVICE CODE varies 2 N Code indicating whether the American Express

card is valid for ATM/Cash Access or if a

positive authorization is required.

• 01 = No restrictions

• 02 = No ATM service

• 03 = ATM Service only

• 06 = No restrictions; prompt for PIN, if PIN

pad is present

• 10 = No cash advance

• 11 = No cash advance or ATM service

• 20 = Requires positive authorization by

issuer or issuer’s agent

• 21 = Authorization by issuer only

• 22 = Authorization by issuer only; Goods &

Services

• 23 = Authorization by issuer only; ATM only,

PIN required

• 26 = Authorization by issuer only; prompt for

PIN, if PIN pad is present

EFFECTIVE DATE varies 4 N The date in YYMM format. The card becomes

valid on the first day of the month.

DISCRETIONARY DATA varies 8 N

LANGUAGE CODE varies 2 N Code indicating non-Canadian versus Canadian

cardholders and when a Canadian, whether

English or French is the spoken language of the

cardholder.

• 00 = Non-Canadian Card member

• 01 = Canadian Card members (English

Language)

• 02 = Canadian Card members (French

Language)

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 N Created by the encoding equipment.

Table 3-5 American Express Track 2 Format ISO 7813 Standard (Continued)

Field Name Position Length Format Value/Description

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.3 AVcard

The AVcard requires a date check and a MOD-10 check.

3.3.1 AVcard Track 1 Format

3.3.2 AVcard Track 2 Format

Table 3-6 AVcard Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N ^ (caret)

ISO PREFIX 3 6 N 601029

ACCOUNT NUMBER 9 13max N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (caret)

CREDIT CARD NAME varies 26max A/N Customer or company name.

FIELD SEPARATOR varies 1 A/N ^ (caret)

EXPIRATION DATE varies 4 N The date the card expires in YYMM

format.

SERVICE CODE INDICATOR varies 3 N Constant, 701

DISCRETIONARY DATA varies 15 A/N Miscellaneous Cardholder Info.

END SENTINEL varies 1 A/N ? (question mark)

Table 3-7 AVcard Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

ISO PREFIX 2 6 N 601029

ACCOUNT NUMBER 8 13max N AVcard Account Number.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N YYMM

SERVICE CODE

INDICATOR

varies 3 N Constant, 701

DISCRETIONARY DATA varies 15 Miscellaneous Cardholder Info.

END SENTINEL varies 1 A/N ? (question mark)

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.4 Centego Prepaid Card

PAN must pass MOD 10 check-digit test. (MOD 10 check on first 18 digits, 19th digit is the check

digit.)

Cards are embossed with the Account Number.

3.4.1 Centego Prepaid Track 1 Format

Note: Track data must be sent excluding the START SENTINEL, END SENTINEL, and LRC.

Note: The position ranges are valid for a 26-character cardholder name. The cardholder name is

a variable length field delimited by field separators. As a result, position ranges following

the CARDHOLDER field will change with varying CARDHOLDER field lengths.

Table 3-8 Centego Prepaid Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3–21 19 N Cardholder’s PAN.

FIELD SEPARATOR 22 1 A/N ^ (caret)

CARDHOLDER NAME 23–48 26max A/N Contains a maximum of 26 characters.

FIELD SEPARATOR 49 1 A/N ^ (caret)

EXPIRATION DATE 50–53 4 N The date the card expires in YYMM format.

SECURITY DATA 54–63 10 N Card verification value.

MEMBER NUMBER 64–74 11 A/N Club member number.

END SENTINEL 75 1 A/N ? (question mark)

LRC 76 1 A/N Created by the encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.4.2 Centego Prepaid Track 2 Format

Table 3-9 Centego Prepaid Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.

FIELD SEPARATOR 21 1 A/N = (equal sign)

EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.

SECURITY DATA 26–35 10 N Card verification value.

END SENTINEL 36 1 A/N ? (question mark)

LRC 37 1 A/N Created by the encoding equipment.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.5 Discover Card

Discover Network (now known as DFS Services, LLC) allocates Issuer Identification Number

(IIN) ranges to authorized Issuers using the Discover Network.

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number and the Expiration Date.

3.5.1 Discover Track 1 Format

Table 3-10 Discover Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (carat)

CARDHOLDER NAME varies varies A/N Field identifies the name of the cardholder

and contains a maximum of 26 characters.

The format of this field is last name followed

by first name and initial. A / (forward slash)

separates the first and last name.

Example: Last Name/First Name Initial

Embossing John P. Jones III

Mag Stripe Jones III/John P

FIELD SEPARATOR varies 1 A/N ^ (carat)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N Identifies the circumstances under which the

card can be used.

SECURITY CODE varies 13 A/N

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.5.2 Discover Track 2 Format

Table 3-11 Discover Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N Identifies the circumstances under which

the card can be used.

SECURITY CODE varies 13 A/N

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.6 Diner’s Club International Card

The Diner’s Club International card must also be processed as a Discover Card.

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number and the Expiration Date.

3.6.1 Diner’s Club International Track 1 Format

Table 3-12 Diner’s Club International Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3varies 14–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (carat)

CARDHOLDER NAME varies varies A/N Field identifies the name of the cardholder and

contains a maximum of 26 characters. The

format of the field is last name followed by first

name and initial. Each cardholder name

component is separated as follows:

• / (forward slash) = Separates the first and

last name.

• (space) = Separates first name from the

middle name or middle initial. It is also

used to separate a title from the first name

or middle name or initial. Used to separate

a title only when the cardholder names

qualify for separation.

Example: Last Name/First Name Initial

Embossing JOHN P. JONES JR.

Mag Stripe JONES/JOHN P JR

FIELD SEPARATOR varies 1 A/N ^ (carat)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

INTERCHANGE

QUALIFICATION CODE

varies 3 N Code indicating the type of interchange that is

available on the card. Valid codes:

• 101 = Card is valid for unrestricted

international interchange.

• 587 = Card is valid only in territory of

issuance.

EFFECTIVE DATE varies 4 A/N The data in YYMM format.

END SENTINEL varies 1 A/N ? (question mark)

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.6.2 Diner’s Club International Track 2 Format

LRC varies 1 A/N Created by the encoding equipment.

Table 3-13 Diner’s Club International Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2varies 14–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

INTERCHANGE

QUALIFICATION CODE

varies 3 N Code indicating the type of interchange that

is available on the card. Valid codes:

• 101 = Card is valid for unrestricted

international interchange.

• 587 = Card is valid only in territory of

issuance.

EFFECTIVE DATE varies 4 N The data in YYMM format.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

Table 3-12 Diner’s Club International Track 1 Format (Continued)

Field Name Position Length Format Value/Description

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.7 Drop Tank Card

Use DAMM algorithm when processing these cards. Do not use MOD 10 check.

3.7.1 Drop Tank Track 1 Format

3.7.2 Drop Tank Track 2 Format

Table 3-14 Drop Tank Track 1 Format

Field Name Position Length Format Value Description

START SENTINEL 1 1 Hex % (percent sign)

FORMAT CODE 2 1 A/N b

ACCOUNT NUMBER 3–20 18N Cardholder’s PAN (token).

FIELD SEPARATOR 21 1 A/N ^ (caret)

FILLER 22 1 A/N Space

FIELD SEPARATOR 23 1 A/N ^ (caret)

FILLER 24 1 A/N Space

END SENTINEL 25 1 A/N ? (question mark)

LRC 26 1 A/N Created by the encoding equipment.

LRC may or may not be present.

Table 3-15 Drop Tank Track 2 Format

Field Name Position Length Format Value Description

START SENTINEL 1 1 Hex ; (semicolon)

ACCOUNT NUMBER 2–19 18 N Cardholder’s PAN (token).

FIELD SEPARATOR 20 1 A/N = (equal sign)

DATE 21-24 4 N Expiration date in MMYY format.

END SENTINEL 25 1 A/N ? (question mark)

LRC 26 1 A/N Created by the encoding equipment.

LRC may or may not be present.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.8 Heartland Gift Card

PAN must pass a MOD 10 check-digit test. The 19th position is the check-digit for the proceeding

18 digits).

Cards are embossed with the Account Number and the printed Access Code on the back.

3.8.1 Heartland Gift Card Track 2 Format

Table 3-16 Heartland Gift Card Track 2 Format

Field Name Position Length Format Value Description

START SENTINEL 1 1 3B Hex ; (semicolon)

PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.

FIELD SEPARATOR 21 1 A/N = (equal sign)

DATE 22–25 4 N Expiration date in MMYY format.

Default expiration is 9999.

SECURITY DATA 26–38 13 N

END SENTINEL 39 1 A/N ? (question mark)

LRC 40 1 OF Hex Longitudinal Redundancy Check.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.9 EBT Card

The POS application must perform a MOD 10 check.

No Specific ISO – No information in the account number or track data identifies the card as a

Food Stamp or Cash Benefit card. This identification must come from POS prompts.

3.9.1 EBT Track 2 Format

Table 3-17 EBT Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.

FIELD SEPARATOR 21 1 A/N = (equal sign)

EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.

SERVICE CODE 26–28 3 N 120

DISCRETIONARY DATA 29 varies A/N

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.10 Fleet One Card

Cards are embossed with the Account Number, Company Name and Vehicle Name / Customer

Name.

3.10.1 Fleet One Track 2 Format

Table 3-18 Fleet One Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

CARD ISO/ABA PREFIX 2 6 A/N 501486

Refer to the Heartland BIN Guide.

PROMPT CODE 8 2 NValid options are 10–19 and 99.

ACCOUNT NUMBER 10 6 NFleet company number.

CARD NUMBER 16 4 N

CHECK DIGIT 20 1 N0–9

FIELD SEPARATOR 21 1 A/N = (equal sign)

EXPIRATION DATE 22 4 N The date the card expires in YYMM format.

9912 or 4912 indicates “does not expire.”

MEMBER NUMBER 26 1 N 0–9

PIN OFFSET 27 6 N Not used.

END SENTINEL 33 1A/N ? (question mark)

LRC 34 1 A/N Created by the encoding equipment.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.11 FleetCor Card

Cards are embossed with the Account Number, Expiration Date, Company Name and Vehicle

Name/Customer Name.

3.11.1 FleetCor Track 2 Format

Table 3-19 FleetCor Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

CARD ISO/ABA PREFIX 2 6 A/N Refer to the Heartland BIN Guide.

ISSUER IDENTIFIER 8 5 N

CARD NUMBER 13 6 N

FIELD SEPARATOR 19 1A/N = (equal sign)

EXPIRATION DATE 20 4 N The date the card expires in YYMM format.

9912 is a valid value and indicates card does

not expire.

DISCRETIONARY DATA 24 0–13 N Reserved for Future Use.

Value is either 0 or NULL.

END SENTINEL 24–37 1 A/N ? (question mark)

LRC 25–38 1 A/N b

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.12 JCB Card

All JCB cards follow the same track format as Discover. See 3.5 Discover Card, p. 38.

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number and the Expiration Date.

3.12.1 JCB IIN Ranges on Discover Network

The JCB IIN Ranges are effective only for the domestic United States, and to the extent that

other Territories and Protectorates may be included, we will provide you with further information.

All other international markets are out of scope at this time. Additionally, ATM transactions will not

be enabled for the IIN ranges assigned to JCB.

Refer to the Heartland BIN Guide.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.13 Mastercard

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number and the Expiration Date.

3.13.1 Mastercard Track 1 Format

3.13.2 Mastercard Track 2 Format

Table 3-20 Mastercard Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (carat)

CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.

FIELD SEPARATOR varies 1 A/N ^ (carat)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N Identifies the circumstances under which

the card can be used.

DISCRETIONARY DATA varies varies A/N Contains the CVC.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

Table 3-21 Mastercard Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N Identifies the circumstances under which

the card can be used.

DISCRETIONARY DATA varies varies A/N Contains the CVC.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.14 Mastercard Fleet Card Type

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number, Expiration Date and Cardholder Name.

3.14.1 Mastercard Fleet Card Example

Figure 3-1 Mastercard Fleet Card: Driver Assigned Example

Figure 3-2 Mastercard Fleet Card: Vehicle Assigned Example

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.14.2 Account Number Information

The following section describes the method that can be used by a POS application to identify a

Mastercard Fleet Account Number.

Table 3-22 Mastercard Fleet Account Number Information Method

Method Description

Magnetic Track

Identification

The Mastercard Fleet account number is 16 characters in length. Refer to the

Heartland BIN Guide.

The 16th position of the Card's account number is the check digit. It is calculated

on the previous fifteen (15) digits. For example, Mastercard Fleet account:

556701000000000 3; has a check digit of 3.

Embossed Identification The Card's embossed account number is 16 characters in length. The Card's

account number prefix (first four digits of the embossed account number). Refer

to the Heartland BIN Guide.

The 16th position of the Card's embossed account number is the check digit.

The words ‘Fuel Only’ (optional, based on Product Restriction Code

information).

Cardholder's Name.

Expiration Date.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.14.3 Mastercard Fleet Track 1 Format

Note: All Mastercard Fleet cards use the entire allocated length of the track. Therefore, space-fill

any variable length fields as necessary.

Table 3-23 Mastercard Fleet Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (carat)

CARDHOLDER NAME varies 26 A/N Contains a maximum of 26 characters.

FIELD SEPARATOR varies 1 A/N ^ (carat)

EXPIRATION DATE varies 4 N The date the card expires in YYMM

format.

SERVICE CODE varies 3 A/N Identifies the circumstances under which

the card can be used.

DISCRETIONARY DATA varies 22 A/N

PRODUCT RESTRICTION CODE varies 1 N 1 to 2 required.

PRODUCT TYPE CODE varies 1 N 1 to 5 required.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.14.4 Mastercard Fleet Track 2 Format

Table 3-24 Mastercard Fleet Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM

format.

SERVICE CODE varies 3 A/N Identifies the circumstances under which

the card can be used.

DISCRETIONARY DATA varies up to 11 A/N The amount of discretionary data

available in Track 2 for issuers to use is

variable depending on the PAN length for

all card brands and card types unless the

PAN is defined as a fixed length.

PRODUCT RESTRICTION CODE varies 1 N 1 to 2 required.

PRODUCT TYPE CODE varies 1 N 1 to 5 required.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.15 Mastercard Purchasing Card

PAN must pass a MOD 10 check-digit test.

Card are embossed with the Primary Account Number and the Expiration Date.

3.15.1 Mastercard Purchasing Card Example

3.15.2 Mastercard Purchasing Track 1 Format

Table 3-25 Mastercard Purchasing Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3varies 16–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (caret)

CARDHOLDER NAME varies varies A/N Contains a maximum of 26 characters.

FIELD SEPARATOR varies 1 A/N ^ (caret)

EXPIRATION DATE varies 4 N The date the card expires in YYMM

format.

SERVICE CODE varies 3 A/N Identifies the circumstances under which

the card can be used.

DISCRETIONARY DATA varies 22 A/N Optional field.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.15.3 Mastercard Purchasing Track 2 Format

Table 3-26 Mastercard Purchasing Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2varies 16–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 A/N Identifies the circumstances under which the

card can be used.

DISCRETIONARY DATA varies varies A/N Optional field.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.15.4 Mills Fleet Farm PLCC Track 1 Format

Table 3-27 Mills Fleet Farm PLCC Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 "

START SENTINEL 2 1 A/N % (percent sign)

FORMAT CODE 3 1 B

PRIMARY ACCOUNT NUMBER 4 16 N Cardholder’s PAN.

FIELD SEPARATOR 20 1 A/N ¬

CARDHOLDER NAME 21 26 A/N Contains a maximum of 26 characters.

FIELD SEPARATOR 47 1 A/N ¬

EXPIRATION YEAR DATE 48 2 N The year the card expires.

EXPIRATION MONTH DATE 50 2 N The month the card expires.

SERVICE CODE 52 3 A/N Identifies the circumstances under which the

card can be used.

• Mills Dual Card = 201

•PLCC = 701

PIN VERIFICATION 55 1 PIN Indicator (will be 0) Not used

PIN OFFSET 56 4 PIN Offset (will be 0) Not used

CARD VERIFICATION VALUE 60 11 A/N CVV

END SENTINEL 71 1 A/N ? (question mark)

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.15.5 Mills Fleet Farm PLCC Track 2 Format

Table 3-28 Mills Fleet Farm PLCC Track 2 Format

Field Name Position Length Format Value/Description

11 Space

START SENTINEL 2 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 3 16 N Cardholder’s PAN.

FIELD SEPARATOR 19 1 A/N = (equal sign)

EXPIRATION YEAR DATE 20 2 N The year the card expires.

EXPIRATION MONTH DATE 22 2 N The month the card expires.

SERVICE CODE 24 3 A/N Identifies the circumstances under which the

card can be used.

• Mills Dual Card = 201

•PLCC = 701

PIN VERIFICATION 27 1 PIN Indicator (will be 0) Not used

PIN OFFSET 28 4 PIN Offset (will be 0) Not used

CARD VERIFICATION VALUE 32 3 A/N CVV

END SENTINEL 35 1 A/N ? (question mark)

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.16 Multi Service Track Data

3.16.1 Multi Service Swiped Track 2 Format

3.17 PayPal Card

PayPal cards are now part of the Discover Network and follow the same track format as

Discover. See 3.5 Discover Card, p. 38.

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number and the Expiration Date.

Table 3-29 Multi Service Swiped Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

ISO PREFIX 2 6 N Refer to the Heartland BIN Guide.

ACCOUNT NUMBER 8 8 N Cardholder’s PAN.

FIELD SEPARATOR 16 1 A/N = (equal)

CASH FLAG 17 1 N

PO REQUIRED FLAG 18 1 N

TWO DIGIT DAY OF ISSUANCE 19 2 N

FIELD SEPARATOR 21 1 A/N = (equal)

DATE OF ISSUANCE 22 4 N YYMM

SERVICE RESTRICTIONS 26 1 N

FUEL FLAG 27 1 N

OIL FLAG 28 1 N

PLUS AMOUNT ON CARD 29 3 N

TYPE FLAG 32 1 N

FILLER SPACE 33 5

STRIPE VERSION NUMBER 38 1 N

END SENTINEL 39 1 A/N ? (question mark)

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.18 Stored Value Solutions (SVS)

• PAN must pass MOD 10 check-digit test. (MOD 10 check on first 18 digits, 19th digit is the

check digit.)

• Cards are embossed with the Account Number.

3.18.1 SVS Track 1 Format

3.18.2 SVS Track 2 Format

Table 3-30 SVS Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 5–21 19 NCardholder’s PAN.

FIELD SEPARATOR 22 1A/N ^ (caret)

CARDHOLDER NAME 23–48 26max A/N Contains a maximum of 26 characters.

FIELD SEPARATOR 49 1A/N ^ (caret)

EXPIRATION DATE 50–53 4 N The date the card expires in YYMM format.

SERVICE CODE 54–56 3 N 110

CVV DATA 57–59 3A/N Card Verification Value.

END SENTINEL 60 1A/N ? (question mark)

LRC 61 1A/N Created by the encoding equipment.

Table 3-31 SVS Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1–1 1A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2–20 19 NCardholder’s PAN.

FIELD SEPARATOR 21–21 1A/N = (equal sign)

EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.

SERVICE CODE 26–28 3 N 110

CVV DATA 29–36 8 N Card Verification Value.

END SENTINEL 37–37 1A/N ? (question mark)

LRC 38–38 1A/N Created by encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.19 UnionPay Card

All UnionPay issued cards follow the same track format as Discover. See 3.5 Discover Card, p.

38.

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number and the Expiration Date.

3.20 ValueLink Card

PAN must pass MOD 10 check digit test. (MOD 10 check on first 18 digits, 19th digit is the check

digit.)

Card are embossed with the Account Number. CLGC cards (Closed Loop Gift Cards) are

embossed with 16 digits.

3.20.1 ValueLink Track 1 Format

Table 3-32 ValueLink Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (caret)

CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.

SEPARATOR varies 1 A/N ^ (caret)

CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N

PVKI 1 N PIN Verification Key Index.

PVV 4 N PIN Verification Value.

DISCRETIONARY DATA varies varies A/N

VISA RESERVED varies 11 A/N

END SENTINEL varies 1 A/N

LRC varies 1 A/N Longitudinal Redundancy Check.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.20.2 ValueLink Track 2 Format

Table 3-33 ValueLink Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N

PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N Usually = (equal)

CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N

PVKI 1 N PIN Verification Key Index.

PVV 4 N PIN Verification Value.

DISCRETIONARY DATA varies 8 A/N

END SENTINEL varies 1 A/N

LRC varies 1 A/N Longitudinal Redundancy Check.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.21 Visa Card

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number and the Expiration Date.

3.21.1 Visa Track 1 Format

Table 3-34 Visa Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3varies 13–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (carat)

CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.

FIELD SEPARATOR varies 1 A/N ^ (carat)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N Identifies the circumstances under which the

card can be used.

PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two

components.

PVKI 1 PIN Verification Key Index.

PVV 4 PIN Verification Value.

DISCRETIONARY DATA varies varies A/N

VISA RESERVED varies 111

1. The length is always the last 11 positions of Track 1, excluding the END SENTINEL and LONGITUDINAL REDUNDANCY

CHECK.

A/N PIN Verification. All 11 positions are required.

Filler 1–2 Zero-fill

CVV 3–5 Card Verification Value.

Filler 6–7 Zero-fill

ACI 8 Authorization Control Indicator.

Filler 9–11 Zero-fill

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.21.2 Visa Track 2 Format

3.22 Visa Corporate or Business

For Track 1, see Table 3-34 Visa Track 1 Format, p. 61.

For Track 2, see Table 3-35 Visa Track 2 Format, p. 62.

3.23 Visa Purchasing

For Track 1, see Table 3-34 Visa Track 1 Format, p. 61.

For Track 2, see Table 3-35 Visa Track 2 Format, p. 62.

Table 3-35 Visa Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2varies 13–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N Identifies the circumstances under which

the card can be used.

PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two

components.

PVKI 1 N PIN Verification Key Index (PVKI).

PVV 4 N PIN Verification Value (PVV).

DISCRETIONARY DATA varies varies A/N Contains the Card Verification Value.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.24 Visa Fleet Card Type

PAN must pass a MOD 10 check-digit test.

Cards are embossed with the Primary Account Number, Expiration Date, Company Name or

generic Cardholder ID.

3.24.1 Visa Fleet Card Example

Figure 3-3 Visa Fleet Card: Driver Assigned Example

Figure 3-4 Visa Fleet Card: Vehicle Assigned Example

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.24.2 Visa Fleet Track 1 Format

Table 3-36 Visa Fleet Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N B

PRIMARY ACCOUNT NUMBER 3–20 13–19 N Cardholder’s PAN.

FIELD SEPARATOR varies 1 A/N ^ (caret)

CARDHOLDER NAME varies 2–26 A/N Contains a maximum of 26 characters.

SEPARATOR varies 1 A/N ^ (caret)

CARD EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N Identifies the circumstances under which

the card can be used.

PIN VERIFICATION varies 0 or 5 N If used, this field is composed of two

components.

PVKI 1 N PIN Verification Key Index.

PVV 4 N PIN Verification Value.

DISCRETIONARY DATA varies varies A/N

VISA RESERVED varies 11 A/N

FILLER 2 A/N Zero-filled.

CVV 3 A/N Card Verification Value.

FILLER 2 A/N Zero-filled.

AUTHORIZATION

CONTROL INDICATOR

(ACI)

1 A/N Zero or A to Z required.

RESERVED 1 A/N 0 (zero)

SERVICE ENHANCEMENT

INDICATOR

1A/N

• 0 = Fleet, No restriction (fuel,

maintenance and non-fuel purchases)

• 1 = Fleet (fuel and maintenance

purchases only)

• 2 = Fleet (fuel only)

• 3–9 = Reserved

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.24.3 Visa Fleet Track 2 Format

SERVICE PROMPT 1 A/N • 0 = Reserved (no prompt)

• 1 = Generic Identification Number and

ODOMETER1

• 2 = VEHICLE ID and ODOMETER

• 3 = DRIVER ID and ODOMETER

• 4 = ODOMETER

• 5 = No Prompt

• 6 = Generic Identification Number2

• 7–9 = Reserved (no prompt)

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by the encoding equipment.

1. SERVICE PROMPT 1: After prompt for an ID, cardholder enters 6-digit VEHICLE ID, DRIVER ID, or a generic identification

number followed by Odometer.

2. SERVICE PROMPT 6: After prompt for an ID, cardholder enters 6-digit VEHICLE ID, DRIVER ID, or generic identification number.

Table 3-37 Visa Fleet Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2varies 13–19 N Cardholder’s PAN.

SEPARATOR varies 1 A/N = (equal sign)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

SERVICE CODE varies 3 N Identifies the circumstances under which the

card can be used.

PIN VERIFICATION 26

varies

if used

0 or 5 N If used, this field is composed of two

components.

PVKI 1 N PIN Verification Key Index.

PVV 4 N PIN Verification Value.

DISCRETIONARY DATA varies varies N

CARD VERIFICATION

VALUE (CVV)

3 N Identifies the Card Verification Value.

ISSUER INFORMATION varies N The length of this field depends on the

length of PIN Verification and must occupy

the third last position of the field. Visa Fleet

cards are required to use the last three

positions of this field to provide instructions

for customized prompts. Refer to the

Heartland BIN Guide.

Table 3-36 Visa Fleet Track 1 Format (Continued)

Field Name Position Length Format Value/Description

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

FLEET SERVICES 2 N The third to last position from the END

SENTINEL, valid value is zero.

Service Enhancement Indicator. The value

entered in this field must occupy the second

last position of the field.

• 0 = Fleet, No restriction (fuel,

maintenance and non-fuel purchases)

• 1 = Fleet (fuel and maintenance

purchases only)

• 2 = Fleet (fuel only)

Note: The position of this field varies

depending on the length of PIN

Verification.

1 N Indicate the SERVICE PROMPT.

• 0 = Reserved (no prompt)

• 1 = Generic Identification Number and

ODOMETER1

• 2 = VEHICLE ID and ODOMETER

• 3 = DRIVER ID and ODOMETER

• 4 = ODOMETER

• 5 = No Prompt

• 6 = Generic Identification Number2

• 7–9 = Reserved (no prompt)

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Value of 0 (zero) to F.

1. SERVICE PROMPT 1: After prompt for an ID, cardholder enters six-digit VEHICLE ID, DRIVER ID, or a generic identification

number followed by Odometer.

2. SERVICE PROMPT 6: After prompt for an ID, cardholder enters six-digit VEHICLE ID, DRIVER ID, or generic identification

number.

Table 3-37 Visa Fleet Track 2 Format (Continued)

Field Name Position Length Format Value/Description

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.25 Voyager Fleet Card

PAN must pass two MOD 10 check-digit tests. The 13th position is the check-digit for the

previous eight digits. The 19th position is the check-digit for the previous 18 digits.

Cards are embossed with the Account Number, ID Number, Restriction Code and Expiration

Date.

3.25.1 Voyager Account Number Information

The following sections describe the method that can be used by a POS application to identify a

Voyager Account Number.

Table 3-38 Voyager Fleet Account Number Information Method

Method Description

Magnetic Track

Identification

The Voyager account number is nineteen characters in length.

The Voyager ISO is 7088.

The Card's account number prefix (the first two digits following the ISO) begins with 85, 86,

88 or 89.

The thirteenth position of the Card's account number is the first check digit. It is

calculated on the previous eight digits.

Example: Voyager account: 0004 00001 6 will have their first check digit calculated on the

85999 000. In this case the check digit is 4.

The nineteenth position of the Card's account number is a second check digit. It is

calculated on the previous eighteen digits.

Example: Voyager account: 0004 00001 6 will have the second check digit calculated on the

7088 85999 0004 00001. In this case the check digit is 6.

Embossed

Identification

The Card's embossed account number is fifteen characters in length.

The Card's account number prefix (first two positions of the embossed account number)

begins with 85, 86, 88 or 89.

The ninth position of the Card's embossed account number is the first of two check

digits. It is calculated on the previous eight digits.

Example: Voyager account number: 85999 0004 00001 6 will have the first check digit

calculated on the 85999 000. In this case the check digit is 4.

The fifteenth position of the Card's embossed account number is the second check

digit. It is calculated on the previous 14 digits plus an ISO of 7088 is added before the

account number. The ISO is not embossed on the credit card.

Example: Voyager embossed account number of: 85999 0004 00001 6 will have the check

digit calculated on the 7088 85999 0004 00001. In this case the check digit is 6.

Identification Number (optional, based on Product Restriction Code information).

• Cardholder's Name.

• Production Restriction Code (also located on magnetic strip).

• Expiration Date.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.25.2 Voyager Fleet Track 1 Format

Table 3-39 Voyager Fleet Track 1 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N % (percent sign)

FORMAT CODE 2 1 A/N 0 (zero)

PRIMARY ACCOUNT NUMBER 3–21 19 N Cardholder’s PAN.

FIELD SEPARATOR 22 1 A/N ^ (carat)

CARDHOLDER NAME 23–47 varies A/N Contains a maximum of 25 characters.

FIELD SEPARATOR varies 1 A/N ^ (carat)

EXPIRATION DATE varies 4 N The date the card expires in YYMM format.

RESTRICTION CODE varies 2 N Code indicating the type of prompts that

display for a customer transaction.

• 00 = Do not prompt for ID Number or

odometer. All items allowed.

• 01 = Do not prompt for ID Number or

odometer. Fuel only.

• 10 = Prompt for ID Number. All items

allowed.

• 11 = Prompt for ID Number. Fuel only.

• 20 = Prompt for odometer. All items

allowed.

• 21 = Prompt for odometer. Fuel only.

• 30 = Prompt for ID Number and odometer.

All items allowed.

• 31 = Prompt for ID Number and odometer.

Fuel only.

DISCRETIONARY DATA varies 13 N Contains a valid numeric value or be

zero-filled.

END SENTINEL varies 1 A/N ? (question mark)

LRC varies 1 A/N Created by encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.25.3 Voyager Fleet Track 2 Format

Table 3-40 Voyager Fleet Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 A/N ; (semicolon)

PRIMARY ACCOUNT NUMBER 2–20 19 N Cardholder’s PAN.

FIELD SEPARATOR 21 1 A/N = (equal sign)

EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.

RESTRICTION CODE 26–27 2 N Code indicating the type of prompts that

display for a customer transaction.

• 00 = Do not prompt for ID Number or

odometer. All items allowed.

• 01 = Do not prompt for ID Number or

odometer. Fuel only.

• 10 = Prompt for ID Number. All items

allowed.

• 11 = Prompt for ID Number. Fuel only.

• 20 = Prompt for odometer. All items

allowed.

• 21 = Prompt for odometer. Fuel only.

• 30 = Prompt for ID Number and

odometer. All items allowed.

• 31 = Prompt for ID Number and

odometer. Fuel only.

DISCRETIONARY DATA 28–38 11 N Will contain a valid numeric value or be

zero-filled.

END SENTINEL 39 1 A/N ? (question mark)

LRC 40 1 A/N Created by encoding equipment.

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.26 WEX Fleet Card

Account Number is seven positions in length where the first six digits must pass MOD 10

check-digit test. The seventh digit is the check-digit.

Cards are embossed with the Account Number, ISO Number, Purchase Device Sequence

Number, Expiration Date, Cardholder Name, Description and Restriction.

3.26.1 WEX Fleet Card Example

Figure 3-5 WEX Fleet Card Example

3.26.2 WEX GSA Fleet Cards

The following WEX GSA cards are to be treated just like any other WEX Fleet card.

• WEX Universal cards and WEX GSA cards have the same Track 2 layout.

• The card front for WEX Universal cards and WEX GSA cards differs, as the placement of

the six-digit ISO of 690046, the 13-digit Account Number, and five-digit value for the

Purchase Device Sequence Number varies by card type.

• WEX Universal cards display the 690046 ISO below the 13-digit Account Number, and

label the five-digits Purchase Device Sequence Number as the PURCH. DEV. SEQ. NO.

• WEX GSA Fleet cards display the 690046 ISO above the 13-digit Account Number and

place the five-digit Purchase Device Sequence Number after the 13-digit Account Number,

with no distinct label.

• WEX Dept of Defense cards and Dept of Energy cards display the 690046 ISO above the

13-digit Account Number and label the five-digit Purchase Device Sequence Number as

CARD NO.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

Figure 3-8 WEX Dept. of Energy Fleet

Figure 3-6 WEX GSA Fleet Figure 3-7 WEX Dept. of Defense Fleet



For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

3.26.3 WEX Fleet Track 2 Format

Table 3-41 WEX Fleet Track 2 Format

Field Name Position Length Format Value/Description

START SENTINEL 1 1 A/N ; (semicolon)

ISO PREFIX 2 6 N Refer to the Heartland BIN Guide.

PRIMARY ACCOUNT NUMBER 3–20 19 N Cardholder’s PAN.

FIELD SEPERATOR 21 1 A/N = (equal sign)

EXPIRATION DATE 22–25 4 N The date the card expires in YYMM format.

PROMPT TABLE KEY 26 1 N Values are 0, 1, 2, 3, 4 or 5.

PURCHASE RESTRICTION 27–28 2 N • 00 = Fuel Only

• 01 = Unrestricted

• 02 = Fuel and Auto (Includes Car Wash)

•04

= Fuel and Oil

Note: Product restriction or validation is

only performed by the POS when

processing in offline mode. Product

restriction or validation is never

performed by the Host.

PURCHASE DEVICE

SEQUENCE NUMBER

29–33 5 N Distinct from the prompt Vehicle ID.

CAV1 34–37 4 N Card Authentication Value.

POS PROMPTS 38 1 N Refer to the Heartland POS Integrator’s

Guide for WEX Fleet Prompting Values.

END SENTINEL 39 1 A/N ? (question mark)

LRC 40 1 A/N Created by encoding equipment.

For Internal Use Only

HPS Integrator’s Guide V 17.2 3: Card Brand Information

3.26.4 WEX MOD 10 Calculation

WEX defines their Fleet number as:

• ISO – six numeric

• Client Id – four numeric

• Zeros – two numeric

• Account Number – six numeric

• Check Digit – one numeric

To calculate the Check Digit, follow these steps:

• Examine the six-digit Account Number, one digit at a time

• Result 1 = Multiply digit 1 by 1

• Result 2 = Multiply digit 2 by 2

• Result 3 = Multiply digit 3 by 1

• Result 4 = Multiply digit 4 by 2

• Result 5 = Multiply digit 5 by 1

• Result 6 = Multiply digit 6 by 2

If any of these Results (1 through 6) are > 9, then subtract 9 from that Result

The sum of all Results (1 through 6) = the Dividend

Divide the Dividend by 10 resulting in a Quotient and a Remainder

The Remainder = the MOD10-Value

If the MOD10-Value is not equal to 0, compute MOD10-Value = 10 minus MOD10-Value

Move MOD10-Value to Check Digit

For Internal Use Only

3: Card Brand Information HPS Integrator’s Guide V 17.2

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

Chapter 4: E3 Processing Overview

4.1 Introduction

Heartland Secure™ is a comprehensive credit/debit card data security solution that combines

three powerful technologies working in tandem to provide merchants with the highest level of

protection available against card-present data fraud.

Offered to Heartland customers for no additional processing fees as part of Heartland's

comprehensive solutions, Heartland Secure combines:

• EMV electronic chip card technology to prove that a consumer's card is genuine.

• Heartland's E3® end-to-end encryption technology, which immediately encrypts card data

as it is acquired so that no one else can read it.

• Tokenization technology, which replaces card data with “tokens” that can be used for

returns and repeat purchases, but are unusable by outsiders because they have no value.

This guide focuses on Heartland's E3 end-to-end encryption solution and contains integration

information for POS systems. It serves as a companion to Heartland's host network

specifications and the E3 device programmer's manuals. These documents should be referred to

for more detailed information.

4.2 The E3® Solution

E3, an end-to-end encryption product by Heartland, is designed to protect credit and debit card

data from the moment of card swipe and through the Heartland network — not just at certain

points of the transaction flow.

E3 is based on Voltage Security's SecureData Payments product which provides a complete

payment transaction protection framework, built on two breakthrough technologies

encompassing encryption and key management: Voltage Format-Preserving Encryption (FPE)

and Voltage Identity-Based Encryption (IBE).

With Voltage Format-Preserving Encryption (FPE), credit card numbers and other sensitive data

are protected without the need to change the data format or structure. In addition, data properties

are maintained, such as a checksum, and portions of the data can remain in the clear.

With Voltage Identity-Based Encryption (IBE), the complexity of key management through

traditional Public Key Infrastructure (PKI) systems and symmetric key systems is eliminated —

because encryption keys are securely generated on demand and not stored, POS devices are

not subject to key injection and key rotation.

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

4.3 Encryption Data

4.3.1 Encrypted Track and PAN Data

Depending on the configuration of your E3-capable card acceptance device, the E3 encrypted

Track and PAN data will be formatted using one of two Track Encryption Protocol (TEP)

algorithms, TEP1 or TEP2. TEP1 is whole track encryption, while TEP2 is structure preserving

encryption.

Example: The following data was produced by an E3-capable device using Heartland's Visa test

card:

For TEP2, the following is guaranteed:

• The leading six digits of the original PAN are maintained in the clear.

• The trailing four digits of the original PAN are maintained in the clear.

• The middle digits are used for the ciphertext value, which is guaranteed to consist solely of

digits.

• The Luhn check value is preserved so that a PAN with a valid zero (0) result, creates

ciphertext that also checks as valid.

For TEP1, the device will provide a separate masked or obfuscated representation of the track

data for processing that requires the first six or last four digits of the PAN, cardholder name,

expiration date, Luhn check results, etc.

Table 4-1 PAN Encryption

Cleartext 4012002000060016

TEP2 4012002650330016

TEP1 +++++++BWmfv/HUA

Table 4-2 Track 1 Encryption

Cleartext %B4012002000060016^VI TEST CREDIT^251210118039000000000396?

TEP2 B4012007060016^VI TEST CREDIT^2512101XlwD91O5qOg+7Ftv+nLu

TEP1 3FLr83Ed5tiHN3r2CpT3kIndkhtiHRt3mtKQsozJ2rFQM8GE0ha2X7K6t

Table 4-3 Track 2 Encryption

Cleartext ;4012002000060016=25121011803939600000?

TEP2 4012007060016=2512101e3vdC5QhAEZa7UAN

TEP1 AsbjXkDWaRqLV0o5U33jffZqiPg

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

4.3.2 Encrypted Card Security Code

The Card Security Code (CSC) printed on the back of the card, referred to as CAV2, CVC2,

CVV2, or CID depending on the card brand, can be optionally encrypted.

The value to be encrypted is constructed as follows:

• Length [1 digit]

• Random Filler [x digits]

• CSC [3 or 4 digits]

Note: The total length of the encrypted CSC will always be seven digits. Typically, the device will

randomly generate 2 or 3 digits of filler to ensure the CSC is seven digits.

4.3.3 Encryption Transmission Block

The Encryption Transmission Block (ETB), sometimes referred to as a Key Transmission Block

(KTB), contains the IBE encrypted version of the device's randomly generated FPE key that was

used to encrypt the card data. The ETB must be sent in the authorization requests so that the

host can decrypt the card data.

Heartland's ETB must be Base64 encoded, and for TEP1 and TEP2 it must be 276 bytes.

Example:

Table 4-4 Encrypted CSC Steps

Step Example Data

1. Obtain the CSC value (either 3 or 4 digits) 572

2. Generate a random 3-digit number 413

3. Construct the value to be encrypted 3413572

4. Encrypt the value 9037662

/wECAQEEAoFGAgEH3gcOTDT6jRZwb3NAc2VjdXJlZXhjaGFuZ2UubmV0tmpl5zBEIeyea

DRWB0IlbnWdMjK32V4QIJRoRIpu1Fm9w8fdoJt1gLt2jkkliD+0kvFOrhspWh4dsDYvSH

GgdgetU3pfAx+iBS38Wq2KvTOOlueGvXcGe0y4G/DFVgT7zBHm1YS7cseYLEtADtoSnhB

UjasCciO5ul9GhesvQo8Ah7NM8geDZdKN0QZZiLH8cmYhgHp8kamxSciDJHARUO9tFb+h

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

4.4 E3 Specific Requirements

4.4.1 Heartland Exchange

This section addresses specific requirements for E3 terminals using the Heartland Exchange

Message Specification. All card types may be sent using E3 encryption.

4.4.1.1 Unique Transaction ID (UID)

Heartland's Unique Transaction ID (UID) is a software solution that eliminates the need for a

POS application to store the account number or track data for subsequent processing such as

Voids/Incrementals, and Batch Settlement. The UID is returned by the Heartland Exchange Host

in the Authorization response messages. This application is not available on other Heartland

Host platforms.

•Voids/Incrementals: The Account Data Source field will be 'Z' or 'z' to indicate that the UID

is being used instead of track or Primary Account Number (PAN) data. The Customer Data

field will contain the UID which is the Retrieval Reference Number (RRN) from the

Authorization.

•Batch Settlement: The Primary Account Number field in the Batch Settlement Detail

Record will be filled with all spaces to indicate that the UID is being used instead of PAN

data. The Transaction Identifier field in the Batch Settlement Detail Record is the

Transaction Identifier from the Authorization and it contains the UID.

4.4.1.2 Merchant ID Number (MID)

Merchant ID Number is a 12 character field that contains a unique number assigned by

Heartland. If your E3 implementation encrypts the MID, then the E3 sub-encryption indicator in

the Key Block Data field must indicate the MID is encrypted (01 or 02 as appropriate).

4.4.1.3 Account Data Source

The Account Data Source field is used to indicate the source and format of the data contained in

the Customer Data field. Refer to the Exchange Host Specification for a complete list of Account

Data Source codes.

4.4.1.4 Customer Data

The Customer Data field contains the Key Block data and either the Cardholder Account data or

the Unique Transaction ID. The Cardholder Account data may be either the encrypted Track 1,

encrypted Track 2, or encrypted primary account number. The unique transaction ID is never

encrypted. Refer to the Exchange Host Specification for the Customer Data format.

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

4.4.1.5 Retrieval Reference Number (RRN)

The Retrieval Reference Number field contains a value that uniquely identifies a transaction. The

Retrieval Reference Number is sent in an authorization response. The POS then uses the RRN

in voids and incrementals to identify the original transaction.

4.4.1.6 Transaction Identifier

The Transaction Identifier field contains the UID. The Transaction Identifier is sent in an

authorization response.

4.4.1.7 Authorization Example

The following examples shows highlighted fields that are used in the POS message to Heartland

messaging:

• Encrypted Track 1 Data

• Encrypted Track 2 Data

• KTB (Key Transmission Block)

• PAN (Primary Account Number)

Table 4-5 Authorization Examples

Request Response

For Encrypted Card Swipes:

The following request fields require specific handling:

•MID (Merchant ID Number) – This field will be either the unencrypted,

cleartext MID or the encrypted MID if supported.

•Account Data Source – This field will indicate that either encrypted Track

1 or Track 2 data is being sent:

– “h” = Encrypted Track 1

– “d” = Encrypted Track 2

•Customer Data – This field will be <Key Block Data><FS><Encrypted

Track 1 or Track 2 Data>, where <Key Block Data> is “v” (Voltage

encryption)+ “01”, “02”, or “03” as appropriate + KTB.

Example: v03/wECAQECAoFGAgEH2ggJTHLeIBZwb3NAc2

VjdXJlZXhjaGFuZ2UubmV0aFLxu2XTNLs6jIk3Bakt

bFZrdJ26dX85BjkkngQnmk+3tOhXRVILvASHnfmao0y

l5z7KNBx6Na7ekL+hryGQ3oPOcOVkEzei83Clsc

9QSfQJWB9ysAynGc6btccnrfjwyJn70KJ1cqQrw

623ASSWm57Hov2fMtWmPpYpQRr54oAoXZY

jUajd0sRXCn5XeD5BhpE/Wzd4Ayn+342BGUL

0N7hWKm<FS>V2uvVFzWkBTNzcX7vcrWTi4

jV9AtG2bLYJkCOi+OA2aY2OiRmw/0ZSQcH

The following response fields

require specific handling:

• RRN (Retrieval Reference

Number) – This field will be

used as the UID (Unique

Transaction ID) for

subsequent messages such

as voids.

• Transaction Identifier – This

field will be used as the UID in

the batch settlement detail

record.

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

Note:

• Refer to section Authorization Chapter in the Heartland Exchange specification for all other

fields.

• UIDs are used to retrieve a transaction’s account data for Voids, Incrementals, and Batch

Settlement. This eliminates the need to store or send encrypted or unencrypted track, PAN,

or KTB data once authorization has occurred.

• For refunds/returns, Purchase Return (Transaction Code CR) must be utilized so that the

returned UID can be used for settlement.

• For voice authorizations, Online Forced Purchase (Transaction Code 5S) must be utilized

so that the returned UID can be used for settlement.

For Encrypted Manual Entry from E3 PIN Pad:

The following request fields require specific handling:

• Merchant ID Number – This field will be the unencrypted, cleartext MID.

• Account Data Source – This field will indicate that an encrypted PAN is

being sent:

– n “x” = Encrypted, manually keyed PAN, Track 1 capable

– n “t” = Encrypted, manually keyed PAN, Track 2 capable

• Customer Data – This field will be <Key Block Data><FS><Encrypted

Primary Acct Num><FS><Exp Date><FS>, where <Key Block Data> is “v”

(Voltage encryption) + “03” (sub-encryption indicator that only PAN is

encrypted, not MID) + KTB from the E3 PIN Pad.

Example: v03/wECAQECAoFGAgEH2ggJTHLeIBZwb3NAc

2VjdXJlZXhjaGFuZ 2UubmV0aFLxu2XTNLs6jIk3Ba

ktbFZrdJ26dX85BjkkngQnm

k+3 tOhXRVILvASHnfmao0yl5z7

KNBx6Na7ekL+hryGQ3oPOcOVkE

zei83Clsc9QSf QJWB9ysAynGc6btccnfrfjwyJn70KJ1

cqQrw623ASSWm57Hov2fMtWmPpYpQRr

54oAoXZYjUajd0sRXCOn5XeD5BhpE/Wzd4Ayn+3

42BGUL0N7hWKm<FS>+++++++X8zr5YaCZ<FS>1012

Table 4-5 Authorization Examples (Continued)

Request Response

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

4.4.1.8 Void/Incremental Example

A Void is required to cancel a previously authorized transaction. Online Auth Void (Transaction

Code 59), PIN Debit: Purchase Void (Transaction Code A3), or PIN Debit: Purchase Return Void

(Transaction Code A4) should be used depending on the type of the original authorization.

An Incremental Authorization is required in certain industries such as Hotel/Lodging when the

final amount due is more than 15% higher than the originally authorized amount.

For Voids/Incremental Requests the fields below require specific handling:

• Merchant ID Number – This field will be the unencrypted, cleartext MID.

• Account Data Source – This field will indicate that the UID is being sent instead of track or

PAN data:

– “z” = Original authorization request contained encrypted track or PAN data.

• Customer Data – This field will be <Key Block Data><FS><UID>, where <Key Block Data>

is just “v03” – the KTB is not required in this case since no encrypted data is being sent,

and <UID> is the RRN from the original authorization response.

Note: Refer to the Heartland Exchange Specification for all other fields.

Void/Incremental Responses – No specific fields in the Exchange Host response require specific

handling.

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

4.4.2 Settlements

Batch transactions consist of a number of record types and require both request and responses.

4.4.2.1 Header Record Field Requirements

• Merchant ID Number – This field will be the unencrypted, cleartext MID.

• Key Block – This field will be just “v03” – the KTB is not required in this case since no

encrypted data is being sent.

4.4.2.2 Detail Record Fields Requirements

• Account Data Source – This field will be the same value as was used in the original

authorization request.

• Primary Account Number – This field will be filled with 22 spaces to indicate that the UID

will be used.

• Transaction Identifier – This field will be the Transaction Identifier from the original

authorization response (it contains the UID).

4.4.2.3 Settlement Notes

UIDs must be used for settlement, all other record fields in both the request and responses follow

those defined in the Exchange Host Specifications.

Note: The only alternative supported on Exchange for settling E3 encrypted transactions is to

send the encrypted PANs in the detail records, but that option requires that all transactions

in the batch share the same KTB.

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

4.4.3 POS 8583

This section addresses specific requirements for E3 terminals using the POS 8583 message

specification. All card types may be sent using E3 encryption. All transactions utilizing E3

processing will include E3 data in DE 127: Forwarding Data.

These transactions require the following:

• E3 data must always appear in DE 127: Forwarding Data (using an Entry Tag value of

E3E.)

Note: Then encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted

track data and/or encrypted PAN are placed in their normal position in the authorization

message.

• An account number must be more than 13 characters, the encrypted account number data

cannot exceed 19 characters.

• Encrypted Track 1 data will not exceed 79 bytes.

• Encrypted Track 2 data will not exceed 40 bytes.

Response codes specific to E3 transactions are:

• DE 39 = 952 (Failure for E3 terminals only – encryption error)

• DE 39 = 953 (Failure for E3 terminals only – too many queued / no connection)

Table 4-6 POS 8583 Data Fields

Field Name Length Value/Description

RECORD ID 2 E3

RECORD TYPE 3 001

KEY BLOCK DATA TYPE 1 v = Voltage

ENCRYPTED FIELD

MATRIX

2• 03 = CustomerData

• 04 = CustomerData, Card Security Code

TEP TYPE 1 • 1 = TEP 1

• 2 = TEP 2

RESERVED 18 Blank-fill

CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:

• 1 = Length of actual CVV data

•2

–7 = CVV data, right-justified, random fill, numeric

only

RESERVED 45 Blank-fill

ETB LLL 3 Length of ETB Block.

ETB BLOCK Varies ETB cannot exceed 276 bytes.

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

4.4.4 NTS

This section addresses specific requirements for E3 terminals processing on the NTS network

platform. All card types may be sent via E3 encryption. All transactions using E3 processing

append additional data items at the end of the record, which signals to the host that the

transaction is E3 encrypted.

These transactions require the following:

• E3 data must always appear at the end of a transaction. The POS terminal will append a

0x1D at the end of the transaction followed by the E3 data. Refer to Table 4-7 NTS Data

Fields, p. 85.

Note: Then encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted

track data and/or encrypted PAN are placed in their normal position in the authorization

message.

• POS must send spaces in the CVN field. This encrypted CVN value will be in the E3 Data

Block.

• An account number must not be less than 13 characters and the encrypted account

number data will not exceed 19 characters.

• Encrypted Track 1 data will not exceed 79 bytes.

• Encrypted Track 2 data will not exceed 40 bytes.

Response codes specific to E3 transactions are:

• 52 (Failure for E3 terminals only – encryption error)

• 53 (Failure for E3 terminals only – too many queued / no connection)

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

Table below shows the data items that must be appended to the end of an E3 transaction.

Table 4-7 NTS Data Fields

Field Name Length Value/Description

FIELD SEPARATOR 1 0x1D

Indicator for E3 transaction (Hex: Constant ASCII).

Must be appended at end of E3 transaction.

RECORD ID 2 E3

RECORD TYPE 3 001

KEY BLOCK DATA TYPE 1 v = Voltage

ENCRYPTED FIELD

MATRIX

2• 03 = Customer Data

• 04 = Customer Data, Card Security Code

TEP TYPE 1 •1 = TEP 1

•2 = TEP 2

RESERVED 18 Blank-fill

CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:

• 1 = Length of actual CVV data

• 2–7 = CVV data, right-justified, random fill numeric only

RESERVED 45 Blank-fill

ETB LLL 3 Length of ETB Block.

EBT BLOCK Varies ETB should not exceed 276 bytes.

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

4.4.5 Z01

This section addresses specific requirements for E3 terminals processing on the Z01 network

platform. All card types may be sent via E3 encryption. All transactions using E3 processing will

append additional data items at the end of the record, which will signal to the Host that the

transaction is E3 encrypted.

These transactions require the following:

• E3 data must always appear at the end of a transaction. The POS terminal will append a

0x1D at the end of the transaction followed by the E3 data as specified in Table 4-8 Z01

Data Fields, p. 87.

Note: The encrypted CVV and ETB are attached to the E3 Data Block, while the encrypted track

data and/or encrypted PAN are placed in their normal position in the authorization

message.

• POS must send spaces in AVS RESULT AND CID RESULT. The encrypted values are in

the E3 Data Block.

• An account number must not be less than 13 characters and the encrypted account

number data will not exceed 19 characters.

• Encrypted Track 1 data will not include the field separator 0x1C.

• Encrypted Track 2 data will not exceed 37 bytes.

Response codes specific to E3 transactions are:

• URC = EG, SRC = 8 (Failure for E3 terminals only – encryption error)

• URC = EH, SRC = 8 (Failure for E3 terminals only – too many queued / no connection)

Note: E3 transactions are not supported for TDC batch uploads.

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

Table 4-8 Z01 Data Fields

Field Name Length Value/Description

FIELD SEPARATOR 1 0x1D.

Indicator for E3 transaction (Hex: Constant ASCII).

Must be appended at end of E3 transaction.

RECORD ID 2 E3

RECORD TYPE 3 001

KEY BLOCK DATA TYPE 1 v = Voltage

ENCRYPTED FIELD

MATRIX

2• 03 = Customer Data

• 04 = Customer Data, Card Security Code

TEP TYPE 1 •1 = TEP 1

•2 = TEP 2

RESERVED 18 Blank-fill

CARD SECURITY CODE 7 Encrypted CVV data. Unencrypted bytes defined as:

• 1 = Length of actual CVV data

• 2–7 = CVV data, right-justified, random fill, numeric only

RESERVED 45 Blank-fill

ETB LLL 3 Length of ETB Block.

EBT BLOCK Varies ETB should not exceed 276 bytes.

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

4.5 E3 Hardware Devices

The following section describes two hardware devices that use E3 encryption technology that

integrates with Heartland Hosts:

• E3 MSR Wedge (HPS-E3-M1)

• E3 PIN Pad (HPS-E3-P1)

4.5.1 E3 MSR Wedge (HPS-E3-M1)

• Hardware-encrypts card data upon swipe.

• Incorporates a Tamper-Resistant Security Module (TRSM) to physically protect data and

encryption keys.

• Available with USB and RS232 connectors.

Figure 4-1 E3 MSR Wedge

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

4.5.2 E3 MSR Wedge Device Interface

4.5.3 E3 MSR Wedge Example Output

See the following Format 2 example output from the E3 MSR Wedge:

<E1050711%B4012001000000016^VI TEST

CREDIT^251200000000000000000000?|

ycO0LNhgiu4XH7J1Lqg8BY6Vc25F3ft3qoTEeqk3wrx7KGh8JSrEUfAAW

|+++++++8q0sLWCB5|11;4012001000000016=25120000000000000000?|

7YIC67MkijZle6TL5Tdw90jCQ3F|+++++++8q0sLWCB5|00|||

/wECAQECAoFGAgEH1AESTDT6jRZwb3NAc2VjdXJlZXhjaGFuZ2UubmV0aXGRuQf68kvJ3Sb

fATjjdctZlBnX2gFQ3chN7Fq2s22bTq/rTVzl7fLQ/j1CGGohcyB

vmmYxGs6ZLDyYL+8EWZFhhjQC7tIKaYMsdua4SxeYAg9wQGHczVI+tTKFXClWEQ8kCKZ6

zHkG5+jJZhjGpO2EWSe18DH3HiKMsDwM8DcA5l5b3GT+pc7XwwK8oEdU3gjOiRo4/fdPm

F/PPBxAET1zlPUq|>

Table 4-9 E3 MSR Wedge Operation Modes

Mode Description

USB HID-KB The POS system receives data from the E3 MSR Wedge as if sent

from a standard USB keyboard. In this mode, you can see the output

by opening a text editor such as Notepad and swiping a card. The

output is in Format 2 per the programmer’s manual.

USB HID-MSR The POS system receives data from the E3 MSR Wedge via its

native USB HID interface in Format 1. For this mode, an ActiveX

control is available for web applications running on Internet Explorer

and provides commands for obtaining the desired output

components.

Also, a command-line application is available that acquires and

reformats the output as Format 2.

USB Virtual-COM or RS232 The POS system receives data from the E3 MSR Wedge via its

native serial COM port interface, which outputs in Form 2.

A virtual COM port driver is available for Windows. The RS232

wedge has a standard 9-PIN serial connector.

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

4.6 E3 PIN Pad (HPS-E3-P1)

The E3 PIN Pad is compatible with standard PIN entry/encryption operations, but is also capable

of functioning with MSR, Europay, Mastercard, and Visa (EMV) smart cards.

• Built-in MSR encrypts at the swipe and TRSM protects the data and keys.

• Hardware-encrypt manually-entered card numbers.

• Available with USB and RS232 connectors.

Figure 4-2 E3 PIN Pad

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

Table 4-10 E3 MSR Wedge Operation Modes

POS System Direction E3 PIN Pad

<STX>E1.3111219098025<ETX>[LRC] → “SWIPE CARD OR ENTER ACCOUNT #” is

displayed on LCD.

← <ACK>

<STX>E2.030<ETX>[LRC] →

← <ACK>

←If card is swiped...

<STX>E3.11%B401200000000001

6^VI TEST CREDIT^25120000000

0000000000000?|V2uvVFzWkBT

NzcX7vcrWTi4jV9AtG2bLYJkCO

i+OA2aY2OiRmw/0ZSQcH|++++

+++X8zr5YaCZ<FS>11;4012000

000000016= 251 20000000000

000000?|7QjTe2v1Qy1L84Q+n6

zudfNOXf|+++++++X8zr5YaCZ

<FS>00||<FS>/wECAQ

ECAoFGAgEH2ggJTHLeIBZwb3N

Ac2VjdXJlZXhjaGFuZ2

UubmV0aFLxu2XTNLs6jIk3Baktb

FZrdJ26dX85Bjkkng Qnmk+3tOhX

RVILvASHnfmao0yl5z7KNBx6Na

7ekL+hry GQ3oPOcOVkEzei8

3Clsc9QSfQJWB9ysAynGc6btccn

fr fjwyJn70KJ1cqQrw623ASSWm

57Hov2fMtWmPpYpQRr54

oAoXZYjUajd0sRXCOn5XeD5Bhp

E/Wzd4Ayn+3 42BGUL0N7hWKm

<ETX>[LRC]

If card number is manually entered...

<STX>E4.114012000000000016

<FS>

+++++++X8zr5YCZ

<FS>/wECAQECAoFGAgEH2g

gJTHLeIBZwb3NA2VjdXJlZXhj

aGFuZ2UubmV0aFLxu2XTNLs6

jIk3Baktb FZrdJ26dX85Bjkkng

Qnmk+3tOhXRVILvASHnfma

o0yl5 z7KNBx6Na7ekL+hryGQ3

oPOcOVkEzei83Clsc9QSfQJW

B9ysAynGc6btccnfrfjwyJn70KJ

1cqQrw623ASSWm57H ov2fM

tWmPYpQRr54oAoXZYjUajd0

sRXCOn5XeD5BhpE /Wzd4Ayn

+342BGUL0N7hWKm<ETX>[LRC]

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

4.6.1 E3 PIN Pad Device Interface

The POS system transmits and receives data to/from the E3 PIN Pad via its native serial COM

port interface. For the USB PIN pad, a virtual COM port driver is available for Windows. The

RS232 PIN pad has a standard 9-PIN serial connector.

All messages are framed using standard Visa protocols:

• <STX>Message<ETX>[LRC]

• <SI>Message<SO>[LRC]

4.6.1.1 E3 PIN Pad Requests

The following messages are sent to the PIN pad to request E3 encrypted card data via card

swipe and/or manual entry:

• <STX>E1.[entry_flag] [disp_flag] [mask_flag] [min len] [max len] [prompt1] [prompt2]<FS>

[prossing_prompt]<ETX>[LRC]

• <STX>E2.[timeout]<ETX>[LRC]

4.6.1.2 E3 PIN Pad Responses

The following messages are returned from the PIN pad with E3 encrypted card data via card

swipe or manual entry:

• Card Swipe: <STX>E3.[trk1]<FS>[trk2]<FS>[trk3]<FS>[ktb]<ETX>[LRC]

• Manual Entry: <STX>E4.[result] [luhn] [obf]<FS>[enc]<FS>[ktb]<ETX>[LRC]

For Internal Use Only

HPS Integrator’s Guide V 17.2 4: E3 Processing Overview

4.6.2 Ingenico iPP300 and iSC Touch Series PIN Pads

You must sign up for an account at the Ingenico Developer Portal and mention that you are

working with Heartland. Retail Base Application (RBA) Integration Kits, Software Development

Kits (SDKs), and integration documentation for these devices can be downloaded from their

portal.

The E3 encryption settings are contained in a digitally signed SECURITY.PGZ files. Work with

Heartland to ensure that the appropriate file is loaded to your devices prior to certification testing

or production deployment.

4.6.3 Equinox L4000 and L5000 Series PIN Pads

You must sign up for an account at the Equinox Developer Portal and mention that you are

working with Heartland. Software Development Kits (SDKs) and integration documentation for

these devices can be downloaded from their portal.

The E3 encryption settings are contained in XML files which must be specified for all forms

(screens) from which card data is obtained, and the forms must be digitally signed. Equinox can

provide a development key to sign the forms for use on a development device, but for production

devices the forms will either need to be signed by Heartland, Equinox, or another entity that has

the appropriate signing tools. Work with Heartland to ensure that the appropriate forms have

been signed and loaded to your devices prior to certification testing or production deployment.

For Internal Use Only

4: E3 Processing Overview HPS Integrator’s Guide V 17.2

For Internal Use Only

HPS Integrator’s Guide V 17.2 5: EMV Processing Overview

Chapter 5: EMV Processing Overview

5.1 Introduction

In 1996, Europay, Mastercard, and Visa first published the “EMV” specifications for the use of

chip cards for payment. EMV® is now a registered trademark of EMVCo, LLC, an organization

jointly owned and operated by American Express, Discover, JCB, Mastercard, UnionPay, and

Visa.

EMVCo manages, maintains, and enhances the EMV Integrated Circuit Card Specifications to

help facilitate global interoperability and compatibility of payment system integrated circuit cards

and acceptance devices. EMVCo maintains and extends specifications, provides testing

methodology, and oversees the testing and approval process.

The EMV Specifications provide a global standard for credit and debit payment cards based on

chip card technology. Payment chip cards contain an embedded microprocessor, a type of small

computer that provides strong security features and other capabilities not possible with traditional

magnetic stripe cards.

Chip cards are available in two forms, contact and contactless.

• For contact, the chip must come into physical contact with the chip reader for the payment

transaction to occur.

• For contactless, the chip must come within sufficient proximity of the reader (less than 4

cm) for the payment transaction to occur. Some cards may support both contact and

contactless interfaces, and non-card form factors such as mobile phones may also be used

for contactless payment.

Heartland recommends that vendors become familiar with general EMV processing prior to initial

implementation at Heartland. A good overview of EMV is available from EMVCo at:

http://www.emvco.com/best_practices.aspx?id=217.

For Internal Use Only

5: EMV Processing Overview HPS Integrator’s Guide V 17.2

5.2 EMV Migration

5.2.1 Enhanced Security

EMV is designed to significantly improve consumer card payment security by providing features

for reducing fraudulent transactions that result from counterfeit and lost and stolen cards. Due to

increased credit card breaches, this enhanced security has become a significant necessity.

The key security features are:

5.2.2 Card Brand Mandates

Effective April 2013, acquirer processors and sub-processor service providers are required to

support merchant acceptance of EMV chip transactions.

Table 5-1 Key Security Features

Key Security Feature Description

Card Authentication The terminal can authenticate the legitimacy of the card by using a

public-key infrastructure (PKI) and Rivest, Shamir, and Adleman (RSA)

cryptography to validate signed data from the card. The issuer can

authenticate the legitimacy of the card by validating a unique cryptogram

generated by the card for each payment transaction. These features will

help protect against counterfeit fraud.

Risk Management EMV introduces localized parameters to define the conditions under which

the issuer will permit the chip card to be used and force transactions online

for authorization under certain conditions such as offline limits being

exceeded.

Transaction Integrity Payment data such as purchase and cashback amounts are part of the

cryptogram generation and authentication processing, which will help

ensure the integrity of this data across authorization, settlement, and

clearing.

Cardholder Verification More robust cardholder verification processes and methods such as online

PIN (verified online by issuer) and offline PIN (verified offline by card) will

help protect against lost and stolen fraud.

For Internal Use Only

HPS Integrator’s Guide V 17.2 5: EMV Processing Overview

5.2.3 Fraud Liability Shifts

Effective October 2015 (or October 2017 for automated fuel dispensers), a merchant that does

not support EMV assumes liability for counterfeit card transactions.

There are two types of liability shifts:

5.2.4 PCI Audit Waivers

Effective October 2012, the card brands will waive PCI DSS compliance validation requirements

if the merchant invests in contact and contactless chip payment terminals. For example, Visa’s

Technology Innovation Program (TIP) provides PCI audit relief to qualifying merchants (Level 1

and Level 2 merchants that process more than 1 million Visa transactions annually) when 75

percent of the merchant’s Visa transactions originate at a dual-interface EMV chip-enabled

terminal. Mastercard offers a similar program.

Table 5-2 Liability Shifts

Liability Shift Description

Chip Liability Shift An issuer may charge back a counterfeit fraud transaction that occurred at a

non-EMV POS terminal if the valid card issued was a chip card.

Chip/PIN Liability Shift An issuer may charge back a lost or stolen fraud transaction that occurred at

an EMV POS terminal that was not PIN-capable if the card involved was a

PIN-preferring chip card. A PIN-preferring chip card is defined as an EMV chip

card that has been personalized so that a PIN CVM option (online PIN or

offline PIN) appears in the card’s CVM list with a higher priority than the

signature option.

For Internal Use Only

5: EMV Processing Overview HPS Integrator’s Guide V 17.2

5.3 EMV Specifications

This document provides guidelines for EMV integration, but it does not contain all the EMV

requirements. It should be used in conjunction with the following documents:

5.3.1 Contact Specifications

For EMV contact card acceptance, device manufacturers and payment application developers

must adhere to the following specifications:

Table 5-3 Contact Specifications

Source Specification

EMVCo • EMV Specifications v4.3 (Nov 2011) –

http://www.emvco.com/specifications.aspx?id=223

– Book 1: Application Independent ICC to Terminal Interface Requirements

– Book 2: Security and Key Management

– Book 3: Application Specification

– Book 4: Cardholder, Attendant, and Acquirer Interface Requirements

Visa • Transaction Acceptance Device Guide v3.1 (Nov 2016)

• Integrated Circuit Card Specification v1.6 (Jan 2016)

Mastercard • M/Chip Requirements for Contact and Contactless (Sep 2016)

American Express • AEIPS Terminal Implementation Guide v4.3 (April 2015)

• AEIPS Terminal Technical Manual v4.3 (April 2015)

Discover • Contact D-PAS Acquirer Implementation Guide v3.2 (Jul 2016)

• D-PAS Terminal Specification v1.0 (Jun 2009)

For Internal Use Only

HPS Integrator’s Guide V 17.2 5: EMV Processing Overview

5.3.2 Contactless Specifications

For EMV contactless card acceptance, device manufacturers and payment application

developers must adhere to the following specifications:

5.3.3 Heartland Host Specifications

Information given in this document for each network platform is meant to be an overview only.

The latest version of these Heartland platform specifications should be used for complete

message requirements and formats:

Table 5-4 Contactless Specifications

Source Specification

EMVCo • EMV Contactless Specifications v2.6 (May 2016) –

http://www.emvco.com/specifications.aspx?id=21

– Book A: Architecture and General Requirements

– Book B: Entry Point

– Books C [C-1, C-2, C-3, C-4, C-5, C-6, C-7]: Kernel Specifications

– Book D: Contactless Communication Protocol

Visa • Transaction Acceptance Device Guide v3.1 (Nov 2016)

• Contactless Payment Specification v2.1 (May 2009)

Mastercard • M\Chip Requirements for Contact and Contactless (Sep 2016)

• Contactless Reader Specification v3.1 (Jun 2015)

American Express • Contactless NFC Terminal Implementation Guide v1.0 (Mar 2014)

• Expresspay Terminal Specification v3.0 (Feb 2012)

Discover • Contactless D-PAS Acquirer Implementation Guide v1.2 (Jul 2016)

• Contactless D-PAS Terminal Application Specification v1.0 (May 2013)

Table 5-5 Heartland Host Specifications

Platform Specification

Exchange • Exchange Host Specifications

Portico • Portico Developer Guide

NWS • Z01 Specifications

• POS 8583 Specifications

• SpiDr Specifications Developer’s Guide

VAPS • Network Terminal Specifications (NTS)

• POS 8583 Specifications

• SpiDr Specifications Developer’s Guide

For Internal Use Only

5: EMV Processing Overview HPS Integrator’s Guide V 17.2

5.4 EMV Online vs. Offline

In the magstripe world, the term “offline” is often associated with certain types of transactions that

may occur when host communications are down, such as voice authorization, deferred

authorization (i.e. store and forward), and forced acceptance (i.e. merchant/acquirer stand-in).

Those same transactions can still occur in the EMV world as well, but there are several additional

uses of the term “offline” for EMV.

5.4.1 Card Authentication

5.4.2 Cardholder Verification

5.4.3 Authorization

Table 5-6 Card Authentication

Online Card Authentication vs. Offline Card Authentication

The transaction is sent online to an issuer who

authenticates the CVV in the track data for swiped

transactions, or CVV2 on the back of the card for

manually entered transactions.

The card may be authenticated offline by the terminal

using a PKI and RSA cryptography to verify that

certain static and/or dynamic data elements have been

digitally signed by the legitimate card issuer.

Table 5-7 Cardholder Verification

Online Cardholder Verification vs. Offline Cardholder Verification

The transaction is sent online to an issuer who

verifies that the online PIN or AVS data is correct.

An offline PIN may be securely stored on the card, so

the PIN entered on the PIN entry device may be sent

to the card in plaintext or enciphered format to be

validated by the card.

Table 5-8 Authorization

Online Authorization vs. Offline Authorization

The transaction is sent online to an issuer who

approves or declines the transaction.

Based on the amount of the transaction, and the risk

management criteria established by the card and the

terminal, a transaction may be approved or declined by

the card on behalf of the issuer, either with or without

attempt to go online to the issuer.

For Internal Use Only

HPS Integrator’s Guide V 17.2 5: EMV Processing Overview

5.5 Full vs. Partial EMV Transactions and Flow

EMV POS solutions typically support both “full” EMV transactions and “partial” EMV transactions

as follows:

5.5.1 Full vs. Partial Transaction Flow

Table 5-9 Full vs. Partial EMV Transactions and Flow

EMV Transaction Description

Full EMV Transactions Transactions such as Purchases and Pre-Authorizations where the full EMV

transaction flow (i.e. the interaction between the card and terminal) is

performed and the card participates in the authorization decision, whether

online or offline.

Partial EMV Transactions Transactions such as Returns and Reversals where the EMV transaction

flow is only partially performed to the extent necessary to get the card data

from the chip and the card does not participate in the authorization decision.

Table 5-10 Full vs. Partial Transaction Flow

EMV Transaction Step Full

EMV

Partial

EMV Notes

Card Acquisition 

Card is inserted or tapped.

Application Selection 

Initiate Application Processing 

Read Application Data 

Offline Data Authentication 

Processing Restrictions 

Cardholder Verification 

Terminal Risk Management 

Terminal Action Analysis 

For partial EMV transactions, the terminal requests an AAC

at 1st GENERATE AC to terminate card usage.

Card Action Analysis 

For partial EMV transactions, the card always returns an

AAC.

Online Processing 

Issuer Authentication 

Completion 

Issuer Script Processing 

Card Removal 

Prompt to remove card if it was inserted.

For Internal Use Only

5: EMV Processing Overview HPS Integrator’s Guide V 17.2

5.5.2 Full vs. Partial Credit Transactions

Table 5-11 Full vs. Partial Credit Transactions

EMV Transactions Full

EMV

Partial

EMV Notes

Bill Payment 

Card Verify 

Cash Advance 

Incremental Authorization No chip data should be sent.

Offline Decline Advice AAC received at 1st GENERATE AC or due to failed Issuer

Authentication at 2nd GENERATE AC.

Offline Purchase Advice



Full for EMV offline approvals where TC received at 1st

GENERATE AC or after failed host communications at 2nd

GENERATE AC.

Partial for voice authorizations if PAN obtained from chip.

Online Purchase ARQC received at 1st GENERATE AC.

Pre-Authorization 

Pre-Auth Completion No chip data should be sent.

Purchase Return To obtain PAN from chip if needed.

Reversal on Timeout PAN and chip data from original authorization should be sent

unless otherwise stated in the network specifications. (This is

currently not applicable for the NTS platform.)

Note: No EMV data will be returned in the response.

Void PAN and chip data from original authorization should be sent.

This should be the final chip data available from the original

authorization. Typically, this would be from the 2nd GEN AC

for contact and from the 1st GEN AC for contactless.

Note: No EMV data will be returned in the response.

For Internal Use Only

HPS Integrator’s Guide V 17.2 5: EMV Processing Overview

5.5.3 Full vs. Partial Debit Transactions

Table 5-12 Full vs. Partial Debit Transactions

EMV Transactions Full

EMV

Partial

EMV Notes

Offline Decline Advice AAC received at 1st GENERATE AC or due to failed Issuer

Authentication at 2nd GENERATE AC.

Online Purchase ARQC received at 1st GENERATE AC.

Pre-Authorization 

Pre-Auth Completion No chip data should be sent.

Purchase Return ARQC or AAC received at 1st GENERATE AC.

Reversal on Timeout PAN and chip data from original authorization should be sent.

Note: No EMV data will be returned in the response.

Void PAN and chip data from original authorization should be sent.

This should be the final chip data available from the original

authorization. Typically, this would be from the 2nd GEN AC for

contact and from the 1st GEN AC for contactless.

Note: No EMV data will be returned in the response for Void.

For Internal Use Only

5: EMV Processing Overview HPS Integrator’s Guide V 17.2

For Internal Use Only

HPS Integrator’s Guide V 17.2 6: EMV Development Overview

Chapter 6: EMV Development Overview

6.1 EMV Terminals

In order to develop an EMV POS solution, an approved EMV transaction acceptance device

must be used. In this document all such devices, whether they are a countertop terminal,

multi-function PIN pad, multi-lane signature capture device, automated fuel dispenser module,

etc., will be referred as a 'terminal'.

6.1.1 Contact Devices

For EMV contact card acceptance, use any terminal if all of the following criteria apply:

• Contains an EMVCo Level 1 Contact approved Interface Module (IFM) evaluated against

the EMV ICC Specifications, Book 1 v4.0 or later.

• Contains a Mastercard Terminal Quality Management (TQM) approved IFM.

• Is running an EMVCo Level 2 Contact approved application kernel evaluated against the

EMV ICC Specifications v4.3 or later.

• Contains a PCI PTS 3.x or 4.x approved PIN Entry Device (PED) or Encrypting PIN Pad

(EPP), if you plan to support PIN.

6.1.2 Contactless Devices

For EMV contactless card acceptance, use any terminal if all of the following criteria apply:

• Contains an EMVCo Level 1 Contactless approved Proximity Coupling Device (PCD)

evaluated against the EMV Contactless Specifications, Book D v2.2 or later.

• Contains a Mastercard TQM approved PCD.

• Is running a Visa approved payWave application kernel evaluated against the Visa

Contactless Payment Specification v2.1.1 or later.

• Is running a Mastercard approved Mastercard Contactless application kernel approved

against the Mastercard Contactless Reader Specification v3.0.1 or later.

• Is running an American Express approved Expresspay application kernel evaluated

against the Expresspay Terminal Specification v3.0 or later.

• Is running a Discover approved D-PAS application kernel evaluated against the

Contactless D-PAS Terminal Payment Application v1.0 or later.

• Contains a PCI PTS 3.x or 4.x approved PED or EPP, if you plan to support PIN.

REQUIREMENT An EMV POS Solution cannot be certified unless the EMVCo Level 1 and Level 2 Letters of

Approval for your terminal(s) of choice are current and not about to expire.

For Internal Use Only

6: EMV Development Overview HPS Integrator’s Guide V 17.2

6.1.3 Letters of Approval

The EMVCo and PCI approval numbers and/or Letters of Approval (LoAs) can be obtained from

their respective websites:

•http://www.emvco.com/approvals.aspx?id=83

•https://www.pcisecuritystandards.org/approved_companies_providers/approved_pin_trans

action_security.php

The other approval numbers and/or LoAs can be obtained from the device supplier or

manufacturer.

6.2 EMV Solutions

The type of EMV POS solution to be developed is an important consideration as this will

determine the level of expertise needed, the amount of time it will take and whether a full EMV

certification will be required.

6.2.1 Integrated

Integrated solutions typically involve an Electronic Cash Register (ECR) that is connected to a

terminal containing the EMV kernel and providing all EMV functionality including card acquisition

and PIN entry.

6.2.2 Standalone

Standalone solutions consist of a terminal that runs the POS software, contains the EMV kernel

and provides all EMV functionality. PIN entry occurs on an internal or external PIN pad and if

contactless is supported, the reader may be integrated into the terminal or be a separate device.

A standalone solution is in scope for PCI and full EMV certification.

Table 6-1 Integrated Solutions

Integrated Solution Description

Fully Integrated The terminal provides the EMV functionality, but the ECR still handles

card data and host communication. Therefore, it is in scope for PCI and

full EMV certification.

Semi-Integrated The terminal not only provides the EMV functionality, but also handles the

host communication, so the ECR does not see the card data. Therefore,

the ECR is not in scope for PCI or full EMV certification. Only a minimal

EMV validation script must be run for semi-integrated solutions.

For Internal Use Only

HPS Integrator’s Guide V 17.2 6: EMV Development Overview

6.3 EMV Certifications

Magstripe swiped and key entered transactions will continue to be certified directly through

Heartland per the existing processes already in place. However, EMV requires additional

certifications. Each card brand has its own proprietary chip applications that run on EMV cards

bearing their brand. For that reason, each card brand has its own certification requirements that

must be met and submitted for approval.

6.3.1 Test Requirements

The card brand certification requirements must be met for each distinct POS configuration that

will be deployed, which is defined by a unique combination of:

• The kernel software, which includes the Level 2 Contact Application Kernel and/or Level 2

Contactless Application Kernel (payWave, Mastercard Contactless, Expresspay, etc.).

• The terminal application software, which includes the payment application software and

the terminal-to-acquirer communication software.

• The specific terminal configuration, which includes use of a particular EMVCo Level 2

approved kernel configuration for the specific Terminal Type, Terminal Capabilities and

other relevant terminal parameter settings.

• The complete connection path from the terminal to the card brand.

The card brand certification requirements must be met when any <