PayPass M-TIP. Test Case User Guide. October 2012

Transcription

1 PayPass M-TIP Test Case User Guide October 2012

2 Copyright The information contained in this manual is proprietary and confidential to Master International Incorporated (Master) and its members. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of Master. Media This document is available in both electronic and printed format. Master Worldwide - CCoE Chaussée de Tervuren, 198A B-1410 Waterloo Belgium Fax:

3 Table of Contents 1 Using this Manual Scope Audience Terminology Related Publications Abbreviations Notations History Introduction Terminal Integration Testing Process Introduction to the M-TIP s Testing requirements Test Cases Test Case Template Description Common PayPass M/Chip Test Cases...9 TC001 - Regression card does not support any ODA...9 TC002 - Regression CDA TC003 - Regression different CA key lengths TC004 - Regression exponent 2^ TC005 - Regression Offline-only & ARQC TC011 - Interoperability various uncommon data/length TC012 - Interoperability CDOL1 includes tags forbidden in DE TC021 - Integration/capabilities OfflinePIN not supported in PayPass TC024 - Integration/capabilities cardholder receipt TC025 - Integration/capabilities refund TC026 - Integration/capabilities Data Storage TC033 - Integration/CVM transactions below the CVM Required Limit TC034 - Integration/CVM ATM TC037 Integration/Mobile Non-[PayPass3.0] terminal vs Mobile device TC038 - Integration/Mobile On-Device cardholder verification requested TC041 - Integration/online message Gratuities / Tips TC042 - Integration/online message Issuer response: successful TC043 - Integration/online message Issuer response: unsuccessful TC045 - Integration/online message Issuer response contains script TC046 - Integration/online message Network mandatory data not in CDOL TC047 - Integration/online message PAN sequence number from chip TC048 - Integration/online message PAN sequence number not returned TC049 - Integration/online message Full Grade TC050 - Integration/online message PayPass Values in Existing Authorization Fields TC051 - Integration/online message Online PIN TC052 - Integration/online message Issuer response: wrong Online PIN TC053 Integration/online message Track 2 Equivalent Data must be used in the authorization request TC054 - Integration/online message CVM Results in authorization message TC055 Integration/online message Device Type data element in the authorization request TC061 - Integration/ Contactless Transaction Limit TC062 Integration/ Terminal application version number for PayPass - M/Chip is TC065 - Integration PIX extension PayPass M-TIP Test Case User Guide October 2012 i

4 Table of Contents TC066 - Integration service code indicates a chip is present on card TC067 - Integration service code indicates Online PIN TC070 Integration Application Selection without cardholder assistance Master PayPass M/Chip Test Cases TC201 - Regression SDA TC221 - Integration/CVM attended terminal TC222 - Integration/CVM CAT TC223 - Integration/CVM CAT2 and CAT TC260 Integration/ Purchase with Cash Back Maestro PayPass M/Chip Test Cases TC401 - Integration/capabilities No PayPass Mag Stripe TC410 - Integration/CVM Online PIN above the CVM Required Limit (Maestro PayPass in soft limit markets) TC411 - Integration/CVM nocvm above the CVM Required Limit (soft limit market) TC412 - Integration/CVM No CVM below the CVM Required Limit PayPass Mag Stripe Test Cases TC601 - Interoperability various uncommon data/length TC611 - Integration Service Code checking TC612 - Integration ATC in discretionary data TC613 - Integration Issuer response: unsuccessful TC614 - Integration Traditional Mag Stripe TC615 Integration Track 1 and Track 2 data are processed independently TC616 - Integration Track1 data not fully populated TC681 Integration/Mobile Non-[PayPass3.0] terminal vs Mobile device (Mag-Stripe) TC682 Integration/Mobile On-Device cardholder verification not requested TC683 - Integration/Mobile On-Device cardholder verification requested TC684 - Integration/Mobile PIN verification successful Test Scenarios for M-TIP Subset M-TIP Subset 8 card details Using the Test s Test Scenario Template Description Test Scenarios for Master PayPass M/Chip Test Scenarios for Maestro PayPass M/Chip Test Scenarios for M-TIP Subset M-TIP Subset 6 card details Using the Test s Test Scenario Template Description Test Scenarios for PayPass Mag Stripe Annexes RSA Keys used DES Keys used DES Key Used for PVV and CVC ii PayPass M-TIP Test Case User Guide October 2012

5 Using this Manual 1 Using this Manual This chapter contains information that helps you understand and use this document. 1.1 Scope This document lists the PayPass Mag Stripe and PayPass M/Chip test cases and test scenarios used for the PayPass M-TIP. 1.2 Audience This document is intended for use by terminal vendors and Acquirers who want to obtain approval for their PayPass implementation. 1.3 Terminology 'Terminal' vs. 'reader' In many cases the PayPass reader is separate from the POS terminal. However, when dealing with M-TIP it makes more sense to consider both the separate reader and the POS terminal as a single device. Therefore this document will use the term terminal or PayPass terminal in order to refer to: the device providing the contactless interface used by the PayPass card and the device supporting the PayPass application and the device sending the authorization/clearing messages online. '' This document uses the term "card" or "M-TIP card" but the test tool could also be a card simulator or a probe. 'Contactless Transaction Limit' This document uses the term "Contactless Transaction Limit" in order to refer to: the "Terminal Contactless Transaction Limit" (used in [PayPass2.x] and [PPReq2011]) the "Reader Contactless Transaction Limit (No On-device CVM)" (used in [PayPass3.0]) PayPass M-TIP Test Case User Guide October

6 Using this Manual 1.4 Related Publications The following publications contain information related to the contents of this manual. PPReq2011 PayPass - M/Chip Requirements, 5 December 2011 PayPass3.0 PayPass2.1 PayPass2.0 PayPass2.x PayPass M/Chip Reader Application Interface Specification V3.0.1 April 2012 PayPass M/Chip Reader Application Interface Specification (V2.1) + PayPass M/Chip Application#18 (April 12, 2010) PayPass M/Chip Reader Application Interface Specification (V2.0) + PayPass M/Chip Application#15 (April 2, 2009) [PayPass2.1] or [PayPass2.0] MChip2011 M/Chip Requirements - 29 June 2011 CustomerIntfce Customer Interface Specification 6 April 2012 MTIPguide M-TIP Process Guide 20 July 2012 EMV BOOK 1 EMV BOOK 2 EMV BOOK 3 EMV BOOK 4 ICC Specification for Payment Systems: Application Independent ICC to Terminal Interface Requirements. Version 4.2, June ICC Specification for Payment Systems: Security & Key Management. Version 4.2, June ICC Specification for Payment Systems: Application Specification. Version 4.2, June ICC Specification for Payment Systems: holder, Attendant and Acquirer Interface Requirements. Version 4.2, June Abbreviations The following abbreviations are used in this manual: Abbreviation AAC AFL AID AIP ARQC ATC CA Public Key CDA CDOL CVM Description Application Authentication Cryptogram Application File Locator Application Identifier Application Interchange Profile Authorization Request Cryptogram Application Transaction Counter Certification Authority Public Key Combined DDA/AC generation Risk Management Data Object List holder Verification Method 2 PayPass M-TIP Test Case User Guide October 2012

7 Using this Manual EMV IAC ICC M/Chip PAN PDOL PIN POS PPSE RFU RID SDA TAC TC TVR Europay Master Visa Issuer Action Code Integrated Circuit Master Chip Primary Account Number Processing Data Object List Personal Identification Number Point of Sale PayPass Payment System Environment Reserved for Future Use Registered Application Provider Identifier Static Data Authentication Terminal Authentication Code Transaction Certificate Terminal Verification Results 1.6 Notations The following notations apply: Notation Description 0 to 9 and A to F 16 hexadecimal digits. Values expressed in hexadecimal form are enclosed in single quotes (i.e. _ ). 1001b abcd Binary notation. Values expressed in binary form are followed by a lower case b. an or ans string. # Number. [ ] xx Optional part. Any value. 1.7 History The following lists the main changes: Version Changes September 2012 New version aligned with [PPReq2011] PayPass M-TIP Test Case User Guide October

8 Introduction 2 Introduction This chapter contains an introduction to the M-TIP testing processes and the M-TIP cards. 2.1 Terminal Integration Testing Process The M-TIP process defined in [MTIPprocess] is applicable for PayPass terminals supporting [PayPass2.x] or [PayPass3.0]. Acquirers must complete the M-TIP process before deploying and using a terminal in a live environment. The objective of the M-TIP process is to ensure the terminal meets the Master requirements described in [PPReq2011]. The current document describes: the M-TIP test cases that are defined to ensure the correct implementation of the Master requirements. the test scenarios that must be executed in M-TIP. The test scenarios refer to one or several test cases. Each test scenario involves an M-TIP card. A Test Scenario is a short test procedure permitting to check one or several specification requirements identified in the Test Cases. This is outlined in the figure below: Specifications (requirements) Test Cases Test Scenario Test Case # 1 + Test Case # 2 + Test Case # 3 xx TIP cards 4 PayPass M-TIP Test Case User Guide October 2012

9 Introduction 2.2 Introduction to the M-TIP s About M-TIP s Master has designed sets of test cards, to allow the acquirer to test that the host and terminal payment applications are compliant with Master requirements. The M-TIP cards are grouped into different subsets in order to allow targeted testing. For the M-TIP process, the following PayPass subsets are used. For PayPass M/Chip terminals, the Subset 6 ensures that the PayPass M/Chip terminals correctly work with PayPass Mag Stripe cards. that the Subset 6 is also used during Network Interface Validation (NIV) tests of PayPass Mag Stripe terminals. However the current document is M-TIP-focused so the Subset 6 will sometimes be referred to as "M-TIP Subset 6". The Subset 8 ensures that the PayPass M/Chip terminals correctly work with PayPass M/Chip cards. Number of s The following table summarizes the content of the PayPass M-TIP Subsets. Subset Type Number of cards Subset 6 PayPass Mag Stripe cards 11 PayPass M/Chip cards 1 Master PayPass M/Chip cards 20 Subset 8 Maestro PayPass M/Chip cards 20 Combo cards (both Master and Maestro PayPass M/Chip) 2 Total Number of cards 54 that the tests defined in this document do not use all the cards above. The few unused cards may be removed in the next future. PayPass M-TIP Test Case User Guide October

10 Introduction 2.3 Testing requirements During the M-TIP testing session, the terminal must be as close as possible as it will be in the live environment. In particular, the terminal must be configured as follows. The list of Application Identifiers (AID) supported by the terminal must be the ones intended for live deployment. Application Version Number PayPass Mag Stripe: Terminal Application version number shall be set to 0001 for PayPass Mag Stripe. Application Version Number PayPass M/Chip: Terminal Application version number shall be set to 0002 for PayPass M/Chip. The Terminal Contactless Transaction Limit shall have the same value as in the field for Master and Maestro applications. The Terminal Contactless Transaction Limit (On Device CVM), when applicable, shall have the same value as in the field for Master and Maestro applications. The Terminal Contactless Floor Limit shall have the same value as in the field for Master and Maestro applications The Terminal CVM Required Limit, when applicable, shall have the same value as in the field for Master and Maestro applications. However the Certification Authority Public Keys shall be the test keys defined further in the section "RSA Keys used". 6 PayPass M-TIP Test Case User Guide October 2012

11 Test Cases 3 Test Cases This chapter lists the high level PayPass M/Chip M-TIP Test Cases. 3.1 Test Case Template Description Overview TC002 - Regression CDA Below is an example of Test Case. This template is described here after. Reference Documentation Test To ensure that the PayPass terminal performs CDA correctly. Terminal supports CDA [PPReq2011]: Section Offline Data Authentication Requirements p2-11 The transaction amount must be below the Contactless Transaction Limit. The AIP byte 1 indicates that CDA is supported. Data returned by card is such as the transaction can be approved offline*. The terminal shall send request a TC with CDA ( 50 ) in the Generate AC. Transaction shall be approved offline. *: most of the PayPass terminals will bypass the CDA if the transaction is declined or sent online, see the transaction flow in technical specifications. TC002 - Regression CDA Test Case name The Test Case is as follows: TCxyy - [Test category] - [Test title]. TCxyy uniquely identifies the Test Case. It follows the below rules: TC0yy: Common PayPass M/Chip Test Cases TC2yy: Master PayPass M/Chip Test Cases TC4yy: Maestro PayPass M/Chip Test Cases TC6yy: PayPass Mag Stripe Test Cases [Test category] can be the following: "Regression": major Level2 tests that are re-performed during M-TIP to ensure no regression occurs when integrating the product in the live environment. "Interoperability": these tests are basic tests that are re-performed during M- TIP because they often led to interoperability issues. PayPass M-TIP Test Case User Guide October

12 Test Cases "Integration": those tests ensure the PayPass terminal complies with the Master requirements defined in [PPReq2011]. To ensure that the PayPass terminal performs CDA correctly. This is a short description of the objective of the test. Terminal supports CDA This gives the conditions for the test to be applicable. Reference Documentation Reference Documentation [PPReq2011]: Section Offline Data Authentication Requirements p2-11 This makes a reference to the related requirement in the specifications. Test Test The transaction amount must be below the Contactless Transaction Limit. The AIP byte 1 indicates that CDA is supported. Data returned by card is such as the transaction can be approved offline*. This lists all the conditions required for testing the objective. : the test conditions often assume that the reader supports the "Contactless Transaction Limit". If not, it is obvious that the related condition shall be disregarded. The terminal shall send request a TC with CDA ( 50 ) in the Generate AC. Transaction shall be approved offline. This lists the conditions required in order to pass the test. *: most of the PayPass terminals will bypass the CDA if the transaction is declined or sent online, see the transaction flow in technical specifications. Some Test Cases include a note in order to clarify some test details. 8 PayPass M-TIP Test Case User Guide October 2012

13 Test Cases 3.2 Common PayPass M/Chip Test Cases The test cases described in this section apply to terminals that accept either Master PayPass or Maestro PayPass. TC001 - Regression card does not support any ODA Reference Documentation Test To ensure the PayPass terminal correctly behaves when the card does not support any offline data authentication method. As per below sub-cases Regression test no specific reference The transaction amount must be below the Contactless Transaction Limit. The AIP byte 1 indicates that SDA, DDA and CDA are NOT supported. Tests are run for Master and Maestro applications, when applicable: Case 1a: [if CVM Required Limit is not zero] amount is below the Floor Limit (and terminal is online capable)* Case 1b: [if CVM Required Limit is zero] amount is below the Floor Limit (and terminal is online capable) Case 2: amount is above the Floor Limit Case 3: terminal is offline-only The terminal will set the TVR byte 1 bit 8 (offline data authentication not performed). Cases 1 & 2: Online capable terminals shall request an ARQC as per TAC settings, even if the amount is below the Floor Limit. Case 3: Offline-only terminals will decline the transaction offline as per TAC settings. *: if the CVM Required Limit is lower than the Floor Limit and if both the card and the terminal support Online PIN, the amount should be below the CVM Required Limit in order to not set the TVR byte 3 bit 3 ( OnlinePIN entered ). PayPass M-TIP Test Case User Guide October

14 Test Cases TC002 - Regression CDA Reference Documentation Test To ensure that the PayPass terminal performs CDA correctly. Terminal supports CDA [PPReq2011]: Section Offline Authentication p4-10 The transaction amount must be below the Contactless Transaction Limit. The AIP byte 1 indicates that CDA is supported. Tests are run for Master and Maestro applications, when applicable. Case 1: the amount is below the Floor Limit. Data returned by card is such that the transaction can be approved offline*. Case 2 (terminal supports [PayPass3.0]): the amount is above the Floor Limit TVR byte 1 bit 8 is not set (offline data authentication was performed). TVR byte 1 bit 7 is not set (SDA did not fail). TVR byte 1 bit 4 is not set (DDA did not fail). TVR byte 1 bit 3 is not set (CDA did not fail). Case 1: The terminal shall request a TC with CDA ( 50 ) in the Generate AC. The transaction shall be approved offline. Case 2: The terminal shall request an ARQC with CDA ( 90 ) in the Generate AC. The transaction shall be approved online. *: PayPass terminals supporting [PayPass2.x ] will bypass the CDA if the transaction is declined or sent online, see the transaction flow in technical specifications. TC003 - Regression different CA key lengths Reference Documentation Test To ensure the PayPass terminal correctly supports different certification authority public key lengths. Terminal supports SDA or CDA Regression test no specific reference The transaction amount must be below the Contactless Transaction Limit. The AIP byte 1 indicates that SDA or/and CDA is supported. If the terminal supports [PayPass2.x ], data returned by card is such as the transaction can be approved offline*. Tests are run for Master and Maestro applications, when applicable: Case 1: CA key length is 1152/144 Case 2: CA key length is 1408/176 Case 3: CA key length is 1984/248 The TVR shall indicate that the ODA was performed: TVR byte 1 bit 8 =0. Transaction shall be approved. *: PayPass terminals supporting [PayPass2.x ] will bypass the CDA if the transaction is declined or sent online, see the transaction flow in technical specifications. 10 PayPass M-TIP Test Case User Guide October 2012

15 Test Cases TC004 - Regression exponent 2^16+1 Reference Documentation Test To ensure the PayPass terminal correctly supports the exponent 2^16+1. Terminal supports CDA Regression test no specific reference The transaction amount must be below the Contactless Transaction Limit. The AIP byte 1 indicates that CDA is supported. ICC public key exponent is 2^16+1. If the terminal supports [PayPass2.x ], data returned by card is such as the transaction can be approved offline*. Tests are run for Master and Maestro applications, when applicable. The TVR shall indicate that the ODA was performed: TVR byte 1 bit 8 =0. Transaction shall be approved. *: PayPass terminals supporting [PayPass2.x ] will bypass the CDA if the transaction is declined or sent online, see the transaction flow in technical specifications. TC005 - Regression Offline-only & ARQC Reference Documentation Test To ensure that offline-only PayPass terminal correctly behaves when the card erroneously sends an ARQC. Terminal is offline-only Regression test no specific reference The transaction amount must be below the Contactless Transaction Limit. The AIP byte 1 indicates that CDA is supported. The card is such as it always returns an ARQC. Tests are run for Master and Maestro applications, when applicable. The offline-only PayPass terminal shall terminate the transaction upon reception of the ARQC PayPass M-TIP Test Case User Guide October

16 Test Cases TC011 - Interoperability various uncommon data/length Reference Documentation Test To ensure the PayPass terminal correctly behaves when it receives uncommon data value or length from the card. Always applicable Interoperability test no specific reference The transaction amount must be below the Contactless Transaction Limit. The card returns the data defined below. Tests are run for Master and Maestro applications, when applicable: Case 1: Unknown tags (e.g.: 88 ) in PPSE response Case 2: Service Code inconsistency between track2 ( 57 ) and specific tag ( 5F30 ) Case 3: Discretionary Data inconsistency between track2 ( 57 ) and specific tag ( 9F20 ) Case 4: Track1 discretionary data (tag 9F1F ) with maximum length (48 bytes) Case 5: Track2 ( 57 ) with maximum acceptable length (37 digits) Case 6: Unrecognized CVM returned in the CVM list Case 7: IAD ( 9F10 ) with maximum length Case 8: the signed record is padded up to 254 bytes with '00's. supports SDA only. Case 9: the signed record is padded up to 254 bytes with '00's. supports CDA. Case 10: PayPass Third Party data ( 9F6E ) with length 5. Case 11: PayPass Third Party data ( 9F6E ) with length 32. In all cases the terminal shall approve the transaction. TC012 - Interoperability CDOL1 includes tags forbidden in DE 55 Reference Documentation Test To ensure the PayPass terminal correctly behaves when the CDOL1 includes tags being forbidden in the DE 55. Terminal is online capable. Interoperability test no specific reference The transaction amount must be below the Contactless Transaction Limit. The card requests 9F21 (Transaction Time) and 9F40 (Additional Terminal Capabilities) in CDOL1. Those data items are forbidden in DE 55. The network simulator validates the ARQC and returns the response '00' (Approved). Tests are run for Master and Maestro applications, when applicable. The Terminal shall not send the tags 9F21 and 9F40 to the network. The Terminal shall approve the transaction. 12 PayPass M-TIP Test Case User Guide October 2012

17 Test Cases TC021 - Integration/capabilities OfflinePIN not supported in PayPass Reference Documentation Test To ensure the PayPass terminal does not support offlinepin. Always applicable [PPReq2011]: holder Verification page 4-13 The transaction amount must be below the Contactless Transaction Limit. The AIP byte 1 bit 5 indicates holder Verification supported. The first CVM in the card CVM list is OfflinePIN. Tests are run for Master and Maestro applications, when applicable: Case 1: amount is below the CVM Required Limit Case 2: amount is above the CVM Required Limit The terminal does not send any VerifyPIN command. The CVM results byte 1 is different from '41'. The PayPass transaction completes successfully. TC024 - Integration/capabilities cardholder receipt Reference Documentation Test To ensure that the PayPass terminal is able to print a cardholder receipt. Terminal supports receipt printing [PPReq2011]: Section Receipts page 4-15 Tests are run for Master and Maestro applications, when applicable. Case 1: amount is below the CVM Required Limit Case 2: amount is above the CVM Required Limit The terminal shall approve the PayPass transaction. Case 1:The PayPass terminal shall be able to print a cardholder receipt in case the cardholder requests it. Case 2: The PayPass terminal must print a cardholder receipt. PayPass M-TIP Test Case User Guide October

18 Test Cases TC025 - Integration/capabilities refund Reference Documentation Test To ensure the PayPass terminal correctly performs refund. Terminal supports refund [PPReq2011]: Section Refunds page First step is to perform the purchase: The transaction amount must be below the Contactless Transaction Limit. - Second step is to perform the refund: If requested, the refund amount must be the same as the purchase amount. Tests are run for Master and Maestro applications, when applicable: Case 1: [terminal supports [PayPass2.0]] PayPass M/Chip transaction to be refunded Case 2: [terminal supports [PayPass2.1] or [PayPass3.0]] PayPass M/Chip transaction to be refunded Case 3: PayPass Mag Stripe Master transaction Case 1: The first transaction is approved. In the second transaction, the end of the transaction is out of scope. At the end of the refund process, the terminal displays a message to inform the cardholder that refund has been done successfully. Case 2: The first transaction is approved. In the second transaction, the PayPass terminal requests an AAC. At the end of the refund process, the terminal displays a message to inform the cardholder that refund has been done successfully. Case 3: The first transaction is approved. At the end of the refund process, the terminal displays a message to inform the cardholder that refund has been done successfully. 14 PayPass M-TIP Test Case User Guide October 2012

19 Test Cases TC026 - Integration/capabilities Data Storage Reference Documentation Test To ensure the terminal correctly completes the payment transaction when the card supports Data Storage. As per below sub-cases No specific reference The card requests the tags '9F5C' and '9F40' in the PDOL. The card returns the Application Capabilities Information ' ' (DS version 1, field off request, CDA over AAC, Undefined SDS **). The card returns the DS ID. AIP byte 1 bit 2 is set ("On-device cardholder verification supported"). AIP byte 2 bit 8 is set ("EMV supported"). The card returns the DSDOL. The network simulator returns the response 00 (successful). Tests are run for Master and Maestro applications, when applicable: Case 1 [if the terminal does not support IDS]: the card only returns AIP and AFL in the GetPO response Case 2 [if the terminal supports IDS]: whatever the DS Requested Operator ID provided in the GetPO command, the card returns AIP, AFL and '9F5F 01 00' ("no slot available") in the GetPO response Case 3 [if the terminal supports IDS]: whatever the DS Requested Operator ID provided in the GetPO command, the card returns AIP, AFL, '9F5F 01 40' (volatile slot), '9F7F' (DS Unpredictable Number), '9F7D ' (DS Summary 1). When the GenAC command includes the DSDOL data then Summary2 and Summary3 are included in the SDAD. Summary2=Summary1. Summary3<>Summary2. The terminal shall approve the transaction. PayPass M-TIP Test Case User Guide October

20 Test Cases TC033 - Integration/CVM transactions below the CVM Required Limit Reference Documentation Test To ensure the PayPass terminal is able to perform PayPass transactions below or equal to the defined limit, when applicable. To ensure the PayPass terminal completes CVM processing when the amount is below or equal to the defined limit. Terminal has a CVM Required Limit greater than zero [PPReq2011]: Section holder Verification page 4-12 The transaction amount must be below the CVM Required Limit. Tests are run for Master and Maestro applications, when applicable. contains ( E03 1F03 ) in the CVM list. The terminal shall approve the PayPass transaction offline or online. The cardholder verification shall be successful: TVR byte 3 bit 8 = 0 CVM Result must indicate either or 5E0300 or 1F PayPass M-TIP Test Case User Guide October 2012

21 Test Cases TC034 - Integration/CVM ATM Reference Documentation Test To ensure the ATM correctly performs holder Verification. To ensure the Terminal Contactless Floor Limit is set to zero. Terminal is an ATM. [PPReq2011]: Section Automated Teller Machines, page 4-17 The transaction amount must be the smallest possible amount. The network simulator validates the ARQC and returns a successful response. Tests are run for Master and Maestro applications, when applicable: Case 1: card supports Signature and No CVM ( 5E03 1F03 ). Case 2: card supports Online PIN, Signature and No CVM ( E03 1F03 ). TVR byte 4 bit8 is set (floor limit exceeded). The terminal shall approve the transaction since the network simulator returns a successful response. Case 1: The cardholder verification shall fail: TVR byte 3 bit 8 = 1 CVM Result shall be 3F The terminal shall not prompt for PIN nor print a signature receipt. Case 2: The terminal shall request an ARQC. The terminal shall prompt for PIN. TVR byte 3 bit 3 = 1 (Online PIN entered) CVM result shall be PayPass M-TIP Test Case User Guide October

22 Test Cases TC037 Integration/Mobile Non-[PayPass3.0] terminal vs Mobile device Reference Documentation Test To ensure the terminal not supporting "On-device cardholder verification" correctly completes the transaction with a Mobile. Terminal does not support [PayPass3.0] or the "Kernel " indicates "Ondevice cardholder verification NOT supported" Integration test no specific reference The transaction amount must be below the Contactless Transaction Limit. AIP byte 1 bit 2 is set ("On-device cardholder verification supported"). AIP byte 2 bit 8 is not set ("EMV NOT supported"). The network simulator returns the response 00 (successful). Tests are run for Master and Maestro applications, when applicable: The terminal shall approve the transaction. TC038 - Integration/Mobile On-Device cardholder verification requested Reference Documentation Test To ensure the terminal correctly completes the transaction with a Mobile. Terminal supports [PayPass3.0] and On-Device cardholder verification No specific reference AIP byte 1 bit 2 is set ("On-device cardholder verification supported"). AIP byte 2 bit 8 is set ("EMV supported"). The network simulator returns the response 00 (successful). Tests are run for Master and Maestro applications, when applicable: - A first transaction is performed where the Mobile indicates that the Mobile PIN was successfully verified Case 1: amount is below the CVM Required Limit. Case 2: amount is above the CVM Required Limit. - A second transaction is performed where the Mobile indicates "PIN verification successful" In first transaction, the terminal shall display "Please see phone" (or equivalent). In second transaction, the terminal shall approve the transaction. Case 1: CVM results value must be '3F 00 02' Case 2: CVM results value must be ' ' 18 PayPass M-TIP Test Case User Guide October 2012

23 Test Cases TC041 - Integration/online message Gratuities / Tips Reference Documentation Test To ensure the PayPass terminal correctly manages the gratuities, when supported. Terminal supports gratuities [PPReq2011]: Gratuities page 4-5 The cardholder must enter a gratuity amount. The transaction amount plus the gratuity amount must be below the Contactless Transaction Limit. The network simulator validates the ARQC and returns a successful response. Tests are run for Master and Maestro applications, when applicable. The online authorization request must contain the sum of initial amount and gratuity in the 'Amount authorized' field (DE 55 subfield 9F02) and in DE-04. The 'Amount, other' field (DE 55 subfield 9F03) must contain zeroes or be absent. The transaction shall be approved. TC042 - Integration/online message Issuer response: successful Reference Documentation Test To ensure the PayPass terminal correctly manages the Issuer response 00 (successful). Terminal is online capable [MChip2011] Section Authorization Response Code page 3-34 The transaction amount must be below the Contactless Transaction Limit. The card returns an ARQC. The network simulator validates the ARQC and returns the responses 00 (successful). Tests are run for Master and Maestro applications, when applicable. DE 55 subfield 9F27 value in the network log shall be the same as returned by the card to the first GENERATE AC. The terminal shall approve the transaction upon reception of the network response. PayPass M-TIP Test Case User Guide October

24 Test Cases TC043 - Integration/online message Issuer response: unsuccessful Reference Documentation Test To ensure the PayPass terminal correctly manages the Issuer responses 51 (insufficient funds) and 57 (Transaction not permitted). Terminal is online capable [CustomerIntfce] Section DE 39 - Response Code The transaction amount must be below the Contactless Transaction Limit. The network simulator validates the ARQC and returns the responses below. Tests are run for Master and Maestro applications, when applicable: Case 1: network simulator response is 51 (insufficient funds) Case 2: network simulator response is 57 (Transaction not permitted) The terminal shall decline the transaction upon reception of the network response. PayPass terminals should prompt for a contact transaction ([PPReq2011] section Subsequent Contact Transactions page 4-15). TC045 - Integration/online message Issuer response contains script Reference Documentation Test To ensure the PayPass terminal does not process the ICC response data erroneously returned by the issuer. Terminal is online capable [PPReq2011]: Section Acquirer Network Requirements page 4-18 The transaction amount must be above the Floor Limit and below the Contactless Transaction Limit. is let on the terminal until the transaction is completed or the ticket is printed. The network simulator validates the ARQC and returns the following response: - DE 39 (Response code) = '00' (Approved) - DE 55 - PDS 91 (Issuer Authentication Data) is present - DE 55 - PDS 72 (Issuer Script Template 2) with one script identifier and 6 PIN Unblock commands followed by a PIN Change Unblock. Tests are run for Master and Maestro applications, when applicable. The terminal must not send any command to the card beyond the 1st Generate AC. The transaction must successfully complete. 20 PayPass M-TIP Test Case User Guide October 2012

25 Test Cases TC046 - Integration/online message Network mandatory data not in CDOL1 Reference Documentation Test To ensure the PayPass terminal transmits transaction mandatory data to the network even if it is not requested by the card in the CDOL1. Terminal is online capable [MChip2011] Section Contents of DE 55 page 3-30 The transaction amount must be below the Contactless Transaction Limit. The card does not request Terminal Country Code (tag 9F1A ), Transaction Date (tag 9A ), Transaction Type (tag 9C ) nor Transaction Currency Code (tag 5F2A ) in the CDOL1. The network simulator does not validate the ARQC and returns the response '00' (Approved). Tests are run for Master and Maestro applications, when applicable. The Terminal shall send to the network: Terminal Country Code (tag 9F1A ) Transaction Date (tag 9A ) Transaction Type (tag 9C ) Transaction Currency Code (tag 5F2A ) The Terminal shall approve the transaction. TC047 - Integration/online message PAN sequence number from chip Reference Documentation Test To ensure the PayPass terminal transmits the PAN sequence number coming from the chip and not from the Track2 equivalent data item. Terminal is online capable [MChip2011] Section Data in the Authorization Request Message page 3-30 The transaction amount must be below the Contactless Transaction Limit. The PAN sequence number value from the tag 5F34 is different from the one in the Track2 equivalent data item. The network simulator validates the ARQC and returns the response '00' (Approved). Tests are run for Master and Maestro applications, when applicable. The Terminal shall send the PAN sequence number value from the tag 5F34 to the network. The simulator must successfully validate the provided ARQC. The Terminal shall approve the transaction. PayPass M-TIP Test Case User Guide October

26 Test Cases TC048 - Integration/online message PAN sequence number not returned Reference Documentation Test To ensure the PayPass terminal does not transmit the PAN sequence number when it is not returned by the card. Terminal is online capable [MChip2011] Section Data in the Authorization Request Message page 3-30 The transaction amount must be below the Contactless Transaction Limit. The PAN sequence number is not returned by the card. The network simulator validates the ARQC and returns the response '00' (Approved). Tests are run for Master and Maestro applications, when applicable. The Terminal shall not send the PAN sequence number (DE 23) to the network. The Terminal shall approve the transaction. TC049 - Integration/online message Full Grade Reference Documentation Test To ensure that the PayPass terminal supports the Full Grade network messages. Terminal is online capable [PPReq2011]: Section Authorization Requirements p4-19 The transaction amount must be below the Contactless Transaction Limit. The network simulator validates the ARQC and returns the response '00' (Approved). Tests are run for Master and Maestro applications, when applicable. The terminal shall send a DE 55 message to the network. The terminal shall approve the transaction. 22 PayPass M-TIP Test Case User Guide October 2012

27 Test Cases TC050 - Integration/online message PayPass Values in Existing Authorization Fields Reference Documentation Test To ensure the PayPass terminal correctly manages the PayPass values in the existing authorization fields. Terminal is online capable [PPReq2011]: Section Authorization Requirements page 4-19 The transaction amount must be below the Contactless Transaction Limit. The network simulator validates the ARQC and returns the response 00 (successful). Tests are run for Master and Maestro applications as well as card and mobile device types, when applicable: Case 1: PayPass Mag Stripe transaction (Master application only) Case 2: PayPass M/Chip transaction, tag 5F34 is returned by card* Case 1: the network simulator shall receive the following: DE 22 SE 1 = 91 DE 61 SE 11 = 3 Case 2: the network simulator shall receive the following: DE 22 SE 1 = 07 DE 23 = 01 DE 55 shall be present DE 61 SE 11 = 3 The terminal shall approve the transaction. *: another specific test [TC048] exists where the card does not return the tag 5F34. PayPass M-TIP Test Case User Guide October

28 Test Cases TC051 - Integration/online message Online PIN Reference Documentation Test To ensure the PayPass terminal correctly manages the Online PIN verification, when supported. Terminal supports Online PIN [MChip2011] Section Data Requirements Network Data, page 4-36 The transaction amount must be above the CVM Required Limit and below the Contactless Transaction Limit. The AIP indicates that CVM is supported. Data returned by card is such as Online PIN is to be performed. The network simulator validates the ARQC (including PIN) and returns a successful response. Several tests are performed. In all cases the Online PIN entered is correct: Case 1: Online PIN is 4 digits long Case 2: Online PIN is 5 digits long Case 3: Online PIN is 6 digits long. The TVR byte 3 bit 3 must be set (Online PIN entered). The network simulator displays the correct PIN value: PIN Validation, PIN = xxxx where xxxx is the card PIN. The terminal shall approve the transaction. 24 PayPass M-TIP Test Case User Guide October 2012

29 Test Cases TC052 - Integration/online message Issuer response: wrong Online PIN Reference Documentation Test To ensure the PayPass terminal correctly manages the Issuer responses 55 (wrong PIN) and 75 (Allowable number of PIN tries exceeded). Terminal supports Online PIN [PPReq2011] section holder Verification page 4-13 The transaction amount must be above the CVM Required Limit and below the Contactless Transaction Limit. The network simulator validates the authorization and returns the responses below. Tests are run for Master application: Case 1: network response is 55 (wrong PIN) Case 2: network response is 75 (Allowable number of PIN tries exceeded) The TVR byte 3 bit 3 must be set (Online PIN entered). The terminal shall decline the transaction upon reception of the network response.* *: In case of a wrong PIN (case 1), one could expect the terminal to prompt the cardholder to enter the PIN again and then resend the authorization message with the second PIN. However some issuers will decline if they receive a second authorization with the same ATC (transaction counter) value, even if the second PIN is correct. Therefore the terminal shall decline the transaction in order to avoid such issues in the field. TC053 Integration/online message Track 2 Equivalent Data must be used in the authorization request Reference Documentation Test To ensure that a terminal transmits the Track2 Equivalent Data for a PayPass M/Chip transaction. Terminal is online capable [PPReq2011]: Section Track Data Consistency, page 4-9 The transaction amount must be above the CVM Required limit (if existing) and below the Contactless Transaction Limit. Tests are run for Master and Maestro applications, when applicable. Case 1: purchase with a card Case 2: purchase with a mobile Case 3: purchase with Cash Back The 0100 (or 0200) message shall contain a DE 35 populated with the content of the card Track2 Equivalent Data (both D and = are acceptable separators). PayPass M-TIP Test Case User Guide October

30 Test Cases TC054 - Integration/online message CVM Results in authorization message Reference Documentation Test To ensure the PayPass terminal correctly transmits the CVM Results in the authorization message containing DE 55 (effective 1 April 2017). The terminal is online capable [MChip2011]: "Contents of DE 55", page 3-31 Tests are run for Master and Maestro applications, when applicable: Case 1: the CDOL requests the CVM Results. device type. Case 2: the CDOL requests the CVM Results. Mobile device type. Case 3: the CDOL does not request the CVM Results The PayPass terminal must transmit the CVM Results (DE 55 - PDS 9F34) in the authorization message (effective 1 April 2017). TC055 Integration/online message Device Type data element in the authorization request Reference Documentation Test To ensure the terminal correctly transmits the Device Type data element in the authorization message, if supported. Always [PPReq2011]: Section Authorization Messages, page 4-19 The transaction amount must be below the Contactless Transaction Limit. Tests are run for Master and Maestro applications, PayPass M/Chip and PayPass Mag Stripe, when applicable. Case 1: the card returns a Third Party Data indicating a device type 'card' Case 2: [terminal does not support on-device cardholder verification] the card returns a Third Party Data indicating a device type 'mobile' Case 3: [terminal supports on-device cardholder verification] the card returns a Third Party Data indicating a device type 'mobile' Case 4: the card returns a Third Party Data indicating a device type 'tag' The 0100 (or 0200) message shall contain a DE 48s23 (effective 19 April 2013 in US region) populated with the correct device type value: Case 1: '00' (card) Cases 2 & 3: '01' (mobile) Case 4: '04' (tag) 26 PayPass M-TIP Test Case User Guide October 2012

31 Test Cases TC061 - Integration/ Contactless Transaction Limit Reference Documentation Test To ensure the PayPass terminal correctly implements the Contactless Transaction Limit. As per below sub-cases [PPReq2011]: Section Terminal Contactless Transaction Limit p4-6 The card returns only one AID in the PPSE. Tests are run for Master and Maestro applications, when applicable: Case 1a: [if the terminal allows the user to enter amounts equal to the Contactless Transaction Limit] amount is equal to the Contactless Transaction Limit (e.g.: ) Case 1b: [if the terminal supports On Device holder Verification and allows the user to enter amounts equal to the Contactless Transaction Limit (On Device CVM)] amount is equal to the Contactless Transaction Limit (On Device CVM) (e.g.: ) Case 2: [if the terminal supports [PayPass2.x] and allows to enter amounts greater than the Contactless Transaction Limit], the amount is one minor unit above the Contactless Transaction Limit (e.g.: ) Case 3a: [if the terminal supports [PayPass3.0] and allows to enter amounts greater than the Contactless Transaction Limit], the amount is one minor unit above the Contactless Transaction Limit (e.g.: ) Case 3b: [if the terminal supports On Device holder Verification and allows to enter amounts greater than the Contactless Transaction Limit (On Device CVM)] the amount is one minor unit above the Contactless Transaction Limit (On Device CVM) (e.g.: ) Cases 1a & 1b: the terminal shall approve the transaction. Case 2: the terminal shall not perform the transaction above the Contactless Transaction Limit. The terminal will either abort after the PPSE response or will not activate the PayPass reader*. Cases 3a & 3b: the terminal shall not perform the transaction above the Contactless Transaction Limit. The terminal shall abort after the last ReadRecord response. Case of amount below the Contactless Transaction Limit is implicitly tested in most of the scenarios. *: The [PayPass2.x] terminals will activate the reader and send the PPSE command if they support applications accepting amounts greater than the Contactless Transaction Limit being tested. PayPass M-TIP Test Case User Guide October

32 Test Cases TC062 Integration/ Terminal application version number for PayPass - M/Chip is 0002 Reference Documentation Test To ensure that a terminal has its application version number for PayPass - M/Chip set to Always applicable [PPReq2011]: Section Terminal Risk Management, page 4-14 The transaction amount must be below the Contactless Transaction Limit. Test is run for Master and Maestro applications, when applicable The card Application Version Number is set to 0002 ( 9F ) The terminal shall approve the transaction online or offline. TVR byte 2 bit 8 = 0 (ICC & terminal have same application versions) TC065 - Integration PIX extension Reference Documentation Test To ensure that the PayPass terminal correctly manages the extended AIDs. Always applicable [PPReq2011]: Section Application Selection page 4-10 The transaction amount must be below the Contactless Transaction Limit. The network simulator validates the authorization message and returns the response '00' (Approved). Tests are run for Master and Maestro applications, when applicable: Case 1: AID is extended with the following: D Case 2: AID is extended with the following: C The terminal shall select the extended AID and correctly continue the transaction. 28 PayPass M-TIP Test Case User Guide October 2012

33 Test Cases TC066 - Integration service code indicates a chip is present on card Reference Documentation Test To ensure that the PayPass terminal does not prompt for a contact transaction when the service code indicates a chip is present on the card. Always applicable [PPReq2011]: Section Service Codes page 4-9 The transaction amount must be below the Contactless Transaction Limit. The service code included in the Track2 indicates that a chip is present on the card. Tests are run for Master and Maestro applications, when applicable. The terminal shall approve the PayPass transaction. The terminal shall not prompt for a contact transaction. TC067 - Integration service code indicates Online PIN Reference Documentation Test To ensure that the PayPass terminal does not use the service code in order to require online authorization or Online PIN. Always applicable [PPReq2011]: Section Service Codes page 4-9 The transaction amount must be below the Contactless Transaction Limit. Tests are run for Master and Maestro applications, when applicable: CVM list does not include Online PIN. Case 1: Service Code contained in Track2 is 206 (Normal Authorization, PIN if pinpad present). Amount is below the CVM Required Limit. Case 2: Service Code contained in Track2 is 206 (Normal Authorization, PIN if pinpad present). Amount is above the CVM Required Limit. Case 3: Service Code in Track2 is 220 (Issuer Authorization, PIN if pinpad present) Case 4: Service Code contained in Track2 is 226 (Issuer Authorization, PIN required) Cases 1: the terminal shall not prompt for PIN. The terminal shall approve the PayPass transaction. Case 2 & 03 & 04: the terminal shall not prompt for PIN. The terminal shall approve the PayPass transaction offline. PayPass M-TIP Test Case User Guide October

34 Test Cases TC070 Integration Application Selection without cardholder assistance Reference Documentation Test To ensure the terminal always selects the highest priority application without cardholder assistance. As per below sub-cases [PPReq2011]: Section Application Selection, page 4-9 The transaction amount must be below the Contactless Transaction Limit. 1: The card exposes a PPSE returning the following 2 applications in this specific order: Maestro with priority 03 (tag '87' with value '03') Master with priority 02 (tag '87' with value '02') 2: The card exposes a PPSE returning the following 2 applications in this specific order: Master with priority 15 (tag '87' with value '0F') Maestro with priority 06 (tag '87' with value '06') Case 1: The terminal supports Master and the cardholder uses card 1. Case 2: The terminal supports Maestro and the cardholder uses card 2. Case 3: The terminal supports Master only and the cardholder uses card 2. Case 4: The terminal supports Maestro only and the cardholder uses card 1. In all cases below the terminal must automatically select the application mentioned and successfully complete the transaction. Case 1: The terminal selects the Master application. Case 2: The terminal selects the Maestro application. Case 3: The terminal selects the Master application. Case 4: The terminal selects the Maestro application. 30 PayPass M-TIP Test Case User Guide October 2012