implementing American Express EMV acceptance on a Terminal

Transcription

1 implementing American Express EMV acceptance on a Terminal EMV tools A MERICAN E XPRESS I ntegrated Circuit Card P ayment S pecification

2 The policies, procedures, and rules in this manual are subject to change from time to time by American Express. Copyright 2007 by American Express Travel Related Services Company, Inc. All rights reserved. No part of this document may be reproduced in any form or by any electronic or mechanical means, including information storage and retrieval systems, without the express prior written consent of American Express Travel Related Services Company, Inc. EMV is a trademark of EMVCo, LLC. PCI Security Standards Council is a trademark of PCI Security Standards Council, LLC. All other trademarks and brands are the property of their respective owners.

3 CONTENTS SECTION 1: INTRODUCTION Overview How to Use This Guide Reference Documents Requirement Notation SECTION 2: EMV SPECIFICATIONS Industry Specifications AEIPS: American Express Integrated Circuit Card Payment Specification SECTION 3: TERMINAL REQUIREMENTS Y EMV TRANSACTION STEP Introduction EMV Transaction Steps Step 1: Application Selection Step 2: Initiate Application Processing Step 3: Read Application Data Step 4: Offline Data Authentication Step 5: Processing Restrictions Step 6: Cardholder Verification Step 7: Terminal Risk Management Step 8: 1st Terminal Action Analysis Step 9: 1st Card Action Analysis Step 10: Online Transaction Processing Step 11: Issuer Authentication Step 12: 2nd Terminal Action Analysis Step 13: 2nd Card Action Analysis Step 14: Issuer Script Processing Step 15: Transaction Completion October

4 SECTION 4: SPECIAL TRANSACTION PROCESSING AEIPS Requirements During Technical Scenarios Fallback Premature Card Removal Referral Transactions Declined Transactions Stand-In Authorization Reversals AEIPS Requirements During Situational Scenarios Refunds Card Not Present Card Not Yet Present Transaction Amount Not Yet Known Card No Longer Present Card Re-Presented for Final Charge Adding a Gratuity AEIPS Requirements for Unattended Payment Terminal (UPT) Scenarios Cardholder Verification on UPTs Fallback on UPTs Online Capability with UPTs SECTION 5: AEIPS TERMINAL CERTIFICATION Introduction How to Perform AEIPS Terminal Certification AEIPS Terminal Certification Test Plan [AEIPS-TEST] Setting Up the Terminal Prior to AEIPS Terminal Certification Additional Parameters and Requirements for Stand-In Certification Mandatory Data for Diagnostics Connectivity Test October

5 5.5. Completing the AEIPS Test Plan Documentation TVR and TSI Setting Requirements Overview of AEIPS Terminal Certification Tests Mandatory Tests Tests That Are ased on the Terminal s Functionality Tests That Are Performed When There Are Communication Changes SECTION 6: MERCHANT EDUCATION Guidance for a Successful Training Program APPENDIX A: CAPK INFORMATION APPENDIX : DISPLAYALE MESSAGES APPENDIX C: GLOSSARY AND ACRONYMS October

6 SECTION 1: INTRODUCTION 1.1. Overview This guide is designed to assist you (the Terminal Vendor, Merchant, Reseller, or Third Party Processor) with implementing American Express EMV acceptance on a Terminal, using the American Express Integrated Circuit Card Payment Specification (AEIPS). This guide assumes that you have a basic understanding of EMV. y studying the guide and reference documents, you will gain a sound understanding of the requirements, policies, and procedures as well as configuration options which apply specifically to American Express. You will also find helpful hints, in the form of est Practices, to aid you in understanding how best to implement American Express EMV acceptance. INTRODUCTION This guide details only the American Express-specific requirements and configurable options for implementing EMV technology. Unless otherwise detailed within the document, process transactions as described within the EMVCo specifications. Additionally, this guide outlines only the globally-standard requirements for implementing AEIPS; there may be additional country-specific or Acquirer-specific requirements. To learn more details about EMV implementation, please contact your Acquirer or American Express Representative, or visit the EMVCo website ( How to Use This Guide While this guide is not a definitive technical specification, it will provide a roadmap to allow you a more thorough understanding of American Express EMV implementation. You will find additional support in the technical reference documents cited in 1.3. For your convenience, also included is a Glossary and Acronyms section at the end of this document that you can refer to as you encounter unfamiliar terms, acronyms, or phrases. Words that are defined in the glossary are capitalized when used in this guide Reference Documents All documents that are referred to within this guide are listed in Table 1. These documents will be referenced using the abbreviations provided. This is not an exhaustive list of available documents. Please contact your American Express Representative to learn about the additional reference documents that are available. Table 1: Reference Documents Abbreviation Full Document Name Source [AEIPS-TEST] AEIPS Test Plan v5.2, American Express Please contact your American Express Representative [AEIPS-TERM] AEIPS Terminal Specification (AEIPS 4.1), American Express Please contact your American Express Representative [AEIPS-CARD] AEIPS Chip Card Specification (AEIPS 4.1), American Express Please contact your American Express Representative [ISO-9564] anking Personal Identification Number (PIN) Management and Security October

7 Abbreviation Full Document Name Source [ISO-11568] anking Key Management (Retail) [ISO-11770] Information Technology Security Techniques Key Management [ISO-13492] anking Key Management Related Data Element (Retail) [ISO-15782] Certificate Management for Financial Services [ISO-15408] Information Technology Security Techniques Evaluation Criteria for IT Security [ISO-7813] Identification Cards Financial Transaction Cards INTRODUCTION 1.4. Requirement Notation Throughout this guide, attention is drawn to requirements within the text by using bold and italics on key words as follows: Mandatory requirements are highlighted through the use of the words must, shall, mandatory, or mandate(s). Optional recommendations are highlighted through the use of the words should, optional, or recommend(s). This guide seeks to highlight only requirements above and beyond those that are mandatory in the EMV specifications, as well as options that may be set by the Payment rands. October

8 SECTION 2: EMV SPECIFICATIONS 2.1. Industry Specifications For the purposes of this document, EMV is used to describe a set of Chip Card specifi cations administered by EMVCo. These specifi cations facilitate an interoperable framework in which Chip Card-based payment transactions can be processed globally. The EMV specifi cations allow Payment rands and Issuers the fl exibility to customize specifi c requirements with regards to security, risk management, and Cardholder Verifi cation, in order to best meet their own objectives. The EMV specifications apply to virtually every aspect of the Chip Card, including: physical characteristics; the electronic interface between the Chip Card and Terminal; determination of protocols for data communication between a Chip Card and a Terminal; and payment application features. EMV SPECIFICATIONS EMVCo details and manages Terminal type approval to ensure compliance with the specifications. The Payment rands set their own requirements for EMV implementation and define the testing processes to certify against these requirements. anking industry associations in certain countries may also set local requirements. These tend to be related to national rollouts in order to ensure there is a consistent approach in a country (e.g., by specifying common requirements for the usage of PIN) AEIPS: American Express Integrated Circuit Card Payment Specification The EMV specifications contain many implementation options that the Payment rands clarify within their individual specifications. To enable the most effective usage of EMV technology, American Express has produced AEIPS. We have divided AEIPS into two separate specifications: AEIPS Chip Card Specification [AEIPS-CARD], which defines the technical data elements and functionality when implementing EMV-compliant Chip Cards. AEIPS Terminal Specification [AEIPS-TERM], which outlines the Terminal functionality required to process American Express EMV transactions. EST PRACTICE: It is recommended that you read both the AEIPS Chip Card Specification and the AEIPS Terminal Specification to fully understand how to implement American Express EMV. As AEIPS is built on the EMVCo specifications, there are no technical differences between implementing EMV for American Express than for the other Payment rands. The only differences that exist are configuration options that American Express has specified based on the EMVCo specifications. Just as American Express has configuration differences from other Payment rands, similar configuration differences exist among other Payment rands as well. Therefore, you can easily implement American Express EMV as you implement other Payment rands. This affords you several benefits, including meeting the requirements of all the Payment rands at once, saving the effort of adding AEIPS after EMV migration is already underway, and ensuring the satisfaction of potential customers. October

9 SECTION 3: TERMINAL REQUIREMENTS Y EMV TRANSACTION STEP 3.1. Introduction This section examines each step of an EMV transaction. As shown in Figure 1, American Express is interoperable with the EMV specifications and also aligns very closely with the other Payment rands. There are only four steps within the EMV transaction process flow in which American Express has configuration differences from the industry. Figure 1: Process Flow for an EMV Transaction insert card 1 2 application selection initiate application processing Application Selection: The EMV specifications allow for both complete and partial Application Identifier selection, and each Payment rand has chosen which option to leverage. American Express requires the use of partial Application Identifier selection for all American Express Cards, so the Application Selection Indicator within the Terminal must be set appropriately. REQUIREMENTS Y TRANSACTION STEP 3 read application data 4 offline data authentication same as industry configuration differences 5 6 processing restrictions cardholder verification Terminal Risk Management: Of the several Terminal risk management checks allowed by the EMV specifications, American Express mandates that the Terminal perform Floor Limit checking and random transaction selection. The other checks can be optionally performed by the Terminal. 7 8 terminal risk management 1st terminal action analysis 1st Terminal Action Analysis: There are no technical differences for handling an American Express Card during this step. Like the other Payment rands, American Express has specific Terminal Action Code values that must be loaded into the Terminal. offline transaction unable to go online st card action analysis online transaction processing Online Transaction Processing: Like the other Payment rands, American Express has a unique message format, which may vary by country. Therefore, the Terminal, Third Party Processor, or Acquirer will need to ensure that they are able to place the EMV data elements into the appropriate format for each Payment rand. 11 issuer authentication 12 2nd terminal action analysis 13 2nd card action analysis 14 issuer script processing 15 transaction completion remove card October

10 3.2. EMV Transaction Steps Following is a high-level description of each EMV transaction step. For those steps where American Express has configuration differences, our requirements are noted and described in detail. In some steps, there are also additional requirements which cover operational functionality outside of the EMV specifications, e.g., PIN ypass. These additional requirements are also described in the appropriate steps. These symbols will help identify the steps that have changes exclusive to AEIPS: Indicates there is a configuration difference specific to AEIPS Indicates no customization beyond standard EMV specifications A general description of the step appears at the beginning of each section, set off in gray borders. Step 1: Application Selection American Express has configuration differences. When a Chip Card is inserted into a Terminal, the Terminal determines (and may have the option to display) a list of applications supported by both the Chip Card and Terminal. This is done by matching an Application Identifier (AID) loaded into the Terminal with a similar value loaded in the card. REQUIREMENTS Y TRANSACTION STEP Application Selection on AEIPS-compliant cards is performed according to the EMV specifications. American Express mandates that Terminals support and are enabled for partial name selection by setting the Application Selection Indicator. In partial name selection, the select command is issued with the partial American Express AID loaded in the Terminal, which is comprised of the American Express Registered Application Provider Identifier (RID), and the first byte of the Proprietary Application Identifier Extension (PIX). The American Express RID is: A , and the first byte of the PIX for an AEIPS-compliant payment application is 01. Therefore, the AID value held within the Terminal for use in partial name selection shall be A If a Chip Card is inserted into a Terminal and no matching applications can be found i.e., if the Terminal is EMV-enabled but not yet certified, or if it is EMV-enabled for other Payment rands but not yet for American Express the transaction must be processed using the magnetic stripe. You must not process the transaction as Fallback (see section Fallback for definition). To enable the transaction to be processed using the magnetic stripe, the Terminal must not perform extended service code checking, i.e., the Terminal should not prompt for card insertion when a service code that starts with a 2 or a 6 is detected. In this case, the POS data codes or similar indicators must indicate that the Terminal did not have chip capability, e.g., Position 1 (card input capability code) 5 (Integrated Circuit Card [ICC]). To support this, the Terminal must have the ability to set the POS data code based on the Payment rand. October

11 Step 2: Initiate Application Processing American Express has the same requirements as the EMV specifications. When an AEIPS application is selected, the Terminal requests that the Chip Card provide the location of the data to be used for the current transaction and list the functions supported. Step 3: Read Application Data American Express has the same requirements as the EMV specifications. The Terminal reads the necessary data from the locations provided by the Chip Card and uses the list of supported functions to determine which processing to perform. The information required to perform Offline data authentication is found within the data read from the Chip Card during this stage of the transaction. Step 4: Offline Data Authentication American Express has the same requirements as the EMV specifications. However, additional requirements that cover operational functionality outside of the EMV specifications are provided. Offline data authentication validates that the card being used in the transaction is the genuine card that was issued and that the card data has not been altered. There are different types of Offline data authentication. The most common are Static Data Authentication (SDA) and Dynamic Data Authentication (DDA). The Terminal determines whether it authenticates the Chip Card Offline, using either SDA or DDA, based upon the ability of the Chip Card and Terminal to support these methods. REQUIREMENTS Y TRANSACTION STEP American Express mandates that Terminals support SDA and DDA; however, support of Combined DDA/Application Cryptogram (AC) generation (CDA) is optional. Certification Authority Public Keys (CAPKs) are required to support Offline data authentication. The lack of the correct CAPKs will lead to Offline data authentication failures and potential transaction declines. Terminals must be capable of storing up to six CAPKs for each Payment rand. Full detail of CAPK expiration dates, required Terminal load dates, earliest Issuer usage dates, and required key removal dates are detailed in Table 2. Table 2: CAPK Management Lifecycle CAPK Expiration Date Length Required Date for Acquirers to Load Earliest Date for Issuers to Use Required Removal Date at Terminals December December January June December December March June December 2017 or later December 2017 or later 31 December January 2007 six months after expiration 31 December January 2007 six months after expiration October

12 EST PRACTICE: American Express, in line with other Payment rands, reviews the CAPK lifecycle on an annual basis. Therefore, the expiration dates stated in Table 2 may change. American Express recommends that Terminals do not store the expiration date, unless it can be easily updated. American Express CAPKs are ed to Terminal Vendors when they contact American Express to start AEIPS Terminal certification. American Express CAPKs are distributed in a fixed format. oth the CAPKs and the fixed format are detailed in Appendix A. Step 5: Processing Restrictions American Express has the same requirements as the EMV specifications. The Terminal performs a number of checks to determine whether or not to allow the transaction, or whether any product-specific geographical (e.g., domestic use only) or service-type restrictions (e.g., cannot be used for cash withdrawal) apply. Step 6: Cardholder Verification American Express has the same requirements as the EMV specifications. However, additional requirements that cover functionality outside of the EMV specifications are provided. REQUIREMENTS Y TRANSACTION STEP Cardholder Verification is used to determine whether the Cardmember is legitimate and whether or not the Chip Card has been lost or stolen. In a typical retail environment, the following Cardholder Verification Methods (CVMs) are supported by the Terminal: Offline enciphered PIN Offline plaintext PIN Signature No CVM required The actual CVM supported on an AEIPS-compliant Chip Card or Terminal will depend on the implementation of EMV within the country. PIN Requirements. The use of PIN either plaintext or enciphered with EMV introduces some new technical and operational requirements. The sections below detail the American Express requirements in relation to PIN. American Express mandates that the Terminal be capable of supporting both plaintext and enciphered PIN. The Terminal shall display the transaction amount (or an accurate estimate) to the Cardmember before PIN entry. PIN Pads should be designed to take into account the requirements of all Cardmembers (e.g., a raised dot on the 5-key to assist partially-sighted Cardmembers, etc.). October

13 PIN Pads should be placed in locations that can accommodate the requirements of all Cardmembers (e.g., to enable PIN entry from a seated position for wheelchair-bound customers). Also, the Cardmember should be able to see his or her card at all times. If a PIN Pad is present, it must comply with EMV, Payment Card Industry Data Security Standard (PCI DSS) PIN Entry Device (PED), and local country requirements. American Express has no minimum requirements for PIN Pads beyond those of EMV, PCI PED, and the local country payment authorities or regulatory bodies. PIN Input Errors. When the Cardmember encounters problems entering his or her PIN, prompts are necessary to guide the Merchant and Cardmember. AEIPS-Specific Requirements for PIN Input Errors When a card is presented to a Terminal and the PIN try counter = 1 i.e., there is one PIN attempt remaining then the Terminal should produce a suitable prompt to inform both the Merchant and the Cardmember of this situation. (For Terminal display messages, see Appendix.) If the PIN try counter = 0, the Terminal shall continue the transaction, having set the applicable bits in the Terminal Verification Results (TVR), indicating that the PIN try counter has been exceeded. PIN ypass. PIN ypass is an option to aid the customer experience during the implementation of PIN. It can be leveraged when the Cardmember cannot remember his or her PIN or may temporarily be unable to enter the PIN. In this case, the Merchant may have the option to bypass PIN entry and enable the chip and Terminal to process the next CVM, which is likely to be signature. REQUIREMENTS Y TRANSACTION STEP PIN ypass shall be able to be performed only if all of the following requirements are met: the Terminal is attended; the Terminal is configured to provide PIN ypass; the Merchant and Acquirer agree to support it; and the Chip Card s CVM list allows another CVM to be performed, and the Terminal can support this CVM. When PIN ypass is used, the TVR shall record that PIN was required, PIN Pad present and working, but PIN not entered (yte 3 it 4). EST PRACTICE: American Express recommends making PIN ypass functionality a confi gurable option within the Terminal so that the functionality can be disabled when appropriate, e.g., when a country has reached PIN maturity. Important Note: PIN ypass reduces both the fraud mitigation and operational benefits of using PIN, and therefore is functionality that should only be used during the transition to PIN as the standard CVM. It is also important to note that Issuers will be likely to decline PIN ypass transactions as they appear more risky than PIN-based transactions. October

14 Step 7: Terminal Risk Management American Express has configuration differences. During Terminal risk management, a series of checks based on information provided by the card and the Acquirer are performed. The EMV specifications detail several checks that can be performed as part of Terminal risk management. American Express mandates that Floor Limit checking and random transaction selection be performed; all other checks are optional based on the Terminal s confi guration. The results of these checks are stored by the Terminal for later use in the TVR. Step 8: 1st Terminal Action Analysis American Express has configuration differences. 1st Terminal action analysis compares the results of Offline data authentication, processing restrictions, Cardholder Verification, and Terminal risk management to rules set by the Issuer and American Express. This process determines whether the Terminal requests that the transaction is approved Offline, sent Online for authorization, or declined Offline. REQUIREMENTS Y TRANSACTION STEP The Issuer rules are stored in the Chip Card in fields called Issuer Action Codes (IACs); the American Express rules reside in the Terminal as the Terminal Action Codes (TACs). The Terminal compares the TVR values stored during Offline processing with the IACs and TACs to determine whether any of the transaction conditions in the TVR indicate the Terminal will request that the transaction be declined or sent Online. If this is not the case, then the Terminal will request that the transaction be approved Offline by the Chip Card. After determining whether to request the transaction be approved, declined, or sent Online to the Acquirer, the Terminal requests a Cryptogram from the Chip Card. The type of Cryptogram requested depends on whether the Terminal requires a Transaction Certificate (TC) for an approval, an Authorization Request Cryptogram (ARQC) for a request to go Online, or an Application Authentication Cryptogram (AAC) for a decline. Like the other Payment rands, American Express has specific TAC values that must be loaded into Terminals. The TAC values for American Express are detailed in the table below: Table 3: American Express TAC values Default C Online C Denial Step 9: 1st Card Action Analysis American Express has the same requirements as the EMV specifications. Upon receiving the request from the Terminal, the Chip Card performs the 1st card action analysis. Here, risk management checks are performed by the Chip Card to determine the appropriate response to the Terminal s request. The Chip Card may overrule the Terminal s request. For example, the Chip Card could receive a request from the Terminal for an Offline approval, but the Chip Card may return a Cryptogram indicating that either October

15 an Online transaction or an Offline decline is required. This is dictated by the Chip Card s risk management parameters (as set by the Issuer). The results of this analysis are stored for later use by the Chip Card in the Card Verification Results (CVR). Step 10: Online Transaction Processing American Express has configuration differences. If the Chip Card or Terminal determines that the transaction requires an Online authorization (and if the Terminal has Online capability), the Terminal transmits an Online authorization message to the Acquirer. If the Chip Card or Terminal determines that the transaction requires Offline authorization, the Terminal will proceed with transaction completion (see Step 15). If the transaction is required to be sent Online, but the Terminal is unable to send it Online due to technical reasons, the Terminal will proceed to 2nd Terminal action analysis (see Step 12). The message sent to the Acquirer includes the Cryptogram (e.g., ARQC) generated by the Chip Card, the data used to generate the Cryptogram, and indicators showing Offline processing results, including the TVR and CVR. If the Issuer has successfully validated the Cryptogram provided by the Chip Card, Issuer Authentication Data (IAD) will be included in the authorization response message. This data includes an Issuer-generated Cryptogram called an Authorization Response Cryptogram (ARPC) and an Authorization Response Code (ARC) that details the Issuer s decision regarding the transaction. The response may also include updates for the Chip Card, called Issuer Scripts (see Step 14: Issuer Script Processing). REQUIREMENTS Y TRANSACTION STEP If a Terminal receives an authorization response that contains valid information regarding the transaction result, but does not contain the required chip data to perform Issuer Authentication, this is known as a downgraded transaction (see Step 12: 2nd Terminal Action Analysis). October

16 Like the other Payment rands, American Express has a unique message format, which may vary by country. The following table illustrates the mandatory and optional data elements for American Express. Table 4: Mandatory and Optional Data Elements Mandatory Data Elements: AUTHORIZATION REQUEST MESSAGE Terminal Capabilities Indicator Card Input Method Indicator Amount, Authorized (Authorization) / Final Transaction Amount (Settlement) Amount, Other Application Interchange Profile Primary Account Number (PAN) PAN Sequence Number Application Transaction Counter ARQC Issuer Application Data Terminal Country Code TVR Transaction Currency Code Transaction Date Transaction Type Unpredictable Number AUTHORIZATION RESPONSE MESSAGE IAD (this includes the ARPC and the ARC) Issuer Script Data Optional Additional Data Elements: AUTHORIZATION REQUEST MESSAGE Fallback Indicator Application Identifier (Terminal) Application Version Number (Terminal) Cryptogram Information Data CVM Results IACs: Denial, Online, & Default REQUIREMENTS Y TRANSACTION STEP Step 11: Issuer Authentication American Express has the same requirements as the EMV specifications. If the authorization response contains an ARPC, it is mandatory for the Chip Card to perform Issuer authentication by validating the response Cryptogram. Upon receiving an authorization response containing an ARPC, the Terminal submits the ARPC to the Chip Card, using the external authenticate command. This verifies that the response came from the genuine Issuer. It also prevents criminals from circumventing the Chip Card s security features by simulating Online processing and fraudulently approving a transaction. October

17 Step 12: 2nd Terminal Action Analysis American Express has the same requirements as the EMV specifications. There are three distinct scenarios that a Terminal could face at this point in a transaction: EMV data received in the authorization response: When the Issuer has successfully authenticated the card and returned the IAD, then the Terminal can use either the ARC in the IAD or the authorization response message to determine whether to request that the Chip Card approve or decline the transaction. No EMV data received in the authorization response: When the Terminal does not receive any IAD in the response message, then it determines whether to request that the Chip Card approve or decline the transaction. This is determined by using the result of the transaction as indicated in the response message from the Acquirer. The Terminal must then populate the ARC (EMV tag 8A ) to be returned to the Chip Card from the Terminal in the 2nd generate AC command, as follows: 00 for an approval result (i.e., in ASCII 3030 ) 02 for a referral result (i.e., in ASCII 3032 ) 05 for a decline (i.e., in ASCII 3035 ) Terminal was unable to go Online: When the Terminal is unable to go Online, the Terminal determines whether or not to request Offline approval or an Offline decline from the Chip Card, depending on the TAC (default) residing in the Terminal and the IAC (default) read from the Chip Card. REQUIREMENTS Y TRANSACTION STEP Step 13: 2nd Card Action Analysis American Express has the same requirements as the EMV specifications. Following the completion of 2nd Terminal action analysis, the Terminal will ask the Chip Card to either approve or decline the transaction. The Chip Card then performs its own action analysis and makes the final decision as to whether or not the transaction is approved or declined. The Chip Card may decline an Issuer-approved transaction based upon the Issuer authentication results and Issuer encoded parameters in the Chip Card. The Chip Card generates a Cryptogram of type TC for approved transactions and of type AAC for declined transactions. Step 14: Issuer Script Processing American Express has the same requirements as the EMV specifications. However, additional requirements that cover operational functionality outside of the EMV specifications are provided. Within EMV, the Issuer has the ability to send updates to the Chip Card via scripts sent in the authorization response message. An Issuer Script is a collection of card commands constructed and sent by the Issuer for the purpose of updating and managing Chip Cards. Detailed below are American Express requirements for Issuer Script processing: The Terminal shall process the script, whether the transaction was approved or declined. The Terminal passes commands defined in the script to the Chip Card, either before or after it has returned the final AC, depending on the type of script sent. October

18 The Terminal shall process Issuer Scripts with the Chip Card, irrespective of whether Issuer authentication is successful or the transaction is approved or declined. The Terminal shall not display any message to the Merchant indicating either the end of the transaction or card removal until the Chip Card has processed the script. In any authorization response, the Issuer can send multiple scripts. These scripts may contain multiple commands, which shall be processed in the order that they appear within the script. If the card responds to a command with an Issuer Script indicating success or a warning, then the Terminal must continue to process the remaining commands. If the card responds with an error, then the Terminal must terminate processing of any remaining commands. Terminals shall support the processing of Issuer Scripts during this step of the transaction, as well as in Step 13 before the 2nd generate AC command (i.e., support tags 72 and 71 ). The following is an example of a trace of an Issuer Script with multiple commands. Trace Data 72459F FEF34F007CE770DC 61DA847F1E DA8E E031F AC7F4DF1D624A0E Table 5: Data Elements in the Issuer Script Data Element Description 72 Script tag 45H (69D) Length 9F18 Tag 04H (4D) Tag length Script ID 86 Command tag 15H (21D) Length 8424 PIN change command 0002 P1 P2 10H (16D) Length FEF34F007CE770 Data DC61DA847F1E59 MAC 86 Command tag 25H (37D) Length 04DA Put data command 8E00 CVM list update 20H (32D) Length E031F Data AC7F4DF1D624A0ED MAC H = Hexidecimal D = Decimal representation of the hexidecimal value REQUIREMENTS Y TRANSACTION STEP October

19 The following is an example of a trace of an Issuer Script with a single command. Trace Data 72179F E04DA9F580900C E Table 6: Data Elements in the Issuer Script Data Element Description 72 Script tag 17H (23D) Length 9F18 Tag 04H (4D) Tag length Script ID 86 Command tag 0EH (14D) Length 04DA Put data command 9F58 CVM list update 09H (9D) Length 00 Data C E MAC H = Hexidecimal D = Decimal representation of the hexidecimal value REQUIREMENTS Y TRANSACTION STEP Step 15: Transaction Completion American Express has the same requirements as the EMV specifications. However, additional requirements that cover operational functionality outside of the EMV specifications are provided. The Terminal performs final processing to complete the transaction. It is also at this point in the transaction that, if the signature has been determined as the CVM, the receipt is printed and the Cardmember is asked to sign it. October

20 AEIPS Receipt Requirements. Certain format and data requirements must be met with regards to transaction receipts. These are outlined in the following tables and accompanying text. Key to contents in Table 7, column titled M/P/O/C M: Mandatory (always needed), P: Preferred (best practice), O: Optional (can be present), or C: Conditional (dependent on the situation) Table 7: Receipt Data Table Field Description M/P/O/C Merchant Number M* Merchant Name M* Merchant Address M* Transaction Type e.g., Sale, Refund M* PAN M* 1 Expiration Date of Card (MMYY) M* Transaction Data Source e.g., Swiped, Manual Entry, Chip M* Date of Transaction M* Terminal Number (Terminal ID) M* Transaction Number M* Transaction Response e.g., Authorization Code M* Amount of Transaction (Including Currency Symbol) M* Request for Signature (Not Required for PIN Transaction) C Space for Signature (Not Required for PIN Transaction) C Declaration e.g., Please Debit My Account M Retention Reminder M PIN Statement (Only required for PIN) e.g., PIN Verified, PIN Locked C AID M Gratuity Amount O Diagnostic Message P Start Date of Card (MMYY) P Time of Transaction P REQUIREMENTS Y TRANSACTION STEP Application Preferred Name C 2 Payment rand Name/Application Label M Card Type O Cardmember Name O 3 Courtesy Message O Tax Registration Number O Receipt Number (Not Transaction Number) O Goods Amount O Goods Description O October

21 Field Description Tax Rate Exception File Version Number Terminal Software Version Number Cryptogram Type/Value *Indicates data elements that must be stored electronically during a PIN transaction M/P/O/C O O O P Notes on Table 7 1. The PAN on the Cardmember s receipt must be masked per PCI DSS and local legal requirements. 2. Where the application preferred name is present and the Terminal supports the relevant Issuer code table index, then this data element is mandatory. 3. The Cardmember name, if printed, should be printed according to [ISO-7813]. The Cardmember name is received from the chip for an EMV transaction, or from track 1 for a magnetic stripe transaction. REQUIREMENTS Y TRANSACTION STEP EST PRACTICE: Printing of a receipt should begin as soon as possible, so as to overlap with the transaction process. Doing so will minimize the time that the Merchant and Cardmember spend waiting. AEIPS Receipt Layout Requirements. The only mandatory requirement pertaining to the layout of text on a receipt is that the signature and amount are adjacent to one another. Every effort should also be made to ensure that other information is presented logically and clearly (e.g., place date and time adjacent to each other as well as the masked card number and expiration date, etc.). October

22 The receipt layout shown in Figure 2 highlights the additional requirements for a Terminal processing American Express Chip Cards. The red text indicates layout requirements specific to EMV. Figure 2: Receipt Layout Reqirements Receipt Layout Receipt Data LOGO(S) WHERE APPLICALE RETAIL STORE 154 EDWARD STREET RIGHTON N2 2LP Merchant Name Merchant Address MERCHANT ID: TERMINAL ID: ATCH# 0001 ROC# 125 XXXXXXXXXXX1003 (C) AMERICAN EXPRESS EXPIRES 05/12 Merchant Number Terminal Number (Terminal ID) Transaction Number Masked PAN and Transaction Data Source: (S) Swiped (M) Manual Entry or (C) Chip. Card Type and Expiration Date REQUIREMENTS Y TRANSACTION STEP AMEX GOLD A OCT 19, 07 15:33 SALE RRN: ITEM NAME / DESCRIPTION (OPTIONAL) ITEM NAME / DESCRIPTION (OPTIONAL) USER ID: 9999 (OPTIONAL) ASE TIP TOTAL PIN VERIFIED X E SMITH TC A2E51245C4D7E551 AUTHORIZATION CODE: I AGREE TO PAY THE AOVE TOTAL AMOUNT ACCORDING TO THE CARD ISSUER AGREEMENT. MERCHANT COPY Application Label, or Application Preferred Name Card Application Identifier (AID) Time and Date of Transaction Transaction Type Receipt Number Amount of Transaction (Including Currency Symbol) Gratuity Amount PIN Statement or Space for Signature and Request for Signature Cardmember Name Cryptogram Type and Value Transaction Response e.g., Authorization Code Declaration October

23 SECTION 4: SPECIAL TRANSACTION PROCESSING Despite EMV s significant impact on Terminal hardware and software, the processes involved in handling a standard Cardmember transaction are very similar for magnetic stripe and EMV. However, there are some transactions that occur during unique scenarios that, with the introduction of EMV, and especially PIN, require special consideration. This section details American Express requirements in such circumstances Technical Scenarios 4.2. Situational Scenarios 4.3. Unattended Payment Terminal Scenarios Fallback Refunds Cardholder Verification on UPTs Premature Card Removal Card Not Present Fallback on UPTs Referral Transactions Card Not Yet Present Online Capability with UPTs Declined Transactions Transaction Amount Not Yet Known Stand-In Authorization Card No Longer Present Reversals Card Re-Presented For Final Charge Adding a Gratuity 4.1. AEIPS Requirements During Technical Scenarios Fallback When an American Express certified Terminal successfully performs application selection but cannot complete the EMV transaction due to technical reasons, the Terminal is allowed to process the transaction by using a less secure method (e.g., magnetic stripe); this is known as Fallback. The Terminal is allowed to use Fallback as long as the technical error occurs before the card responds to the 1st generate AC command. If the error occurs after this step, the transaction must be declined and Fallback is not allowed. Additionally, before Fallback is allowed, multiple attempts to use the chip must be performed (i.e., a first attempt and retries). American Express recommends that in the event of a chip read failure, a Terminal make two further attempts to read the chip before processing the transaction as Fallback. SPECIAL TRANSACTION PROCESSING The Terminal should respond to the first and second unsuccessful attempts by displaying a meaningful message (e.g., INSERT AGAIN ). After the final unsuccessful attempt, the Terminal shall prompt the Merchant to revert to reading the magnetic stripe as the Fallback option (e.g., PLEASE SWIPE ). If the transaction falls back from EMV technology, the standard checks performed on any magnetic stripe card must be performed. Fallback shall not take place if: the card is blocked; all applications present are blocked; the EMV transaction has already been declined; or the transaction occurs at an Unattended Payment Terminal (UPT). October

24 Identifying Fallback. The Terminal to Acquirer interface shall include an indicator to explicitly identify Fallback transactions. There are two ways in which Fallback transactions can be indicated to American Express: Option 1: Fallback Indicator E.g., POS data code position 7 (card data input mode code) = 9 (Fallback) Option 2: Derived Indicator (Leveraging POS Data Codes) Position 1 (card input capability code) = 5 (ICC) Position 6 (card present code) = 1 (card present) Position 7 (card data input mode code) 5 (ICC). Some examples of possible values include: 2 (magnetic stripe read) 6 (key entered) S (keyed Four-Digit Card Security Code [4CSC] or Four-Digit atch Code [4DC]) EST PRACTICE: American Express recommends that you apply Option 1, as it more accurately identifies Fallback transactions. Floor Limits. American Express mandates a zero Floor Limit for all Fallback transactions, meaning all Fallback transactions must be sent Online for authorization. PAN Key Entry. If the transaction cannot be completed by the chip or magnetic stripe, the transaction may be completed with PAN key entry, subject to agreement with the local Acquirer Premature Card Removal In an EMV transaction, the card must remain in the Terminal for the duration of the transaction; if the Cardmember or Merchant removes the card before the Terminal has reached transaction completion, the Terminal shall cancel the transaction. SPECIAL TRANSACTION PROCESSING If an authorization has taken place, the Terminal shall send a reversal message if the Acquirer and Terminal support reversals. If it is not possible to send a reversal message, then the Terminal shall cancel the transaction, and no settlement data will be sent Referral Transactions As in the current magnetic stripe environment, the Issuer may respond to an authorization request with a referral. Not all Terminals support referrals, in which case the Terminal shall treat a referral response as a decline response. In these circumstances, American Express has the following requirements: The card shall be removed from the Terminal and retained by the Merchant for use during the referral process, as information may be required during the referral call that is not on the Terminal receipt (for example, 4CSC on the front of the card). However, the Terminal must complete the transaction with the card before displaying any message that indicates the removal of the card. October

25 There are two options for how a Terminal can do this: Option 1: The transaction is completed by the Terminal and the chip as though it had been declined (i.e., the Terminal requests an AAC). The Terminal must retain the transaction data until the status of the transaction has been determined. If the transaction is subsequently approved, the Terminal must allow the Merchant to enter the approval code during transaction completion. The approval code must then be included in the submission, along with the ARQC that was generated by the card prior to Online authorization. If the transaction is subsequently declined, the transaction must be declined within the Terminal, with no further card processing. Option 2: The transaction is completed by the Terminal and the chip as though it had been authorized (i.e., the Terminal requests a TC). The Terminal must retain the transaction data until the status of the transaction has been determined. If the transaction is subsequently approved, the Terminal must allow the Merchant to enter the approval code during transaction completion. The approval code must then be included in the submission, along with the TC that was generated by the card. If the transaction is subsequently declined, the transaction must be declined within the Terminal, with no further card processing. EST PRACTICE: American Express recommends that you apply Option 1, as it is more technically correct. At the point of referral, the transaction has not actually been approved. SPECIAL TRANSACTION PROCESSING Declined Transactions In normal circumstances, when an Issuer declines a transaction, the Terminal still performs 2nd Terminal and card action analysis. When the transaction is declined, the Merchant is made aware of this on the Terminal display. In cases where a transaction is declined by the card, Terminal, or Issuer, it shall not be reprocessed using alternative data entry (i.e., magnetic stripe or PAN key entry). Decline and Retain. In exceptional circumstances, the Merchant may be requested (through a response code) to retain the card, which is referred to as decline and retain (also known as decline and pickup ). This code will normally be sent in conjunction with an Issuer Script, which prevents the Chip Card from carrying out further EMV transactions. The retained card message shall not be displayed to the Merchant until the chip has processed the script Stand-In Authorization When the Chip Card and Terminal have determined that a transaction needs to be sent Online, and the American Express Acquirer cannot be contacted due to technical reasons, the IAC and TAC default values are checked to determine whether or not the transaction is to be approved or declined. The Merchant has no October

26 control over this process; however, in the magnetic stripe environment, a Merchant could decide to accept a similar transaction at his or her own risk (subject to Merchant contract). This is called Stand-In authorization. American Express has developed a process that would allow those Merchants who currently perform Stand- In authorization to continue to perform it in the EMV environment. In the event that the American Express Acquirer cannot be contacted, and the Merchant wishes to allow Stand-In authorization, there are three steps that a Terminal must perform: Step 1: Stand-In Eligibility Check. The Terminal shall contain a list of all partial or full AIDs for which it supports Stand-In. The Terminal will compare the AID on the card to the AIDs stored within this list. If a match is found, then the card is eligible for Stand-In. If the Terminal belongs to a Merchant or Acquirer who wishes to support Stand-In authorization for American Express, then the Terminal must hold an indicator to show that Stand-In authorization is allowed for all valid American Express payment applications. If the Terminal identifies an application that is eligible for Stand-In authorization, it must perform Stand-In authorization as described in steps 2 and 3. In the event that the result of the eligibility check indicates that Stand-In processing is not to be performed, then transaction processing continues using the TAC and IAC default values. Step 2: Stand-In Action Code (SAC). A Terminal supporting Stand-In authorization shall hold a dedicated SAC specifically for the purpose of processing Stand-In authorization (one SAC per supported AID). In order to process Stand-In authorization, the Terminal shall check the TVR against the SAC for that AID; and if any of the corresponding TVR bits are set, then the Terminal must request that the Transaction be declined. The following table provides the default settings of American Express SAC. Table 8: Default Settings for American Express SAC* yte it Value 1 8 Offline Data Authentication not Performed 1 7 Offline SDA Failed 1 6 ICC Data Missing 1 5 Card Appears on Terminal Exception File 1 4 Offline DDA Failed 2 7 Expired Application 2 5 Requested Service not Allowed for Card Product 3 8 Cardholder Verification was not Successful 3 6 Offline PIN Try Limit Exceeded 3 4 Offline PIN Required, PIN Pad Present but PIN not Entered 4 6 Upper Consecutive Offline Limit Exceeded SPECIAL TRANSACTION PROCESSING *This table corresponds to an SAC hexadecimal value of F8 50 A October

27 Step 3: Amount Check. The final check a Terminal performs as part of Stand-In authorization is against the transaction amount, referred to as an amount check. The Terminal shall hold a dedicated (non-zero) Stand- In Floor Limit for use in the Stand-In authorization process. For a transaction to be approved using Stand-In authorization, the transaction amount must be below this Stand-In Floor Limit. If the transaction value exceeds the Stand-In Floor Limit, then the transaction must be referred. Other Stand-In Requirements. The other requirements that American Express has for the Stand-In process are detailed below. a. Additional Validation at Terminal During Transaction Acceptance The requirements defined above do not replace the standard validation that must occur as part of the Stand-In process; this includes Stand-In Floor Limits. b. Terminal Displays to Cardmembers Messages displayed by Terminals to Cardmembers and Merchants shall be no different from those used when the system is able to conduct Online authorization with the Acquirer. In a small number of cases, a supervisor approval or voice authorization may be required, but this will usually be for high-value transactions where such intervention is likely to be considered normal. c. Approval Codes When possible, the Terminal should generate a random, downtime approval code for display at the Terminal and for printing on receipts. This pseudo-approval code must not be incorporated with the submission data for the transaction for which it was created Reversals Reversals are used to undo or reverse transactions that have been performed in error (e.g., the transaction has already been sent for authorization when the Merchant or the Cardmember notices that the amount of the transaction is incorrect). Terminals need to send reversal messages only if the transaction is aborted at a point after which communication has begun with the Acquirer. SPECIAL TRANSACTION PROCESSING Depending on the particular reversal message protocols used, the reversal message may or may not contain EMV data, as EMV data is optional in reversal messages. If EMV data is present in the reversal message, then it shall be a copy of the EMV data presented in the corresponding authorization message that is being reversed. The Terminal should not initiate any new communication with the chip in order to process a reversal. In all cases, the Terminal shall void the transaction and produce a receipt for the Cardmember, showing that the original transaction has been voided. October

28 Implementing American Express EMV Acceptance on a Terminal 4.2. AEIPS Requirements During Situational Scenarios Table 9: Examples of Situational Scenarios Scenario Example Refunds $ $$ Refund of a sale Card Not Present Mail orders and telephone orders Deposits taken on telephone bookings for hotels or vehicle rentals Card Not Yet Present Hotel bookings Vehicle rentals Transaction Amount Not Yet Known CHECK-IN Gasoline pump Opening a bar tab Hotel check-in Rental vehicle pick-up Card No Longer Present EXPRESS Hotel express checkout Vehicle rental returns Card Re-Presented for Final Charge Adding a Gratuity Refunds $ $$ CHECKOUT Face-to-face hotel checkout Face-to-face vehicle return to same rental site Hair salon/barber Restaurant sales Refund transactions are less at risk for fraudulent activity than regular transactions. Therefore, American Express has fewer restrictions on refund processing. Refunds can be processed using the chip, the magnetic stripe, or by manually entering the PAN into the Terminal. SPECIAL TRANSACTION PROCESSING If you choose to use the chip, it is not necessary to perform all of the steps that are possible in an EMV transaction. There are two ways in which a refund can be processed using EMV; in either option the Terminal must not indicate that the transaction has completed after the Cryptogram is returned in response to the 2nd generate AC command: Option 1: Full EMV Transaction. If you choose to perform a full EMV transaction, American Express recommends that the Terminal request that the card approve the transaction Offline (i.e., requests a TC). However, refunds can be processed Online if necessary (i.e., with an ARQC). If for any reason the card declines the refund, then the AAC should be discarded and the ARQC submitted for the refund. The Terminal should treat the transaction as though it has been approved. Option 2: Track 2 Data. If you choose not to perform a full EMV transaction, the Terminal must read the track 2 data off the chip and use it to process the refund transaction. In constructing the refund transaction, either use track 2 component parts or extract the components from the track 2 image, but do not use the track 2 image itself, as the 4CSC on the magnetic stripe and in the chip are not required to be the same. Also, there is a PCI DSS requirement that the entire contents of the track 2 data shall not be stored after a transaction October

29 Implementing American Express EMV Acceptance on a Terminal hascompleted. Having your Terminals extract the application PAN and expiration date from the chip (rather than using all the track 2 data) helps ensure the PCI DSS requirement is met. EST PRACTICE: American Express recommends that the Terminal perform refunds using Option 2. American Express recommends that Terminal risk management and Online authorization not be performed for refund transactions Card Not Present Some transactions may need to be authorized and settled without the Merchant ever having access to the Chip Card to take advantage of its security features. As such, there are no requirements on card not present transactions, and Merchants should process such transactions using existing processes. EST PRACTICE: When processing card not present transactions, Merchants should ensure that they are using the existing security features available to them, such as address verification and the 4CSC Card Not Yet Present In some cases, a Merchant s business may be such that he or she requires some assurance as to the validity of a card account before actually having access to the card. For this reason, Merchants may wish to take card details from the Cardmember before the card is present. As such, there are no requirements on card not yet present transactions, and Merchants should process such transactions using existing processes. SPECIAL TRANSACTION PROCESSING EST PRACTICE: American Express recommends that card not yet present transactions be performed for a minimum transaction amount, in order to avoid inconveniencing the Cardmember by unnecessarily reducing his or her available card funds Transaction Amount Not Yet Known CHECK-IN In some cases, a Merchant may only have access to the card to perform an EMV transaction at a time before the fi nal amount of the transaction is known. In a transaction amount not yet known scenario, an estimate can be displayed, but the Merchant must then inform the Cardmember that the value is an estimate and is therefore subject to change. If the difference between the actual value of the transaction and the initial authorization amount is greater than 15%, then the Merchant must submit an additional authorization request for the difference between the two amounts. If a Terminal is not able to store EMV transaction data, then any incremental authorizations will either require the Cardmember to re-present his or her card, or the authorization must be entered in PAN key entry format. EST PRACTICE: American Express recommends that all relevant EMV transaction data from the Authorization be stored for the settlement process, including the Cryptogram produced by the card. October

30 EXPRESS Card No Longer Present On occasion, the Merchant will only know the final amount to charge a Cardmember after he or she has left the premises, and therefore, the Chip Card will no longer be present. The only EMV transaction data the Merchant will have access to is the data gathered during the initial authorization and any subsequent incremental authorizations. If a Terminal is not able to store EMV transaction data, then the final transaction may be processed in PAN key entry format. EST PRACTICE: American Express recommends the fi nal transaction be submitted for settlement using the EMV data from the most recent authorization. The presentment message should include: the ARQC; the estimated or top-up amount that relates to that ARQC; and the final transaction amount Card Re-Presented for Final Charge CHECKOUT In cases where the Chip Card was originally used to authorize a transaction before the amount was known, and is then re-presented to the Merchant after the transaction amount has been finalized, the transaction is completed as follows: If the difference between the actual value of the transaction and the initial authorization amount is greater than 15%, then a normal EMV transaction must be completed with the card for the full amount, and any previous authorizations must then be cancelled, where possible. If the difference between the actual value of the transaction and the initial authorization amount is equal to or less than 15%, then the transaction should be completed without going Online. There are two options for how this could be achieved: Option 1: Full EMV Transaction. If you choose to perform a full EMV transaction, American Express recommends the Terminal request that the card approve the transaction Offline (i.e., requests a TC). However, if the transaction is sent Online, American Express recommends that, where possible, it is sent as an advice message. SPECIAL TRANSACTION PROCESSING Option 2: Track 2 Data. If you choose not to perform a full EMV transaction, the Terminal must read the track 2 data off the chip and use it to process the transaction. In constructing the transaction, use track 2 component parts, or extract the components from the track 2 image, but do not use the track 2 image itself, as the 4CSC on the magnetic stripe and in the chip are not required to be the same. Also, there is a PCI DSS requirement that the entire contents of the track 2 data shall not be stored after a transaction has completed. Having your Terminals extract the PAN and expiration date from the chip (rather than using all of the track 2 data) helps ensure the PCI DSS requirement is met. EST PRACTICE: When possible, the EMV data from the authorization should be attached to the transaction data in the clearing message. October

31 Adding a Gratuity In certain Merchant categories such as restaurants, it is standard practice to enable customers to add a gratuity to the amount of the transaction. There are many different ways in which a gratuity can be added. American Express does not define any specific methods for adding gratuities. EST PRACTICE: American Express recommends that Terminal software enables the Cardmember to add the gratuity amount to the transaction before entering his or her PIN. This enables the transaction to be processed as a normal, card present transaction AEIPS Requirements for Unattended Payment Terminal (UPT) Scenarios The introduction of EMV technology and its associated security features greatly increases the business case for UPTs. Card Authentication and Cardholder Verification which previously relied on the manual observation of the card and signature by staff can now be performed through direct interaction between a Chip Card and a Terminal. An EMV transaction is processed in essentially the same way in a UPT as in a standard Terminal, with a few notable exceptions. The sections below detail these exceptions, as well as the related American Express requirements for UPTs. SPECIAL TRANSACTION PROCESSING Cardholder Verification on UPTs The introduction of the Offline PIN capability provided by EMV greatly increases the potential for Cardholder Verification at UPTs. CVM Fallback shall not be supported at UPTs (i.e., if the highest supported CVM in both card and Terminal is PIN, PIN must be used or the transaction must be declined) Fallback on UPTs If the Terminal is EMV-enabled but not yet certified, or if it is EMV-enabled for other Payment rands but not yet for American Express, the transaction must be processed using the magnetic stripe. The Terminal must not process the transaction as Fallback. Fallback to magnetic stripe shall not be available at AEIPS-enabled UPTs. These Terminals shall reject a magnetic stripe card with a service code that starts with a 2 or a 6 (indicating EMV-capable) when the chip cannot be read. October

32 Online Capability with UPTs Depending on the environment in which they are deployed and the type of transactions performed, some of your UPTs may have Online capability. The Terminal shall include indicators in the authorization and submission messages that the transaction was processed at a UPT. EST PRACTICE: If your UPT has Online capability, we recommend that it have a zero Terminal Floor Limit and that it attempt to perform all transactions Online. If the UPT is capable of Online operation, we recommend that it have the capability to capture the card at the Issuer s request. If your UPT has no Online capability, we recommend the use of Exception Files and the validation of card details (including expiration date) before the transaction is allowed to proceed. SPECIAL TRANSACTION PROCESSING October

33 SECTION 5: AEIPS TERMINAL CERTIFICATION 5.1. Introduction Integrating EMV into Terminals and host systems can add complexity and the potential for interoperability issues. To ensure that these potential issues are minimized, we have defined a certification process that must be completed. Multiple parties can be involved in the AEIPS Terminal certifi cation process. For example, a certifi cation can be completed directly between a Terminal Vendor and American Express. Or, a certifi cation may need to be conducted via the involvement of a third party, such as a Reseller or an Acquirer. Although the roles played by various parties may involve different responsibilities, the overall AEIPS Terminal certifi cation process will not change signifi cantly. For the purposes of this document, each of these parties will be referred to as a certifi cation contact. This section outlines only the globally-standard requirements for certifying a Terminal to the AEIPS specifications; there may be additional country-specific or Acquirer-specific requirements and tests. The certification process may also differ slightly depending on whether these local variations exist. Contact your American Express Representative to determine if additional requirements apply. This section will enable our certification contacts to successfully and easily implement AEIPS on a Terminal. Important Note: efore completing AEIPS Terminal certification, the Terminal must already have received EMVCo level 1 and 2 certification. Although you may begin AEIPS Terminal certification before you have been awarded EMVCo level 2 certification, you will not be formally granted AEIPS Terminal certification until level 2 EMVCo certification has been confirmed. AEIPS TERMINAL CERTIFICATION The certification contacts must: Ensure that all their EMV-capable Terminals have been certified by American Express. Ensure that certifi cation is performed on every Terminal software version (not just on the chip software kernel) in every country where it is implemented. This ensures that no issues arise after the local application software has been developed that could create a need for re-certifi cation of the Terminal. Ensure that American Express is notified of any change in the software. October

34 5.2. How to Perform AEIPS Terminal Certification The following diagram details the high-level process for AEIPS Terminal certification. The process begins when a certification contact provides American Express with a completed certification request form, which can be obtained from your American Express Representative. Figure 3: AEIPS Terminal Certification Process Flow Certification contact ensures Terminal has passed EMVCo levels 1 & 2 certification Certification contact ensures that the certification request form is completed for each Terminal requiring certification American Express receives certification request form from certification contact American Express books test slot American Express sends test plan & test plastics to certification contact Certification contact performs connectivity tests Certification contact completes test scripts & sends test results to American Express American Express receives & validates test results Certification contact fixes errors & is responsible for associated costs AEIPS TERMINAL CERTIFICATION Were the tests passed? no Certification contact informed of failure yes yes Is certification contact submitting settlement files? no Certification contact sends settlement file no Was settlement file validation criteria met? yes American Express sends certification letter to certification contact October

35 The entire AEIPS Terminal certification process typically takes about 4 6 weeks; completion in this timeframe depends not just on American Express but also on the certification contact. American Express makes the following timing commitments for AEIPS Terminal certification: After the certification request form has been received, American Express will notify the certification contact and provide the [AEIPS-TEST] document and necessary test cards within one week. When the certification results have been received, American Express will validate these results and inform the certification contact of this validation within two weeks. Contact your local American Express Representative to obtain certification request forms as well as the detailed test plan and test cards. For up-to-date information about EMVCo level 1 and level 2 type approval, visit Important Note: In early 2008, American Express intends to introduce a certifi cation tool that will remove the requirement to connect to the American Express network to perform AEIPS Terminal certification. Once this requirement is removed, certifi cation testing will be performed using the host simulator, and the results will be submitted to American Express for validation. If you wish to use this tool instead of connecting to American Express, please contact your local American Express Representative to find out if the tool is available. It still may be necessary to connect to the American Express network to perform certifi cation for country-specifi c requirements not covered by this tool AEIPS Terminal Certification Test Plan [AEIPS-TEST] The AEIPS test plan has been broken into four sections. The fi rst section is mandatory, the next two sections may or may not need to be run, based on the Terminal s functionality. The fi nal section must be performed in the event of a change in the authorization communication link. This test plan outlines only the globally-standard tests for certifying a Terminal to the AEIPS specifi cations; there may be additional country-specifi c or Acquirer-specifi c requirements and tests. AEIPS Test Plan Section 1 (Mandatory) Section 1. Authorization Tests This section includes nine Online authorization tests that check core AEIPS functionality and the interaction with the American Express host. It also includes two tests that check the magnetic stripe functionality of the Terminal. Important Note: American Express issues cards in both International Organization for Standardization (ISO) and American National Standards Institute (ANSI) format. Therefore, it is important to check that the Terminal is capable of reading both formats. AEIPS TERMINAL CERTIFICATION AEIPS Test Plan Sections 2 and 3 (ased on the Terminal s functionality) Section 2. Stand-In Processing Tests This section consists of nine tests that check the functionality associated with Stand-In processing. Only Terminals that perform Stand-In processing and contain SAC need to perform these tests. Section 3. Submission Testing If you are required to create a file of transactions for submission, then you will be required to perform the tests detailed in this section. This section consists of two tests that October

36 ensure accurate data is submitted to American Express. This testing is not necessary when submitting through a Third Party Processor; however, formal certification will not be granted until that Third Party Processor link has been certified. AEIPS Test Plan Section 4 (ased on whether changes have been made to the Terminal s communication with American Express) Section 4. Communication Change Testing In the event of a change in the authorization communication link, the tests detailed in this section will need to be performed in order to check that the Terminal and American Express are still able to connect Setting Up the Terminal Prior to AEIPS Terminal Certification efore performing AEIPS Terminal certifi cation, it is necessary to ensure that the Terminal has the correct parameters and CAPKs loaded. Additionally, the Terminal must also be able to produce the correct diagnostic information. Once this is done, a test transaction must be performed to ensure the Terminal s connectivity to American Express. A checklist is provided in [AEIPS-TEST] to help you ensure that you have confi gured your Terminal correctly. The following table lists those data elements that have specific values associated with them for the purposes of testing. Table 10: Specific Test Values Description Test Values American Express IN Ranges , American Express AID RID: PIX: A Application Selection Indicator Partial AID matching must be enabled TAC - Default TAC - Online TAC - Denial SAC Default 1 F8 50 A Application Version Number 0001 Transaction Certificate Data Object List (TDOL) Not used DDA Data Object List (DDOL) 9F3704 Threshold Value for iased Random Selection Random selection to be set off (all zero) Target Percentage for Random Selection 0 Maximum Target Percentage for iased Random Selection 0 Terminal Floor Limits Supplied by local American Express Representative CAPKs 2 Lca00003 Lca0000E Lca0000F Lca00010 Merchant Number Supplied by local American Express Representative 1 Used only when Stand-In processing has been implemented. 2 American Express CAPK format and details are included in Appendix A. AEIPS TERMINAL CERTIFICATION October

37 Additional Parameters and Requirements for Stand-In Certification The American Express AID should be identified to support Stand-In unless stated otherwise in the test. There should not be a connection available to the American Express host during any Stand-In processing tests. Stand-In Floor Limits Pre-comms Stand-In Floor Limit = 0. Post-comms Stand-In Floor Limit = Mandatory Data for Diagnostics The data listed below is essential for AEIPS Terminal certification. It can be provided on the receipt or transaction log. The information shall be available only during the certification process and, if provided through a diagnostic receipt, shall be switched off for the live environment. TVR Transaction Status Information (TSI) CVR Cryptogram Type Cryptogram Value IACs TACs Terminal Capabilities Additional Terminal Capabilities Application Interchange Profile IAD Application Version Number (Card) Application Version Number (Terminal) Terminal Software Version Details CAPK Index Issuer Script Results AEIPS TERMINAL CERTIFICATION Connectivity Test The following transaction can be completed using the test card AEIPS 10 to check connectivity. Transaction amount Response 8.00 Approve Other connectivity test transactions that provide different responses, e.g., referral, may also be available. Please contact your American Express Representative for details Completing the AEIPS Test Plan Documentation When performing AEIPS Terminal certification, you will be required to complete a result form for each test performed [AEIPS-TEST]. To assist American Express in the reviewing of results and to speed up the October

38 reviewing process it is important that the individual(s) performing the tests provide as much documentary evidence as possible. This evidence will consist of, at a minimum: A receipt per transaction (or comment that no receipt was produced). Written confirmation of the main Terminal/PIN Pad displays/prompts Evidence of the TVR/TSI settings (on the receipt). When the outcome of a test does not match the expected result, an explanation should be provided. Providing these explanations will speed up the evaluation. Additionally, it will help streamline the process if any of the following can be supplied: Logs produced by the equipment being tested that show transaction flow or any other useful information. Any further comments the certification contact feels will assist American Express in evaluating the results TVR and TSI Setting Requirements In certain tests, American Express requires specifi c TVR or TSI values to be set. These are indicated in [AEIPS-TEST] by showing only these settings, e.g., TVR - 00 xx xx xx xx. If bits other than the required values are set, this does not equate to a failure of the test; however, these additional bits must be explained. Where the TSI results are shown, only those values that are relevant to the test are shown, e.g., 8x xx. However, it will always be the case that additional bits will be set by the Terminal, again this does not equate to a failure of the test Overview of AEIPS Terminal Certification Tests This section provides an overview of the American Express EMV tests for authorization (AEIPS Test Plan Section 1), Stand-In (AEIPS Test Plan Section 2), submission (AEIPS Test Plan Section 3), and communication change (AEIPS Test Plan Section 4). This section does not include any additional country-specific or Acquirerspecific tests that you may need to complete. Please contact your American Express Representative to determine if additional requirements apply. The overview tables begin on the following page. AEIPS TERMINAL CERTIFICATION October

39 Mandatory Tests AEIPS Test Plan Section 1. Authorization Tests Test Case Description Pre-Requisites and Settings Procedures Test Success Criteria AXP POS 001 An Online chip and PIN transaction AXP POS 002 An Online chip and PIN transaction with three Issuer Scripts returned in the authorization response message Terminal set up for AEIPS Terminal certification Terminal set up for AEIPS Terminal certification Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Perform a second sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Terminal prompts for chip insertion Terminal prompts for PIN PIN is successfully validated TVR setting 00 xx xx 0x 0x (data authentication did not fail, Issuer authentication successful) TSI setting 8x xx (i.e. it 8 = 1, data authentication performed) ARPC returned in the response message from the American Express Acquirer The card will return a TC to 2nd generate AC command Issuer authentication performed (Terminal sends the external authenticate to the card) Offline PIN verification performed (CVR yte 1, it 3 = 1) Transaction is approved Terminal prints/displays application label Signature box not printed on receipt 1st transaction: Terminal prompts for PIN PIN is successfully validated Three Lower Consecutive Offline Limit (LCOL) Issuer Scripts returned to the Terminal by American Express host in the authorization response message LCOL scripts sent by Terminal to card LCOL scripts accepted by card Issuer authentication performed (Terminal sends external authenticate to the card) Issuer authentication successful Transaction is approved at host Terminal prints/displays application label 2nd transaction: CVR shows three Issuer Script commands containing secure messaging successfully processed on last transaction (yte 4, its 5 8) CVR indicates Issuer authentication successful for last transaction (yte 3, it 4 = 0) AEIPS TERMINAL CERTIFICATION October

40 Test Case Description Pre-Requisites and Settings Procedures Test Success Criteria AXP POS 003 Issuer authentication is successfully performed after a referral response is received from the Acquirer Terminal set up for AEIPS Terminal certification and supports referral processing Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Enter approval code of 55 when prompted Perform a second sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN st transaction Terminal prompts for PIN PIN is successfully validated Transaction is referred ARPC returned in response message from the American Express Acquirer Either TC or AAC returned by card in response to the 2nd generate AC command Issuer authentication performed (Terminal sends external authenticate to the card) Issuer authentication successful Terminal prints/displays application label Display and receipt show CALL ISSUER and response code value 2nd transaction CVR indicates Issuer authentication successful for last transaction (CVR yte 3, it 4 = 0) AXP POS 004 A sale using a test card from a 34 IN range and with the AXP 1408 CAPK Terminal must accept this as a valid PAN Terminal set up for AEIPS Terminal certification Terminal is configured to accept the American Express registered 34 and 37 IN ranges Perform a sale using test card AEIPS 11 and enter the required amount Terminal prompts for PIN PIN is successfully validated Terminal accepts a 34 IN Transaction is sent Online and is approved ARPC returned in response message from the American Express Acquirer TC returned by the card in response to the 2nd generate AC command Issuer authentication is performed and is successful TVR setting 00 xx xx 0x xx (data authentication did not fail) TSI setting 8x xx (i.e. it 8 = 1, data authentication performed) AEIPS TERMINAL CERTIFICATION October

41 Test Case Description Pre-Requisites and Settings Procedures Test Success Criteria AXP POS 005 A sale using a test card with multiple applications that require cardholder confirmation AXP POS 006 An Online chip transaction with DDA Terminal set up for AEIPS Terminal certification Terminal set up for AEIPS Terminal certification Perform a sale using test card AEIPS 12 and enter the required amount Perform a sale using test card AEIPS 13 and enter the required amount If Cardholder confirmation supported: Cardholder confirmation requested by card Prompt for AMEX application must be displayed on Terminal Select application AMEX Transaction is approved TVR setting 00 xx xx 0x xx (data authentication did not fail) TSI setting 8x xx (i.e. it 8 = 1, data authentication performed) Application label is printed/displayed on the receipt If Cardholder confirmation not supported: Cardholder confirmation requested by card Cardholder confirmation not supported Transaction is declined TVR setting 00 xx xx xx xx Offline data authentication performed DDA did not fail TSI setting 8x xx (i.e. it 8 = 1, data authentication performed) Issuer authentication performed (Terminal sends external authenticate to the card) Issuer authentication successful The card will return AAC to 1st generate AC Transaction is declined AEIPS TERMINAL CERTIFICATION October

42 Test Case Description Pre-Requisites and Settings Procedures Test Success Criteria AXP POS 007 Online chip transaction, using AXP 1984 CAPK, and a 126-byte script sent in authorization response message Terminal set up for AEIPS terminal certification Terminal is capable of processing multiple Issuer Scripts, and multiple commands within Issuer Scripts terminal certification refunds AXP POS 008 To verify refund processing Terminal set up for AEIPS Terminal supports full EMV AXP POS 009 An Online transaction performed and approved, the Issuer validation fails, and the card declines the transaction. The Terminal then performs a reversal Terminal set up for AEIPS Terminal certification and can support Online reversals Perform a sale using test card AEIPS 14 and enter the required amount When prompted, enter PIN 1234 Perform a second sale using test card AEIPS 14 and enter the required amount When prompted, enter PIN 1234 Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Perform a refund using test card AEIPS 10 and enter the required amount Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Perform a reversal on the transaction 1st transaction: Terminal prompts for PIN PIN is successfully validated Script returned to Terminal by American Express host in the authorization response message Extra long (126-byte) update command sent by the Terminal to card (2 scripts embedded) Terminal prompts for PIN entry TVR setting 00 xx xx 0x xx (data authentication did not fail) TSI setting 8x xx (i.e. it 8 = 1, data authentication performed) Issuer authentication performed (Terminal sends external authenticate to the card) Issuer authentication successful Offline PIN verification performed (yte 1, it 3 = 1) Transaction is approved 2nd transaction: CVR shows two Issuer Script commands containing secure messaging successfully processed on last transaction (yte 4, its 5 8) CVR shows Issuer authentication successful for last transaction (yte 3, it 4 = 0) Refund successfully performed either Online or Offline Refund is approved Refund is captured at Terminal ARPC returned in response message from the American Express host Transaction approved at the American Express host Issuer authentication is performed TC requested by Terminal in 2nd generate AC AAC returned by card in response to the 2nd generate AC command Issuer authentication was successful (TVR yte 5, it 7 = 0) Issuer authentication was performed (TSI yte 1, it 5 = 1) Transaction is declined Reversal transaction is generated AEIPS TERMINAL CERTIFICATION October

43 Test Case Description Pre-Requisites and Settings Procedures Test Success Criteria AXP POS 010 Magnetic stripe transaction with a card formatted according to ISO standards AXP POS 011 Magnetic stripe transaction with a card formatted according to ANSI standards Terminal set up for AEIPS Terminal certification Terminal set up for AEIPS Terminal certification Perform a sale using test card AEIPS ISO and enter the required amount Perform a sale using test card AEIPS ANSI and enter the required amount Terminal can read track 2 data on the magnetic stripe Terminal is able to recognize ISO 101 service code Terminal does not prompt for chip insertion Transaction approved Terminal can read track 2 data on the magnetic stripe Terminal does not prompt for chip insertion Transaction approved Tests That Are ased on the Terminal s Functionality AEIPS Test Plan Section 2. Stand-In Processing Tests Test Case Description Pre-requisites and Settings Procedures Test Success Criteria STP-020 Not Configured for Stand-In Processing STP-021a elow Post-comms Transaction declined as Stand-In not available Transaction approved by Stand-In functionality The Terminal cannot connect to the Acquirer host Stand-In processing is not configured for the American Express AID The Terminal cannot connect to the Acquirer host Stand-In processing is configured for the American Express AID and SAC loaded Perform a sale using test card STP-0020 and enter the amount of (above the postcomms Stand-In Floor Limit) Perform a sale using test card STP-0021 and enter the amount of (below the post-comms Stand-In Floor Limit but above the pre-comms Stand-In Floor Limit) Terminal does not send external authenticate command to card Terminal requests an AAC in 2nd generate AC Terminal sets ARC (tag 8A) when requesting the AAC to Z3 Transaction is denied at the Terminal Transaction exceeds Stand-In Floor Limit (TVR yte 4, it 8 = 1) Terminal does not send external authenticate command to card Terminal requests a TC in 2nd generate AC Terminal sets ARC (tag 8A) when requesting the TC to 00 Transaction is approved at Terminal Terminal prompts for signature Transaction exceeds Stand-In Floor Limit (TVR yte 4, it, 8 = 1) STP-021b elow Post-comms (Submissions) STP-022 Above Post-comms Submission of transaction created in STP-021a Referral response received from Stand-In functionality None Submit transaction created in Transaction correctly presented in submissions file STP-021a to American Express The Terminal system cannot connect to the Acquirer host Stand-In processing is configured for the American Express AID and SAC loaded Perform a sale using test card STP-0022 and enter the amount of (above the postcomms and pre-comms Stand-In Floor Limits) Terminal does not send external authenticate command to card Terminal requests a TC in 2nd generate AC (this may be AAC) Terminal sets ARC (tag 8A) when requesting the TC to 02 Transaction is referred at Terminal Transaction exceeds Stand-In Floor Limit (TVR yte 4, it 8 = 1) AEIPS TERMINAL CERTIFICATION October

44 Test Case Description Pre-requisites and Settings Procedures Test Success Criteria STP-023 Denial Condition Met (SDA Failure) STP-024 Denial Condition Met (Exception File) STP-025 Denial Condition Met (Expired Application) STP-026a Denial Condition NOT Met STP-026b Denial Condition NOT met (submissions) Transaction declined during Stand-In as SDA failed Transaction declined during Stand-In as the card is in the Terminal s Exception File Transaction declined during Stand-In, as the card application has expired Transaction approved by Stand-In functionality, as SAC is not set to decline expired application Submission of transaction created in STP-026a The Terminal system cannot connect to the Acquirer host Stand-In processing is configured for the American Express AID and SAC loaded The Terminal system cannot connect to the Acquirer host Stand-In processing is configured for the American Express AID and SAC loaded Terminal has card number in its Exception File The Terminal system cannot connect to the Acquirer host Stand-In processing is configured for the American Express AID and SAC loaded The Terminal system cannot connect to the Acquirer host Stand-In processing is configured for the American Express AID A SAC of is loaded into the Terminal Perform a sale using test card STP-0023 and enter the amount of (below the post-comms Stand-In Floor Limit but above the pre-comms Stand-In Floor Limit) Perform a sale using test card STP-0024 and enter the amount of (below the post-comms Stand-In Floor Limit but above the pre-comms Stand-In Floor Limit) Perform a sale using test card STP-0025 and enter the amount of (below the post-comms Stand-In Floor Limit but above the pre-comms Stand-In Floor Limit) Perform a sale using test card STP-0026 and enter the amount of (below the post-comms Stand-In Floor Limit but above the pre-comms Stand-In Floor Limit) Merchant host denies authorization response with a response code of 05 Terminal does not send external authenticate command to card Terminal requests an AAC in 2nd generate AC Terminal sets ARC (tag 8A) when requesting the AAC to 05 Transaction is denied at Terminal Offline SDA failed (TVR yte 1, it 7 = 1) Transaction exceeds Stand-In Floor Limit (TVR yte 4, it 8 = 1) Merchant host denies authorization response with a response code of 05 Terminal does not send external authenticate command to card Terminal requests an AAC in 2nd generate AC Terminal sets ARC (tag 8A) when requesting the AAC to 05 Transaction is denied at Terminal Card appears on Exception File (TVR yte 1, it 5 = 1 ) Transaction exceeds Stand-In Floor Limit (TVR yte 4, it 8 = 1) Merchant host denies authorization response with a response code of 05 Terminal does not send external authenticate command to card Terminal requests an AAC in 2nd generate AC Terminal sets ARC (tag 8A) when requesting the AAC to 05 Transaction is denied at Terminal Expired application (TVR yte 2, it 7 = 1) Transaction exceeds Stand-In Floor Limit (TVR yte 4, it 8 = 1) Merchant host approves authorization response with a response code of 00 Terminal does not send external authenticate command to card Terminal requests a TC in 2nd generate AC Terminal sets ARC (tag 8A) when requesting the TC to 00 Transaction is approved at Terminal Expired application (TVR yte 2, it 7 = 1) Transaction exceeds Stand-In Floor Limit (TVR yte 4, it 8 = 1) None Submit transaction created in Transaction correctly presented in submissions file STP-026a to American Express AEIPS TERMINAL CERTIFICATION October

45 Test Case Description Pre-requisites and Settings Procedures Test Success Criteria STP-027 Denial Condition Met (PIN Try Exceeded) STP-028 Denial Condition Met (PIN not entered) Transaction declined during Stand-In as the PIN try limit is exceeded Transaction declined during Stand-In as Offline PIN is required but not entered The Terminal system cannot connect to the Acquirer host Stand-In processing is configured for the American Express AID and SAC loaded The Terminal system cannot connect to the Acquirer host Stand-In processing is configured for the American Express AID and SAC loaded Perform a sale using test card STP-0027 and enter the amount of (below the post-comms Stand-In Floor Limit but above the pre-comms Stand-In Floor Limit) When requested enter PIN 1234 Perform a sale using test card STP-0028 and enter the amount of (below the post-comms Stand-In Floor Limit but above the pre-comms Stand-In Floor Limit) When PIN is prompted, bypass request Merchant host denies authorization response with a response code of 05 Terminal does not send external authenticate command to card Terminal requests an AAC in 2nd generate AC Terminal sets ARC (tag 8A) when requesting the AAC to 05 Transaction is denied at Terminal Offline PIN try limit exceeded (TVR yte 3, it 6 = 1) Transaction exceeds Stand-In Floor Limit (TVR yte 4, it 8 = 1) Pin ypass is performed at the Terminal Merchant host denies authorization response with a response code of 05 Terminal does not send external authenticate command to card Terminal requests an AAC in 2nd generate AC Terminal sets ARC (tag 8A) when requesting the AAC to 05 Transaction is denied at Terminal Offline PIN required, PIN Pad present but PIN not entered (TVR yte 3, it 4 = 1) Transaction exceeds Stand-In Floor Limit (TVR yte 4, it 8 = 1) AEIPS TERMINAL CERTIFICATION October

46 AEIPS Test Plan Section 3. Submission Tests If you are required to provide a file of transactions for submission as part of your approvals testing, then you are required to use the transactions indicated in this section. Test Case Description Pre-requisites and Settings Procedures Test Success Criteria Settlement Debit Transaction Settlement Credit Transaction Transaction authorized Online and correctly presented in the submissions file Refund created for an Online authorized transaction and correctly presented in the submissions file Terminal set up for AEIPS Terminal certification Terminal set up for AEIPS Terminal certification Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Present the authorized transaction in the submission fi le and submit to American Express (if you are direct submitter) or to your Acquiring bank/bureau Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Refund the authorized transaction of required amount Present the transaction and the refund in the submission fi le and submit it to American Express (if you are direct submitter) or to your Acquirer Chip transaction approved Online Transaction presented in the submission file Submission file submitted in the agreed format Chip transaction approved Online Refund created for the authorised transaction Transaction presented in the submission file Submission file submitted in the agreed format AEIPS TERMINAL CERTIFICATION October

47 Tests That Are Performed When There Are Communication Changes AEIPS Test Plan Section 4: Communication Change Tests The following tests are based on whether there has been a communication change between the Terminal and American Express. Test Case Description Pre-requisites and Settings Procedures Test Success Criteria AXP COM 001 Issuer authentication is successfully performed after a referral response AXP COM 002 Online chip transaction, using AXP 1984 CAPK, and 126-byte script sent in authorization response AXP COM 003 An Online chip and PIN transaction that is declined by the host Terminal set up for AEIPS Terminal certification Terminal set up for AEIPS Terminal certification Terminal set up for AEIPS Terminal certification Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Enter approval code of 55 when prompted Perform a sale using test card AEIPS 14 and enter the required amount When prompted, enter PIN 1234 Perform a second sale using test card AEIPS 14 and enter the required amount When prompted, enter PIN 1234 Perform a sale using test card AEIPS 10 and enter the required amount When prompted, enter PIN 1234 Transaction is referred PIN is successfully validated ARPC returned in response from the American Express Acquirer TC returned by the card in response to the 2nd generate AC command Issuer authentication successfully performed Application label is printed/displayed on the receipt Transaction approved Online SDA successfully performed PIN is successfully validated Issuer authentication successful Application label is printed/displayed on the receipt CVR on the second Online transaction indicate that the script was successfully processed in the last transaction Transaction is declined PIN is successfully validated Issuer authentication successfully performed. Application label is printed/displayed on the receipt AEIPS TERMINAL CERTIFICATION October

48 SECTION 6: MERCHANT EDUCATION For new technology to succeed, it is vital that those responsible for using, managing, and maintaining that technology are properly trained. It is our experience that when implementing EMV, you cannot provide too much training. Moving to a new type of payment technology is a large change for a Merchant, and customers may become dissatisfied if transactions are not handled properly. It is critical that Merchants who migrate to EMV plan for, design, and execute a thorough staff-training program Guidance for a Successful Training Program It is best if EMV training is delivered prior to implementing EMV in the Merchant environment. EMV training should also be readily available for staff to access if needed as a reference and should also be available on an ongoing basis for newly hired employees. EST PRACTICE: We recommend creating a quick reference guide with key information on accepting Chip Cards and magnetic stripe cards to be kept near the Terminal. We recommend making EMV training interactive and including hands-on practice accepting both Chip Cards and magnetic stripe cards. Additionally, it is recommended that Merchants work with their Acquirers if they have questions or need additional support relating to processing EMV transactions. Some key topics that should be included in EMV training are: The benefits of EMV with regards to fraud risk and fraud liability Inserting the Chip Card Following the Terminal prompts Fallback PIN entry and PIN ypass (as appropriate to local usage) Handling common customer inquiries The requirement to continue to accept all types of card products MERCHANT EDUCATION October

49 APPENDIX A: CAPK INFORMATION CAPK Format Detail Unless otherwise stated, the values within the CAPK format are detailed in their hexidecimal representation. Table A-1: CAPK Format Detail Field Name Length Hashed Description (ytes) Header 1 No Set to 20 Service Identifier 4 No American Express Product Identifier. Set to Length of CAPK Modulus 2 No Length of CAPK modulus. Current valid values = (1024 bits), 0090 (1152), 000 (1408 bits), 00F8 (1984 bits) CAPK Algorithm Indicator 1 No Cryptographic algorithm ID used to generate the CAPK. Set to 01 Length of CAPK Exponent 1 No Length of CAPK exponent. Set to 01 RID 5 Yes Set to A CAPK Index 1 Yes Unique CAPK index number CAPK Modulus Variable Yes CAPK modulus CAPK Exponent Variable Yes CAPK exponent. Set to 03 Hash Value 20 No Hash of components indicated in hashed column Live CAPKs There are four live CAPKs. They are sent out in text and binary formats in a zip file. Table A-2: Live CAPKs Key File Name CAPK Index CAPK Length Lca00003.dat Lca00003.txt Lca0000E.dat Lca0000E.txt Lca0000F.dat Lca0000F.txt Lca dat Lca00010.txt (hex = 128 bytes = 1024 its 0E (hex) = 144 bytes = 1152 its 0F 00 0 (hex) = 176 bytes = 1408 its F8 (hex) = 248 bytes = 1984 its APPENDIX October 2007 A: 47

50 The text versions of these keys are included below: Key Index 03 (1024) Header 20 Service Identifier Length of CAPK Modulus CAPK Algorithm Indicator 01 Length of CAPK Exponent 01 RID A CAPK Index 03 CAPK Modulus 0C2C6E2A CD17C239496F48C57E389164F2A96FF133439AE8A D4DC6959A0 C2D05D0723AF E5A2FA92DDD5E78EA9D75D CC26935F4633D4AAFF27 94F92E6C7A3F95325D8A95960C3066E548087C6CE A84A66228AE4659C634C99E C095082A3A3E3 CAPK Exponent 03 Hash Value 8708A3E3C10E73ED8D19D4E5D20166F6C Key Index 0E (1152) Header 20 Service Identifier Length of CAPK Modulus CAPK Algorithm Indicator 01 Length of CAPK Exponent 01 RID A CAPK Index CAPK Modulus CAPK Exponent Hash Value 0E AA94A8C6DAD24F9A56A27C A026E9FD0A3416CA9A71166ED5084ED91CED4 7DD457D7E6CCD53E560C5DF48AC D549F5196CFA77DF20A E969A2772E8C F82516A2C75FC91F8DA04E8D512E0F F86FC021CE7E969DA94D A53 A57F907C40C22009DA7532C3E509AE17339AD6A01A585 A7266AAE6442A D49856E17F8FCD APPENDIX October 2007 A: 48

51 Key Index 0F (1408) Header 20 Service Identifier Length of CAPK Modulus 00 0 CAPK Algorithm Indicator 01 Length of CAPK Exponent 01 RID A CAPK Index 0F CAPK Modulus C8D5AC27A5E1F89978C7C6479AF993A3800E243996F2AE266723AC482C A51AFA 7D2D83E894F591A235730F FF15DA12290F70F A11AD347109FA49DE29DC A17EA95549E AA1F045756DE56707E3863E59A6CE99C1272EF65F66C4CFF 070F36029DD CA752AF37E70E1A84FF31079DC0048E928883EC4FADD497A C2EC5A66AA5E5655D18034EC5 CAPK Exponent 03 Hash Value A734723A557493A9C2179CC A4 Key Index 10 (1984) Header 20 Service Identifier Length of CAPK Modulus 00 F8 CAPK Algorithm Indicator 01 Length of CAPK Exponent 01 RID A CAPK Index 10 CAPK Modulus CF98DFED3D EE E0751C81D2D3DF4D18EA9F9D49F38C8C4A82699DC9DEA 3F01043D4F22AC3550E2962A F7889C16D40135EFD1A E6366E C618734C91C1D1F3EDC2A46A E0FFC E888044F6A1E65DC9AAA8928DACE0D 55EA C6A732CEF55EE27CF877F A0E3484C855D882AE191674E25C FDD7C549F27A5FE35336F7E29E68D C67EE5A680F05160ED12D1665EC 83D1997F10FD05DF9433E8F797AEE3E9F02A34228ACE927AE AD08D3DF5C D7A5FCDE58637 CAPK Exponent 03 Hash Value C729CF2FD262394AC4CC AA99FD APPENDIX October 2007 A: 49

52 APPENDIX : DISPLAYALE MESSAGES Table -1 details the possible messages that a Terminal may display during an AEIPS transaction. The table also provides details on when each message may be used. This is provided as guidance, but is not an exhaustive list. Table -1: Displayable Terminal Messages Message Text AUTH CODE: nnnnn CALL AUTH CENTER CALL ISSUER CALL HELP DESK CARD NOT AUTHORIZED CHECK SIGNATURE COMPLETED CONNECTION MADE DECLINED DO NOT REMOVE CARD ENTER AMOUNT CARDMEMER ENTER PIN ENTER PIN Usage Used to display the actual authorization code, or, if a transaction is approved by the Terminal, used to display the code that is created by the Terminal. Used to inform the Merchant that a referral is needed upon the request of the Acquirer or due to connectivity issues. Used when a referral response is sent to the Terminal, indicating that the Merchant needs to contact the Issuer. Used when the Terminal has a technical issue that requires assistance to resolve. Transaction not approved (see DECLINED). Used to prompt for visual verification of the signature. Used to indicate that the transaction has finished. Used to indicate connectivity has been successfully established between the Terminal and the Acquirer host. Printed or displayed on completion of a voice referral where the Acquirer, Issuer, or card has declined the transaction, and the Merchant has indicated this to the Terminal. Warns Cardmember/Merchant not to remove card. Used to prompt for amount entry. Either of these can be used whenever the Cardmember is required to enter his or her PIN number. ESTIMATED MAXIMUM AMOUNT XXX.XX MAX AMOUNT XXX.XX OPEN TA MAXIMUM XXX.XX ENTER PIN EXPIRES MM/YY GRATUITY? ENTER/CANCEL Used in hotels, car rental, restaurants, and bars when the Cardmember commences a transaction, the final value of which is not yet known. Used to prompt for input of the card expiration date. Used to allow Cardmembers the opportunity to add a gratuity. APPENDIX October 2007 : 50

53 Message Text INSERT AGAIN INSERT CARD ISSUER DECLINE CARDMEMER SHOULD CONTACT ISSUER DECLINED Y CARD CARDMEMER SHOULD CONTACT ISSUER KEY CARD NUMER LAST PIN TRY INCORRECT PIN LAST PIN TRY LINE USY LOADING MAXIMUM $XX PLEASE ENTER PIN OPEN TA MAXIMUM $XX.XX ENTER PIN PASS CARD TO MERCHANT PIN ERROR or INVALID PIN INCORRECT PIN CARDMEMER RETRY PIN LOCKED Usage Used to indicate that the chip has not been read successfully. Used to prompt that the Chip Card be inserted rather than swiped. Used to inform both Merchant and Cardmember of the transaction result and the action they need to take. Used to indicate that the magnetic stripe has not been read successfully three times. Warns Cardmember that he or she is about to have a final attempt at entry before the PIN may be locked. Used to indicate that the telephone line to which the Terminal is connected is already in use. Used to indicate the Terminal is receiving configuration data from a remote computer. Indicates the maximum amount for which the transaction can be completed. Used in bars and restaurants to advise the Cardmember of the maximum amount they may be charged, when a card is held behind the bar until the final payment is made. Used to prompt Cardmember to hand card to cashier. Used to indicate an incorrect PIN has been entered. Used to indicate that the PIN on the Chip Card has been locked on this or a previous transaction. PIN TRY LIMIT EXCEEDED CALL ISSUER PIN OK Where PIN try counter = 0. Used to signify that PIN entry was correct. APPENDIX October 2007 : 51

54 Message Text PLEASE INITIALIZE PROCESSING PLEASE WAIT PLEASE WAIT REFERRAL REMOVE CARD REQUEST INVALID SELECT PAYMENT TYPE SESSION TOTALS NOT AGREED UNCONFIRMED CANNOT CONFIRM STORE FULL SUPERVISOR CARD SWIPE AGAIN SWIPE CARD TRANSACTION COMPLETE TRANSACTION VOID UNALE TO GO ONLINE, OFFLINE APPROVED Usage Used to indicate that the Terminal needs to perform initialization to download new software or parameters ( PSE INITIALIZE if only 16 digits of display are available). Used when Terminal is interacting with the card and during which time the card should not be removed. Used on receipt of a hold message with an empty message data element, otherwise the Terminal shall display the message data element contents. Used to inform the Merchant that a referral is needed or is underway. Used to prompt either Cardmember or Merchant to remove the card from the Terminal. Used to indicate that the requested transaction is not supported for the card presented. Used when multiple payment options are available from a single card (e.g., credit or debit). Used during a reconciliation to advise the Merchant of the status of the reconciliation transaction. Used to advise the Merchant that the post-event store of transactions is full and the Terminal needs to contact the Acquirer. Used to prompt the swiping or insertion of the supervisor card in order that certain functions can proceed. Used to indicate that the magnetic stripe has not been read successfully. Used at the point in the procedure where card input is required for a magnetic stripe card. Signifies that transaction has been completed. Used if the transaction is canceled at the Terminal prior to completion of a voice referral. May be used to provide further advice on how the transaction has been processed. UNALE TO GO ONLINE, OFFLINE DECLINED VALID FROM MM/YY May be used to provide further advice on how the transaction has been processed. Used to prompt for input of the card effective date. APPENDIX October 2007 : 52

55 APPENDIX C: GLOSSARY AND ACRONYMS 4CSC 4DC AAC AC Acquirer AEIPS AID ANSI Application Selection Indicator ARPC ARQC ARC ASCII AXP Four-Digit Card Security Code Four-Digit atch Code Application Authentication Cryptogram. A type of Cryptogram indicating that the Chip Card has declined the transaction Application Cryptogram An entity that has a contract with a Merchant pursuant to which: i. A Cardmember is entitled to charge purchases of goods or services at such a Merchant by means of a card, and, ii. The Merchant agrees to transfer such charges to the Acquirer American Express ICC Payment Specification. AEIPS has two separate specifications: AEIPS Chip Card Specification [AEIPS-CARD], which defines the technical data elements and functionality for all American Express entities when implementing Chip Cards. AEIPS Terminal Specification [AEIPS-TERM], which outlines the Terminal functionality required to process American Express EMV transactions. Application Identifier. A value defined by [ISO ] and used to identify the application to the Terminal American National Standards Institute An indicator within the Terminal software that determines whether partial application selection can occur Authorization Response Cryptogram. A type of Cryptogram generated by the Issuer, used to enable the Chip Card to validate the authorization response Authorization Request Cryptogram. A type of Cryptogram that is generated by a Chip Card when it determines that a transaction should be sent Online Authorization Response Code American Standard Code for Information Interchange. A code for representing characters as binary numbers American Express IN CAPK ank Identification Number. A six-digit number identifying the Issuer institution. It is also used as the first six digits of a card account number issued by the Issuer. Certificate Authority Public Key APPENDIX October 2007 C: 53

56 Card Authentication Cardholder Verification Cardmember CDA Chip Card Cryptogram CVM CVR DDA DDOL EMV EMVCo Exception File Fallback Floor Limit IAC IAD ICC ISO The process by which EMV-compliant Chip Cards authenticate themselves to Terminals and Issuer systems The process by which the Cardmember s identity is verified A person who has entered into an agreement and established a card account with any Issuer, or a person whose name is embossed on a card Combined DDA / AC generation A card that has a silicon chip embedded into it Security data created by the Chip Card or Issuer systems and used to validate a transaction or authorization response Cardholder Verification Method Card Verification Results Dynamic Data Authentication. A means by which a Terminal can authenticate a Chip Card, as defined by EMV DDA Data Object List A term that is used to refer to the global specifications maintained by EMVCo. The application that resides on the Chip Card, and the application that resides on the Terminal used to generate transactions. EMV is a trademark of EMVCo, LLC. EMVCo LLC, the organization that manages the EMV specifications and the approval process for cards and Terminals A file of account numbers used during Stand-In authorization, for which the Issuer has predetermined either an authorization decision of denial (i.e., negative status), or requires special handling (i.e., VIP) When an EMV transaction cannot be completed in an EMV-enabled Terminal utilizing EMV technology, the Terminal then reads the magnetic stripe The maximum monetary amount for a single transaction, at or above which authorization must be obtained before completing the transaction Issuer Action Code Issuer Authentication Data Integrated Circuit Card, alternate term for Chip Card International Organization for Standardization Issuer Issuer Script Any entity issuing a payment card or engaging in the payment card issuing business A collection of card commands constructed and sent by the Issuer for the purpose of updating and managing their cards APPENDIX October 2007 C: 54

57 LCOL MAC Merchant Offline Online PAN Payment rands PCI DSS PED PIN PIN ypass PIN Pad PIX POS Reseller RID SAC SDA Stand-In Lower Consecutive Offline Limit Message Authentication Code Any person who has entered into a contract with an Acquirer, wherein such entity agrees to: i. Permit any Cardmember to charge purchases of goods and services at or from such entity by means of a card, and ii. Transfer such charges to an Acquirer When a transaction is performed without the Terminal connecting to the Acquirer A transaction that is sent to the Acquirer prior to transaction completion Primary Account Number A party operating a card payment network Payment Card Industry Data Security Standard PIN Entry Device Personal Identification Number A program allowing Merchants at a Chip/PIN Terminal to proactively bypass the PIN entry to prevent high authorization declines due to a Cardmember s inability to remember his or her PIN The component of a Terminal that is used by the Cardmember to enter the PIN for Cardholder Verification Proprietary Application Identifier Extension Point of Sale; see Terminal An entity that buys Terminals from a Terminal Vendor, develops and implements country-specific software, and then resells them to Merchants or other customers Registered Application Provider Identifier Stand-In Action Code Static Data Authentication. A means by which a Terminal can authenticate a Chip Card, as defined by EMV When an Issuer is not available to authorize a transaction, the Merchant can Stand-In for the Issuer and make a decision as to whether or not he or she is willing to accept the risk and authorize the transaction Stand-In Floor Limit A maximum monetary amount for a single Stand-In transaction, at or above which the Merchant must obtain an authorization before completing the transaction. This value is only used during Stand-In and can be loaded into the Terminal or the Third Party Processor s host system APPENDIX October 2007 C: 55

58 TAC TC TDOL Terminal Terminal Floor Limit Terminal Vendor Third Party Processor TVR UPT Terminal Action Code Transaction Certificate. A digital signature comprised of Issuer selected data objects. The TC is generated by the Chip Card at the end of an approved transaction, enabling the Issuer to verify that critical chip data was not changed prior to card validation Transaction Certificate Data Object List A device capable of accepting American Express Card products for payment for goods or services A maximum monetary amount for a single transaction, loaded into the Terminal, at or above which the Terminal must obtain an authorization before completing the transaction A party that manufactures and sells Terminals A party that processes American Express transactions on behalf of Merchants, Acquirers, or Issuers Terminal Verification Results Unattended Payment Terminal. An unattended, card-reading device that dispenses a product or provides a service which is paid for with a card (e.g., gasoline pump), upon activation by a valid card. Also known as a Card-Activated Terminal or CAT APPENDIX October 2007 C: 56