MasterCard Terminal Implementation Requirements PayPass
TABLE OF CONTENTS 1 PURPOSE OF THESE REQUIREMENTS... 3 1.1 Scope of These Requirements... 3 1.2 Useful information and Getting Help... 4 1.3 Effect of These Requirements... 4 1.4 Guidance on Terminology... 5 2 TERMINAL REQUIREMENTS... 6 2.1 License and Specifications... 6 2.2 Terminal Configurations... 7 2.3 Implementing the PayPass Specifications... 9 2.3.1 PayPass RF Protocol and Interface (level 1)... 9 2.3.2 PayPass Application Specifications (level 2)... 9 2.3.3 Transaction Processing Speed... 10 2.3.4 PayPass Transaction Data Editing... 10 2.3.5 Data Validation... 10 2.3.6 Application Version Number... 11 2.3.7 PayPass Reader to POS Terminal Interface Requirements... 11 2.4 Payment Processing... 12 2.4.1 Identification of PayPass Transactions and Terminal Capabilities... 12 2.4.2 PayPass Payment Processing Requirements... 13 2.4.3 Cardholder Name Field...15 2.4.4 Terminal or POS Generated Transaction Reports... 15 2.4.5 Refunds and Reversals... 16 2.5 Terminal User Interface... 17 2.5.1 Scope and Definitions... 17 2.5.2 User Interface Hardware...17 2.5.3 PayPass Landing Zone Identifier and Operating Volume... 17 2.5.4 PayPass Reader Status and Read Indication... 19 2.5.5 Considerations for these requirements... 19 2.5.6 Visual Indication... 19 2.5.7 Audio Indication... 20 2.5.8 Design Considerations... 21 2.6 Physical and Environmental Requirements... 22 3 PAYPASS CERTIFICATION AND TESTING... 24 3.1 PayPass Terminal Testing... 26 A Appendix A - Recommended User Interface... 28 B Appendix B - Alternative User Interface... 35 C Appendix C, Global Operations Bulletin No. 6, 1 June 2005... 42 D Appendix D, Glossary... 48 E Appendix E, Consumer Interface Methods...54 F Appendix F, Terminal Requirements Summary... 59 MASTERCARD WORLDWIDE PAGE 2
1 PURPOSE OF THESE REQUIREMENTS The purpose of this document is to help terminal developers and their customers to implement PayPass terminal devices that will ensure a quality consumer experience when using MasterCard PayPass products. PayPass enables consumers to tap their PayPass card or device on PayPass-enabled terminals allowing for a quicker and more convenient payment experience. These requirements will: Help terminal vendors to understand PayPass and implement terminals that provide PayPass acceptance. Provide guidance on integrating PayPass functionality into retail systems using type approved components. Outline the requirements for PayPass and the implementation of different risk management profiles depending on the capabilities of the intended payment networks where implementation is required (Magnetic Stripe only or EMV Chip capable) 1.1 Scope of These Requirements The requirements outlined in this document will apply to all terminals that accept MasterCard PayPass products. This will include all the requirements for implementing PayPass within a magnetic stripe card payment environment and an overview of the requirements for implementing PayPass within an EMV contact chip payment environment. Full details of any additional requirements for the implementation of PayPass for use with MasterCard contact chip applications or for implementation in environments that require EMV risk management functions are detailed in a separate set of documents. Refer to the www.paypass.com web site for details. This document describes the incremental changes required to enable merchants card acceptance terminal to accept PayPass transactions. Full detail of the requirements for the testing and approval of PayPass terminal products is contained in additional documentation contained on the www.paypass.com website. MASTERCARD WORLDWIDE PAGE 3
1.2 Useful information and Getting Help All publicly available documents are held and maintained on the www.paypass.com web site. Please check this site for the latest updated documents. Restricted documents that require a PayPass license agreement to be signed are also listed on the web site. Restricted documents contain MasterCard confidential information related to the development, implementation or use of PayPass products. Access to all restricted document is granted when the PayPass license agreement process has been completed successfully. MasterCard has set up a series of email addresses to help with the various services and support roles provided for PayPass: PayPass@MasterCard.com - General email for help on PayPass License@PayPass.com - Enquiries about obtaining a PayPass License Specifications@PayPass.com - Any technical or business issues related to the MasterCard PayPass specifications Vendor_support@PayPass.com - general support to vendors of PayPass products on the processes and requirements for product design, development, testing and approval Testing@PayPass.com - email address for all issues and processes relating to the testing and certification of PayPass component and products Approvals@PayPass.com - email address for the processing of a request for final PayPass vendor product approval. 1.3 Effect of These Requirements These requirements are intended to provide general guidance to help terminal manufacturers develop equipment to accept PayPass transactions. The responsibility for the content and execution of any implementation for such developments will remain with the terminal manufacturer. To the extent permitted by law, neither MasterCard Worldwide nor any of its affiliates, employees, or offices shall be liable to any recipient of these requirements, or any other third party for any loss, damages (including direct, special, punitive, exemplary, incidental or consequential damages), or costs (including attorneys fees) which arise out of, or are related to these requirements. The foregoing limitation of liability shall apply to any claim or cause of action under law or equity whatsoever, including contract, warranty, strict liability, or negligence, even if MasterCard has been notified of the possibility of such damages or claim. Where these requirements refer to the availability of services and/or documentation from MasterCard, the terms on which such services or documentation are made available shall be specified by MasterCard as and when such services or documentation are requested. MASTERCARD WORLDWIDE PAGE 4
1 PURPOSE OF THESE REQUIREMENTS 1.4 Guidance on Terminology Due to the legacy of the plastic card industry and the fact that the first PayPass-compliant form factor is card based, the term card is used frequently throughout. However, the contactless nature of PayPass permits non-card form factors. These are referred to as PayPass devices. The functionality of both PayPass cards and devices is driven by the chip inside and is independent of the form factor in which the chip resides. In the majority of cases, the form factor makes no difference to the functionality of a PayPass-compliant terminal, and therefore the default reference for the consumer token in this document is either PayPass card or PayPass card or device. Where there are specific requirements or considerations resulting from the form factor, mainly in the context of consumer-to-terminal usability, then this will be clear from the use of the reference device. All other terms are detailed in Appendix D, Glossary. MASTERCARD WORLDWIDE PAGE 5
2 TERMINAL REQUIREMENTS 2.1 License and Specifications The following PayPass specifications are available to companies who have entered into a PayPass license agreement with MasterCard. PayPass M/Chip Technical Specification PayPass Mag Stripe Technical Specification MasterCard PayPass Branding Guidelines These are the defining documents to be used for developing MasterCard PayPass compliant terminals. NOTE To become a PayPass licensee and obtain the latest specifications, please send an e-mail to license@paypass.com detailing your company name and contact information The license agreement requires the licensee to submit PayPass-enabled terminals to MasterCard Worldwide s testing and type approval process to determine compliance with these requirements and the above specifications. Section 3 concentrates on providing guidance on testing and certification processes for PayPass terminals. PayPass ISO14443 Implementation Specification The underlying contactless protocol specification previously know as the PayPass ISO 14443 Implementation Specification is now controlled by EMVCo as the EMV Contactless Communications Protocol Specification and is available from www.emvco.com MASTERCARD WORLDWIDE PAGE 6
2.2 Terminal Configurations PayPass acceptance functionality may be included within, or added to, existing POS systems in a number of ways. For the purpose of these requirements, a functional block diagram of a PayPass acceptance terminal system is shown in Figure 1 below. Contact Chip Interface (Level1) MChip Application Logic (Level2) PayPass RF and Protocol Interface (Level1) PayPass Application Logic (Level2) Payment Processing Engine Acquirer Comms Mag Stripe Interface NOTE Figure 1 - Example Block Diagram of a PayPass Acceptance Terminal System Connecting a PayPass reader to an existing magnetic stripe interface using any form of dynamic magnetic stripe or magnetic induction coupling to the existing magnetic stripe reader is not permitted by MasterCard. MASTERCARD WORLDWIDE PAGE 7
2. TERMINAL REQUIREMENTS PayPass acceptance devices are categorized by MasterCard in three ways; Description Configuration a. Fully Integrated Terminal PayPass Coupling Device (PCD) is fully embedded within the terminal covering all PayPass requirements and specifications. Terminal PCD PayPass Level 1 PayPass Level 2 b. Terminal and Intelligent Contactless Card Reader PCD is embedded in a standalone card reader connected to the terminal with the card reader covering all PayPass terminal requirements and specifications. Terminal Card Reader PCD PayPass Level 1 PayPass Level 2 c. Terminal and Transparent Contactless Card Reader PCD is embedded in a standalone card reader connected to the terminal with the card reader covering the EMVCo Contactless specification and the Terminal covering the PayPass M/Chip or Mag Stripe technical specification. The operational requirements of this document will be considered for the complete terminal/reader combination. Terminal PayPass Level 2 Card Reader PCD PayPass Level 1 MASTERCARD WORLDWIDE PAGE 8
This section details specific requirements for designing PayPass-enabled POS terminals. These requirements must be fulfilled by the POS terminal and, where appropriate, other components of the POS system. A summary list of these requirements is provided for reference in Appendix F. 2.3 Implementing the PayPass Specifications 2.3.1 PayPass RF Protocol and Interface (level 1) When developed, terminals are required to comply with the latest version of the EMVCo Contactless Communications Protocol Specification 1 available from EMVCo (www.emvco.com). This specification supersedes any requirements defined in any international standards. REQUIREMENT 1 All newly developed PayPass terminals must comply with the latest version of the EMVCo Contactless Communications Protocol Specification Type A and Type B Interoperability MasterCard allows PayPass cards and devices to be either Type A or Type B compliant as defined in the communications protocol specification. A PayPass terminal must support both. REQUIREMENT 2 All PayPass terminals must support both Type A and Type B protocols as defined in the EMVCo Contactless Communications Protocol Specification 2.3.2 PayPass Application Specifications (level 2) MasterCard supports two PayPass Application specifications, PayPass - Mag Stripe, designed for use principally in environment where the existing infrastructure is based on magnetic stripe technology, and PayPass - M/Chip, where an EMV based MasterCard M/Chip infrastructure has been implemented. Interoperability between these different specifications is achieved as follows; The PayPass M/Chip specification includes support for PayPass Mag Stripe therefore any PayPass M/Chip cardholder device will operate as PayPass Mag Stripe when presented to a PayPass Mag Stripe terminals and all PayPass MChip terminals initiate a PayPass Mag Stripe process when presented with a PayPass Mag Stripe cardholder device. REQUIREMENT 3 All MasterCard PayPass terminals must comply with the latest version of either the MasterCard PayPass Mag Stripe Application Specification or the PayPass M/Chip Application Specification. 1 This specification was previously known as the PayPass ISO/IEC 14443 Implementation Specification MASTERCARD WORLDWIDE PAGE 9
2. TERMINAL REQUIREMENTS 2.3.3 Transaction Processing Speed To ensure an acceptable cardholder experience the interaction between the PayPass cardholder device and the PayPass terminal must complete in as short a time as possible. MasterCard will test terminal and card interoperability to ensure the time required from the PayPass card or device being presented to the reader to completing the Card / Terminal interaction is achieved within 250ms for a PayPass Mag Stripe transaction and 500ms for a PayPass M/Chip transaction. REQUIREMENT 4 All MasterCard PayPass terminals must complete the PayPass card/device-to-terminal communication in less then 250ms for a PayPass Mag Stripe transaction and 500ms for a PayPass M/Chip transaction. 2.3.4 PayPass Transaction Data Editing PayPass data received from the card or device is used by the card issuer during any online authorization to validate that the card is genuine, therefore, unless specified by the PayPass Mag Stripe or PayPass M/Chip specifications, all PayPass data retrieved from the PayPass cardholder device must be presented to the payment processing engine without modification. Unspecified modification of data may result in the transaction being declined during online authorization. REQUIREMENT 5 All PayPass transaction data received from the card or device with the exception of any processing requirements specified in the relevant application specification must be presented to the payment processing engine without modification 2.3.5 Data Validation The introduction of PayPass does not require any additional data validation to be performed unless specifically stated in the PayPass Application Specifications. Service code validation for the detection of Integrated circuit technology (2 or 6 in 1 st digit) must not be performed on track 1 or track 2 data returned from a PayPass chip. This implies that terminal payments processing engines must be aware of the source of the track data being either a magnetic stripe or a PayPass chip. MASTERCARD WORLDWIDE PAGE 10
2.3.6 Application Version Number Any hardware and software elements or components used to create a PayPass-enabled terminal must be individually identifiable to reduce the need to retest already approved PayPass product components. In addition, the application logic component must also maintain the version number of the PayPass application Technical Specification with which it is compliant. This is used during interaction with the PayPass card. REQUIREMENT 6 The PayPass application logic component must maintain the version number of the PayPass Technical Specification with which it is compliant. 2.3.7 PayPass Reader to POS Terminal Interface Requirements The POS system terminal developer is free to select the most appropriate interface type and protocol to be used between the PayPass reader and any existing POS terminal. Other than transferring the data correctly and being able to identify the entry method as contactless, no further requirements are currently defined for this interface. MasterCard has no globally specified requirements for how the PayPass contactless reader on a terminal is controlled; while observing the requirement set out below, the reader may be active at all times or may be switched on following processing decisions made by the controlling terminal or processing engine. It is recommended that the flexibility of this control is considered by terminal manufacturers during the development as different deployment environments may have different requirements. If the PayPass reader is always active it is possible that the consumer will tap their PayPass card or device on a terminal at any stage in a transaction process, as the card is not under the direct control of the POS operator. Such occurrences should be anticipated and have no adverse effect on the processing of the transaction. If required, the PayPass acceptance process should allow for tapping at any time, however, the POS system must not buffer or store card details when a PayPass card is presented in advance of a new transaction starting. This is to ensure that details from a previous transaction are not mistakenly used. REQUIREMENT 7 POS systems must not buffer or store card data. PayPass card data shall only be accepted after the payment part of the transaction process has commenced. The requirement of indicating to the cardholder and merchant when the PayPass reader is active is outlined in section 2.5 below. MASTERCARD WORLDWIDE PAGE 11
2. TERMINAL REQUIREMENTS 2.4 Payment Processing This section describes the payment processing requirements specific to processing payment transactions initiated using PayPass technology. The normative requirements and low-level detail of implementing this functionality are detailed within the following: MasterCard Scheme Rules. Acquirer-specific host interface requirements. PayPass Application Specifications. Processing payment transactions that have been obtained using the PayPass interface are fundamentally the same as processing the payment details obtained by swiping the magnetic stripe or processing via a contact EMV interface, with the underlying scheme and payment product rules defining the process and requirements. However, there are some significant variations that the POS terminal must cater to and this section describes these. NOTE Most of the requirements defined below will already exist for Contact Chip (EMV) implementations but are likely to be new for existing magnetic stripe only implementations. 2.4.1 Identification of PayPass Transactions and Terminal Capabilities The acquirer of the transaction is required to provide MasterCard and subsequently issuers of PayPass cards and devices with confirmation that: The payment was transacted using the PayPass interface. The terminal was capable of conducting the transaction using the PayPass interface. The process by which the acquirer communicates this data through MasterCard s networks and systems to the issuer is defined, details are contained in Appendix C of this document; however, the process by which this information is transferred from merchant to acquirer is not. Terminal vendors should therefore provide functionality in the terminal that identifies both the payment read process (swipe of a magnetic stripe, contact chip read, or contactless chip read) and the terminal s capabilities to have performed these different read processes. This information should be provided to the acquirer with each transaction, in a manner and format agreed upon with the acquirer. REQUIREMENT 8 POS terminals must be capable of providing information to connected systems on the method used for reading the card or device data (magnetic swipe, contact chip read, contactless chip read, etc.) for each payment transaction and on the terminal s capabilities to perform the different reading methods. MASTERCARD WORLDWIDE PAGE 12
2.4.2 PayPass Payment Processing Requirements While the specific configuration of POS terminal systems supporting PayPass is left open to accommodate differing merchant requirements, it is important to ensure that the complete system facilitates a fast payment process for PayPass transactions. This is a key component supporting the merchant s business case and the The Simpler Way to Pay proposition that PayPass delivers. REQUIREMENT 9 Double entry of purchase information for PayPass transactions is not permitted. PayPass terminals or readers shall therefore be linked to any existing systems that already hold the purchase amount, or also require the purchase amount to be entered. Figure 2 provides a walk-through of the typical PayPass-enabled payment process. It should be remembered that this may vary depending on the particular requirements of the purchase transaction, the payment product on the PayPass card and the program rules for the particular merchant environment. The following examples illustrate this point: When a MasterCard PayPass card or device is used by a consumer to complete a payment transaction for a purchase at or below the equivalent of US $25, the POS terminal may proceed and complete the transaction without any further cardholder or merchant interaction, including the entry of a PIN. For Quick Payment Service (QPS) registered merchants who accept PayPass, the QPS program supersedes the PayPass rules. For more information on QPS, please refer to the QPS Manual available from the MasterCard Online Service. MASTERCARD WORLDWIDE PAGE 13
2. TERMINAL REQUIREMENTS PayPass Payment Processing Engine The PayPass reader functional module passes the data from the PayPass card to the payment processing engine. Checks the CVM list provided by the PayPass card (if available)*, or uses the default CVM list held by the terminal to establish if consumer verification is needed. If the PIN is required, and supported by the terminal, the reader prompts for the online PIN to be entered by the consumer. Sends authorization request message via a MasterCard acquirer, receives approval or decline from issuer in response message. Records transaction data in terminal log for subsequent use in clearing message If required, prints receipt. If the CVM list requires consumer verification by signature, prompts for signature. Figure 2, Example PayPass Payment Processing * Currently, very few deployed PayPass Mag Stripe cards or devices support CVM list processing. In this situation terminals request cardholder verification based on the default rules held internally. However, all terminals must support the processing of a CVM list held by a PayPass card or device when it is provided. MASTERCARD WORLDWIDE PAGE 14
REQUIREMENT 10 POS terminals must comply with the processing rules defined by the combination of payment product, merchant program, and transaction amount. As with existing transactions, the payment processing engine decides whether or not to print a receipt. Additionally, the consumer may request a receipt if they require one. When a receipt is printed, the input method used for the transaction will be identified. This will help both the consumer and the merchant identify if it was a PayPass transaction, in the event of a refund. REQUIREMENT 11 If the POS device prints a receipt, the input method shall be shown as Contactless, CONTACTLESS, PayPass or RF for PayPass transactions. 2.4.3 Cardholder Name Field As a security protection against potential identity theft the actual cardholder name will not be included in the card data obtained from a PayPass Card when read via the contactless interface. Note PayPass cards and devices are required to not include the actual cardholder name in Track 1 data read from the contactless chip. It is recommended to include the cardholder name as Supplied/Not. POS systems that normally obtain and make use of the cardholder name from Track 1 data obtained from a magnetic stripe read must be able to accommodate this difference. 2.4.4 Terminal or POS Generated Transaction Reports To simplify and transaction queries, the method of data input needs to be recorded on all transaction logs or reports produced by POS terminals or Merchant systems. REQUIREMENT 12 Any produced but the POS or Merchant Systems should specifically identify PayPass transactions. MASTERCARD WORLDWIDE PAGE 15
2. TERMINAL REQUIREMENTS 2.4.5 Refunds and Reversals MasterCard acceptance rules state: If a card acceptor issues a credit for returned goods or cancelled services, it must apply the credit to the same MasterCard account that the cardholder used to purchase the goods or services. The card acceptor must not issue a cash or check refund for goods or services purchased using MasterCard. Therefore PayPass accepting terminals must be capable of performing a refund using PayPass cards or devices. REQUIREMENT 13 If a payment transaction was originated by a PayPass card or device, then the merchant must support the ability for a transaction refund to be completed using the same PayPass card or device. MASTERCARD WORLDWIDE PAGE 16
2.5 Terminal User Interface MasterCard requires that all PayPass payment terminals utilize a common user interface to ensure a consistent consumer and merchant experience. This ensures that consumers and merchants always know what to expect when using PayPass. This is a key element of making PayPass The Simpler Way to Pay. 2.5.1 Scope and Definitions These requirements define any additional hardware and operational processes over the existing deployed card payment infrastructure. They only cover the cardholder user interface. The merchant user interface is not specifically detailed here as this is a merchant specific requirement. There is no reason that the same user interface cannot be used by merchant operators but this is an implementation and merchant specific requirement and therefore not mandated. 2.5.2 User Interface Hardware As all contactless transactions will be conducted by the cardholder, as a minimum the cardholder interface must provide a visual and audio indication that the contactless portion of the transaction has completed successfully. This requirement applies to both attended and unattended contactless acceptance environments. To support disability groups there is also a consideration to provide a tactile indication to indicate where to place the PayPass card or device. Where possible it is suggested that this be a raised tactile profile of the contactless identifier or a raised ridge around the landing zone. The provision of a tactile indicator is not currently a mandatory scheme requirement and is left to the terminal manufacturer s discretion. 2.5.3 PayPass Landing Zone Identifier and Operating Volume MasterCard has developed the PayPass landing zone identifier, an example of which is shown in Figure 3. All PayPass terminals must identify where the consumer must tap their PayPass card or device to achieve a successful read, and this identified area is referred to as the landing zone. The landing zone must be a clearly distinguishable area on the terminal. To ensure a consistent approach of identifying the landing zone, the contactless symbol must be placed in the center of the landing zone in a position on the terminal that indicates the strongest part of the radio frequency signal that the terminal generates, referred to as the operating volume, to read the PayPass card or device. If space permits, MasterCard PayPass and other scheme branding may also be placed on the landing zone as long as branding rules are maintained and the contactless symbol is not obscured in any way and continues to indicate the center of the landing zone. If space on the landing zone does not permit scheme branding to be included, then this should be placed in such a way as not to distract the customer from identifying the contactless symbol and the landing zone. MASTERCARD WORLDWIDE PAGE 17
2. TERMINAL REQUIREMENTS Figure 3, Example of a PayPass Landing Zone Identifier The shape of the landing zone identifier may be changed to fit the ergonomics of the landing zone, as defined in the MasterCard PayPass Branding Guidelines. REQUIREMENT 14 All MasterCard PayPass terminals must display a PayPass landing zone identifier that includes the Universal Contactless Symbol, and if space permits the PayPass identifier, as specified in the MasterCard PayPass Branding Guidelines Note The MasterCard brand strategy and integration group may be contacted by e-mail at identityspecialists@mastercard.com or via the brand identity hotline at (914) 249-1236 (USA). NOTE It is recommended that PayPass terminals use materials for the landing zone identifier that are not degraded by use. The landing zone identifier should show no significant noticeable degradation after one million contacted presentations (i.e., where the card or device physically impacts the landing zone during the tap process). The MasterCard type approval process (see Section 3) will make measurements using the center of the universal contactless identifier as the reference position. A minimum operating volume is defined, based on this reference position, within which all PayPass cards and devices must operate correctly. The operating volume is defined within the EMVCo Contactless Specification and represented in Figure 4 below: Figure 4 - PayPass Operating Volume MASTERCARD WORLDWIDE PAGE 18
REQUIREMENT 15 The landing zone identifier must be positioned on the landing zone at the centre of the operating volume generated by the PayPass reader. Note The operating volume defined within the PayPass specifications represents only the minimum acceptable read range permitted under predefined test conditions. PayPass suppliers should consider the environment in which their products are to be installed and design them such that they always provide acceptable range between the consumer s card or device and the reader. 2.5.4 PayPass Reader Status and Read Indication This section contains the MasterCard PayPass terminal user interface requirements where the primary function of the terminal is the acceptance of electronic payments. It is accepted that terminals that have a different primary function, such as transit gate entry systems, fuel or vending machines may support a different user interface, but this should not impact the overall cardholder experience of using a MasterCard PayPass product for the initiation or completion of the transaction. If such a variance is required, approval must be sought from MasterCard for the variance during the terminal type approval design review process. 2.5.5 Considerations for these requirements The introduction of contactless acceptance has, where appropriate, been considered as a complementary addition to any existing acceptance infrastructure as opposed to a replacement. These requirements outline the required user interface for conducting a payment transaction using contactless technology. 2.5.6 Visual Indication MasterCard recommends either a set of four clearly visual single color status indicators (for example green LEDs) or a display that allows a graphical representation of the four indicators that represent the status of the contactless payment application. If LEDs are to be used they should be equally spaced apart and shall be always visible to the cardholder while the PayPass card or device is being tapped. The cardholder interface should contain both LEDs and a display but only one is required as a minimum. In the case where only a display is being used it should contain a minimum of three lines of characters to allow the display of the status indicators in the top line followed by two lines for cardholder messages. As a minimum any display must be capable of displaying two lines of sixteen 8x5 dot matrix low resolution characters. The card acceptance device must be designed so that the status indicators (whether LEDs or on the display) are clearly visible to the cardholder when a card has been presented and a card read is in progress. MASTERCARD WORLDWIDE PAGE 19
2. TERMINAL REQUIREMENTS Appendix A indicates the MasterCard recommended use of the status indicators and suggested display messages. Implementations may re-phrase the messages to make best use of the capabilities of their display. Appendix B indicates an allowable alternative to the recommended visual indication. 2.5.6.1 Use of new or existing display for merchant and cardholder messages Any display can be used to display appropriate cardholder or merchant messages to indicate the progress of, and any required actions during the execution of, the contactless application process between the contactless cardholder device and the contactless reader. The display need not be incorporated into the reader itself. However, the card acceptance device must be designed such that the cardholder messaging display is clearly visible to the cardholder when they are conducting a contactless transaction and looking in the direction of the reader. 2.5.7 Audio Indication An audio indication is required to indicate a success tone. The card acceptance device must be capable of sounding this tone at a level that will be clearly audible in the intended operational environment, i.e. the implementation should take into account other background noise in the intended operational environment. The success tone is a sound of approximately 1500Hz sine wave for a period of 500ms. REQUIREMENT 16 All MasterCard PayPass acceptance devices shall include visual and audio indication as defined in this document and recommends the use of single color (green) LEDs. REQUIREMENT 17 All MasterCard PayPass acceptance devices shall support the User Interface States and Events defined in Appendix of this document. MASTERCARD WORLDWIDE PAGE 20
2.5.8 Design Considerations Terminals that accept magnetic stripe or contact chip cards must also ensure that there is no confusion about the technology the consumer wants to use (be it magnetic stripe, contact chip, or PayPass). The antenna location, and associated operating volume, must be designed such that they do not interfere with magnetic stripe or contact chip acceptance. If the consumer wants to conduct a magnetic stripe or contact chip transaction with a PayPass card, the magnetic stripe reader and contact chip reader should be sufficiently remote from the PayPass reader to ensure that the PayPass reader does not detect the presence of the card. REQUIREMENT 18 All MasterCard PayPass terminals must be designed such that when a PayPass card or device is presented, neither the indicators nor the display are visually obscured from the consumer by any of the following: The PayPass Card of Device The consumer s hand or arm Keys or anything that is typically expected to be attached to the PayPass device REQUIREMENT 19 When designing a PayPass terminal, consideration must be made for both left and right handed, visually impaired, aurally impaired, and less able consumers. REQUIREMENT 20 All MasterCard PayPass acceptance devices must be designed to avoid accidental capture of MasterCard PayPass payment account information when a consumer intends to transact using the card s magnetic stripe or contact chip, where present. MASTERCARD WORLDWIDE PAGE 21
2. TERMINAL REQUIREMENTS The branding requirements for PayPass terminals and readers are defined in the MasterCard PayPass Branding Guidelines. These guidelines define the artwork, colors, and minimum size requirements. The main requirements concern the consumer interface including the landing zone identifier. MasterCard PayPass Exclusive Terminal Multifunction Terminal Figure 5 -PayPass Terminal Branding Guidelines It should be noted that where the MasterCard PayPass brand identifier is displayed with other brands on a POS terminal, the PayPass brand must appear in a size at least equal to the largest other brand displayed. 2.6 Physical and Environmental Requirements All PayPass terminal equipment must be designed and constructed to be fit for the environment for which it may be installed. For example, in many restaurant or entertainment environments liquid spillage may occur. The reader should also be resistant against the ingress of dirt and be easy to clean. Additionally, as the landing zone is required to be consumer facing, consideration should be made regarding how the reader is to be secured and how robust the reader should be. Statutory requirements also exist in all markets with regard to product safety, emissions, and susceptibility to external influence. Merchants and system integrators may also specify additional physical and environmental requirements. All PayPass terminal equipment must fulfill these requirements with compliance certified as required by statutory bodies. MASTERCARD WORLDWIDE PAGE 22
REQUIREMENT 21 Where MasterCard PayPass readers are added as terminal modules, they must meet the same requirements as the base unit, including the following: Electrical reliability and regulations Environmental specifications Transportation (shock and bump, etc) specifications Early life failure mode specifications Electromagnetic compatibility (EMC) specifications Electrostatic discharge (ESD) specifications Best practices REQUIREMENT 22 All MasterCard PayPass Terminals must be designed to prevent the introduction of foreign objects which may degrade unit performance or be used to capture PayPass payment applications data from a PayPass card or device. NOTE Consideration shall be given that in some retail environments a consumer-facing terminal may be subjected to physical abuse by consumers. It is recommended that it be constructed from durable materials and have the facility to be securely attached to a counter or mounting location NOTE Consideration shall be given that in some retail environments a PayPass terminal may be located in a position where liquid spillage may occur. It is recommended for such environments that the terminal be sealed to prevent liquids from causing damage to the internal components MASTERCARD WORLDWIDE PAGE 23
3 PAYPASS CERTIFICATION AND TESTING PayPass testing and certification processes are part of MasterCard s approval mechanism to help achieve global interoperability of PayPass. Figure 6, PayPass Global Interoperability As part of these processes, MasterCard has defined formal certification requirements that must be undertaken before PayPass terminals may be supplied to merchants and used for MasterCard PayPass acceptance. In addition to these formal requirements, MasterCard recommends that further testing be undertaken for each functional element within a system/network as part of supplier s/acquirer s business-asusual commissioning and acceptance processes. Figure 7 illustrates the functional elements of the entire MasterCard PayPass program and the required testing associated with each. The diagram identifies the main elements of terminal testing. MASTERCARD WORLDWIDE PAGE 24
Figure 7, MasterCard PayPass Certification and Testing Overview* * The POS system shown represents the main logical components; implementations of actual systems may vary. MASTERCARD WORLDWIDE PAGE 25
3. PAYPASS CERTIFICATION AND TESTING 3.1 PayPass Terminal Testing MasterCard provides a range of services and technical support to assist vendors during PayPass development and installation. The support services include product approval and a help desk for responding to technical questions regarding the MasterCard PayPass specifications. The contact e-mail address for this service is: testing@paypass.com. Full details of the terminal type approval and certification processes are available on the www.paypass.com web site MasterCard s terminal approval process is based on the following principles: Terminals supporting PayPass acceptance need to be type approved. Compliance tests are performed in MasterCard-accredited testing laboratories. Testing laboratories sign a service agreement with the vendor. Testing laboratories prepare a detailed test report for the vendor. The vendor needs to request approval from MasterCard. MasterCard is the approval authority and issues the approval statement. Vendors can benefit from the approval and support services to ensure that the product implementation complies with MasterCard requirements. MasterCard provides a Terminal Design Review service that will evaluate the design of the terminal at the earliest possible stage against the implementation requirements outlined in this document. This service will also ensure that the Type Approval Testing services are appropriate for the terminal s design. In addition to formal Terminal Type Approval (TTA) testing of a terminal, MasterCard operates a Terminal Quality Management (TQM) program. Terminals that incorporate a PIN Entry Device (PED) must also be submitted for PCI-PED security evaluation. The TQM program assures quality levels for all MasterCard PayPass terminals. TQM provides merchants and acquirers with assurances that the terminal vendor has the capability to produce PayPass products consistent with the original samples for which the TTA approvals were awarded. Therefore repeatability of product conformity is a crucial quality aspect that is assured through the TQM program. The Payment Card Industry POS PED Security Evaluation Program is only applicable for terminals that incorporate the facility to allow the consumer to enter their PIN. It defines the requirements and guidelines for conducting a security evaluation of hardware and application software used to provide this functionality. For more information please refer to the MasterCard documents: PayPass Terminal Approval Process or PayPass Terminal Vendor Approval Services. Both are available through your MasterCard representative or by contacting the MasterCard PayPass testing team by e-mail at testing@paypass.com. MASTERCARD WORLDWIDE PAGE 26
APPENDICES A Appendix A - Recommended User Interface... 28 B Appendix B - Alternative User Interface... 35 C Appendix C, Global Operations Bulletin No. 6, 1 June 2005... 42 D Appendix D, Glossary... 48 E Appendix E, Consumer Interface Methods...54 F Appendix F, Terminal Requirements Summary... 59 MASTERCARD WORLDWIDE PAGE 27
A Appendix A - Recommended User Interface State / Event Name Description Cardholder Interface (LED Indicator only display or LED and 2 line message display) Display only option Audio Indication Not Working Terminal is either not powered on or if applicable, not communicating with any attached POS or EFTPOS system. LEDs Display, if present None No indicators or message displayed. LEDs Idle Reader is powered up and connected correctly, but not ready to read a contactless card or device. Further information, such as the transaction value, is required by the reader before a contactless read can commence. The first indicator shall blink on for 200ms every five seconds to indicate that the reader is powered on and communicating to any connected POS terminal. Display, if present For two line displays, display the first and second line above. None MASTERCARD WORLDWIDE PAGE 28
State / Event Name Description Cardholder Interface (LED Indicator only display or LED and 2 line message display) Display only option Audio Indication Terminal or reader has all the required information to initiate a contactless payment transaction. LEDs Ready to initiate contactless transaction One indicator displayed. Display shows transaction amount. Display, if present For two line displays, display the second and third line above. None LEDs A transient error such as an RF communication error has occurred. Transient error Transient errors shall not be displayed to the cardholder. The cardholder interface remains at Ready to initiate contactless transaction. Display, if present For two line displays, display the second and third line above. None A communication error is deemed to be transient if it is possible to re-establish communication with a card within 500ms of the error occurring. MASTERCARD WORLDWIDE PAGE 29
State / Event Name Description Cardholder Interface (LED Indicator only display or LED and 2 line message display) Display only option Audio Indication LEDs Contactless application process was completed successfully. This indicates that the cardholder may remove their card from the reader area. This indication is only given if the result of the card read is one of: 250ms Card read completed successfully Offline approve Online authorisation required Offline decline This indication is not given if the result of the card read is that a contact transaction is required. This indication does not mean the transaction is complete. Existing authorisation processes may still need to take place to determine the outcome of the transaction. Display, if present Success Tone The remaining indicators light in order over a period of 250ms indicating success. All four indicators then remain lit for a minimum of 750ms. For two line displays, display the first and second line above. The display indicates card read OK and that the card should be removed. MASTERCARD WORLDWIDE PAGE 30
State / Event Name Description Cardholder Interface Preferred Display Option (LED Indicator Display and message display) Display only option Audio Indication LEDs Conditions for use of contactless not satisfied On initiating a contactless transaction it has been determined that the conditions for use of the contactless interface have not been satisfied. For example, card risk management indicates that a contact chip or magnetic swipe transaction is required. All indicators turned off as contactless initiation is not acceptable for this transaction. Display, if present For two line displays, display the second and third line above. None Display prompts cardholder to insert or swipe card. Display remains until card inserted or swiped or transaction cancelled. MASTERCARD WORLDWIDE PAGE 31
State / Event Name Description Cardholder Interface Preferred Display Option (LED Indicator Display and message display) Display only option Audio Indication Any non-recoverable failure during the execution of the contactless application process between the card/device and terminal/reader. LEDs Contactless Error While error condition is occurring turn off all indicators and display an appropriate error message. Display, if present For two line displays, display the second and third line above. None When error has been resolved return to either an idle or ready state as appropriate. MASTERCARD WORLDWIDE PAGE 32
The following rows illustrate specific contactless error conditions. State / Event Name Description Cardholder Interface Preferred Display Option (LED Indicator Display and message display) Display only option Audio Indication LEDs Multiple contactless cards or devices detected by the reader. While error condition is occurring turn off all LED indicators. Display, if present Contactless Collision Detected Display prompts cardholder to present a single card only. For two line displays, display the second and third line above. None When error has been resolved return to Ready to initiate contactless transaction. MASTERCARD WORLDWIDE PAGE 33
State / Event Name Description Cardholder Interface Preferred Display Option (LED Indicator Display and message display) Display only option Audio Indication LEDs Following the completion of the contactless application process the terminal detects that the same card is still present in the field of the reader. Display, if present Card not removed from reader While condition is occurring turn off all LED indicators. For two line displays, display the second and third line above. None Display prompts cardholder to remove card. MASTERCARD WORLDWIDE PAGE 34
B Appendix B - Alternative User Interface Cardholder Interface State / Event Name Description Alternative Option Multi color LEDs and Optional 2 line display Display only option Audio Indication LEDs Not Working Terminal is either not powered on or if applicable, not communicating with any attached POS or EFTPOS system. Display, if present with LEDs None No indicators or message displayed. LEDs Idle Reader is powered up and connected correctly, but not ready to read a contactless card or device. Further information, such as the transaction value, is required by the reader before a contactless read can commence. Blue Display, if present with LEDs None The first indicator shall blink on for 200ms every five seconds to indicate that the reader is powered on and communicating to any connected POS terminal. For two line displays, display the first and second line above. MASTERCARD WORLDWIDE PAGE 35
Cardholder Interface State / Event Name Description Alternative Option Multi color LEDs and Optional 2 line display Display only option Audio Indication Ready to initiate contactless transaction Terminal or reader has all the required information to initiate a contactless payment transaction. One indicator displayed. Display shows transaction amount. Blue LEDs Display, if present with LEDs For two line displays, display the second and third lines only. None LEDs Processing Terminal is executing the contactless application Blue Yellow Display, if present with LEDs For two line displays, display the second and third line only. None Transient error A transient error such as an RF communication error has occurred. Transient errors shall not be displayed to the cardholder. The cardholder interface remains at Ready to initiate contactless transaction. A communication error is deemed to be transient if it is possible to reestablish communication with a card within 500ms of the error occurring. Blue LEDs Display, if present with LEDs For two line displays, display the second and third line only. None MASTERCARD WORLDWIDE PAGE 36
Cardholder Interface State / Event Name Description Alternative Option Multi color LEDs and Optional 2 line display Display only option Audio Indication Card read completed successfully (LEDs / /Display remains in this state for a minimum of 750ms) Contactless application process was completed successfully. This indicates that the cardholder may remove their card from the reader area. This indication is only given if the result of the card read is one of: Offline approve Online authorisation required Offline decline This indication is not given if the result of the card read is that a contact transaction is required. This indication does not mean the transaction is complete. Existing authorisation processes may still need to take place to determine the outcome of the transaction. The remaining indicators light in order over a period of 250ms indicating success. All four indicators then remain lit for a minimum of 750ms. LEDs Blue Green Display, if present with LEDs For two line displays, display the first and second line only. Success Tone The display indicates card read OK and that the card should be removed. MASTERCARD WORLDWIDE PAGE 37
Cardholder Interface State / Event Name Description Alternative Option Multi color LEDs and Optional 2 line display Display only option Audio Indication Conditions for use of contactless not satisfied On initiating a contactless transaction it has been determined that the conditions for use of the contactless interface have not been satisfied. For example, card risk management indicates that a contact chip or magnetic swipe transaction is required. All indicators turned off as contactless initiation is not acceptable for this transaction. LEDs Blue Red Display, if present with LEDs For two line displays, display the second and third line only. None Display prompts cardholder to insert or swipe card. Display remains until card inserted or swiped or transaction cancelled. Contactless Error Any non-recoverable failure during the execution of the contactless application process between the card/device and terminal/reader. While error condition is occurring turn off all indicators and display an appropriate error message. When error has been resolved return to either an idle or ready state as appropriate. LEDs Blue Red Display, if present with LEDs For two line displays, display the second and third line only. None MASTERCARD WORLDWIDE PAGE 38
The following rows illustrate specific contactless error conditions. Cardholder Interface State / Event Name Description Alternative Option Multi color LEDs and Optional 2 line display Display only option Audio Indication Multiple contactless cards or devices detected by the reader. LEDs Contactless Collision Detected While error condition is occurring turn off all LED indicators. Display prompts cardholder to present a single card only. When error has been resolved return to Ready to initiate contactless transaction. Blue Red Display, if present with LEDs For two line displays, display the second and third line only. None Card not removed from reader Following the completion of the contactless application process the terminal detects that the same card is still present in the field of the reader. While condition is occurring turn off all LED indicators. Display prompts cardholder to remove card. LEDs Blue Red Display, if present with LEDs For two line displays, display the second and third line only. None MASTERCARD WORLDWIDE PAGE 39
Additional messages on display These user interface requirements only specify the requirements for the user interface up to the point in a contactless transaction where the card read has completed. It is also permitted to use any display present on the contactless reader, to show the progress of the transaction after this point. The following messages should, where appropriate, be displayed following the successful read of a contactless card: State / Event Name Description Cardholder Interface Preferred Display Option (LED Indicator Display and message display) Display only option Audio indication LEDs Authorising During the authorisation process for the transaction display prompts cardholder to wait for authorisation. Display, if present None A fter the card read completed successfully indication has been given, all LEDs remain off. LEDs If transaction is approved, display notifies cardholder of transaction outcome. Approved Display, if present None After the card read completed successfully indication has been given, all LEDs remain off. MASTERCARD WORLDWIDE PAGE 40
State / Event Name Description Cardholder Interface Preferred Display Option (LED Indicator Display and message display) Display only option Audio indication LEDs If transaction is declined, display notifies cardholder of transaction outcome. Declined After the card read completed successfully indication has been given, all LEDs remain off. Display, if present None MASTERCARD WORLDWIDE PAGE 41
C Appendix C, Global Operations Bulletin No. 6, 1 June 2005 MASTERCARD WORLDWIDE PAGE 42
MASTERCARD WORLDWIDE PAGE 43
APPENDICES Appendix C, Global Operations Bulletin No. 6, 1 June 2005 continued MASTERCARD WORLDWIDE PAGE 44
MASTERCARD WORLDWIDE PAGE 45
APPENDICES Appendix C, Global Operations Bulletin No. 6, 1 June 2005 continued MASTERCARD WORLDWIDE PAGE 46
MASTERCARD WORLDWIDE PAGE 47
D Appendix D, Glossary Term 2D Device 2D Fob 3D Device 3D Fob 3DES Account Number Acquirer Antenna Application File Locator (AFL) Application Identifier (AID) Description This term is used to describe the physical characteristics of the device such that, as per traditional ISO 7810 cards, the length and breadth of the device are significantly greater than its thickness. The thickness is uniform across the device and is similar to ISO 7810 cards (e.g., a PayPass 2D fob device). A 2D PayPass device that is manufactured in the form of a traditional card (ISO 7810) but ends up as a different size and shape. Typically, a PayPass 2D fob will be either die-cut from a full-size card after personalization or a score is made in the card plastic such that it can be snapped out by the consumer after fulfillment. This term is used to describe the physical characteristics of the device such that, unlike traditional cards, the thickness of the device is noticeable and of similar magnitude to its other dimensions (e.g., a PayPass 3D fob device). A 3D PayPass device. Triple DES Cryptographic Algorithm. An enhanced cryptographic algorithm, based on the DES Cryptographic Algorithm, adopted by the National Bureau of Standards for Data Security. The 16-digit identifier of a credit or debit card. Member of MasterCard Worldwide involved in signing and servicing merchants that accept MasterCard. Coil of wire through which RF energy is provided. Identifies the records available to the application and the reference to their location in files in the chip card s memory. Identifier of an application in the chip card, coded in hexadecimal. MASTERCARD WORLDWIDE PAGE 48
Term Application Interchange Profile (AIP) Application Transaction Counter (ATC) Authorization Broadband Card Card Authentication Method (CAM) Card or Device holder Card Verification Code 1 (CVC1) Card Verification Code 2 (CVC2) Card Verification Code 3 (CVC3) Certification Chargeback Clearing Description Indicator of the capabilities of the chip card to support specific functions. A mechanism for tracking the transactions done using a specific account; used to prevent fraudulent use or cloning of a card or device The process of confirming that a payment account is valid and is approved A network connection with the capacity to send and receive large amounts of data relatively quickly (vs. dial- up) Plastic form factor compliant with ISO 7810 that contains a payment application coded on a magnetic stripe and/or chip Method used to verify that a card or device is genuinely the one issued to the consumer See Consumer. A code contained in a card s magnetic stripe data that verifies a specific card is physically present at the POS; used to reduce the risk of counterfeiting fraud. Value generated by the issuer and printed on a signature panel on the back of the card; implemented for manual (visual) use during MOTO and e-commerce transactions. Dynamic CVC Value generated by the contactless chip and sent within the discretionary data of the Track 1 and/or Track 2 data. The process of confirming that a card, device, reader, terminal or software application is approved for use. A transaction disputed by the consumer or issuer that is represented back to the merchant. The process of remitting a sales draft for settlement MASTERCARD WORLDWIDE PAGE 49
APPENDICES Appendix D, Glossary continued Term Companion Card Compute Cryptographic Checksum (CCC) Consumer Consumer Verification Method (CVM) Contactless Chip Data Element 22 Data Element 61 Electronic Cash Register (ECR) Embedded Device File Control Information (FCI) Floor Limit Form Factor Description An ISO-compliant MasterCard card with which a companion PayPass device shares a single MasterCard account relationship between the issuer and the consumer. Card/device command supported for PayPass Mag Stripe transactions; returns the CVC3 value for the transaction. The payment account holder to whom the PayPass card or device is issued. Method used to verify the identity of the payment account holder. The RF chip found inside a PayPass card or device; when connected to an antenna, it permits card or device transactions without swiping the magnetic stripe. The portion of a MasterCard authorization message that denotes how the account number was read/entered into the POS device (e.g., magnetic stripe read, key entered, read via a PayPass reader). The portion of a MasterCard authorization message that denotes the various capabilities of a POS terminal (e.g., equipped with mag stripe reader, smart card reader, etc.). Cash register that is integrated with payment acceptance tools and/or order system. A PayPass device that is manufactured to be contained a consumer device such as a watch or a cell phone. The string of data bytes available in response to a SELECT command. The preset amount under which a transaction does not require online authorization. The physical characteristics of a device, including its size and shape. in MASTERCARD WORLDWIDE PAGE 50
Term Help Desk Implementation Plan Integrated Circuit Card (ICC) International Standards Organization (ISO) Issuer Kiosks Linked Card Magnetic Stripe (Mag Stripe) Magnetic Stripe Reader (MSR) Member Merchant PayPass Application PayPass Card Description A call center dedicated to assisting users with a technology (e.g., a merchant help desk might provide information to merchants when they experience difficulties with a terminal). A plan that maps the implementation of a product and all the steps required to achieve this. The ISO/IEC term for a chip card/device or a smart card. An international organization that sets standards for technology to assure that products are interoperable from one country to the next. Member of MasterCard Worldwide that issues MasterCard payment accounts to their consumers. Locations where consumers interact with or without the oversight of a clerk or merchant staff person. See Companion Card. Reference to a conventional (ISO/IEC 7810) magnetic stripe as defined and used by the MasterCard network. The part that physically reads the data encoded on a card s magnetic stripe. Financial institution registered as a member of MasterCard and involved in issuing or acquiring activity. An organization accepting cards or devices as a payment instrument. Has a relationship with an acquirer. The software that executes on a PayPass chip. A proximity device containing a PayPass chip and application that has the characteristics of the traditional bankcard form factor, as specified in ISO 7810. MASTERCARD WORLDWIDE PAGE 51
APPENDICES Appendix D, Glossary continued Term PayPass Card (or Device) PayPass Chip PayPass Coupling Device (PCD) Description Card (or device) provided by an issuer containing a contactless chip that uses RF, supplied via an antenna, to run a PayPass application configured for a consumer. The integrated circuit chip contained within a PayPass card or device that executes the PayPass application. The PayPass reader utilizes an inductive coupling, energizing RF field to both power the PayPass card or device and control data exchange when modulated. PCDs typically have an operating range of less than 4 inches and may form part of a merchant terminal. PayPass Payment System Environment (PPSE) Personal Identification Number (PIN) PIN Pad Point of Sale (POS) Primary Account Number (PAN) Processing Options Data Object List (PDOL) Proximity Device Quick Payment Service (QPS) The list of contactless applications, indicated through their AID, available on a PayPass card. A number used by an issuer to authenticate a consumer (a type of CVM). A numeric keypad into which a consumer can type a PIN. The point where a consumer pays for merchandise; may encompass a cash register, card or device terminal, PayPass reader, etc. See Account Number. List of data objects that the terminal should provide to the card or device. A consumer device that can be read from a distance (within a specified range) without physical contact. PayPass cards and devices are proximity devices. A MasterCard program that allows approved merchants in certain merchant category codes to accept transactions under US $25, or locally agreed equivalent value, without a consumer signature. MASTERCARD WORLDWIDE PAGE 52
Term Quick-Service Restaurant (QSR) Radio Frequency (RF) Read Reader Serial/RS232 Port Settlement Stand-alone Terminal Terminal Transaction Unpredictable Number (UN) USB Connections Vendor Description A restaurant where consumers are served food quickly, either via drive-thru or at a counter. A technology that allows two devices to communicate via radio waves. The act of a MasterCard terminal communicating with a MasterCard card or device and receiving consumer payment data; this may be via the magnetic stripe swipe process or from a PayPass RF interaction. Refers to the terminal component that communicates with the PayPass card or device to receive the required information and transmit it to the POS payment application. A physical hardware interface on a PC, ECR, terminal, or other electronic device used to connect peripheral devices. The process by which an issuer pays an acquirer for transactions made by its consumers. Terminal that is not integrated with a cash register. Term often used to refer to a POS device. A payment for goods or services. A number generated by the PayPass reader that cannot be calculated or predicted in advance. A physical hardware interface on a PC, ECR, terminal, or other electronic device used to connect peripheral devices. A company that sells terminals or other goods or services. MASTERCARD WORLDWIDE PAGE 53
E Appendix E, Consumer Interface Methods Method 1 Method 1 describes an optimal PayPass transaction instigated by the consumer before the amount payable is displayed and when no signature is required for consumer verification. The consumer is invited to present their PayPass card before the amount payable appears on the consumerfacing display. Typically this means that a consumer may tap their card or device at any time before the account details are needed by the electronic cash register (ECR). The terminal reads the PayPass card or device. When the order is complete the amount payable should be displayed to the consumer. The ECR automatically processes the transaction. The outcome of the authorization request is displayed to the consumer. Figure E-1, Optimal PayPass Transaction Pre-amount Tap MASTERCARD WORLDWIDE PAGE 54
This method: Optimizes the purchase process because account information is ready for processing, allowing the authorization request to start as soon as the order is complete. Encourages consumers to present their card or device early, avoiding the delays that sometimes occur when they are asked later in the purchase process, i.e., removes fumble time from the purchase. Simplifies the consumer experience since they may tap they are ready. their card or device whenever Is not recommended where the amount presented is often disputed by the consumer as this would result in a refund being required, which is undesirable. This method must be implemented carefully to ensure that payment details from the correct card or device are used. For example, any buffer that temporarily stores the card or device details must be cleared after each transaction or after a period of time, if a transaction has not occurred, to avoid the card or device details from an earlier PayPass read being used. MASTERCARD WORLDWIDE PAGE 55
APPENDICES Method 2 Method 2 describes an optimal PayPass transaction instigated by the consumer after the amount payable is displayed and when no signature is required for consumer verification. The amount payable by the consumer is displayed on the consumer-facing display and the consumer is invited to present their PayPass card or device. Once the terminal has read the account information, it automatically starts processing the transaction. After obtaining authorization in the normal way the consumer is informed of the outcome. Figure E-2, Optimal PayPass Transaction Post-amount Tap This method: Is similar in speed to Method 1 except that the transaction does not begin until the consumer has presented their card or device following the amount being presented. Is similar in simplicity to Method 1 except that the consumer must wait for the amount to be presented before they can present their card. Ensures that the consumer approves the amount to be charged before presenting their card or device. Is recommended where the amount may be disputed. MASTERCARD WORLDWIDE PAGE 56
Method 3 Method 3 describes a PayPass debit transaction instigated by the consumer before the amount payable is displayed and when PIN is required for consumer verification. The consumer is invited to present their PayPass card or device before the amount payable appears on the consumer-facing display. Once the terminal has read the account information, the consumer is requested to select either credit or debit. In this method the consumer selects debit and enters their PIN before the terminal continues processing the transaction and displays the amount payable. The transaction is then authorized in the normal way and the consumer is informed of the outcome. Figure E-3, PIN Debit Transaction Pre-amount Tap This method: Minimizes any delay caused by PIN entry since this can be done while the order is being completed. Should not be used where amounts are often disputed, as per Method 1. MASTERCARD WORLDWIDE PAGE 57
APPENDICES Appendix E, Consumer Interface Methods continued Method 4 Method 4 describes a PayPass debit transaction instigated by the consumer after the amount payable is displayed and when a PIN is required for consumer verification. The amount payable by the consumer is displayed on the consumer-facing display and the consumer is invited to present their PayPass card or device. Once the terminal has read the account information, the consumer is requested to select either credit or debit. In this method the consumer selects debit and enters their PIN before the terminal continues processing the transaction. The transaction is then authorized in the normal way and the consumer is informed of the outcome. This method: Figure E-4, PIN Debit Transaction Post-amount Tap Is similar in speed to Method 3 except that the transaction does not begin until the consumer has presented their card or device following the amount being presented. Ensures that the consumer approves the amount to be charged before presenting their card or device. Is recommended where the amount may be disputed, as per Method 2. MASTERCARD WORLDWIDE PAGE 58
F Appendix F, Terminal Requirements Summary Number Requirement 1. All newly developed PayPass terminals must comply with the latest version of the EMVCo Contactless Communications Protocol Specification 2. All PayPass terminals must support both Type A and Type B protocols as defined in the EMVCo Contactless Communications Protocol Specification 3. All MasterCard PayPass terminals must comply with the latest version of either the MasterCard PayPass Mag Stripe Application Specification or the PayPass M/Chip Application Specification. 4. All MasterCard PayPass terminals must complete the PayPass card / device-to-terminal communication in less then 250ms for a PayPass Mag Stripe transaction and 500ms for a PayPass M/Chip transaction. 5. All PayPass transaction data received from the card with the exception of any processing requirements specified in the relevant application specification must be presented to the payment processing engine without modification 6. The PayPass application logic component must maintain the version number of the PayPass Technical Specification with which it is compliant. 7. POS systems must not buffer or store card data. PayPass card data shall only be accepted after the payment part of the transaction process has commenced. 8. POS terminals must be capable of providing information to connected systems on the method used for reading the card or device data (magnetic swipe, contact chip read, contactless chip read, etc.) for each payment transaction and on the terminal s capabilities to perform the different reading methods. 9. Double entry of purchase information for PayPass transactions is not permitted. PayPass terminals or readers shall therefore be linked to any existing systems that already hold the purchase amount, or also require the purchase amount to be entered. 10. POS terminals must comply with the processing rules defined by the combination of payment product, merchant program, and transaction amount. 11. If the POS device prints a receipt, the input method shall be shown as Contactless, CONTACTLESS, PayPass or RF for PayPass transactions. 12. Any produced but the POS or Merchant Systems should specifically identify PayPass transactions. 13. If a payment transaction was originated by a PayPass card or device, then the POS terminal shall allow for a transaction refund to be completed by the same PayPass card or device. MASTERCARD WORLDWIDE PAGE 59
Number Requirement 14. All MasterCard PayPass terminals must display a PayPass landing zone identifier that includes the Universal Contactless Symbol, and if space permits the PayPass identifier, as specified in the MasterCard PayPass Branding Guidelines 15. The landing zone identifier must be positioned on the landing zone at the centre of the operating volume generated by the PayPass reader. 16. All MasterCard PayPass acceptance devices shall include a visual and audio indication as defined in this document and recommends the use of single color (green) LEDs. 17. All MasterCard PayPass acceptance devices shall support the User Interface States and Events defined in this document. 18. All MasterCard PayPass terminals must be designed such that when a PayPass card or device is presented, neither the indicators not the display are visually obscured from the consumer by any of the following: The PayPass Card of Device The consumer s hand or arm Keys or anything that is typically expected to be attached to the PayPass device 19. When designing a PayPass terminal, consideration must be made for both left and right handed, visually impaired, aurally impaired, and less-able consumers. 20. All MasterCard PayPass acceptance devices must be designed to avoid accidental capture of MasterCard PayPass payment account information when a consumer intends to transact using the card s magnetic stripe or contact chip, where present. 21. Where MasterCard PayPass readers are added as terminal modules, they must meet the same requirements as the base unit, including the following: Electrical reliability and regulations Environmental specifications Transportation (shock and bump, etc) specifications Early life failure mode specifications Electromagnetic compatibility (EMC) specifications Electrostatic discharge (ESD) specifications Best practices 22. All MasterCard PayPass Terminals must be designed to prevent the introduction of foreign objects which may degrade unit performance or be used to capture PayPass payment applications data from a PayPass card or device. MASTERCARD WORLDWIDE PAGE 60
MASTERCARD WORLDWIDE PAGE 61
www.paypass.com For questions e-mail paypass@mastercard.com PayPass 2007 v.1 2007 MasterCard Worldwide Incorporated