implementing American Express EMV acceptance on a Terminal

implementing American Express EMV acceptance on a Terminal EMV tools A MERICAN E XPRESS I ntegrated Circuit Card P ayment S pecification

The policies, procedures, and rules in this manual are subject to change from time to time by American Express. Copyright 2007 by American Express Travel Related Services Company, Inc. All rights reserved. No part of this document may be reproduced in any form or by any electronic or mechanical means, including information storage and retrieval systems, without the express prior written consent of American Express Travel Related Services Company, Inc. EMV is a trademark of EMVCo, LLC. PCI Security Standards Council is a trademark of PCI Security Standards Council, LLC. All other trademarks and brands are the property of their respective owners.

CONTENTS SECTION 1: INTRODUCTION..................................................... 4 1.1. Overview.................................................................. 4 1.2. How to Use This Guide........................................................ 4 1.3. Reference Documents........................................................ 4 1.4. Requirement Notation........................................................ 5 SECTION 2: EMV SPECIFICATIONS............................................... 6 2.1. Industry Specifications........................................................ 6 2.2. AEIPS: American Express Integrated Circuit Card Payment Specification................. 6 SECTION 3: TERMINAL REQUIREMENTS Y EMV TRANSACTION STEP................. 7 3.1. Introduction................................................................ 7 3.2. EMV Transaction Steps........................................................ 8 Step 1: Application Selection................................................... 8 Step 2: Initiate Application Processing............................................ 9 Step 3: Read Application Data.................................................. 9 Step 4: Offline Data Authentication.............................................. 9 Step 5: Processing Restrictions................................................. 10 Step 6: Cardholder Verification................................................. 10 Step 7: Terminal Risk Management.............................................. 12 Step 8: 1st Terminal Action Analysis............................................. 12 Step 9: 1st Card Action Analysis................................................ 12 Step 10: Online Transaction Processing.......................................... 13 Step 11: Issuer Authentication................................................. 14 Step 12: 2nd Terminal Action Analysis........................................... 15 Step 13: 2nd Card Action Analysis.............................................. 15 Step 14: Issuer Script Processing............................................... 15 Step 15: Transaction Completion................................................ 17 October 2007 1

SECTION 4: SPECIAL TRANSACTION PROCESSING................................ 21 4.1. AEIPS Requirements During Technical Scenarios................................... 21 4.1.1. Fallback.............................................................. 21 4.1.2. Premature Card Removal................................................. 22 4.1.3. Referral Transactions................................................... 22 4.1.4. Declined Transactions................................................... 23 4.1.5. Stand-In Authorization.................................................. 23 4.1.6. Reversals............................................................. 25 4.2. AEIPS Requirements During Situational Scenarios.................................. 26 4.2.1. Refunds............................................................. 26 4.2.2. Card Not Present...................................................... 27 4.2.3. Card Not Yet Present................................................... 27 4.2.4. Transaction Amount Not Yet Known....................................... 27 4.2.5. Card No Longer Present................................................. 28 4.2.6. Card Re-Presented for Final Charge........................................ 28 4.2.7. Adding a Gratuity..................................................... 29 4.3. AEIPS Requirements for Unattended Payment Terminal (UPT) Scenarios................. 29 4.3.1. Cardholder Verification on UPTs........................................... 29 4.3.2. Fallback on UPTs....................................................... 29 4.3.3. Online Capability with UPTs.............................................. 30 SECTION 5: AEIPS TERMINAL CERTIFICATION..................................... 31 5.1. Introduction............................................................... 31 5.2. How to Perform AEIPS Terminal Certification..................................... 32 5.3. AEIPS Terminal Certification Test Plan [AEIPS-TEST]................................ 33 5.4. Setting Up the Terminal Prior to AEIPS Terminal Certification......................... 34 5.4.1. Additional Parameters and Requirements for Stand-In Certification................ 35 5.4.2. Mandatory Data for Diagnostics........................................... 35 5.4.3. Connectivity Test....................................................... 35 October 2007 2

5.5. Completing the AEIPS Test Plan................................................ 35 5.5.1. Documentation........................................................ 35 5.5.2. TVR and TSI Setting Requirements......................................... 36 5.6. Overview of AEIPS Terminal Certification Tests.................................... 36 5.6.1. Mandatory Tests....................................................... 37 5.6.2. Tests That Are ased on the Terminal s Functionality........................... 41 5.6.3. Tests That Are Performed When There Are Communication Changes............... 45 SECTION 6: MERCHANT EDUCATION............................................ 46 6.1. Guidance for a Successful Training Program....................................... 46 APPENDIX A: CAPK INFORMATION.............................................. 47 APPENDIX : DISPLAYALE MESSAGES......................................... 50 APPENDIX C: GLOSSARY AND ACRONYMS....................................... 53 October 2007 3

SECTION 1: INTRODUCTION 1.1. Overview This guide is designed to assist you (the Terminal Vendor, Merchant, Reseller, or Third Party Processor) with implementing American Express EMV acceptance on a Terminal, using the American Express Integrated Circuit Card Payment Specification (AEIPS). This guide assumes that you have a basic understanding of EMV. y studying the guide and reference documents, you will gain a sound understanding of the requirements, policies, and procedures as well as configuration options which apply specifically to American Express. You will also find helpful hints, in the form of est Practices, to aid you in understanding how best to implement American Express EMV acceptance. INTRODUCTION This guide details only the American Express-specific requirements and configurable options for implementing EMV technology. Unless otherwise detailed within the document, process transactions as described within the EMVCo specifications. Additionally, this guide outlines only the globally-standard requirements for implementing AEIPS; there may be additional country-specific or Acquirer-specific requirements. To learn more details about EMV implementation, please contact your Acquirer or American Express Representative, or visit the EMVCo website (www.emvco.com). 1.2. How to Use This Guide While this guide is not a definitive technical specification, it will provide a roadmap to allow you a more thorough understanding of American Express EMV implementation. You will find additional support in the technical reference documents cited in 1.3. For your convenience, also included is a Glossary and Acronyms section at the end of this document that you can refer to as you encounter unfamiliar terms, acronyms, or phrases. Words that are defined in the glossary are capitalized when used in this guide. 1.3. Reference Documents All documents that are referred to within this guide are listed in Table 1. These documents will be referenced using the abbreviations provided. This is not an exhaustive list of available documents. Please contact your American Express Representative to learn about the additional reference documents that are available. Table 1: Reference Documents Abbreviation Full Document Name Source [AEIPS-TEST] AEIPS Test Plan v5.2, American Express Please contact your American Express Representative [AEIPS-TERM] AEIPS Terminal Specification (AEIPS 4.1), American Express Please contact your American Express Representative [AEIPS-CARD] AEIPS Chip Card Specification (AEIPS 4.1), American Express Please contact your American Express Representative [ISO-9564] anking Personal Identification Number (PIN) Management and Security www.iso.org October 2007 4

Abbreviation Full Document Name Source [ISO-11568] anking Key Management (Retail) www.iso.org [ISO-11770] Information Technology Security Techniques Key www.iso.org Management [ISO-13492] anking Key Management Related Data Element (Retail) www.iso.org [ISO-15782] Certificate Management for Financial Services www.iso.org [ISO-15408] Information Technology Security Techniques Evaluation www.iso.org Criteria for IT Security [ISO-7813] Identification Cards Financial Transaction Cards www.iso.org INTRODUCTION 1.4. Requirement Notation Throughout this guide, attention is drawn to requirements within the text by using bold and italics on key words as follows: Mandatory requirements are highlighted through the use of the words must, shall, mandatory, or mandate(s). Optional recommendations are highlighted through the use of the words should, optional, or recommend(s). This guide seeks to highlight only requirements above and beyond those that are mandatory in the EMV specifications, as well as options that may be set by the Payment rands. October 2007 5

SECTION 2: EMV SPECIFICATIONS 2.1. Industry Specifications For the purposes of this document, EMV is used to describe a set of Chip Card specifi cations administered by EMVCo. These specifi cations facilitate an interoperable framework in which Chip Card-based payment transactions can be processed globally. The EMV specifi cations allow Payment rands and Issuers the fl exibility to customize specifi c requirements with regards to security, risk management, and Cardholder Verifi cation, in order to best meet their own objectives. The EMV specifications apply to virtually every aspect of the Chip Card, including: physical characteristics; the electronic interface between the Chip Card and Terminal; determination of protocols for data communication between a Chip Card and a Terminal; and payment application features. EMV SPECIFICATIONS EMVCo details and manages Terminal type approval to ensure compliance with the specifications. The Payment rands set their own requirements for EMV implementation and define the testing processes to certify against these requirements. anking industry associations in certain countries may also set local requirements. These tend to be related to national rollouts in order to ensure there is a consistent approach in a country (e.g., by specifying common requirements for the usage of PIN). 2.2. AEIPS: American Express Integrated Circuit Card Payment Specification The EMV specifications contain many implementation options that the Payment rands clarify within their individual specifications. To enable the most effective usage of EMV technology, American Express has produced AEIPS. We have divided AEIPS into two separate specifications: AEIPS Chip Card Specification [AEIPS-CARD], which defines the technical data elements and functionality when implementing EMV-compliant Chip Cards. AEIPS Terminal Specification [AEIPS-TERM], which outlines the Terminal functionality required to process American Express EMV transactions. EST PRACTICE: It is recommended that you read both the AEIPS Chip Card Specification and the AEIPS Terminal Specification to fully understand how to implement American Express EMV. As AEIPS is built on the EMVCo specifications, there are no technical differences between implementing EMV for American Express than for the other Payment rands. The only differences that exist are configuration options that American Express has specified based on the EMVCo specifications. Just as American Express has configuration differences from other Payment rands, similar configuration differences exist among other Payment rands as well. Therefore, you can easily implement American Express EMV as you implement other Payment rands. This affords you several benefits, including meeting the requirements of all the Payment rands at once, saving the effort of adding AEIPS after EMV migration is already underway, and ensuring the satisfaction of potential customers. October 2007 6

SECTION 3: TERMINAL REQUIREMENTS Y EMV TRANSACTION STEP 3.1. Introduction This section examines each step of an EMV transaction. As shown in Figure 1, American Express is interoperable with the EMV specifications and also aligns very closely with the other Payment rands. There are only four steps within the EMV transaction process flow in which American Express has configuration differences from the industry. Figure 1: Process Flow for an EMV Transaction insert card 1 2 application selection initiate application processing Application Selection: The EMV specifications allow for both complete and partial Application Identifier selection, and each Payment rand has chosen which option to leverage. American Express requires the use of partial Application Identifier selection for all American Express Cards, so the Application Selection Indicator within the Terminal must be set appropriately. REQUIREMENTS Y TRANSACTION STEP 3 read application data 4 offline data authentication same as industry configuration differences 5 6 processing restrictions cardholder verification Terminal Risk Management: Of the several Terminal risk management checks allowed by the EMV specifications, American Express mandates that the Terminal perform Floor Limit checking and random transaction selection. The other checks can be optionally performed by the Terminal. 7 8 terminal risk management 1st terminal action analysis 1st Terminal Action Analysis: There are no technical differences for handling an American Express Card during this step. Like the other Payment rands, American Express has specific Terminal Action Code values that must be loaded into the Terminal. offline transaction unable to go online 9 10 1st card action analysis online transaction processing Online Transaction Processing: Like the other Payment rands, American Express has a unique message format, which may vary by country. Therefore, the Terminal, Third Party Processor, or Acquirer will need to ensure that they are able to place the EMV data elements into the appropriate format for each Payment rand. 11 issuer authentication 12 2nd terminal action analysis 13 2nd card action analysis 14 issuer script processing 15 transaction completion remove card October 2007 7

3.2. EMV Transaction Steps Following is a high-level description of each EMV transaction step. For those steps where American Express has configuration differences, our requirements are noted and described in detail. In some steps, there are also additional requirements which cover operational functionality outside of the EMV specifications, e.g., PIN ypass. These additional requirements are also described in the appropriate steps. These symbols will help identify the steps that have changes exclusive to AEIPS: Indicates there is a configuration difference specific to AEIPS Indicates no customization beyond standard EMV specifications A general description of the step appears at the beginning of each section, set off in gray borders. Step 1: Application Selection American Express has configuration differences. When a Chip Card is inserted into a Terminal, the Terminal determines (and may have the option to display) a list of applications supported by both the Chip Card and Terminal. This is done by matching an Application Identifier (AID) loaded into the Terminal with a similar value loaded in the card. REQUIREMENTS Y TRANSACTION STEP Application Selection on AEIPS-compliant cards is performed according to the EMV specifications. American Express mandates that Terminals support and are enabled for partial name selection by setting the Application Selection Indicator. In partial name selection, the select command is issued with the partial American Express AID loaded in the Terminal, which is comprised of the American Express Registered Application Provider Identifier (RID), and the first byte of the Proprietary Application Identifier Extension (PIX). The American Express RID is: A0 00 00 00 25, and the first byte of the PIX for an AEIPS-compliant payment application is 01. Therefore, the AID value held within the Terminal for use in partial name selection shall be A0 00 00 00 25 01. If a Chip Card is inserted into a Terminal and no matching applications can be found i.e., if the Terminal is EMV-enabled but not yet certified, or if it is EMV-enabled for other Payment rands but not yet for American Express the transaction must be processed using the magnetic stripe. You must not process the transaction as Fallback (see section 4.1.1. Fallback for definition). To enable the transaction to be processed using the magnetic stripe, the Terminal must not perform extended service code checking, i.e., the Terminal should not prompt for card insertion when a service code that starts with a 2 or a 6 is detected. In this case, the POS data codes or similar indicators must indicate that the Terminal did not have chip capability, e.g., Position 1 (card input capability code) 5 (Integrated Circuit Card [ICC]). To support this, the Terminal must have the ability to set the POS data code based on the Payment rand. October 2007 8

Step 2: Initiate Application Processing American Express has the same requirements as the EMV specifications. When an AEIPS application is selected, the Terminal requests that the Chip Card provide the location of the data to be used for the current transaction and list the functions supported. Step 3: Read Application Data American Express has the same requirements as the EMV specifications. The Terminal reads the necessary data from the locations provided by the Chip Card and uses the list of supported functions to determine which processing to perform. The information required to perform Offline data authentication is found within the data read from the Chip Card during this stage of the transaction. Step 4: Offline Data Authentication American Express has the same requirements as the EMV specifications. However, additional requirements that cover operational functionality outside of the EMV specifications are provided. Offline data authentication validates that the card being used in the transaction is the genuine card that was issued and that the card data has not been altered. There are different types of Offline data authentication. The most common are Static Data Authentication (SDA) and Dynamic Data Authentication (DDA). The Terminal determines whether it authenticates the Chip Card Offline, using either SDA or DDA, based upon the ability of the Chip Card and Terminal to support these methods. REQUIREMENTS Y TRANSACTION STEP American Express mandates that Terminals support SDA and DDA; however, support of Combined DDA/Application Cryptogram (AC) generation (CDA) is optional. Certification Authority Public Keys (CAPKs) are required to support Offline data authentication. The lack of the correct CAPKs will lead to Offline data authentication failures and potential transaction declines. Terminals must be capable of storing up to six CAPKs for each Payment rand. Full detail of CAPK expiration dates, required Terminal load dates, earliest Issuer usage dates, and required key removal dates are detailed in Table 2. Table 2: CAPK Management Lifecycle CAPK Expiration Date Length Required Date for Acquirers to Load Earliest Date for Issuers to Use Required Removal Date at Terminals 1024 31 December 2009 31 December 2003 1 January 2004 30 June 2010 1152 31 December 2014 31 December 2005 1 March 2006 30 June 2015 1408 31 December 2017 or later 1984 31 December 2017 or later 31 December 2006 1 January 2007 six months after expiration 31 December 2006 1 January 2007 six months after expiration October 2007 9

EST PRACTICE: American Express, in line with other Payment rands, reviews the CAPK lifecycle on an annual basis. Therefore, the expiration dates stated in Table 2 may change. American Express recommends that Terminals do not store the expiration date, unless it can be easily updated. American Express CAPKs are emailed to Terminal Vendors when they contact American Express to start AEIPS Terminal certification. American Express CAPKs are distributed in a fixed format. oth the CAPKs and the fixed format are detailed in Appendix A. Step 5: Processing Restrictions American Express has the same requirements as the EMV specifications. The Terminal performs a number of checks to determine whether or not to allow the transaction, or whether any product-specific geographical (e.g., domestic use only) or service-type restrictions (e.g., cannot be used for cash withdrawal) apply. Step 6: Cardholder Verification American Express has the same requirements as the EMV specifications. However, additional requirements that cover functionality outside of the EMV specifications are provided. REQUIREMENTS Y TRANSACTION STEP Cardholder Verification is used to determine whether the Cardmember is legitimate and whether or not the Chip Card has been lost or stolen. In a typical retail environment, the following Cardholder Verification Methods (CVMs) are supported by the Terminal: Offline enciphered PIN Offline plaintext PIN Signature No CVM required The actual CVM supported on an AEIPS-compliant Chip Card or Terminal will depend on the implementation of EMV within the country. PIN Requirements. The use of PIN either plaintext or enciphered with EMV introduces some new technical and operational requirements. The sections below detail the American Express requirements in relation to PIN. American Express mandates that the Terminal be capable of supporting both plaintext and enciphered PIN. The Terminal shall display the transaction amount (or an accurate estimate) to the Cardmember before PIN entry. PIN Pads should be designed to take into account the requirements of all Cardmembers (e.g., a raised dot on the 5-key to assist partially-sighted Cardmembers, etc.). October 2007 10

PIN Pads should be placed in locations that can accommodate the requirements of all Cardmembers (e.g., to enable PIN entry from a seated position for wheelchair-bound customers). Also, the Cardmember should be able to see his or her card at all times. If a PIN Pad is present, it must comply with EMV, Payment Card Industry Data Security Standard (PCI DSS) PIN Entry Device (PED), and local country requirements. American Express has no minimum requirements for PIN Pads beyond those of EMV, PCI PED, and the local country payment authorities or regulatory bodies. PIN Input Errors. When the Cardmember encounters problems entering his or her PIN, prompts are necessary to guide the Merchant and Cardmember. AEIPS-Specific Requirements for PIN Input Errors When a card is presented to a Terminal and the PIN try counter = 1 i.e., there is one PIN attempt remaining then the Terminal should produce a suitable prompt to inform both the Merchant and the Cardmember of this situation. (For Terminal display messages, see Appendix.) If the PIN try counter = 0, the Terminal shall continue the transaction, having set the applicable bits in the Terminal Verification Results (TVR), indicating that the PIN try counter has been exceeded. PIN ypass. PIN ypass is an option to aid the customer experience during the implementation of PIN. It can be leveraged when the Cardmember cannot remember his or her PIN or may temporarily be unable to enter the PIN. In this case, the Merchant may have the option to bypass PIN entry and enable the chip and Terminal to process the next CVM, which is likely to be signature. REQUIREMENTS Y TRANSACTION STEP PIN ypass shall be able to be performed only if all of the following requirements are met: the Terminal is attended; the Terminal is configured to provide PIN ypass; the Merchant and Acquirer agree to support it; and the Chip Card s CVM list allows another CVM to be performed, and the Terminal can support this CVM. When PIN ypass is used, the TVR shall record that PIN was required, PIN Pad present and working, but PIN not entered (yte 3 it 4). EST PRACTICE: American Express recommends making PIN ypass functionality a confi gurable option within the Terminal so that the functionality can be disabled when appropriate, e.g., when a country has reached PIN maturity. Important Note: PIN ypass reduces both the fraud mitigation and operational benefits of using PIN, and therefore is functionality that should only be used during the transition to PIN as the standard CVM. It is also important to note that Issuers will be likely to decline PIN ypass transactions as they appear more risky than PIN-based transactions. October 2007 11

Step 7: Terminal Risk Management American Express has configuration differences. During Terminal risk management, a series of checks based on information provided by the card and the Acquirer are performed. The EMV specifications detail several checks that can be performed as part of Terminal risk management. American Express mandates that Floor Limit checking and random transaction selection be performed; all other checks are optional based on the Terminal s confi guration. The results of these checks are stored by the Terminal for later use in the TVR. Step 8: 1st Terminal Action Analysis American Express has configuration differences. 1st Terminal action analysis compares the results of Offline data authentication, processing restrictions, Cardholder Verification, and Terminal risk management to rules set by the Issuer and American Express. This process determines whether the Terminal requests that the transaction is approved Offline, sent Online for authorization, or declined Offline. REQUIREMENTS Y TRANSACTION STEP The Issuer rules are stored in the Chip Card in fields called Issuer Action Codes (IACs); the American Express rules reside in the Terminal as the Terminal Action Codes (TACs). The Terminal compares the TVR values stored during Offline processing with the IACs and TACs to determine whether any of the transaction conditions in the TVR indicate the Terminal will request that the transaction be declined or sent Online. If this is not the case, then the Terminal will request that the transaction be approved Offline by the Chip Card. After determining whether to request the transaction be approved, declined, or sent Online to the Acquirer, the Terminal requests a Cryptogram from the Chip Card. The type of Cryptogram requested depends on whether the Terminal requires a Transaction Certificate (TC) for an approval, an Authorization Request Cryptogram (ARQC) for a request to go Online, or an Application Authentication Cryptogram (AAC) for a decline. Like the other Payment rands, American Express has specific TAC values that must be loaded into Terminals. The TAC values for American Express are detailed in the table below: Table 3: American Express TAC values Default C8 00 00 00 00 Online C8 00 00 00 00 Denial 00 00 00 00 00 Step 9: 1st Card Action Analysis American Express has the same requirements as the EMV specifications. Upon receiving the request from the Terminal, the Chip Card performs the 1st card action analysis. Here, risk management checks are performed by the Chip Card to determine the appropriate response to the Terminal s request. The Chip Card may overrule the Terminal s request. For example, the Chip Card could receive a request from the Terminal for an Offline approval, but the Chip Card may return a Cryptogram indicating that either October 2007 12

an Online transaction or an Offline decline is required. This is dictated by the Chip Card s risk management parameters (as set by the Issuer). The results of this analysis are stored for later use by the Chip Card in the Card Verification Results (CVR). Step 10: Online Transaction Processing American Express has configuration differences. If the Chip Card or Terminal determines that the transaction requires an Online authorization (and if the Terminal has Online capability), the Terminal transmits an Online authorization message to the Acquirer. If the Chip Card or Terminal determines that the transaction requires Offline authorization, the Terminal will proceed with transaction completion (see Step 15). If the transaction is required to be sent Online, but the Terminal is unable to send it Online due to technical reasons, the Terminal will proceed to 2nd Terminal action analysis (see Step 12). The message sent to the Acquirer includes the Cryptogram (e.g., ARQC) generated by the Chip Card, the data used to generate the Cryptogram, and indicators showing Offline processing results, including the TVR and CVR. If the Issuer has successfully validated the Cryptogram provided by the Chip Card, Issuer Authentication Data (IAD) will be included in the authorization response message. This data includes an Issuer-generated Cryptogram called an Authorization Response Cryptogram (ARPC) and an Authorization Response Code (ARC) that details the Issuer s decision regarding the transaction. The response may also include updates for the Chip Card, called Issuer Scripts (see Step 14: Issuer Script Processing). REQUIREMENTS Y TRANSACTION STEP If a Terminal receives an authorization response that contains valid information regarding the transaction result, but does not contain the required chip data to perform Issuer Authentication, this is known as a downgraded transaction (see Step 12: 2nd Terminal Action Analysis). October 2007 13

Like the other Payment rands, American Express has a unique message format, which may vary by country. The following table illustrates the mandatory and optional data elements for American Express. Table 4: Mandatory and Optional Data Elements Mandatory Data Elements: AUTHORIZATION REQUEST MESSAGE Terminal Capabilities Indicator Card Input Method Indicator Amount, Authorized (Authorization) / Final Transaction Amount (Settlement) Amount, Other Application Interchange Profile Primary Account Number (PAN) PAN Sequence Number Application Transaction Counter ARQC Issuer Application Data Terminal Country Code TVR Transaction Currency Code Transaction Date Transaction Type Unpredictable Number AUTHORIZATION RESPONSE MESSAGE IAD (this includes the ARPC and the ARC) Issuer Script Data Optional Additional Data Elements: AUTHORIZATION REQUEST MESSAGE Fallback Indicator Application Identifier (Terminal) Application Version Number (Terminal) Cryptogram Information Data CVM Results IACs: Denial, Online, & Default REQUIREMENTS Y TRANSACTION STEP Step 11: Issuer Authentication American Express has the same requirements as the EMV specifications. If the authorization response contains an ARPC, it is mandatory for the Chip Card to perform Issuer authentication by validating the response Cryptogram. Upon receiving an authorization response containing an ARPC, the Terminal submits the ARPC to the Chip Card, using the external authenticate command. This verifies that the response came from the genuine Issuer. It also prevents criminals from circumventing the Chip Card s security features by simulating Online processing and fraudulently approving a transaction. October 2007 14

Step 12: 2nd Terminal Action Analysis American Express has the same requirements as the EMV specifications. There are three distinct scenarios that a Terminal could face at this point in a transaction: EMV data received in the authorization response: When the Issuer has successfully authenticated the card and returned the IAD, then the Terminal can use either the ARC in the IAD or the authorization response message to determine whether to request that the Chip Card approve or decline the transaction. No EMV data received in the authorization response: When the Terminal does not receive any IAD in the response message, then it determines whether to request that the Chip Card approve or decline the transaction. This is determined by using the result of the transaction as indicated in the response message from the Acquirer. The Terminal must then populate the ARC (EMV tag 8A ) to be returned to the Chip Card from the Terminal in the 2nd generate AC command, as follows: 00 for an approval result (i.e., in ASCII 3030 ) 02 for a referral result (i.e., in ASCII 3032 ) 05 for a decline (i.e., in ASCII 3035 ) Terminal was unable to go Online: When the Terminal is unable to go Online, the Terminal determines whether or not to request Offline approval or an Offline decline from the Chip Card, depending on the TAC (default) residing in the Terminal and the IAC (default) read from the Chip Card. REQUIREMENTS Y TRANSACTION STEP Step 13: 2nd Card Action Analysis American Express has the same requirements as the EMV specifications. Following the completion of 2nd Terminal action analysis, the Terminal will ask the Chip Card to either approve or decline the transaction. The Chip Card then performs its own action analysis and makes the final decision as to whether or not the transaction is approved or declined. The Chip Card may decline an Issuer-approved transaction based upon the Issuer authentication results and Issuer encoded parameters in the Chip Card. The Chip Card generates a Cryptogram of type TC for approved transactions and of type AAC for declined transactions. Step 14: Issuer Script Processing American Express has the same requirements as the EMV specifications. However, additional requirements that cover operational functionality outside of the EMV specifications are provided. Within EMV, the Issuer has the ability to send updates to the Chip Card via scripts sent in the authorization response message. An Issuer Script is a collection of card commands constructed and sent by the Issuer for the purpose of updating and managing Chip Cards. Detailed below are American Express requirements for Issuer Script processing: The Terminal shall process the script, whether the transaction was approved or declined. The Terminal passes commands defined in the script to the Chip Card, either before or after it has returned the final AC, depending on the type of script sent. October 2007 15

The Terminal shall process Issuer Scripts with the Chip Card, irrespective of whether Issuer authentication is successful or the transaction is approved or declined. The Terminal shall not display any message to the Merchant indicating either the end of the transaction or card removal until the Chip Card has processed the script. In any authorization response, the Issuer can send multiple scripts. These scripts may contain multiple commands, which shall be processed in the order that they appear within the script. If the card responds to a command with an Issuer Script indicating success or a warning, then the Terminal must continue to process the remaining commands. If the card responds with an error, then the Terminal must terminate processing of any remaining commands. Terminals shall support the processing of Issuer Scripts during this step of the transaction, as well as in Step 13 before the 2nd generate AC command (i.e., support tags 72 and 71 ). The following is an example of a trace of an Issuer Script with multiple commands. Trace Data 72459F18048000000086158424000210FEF34F007CE770DC 61DA847F1E59862504DA8E00200000000000000000420141 035E031F020000000000000000AC7F4DF1D624A0E Table 5: Data Elements in the Issuer Script Data Element Description 72 Script tag 45H (69D) Length 9F18 Tag 04H (4D) Tag length 80000000 Script ID 86 Command tag 15H (21D) Length 8424 PIN change command 0002 P1 P2 10H (16D) Length FEF34F007CE770 Data DC61DA847F1E59 MAC 86 Command tag 25H (37D) Length 04DA Put data command 8E00 CVM list update 20H (32D) Length 0000000000000000420141035E031F020000000000000000 Data AC7F4DF1D624A0ED MAC H = Hexidecimal D = Decimal representation of the hexidecimal value REQUIREMENTS Y TRANSACTION STEP October 2007 16

The following is an example of a trace of an Issuer Script with a single command. Trace Data 72179F180400004000860E04DA9F580900C7356286E3779889 Table 6: Data Elements in the Issuer Script Data Element Description 72 Script tag 17H (23D) Length 9F18 Tag 04H (4D) Tag length 00004000 Script ID 86 Command tag 0EH (14D) Length 04DA Put data command 9F58 CVM list update 09H (9D) Length 00 Data C7356286E3779889 MAC H = Hexidecimal D = Decimal representation of the hexidecimal value REQUIREMENTS Y TRANSACTION STEP Step 15: Transaction Completion American Express has the same requirements as the EMV specifications. However, additional requirements that cover operational functionality outside of the EMV specifications are provided. The Terminal performs final processing to complete the transaction. It is also at this point in the transaction that, if the signature has been determined as the CVM, the receipt is printed and the Cardmember is asked to sign it. October 2007 17

AEIPS Receipt Requirements. Certain format and data requirements must be met with regards to transaction receipts. These are outlined in the following tables and accompanying text. Key to contents in Table 7, column titled M/P/O/C M: Mandatory (always needed), P: Preferred (best practice), O: Optional (can be present), or C: Conditional (dependent on the situation) Table 7: Receipt Data Table Field Description M/P/O/C Merchant Number M* Merchant Name M* Merchant Address M* Transaction Type e.g., Sale, Refund M* PAN M* 1 Expiration Date of Card (MMYY) M* Transaction Data Source e.g., Swiped, Manual Entry, Chip M* Date of Transaction M* Terminal Number (Terminal ID) M* Transaction Number M* Transaction Response e.g., Authorization Code M* Amount of Transaction (Including Currency Symbol) M* Request for Signature (Not Required for PIN Transaction) C Space for Signature (Not Required for PIN Transaction) C Declaration e.g., Please Debit My Account M Retention Reminder M PIN Statement (Only required for PIN) e.g., PIN Verified, PIN Locked C AID M Gratuity Amount O Diagnostic Message P Start Date of Card (MMYY) P Time of Transaction P REQUIREMENTS Y TRANSACTION STEP Application Preferred Name C 2 Payment rand Name/Application Label M Card Type O Cardmember Name O 3 Courtesy Message O Tax Registration Number O Receipt Number (Not Transaction Number) O Goods Amount O Goods Description O October 2007 18

Field Description Tax Rate Exception File Version Number Terminal Software Version Number Cryptogram Type/Value *Indicates data elements that must be stored electronically during a PIN transaction M/P/O/C O O O P Notes on Table 7 1. The PAN on the Cardmember s receipt must be masked per PCI DSS and local legal requirements. 2. Where the application preferred name is present and the Terminal supports the relevant Issuer code table index, then this data element is mandatory. 3. The Cardmember name, if printed, should be printed according to [ISO-7813]. The Cardmember name is received from the chip for an EMV transaction, or from track 1 for a magnetic stripe transaction. REQUIREMENTS Y TRANSACTION STEP EST PRACTICE: Printing of a receipt should begin as soon as possible, so as to overlap with the transaction process. Doing so will minimize the time that the Merchant and Cardmember spend waiting. AEIPS Receipt Layout Requirements. The only mandatory requirement pertaining to the layout of text on a receipt is that the signature and amount are adjacent to one another. Every effort should also be made to ensure that other information is presented logically and clearly (e.g., place date and time adjacent to each other as well as the masked card number and expiration date, etc.). October 2007 19

The receipt layout shown in Figure 2 highlights the additional requirements for a Terminal processing American Express Chip Cards. The red text indicates layout requirements specific to EMV. Figure 2: Receipt Layout Reqirements Receipt Layout Receipt Data LOGO(S) WHERE APPLICALE RETAIL STORE 154 EDWARD STREET RIGHTON N2 2LP Merchant Name Merchant Address MERCHANT ID: 999 999 999 TERMINAL ID: 12345 ATCH# 0001 ROC# 125 XXXXXXXXXXX1003 (C) AMERICAN EXPRESS EXPIRES 05/12 Merchant Number Terminal Number (Terminal ID) Transaction Number Masked PAN and Transaction Data Source: (S) Swiped (M) Manual Entry or (C) Chip. Card Type and Expiration Date REQUIREMENTS Y TRANSACTION STEP AMEX GOLD A000000025010001 OCT 19, 07 15:33 SALE RRN: 1234567890 ITEM NAME / DESCRIPTION (OPTIONAL) ITEM NAME / DESCRIPTION (OPTIONAL) USER ID: 9999 (OPTIONAL) ASE 250.00 TIP TOTAL PIN VERIFIED X E SMITH TC A2E51245C4D7E551 AUTHORIZATION CODE: 252525 I AGREE TO PAY THE AOVE TOTAL AMOUNT ACCORDING TO THE CARD ISSUER AGREEMENT. MERCHANT COPY Application Label, or Application Preferred Name Card Application Identifier (AID) Time and Date of Transaction Transaction Type Receipt Number Amount of Transaction (Including Currency Symbol) Gratuity Amount PIN Statement or Space for Signature and Request for Signature Cardmember Name Cryptogram Type and Value Transaction Response e.g., Authorization Code Declaration October 2007 20

SECTION 4: SPECIAL TRANSACTION PROCESSING Despite EMV s significant impact on Terminal hardware and software, the processes involved in handling a standard Cardmember transaction are very similar for magnetic stripe and EMV. However, there are some transactions that occur during unique scenarios that, with the introduction of EMV, and especially PIN, require special consideration. This section details American Express requirements in such circumstances. 4.1. Technical Scenarios 4.2. Situational Scenarios 4.3. Unattended Payment Terminal Scenarios 4.1.1. Fallback 4.2.1. Refunds 4.3.1. Cardholder Verification on UPTs 4.1.2. Premature Card Removal 4.2.2. Card Not Present 4.3.2. Fallback on UPTs 4.1.3. Referral Transactions 4.2.3. Card Not Yet Present 4.3.3. Online Capability with UPTs 4.1.4. Declined Transactions 4.2.4. Transaction Amount Not Yet Known 4.1.5. Stand-In Authorization 4.2.5. Card No Longer Present 4.1.6. Reversals 4.2.6. Card Re-Presented For Final Charge 4.2.7. Adding a Gratuity 4.1. AEIPS Requirements During Technical Scenarios 4.1.1. Fallback When an American Express certified Terminal successfully performs application selection but cannot complete the EMV transaction due to technical reasons, the Terminal is allowed to process the transaction by using a less secure method (e.g., magnetic stripe); this is known as Fallback. The Terminal is allowed to use Fallback as long as the technical error occurs before the card responds to the 1st generate AC command. If the error occurs after this step, the transaction must be declined and Fallback is not allowed. Additionally, before Fallback is allowed, multiple attempts to use the chip must be performed (i.e., a first attempt and retries). American Express recommends that in the event of a chip read failure, a Terminal make two further attempts to read the chip before processing the transaction as Fallback. SPECIAL TRANSACTION PROCESSING The Terminal should respond to the first and second unsuccessful attempts by displaying a meaningful message (e.g., INSERT AGAIN ). After the final unsuccessful attempt, the Terminal shall prompt the Merchant to revert to reading the magnetic stripe as the Fallback option (e.g., PLEASE SWIPE ). If the transaction falls back from EMV technology, the standard checks performed on any magnetic stripe card must be performed. Fallback shall not take place if: the card is blocked; all applications present are blocked; the EMV transaction has already been declined; or the transaction occurs at an Unattended Payment Terminal (UPT). October 2007 21

Identifying Fallback. The Terminal to Acquirer interface shall include an indicator to explicitly identify Fallback transactions. There are two ways in which Fallback transactions can be indicated to American Express: Option 1: Fallback Indicator E.g., POS data code position 7 (card data input mode code) = 9 (Fallback) Option 2: Derived Indicator (Leveraging POS Data Codes) Position 1 (card input capability code) = 5 (ICC) Position 6 (card present code) = 1 (card present) Position 7 (card data input mode code) 5 (ICC). Some examples of possible values include: 2 (magnetic stripe read) 6 (key entered) S (keyed Four-Digit Card Security Code [4CSC] or Four-Digit atch Code [4DC]) EST PRACTICE: American Express recommends that you apply Option 1, as it more accurately identifies Fallback transactions. Floor Limits. American Express mandates a zero Floor Limit for all Fallback transactions, meaning all Fallback transactions must be sent Online for authorization. PAN Key Entry. If the transaction cannot be completed by the chip or magnetic stripe, the transaction may be completed with PAN key entry, subject to agreement with the local Acquirer. 4.1.2. Premature Card Removal In an EMV transaction, the card must remain in the Terminal for the duration of the transaction; if the Cardmember or Merchant removes the card before the Terminal has reached transaction completion, the Terminal shall cancel the transaction. SPECIAL TRANSACTION PROCESSING If an authorization has taken place, the Terminal shall send a reversal message if the Acquirer and Terminal support reversals. If it is not possible to send a reversal message, then the Terminal shall cancel the transaction, and no settlement data will be sent. 4.1.3. Referral Transactions As in the current magnetic stripe environment, the Issuer may respond to an authorization request with a referral. Not all Terminals support referrals, in which case the Terminal shall treat a referral response as a decline response. In these circumstances, American Express has the following requirements: The card shall be removed from the Terminal and retained by the Merchant for use during the referral process, as information may be required during the referral call that is not on the Terminal receipt (for example, 4CSC on the front of the card). However, the Terminal must complete the transaction with the card before displaying any message that indicates the removal of the card. October 2007 22

There are two options for how a Terminal can do this: Option 1: The transaction is completed by the Terminal and the chip as though it had been declined (i.e., the Terminal requests an AAC). The Terminal must retain the transaction data until the status of the transaction has been determined. If the transaction is subsequently approved, the Terminal must allow the Merchant to enter the approval code during transaction completion. The approval code must then be included in the submission, along with the ARQC that was generated by the card prior to Online authorization. If the transaction is subsequently declined, the transaction must be declined within the Terminal, with no further card processing. Option 2: The transaction is completed by the Terminal and the chip as though it had been authorized (i.e., the Terminal requests a TC). The Terminal must retain the transaction data until the status of the transaction has been determined. If the transaction is subsequently approved, the Terminal must allow the Merchant to enter the approval code during transaction completion. The approval code must then be included in the submission, along with the TC that was generated by the card. If the transaction is subsequently declined, the transaction must be declined within the Terminal, with no further card processing. EST PRACTICE: American Express recommends that you apply Option 1, as it is more technically correct. At the point of referral, the transaction has not actually been approved. SPECIAL TRANSACTION PROCESSING 4.1.4. Declined Transactions In normal circumstances, when an Issuer declines a transaction, the Terminal still performs 2nd Terminal and card action analysis. When the transaction is declined, the Merchant is made aware of this on the Terminal display. In cases where a transaction is declined by the card, Terminal, or Issuer, it shall not be reprocessed using alternative data entry (i.e., magnetic stripe or PAN key entry). Decline and Retain. In exceptional circumstances, the Merchant may be requested (through a response code) to retain the card, which is referred to as decline and retain (also known as decline and pickup ). This code will normally be sent in conjunction with an Issuer Script, which prevents the Chip Card from carrying out further EMV transactions. The retained card message shall not be displayed to the Merchant until the chip has processed the script. 4.1.5. Stand-In Authorization When the Chip Card and Terminal have determined that a transaction needs to be sent Online, and the American Express Acquirer cannot be contacted due to technical reasons, the IAC and TAC default values are checked to determine whether or not the transaction is to be approved or declined. The Merchant has no October 2007 23

control over this process; however, in the magnetic stripe environment, a Merchant could decide to accept a similar transaction at his or her own risk (subject to Merchant contract). This is called Stand-In authorization. American Express has developed a process that would allow those Merchants who currently perform Stand- In authorization to continue to perform it in the EMV environment. In the event that the American Express Acquirer cannot be contacted, and the Merchant wishes to allow Stand-In authorization, there are three steps that a Terminal must perform: Step 1: Stand-In Eligibility Check. The Terminal shall contain a list of all partial or full AIDs for which it supports Stand-In. The Terminal will compare the AID on the card to the AIDs stored within this list. If a match is found, then the card is eligible for Stand-In. If the Terminal belongs to a Merchant or Acquirer who wishes to support Stand-In authorization for American Express, then the Terminal must hold an indicator to show that Stand-In authorization is allowed for all valid American Express payment applications. If the Terminal identifies an application that is eligible for Stand-In authorization, it must perform Stand-In authorization as described in steps 2 and 3. In the event that the result of the eligibility check indicates that Stand-In processing is not to be performed, then transaction processing continues using the TAC and IAC default values. Step 2: Stand-In Action Code (SAC). A Terminal supporting Stand-In authorization shall hold a dedicated SAC specifically for the purpose of processing Stand-In authorization (one SAC per supported AID). In order to process Stand-In authorization, the Terminal shall check the TVR against the SAC for that AID; and if any of the corresponding TVR bits are set, then the Terminal must request that the Transaction be declined. The following table provides the default settings of American Express SAC. Table 8: Default Settings for American Express SAC* yte it Value 1 8 Offline Data Authentication not Performed 1 7 Offline SDA Failed 1 6 ICC Data Missing 1 5 Card Appears on Terminal Exception File 1 4 Offline DDA Failed 2 7 Expired Application 2 5 Requested Service not Allowed for Card Product 3 8 Cardholder Verification was not Successful 3 6 Offline PIN Try Limit Exceeded 3 4 Offline PIN Required, PIN Pad Present but PIN not Entered 4 6 Upper Consecutive Offline Limit Exceeded SPECIAL TRANSACTION PROCESSING *This table corresponds to an SAC hexadecimal value of F8 50 A8 20 00. October 2007 24