Is Plaintext offline PIN verification on EMV card by Micro USB OTG reader?
Question
I have n88 micro USB OTG EMV card Reader. I used below application to read card data
https://play.google.com/store/apps/details?id=sasc.android.smartcard
When I see in the log, plaintext offline PIN verification is not listed as rule in CVM list.
My question is if I try to verify PIN after "read record" phase, will the card accept verify command ? Till now I am getting command invalid response for verify command. So is plaintext PIN verification possible if there is no rule in CVM list ?
2 answers
solution1
1 ACCPTED 2016-03-30 08:16:12
Actually you sholdn't perform verification metod which is not supported in CVM. But if you want force perform plaintext Verify command ( plaintext offline PIN verification ) the result will be depend of specific payment card. For example for Visa card you can always perform plaintext, but MasterCard may not allow plaintext in own application control bytes.
In your case, it seems card does not support Offline Pin at all.
solution2
0 2016-03-30 09:14:31
You can send Verify PIN command immediately because after Read Record Commands there is no other command that need to be send to card. Terminal start to check "Processing restrictions" and then "Offline data authentication".
CVM is negotiated and chosen according to terminal and card parameters. If CVM list does not include PIN of course terminal will not ask PIN(or other methods such signature).
I did not see kernel code of a card but if you ask card to perform PIN of course card would check the possible CVM methods before performing. So we can say yes, CVM List must include PIN.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.