ARQC PDOL and ICC data in ISO 8583 message
Question
I have successfully generated a ARQC by satisfying the PDOL required by the ICC. The ARQC required the following PDOL tags.
9F66 TTQ
9F02 Amount Authorised
5F2A Transaction Currency Code
9A Transaction Date
9F37 Unpredictable Number
The AID returned from ICC
06 01 11 03 A00000 0F83000000000000000000006975A844
The Cryptogram Version Number as above 17 (11 Hex)
My question, when I submit the transaction to the acquiring bank for authorisation via a ISO8583 host to host connection, in the ICC related data element do I only populate the EMV tags required by the PDOL and response Tags, or do I submit all ICC tags including for example the 'Terminal Verification Results' which was not required as per PDOL ?
Based on the CVN 17 the required fields to validate Cryptogram is
9F02 Amount
9F37 Unpredictable Number
9F36 ATC
9F10 CVR
3 answers
solution1
1 2020-01-08 18:06:02
Unfortunately this is a question you should ask to your acquirer. The usual is that you populate all the data you have, especially because some of them may be used for risk management rather than cryptogram calculation. List of mandatory data elements is usually longer than what is required purely for cryptogram generation. Second thing is that your application should not interpret proprietary data elements like Issuer Application Data unless you are required (remember there are other card application specifications and you might have trouble differentiating them on the acceptance side). Side note - AID is not IAD, 9F10 is not CVR.
solution2
1 ACCPTED 2020-01-09 08:25:30
Agree with comment from Michal.
Acquirer require much more EMV tags to transfer them to Card Issuer side and identify correct card profile and finally validate Cryptogram. The list of EMV data can be different in small details and place of these EMV Values transferred in ISO 8583 message. Refer to your Acquirer ISO 8583 specification.
The short summary of EMV tags and other fields required by Acquirer Interface you may see in EMV specification Book 4, Article "Authorisation Request".
Keep in mind that contactless cards, like your Visa PayWave may need to transfer own specific Tags depending of Card Brand Specification.
solution3
1 2020-01-09 08:52:59
In most simple terms, what your card is doing here is generating a cryptogram based on elements in CDOL (elements, its order and size, will be mentioned in payment scheme docs for each CVN) . So at the issuer end it should get the same elements to validate the cryptogram( and optionally to generate the response cryptogram ).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.