PayPass Personalization Data Specifications PDS (V1.5).pdf · PayPass Personalization Data...
Transcript of PayPass Personalization Data Specifications PDS (V1.5).pdf · PayPass Personalization Data...
PayPass Personalization Data
Specifications
Version 1.5 – July 2, 2009
Version 1.5 – July 2, 2009 © 2009 MasterCard ii PayPass Personalization Data Specifications
Copyright The information contained in this document is proprietary and
confidential to MasterCard International Incorporated, one or more of its affiliated entities (collectively "MasterCard") or both. This material may not be duplicated, published, or disclosed, in wholeor in part, without the prior written permission of MasterCard.
Trademarks Trademark notices and symbols used in this manual reflect the
registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States.
All third-party product and service names are trademarks or registered trademarks of their respective owners.
Media This document is available in both electronic and printed format.
MasterCard Worldwide - CCOE
Chaussée de Tervuren, 198A B-1410 Waterloo Belgium E-mail: [email protected]
Table of Contents
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications iii
Using this Manual........................................................................................... v Scope..............................................................................................................................v Audience ........................................................................................................................v Related Publications..................................................................................................... vi Notational Conventions ............................................................................................... vi Abbreviations.............................................................................................................. vii Document Overview .................................................................................................. viii Revision History .......................................................................................................... ix
1 MasterCard PayPass – Mag Stripe Personalization Data................. 1 1.1 Data Elements for Application Selection .............................................................1 1.2 Data Elements Referenced in the AFL (DGI '0101')............................................2 1.3 Data Elements for CVC3 Generation (DGI 'A001').............................................3 1.4 Secret Key (DGI 'A002') ......................................................................................4
2 MasterCard PayPass – M/Chip Flex Personalization Data ............... 5 2.1 Contact Data .........................................................................................................5 2.2 Generic Contactless Data .....................................................................................5
2.2.1 Data Elements for Application Selection ...........................................................5 2.2.2 Data Elements Referenced in the AFL...............................................................6 2.2.3 Get Processing Options Response ....................................................................13 2.2.4 Card Risk Management ....................................................................................14 2.2.5 Secret Keys.......................................................................................................16 2.2.6 Miscellaneous...................................................................................................16 2.2.7 Counter Limits and Previous Transaction ........................................................17 2.2.8 Data Elements with a Fixed Initial Value.........................................................17
2.3 Profile Dependent Contactless Data...................................................................18 2.3.1 Offline Profile...................................................................................................18 2.3.2 Standard Profile ................................................................................................19
3 Maestro PayPass – M/Chip Flex Personalization Data ................... 21 3.1 Contact Data .......................................................................................................21 3.2 Generic Contactless Data ...................................................................................21
3.2.1 Data Elements for Application Selection .........................................................21 3.2.2 Data Elements Referenced in the AFL.............................................................22 3.2.3 Get Processing Options Response ....................................................................27 3.2.4 Card Risk Management ....................................................................................28 3.2.5 Secret Keys.......................................................................................................29 3.2.6 Miscellaneous...................................................................................................30 3.2.7 Counter Limits and Previous Transaction ........................................................30 3.2.8 Data Elements with a Fixed Initial Value.........................................................31
3.3 Profile Dependent Contactless Data...................................................................32 3.3.1 Offline Profile...................................................................................................32
Table of Contents
Version 1.5 – July 2, 2009 © 2009 MasterCard iv PayPass Personalization Data Specifications
3.3.2 Standard Profile ................................................................................................33 3.3.3 Online Profile ...................................................................................................34
4 MasterCard PayPass – M/Chip 4 Personalization Data .................. 37 4.1 Contact Data .......................................................................................................37
4.1.1 Data Elements Referenced in the AFL (Contact) .............................................37 4.2 Generic Contactless Data ...................................................................................38
4.2.1 Data Elements for Application Selection .........................................................38 4.2.2 Data Elements Referenced in the AFL (PayPass)............................................39 4.2.3 Get Processing Options Response ....................................................................46 4.2.4 Card Risk Management ....................................................................................48 4.2.5 Secret Keys.......................................................................................................50 4.2.6 Miscellaneous...................................................................................................51 4.2.7 Counters and Previous Transaction ..................................................................52 4.2.8 Data Elements with a Fixed Initial Value.........................................................53
4.3 Profile Dependent Contactless Data...................................................................55 4.3.1 Offline Profile...................................................................................................55 4.3.2 Standard Profile ................................................................................................56
5 Maestro PayPass – M/Chip 4 Personalization Data ........................ 59 5.1 Contact Data .......................................................................................................59
5.1.1 Data Elements Referenced in the AFL (Contact) .............................................59 5.1.2 Card Risk Management (Contact) ....................................................................60
5.2 Generic Contactless Data ...................................................................................61 5.2.1 Data Elements for Application Selection .........................................................61 5.2.2 Data Elements Referenced in the AFL (PayPass)............................................62 5.2.3 Get Processing Options Response ....................................................................67 5.2.4 Card Risk Management ....................................................................................68 5.2.5 Secret Keys.......................................................................................................70 5.2.6 Miscellaneous...................................................................................................71 5.2.7 Counters and Previous Transaction ..................................................................71 5.2.8 Data Elements with a Fixed Initial Value.........................................................72
5.3 Profile Dependent Contactless Data...................................................................74 5.3.1 Offline Profile...................................................................................................74 5.3.2 Standard Profile ................................................................................................75 5.3.3 Online Profile ...................................................................................................76
Using this ManualScope
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications v
Using this Manual This chapter contains information that helps you understand and use this document.
Scope
MasterCard PayPass™ technology enables fast, easy and globally accepted payments through the use of contactless chip technology.
This document defines a set of personalization profiles supporting the MasterCard and Maestro products for the following PayPass card applications:
• PayPass – Mag Stripe
• PayPass – M/Chip 4
• PayPass – Flex
The personalization data given for the PayPass – M/Chip 4 application covers the different available application versions (v1.0, v1.1a, v1.1b). However, it covers only the contactless interface. The personalization data given for the PayPass – M/Chip Flex application does not include data for the co-application on the card.
For information on the personalization data for the contact interface, refer to the M/Chip Personalization Data Specifications and Profiles for Debit and Credit, as indicated in each chapter.
The personalization of the PPSE is not considered.
The personalization of PayPass applications for mobile use is not considered.
A card compliant with the values in this document will be accepted by the Chip Personalization Validation process. If a card is not compliant, MasterCard will evaluate the adherence to brand rules and if there is a potential risk, the card may be rejected.
Audience
This document is intended for:
• Issuers intending to issue PayPass cards or devices
• Personalization bureaus intending to provide facilities for PayPass applications
• Developers of Application Load File generation systems
It is assumed that the audience already has an understanding of chip card technology in general and in particular of PayPass.
Using this Manual Related Publications
Version 1.5 – July 2, 2009 © 2009 MasterCard vi PayPass Personalization Data Specifications
Related Publications
The following publications contain information directly related to this document or are referenced by it.
Reference Document
[PPMAG] PayPass – Mag Stripe Technical Specifications, Version 3.3 – December 2007
[PPMCHIP4] PayPass – M/Chip 4 Technical Specifications, Version 1.3.1 – September 2008
[MCHIPPDS] M/Chip Personalization Data Specifications and Profiles for Debit and Credit – June 2009
[MCHIP410] M/Chip 4 Card Application Specifications for Debit and Credit – October 2002
[MCHIP411] M/Chip 4 Version 1.1 Card Application Specifications for Debit and Credit – October 2006
[PPMCFLEX] PayPass – M/Chip Flex Technical Specifications, Version 1.1 – October 2006
Notational Conventions
The following conventions are used throughout the document.
Notation Description
'0' to '9' and 'A' to 'F' Hexadecimal notation. Values expressed in hexadecimal form are enclosed in single quotes (i.e. '_').
"abcd" an or ans string
[…] Optional part
xx Undefined value
Application Control[2][4] For multi-byte data elements, a byte index and a bit index are used under brackets. This example references the fourth bit of the second byte of the Application Control data element.
Using this ManualAbbreviations
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications vii
Abbreviations Abbreviation Meaning
AC Application Cryptogram
AFL Application File Locator
AID Application Identifier
AIP Application Interchange Profile
ARQC Authorization Request Cryptogram
ATC Application Transaction Counter
ATM Automated Teller Machine
C Conditional
CAT3 Level 3 Cardholder Activated Terminal
CDA Combined DDA/AC Generation
CDOL Card Risk Management Data Object List
CFDC Consecutive Failed Derivation Counter
CRM Card Risk Management
CVC Card Validation Code
CVM Cardholder Verification Method
DDA Dynamic Data Authentication
EMV Europay, MasterCard, VISA
EMV CSK EMV Common Session Key derivation
IVCVC3 Initialization Vector for CVC3
M Mandatory
NATCTRACK1 Track 1 Number of ATC Digits
NATCTRACK2 Track 2 Number of ATC Digits
NCA Length of the Certification Authority Public Key Modulus
NI Length of the Issuer Public Key Modulus
NIC Length of the ICC Public Key Modulus
nUN Number of positions in the discretionary data of Track 1 Data and Track 2 Data for transporting UN
O Optional
OBS On-behalf Services
PCVC3TRACK1 Track 1 Bit Map for CVC3
PCVC3TRACK2 Track 2 Bit Map for CVC3
PICC Proximity Integrated Circuit Card
Using this Manual Document Overview
Version 1.5 – July 2, 2009 © 2009 MasterCard viii PayPass Personalization Data Specifications
Abbreviation Meaning
PAN Primary Account Number
PIN Personal Identification Number
PPSE Proximity Payment System Environment
PUNATCTRACK1 Track 1 Bit Map for UN and ATC
PUNATCTRACK2 Track 2 Bit Map for UN and ATC
PVV PIN Verification Value
RFU Reserved for Future Use
SDA Static Data Authentication
SFI Short File Identifier
TC Transaction Certificate
TVR Terminal Verification Results
UN Unpredictable Number
Document Overview
This document is organized in five chapters. Each section provides the complete set of personalization data to configure the indicated application according to either MasterCard or Maestro product rules.
Chapter
1 MasterCard PayPass – Mag Stripe Personalization Data
2 MasterCard PayPass – M/Chip Flex Personalization Data
3 Maestro PayPass – M/Chip Flex Personalization Data
4 MasterCard PayPass – M/Chip 4 Personalization Data
5 Maestro PayPass – M/Chip 4 Personalization Data
Using this ManualRevision History
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications ix
Revision History Version Description
V1.2 • Table 2.3: Corrected reference for CVM List (See Section 2.3.3 instead of See Section 2.3.2).
• Table 2.15 and Table 4.16: Corrected definition of Skip CIAC – Default on CAT3 ("0: Do not skip, 1: Skip" instead of "0: Skip, 1: Do not skip").
• Indicated presence (Mandatory, Conditional or Optional) for data elements residing in the FCI and records.
• Added values for Application Usage Control. • Value of cardholder name in Track 1 Data changed to " /" (instead of
"SUPPLIED/NOT"). • Added note regarding the signing of Track 2 Equivalent Data to Table 4.3.
V1.3 • Various editorial corrections made. • Added notes regarding consistency of Track 2 Equivalent Data contents. • Modified default CDOL 2 value for PayPass – M/Chip Flex profiles. • Added notes regarding Static CVC3 setting in Maestro profiles.
V1.5 • Various editorial corrections made. • Document restructured to present contactless data as generic or profile-
dependent. • Profile options (offline, standard, online) added to each chapter as appropriate. • Updated CIAC and selected IAC bit settings to be profile dependent. • In PayPass – M/Chip 4 offline profiles, different CRM settings for Maestro and
MasterCard to reflect issuer choices regarding use of shared limits. • Contact profiles aligned with new contact PDS. • Security counter limits adjusted. • Added recommendation to use CDA in MasterCard PayPass profiles. • MasterCard profiles modified to include Debit MasterCard. • Added recommendation regarding use of PIX extensions. • Modified "PTL Exceeded" bit in CIACs and IACs.
MasterCard PayPass – Mag Stripe Personalization DataData Elements for Application Selection
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 1
1 MasterCard PayPass – Mag Stripe Personalization Data This chapter includes the personalization values for a PayPass – Mag Stripe card or device supporting the MasterCard brand.
1.1 Data Elements for Application Selection
Table 1.1—Application Selection
Data Element Name Tag MasterCard Recommended Value
AID '4F' 'A0000000041010'
DF Name '84' 'A0000000041010' (Must match value of AID)
Application Label '50' "MasterCard" or "MASTERCARD" or "Debit MasterCard" or "DEBIT MASTERCARD"
Note a Dependent on the implementation, data elements for application selection may already be personalized during pre-personalization. In this case, the AID and Application Label must be specified when ordering the PayPass card or device.
Note b Other optional data elements of the FCI (Application Priority Indicator, Language Preference, PDOL, Issuer Code Table Index, Application Preferred Name and FCI Issuer Discretionary Data) are not used by the PayPass – Mag Stripe card or device.
MasterCard PayPass – Mag Stripe Personalization Data Data Elements Referenced in the AFL (DGI '0101')
Version 1.5 – July 2, 2009 © 2009 MasterCard 2 PayPass Personalization Data Specifications
1.2 Data Elements Referenced in the AFL (DGI '0101')
Table 1.2—Persistent Data Elements in Record 1, SFI 1
Data Element Name Tag MasterCard Recommended Value
Presence
Mag Stripe Application Version Number '9F6C' '0001' M
PCVC3TRACK1 '9F62' Determined by issuer (See notes c and d below)
M
PUNATCTRACK1 '9F63' Determined by issuer (See notes c and e below)
M
Track 1 Data '56' Determined by issuer (See notes a and b below)
M
NATCTRACK1 '9F64' Determined by issuer (See notes e and f below)
M
PCVC3TRACK2 '9F65' Determined by issuer (See notes c and d below)
M
PUNATCTRACK2 '9F66' Determined by issuer (See notes c and e below)
M
Track 2 Data '9F6B' Determined by issuer (See note b below)
M
NATCTRACK2 '9F67' Determined by issuer (See notes e and f below)
M
PayPass Third Party Data '9F6E' Determined by issuer (See note g below)
O
Note a The storage of the cardholder name in the Track 1 Data is prohibited by MasterCard. It is therefore recommended to use a space character followed by the surname separator (i.e. " /").
Note b The placeholders for the dynamic data in the discretionary data (i.e. at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN) should be filled with zeroes (hexadecimal zeroes ('0') for Track 2 Data and ASCII zeroes ('30') for Track 1 Data). The least significant position of the discretionary data is used by the PayPass reader to store nUN. If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification and if the PAN Sequence Number is present in the discretionary data and if the PAN Sequence Number is used for the derivation of KDCVC3, then the length of the PAN Sequence Number must be maximum 1 significant digit.
Note c The bit map must only have non-zero bits that refer to available positions in the discretionary data field of the corresponding Track Data. The least significant bit of the bit map must be set to zero.
Note d The number of non-zero bits in the bit map must be greater than or equal to 3.
MasterCard PayPass – Mag Stripe Personalization DataData Elements for CVC3 Generation (DGI 'A001')
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 3
Note e The number of non-zero bits in PUNATCTRACK1 minus the value of NATCTRACK1 must be greater than or equal to zero, less than or equal to 8 and equal to the number of non-zero bits in PUNATCTRACK2 minus the value of NATCTRACK2.
Note f If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then the value of NATCTRACK1 and the value of NATCTRACK2 must be greater than or equal to 3 for the CVC3 Validation in Stand-in Service or greater than or equal to 2 for the Dynamic CVC3 Pre-validation Service or the PayPass Mapping Service (processing only option).
Note g Optional data element containing proprietary non-payment information (e.g. loyalty information).
1.3 Data Elements for CVC3 Generation (DGI 'A001')
Table 1.3—Persistent Data Elements for CVC3 Generation
Data Element Tag MasterCard Recommended Value
IVCVC3TRACK1
'DC' Determined by issuer (See notes a and b below)
IVCVC3TRACK2
'DD' Determined by issuer (See notes a and b below)
Note a It is strongly recommended to use for IVCVC3TRACK1 the two least significant bytes of the result of a MAC over the Track 1 Data as stored in Record 1, SFI 1. In the same way IVCVC3TRACK2 should be the two least significant bytes of the result of a MAC calculated over the Track 2 Data as stored in Record 1, SFI 1. If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then for IVCVC3 generation the method recommended above must be used, and the placeholders for the dynamic data in the discretionary data of Track 1 Data and Track 2 Data (i.e. at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN) must be filled with zeroes (hexadecimal zeroes ('0') for Track 2 Data and ASCII zeroes ('30') for Track 1 Data).
Note b It is strongly recommended to use for IVCVC3 generation the ISO/IEC 9797-1 MAC algorithm 3 with DES block cipher and an initial vector of zero (8 bytes). If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then this algorithm must be used.
MasterCard PayPass – Mag Stripe Personalization Data Secret Key (DGI 'A002')
Version 1.5 – July 2, 2009 © 2009 MasterCard 4 PayPass Personalization Data Specifications
1.4 Secret Key (DGI 'A002')
Table 1.4—KDCVC3
Data Element Tag MasterCard Recommended Value
KDCVC3 – Determined by issuer
MasterCard PayPass – M/Chip Flex Personalization DataContact Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 5
2 MasterCard PayPass – M/Chip Flex Personalization Data
2.1 Contact Data For information on personalization data specific to the contact interface, refer to [MCHIPPDS]. One of the contact profiles listed here must be used together with the contactless data listed in this chapter.
Chip grade issuers must use one of the following profiles:
• Chip grade MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM
• Chip grade MasterCard, Supports Online PIN, Signature and No CVM
• Semi grade MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM
• Semi grade MasterCard, Supports Online PIN, Signature and No CVM
Magnetic stripe grade issuers must use one of the following profiles:
• Magstripe Grade MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM
• Magstripe Grade MasterCard, Supports Online PIN, Signature and No CVM
2.2 Generic Contactless Data
2.2.1 Data Elements for Application Selection
Table 2.1—Application Selection
Data Element Name Tag MasterCard Recommended Value
Presence
AID '4F' 'A0000000041010' (See note below)
M
DF Name '84' 'A0000000041010' (Must match value of AID)
M
Application Label '50' "MasterCard", or "MASTERCARD" or "Debit MasterCard" or "DEBIT MASTERCARD"
O
MasterCard PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 6 PayPass Personalization Data Specifications
Data Element Name Tag MasterCard Recommended Value
Presence
Application Priority Indicator '87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
FCI Issuer Discretionary Data 'BF0C' Determined by issuer O
Note It is recommended not to use PIX extensions, as many legacy PayPass readers do not support partial AID matching.
2.2.2 Data Elements Referenced in the AFL
2.2.2.1 Recommended File Structure
If one of the recommended PayPass values for the AFL (see Table 2.14) is used, then the data elements returned by the card during the read application data process must be organized as shown in this section (i.e. each data element must be included in the record as specified below).
If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in this section, then an alternative file structure must be used as described in Section 3.2.2.2.
SFI 1
SFI 1 contains the data objects for PayPass – Mag Stripe transactions. The PayPass – Mag Stripe data objects must always be included in Record 1 of SFI 1. Record 1 must be the only record included in SFI 1.
Table 2.2—Record 1, SFI 1
Data Element Name Tag MasterCard Recommended Value
Presence
Mag Stripe Application Version Number '9F6C' '0001' M
PCVC3TRACK1 '9F62' Determined by issuer (See notes c and d below)
M
PUNATCTRACK1 '9F63' Determined by issuer (See notes c and d below)
M
Track 1 Data '56' Determined by issuer (See notes a and b below)
M
NATCTRACK1 '9F64' Determined by issuer (See notes e and f below)
M
MasterCard PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 7
Data Element Name Tag MasterCard Recommended Value
Presence
PCVC3TRACK2 '9F65' Determined by issuer (See notes c and d below)
M
PUNATCTRACK2 '9F66' Determined by issuer (See notes c and e below)
M
Track 2 Data '9F6B' Determined by issuer (See note b below)
M
NATCTRACK2 '9F67' Determined by issuer (See notes e and f below)
M
Note a The storage of the cardholder name in the Track 1 Data is prohibited by MasterCard. It is therefore recommended to use a space character followed by the surname separator (i.e. " /").
Note b The placeholders for the dynamic data in the discretionary data (i.e. at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN) should be filled with zeroes (hexadecimal zeroes ('0') for Track 2 Data and ASCII zeroes ('30') for Track 1 Data). The least significant position of the discretionary data is used by the PayPass reader to store nUN. If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification and if the PAN Sequence Number is present in the discretionary data and if the PAN Sequence Number is used for the derivation of KDCVC3, then the length of the PAN Sequence Number must be maximum 1 significant digit.
Note c The bit map must only have non-zero bits that refer to available positions in the discretionary data field of the corresponding Track Data. The least significant bit of the bit map must be set to zero.
Note d The number of non-zero bits in the bit map must be greater than or equal to 3.
Note e The number of non-zero bits in PUNATCTRACK1 minus the value of NATCTRACK1 must be greater than or equal to zero, less than or equal to 8 and equal to the number of non-zero bits in PUNATCTRACK2 minus the value of NATCTRACK2.
Note f If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then the value of NATCTRACK1 and the value of NATCTRACK2 must be greater than or equal to 3 for the CVC3 Validation in Stand-in Service or greater than or equal to 2 for the Dynamic CVC3 Pre-validation Service or the PayPass Mapping Service (processing only option).
MasterCard PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 8 PayPass Personalization Data Specifications
SFI 2
Table 2.3—Record 1, SFI 2
Data Element Tag MasterCard Recommended Value
Presence
Track 2 Equivalent Data '57' Determined by issuer (See notes a and c below)
M
Application Primary Account Number '5A' Determined by issuer (See note c below)
M
Application Expiration Date '5F24' Determined by issuer (See note c below)
M
Application Effective Date '5F25' Determined by issuer O
Issuer Country Code '5F28' Determined by issuer M
Application PAN Sequence Number '5F34' Determined by issuer M
CDOL1 '8C' '9F02069F03069F1A0295055F2A029A039C019F37049F35019F4502'
M
CDOL2 '8D' '9F3704' M
CVM List '8E' See Section 2.2.2.4 M
Application Usage Control '9F07' See Table 2.12 M
Application Version Number '9F08' '0002' M
Issuer Action Code – Default '9F0D' See Table 2.13 M
Issuer Action Code – Denial '9F0E' See Table 2.13 M
Issuer Action Code – Online '9F0F' See Table 2.13 M
Application Currency Code '9F42' Determined by issuer (See note b below)
C
SDA Tag List '9F4A' '82' M
Note a The Chip CVC in the Track 2 Equivalent Data must differ from the CVC1 in the track 2 data on the magnetic stripe, except if the issuer wants to make use of the OBS chip to magnetic stripe conversion service in which case the same value must be used.
Note b This data object must be present if the CVM List contains a condition code value of '06', '07', '08' or '09'.
Note c The contents of the Track 2 Equivalent Data (Tag '57') must be consistent with the PAN (Tag '5A') and Expiration Date (Tag '5F24') data elements.
MasterCard PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 9
SFI 3
Table 2.4—Record 1, SFI 3
Data Element Tag MasterCard Recommended Value
Presence
Certification Authority Public Key Index '8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer (See note below)
C
Issuer Public Key Certificate '90' Determined by issuer M
Note The Issuer Public Key Remainder is present if NI > (NCA – 36).
Table 2.5—Record 2, SFI 3
Data Element Tag MasterCard Recommended Value
Presence
Signed Static Application Data '93' Determined by issuer (See note below)
M
Note If SDA is not supported (AIP[1][7] = 0), then the value of the Signed Static Application Data must be set to 'FF'.
SFI 4
This file is only present when CDA is supported (AIP[1][1] = 1).
Table 2.6—Record 1, SFI 4
Data Element Tag MasterCard Recommended Value
Presence
ICC Public Key Exponent '9F47' Determined by issuer M
ICC Public Key Remainder '9F48' Determined by issuer (See note below)
C
Note The ICC Public Key Remainder is present if NIC > (NI – 42).
Table 2.7—Record 2, SFI 4
Data Element Tag MasterCard Recommended Value
Presence
ICC Public Key Certificate '9F46' Determined by issuer M
MasterCard PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 10 PayPass Personalization Data Specifications
2.2.2.2 Alternative File Structure
If the data elements returned by the card during the read application data process cannot be organized as shown in Section 2.2.2.1, then:
1. The recommended PayPass values for the AFL must not be used.
2. Record 1 must be the only record included in SFI 1. The first byte of the value of the AFL must therefore be '08010100'.
3. The PayPass – Mag Stripe data objects must always be included in Record 1 of SFI 1.
4. If present, the data elements in Table 2.8 must all be stored in records that are signed.
Table 2.8—Data Elements That Must be Authenticated
Data Element Tag
Application Primary Account Number '5A'
Application Expiration Date '5F24'
Application Effective Date '5F25'
Issuer Country Code '5F28'
Application PAN Sequence Number '5F34'
CDOL1 '8C'
CDOL2 '8D'
CVM List '8E'
Application Usage Control '9F07'
Issuer Action Code – Default '9F0D'
Issuer Action Code – Denial '9F0E'
Issuer Action Code – Online '9F0F'
Application Currency Code '9F42'
SDA Tag List '9F4A'
2.2.2.3 Data Elements that Must Not Be Included
Table 2.9 lists the data elements that must not be included in the records referenced in the AFL.
Table 2.9—Data Elements that Must Not Be Included
Data Element Name Tag
Cardholder Name '5F20'
MasterCard PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 11
2.2.2.4 CVM List
Table 2.10—CVM List MasterCard PayPass (Option 1)
CVM Bit 7 of byte 1 if CVM not successful
Byte 1 setting
Byte 2 setting
Meaning of Byte 2
Signature Apply next '5E' '03' If supported
Online PIN Apply next '42' '03' If supported
No CVM Fail '1F' '03' If supported
Table 2.11—CVM List MasterCard PayPass (Option 2)
CVM Bit 7 of byte 1 if CVM not successful
Byte 1 setting
Byte 2 setting
Meaning of Byte 2
Online PIN Apply next '42' '03' If supported
Signature Apply next '5E' '03' If supported
No CVM Fail '1F' '03' If supported
2.2.2.5 Application Usage Control
Table 2.12—Application Usage Control
Byte Bit Meaning Setting
1 8 Valid for domestic cash transactions 0/1
7 Valid for international cash transactions 0/1
6 Valid for domestic goods 0/1
5 Valid for international goods 1
4 Valid for domestic services 0/1
3 Valid for international services 1
2 Valid at ATMs 0/1
1 Valid at terminals other than ATMs 1
2 8 Domestic cashback allowed 0/1 (See note below)
7 International cashback allowed 0/1 (See note below)
6-1 RFU 000000
Note Cashback is optional for Debit MasterCard applications.
MasterCard PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 12 PayPass Personalization Data Specifications
2.2.2.6 Issuer Action Codes
Table 2.13—Issuer Action Codes
Byte Bit Meaning Denial Online Default
1 8 Data authentication was not performed 0/1 1 1
7 Offline static data authentication failed Profile dependent – see section 2.3
6 ICC data missing 0/1 1 1
5 Card appears on terminal exception file 0/1 1 1
4 Offline dynamic data authentication failed 0 0 0
3 Combined DDA/AC Generation failed Profile dependent – see section 2.3
2-1 RFU 00 00 00
2 8 Chip card and terminal have different application versions
0 0 0
7 Expired application 0/1 1 1
6 Application not yet effective 0 0/1 0
5 Requested service not allowed for card product 0/1 1 1
4 New card 0 0 0
3-1 RFU 000 000 000
3 8 Cardholder verification was not successful 0/1 1 1
7 Unrecognized CVM 0 0 0
6 PIN Try Limit Exceeded (See note b below)
0 0 0
5 PIN entry required but PIN pad not present/working
0 0 0
4 PIN entry required, PIN pad present but PIN not entered
0 0 0
3 Online PIN entered 0 1 1
2-1 RFU 00 00 00
4 8 Transaction exceeds floor limit 0 1 0
7 Lower Consecutive Offline Limit exceeded 0 0 0
6 Upper Consecutive Offline Limit exceeded 0 0 0
5 Transaction selected randomly for online processing
0 0 0
4 Merchant forced transaction online 0 0 0
3-1 RFU 000 000 000
MasterCard PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 13
Byte Bit Meaning Denial Online Default
5 8 Default TDOL used 0 0 0
7 Issuer Authentication was unsuccessful 0 0 0
6 Script processing failed before final GENERATE AC
0 0 0
5 Script processing failed after final GENERATE AC 0 0 0
4-1 RFU 0000 0000 0000
Note a If a bit in the Issuer Action Code – Denial is set to 1, then the corresponding bits in the Issuer Action Code – Online and Issuer Action Code – Default may be set to 0.
Note b The corresponding bit is not set in the TVR in the PayPass reader, therefore the setting of this bit has no impact on the transaction.
2.2.3 Get Processing Options Response
Table 2.14—Persistent Data Elements for the GPO Response
Data Element Name Tag MasterCard Recommended Value
AFL '94' '080101001001010118010200' for application supporting SDA '08010100100101011801020020010200' for application supporting CDA (See note below)
AIP '82' See Table 2.15
Note If the recommended values are used, then the data elements referenced in the files included in the AFL must be organized as specified in Section 2.2.2.1. If for any reason another organization is required, then the above recommended values must not be used. However the first four bytes must always be equal to '08010100'.
Table 2.15—AIP
Byte Bit Meaning Value
1 8 RFU 0
7 Offline static data authentication is supported (See note a below) 0: SDA not supported 1: SDA supported
0/1
6 Offline dynamic data authentication is supported 0
5 Cardholder verification supported 1
MasterCard PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 14 PayPass Personalization Data Specifications
Byte Bit Meaning Value
4 Terminal risk management to be performed 1
3 Issuer authentication data supported 0
2 RFU 0
1 Combined DDA/AC Generation supported (See note b below) 0: CDA not supported 1: CDA supported
0/1
2 8 M/Chip profile is supported 1
7-1 RFU 0000000
Note a 0 is only allowed if CDA is supported (AIP[1][1] = 1).
Note b Support for CDA is recommended for PayPass.
2.2.4 Card Risk Management
Table 2.16—Persistent Data Elements for Card Risk Management
Data Element Name Tag MasterCard Recommended Value
Lower Consecutive Offline Limit '9F14' Determined by issuer (See note a below)
Upper Consecutive Offline Limit '9F23' Determined by issuer
Lower Cumulative Offline Transaction Amount
'CA' Determined by issuer (See note a below)
Upper Cumulative Offline Transaction Amount
'CB' Determined by issuer
Card Issuer Action Code – Decline 'C3' Profile dependent. See Section 2.3.
Card Issuer Action Code – Default 'C4' Profile dependent. See Section 2.3.
Card Issuer Action Code – Online 'C5' Profile dependent. See Section 2.3.
CDOL1 Related Data Length 'C7' '20'
CRM Country Code 'C8' Same value as Issuer Country Code
CRM Currency Code 'C9' Same value as Application Currency Code
Currency Conversion Table 'D1' Determined by issuer (See note b below)
Additional Check Table 'D3' Not used. Personalized with hexadecimal zeroes.
Application Control 'D5' See Table 2.17
Note a When the Cumulative Offline Transaction Amount exceeds the Lower Cumulative Offline Transaction Amount or the Consecutive Offline Transactions Number exceeds the Lower Consecutive Offline Limit, the PayPass – M/Chip
MasterCard PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 15
Flex application will modify bit 2 of the PayPass Options Indicator of [PPMCFLEX] in order to force the co-application to go online at the next transaction. The issuer should therefore pay special attention to the values of these limits at personalization.
Note b If currency conversion is not used, it is recommended that the currency code in each entry in the Currency Conversion Table be set to the same value as the CRM Currency Code.
Table 2.17—Application Control
Byte Bit Meaning Value
1 8 Magstripe grade issuer (Not used) 0
7 Skip CIAC – Default on CAT3 0: Do not skip CIAC – Default 1: Skip CIAC – Default
0/1
6 Offline only 0
5 Key for offline encrypted PIN 0
4 Offline encrypted PIN verification 0
3 Offline plaintext PIN verification 0
2 Session key derivation (Not used) 0
1 Encrypt offline counters (Not used) 0
2 8-5 RFU 0000
4 Always add to Consecutive Transactions Number 0
3 Activate Additional Check Table 0
2 Retrieval of balance 0
1 Include counters in AC (Not used) 0
3 8 Static CVC3 (Not used) 0
7 Include ATC in CVC3 generation 1
6-1 RFU 000000
MasterCard PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 16 PayPass Personalization Data Specifications
2.2.5 Secret Keys
The Triple DES keys listed in Table 2.18 are derived from their corresponding issuer master keys using a unique identifier from the card such as the PAN, and so are often referred to as diversified keys.
Table 2.18—Triple DES Keys
Data Element Name Tag MasterCard Recommended Value
ICC Dynamic Number Master Key (MKIDN) – Determined by issuer
ICC Derived Key for CVC3 Generation (KDCVC3)
– Determined by issuer
AC Master Key (MKAC) – Determined by issuer
Table 2.19—RSA Keys
Data Element Name Tag MasterCard Recommended Value
Length of ICC Public Key Modulus – Determined by issuer
ICC Private Key – Determined by issuer
2.2.6 Miscellaneous
Table 2.20—Miscellaneous Persistent Data Elements
Data Element Name Tag MasterCard Recommended Value
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separation between the loading of the application code and the personalization data on the hardware, only part of the Application Life Cycle Data may be personalized.
Co-application Indicator 'DE' '00': M/Chip Lite 2.1 '01': M/Chip Select 2.05 '02': UKIS-compliant application '03': CCD-compliant application
Static CVC3TRACK1 'DA' '0000'
Static CVC3TRACK2 'DB' '0000'
IVCVC3TRACK1 'DC' Determined by issuer (See notes a and b below)
IVCVC3TRACK2 'DD' Determined by issuer (See notes a and b below)
Note a It is strongly recommended to use for IVCVC3TRACK1 the two least significant bytes of the result of a MAC over the Track 1 Data as stored in Record 1, SFI 1.
MasterCard PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 17
In the same way IVCVC3TRACK2 should be the two least significant bytes of the result of a MAC calculated over the Track 2 Data as stored in Record 1, SFI 1. If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then for IVCVC3 generation the placeholders for the dynamic data in the discretionary data of Track 1 Data and Track 2 Data (i.e. at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN) must be filled with zeroes (hexadecimal zeroes for Track 2 Data and ASCII zeroes ('30') for Track 1 Data).
Note b It is strongly recommended to use for IVCVC3 generation the ISO/IEC 9797-1 MAC algorithm 3 with DES block cipher and an initial vector of zero (8 bytes). If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then this algorithm must be used.
2.2.7 Counter Limits and Previous Transaction
Table 2.21—Persistent Data Elements for Counters and Previous Transactions
Data Element Name Tag MasterCard Recommended Value
Application Transaction Counter Limit – '4E20'
Previous Transaction History – '00'
AC Session Key Counter Limit – '4E20'
2.2.8 Data Elements with a Fixed Initial Value
Table 2.22—Data Elements with a Fixed Initial Value
Data Element Name Tag MasterCard Recommended Value
Cumulative Offline Transaction Amount – '000000000000'
Consecutive Offline Transactions Number – '00'
Application Transaction Counter '9F36' '0000'
AC Session Key Counter – '0000'
MasterCard PayPass – M/Chip Flex Personalization Data Profile Dependent Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 18 PayPass Personalization Data Specifications
2.3 Profile Dependent Contactless Data
2.3.1 Offline Profile Table 2.23 shows the Card Issuer Action Codes for offline-oriented behavior. With these settings the PayPass – M/Chip Flex application will never return an ARQC in response to a GENERATE AC command requesting a TC. Once the relevant upper limit (Upper Consecutive Offline Limit or Upper Cumulative Offline Limit) is exceeded all transactions are declined offline.
Table 2.23—Card Issuer Action Codes (Offline)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0 0 0
3 International Transaction 0 0 0
2 Domestic Transaction 0 0 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0 0
7 Upper Consecutive Offline Limit Exceeded 1 (See note)
0 0/1
6 Lower Cumulative Offline Limit Exceeded 0 0 0
5 Upper Cumulative Offline Limit Exceeded 1 (See note)
0 0/1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Note The contactless transaction that causes one of the upper limits (Upper Cumulative Offline Limit or Upper Consecutive Offline Limit) to be exceeded is not declined.
MasterCard PayPass – M/Chip Flex Personalization DataProfile Dependent Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 19
Table 2.24 shows specific bit settings for the Issuer Action Codes for offline-oriented behavior.
Table 2.24—Issuer Action Codes (Offline)
Byte Bit Meaning Denial Online Default
1 7 Offline static data authentication failed If SDA is supported (AIP[1][7] = 1) If SDA is not supported (AIP[1][7] = 0)
1 0
0 0
0 0
3 Combined DDA/AC Generation failed If CDA is supported (AIP[1][1] = 1) If CDA is not supported (AIP[1][1] = 0)
1 0
0 0
0 0
2.3.2 Standard Profile Table 2.25 shows the Card Issuer Action Codes for standard card behavior. When the upper limit is exceeded, transactions are sent online on online-capable terminals and declined offline on offline-only terminals.
Table 2.25—Card Issuer Action Codes (Standard)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0 0 0
3 International Transaction 0 0/1 0
2 Domestic Transaction 0 0/1 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0 0
7 Upper Consecutive Offline Limit Exceeded 0 1 1
6 Lower Cumulative Offline Limit Exceeded 0 0 0
5 Upper Cumulative Offline Limit Exceeded 0 1 1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
MasterCard PayPass – M/Chip Flex Personalization Data Profile Dependent Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 20 PayPass Personalization Data Specifications
Table 2.26 shows specific bit settings for the Issuer Action Codes for standard behavior.
Table 2.26—Issuer Action Codes (Standard)
Byte Bit Meaning Denial Online Default
1 7 Offline static data authentication failed If SDA is supported (AIP[1][7] = 1) If SDA is not supported (AIP[1][7] = 0)
0 0
1 0
1 0
3 Combined DDA/AC Generation failed If CDA is supported (AIP[1][1] = 1) If CDA is not supported (AIP[1][1] = 0)
0 0
1 0
1 0
Maestro PayPass – M/Chip Flex Personalization DataContact Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 21
3 Maestro PayPass – M/Chip Flex Personalization Data
3.1 Contact Data For information on personalization data specific to the contact interface, refer to [MCHIPPDS]. One of the contact profiles listed here must be used together with the contactless data listed in this chapter.
Issuers must use one of the following profiles:
• Chip grade Maestro, Supports Online PIN and Offline PIN
• Semi grade Maestro, Supports Online PIN and Offline PIN
A magnetic stripe grade card profile is not allowed for the contact interface.
3.2 Generic Contactless Data
3.2.1 Data Elements for Application Selection
Table 3.1—Application Selection
Data Element Name Tag MasterCard Recommended Value
Presence
AID '4F' 'A0000000043060' (See note below)
M
DF Name '84' 'A0000000043060' (Must match value of AID)
M
Application Label '50' "Maestro" or "MAESTRO" O
Application Priority Indicator '87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
FCI Issuer Discretionary Data 'BF0C' Determined by issuer O
Note It is recommended not to use PIX extensions, as many legacy PayPass readers do not support partial AID matching.
Maestro PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 22 PayPass Personalization Data Specifications
3.2.2 Data Elements Referenced in the AFL
3.2.2.1 Recommended File Structure
If the recommended value for the AFL (see Table 3.13) is used, then the data elements returned by the card during the read application data process must be organized as shown in this section (i.e. each data element must be included in the record as specified below).
If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in this section, then an alternative file structure must be used as described in Section 3.2.2.2.
SFI 1
SFI 1 contains the data objects for PayPass – Mag Stripe transactions. The PayPass – Mag Stripe profile is not supported for Maestro PayPass. If the recommended value for the AFL is used, then the value 'FFFF' for the Mag Stripe Application Version Number must be included in Record 1 of SFI 1. It is not necessary to include the Mag Stripe Application Version Number if the recommended value for the AFL is not used.
Table 3.2—Record 1, SFI 1
Data Element Name Tag MasterCard Recommended Value
Presence
Mag Stripe Application Version Number '9F6C' 'FFFF' M
SFI 2
Table 3.3—Record 1, SFI 2
Data Element Tag MasterCard Recommended Value
Presence
Track 2 Equivalent Data '57' Determined by issuer (See notes a and c below)
M
Application Primary Account Number '5A' Determined by issuer (See note c below)
M
Application Expiration Date '5F24' Determined by issuer (See note c below)
M
Application Effective Date '5F25' Determined by issuer O
Issuer Country Code '5F28' Determined by issuer M
Application PAN Sequence Number '5F34' Determined by issuer M
CDOL1 '8C' '9F02069F03069F1A0295055F2A029A039C019F37049F35019F4502'
M
CDOL2 '8D' '9F3704' M
Maestro PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 23
Data Element Tag MasterCard Recommended Value
Presence
CVM List '8E' See Table 3.10 M
Application Usage Control '9F07' See Table 3.11 M
Application Version Number '9F08' '0002' M
Issuer Action Code – Default '9F0D' See Table 3.12 M
Issuer Action Code – Denial '9F0E' See Table 3.12 M
Issuer Action Code – Online '9F0F' See Table 3.12 M
Application Currency Code '9F42' Determined by issuer (See note b below)
C
SDA Tag List '9F4A' '82' M
Note a If present, the Chip CVC in the Track 2 Equivalent Data must differ from the CVC1 in the track 2 data on the magnetic stripe, except if the issuer wants to make use of the OBS chip to magnetic stripe conversion service in which case the same value must be used.
Note b This data object must be present if the CVM List contains a condition code value of '06', '07', '08' or '09'.
Note c The contents of the Track 2 Equivalent Data (Tag '57') must be consistent with the PAN (Tag '5A') and Expiration Date (Tag '5F24') data elements.
SFI 3
Table 3.4—Record 1, SFI 3
Data Element Tag MasterCard Recommended Value
Presence
Certification Authority Public Key Index '8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer (See note below)
C
Issuer Public Key Certificate '90' Determined by issuer M
Note The Issuer Public Key Remainder is present if NI > (NCA – 36).
Table 3.5—Record 2, SFI 3
Data Element Tag MasterCard Recommended Value
Presence
Signed Static Application Data '93' 'FF' M
Maestro PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 24 PayPass Personalization Data Specifications
SFI 4
Table 3.6—Record 1, SFI 4
Data Element Tag MasterCard Recommended Value
Presence
ICC Public Key Exponent '9F47' Determined by issuer M
ICC Public Key Remainder '9F48' Determined by issuer (See note below)
C
Note The ICC Public Key Remainder is present if NIC > (NI – 42).
Table 3.7—Record 2, SFI 4
Data Element Tag MasterCard Recommended Value
Presence
ICC Public Key Certificate '9F46' Determined by issuer M
3.2.2.2 Alternative File Structure
If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in Section 3.2.2.1, then:
1. The recommended PayPass values for the AFL must not be used.
2. If present, the data elements in Table 3.8 must all be stored in records that are signed.
Table 3.8—Data Elements That Must be Authenticated
Data Element Tag
Application Primary Account Number '5A'
Application Expiration Date '5F24'
Application Effective Date '5F25'
Issuer Country Code '5F28'
Application PAN Sequence Number '5F34'
CDOL1 '8C'
CDOL2 '8D'
CVM List '8E'
Application Usage Control '9F07'
Issuer Action Code – Default '9F0D'
Issuer Action Code – Denial '9F0E'
Issuer Action Code – Online '9F0F'
Application Currency Code '9F42'
Maestro PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 25
Data Element Tag
SDA Tag List '9F4A'
3.2.2.3 Data Elements that Must Not be Included
Table 3.9 lists the data elements that must not be included in the records referenced in the AFL.
Table 3.9—Data Elements that Must Not be Included
Data Element Name Tag
Cardholder Name '5F20'
3.2.2.4 CVM List
This section describes the personalization value of the CVM List.
Table 3.10—CVM List Maestro PayPass
CVM Bit 7 of byte 1 if CVM not successful
Byte 1 setting
Byte 2 setting
Meaning of Byte 2
No CVM Fail '1F' '03' If supported
3.2.2.5 Application Usage Control
Table 3.11—Application Usage Control
Byte Bit Meaning Setting
1 8 Valid for domestic cash transactions 0/1
7 Valid for international cash transactions 0/1
6 Valid for domestic goods 0/1
5 Valid for international goods 1
4 Valid for domestic services 0/1
3 Valid for international services 1
2 Valid at ATMs 0/1
1 Valid at terminals other than ATMs 1
2 8 Domestic cashback allowed 0
7 International cashback allowed 0
6-1 RFU 000000
Maestro PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 26 PayPass Personalization Data Specifications
3.2.2.6 Issuer Action Codes
Table 3.12 describes the personalization values for the Issuer Action Codes.
Table 3.12—Issuer Action Codes
Byte Bit Meaning Denial Online Default
1 8 Data authentication was not performed 0/1 1 1
7 Offline static data authentication failed 0 0 0
6 ICC data missing 0/1 1 1
5 Card appears on terminal exception file 0/1 1 1
4 Offline dynamic data authentication failed 0 0 0
3 Combined DDA/AC Generation failed Profile dependent – see section 3.3
2-1 RFU 00 00 00
2 8 Chip card and terminal have different application versions
0 0 0
7 Expired Application 0/1 1 1
6 Application not yet effective 0 0/1 0
5 Requested service not allowed for card product 0/1 1 1
4 New card 0 0 0
3-1 RFU 000 000 000
3 8 Cardholder verification was not successful 0/1 1 1
7 Unrecognized CVM 0 0 0
6 PIN Try Limit exceeded (See note b below)
0 0 0
5 PIN entry required but PIN pad not present/working
0 0 0
4 PIN entry required, PIN pad present but PIN not entered
0 0 0
3 Online PIN entered 0 0 0
2-1 RFU 0 0 0
4 8 Transaction exceeds floor limit 0 1 1
7 Lower Consecutive Offline Limit exceeded 0 0 0
6 Upper Consecutive Offline Limit exceeded 0 0 0
5 Transaction selected randomly for online processing
0 0 0
4 Merchant forced transaction online 0 0 0
3-1 RFU 000 000 000
Maestro PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 27
Byte Bit Meaning Denial Online Default
5 8 Default TDOL used 0 0 0
7 Issuer Authentication was unsuccessful 0 0 0
6 Script processing failed before final Generate AC 0 0 0
5 Script processing failed after final Generate AC 0 0 0
4-1 RFU 0000 0000 0000
Note a If a bit in the Issuer Action Code – Denial is set to 1, then the corresponding bits in the Issuer Action Code – Online and Issuer Action Code – Default may be set to 0.
Note b The corresponding bit is not set in the TVR in the PayPass reader, therefore the setting of this bit has no impact on the transaction.
3.2.3 Get Processing Options Response
Table 3.13—Data Elements for the GPO Response
Data Element Name Tag MasterCard Recommended Value
AFL '94' '08010100100101011801020020010200' (See note below)
AIP '82' See Table 3.14
Note If the recommended value is used, then the data elements referenced in the files included in the AFL must be organized as specified in Section 3.2.2.1. If for any reason another organization is required, then the above recommended value must not be used.
Table 3.14—AIP
Byte Bit Meaning Value
1 8 RFU 0
7 Offline static data authentication is supported 0
6 Offline dynamic data authentication is supported 0
5 Cardholder verification supported 1
4 Terminal risk management to be performed 1
3 Issuer authentication data supported 0
2 RFU 0
1 Combined DDA/AC Generation supported 1
Maestro PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 28 PayPass Personalization Data Specifications
Byte Bit Meaning Value
2 8 M/Chip profile is supported 1
7-1 RFU 0000000
3.2.4 Card Risk Management
Table 3.15—Data Elements for Card Risk Management
Data Element Tag MasterCard Recommended Value
Lower Consecutive Offline Limit '9F14' Determined by issuer (See note a below)
Upper Consecutive Offline Limit '9F23' Determined by issuer
Lower Cumulative Offline Transaction Amount
'CA' Determined by issuer (See note a below)
Upper Cumulative Offline Transaction Amount
'CB' Determined by issuer
Card Issuer Action Code – Decline 'C3' Profile dependent. See Section 3.3
Card Issuer Action Code – Default 'C4' Profile dependent. See Section 3.3
Card Issuer Action Code – Online 'C5' Profile dependent. See Section 3.3
CDOL1 Related Data Length 'C7' '20'
CRM Country Code 'C8' Same value as Issuer Country Code
CRM Currency Code 'C9' Same value as Application Currency Code
Currency Conversion Table 'D1' Determined by issuer (See note b below)
Additional Check Data 'D3' Not used. Personalized with hexadecimal zeroes
Application Control 'D5' See Table 3.16
Note a When the Cumulative Offline Transaction Amount exceeds the Lower Cumulative Offline Transaction Amount or the Consecutive Offline Transactions Number exceeds the Lower Consecutive Offline Limit, the PayPass – M/Chip Flex application will modify bit 2 of the PayPass Options Indicator of [PPMCFLEX] in order to force the co-application to go online at the next transaction. The issuer should therefore pay special attention to the values of these limits at personalization.
Note b If currency conversion is not used, it is recommended that the currency code in each entry in the Currency Conversion Table be set to the same value as the CRM Currency Code.
Maestro PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 29
Table 3.16—Application Control
Byte Bit Meaning Value
1 8 Magstripe grade issuer (Not used) 0
7 Skip CIAC – Default on CAT3 0
6 Offline only 0
5 Key for offline encrypted PIN 0
4 Offline encrypted PIN verification 0
3 Offline plaintext PIN verification 0
2 Session key derivation (Not used) 0
1 Encrypt offline counters (Not used) 0
2 8-5 RFU 0000
4 Always add to Consecutive Transactions Number 0
3 Activate Additional Check Table 0
2 Allow retrieval of balance 0/1
1 Include counters in AC (Not used) 0
3 8 Static CVC3 (See note below) 1
7 Include ATC in CVC3 generation 0
6-1 RFU 000000
Note For security reasons, it is recommended to set bit 8 of byte 3 to 1.
3.2.5 Secret Keys
The Triple DES keys listed in Table 3.17 are derived from their corresponding issuer master keys using a unique identifier from the card such as the PAN, and so are often referred to as diversified keys.
Table 3.17—Triple DES Keys
Data Element Name Tag MasterCard Recommended Value
ICC Dynamic Number Master Key (MKIDN) – Determined by issuer
ICC Derived Key for CVC3 Generation (KDCVC3)
– Not used. Random non-zero value recommended.
AC Master Key (MKAC) – Determined by issuer
Maestro PayPass – M/Chip Flex Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 30 PayPass Personalization Data Specifications
Table 3.18—RSA Keys
Data Element Name Tag MasterCard Recommended Value
Length of ICC Public Key Modulus) – Determined by issuer
ICC Private Key – Determined by issuer
3.2.6 Miscellaneous
Table 3.19—Miscellaneous Persistent Data Elements
Data Element Tag MasterCard Recommended Value
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separation between the loading of the application code and the personalization data on the hardware, only part of the Application Life Cycle Data may be personalized.
Co-application Indicator 'DE' '00': M/Chip Lite 2.1 '01': M/Chip Select 2.05 '02': UKIS-compliant application '03': CCD-compliant application
Static CVC3TRACK1 'DA' '0000'
Static CVC3TRACK2 'DB' '0000'
IVCVC3TRACK1 'DC' '0000'
IVCVC3TRACK2 'DD' '0000'
3.2.7 Counter Limits and Previous Transaction
Table 3.20—Persistent Data Elements for Counters and Previous Transactions
Data Element Name Tag Tag
Application Transaction Counter Limit – '4E20'
Previous Transaction History – '00'
AC Session Key Counter Limit – '4E20'
Maestro PayPass – M/Chip Flex Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 31
3.2.8 Data Elements with a Fixed Initial Value
Table 3.21—Data Elements with a Fixed Initial Value
Data Element Name Tag Tag
Cumulative Offline Transaction Amount – '000000000000'
Consecutive Offline Transactions Number – '00'
Application Transaction Counter '9F36' '0000'
AC Session Key Counter – '0000'
Maestro PayPass – M/Chip Flex Personalization Data Profile Dependent Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 32 PayPass Personalization Data Specifications
3.3 Profile Dependent Contactless Data
3.3.1 Offline Profile
Table 3.17 shows the Card Issuer Action Codes for offline-oriented behavior. With these settings the PayPass – M/Chip Flex application will never return an ARQC in response to a GENERATE AC command requesting a TC. Once the relevant upper limit (Upper Consecutive Offline Limit or Upper Cumulative Offline Limit) is exceeded all transactions are declined offline.
Table 3.22—Card Issuer Action Codes (PayPass) (Offline)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0 0 0
3 International Transaction 0 0 0
2 Domestic Transaction 0 0 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0 0
7 Upper Consecutive Offline Limit Exceeded 1 (See note)
0 0/1
6 Lower Cumulative Offline Limit Exceeded 0 0 0
5 Upper Cumulative Offline Limit Exceeded 1 (See note)
0 0/1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Note The contactless transaction that causes one of the upper limits (Upper Cumulative Offline Limit or Upper Consecutive Offline Limit) to be exceeded is not declined.
Maestro PayPass – M/Chip Flex Personalization DataProfile Dependent Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 33
Table 3.23 shows specific bit settings for the Issuer Action Codes for offline-oriented behavior.
Table 3.23—Issuer Action Codes (Offline)
Byte Bit Meaning Denial Online Default
1 3 Combined DDA/AC Generation failed 1 0 0
3.3.2 Standard Profile
Table 3.24 shows the Card Issuer Action Codes for standard card behavior. When the upper limit is exceeded, all transactions are sent online on online-capable terminals and declined offline on offline-only terminals.
Table 3.24—Card Issuer Action Codes (PayPass) (Standard)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0 0 0
3 International Transaction 0 0/1 0
2 Domestic Transaction 0 0/1 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0 0
7 Upper Consecutive Offline Limit Exceeded 0 1 1
6 Lower Cumulative Offline Limit Exceeded 0 0 0
5 Upper Cumulative Offline Limit Exceeded 0 1 1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Maestro PayPass – M/Chip Flex Personalization Data Profile Dependent Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 34 PayPass Personalization Data Specifications
Table 3.25 shows specific bit settings for the Issuer Action Codes for standard behavior.
Table 3.25—Issuer Action Codes (Standard)
Byte Bit Meaning Denial Online Default
1 3 Combined DDA/AC Generation failed 0 1 1
3.3.3 Online Profile Table 3.26 describes the personalization values for the Card Issuer Action Codes for online-oriented behavior. They are used when the issuer chooses to send all contactless transactions online on online-capable terminals.
Table 3.26—Card Issuer Action Codes (PayPass) (Online)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0 0 0
3 International Transaction (See note below)
0 1 0
2 Domestic Transaction (See note below)
0 1 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0 0
7 Upper Consecutive Offline Limit Exceeded 0 0 1
6 Lower Cumulative Offline Limit Exceeded 0 0 0
5 Upper Cumulative Offline Limit Exceeded 0 0 1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Note The setting of the 'International Transaction' and 'Domestic Transaction' bits to (0,1,0) results in online contactless transactions on online-capable terminals.
Maestro PayPass – M/Chip Flex Personalization DataProfile Dependent Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 35
With this setting, the PayPass – M/Chip Flex application will always generate an ARQC on an online-capable terminal in response to a GENERATE TC or ARQC command.
Table 3.27 shows specific bit settings for the Issuer Action Codes for online-oriented behavior.
Table 3.27—Issuer Action Codes (Online)
Byte Bit Meaning Denial Online Default
1 3 Combined DDA/AC Generation failed 0 1 1
MasterCard PayPass – M/Chip 4 Personalization DataContact Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 37
4 MasterCard PayPass – M/Chip 4 Personalization Data PayPass – M/Chip 4 is a dual-interface application. Unless otherwise stated, this chapter gives only the personalization data for the contactless interface. Where possible, data elements listed may be shared between the contact and contactless interfaces.
4.1 Contact Data For information on personalization data specific to the contact interface, refer to [MCHIPPDS]. One of the contact profiles listed here must be used together with the contactless data listed in this chapter.
Chip grade issuers must use one of the following profiles:
• Chip grade MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM
• Chip grade MasterCard, Supports Online PIN, Signature and No CVM
• Semi grade MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM
• Semi grade MasterCard, Supports Online PIN, Signature and No CVM
Magnetic stripe grade issuers must use one of the following profiles:
• Magstripe Grade MasterCard, Supports Offline PIN, Online PIN, Signature and No CVM
• Magstripe Grade MasterCard, Supports Online PIN, Signature and No CVM
4.1.1 Data Elements Referenced in the AFL (Contact)
There are no recommended values for the AFL (Contact). The organization of the data elements included in the files referenced in the AFL (Contact) are organized as determined by the issuer.
Some records may be shared between the contact and contactless interfaces, regardless of the file organization indicated by the AFL (PayPass).
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 38 PayPass Personalization Data Specifications
4.2 Generic Contactless Data
4.2.1 Data Elements for Application Selection
Table 4.1 lists the persistent data elements for application selection. All data elements listed are shared between the contactless and contact interface and need to be personalized only once with a value common for both interfaces.
Table 4.1—Persistent Data Elements for Application Selection
Data Element Name Tag MasterCard Recommended Value
Presence
AID '4F' 'A0000000041010' (See note below)
M
DF Name '84' 'A0000000041010' (Must match value of AID)
M
Application Label '50' "MasterCard" or "MASTERCARD" or "Debit MasterCard" or "DEBIT MASTERCARD"
O
Application Priority Indicator '87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
FCI Issuer Discretionary Data 'BF0C' Determined by issuer O
Log Entry '9F4D' Byte 1: Lower bits contain the SFI of the transaction log file (11) Byte 2: Maximum number of records in the transaction log file
O
Note It is recommended not to use PIX extensions, as many legacy PayPass readers do not support partial AID matching.
MasterCard PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 39
4.2.2 Data Elements Referenced in the AFL (PayPass)
4.2.2.1 Recommended File Structure
If one of the recommended values for the AFL (PayPass) (see Table 4.14) is used, then the data elements returned by the card during the read application data process must be organized as shown in this section (i.e. each data element must be included in the record as specified below).
If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in this section, then an alternative file structure must be used as described in Section 4.2.2.2.
In either case, some records may be shared between the contact and contactless interfaces.
SFI 1
SFI 1 contains the data objects for PayPass – Mag Stripe transactions. The PayPass – Mag Stripe data objects must always be included in Record 1 of SFI 1. This applies also if the value of the AFL (PayPass) is different from one of the recommended PayPass values in Table 4.14. The first four bytes of the AFL (PayPass) must always be equal to '08010100'.
Table 4.2—Record 1, SFI 1
Data Element Name Tag MasterCard Recommended Value
Presence
Mag Stripe Application Version Number '9F6C' '0001' M
PCVC3TRACK1 '9F62' Determined by issuer (See notes c and d below)
M
PUNATCTRACK1 '9F63' Determined by issuer (See notes c and e below)
M
Track 1 Data '56' Determined by issuer (See notes a and b below)
M
NATCTRACK1 '9F64' Determined by issuer (See notes e and f below)
M
PCVC3TRACK2 '9F65' Determined by issuer (See notes c and d below)
M
PUNATCTRACK2 '9F66' Determined by issuer (See notes c and e below)
M
Track 2 Data '9F6B' Determined by issuer (See note b below)
M
NATCTRACK2 '9F67' Determined by issuer (See notes e and f below)
M
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 40 PayPass Personalization Data Specifications
Note a The storage of the cardholder name in the Track 1 Data is prohibited by MasterCard. It is therefore recommended to use a space character followed by the surname separator (i.e. " /").
Note b The placeholders for the dynamic data in the discretionary data (i.e. at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN) should be filled with zeroes (hexadecimal zeroes ('0') for Track 2 Data and ASCII zeroes ('30') for Track 1 Data). The least significant position of the discretionary data is used by the PayPass reader to store nUN. If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification and if the PAN Sequence Number is present in the discretionary data and if the PAN Sequence Number is used for the derivation of KDCVC3, then the length of the PAN Sequence Number must be maximum 1 significant digit.
Note c The bit map must only have non-zero bits that refer to available positions in the discretionary data field of the corresponding Track Data. The least significant bit of the bit map must be set to zero.
Note d The number of non-zero bits in the bit map must be greater than or equal to 3.
Note e The number of non-zero bits in PUNATCTRACK1 minus the value of NATCTRACK1 must be greater than or equal to zero, less than or equal to 8 and equal to the number of non-zero bits in PUNATCTRACK2 minus the value of NATCTRACK2.
Note f If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then the value of NATCTRACK1 and the value of NATCTRACK2 must be greater than or equal to 3 for the CVC3 Validation in Stand-in Service or greater than or equal to 2 for the Dynamic CVC3 Pre-validation Service or the PayPass Mapping Service (processing only option).
SFI 2
Table 4.3—Record 1, SFI 2
Data Element Name Tag MasterCard Recommended Value
Presence
Track-2 Equivalent Data '57' Determined by issuer (See notes a, b and d below)
M
Application Primary Account Number '5A' Determined by issuer (See note d below)
M
Application Expiration Date '5F24' Determined by issuer (See note d below)
M
Application Effective Date '5F25' Determined by issuer O
Issuer Country Code '5F28' Determined by issuer M
Application PAN Sequence Number '5F34' Determined by issuer M
MasterCard PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 41
Data Element Name Tag MasterCard Recommended Value
Presence
CDOL1 '8C' PayPass – M/Chip Select 4: '9F02069F03069F1A0295055F2A029A039C019F37049F35019F45029F4C089F3403' PayPass – M/Chip Lite 4: '9F02069F03069F1A0295055F2A029A039C019F37049F35019F45029F3403'
M
CDOL2 '8D' PayPass – M/Chip Select 4: '910A8A0295059F37049F4C08' PayPass – M/Chip Lite 4: '910A8A029505'
M
CVM List '8E' See Section 4.2.2.4 M
Application Usage Control '9F07' See Table 4.12 M
Application Version Number '9F08' '0002' M
Issuer Action Code – Default '9F0D' See Table 4.13 M
Issuer Action Code – Denial '9F0E' See Table 4.13 M
Issuer Action Code – Online '9F0F' See Table 4.13 M
Application Currency Code '9F42' Determined by issuer (See note c below)
C
SDA Tag List '9F4A' '82' M
Note a An issuer who supports online PIN change using the PVV on the Track 2 Equivalent Data must not include the Track 2 Equivalent Data in a record used as input for static data authentication. In this case, the recommended AFL cannot be used.
Note b The Chip CVC in the Track 2 Equivalent Data must differ from the CVC1 in the track 2 data on the magnetic stripe, except if the issuer wants to make use of the OBS chip to magnetic stripe conversion service in which case the same value must be used.
Note c This data object must be present if the CVM List contains a condition code value of '06', '07', '08' or '09'.
Note d The contents of the Track 2 Equivalent Data (Tag '57') must be consistent with the PAN (Tag '5A') and Expiration Date (Tag '5F24') data elements.
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 42 PayPass Personalization Data Specifications
SFI 3
Table 4.4—Record 1, SFI 3
Data Element Name Tag MasterCard Recommended Value
Presence
Certification Authority Public Key Index '8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer (See note below)
C
Issuer Public Key Certificate '90' Determined by issuer M
Note The Issuer Public Key Remainder is present if NI > (NCA – 36).
Table 4.5—Record 2, SFI 3
Data Element Name Tag MasterCard Recommended Value
Presence
Signed Static Application Data '93' Determined by issuer (See note below)
M
Note If SDA is not supported over the contactless interface (AIP (PayPass)[1][7] = 0) and if Record 2, SFI 3 is not shared with the contact interface, then the value of the Signed Static Application Data must be set to 'FF'. If SDA is not supported over the contactless interface (AIP (PayPass)[1][7] = 0) and if Record 2, SFI 3 is shared with the contact interface, then it may contain any data elements for the contact interface.
SFI 4
SFI 4 is only present when CDA is supported (AIP (PayPass)[1][7] = 1).
Table 4.6—Record 1, SFI 4
Data Element Name Tag MasterCard Recommended Value
Presence
ICC Public Key Exponent '9F47' Determined by issuer M
ICC Public Key Remainder '9F48' Determined by issuer (See note below)
C
Note The ICC Public Key Remainder is present if NIC > (NI – 42).
MasterCard PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 43
Table 4.7—Record 2, SFI 4
Data Element Name Tag MasterCard Recommended Value
Presence
ICC Public Key Certificate '9F46' Determined by issuer M
4.2.2.2 Alternative File Structure
If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in Section 4.2.2.1, then:
1. The recommended PayPass values for the AFL (PayPass) must not be used.
2. Record 1 must be the only record included in SFI 1. The first byte of the value of the AFL (PayPass) must therefore be '08010100'.
3. The PayPass – Mag Stripe data objects must always be included in Record 1 of SFI 1.
4. If present, the data elements in Table 4.8 must all be stored in records that are signed.
Table 4.8—Data Elements That Must be Authenticated
Data Element Tag
Application Primary Account Number '5A'
Application Expiration Date '5F24'
Application Effective Date '5F25'
Issuer Country Code '5F28'
Application PAN Sequence Number '5F34'
CDOL1 '8C'
CDOL2 '8D'
CVM List '8E'
Application Usage Control '9F07'
Issuer Action Code – Default '9F0D'
Issuer Action Code – Denial '9F0E'
Issuer Action Code – Online '9F0F'
Application Currency Code '9F42'
SDA Tag List '9F4A'
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 44 PayPass Personalization Data Specifications
4.2.2.3 Data Elements that Must Not Be Included
Table 4.9 lists the data elements that must not be included in the records referenced in the AFL (PayPass).
Table 4.9—Data Elements that Must Not Be Included
Data Element Name Tag
Cardholder Name '5F20'
4.2.2.4 CVM List
This section describes the personalization values of the CVM List for the contactless interface.
Table 4.10—CVM List MasterCard PayPass (Option 1)
CVM Bit 7 of byte 1 if CVM not successful
Byte 1 setting
Byte 2 setting
Meaning of Byte 2
Signature Apply next '5E' '03' If supported
Online PIN Apply next '42' '03' If supported
No CVM Fail '1F' '03' If supported
Table 4.11—CVM List for MasterCard PayPass (Option 2)
CVM Bit 7 of byte 1 if CVM not successful
Byte 1 setting
Byte 2 setting
Meaning of Byte 2
Online PIN Apply next '42' '03' If supported
Signature Apply next '5E' '03' If supported
No CVM Fail '1F' '03' If supported
4.2.2.5 Application Usage Control
Table 4.12—Application Usage Control
Byte Bit Meaning Setting
1 8 Valid for domestic cash transactions 0/1
7 Valid for international cash transactions 0/1
6 Valid for domestic goods 0/1
5 Valid for international goods 1
4 Valid for domestic services 0/1
3 Valid for international services 1
2 Valid at ATMs 0/1
MasterCard PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 45
Byte Bit Meaning Setting
1 Valid at terminals other than ATMs 1
2 8 Domestic cashback allowed 0/1 (See note below)
7 International cashback allowed 0/1 (See note below)
6-1 RFU 000000
Note Cashback is optional for Debit MasterCard applications.
4.2.2.6 Issuer Action Codes
This section describes the personalization values of the Issuer Action Codes for the contactless interface.
Table 4.13—Issuer Action Codes
Byte Bit Meaning Denial Online Default
1 8 Data authentication was not performed 0/1 1 1
7 Offline static data authentication failed Profile dependent – see section 4.3
6 ICC data missing 0/1 1 1
5 Card appears on terminal exception file 0/1 1 1
4 Offline dynamic data authentication failed 0 0 0
3 Combined DDA/AC Generation failed) Profile dependent – see section 4.3
2-1 RFU 00 00 00
2 8 Chip card and terminal have different application versions
0 0 0
7 Expired application 0/1 1 1
6 Application not yet effective 0 0/1 0
5 Requested service not allowed for card product 0/1 1 1
4 New card 0 0 0
3-1 RFU 000 000 000
3 8 Cardholder verification was not successful 0/1 1 1
7 Unrecognized CVM 0 0 0
6 PIN Try Limit exceeded (See note b below)
0 0 0
5 PIN entry required but PIN pad not present/working
0 0 0
4 PIN entry required, PIN pad present but PIN not entered
0 0 0
3 Online PIN entered 0 1 1
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 46 PayPass Personalization Data Specifications
Byte Bit Meaning Denial Online Default
2-1 RFU 00 00 00
4 8 Transaction exceeds floor limit 0 1 0
7 Lower Consecutive Offline Limit exceeded 0 0 0
6 Upper Consecutive Offline Limit exceeded 0 0 0
5 Transaction selected randomly for online processing
0 0 0
4 Merchant forced transaction online 0 0 0
3-1 RFU 000 000 000
5 8 Default TDOL used 0 0 0
7 Issuer Authentication was unsuccessful 0 0 0
6 Script processing failed before final Generate AC
0 0 0
5 Script processing failed after final Generate AC 0 0 0
4-1 RFU 0000 0000 0000
Note a If a bit in the Issuer Action Code – Denial is set to 1, then the corresponding bits in the Issuer Action Code – Online and Issuer Action Code – Default may be set to 0.
Note b The corresponding bit is not set in the TVR in the PayPass reader, therefore the setting of this bit has no impact on the transaction.
MasterCard PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 47
4.2.3 Get Processing Options Response
Table 4.14—Persistent Data Elements for Get Processing Options Response
Data Element Name Tag MasterCard Recommended Value
AFL (PayPass) (See note below)
'D9' '080101001001010118010200' for application supporting SDA '08010100100101011801020020010200' for application supporting CDA.
AIP (PayPass) 'D8' See Table 4.15
Note If the recommended values are used, then the data elements referenced in the files included in the AFL (PayPass) must be organized as specified in Section 4.2.2.1. If for any reason a different organization is required, then the above recommended values must not be used. However the first four bytes must always be equal to '08010100'.
Table 4.15—AIP (PayPass)
Byte Bit Meaning Value
1 8 RFU 0
7 Offline static data authentication is supported (See note a below) 0: SDA not supported 1: SDA supported
0/1
6 Offline dynamic data authentication is supported 0
5 Cardholder verification supported 1
4 Terminal risk management to be performed 1
3 Issuer authentication data supported 0
2 RFU 0
1 Combined DDA/AC Generation supported (See note b below) 0: CDA not supported 1: CDA supported
0/1
2 8 M/Chip profile is supported 1
7-1 RFU 0
Note a 0 is only allowed if CDA is supported (AIP[1][1] = 1).
Note b Support for CDA is recommended for PayPass. For PayPass – M/Chip Lite 4 however, the only allowed value is 0.
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 48 PayPass Personalization Data Specifications
4.2.4 Card Risk Management
Unless otherwise indicated, card risk management data elements are shared between the contact and contactless interface and must be configured in the same way as for the M/Chip 4 application.
Table 4.16—Persistent Data Elements for Card Risk Management
Data Element Name Tag MasterCard Recommended Value
Lower Consecutive Offline Limit '9F14' Determined by issuer
Upper Consecutive Offline Limit '9F23' Determined by issuer
Lower Cumulative Offline Transaction Amount
'CA' Determined by issuer
Upper Cumulative Offline Transaction Amount
'CB' Determined by issuer
Application Control (PayPass) 'D7' See Table 4.17
Card Issuer Action Code (PayPass) – Decline
'CF' Profile dependent. See Section 4.3.
Card Issuer Action Code (PayPass) – Default
'CD' Profile dependent. See Section 4.3.
Card Issuer Action Code (PayPass) – Online
'CE' Profile dependent. See Section 4.3.
CDOL1 Related Data Length 'C7' PayPass – M/Chip Lite 4: '23' PayPass – M/Chip Select 4: '2B'
CRM Country Code 'C8' Same value as Issuer Country Code
CRM Currency Code 'C9' Same value as Application Currency Code
Currency Conversion Table 'D1' Determined by issuer (See note below)
Additional Check Table 'D3' Not used. Personalized with hexadecimal zeroes.
Note If currency conversion is not used, it is recommended that the currency code in each entry in the Currency Conversion Table be set to the same value as the CRM Currency Code.
MasterCard PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 49
Table 4.17—Application Control (PayPass)
Byte Bit Meaning Value
1 8 Magstripe grade issuer (Not used) 0
7 Skip CIAC – Default on CAT3 0: Do not skip CIAC (PayPass) – Default 1: Skip CIAC (PayPass) – Default
0/1
6 RFU 0
5 Key for offline encrypted PIN 0
4 Offline encrypted PIN verification 0
3 Offline plaintext PIN verification 0
2 Session key derivation (See note below) 0/1
1 Encrypt offline counters 0/1
2 8-4 RFU 00000
3 Activate Additional Check Table 0
2 Retrieval of balance 0/1
1 Include counters in AC 0/1
3 8 Static CVC3 (Not used) 0
7 Include ATC in CVC3 generation 1
6-1 RFU 000000
Note The definition of bit 2 of byte 1 of Application Control (PayPass) depends on the version of the PayPass – M/Chip 4 application (v1.0, v1.1a, or v1.1b). Refer to Table 4.18 for more information.
Table 4.18—Session Key Derivation Algorithm
Version Application Control[1][2] = 0 Application Control[1][2] = 1
v1.0 MasterCard Proprietary EMV2000
v1.1a MasterCard Proprietary Value not allowed
v1.1b MasterCard Proprietary EMV CSK
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 50 PayPass Personalization Data Specifications
4.2.5 Secret Keys
The Triple DES keys listed in Table 4.19 are derived from their corresponding issuer master keys using a unique identifier from the card such as the PAN, and so are often referred to as diversified keys.
Table 4.19—Triple DES Keys
Data Element Name Tag MasterCard Recommended Value
ICC Dynamic Number Master Key (MKIDN)
– Determined by issuer
AC Master Key (MKAC) – Determined by issuer
SM for Integrity Master Key (MKSMI) – Determined by issuer
SM for Confidentiality Master Key (MKSMC)
– Determined by issuer
ICC Derived Key for CVC3 Generation (KDCVC3)
– Determined by issuer
Table 4.20—RSA Keys
Data Element Name Tag MasterCard Recommended Value
Length of ICC Public Key Modulus – Determined by issuer
ICC Private Key – Determined by issuer
Length of ICC PIN Encipherment Public Key Modulus
– Determined by issuer
ICC PIN Encipherment Private Key – Determined by issuer
MasterCard PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 51
4.2.6 Miscellaneous
Table 4.21—Miscellaneous Persistent Data Elements
Data Element Name Tag MasterCard Recommended Value
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separation between the loading of the application code and the personalization data on the hardware, only part of the Application Life Cycle Data may be personalized.
Log Format '9F4F' The content of records in the Log of Transactions
Static CVC3TRACK1 'DA' '0000'
Static CVC3TRACK2 'DB' '0000'
IVCVC3TRACK1 'DC' Determined by issuer (See notes a and b below)
IVCVC3TRACK2 'DD' Determined by issuer (See notes a and b below)
Note a It is strongly recommended to use for IVCVC3TRACK1 the two least significant bytes of the result of a MAC over the Track 1 Data as stored in Record 1, SFI 1. In the same way IVCVC3TRACK2 should be the two least significant bytes of the result of a MAC calculated over the Track 2 Data as stored in Record 1, SFI 1. If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then for IVCVC3 generation the placeholders for the dynamic data in the discretionary data of Track 1 Data and Track 2 Data (i.e. at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN) must be filled with zeroes (hexadecimal zeroes for Track 2 Data and ASCII zeroes ('30') for Track 1 Data).
Note b It is strongly recommended to use for IVCVC3 generation the ISO/IEC 9797-1 MAC algorithm 3 with DES block cipher and an initial vector of zero (8 bytes). If the issuer intends to make use of MasterCard's On-behalf Service for dynamic CVC3 verification, then this algorithm must be used.
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 52 PayPass Personalization Data Specifications
4.2.7 Counters and Previous Transaction
Table 4.22—Counters and Previous Transaction (M/Chip 4 Version 1.0)
Data Element Name Tag MasterCard Recommended Value
Application Transaction Counter Limit – '4E20'
Previous Transaction History – '00'
Bad Cryptogram Counter Limit – '0400'
MAC in Script Counter Limit – '0F'
Global MAC in Script Counter Limit – '004E20'
CFDC_Limit for Integrity Session Key – 3
CFDC_Limit for Confidentiality Session Key
– 3
CFDC_Limit for AC Session Key – 3
Table 4.23—Counters and Previous Transaction (M/Chip 4 Version 1.1.a)
Data Element Name Tag MasterCard Recommended Value
Application Transaction Counter Limit – '4E20'
Previous Transaction History – '00'
Bad Cryptogram Counter Limit – '0400'
MAC in Script Counter Limit – '0F'
Global MAC in Script Counter Limit – '004E20'
Table 4.24—Counters and Previous Transaction (M/Chip 4 Version 1.1.b)
Data Element Name Tag MasterCard Recommended Value
Application Transaction Counter Limit – '4E20'
Previous Transaction History – '00'
Bad Cryptogram Counter Limit – '0400'
AC Session Key Counter Limit – '0400' (See note below)
SMI Session Key Counter Limit – '0400'
Note If a magnetic stripe grade profile is used for the contact interface, then the AC Session Key Counter Limit must be set to the same value as the Application Transaction Counter Limit ('4E20').
MasterCard PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 53
4.2.8 Data Elements with a Fixed Initial Value
Table 4.25—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.0)
Data Element Name Tag MasterCard Recommended Value
Cumulative Offline Transaction Amount – '000000000000'
Consecutive Offline Transactions Number
– '00'
Script Counter '9F5F' '00'
Log of The Current Transaction x (x=1...10 or more)
– '00…00'
Application Transaction Counter '9F36' '0000'
Global MAC in Script Counter – '000000'
Bad Cryptogram Counter – '0000'
CFDC for Integrity Session Key – 0
CFDC for Confidentiality Session Key
– 0
CFDC for AC Session Key – 0
Table 4.26—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.1.a)
Data Element Name Tag MasterCard Recommended Value
Cumulative Offline Transaction Amount – '000000000000'
Consecutive Offline Transactions Number – '00'
Script Counter '9F5F' '00'
Log of The Current Transaction x (x=1...10 or more)
– '00…00'
Application Transaction Counter '9F36' '0000'
Global MAC in Script Counter – '000000'
Bad Cryptogram Counter – '0000'
Table 4.27—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.1b)
Data Element Name Tag MasterCard Recommended Value
Cumulative Offline Transaction Amount – '000000000000'
Consecutive Offline Transactions Number – '00'
Script Counter '9F5F' '00'
Log of The Current Transaction x (x=1...10 or more)
– '00…00'
Application Transaction Counter '9F36' '0000'
AC Session Key Counter – '0000'
MasterCard PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 54 PayPass Personalization Data Specifications
Data Element Name Tag MasterCard Recommended Value
SMI Session Key Counter – '0000'
Bad Cryptogram Counter – '0000'
Security Limits Status 'DF02" '00'
MasterCard PayPass – M/Chip 4 Personalization DataProfile Dependent Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 55
4.3 Profile Dependent Contactless Data
4.3.1 Offline Profile
Table 4.28 shows the Card Issuer Action Codes (PayPass) for offline-oriented behavior. With this profile, the PayPass – M/Chip 4 application will never return an ARQC in response to a GENERATE AC command requesting a TC over the contactless interface. Once the relevant lower limit (Lower Consecutive Offline Limit or Lower Cumulative Offline Limit) is exceeded all contactless transactions are declined offline.
Table 4.28—Card Issuer Action Codes (PayPass) (Offline Profile)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0/1 0/1 0/1
3 International Transaction 0 0 0
2 Domestic Transaction 0 0 0
1 Terminal Erroneously Considers Offline PIN OK
0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 1 (See note a)
0 0/1
7 Upper Consecutive Offline Limit Exceeded 0 0 0
6 Lower Cumulative Offline Limit Exceeded 1 (See note a)
0 0/1
5 Upper Cumulative Offline Limit Exceeded 0 0 0
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Note a The contactless transaction that causes one of the lower limits (Lower Cumulative Offline Limit or Lower Consecutive Offline Limit) to be exceeded is not declined.
MasterCard PayPass – M/Chip 4 Personalization Data Profile Dependent Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 56 PayPass Personalization Data Specifications
Table 4.29 shows specific bit settings for the Issuer Action Codes for offline-oriented behavior.
Table 4.29—Issuer Action Codes (Offline)
Byte Bit Meaning Denial Online Default
1 7 Offline static data authentication failed If SDA is supported (AIP[1][7] = 1) If SDA is not supported (AIP[1][7] = 0)
1 0
0 0
0 0
3 Combined DDA/AC Generation failed If CDA is supported (AIP[1][1] = 1) If CDA is not supported (AIP[1][1] = 0)
1 0
0 0
0 0
4.3.2 Standard Profile Table 4.30 shows the Card Issuer Action Codes (PayPass) for standard card behavior. With this profile, a contactless transaction that causes one of the upper limits (Upper Cumulative Offline Limit Exceeded or Upper Consecutive Offline Limit Exceeded) to be exceeded is sent online on online-capable terminals, and declined offline on offline-only terminals.
Table 4.30—Card Issuer Action Codes (PayPass) (Standard Profile)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0/1 0/1 0/1
3 International Transaction 0 0/1 0
2 Domestic Transaction 0 0/1 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0/1 0
7 Upper Consecutive Offline Limit Exceeded 0 1 1
6 Lower Cumulative Offline Limit Exceeded 0 0/1 0
5 Upper Cumulative Offline Limit Exceeded 0 1 1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
MasterCard PayPass – M/Chip 4 Personalization DataProfile Dependent Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 57
Byte Bit Meaning Decline Online Default
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Table 4.31 shows specific bit settings for the Issuer Action Codes for standard behavior.
Table 4.31—Issuer Action Codes (Standard)
Byte Bit Meaning Denial Online Default
1 7 Offline static data authentication failed If SDA is supported (AIP[1][7] = 1) If SDA is not supported (AIP[1][7] = 0)
0 0
1 0
1 0
3 Combined DDA/AC Generation failed If CDA is supported (AIP[1][1] = 1) If CDA is not supported (AIP[1][1] = 0)
0 0
1 0
1 0
Maestro PayPass – M/Chip 4 Personalization DataContact Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 59
5 Maestro PayPass – M/Chip 4 Personalization Data PayPass – M/Chip 4 is a dual-interface application. Where possible, data elements listed may be shared between the contact and contactless interfaces. The personalization profile given in this section is only applicable for the PayPass – M/Chip Select 4 platform.
The contactless personalization data given in this chapter is listed according to whether the data is generic or profile specific.
5.1 Contact Data For information on personalization data specific to the contact interface, refer to [MCHIPPDS]. One of the contact profiles listed here must be used together with the contactless data listed in this chapter.
Issuers must use one of the following profiles:
• Chip grade Maestro, Supports Online PIN and Offline PIN
• Semi grade Maestro, Supports Online PIN and Offline PIN
A magnetic stripe grade card profile is not allowed for the contact interface.
5.1.1 Data Elements Referenced in the AFL (Contact)
There are no recommended values for the AFL (Contact). The organization of the data elements included in the files referenced in the AFL (Contact) are organized as determined by the issuer.
Some records may be shared between the contact and contactless interfaces, regardless of the file organization indicated by the AFL (PayPass) This section addresses data elements referenced in the AFL (Contact) that do not have the same value for both interfaces (and thus must not be shared).
Note This section does not contain a complete list of all data elements referenced in the AFL (Contact).
Table 5.1 lists the data elements that do not have the same value for both interfaces. These data elements cannot be included in records shared by both interfaces.
Maestro PayPass – M/Chip 4 Personalization Data Contact Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 60 PayPass Personalization Data Specifications
Table 5.1—Data Elements that Do Not Have the Same Value
Data Element Name Tag
CVM List '8E'
Issuer Action Code – Default '9F0D'
Issuer Action Code – Denial '9F0E'
Issuer Action Code – Online '9F0F'
Signed Static Application Data '93'
ICC Public Key Certificate '9F46'
5.1.2 Card Risk Management (Contact) Table 5.2 lists the values of the Card Issuer Action Codes for the contact interface when the issuer wants to force every contact transaction online. This allows the use of the offline counters to be restricted for contactless transactions only.
Otherwise, the Card Issuer Action Codes for the contact interface should be configured as described in [MCHIPPDS].
Table 5.2—Card Issuer Action Codes (Contact) (Online-only)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0 0 0
3 International Transaction (See note below)
0 1 1
2 Domestic Transaction (See note below)
0 1 1
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0 0
7 Upper Consecutive Offline Limit Exceeded 0 0 0
6 Lower Cumulative Offline Limit Exceeded 0 0 0
5 Upper Cumulative Offline Limit Exceeded 0 0 0
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
Maestro PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 61
Byte Bit Meaning Decline Online Default
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Note The setting of the 'International Transaction' and 'Domestic Transaction' bits to (0,1,1) results in online-only contact transactions. With this setting, the PayPass – M/Chip 4 application will always generate an ARQC during a contact transaction on an online-capable terminal, and will decline every contact transaction on an offline-only terminal or when the terminal is unable to go online.
5.2 Generic Contactless Data The data in the following sections is used independently of the contactless profile.
5.2.1 Data Elements for Application Selection
Table 5.3—Application Selection
Data Element Name Tag MasterCard Recommended Value
Presence
AID '4F' 'A0000000043060' (See note below)
M
DF Name '84' 'A0000000043060' (Must match value of AID)
M
Application Label '50' "Maestro" or "MAESTRO" O
Application Priority Indicator '87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
FCI Issuer Discretionary Data 'BF0C' Determined by issuer O
Log Entry '9F4D' Byte 1: Lower bits contain the SFI of the transaction log file (11) Byte 2: Maximum number of records in the transaction log file
O
Note It is recommended not to use PIX extensions, as many legacy PayPass readers do not support partial AID matching.
Maestro PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 62 PayPass Personalization Data Specifications
5.2.2 Data Elements Referenced in the AFL (PayPass)
5.2.2.1 Recommended File Structure
If the recommended value for the AFL (PayPass) (see Table 5.15) is used then the data elements returned by the card during the read application data process must be organized as shown in this section (i.e. each data element must be included in the record as specified below).
If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in this section, then an alternative file structure must be used as described in Section 5.2.2.2.
In either case, some records may be shared between the contact and contactless interfaces.
SFI 1
SFI 1 contains the data objects for PayPass – Mag Stripe transactions. The PayPass – Mag Stripe profile is not supported for Maestro PayPass. If the recommended value for the AFL (PayPass) is used, then a value of 'FFFF' for the Mag Stripe Application Version Number must be included in Record 1 of SFI 1. It is not necessary to include the Mag Stripe Application Version Number if the recommended value for the AFL (PayPass) is not used.
Table 5.4—Record 1 of SFI 1
Data Element Name Tag MasterCard Recommended Value
Presence
Mag Stripe Application Version Number 9F6C' 'FFFF' M
SFI 2
Table 5.5—Record 1 of SFI 2
Data Element Name Tag MasterCard Recommended Value
Presence
Track 2 Equivalent Data '57' Determined by issuer (See notes a and c below)
M
Application Primary Account Number '5A' Determined by issuer (See note c below)
M
Application Expiration Date '5F24' Determined by issuer (See note c below)
M
Application Effective Date '5F25' Determined by issuer O
Issuer Country Code '5F28' Determined by issuer M
Application PAN Sequence Number '5F34' Determined by issuer M
Maestro PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 63
Data Element Name Tag MasterCard Recommended Value
Presence
CDOL1 '8C' '9F02069F03069F1A0295055F2A029A039C019F37049F35019F45029F4C089F3403'
M
CDOL2 '8D' '910A8A0295059F37049F4C08'
M
CVM List '8E' See Table 5.12 M
Application Usage Control '9F07' See Table 5.13 M
Application Version Number '9F08' '0002' M
Issuer Action Code – Default '9F0D' See Table 5.14 M
Issuer Action Code – Denial '9F0E' See Table 5.14 M
Issuer Action Code – Online '9F0F' See Table 5.14 M
Application Currency Code '9F42' Determined by issuer (See note b below)
C
SDA Tag List '9F4A' '82' M
Note a If present, the Chip CVC in the Track 2 Equivalent Data must differ from the CVC1 in the track 2 data on the magnetic stripe, except if the issuer wants to make use of the OBS chip to magnetic stripe conversion service in which case the same value must be used.
Note b This data object must be present if the CVM List contains a condition code value of '06', '07', '08' or '09'.
Note c The contents of the Track 2 Equivalent Data (Tag '57') must be consistent with the PAN (Tag '5A') and Expiration Date (Tag '5F24') data elements.
SFI 3
Table 5.6—Record 1 of SFI 3
Data Element Name Tag MasterCard Recommended Value
Presence
Certification Authority Public Key Index '8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer (See note below)
C
Issuer Public Key Certificate '90' Determined by issuer M
Note The Issuer Public Key Remainder is present if NI > (NCA – 36).
Maestro PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 64 PayPass Personalization Data Specifications
Table 5.7—Record 2 of SFI 3
Data Element Name Tag MasterCard Recommended Value
Presence
Signed Static Application Data '93' 'FF' M
SFI 4
Table 5.8—Record 1 of SFI 4
Data Element Name Tag MasterCard Recommended Value
Presence
ICC Public Key Exponent '9F47' Determined by issuer M
ICC Public Key Remainder '9F48' Determined by issuer (See note below)
C
Note The ICC Public Key Remainder is present if NIC > (NI – 42).
Table 5.9—Record 2 of SFI 4
Data Element Name Tag MasterCard Recommended Value
Presence
ICC Public Key Certificate '9F46' Determined by issuer M
5.2.2.2 Alternative File Structure
If for any reason (e.g. record size exceeded), the data elements returned by the card during the read application data process cannot be organized as shown in Section 5.2.2.1, then:
1. The recommended PayPass values for the AFL (PayPass) must not be used.
2. If present, the data elements in Table 5.10 must all be stored in records that are signed.
Table 5.10—Data Elements That Must be Authenticated
Data Element Tag
Application Primary Account Number '5A'
Application Expiration Date '5F24'
Application Effective Date '5F25'
Issuer Country Code '5F28'
Application PAN Sequence Number '5F34'
CDOL1 '8C'
CDOL2 '8D'
CVM List '8E'
Maestro PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 65
Data Element Tag
Application Usage Control '9F07'
Issuer Action Code – Default '9F0D'
Issuer Action Code – Denial '9F0E'
Issuer Action Code – Online '9F0F'
Application Currency Code '9F42'
SDA Tag List '9F4A'
5.2.2.3 Data Elements that Must Not Be Included
Table 5.11 lists the data elements that must not be included in the records referenced in the AFL (PayPass).
Table 5.11—Data Elements that Must Not Be Included
Data Element Name Tag
Cardholder Name '5F20'
5.2.2.4 CVM List
This section describes the personalization values of the CVM List for the contactless interface.
Table 5.12—CVM List
CVM Bit 7 of byte 1 if CVM not successful
Byte 1 setting
Byte 2 setting
Meaning of Byte 2
No CVM Fail '1F' '03' If supported
5.2.2.5 Application Usage Control
Table 5.13—Application Usage Control
Byte Bit Meaning Setting
1 8 Valid for domestic cash transactions 0/1
7 Valid for international cash transactions 0/1
6 Valid for domestic goods 0/1
5 Valid for international goods 1
4 Valid for domestic services 0/1
3 Valid for international services 1
2 Valid at ATMs 0/1
Maestro PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 66 PayPass Personalization Data Specifications
Byte Bit Meaning Setting
1 Valid at terminals other than ATMs 1
2 8 Domestic cashback allowed 0
7 International cashback allowed 0
6-1 RFU 000000
5.2.2.6 Issuer Action Codes
Table 5.14 describes the personalization values of the Issuer Action Codes.
Table 5.14—Issuer Action Codes
Byte Bit Meaning Denial Online Default
1 8 Data authentication was not performed 0/1 1 1
7 Offline static data authentication failed 0 0 0
6 ICC data missing 0/1 1 1
5 Card appears on terminal exception file 0/1 1 1
4 Offline dynamic data authentication failed 0 0 0
3 Combined DDA/AC Generation failed Profile dependent – see section 5.3
2-1 RFU 00 00 00
2 8 Chip card and terminal have different application versions
0 0 0
7 Expired Application 0/1 1 1
6 Application not yet effective 0 0/1 0
5 Requested service not allowed for card product 0/1 1 1
4 New card 0 0 0
3-1 RFU 000 000 000
3 8 Cardholder verification was not successful 0/1 1 1
7 Unrecognized CVM 0 0 0
6 PIN Try Limit exceeded (See note b below)
0 0 0
5 PIN entry required but PIN pad not present/working
0 0 0
4 PIN entry required, PIN pad present but PIN not entered
0 0 0
3 Online PIN entered 0 0 0
2-1 RFU 0 0 0
4 8 Transaction exceeds floor limit 0 1 1
7 Lower Consecutive Offline Limit exceeded 0 0 0
Maestro PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 67
Byte Bit Meaning Denial Online Default
6 Upper Consecutive Offline Limit exceeded 0 0 0
5 Transaction selected randomly for online processing
0 0 0
4 Merchant forced transaction online 0 0 0
3-1 RFU 000 000 000
5 8 Default TDOL used 0 0 0
7 Issuer Authentication was unsuccessful 0 0 0
6 Script processing failed before final Generate AC 0 0 0
5 Script processing failed after final Generate AC 0 0 0
4-1 RFU 0000 0000 0000
Note a If a bit in the Issuer Action Code – Denial is set to 1, then the corresponding bits in the Issuer Action Code – Online and Issuer Action Code – Default may be set to 0.
Note b The corresponding bit is not set in the TVR in the PayPass reader, therefore the setting of this bit has no impact on the transaction.
5.2.3 Get Processing Options Response
Table 5.15—Persistent Data Elements for Get Processing Options Response
Data Element Name Tag MasterCard Recommended Value
AIP (PayPass) 'D8' See Table 5.16
AFL (PayPass) 'D9' '08010100100101011801020020010200' (See note below)
Note If the recommended value is used, then the files indicated by the AFL (PayPass) must be organized as specified in Section 5.2.2.1. If for any reason another organization is required, then the above recommended value must not be used.
Table 5.16—AIP (PayPass)
Byte Bit Meaning Value
1 8 RFU 0
7 Offline static data authentication is supported 0
6 Offline dynamic data authentication is supported 0
5 Cardholder verification supported 1
4 Terminal risk management to be performed 1
Maestro PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 68 PayPass Personalization Data Specifications
Byte Bit Meaning Value
3 Issuer authentication data supported 0
2 RFU 0
1 Combined DDA/AC Generation supported 1
2 8 M/Chip profile is supported 1
7-1 RFU 0000000
5.2.4 Card Risk Management
Table 5.17— Persistent Data Elements for Card Risk Management
Data Element Name Tag MasterCard Recommended Value
Lower Consecutive Offline Limit '9F14' Determined by issuer.
Upper Consecutive Offline Limit '9F23' Determined by issuer
Lower Cumulative Offline Transaction Amount
'CA' Determined by issuer.
Upper Cumulative Offline Transaction Amount
'CB' Determined by issuer
Application Control (PayPass) 'D7' See Table 5.18
Card Issuer Action Code (PayPass) – Decline
'CF' Profile dependent. See Section 5.3.
Card Issuer Action Code (PayPass) – Default
'CD' Profile dependent. See Section 5.3.
Card Issuer Action Code (PayPass) – Online
'CE' Profile dependent. See Section 5.3.
CDOL1 Related Data Length 'C7' '2B'
CRM Country Code 'C8' Same value as Issuer Country Code.
CRM Currency Code 'C9' Same value as Application Currency Code.
Currency Conversion Table 'D1' Determined by issuer (See note below)
Additional Check Table 'D3' Not used. Personalized with hexadecimal zeroes.
Note If currency conversion is not used, it is recommended that the currency code in each entry in the Currency Conversion Table be set to the same value as the CRM Currency Code.
Maestro PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 69
Table 5.18—Application Control (PayPass)
Byte Bit Meaning Value
1 8 Magstripe grade issuer (Not used) 0
7 Skip CIAC – Default on CAT3 0
6 RFU 0
5 Key for offline encrypted PIN 0
4 Offline encrypted PIN verification 0
3 Offline plaintext PIN verification 0
2 Session key derivation 0/1 (See note a below)
1 Encrypt offline counters 0/1
2 8-4 RFU 00000
3 Activate Additional Check Table 0
2 Retrieval of balance 0/1
1 Include counters in AC 0/1
3 8 Static CVC3 1 (See note b below)
7 Include ATC in CVC3 generation 0
6-1 RFU 000000
Note a The definition of bit 2 of byte 1 depends on the version of the PayPass – M/Chip 4 application (v1.0, v1.1a, or v1.1b). Refer to Table 5.19 for more information.
Note b For security reasons, it is recommended to set bit 8 of byte 3 to 1.
Table 5.19—Session Key Derivation Algorithm
Version Application Control(PayPass)[1][2] = 0 Application Control(PayPass)[1][2] = 1
v1.0 MasterCard Proprietary EMV2000
v1.1a MasterCard Proprietary Value not allowed
v1.1b MasterCard Proprietary EMV CSK
Maestro PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 70 PayPass Personalization Data Specifications
5.2.5 Secret Keys
The Triple DES keys listed in Table 5.20 are derived from their corresponding issuer master keys using a unique identifier from the card such as the PAN, and so are often referred to as diversified keys.
Table 5.20—Triple DES keys
Data Element Name Tag MasterCard Recommended Value
ICC Dynamic Number Master Key (MKIDN)
– Determined by issuer
SM for Integrity Master Key (MKSMI) – Determined by issuer
SM for Confidentiality Master Key (MKSMC)
– Determined by issuer
AC Master Key (MKAC) – Determined by issuer
ICC Derived Key for CVC3 Generation (KDCVC3)
– Not used. Random non-zero value recommended.
Table 5.21—RSA keys
Data Element Name Tag MasterCard Recommended Value
Length of ICC Public Key Modulus – Determined by issuer
ICC Private Key – Determined by issuer
Length of ICC PIN Encipherment Public Key Modulus
– Determined by issuer
ICC PIN Encipherment Private Key – Determined by issuer
Maestro PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 71
5.2.6 Miscellaneous
Table 5.22—Miscellaneous Persistent Data Elements
Data Element Name Tag MasterCard Recommended Value
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separation of the loading of the application code and the personalization data, only part of the Application Life Cycle Data may be personalized.
Log Format '9F4F' Content of records in Log of Transactions.
Static CVC3TRACK1 'DA' '0000'
Static CVC3TRACK2 'DB' '0000'
IVCVC3TRACK1 'DC' '0000'
IVCVC3TRACK2 'DD' '0000'
5.2.7 Counters and Previous Transaction
Table 5.23—Counters and Previous Transaction (M/Chip 4 Version 1.0)
Data Element Name Tag MasterCard Recommended Value
Application Transaction Counter Limit – '4E20'
Previous Transaction History – '00'
Bad Cryptogram Counter Limit – '0400'
MAC in Script Counter Limit – '0F'
Global MAC in Script Counter Limit – '004E20'
CFDC_Limit for Integrity Session Key – 3
CFDC_Limit for Confidentiality Session Key
– 3
CFDC_Limit for AC Session Key – 3
Table 5.24—Counters and Previous Transaction (M/Chip 4 Version 1.1.a)
Data Element Name Tag MasterCard Recommended Value
Application Transaction Counter Limit – '4E20'
Previous Transaction History – '00'
Bad Cryptogram Counter Limit – '0400'
MAC in Script Counter Limit – '0F'
Global MAC in Script Counter Limit – '004E20'
Maestro PayPass – M/Chip 4 Personalization Data Generic Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 72 PayPass Personalization Data Specifications
Table 5.25—Counters and Previous Transaction (M/Chip 4 Version 1.1.b)
Data Element Name Tag MasterCard Recommended Value
Application Transaction Counter Limit – '4E20'
Previous Transaction History – '00'
Bad Cryptogram Counter Limit – '0400'
AC Session Key Counter Limit – '0400'
SMI Session Key Counter Limit – '0400'
5.2.8 Data Elements with a Fixed Initial Value
Table 5.26—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.0)
Data Element Name Tag MasterCard Recommended Value
Cumulative Offline Transaction Amount – '000000000000'
Consecutive Offline Transactions Number – '00'
Script Counter '9F5F' '00'
Log of The Current Transaction x (x=1...10 or more)
– '00…00'
Application Transaction Counter '9F36' '0000'
Global MAC in Script Counter – '000000'
Bad Cryptogram Counter – '0000'
CFDC for Integrity Session Key – 0
CFDC for Confidentiality Session Key – 0
CFDC for AC Session Key – 0
Table 5.27—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.1.a)
Data Element Name Tag MasterCard Recommended Value
Cumulative Offline Transaction Amount – '000000000000'
Consecutive Offline Transactions Number – '00'
Script Counter '9F5F' '00'
Log of The Current Transaction x (x=1...10 or more)
– '00…00'
Application Transaction Counter '9F36' '0000'
Global MAC in Script Counter – '000000'
Bad Cryptogram Counter – '0000'
Maestro PayPass – M/Chip 4 Personalization DataGeneric Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 73
Table 5.28—Data Elements with a Fixed Initial Value (M/Chip 4 Version 1.1b)
Data Element Name Tag MasterCard Recommended Value
Cumulative Offline Transaction Amount – '000000000000'
Consecutive Offline Transactions Number – '00'
Script Counter '9F5F' '00'
Log of The Current Transaction x (x=1...10 or more)
– '00…00'
Application Transaction Counter '9F36' '0000'
AC Session Key Counter – '0000'
SMI Session Key Counter – '0000'
Bad Cryptogram Counter – '0000'
Security Limits Status 'DF02" '00'
Maestro PayPass – M/Chip 4 Personalization Data Profile Dependent Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 74 PayPass Personalization Data Specifications
5.3 Profile Dependent Contactless Data
5.3.1 Offline Profile
Table 5.29 shows the Card Issuer Action Codes (PayPass) for the offline-oriented card behavior. With this profile, the PayPass – M/Chip 4 application will never return an ARQC in response to a GENERATE AC command requesting a TC over the contactless interface. Once the relevant upper limit (Upper Consecutive Offline Limit or Upper Cumulative Offline Limit) is exceeded all contactless transactions are declined offline.
Table 5.29—Card Issuer Action Codes (PayPass) (Offline Profile)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0/1 0/1 0/1
3 International Transaction 0 0 0
2 Domestic Transaction 0 0 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0 0
7 Upper Consecutive Offline Limit Exceeded 1 (See note a)
0 0/1
6 Lower Cumulative Offline Limit Exceeded 0 0 0
5 Upper Cumulative Offline Limit Exceeded 1 (See note a)
0 0/1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Note a The contactless transaction that causes one of the upper limits (Upper Cumulative Offline Limit or Upper Consecutive Offline Limit) to be exceeded is not declined.
Maestro PayPass – M/Chip 4 Personalization DataProfile Dependent Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 75
Table 5.30 shows specific bit settings for the Issuer Action Codes for offline-oriented behavior.
Table 5.30—Issuer Action Codes (Offline)
Byte Bit Meaning Denial Online Default
1 3 Combined DDA/AC Generation failed 1 0 0
5.3.2 Standard Profile
Table 5.31 shows the Card Issuer Action Codes (PayPass) for standard card behavior. When an upper limit is exceeded, contactless transactions are sent online on online-capable terminals and declined offline on offline-only terminals.
Table 5.31—Card Issuer Action Codes (PayPass) (Standard Profile)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0/1 0/1 0/1
3 International Transaction 0 0/1 0
2 Domestic Transaction 0 0/1 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0/1 0
7 Upper Consecutive Offline Limit Exceeded 0 1 1
6 Lower Cumulative Offline Limit Exceeded 0 0/1 0
5 Upper Cumulative Offline Limit Exceeded 0 1 1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Maestro PayPass – M/Chip 4 Personalization Data Profile Dependent Contactless Data
Version 1.5 – July 2, 2009 © 2009 MasterCard 76 PayPass Personalization Data Specifications
Table 5.32 shows specific bit settings for the Issuer Action Codes for standard behavior.
Table 5.32—Issuer Action Codes (Standard)
Byte Bit Meaning Denial Online Default
1 3 Combined DDA/AC Generation failed 0 1 1
5.3.3 Online Profile
Table 5.33 lists the values of the Card Issuer Action Codes (PayPass) for online-oriented behavior. They are used when the issuer chooses to send all contactless transactions online on online-capable terminals. On offline-only terminals, transactions will be accepted until an upper limit is exceeded.
Table 5.33—Card Issuer Action Codes (PayPass) (Online Profile)
Byte Bit Meaning Decline Online Default
1 8 RFU 0 0 0
7 Unable To Go Online Indicated 0 0 0
6 Offline PIN Verification Not Performed 0 0 0
5 Offline PIN Verification Failed 0 0 0
4 PIN Try Limit Exceeded 0/1 0/1 0/1
3 International Transaction (See note below)
0 1 0
2 Domestic Transaction (See note below)
0 1 0
1 Terminal Erroneously Considers Offline PIN OK 0 0 0
2 8 Lower Consecutive Offline Limit Exceeded 0 0 0
7 Upper Consecutive Offline Limit Exceeded 0 0 1
6 Lower Cumulative Offline Limit Exceeded 0 0 0
5 Upper Cumulative Offline Limit Exceeded 0 0 1
4 Go Online On Next Transaction Was Set 0 0 0
3 Issuer Authentication Failed 0 0 0
2 Script Received 0 0 0
1 Script Failed 0 0 0
3 8-3 RFU 000000 000000 000000
2 Match Found In Additional Check Table 0 0 0
1 No Match Found In Additional Check Table 0 0 0
Maestro PayPass – M/Chip 4 Personalization DataProfile Dependent Contactless Data
© 2009 MasterCard Version 1.5 – July 2, 2009 PayPass Personalization Data Specifications 77
Note The setting of the 'International Transaction' and 'Domestic Transaction' bits to (0,1,0) results in online contactless transactions on online-capable terminals. With this setting, the PayPass – M/Chip 4 application will always generate an ARQC during a contactless transaction on an online-capable terminal.
Table 5.34 shows specific bit settings for the Issuer Action Codes for online-oriented behavior.
Table 5.34—Issuer Action Codes (Online)
Byte Bit Meaning Denial Online Default
1 3 Combined DDA/AC Generation failed 0 1 1
Version 1.5 – July 2, 2009 © 2009 MasterCard 78 PayPass Personalization Data Specifications
End of Document