终端与发卡行通信-EMV交易
Communication between terminal and issuer - EMV Transaction
我正在研究 EMV 技术并寻找终端和发卡行之间的通信(Request/Response)以进行授权/在线 pin 检查。
我知道只有在终端上进行离线数据认证检查,然后终端将数据发送给发卡行。我想知道授权过程需要发送什么数据。
我对 DE 元素知之甚少(比如 DE-55 元素——包含 Amount、Authorised(Numeric)、Amount、Other(Numeric)、ApplicationCryptogram(AC) 等数据)。
任何人都可以给我一个 link/documnent 在那里我可以看到什么以及如何在终端和发行者之间以 什么格式 进行授权(密码验证),在线 PIN检查 , CVV 验证
和所有。
抱歉我的英语不好。
Issuer does a couple of things
1. Validate the card, for example status, expiry date, PIN etc
2. Validate account, eg. account status, available funds, transaction type allowed on the account etc.
3. Validate the authenticity of the card by veriying the ARQC
4. Generate ARPC to let card know that the issuer is genuine.
5. Send post issuance operation using issuer scripts.
You may be mostly sending the data in ISO8583 in case you are using a POS or NDC+/D912 standards in case you are using ATMs.
PIN is sent as PIN Block encrypted under Terminal PIN key.
If host is the issuer it can do HSM command DC and verify the PIN. See the HSM documentation for the format and expected data.
CVV is a part of the track and verification happens with HSM command CY. Expiry date is available from track. Service code is also available but make sure it is the service code for iCVV.
Now considering the above requirements, I can say the following data are required to be sent to host.
Message type
PAN
Pcode
Amount
Local date and Time
Trace
expiry data (not mandatory in case you are sending track data)
POS entry code
PAN Sequence number
Track2
terminal id
Merchant ID
Acquirer Currency Code
Chip Data which includes
All tags used in CDOL1( this would be sufficient for your HSM command KQ/KX)
ARQ Cryptogram
PIN block in case online PIN is selected CVM
试试这个,如果需要更多信息请告诉我。
终端仅与收单方通信。终端和收单方之间的通信由收单方主机系统决定,例如 Compass+、OpenWay,您可以询问您的主机提供商(更容易询问银行,终端将成为销售点)。共同点是所有协议都基于 ISO8583,因此您可以在那里阅读。您还可以在 EMV Book 4、12 Acquirer Interface 找到一些信息。
EMV 第 4 册:
An authorisation message shall be used when transactions are batch
data captured. A financial transaction message shall be used when
online data capture is performed by the acquirer. An offline advice
shall be conveyed within batch data capture when supported. An online
advice or a reversal message shall be transmitted real-time, similarly
to an authorisation or financial transaction message.
我正在研究 EMV 技术并寻找终端和发卡行之间的通信(Request/Response)以进行授权/在线 pin 检查。
我知道只有在终端上进行离线数据认证检查,然后终端将数据发送给发卡行。我想知道授权过程需要发送什么数据。
我对 DE 元素知之甚少(比如 DE-55 元素——包含 Amount、Authorised(Numeric)、Amount、Other(Numeric)、ApplicationCryptogram(AC) 等数据)。
任何人都可以给我一个 link/documnent 在那里我可以看到什么以及如何在终端和发行者之间以 什么格式 进行授权(密码验证),在线 PIN检查 , CVV 验证 和所有。
抱歉我的英语不好。
Issuer does a couple of things
1. Validate the card, for example status, expiry date, PIN etc
2. Validate account, eg. account status, available funds, transaction type allowed on the account etc.
3. Validate the authenticity of the card by veriying the ARQC
4. Generate ARPC to let card know that the issuer is genuine.
5. Send post issuance operation using issuer scripts.
You may be mostly sending the data in ISO8583 in case you are using a POS or NDC+/D912 standards in case you are using ATMs.
PIN is sent as PIN Block encrypted under Terminal PIN key.
If host is the issuer it can do HSM command DC and verify the PIN. See the HSM documentation for the format and expected data.
CVV is a part of the track and verification happens with HSM command CY. Expiry date is available from track. Service code is also available but make sure it is the service code for iCVV.
Now considering the above requirements, I can say the following data are required to be sent to host.
Message type
PAN
Pcode
Amount
Local date and Time
Trace
expiry data (not mandatory in case you are sending track data)
POS entry code
PAN Sequence number
Track2
terminal id
Merchant ID
Acquirer Currency Code
Chip Data which includes
All tags used in CDOL1( this would be sufficient for your HSM command KQ/KX)
ARQ Cryptogram
PIN block in case online PIN is selected CVM
试试这个,如果需要更多信息请告诉我。
终端仅与收单方通信。终端和收单方之间的通信由收单方主机系统决定,例如 Compass+、OpenWay,您可以询问您的主机提供商(更容易询问银行,终端将成为销售点)。共同点是所有协议都基于 ISO8583,因此您可以在那里阅读。您还可以在 EMV Book 4、12 Acquirer Interface 找到一些信息。
EMV 第 4 册:
An authorisation message shall be used when transactions are batch data captured. A financial transaction message shall be used when online data capture is performed by the acquirer. An offline advice shall be conveyed within batch data capture when supported. An online advice or a reversal message shall be transmitted real-time, similarly to an authorisation or financial transaction message.