If the transaction is credit card in store, it will activate "Signature (paper)" rule, the terminal will print a receipt with signature line, and instructs the store clerk to obtain customer signature. So, in nutshell, for unattended cash transaction, one has to successfully pass online encrypted PIN verification. The final one is always "Fail CVM processing". The next one is "No CVM equired" but the condition explicitly excludes unattended cash. But most likely an unattended cash transaction wouldn't have the signature capability, for unattended cash, it will likely skip it. The next one in line is "Signature (paper)" if terminal supports it.
#Read emv card manual#
If not unattended cash and not manual cash and not purchase with cashbackĬardholder Verification Methods (CVM) is a prioritized list of rules.įor example, the first rule says if this card is used in an unattended cash transaction, require encrypted PIN online, if it fails, not the end of the world, try the next verification method that's applicable. CDOL1 is the requirement to generate Application ReQuest Cryptogram (ARQC) by card and sent to issuer for authorization CDOL2 is the requirement to generate Application ResPonse Cryptogram (ARPC) by issuer and returned in authorization message.Ĭardholder Verification Method (CVM) List: 000000000000000042011E031F0200000000000000000000Īpply succeeding CV Rule if this CVM is unsucccessfulįail cardholder verification if this CVM is unsuccessful The terminal can, if Issuer Authentication is supported on card as indicated by AIP, ask the card to verify the ARPC using the secret key the card shares with issuer.Ĭard Risk Management Data Object List 1 (CDOL1): 9F02069F03069F1A0295055F2A029A039C019F3704ĩf02 - 6 - Authorised amount of the transaction (excluding adjustments)ĩf03 - 6 - Secondary amount associated with the transaction representing a cashback amountĬard Risk Management Data Object List 2 (CDOL2): 8A029F02069F03069F1A0295055F2A029A039C019F3704Ĭard Risk Management Data Object List (CDOL) are the data elements needed to generate Application Cryptogram (AC).
offline, to 1) force a transaction to go online 2) check if recent transaction amounts exceed a floor limit set on the card 3) if velocity exceeds a threshold set on the card. Terminal Risk Management can make decisions on its own, ie.Cardholder Verification Methods (CVM) are supported (we will see what methods next).Dynamic Data Authentication (DDA using 3 layers of RSA key pairs including one for the card itself) is supported, but not Static Data Authentication (SDA only CA and Issuer key pairs) for weak security.Terminal risk management is to be performed (b4) Cardholder verification is supported (b5)