Академический Документы
Профессиональный Документы
Культура Документы
SPECIFICATIONS
FOR DEBIT AND CREDIT ON CHIP
Abbreviations ............................................................................. iv
Notations ..................................................................................... v
SECTION 2 REFERENCES
GLOSSARY
This manual uses the following abbreviations and notations. For definitions of these terms, refer
to the Glossary at the back of this document.
a Alphabetic character(s)
AAC Application Authentication Cryptogram
AAR Application Authorization Referral
AC Application Cryptogram
ADF Application Definition File
AFL Application File Locator
AID Application Identifier
AIP Application Interchange Profile
an Alphanumeric character(s)
ans Alphanumeric and special character(s)
ARPC Authorization Response Cryptogram
ARQC Authorization Request Cryptogram
ATM Automated Teller Machine
b Binary character(s)
cn Compressed numeric character(s)
CAM Card Authentication Method
CAT Cardholder Activated Terminal
CDOL Card Risk Management Data Object List
CVC Card Validation Code
CVM Cardholder Verification Method
CVR Card Verification Results
DDA Dynamic Data Authentication
DDOL Dynamic Data Authentication Data Object List
DEA Data Encryption Algorithm (= DES)
DES Data Encryption Standard (= DEA)
EMV Europay, MasterCard, and Visa
ICC Integrated Circuit Card
IEC International Electrotechnical Commission
ISO International Organization for Standardization
LCOL Lower Consecutive Offline Limit
LRC Longitudinal Redundancy Check
M Mandatory
MAC Message Authentication Code
MCC Merchant Category Code
MCPA™ MasterCard Chip Payment Application
n Numeric character(s), digits
NCA Length of the Certification Authority Public Key modulus
NOTATIONS
Values surrounded by single quotes are hexadecimal values. For example, a binary field that is
one byte in length and has a value of zero would be represented as ‘00’.
1.1 PURPOSE
This document is intended for issuers implementing the MasterCard Chip Payment
Application (MCPA™ ). The MCPA enables card issuers to support MasterCard credit and
debit transactions, and Maestro® and Cirrus® debit transactions. MCPA is based on the
Europay, MasterCard, and Visa (EMV) specifications, which allows chip-based credit and debit
cards issued under any of the three brands to be accepted by the same chip card terminals
worldwide, as magnetic-stripe cards are accepted on the same terminals.
The purpose of this document is to specify the data elements that need to be input to the first
stage of the personalization process— the creation of an Application Load File (ALF).
+ Not all of these data elements will be input to the card. Some will be used to
generate card data.
MasterCard recommendations have been made wherever possible, to help guide issuers in their
selection. Issuers do not have to follow these recommendations if there are particular overriding
reasons for alternatives.
The document addresses generic data requirements which are independent of any particular card
supplier or card operating system.
Issuers use data elements described in this document as input into an MCPA Application Load
File (ALF) generation system. This system formats the data and generates the necessary
cryptographic keys and other internal data required by a particular card operating system. The
output of an ALF generation system is a file of MCPA application load data that can be handed
to a personalization bureau to load these applications into a batch of cards.
The specific input record formats required by different ALF generations systems will vary.
However, they should all accept the data elements as described in this document. Further data
elements may be required to satisfy the requirements of particular card operating systems. The
output ALF file and record formats also will vary according to the requirements of the card
operating system.
The ALF generation system may be located at the issuer or at a (secure) third-party bureau. In
the latter case the transfer of sensitive data (such as, Issuer Private Key, Issuer Master DEA
Keys, and Reference PIN) between the issuer and the bureau must be addressed separately. The
security procedures for the transmission of data elements are outside the scope of this document.
In addition to the data elements that must be supplied by the issuer, this document includes a list
of data elements which are created by the ALF generation system.
This document identifies data elements that are proprietary to MasterCard International. Other
data elements are defined in the EMV ’96 ICC Specifications for Payment Systems, 30 June
1996.
The following documents and resources provide information related to the subjects discussed in
this manual.
EMV96ICC EMV ’96 ICC Specifications for Payment Systems, 31 May 1998
MCIMCR Minimum Card Requirements for Debit and Credit on Chip, Version
1.0, 24 October 1997— Published by MasterCard International
The MasterCard Chip Card Help Desk also provides issuers with technical support. Contact the
Card Help Desk via e-mail at chip_help@mastercard.com.
3.1 ORGANIZATION
The data elements are organized into the following functional groups to facilitate understanding
and management:
• Cardholder/Card-specific Data
• MCPA— Application Data
• Cardholder Verification Method/Personal Identification Number (CVM/PIN) Data
• Card Risk Management Data
• Static Data Authentication (SDA)-related Data
• DDA-related Data*
• Cryptographic/internal Data (issuer supplied)
• Cryptographic/internal Data (created by Application Load File (ALF) system)
3.2 CONVENTIONS
Format: For the format codes, see the “Abbreviation and Notation” section at the
beginning of this manual. For definition of the format codes see the
“Glossary” section at the end of this manual.
When the length defined for the data object (Length above) is greater than the length of the
actual data (Format above), the following rules apply:
• A data element in format “n” is right justified and padded with leading hexadecimal
zeros.
• A data element in format “cn” is left justified and padded with trailing ‘F’characters.
• A data element in format “an” is left-justified and padded with trailing hexadecimal
zeros.
• A data element in format “ans” is left-justified and padded with trailing hexadecimal
zeros.
• When a nibble (four bits) is stored in a byte, it is right-justified and padded with leading
hexadecimal zeros.
This section contains data elements that are intended to be specific to a particular card. In the
personalization process, it may be possible to load these data elements in a final customization
stage.
The following personalization data elements are included in section 3.3. This is a default list.
Issuers may decide to make other data elements card-specific:
Format b
Length 2
Value Byte 1:
Description Data element indicating action for the card to take for certain exception
conditions.
Format n 6 (YYMMDD)
Tag ‘5F25’
Length 3
Description Date from which the card application may be used. If this is the Primary
Application, the date must be the same as the effective date in other media
on the card–embossing and magnetic stripe.
Format n 6 (YYMMDD)
Tag ‘5F24’
Length 3
Description Date after which the card application expires. If this is the Primary
Application, the date must be the same as the expiration date in other
media on the card— embossing and magnetic stripe. The date also is
included in Track 2 Equivalent Data (YYMM).
Format cn var.— up to 19
Tag ‘5A’
Length var.— up to 10
Format n2
Tag ‘5F34’
Length 1
Value 1–9
Description Identifies and differentiates cards and cardholders that have the same PAN.
* This data element is mandatory when more than one cardholder has the same PAN.
Tag ‘5F20’
Length 2–26
Tag ‘9F0B’
Length 27–45
Format b
Tag ‘9F45’
Length 2
* The DAC is not put on the card, it is only included with the Public Key Certificate.
Format an 2
Tag ‘5F2D’
Length 2–8
Description One to four languages stored in order of preference. Language codes are
specified in ISO 639. For example, English = “en”.
Format cn 4–12
The key used to encrypt the data block is required input to the ALF
generation system, which uses a secure cryptographic device and secure
loading procedures.
* This data element is optional for MasterCard (credit) and Cirrus (ATM) cards, but
mandatory for Maestro (debit) card.
Format b
Description The tags indicate the data to be signed for Static Data Authentication
(SDA)— see MCIMCR, table 6-2. The data is signed using the Issuer
Private Key, to produce the Signed Static Application Data (see 3.10.9).
SDA is the EMV offline card authentication method (CAM) using static
data— Offline Static CAM (see MCIMCR, section 6).
Format cn
Tag ‘9F20’
Length var.
Format cn var.— up to 37
Tag ‘57’
Length var.— up to 19
Description Contains the data elements of track 2 of the magnetic stripe according to
the ISO.IEC 7813, excluding start sentinel, end sentinel, and longitudinal
redundancy check (LRC).
The PAN, Expiration Date, Service Code, PVV shall be identical to the
data encoded on track 2 of the magnetic stripe. The value of CVC must
be 000. This means that the discretionary data will be different from that
on the magnetic stripe.
Format n3
Tag ‘9F42’
Length 2
Format n1
Tag ‘9F44’
Length 1
Description Indicates the implied position of the decimal point according to ISO 4217.
* Mandatory if issuer uses the card risk management functions for Maximum Domestic Offline
Transaction Amount or Cumulative Amount Check.
Format b
Tag ‘94’
Length 8
Value Byte 1:
Byte 2: First record number to be read for that SFI (never equal to
zero)
Byte 3: Last record number to be read for that SFI (shall be greater
than or equal to value in Byte 2)
Description Indicates the location (SFI, range of records) of the file area(s) related to a
given application.
Format b
Tag ‘4F’
Value ‘A000000004xxxx’
Description Identifies the application as described in ISO 7816-5. The first five bytes
are the MasterCard Registered Identifier (RID) = ‘A000000004’. The
next two bytes (xxxx above) are the MasterCard applications identifier
(PIX in ISO terms).
Format b
Tag ‘82’
Length 2
Value The following values are mandatory (see MCIMCR, section 5.3):
Byte 1:
Description Indicates the capabilities of the card to support specific functions in the
application.
Format an
Tag ‘50’
Length Up to 16
PIX Label*
‘1010’ MasterCard
‘6000’ Cirrus
‘3060’ Debit
* The labels can be expressed in upper and lower case letters.
Format ans
Tag ‘9F12’
Length Up to 16
Description Description of the application specified by the issuer and located in the
card. If present, this is the name to be displayed to the cardholder.
PIX Label*
‘1010’ MasterCard
‘6000’ Cirrus
‘3060’ Debit
* The labels can be expressed in upper and lower case letters.
Format b
Tag ‘87’
Length 1
Tag ‘9F3B’
Length 2–8
Description One to four currencies used between terminal and card when Transaction
Currency Code differs from Application Currency Code.
Tag ‘9F43’
Length 1–4
* Mandatory if the issuer uses the Application Reference Currency (Tag ‘9F3B’).
Format b
Tag ‘9F07’
Length 2
Format b
Tag ‘9F08’
Length 2
Value ‘0001’
Description Version number assigned by MasterCard for the application. The value
‘0001’ is valid for 1998. Beginning in 1999, issuers should contact the
Chip Card Help Desk.
Format n3
Tag ‘5F28’
Length 2
Description Indicates the country of the issuer, represented according to ISO 3166.
Format an
Tag ‘9F38’
Value The following list of values (tags and lengths) are an example (see
MCIMCR, Table 5-1):
Description List of terminal resident data objects, (tag and length) needed by the
Integrated Circuit Card (ICC) in processing the GET PROCESSING
OPTIONS command.
Format n3
Tag ‘5F30’
Length 2
Format b
Tag ‘8E’
Format b
Length 1
Description Allowed consecutive wrong PINs. The value of the PIN try limit also will
be used for the initial setting of the PIN Try Counter field (Tag: ‘9517’).
Format an
Tag ‘8C’
Length 38 bytes
Value MasterCard recommends the following data elements (tags and lengths).
MasterCard derived this list from the list of ICC data elements which the
acquirer must return to the issuer, minus the data elements output by the
GENERATE AC command (Application Cryptogram, ATC, Cryptogram
Information Data, Issuer Application Data):
Description List of data objects (tag and length) to be passed to the card application
with the first GENERATE AC command.
Format an
Tag ‘8D’
Length 38 bytes
Value MasterCard recommends the following list of data elements (tags and
lengths). This list is derived from the list of ICC data elements which the
acquirer is obliged to return to the issuer, plus the Authorization Response
Code, and minus the data elements output by the GENERATE AC
command (Application Cryptogram, ATC, Cryptogram Information Data,
Issuer Application Data):
Description List of data elements (tag and length) to be passed to the card application
with the second GENERATE AC command.
Format b
Tag ‘9F0D’
Length 5
Byte 1: ‘F8’
Byte 2: ‘40’
Byte 3: ‘64’
Byte 4: ‘20’ for MasterCard; ‘A0’ for Maestro
Byte 5: ‘00’
Description Specifies the issuer’s conditions that cause the transaction to be declined if
it might have been approved online, but the terminal is unable to process
the transaction online.
Format b
Tag ‘9F0E’
Length 5
Byte 1: ‘00’
Byte 2: ‘10’
Byte 3: ‘88’
Byte 4: ‘00’
Byte 5: ‘00’
Description Specifies the issuer’s conditions that cause the transaction to be declined
without attempting to go online.
Format b
Tag ‘9F0F’
Length 5
Byte 1: ‘F8’
Byte 2: ‘E0’
Byte 3: ‘64’
Byte 4: ‘F8’
Byte 5: ‘00’
Format b
Tag ‘9F14’
Length 1
Format b
Tag ‘9F50’
Length 6
Description Issuer specified data element indicating a preference for the maximum
cumulative offline transaction amount allowed for the card application
before the terminal goes online.
Format b
Tag ‘9F51’
Length 6
Format b
Tag ‘9F23’
Length 1
Description Issuer specified data element indicating the required maximum number
of consecutive offline card transactions for this application allowed before
the transaction goes online.
Format b
Tag ‘9F52’
Length 6
This section contains information of the Certification Authority Public Key Index data element.
Format b
Tag ‘8F’
Length 1
Value ‘01’
Description Identifies the certification authority’s public key in conjunction with the
Registered Identifier (RID) for use in static and dynamic data
authentication.
Dynamic Data Authentication Data Object List (DDOL) ICC Dynamic Data Length
Hash Algorithm Indicator
Format an
Tag ‘9F49’
Length 11
Description List of data objects (tag and length) used for dynamic data authentication.
Format b
Length 1
Description Algorithm used to compress data prior to signing for dynamic data
authentication.
Format b
Length 1
Value ‘08’— for version 1 of the MasterCard Debit and Credit Specification
Format b
Length 1
Value ‘01’
Format b
Length 1
Value ‘01’ in 1998. Beginning in 1999, check with the Chip Card Help Desk.
Description Indicates derivation keys (Issuer Master Keys— see 3.9.7, 3.9.8, and 3.9.9)
used to produce the various ICC DEA keys.
Format b
Tag
Description Used to produce the Signed Static Application Data (see 3.10.9), and to
sign the ICC Public Key Certificate (see 3.10.4).
Format b
Tag ‘90’
Description Issuer’s public key certified by a certification authority for use in static or
dynamic data authentication.
Format b
Tag ‘9F32’
Length 1
Format b
Tag ‘92’
3.9.7 Issuer Master Key for ICC Cryptogram DEA Keys (M)
Format b
Tag
Length 16
Description A double-length master DEA key used to derive all ICC Cryptogram DEA
keys (see 3.10.2), using the Application PAN and its sequence number as
diversification data. The double-length key is required input to the ALF
generation system, which uses a secure cryptographic device and secure
loading procedures.
3.9.8 Issuer Master Key for ICC MAC DEA Keys (M)
Format b
Tag
Length 16
Description A double-length master DEA key used to derive all ICC MAC DEA keys
(see 3.10.7), using the Application PAN and its sequence number as
diversification data. The double-length key is required input to the ALF
generation system, which uses a secure cryptographic device and secure
loading procedures.
3.9.9 Issuer Master Key for ICC PIN DEA Keys (M)
Format b
Tag
Length 16
Description A double-length master DEA key used to derive all ICC PIN DEA keys
(see 3.10.8), using the Application PAN and its sequence number as
diversification data. The double-length key is required input to the ALF
generation system, which uses a secure cryptographic device and secure
loading procedures.
Since these data elements can be created by the ALF generation system the issuer does NOT
normally need to be input them. However, depending on the issuer’s system configurations and
security requirements, many of the fields may be generated prior to input to the ALF system.
Such fields might include the diversified DEA keys (Cryptogram DEA Key, MAC DEA Key,
PIN DEA Key), ICC Asymmetric Secret Key Data, ICC Public Key Certificate/
Exponent/Remainder, Signed Static Authentication Data. In this case, the Issuer Private Key
(see 3.9.3) and the Issuer Master DEA Keys (see 3.9.7, 3.9.8, and 3.9.9) are not required.
* If these data elements are input to the ALF generation system, they must be encrypted using
a Key Encryption Key (KEK). This KEK is also required input to the ALF generation
system, which uses a secure cryptographic device and secure loading procedures.
Format b
Tag ‘9F36’
Length 2
Value ‘0000’
Description Transaction counter maintained by the application in the card. The ALF
system should set this to zero (new card).
Format b
Length 16
Format b
Where NIC is the length of the ICC Public Key modulus. NIC = 768, 896,
or 1024 bits (96, 112, or 128 bytes) for 1998. Beginning in 1999, check
with the Chip Card Help Desk.
Description The data necessary to enable the application to sign critical data for
dynamic data authentication in response to an INTERNAL
AUTHENTICATE command.
Format b
Tag ‘9F46’
Length NI
Description ICC Public Key certified by the issuer using the Issuer Private Key.
Format b
Tag ‘9F47’
Length 1
Format b
Tag ‘9F48’
Length NIC – NI + 42
Format b
Length 16
Description A double-length DEA key used to support Secure Messaging for Integrity
and Authentication in an Issuer Script message. The key is used to verify
the MAC in the script message.
Format b
Length 16
Format b
Tag ‘93’
The following data elements need to be created in the ALF generation process. The formats and
values of the data elements will depend on the particular card operating system.
• Personalization Date
4.1 OVERVIEW
This section is intended for developers of chip card operating systems, Application Load File
(ALF) systems, and card loading systems.
The data elements described in section 3 are input to the card personalization process. This
section describes how the data elements output by the ALF system might be configured within
the chip. The data structure in the chip will depend on the card operating system.
The following discussion provides an example of how the data can be structured. The MCPA
application static data is divided into four areas:
This data consists of data elements that control the MCPA application program. This data
includes the command table used to verify the commands, and control vectors pointing to code
modules. The data in this area does not need to be altered, either when the application data is
configured, or at any subsequent time.
The MCPA application program uses key-related data to generate cryptograms. The
cryptograms are used by the:
Examples: Cryptogram DEA Key, MAC DEA Key, PIN DEA Key, ICC Asymmetric Secret
Key Data, Hash Algorithm Indicator, ICC Dynamic Data Length.
These data elements indicate the status of the application, and define the operation of the
application. The terminal accesses the data issuing GET DATA or GET PROCESSING
OPTIONS commands.
Examples: Application Status, PIN Lock Status, PIN Installed Status, AIP, AFL, Application
Default Action, Lower/Upper Consecutive Offline Limits, and Lower/Upper
Cumulative Domestic Offline Transaction Amounts.
+ Area 3 also includes a Record Table used by the READ RECORD command to
access data in Area 4. Each record in the table includes SFI, Record Number,
and Address of Record Start, Length of Record. The entry for the PSE must use
a separate SFI.
The issuer supplies this data, which is required by the application and the terminal. The variable
length data elements are stored in TLV format.
The Issuer Data is held in a single file with SFI = 1. The size of each record is variable, but is
limited by the size of the chip card’s output buffer. The terminal accesses this data issuing a
READ RECORD command.
The initial record must contain the Track 2 Equivalent Data and the Cardholder Name. The
record may contain other data elements. The second record contains the data elements that are
used to check the SDA signature. The order of subsequent data elements/records is not
significant.
Examples: Application PAN, Expiration Date, Application Version No., CDOL1, CDOL2,
Data required for SDA or DDA, CVM List, Issuer Action Codes, Application
Currency Code, Application Usage Control, Issuer Country Code etc.
The PSE Directory (DIR) File would include AID, Application Label, Application Preferred
Name, and Application Priority Indicator.
5.1 OVERVIEW
Most of the data elements described in section 3 have tags that have been allocated in
EMV96ICC. These MCPA tags ensure interoperability of MCPA transactions, and are used
during transactions.
The data elements not used during an EMV transaction do not have MCPA allocated tags.
Since many issuers will want to present the data in their personalization input files in Tag-
Length-Value (TLV) format2, the following Private Class tags have been allocated. The use of
these tags is optional. MasterCard included this list of tags to reduce the number of ad hoc and
incompatible tag allocations by Issuers and Personalization bureaus.
OVERVIEW
This section defines various terms, concepts, acronyms, and abbreviations that are used
throughout the Business Functional Requirements for Debit and Credit on Chip manual. These
terms and definitions appear for convenience only and are not intended to serve, nor should
serve, as definitions for any legal or technical purpose. MasterCard specifically reserves the
right to add to, delete from, or otherwise change any term appearing herein and specifically
cautions members and agents therefor not to rely upon any term appearing herein for any legal or
technical purpose.
TERMS
AAC
See application authentication cryptogram.
AC
See application cryptogram.
account number
A unique sequence of numbers assigned to a card account that identifies the issuer and type of
financial transaction card.
acquirer
A member that maintains the merchant relationship and acquires the data relating to a transaction
from the merchant or card acceptor.
ADF
See application definition file.
AFL
See application file locator.
AID
See application identifier.
AIP
See application interchange profile.
application
The protocol between the card and the terminal and its related set of data.
application label
Mnemonic associated with the AID according to ISO/IEC 7816-5. This field is up to 16
characters in length. The application label allows for global interoperability, but the application
preferred name, if available, overrides the application label. See Application Preferred Name.
ARPC
See authorization response cryptogram.
ARQC
See authorization request cryptogram.
ATC
See application transaction counter.
ATM
See Automated Teller Machine.
authorization
Approval of a transaction by or on behalf of an issuer according to defined operations
regulations. The merchant receives, via telephone or authorization terminal, this approval to
process the transaction.
byte
A single unit of information, such as a letter, number, or other character. A byte is made up of
eight bits. Through arrangement of the bits 0 and 1 values, the byte may express any of 256
characters.
CAM
See card authentication method.
card
A rectangular plastic medium used to carry information relating to its issuer and user. A credit
card, charge card, bankcard, ATM/debit card, or the account associated with any such card that is
issued by a licensee of the Associations. By incorporating multiple payment options on one
card, members can offer value-added services to their cardholders.
In MasterCard Cash, offline authentication occurs when information is exchanged between the
processor on the chip card and the POI terminal to determine card validity; online authentication
occurs when information is exchanged between the processor on the chip card and the issuer's
host system.
cardholder
The authorized user of a card issued by a licensed member.
CAT
See cardholder activated terminal.
CDOL1
See card risk management data object list 1.
CDOL2
See card risk management data object list 2.
certificate
A code usually generated via cryptography, which represents several pieces of information about
a transaction, such as the amount, card issuer number, terminal identifier, etc. The certificate,
instead of the simple amount of the transaction, is transmitted from the card to the terminal,
making it difficult for counterfeiters or unscrupulous merchants to defraud the system. If fraud is
suspected in the system, the certificate provides the audit trail.
certification authority
Trusted third party that establishes a proof that links a public key and other relevant information
to its owner.
chip
A small square of thin, semiconductor material that has been chemically processed to have a
specific set of electrical characteristics such as circuits, storage, and/or logic elements. The
microprocessor chip has an operating memory, a programming memory, and a data memory that
allows internal processing to take place and provides additional storage capacity.
chip card
A plastic card into which one or more integrated circuits are inserted. The chip card conforms to
all ISO standards.
Cirrus
Cirrus System Incorporated, a wholly owned subsidiary of MasterCard International
Incorporated, operates the international ATM sharing association known as the "Cirrus® ATM
Network."
clearing
The process of exchanging financial transaction details between an acquirer and an issuer to
facilitate posting of a cardholder's account and reconciliation of a customer's settlement position.
closed system
A card system, involving a single card issuer that can be used to access services or purchase
products at a single or multiple service providers. The opposite of an Open System.
command
A message sent by the terminal to the ICC that initiates an action and solicits a response from the
ICC.
cn
See compressed numeric characters.
credit card
A plastic card bearing an account number assigned to a cardholder with a credit limit that can be
used to purchase goods and services, and to obtain cash disbursements on credit, for which a
cardholder is subsequently billed by an issuer for repayment of the credit extended at once or on
an installment basis.
cryptogram
The output from the process of transforming cleartext into ciphertext for security or privacy.
CVC
See card validation code.
CVM
See cardholder verification method.
CVV
See card verification value.
DDOL
See Dynamic Data Authentication Data Object List.
debit card
A plastic card used to initiate a debit transaction. In general, these transactions are used
primarily to purchase goods and services and to obtain cash, for which the cardholder's asset
account is debited by the issuer.
DEA
See data encryption algorithm.
DES
See data encryption standard.
digital signature
An asymmetric cryptographic transformation of data that allows the recipient of the data to prove
the origin and integrity of the data, and protect the sender and the recipient of the data against
forgery by third parties, and the sender against forgery by the recipient.
embossing
Characters raised in relief from the front surface of a card.
EMV
Europay International S.A., MasterCard International Incorporated, and Visa International
Service Association.
encryption
The technique of modifying a known bit stream on a transmission line so that it appears to be a
random sequence of bits to an unauthorized observer. It often is done automatically in the
terminal or computer before data is transmitted.
function
A process accomplished by one or more commands and resultant actions that are used to perform
all or part of a transaction.
GENERATE AC (command)
The command, GENERATE AC, stands for “to generate an application cryptogram”. This
command is issued by the terminal and used when exchanging risk management data between
the terminal and the IC card. The IC card’s response communicates to the terminal the IC card
decision to either: accept, decline, or go online.
hybrid card
A card that contains both a magnetic stripe and a microprocessor chip.
ICC
See Integrated Circuit Card.
IEC
See International Electrotechnical Commission
interchange
The exchange of transaction data between acquirers and issuers in accordance with MasterCard
rules.
interchange fee
A fee applied to an interchange transaction, applicable to the two members participating in the
transaction as issuer and acquirer.
interoperability
Within the product range of MasterCard International, the brand/product (i.e., MasterCard
credit, Maestro , Cirrus ) should have the same characteristics everywhere as perceived by the
cardholder. The ability of computers, electronic products, and services from different vendors,
manufacturers, associations, and organizations to effectively work together in an open
environment. Also, compliant with the Joint Integrated Circuit Card and Terminal
Specifications For Payment Systems; also known as the EMV ‘96 Specifications.
ISO
See International Organization for Standardization
issuer
Cardholder’s bank or non-bank which has issued a credit, charge, ATM and/or debit card to an
individual or cardholder, receives transaction information from MasterCard International,
reflects transaction and outstanding balance information, and carries consumer loans in the form
of bankcard accounts. The issuer is responsible for: resolving cardholder disputes, handling
cardholder information requests, and processing cardholder refunds, as warranted. The issuer
selects the card risk management parameters and other cardholder specific data and personalizes
this on the chip card. The entity that issues the card, controls the allocation of the areas of
memory to application providers and provides the cardholder information common to all
applications.
key
A sequence of symbols that controls the operation of a cryptographic transformation.
language preference
One to four languages stored in order of preference, each represented by 2 alphabetical
characters according to ISO 639.
LCOL
See lower consecutive offline limit.
LRC
See longitudinal redundancy check.
MAC
See message authentication code.
magnetic stripe
The magnetically encoded stripe on the bankcard plastic that contains information pertinent to
the cardholder account. The physical and magnetic characteristics of the magnetic stripe are
specified in ISO Standards 7810, 7811, and 7813.
MCC
See merchant category code.
MCPA™
See MasterCard Chip Payment Application.
merchant
A retailer, or any other person, firm, or corporation that (pursuant to a merchant agreement)
agrees to accept card products, when properly presented.
message
A set of data elements used to exchange information between institutions (or their agents). No
communications (header, trailer, protocol, or character code) or security implications are
assumed or identified.
offline
An operating mode in which terminals or ATMs are not connected to a central computer source.
Responses are governed by the parameters or guidelines set within the terminal or supporting
device as defined by the issuer. The accessibility of information is not in a live environment,
meaning that current active files are not being viewed during the time the transaction is
conducted.
online
An operating mode in which terminals or ATMs are connected to a central computer system and
have access to the database for authorization, inquiry, and file changes. Live files are accessed
for each transaction.
PAN
See primary account number.
personalization
Personalization is the process whereby the issuer defines parameters that are programmed in the
memory within the chip during card production to manage risk and tailor the product on an
individual or segmented cardholder basis. The POI terminal through a dialogue with the chip
automatically executes the issuer specified pre-programmed parameters set forth. Hence, the
card issuer can exercise control over their card.
PIN
See Personal Identification Number.
PIN verification
A procedure that enables the issuer to validate the cardholder identity when making a
comparison with the PIN and cardholder account number.
POI
See point of interaction.
private key
In public-key cryptography, the half of a public-key/private-key pair that is known only to the
encoder that resides on the user's system.
processor
An organization that is connected with MasterCard International Incorporated and provides
authorization and/or clearing and settlement services on behalf of a member.
public key
In public-key cryptography, the half of a public-key/private-key pair that is known to the public
and can be used to decrypt messages that were encoded by the corresponding private key.
response
A message returned by the ICC to the terminal after the processing of a command message
received by the ICC.
RID
See registered identifier.
rules
Refers to the “international operating regulations” inclusive of standards set for the brand
established by MasterCard International.
script
A command or a string of commands transmitted by the issuer to the terminal for the purpose of
being sent serially to the ICC as commands.
SDA
See static data authentication.
secret key
A key used with symmetric cryptographic techniques and usable only by a set of specified
entities.
service code
The service code is a three digit value on the magnetic stripe (i.e., tracks 1 and 2) and chip of a
bankcard which gives instructions to the terminal about the conditions under which the card may
be used. Service codes are defined by ISO.
SFI
See short file identifier.
SHA-1
See secure hash algorithm-1.
terminal
A device that allows a user to send data to, receive data from, and invoke functions of a remote
computer system.
TLV
See tag length value.
transaction counter
A transaction counter controls the number of transactions that can be processed offline before an
online request for authorization is initiated (often referred to as a “1 in N” parameter). This is an
issuer-defined parameter.
UCOL
See upper consecutive offline limit.