November 10, 2014 • Issue 14:11:01
Quick Chip is nothing more than a software update, although it’s an important one. It has been introduced by credit card companies as the next iteration of EMV technology. Visa offers this introduction video. This forecast is derived from market knowledge gained through research done since 2004. However, even this archive of more than a decade of historical data provides little guidance on the future of markets that are growing rapidly and facing disruptive technology. A little late update. Been a bit busy with some other project lately, so not much to report back on on the Warblade MK II version. I have added in some of the new aliens stuff to the editor. And been planing how to set up the online database for doing all sort of communication between the game/editor and the users account online.
Insider's report on payments:
Mobile wallets: not quite ready for prime time
By Patti Murphy
ProScribes Inc.
I've been writing about payments and technology for more than 30 years. Yet rarely have I encountered the subjects of my articles in mainstream media outlets. So I was especially struck by reports that aired recently on local and national news broadcasts regarding mobile POS payments.
The subject of those reports was the decision by certain national retail chains to block acceptance of Apple Pay in favor of a rival, merchant-backed mobile wallet. According to a recent press release, CurrentC is now in 'private pilot,' with full rollout scheduled for 2015.
Merchant Customer Exchange (MCX), the merchant-backed organization behind CurrentC, has made no secret of its desire to slash the cost of card acceptance by promoting the CurrentC mobile app. Bypassing the card networks, the app will rely on merchant-branded cards that use the automated clearing house (ACH) to clear payments against cardholder's checking accounts (a method sometimes referred to as decoupled debit).
ACH folks have been trying to capture POS market share for decades, with little success. One of the first ACH-based debit card programs was launched in the 1980s by Mobile Oil. The program, which was not heavily marketed, was shelved several years later when Mobile merged with Exxon. Most recently, the retailing giant Target launched a private-label debit card that clears payments through the ACH. Target is also a member of MCX.
NFC or QR codes?
It's not just Visa Inc., MasterCard Worldwide and banks that MCX is challenging, either. CurrentC takes an entirely different approach from that used by Apple Inc.'s recently introduced Apple Pay. Instead of using near field communication (NFC) to initiate transactions, for example, CurrentC relies on QR codes generated by customers' smartphones and scanned at the checkout.
Merchants are said to prefer QR codes to NFC because most already are equipped to read QR codes. The Federal Reserve reported that as of 2013, 17 percent of smartphone users had made at least one POS payment using their smartphones. Of those, 39 percent said they did so by scanning QR codes generated by their devices; 14 percent had initiated payments using NFC functionality. More recently, Juniper Research Ltd. predicted 101 million consumers worldwide will make payments using NFC-enabled smartphones in 2014, and 516 million will do so by 2019.
CurrentC (which works with Android phones) is heavily weighted toward potential value-adds, such as advanced marketing tools. It is also designed to track customers' purchases and to store that data as encrypted information. Apple Pay doesn't track or store customer information. Apple made a big deal of that when it launched the iPhone 6 and Apple Pay, and it's a distinction that hasn't been lost on journalists. Consumer privacy is a major concern these days, given the torrent of reports on data breaches.
The Apple effect
Meanwhile, at least two members of MCX (CVS and Rite Aid) have blocked acceptance of mobile payments initiated using iPhones. The MCX member roster reads like a who's who of consumer brands: names like Wal-Mart, Sears, Kmart, Lowe's, Bed Bath & Beyond, Best Buy, 7-Eleven, Circle K, Publix, Shell, Southwest Airlines and Wendy's. To date, only CVS and Rite Aid have taken stands against Apple Pay.
'At full scale, CurrentC will be accepted in more than 110,000 merchant locations across the country, giving consumers unmatched access to their favorite retailers. It will also offer innovative features and benefits, such as merchant loyalty programs and instant coupon savings, all stored on the phone,' Dekkers Davidson, CEO of MCX, said in a press release. That is, unless it's an iPhone 6, Apple's latest model, which features the Apple Pay mobile app. (Older iPhones should be compatible, several experts have noted.)
I'll admit that I'm not a big fan of Apple. Plus it annoys the heck out of me that Apple is always updating its iTunes software and sending pop-up notices about the need to update, a process that almost always crashes other programs that I have open on my PC. But Apple gets a lot of things right, and it has hundreds of millions of customers who already entrust the company with their credit and debit card information (for iTunes purchases). Demonstrating its popularity, Apple reported selling 10 million of its latest iPhone 6 models in the first two days of sales.
Apple Pay may or may not be superior to CurrentC. But it is available for consumers to use today, so it certainly has at least one leg up on the retailers' initiative. Apple also has plenty of big-name brands on its team. Among them: American Express Co., Bank of America, Capital One Bank, JPMorgan Chase & Co., Wells Fargo & Co., Bloomingdales, Macy's, McDonald's, Walgreens and Whole Foods.
And based on recent press releases, acquirers and processors are racing to support Apple Pay. Danny Chazonoff, Chief Operating Officer at Optimal Payments PLC, pointed to the use of encryption by Apple Pay as a big plus. 'Being able to offer Apple Pay supports our strategy of providing merchants and consumers with innovative payment options that reduce friction and provide an enhanced shopping experience, using the most secure payment technologies available,' he said.
Oops! Another data breach
As I prepared this column, news broke about a breach involving CurrentC. Apparently, hackers were able to access the e-mail addresses of consumers piloting the CurrentC mobile app. This may not be a death knell for CurrentC, but it could hamper overall adoption of mobile payments. A September 2014 survey of consumers by Statista Inc. found that 46 percent of consumers who do not use their smartphones to make payments cite security concerns as the deterrent.
Convenience is another factor. Standing in line at the coffee shop, I know exactly where my debit card is; finding and opening the mobile payment app on my mobile (or any app for that matter) takes more time. I grant it's a generational thing; I'm a baby boomer. But millennials always seem to be talking and texting via smartphone. How convenient will it be for them to pull up their wallet apps? It's issues like these that lead me to believe mobile wallets are not quite ready for prime time.
Patti Murphy is Senior Editor of The Green Sheet and President of ProScribes Inc. She is also the founder of InsideMicrofinance.com. Email her at patti@greensheet.com.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
PrevNext| Name | Description | |
|---|---|---|
| 9F01 | Acquirer Identifier | Uniquely identifies the acquirer within each payment system |
| 9F40 | Additional Terminal Capabilities | Indicates the data input and output capabilities of the terminal |
| 81 | Amount, Authorised (Binary) | Authorised amount of the transaction (excluding adjustments) |
| 9F02 | Amount, Authorised (Numeric) | Authorised amount of the transaction (excluding adjustments) |
| 9F04 | Amount, Other (Binary) | Secondary amount associated with the transaction representing a cashback amount |
| 9F03 | Amount, Other (Numeric) | Secondary amount associated with the transaction representing a cashback amount |
| 9F3A | Amount, Reference Currency | Authorised amount expressed in the reference currency |
| 9F26 | Application Cryptogram | Cryptogram returned by the ICC in response of the GENERATE AC command |
| 9F42 | Application Currency Code | Indicates the currency in which the account is managed according to ISO 4217 |
| 9F44 | Application Currency Exponent | Indicates the implied position of the decimal point from the right of the amount represented according to ISO 4217 |
| 9F05 | Application Discretionary Data | Issuer or payment system specified data relating to the application |
| 5F25 | Application Effective Date | Date from which the application may be used |
| 5F24 | Application Expiration Date | Date after which application expires |
| 94 | Application File Locator (AFL) | Indicates the location (SFI, range of records) of the AEFs related to a given application |
| 4F | Application Identifier (AID) – card | Identifies the application as described in ISO/IEC 7816-5 |
| 9F06 | Application Identifier (AID) – terminal | Identifies the application as described in ISO/IEC 7816-5 |
| 82 | Application Interchange Profile | Indicates the capabilities of the card to support specific functions in the application |
| 50 | Application Label | Mnemonic associated with the AID according to ISO/IEC 7816-5 |
| 9F12 | Application Preferred Name | Preferred mnemonic associated with the AID |
| 5A | Application Primary Account Number (PAN) | Valid cardholder account number |
| 5F34 | Application Primary Account Number (PAN) Sequence Number | Identifies and differentiates cards with the same PAN |
| 87 | Application Priority Indicator | Indicates the priority of a given application or group of applications in a directory |
| 9F3B | Application Reference Currency | 1–4 currency codes used between the terminal and the ICC when the Transaction Currency Code is different from the Application Currency Code; each code is 3 digits according to ISO 4217 |
| 9F43 | Application Reference Currency Exponent | Indicates the implied position of the decimal point from the right of the amount, for each of the 1–4 reference currencies represented according to ISO 4217 |
| — | Application Selection Indicator | For an application in the ICC to be supported by an application in the terminal, the Application Selection Indicator indicates whether the associated AID in the terminal must match the AID in the card exactly, including the length of the AID, or only up to the length of the AID in the terminalThere is only one Application Selection Indicator per AID supported by the terminal |
| 61 | Application Template | Contains one or more data objects relevant to an application directory entry according to ISO/IEC 7816-5 |
| 9F36 | Application Transaction Counter (ATC) | Counter maintained by the application in the ICC (incrementing the ATC is managed by the ICC) |
| 9F07 | Application Usage Control | Indicates issuer’s specified restrictions on the geographic usage and services allowed for the application |
| 9F08 | Application Version Number | Version number assigned by the payment system for the application |
| 9F09 | Application Version Number | Version number assigned by the payment system for the application |
| 89 | Authorisation Code | Value generated by the authorisation authority for an approved transaction |
| 8A | Authorisation Response Code | Code that defines the disposition of a message |
| — | Authorisation Response Cryptogram (ARPC) | Cryptogram generated by the issuer and used by the card to verify that the response came from the issuer. |
| 5F54 | Bank Identifier Code (BIC) | Uniquely identifies a bank as defined in ISO 9362. |
| 8C | Card Risk Management Data Object List 1 (CDOL1) | List of data objects (tag and length) to be passed to the ICC in the first GENERATE AC command |
| 8D | Card Risk Management Data Object List 2 (CDOL2) | List of data objects (tag and length) to be passed to the ICC in the second GENERATE AC command |
| — | Card Status Update (CSU) | Contains data sent to the ICC to indicate whether the issuer approves or declines the transaction, and to initiate actions specified by the issuer. Transmitted to the card in Issuer Authentication Data. |
| 5F20 | Cardholder Name | Indicates cardholder name according to ISO 7813 |
| 9F0B | Cardholder Name Extended | Indicates the whole cardholder name when greater than 26 characters using the same coding convention as in ISO 7813 |
| 8E | Cardholder Verification Method (CVM) List | Identifies a method of verification of the cardholder supported by the application |
| 9F34 | Cardholder Verification Method (CVM) Results | Indicates the results of the last CVM performed |
| — | Certification Authority Public Key Check Sum | A check value calculated on the concatenation of all parts of the Certification Authority Public Key (RID, Certification Authority Public Key Index, Certification Authority Public Key Modulus, Certification Authority Public Key Exponent) using SHA-1 |
| — | Certification Authority Public Key Exponent | Value of the exponent part of the Certification Authority Public Key |
| 8F | Certification Authority Public Key Index | Identifies the certification authority’s public key in conjunction with the RID |
| 9F22 | Certification Authority Public Key Index | Identifies the certification authority’s public key in conjunction with the RID |
| — | Certification Authority Public Key Modulus | Value of the modulus part of the Certification Authority Public Key |
| 83 | Command Template | Identifies the data field of a command message |
| 9F27 | Cryptogram Information Data | Indicates the type of cryptogram and the actions to be performed by the terminal |
| 9F45 | Data Authentication Code | An issuer assigned value that is retained by the terminal during the verification process of the Signed Static Application Data |
| 84 | Dedicated File (DF) Name | Identifies the name of the DF as described in ISO/IEC 7816-4 |
| — | Default Dynamic Data Authentication Data Object List (DDOL) | DDOL to be used for constructing the INTERNAL AUTHENTICATE command if the DDOL in the card is not present |
| — | Default Transaction Certificate Data Object List (TDOL) | TDOL to be used for generating the TC Hash Value if the TDOL in the card is not present |
| 9D | Directory Definition File (DDF) Name | Identifies the name of a DF associated with a directory |
| 73 | Directory Discretionary Template | Issuer discretionary part of the directory according to ISO/IEC 7816-5 |
| 9F49 | Dynamic Data Authentication Data Object List (DDOL) | List of data objects (tag and length) to be passed to the ICC in the INTERNAL AUTHENTICATE command |
| 70 | EMV Proprietary Template | Template proprietary to the EMV specification |
| — | Enciphered Personal Identification Number (PIN) Data | Transaction PIN enciphered at the PIN pad for online verification or for offline verification if the PIN pad and IFD are not a single integrated device |
| BF0C | File Control Information (FCI) Issuer Discretionary Data | Issuer discretionary part of the FCI |
| A5 | File Control Information (FCI) Proprietary Template | Identifies the data object proprietary to this specification in the FCI template according to ISO/IEC 7816-4 |
| 6F | File Control Information (FCI) Template | Identifies the FCI template according to ISO/IEC 7816-4 |
| 9F4C | ICC Dynamic Number | Time-variant number generated by the ICC, to be captured by the terminal |
| 9F2D | Integrated Circuit Card (ICC) PIN Encipherment Public Key Certificate | ICC PIN Encipherment Public Key certified by the issuer |
| 9F2E | Integrated Circuit Card (ICC) PIN Encipherment Public Key Exponent | ICC PIN Encipherment Public Key Exponent used for PIN encipherment |
| 9F2F | Integrated Circuit Card (ICC) PIN Encipherment Public Key Remainder | Remaining digits of the ICC PIN Encipherment Public Key Modulus |
| 9F46 | Integrated Circuit Card (ICC) Public Key Certificate | ICC Public Key certified by the issuer |
| 9F47 | Integrated Circuit Card (ICC) Public Key Exponent | ICC Public Key Exponent used for the verification of the Signed Dynamic Application Data |
| 9F48 | Integrated Circuit Card (ICC) Public Key Remainder | Remaining digits of the ICC Public Key Modulus |
| 9F1E | Interface Device (IFD) Serial Number | Unique and permanent serial number assigned to the IFD by the manufacturer |
| 5F53 | International Bank Account Number (IBAN) | Uniquely identifies the account of a customer at a financial institution as defined in ISO 13616. |
| 9F0D | Issuer Action Code – Default | Specifies the issuer’s conditions that cause a transaction to be rejected if it might have been approved online, but the terminal is unable to process the transaction online |
| 9F0E | Issuer Action Code – Denial | Specifies the issuer’s conditions that cause the denial of a transaction without attempt to go online |
| 9F0F | Issuer Action Code – Online | Specifies the issuer’s conditions that cause a transaction to be transmitted online |
| 9F10 | Issuer Application Data | Contains proprietary application data for transmission to the issuer in an online transaction |
| 91 | Issuer Authentication Data | Data sent to the ICC for online issuer authentication |
| 9F11 | Issuer Code Table Index | Indicates the code table according to ISO/IEC 8859 for displaying the Application Preferred Name |
| 5F28 | Issuer Country Code | Indicates the country of the issuer according to ISO 3166 |
| 5F55 | Issuer Country Code (alpha2 format) | Indicates the country of the issuer as defined in ISO 3166 (using a 2 character alphabetic code) |
| 5F56 | Issuer Country Code (alpha3 format) | Indicates the country of the issuer as defined in ISO 3166 (using a 3 character alphabetic code) |
| 42 | Issuer Identification Number (IIN) | The number that identifies the major industry and the card issuer and that forms the first part of the Primary Account Number (PAN) |
| 90 | Issuer Public Key Certificate | Issuer public key certified by a certification authority |
| 9F32 | Issuer Public Key Exponent | Issuer public key exponent used for theverification of the Signed Static Application Data and the ICC Public Key Certificate |
| 92 | Issuer Public Key Remainder | Remaining digits of the Issuer Public Key Modulus |
| 86 | Issuer Script Command | Contains a command for transmission to the ICC |
| 9F18 | Issuer Script Identifier | Identification of the Issuer Script |
| — | Issuer Script Results | Indicates the result of the terminal script processing |
| 71 | Issuer Script Template 1 | Contains proprietary issuer data for transmission to the ICC before the second GENERATE AC command |
| 72 | Issuer Script Template 2 | Contains proprietary issuer data for transmission to the ICC after the second GENERATE AC command |
| 5F50 | Issuer URL | The URL provides the location of the Issuer’s Library Server on the Internet. |
| 5F2D | Language Preference | 1–4 languages stored in order of preference, each represented by 2 alphabetical characters according to ISO 639Note: EMVCo strongly recommends that cards be personalised with data element '5F2D' coded in lowercase, but that terminals accept the data element whether it is coded in upper or lower case. |
| 9F13 | Last Online Application Transaction Counter (ATC) Register | ATC value of the last transaction that went online |
| 9F4D | Log Entry | Provides the SFI of the Transaction Log file and its number of records |
| 9F4F | Log Format | List (in tag and length format) of data objects representing the logged data elements that are passed to the terminal when a transaction log record is read |
| 9F14 | Lower Consecutive Offline Limit | Issuer-specified preference for the maximum number of consecutive offline transactions for this ICC application allowed in a terminal with online capability |
| — | Maximum Target Percentage to be used for Biased Random Selection | Value used in terminal risk management for random transaction selection |
| 9F15 | Merchant Category Code | Classifies the type of business being done by the merchant, represented according to ISO 8583:1993 for Card Acceptor Business Code |
| 9F16 | Merchant Identifier | When concatenated with the Acquirer Identifier, uniquely identifies a given merchant |
| 9F4E | Merchant Name and Location | Indicates the name and location of the merchant |
| — | Message Type | Indicates whether the batch data capture record is a financial record or advice |
| — | Personal Identification Number (PIN) Pad Secret Key | Secret key of a symmetric algorithm used by the PIN pad to encipher the PIN and by the card reader to decipher the PIN if the PIN pad and card reader are not integrated |
| 9F17 | Personal Identification Number (PIN) Try Counter | Number of PIN tries remaining |
| 9F39 | Point-of-Service (POS) Entry Mode | Indicates the method by which the PAN was entered, according to the first two digits of the ISO 8583:1987 POS Entry Mode |
| 9F38 | Processing Options Data Object List (PDOL) | Contains a list of terminal resident data objects (tags and lengths) needed by the ICC in processing the GET PROCESSING OPTIONS command |
| — | Proprietary Authentication Data | Contains issuer data for transmission to the card in the Issuer Authentication Data of an online transaction.For a cryptogram defined by the Common Core Definitions with a Cryptogram Version of '4', the Proprietary Authentication Data element shall be 0 bytes long. The only Cryptogram Version currently defined for the Common Core Definitions is '4'. |
| 80 | Response Message Template Format 1 | Contains the data objects (without tags and lengths) returned by the ICC in response to a command |
| 77 | Response Message Template Format 2 | Contains the data objects (with tags and lengths) returned by the ICC in response to a command |
| 5F30 | Service Code | Service code as defined in ISO/IEC 7813 for track 1 and track 2 |
| 88 | Short File Identifier (SFI) | Identifies the SFI to be used in the commands related to a given AEF or DDF. The SFI data object is a binary field with the three high order bits set to zero. |
| 9F4B | Signed Dynamic Application Data | Digital signature on critical application parameters for DDA or CDA |
| 93 | Signed Static Application Data | Digital signature on critical application parameters for SDA |
| 9F4A | Static Data Authentication Tag List | List of tags of primitive data objects defined in this specification whose value fields are to be included in the Signed Static or Dynamic Application Data |
| — | Target Percentage to be Used for Random Selection | Value used in terminal risk management for random transaction selection |
| — | Terminal Action Code – Default | Specifies the acquirer’s conditions that cause a transaction to be rejected if it might have been approved online, but the terminal is unable to process the transaction online |
| — | Terminal Action Code – Denial | Specifies the acquirer’s conditions that cause the denial of a transaction without attempt to go online |
| — | Terminal Action Code – Online | Specifies the acquirer’s conditions that cause a transaction to be transmitted online |
| 9F33 | Terminal Capabilities | Indicates the card data input, CVM, and security capabilities of the terminal |
| 9F1A | Terminal Country Code | Indicates the country of the terminal, represented according to ISO 3166 |
| 9F1B | Terminal Floor Limit | Indicates the floor limit in the terminal in conjunction with the AID |
| 9F1C | Terminal Identification | Designates the unique location of a terminal at a merchant |
| 9F1D | Terminal Risk Management Data | Application-specific value used by the card for risk management purposes |
| 9F35 | Terminal Type | Indicates the environment of the terminal, its communications capability, and its operational control |
| 95 | Terminal Verification Results | Status of the different functions as seen from the terminal |
| — | Threshold Value for Biased Random Selection | Value used in terminal risk management for random transaction selection |
| 9F1F | Track 1 Discretionary Data | Discretionary part of track 1 according to ISO/IEC 7813 |
| 9F20 | Track 2 Discretionary Data | Discretionary part of track 2 according to ISO/IEC 7813 |
| 57 | Track 2 Equivalent Data | Contains the data elements of track 2 according to ISO/IEC 7813, excluding start sentinel, end sentinel, and Longitudinal Redundancy Check (LRC), as follows:Primary Account Number (n, var. up to 19)Field Separator (Hex 'D') (b)Expiration Date (YYMM) (n 4)Service Code (n 3)Discretionary Data (defined by individual payment systems) (n, var.)Pad with one Hex 'F' if needed to ensure whole bytes (b) |
| — | Transaction Amount | Clearing amount of the transaction, including tips and other adjustments |
| 98 | Transaction Certificate (TC) Hash Value | Result of a hash function specified in Book 2, Annex B3.1 |
| 97 | Transaction Certificate Data Object List (TDOL) | List of data objects (tag and length) to be used by the terminal in generating the TC Hash Value |
| 5F2A | Transaction Currency Code | Indicates the currency code of the transaction according to ISO 4217 |
| 5F36 | Transaction Currency Exponent | Indicates the implied position of the decimal point from the right of the transaction amount represented according to ISO 4217 |
| 9A | Transaction Date | Local date that the transaction was authorised |
| 99 | Transaction Personal Identification Number (PIN) Data | Data entered by the cardholder for the purpose of the PIN verification |
| 9F3C | Transaction Reference Currency Code | Code defining the common currency used by the terminal in case the Transaction Currency Code is different from the Application Currency Code |
| — | Transaction Reference Currency Conversion | Factor used in the conversion from the Transaction Currency Code to the Transaction Reference Currency Code |
| 9F3D | Transaction Reference Currency Exponent | Indicates the implied position of the decimal point from the right of the transaction amount, with the Transaction Reference Currency Code represented according to ISO 4217 |
| 9F41 | Transaction Sequence Counter | Counter maintained by the terminal that is incremented by one for each transaction |
| 9B | Transaction Status Information | Indicates the functions performed in a transaction |
| 9F21 | Transaction Time | Local time that the transaction was authorised |
| 9C | Transaction Type | Indicates the type of financial transaction, represented by the first two digits of ISO 8583:1987 Processing Code |
| 9F37 | Unpredictable Number | Value to provide variability and uniqueness to the generation of a cryptogram |
| 9F23 | Upper Consecutive Offline Limit | Issuer-specified preference for the maximum number of consecutive offline transactions for this ICC application allowed in a terminal without online capability |
Emv Chip Reader Writer Software
https://emvlab.org/ – the one stop site for payment system researchers and practitioners – © 2009–2019
This site is run by Steven Murdoch and hosted by the Information Security Group at University College London. More details about the work we are doing can be found on our information security research blog: Bentham’s Gaze.
Emv Software X2 Free
EMV® is a registered trademark of EMVCo LLC. This site and its operators are not affiliated or associated with or endorsed by EMVCo. All other trademarks and registered trademarks are the property of their respective owners.