SECTION 6: MERCHANT EDUCATION
6.1. Guidance for a Successful Training Program
It is best if EMV training is delivered prior to implementing EMV in the Merchant environment. EMV training should also be readily available for staff to access if needed as a reference and should also be available on an ongoing basis for newly hired employees.
BEST PRACTICE: We recommend creating a quick reference guide with key information on accepting Chip Cards and magnetic stripe cards to be kept near the Terminal.
We
B recommend making EMV training interactive and including hands-on practice accepting both Chip Cards and magnetic stripe cards.
Additionally, it is
B recommended that Merchants work with their Acquirers if they have questions or
need additional support relating to processing EMV transactions.
Some key topics that should be included in EMV training are:
The benefits of EMV with regards to fraud risk and fraud liability B
Inserting the Chip Card B
Following the Terminal prompts B
Fallback B
PIN entry and PIN Bypass (as appropriate to local usage) B
Handling common customer inquiries B
The requirement to continue to accept all types of card products B
APPENDIX
APPENDIX A: CAPK INFORMATION
CAPK Format DetailUnless otherwise stated, the values within the CAPK format are detailed in their hexidecimal representation. Table A-1: CAPK Format Detail
Field Name Length
(Bytes)
Hashed Description
Header 1 No Set to 20
Service Identifier 4 No American Express Product Identifier.
Set to 00 00 00 00
Length of CAPK Modulus 2 No Length of CAPK modulus.
Current valid values = 00 80 (1024 bits), 0090 (1152), 00B0 (1408 bits), 00F8 (1984 bits)
CAPK Algorithm Indicator 1 No Cryptographic algorithm ID used to generate the CAPK.
Set to 01
Length of CAPK Exponent 1 No Length of CAPK exponent. Set to 01
RID 5 Yes Set to A0 00 00 00 25
CAPK Index 1 Yes Unique CAPK index number
CAPK Modulus Variable Yes CAPK modulus
CAPK Exponent Variable Yes CAPK exponent. Set to 03
Hash Value 20 No Hash of components indicated in
“hashed” column
Live CAPKs
There are four live CAPKs. They are sent out in text and binary formats in a zip file. Table A-2: Live CAPKs
Key File Name CAPK Index CAPK Length
Lca00003.dat Lca00003.txt 03 00 80 (hex = 128 bytes = 1024 Bits Lca0000E.dat Lca0000E.txt 0E 00 90 (hex) = 144 bytes = 1152 Bits Lca0000F.dat Lca0000F.txt 0F 00 B0 (hex) = 176 bytes = 1408 Bits Lca00010. dat Lca00010.txt 10 00 F8 (hex) = 248 bytes = 1984 Bits
APPENDIX
The text versions of these keys are included below: Key Index 03 (1024)
Header 20
Service Identifier 00 00 00 00
Length of CAPK Modulus 00 80
CAPK Algorithm Indicator 01
Length of CAPK Exponent 01
RID A0 00 00 00 25
CAPK Index 03
CAPK Modulus B0C2C6E2A6386933CD17C239496BF48C57E389164F2A96BFF133439AE8A77B20498BD4DC6959AB0
C2D05D0723AF3668901937B674E5A2FA92DDD5E78EA9D75D79620173CC269B35F463B3D4AAFF27 94F92E6C7A3FB95325D8AB95960C3066BE548087BCB6CE12688144A8B4A66228AE4659C634C99E3 6011584C095082A3A3E3
CAPK Exponent 03
Hash Value 8708A3E3BBC1BB0BE73EBD8D19D4E5D20166BF6C
Key Index 0E (1152) Header 20
Service Identifier 00 00 00 00
Length of CAPK Modulus 00 90
CAPK Algorithm Indicator 01
Length of CAPK Exponent 01
RID A0 00 00 00 25
CAPK Index 0E
CAPK Modulus AA94A8C6DAD24F9BA56A27C09B01020819568B81A026BE9FD0A3416CA9A71166ED5084ED91CED4
7DD457DB7E6CBCD53E560BC5DF48ABC380993B6D549F5196CFA77DFB20A0296188E969A2772E8C4 141665F8BB2516BA2C7B5FC91F8DA04E8D512EB0F6411516FB86FC021CE7E969DA94D33937909A53 A57F907C40C22009DA7532CB3BE509AE173B39AD6A01BA5BB85
CAPK Exponent
APPENDIX Key Index 0F (1408)
Header 20
Service Identifier 00 00 00 00
Length of CAPK Modulus 00 B0
CAPK Algorithm Indicator 01
Length of CAPK Exponent 01
RID A0 00 00 00 25
CAPK Index 0F
CAPK Modulus C8D5AC27A5E1FB89978C7C6479AF993AB3800EB243996FBB2AE26B67B23AC482C4B746005A51AFA
7D2D83E894F591A2357B30F85B85627FF15DA12290F70F05766552BA11AD34B7109FA49DE29DCB01 09670875A17EA95549E92347B948AA1F045756DE56B707E3863E59A6CBE99C1272EF65FB66CBB4CFF 070F36029DD76218B21242645B51CA752AF37E70BE1A84FF31079DC0048E928883EC4FADD497A719 385C2BBBEBC5A66AA5E5655D18034EC5
CAPK Exponent 03
Hash Value A73472B3AB557493A9BC2179CC8014053B12BAB4
Key Index 10 (1984)
Header 20
Service Identifier 00 00 00 00
Length of CAPK Modulus 00 F8
CAPK Algorithm Indicator 01
Length of CAPK Exponent 01
RID A0 00 00 00 25
CAPK Index 10
CAPK Modulus CF98DFEDB3D3727965EE7797723355E0751C81D2D3DF4D18EBAB9FB9D49F38C8C4A826B99DC9DEA
3F01043D4BF22AC3550E2962A59639B1332156422F788B9C16D40135EFD1BA94147750575E636B6EB C618734C91C1D1BF3EDC2A46A43901668E0FFC136774080E888044F6A1E65DC9AAA8928DACBEB0D B55EA3514686C6A732CEF55EE27CF877F110652694A0E3484C855D882AE191674E25C296205BBB599 455176FDD7BBC549F27BA5FE35336F7E29E68D783973199436633C67EE5A680F05160ED12D1665EC 83D1997F10FD05BBDBF9433E8F797AEE3E9F02A34228ACE927ABE62B8B9281AD08D3DF5C7379685 045D7BA5FCDE58637 CAPK Exponent 03
APPENDIX
APPENDIX B: DISPLAYABLE MESSAGES
Table B-1 details the possible messages that a Terminal may display during an AEIPS transaction. The table also provides details on when each message may be used. This is provided as guidance, but is not an exhaustive list.
Table B-1: Displayable Terminal Messages
Message Text Usage
AUTH CODE: nnnnn Used to display the actual authorization code, or, if a transaction is approved
by the Terminal, used to display the code that is created by the Terminal.
CALL AUTH CENTER Used to inform the Merchant that a referral is needed upon the request of the
Acquirer or due to connectivity issues.
CALL ISSUER Used when a referral response is sent to the Terminal, indicating that the
Merchant needs to contact the Issuer.
CALL HELP DESK Used when the Terminal has a technical issue that requires assistance to
resolve.
CARD NOT AUTHORIZED Transaction not approved (see DECLINED).
CHECK SIGNATURE Used to prompt for visual verification of the signature.
COMPLETED Used to indicate that the transaction has finished.
CONNECTION MADE Used to indicate connectivity has been successfully established between the
Terminal and the Acquirer host.
DECLINED
Printed or displayed on completion of a voice referral where the Acquirer, Issuer, or card has declined the transaction, and the Merchant has indicated this to the Terminal.
DO NOT REMOVE CARD Warns Cardmember/Merchant not to remove card.
ENTER AMOUNT Used to prompt for amount entry.
CARDMEMBER ENTER
PIN Either of these can be used whenever the Cardmember is required to enter his
or her PIN number. ENTER PIN
ESTIMATED MAXIMUM AMOUNT XXX.XX
Used in hotels, car rental, restaurants, and bars when the Cardmember commences a transaction, the final value of which is not yet known. MAX AMOUNT XXX.XX
OPEN TAB MAXIMUM XXX.XX ENTER PIN
EXPIRES MM/YY Used to prompt for input of the card expiration date.
GRATUITY?
APPENDIX Message Text Usage
INSERT AGAIN Used to indicate that the chip has not been read successfully.
INSERT CARD Used to prompt that the Chip Card be inserted rather than swiped.
ISSUER DECLINE – CARDMEMBER SHOULD CONTACT ISSUER
Used to inform both Merchant and Cardmember of the transaction result and the action they need to take.
DECLINED BY CARD – CARDMEMBER SHOULD CONTACT ISSUER
KEY CARD NUMBER Used to indicate that the magnetic stripe has not been read successfully three
times. LAST PIN TRY
Warns Cardmember that he or she is about to have a final attempt at entry before the PIN may be locked.
INCORRECT PIN – LAST PIN TRY
LINE BUSY Used to indicate that the telephone line to which the Terminal is connected is
already in use.
LOADING Used to indicate the Terminal is receiving configuration data from a remote
computer. MAXIMUM $XX
– PLEASE ENTER PIN Indicates the maximum amount for which the transaction can be completed.
OPEN TAB MAXIMUM $XX.XX ENTER PIN
Used in bars and restaurants to advise the Cardmember of the maximum amount they may be charged, when a card is held behind the bar until the final payment is made.
PASS CARD TO
MERCHANT Used to prompt Cardmember to hand card to cashier.
PIN ERROR or INVALID PIN
Used to indicate an incorrect PIN has been entered. INCORRECT PIN
– CARDMEMBER RETRY
PIN LOCKED Used to indicate that the PIN on the Chip Card has been locked on this or a
previous transaction. PIN TRY LIMIT
EXCEEDED – CALL ISSUER
Where PIN try counter = 0.
APPENDIX Message Text Usage
PLEASE INITIALIZE
Used to indicate that the Terminal needs to perform initialization to download new software or parameters (“PSE INITIALIZE” if only 16 digits of display are available).
PROCESSING – PLEASE WAIT
Used when Terminal is interacting with the card and during which time the
card should not be removed.
PLEASE WAIT Used on receipt of a “hold” message with an empty message data element,
otherwise the Terminal shall display the message data element contents.
REFERRAL Used to inform the Merchant that a referral is needed or is underway.
REMOVE CARD Used to prompt either Cardmember or Merchant to remove the card from the
Terminal.
REQUEST INVALID Used to indicate that the requested transaction is not supported for the card
presented.
SELECT PAYMENT TYPE Used when multiple payment options are available from a single card (e.g.,
credit or debit). SESSION TOTALS
NOT AGREED UNCONFIRMED CANNOT CONFIRM
Used during a reconciliation to advise the Merchant of the status of the reconciliation transaction.
STORE FULL Used to advise the Merchant that the post-event store of transactions is full
and the Terminal needs to contact the Acquirer.
SUPERVISOR CARD Used to prompt the swiping or insertion of the supervisor card in order that
certain functions can proceed.
SWIPE AGAIN Used to indicate that the magnetic stripe has not been read successfully.
SWIPE CARD Used at the point in the procedure where card input is required for a magnetic
stripe card. TRANSACTION
COMPLETE Signifies that transaction has been completed.
TRANSACTION VOID Used if the transaction is canceled at the Terminal prior to completion of a
voice referral. UNABLE TO GO ONLINE,
OFFLINE APPROVED
May be used to provide further advice on how the transaction has been processed.
UNABLE TO GO ONLINE, OFFLINE DECLINED
May be used to provide further advice on how the transaction has been processed.
APPENDIX
APPENDIX C: GLOSSARY AND ACRONYMS
4CSC Four-Digit Card Security Code
4DBC Four-Digit Batch Code
AAC Application Authentication Cryptogram. A type of Cryptogram indicating that the Chip
Card has declined the transaction
AC Application Cryptogram
Acquirer An entity that has a contract with a Merchant pursuant to which:
i. A Cardmember is entitled to charge purchases of goods or services at such a Merchant by means of a card, and,
ii. The Merchant agrees to transfer such charges to the Acquirer
AEIPS American Express ICC Payment Specification. AEIPS has two separate specifications:
AEIPS Chip Card Specification [AEIPS-CARD], which defines the technical data •
elements and functionality for all American Express entities when implementing Chip Cards.
AEIPS Terminal Specification [AEIPS-TERM], which outlines the Terminal •
functionality required to process American Express EMV transactions.
AID Application Identifier. A value defined by [ISO 7816-5] and used to identify the
application to the Terminal
ANSI American National Standards Institute
Application Selection Indicator
An indicator within the Terminal software that determines whether partial application selection can occur
ARPC Authorization Response Cryptogram. A type of Cryptogram generated by the Issuer,
used to enable the Chip Card to validate the authorization response
ARQC Authorization Request Cryptogram. A type of Cryptogram that is generated by a Chip
Card when it determines that a transaction should be sent Online
ARC Authorization Response Code
ASCII American Standard Code for Information Interchange. A code for representing
characters as binary numbers
AXP American Express
BIN Bank Identification Number. A six-digit number identifying the Issuer institution. It is
also used as the first six digits of a card account number issued by the Issuer.
APPENDIX Card
Authentication
The process by which EMV-compliant Chip Cards authenticate themselves to Terminals and Issuer systems
Cardholder Verification
The process by which the Cardmember’s identity is verified
Cardmember A person who has entered into an agreement and established a card account with
any Issuer, or a person whose name is embossed on a card
CDA Combined DDA / AC generation
Chip Card A card that has a silicon chip embedded into it
Cryptogram Security data created by the Chip Card or Issuer systems and used to validate a transaction or authorization response
CVM Cardholder Verification Method
CVR Card Verification Results
DDA Dynamic Data Authentication. A means by which a Terminal can authenticate a Chip
Card, as defined by EMV
DDOL DDA Data Object List
EMV A term that is used to refer to the global specifications maintained by EMVCo. The
application that resides on the Chip Card, and the application that resides on the Terminal used to generate transactions. “EMV” is a trademark of EMVCo, LLC.
EMVCo EMVCo LLC, the organization that manages the EMV specifications and the approval
process for cards and Terminals
Exception File A file of account numbers used during Stand-In authorization, for which the Issuer has predetermined either an authorization decision of denial (i.e., negative status), or requires special handling (i.e., VIP)
Fallback When an EMV transaction cannot be completed in an EMV-enabled Terminal utilizing
EMV technology, the Terminal then reads the magnetic stripe
Floor Limit The maximum monetary amount for a single transaction, at or above which
authorization must be obtained before completing the transaction
IAC Issuer Action Code
IAD Issuer Authentication Data
ICC Integrated Circuit Card, alternate term for Chip Card
ISO International Organization for Standardization
Issuer Any entity issuing a payment card or engaging in the payment card issuing business
Issuer Script A collection of card commands constructed and sent by the Issuer for the purpose of updating and managing their cards
APPENDIX
LCOL Lower Consecutive Offline Limit
MAC Message Authentication Code
Merchant Any person who has entered into a contract with an Acquirer, wherein such entity
agrees to:
i. Permit any Cardmember to charge purchases of goods and services at or from such entity by means of a card, and
ii. Transfer such charges to an Acquirer
Offline When a transaction is performed without the Terminal connecting to the Acquirer
Online A transaction that is sent to the Acquirer prior to transaction completion
PAN Primary Account Number
Payment Brands A party operating a card payment network
PCI DSS Payment Card Industry Data Security Standard
PED PIN Entry Device
PIN Personal Identification Number
PIN Bypass A program allowing Merchants at a Chip/PIN Terminal to proactively bypass the
PIN entry to prevent high authorization declines due to a Cardmember’s inability to remember his or her PIN
PIN Pad The component of a Terminal that is used by the Cardmember to enter the PIN for
Cardholder Verification
PIX Proprietary Application Identifier Extension
POS Point of Sale; see Terminal
Reseller An entity that buys Terminals from a Terminal Vendor, develops and implements
country-specific software, and then resells them to Merchants or other customers
RID Registered Application Provider Identifier
SAC Stand-In Action Code
SDA Static Data Authentication. A means by which a Terminal can authenticate a Chip
Card, as defined by EMV
Stand-In When an Issuer is not available to authorize a transaction, the Merchant can Stand-In for the Issuer and make a decision as to whether or not he or she is willing to accept the risk and authorize the transaction
Stand-In Floor Limit
A maximum monetary amount for a single Stand-In transaction, at or above which the Merchant must obtain an authorization before completing the transaction. This value is only used during Stand-In and can be loaded into the Terminal or the Third Party Processor’s host system
APPENDIX
TAC Terminal Action Code
TC Transaction Certificate. A digital signature comprised of Issuer selected data objects.
The TC is generated by the Chip Card at the end of an approved transaction, enabling the Issuer to verify that critical chip data was not changed prior to card validation
TDOL Transaction Certificate Data Object List
Terminal A device capable of accepting American Express Card products for payment for goods
or services Terminal Floor
Limit
A maximum monetary amount for a single transaction, loaded into the Terminal, at or above which the Terminal must obtain an authorization before completing the transaction
Terminal Vendor A party that manufactures and sells Terminals Third Party
Processor
A party that processes American Express transactions on behalf of Merchants, Acquirers, or Issuers
TVR Terminal Verification Results
UPT Unattended Payment Terminal. An unattended, card-reading device that dispenses a
product or provides a service which is paid for with a card (e.g., gasoline pump), upon activation by a valid card. Also known as a Card-Activated Terminal or CAT