Request Cryptogram—The terminal requests a cryptogram from the card

A decision for an offline approval or to go online made during Terminal Action Analysis is not final. As a result of Card Action Analysis (see Chapter 11, Card Action Analysis), the card may override the terminal’s decision. Decisions to decline offline may not be

overridden.

Terminal Action Analysis shall be performed as described in EMV Book 3, section 10.7, and EMV Book 4, section 6.3.6.

This chapter includes the following sections:

10.1 Card Data 10.2 Terminal Data

10.3 GENERATE APPLICATION CRYPTOGRAM (AC) Command 10.4 Processing

10.5 Prior Related Processing

10.6 Subsequent Related Processing

10 Terminal Action Analysis Visa Integrated Circuit Card Specification (VIS)

10.1 Card Data Version 1.5

10.1 Card Data

The terminal uses the card data elements described in Table 10-1 in Terminal Action Analysis or during Request Cryptogram Processing. These data elements were

previously read from the card during Read Application Data. For a detailed description of these data elements and their usage, see Appendix A, VIS Data Element Tables.

Note: The cryptogram algorithms defined in Appendix D do not use the Transaction Certificate Data Object List (TDOL). For proprietary cryptograms see EMV Book 3, section 9.2.2 for more information on use of a TDOL.

Section 10.4.1 contains an example of how the IACs and TACs are used with the Terminal Verification Results (TVR) to determine transaction disposition.

Table 10-1: Terminal Action Analysis—Card Data

Data Element Description

Card Risk Management Data Object List 1 (CDOL1), '8C'

The CDOL1 shall contain the tags and lengths for the terminal data objects that are needed by the card to generate an application cryptogram or for other card processing. Refer to section D.3.1, Data Input for CVN 10 and section D.4.1, Data Input for CVN 18, for cryptogram CDOL1 requirements.

Chapter 11, Card Action Analysis, shows the CDOL1 requirements for Card Action Analysis.

Issuer Action Codes (IACs) The IACs are three data elements, each consisting of a series of bits corresponding to the bits in the Terminal Verification Results (TVR). During personalization, the issuer should set an IAC bit to 1b if the corresponding TVR condition is to result in the action designated by the IAC. The three IACs are:

 IAC—Denial, '9F0E''

The issuer sets the IAC bits to 1b that correspond to the TVR bits for conditions which the issuer wishes to result in an offline decline.

 IAC—Online, '9F0F'

The issuer sets the bits to 1b that correspond to the TVR bits for conditions which the issuer would like to result in an online authorization.

 IAC—Default, '9F0D'

The issuer sets the bits to 1b that correspond to the TVR bits for conditions which the issuer would like to default to an offline decline if online processing is requested but not available.

Visa Integrated Circuit Card Specification (VIS) 10 Terminal Action Analysis

Version 1.5 10.1 Card Data

Note: Setting any of the following bits in the IACs or TACs will not influence the

outcome of the transaction, because the associated TVR bits will never be set at the times the terminal compares the IACs and TACs to the TVR:

– Issuer Authentication was unsuccessful

– Issuer Script processing failed before final GENERATE AC command – Issuer Script processing failed after final GENERATE AC command

The IACs are included in the data elements recommended for validation by Offline Data Authentication. If the IACs are included in the validation data, then they should not be changed without also updating the Signed Static Application Data (SAD) and the ICC PK Certificate. Otherwise, SDA, DDA and CDA will fail.

10 Terminal Action Analysis Visa Integrated Circuit Card Specification (VIS)

10.2 Terminal Data Version 1.5

10.2 Terminal Data

For a detailed description of these data elements and their usage, see Appendix A, VIS Data Element Tables, the Visa Transaction Acceptance Device Requirements and the Visa Transaction Acceptance Device Guide.

The terminal uses the terminal data elements described in Table 10-2 during Terminal Action Analysis or Request Cryptogram Processing.

Note: The cryptogram algorithms defined in Appendix D do not use a TDOL or TC Hash Value. For proprietary cryptograms see EMV Book 3, section 9.2.2 for more information on use of these data elements.

10.3 GENERATE APPLICATION CRYPTOGRAM (AC) Command

The terminal uses the GENERATE APPLICATION CRYPTOGRAM (AC) command to request a Triple DES application cryptogram from the card.

The P1 parameter of the command indicates the cryptogram type being requested and whether the cryptogram is eligible for CDA. EMV Book 3, Table 12, shows the coding of this parameter. The data portion of the command contains the terminal data objects requested in the CDOL1, which was received from the card during Read Application Data.

The card processes the GENERATE AC command and returns the command response during Card Action Analysis (described in Chapter 11).

Table 10-2: Terminal Action Analysis—Terminal Data

Data Element Description

Terminal Action Codes (TACs) The TACs are three data elements each consisting of a series of bits corresponding to the bits in the Terminal Verification Results (TVR). Similar to the card’s IACs, the TAC bits are set to 1b if the corresponding TVR bit is to result in the action specified by the TAC. These actions are decline offline, go online for an authorization, and decline offline if the online authorization is unable to complete. The Visa-required TAC values are listed in the Visa Transaction Acceptance Device Requirements.

Terminal Data Elements The terminal data elements specified in the CDOL1 or TDOL from the card are included in the GENERATE AC command.

Visa Integrated Circuit Card Specification (VIS) 10 Terminal Action Analysis

Version 1.5 10.4 Processing

10.4 Processing

10.4.1 Review Offline Processing Results

The card performs no processing during the Review Offline Processing step.

The Review Offline Processing Results step of Terminal Action Analysis is performed entirely within the terminal using processing rules called IACs which were received from the card earlier in the transaction and payment system rules from the terminal called TACs.

The terminal may review offline processing results after Terminal Risk Management, or earlier in order to eliminate the need for unnecessary processing. For example, Terminal Action Analysis could be performed after Static Data Authorization (SDA) to eliminate the need for Cardholder Verification when SDA failure results in an offline decline.

During processing the terminal compares bits in the IACs and TACs to the corresponding bits in the Terminal Verification Results (TVR). If corresponding bits in the TVR and the IAC or TAC are both set to 1b, the disposition for the IAC or TAC is used.

Section 10.4.1.1 illustrates how the comparisons work.

10.4.1.1 IAC Usage Example

The issuer wishes to send transactions online if Offline DDA fails or if the PIN Try Limit is exceeded, so the IAC—Online bits from the card are set as below:

The terminal records offline processing results in the TVR. In the following transactions, the application is expired. In Transaction 2, Offline DDA has also failed.