6.5 Processing restrictions


6.5 Processing restrictions

The terminal carries out this stage by itself. The card is only a carrier of the information involved in the processing. The aim of the processing restrictions is to determine the degree of compatibility between the EMV ¢ debit/credit application in the card and in the terminal, and to make any necessary adjustments, including the rejection of the transaction. This stage can be performed any time after the completion of the read application data stage and before the completion of the terminal action analysis stage.

Three criteria are considered for judging the compatibility of the card application and the terminal application:

  1. Application Version Number;

  2. Application usage control;

  3. Application effective/expiration dates checking.

6.5.1 Application Version Number

The payment system assigns version numbers on 2 bytes to both the card application [in the Application Version Number (tag 9F08) data object stored in the card] and to the terminal application [in the Application Version Number (tag 9F09) data object stored in the terminal]. The encoding of these numbers is proprietary to the payment system.

The terminal establishes the compatibility of version numbers as follows :

  • Search for the data object with tag 9F08 in the EMV ¢ data objects heap.

  • If the object is not found, assume by default that the card and terminal application versions are compatible. Continue processing as indicated in Section 6.5.2.

  • Otherwise, compare the value fields of the data objects with tag 9F08 and with tag 9F09.

    • If these values are different, set to 1 the bit 8, "ICC and terminal have different versions", in byte 2 of the TVR.

    • Continue processing as indicated in Section 6.5.2.

6.5.2 Application usage control

The issuer encodes the restrictions concerning the geographic usage and services allowed for the EMV ¢ card application in the Application Usage Control data object (tag 9F07). This data object is not mandatory to be personalized in the card. The meaning of the bits in the Application Usage Control is presented below:

  • Bit 8 = 1, Byte 1: Valid for domestic cash transactions;

  • Bit 7 = 1, Byte 1: Valid for international cash transactions;

  • Bit 6 = 1, Byte 1: Valid for domestic goods;

  • Bit 5 = 1, Byte 1: Valid for international goods;

  • Bit 4 = 1, Byte 1: Valid for domestic services;

  • Bit 3 = 1, Byte 1: Valid for international services;

  • Bit 2 = 1, Byte 1: Valid at ATMs;

  • Bit 1 = 1, Byte 1: Valid at terminals other than ATMs;

  • Bit 8 = 1, Byte 2: Domestic cashback allowed;

  • Bit 7 = 1, Byte 2: International cashback allowed;

  • Bit 6 · Bit 1, Byte 2: RFU.

A cashback transaction is a combination of a purchase transaction of goods or services and a cash transaction, for which the total amount that must be authorized with the issuer is the sum between the Amount, Authorized and the Amount, Other. The Amount, Authorized represents the amount due for the goods or services, while the Amount, Other refers to the amount of cash that the cardholder would like to withdraw directly from the store attendant.

To perform the verification of the geographical usage and service restrictions, the terminal needs the following data objects:

  • Terminal Type (tag 9F35 in the terminal): This encodes in 1 byte the category of the terminal, which depends on three features:

    1. Environment: attended/unattended (by an operator at the point of service);

    2. Communication: on-line-only/off-line with on-line capability/ off-line-only;

    3. Operation control: financial institution/merchant/cardholder.

    Note that the encoding of the Terminal Type is provided in the Annex A1 of Book 4 [3].

  • Additional Terminal Capabilities (tag 9F40 in the terminal): This encodes on 5 bytes the data input and output capabilities of the terminal (see Annex A3 in Book 4 [3]). The first 2 bytes of its value field indicate the Transaction Type capability, which indicates the transaction type a terminal can support: cash, goods, services, inquiry, transfer, payment, and administrative.

    Note that the two data objects described above are used to discriminate between ATM and non-ATM terminals, as follows:

    • A terminal is an ATM terminal if the value field of the Terminal Type is 14h, 15h, or 16h, and bit 8 ("Cash"), of byte 1 of the Additional Terminal Capabilities is set to 1 (i.e., the terminal has the cash disbursement capability).

    • Any other terminal that does not respect the aforementioned condition is not an ATM terminal.

  • Transaction Type (tag 9C in the terminal): This indicates the type of financial transaction that is actually accepted by the terminal application. The first two digits of the processing code data element (i.e., cash transaction, purchase of goods, and purchase of services), according to ISO: 8583:1993 [4], represents the transaction type. The value field of this data objects is denoted V1 in the remainder of this section.

  • Issuer Country Code (tag 5F28 in the card): This indicates on 2 bytes the country code of the issuer, according to the ISO 3166 [5]. The value field of this data object is denoted V2 in the remainder of this section.

  • Terminal Country Code (tag 9F1A in the terminal): This indicates on 2 bytes the country code of the terminal, according to the ISO 3166 [5]. The value field of this data objects is denoted V3 in the remainder of this section.

  • Amount, Other [tag 9F04 (binary format), tag 9F03 (numeric format) in the terminal]: This indicates a secondary amount associated with a purchase of goods or purchase of services transaction, representing a cashback amount.

The algorithm that performs the verification of the geographical usage and service restrictions is given below.

 If Application Usage Control (AUC) is present in the EMV heap
    If Terminal Type = ATM Terminal
        Check that bit 2 ("Valid at ATMs") equals 1 in byte
        1 of the AUC.
    If Terminal Type   ATM Terminal
        Check that bit 1 ("Valid at terminals other than
        ATMs") equals 1 in byte 1 of the AUC.
    If Issuer Country Code is present in the EMV heap
        If  V1  = "Cash Transaction" (01 =  Debits/Cash  , 17-19
        = Debits/  Cash advance with credit cards  )
            If  V2 = V3  Check that bit 8 ("Valid for domestic cash
                transactions") equals 1 in byte 1 of the AUC.
            If  V2     V3  Check that bit 7 ("Valid for international
                cash transactions") equals 1 in byte 1 of the AUC.
        If  V1  = "Purchase of Goods" (00 =  Debits/Goods and
        Services  )
            If  V2 = V3  Check that bit 6 ("Valid for domestic goods")
                equals 1 in byte 1 of the AUC.
            If  V2     V3  Check that bit 5 ("Valid for international
                goods") equals 1 in byte 1 of the AUC.
        If  V1  = "Purchase of services" (00 =  Debits/Goods and
        Services  )
            If  V2 = V3  Check that bit 4 ("Valid for domestic
                services") equals 1 in byte 1 of the AUC.
            If  V2     V3  Check that bit 3 ("Valid for international
                services") equals 1 in byte 1 of the AUC.
        If  V1  = "Purchase of goods/services" (00 =  Debits/
        Goods and Services  ) and Amount, Other is present in
        the EMV data objects heap
            If  V2 = V3  Check that bit 8 ("Domestic cashback allowed")
                equals 1 in byte 2 of the AUC.
            If  V2     V3  Check that bit 7 ("International cashback
                allowed") equals 1 in byte 2 of the AUC. 

If any of the verifications specified above fail, set to 1 bit 5, "Requested service not allowed for card product", in byte 2 of the TVR. Continue processing as indicated in Section 6.5.3.

6.5.3 Application effective/expiration dates checking

If the terminal retrieves the Application Effective Date (tag 5F25) from the EMV ¢ heap, it checks whether the current date is greater than or equal to the application effective date. If not, the terminal sets to 1 bit 6, "Application not yet effective", in byte 2 of the TVR.

If the terminal retrieves the Application Expiration Date (tag 5F24) from the EMV ¢ heap, it checks whether the current date is less than or equal to the Application Expiration Date. If not, the terminal sets to 1 bit 7, "Expired application", in byte 2 of the TVR.