Escolar Documentos
Profissional Documentos
Cultura Documentos
User Guide
Version 2.2 Revision A
31 August 2015
Note:
This document is not part of the Visa Rules. In the event of any conflict between any
content in this document, any document referenced herein, any exhibit to this document, or any
communications concerning this document, and any content in the Visa Rules, the Visa Rules shall
govern and control.
Contents
Contents
Contactless Device Evaluation Toolkit (CDET) User Guide Introduction ........................................................ 5
Introduction ................................................................................................................................................................................ 5
Contact Information ................................................................................................................................................................. 6
CDET Support Documentation ............................................................................................................................................ 7
Document Revision Log ......................................................................................................................................................... 9
1
2.1.2
2.1.3
2.1.4
2.2 Instructions...................................................................................................................................................................... 19
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
31 August 2015
Visa Confidential
Contents
2.2.7
2.2.8
2.2.9
Additional Toolkits................................................................................................................................................ 22
ii
Visa Confidential
31 August 2015
Tables
Tables
Table 1:
Table 22:
Table 23:
Table 21:
Table A1:
Table B1:
Acronyms ............................................................................................................................................. 59
Table B2:
Glossary ................................................................................................................................................ 62
31 August 2015
Visa Confidential
iii
Tables
Contactless Device Evaluation Toolkit - User Guide (Version 2.2 - Revision A)
iv
Visa Confidential
31 August 2015
Contact Information
Disclaimer
Introduction
The Visa Contactless Payment Specification (VCPS) was developed as a platform to support globally
interoperable contactless chip programs. It facilitates the creation of payment technologies that provide
Visa payWave issuing clients with the flexibility to customize their contactless chip programs to meet
local market needs while gaining the benefits of global interoperability. The specification also provides
additional security options and enables enhanced performance for faster transaction processing.
To ensure that Visa payWave acceptance devices deployed by acquiring clients do not contribute to
interoperability issues, Visa has developed the Visa Contactless Device Evaluation Toolkit (CDET) - a set
of test cards, an accompanying user guide (this document) and a card profile definitions document.
CDET is designed to allow Visa payWave acquiring clients and their technical support providers to
validate correct configuration of their Visa payWave acceptance devices. The Toolkit may also be used
to assist Visa payWave reader developers and systems integrators with development and integration
testing and to ensure that Visa requirements for card acceptance devices are being met.
Oftentimes, cards issued in one country or region may experience acceptance problems when used in
other countries and regions, even though both the card and reader were fully tested and approved by
the payment schemes accredited testing laboratory. These issues may be the result of incorrect device
configuration, inadequate integration testing or misunderstandings about payment schemes rules and
requirements.
In addition to ensuring Visa payWave card acceptance globally, the CDET also enables user interface
testing of payment terminals. This step is necessary to confirm that correct user prompts, error
messages, application selection menus and PIN Entry messaging are being appropriately applied and
readily comprehensible to the cardholder and merchant.
31 August 2015
Visa Confidential
Contact Information
For more information on the CDET, contact your Visa representative using the following email
addresses according to your geographical location:
Visa Inc.:
-
Canada
Latin America
Visa Europe:
-
Since Visa Europe offers the Visa payWave Test Tool (VpTT) as an alternative to CDET, users in
Europe should contact: ADVTK_EU@visa.com
Visa Confidential
31 August 2015
Document Name
Visa Contactless Device
Evaluation Toolkit (CDET) User
Guide (This Document)
31 August 2015
Description
This document provides:
Test cases
Visa Confidential
Audience
This document is primarily
intended for users of the CDET,
including acquirers, processors,
merchants, and third party
service providers on behalf of
acquirers.
Disclaimer
The Visa Contactless Device Evaluation Toolkit provides a means for a Visa payWave acquiring client (or
agent) implementing a contactless chip program to test its card acceptance device prior to deployment.
The Visa Contactless Device Evaluation Toolkit described herein includes test cards, a user guide and
card profiles document, specifically for use with Visa payWave contactless readers that are compliant to
the Visa Contactless Payment Specifications (VCPS). The Toolkit is designed to assist Visa payWave
acquiring clients and their merchants perform tests that help to minimize card acceptance problems.
Systems Integrators and Visa payWave acceptance device vendors can also benefit from the use of the
Toolkit, as it provides a tool to assist them during development or integration of VCPS-compliant
readers.
The tests prescribed in the user guide do not supersede the requirement for readers to undergo type
approval testing at a Visa accredited laboratory. Visa reserves the right to add or remove tests and test
requirements in the Toolkit at any time and in its sole discretion.
Visa does not warrant the Toolkit or any Toolkit test results for any purpose whatsoever, and expressly
disclaims any and all warranties of merchantability, fitness for purposes, or non-infringement of third
party intellectual property rights. No vendor or other third party may refer to a product, service or
facility as Visa-approved, nor otherwise state or imply that Visa has, in whole or part, approved any
aspect of a vendor or its products, services or facilities, except to the extent and subject to the terms
and restrictions expressly set forth in a written agreement with Visa or in an approval letter provided by
Visa. All other references to Visa approval are strictly prohibited by Visa.
All references to Visa operating regulations in this document are deemed to be references to both Visa
International Operating Regulations and/or Visa Europe Operating Regulations, as appropriate.
Visa Confidential
31 August 2015
Date
August 01, 2015
Changes / Updates
V2.2 Revision A
August 31 , 2015
31 August 2015
Visa Confidential
This section provides an overview of the Contactless Device Evaluation Toolkit (CDET) User Guide (this
document).
1.1
Objective
The objective of this document and its corresponding test cards is to provide Visa payWave acquiring
clients, merchants, system integrators and vendors with a Toolkit to confirm that their reader can
accept Visa payWave cards during the reader development, deployment and update stages of the
program.
1.2
Audience
Visa payWave acquiring clients - deploying readers in support of Visa payWave acceptance
programs.
Visa payWave merchants working with Visa payWave acquiring clients to deploying readers in
support of Visa payWave card acceptance.
Note: In some areas, integrators are also referred to as Value-added Resellers (VARs).
Visa payWave reader vendors - developing VCPS-compliant reader in support of Visa payWave
acceptance programs.
This document should not be shared with or distributed to any other parties.
1.3
Document Organization
10
Visa Confidential
31 August 2015
Document Organization
Chapter
Description
31 August 2015
Objective
Regional Requirement
Business Justification
Pre-requisite
Document Reference
Visa Confidential
11
Description
1.4
CDET Components
Test Cards or Test Card SimulatorsCards or simulators personalized with specific settings that
are intended to identify incorrectly coded or configured chip card acceptance devices.
DocumentationTwo documents:
1.5
CDET Card Profiles Definitions (Separate Document)A document that outlines the card
personalization requirements for each test card that can be used by card personalization
bureaus and card simulator vendors to personalize the physical test cards or to develop
simulated test card scripts.
CDET Users Guide (This Document)A document that outlines each test case, a description
of the test card to be used with each test case, and the expected test results. This document is
used by the acquirer or acquirers agent to perform testing.
Related Documents
This section lists documents that may be read and/or referred to in conjunction with this document:
Transaction Acceptance Device Guide (TADG)Requirements and Best Practices (latest version)
1.6
CDET Usage
CDET should be utilized to ensure that Visa payWave readers being deployed have been correctly
configured. It is expected that each applicable test case will be performed to gain the full benefits of
the Toolkit.
If a CDET test result does not meet the expected outcome of the test, it is anticipated that the acquirer
will work with their reader supplier or system integrator to resolve the issue. The acquirer must
continue to work with their technical support service provider until the issue is resolved and the result
complies with the expected outcome.
12
Visa Confidential
31 August 2015
31 August 2015
Visa Confidential
13
1.6.1
In regions where the use of CDET has been mandated, it must always be used in the following
cases. Where CDETs use remains optional, it is strongly recommended to be used in these cases:
Prior to deployment of a new Visa payWave reader for a new or existing Visa payWave program
The payment component of the terminal application, affecting Visa payWave processing
o
o
o
Language Support
The telecommunications method (e.g. upgrade from dial-up to high-speed)
Supported Currency Code/Country Code
Note: It is possible to have families of devices which are identical from a payments perspective.
Here a new model is taken to mean a change which may affect card acceptance. This includes the
user interface presented to either the cardholder or merchant.
Following upgrades or modifications to the reader to terminal interface or acquirer host systems
which could affect the transmission of chip data.
Addition of a new peripheral device requiring changes to the existing code, e.g. a new printer or
cash dispenser module.
14
Visa Confidential
31 August 2015
1.7
The Contactless Device Evaluation Toolkit may be expanded in the future to include additional device
and/or online transaction processing tests.
On release of a new version of the Toolkit, a six-month grace period will be granted to users prior the
requirement to upgrade to the latest version. During this grace period, testing will still be allowed with
the CDET version just prior to the new release. However, on expiration of the grace period, users will
be required to upgrade to the latest version. In cases where CDET use is mandated, results from earlier
versions of the Toolkit will no longer be accepted.
1.8
Device vendors are also recommended to use the Toolkit during the reader development phase. This
will help to ensure that these devices are capable of accepting a selection of diversely configured Visa
payWave cards.
Table 12: Scope of ADVT Testing
Within Scope
Outside of Scope
Explanation
Device testing
Acquirer host
certification
Complement to
Visa/EMV Level 2
device testing
31 August 2015
Replacement of
Visa/EMV Level 2 device
testing
Visa Confidential
15
1.9
Visa, in alignment with the five other EMVCo payment systems, has agreed upon compliance with the
recently published EMVCo Brand-aligned Terminal Integration Testing Framework for its terminal
integration toolkits. This Framework was developed by the EMVCo Terminal Integration Task Force
(TITF) - established by EMVCo in September 2013 for the purpose of examining the various payment
systems (Brands) testing processes for the integration of EMV contact and contactless acceptance
devices into their payment environments. The Framework defines the areas within the respective
payment systems integration testing processes where agreement was reached on aligning of key
elements, along with a plan for implementation.
The main impact of the TITF Framework on Visas CDET testing process, specifically as being
introduced in this version of the User Guide, will be on the Test Case definitions in Section 3. Within
the section, the Test Plan format has been updated to comply the Framework guidelines.
For more information on the EMVCo Terminal Integration Task Forces (TITF) efforts or to download a
copy of the Framework document, please visit the EMVCo website as follows:
http://www.emvco.com/approvals.aspx?id=272
16
Visa Confidential
31 August 2015
31 August 2015
Visa Confidential
17
This chapter provides an introduction to the CDET test cases. It includes pre-requisite information for
testing, including instructions for each test case and a summary of all test cases included in this
version of the toolkit.
2.1
Pre-requisites
Prior to running the CDET test cases, acquirers must ensure that the prerequisites in this section are
fulfilled.
2.1.1
Reader Capabilities
Before beginning any of the tests, it is important to understand the capabilities of your contactless
reader. This will help you ensure you are performing the tests correctly for your specific device.
VCPS PathDetermine if the reader supports either the Magnetic Stripe Data (MSD), Quick
Visa Smart Debit/Credit (qVSDC) paths, or both.
The capabilities of the contactless acceptance device are indicated within its Terminal Transaction
Qualifier (TTQ) data element.
2.1.2
Readers that support Offline Data Authentication must be configured with the Visa CA Test Public Key
while the Toolkit is being used. Details of this test key are located in Appendix A: Visa CA Test Public
Keys for qVSDC Offline.
Note: Prior to production deployment, the Visa CA Test Public Key must be removed from readers
and replaced with the production Visa CA Public Keys.
2.1.3
18
Visa Confidential
31 August 2015
2.1.4
In accordance with the Visa Operating Regulations, all Visa payWave acceptance devices must be
successfully tested by a Visa-accredited laboratory and receive a formal Visa approval, prior to
deployment.
2.2
2.2.1
Instructions
Self-Administered Tool
In the first instance, the CDET is a self-administered tool. Users must work to fix any problems on their
own or work with their technical support teams for resolution. Visa assistance should only be
requested for queries related to Visa payWave acceptance policy, rules or best practices or to provide
consultation on the interpreting results.
2.2.2
For readers being initially deployed, the intent is for acquirers to run each applicable test and make
modifications to the reader configuration until the reader meets the expected outcome of the test.
Acquirers should run these tests on each reader type as well as each reader hardware and/or software
configuration. After running all tests and making the appropriate reader configuration modifications,
acquirers in regions where CDET is mandated should submit their results to Visa.
2.2.3
If Visa or the acquiring client suspects a Visa payWave acceptance problem at a reader that has
already been deployed, it is recommended that all applicable tests specified in the CDET be performed
to assist with analysis.
2.2.4
Changes to Reader
If changes are made the configuration of an already deployed reader, it is recommended that the
acquiring client re-run all applicable CDET tests, to provide a level of confidence in the changes made.
2.2.5
31 August 2015
Visa Confidential
19
There is a difference between a declined transaction response and an error message. In some
situations, a declined response on the reader may be acceptable to a test case. However, error
message responses, where the reader is unable to complete the transaction, are generally
unacceptable and can indicate a problem with the reader or its setting/configuration. Testers should
not necessarily be alarmed by a declined response (as long as a declined response is acceptable in the
Expected Results section of the test case). However, error messages (such as Card Not Read or the
equivalent) must be investigated.
2.2.6
Users must execute the test cases using the test cards provided. For simplicity, a single test card is
used for each test case, and in all cases the test card number corresponds with the test case number
(e.g., for Test Case 1, the tester will use Test Card 1).
2.2.7
2.2.7.1
Online Testing
General
In the Test Cases section, tests are now designated as Online Applicable. When an Online transaction
is performed, the transaction must be sent online to VCMS or a Visa-confirmed, third-party supplied
host simulator for validation of the Authorization Request Cryptogram (ARQC) and/or the CVV (dCVV
or iCVV) data.
2.2.7.2
Visa Acquirers
Visa Acquirers are required to perform online testing by connecting their reader/terminal to their test
host system and generating transactions through to the VisaNet Certification Management Service
(VCMS), or a Visa-confirmed third party supplied test host which mimics VCMS. Each test card is
configured with test Data Encryption Standard (DES) keys that is also set up within VCMS, allowing it
to validate and generate the online cryptograms. Successful validation of the cryptogram by VCMS
helps to ensure that all the components involved in the online transaction are correctly coded and
integrated.
For the online tests, card authentication (the validation of the Authorization Request Cryptogram or
dCVV/iCVV) shall be performed and must be successful (unless otherwise noted in the test case).
NOTE: Access to the VisaNet Certification Management Service is provided to Visa Clients only.
2.2.8
Compliance Reporting
In regions where the use of CDET has been mandated, once acquirers have completed the applicable
test cases, they will need to provide evidence of CDET compliance by reporting their results.
20
Visa Confidential
31 August 2015
2.2.8.1
The Chip Compliance Reporting Tool (CCRT) was developed by Visa to provide acquirers with a more
convenient means of completing their compliance requirements, such as the submission of CDET
results following testing. As a web-based, user-friendly solution, CCRT was designed as an improved
alternative to the manual methods previously used for submission of Toolkit test results. With CCRT,
chip acquirers or their designated processors can complete and submit the mandatory compliance
reports via a globally automated online system.
Hosted on Visa Online (VOL), CCRT is designed in accordance with Visas three-tier architectural
requirements and provides a high-level of application and data security.
CCRT allows users to:
Reducing potential for errors in manual entry by guiding users to choose from applicable
options and providing mandatory information requirements
Allowing the "re-use" of reports as a starting point for new reporting, reducing time spent
completing the reports
Supporting online status review and automated management of reports submitted to Visa,
expediting communication between Visa and clients
Enables the direct importation of CDET validation results performed with PC-based card
simulators
Acquiring clients already enrolled for VOL services may request entitlement to CCRT from their VOL
support representative. Those not yet enrolled, must first request VOL enrollment before being able to
be entitled to CCRT access.
The link for VOL enrollment is as follows: https://www.visaonline.com/
31 August 2015
Visa Confidential
21
For more details on CCRT please contact your local Visa Representative.
2.2.9
Additional Toolkits
Users may obtain additional Toolkits from the Visa-designated fulfillment service. Please contact your
Visa representative for details.
2.3
This section provides a brief description of each test card currently included in this version of the
Toolkit.
Table 21: Test Case Summary
Test Card
Number
Mandatory vs.
Conditional (M/C)
Online Applicable
(Y/N)
10
11
12
13
14
22
Visa Confidential
31 August 2015
31 August 2015
Visa Confidential
Mandatory vs.
Conditional (M/C)
Online Applicable
(Y/N)
23
24
Visa Confidential
31 August 2015
Regional Requirementwhether the test applies to all regions or is specific to sub-set of regions.
(Currently, all of the tests apply to all regions).
Applicable Terminal Device Typeindicates the device type that needs to be tested.
Test CardA number used to uniquely identify the test card required to execute the test. There is
a one-to-one correlation between the Test Case Number and the Test Card Number
(i.e., Test Case 1 uses Test Card 1).
Document ReferenceReferences to the specification or rule that acquirers may refer to for
background information on the test. This information is especially important in the event that the
test fails.
31 August 2015
Visa Confidential
25
3.1
Objective:
Dual Interface
o
MSD supports:
CVN 17
qVSDC supports:
DDA
CVN = 10
Regional
Requirement:
Business
Justification:
Pre-requisite:
Applicable
Terminal Device
Type:
POS
Applicable
Terminal Interface:
Contact
Test Card:
26
ATM
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
MPOS
Contactless
Visa Confidential
31 August 2015
(if available)
applicable)
Document
Reference:
Pass Criteria/User
Validation
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction may either be sent online and approved by the Visa Certification
Management Service (VCMS) or approved Offline by the reader.
Visa Confidential
27
3.2
Objective:
Dual Interface
o
MSD supports:
CVN 17
qVSDC supports:
DDA
CVN = 10
Regional
Requirement:
Business
Justification:
Pre-requisite:
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
28
ATM
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
MPOS
Contactless
Visa Confidential
31 August 2015
Document
Reference:
Pass Criteria/User
Validation
Card-to-Terminal Interaction
Log (if available)
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction may either be sent online and approved by the Visa Certification
Management Service (VCMS) or approved Offline by the reader.
Visa Confidential
29
3.3
Test Case 3: Card with a 16-byte ADF Name and other Features
Objective:
To ensure acceptance of a card with a 16-byte ADF Name, and the following additional
features.
Regional
Requirement:
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with various unique features included.
Pre-requisite:
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
Test Evidence to be
Submitted:
Document
Reference:
30
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
Visa Confidential
31 August 2015
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction may either be sent online and approved by the Visa Certification
Management Service (VCMS) or approved Offline by the reader.
Visa Confidential
31
3.4
Test Case 4: Card with additional Data in the GPO Response and
with no Cardholder Name
Multi-application card with additional data in the GPO Response and with no Cardholder
Name
Objective:
To ensure acceptance of a Multi-application card with additional data in the GPO Response
and No Cardholder Name. Card features include:
MSD supports:
CVN 17
qVSDC supports:
DDA
CVN = 10
Visa Credit = A0 00 00 00 03 10 10 01
Visa Debit = A0 00 00 00 03 10 10 02
Regional
Requirement:
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with some unique features included.
With the card containing two applications (Visa Credit and Visa Debit), both requiring
Cardholder Confirmation, and Visa payWave contactless Readers not supporting this
feature, the intent of this test case is to ensure that the Reader correctly disregards these
settings.
32
Visa Confidential
31 August 2015
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
Test Evidence to be
Submitted:
Document
Reference:
Pass Criteria/User
Validation
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
Applications should not be displayed to the cardholder for confirmation. The Visa
Credit application should be selected for processing.
31 August 2015
The transaction may either be sent online and approved by the Visa Certification
Management Service (VCMS) or approved Offline by the reader.
Applications should not be displayed to the cardholder for confirmation. The Visa
Credit application should be selected for processing.
Visa Confidential
33
3.5
Test Case 5: Card that returns additional Data in the Select PPSE
Response and containing other unique features.
Card that returns additional Data in the Select PPSE Response and containing other unique
features.
Objective:
MSD supports:
CVN 17
qVSDC supports:
DDA
CVN = 10
Regional
Requirement:
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with specific features included.
Pre-requisite:
Applicable Terminal
Device Type:
34
POS
ATM
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
MPOS
Visa Confidential
31 August 2015
Contact
Test Card:
Test Evidence to be
Submitted:
Document
Reference:
Pass Criteria/User
Validation
Contactless
Card-to-Terminal
Interaction Log (if available)
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction may either be sent online and approved by the Visa Certification
Management Service (VCMS) or approved Offline by the reader.
Visa Confidential
35
3.6
Objective:
To ensure acceptance of a qVSDC-only card with 19-digit PAN and CVN 18.
qVSDC supports:
DDA
CVN = 18
Regional
Requirement:
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with specific features included.
Pre-requisite:
qVSDC only
qVSDC
qVSDC
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
Test Evidence to be
Submitted:
36
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
Visa Confidential
31 August 2015
Pass Criteria/User
Validation
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
Visa Confidential
37
3.7
Objective:
MSD supports:
CVN 17
qVSDC supports:
CVN = 10
Regional
Requirement:
Conditional in Regions where CDET use has been mandated (i.e. if the Electron AID is
supported)
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with specific features included.
Pre-requisite:
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
Test Evidence to be
Submitted:
38
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
Visa Confidential
31 August 2015
Pass Criteria/User
Validation
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction should be sent online and approved by the Visa Certification
Management Service (VCMS).
Visa Confidential
39
3.8
Objective:
MSD supports:
CVN 17
qVSDC supports:
CVN = 10
Regional
Requirement:
Conditional in Regions where CDET use has been mandated (i.e. if the Interlink AID is
supported)
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with specific features included.
Pre-requisite:
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
Test Evidence to be
Submitted:
40
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
Visa Confidential
31 August 2015
Pass Criteria/User
Validation
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction should be sent online and approved by the Visa Certification
Management Service (VCMS).
Visa Confidential
41
3.9
Objective:
Contactless-only card
o
MSD supports:
Regional
Requirement:
Conditional in Regions where CDET use has been mandated (i.e. in the Reader is supporting
MSD Legacy only)
Business
Justification:
This card is provided to validate acceptance of a MSD Legacy, Visa payWave card,
compliant to VCPS v1.4.2.
Pre-requisite:
MSD dCVV
MSD dCVV
qVSDC only
MSD dCVV
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
Test Evidence to be
Submitted:
Document
Reference:
42
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
Visa Confidential
31 August 2015
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction should be sent online and approved by the Visa Certification
Management Service (VCMS).
Visa Confidential
43
3.10
10
VMPA Card containing 00 and FF Padding in the GPO and a Read Record Response
Respectively.
Objective:
To ensure acceptance of a card with the VMPA Applet and with 00 and FF Padding in
the GPO and a Read Record Response respectively.
MSD supports:
CVN 17
qVSDC supports:
Regional
Requirement:
Business
Justification:
This card is provided to validate acceptance of the Visa Mobile Payment Application
Version 1.4.1.5 and with specific features included.
Pre-requisite:
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
10
Test Evidence to be
Submitted:
44
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
Visa Confidential
31 August 2015
For the Reader: Visa Contactless Payment Specifications Version 2.1 including
published updates
For the Card: Visa Mobile Contactless Payment Specification (VMCPS) 1.4.1
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
31 August 2015
The transaction should be sent online and be approved by the Visa Certification
Management Service (VCMS).
Visa Confidential
45
3.11
11
Objective:
To ensure acceptance of a card with an IAD length of 23-bytes and an Unrecognized CVN.
MSD supports:
CVN 77 (unrecognized)
qVSDC supports:
CVN = 77 (unrecognized)
Regional
Requirement:
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with specific features included.
Pre-requisite:
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC
qVSDC
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
11
Test Evidence to be
Submitted:
46
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
Visa Confidential
31 August 2015
Pass Criteria/User
Validation
The transaction should be sent online and be declined by the Visa Certification
Management Service (VCMS) as the CVN is unrecognized.
31 August 2015
The transaction should be sent online and declined by the Visa Certification
Management Service (VCMS) as the CVN is unrecognized.
Visa Confidential
47
3.12
Test Case 12: Card with a VMPA Applet that causes a Pre-tap
Test Case 12/Test Card 12 (Mandatory and Applicable to both Online Only and Offline-capable
devices)
Test Case Number:
12
Objective:
To ensure the Reader displays the correct response message and performs the correct
behavior when presented with a card containing the VMPA Applet that causes a Pre-tap.
MSD supports:
CVN 17
qVSDC supports:
Regional
Requirement:
Business
Justification:
Although a standard qVSDC transaction is typically completed with a single tap of the
contactless payment card, the concept of a Pre-Tap is introduced for Mobile consumer
devices. Pre-Tap is defined as the first presentation of the Mobile consumer device to the
contactless payment reader in a situation where some consumer interaction is required to
complete the transaction (e.g. consumer device CVM), and the cardholder has not
completed that interaction prior to presenting the consumer device for payment. After the
consumer interaction has been completed, the consumer device can be re-presented to the
contactless payment reader to perform a 1st Tap payment transaction.
Although the VMPA applet is presented here in ID-1 card form, its intent is to emulate a
consumer device that has experienced an exception condition (i.e. CDCVM is required but
not performed). The intent of this test case is to ensure that the Reader displays the
correct response message to this condition and performs the correct behavior.
Pre-requisite:
48
Pre-tap
Pre-tap
qVSDC only
Pre-tap
Pre-tap
Visa Confidential
31 August 2015
Test Case 12/Test Card 12 (Mandatory and Applicable to both Online Only and Offline-capable
devices)
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
12
Test Evidence to be
Submitted:
Document
Reference:
For the Reader: Visa Contactless Payment Specifications Version 2.1 including
published updates
For the Card: Visa Mobile Contactless Payment Specification (VMCPS) 1.4.1
Pass Criteria/User
Validation
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
The Reader should display a message to the cardholder instructing them to refer
to their payment device for further instructions, briefly power down the contactless
interface before returning to Discovery Processing.
31 August 2015
The Reader should display a message to the cardholder instructing them to refer
to their payment device for further instructions, briefly power down the contactless
interface before returning to Discovery Processing.
Visa Confidential
49
3.13
13
Card with a CTQ indicating an issuer preference to switch to contact interface on ODA
failure.
Objective:
To ensure correct Reader behavior for a card with a CTQ indicating an issuer preference to
switch to contact interface on ODA failure.
MSD supports:
CVN 17
qVSDC supports:
CVN = 10
Regional
Requirement:
Conditional in Regions where CDET use has been mandated (i.e. if the Reader is Offlinecapable and supports ODA)
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with specific features included.
Pre-requisite:
Applicable Terminal
Device Type:
50
POS
ATM
qVSDC only
qVSDC
qVSDC
MPOS
Visa Confidential
31 August 2015
Contact
Test Card:
13
Test Evidence to be
Submitted:
Document
Reference:
Pass Criteria/User
Validation
Contactless
Card-to-Terminal
Interaction Log (if available)
Not Applicable
31 August 2015
The transaction may be sent online and approved by the Visa Certification
Management Service (VCMS).
If ODA is performed, the Reader should indicate that a switch to the contact
interface is required following the ODA failure.
Visa Confidential
51
3.14
14
Objective:
To ensure terminal does not allow the transaction to be completed over another interface,
with a card that declines Transactions.
MSD supports:
CVN 17
qVSDC supports:
CVN = 10
Regional
Requirement:
Business
Justification:
This card is provided to validate acceptance of a Visa payWave card, compliant to the most
recent version of the VCPS specifications and with specific features included.
Pre-requisite:
MSD dCVV
MSD CVN 17
qVSDC only
qVSDC decline
qVSDC decline
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
14
Test Evidence to be
Submitted:
52
ATM
MPOS
Contactless
Card-to-Terminal
Interaction Log (if available)
Visa Confidential
31 August 2015
Pass Criteria/User
Validation
31 August 2015
Visa Confidential
53
3.15
15
Objective:
To ensure correct Reader behavior for a card with inconsistent data, when Offline Data
Authentication is being performed.
MSD supports:
CVN 17
qVSDC supports:
CVN = 10
Regional
Requirement:
Business
Justification:
Pre-requisite:
Applicable Terminal
Device Type:
POS
Applicable Terminal
Interface:
Contact
Test Card:
15
54
ATM
qVSDC only
Transaction terminated
Transaction terminated
MPOS
Contactless
Visa Confidential
31 August 2015
Document
Reference:
Pass Criteria/User
Validation
Card-to-Terminal
Interaction Log (if available)
Not Applicable.
31 August 2015
Visa Confidential
55
56
Visa Confidential
31 August 2015
For devices that support Offline Data Authentication (ODA), this test key must be loaded into the
terminal to support the test cases associated with Offline Data Authentication.
Note: An expiration date has not been defined for test CA Public Key, and it should not be assumed
that a test key has the same expiry date as the live key of the same length. If your Terminal
Management System requires expiry dates to be provided for CAPKs then please set the expiry date
to 31 December 2025 for this test key.
Important: Prior to deployment, this test key must be removed from the terminal and replaced with
the Visa CA production keys.
Value
Registered Application
Provider Identifier (RID)
A0 00 00 00 03
Index
92
Modulus
99 6A F5 6F 56 91 87 D0 92 93 C1 48 10 45 0E D8 EE 33 57 39 7B
18 A2 45 8E FA A9 2D A3 B6 DF 65 14 EC 06 01 95 31 8F D4 3B E9
B8 F0 CC 66 9E 3F 84 40 57 CB DD F8 BD A1 91 BB 64 47 3B C8 DC
9A 73 0D B8 F6 B4 ED E3 92 41 86 FF D9 B8 C7 73 57
89 C2 3A 36 BA 0B 8A F6 53 72 EB 57 EA 5D 89 E7 D1 4E 9C 7B 6B
55 74 60 F1 08 85 DA 16 AC 92 3F 15 AF 37 58 F0 F0 3E BD 3C 5C
2C 94 9C BA 30 6D B4 4E 6A 2C 07 6C 5F 67 E2 81 D7 EF 56 78 5D
C4 D7 59 45 E4 91 F0 19 18 80 0A 9E 2D C6 6F 60 08 05 66 CE 0D
AF 8D 17 EA D4 6A D8 E3 0A 24 7C 9F
Exponent
03
42 9C 95 4A 38 59 CE F9 12 95 F6 63 C9 63 E5 82 ED 6E B2 53
Comments:
The expiration date for certificates issued using Visas 1408-bit Test
CA public key is December 31, 2019.
31 August 2015
Visa Confidential
57
58
Visa Confidential
31 August 2015
This appendix provides a list of acronyms used in this document and in EMV as well as a glossary of
terms.
Table B1: Acronyms
Acronym
Meaning
alpha
AAC
AAR
ADA
ADF
ADVT
AEF
AFL
AID
Application Identifier
AIP
an
alphanumeric
ans
alphanumeric special
APDU
API
ARPC
ARQC
ATC
ATM
AUC
binary
BIN
CA
Certificate Authority
CAM
CAT
CDA
31 August 2015
Visa Confidential
59
60
Acronym
Meaning
CDOL
CID
cn
compressed numeric
CSV
Comma-Separated Values
CVK
CVM
CVR
CVV
DDA
DDF
DDOL
DEA
DES
DGI
DKI
EMV
FCI
GPO
hex.
Hexadecimal
IAC
ICVV
IFM
Interface Module
MCC
MDK
MPOS
N/A
Not Applicable
numeric
PAN
PDOL
PIN
Visa Confidential
31 August 2015
Meaning
PIX
PK
Public Key
PKI
PKI
POS
Point of Sale
PSE
PSTN
PVK
PVV
RFU
RID
RSA
RRN
SAD
SAM
SDA
STIP
Stand-In Processing
TAC
TC
Transaction Certificate
TDOL
TITF
TLV
Tag-Length-Value
TSI
TVR
UAT
UCAT
UDK
var.
variable
VCMS
VIP
31 August 2015
Visa Confidential
61
Meaning
VLP
VMTS
VSDC
VTS
XML
XSD
Definition
Application Protocol
Data Unit (APDU
The communication format used between the chip card and the payment
application on a card acceptance device. This format is defined in ISO specification
7816.
Automated Teller
Machine (ATM)
An unattended device that has electronic capability to send transactions online for
authorization, accepts PINs, and disburses currency.
Card Acceptor
Terminal
See Terminal.
Card/Terminal Log
A capture of the interaction between the card/card simulator and the device.
Typically provided in Application Protocol Data Unit (APDU) format.
Card/Terminal Log
Validation
Cardholder Activated
Device
Certification
Chip-Capable
Chip-Enabled
For chip cards, this describes the state in which the card has already been
personalized with both cardholder and Brand-specific data in preparation for use.
For terminals, this describes the state in which the terminal has already been
equipped with a chip reader/writer and has been configured with Brand-specific
data and is ready for use in accepting chip cards.
62
Visa Confidential
31 August 2015
Definition
Comma-Separated
Values (CSV)
A format that stores tabular data (numbers and text) in plain-text form (i.e. a
sequence of characters, with no data that has to be interpreted instead, as binary
numbers). A CSV file consists of any number of records, separated by line breaks of
some kind; each record consists of fields, separated by some other character or
string, most commonly a literal comma or tab. Usually, all records have an identical
sequence of fields.
Contact Transaction
An interaction between a chip application and a device using the physical electrical
interface, as defined in [EMV Book 1].
Contactless
Transaction
An interaction between a chip application and a device using the radio frequency
wireless interface, as defined in [EMV CL].
Customer Activated
Terminal (CAT)
EMV Specifications
Host Authorization
Message
A description of the transaction message initiated from the device and sent online
via the acquirer and network to the issuer, processor, or Brand for transaction
authorization.
Host Authorization
Message Validation
Implement
Interoperability
The ability of all card acceptance devices to accept and read all chip cards that are
properly coded and personalized.
Kernel
EMV definition for the set of functions required to be present on every terminal
implementing a specific interpreter. The kernel contains device drivers, interface
routines, security and control functions, and the software for translating from the
virtual machine language to the language used by the real machine. In other words,
the kernel is the implementation of the virtual machine on the real machine.
Limited Amount
Device
An unattended device that has data capture-only capability, and accepts payment
for items such as parking garage fees, road tolls, etc.
31 August 2015
Visa Confidential
63
64
Definition
Offline-Capable
A transaction acceptance device that has the ability to process the transaction
offline for card authentication and authorizations.
Offline-Only
A transaction acceptance device that is only able to process the transaction offline
for card authentication and authorizations.
Online-Capable
Online-Only
A transaction acceptance device that requires that all transactions be sent online
for authorization.
A manual procedure in which the merchant uses a device key pad to enter the PAN
embossed on a card in order to process a transaction.
Pass Criteria
A Test Plan-defined field that describes an expected result for a successful outcome
or conclusion of a test case.
The file (in CSV format) that embeds the Brand-defined pass criteria for each test
case.
Personalization
For chip cards, the process of applying both cardholder and Brand-specific data to
the card in preparation for its use.
Point of Sale
Point-of-Sale Device
Terminal
The device used in conjunction with the chip card at the point of transaction to
perform a financial transaction. The terminal incorporates the interface device and
may also include other components and interfaces such as host communications.
Terminal
Configuration
A description of the features and parameters on the acceptance device under test.
For example, it might include the EMV-defined terminal types, supported interfaces,
etc.
Terminal Integration
Testing
Terminal Integration
Task Force (TITF)
Task Force established by EMVCo in 2013 with the purpose of examining each of
the Brands terminal integration processes, in order to determine the possibilities of
aligning key elements of these processes.
Test Case
A Test Plan-defined description of the name associated with a specific test case.
Visa Confidential
31 August 2015
Definition
Test Plan
A Brand-developed and managed set of test criteria that defines the requirement
for terminal integration or host message testing. This may either take the form of a
textual document or a machine-readable file.
Test Procedure
Test Tool
Confirmation
The process undertaken by each Brand to provide themselves, tool vendors, and
clients will a level of assurance that the tools being used by clients to execute
terminal integration testing will do so in compliance with Brand requirements.
Process is also referred to as Test Tool Qualification.
Test Tool
Qualification
The process undertaken by each Brand to provide themselves, tool vendors, and
clients will a level of assurance that the tools being used by clients to execute
terminal integration testing will do so in compliance with Brand requirements.
Process is also referred to as Test Tool Confirmation.
Transaction
Completion
Unattended
Cardholder Activated
Terminal (UCAT)
User Validation
Extensible Mark-up
Language (XML)
A mark-up language that defines a set of rules for encoding documents in a format
that is both human-readable and machine-readable.
31 August 2015
Visa Confidential
65