Professional Documents
Culture Documents
html
Cookies improve how our website works and how it is used, so that we can continue to improve the site. For more information see our cookie policy.
By using this website you are agreeing to our use of cookies.
Answer To Reset ATR The ATR is the response from the card when it is reset
during Card Detection and Reset, and specifies how the Send
terminal must interface with the card, including which
transmission protocol will be used to send and
receive APDU between the terminal and the card.
Application File Locator AFL The AFL is a list of application data records present on
the card, and the terminal will use the AFL to Read
EMV Level 1
Application Data from the card. The AFL will also
Add EMV Level 1 functionality to embedded
indicate which, if any, of the data records should be
systems. Read more [+]
used by the terminal as part of the input to the data
authentication process.
EMV Kernel for Windows
Simple and rapid way of adding EMV Level 2
Application Identifier AID An AID is used to uniquely identify
functionality to payment applications within the
each EMV application that a terminal supports, and
Windows environment. Read More [+]
every AID has an associated card scheme and
parameters relating to how the application needs to be
EMV for Embedded Systems
processed. A terminal may contain any number of such
Add card support to payment applications
applications, and the list of each supported AID is used
independent of device manufacturers. Read
during Candidate List Creation to generate a list of
More [+]
applications that are mutually supported by both the
terminal and the card.
EMV Technology for Java
Add EMV Level 2 functionality to Java based
Every AID is formed by the concatenation of a RID and
payment applications. Read More [+]
a PIX (the PIX is optional, but is normally present).
1 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
Application Protocol Data APDU An APDU is a data unit transferred between the terminal
Unit and card. Any exchange of data is started by the
terminal sending a Command-APDU, to which the card
will reply with a Response-APDU.
Every EMV transaction will consist of multiple APDU
exchanges to read the data from the card and perform
the necessary processing steps.
Application Selection ASI Each AID supported in the terminal has an associated
Indicator Application Selection Indicator. During candidate
list creation, if the AID matches an application on the
card but the card's application name is longer than that
of the AID, the terminal may only add the application to
the candidate list if the Application Selection Indicator is
set for that AID.
Application Usage Control AUC The Application Usage Control specifies any restrictions
that may apply to the card that prevent the card from
being used for certain types of transaction (e.g. cash-
back) domestically or internationally, or at certain types
of terminals (e.g. ATMs). The terminal will apply these
checks during Processing Restrictions.
Authorization Response ARC The ARC is a value that is returned from the card issuer
Code during online processing, or is generated by the terminal
in the event that the terminal makes a decision as to the
final transaction outcome during Terminal Action
Analysis. The value of the ARC indicates to the card
whether the transaction was authorized or declined, and
which entity made that decision. The card may still
choose to override this result during Card Action
Analysis.
Basic Encoding Rules - Tag BER-TLV, Most data processed during an EMV transaction is
Length Value TLV encoded according to BER-TLV, as defined in the
international standard ISO/IEC 8825-1. Each TLV data
object consists of:
A tag, which is used to uniquely identify the data object
from the list of tags defined in EMV. All tags currently
defined in the EMV specification are encoded over
either 1 or 2 bytes (although cards may also contain
proprietary data objects that can theoretically be
longer).
2 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
tag.
Candidate List Creation The terminal has a list containing the Application
Identifier (AID) of every EMV application that it is
configured to support, and the terminal must generate a
candidate list of applications that are supported by both
the terminal and card. The terminal may attempt to
obtain a directory listing of all card applications from the
card's PSE. If this is not supported or fails to find a
match, the terminal must iterate through its AID list
asking the card whether it supports each individual AID.
Card Action Analysis During Card Action Analysis, the terminal will issue a
command to the card requesting that it generates
an Application Cryptogram for the transaction. Based
upon the type of cryptogram requested by the terminal,
and the result of any additional risk analysis that the
card chooses to perform, the card will decide what type
of cryptogram to generate, subject to certain logic rules
(e.g. the card is not permitted to request offline
acceptance of the transaction if the terminal requested
an online authorization).
Card Detection and Reset Card detection and reset needs to be performed by the
card interface functions specific to the hardware device
being used. When a card is reset, it will respond with
an Answer To Reset (ATR) that specifies how the
terminal must interface with the card.
Card Risk Management CDOL A CDOL is a list of data that the card requires
Data Object List during Card Action Analysis, and there are 2 different
CDOL that may be required during the course of a
transaction. CDOL1 is used during the first card action
analysis, and if a second card action analysis is
required then CDOL2 is used.
Cardholder Verification Cardholder verification checks that the person using the
card is the cardholder. The card contains a list
of cardholder verification methods that it supports, and
the conditions under which they should be applied. The
terminal must navigate through this list and attempt the
first method it finds for which the condition is met. If a
method fails, the terminal must check whether additional
methods are allowed.
For example, a list might contain:
3 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
Cardholder Verification CVM A CVM is a means of checking that the user of a card is
Method the genuine cardholder and, during Cardholder
Verification, the terminal will determine which CVM (if
any) is required for the transaction. Common methods
of cardholder verification include signature checking,
and PIN entry.
"Chip and Pin" "Chip and PIN" is a marketing term used to describe the
process of credit and debit card transactions
using EMV-compliant microprocessor "chip" cards at a
payment terminal and requiring the cardholder's PIN to
be entered for verification.
Command - Application C-APDU A C-APDU is an APDU that is sent from the terminal to
Protocol Data Unit the card whenever the terminal needs to communicate
with the card.
Cryptogram Information CID The Cryptogram Information Data contains the type
Data of Application Cryptogram generated by the card during
the Card Action Analysis stage. In addition, the card
may also return a reason or advice code (e.g. service
not allowed, or issuer authentication failed) to allow the
terminal to perform any additional processing that may
be required.
Data Authentication DA There are three types of offline Data Authentication that
can be performed, but the method to be used depends
on the capabilities of the card and terminal. Online-only
terminals are not required to support data
authentication, but all other terminals must support
both SDA and DDA and may also support CDA.
If both the terminal and the card support CDA then CDA
should be used. If CDA is not supported but DDA is,
then DDA should be used. If neither CDA nor DDA is
supported but SDA is, then SDA should be used.
Data Object List DOL At several key stages of a transaction, the card requires
data to be supplied from the terminal. Each of these
stages has a specific DOL which is a list containing one
4 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
Discover Zip (Contactless Discover ZIP is the specification for performing MSD-
Only) Mode contactless transactions for Discover cards.
Dynamic Data DDA Dynamic Data Authentication of card and terminal data
Authentication to verify that the card application and data are genuine.
Dynamic Data DDOL The DDOL is a list of data that the card requires if
Authentication Data Object the DDA method is used during Data Authentication,
List and the terminal may also store a default DDOL that
can be used if the DDOL is not present in the data from
the card.
EMV EMV EMV are the international industry standards that define
the rules for processing chip cards, originally named
after the 3 organisations (Europay, MasterCard and
Visa) that produced the specifications. The EMV
standards and associated compliance processes are
now managed by EMVCo. EMV is a registered
trademark or trademark of EMVCo LLC in the United
States and other countries.
EMV Level 1 EMVL1 EMV Level 1 covers the electrical and physical
interfaces, and the transmission of data, between the
terminal and the card. There is an
extensive EMVCo defined level 1 approval process,
which requires every card reader to have completed
laboratory type approval before they can be used to
perform EMV transactions. EMVCo also require this
approval to be renewed at defined intervals to retain
compliance.
EMV Level 2 EMVL2 EMV Level 2 covers the set of functions that provide all
the necessary processing logic and data that is required
to select and process a card application in order to
perform an EMV transaction.
Entry Point (Contactless Entry Point is the common reader processing that
Only) determines the supported applications on a contactless
card by analysing the card’s PPSE to find the reader
combinations that are mutually supported by the card
and the reader. Once a reader combination has been
chosen, the processing continues according to the card
scheme rules associated with the Kernel ID.
5 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
Fast Dynamic Data fDDA fDDA is an optimised form of Data Authentication that is
Authentication (Contactless performed during qVSDC transaction to allow the reader
Only) to obtain DDA related data from the card but to perform
the cryptographic calculations after the card has been
removed from the RF field.
Integrated Circuit Card ICC An ICC is a card that contains a microprocessor chip.
This chip can be used to perform EMV transactions on a
payment terminal, and such a card is commonly
referred to as a "Chip and PIN" card.
Issuer Action Codes IAC A set of action codes supplied by the card application
and used during Terminal Action Analysis.
Interface Device IFD The IFD is the hardware part of a terminal that is used
to physically read a chip card during an EMV
transaction.
Kernel Identifier Kernel ID The Kernel Identifier is used to uniquely identify each of
(Contactless Only) the card scheme kernels that may be supported by the
reader and card.
Landing Zone (Contactless The Landing Zone is the area on a contactless reader,
Only) indicted by the contactless symbol, at the centre of the
RF field.
Offline enciphered PIN A CVM that verifies the cardholder's PIN by encrypting
the entered PIN before sending it to the card. Terminals
that support Offline enciphered PIN must also support
the less secure Offline plain-text PIN method.
Offline plain-text PIN A CVM that verifies the cardholder's PIN by sending the
unencrypted PIN to the card. This is commonly used by
cards that can not support the more secure Offline
enciphered PIN.
6 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
Online enciphered PIN A CVM that verifies the cardholder's PIN by encrypting
the entered PIN before sending it online to the card
issuer.
Online Offline Decision The terminal must perform the action that the card
requested during card action analysis by either
performing online processing or proceeding directly
to transaction completion.
Payment Account Reference PAR Payment Account Reference (PAR) is a data element
released by EMVCo to address some of the challenges
Tokenisation has introduced to the payment ecosystem
whilst maintaining the current level of security provided
by tokens.
Payment Card Industry PIN PCI-PED Requirements specified by the PCI Security Standards
Entry Devices Council (www.pcisecuritystandards.org), which cover
the security of PIN Entry Devices.
Payment System PSE The PSE is an optional mechanism for the card to store
Environment a directory structure that holds records containing a
number of applications that are available on the card.
When present, it is used during Candidate List Creation.
Personal Identification PIN A secret number of between 4 and 12 digits that are
Number known only by the cardholder and may be used
during cardholder verification to confirm that the user of
the card is the cardholder. The methods of PIN
verification supported by EMV are Offline plain-text
PIN, Offline enciphered PIN, and Online enciphered
PIN.
Proximity Payment System PPSE The PPSE on a contactless card contains the list of all
Environment (Contactless card applications supported by the contactless interface,
Only) and is returned from the card in response to the reader
issuing a SELECT command for the PPSE.
Primary Account Number PAN The number found on every payment card that is linked
to the cardholder's account and is used to identify
where the transaction funds should be transferred to or
from.
Processing Options Data PDOL The PDOL is a list of data from the terminal that is
Object List required by the card at the beginning of the Read
Application Data stage. The terminal uses
the DOL processing rules to format the requested data
and then sends it to the card in the Get Processing
Options request.
7 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
Proprietary Application PIX The PIX is an optional, variable length, suffix that may
Identifier Extension be allocated by card schemes to differentiate between
multiple applications (e.g. credit and debit applications)
provided by that scheme. The value of any PIX is
proprietary for each scheme, and if present is appended
to the RID to create the AID of each application.
quick Visa Smart qVSDC qVSDC is the method of performing Visa EMV Mode
Debit/Credit (Contactless transactions over the contactless interface. qVSDC
Only) offers various optimisations to ensure a quick
transaction, including support for fDDA.
Radio Frequency Field RF Field The RF Field is the 3-dimensional space projecting from
(Contactless Only) the landing zone on the contactless reader in which
contactless cards can be detected and processed. It is
also known as the contactless field or contactless
interface.
Registered Application RID The RID is a fixed length unique identifier allocated to
Provider Identifier each card scheme to identify EMV applications provided
by that scheme. The schemes may then suffix this with
an optional PIX to further differentiate between multiple
products supported by the scheme, and together they
form the AID.
Response - Application R-APDU An R-APDU is an APDU that is sent from the card to the
Protocol Data Unit terminal in response to a C-APDU received from the
terminal.
Static Data Authentication SDA Static Data Authentication of the card data (e.g. account
number and expiry date) to verify that it has not been
modified.
Status Bytes SW1 SW2 The last 2 bytes of the R-APDU at the end of
every APDU exchange between the terminal and the
card will contain 2 status bytes, SW1 and SW2, which
are used by the card to indicate the result of the
processing to the terminal.
If the status bytes are '90 00' then the process has
completed. Other values of the status bytes may denote
a warning or error, or may have a specific meaning for
the particular C-APDU that was sent from the terminal.
8 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
Terminal Action Codes TAC A set of action codes stored by the terminal for each
supported AID and used during Terminal Action
Analysis.
Terminal Risk Management To safeguard against fraudulent use, the terminal will
manage the level of risk by requiring certain
transactions to be authorized online that would
otherwise have been authorised locally.
Terminal Verification Results TVR The TVR is a collection of indicators that the terminal
will set to show what incidents have occurred whilst
processing the current transaction (e.g. card is expired,
cardholder verification has failed, or online floor limits
have been exceeded). Together with the TSI, this
information enables the card and the host to manage
risk and determine the correct outcome for the
transaction.
Track 1 data (Contactless The track 1 data (or more accurately, the track 1
Only) equivalent data) is data that is formatted similarly to the
data that would typically be found on the track 1 of a
magnetic stripe card, and may be generated by a
contactless reader or provided by a contactless card for
an MSD-Mode transaction.
Transaction Certificate Data TDOL The TDOL is a list of data that the terminal must use as
Object List the input when it needs to calculate a transaction
cryptogram hash, and the terminal may also store a
default TDOL that can be used if the TDOL is not
9 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
Transaction Completed When the Card Action Analysis (and any online
processing, if required) has been completed, the card
may be removed. If the transaction has been authorized
then payment can be submitted for settlement and any
goods or services can be provided.
Transaction Status TSI The TSI is a collection of indicators that the terminal will
Information set to show what processing steps have been
performed on the current transaction (e.g. Cardholder
Verification, Data Authentication). Together with
the TVR, this information enables the card and the host
to manage risk and determine the correct outcome for
the transaction.
Terminal Transaction TTQ The TTQ is a collection of indicators that the terminal
Qualifiers (Contactless Only) will set to show the reader capabilities, requirements,
and preferences to the card. The TTQ is only supported
by certain card schemes and is only used for
contactless transactions.
Visa Contactless Payment VCPS VCPS is the specification for performing MSD-Mode or
Specification (Contactless qVSDC contactless transactions for Visa cards.
Only)
10 of 11 19-05-2018, 10:41
EMV Level 2 Kernels https://www.level2kernel.com/emv_glossary.html
11 of 11 19-05-2018, 10:41