Communication between terminal and issuer - EMV Transaction

Question

I am working on EMV technology and looking for the communication ( Request/Response) between terminal and issuer for authorization / online pin checking.

I know Offline data authentication check on terminal only and then terminal send data to issuer. I wonder what data need to send for authorization process.

I know little bit about DE elements ( like DE-55 element - contain data like Amount,Authorised(Numeric) ,Amount,Other(Numeric),ApplicationCryptogram(AC)).

Could anybody give me a link/documnent where I can see what and how communication in what format happening between Terminal and issuer for authorization (cryptogram validation) , Online PIN checking , CVV validation and all.

sorry for my bad english.

Answer 1

Terminal communicates only with the acquirer. The communication between terminal and acquirer is determined by acquirer host system like Compass+, OpenWay, other and specific implementation you can ask your host provider (easier to ask the Bank for which the terminal will be the point of sale ). In common this all protocols are based on ISO8583, so you could read there. Also some information you can find at EMV Book 4, 12 Acquirer Interface.

EMV Book 4:

An authorisation message shall be used when transactions are batch data captured. A financial transaction message shall be used when online data capture is performed by the acquirer. An offline advice shall be conveyed within batch data capture when supported. An online advice or a reversal message shall be transmitted real-time, similarly to an authorisation or financial transaction message.

Answer 2

Issuer does a couple of things
1. Validate the card, for example status, expiry date, PIN etc
2. Validate account, eg. account status, available funds, transaction type allowed on the account etc.
3. Validate the authenticity of the card by veriying the ARQC
4. Generate ARPC to let card know that the issuer is genuine.
5. Send post issuance operation using issuer scripts.

You may be mostly sending the data in ISO8583 in case you are using a POS or NDC+/D912 standards in case you are using ATMs.

PIN is sent as PIN Block encrypted under Terminal PIN key.
If host is the issuer it can do HSM command DC and verify the PIN. See the HSM documentation for the format and expected data.

CVV is a part of the track and verification happens with HSM command CY. Expiry date is available from track. Service code is also available but make sure it is the service code for iCVV.

Now considering the above requirements, I can say the following data are required to be sent to host.
Message type
PAN
Pcode
Amount
Local date and Time
Trace
expiry data (not mandatory in case you are sending track data)
POS entry code
PAN Sequence number
Track2
terminal id
Merchant ID
Acquirer Currency Code
Chip Data which includes
    All tags used in CDOL1( this would be sufficient for your HSM command KQ/KX)
    ARQ Cryptogram
PIN block in case online PIN is selected CVM

Try with this and let me know in case anything more is required.