We use cookies on this website
Cookies improve how our website works and how it is used, so that we can continue to improve the site. For more information see our cookie policy.
By using this website you are agreeing to our use of cookies.
- What is EMV? >
- World of Contactless >
- EMV American Express Contactless
American Express
EMV & Mag-Stripe Modes
American Express (Amex) contactless transactions can be completed in both EMV and Magnetic Stripe mode. The mode selected depends on the mutually supported features of the reader and the card in use. Cards must support Magnetic Stripe mode processing and can optionally also support EMV mode processing. Terminals should support both EMV mode and Magnetic Stripe mode but may be configured to only operate in Mag-Stripe mode. If both the terminal and the card being used support EMV mode then EMV Mode will be used; otherwise Magnetic-Stripe Mode shall be used.
Contactless Cards which support both EMV Mode and Mag-Stripe Mode are designed to be able to amend their response data based upon whether the terminal supports EMV Mode or not, in order to be able to provide the terminal with the appropriate data needed to process the transaction.
When a transaction is performed in Mag-Stripe Mode, track 1 and track 2 equivalent data will be generated for sending online for authorisation. However to allow the card to be authenticated and to ensure the track data changes every transaction, this track equivalent data will also include the card’s Application Transaction Counter (ATC) – which changes every transaction – together with a dynamically generated cryptogram from the card and a terminal-generated unpredictable number.
Transaction Processing
Contactless transactions can either be processed offline, or online with immediate or delayed authorisation. Each of these methods of processing the transaction only execute the first Terminal Action Analysis (TAA) and the first Card Action Analysis (CAA), and so all communications between the terminal and the card are completed after the first Generate Application Cryptogram response has been received from the card. If the terminal is to process the transaction online with immediate authorisation then the transaction outcome is determined by the authorisation system of the Issuer. American Express supports the usage of Offline Data Authentication, and if a transaction is processed offline (or as a delayed authorisation) then it is mandatory for CDA to be performed.
Delayed Authorisation can be used in the event that the reader is located in an environment where it is either not possible or not desirable to process the transaction immediately online, for example at a transportation gate where it is necessary for a high volume of people to pass through quickly. In such a case, the transaction is immediately approved at the terminal allowing the cardholder to remove their card without having to wait for the online processing. A delayed authorisation request is then sent online to the issuer to verify the account or reserve its funds.
Transaction Flow Chart
Contactless Steps |
Process Description |
| Entry Point Processing (Mandatory) |
For more information on this processing refer to the section about Entry Point Processing. |
| Initiate Application Processing (Mandatory) |
Depending upon the data in the Get Processing Options response, the terminal determines whether the transaction isperformed in EMV or Mag-Stripe mode and whether the transaction is being processed as a Contactless Mobile transaction. |
| Read Application Data (Mandatory)
|
The terminal will read all of the required data from the card using Read Record commands. If the card provides the 'Card Interface and Payment Capabilities' data element then the kernel will use this to determine if alternative interfaces (such as a contact chip) are supported in the event that the payment cannot be processed over a contactless interface. |
| Processing Restrictions (Mandatory)
|
During this stage, the kernel is required to perform the same processing restriction checks as are required for an EMV Contact transaction. |
| Offline Data Authentication
(Conditional)
|
If the transaction is to be approved offline and both CDA and SDA are supported by both the card and reader, then CDA takes priority. If a transaction is declined offline then ODA is not performed. |
| Cardholder Verification
(Conditional)
|
If CDCVM is the required method to be performed then the kernel will check the Mobile CVM Result returned by the card (consumer device) to determine if it has already been successfully performed. Otherwise, the Kernel will check the AIP and the card's CVM List to determine the necessary CVM. If the amount is above the CVM Required Limit then the method "No CVM" must not be used. |
| Terminal Risk Management
(Mandatory)
|
During this stage, the kernel is required to perform Terminal Risk Management checks similar to those that are required for an EMV Contact transaction, including Floor Limit checking and Exception List handling. |
| Terminal Action Analysis
(Mandatory) |
During Terminal Action Analysis the Terminal completes additional checks to determine whether it should request the card to approve or decline the transaction, or whether Online Processing is required. |
| Card Action Analysis
(Mandatory) |
The terminal issues the Generate Application Cryptogram command, requesting CDA if that is the required ODA for the current transaction. The card's response will indicate whether the terminal should approve or decline the transaction, or whether the transaction needs to be processed online. |
| Card removal (Mandatory)
|
At this point the cardholder will be informed that they can remove their card from the terminal's contactless reader. After the removal of the card there are some other processes that may be required to be performed, these are performed after card removal to reduce the amount of time the cardholder has to keep their card in the RF field. If CDA is being performed, the kernel will validate the data from the card to prove the authenticity of the card. |
| Online Processing (Conditional)
|
In the event of a communications failure the Default Action Codes are used to determine whether the transaction can be approved offline. If a Delayed Authorisation transaction is performed then, instead of immediate online processing, the kernel returns control to Entry Point to complete the transaction with an approval, and the transaction data is sent online to the acquirer at a later time. |
| Completion
(Mandatory) |
The transaction result is displayed and, if approved, the goods or services can be supplied. |
ChipDNA - a rapid SDK for Windows, Linux, iOS and Android - helps integrators, ISVs & VARs transition from mag-stripe to EMV.
