MasterCard

Contactless MasterCard transactions can be performed in either EMV mode or Mag-Stripe mode. After Entry Point has initiated a transaction the MasterCard Kernel issues a Get Processing Options command. In the response from the card a data object called the Application Interchange Profile (AIP) determines whether the transaction will continue in either EMV Mode or Mag-Stripe Mode. The AIP also determines if “On-device cardholder verification” (CDCVM) is supported.

EMV Mode (M/Chip)

The commands exchanged with the card for EMV Mode closely resemble those used for an EMV contact transaction, with Read Record commands being used to retrieve all the card data, followed by a Generate Application Cryptogram (GENAC) request to obtain a unique, transaction-specific, cryptogram from the card. Once all of these exchanges have been completed, the card can be removed from the RF field. However, unlike for contact transactions, not all the transaction processing occurs before the card exchanges have been completed. This is to optimise the contactless transaction performance by reducing the amount of time the card is required to remain in the RF field.

Unlike Mag-Stripe Mode, EMV Mode transactions support Offline Data Authentication, Terminal Risk Management, Terminal Action Analysis and Application Cryptogram processing. If both the terminal and the card support the CDA method of Offline Data Authentication, then it will always be performed.

Torn Transactions

A Torn Transaction is where the cardholder removes the card from the reader before the transaction has been completed (this is also called Tearing). If the terminal is configured to support Torn Transaction Logs then the kernel will store the transaction details if tearing occurs whilst it is awaiting the card’s response to a GENAC command.

After a torn transaction the kernel prompts for the card to be presented again. If the same card is presented again – and so it matches those in the torn transaction log – then instead of a GENAC command the terminal will instead issue a Recover Application Cryptogram command. If that command is successful then the Kernel restores the data from the Torn Transaction Log and continues with the transaction; if it is unsuccessful then the kernel issues a GENAC command instead.

The terminal configuration defines a maximum lifetime for each entry in the Torn Transaction Log and the terminal should use a Clean Signal to remove all expired entries from the log.

The number of entries in the log can also be configured, and if the log is already full then any new entry should replace the oldest entry within the log.

Balance Reading

An offline balance may optionally be stored on a card, for example gift cards or pre-paid debit cards. If a card supports balance reading it will indicate this in the Application Capabilities Information and the terminal can read this and provide it to the customer, for example by means of a receipt. Depending upon the terminal configuration, this may be read from the card before or after the Generate AC.

Mag-Stripe Mode

When the transaction is performed in Mag-Stripe mode it issues Read Record commands to retrieve the data from the card. It also issues a specific Mag-Stripe Mode command called the Compute Cryptographic Checksum (CCC) which will cause the card to generate Dynamic CVC3 (Card Verification Code) values that can be inserted into the track 1 and track 2 equivalent data that was supplied by the card. This is a fraud prevention mechanism to ensure that the track data changes every transaction, to prevent card details from being cloned, and in addition Mag-Stripe transactions are always sent online for authorisation.

In the event of a CCC (Compute Cryptographic Checksum) APDU failure, MasterCard requires the device to wait a specific amount of time before attempting another transaction. The amount of time is proportional to the number of transactions in a row where the CCC command has failed, and incrementally rises from 300ms up to a maximum wait of 9600ms.

Transaction Flow Chart

Contactless Steps

Process Description

Entry Point Processing

(Mandatory)
arr

For more information on this processing refer to the section about Entry Point Processing.
Initiate Application Processing

(Mandatory)
arr

Based on the AIP received from the card the transaction continues as an EMV mode transaction. The AIP also determines the method of ODA performed. CDA takes priority over SDA, with CDA being mandatory if it is a mobile transaction. If the AIP or AFL are not present in the card response then the transaction is terminated. The default starting state of a transaction is with an empty list of torn transactions. The card indicates support for the RECOVER AC command by the presence of the DRDOL.

Read Application Data

(Mandatory)

arr

After all the records, including data objects used in ODA, have been read from the card the kernel checks the Torn Transaction Log for a matching entry. If a match is found, and the Card indicates successful processing, the kernel then gets the transaction data from the Log and continues processing the transaction.

Mag-Stripe Mode Processing

(Conditional)

arr

For Mag-Stripe mode transactions, the kernel issues a COMPUTE CRYPTOGRAPHIC CHECKSUM (CCC) command so that the card can generate dynamic values to include in the Track equivalent data. At this point the card processing is complete for Mag-Stripe mode transactions and therefore they will proceed straight to the Card Removal stage.

Process Balance Read Before GENAC

(Conditional)

arr

If the terminal and the card support the reading of a balance from the card prior to the Generate Application Cryptogram (GENAC) command then the terminal will issue a Get Data command at this point.

Processing Restrictions

(Conditional)

arr

The terminal will perform checks, similar to those required for EMV contact transactions. These include checking the Application Usage Control to see if the transaction is supported by the card, and checking that the card is valid.
Cardholder Verification

(Conditional)

arr

The kernel will check if CDCVM is required for the transaction. If it is not, then the terminal will check the AIP and the CVM List from the card to determine whether Cardholder Verification is required, and if it is then which method should be used.

Terminal Action Analysis

(Mandatory)
arr

During Terminal Action Analysis the Terminal completes additional checks to determine whether it should request the card to approve or decline the transaction, or whether Online Processing is required.

Card Action Analysis

(Mandatory)
arr

If the transaction is identified as a Torn transaction then the terminal will issue a Recover AC command. Otherwise (or if the card indicates that the Recover AC command was not successful) the terminal issues the Generate Application Cryptogram command. The card's response will indicate whether the terminal should approve or decline the transaction, or whether the transaction needs to be processed online. If the terminal and the card support the reading of a balance from the card after the GENAC command then the terminal will issue a Get Data command at this point.

Card removal

(Mandatory)

arr

The cardholder will be informed that they can remove their card from the terminal's contactless reader. After the removal of the card there are some other processes that may be required to be performed, these are performed after card removal to reduce the amount of time the cardholder has to keep their card in the RF field. If CDA is being performed, the kernel will validate the data from the card to prove the authenticity of the card.

Online Processing

(Conditional)

arr

A Mag-Stripe mode transaction must always be sent online for authorisation, whereas an EMV mode transaction will only do so if it has been requested to do so as a result of the Terminal Action Analysis or the Card Action Analysis.

Completion

(Mandatory)

The transaction result is displayed and, if approved, the goods or services can be supplied.