We use cookies on this website
Cookies improve how our website works and how it is used, so that we can continue to improve the site. For more information see our cookie policy.
By using this website you are agreeing to our use of cookies.
- What is EMV? >
- World of Contactless >
- EMV Visa Contactless Transaction Flow
VISA
Traditionally in the USA, all Visa contactless transactions were processed using Mag-Stripe Mode (known as MSD for Visa), whereas other geographic regions used EMV Mode (known as qVSDC for Visa). However, as qVSDC support is mandatory for all new Visa contactless card products, all terminals should support qVSDC and only legacy transactions are now processed in Mag-Stripe Mode.
For terminals that support both modes, the card will supply a data object called the Application Interchange Profile (AIP) that determines whether the transaction will continue in EMV Mode or Mag-Stripe Mode.
Visa processing begins by analysing some of the information from the Entry Point’s Pre-Processing and Combination Selection. Visa also supports the ability to apply Dynamic Reader Limits (DRL) to determine whether the default transaction limits should be applied to the transaction, or whether settings specific to the type of Visa card should be applied (for example, in Europe a higher transaction limit may be applied to consumer device transactions such as Apple Pay that have verified the cardholder using CDCVM).
The first APDU issued by the Visa Kernel is a Get Processing Options command, and it is the card’s response to this that will contain the AIP. To optimise the number of APDU commands that need to be exchanged with the contactless card, the Get Processing Options response may also contain many of the other data items that are required to process the transaction.
In some cases it may not be necessary to perform any other APDU commands after the Get Processing Options response has been received. If not all the required data has yet been received then the kernel will be required to issue Read Record commands to retrieve the remaining data. After that has been performed, the card exchanges have been completed and the card can be removed from the RF field.
EMV Mode (qVSDC)
Visa supports the ability for certain qVSDC transactions to be offline approved, provided that all mandatory checks have been performed successfully.
Visa supports an optimised form of Offline Data Authentication called fast Dynamic Data Authentication (fDDA) that will always be attempted for offline qVSDC transactions; if the card does not support it in the AIP or fDDA fails for some other reason, then the kernel will check the Card Transaction Qualifiers (CTQ) to decide whether to send the transaction online, decline it, or switch to a different interface.
Mag-Stripe Mode (MSD)
All MSD Mode transactions must be performed online, and so many of the checks required for qVSDC mode are not required, thus simplifying the processing. MSD mode transactions use Track 1 data (built from data elements within the card) or Track 2 data (obtained from the Track 2 Equivalent Data on the card).
Transaction Flow Chart
Contactless Steps |
Process Description |
| Entry Point Processing (Mandatory) |
For more information on this processing refer to the section about Entry Point Processing. |
| Initiate Application Processing (Mandatory) |
The Get Processing Options command is issued by the terminal and the card's response to this may contain all of the required data to complete the transaction. In some instances the card may return Status Bytes that indicate that it is not possible to process the transaction with the selected application, in which case the terminal may return to Entry Point Processing. |
| Read Application Data (Conditional) |
If required, the terminal will read additional data records from the card. These extra data records may be required to perform processes such as fDDA. |
| Card removal (Mandatory) |
At this point the cardholder will be informed that they can remove their card from the terminal's contactless reader. After the removal of the card there are some other processes that may be required to be performed, these are performed after card removal to reduce the amount of time the cardholder has to keep their card in the RF field. |
| Processing Restrictions (Conditional) |
If the data returned by the card indicated that a qVSDC transaction should be approved then the kernel will perform additional checks and these could result in the transaction being declined offline. These checks could be: whether the transaction date is greater than the Application Expiration Date, the PAN is on the Exception File, or whether this Transaction Type is permitted by the card (for transactions involving cash). |
| Offline Data Authentication (Conditional) |
If the transaction is to be approved offline, then ODA is performed to authenticate the fDDA dynamic signature and other data from the card. If fDDA fails or is unable to be performed, then the transaction is either sent online, switches interfaces and attempts a contact transaction or is declined offline. |
| Cardholder Verification (Conditional) |
The terminal checks the configured CVM Limit, the Terminal Transaction Qualifiers (TTQ) and the Card Transaction Qualifiers (CTQ) to determine what CVM check - if any - is required for the tranasction . If Cardholder Verification is required but not able to be performed, then the transaction is declined. |
| Online Processing
(Conditional) |
If it is required to do so, the terminal will send the transaction online where further authentication will be performed and the |
| Completion
(Mandatory) |
A declined transaction should not attempt to be performed over another interface. Note that for some transaction types other than Purchase (e.g. Refunds), an offline decline does not necessarily indicate a decline of the refund or credit. The transaction result is then displayed and may include the Available Offline Spending Amount. |
ChipDNA - a rapid SDK for Windows, Linux, iOS and Android - helps integrators, ISVs & VARs transition from mag-stripe to EMV.
