6

I'm trying to detect whether a contactless enabled smartcard or a mobile device equipped with ApplePay, Google Pay, or Samsung Pay was used for a contactless EMV transaction.

I have been researching via the EMV books, and there seems to be a tag 9F6E provides this sort of data:

EMV Book 3 - VISA enter image description here

EMV Book 4 - MasterCard enter image description here

Questions:

  1. VISA provides a 4 byte value in the field 9F6E, but I can't find a list of possible values and their meanings anywhere. The EMV book says "out of scope". Is there anyway to reliably convert this to a known form factor?
  2. MasterCard provides data 2 bytes for the form factor, but I'm seeing values that I don't undestand (32 31 ascii = 21). Is there a list of values and meanings somewhere for these?
  3. Is there an easy way to understand if CDCVM has been used for a given contactless transaction, so that I could separate contactless transactions from contactless with CDCVM transactions?
raydowe
  • 1,285
  • 1
  • 16
  • 31

3 Answers3

5

Google Pay is using cloud-based payments while Apple is using an embedded secure element. You can find this tag on 9F6E form factor on Visa. However, it might be different for Master Card or Amex.

To fix this correctly, you might want to check the EMV tag 9F19 which returns to the token requestor ID. Check EMV payment tokenization for this spec. Token requestor ID looks like this:

MasterCard

  • 50110030273 – APPLE_PAY
  • 50120834693 – ANDROID_PAY
  • 50139059239 – SAMSUNG_PAY

Visa

  • 40010030273 – APPLE_PAY
  • 40010075001 – ANDROID_PAY
  • 40010043095 – SAMSUNG_PAY
  • 40010075196 – MICROSOFT_PAY
  • 40010075338 – VISA_CHECKOUT
  • 40010075449 – FACEBOOK
  • 40010075839 – NETFLIX
  • 40010077056 – FITBIT_PAY
  • 40010069887 – GARMIN_PAY
Andrew T.
  • 4,701
  • 8
  • 43
  • 62
R. Marcos
  • 91
  • 2
  • Thanks for Tag 0x9F19 Token Requestor IDs. Do you know any references with list of "Token Service Provider Code" and "Token Requestor"? The parts of these Token Requestor IDs. – iso8583.info support Aug 20 '18 at 10:39
3

I believe it is also possible to detect if the transaction was performed by a mobile device by using tag 0x82 (Application Interchange Profile). I believe this is a better approach because it will be the same regardless of card brand (as long as the card brand in question followed EMVCo's spec correctly.

Here is a link to EMV Co Contactless Book.

https://www.emvco.com/wp-content/uploads/2017/05/C-4_Kernel_4_v2.6_20160512101635327.pdf

Screenshot Of Desired Table Check Bit 7 (second most significant bit) of Byte 2 (Rightmost Byte). If it is 1 it came from a mobile device. The Application Interchange profile will always be 2 Bytes.

mitchell
  • 298
  • 1
  • 11
2

Refer the below documents. You will require Visa Online and MasterCard connect access to get these.

  1. VCPS_2.2 Spec

  2. M/ChipRequirements For Contact and Contactless Spec

  3. check in CVM and CVR inside 9F10

Adarsh Nanu
  • 2,133
  • 1
  • 13
  • 18
  • OK. So how this helps exactly? There is no mention of Google Pay or Apple Pay in those documents. – Kresimir Plese Mar 09 '22 at 09:14
  • During the token provisioning process, form factor of the device( could be a mobile phone, watch or wearable or .. ) is stored in the wallet, regardless of whether it is Apple Pay or Google Pay or Fitbit. Basically, all adhere to the payment scheme specifications. – Adarsh Nanu Mar 19 '22 at 13:33