Professional Documents
Culture Documents
Flow EMV
Flow EMV
Flow EMV
Card detection and reset needs to be performed by the card Card When using the NMI (formerly Creditcall) EMV.LIB Kernel, the
interface functions specific to the hardware device being used.
Detection and terminal application will use the Hardware Abstraction Layer
When a card is reset, it will respond with an Answer To Reset functions to detect and read cards.
(ATR) that specifies how the terminal must interface with the Reset
card. When using the NMI (formerly Creditcall) EmvX Kernel or the
NMI (formerly Creditcall) EmvJ Kernel, this processing will be
performed in the card reader drivers.
The terminal has a list containing the Application Identifier (AID) Candidate The NMI (formerly Creditcall) EMV.LIB Kernel has a single
of every EMV application that it is configured to support, and the
List Creation function that will build the candidate list, and the terminal
terminal must generate a candidate list of applications that are application can then use the Hardware Abstraction Layer to
supported by both the terminal and card. The terminal may allow the cardholder to select an application.
attempt to obtain a directory listing of all card applications from
the card's PSE. If this is not supported or fails to find a match, The NMI (formerly Creditcall) EmvX Kernel and the NMI
the terminal must iterate through its list asking the card whether it (formerly Creditcall) EmvJ Kernel both have a single function
supports each individual AID. that will build the candidate list, and the PIN-pad driver will be
used to allow the cardholder to select an application.
If there are multiple applications in the completed candidate list,
or the application requires it, then the cardholder will be asked to
choose an application; otherwise it may be automatically
selected.
EMV Level 2 Kernels https://www.level2kernel.com/flow-chart.html
When the application to use has been chosen, the terminal must Application In all of the NMI (formerly Creditcall) Kernels, all of these
select the application on the card, so that the card can supply the
Selection processing steps can be performed in a single function.
correct data records for the transaction. However, if the payment application wishes to pause execution
after any step then a break state can be set, and once the
application has performed any necessary processing, then the
Kernel will resume the processing.
Once the application has been selected, the terminal provides Read Layer functions to communicate with the card, perform secure
PIN entry, perform RSA and SHA-1 encipherment and to
the card with any data that it requests in the PDOL and gets the
Application perform an online authorization with the card issuer.
processing options. The card will supply the Application File
Locator (AFL), which is used by the terminal to read the Data
When required, EmvX and EmvJ will use the card reader, PIN-
application data records from the card. These records contain
pad and display driver interfaces to communicate with the
the card PAN and expiry date, plus many other tags of
card, perform secure PIN entry and to update the display. If
information that are used for transaction processing such as
provided, it will also use the EFT interface to perform an online
cardholder verification and card authentication.
authorization with the card issuer.
There are three types of offline Data Authentication that can be Data
performed, but the method to be used depends on the
Authentication
capabilities of the card and terminal. Online-only terminals are
not required to support data authentication, but all other
terminals must support both SDA and DDA and may also support
CDA. SDA - Static Data Authentication of the card data (e.g.
account number and expiry date) to verify that it has not been
modified. DDA - Dynamic Data Authentication of card and
terminal data to verify that the card application and data are
genuine. CDA - Combined DDA and Application Cryptogram
Generation.
Cardholder verification checks that the person using the card is Cardholder
the cardholder. The card contains a list of verification methods
Verification
that it supports, and the conditions under which they should be
applied. The terminal must navigate through this list and attempt
the first method it finds for which the condition is met. If a method
fails, the terminal must check whether additional methods are
allowed. For example, a list might contain: online PIN (if
unattended cash), offline PIN (if supported), signature (always).
To safeguard against fraudulent use, the terminal will manage Terminal Risk
the level of risk by requiring certain transactions to be online
Management
authorized that would otherwise have been authorized locally.
This involves comparing the transaction amount against floor
limits, and detecting when the number of consecutive offline
transactions on a card has reached a defined limit. In addition,
offline-capable terminals will also randomly select certain
transactions to go online.
The terminal will analyse the results of the previous verification, Terminal
authentication and risk steps and this will result in the terminal
Action
informing the card that it proposes to either seek online
authorization of the transaction, or to complete it offline by Analysis
accepting or declining the transaction locally.
2 of 4 17/05/2022 17:32
During the first Card Action Analysis step, the card will analyse Card Action
the results of all the previous steps and this will result in the card
Analysis
requesting the terminal to either seek online authorization of the
transaction, or to complete it offline by accepting or declining the
transaction locally. This request may differ from the action that
the terminal proposed following Terminal Action Analysis, but is
subject to certain logic rules (e.g. the card is not permitted to
request offline acceptance of the transaction if the terminal
proposed online authorization).
The terminal must perform the action that the card requested Online Offline
during card action analysis.
Decision
During the second Card Action Analysis step, after online Second Card
processing has been performed, the card will analyse the result
Action
of the online processing and will authenticate data received from
the card issuer. This will result in the card requesting the terminal Analysis
to complete the transaction by either accepting or declining the
transaction. This request may differ from the result of online
processing, but is subject to certain logic rules (e.g. the card is
not permitted to request acceptance of the transaction if the host
declined the payment).
When the card processing has been completed, the card may be Transaction When using the NMI (formerly Creditcall) EMV.LIB Kernel, the
removed. If the transaction has been authorized then payment
Completed terminal application will use the Hardware Abstraction Layer
can be submitted for settlement and any goods or services can functions to detect the card removal, and can retrieve any
be provided. required data from the Kernel.
2021 Copyright Terms and Conditions Privacy Policy Cookie Policy GDPR Policy Modern Slavery Statement
4 of 4 17/05/2022 17:32