3
votes

I have a scenario where the EMV Contactless card image (American Express) SHOULD decline offline; however, the Ingenico PinPad is going online and approving and the VeriFone is declining offline.

Even though, this scenario SHOULD decline offline - I am convinced this scenario should go ONLINE. I think the VeriFone is a false-positive and the Ingenico is doing the right thing by going ONLINE.

The purpose of this scenario is to ensure that the terminal declines a transaction offline when CDA fails.

The card image has an IAC Denial of "0000000000" and IAC Online of "F470C49800".

The TVR that gets generated during 1AC is '0400008000'.

The TAC Denial is set to "0010000000" and the TAC Online is set to "DE00FC9800".

TVR = "0400008000"
IAC_Denial = "0000000000"
TAC_Denial = "0010000000"
IAC_Online = "F470C49800"
TAC_Online = "DE00FC9800"

When comparing the TVR to the TAC Denial (which should happen first) according to the EMV Book 3 - Terminal Action Analysis - there are NO matching bits. So the next thing that should happen is the TVR should be matched with the TAC Online. When comparing the bits from the TVR to the TAC Online - the bits that match are: "CDA Failed, Exceeds Floor Limit". This indicates to me that this should go ONLINE; however, as previously stated the scenario is ensuring that it declines OFFLINE.

In a nutshell, the VeriFone PinPad is giving a false-positive by declining OFFLINE without using the Terminal Action Analysis logic.

However, the Ingenico seems to be doing the right thing by going ONLINE.

Is there something that I am missing?

Is there any configurations that can override the Terminal Action Analysis from matching the TVR to TACs to prevent a transaction to go online?

Could this be an issue with the VeriFone kernel?

Thanks.

1
can you update the logs for both ingenico and verifone as a part of the questionAdarsh Nanu
Turns out the scenario was an error on ATS. They should not have been trying to validate a cryptogram check. Not 100% sure of what the issue is, but looks like it was an issue on their end.paxtonjf

1 Answers

2
votes

I often got this error when my POS terminal was not properly configured.

Often, scenarios like this one will have thresholds to configure in your terminal accordingly to its standards. For instance, my terminal was configured accordingly to SEPA-FAST standards.

There was a threshold for the maximum amount value to approve offline. This is useful for merchants that want to approve small amounts offline for effectiveness and speed when they have long lines of customers to process. Think of a cafeteria or a bus line. Of course, this is slightly risky and many merchants won't approve high amounts without an online approval to reduce their loss due to invalid/fraudulent payments.

In my opinion, your offline threshold looks fine. The transaction amount exceeds it and it is refused offline for the obvious reasons I explained to you before.

Perhaps your maximum threshold is badly configured. Most scenarios require you to set a maximum amount threshold over which the transaction is refused offline.

One other thing that could be wrong is your EMV Terminal capabilities 0x9F33 that supports Online PIN authentication and shouldn't. Maybe you aren't using the terminal prescribed by the scenario. What is your CVM? Should it be supported by your terminal? There is also the EMV Terminal Transaction Qualifiers (TTQ) field 0x0F66 for NFC transactions that plays a similar role in defining what a terminal can and cannot do. Maybe your terminal should be offline only in this scenario. This could happen for pizza deliveries or in situations where an internet connexion is not available.