Compared to magstripe readers, chip-card readers are fussy. Reading a magnetic stripe is comparatively straightforward, but getting a chip-card reader to converse with the chip on a chip card requires a substantial amount of preparation and setup. Let’s talk about what that means.

Before attempting to perform any EMV transactions using a chip-card reader, you need to make sure your card reader is properly configured. At a minimum, this means loading the device with:

1. Proper terminal settings
2. Any AIDs that might be needed
3. Public keys for the card brands you intend to honor

TERMINAL SETTINGS

So-called “terminal settings” must be supplied to the device as TLVs (data formatted as tag/length/value triplets), using industry-standard tags as defined in the EMVCo specs for contact EMV and/or contactless EMV. Here’s an example of what such settings look like:

Major Settings

9F35	Terminal Type	21
9F33	Terminal Capabilities	6028C8
9F40	Additional Terminal Capabilities	F000F0A001
DF26	Enable Revocation List Processing	01
DF11	Enable Transaction Logging	00
DF27	Enable Exception List Processing	00
DFEE1E	Terminal Configuration	D0DC20D0C41E1400

Minor Settings

5F36	Transaction Currency Exponent	02
9F1A	Terminal Country Code	0840
9F1E	Interface Device (IFD) Serial Number	5465726D696E616C
9F15	Merchant Category Code	1234
9F16	Merchant Identifier	303030303030303030303030303030
9F1C	Terminal Identification	3837363534333231
9F4E	Merchant Name and Location	31303732312057616C6B65722053742E20437970726573732C204341202C5553412E
DF10	Terminal Languages Supported	656E667265737A68
DFEE15	Application Selection Indicator	01
DFEE16	DUKPT Key or MKSK Select for Online PIN Encrypted	00
DFEE17	ICC Terminal Entry Mode	07
DFEE18	MSR Terminal Entry Mode	80
DFEE1F	Issuer Script Limit	80
DFEE1B	Authorization Request data elements	3030303135313030
DFEE20	ICC power on waiting time	3C
DFEE21	ICC L1 data transaction waiting time	0A
DFEE22	Driver (Menu, Get PIN, Get MSR)Timeout	323C3C

 

NOTE: Tags that start with ‘DF’ are ID TECH proprietary tags. You can read about such tags in this document.

To get a better idea of what these tags do and what all the values mean, you should read the ID TECH Knowledge Base article called “Which Terminal Settings Am I Allowed to Change?”

These settings are important because the chip on the card needs to be told which terminal capabilities the reader supports. For example, will the reader expect to conduct a chip-and-PIN session? Is the reader unattended (e.g., used in a kiosk, or in an ATM)? What country is the reader in? These and other important questions are answered in the “terminal settings.”

AIDS

Every chip card contains one or more “applications” that the card will support. The “applications” are not implemented in code, inside the chip, but (rather) as a set of branching decisions based on bit values in flag bytes of various TLVs. The chip can be (and will be) interrogated by the reader, at transaction time, to determine which “applications” are present. The reader’s EMV kernel will compare the available applications in the card with any applications present in the kernel, and decide on the actual application to use at transaction time.

The applications we’re talking about are colloquially referred to as “AIDs,” although in reality the acronym “AID” simply means Application Identifier.

An AID is more than an identifier, though. The AID consists of the identifier plus all the TLVs that contain the branching logic for the application. A typical AID (represented in JSON) looks something like this:

The TLVs in this AID are as follows:

9F01	Acquirer Identifier	564953413030
5F57	Account Type	00
5F2A	Transaction Currency Code	0840
9F09	Application Version Number	0096
5F36	Transaction Currency Exponent	02
9F1B	Terminal Floor Limit	00003A98
DF25	Default DDOL	9F3704
DF28	Default TDOL	9F0802
DFEE15	Application Selection Indicator	01
DF13	TAC Default	0000000013
DF14	TAC Denial	0000000000
DF15	TAC Online	0000000000
DF18	Target Percentage for Random Transaction Selection	00
DF17	Threshold Value for Biased Random Selection.	00002710
DF19	Maximum Target Percentage for Random Transaction Selection	00

 

This is the standard MasterCard AID. (You can see a list of commonly used AIDs at this web site.)

Note that although ID TECH readers come with certain “standard AIDs” already pre-loaded, you will want to determine your exact AID requirements and load any needed AIDs yourself prior to releasing a device to production, since AIDs change and the values may need to be tweaked to suit your payment app.

Typically, you will load 6 to 12 AIDs into your card reader, to support common cards and their variants (e.g., VISA credit, VISA debit, Common Debit, MasterCard credit, and so on).

PUBLIC KEYS (CAPKS)

A chip card will contain the card issuer’s private key(s), which are used to sign various cryptographic data values that come from the card. These cryptographic values (cryptograms) need to be verified by the reader’s EMV kernel at runtime, using the card issuer’s public keys. The public keys are also needed to validate data obtained from the issuer during online authorization requests. Therefore, it’s essential that the reader be configured to contain all of the public keys that may be needed to support all of the cards that will be accepted at transaction time.

The necessary public keys come in the form of Certificate Authority Public Keys (or CAPKs). You can see a list of such keys at this web page. When configuring a card reader for production, you will need to obtain the latest CAPKs from your processor, and/or the card issuers, so that your keys are up to date. CAPKs expire periodically, and your card reader will reject transactions when an incorrect or expired CAPK is used. This is a frequent source of runtime trouble, so if your card reader is declining transactions and you’re not sure why, one of the first things you should check is whether the necessary, up-to-date CAPKs have been loaded into the reader.

CAPKs look like this:

RID+Index	a000009999e5
Hash Algorithm	01
Encryption Algorithm	01
Hash Value	ada2349afd118d55af782d37b64651af1ca61ee5
Exponent	00000003
Modulus Length	8000
Modulus	d4fdae94dedbecc6d20d38b01e91826dc6954338379917b2bb8a6b36b5d3b0c5eda60b337448baffebcc3abdba869e8dadec6c870110c42f5aab90a18f4f867f72e3386ffc7e67e7ff94eba079e531b3cf329517e81c5dd9b3dc65db5f9043190be0be897e5fe48adf5d3bfa0585e076e554f26ec69814797f15669f4a255c13

You may need to load as many as two dozen (or more!) CAPKs into your device, depending on which cards you need to support.

HOW TO CONFIGURE YOUR DEVICE

If this sounds like a lot of configuration work, guess what? It is! But it’s absolutely required, if you want to support EMV transactions.

Fortunately, ID TECH has various free tools to help you configure your device. All of our EMV devices, for example, are supported by a Universal SDK that contains code libraries to help you build your own configuration tools. Also, ID TECH offers a “Universal Demo” app (or “UDemo”), for Windows, which has point-and-click capabilities for loading AIDs, CAPKs, and Terminal Settings. (Go to the Universal SDK page to learn more.)

For users of ID TECH’s Augusta card reader, as well as our  contactless readers, ID TECH offers al Configuration Utility designed to make it possible to load all terminal settings, all CAPKs, and all AIDs needed by your reader, with the click of a single button. This tool enables the creation and use of a single master configuration file, in JSON format, containing all of a device’s settings. Once you have all your settings in a JSON file, the configuration tool can be used by a non-technical user to inject settings into any ID TECH device. Ask your ID TECH rep about it. It’s free, and it’ll save you tons of time.

Have questions about EMV? Device configuration? Payment app development? Get in touch with our experts.

Toll Free Number
1-800-984-1010