EMV Device Configuration Essentials

Compared to magstripe readers, chip-card readers are fussy. Reading a magnetic stripe is comparatively straightforward, but getting a chip-card reader to converse with the chip on a chip card requires a substantial amount of preparation and setup. Let’s talk about what that means.

Before attempting to perform any EMV transactions using a chip-card reader, you need to make sure your card reader is properly configured. At a minimum, this means loading the device with:

  1. Proper terminal settings
  2. Any AIDs that might be needed
  3. Public keys for the card brands you intend to honor

TERMINAL SETTINGS

So-called “terminal settings” must be supplied to the device as TLVs (data formatted as tag/length/value triplets), using industry-standard tags as defined in the EMVCo specs for contact EMV and/or contactless EMV. Here’s an example of what such settings look like:

Major Settings

9F35 Terminal Type 21
9F33 Terminal Capabilities 6028C8
9F40 Additional Terminal Capabilities F000F0A001
DF26 Enable Revocation List Processing 01
DF11 Enable Transaction Logging 00
DF27 Enable Exception List Processing 00
DFEE1E Terminal Configuration D0DC20D0C41E1400

Minor Settings

5F36 Transaction Currency Exponent 02
9F1A Terminal Country Code 0840
9F1E Interface Device (IFD) Serial Number 5465726D696E616C
9F15 Merchant Category Code 1234
9F16 Merchant Identifier 303030303030303030303030303030
9F1C Terminal Identification 3837363534333231
9F4E Merchant Name and Location 31303732312057616C6B65722053742E20437970726573732C204341202C5553412E
DF10 Terminal Languages Supported 656E667265737A68
DFEE15 Application Selection Indicator 01
DFEE16 DUKPT Key or MKSK Select for Online PIN Encrypted 00
DFEE17 ICC Terminal Entry Mode 07
DFEE18 MSR Terminal Entry Mode 80
DFEE1F Issuer Script Limit 80
DFEE1B Authorization Request data elements 3030303135313030
DFEE20 ICC power on waiting time 3C
DFEE21 ICC L1 data transaction waiting time 0A
DFEE22 Driver (Menu, Get PIN, Get MSR)Timeout 323C3C

 

NOTE: Tags that start with ‘DF’ are ID TECH proprietary tags. You can read about such tags in this document.

To get a better idea of what these tags do and what all the values mean, you should read the ID TECH Knowledge Base article called “Which Terminal Settings Am I Allowed to Change?”

These settings are important because the chip on the card needs to be told which terminal capabilities the reader supports. For example, will the reader expect to conduct a chip-and-PIN session? Is the reader unattended (e.g., used in a kiosk, or in an ATM)? What country is the reader in? These and other important questions are answered in the “terminal settings.”

AIDS

Every chip card contains one or more “applications” that the card will support. The “applications” are not implemented in code, inside the chip, but (rather) as a set of branching decisions based on bit values in flag bytes of various TLVs. The chip can be (and will be) interrogated by the reader, at transaction time, to determine which “applications” are present. The reader’s EMV kernel will compare the available applications in the card with any applications present in the kernel, and decide on the actual application to use at transaction time.

The applications we’re talking about are colloquially referred to as “AIDs,” although in reality the acronym “AID” simply means Application Identifier.

An AID is more than an identifier, though. The AID consists of the identifier plus all the TLVs that contain the branching logic for the application. A typical AID (represented in JSON) looks something like this:

{
“aid_name”: “a0000000041010”,
“aid_value”: [
“9F0106564953413030”,
“5F570100”,
“5F2A020840”,
“9F09020096”,
“5F360102”,
“9F1B0400003A98”,
“DF25039F3704”,
“DF28039F0802”,
“DFEE150101”,
“DF13050000000013”,
“DF14050000000000”,
“DF15050000000000”,
“DF180100”,
“DF170400002710”,
“DF190100”
]
}

The TLVs in this AID are as follows:

9F01 Acquirer Identifier 564953413030
5F57 Account Type 00
5F2A Transaction Currency Code 0840
9F09 Application Version Number 0096
5F36 Transaction Currency Exponent 02
9F1B Terminal Floor Limit 00003A98
DF25 Default DDOL 9F3704
DF28 Default TDOL 9F0802
DFEE15 Application Selection Indicator 01
DF13 TAC Default 0000000013
DF14 TAC Denial 0000000000
DF15 TAC Online 0000000000
DF18 Target Percentage for Random Transaction Selection 00
DF17 Threshold Value for Biased Random Selection. 00002710
DF19 Maximum Target Percentage for Random Transaction Selection 00

 

This is the standard MasterCard AID. (You can see a list of commonly used AIDs at this web site.)

Note that although ID TECH readers come with certain “standard AIDs” already pre-loaded, you will want to determine your exact AID requirements and load any needed AIDs yourself prior to releasing a device to production, since AIDs change and the values may need to be tweaked to suit your payment app.

Typically, you will load 6 to 12 AIDs into your card reader, to support common cards and their variants (e.g., VISA credit, VISA debit, Common Debit, MasterCard credit, and so on).

PUBLIC KEYS (CAPKS)

A chip card will contain the card issuer’s private key(s), which are used to sign various cryptographic data values that come from the card. These cryptographic values (cryptograms) need to be verified by the reader’s EMV kernel at runtime, using the card issuer’s public keys. The public keys are also needed to validate data obtained from the issuer during online authorization requests. Therefore, it’s essential that the reader be configured to contain all of the public keys that may be needed to support all of the cards that will be accepted at transaction time.

The necessary public keys come in the form of Certificate Authority Public Keys (or CAPKs). You can see a list of such keys at this web page. When configuring a card reader for production, you will need to obtain the latest CAPKs from your processor, and/or the card issuers, so that your keys are up to date. CAPKs expire periodically, and your card reader will reject transactions when an incorrect or expired CAPK is used. This is a frequent source of runtime trouble, so if your card reader is declining transactions and you’re not sure why, one of the first things you should check is whether the necessary, up-to-date CAPKs have been loaded into the reader.

CAPKs look like this:

a000009999e5 (CAPK)
RID+Index a000009999e5
Hash Algorithm 01
Encryption Algorithm 01
Hash Value ada2349afd118d55af782d37b64651af1ca61ee5
Exponent 00000003
Modulus Length 8000
Modulus d4fdae94dedbecc6d20d38b01e91826dc6954338379917b2bb8a6b36b5d3b0c5eda60b337448baffebcc3abdba869e8dadec6c870110c42f5aab90a18f4f867f72e3386ffc7e67e7ff94eba079e531b3cf329517e81c5dd9b3dc65db5f9043190be0be897e5fe48adf5d3bfa0585e076e554f26ec69814797f15669f4a255c13

You may need to load as many as two dozen (or more!) CAPKs into your device, depending on which cards you need to support.

HOW TO CONFIGURE YOUR DEVICE

If this sounds like a lot of configuration work, guess what? It is! But it’s absolutely required, if you want to support EMV transactions.

Fortunately, ID TECH has various free tools to help you configure your device. All of our EMV devices, for example, are supported by a Universal SDK that contains code libraries to help you build your own configuration tools. Also, ID TECH offers a “Universal Demo” app (or “UDemo”), for Windows, which has point-and-click capabilities for loading AIDs, CAPKs, and Terminal Settings. (Go to the Universal SDK page to learn more.)

For users of ID TECH’s Augusta card reader, as well as our  contactless readers, ID TECH offers al Configuration Utility designed to make it possible to load all terminal settings, all CAPKs, and all AIDs needed by your reader, with the click of a single button. This tool enables the creation and use of a single master configuration file, in JSON format, containing all of a device’s settings. Once you have all your settings in a JSON file, the configuration tool can be used by a non-technical user to inject settings into any ID TECH device. Ask your ID TECH rep about it. It’s free, and it’ll save you tons of time.

Have questions about EMV? Device configuration? Payment app development? Get in touch with our experts.

Toll Free Number
1-800-984-1010