The Contactless smart card reader system environment consists of two basic components:
- A Contactless Reader or Proximity Coupling Device (PCD), and
- A Transponder or Proximity IC Card (PICC).
The Contactless Reader (or PCD) is normally part of a cardholder-facing display that includes visual status indicators (such as lights or LEDs) and a beeper.
Use your bank Contactless Payments to buy those little things like a cup of coffee, etc... All you need to do is hold your card near the reader and you're ready to go.
When a Transaction is initiated, Contactless Readers may perform a Data Exchange with a Terminal that includes the merchant input and display, the Online Communications Interface, and any magnetic stripe or chip interfaces.
Functions such as a signature or online PIN Cardholder Verification Method (CVM) will be implemented in the same manner as EMV contact transactions.
Before a Terminal can be used to process Transactions, it must have successfully passed Level 1 EMVCo Terminal Type Approval Tests.
Bank customers using contactless bank cards could have their data stolen without even knowing through. Good reasons to have an approval tests done on the contactless card reader.
Contactless Reader Features
The features specific to Contactless reader include:
- The implementation of two contactless modes: Magnetic Stripe (MS) and EMV. Both the MS Mode and EMV Mode
are accessible through the reader.
- The use of Terminal Action Analysis designed to increase the speed of contactless transactions by reducing the number
of the command response exchanges.
- An optimized cryptographic process that enables the generation of a Combined Dynamic Data Authentication / Application
Cryptogram Generation (CDA) using the Unpredictable Number provided by the reader.
- The minimization of the number of data to be used for the computation of the contactless reader Application Cryptogram.
- The ability to process a second presentment to update data or reset counters via online processing.
- The use of different loyalty programs for small businesses.
- The capability to configure the reader application to be accepted on a Reader kernel or EMVCo kernel.
- The use of an enhanced GET PROCESSING OPTIONS command that allows the:
- Same-time generation of the application cryptogram for offline or online processing, and
- Provision of the associated data elements needed by the terminal to process the transaction.
- This approach reduces the number of APDU (Application Protocol Data Unit) commands/responses required to process a transaction.
- Card Risk Management functionality specifically designed for contactless transactions and executed during
the INITIATE TRANSACTION process.
- The use of additional counters and accumulators as well as specific parameters to control each counter and accumulator
as global and contactless mode-specific resources.
- The capability to activate/deactivate the contactless interface.
For the purposes of this page, the MS Mode is an operating mode based on the use of Track 1 and/or Track 2 Data included in the reader application.
The contactless EMV Mode is an operating mode that relies on an infrastructure created via defined data elements and configuration settings in the card chip application.
The EMV Mode allows the processing of transactions online or offline (based on Terminal capabilities), while the MS Mode only supports transactions completed online.
As indicated in the diagram provided in this page, the processing steps completed by the Terminal depend on whether the card triggers the selection of an online or offline mode.
MS Mode Processing
Unlike a magnetic stripe card, a Contactless MS Mode card have the ability to compute a Dynamic Card Verification Value (DCVV).
The reader then gathers Track 1 Data, Track 2 Data, and if present the DCVV value and uses that data to build the Track 1 and/or Track 2 data to be transmitted in the authorization request to the Issuer.
EMV Mode Processing
Because the interaction (i.e., the command-response) between the card and the Terminal can only occur when the card is in the RF field, the process requires adaptations of EMV and contactless requirements to permit the:
- Reduction of the number of commands and adjustment of the transaction flow for both the first and second presentment processes,
- Generation of a CDA Cryptogram or an Application Cryptogram during the transaction initiation,
- Execution of Terminal Risk Management before the card is placed in the field and after the card is removed from the field,
- Definition of data elements taking into account events relevant for contactless transactions, and
- Optional usage of Entry Point as defined for EMV to select the application and activate the corresponding Contactless reader kernel.
The need for a second presentment is determined by the Contactless reader by checking for the presence of Issuer scripts included in the authorization request response.
Contactless reader conforms to the requirements of EMV-enabled acceptance systems supporting online and offline capabilities. This application also uses the EMV functionalities and commands for:
- Selecting the application, initializing transaction processing, and reading records to obtain the application data items, and
- Performing ODA (Offline Data Authentication), cardholder verification and various checking.
- The loyalty programs within the range of '1x' where x = '0' to 'F' which count each transaction where the amount
is equal or greater than PID Minimum Amount and is not a refund.
This option might be typically used to replace the bunched paper-made coffee cards where the consumer gets one free coffee for ten bought.
- The loyalty programs within the range of '2x' where x = '0' to 'F' which accumulate the amount spent for
each transaction where the amount is not equal to zero and is not a refund. This option allows controlling a minimum spending limit
before offering a reward.
- The loyalty programs within the range of '3x' where x = '0' to 'F' which support both loyalty options as described above. The reward might be offered when one of the limits is reached.
When the contactless application has accumulated enough coupons or spending to get a reward, the application computes a cryptogram CDA without affecting the CRM payment counters.
The terminal is then capable to authenticate the card and retrieve the value of the counter and/or accumulator used by either parsing their value provided in the discretionary data field of the Issuer Application Data (tag '9F10')
Or using a GET DATA command to retrieve the corresponding PID Template.