®

MasterCard PayPass
™

M/Chip, Acquirer Implementation Requirements

v.1-A4 6/06
TABLE OF CONTENTS
1 USING THESE REQUIREMENTS .................................................................................................................4
1.1 Purpose ...........................................................................................................................................4
1.2 Scope ...........................................................................................................................................4
1.3 Audience .........................................................................................................................................5
1.4 Overview .........................................................................................................................................5
1.5 Language Use..................................................................................................................................5
1.6 Related Publications.........................................................................................................................6
1.7 Related Information .........................................................................................................................6
1.8 Abbreviations ..................................................................................................................................7
1.9 Further Information .........................................................................................................................8
2 INTRODUCTION .........................................................................................................................................9
2.1 Overview of MasterCard PayPass .....................................................................................................9
2.2 Interoperability ................................................................................................................................9
2.3 Implementation Summary..............................................................................................................10
2.4 Transaction Flow Enhancements for PayPass ..................................................................................10
3 ACQUIRER IMPACTS................................................................................................................................11
3.1 Overview .......................................................................................................................................11
3.2 Program Enrollment.......................................................................................................................11
3.3 Terminal Selection .........................................................................................................................11
3.3.1 Branding ...........................................................................................................................12
3.3.2 PayPass Readers.................................................................................................................12
3.3.3 Supporting Other Payment Acceptance Methods at PayPass—M/Chip Terminals ...............13
3.3.4 Terminal and Network Performance ..................................................................................13
3.4 Terminal Application......................................................................................................................14
3.4.1 Application Selection and Cardholder Confirmation ..........................................................14
3.4.2 Offline Data Authentication Requirements.........................................................................14
3.4.3 Offline PIN.........................................................................................................................15
3.4.4 Cardholder Verification and Receipt Limits for PayPass—M/Chip........................................15
3.4.5 PayPass Service Codes .......................................................................................................16
3.4.6 Fallback for PayPass Transactions .......................................................................................17
3.4.7 Decline and Pick-up/Capture Card Responses ....................................................................17
3.4.8 “Referrals”/”Call Me” Issuer Responses.............................................................................18
3.5 Terminal Installation.......................................................................................................................18
3.5.1 Amount Entry at POS.........................................................................................................18
3.5.2 Environment......................................................................................................................18
3.5.3 Accepting PayPass—Mag Stripe and Cardholder Devices ...................................................19
3.6 Network and Host System Changes ...............................................................................................19
3.7 Terminal Integration Process (TIP) Testing.......................................................................................19
4 TERMINAL CONFIGURATION ..................................................................................................................20
4.1 PayPass Specific Terminal Data.......................................................................................................20
4.2 List of AIDs and Related Application Labels ....................................................................................20
4.3 Cardholder Verification and Receipt Limit for PayPass—M/Chip .....................................................21
4.4 Permitted PayPass Transaction Types..............................................................................................21
4.5 Terminal Action Codes ..................................................................................................................21
4.6 Terminal Capabilities .....................................................................................................................25
5 NETWORK INTERFACES AND HOST SYSTEMS ......................................................................................27
5.1 Summary of Changes ....................................................................................................................27
5.2 Authorization Requests..................................................................................................................28
5.3 Authorization Responses ...............................................................................................................28
5.4 Clearing.........................................................................................................................................28
5.5 Chargebacks..................................................................................................................................29
5.6 Network Interface Validation (NIV) Testing .....................................................................................29
6 TESTING ...................................................................................................................................................30
6.1 Testing Overview ...........................................................................................................................30
6.2 Testing Scope by PayPass Terminal Type ........................................................................................30
6.3 Testing Process ..............................................................................................................................30
6.4 Test Stages ....................................................................................................................................31
6.5 System Buildup ..............................................................................................................................31
6.6 TIP .................................................................................................................................................32
6.7 NIV ................................................................................................................................................32
6.8 ETED..............................................................................................................................................33
6.9 Post-Live Monitoring......................................................................................................................33
6.10 Further Information and Contact Details ........................................................................................34
APPENDICES.........................................................................................................................................................35
Appendix A, PayPass Transaction Flows......................................................................................................35
Appendix B, Glossary .................................................................................................................................39

2 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

Copyright
The information contained in this manual is proprietary and confidential to MasterCard International Incorporated
(MasterCard) and its Members.

This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of
MasterCard.

Media
This document is available in both electronic and printed format.

MasterCard International—CCOE
Chaussée de Tervuren, 198A
B-1410 Waterloo
Belgium

E-mail: specifications@paypass.com

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 3

 . USING THESE REQUIREMENTS

1.1 Purpose
This document provides guidelines for acquirers implementing the MasterCard PayPass—M/Chip
product.
These implementation requirements assume an implementation on top of an acquirer’s existing EMV
(contact) deployment.
For further information on migrating to contact EMV refer to the MasterCard M/Chip Customer
Implementation Guide.

1.2 Scope
This document defines the impacts and implementation requirements for acquirers implementing
PayPass—M/Chip acquiring. It provides a level of detail that will enable acquirers to identify the
required system changes. This includes information on terminal functionality and configuration.
Further detailed information on the PayPass and M/Chip technology is available in the corresponding
specification documents. The reader may need to refer to these for a deeper understanding of the
technology or areas outside the scope of an acquirer implementation.
These requirements are for PayPass implementations of the MasterCard credit product only.
The following are outside the scope of these requirements:
• Implementing EMV acquiring. Only the additional requirements for PayPass—M/Chip are
addressed in this document.
• ATMs, bank branch terminals, level 4–8 Cardholder Activated Terminals or transactions.

NOTE

These requirements apply to acquirers who have already implemented EMV acceptance. They describe
implementing PayPass acceptance within that context.
These requirements are limited to acquirer acceptance of PayPass—M/Chip issued cards but references
PayPass—Mag Stripe where necessary.

4 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

1.3 Audience
This document is intended for use by acquirers implementing MasterCard PayPass acceptance.
It is assumed that the audience is already familiar with EMV Chip acceptance in general.

1.4 Overview
This document is a guide for acquirers implementing PayPass—M/Chip. It details the requirements,
impacts, and any necessary implementation data or configurations.
PayPass—M/Chip implementations are an extension to an acquirer EMV Chip implementation.
The following table provides an overview of the chapters in this manual:

CHAPTER DESCRIPTION
Table of Contents A list of the manual’s tabbed sections and subsections. Each entry references a
section and page number.
1. Using These Describes the purpose and contents of the manual.
Requirements
2. Introduction Provides an introduction to the MasterCard PayPass product and this manual.
3. Acquirer Impacts Describes the impacts and considerations for an acquirer implementation of
PayPass—M/Chip.
4. Terminal Defines required terminal data for PayPass—M/Chip terminals.
Configuration
5. Network Interfaces Summarizes the network interface and host system changes required for
and Host Systems PayPass—M/Chip.
6. Testing Summarizes the required testing for an acquirer implementation.
Appendix A Transaction flow diagrams at PayPass—M/Chip terminals.
PayPass Transaction
Flows
Appendix B Glossary of terms used in this document.
Glossary

1.5 Language Use

The spelling of English words in this manual follows the convention used for U.S. English as defined in
Webster’s New Collegiate Dictionary. An exception to the above concerns the spelling of proper
nouns. In this case, we use the local English spelling.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 5

1. USING THESE REQUIREMENTS

1.6 Related Publications

The following publications contain material directly related to the contents of this book:
1. AS2805 Message Formats (authorizations)
2. Chargebacks Standards Bulletin January 2006
3. CIS Message Formats for Regional Service Centers (authorizations)
4. Customer Interface Specification (authorizations)
5. GCMS Release Document (clearing)
6. Global Operations Bulletin No. 6, June 2005
7. IPM Clearing Formats (clearing)
8. M/Chip 4 Security & Key Management, Version 1.0—October 2002
9. M/Chip Customer Implementation Guide, September 2006
10. M/Chip Functional Architecture for Debit and Credit, January 2006
11. MasterCard PayPass Product Guide, February 2005
12. MDS Message Formats for Regional Service Centers (single message systems)
13. PayPass—ISO/IEC 14443 Implementation Specification, Version 1.10—March 2006
14. PayPass—M/Chip Technical Specifications, Version 1.3—September 2005
15. PayPass—Mag Stripe Security Architecture, Version 1.0a—September 2003
16. PayPass—Mag Stripe Technical Specifications, Version 3.1—November 2003
17. PayPass Branding Standards Manual, Version 5—July 2005
18. PayPass Terminal Vendor Testing Process Manual
19. V5 Interface Specification (authorizations)

1.7 Related Information

The following reference materials may be of use to the reader of this manual:
ISO/IEC 7811/2 Identification cards—Recording technique—Part 2: Magnetic stripe
ISO/IEC 7813:1995 Identification cards—Financial transaction cards
EMV BOOK 1 Integrated Circuit Card Specification for Payment Systems: Application Independent
ICC to Terminal Interface Requirements. Version 4.1 May 2004
EMV BOOK 2 Integrated Circuit Card Specification for Payment Systems: Security & Key
Management. Version 4.1 May 2004
EMV BOOK 3 Integrated Circuit Card Specification for Payment Systems: Application Specification.
Version 4.1 May 2004
EMV BOOK 4 Integrated Circuit Card Specification for Payment Systems: Cardholder, Attendant
and Acquirer Interface Requirements. Version 4.1 May 2004

6 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

1.8 Abbreviations
The following abbreviations are used in these requirements:

ABBREVIATION DESCRIPTION
AC Application Cryptogram
AID Application Identifier
ASI Application Status Indicator
CAM Card Authentication Method
CAT Cardholder Activated Terminal
CDA Combined Data Authentication
CIS Customer Implementation Systems
CVC Card Verification Code
CVM Cardholder Verification Method
DDA Dynamic Data Authentication
ECR Electronic Cash Register
ETEC Easy Test Cards
ETED End-to-End Demonstration (testing)
EMV Europay MasterCard Visa
Hex Hexadecimal
ICC Integrated Circuit Card
IIN Issuer Identification Number
ISO International Organization for Standardization
NIV Network Interface Validation
NCFF Non-Card Form Factor
PAN Primary Account Number
PIN Personal Identification Number
PIX Proprietary Application Identifier Extension
POS Point of Sale
RFU Reserved for Future Use
SDA Static Data Authentication
TAC Terminal Action Codes
TDOL Transaction Certificate Data Object List
TIP Terminal Integration Process
TRM Terminal Risk Management

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 7

1. USING THESE REQUIREMENTS

1.9 Further Information

Further information on the above and the overall PayPass program is available in the MasterCard
PayPass Product Guide and the PayPass Technical Specifications. Questions may also be addressed to
the following e-mail addresses:
General: paypass@mastercard.com
Specifications: specifications@paypass.com
Testing: testing@paypass.com
Chip Technical Help: chip_help@mastercard.com

8 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 . INTRODUCTION

2.1 Overview of MasterCard PayPass

MasterCard has initiated the development of a program allowing consumers to make MasterCard
payment transactions at point of sale using contactless technology. The generic term “proximity
payment” is used when the point of interaction is up to 10 meters from the point-of-sale (POS)
terminal. While the proximity payment program covers multiple technologies and ranges, this
document deals only with the MasterCard PayPass program built on the PayPass—ISO/IEC 14443
Implementation Specification technology up to a range of 10 cm (4 inches).
Two generic types of card products are part of the PayPass program: PayPass—Mag Stripe and
PayPass—M/Chip.
PayPass—Mag Stripe was developed to allow PayPass payments using authorization networks that
presently support magnetic-stripe authorization for credit or debit applications. Security has been
enhanced with the introduction of a new Cardholder Verification Code (CVC) for these transactions.
The new CVC is referred to as CVC3 and may be a Static or Dynamic value depending on the issuer’s
card implementation. There is some terminal processing required to support using CVC3 which all
PayPass approved terminals will have implemented. CVC3 usage does not impact acquirer host
systems or networks.
PayPass—M/Chip was developed to allow PayPass payments in markets that support EMV. PayPass—
M/Chip terminals support EMV Chip data in authorizations and clearing. They also support
acceptance of PayPass—Mag Stripe cards and cardholder devices. PayPass—M/Chip terminals may
optionally support current payment acceptance methods e.g., contact EMV and magnetic stripe.

2.2 Interoperability
Interoperability is a principal PayPass requirement. This is achieved with the following requirements:
• The PayPass—M/Chip terminal must support PayPass—Mag Stripe and PayPass—M/Chip cards.
• The PayPass—Mag Stripe terminal must support PayPass—Mag Stripe and PayPass—M/Chip
cards.
• The PayPass—M/Chip card must support PayPass—Mag Stripe.
As such, all PayPass cards and cardholder devices are capable of being accepted by all PayPass
terminals.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 9

2. INTRODUCTION

2.3 Implementation Summary

Implementing PayPass—M/Chip acceptance is an extension to an acquirer’s existing infrastructure.
The following list is a high-level summary of requirements:
• Acquirers need to start a PayPass—M/Chip project with MasterCard and enroll in the PayPass
program. For more information refer to the PayPass Product Guide.
• Acquirers must support full-grade Contact EMV for all PayPass—M/Chip implementations. Partial
grade acquiring is not permitted.
• Acquirers, or their merchants, will need approved PayPass terminals.
• Acquirers and merchants must support changes to transaction messages indicating PayPass
transactions performed at PayPass terminals.
• Acquirers will need to manage some PayPass specific terminal configuration data.
• Acquirers must perform the PayPass—M/Chip testing.
The following chapters detail the acquirer impacts including a summary of the required network
changes and terminal data configuration for a PayPass—M/Chip implementation. Chapter 6, Testing,
summarizes the required testing for an acquirer implementation.

2.4 Transaction Flow Enhancements for PayPass

The PayPass—M/Chip terminal transaction flow is based on the EMV 2000 specifications, with the
specific PayPass adaptations summarized below. PayPass transaction flows are defined in the
PayPass—M/Chip Technical Specifications and are also shown compared to a standard EMV
transaction in Appendix A, PayPass Transaction Flows, of this document.
Transaction processing has been enhanced for PayPass—M/Chip. The principal reason for the changes
is to reduce the time that the card and terminal need to be in communication. The changes are
implemented by the terminal vendor and any resulting impacts have been included in the relevant
sections of this document.
The following is a summary of the changes:
1. The terminal only performs the first GENERATE AC command.
2. Card-terminal interaction stops after the first GENERATE AC command.
3. Offline data authentication may be performed after the first GENERATE AC command.
4. Data exchange between the card and terminal is optimized by personalizing a fixed record
structure for PayPass—M/Chip card applications. This enables PayPass—M/Chip terminals to
read the minimal amount of data required for that transaction. The terminal can also skip
reading certain records if it knows in advance that the transaction will be processed online.
5. Offline Personal Identification Number (PIN) is not supported for performance, usability, and
security reasons.
6. Dynamic Data Authentication (DDA) is not supported since it requires a card to remain in
communication with the terminal for a period of time that may be too long for cardholders.

10 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 . ACQUIRER IMPACTS

3.1 Overview
For a general overview of PayPass requirements, services, and products refer to the MasterCard
PayPass Product Guide.
This document provides information to acquirers to help assess and plan their PayPass—M/Chip
implementation.

3.2 Program Enrollment

Acquirers implementing PayPass—M/Chip acceptance must enroll in the MasterCard PayPass
program. Program enrollment allows acquirers access to all required specifications and to receive
MasterCard related services and products. Only enrolled acquirers may offer their PayPass acquiring
service or products to cardholders and merchants.

3.3 Terminal Selection

The following sections provide general information on PayPass—M/Chip terminal design and options
to help acquirers and/or their merchants select existing or new terminals that meet their business
needs. All PayPass—M/Chip terminals must support MasterCard’s branding requirements (see Section
3.3.1, Branding) but acquirers and merchants will need to choose their implementation-specific
options such as:
• The physical design of the PayPass—M/Chip terminal and reader.
• Other payment acceptance methods that the implementation supports (at the same or different
terminal).
• Terminal and network performance.
Acquirers and merchants must only use approved PayPass terminals. Products which are not PayPass
approved will need to obtain approval before implementation. Subsequent changes to terminal
software could affect compliance with PayPass Terminal Vendor Testing and must be discussed with
MasterCard.
The vendor procedures for PayPass approval are given in the MasterCard PayPass Terminal Vendor
Testing Process manual. An acquirer need not be involved in the approval process, other than to
request proof of approval from the vendor.
Products which are already PayPass approved products are listed on www.paypass.com.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 11

3. ACQUIRER IMPACTS

NOTE

Acquirers should note the scope of a vendor’s letter of approval. It may apply only to the reader and not
necessarily the reader integrated with a current or other manufacturer’s POS terminal.

3.3.1 Branding
Acquirer or merchant terminals must conform to MasterCard brand requirements.
In order to give the cardholder clear information as to where to tap the PayPass device on the
PayPass terminal, MasterCard has created the PayPass landing zone to help cardholders locate
MasterCard PayPass terminals. The landing zone must be placed on the terminal to indicate
where the cardholder has to tap or hold the MasterCard PayPass card. The landing zone
contains the contactless identifier and the PayPass identifier.
Acceptable designs are described in the MasterCard PayPass Branding Standards Manual.
Figure 1 shows a PayPass terminal landing zone.

Figure 1, Example of a PayPass Landing Zone

3.3.2 PayPass Readers

PayPass contactless card-to-terminal communication is supported by new PayPass readers.
Acquirers may plan deployment of PayPass readers as extensions to an existing POS or as new
terminal implementations. A PayPass reader does not necessarily have to be embedded in the
terminal. A PayPass reader may be fully or partially integrated to a POS terminal as illustrated
in Figure 2. The contactless reader may be integrated with the POS equipment in a number of
configurations. Acquirers and merchants therefore have a high degree of flexibility on how to
implement terminals appropriately for their implementations.
For example, the PayPass reader(s) could be connected to:
• Individual electronic cash registers connected to a merchant store system.
• A single central terminal (e.g., in a tollgate or transportation scenario).
• A stand-alone terminal (e.g., video rental store, bus).

12 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 EMBEDDED READER EXTERNAL READER
Figure 2, PayPass Readers

3.3.3 Supporting Other Payment Acceptance Methods at PayPass—M/Chip Terminals

PayPass—M/Chip terminals may support acceptance methods other than contactless. A
PayPass—M/Chip terminal may support the following combinations of acceptance methods:
• Contactless only
• Contactless and magnetic stripe (swipe)
• Contactless, contact, and magnetic stripe (swipe)

NOTE

MasterCard recommends that a merchant also be able to accept contact EMV transactions at a
PayPass—M/Chip location.
Frequent consecutive use of a PayPass card causes a card’s offline counters to accumulate. If the
PayPass card is not used as a contact EMV card, then the limits will finally be exceeded and a contact
transaction required. A successful contact EMV transaction resets the card’s offline counters.

For further information on how offline counters affect card behavior in M/Chip applications,
refer to the MasterCard M/Chip Functional Architecture for Debit and Credit.

3.3.4 Terminal and Network Performance

The PayPass product emphasizes:
• Cardholder convenience.
• Adoption of card payments for lower value transactions.
• Fast transactions.
The adoption of card payments for lower value transactions is likely to increase the volume of
card transactions. The acquirer/merchant terminals and their networks should plan for an
increased volume of transactions. Increased use of PayPass—M/Chip may also result in a
corresponding rise in the number of contact EMV transactions at the same or other terminals
for the reasons described in Section 3.3.3, Supporting Other Acceptance Methods of
PayPass—M/Chip Terminals.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 13

3. ACQUIRER IMPACTS

Required transaction timings may vary significantly depending upon the type of deployment
and factors external to the terminal, e.g., network and host system capabilities. Acquirers and
merchants should assess their choice of terminal and the implementation environment with
consideration to:
• Speed of offline data authentication (e.g., for Combined Data Authentication (CDA)/Static
Data Authentication (SDA) and with varying key lengths and a variation of cards).
• Online response times for online capable terminals (e.g., less than 4 seconds).
• Fast receipt printing (e.g., less than 2 seconds) for cardholders requesting a receipt, or
transactions above the PayPass Cardholder Verification and Receipt Limit (see Section
3.4.4, Cardholder Verification and Receipt Limits for PayPass—M/Chip).

3.4 Terminal Application

The terminal application for PayPass—M/Chip must meet the technical requirements of PayPass—
M/Chip Technical Specification. The PayPass—M/Chip specific impacts for the terminal application
and transaction processing are described in the following sections:
• Application Selection and Cardholder Confirmation
• Offline Data Authentication Requirements
• Offline PIN
• Cardholder Verification and Receipt Limits
• PayPass Service Codes
• Fallback for PayPass Transactions
• Decline and Pick-up/Capture Card Responses
• Referral/Call Me Issuer Responses

3.4.1 Application Selection and Cardholder Confirmation

Application selection for PayPass—M/Chip is modified from standard EMV (as detailed in the
PayPass—M/Chip Technical Specifications). The changes allow the payment application to be
selected with the minimum number of command/responses. A consequence is that PayPass—
M/Chip terminals do not support cardholder confirmation for PayPass contactless transactions.
The payment application will always be selected automatically by the PayPass—M/Chip
terminal. Acquirers will therefore not need to support the EMV option of allowing cardholders
to select an application at a PayPass terminal.
PayPass card applications that have been personalized to require cardholder confirmation will
not be accepted as PayPass transactions at PayPass—M/Chip terminals.

3.4.2 Offline Data Authentication Requirements

The following requirements apply to PayPass—M/Chip transactions only. Data authentication
requirements for contact EMV transactions remain unchanged. PayPass—M/Chip online
capable terminals may skip data authentication if they know that they will go online for that
transaction.
PayPass—M/Chip terminals must support data authentication as shown in Table 1.

14 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 Offline Static Card Offline Dynamic CAM
Authentication
Method (CAM)
SDA DDA* CDA
POS with offline capability Mandatory Not Allowed Mandatory
POS online only Optional Not Allowed Optional
CAT online only Optional Not Allowed Optional
CAT—online and offline Mandatory Not Allowed Mandatory
capable
CAT offline only terminals Mandatory Not Allowed Mandatory
* Not supported. As explained in Section 2.4, Transaction Flow for PayPass

Table 1, Offline Data Authentication Requirements for PayPass—M/Chip Terminals

Payment system public keys for PayPass—M/Chip are the same as for contact EMV and must
be shared for PayPass use.

3.4.3 Offline PIN

Offline PIN is not permitted at PayPass—M/Chip terminals for PayPass—M/Chip transactions.
Offline PIN may be supported at the same terminal but only for contact EMV transactions.
PayPass—M/Chip does not support offline PIN verification over the contactless interface. Both
offline plaintext PIN and offline enciphered PIN verification are not available when using the
PayPass technology. The reasons for not supporting offline PIN are:
• A practical difficulty of asking cardholders to enter a PIN while holding the card in front of
the reader.
• A potential security vulnerability from eavesdropping and PIN probing.
Preventing offline PIN support requires a specific definition of the Terminal Capabilities in the
configuration data for a PayPass—M/Chip terminal, as defined in Section 4.6, Terminal
Capabilities, of this document.

3.4.4 Cardholder Verification and Receipt Limits for PayPass—M/Chip

As part of the PayPass program, MasterCard has introduced new global rules for cardholder
verification and receipt requirements. Cardholder verification and receipts are optional for all
PayPass transactions under US $25. Regions may lower this limit if required. Further details are
available in the MasterCard Chargebacks Standards Bulletin January 2006.
These implementation requirements refer to the transaction amount at which the new
requirement applies as the “PayPass Cardholder Verification and Receipt Limit.”
PayPass transactions under the PayPass Cardholder Verification and Receipt Limit do not
require either cardholder verification (i.e., no Cardholder Verification Method [CVM]) or a
receipt; however, a cardholder may still request a receipt.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 15

3. ACQUIRER IMPACTS

The following are required to support this PayPass functionality:

• The terminal must maintain a PayPass—M/Chip CVM and receipt limit.
• The terminal must be able to use specific Terminal Capabilities value(s) (or profiles) for
PayPass transactions, independent of values used for contact EMV.
For PayPass transactions above the PayPass CVM and receipt limit, CVM processing is
performed as defined in EMV Book 3.
The PayPass CVM and receipt limit is applicable only to CVM and receipt processing and is not
used to influence decisions to authorize transactions online or offline. At an online-capable
terminal, if either the card or the results of Terminal Action Analysis indicate that online
authorization is required, then the transaction must be sent for online authorization.

NOTE

The CVM and receipt limit is independent of a terminal or merchant floor limit. Existing rules
apply to the value and use of floor limits.

3.4.5 PayPass Service Codes

PayPass terminal and acquirer host systems may see new service code values in use for
PayPass cards.
PayPass terminals and acquirer host systems must be prepared to accept all ISO defined
service code values appropriate to their terminals. Refer to ISO 7813 for permitted values. An
explanation of why the issuer might use new service code values is given below. For further
details on CVC see the PayPass—M/Chip Technical Specifications.
PayPass cards contain a new CVC value (CVC3) used in PayPass—Mag Stripe transactions for
enhanced security. Issuers have a number of options for implementing how the new CVC3
value is calculated. One permitted method is to use different service code values for the chip
track data used in the PayPass—Mag Stripe transactions and the magnetic stripe. As the
service code is input to a CVC calculation, different CVC values would result without issuer
needing to change the CVC algorithm. An example below illustrates one possible way the
service code could differ between the magnetic stripe and the PayPass—Mag Stripe Track 2
data.
Example:
• When the card is used as contact EMV or magnetic stripe (swiped) a service code of xx1 is
used (1 = No Restrictions).
• When the card is used as PayPass—Mag Stripe a service code of xx2 is used (2 = Goods
and Services Only).

16 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 3.4.6 Fallback for PayPass Transactions
The following defines the PayPass requirements for fallback at PayPass terminals.

Definition
A PayPass fallback transaction is a consecutive transaction, at the same terminal, with the
same card (or cardholder device) but with a different acceptance technology (e.g., contact
EMV or mag stripe). Transactions are classified as fallback when the preceding transaction did
not complete because of a failure in the terminal-to-card communication after the first
successful select command. Application layer errors or declines are not considered
communication errors.
A consecutive transaction with the same card at a different terminal is not considered a
PayPass fallback transaction.

Fallback Rules for PayPass Cards at PayPass Terminals

The possible methods of fallback depend on the implemented technologies of both the card
and the terminal.
A mag stripe is mandatory for PayPass cards and optional for PayPass non-card form factor
(NCFF) (cardholder) devices. PayPass—M/Chip cards must also have a contact chip.
When supported by both the card and the terminal, PayPass fallback always follows the order
of preference of:
• Contact EMV
• Magnetic stripe (swipe)
At a terminal supporting only PayPass contactless (i.e., not supporting magnetic stripe swipe
or contact EMV) there is no fallback.

Identifying Fallback Transactions

Since there are no current means to identify PayPass fallback transactions at the terminal,
there are no changes to network messages to identify PayPass fallback. Current rules apply to
transactions falling back from contact to mag stripe. Current rules for fallback with contact
EMV are explained in the M/Chip Functional Architecture.

Online/Offline Authorizations for PayPass Fallback Transactions

There are no changes to authorization requirements for PayPass fallback transactions. PayPass
fallback transactions are authorized according to the current payment product rules.

3.4.7 Decline and Pick-up/Capture Card Responses

Acquirers must decline these transactions and optionally retain the card at an attended
terminal.

NOTE

This is optional since it may be impractical for an attendant to retain a card that is not initially
handed over to the merchant during payment.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 17

3. ACQUIRER IMPACTS

3.4.8 “Referrals”/”Call Me” Issuer Responses

“Referrals”/”Call Me” Issuer responses are not required to be supported by Acquirers for
PayPass—M/Chip. They may be declined by the Acquirer or Merchant.
The PayPass product offering is aimed at fast, convenient payments. Merchants may tend to
implement PayPass payments at either unattended or “Fast Service” cash registers which
would make “Call Me” or “Referral” responses inappropriate. Additionally, cardholders
paying with a PayPass cardholder device may be unable to provide the card number if it is not
embossed or printed on the device.

3.5 Terminal Installation

The following describes considerations relevant to terminal installation:

3.5.1 Amount Entry at POS

If a merchant uses a separate Electronic Cash Register (ECR) and PayPass POS terminal then
they must be connected. The payment amount generated by the ECR must be made
automatically available electronically to the PayPass terminal when a cardholder chooses to
pay with PayPass.

3.5.2 Environment
Acquirers should note the importance of the physical environment for their PayPass—M/Chip
terminals.
The placement of the PayPass reader is particularly important as it is the cardholder who uses
the terminal and not the merchant. The PayPass reader containing the antenna needs to be
conveniently placed and easily visible.
The PayPass contactless operation can also be adversely affected by inappropriate placement
of the reader; e.g., on a metal surface.

18 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 3.5.3 Accepting PayPass—Mag Stripe and Cardholder Devices
Acquirers should note that their PayPass—M/Chip terminals will also support PayPass—Mag
Stripe transactions. Merchants should be made aware that PayPass—Mag Stripe acceptance
also means that non-conventional card forms (non-card form factors) will be valid for
acceptance at their terminals. Examples include key fobs and mobile phones.

Figure 3, Example of PayPass Cardholder Devices

Transactions from PayPass—Mag Stripe cards and PayPass cardholder devices are PayPass—
Mag Stripe transactions with new values in existing fields for authorization and clearing
messages as described in Chapter 5, Network Interfaces and Host Systems, of this document.

3.6 Network and Host System Changes

Terminals, merchant systems, and acquirer host need to support changes to network messages and
host systems as summarized in Chapter 5, Network Interfaces and Host Systems, of this document.

3.7 Terminal Integration Process (TIP) Testing

An acquirer or merchant’s terminal installation is tested during TIP testing. The testing environment
should be as close to the intended deployment as possible.
Easy Test Cards (ETEC) and the MasterCard simulator are required for this testing (see Section 6.6,
TIP, of this document for details).

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 19

 . TERMINAL CONFIGURATION

4.1 PayPass Specific Terminal Data

The following sections provide configuration requirements for PayPass—M/Chip terminals.
The acquirer and/or merchant must ensure that the following are PayPass—M/Chip specific and
maintainable independently of other contact EMV data:
1. List of supported Application Identifiers (AIDs) and related application labels
2. CVM and receipt limit (PayPass)
3. Permitted transaction types
4. Terminal Action Codes
5. Terminal Capabilities

NOTE

KEY MANAGEMENT: Payment System Public keys for PayPass—M/Chip are the same as for
contact EMV and must be shared for PayPass use.

4.2 List of AIDs and Related Application Labels

PayPass—M/Chip terminals must maintain an independent list of identifiers (AIDs) accepted by the
terminal for PayPass. The AID value used for transaction processing is the AID of the card
application—e.g., MasterCard Credit (A0000000041010). There are no specific AIDs for PayPass. The
terminal list of identifiers is a list of all applications accepted at that terminal. Application Status
Indicators (ASIs) are associated with each AID in the terminal list. The ASI defines whether the AID
may be used in partial selection or a full match only. Only selection of the full AID is currently
supported for PayPass. All ASIs must indicate that only full AID selection is supported. Refer to the
MasterCard PayPass—M/Chip Technical Specifications for a detailed definition of how ASIs are used in
PayPass.
PIX extensions are not excluded in PayPass, but note that since PayPass supports only full AID
selection, PIX extensions should only be used for specific domestic, co-branding or issuer
implementations. Generic acceptance of PayPass cards uses the MasterCard product AID without any
extension. Table 2 provides the names (Application Labels) that must be associated with the specific
AIDs used for MasterCard products.

20 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 PRODUCT RID PIX PIX EXTENSION APPLICATION LABEL
MasterCard A000000004 1010 — “MasterCard”
MasterCard with domestic A000000004 1010 DCCC XX.. “MasterCard”
functions
MasterCard applications for A000000004 9999 DCCC XX… Issuer-defined
domestic environment only
MasterCard co-branded A000000004 1010 CNNNNN YYYY.. “MasterCard”
Legend:
D Hex “D” (4 bits coded as 1101) C Hex “C” (4 bits coded as 1100)
CCC Country code of the national registration authority NNNNN Co-brander’s identification defined by MasterCard
XX Defined by the national registration authority YYYY.. Defined by the co-brander

As defined by ISO 7816-5, domestic schemes may use the registration category “D” (4 bits coded as 1101) followed by the country code of the national
registration authority, followed by fields specified by the national authority. This may be used for cards with a non-MasterCard Issuer Identification Number
(IIN). Table 2 lists the application label recommended by MasterCard. Issuers and acquirers can either use the labels in lowercase (e.g., “mastercard”), as
provided in Table 2, or in capitals (e.g., “MASTERCARD”).

Table 2, AIDs and Related Application Labels

4.3 Cardholder Verification and Receipt Limit for PayPass—M/Chip

PayPass—M/Chip terminals must be able to maintain a limit value, specific to PayPass, below which
cardholder verification and a receipt are optional. The limit is used in conjunction with the terminal
capabilities as described in Section 4.6, Terminal Capabilities, of this document.

4.4. Permitted PayPass Transaction Types

Permitted PayPass—M/Chip transaction types are as current payment product rules; however, the
following are not within the scope of this guide.
• ATM transactions
• Branch terminal transactions
• CAT 4–8 transactions
All MasterCard PayPass transactions are card-present transactions.

4.5 Terminal Action Codes (TACs)

TACs specific to PayPass—M/Chip use are required.
The TACs defined in these tables are specified to work in conjunction with the PayPass transaction
flows as defined in the MasterCard PayPass—M/Chip Technical Specifications. They are optimized
with a bias toward permitting offline transactions.
Table 3 and Table 4 list the defined TACs by terminal type for:
• Online-capable POS and CAT
• Offline-only POS and CAT

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 21

4. TERMINAL CONFIGURATION

NOTE

These TACs are specific to PayPass—M/Chip terminals performing PayPass—M/Chip transactions.

If the terminal supports contact transactions the terminal should maintain the PayPass TACs
independently.

BYTE BIT MEANING DENIAL ONLINE DEFAULT

1 8 Offline data authentication was not performed 0 1 1
7 Offline static data authentication failed 1 0 0

6 Integrated Circuit Card (ICC) data missing 0 1 1

5 Card appears on terminal exception file 1 0 0
4 Offline dynamic data authentication failed 1 0 0
3 Combined DDA/AC generation failed 1 0 1
2 RFU 0 0 0
1 RFU 0 0 0
2 8 ICC and terminal have different application versions 0 0 0
7 Expired application 1 0 0
6 Application not yet effective 0 0 0
5 Requested service not allowed for card product 0 1 1
4 New card 0 0 0
3 RFU 0 0 0
2 RFU 0 0 0
1 RFU 0 0 0
3 8 Cardholder verification was not successful 0 1 1
7 Unrecognized CVM 0 0 0
6 PIN try limit exceeded 0 0 0
5 PIN entry required and PIN pad not present or 0 1 1
not working
4 PIN entry required, PIN pad present but PIN was 0 1 1
not entered
3 Online PIN entered 0 1 1
2 RFU 0 0 0
1 RFU 0 0 0
4 8 Transaction exceeds floor limit 0 1 0/1*
Legend
0 Mandated setting. 0/1 Non-mandated setting
1 Mandated setting. RFU Reserved for future use (The settings must be “0, 0, 0”)
* An attended POS may support voice authorization for a MasterCard card (the acquirer assumes liability if voice authorization was not obtained above the
international floor limit). CAT Terminals must decline.

Table 3, Full Grade TACs—Online-Capable POS and CAT

22 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 BYTE BIT MEANING DENIAL ONLINE DEFAULT
4 7 Lower consecutive offline limit exceeded 0 0 0
6 Upper consecutive offline limit exceeded 0 0 0
5 Transaction selected randomly for online processing 0 1 0
4 Merchant forced transaction online 0 1 0
3 RFU 0 0 0
2 RFU 0 0 0
1 RFU 0 0 0
5 8 Default TDOL used 0 0 0
7 Issuer authentication was unsuccessful 0 0 0
6 Script processing failed before final GENERATE AC 0 0 0
5 Script processing failed after final GENERATE AC 0 0 0
4 RFU 0 0 0
3 RFU 0 0 0
2 RFU 0 0 0
1 RFU 0 0 0
Legend
0 Mandated setting. 0/1 Non-mandated setting
1 Mandated setting. RFU Reserved for future use (The settings must be “0, 0, 0”)

Table 3, Full Grade TACs—Online-Capable POS and CAT, continued

BYTE BIT MEANING DENIAL ONLINE DEFAULT

1 8 Offline data authentication was not performed 1 0 0
7 Offline static data authentication failed 1 0 0
6 ICC data missing 0 0 0
5 Card appears on terminal exception file 1 0 0
4 Offline dynamic data authentication failed 1 0 0
3 Combined DDA/AC generation failed 1 0 1
2 RFU 0 0 0
1 RFU 0 0 0
2 8 ICC and terminal have different application 0 0 0
versions
7 Expired application 1 0 0
6 Application not yet effective 0 0 0
Legend
0 Mandated setting 0/1 Non-mandated setting
1 Mandated setting RFU Reserved for future use (The settings must be “0, 0, 0”)

Table 4, TACs—Offline-Only POS and CAT

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 23

4. TERMINAL CONFIGURATION

BYTE BIT MEANING DENIAL ONLINE DEFAULT

2 5 Requested service not allowed for card product 1 0 0
4 New card 0 0 0
3 RFU 0 0 0
2 RFU 0 0 0
1 RFU 0 0 0
3 8 Cardholder verification was not successful 0 1 1
7 Unrecognized CVM 0 0 0
6 PIN try limit exceeded 0 0 0
5 PIN entry required and PIN pad not present or 0 0 0
not working
4 PIN entry required, PIN pad present but PIN was 0 0 0
not entered
3 Online PIN entered 0 0 0
2 RFU 0 0 0
1 RFU 0 0 0
4 8 Transaction exceeds floor limit 0 1 0/1*
7 Lower consecutive offline limit exceeded 0 0 0
6 Upper consecutive offline limit exceeded 0 0 0
5 Transaction selected randomly for online 0 0 0
processing
4 Merchant forced transaction online 0 0 0
3 RFU 0 0 0
2 RFU 0 0 0
1 RFU 0 0 0
5 8 Default TDOL used 0 0 0
7 Issuer authentication was unsuccessful 0 0 0
6 Script processing failed before final GENERATE AC 0 0 0
5 Script processing failed after final GENERATE AC 0 0 0
4 RFU 0 0 0
3 RFU 0 0 0
2 RFU 0 0 0
1 RFU 0 0 0
Legend
0 Mandated setting 0/1 Non-mandated setting
1 Mandated setting RFU Reserved for future use (The settings must be “0, 0, 0”)
* An attended offline only POS must support voice authorization for a MasterCard card (the acquirer assumes liability if voice authorization was not obtained
above the international floor limit). A CAT terminal must decline.

Table 4, TACs—Offline-Only POS and CAT, continued

24 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

4.6 Terminal Capabilities
The terminal capability (or profile) must be specific to PayPass—M/Chip use. The Terminal Capabilities
field is coded according the definition in EMV Book 4 but with the values specified in Table 5, Table
6, Table 7, and Table 8 of these requirements.
PayPass terminals must be able to make use of PayPass specific terminal capabilities when performing
a PayPass—M/Chip transaction. Additionally, the value of the PayPass Terminal Capabilities depends
upon whether the transaction is above the PayPass CVM and Receipt Limit or not (see Byte 2 Table 7
of the Terminal Capabilities). The terminal capabilities is then used with the CVM list from the card to
select the cardholder verification method (i.e., no CVM) as specified in EMV 2000 Book 3.

b8 b7 b6 b5 b4 b3 b2 b1 MEANING
0/1 x x x x x x x Manual key entry
x 0/1 x x x x x x Magnetic stripe
x x 0/1 x x x x x IC with contacts
x x x 0 x x x x RFU
x x x x 0 x x x RFU
x x x x x 0 x x RFU
x x x x x x 0 x RFU
x x x x x x x 0 RFU
Legend
0 Mandated setting 0/1 Non-mandated setting, dependent upon on the specific terminal configuration
1 Mandated setting RFU Reserved for future use (The settings must be “0, 0, 0”)
* EMV defines the structure of this data item and does not yet include a value for contactless support, but EMVCo may decide to include a value future
definitions.

Table 5, Terminal Capabilities Byte 1—Card Data Input Capability*

b8 b7 b6 b5 b4 b3 b2 b1 MEANING
0 x x x x x x x Plain-text PIN for ICC verification
x 0/1 x x x x x x Enciphered PIN for online verification
x x 0/1** x x x x x Signature (paper)
x x x 0 x x x x Enciphered PIN for offline verification
x x x x 0/1 x x x No CVM Required
x x x x x 0 x x RFU
x x x x x x 0 x RFU
x x x x x x x 0 RFU
Legend
0 Mandated setting 0/1 Non-mandated setting, dependent upon on the specific terminal configuration
1 Mandated setting RFU Reserved for future use (The settings must be “0, 0, 0”)
** If the terminal supports cardholder signature as a CVM, the terminal must be an attended terminal (Terminal Type = “x1,” “x2,” or “x3”) and must support
a printer (Additional Terminal Capabilities, byte 4, Print, attendant bit = “1”).

Table 6, Terminal Capabilities Byte 2—CVM Capability for Transactions above

the PayPass CVM and Receipt Limit

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 25

4. TERMINAL CONFIGURATION

b8 b7 b6 b5 b4 b3 b2 b1 MEANING
0 x x x x x x x Plain-text PIN for ICC verification
x 0 x x x x x x Enciphered PIN for online verification
x x 0 x x x x x Signature (paper)
x x x 0 x x x x Enciphered PIN for offline verification
x x x x 1 x x x No CVM Required
x x x x x 0 x x RFU
x x x x x x 0 x RFU
x x x x x x x 0 RFU
Legend
0 Mandated setting 0/1 Non-mandated setting, dependent upon on the specific terminal configuration
1 Mandated setting RFU Reserved for future use (The settings must be “0, 0, 0”)

Table 7, Terminal Capabilities Byte 2—CVM Capability for Transactions under

the PayPass CVM and Receipt Limit

b8 b7 b6 b5 b4 b3 b2 b1 MEANING
1/0 x x x x x x x SDA
x 0 x x x x x x DDA
x x 1/0 x x x x x Card capture
x x x 0 x x x x RFU
x x x x 1/0 x x x Combined DDA/Application
Cryptogram Generation
x x x x x 0 x x RFU
x x x x x x 0 x RFU
x x x x x x x 0 RFU
Legend
0 Mandated setting 0/1 Non-mandated setting, dependent upon on the specific terminal configuration
1 Mandated setting RFU Reserved for future use (The settings must be “0, 0, 0”)

Table 8, Terminal Capabilities Byte 3—Security Capability

26 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 . NETWORK INTERFACES AND HOST SYSTEMS

5.1 Summary of Changes

PayPass transactions at PayPass—M/Chip terminals are indicated by new values in existing fields for
authorizations and clearing. These PayPass specific changes are detailed in the MasterCard Global
Operations Bulletin No. 6, June 2005, and incorporated in the latest authorization and clearing
manuals for your region.
PayPass transactions from PayPass—M/Chip terminals will be either:
• PayPass ICC transactions with ICC related data (i.e., field DE055 “ICC related Data” and DE023
“Card Sequence Number”—if provided by the card to the terminal). ICC related data is not
present in authorization requests and clearing transactions.
• PayPass—Mag Stripe transactions with the same format as current mag stripe transactions.
All PayPass transactions contain new values in fields DE022 and DE061, indicating that they are
PayPass transactions at a PayPass terminal.
The network changes to support these requirements are summarized in the following sections.

Accepting Contact EMV at PayPass—M/Chip Terminals

Acquirers who deploy PayPass—M/Chip terminals supporting contact EMV must be Full Grade
acquirers. If a PayPass—M/Chip terminal accepts contact EMV then it must also accept mag stripe
transactions and be EMVCo certified.
Partial Grade and PayPass—Mag Stripe acquirers must migrate to Full Grade EMV acquiring.
Full Grade acquiring is the term used to describe an acquirer that has invested in chip terminals, and
has also upgraded its network and host systems to support the additional information generated
during a chip transaction. Full Grade acquirers provide DE055 in the authorization request and
clearing messages.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 27

5. NETWORK INTERFACES AND HOST SYSTEMS

5.2 Authorization Requests

PayPass authorizations must be processed with the new values defined in Table 9 below.

DATA ELEMENT SUBELEMENT VALUES

061 (POS Data) 11 (POS card data terminal input 4: contactless magnetic stripe
capability) 3: contactless M/Chip
022 (POS Entry Mode) 1 (POS Terminal Primary Account 91: PAN auto-entry via contactless mag
Number [PAN] Entry Mode) stripe
07: PAN auto entry via contactless M/Chip

Table 9, New Values in Existing Fields for PayPass Authorizations

5.3 Authorization Responses

ICC response data, including Issuer Scripts, is not returned from issuers for PayPass—M/Chip
transactions. In the event that ICC response data is returned, acquirers are not required to return it to
the terminal. If the data is returned to the terminal then the terminal shall not process the data. The
terminal is not required to retain the data.

5.4 Clearing
New values in existing fields are required for PayPass clearing transactions. Table 10 defines the new
values. Other fields and values remain as present.

DATA ELEMENT SUBELEMENT VALUES

022 (POS Entry Mode) 1 (POS card data input capability) A: terminal supports PAN auto-entry via
contactless mag stripe
M: terminal supports PAN auto-entry via
contactless M/Chip
022 (POS Entry Mode) 7 (card data input mode) A: PAN auto-entry via contactless mag stripe
M: PAN auto entry via contactless M/Chip
022 (POS Entry Mode) 10 (card data output capability) 0: unknown no indication given
1: none
3: ICC (Contact EMV, PayPass—Mag Stripe,
and PayPass—M/Chip)

Table 10, New Values in Existing Fields for PayPass Clearing Transactions

28 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 NOTE

The TVR sent to the issuer in clearing messages from offline only terminals may differ from the
TVR used in Terminal Action Analysis. This is because the PayPass—M/Chip Transaction flow
enhancements allow some terminal-related, TVR-related processing to be postponed until after
the first GENERATE AC command. The value that the terminal sent to the card in the first
GENERATE AC must be used in clearing messages.
This is illustrated in transaction flows in Appendix A, PayPass Transaction Flows, of this document
and in full detail in the PayPass—M/Chip Technical Specification.

5.5 Chargebacks
Cardholder verification and receipts are optional for all PayPass transactions under US $25. Regions
may lower this limit if required. These implementation requirements refer to the transaction amount
at which the new requirement applies as the “PayPass Cardholder Verification and Receipt Limit” (see
Section 3.4.4, Cardholder Verification and Receipt Limits for PayPass—M/Chip, of this document).
To support this change, acquirers are protected against chargebacks for PayPass transactions with the
reason codes shown in Table 11. Issuers may not chargeback properly identified PayPass transactions
with these reason codes.

MESSAGE REASON CODE DESCRIPTION

4801 Requested Transaction Data Not Received
4802 Requested/Required Information Illegible or Missing
4837 No Cardholder Authorization

Table 11, PayPass Impacted Chargeback Reason Codes

Full details of the changes are available in the MasterCard Chargebacks Standards Bulletin January 2006.
For users of MasterCom, the existing Acquirer’s Retrieval Response Code has been updated to reflect
these changes (see Table 8). Acquirers may use this rejection code for qualified PayPass transactions
under US $25.

ACQUIRER RESPONSE CODE DESCRIPTION

C The issuer’s request for retrieval was for a transaction identified as a
PayPass transaction that is equal to or below US $25
or
QPS—No item available

Table 12, Updated MasterCom Acquirer Response Codes for PayPass

5.6 Network Interface Validation (NIV) Testing

The acquirer’s network implementation is tested during NIV testing. See Section 6.7, NIV, of this
document for further information on NIV testing.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 29

 . TESTING

6.1 Testing Overview

The MasterCard test process for PayPass—M/Chip is a series of test stages.
This chapter summarizes how PayPass—M/Chip implementations are tested. Acquirers will be able to
use this information to plan their testing and understand the purpose, scope, and requirements for
PayPass testing. Refer to the PayPass specific testing documentation for more information.
This guide is for acquirers who are already contact EMV acquirers. Only the additional testing for
PayPass—M/Chip is described here. For more information on migrating to contact EMV refer to the
MasterCard M/Chip Implementation Guide.

6.2 Testing Scope by PayPass Terminal Type

The acquirer or merchant’s choice of terminal determines the scope of required testing. All new
PayPass—M/Chip implementations must perform this testing.
In addition, if the terminal also supports contact EMV then:
a) The terminal must be EMV certified.
b) TIP for a new contact EMV terminal must be performed.

An acquirer who has already implemented PayPass—M/Chip and is only adding new terminals
performs only:
c) TIP for a new PayPass—M/Chip terminal.
d) TIP for a new contact EMV terminal if the terminal supports contact EMV and the terminal must
be EMV certified.

Information on contact EMV testing is available in the MasterCard M/Chip Customer Implementation
Guide.

6.3 Testing Process

The services provided by MasterCard and described in this section are designed to validate, to a
reasonable degree, that the acquirer’s infrastructure can accept MasterCard PayPass approved cards.

30 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

6.4 Test Stages
The acquirer test stages for a PayPass—M/Chip implementation are summarized in Table 13. The
following sections provide a summary of each stage. The stages are then further explained in the
following sections.

STAGE REQUIRED? DESCRIPTION AND NOTES

System Buildup Optional Purpose: Test the initial acquirer development.
(on request) Optional system testing with MasterCard. Intended to
support more complex developments.

TIP Required Purpose: Tests the terminal in an integrated acquirer

environment.
The TIP tests to be performed are defined when the
acquirer supplies MasterCard with a completed TIP
questionnaire. ETEC cards are used with the acquirer
terminal(s). PayPass interoperability ETEC cards may
also be required if there are any known field
interoperability issues.

NIV Required Purpose: Tests the acquirer authorization and

(Once per acquirer clearing network interfaces against the MasterCard
or processor) simulators, using ETEC cards.
Additional PayPass transactions have been added.

End-to-End Demonstration Required Purpose: Validates the completed implementation in

(ETED) the production environment, including some areas
that can only be validated in production—e.g., key
management and network functions.
A set of PayPass transactions are performed by
MasterCard using MasterCard-supplied live cards.

Post Live Monitoring Required Purpose: Monitor the stability of the

implementations through normal business use.
No acquirer action required.

Table 13, Summary Test Stages

6.5 System Buildup

MasterCard offers acquirers the option of testing their development from an early stage with the
objective of reducing project development time and cost for the acquirer. For PayPass, the system
changes are limited and this testing is optional. Acquirers should notify MasterCard if they intend to
do this testing and will also need:
• MasterCard simulators
• Test keys available (scheme public keys)
• PayPass subset 7 ETEC cards

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 31

6. TESTING

6.6 TIP
Acquirers run the tests and then submit log files from the simulators for validation by MasterCard.
The TIP is designed to validate that the terminal:
• Meets the business needs of the acquirer.
• Conforms to the MasterCard PayPass—M/Chip and PayPass—Mag Stripe Technical Specifications,
after integration in the acquirer environment.
• Conforms to MasterCard requirements related to the:
– Payment product(s) the terminal will accept (such as the support of online PIN, if required)
– Operational effectiveness, such as the implementation of “fallback to contact or magnetic
stripe” (depending on the terminal type)

Based on the needs of the acquirer, the TIP can comprise up to four components:
1. Validation that the terminal meets the requirements of both the acquirer and MasterCard.
2. Assessment of testing requirements and identification of the ETEC cards required. PayPass
cards are ETEC cards subset 6 and 8.
3. Terminal Integration Workshop, to explain the TIP and the testing that will be performed,
agree on the scope of the TIP, and confirm the testing configuration.
4. TIP Testing.

6.7 NIV
Acquirers run the tests and then submit log files from the simulators for validation by MasterCard.
To correctly process PayPass transactions, acquirers need to upgrade their network interfaces with
MasterCard. The NIV testing checks that authorization and clearing interfaces are in accordance with
the current MasterCard authorization and clearing requirements for the acquirer’s region.
Subset 6 and 7 ETEC cards are used with the MasterCard simulator for this testing.

Offline Authorization Testing (Mandatory)

For authorization testing, acquirers use the MasterINQ Simulator (U.S. region), or the MasterCard
Europe Authorization Simulator (MEAS) (non-U.S. regions) to ensure that they are able to correctly
provide the additional chip data in authorization messages.
With the simulator connected to the acquirer host, which is itself connected to the terminal, acquirers
perform transactions using the ETEC cards. Further explanations regarding ETEC cards are also
provided in the MasterCard M/Chip Implementation Guide.

32 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

 Conditional Offline Clearing Testing
Currently, acquirers may choose if they wish to send chip data in clearing messages or not. Acquirers
that do decide to send chip data in clearing messages must perform offline clearing testing before
being set up for live operations. Acquirers performing clearing testing use the MasterCard Clearing
Presentment Simulator to validate the:
• Conformity of the clearing interface.
• Ability of the host system to send clearing messages containing chip data.

Optional Online Testing

Online testing is optional. Acquirers that wish to perform online tests interface with the online testing
facility provided by MasterCard.
The online testing facility provides the following benefits:
• Availability of a close-to-production environment, where the bank sends real messages across the
real network infrastructure.
• Ability to perform specific testing customized to meet the needs of the acquirer.

6.8 ETED
The ETED is designed to validate that all activities under the control of the acquirer (e.g., terminal,
acceptance network, authorization system, interfaces to MasterCard systems, etc.) function correctly.
It is performed as soon as the implementation is promoted to live.
The acquirer provides MasterCard with the locations of the terminal(s) to be tested. MasterCard uses
a representative set of live MasterCard-branded, PayPass-approved cards (provided by various issuers)
to perform transactions at the terminals to be tested. MasterCard and the acquirer monitor
transactions across the real-time authorization network and through the clearing and settlement
process. The log files are also verified after the end-to-end tests have been performed.

6.9 Post-Live Monitoring

To ensure a smooth rollout and prove that the implementation is stable, MasterCard monitors the
acquirer’s transactions for a period of 30 days. MasterCard issues the acquirer with a completion
notice at the end of this period and the acquirer system is ready to move to business as usual. The
acquirer receives confirmation of the successful completion of the period of live monitoring. The
acquirer’s implementation is now considered as a “Business As Usual” (BAU) system.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 33

6. TESTING

6.10 Further Information and Contact Details

Queries and further assistance can be obtained from the acquirer’s regional representative or the
following specific support addresses:

AREA CONTACT
PayPass testing testing@paypass.com
General chip help chip_help@mastercard.com
System buildup testing chip_help@mastercard.com
TIP tip@mastercard.com
NIV Customer Implementation Services (CIS)—Acquirers will
be provided the contact details for the Network Interface
Testing Engineer assigned to their implementation project.
MEAS (non-U.S. regions) meas.sim@mastercard.com
MasterINQ debit/credit debit.sim@mastercard.com
(U.S. regions) credit.sim@mastercard.com
Clearing simulator mcps.sim@mastercard.com
Online software upgrades www.mastercardonline.com
ETEC cards chip_help@mastercard.com (for information regarding the
use of ETEC cards for pretesting purposes)
test_tools@silicomp.fr (for information regarding the
purchase of ETEC cards)

34 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

APPENDICES

Appendix A: PayPass Transaction Flows

Overview
The PayPass—M/Chip terminal transaction flow is based on the EMV 2000 specifications with some
specific PayPass adaptations. PayPass transaction flows are defined in the PayPass—M/Chip Technical
Specifications. PayPass transaction flows have been defined to optimize the PayPass—M/Chip
implementation.
This section shows the transaction flows as defined by the M/Chip Technical Specification and
illustrates the variance from standard EMV processing and the specific PayPass features that must be
implemented by a PayPass—M/Chip terminal.

NOTE

Acquirers, merchants, or vendors wishing to deviate from the defined PayPass transaction flows are
advised to consult MasterCard. Terminal Vendor Testing will be based upon the behavior expected
from the MasterCard PayPass examples.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 35

APPENDICES

Appendix A, PayPass Transaction Flows, continued

Online-Capable Terminal Transaction Flow

Figure A-1 shows the transaction flow for a PayPass—M/Chip card at an online-capable PayPass—
M/Chip terminal.

PayPass—M/Chip Card at
Online capable
Standard EMV
PayPass—M/Chip
Transaction Flow
terminal

Card Activation Card Activation

Application Selection Application Selection

Initiate Application Processing Initiate Application Processing

no
Initiate PayPass—Mag Stripe M/Chip
Processing Profile

yes

Read Application Data Read Application Data

Offline Card Authentication

Processing Restrictions Processing Restrictions

Terminal Risk Management Terminal Risk Management

Cardholder Verification Cardholder Verification

Terminal Action Analysis Terminal Action Analysis

Card and Terminal

(GEN AC) Card Action Analysis (GEN AC) Card Action Analysis
in Contactless
Communication

Card and Terminal

Communication Ended
AAC AAC or no Online decision
TC ? (ARQC) ?

yes
TC

yes GEN AC was no

CDA ?

Offline Card Authentication

no Offline Card yes

Authentication OK?

Terminal Online Processing* Terminal Online Processing

*If required

Key—EMV processing is: Terminal

Decline Transaction Completion Transaction Completion
Normal

Modified / See Notes Script Processing

Omitted

New

Figure A-1, PayPass M/Chip/EMV Transaction—Online-Capable Terminal

36 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

Offline-Only Terminal Transaction Flow
Figure A-2 shows the transaction flow for a PayPass—M/Chip card at an offline-only PayPass—
M/Chip terminal.

PayPass–M/Chip Card at
Offline Only Standard EMV
PayPass– M/Chip terminal Transaction Flow

Card Activation Card Activation

Application Selection Application Selection

Initiate Application Processing Initiate Application Processing

Initiate PayPass– Mag Stripe no M/Chip

Processing Profile ?

yes

Read Application Data Read Application Data

Card and Terminal (GEN TC) Card Action Analysis

in Contactless TVR = ‘0000000000’
Communication

Card And Terminal

Communication Ended
yes
AAC,ARQC or
AAR response ?

no

Offline Card Authentication Offline Card Authentication

Processing Restrictions Processing Restrictions

Terminal Risk Management Terminal Risk Management

Cardholder Verification Cardholder Verification

Terminal Action Analysis Terminal Action Analysis

TC ?
no
(GEN AC) Card Action Analysis

yes

Terminal
Decline Transaction Completion Transaction Completion

Key–EMV processing is:

Normal

Modified / See Notes

Omitted

New

Figure A-2, PayPass—M/Chip/EMV Transaction—Offline-Only Terminal

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 37

APPENDICES

Appendix A, PayPass Transaction Flows, continued

PayPass—Mag Stripe Transaction Flow

Figure A-3 shows the transaction flow for a mag stripe transaction at a PayPass—M/Chip terminal.
This will be the transaction flow for a PayPass—Mag Stripe card or PayPass cardholder device at a
PayPass—M/Chip terminal.
PayPass–Mag Stripe transaction
Online capable
PayPass–M/Chip terminal

Read Mag Stripe

Application Data

Mag Stripe Application

Version Number Checking

Compute Cryptographic
Checksum (CVC3)

Standard Mag Stripe Cardholder

Verification

Standard Mag Stripe online /

offline processing*
Mag Stripe processing is:
*With PayPass indication

Normal

New Standard Mag Stripe Completion

Figure A-3, PayPass—Mag Stripe Transaction Flow

38 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

Appendix B, Glossary

Term Description
M/Chip 4 Application The M/Chip 4 Select and M/Chip 4 Lite card applications as implemented on
issuer’s cards and as specified in the MasterCard M/Chip 4 Card Application
Specification for Debit and Credit. When behavior is specific to one of the
applications, the specific application name, i.e., M/Chip 4 Lite application or
M/Chip 4 Select application, is used.
Non-Card Form Factor Device Refer to “PayPass Cardholder Device.”
PayPass Approved Terminals MasterCard tests products for compliance to all required specifications.
Products which are proven to comply are issued a PayPass Letter of Approval
and are PayPass approved. MasterCard publishes lists of PayPass approved
products to help acquirers choose their products. A product may require
configuration or further functionality before use, but this must not change the
product’s compliance with specifications. Approved products are used as part
of an overall payment system.
PayPass Cardholder Device Also referred to as an “NCFF device.” A PayPass product allowing cardholders
to make contactless PayPass payments, but not in the standard bankcard
(ID-1) form. Examples include PayPass tags and key fobs.
PayPass—M/Chip Application The M/Chip 4 card application, extended for communication over a contact
and contactless interface as specified in the MasterCard PayPass—M/Chip
Technical Specification manual.
PayPass—M/Chip Card Dual-interface card with the PayPass—M/Chip Application accessible over the
contact and contactless interface.
PayPass—M/Chip Terminal A terminal accepting PayPass—M/Chip cards using a transaction flow
similar to the EMV contact transaction flow and supporting Terminal Risk
Management (TRM). If the terminal has offline capability then it will also
support offline CAM. The terminal may also accept existing magnetic stripe
cards and contact cards. The PayPass—M/Chip terminal must also accept
PayPass—Mag Stripe transactions. It may also accept other contactless
schemes.
PayPass—M/Chip Transaction A PayPass transaction which includes the required M/Chip EMV data elements
as used in Authorizations and Clearing messages.
PayPass—Mag Stripe A PayPass transaction which contains the required mag stripe only data
Transaction elements.
PayPass Technology The MasterCard specific implementation of ISO/IEC 14443. PayPass uses the
technology as defined in the PayPass—ISO/IEC 14443 Implementation
Specification for the wireless (“contactless”) exchange of data between card
and terminal.
PayPass Terminal Vendor The MasterCard process of testing products for compliance to all required
Testing specifications. Products which pass all the required tests are PayPass-approved
products.

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 39

APPENDICES

Appendix B, Glossary, continued

Term Description
PayPass Transaction A payment transaction using PayPass technology for the data exchange
between card and terminal. A transaction can be either a PayPass—M/Chip
Transaction or PayPass—Mag Stripe Transaction.
PayPass Transaction Time The time the PayPass card needs to be present in the terminal’s
electromagnetic field in order to allow for a complete data exchange.
The completion of the data exchange is indicated by a beep and a visual
indication. Any processing done by the terminal after the card has been
removed is excluded from the PayPass transaction time.

40 v.1-A4 6/06 MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS

MASTERCARD PAYPASS—M/CHIP, ACQUIRER IMPLEMENTATION REQUIREMENTS v.1-A4 6/06 41
 © 2006
PayPass-23 v.1-A4 6/06 MasterCard International Incorporated