card verification support. click to edit master title style base24 card verification card...

Card Verification SupportCard Verification Support

Click to edit Master title styleBASE24 Card VerificationBASE24 Card Verification

• Card verification provides a means of confirming the validity of the card presented by a customer

• The magnetic stripe data on a card can contain a value BASE24 calls the card verification digits (CVD)

• The card issuer generates the CVD from:– Two card verification keys plus the

primary account number– Card expiration date– Service code from the card

Click to edit Master title styleBASE24 Card Verification BASE24 Card Verification

• Verifying a card in software or hardware, involves using the same card verification keys and the magnetic stripe information to compute another CVD

• The computed CVD is compared with the CVD contained in the magnetic stripe data

• The card is considered valid if the two CVDs match because the same magnetic stripe information and card verification keys are required to obtain the same CVD


• For BASE24-pos, the card verification information can also be entered manually by the acquirer instead of being read electronically by swiping the card through a magnetic stripe reader

• The CVD, primary account number, and expiration date printed on the card are manually entered by the merchant

• BASE24-pos assumes a service code value of 000 for transactions manually entered by the acquirer.

• The manual entry of card verification data allows BASE24-pos to detect and prevent the use of counterfeit cards when a magnetic stripe reader is unavailable


• Processing for manual and electronic card verification is similar

• Manual card verification can be performed once or twice using different date formats for the CVD

• Card verification is configured at the card prefix level and can be performed in software or hardware by all hardware security modules supported by BASE24

Click to edit Master title styleCard Verification KeysCard Verification Keys

• BASE24 uses a pair of keys in the card verification algorithm

• The security of card verification keys is critical to their effectiveness

• Card issuer controls the card verification keys because the keys used to generate the CVD when it is created must also be used to verify the card when presented by the customer

• Card verification key pairs can be maintained in the BASE24 database in clear or encrypted form depending on whether card verification is performed in software or using a hardware security module

Click to edit Master title styleCard Verification RequirementsCard Verification Requirements

• BASE24-atm and BASE24-pos can perform card verification when all of the following requirements are met:– Transaction is card-initiated– Magnetic stripe of the card contains a CVD

and the magnetic stripe data is obtained by passing the card through a magnetic stripe reader

– Card verification information is properly defined in the BASE24 database

– The CV CHECK TYPE field on CPF screen 2 indicates card verification should be performed

Click to edit Master title styleCard Verification Requirements Card Verification Requirements

– When obtaining the CVD electronically, the CARD VERIFICATION KEYA GROUP field on CPF screen 2 must contain a value

– When entering the CVD manually, the MANUAL CARD VERIF KEYA GROUP field on CPF screen 2 must contain a value

– The card expiration date must meet or exceed the value specified in the CV DATE field or MANUAL CV DATE field on CPF screen 2

Click to edit Master title styleCard Verification Requirements Card Verification Requirements

– The offsets for the card expiration date, service code, and the CVD must be specified in the CPF for each card prefix

– Card verification has not already been performed

– The transaction is authorized by BASE24 or card verification is included in screening checks performed by BASE24 when the transaction is authorized by a host

– The message type is 0200 (a request)

Click to edit Master title styleCard Track LayoutsCard Track Layouts

• When performing card verification electronically, BASE24 uses the following information:– Primary account number (PAN)– Card expiration date – Service code– Card verification digits (CVD) generated by the

card issuer

• When this information is obtained from the magnetic stripe of the card, the required data can be retrieved from the Card Track which is available in the BASE24 message

Click to edit Master title styleCard Track Layouts Card Track Layouts

• Card verification can be performed on any card that contains card verification information on the magnetic stripe

• The BASE24 database contains offsets to identify the location of each field necessary for verification

Click to edit Master title styleElectronic Card Verification ProcessingElectronic Card Verification Processing

Authorization

1. Determines whether electronic card verification should be performed. - If the first character in the Track Data field contains an M, manual card verification is performed. - If one or more of the requirements is not met, Auth continues processing without any further CV processing - If all requirements are met, proceed with step 2. 2. Determines whether the internal message contains complete magnetic stripe data. If yes, continue with step 5. If no, continue with step 3. (Did the acquirer alter the mag stripe?)3. Determines whether sufficient magnetic stripe data exists to verify the card. Auth determines the length of the mag stripe data and uses the values in the CPF (CVD OFST and SRVC CODE OFST) to determine if this data is available. - If yes, continue CV processing, step 4. - If no, continue processing the transactions without any further CV processing.

Click to edit Master title style

Authorization

Electronic Card Verification ProcessingElectronic Card Verification Processing

4. Determines whether the card verification should be attempted with incomplete magnetic stripe data. - If CV CHECK TYPE in CPF is set to 1 (complete only), Auth continues processing the transaction without CV processing. - If CV CHECK TYPE in CPF is set to 2 (all), CV processing continues with step 5. 5. Performs track length checks depending on the track being used. - Ensures track length is between the values in the LENGTH MIN/MAX field in CPF. If set to zero, no max length is checked.6. Performs card verification. The following data is used for card verification: - Both card verification keys from the KEYA - The PAN from the mag stripe data - The card expiration date from the mag stripe data - The service code from the mag stripe data 7. Determines which of two BAD CV ACTION fields in the CPF will control processing.

Click to edit Master title styleElectronic Card Verification ProcessingElectronic Card Verification Processing

Authorization

8. Continues transaction authorization based on the status returned from the card verification utilities and the setting of the appropriate BAD CV ACTION field in the CPF.

0 = CVD valid then card verify flag set to Y, normal processing continues.

2 = security device failure, card verify flag set to N (verification not performed). Normal processing continues.

1, 3, 4 and BAD CV ACTION field = 0 (denote and continue), card verify flag set to C (CVD invalid). Normal processing continues.

1, 3, 4 and BAD CV ACTION = 1 (decline and return), card verify flag set to D (CVD invalid, tran declined) and error flag set to C (card verification error). Tran is declined, card returned.

1, 3, 4 and BAD CV ACTION = 2 (decline and retain), card verify flag set to D (CVD invalid, tran declined) and error flag set to C (card verification error). Tran is declined, card should not be returned to customer.


Authorization

Manual Card Verification ProcessingManual Card Verification Processing

1. Determines whether card verification should be performed. If the first character in the Track Data field is not an M, electronic card verification is performed. If all requirements are met, proceed with step 2. 2. Determines whether card verification should be attempted for manually entered card verification information. . 3. Determines whether the card expiration date in the track data is greater than or equal to the date in the MANUAL CV DATE field on the CPF screen 2.


Authorization


4. Reads the BASE24-pos Release 5.1 token and verifies the Card Verification Digits field.

- If the Card Verification Digits field is blank and the CVD Present Flag is set to a value of 0 or 9, the process reads the BASE24-pos Release 5.0 token and sets the Card Verify Flag to a value of O (merchant ignored CVD). No further card verification processing is performed.- If the Card Verification Digits field contains data, the process moves the CVD data to the Track Data field and continues processing with step 5.- If the release 5.1 token is not present, manual CVD data was not entered. No further card verification processing is performed.


Authorization


5. Reads the BASE24-pos Release 5.0 token.- If the Card Verify Flag is set to a value of L (track length was in error) or O (merchant ignored CVD), no further card verification processing is performed.- If the Card Verify Flag is set to any other value, the process continues processing with step 6.

6 Retrieves the KEYA record based on the value of the MANUAL CARD VERIF KEYA GROUP field on CPF screen 2 and the card expiration date. 7. Determines the format of the CVD to use for the card verification. 8. Sends the appropriate Card Verification

data to the HSM


Authorization


9. Continues transaction authorization based on the status returned from the card verification utilities and the setting in the BAD CV ACTION-MANUAL ENTRY field on CPF screen 2.

Card verification processing is complete.Normal transaction processing continues.

Click to edit Master title styleConfiguring the BASE24 Database Configuring the BASE24 Database

• Card Track Information– TRACK PREFERENCE– BAD TRK LEN

• Card Track Settings– EXP DATE– LENGTH MIN/MAX

CPF Screen 1CPF Screen 1


• Card Verification Information– CARD VERIFICATION KEYA GROUP– CV CHECK TYPE – MANUAL CARD VERIF KEYA GROUP– CHECK IF HOST ONLINE CV– CV DATE– MANUAL CV DATE– DATE CHECK TYPE

CPF Screen 2CPF Screen 2


• Card Verification Information– CARD TRACK CVD OFST– CARD TRACK SRVC CODE OFST– BAD CV ACTION-MANUAL ENTRY– BAD CV ACTION - TRACK DATA COMPLETE– BAD CV ACTION - TRACK DATA UNCERTAIN

CPF Screen 2 CPF Screen 2


KEYA Screen 1KEYA Screen 1– GRP– BEGIN DATE– END DATE– RECORD TYPE

KEYA Screen 6KEYA Screen 6

– ENCRYPT TYPE– CLEAR KEY– ENCRYPTED KEY– CHECK DIGITS


PTD Screen 2PTD Screen 2– COMPLETE TRACK DATA

Card Verification SupportCard Verification Support

Review 4Review 4

Click to edit Master title styleReview Number 4Review Number 4

Instructions: Fill in the blanks.

1. The magnetic stripe data on a card can contain a value BASE24calls the _________________________.

2. ______________ card verification can be performed once or twiceusing different date formats for the CVD.

3. When entering the CVD manually, the ________________________field on the CPF must contain a value.

4. The starting position for each field, known as the offset, is computed as the number of positions to the right of the____________________.

Click to edit Master title styleReview Number 4Review Number 4

Instructions: Fill in the blanks.

5. The start sentinel in position 1 has an offset of ______________.

6. The _____________ has an offset of 1 because it starts in position 2.

7. The ______and _____ are three digits in length and can start anywhere in the discretionary data as long as there is room for three positions.

card verification support. click to edit master title style base24 card verification card...

Documents

card prefix card verification

cvd card verification

card slide

card verification algorithm

verification slide

effectiveness card issuer

card prefix level

base24 slide