pin managment for ic card member implementation guide

Welcome to PIN Management for IC Cards Member Implementation Guide

The PIN Management for IC Cards Member Implementation Guide is now available.

The Visa *Confidential* label indicates that the information in this document is intended for use by Visa employees, member banks, and external business partners that have signed a Nondisclosure Agreement (NDA) with Visa. This information is not for public release.

Effective: 27 June 2002

Visa International 2002 40060-01

Visa *Confidential*

PIN Management for IC Cards

Member Implementation Guide

Version 1.0

Effective: 27 June 2002

Contents

27 Jun 2002 Visa *Confidential* i

Contents

About This Guide....................................................................... 1

Audience ............................................................................................. 1 Scope .................................................................................................. 1 Document Organisation..................................................................... 2 Related Documents ............................................................................ 3 For More Information ........................................................................ 3

1. Service Overview ............................................................ 1–1

1.1 Key Concepts........................................................................ 1–1 1.2 Service Features .................................................................. 1–2 1.3 Service Requirements.......................................................... 1–7 1.4 Enrolment Procedures......................................................... 1–8

2. Issuer Implementation .................................................... 2–1

2.1 PIN Management Messages................................................ 2–1 2.2 Offline and Online PINs...................................................... 2–1 2.3 Reversals and Advice of Reversals ..................................... 2–2 2.4 Unsafe PINs ......................................................................... 2–2 2.5 PIN Reissuance.................................................................... 2–3 2.6 Cardholder Notification....................................................... 2–3 2.7 Reporting.............................................................................. 2–3 2.8 Integrated Billing ................................................................ 2–4 2.9 Training................................................................................ 2–4

3. Acquirer Implementation................................................ 3–1

3.1 PIN Management Messages................................................ 3–1 3.2 ATM Screens ........................................................................ 3–1 3.3 Reporting.............................................................................. 3–3 3.4 Integrated Billing ................................................................ 3–3 3.5 Training................................................................................ 3–3

4. Certification Requirements ............................................ 4–1

4.1 Certification Environment .................................................. 4–1 4.2 Certification Process............................................................ 4–2

A. Message Formats and Flows .........................................A–1

A.1 BASE I Message Formats ...................................................A–2 A.2 SMS Message Formats ........................................................A–9

PIN Management for IC Cards Member Implementation Guide 40060-01

ii Visa *Confidential* 27 Jun 2002

A.3 Updated Field Descriptions ..............................................A–16 A.4 PIN Management Message Flows ....................................A–20

B. Certification Scripts........................................................B–1

B.1 BASE I Certification Script.................................................B–1 B.2 SMS Certification Script .....................................................B–3

Glossary ..................................................................................... 1

Figures


Figures Figure 1-1: PIN Management Message Flow ............................... 1–2 Figure A-1: PIN Management Request/Response......................A–20 Figure A-2: PIN Management Reversal .....................................A–21 Figure A-3: Acquirer Not Participating ......................................A–22 Figure A-4: Issuer Not Participating .........................................A–23 Figure A-5: Issuer Unavailable ...................................................A–24 Figure A-6: Time-Out, Issuer Does Not Respond.......................A–25 Figure A-7: Message Undeliverable to Acquirer ........................A–26 Figure A-8: PIN Management Reversal – Issuer

Unavailable...........................................................................A–27

Tables


Tables Table 1-1: Existing Response Codes ............................................. 1–6 Table 3-1: Existing Response Codes ............................................. 3–2 Table A-1: BASE I Request/Response...........................................A–2 Table A-2: BASE I Reversal ..........................................................A–5 Table A-3: BASE I Advice of Reversal ..........................................A–7 Table A-4: SMS Request/Response ...............................................A–9 Table A-5: SMS Reversal .............................................................A–12 Table A-6: SMS Advice of Reversal.............................................A–14 Table B-1: BASE I PIN Management Certification Script..........B–2 Table B-2: SMS PIN Management Certification Script ..............B–4

About This Guide Audience

27 Jun 2002 Visa *Confidential* 1

About This Guide

This guide is intended to assist Visa Members with implementing PIN Management for single-application integrated circuit (IC) cards in preparation for the UK rollout of offline PIN verification at the point of sale. The EU Region will offer this service on a market-by-market basis following the initial UK pilot in 2003.

Audience This guide is directed to staff responsible for implementing PIN Management for IC cards at their financial institution.

It assumes that the reader has a basic knowledge of IC cards, ATM processing and the VisaNet V.I.P. System.

Scope Changes that issuers and acquirers must make to implement PIN Management for IC Cards are addressed in this guide, including those related to:

• Sending and receiving PIN Management messages

• Co-ordinating offline and online PINs

• Developing customer service procedures for cardholders who have forgotten their PINs

• Designing new ATM screens to accommodate PIN Change/Unlock and PIN Unlock transactions

NOTE: The term PIN Unlock is used in this guide as EU members have elected to use this term at their ATMs and in cardholder materials. The term PIN Unblock is used for the processing code in PIN Management messages and in VisaNet technical documentation to be consistent with EMV and industry standards.

Implications for ATM vendors and third-party processors are mentioned where applicable; however, changes to their systems are outside the scope of this document.


2 Visa *Confidential* 27 Jun 2002

It is assumed that members have already implemented full data option IC card processing; for example, that issuers can send Post-Issuance Script commands and acquirers can receive the script commands and transmit them to the IC card at their ATMs.

Document Organisation The information in this guide is divided into the following chapters and appendices:

Chapter 1, Service Overview—Defines PIN management concepts, describes the processing of both PIN Change/Unlock and PIN Unlock messages, and explains the changes to BASE I and Single Message System (SMS) message formats for PIN management. The enrolment procedure for the service is also covered.

Chapter 2, Issuer Implementation—Summarises the systems changes needed to implement the service from an issuer’s perspective, including handling unsafe PINs and alternate routing. Customer service procedures that need to be developed are identified, such as PIN reissuance. Additionally, reporting and training activities are described.

Chapter 3, Acquirer Implementation—Provides information on systems changes needed by the acquirer. Reporting and training activities are also covered.

Chapter 4, Certification Requirements—Explains the certification environment, as well as requirements for pre-certification and certification with VisaNet.

Appendix A, Message Formats and Flows—Provides PIN Management message formats for BASE I and the Single Message System, as well as message flows for common processing scenarios.

Appendix B, Certification Scripts—Contains sample PIN Management certification scripts for BASE I and SMS.

A glossary is also included.

About This Guide Related Documents

27 Jun 2002 Visa *Confidential* 3

Related Documents The following documents contain technical information related to PIN Management for IC Cards:

• V.I.P. System BASE I Technical Specifications

• V.I.P. System BASE I Processing Specifications

• V.I.P. System SingleConnect SMS ATM Processing Specifications

• V.I.P. System SMS ATM Technical Specifications

• V.I.P. System Services

For More Information Contact your Visa representative.


4 Visa *Confidential* 27 Jun 2002

Service Overview Key Concepts

27 Jun 2002 Visa *Confidential* 1–1

1. Service Overview

As payment markets shift to widespread use of integrated circuit (IC) cards with PIN as the primary cardholder verification method, it becomes increasingly important for cardholders to have convenient access to their PINs. This is especially true for credit cardholders who may not know the PIN associated with their card.

This service is designed to provide Visa cardholders with the capability to change or unlock their PINs at participating ATMs. This new functionality is expected to facilitate the rollout of PINs at the point of sale by offering an easy and secure means for cardholders to select their own PINs.

1.1 Key Concepts The following concepts are key to understanding PIN Management for IC Cards.

Offline PIN—A numeric value stored on an IC card used to identify the cardholder when PIN verification takes place offline between the card and terminal.

Offline PIN Verification—The process of verifying a PIN entered into a terminal by the cardholder through interaction between the card and terminal. The PIN entered by the cardholder is compared to a numeric value stored on the card.

Online PIN—A numeric value stored at the Issuer’s host that is used to identify the cardholder when PIN verification takes place through an online message routed between the acquirer and the issuer.

Online PIN Verification—The process of verifying a PIN entered into a terminal by the cardholder by sending it to the issuer for verification. The PIN entered by the cardholder is compared to a numeric value stored at the issuer’s host.

PIN Change/Unlock—A PIN Management message used to change the offline PIN on an IC card. The status of the PIN-try counter is included in the request message, so the issuer may optionally reset the PIN-try counter using the same response message.

PIN Management Message—An online message used to handle PIN-related functions, such as changing or unlocking a PIN.


1–2 Visa *Confidential* 27 Jun 2002

PIN Unlock—A PIN Management message used to reset the PIN-try counter on IC cards. When the PIN-try counter reaches its maximum allowable value as set by the issuer, the card may become blocked. This will prevent subsequent transactions.

Post-Issuance Script—A command sent from the card issuer to the card through VisaNet to change a parameter set in the chip on the card. The IC card will verify that it is the genuine issuer that has provided the Post-Issuance Script.

1.2 Service Features PIN Management for IC Cards is designed for single-application IC cards. Issuers, acquirers and ATM manufacturers must comply with EMV standards for IC card processing.

PIN Management messages work in both dual and single-message processing environments and are subject to normal ATM processing edits. PIN blocks are encrypted using the existing acquirer and issuer encryption working keys. Figure 1-1 illustrates the flow of PIN Management messages.

Figure 1-1: PIN Management Message Flow

ATM Acquirer Issuer

(1) (2) (3)

(6) (5) (4)

PIN Change/Unlock Message Flow

The following list corresponds to the numbered arrows in Figure 1-1 and describes the high-level processing steps for a PIN change.

1. The cardholder inserts their IC card into the ATM, enters the current PIN, and then selects the PIN Change/Unlock function at the ATM, entering the new PIN twice. Both entries of the new PIN must match or the cardholder is requested to re-enter the new PIN.

The ATM:

! Encrypts both the current and new PINs entered by the cardholder using the acquirer’s working key

! Receives the Authorisation Request Cryptogram (ARQC) generated by the card

Service Overview Service Features


! Sends the transaction data, including information from the chip, such as the ARQC and the status of the PIN-try counter, to the acquirer

2. The acquirer:

! Creates a PIN Management request message (0100/0200) with processing code 70 – PIN Change/Unblock

! Includes the ARQC, chip information and other transaction data in the request message

! Sends the authorisation request message to VisaNet

3. The V.I.P. System decrypts the PIN blocks using the acquirer’s working key and re-encrypts the PIN blocks using the issuer’s working key. The V.I.P. System then routes the message to the issuer.

NOTE: The V.I.P. System does not perform CVV or PVV processing or Chip Card Payment Service (CCPS) CAM/CVV processing for PIN Management messages. Only PIN translation is performed.

The issuer must be available as no Stand-In Processing is performed on PIN Management messages. If the issuer is unavailable or times out, a response code of 91 – Issuer Unavailable is returned.

4. The issuer receives the PIN Management request message then decrypts and verifies the cardholder’s current PIN, validates the ARQC and performs other edits as determined by the issuer’s host system, such as checking the account status. If the PIN change is approved, the issuer prepares a Post-Issuance Script command to change the offline PIN to the new PIN requested by the cardholder. The issuer may optionally create a script command to reset the PIN-try counter if the card has been blocked due to excessive PIN tries as this information is carried in the PIN Management request. The issuer then creates an Authorisation Response Cryptogram (ARPC) and sends a PIN Management response message (0110/0210) containing the script commands to VisaNet.

The issuer changes the online PIN stored at its host to reflect the new PIN value.

5. VisaNet routes the response message to the acquirer.

6. The acquirer sends the response message to the ATM. The Post-Issuance Script command is applied to the card where the new offline PIN value is stored. The PIN-try counter is reset if the script command to change this card parameter was also sent by the issuer. The cardholder removes the card from the ATM.



If the PIN Change/Unlock function is not completed at the ATM for any reason, the ATM generates a reversal message and sends it to the acquirer. The acquirer sends the reversal to VisaNet where it is routed to the issuer. If the issuer is unavailable, VisaNet creates an advice of reversal message for the issuer.

The issuer must develop procedures for the action that should be taken upon receipt of a reversal or advice of reversal. See Section 2.3, “Reversals and Advice of Reversals,” for a discussion of the issues.

PIN Unlock Message Flow

The following list describes the high-level processing steps to unlock a cardholder’s PIN and corresponds to the numbered arrows in Figure 1-1.

1. The cardholder inserts their IC card into the ATM, enters the current PIN, and then selects the PIN Unlock function at the ATM.

NOTE: Assuming that the cardholder had previously forgotten their PIN, they must have contacted their issuer prior to the transaction to obtain the correct PIN. Issuers must develop procedures to verify the cardholder’s identity and provide a copy of the correct PIN in advance of this transaction being performed. Refer to Section 3.3, “Customer Service Procedures,” for more information.

The ATM:

! Encrypts the PIN entered by the cardholder using the acquirer’s working key

! Receives the Authorisation Request Cryptogram (ARQC) generated by the card

! Sends the transaction data, including information from the chip, such as the ARQC and the status of the PIN-try counter, to the acquirer

2. The acquirer:

! Creates a PIN Management request message (0100/0200) with processing code 72 – PIN Unblock

! Includes the ARQC, chip information and other transaction data in the request message

! Sends the authorisation request message to VisaNet

3. The V.I.P. System decrypts the PIN block using the acquirer’s working key and re-encrypts the PIN block using the issuer’s working key. The V.I.P. System then routes the request message to the issuer.

Service Overview Service Features


NOTE: The V.I.P. System does not perform CVV or PVV processing or Chip Card Payment Service (CCPS) CAM/CVV processing for PIN Management messages. Only PIN translation is performed.

The issuer must be available as no Stand-In Processing is performed on PIN Management messages. If the issuer is unavailable or times out, a response code of 91 – Issuer Unavailable is returned.

4. The issuer receives the PIN Management request message and verifies the cardholder’s current PIN, validates the ARQC and performs other edits as determined by the issuer’s host system, such as checking the account status.

The issuer prepares a Post-Issuance Script command to reset the PIN-try counter on the card to zero, creates an Authorisation Response Cryptogram (ARPC) and sends a PIN Management response message (0110/0210) to VisaNet.

5. VisaNet routes the response message to the acquirer.

6. The acquirer sends the response message to the ATM. The Post-Issuance Script command is applied to the card where the PIN-try counter is reset to zero. The cardholder removes the card from the ATM.

If the PIN Unlock function is not completed at the ATM for any reason, the ATM generates a reversal message and sends it to the acquirer. The acquirer sends the reversal to VisaNet where it is routed to the issuer. If the issuer is unavailable, VisaNet creates an advice of reversal message for the issuer.

PIN Management Messages

PIN Management for IC Cards uses standard V.I.P. System authorisation message pairs to handle PIN management functions: 0100/0110 messages in BASE I and 0200/0210 messages in SMS.

New values have been defined for existing fields. There are also required values for existing fields and fields that must be present in the messages. This information is summarised in the following sections.

New Values in Existing Fields

New processing codes and response codes are used in PIN Management messages.

Two new processing codes have been defined for field 3:

‘700000’ – PIN Change/Unblock

‘720000’ – PIN Unblock



Two new response codes have been defined for field 39:

P5 – Decline of request

P6 – Unsafe PIN

The following BASE I response codes have been added to SMS in support of PIN Management:

58 – Transaction not allowed at terminal (Acquirer not participating)

85 – No reason to decline a request (Approval of request)

Other existing response codes that are valid for this service are shown in Table 1-1. The standard VisaNet response code definition is listed first, and the meaning specific to PIN Management messages follows in parentheses.

Other standard response codes used in VisaNet ATM processing may also apply. Any response codes added to ATM processing in the future will automatically apply to PIN Management as well.

Table 1-1: Existing Response Codes

BASE I SMS

12 – Invalid transaction1

55 – Incorrect PIN

57 – Transaction not permitted to cardholder (Issuer not participating)


81 – PIN cryptographic error

83 – Unable to verify PIN2


91 – Issuer unavailable or switch inoperative (STIP not applicable or available to this transaction)

96 – System malfunction




81 – Cryptographic error in PIN

86 – Cannot verify PIN2

91 –Destination unavailable or time out when no stand-in


1 – Response code 12 is returned to the acquirer when the chip fields in either F55 or the 3rd bitmap (F152) are dropped from the request message. The PIN Change/Unlock request message is not forwarded to the issuer if either F55 or the 3rd bitmap is not present.

2 – When SMS receives response code 83 from BASE I, it converts the 83 to an 86 before forwarding the message to the acquirer.

Service Overview Service Requirements


Required Values in Existing Fields

These values are required for existing fields in PIN Management messages:

Field 18, Merchant Type, must be 6011 – ATM

Field 22, POS Entry Mode, must be ‘05’ or ‘95’

Field 25, POS Condition Code, must be ‘00’

Field 52, must contain the existing PIN

Field 55, if used, must contain tag ‘CO’ with the new PIN

NOTE: The new PIN may alternatively be sent in field 152, Secondary PIN Data, the 3rd bit map for chip data. Field 55 or 152 must be present if the processing code in field 3.1 is ‘70’.

Field 136, Cryptogram, must be present

Field 142, Issuer Script, must be present if the response code from the issuer is ‘85’

NOTE: Multiple script commands may be included in this field, such as one to change the offline PIN and one to reset the PIN-try counter to zero.

Field 143, Issuer Script Results, must be present in the Reversal message

Field 147, Cryptogram Amount, must be present

Other Relevant Fields

The information stored in the chip, such as status of the PIN-try counter and cardholder verification method, is captured during terminal processing. The data is transmitted to the issuer in Field 130, Terminal Capability Profile, and Field 131, Terminal Verification Results.

See Appendix A, Message Formats and Flows, for additional details.

1.3 Service Requirements PIN Management for IC Cards requires changes to both issuer and acquirer host systems. Certification with VisaNet for PIN Management messages is required for participating issuers and acquirers. In addition, both issuers and acquirers must have previously certified for the full data option for IC card processing.



Refer to Chapter 2, Issuer Implementation, and Chapter 3, Acquirer Implementation for details. Testing and certification requirements are covered in Chapter 4. PIN Management message formats can be found in Appendix A.

1.4 Enrolment Procedures Please contact your Relationship Manager to enrol in this service.

Issuer Implementation PIN Management Messages


2. Issuer Implementation

This chapter discusses steps that issuers must take to implement PIN Management for IC Cards. Issuer implementation activities include developing the capabilities to:

• Receive and respond to PIN Management messages

• Co-ordinate offline and online PINs

• Detect and decline unsafe PINs

• Reissue PINs to cardholders prior to performing a PIN Change/Unlock or PIN Unlock at an ATM

• Notify cardholders of the availability of PIN Management for IC Cards

Additionally, reporting and training activities are described.

2.1 PIN Management Messages Issuers must update their host systems to be able to receive and respond to PIN Management messages as described in Section 1.1, “Service Features”, and Appendix A. Certification with VisaNet is required for this service. Refer to Chapter 4 for more information on testing and certification.

The V.I.P. System technical documentation also provides information on PIN Management messages and transaction processing.

2.2 Offline and Online PINs A critical feature of the project to implement PIN Management for IC Cards is the capability to coordinate cardholders’ offline and online PINs. When an issuer approves a PIN Change/Unlock request message, the online PIN must be changed in the issuer’s host system to match the new offline PIN. In addition, in the event that Issuer Script in the response message is not applied to the card due to technical difficulties, the issuer must be prepared to back out the new PIN and restore the previous online PIN in their host system upon receipt of a reversal or an advice of reversal.



If the online PIN in the issuer’s host system is not in sync with the offline PIN on the card, the cardholder will experience declined transactions due to incorrect PIN at terminals that use online PIN verification.

2.3 Reversals and Advice of Reversals If for any reason the PIN Change/Unlock cannot be completed once the issuer has sent an authorisation response approving the transaction, the V.I.P. System generates a reversal or advice of reversal for the issuer. Issuers must develop procedures for the action that should be taken upon receipt of the reversal or advice of reversal, considering the customer service implications of the situation.

For example, the issuer may choose to change the online PIN stored at its host back to the PIN as it existed prior to the transaction, reversing the failed PIN change. Alternatively, the decision might be taken not to apply the reversal and proactively contact the cardholder regarding the situation.

2.4 Unsafe PINs It is the issuer’s responsibility to detect unsafe PINs that have been selected by cardholders. Examples might include: 1234, 9999, the cardholder’s first name, etc. Issuers should refer to their internal information security guidelines for the definition of unsafe PINs.

Once the definition of an unsafe PIN has been determined, appropriate edits for the new PIN block contained in PIN Management messages should be implemented. Any unsafe PINs selected by cardholders should be declined with a response code of P6 – Unsafe PIN.

Cardholders will receive an ATM screen stating that their PIN selection has been declined as an unsafe PIN and that they should select another PIN.

Cardholder education materials should be developed that explain the issuer’s guidelines for PIN selection. This information should be provided to cardholders when their PIN is reissued for the purpose of performing a PIN Change/Unlock at an ATM.

Issuer Implementation PIN Reissuance


2.5 PIN Reissuance Cardholders must know their current PIN in order to change or unblock it at an ATM. Thus, procedures must be developed to reissue PINs to cardholders who have forgotten their PINs. Issuers typically have existing PIN reissuance procedures that can be utilised or modified for this purpose.

Issuers should review the current procedure with the following questions in mind:

• How is the cardholder’s identity verified?

• How is the PIN provided to the cardholder?

• How long does it take for the cardholder to receive the PIN?

• Does this process effectively meet the customer service requirements for the new PIN Change/Unlock and PIN Unlock functions?

• What modifications should be made to the existing process to support PIN Management for IC Cards?

2.6 Cardholder Notification Cardholders should be notified of the availability of the service, along with the procedures they need to follow if they have forgotten their PIN or would like to select a new one. Typical methods include statement inserts and statement messages. Information on the service might also be provided in new account materials sent to cardholders and included in card activation materials.

A procedural change that you may want to consider is to mail system-generated PINs prior to the IC cards when cards are initially issued. Information on PIN change procedures can be enclosed with the PIN. This gives the cardholder the ability to immediately change their PIN when they receive their card, in the event that they prefer not to use the system-generated PIN.

2.7 Reporting The two new PIN Management transaction types: PIN Change/Unlock and PIN Unlock, should be added to any internal reporting that displays transaction data and counts of transaction types.



You should also add these transactions to transaction history that can be viewed on screen in the card management system by customer service representatives.

The new transaction data elements will be available in the Visa Transaction Research Service (VTRS) using Visa Online (VOL).

2.8 Integrated Billing The new fees associated with PIN Management for IC Cards will appear on your Integrated Billing statement. They include:

• Issuer Participation fee

• PIN Change transaction fee

• PIN Unlock transaction fee

2.9 Training Customer service, back-office and branch staff should be trained as part of the implementation of PIN Management for IC Cards prior to your live date. The following topics should be considered:

• Features of the service: PIN Change/Unlock and PIN Unlock

• High-level description of PIN Management message processing

• Changes to PIN reissuance procedures, if any

• New ATM screens, if your organisation is also participating as an acquirer

• Cardholder notification materials

• Changes to the card management system

• Changes to reporting

Acquirer Implementation PIN Management Messages


3. Acquirer Implementation

This chapter describes the PIN Management for IC Cards implementation activities for acquirers. They include:

• Developing the capability to send PIN Management request messages and process PIN Management response messages

• Designing new ATM screens for PIN Change/Unlock and PIN Unlock transactions

• Adding the new transaction types to ATM reporting

• Training staff

3.1 PIN Management Messages Acquirers must update their host systems to be able to send PIN Change/Unlock and PIN Unlock messages as described in Section 1.1, “Service Features,” and Appendix A. You must also be able to process the response messages from issuers.

Certification with VisaNet is required for this service. Refer to Chapter 4 for more information on testing and certification.

The V.I.P. System technical documentation also provides information on PIN Management messages and transaction processing.

3.2 ATM Screens ATM screens must be added for the following functions:

• PIN Change/Unlock

NOTE: The PIN entry screen must capture both the current and new PIN. The new PIN must be entered twice and edited either at the ATM or the acquirer’s host system to ensure that the same PIN was entered both times. Only one new PIN block is sent to the issuer.

• PIN Unlock



• New response codes, including:

! Request declined by issuer (P5)

! Unsafe PIN selection by the cardholder (P6)

The following BASE I response codes have been added to SMS in support of PIN Management:

• 58 – Transaction not allowed at terminal (Acquirer not participating)

• 85 – No reason to decline a request (Approval of request)

Your ATM screens must also accommodate the existing VisaNet response codes that are used for this service as shown in Table 3-1. The response codes must either be mapped to existing screens with appropriate language or a new screen added.

Other standard response codes used in VisaNet ATM processing may also apply. Any response codes added to ATM processing in the future will automatically apply to PIN Management as well.

Table 3-1: Existing Response Codes

BASE I SMS





81 – PIN cryptographic error

83 – Unable to verify PIN2


91 – Issuer unavailable or switch inoperative (STIP not applicable or available to this transaction)





81 – Cryptographic error in PIN

86 – Cannot verify PIN2

91 –Destination unavailable or time out when no stand-in


1 – Response code 12 is returned to the acquirer when the chip fields in either F55 or the 3rd bitmap (F152) are dropped from the request message. The PIN Change/Unlock request message is not forwarded to the issuer if either F55 or the 3rd bitmap is not present.

2 – When SMS receives response code 83 from BASE I, it converts the 83 to an 86 before forwarding the message to the acquirer.

Acquirer Implementation Reporting


3.3 Reporting The two new PIN Management transaction types, PIN Change/Unlock and PIN Unlock, should be added to ATM reporting that displays transaction data and counts of transaction types.

The new transaction data elements will be available in the Visa Transaction Research Service (VTRS) using Visa Online (VOL).

3.4 Integrated Billing The Acquirer Incentive associated with PIN Management for IC Cards will appear as a credit on your Integrated Billing statement.

3.5 Training Customer service, back-office and branch staff should be trained as part of the implementation of PIN Management for IC Cards prior to your live date. The following topics should be considered:

• Features of the service: PIN Change/Unlock and PIN Unlock

• High-level description of PIN Management message processing

• New ATM screens

• Frequently asked questions from customers and non-customers

• Changes to reports

Certification Requirements Certification Environment


4. Certification Requirements

This chapter addresses the PIN Management for IC Cards requirements for certification, including:

• Certification Environment

• Pre-Certification

• V.I.P. Certification

4.1 Certification Environment Once you have completed internal testing of coding changes to support PIN Management for IC Cards, you will need to begin preparing for certification with VisaNet. The first step in the certification process is to ensure that all of the necessary components are in place. The following components are required for the certification environment:

• VisaNet Certification Management Service (VCMS) connectivity

• VisaNet Access Point (VAP) 10.23 or greater

• VTS2000 release 3.4 or greater or Visa Test System (Sapphire Edition) version 11.0 or greater.

• PIN Management for IC cards certification scripts

• Personalised test chip cards

Contact your Visa representative to obtain certification scripts.

For more information, refer to the following documents:

• Visa Certification Management Service (VCMS) Testing and Certification Guide-V.I.P. System

• VCMS User’s Manual-BASE I System

• VTS2000 User’s Guide or the Visa Test System (Sapphire Edition) User’s Guide



4.2 Certification Process

You must perform a series of transactions, referred to as a test or certification script, to demonstrate your host system is able to send and receive the new data and fields required in the PIN Management messages. Sample test scripts are provided in Appendix B.

NOTE: Your organisation must be certified for Visa ATM Services and the full data option for IC card processing prior to certifying for PIN Management for IC Cards.

Certification information for PIN Management for IC cards is gathered via Visa Online. After your implementation of the service is initiated at Visa, you will receive a set of PIN Management certification questions through Visa Online. The certification questions are answered and returned online. Your Implementation Manager then uses the information to set up the testing and certification process for your organisation at the regional certification lab.

Message Formats and Flows BASE I Message Formats

27 Jun 2002 Visa *Confidential* A–1

A. Message Formats and Flows

This appendix contains the BASE I and SMS message formats for PIN Management transactions, including request, response, reversal and advice of reversal messages.

NOTE: Two fields are included in these messages that don’t specifically affect PIN Management processing:

− Track 2 data

− Currency Code (Field 49)

These fields remain in use for data consistency with other ATM messages.

The message format tables use the following abbreviations to indicate if fields are required:

M – Mandatory

C – Conditional

O – Optional


A–2 Visa *Confidential* 27 Jun 2002

A.1 BASE I Message Formats Table A-1 shows the BASE I 0100/0110 message format for the PIN Management request/response message pair.

Table A-1: BASE I Request/Response

Field Number

Field Name

0100

0110

Comments

Bitmap, third M M

2 Primary Account Number (PAN) M M

3 Processing Code M M ‘700000’ – PIN Change/Unblock ‘720000’ – PIN Unblock

7 Transmission Date and Time M M

11 Systems Trace Audit Number M M

14 Date, Expiration C

18 Merchant Type M Must be 6011

19 Acquiring Institution Country Code M M

22 Point of Service Entry Mode Code M Must be ‘05’ or ‘95’

23 Card Sequence Number C C

25 Point of Service Condition Code M M Must be ‘00’

26 Point of Service PIN Capture Code C

32 Acquiring Institution ID Code M M

33 Forwarding Institution ID Code C Required for SMS bridge transactions. It will not be forwarded to the Issuer.

35 Track 2 Data C Chip data image of Track 2 data

37 Retrieval Reference Number M M



Field Number

Field Name

0100

0110

Comments

39 Response Code M Values must be: 12 = Invalid transaction 55 = Incorrect PIN 81 = PIN cryptographic error 83 = Unable to verify PIN 85 = Approval of request P5 = Decline of request P6 = Unsafe PIN 57 = Issuer not participating 58 = Acquirer not participating 91 = Issuer unavailable or timed-out

41 Card Acceptor Terminal ID M M Identification of ATM

42 Card Acceptor ID Code M M Identification of ATM

43 Card Acceptor Name/Location M Name/Location of ATM

44.1 Response Source/Reason Code M

49 Currency Code, Transaction M M

52 PIN Data M Existing PIN

53 Security Related Control Info M Information about existing PIN and new requested PIN

55 Field 55 (BER-TLV) C C Location for new PIN or Field 152, Field 55 or Field 152 must be present if the processing code in Field 3.1 is ‘70’

BER-TLV Tag is ‘CO’

The field is formatted: COXXFFFFFFFFFFFFFFFF where: CO is the tag, XX is the is the fixed length of the data, FFFFFFFFFFFFFFFF is the encrypted secondary PIN block

59 National POS Geographic Data C

60 Additional POS Information M

130 Terminal Capability Profile C

131 Terminal Verification Results C



Field Number

Field Name

0100

0110

Comments

132 Unpredictable Number C

133 Terminal Serial Number C

134 Visa Discretionary Data C

135 Issuer Discretionary Data C

136 Cryptogram C Must be present

137 Application Transaction Counter C C

138 Application Interchange Profile C

139 ARPC Response Cryptogram and Code

C

142 Issuer Script C Must be present, if response code from issuer is ‘85’

144 Cryptogram Transaction Type C

145 Terminal Country Code C

146 Terminal Transaction Date C

147 Cryptogram Amount C Must be present; a zero amount is used in generating the ARQC and ARPC

148 Cryptogram Currency Code C

149 Cryptogram Cashback Amount C

152 Secondary PIN Data C Field 152 or Field 55 must be present if Field 3.1 is equal to ‘70’



The BASE I reversal message format is shown in Table A-2.

Table A-2: BASE I Reversal

Field Number

Field Name

0400

0410

Comments

Bitmap, third M M








22 Point of Service Entry Mode Code M





33 Forwarding Institution ID Code C Required for SMS bridge transactions. It will not be forwarded to the issuer.


39 Response Code M

41 Card Acceptor Terminal ID M M

42 Card Acceptor ID Code M M

43 Card Acceptor Name/Location M

44.1 Additional Response Data M

49 Currency Code, Transaction M M



Field Number

Field Name

0400

0410

Comments

55 Field 55 (BER-TLV) C C

59 National Geographic Data C


90 Original Data Elements M C

131 Terminal Verification Results C It is present in 0400 if issuer authentication failed

133 Terminal Serial Number C If present in original, it is required in 0400 request


137 Application Transaction Counter C C

143 Issuer Script Results C Must be present for reversal



The BASE I advice of reversal message format is shown in Table A-3.

Table A-3: BASE I Advice of Reversal

Field Number

Field Name

0420

Bitmap, third M

2 Primary Account Number (PAN) M

3 Processing Code M

7 Transmission Date and Time M

11 Systems Trace Audit Number M


18 Merchant Type M

19 Acquiring Institution Country Code M


23 Card Sequence Number C

25 Point of Service Condition Code M


32 Acquiring Institution ID Code M

33 Forwarding Institution ID Code C

37 Retrieval Reference Number M

39 Response Code M

41 Card Acceptor Terminal ID M

42 Card Acceptor ID Code M


44.1 Additional Response Data M

49 Currency Code, Transaction M

55 Field 55 (BER-TLV) C





Field Number

Field Name

0420

90 Original Data Elements M

131 Terminal Verification Results C

133 Terminal Serial Number C


137 Application Transaction Counter C

143 Issuer Script Results C

Message Formats and Flows SMS Message Formats


A.2 SMS Message Formats Table A-4 shows the SMS 0200/0210 message format for the PIN Management Service request/response message pair.

Table A-4: SMS Request/Response

Field Number

Field Name

0200

0210

Comments

Bitmap, Secondary M M

Third Bitmap, M M





12 Time, Local Transaction M

13 Date, Local Transaction M

14 Date, Expiration O

15 Date, Settlement M SMS provided



21 Forwarding Institution Country Code C

22 Point of Service Entry Mode Code M Must be ‘05’ or ‘95’








Field Number

Field Name

0200

0210

Comments

35 Track 2 Data C Chip data image of Track 2 data


39 Response Code M Values must be: 12 = Invalid transaction 55 = Incorrect PIN 81 = PIN cryptographic error 85 = Approval of request 86 = Unable to verify PIN P5 = Decline of request P6 = Unsafe PIN 57 = Issuer not participating 58 = Acquirer not participating 91 = Issuer unavailable or timed-out 96 = System malfunction

NOTE: When SMS receives response code 83 from BASE I, it converts the 83 to an 86 before forwarding the message to the acquirer.

41 Card Acceptor Terminal ID M M Identification of ATM

42 Card Acceptor ID Code M M Identification of ATM

43 Card Acceptor Name/Location M Name/Location of ATM

49 Currency Code, Transaction C C

52 PIN Data M Existing PIN

53 Security Related Control Info M Information about existing PIN and new requested PIN

55 Field 55 (BER-TLV) C C Location for new PIN or Field 152, Field 55 or Field 152 must be present if the processing code in Field 3.1 is ‘70’

BER-TLV Tag is ‘CO’

The field is formatted: COXXFFFFFFFFFFFFFFFF where: CO is the tag, XX is the is the fixed length of the data, FFFFFFFFFFFFFFFF is the encrypted secondary PIN block



Field Number

Field Name

0200

0210

Comments

59 National POS Geographic Data C


63.0 Bitmap (Field 63) M M

63.1 Network ID M M

115 Additional Trace Data O

130 Terminal Capability Profile O

131 Terminal Verification Results O

132 Unpredictable Number O

133 Terminal Serial Number O

134 Visa Discretionary Data O

135 Issuer Discretionary Data O

136 Cryptogram O Must be present

137 Application Transaction Counter O O

138 Application Interchange Profile O

139 ARPC Response Cryptogram and Code

C

142 Issuer Script C Must be present, if response code from issuer is ‘85’

144 Cryptogram Transaction Type O

145 Terminal Country Code O

146 Terminal Transaction Date O

147 Cryptogram Amount O Must be present; a zero amount is used in generating the ARQC and ARPC

148 Cryptogram Currency Code O

152 Secondary PIN Block C Field 152 or Field 55 must be present if Field 3.1 is equal to ‘70’



The SMS reversal message format is shown in Table A-5.

Table A-5: SMS Reversal

Field Number

Field Name

0420

0430

Comments


Third Bitmap M M







15 Date, Settlement M










38 Authorization ID Response C

39 Response Code M





Field Number

Field Name

0420

0430

Comments





60 Additional POS Information C

63.0 Bitmap (Field 63) M M

63.1 Network ID M M

63.3 Message Reason Code M

90 Original Data Elements M M

115 Additional Trace Data O

131 Terminal Verification Results O It is present in 0420 if issuer authentication failed

133 Terminal Serial Number O If present in original, it is required in 0420 request



143 Issuer Script Results M M Must be present for reversal



The SMS advice of reversal message format is shown in Table A-6.

Table A-6: SMS Advice of Reversal

Field Number

Field Name

0420

0430


Third Bitmap M M


3 Processing Code M M





15 Date, Settlement M M

18 Merchant Type M





25 Point of Service Condition Code M M


33 Forwarding Institution ID Code C


38 Authorisation ID Response C

39 Response Code M M




44.1 Response Source/Reason Code M



Field Number

Field Name

0420

0430




60 Additional POS Information C

63.0 SMS Private Use Fields M M

63.1 Network ID M M

63.3 Message Reason Code M

63.4 STIP/Switch Reason Code M

90 Original Data Elements M M

131 Terminal Verification Results O

133 Terminal Serial Number O



143 Issuer Script Results M M



A.3 Updated Field Descriptions These field descriptions have been updated with information related to PIN Management messages. The PIN Management changes apply to both BASE I and SMS.

Field 152 – Secondary PIN Block Attributes Fixed length 64 N, bit string; 8 bytes DescriptionDescriptionDescriptionDescription Field 152 contains a new PIN to replace an existing PIN. It is

encrypted and formatted as a block of 16 hexadecimal digits. (A new PIN is chosen to replace the current PIN when the cardholder does not remember the current PIN, or the current PIN is compromised or just wants a new PIN.)

In an acquirer-initiated request, this field format must conform to the

PIN Block Format Code in Field 53 – Security Related Control Information. In a request received by the issuer processor, the format conforms to the PIN Block Format of the issuer processor, as previously specified to Visa. This new PIN is never logged, even if it is in an encrypted form.

UsageUsageUsageUsage Field 152 is required in 0100/0200 requests only when the cardholder

chooses to replace their current PIN at an ATM. It must be present when requesting a PIN change. This field is not used in reversal requests or advices, or in any responses.

If this field is present, Field 52 – Personal Identification Number

(PIN) Data and Field 53 – Security Related Control Information must also be present. This field should not be used other than for a PIN Management request.

STIP and Switch Advices: Field 152 is omitted from advices

Field EditsField EditsField EditsField Edits Field 152 is required if Field 3.1 is 70 (PIN Change/Unblock).

The VIC’s security module edits field contents during PIN translation. If there is an error (most commonly, an acquirer key problem), the request message is not rejected; instead, the response code in Field 39 of the 0110/0210 response is set to 81.

RejecRejecRejecReject Codest Codest Codest Codes The reject codes for Field 152 are:

0489 = Field missing in a PIN Change request 0717 = Field present in a PIN Unblock request

Message Formats and Flows Updated Field Descriptions


Field 142 – Issuer Script Attributes Variable length

1 byte + up to 510 hexadecimal digits, maximum 256 bytes

Description Field 142 is a Visa Smart Debit/Visa Smart Credit (VSDC) field. It is also used in Chip Offline Preauthorized Card (COPAC) transactions. It contains proprietary information that the issuer processor wishes to communicate to the card. It allows dynamic changes to the content of the card without reissuing the card.

Usage Field 142 is optional in 0110 responses. It is not present in 0120

advices.

Field 142 is required in 0110/0210 responses when the issuer approved a PIN Change/Unblock request.

Field Edits If Field 142 is present, the value in the one-byte length value cannot be greater that the 510-hexadecimal-digit maximum. If the Issuer approved a PIN Change/Unblock request, Field 142 must be present in the response message.

Reject Codes The reject codes for Field 142 are: 0371 = Invalid length 0490 = Field 142 is missing in an approved PIN Change/Unblock

response 0717 = Field 142 is present in a declined PIN Change/Unblock

response



Field 143 – Issuer Script Results Attributes Variable length

1 byte + up to 40 hexadecimal digits, maximum 21 bytes

Description Field 143 is a Visa Smart Debit/Visa Smart Credit (VSDC) field. During online processing, the issuer processor has the option of sending commands to the card in the authorization response. These commands instruct the card to update the card parameters. The card records the success or failure of the updates in the Issuer Script Results field.

Position 1-8 1-8 1-8 1-8

length reserved reserved reserved reserved

Byte 1 Byte 2 Byte 3 Byte 4

1-4 5-8 1-8

script processing script sequence reserved

Byte 5 Bytes 6-21

Length Subfield: The number of bytes following the length subfield. Field 143 Subfield Values

Position Description Values

Byte 1-4 Reserved for Visa

1-8 Reserved for Visa n/a

Byte 5

1-4 Script Processing 0000 = Script not performed 0001 = Script processing failed 0010 = Script processing successful

5-8 Script Sequence 0000 = Script sequence not specified 0000-1110 = Sequence number of script command 1-14 1110 = Sequence number of script command 15 or above

Byte 6-21 Reserved for Visa

1-8 Reserved for Visa n/a

Usage If an issuer script result is present, field 143 is used in 0400 request

and 0420 advices. Field Edits If field 143 is present, its length cannot exceed 20 bytes excluding the

length byte.

If an update failure occurs for a PIN Management message, Field 143 must be present in the 0400/0420 reversal request.

Message Formats and Flows Updated Field Descriptions


Reject Codes The reject codes for Field 143 are: 0371 = Invalid length 0491 = Field 143 is missing in a PIN Management reversal request

message

PIN

Man

agem

ent

for

IC C

ard

s M

emb

er Im

ple

men

tati

on

Gu

ide

4006

0-01

A–2

0 V

isa

*Con

fiden

tial*

27

Jun

200

2

A.4

PIN

Man

agem

ent

Mes

sag

e F

low

s T

his

sec

tion

illu

stra

tes

the

flow

of

PIN

Man

agem

ent

mes

sage

s.

Th

e fl

ow s

how

n in

Fig

ure

A-1

is t

ypic

al w

hen

eve

ryth

ing

is in

pro

per

orde

r. T

he

acqu

irer

an

d is

suer

are

bot

h

part

icip

atin

g in

th

e P

IN M

anag

emen

t se

rvic

e. N

o pr

oces

sin

g pr

oble

ms

are

enco

un

tere

d by

th

e V

.I.P

. Sys

tem

in t

his

sc

enar

io, a

nd

the

issu

er is

ava

ilab

le. T

he

issu

er’s

res

pon

se in

clu

des

the

Issu

er’s

Scr

ipt

(fie

ld 1

42)

wit

h c

omm

ands

to

upd

ate

the

IC c

ard.

Fig

ure

A-1

: P

IN M

anag

emen

t R

equ

est/

Res

po

nse

A

cqu

irer

V

.I.P

. Sys

tem

Is

suer

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

Is

suer

’s

Scr

ipt

Res

pon

se

Issu

er’s

S

crip

t R

espo

nse

Is

suer

’s

Scr

ipt

Res

pon

se

Mes

sag

e F

orm

ats

and

Flo

ws

PIN

Man

agem

ent M

essa

ge F

low

s

27 J

un 2

002

Vis

a *C

onfid

entia

l*

A–2

1

A r

ever

sal i

s il

lust

rate

d in

Fig

ure

A-2

. Th

e ac

quir

er w

ill s

end

a R

ever

sal m

essa

ge o

nly

wh

en a

scr

ipt

upd

ate

fail

ure

oc

curs

.

Fig

ure

A-2

: P

IN M

anag

emen

t R

ever

sal

A

cqu

irer

V

.I.P

. Sys

tem

Is

suer

R

ever

sal f

or s

crip

t u

pdat

e fa

ilu

re o

nly

R

ever

sal f

or s

crip

t u

pdat

e fa

ilu

re o

nly

Rev

ersa

l for

scr

ipt

upd

ate

fail

ure

on

ly

Is

suer

’s R

ever

sal

Res

pon

se

Issu

er’s

Rev

ersa

l R

espo

nse

Is

suer

’s R

ever

sal

Res

pon

se

PIN

Man

agem

ent

for

IC C

ard

s M

emb

er Im

ple

men

tati

on

Gu

ide

4006

0-01

A–2

2 V

isa

*Con

fiden

tial*

27

Jun

200

2

If a

n a

cqu

irer

is n

ot p

arti

cipa

tin

g in

PIN

Man

agem

ent

for

IC C

ards

, bu

t is

abl

e to

sen

d a

requ

est,

th

e V

.I.P

. Sys

tem

w

ill i

ssu

e a

resp

onse

cod

e ‘5

8’ a

s sh

own

in F

igu

re A

-3.

Fig

ure

A-3

: A

cqu

irer

No

t P

arti

cip

atin

g

A

cqu

irer

V

.I.P

. Sys

tem

Is

suer

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

R

espo

nse

C

ode

‘58’

Res

pon

d w

ith

‘58’

(T

ran

sact

ion

not

al

low

ed a

t te

rmin

al)

Mes

sag

e F

orm

ats

and

Flo

ws

PIN

Man

agem

ent M

essa

ge F

low

s

27 J

un 2

002

Vis

a *C

onfid

entia

l*

A–2

3

As

show

n in

Fig

ure

A-4

, wh

en a

n is

suer

is n

ot p

arti

cipa

tin

g in

th

e P

IN M

anag

emen

t fo

r IC

Car

ds s

ervi

ce, t

he

V.I

.P.

Sys

tem

wil

l iss

ue

a re

spon

se c

ode

‘57’

.

Fig

ure

A-4

: Is

suer

No

t P

arti

cip

atin

g

A

cqu

irer

V

.I.P

. Sys

tem

Is

suer

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

R

espo

nse

C

ode

‘57’

R

espo

nd

wit

h ‘5

7’

PIN

Man

agem

ent

for

IC C

ard

s M

emb

er Im

ple

men

tati

on

Gu

ide

4006

0-01

A–2

4 V

isa

*Con

fiden

tial*

27

Jun

200

2

If t

he

issu

er is

un

avai

labl

e, t

he

V.I

.P. S

yste

m w

ill i

ssu

e a

resp

onse

cod

e ‘9

1’ a

s il

lust

rate

d in

Fig

ure

A-5

.

Fig

ure

A-5

: Is

suer

Un

avai

lab

le

A

cqu

irer

V

.I.P

. Sys

tem

Is

suer

R

espo

nse

C

ode

‘91’

R

espo

nd

wit

h ‘9

1’

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

U

nav

aila

ble

Mes

sag

e F

orm

ats

and

Flo

ws

PIN

Man

agem

ent M

essa

ge F

low

s

27 J

un 2

002

Vis

a *C

onfid

entia

l*

A–2

5

Th

e sc

enar

io in

Fig

ure

A-6

illu

stra

tes

a ti

me-

out.

Th

e is

suer

doe

s n

ot r

espo

nd

wit

hin

th

e sp

ecif

ic t

ime

lim

it. T

he

orig

inal

req

ues

t m

essa

ge is

tim

ed-o

ut

and

Vis

a S

tan

d-In

Pro

cess

ing

(ST

IP)

proc

esse

s a

resp

onse

des

tin

ed t

o th

e ac

quir

er. A

s th

is is

a P

IN-b

ased

tra

nsa

ctio

n, t

he

V.I

.P. S

yste

m r

espo

nds

wit

h r

espo

nse

cod

e ‘9

1’. W

hen

th

e V

.I.P

. Sys

tem

rec

eive

s th

e la

te r

espo

nse

, th

e m

essa

ge is

ret

urn

ed b

ack

to t

he

issu

er. T

his

en

able

s th

e is

suer

to

amen

d th

eir

reco

rds,

bac

kin

g ou

t th

e or

igin

al r

equ

est.

Fig

ure

A-6

: T

ime-

Ou

t, Is

suer

Do

es N

ot

Res

po

nd

A

cqu

irer

V

.I.P

. Sys

tem

Is

suer

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

R

espo

nse

C

ode

‘91’

R

espo

nd

wit

h ‘9

1’

PIN

C

han

ge/U

nlo

ck

Req

ues

t

Pro

cess

L

ate

Res

pon

se

Issu

er’s

S

crip

t R

espo

nse

Ret

urn

Lat

e R

espo

nse

to

Issu

er

to B

ack-

Ou

t th

e R

equ

est

Bac

k O

ut

Req

ues

t if

a

Ret

urn

ed M

essa

geis

Rec

eive

d fr

om

VIP

PIN

Man

agem

ent

for

IC C

ard

s M

emb

er Im

ple

men

tati

on

Gu

ide

4006

0-01

A–2

6 V

isa

*Con

fiden

tial*

27

Jun

200

2

Th

e sc

enar

io il

lust

rate

d in

Fig

ure

A-7

sh

ows

a re

turn

ed m

essa

ge f

rom

th

e ac

quir

ers’

nod

e (u

nde

live

rabl

e). T

his

in

dica

tes

that

th

e ac

quir

er d

id n

ot r

ecei

ve t

he

Issu

er’s

Scr

ipt

to s

ucc

essf

ull

y co

mpl

ete

the

PIN

Ch

ange

/Un

lock

re

ques

t. W

hen

Vis

aNet

rec

eive

s th

e re

turn

ed m

essa

ge, t

he

V.I

.P. S

yste

m f

orw

ards

th

e re

turn

ed m

essa

ge t

o th

e is

suer

.

Fig

ure

A-7

: M

essa

ge

Un

del

iver

able

to

Acq

uir

er

A

cqu

irer

V

.I.P

. Sys

tem

Is

suer

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

PIN

C

han

ge/U

nlo

ck

Req

ues

t

Is

suer

’s

Scr

ipt

Res

pon

se

Issu

er’s

S

crip

t R

espo

nse

Is

suer

’s

Scr

ipt

Res

pon

se

Res

pon

se is

u

nde

live

red

and

retu

rned

to

VIP

Ret

urn

ed

Mes

sage

Pro

cess

Ret

urn

ed

Mes

sage

an

d se

nd

to I

ssu

er t

o ba

ck-

out

Req

ues

t

Bac

k ou

t R

equ

est

if

a R

etu

rned

Mes

sage

is r

ecei

ved

from

VIP

Mes

sag

e F

orm

ats

and

Flo

ws

PIN

Man

agem

ent M

essa

ge F

low

s

27 J

un 2

002

Vis

a *C

onfid

entia

l*

A–2

7

Th

e sc

enar

io in

Fig

ure

A-8

sh

ows

the

flow

of

a R

ever

sal m

essa

ge w

hen

th

e is

suer

is u

nav

aila

ble.

Th

e V

.I.P

. Sys

tem

ge

ner

ates

an

Adv

ice

mes

sage

for

late

r re

trie

val w

hen

th

e is

suer

is a

vail

able

. Th

e is

suer

may

or

may

not

ret

riev

e th

eir

advi

ces

inst

antl

y. R

etri

evin

g ad

vice

s is

typ

ical

ly p

erfo

rmed

du

rin

g of

f-pe

ak h

ours

. Als

o, s

ome

issu

ers

do n

ot

retr

ieve

th

eir

advi

ces

onli

ne,

bu

t op

t to

hav

e th

eir

advi

ces

deli

vere

d of

flin

e vi

a B

AS

E I

I T

C48

s.

Fig

ure

A-8

: P

IN M

anag

emen

t R

ever

sal –

Issu

er U

nav

aila

ble

A

cqu

irer

V

.I.P

. Sys

tem

Is

suer

R

ever

sal f

or s

crip

t u

pdat

e fa

ilu

re o

nly

R

ever

sal f

or s

crip

t u

pdat

e fa

ilu

re o

nly

R

ever

sal f

or s

crip

t u

pdat

e fa

ilu

re o

nly

VIP

cre

ates

an

A

dvic

e to

be

retr

ieve

d by

th

e Is

suer

Is

suer

s’ A

dvic

e F

ile

Issu

er s

ends

m

essa

ge t

o V

IP t

o re

trie

ve t

hei

r A

dvic

es

Sen

d R

ever

sal

Adv

ice

to I

ssu

er

Rec

eive

Rev

ersa

l A

dvic

e fr

om V

IP

PIN

Man

agem

ent

for

IC C

ard

s M

emb

er Im

ple

men

tati

on

Gu

ide

4006

0-01

A–2

8 V

isa

*Con

fiden

tial*

27

Jun

200

2

Certification Scripts BASE I Certification Script

27 Jun 2002 Visa *Confidential* B–1

B. Certification Scripts

This appendix contains sample BASE I and SMS test scripts for PIN Management certification. Prior to online testing, you should obtain the most current certification scripts from Visa Online.

NOTE: Draft test scripts are included in this appendix as examples only, so it is critical that you obtain the most current version through Visa Online.

B.1 BASE I Certification Script Table B-1 describes the sample test cases in the BASE I certification script.

PIN

Man

agem

ent

for

IC C

ard

s M

emb

er Im

ple

men

tati

on

Gu

ide

4006

0-01

B–2

V

isa

*Con

fiden

tial*

27

Jun

200

2

Tab

le B

-1:

BA

SE

I P

IN M

anag

emen

t C

erti

fica

tio

n S

crip

t

Fie

ld V

alu

es

Cas

e N

um

ber

M

essa

ge

Typ

e Id

enti

fier

C

ase

Nam

e F

3 F

18

F22

F

25

F39

C

om

men

ts

1 01

00/0

110

Aut

horis

atio

n -

PIN

Cha

nge

7000

00

6011

05

10

00

85

PIN

req

uest

app

rove

d. F

142

mus

t be

pres

ent

in r

espo

nse.

2 01

00/0

110

Aut

horis

atio

n -

PIN

Cha

nge

7000

00

6011

05

10

00

85

PIN

req

uest

app

rove

d. F

142

mus

t be

pres

ent

in r

espo

nse.

04

00/0

410

Rev

ersa

l 70

0000

60

11

0510

00

F14

3 Is

suer

scr

ipt r

esul

ts m

ust b

e pr

esen

t

3 01

00/0

110

Aut

horis

atio

n -

PIN

Unb

lock

72

0000

60

11

0510

00

85

P

IN r

eque

st a

ppro

ved.

F14

2 m

ust b

e pr

esen

t in

res

pons

e.

4 01

00/0

110

Aut

horis

atio

n -

PIN

Cha

nge

7000

00

6011

05

10

00

P5

PIN

req

uest

dec

lined

5 01

00/0

110

Aut

horis

atio

n -

PIN

Unb

lock

72

0000

60

11

0510

00

P

6 U

nsaf

e P

IN

6 01

00/0

110

Aut

horis

atio

n -

PIN

Cha

nge

7200

00

6011

05

10

00

83

Una

ble

to v

erify

PIN

7 01

00/0

110

Aut

horis

atio

n -

PIN

Unb

lock

72

0000

60

11

0510

00

81

C

rypt

ogra

phic

err

or

8 01

00/0

110

Aut

horis

atio

n -

PIN

Cha

nge

7000

00

6011

05

10

00

85

PIN

req

uest

app

rove

d. F

142

mus

t be

pres

ent

in r

espo

nse.

04

20/0

430

Rev

ersa

l Adv

ice

7000

00

6011

05

10

00

F

143

Issu

er s

crip

t res

ults

mus

t be

pres

ent

9 01

00/0

110

Aut

horis

atio

n -

PIN

Unb

lock

72

0000

60

11

0510

00

91

Is

suer

una

vaila

ble

or ti

med

out

NO

TE

: F

55 o

r F

152

will

hav

e th

e ne

w P

IN.

Certification Scripts SMS Certification Script

27 Jun 2002 Visa *Confidential* B–3

B.2 SMS Certification Script Table B-2 provides a sample SMS certification script.

SMS test case results should be verified against SMS reports and raw data.

PIN

Man

agem

ent

for

IC C

ard

s M

emb

er Im

ple

men

tati

on

Gu

ide

4006

0-01

B–4

V

isa

*Con

fiden

tial*

27

Jun

200

2

Tab

le B

-2:

SM

S P

IN M

anag

emen

t C

erti

fica

tio

n S

crip

t

Fie

ld V

alu

es

Cas

e N

um

ber

M

essa

ge

Typ

e Id

enti

fier

C

ase

Nam

e F

3 F

18

F22

F

25

F39

C

om

men

ts

1 02

00/0

210

PIN

Cha

nge

7000

00

6011

05

10

00

85

PIN

req

uest

app

rove

d. F

142

mus

t be

pres

ent i

n re

spon

se.

2 02

00/0

210

PIN

Cha

nge

7000

00

6011

05

10

00

85

PIN

req

uest

app

rove

d. F

142

mus

t be

pres

ent i

n re

spon

se.

04

00/0

410

Rev

ersa

l 70

0000

60

11

0510

00

F14

3 Is

suer

scr

ipt r

esul

ts m

ust b

e pr

esen

t

3 02

00/0

210

Pin

Unb

lock

72

0000

60

11

0510

00

85

P

IN r

eque

st a

ppro

ved.

F14

2 m

ust b

e pr

esen

t in

resp

onse

.

4 02

00/0

210

PIN

Cha

nge

7000

00

6011

05

10

00

P5

PIN

req

uest

dec

lined

5 02

00/0

210

PIN

Unb

lock

72

0000

60

11

0510

00

P

6 U

nsaf

e P

IN

6 02

00/0

210

PIN

Cha

nge

7200

00

6011

05

10

00

83

Una

ble

to v

erify

PIN

7 02

00/0

210

PIN

Unb

lock

72

0000

60

11

0510

00

81

C

rypt

ogra

phic

err

or

8 02

00/0

210

PIN

Cha

nge

7000

00

6011

05

10

00

85

PIN

req

uest

app

rove

d. F

142

mus

t be

pres

ent i

n re

spon

se.

04

20/0

430

Rev

ersa

l Adv

ice

7000

00

6011

05

10

00

F

143

Issu

er s

crip

t res

ults

mus

t be

pres

ent

9 02

00/0

210

PIN

Unb

lock

72

0000

60

11

0510

00

91

Is

suer

una

vaila

ble

or ti

med

out

NO

TE

: F

55 o

r F

152

will

hav

e th

e ne

w P

IN.

Glossary

27 Jun 2002 Visa *Confidential* Glossary–1

Glossary

Card Verification Value (CVV)

A unique check value encoded on the magnetic stripe or chip of a card. The Card Verification Value is used to validate the card information during authorisation and detect counterfeit cards. This service is not available to PIN Management for IC Cards.

Europay, MasterCard, Visa (EMV) Specifications

Technical specifications developed by the three payment schemes outlining the interactions between chip cards and terminals to ensure interoperability.

Offline PIN

A numeric value stored on the chip of an IC card used to identify the cardholder when PIN verification takes place offline between the card and terminal.

Offline PIN Verification

The process of verifying a PIN entered into a terminal by the cardholder through interaction between the card and terminal. The PIN entered by the cardholder is compared to a numeric value stored on the chip in the card.

Online PIN

A numeric value stored at the issuer’s host that is used to identify the cardholder when PIN verification takes place through an online message routed between the acquirer and the issuer.

Online PIN Verification

The process of verifying a PIN entered into a terminal by the cardholder by sending it to the issuer for verification. The PIN entered by the cardholder is compared to a numeric value stored at the issuer’s host.


Glossary–2 Visa *Confidential* 27 Jun 2002

PIN Change/Unlock

A PIN Management message used to change the offline PIN on an IC card. Optionally, the issuer may reset the PIN-try counter in the same response message, as the status of the PIN-try counter is included in the request message.

PIN Verification Value (PVV)

The PIN Verification Value is used in the PIN Verification Service offered by Visa to verify PINs on behalf of issuers. This service is not available to PIN Management for IC Cards as only the issuer can approve a PIN Management request.

PIN Management Message

An online message used to handle PIN-related functions, such as changing or unlocking a PIN on an IC card.

PIN Unlock

A PIN Management message used to reset the PIN-try counter on IC cards. When the PIN-try counter reaches its maximum allowable value as set by the issuer, the card application may become blocked. This will prevent subsequent transactions.

Post-Issuance Script

A command sent from the card issuer to the IC card through VisaNet to change a parameter set in the chip on the card. The IC card will verify that it is the genuine issuer that has provided the Post-Issuance Script. Also referred to as issuer script.