Upload
ihab-zebian
View
388
Download
1
Embed Size (px)
Citation preview
M/Chip CardPersonalization
Standard Profiles(Including PayPass)
February 2010
Notices
Proprietary Rights The information contained in this document is proprietary andconfidential to MasterCard International Incorporated, one or more ofits affiliated entities (collectively “MasterCard”), or both.
This material may not be duplicated, published, or disclosed, inwhole or in part, without the prior written permission of MasterCard.
Trademarks Trademark notices and symbols used in this document reflect theregistration status of MasterCard trademarks in the United States.Please consult with the Customer Operations Services team or theMasterCard Law Department for the registration status of particularproduct, program, or service names outside the United States.
All third-party product and service names are trademarks or registeredtrademarks of their respective owners.
Billing For printed documents, MasterCard will bill principal members.Please refer to the appropriate MasterCard Consolidated BillingSystem (MCBS) document for billing-related information.
Information AvailableOnline
MasterCard provides details about the standards used for thisdocument—including times expressed, language use, and contactinformation—on the Member Publications Support page availableon MasterCard OnLine®. Go to Member Publications Support forcentralized information.
Translation A translation of any MasterCard manual, bulletin, release, or otherMasterCard document into a language other than English is intendedsolely as a convenience to MasterCard customers. MasterCardprovides any translated document to its customers “AS IS” and makesno representations or warranties of any kind with respect to thetranslated document, including, but not limited to, its accuracy orreliability. In no event shall MasterCard be liable for any damagesresulting from a customer's reliance on any translated document. TheEnglish version of any MasterCard document will take precedenceover any translated version in any legal proceeding.
Publication Code PSP
©2010 MasterCardFebruary 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Table of Contents
Chapter 1 Using this Document ..................................................................... 1-iPurpose.................................................................................................................................... 1-1
Related Information ........................................................................................................... 1-1
Audience.................................................................................................................................. 1-1
Benefits .................................................................................................................................... 1-2
Support .................................................................................................................................... 1-2
Overview of Standard Profiles ................................................................................................. 1-2
Chapter 2 Principles and Issuer Decisions...................................................... 2-iCard Application ...................................................................................................................... 2-1
Card Functions......................................................................................................................... 2-1Contact Payment................................................................................................................ 2-1Contactless Payment .......................................................................................................... 2-1MasterCard Authentication Solutions for Chip ................................................................... 2-1
File Structures .......................................................................................................................... 2-3
Issuer Host Grade Processing .................................................................................................. 2-3Chip Host Grade................................................................................................................ 2-3Mag Stripe Host Grade....................................................................................................... 2-3
Card Authentication ................................................................................................................. 2-4
Cardholder Verification ............................................................................................................ 2-4
Online Processing.................................................................................................................... 2-5Exclusively-Online Cards ................................................................................................... 2-5Online-Preferring Cards ..................................................................................................... 2-5
Debit MasterCard ..................................................................................................................... 2-5
Chapter 3 Selecting a Profile .......................................................................... 3-iAsia Pacific Region .................................................................................................................. 3-1
Canada Region......................................................................................................................... 3-2
Europe Region ......................................................................................................................... 3-3
Latin America and the Caribbean Region................................................................................. 3-4
South Asia/Middle East/Africa Region ..................................................................................... 3-5
Chapter 4 Issuer-Defined Data Elements....................................................... 4-iIssuer-Defined Data Elements.................................................................................................. 4-1
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 i
Table of Contents
Chapter 5 Standard Profiles for Maestro....................................................... 5-iProfile 01: Maestro with SDA—Full Chip Issuer ...................................................................... 5-1
Cardholder Verification ...................................................................................................... 5-1Application Usage Control ................................................................................................. 5-1Application Interchange Profile ......................................................................................... 5-1Issuer Risk Management .................................................................................................... 5-1PayPass.............................................................................................................................. 5-3MasterCard Authentication Solutions for Chip ................................................................... 5-3
Profile 02: Maestro with DDA—Full Chip Issuer ..................................................................... 5-6Cardholder Verification ...................................................................................................... 5-7Application Usage Control ................................................................................................. 5-7Application Interchange Profile ......................................................................................... 5-7Issuer Risk Management .................................................................................................... 5-7PayPass.............................................................................................................................. 5-9MasterCard Authentication Solutions for Chip ................................................................... 5-9Data Element List ............................................................................................................... 5-9
Profile 03: Maestro with CDA and DDA—Full Chip Issuer.................................................... 5-13Cardholder Verification .................................................................................................... 5-13Application Usage Control ............................................................................................... 5-13Application Interchange Profile ....................................................................................... 5-13Issuer Risk Management .................................................................................................. 5-13PayPass............................................................................................................................ 5-15MasterCard Authentication Solutions for Chip ................................................................. 5-15Data Element List ............................................................................................................. 5-15
Profile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpretTVR/CVR................................................................................................................................ 5-19
Cardholder Verification .................................................................................................... 5-19Application Usage Control ............................................................................................... 5-19Application Interchange Profile ....................................................................................... 5-19Issuer Risk Management .................................................................................................. 5-19PayPass............................................................................................................................ 5-20MasterCard Authentication Solutions for Chip ................................................................. 5-20Data Element List ............................................................................................................. 5-20
Profile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpretTVR/CVR................................................................................................................................ 5-24
Cardholder Verification .................................................................................................... 5-24Application Usage Control ............................................................................................... 5-24Application Interchange Profile ....................................................................................... 5-24Issuer Risk Management .................................................................................................. 5-24PayPass............................................................................................................................ 5-25MasterCard Authentication Solutions for Chip ................................................................. 5-25Data Element List ............................................................................................................. 5-25
©2010 MasterCardii 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Table of Contents
Chapter 6 Standard Profiles for MasterCard/Debit MasterCard .................. 6-iProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer(1) ............................................................................................................................................ 6-1
Cardholder Verification ...................................................................................................... 6-1Application Usage Control ................................................................................................. 6-1Application Interchange Profile ......................................................................................... 6-2Issuer Risk Management .................................................................................................... 6-2PayPass.............................................................................................................................. 6-3MasterCard Authentication Solutions for Chip ................................................................... 6-3Data Element List ............................................................................................................... 6-3
Profile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer(2) ............................................................................................................................................ 6-7
Cardholder Verification ...................................................................................................... 6-7Application Usage Control ................................................................................................. 6-8Application Interchange Profile ......................................................................................... 6-8Issuer Risk Management .................................................................................................... 6-8PayPass.............................................................................................................................. 6-9MasterCard Authentication Solutions for Chip ................................................................... 6-9Data Element List ............................................................................................................. 6-10
Profile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer(3) .......................................................................................................................................... 6-13
Cardholder Verification .................................................................................................... 6-14Application Usage Control ............................................................................................... 6-14Application Interchange Profile ....................................................................................... 6-14Issuer Risk Management .................................................................................................. 6-14PayPass............................................................................................................................ 6-16MasterCard Authentication Solutions for Chip ................................................................. 6-16Data Element List ............................................................................................................. 6-16
Profile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer(1) .......................................................................................................................................... 6-19
Overview ......................................................................................................................... 6-19Cardholder Verification .................................................................................................... 6-20Application Usage Control ............................................................................................... 6-20Application Interchange Profile ....................................................................................... 6-20Issuer Risk Management .................................................................................................. 6-20PayPass............................................................................................................................ 6-22MasterCard Authentication Solutions for Chip ................................................................. 6-22Data Element List ............................................................................................................. 6-22
Profile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer(2) .......................................................................................................................................... 6-25
Cardholder Verification .................................................................................................... 6-26Application Usage Control ............................................................................................... 6-26Application Interchange Profile ....................................................................................... 6-26
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 iii
Table of Contents
Issuer Risk Management .................................................................................................. 6-27PayPass............................................................................................................................ 6-28MasterCard Authentication Solutions for Chip ................................................................. 6-28Data Element List ............................................................................................................. 6-28
Profile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(1) .......................................................................................................................................... 6-32
Overview ......................................................................................................................... 6-32Cardholder Verification .................................................................................................... 6-32Application Usage Control ............................................................................................... 6-32Application Interchange Profile ....................................................................................... 6-33Issuer Risk Management .................................................................................................. 6-33PayPass............................................................................................................................ 6-34MasterCard Authentication Solutions for Chip ................................................................. 6-34Data Element List ............................................................................................................. 6-34
Profile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(2) .......................................................................................................................................... 6-38
Cardholder Verification .................................................................................................... 6-38Application Usage Control ............................................................................................... 6-39Application Interchange Profile ....................................................................................... 6-39Issuer Risk Management .................................................................................................. 6-39PayPass............................................................................................................................ 6-40MasterCard Authentication Solutions for Chip ................................................................. 6-40Data Element List ............................................................................................................. 6-41
Profile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(3) .......................................................................................................................................... 6-44
Cardholder Verification .................................................................................................... 6-45Application Usage Control ............................................................................................... 6-45Application Interchange Profile ....................................................................................... 6-45Issuer Risk Management .................................................................................................. 6-45PayPass............................................................................................................................ 6-47MasterCard Authentication Solutions for Chip ................................................................. 6-47Data Element List ............................................................................................................. 6-47
Profile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer(1) .......................................................................................................................................... 6-51
Cardholder Verification .................................................................................................... 6-51Application Usage Control ............................................................................................... 6-51Application Interchange Profile ....................................................................................... 6-51Issuer Risk Management .................................................................................................. 6-52PayPass............................................................................................................................ 6-53MasterCard Authentication Solutions for Chip ................................................................. 6-53Data Element List ............................................................................................................. 6-53
Profile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer(2) .......................................................................................................................................... 6-57
©2010 MasterCardiv 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Table of Contents
Cardholder Verification .................................................................................................... 6-57Application Usage Control ............................................................................................... 6-57Application Interchange Profile ....................................................................................... 6-57Issuer Risk Management .................................................................................................. 6-58PayPass............................................................................................................................ 6-59MasterCard Authentication Solutions for Chip ................................................................. 6-59Data Element List ............................................................................................................. 6-59
Profile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full ChipIssuer (1)................................................................................................................................ 6-63
Cardholder Verification .................................................................................................... 6-63Application Usage Control ............................................................................................... 6-63Application Interchange Profile ....................................................................................... 6-64Issuer Risk Management .................................................................................................. 6-64PayPass............................................................................................................................ 6-65MasterCard Authentication Solutions for Chip ................................................................. 6-65Data Element List ............................................................................................................. 6-65
Profile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer(2) .......................................................................................................................................... 6-69
Overview ......................................................................................................................... 6-69Cardholder Verification .................................................................................................... 6-70Application Usage Control ............................................................................................... 6-70Application Interchange Profile ....................................................................................... 6-70Issuer Risk Management .................................................................................................. 6-70PayPass............................................................................................................................ 6-71MasterCard Authentication Solutions for Chip ................................................................. 6-72Data Element List ............................................................................................................. 6-72
Profile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer can interpret TVR/CVR........................................................................... 6-75
Cardholder Verification .................................................................................................... 6-76Application Usage Control ............................................................................................... 6-76Application Interchange Profile ....................................................................................... 6-76Issuer Risk Management .................................................................................................. 6-76PayPass............................................................................................................................ 6-78MasterCard Authentication Solutions for Chip ................................................................. 6-78Data Element List ............................................................................................................. 6-78
Profile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (1) ................................................................ 6-82
Cardholder Verification .................................................................................................... 6-82Application Usage Control ............................................................................................... 6-82Application Interchange Profile ....................................................................................... 6-83Issuer Risk Management .................................................................................................. 6-83PayPass............................................................................................................................ 6-84MasterCard Authentication Solutions for Chip ................................................................. 6-84
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 v
Table of Contents
Data Element List ............................................................................................................. 6-84
Profile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (2) ................................................................ 6-88
Cardholder Verification .................................................................................................... 6-88Application Usage Control ............................................................................................... 6-88Application Interchange Profile ....................................................................................... 6-89Issuer Risk Management .................................................................................................. 6-89PayPass............................................................................................................................ 6-90MasterCard Authentication Solutions for Chip ................................................................. 6-90Data Element List ............................................................................................................. 6-90
Profile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (3) ................................................................ 6-94
Cardholder Verification .................................................................................................... 6-94Application Usage Control ............................................................................................... 6-94Application Interchange Profile ....................................................................................... 6-95Issuer Risk Management .................................................................................................. 6-95PayPass............................................................................................................................ 6-96MasterCard Authentication Solutions for Chip ................................................................. 6-96Data Element List ............................................................................................................. 6-96
Profile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (4) ...............................................................6-100
Cardholder Verification ...................................................................................................6-100Application Usage Control ..............................................................................................6-101Application Interchange Profile ......................................................................................6-101Issuer Risk Management .................................................................................................6-101PayPass...........................................................................................................................6-102MasterCard Authentication Solutions for Chip ................................................................6-102Data Element List ............................................................................................................6-103
Profile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (1) ...............................................................6-106
Cardholder Verification ...................................................................................................6-107Application Usage Control ..............................................................................................6-107Application Interchange Profile ......................................................................................6-107Issuer Risk Management .................................................................................................6-107PayPass...........................................................................................................................6-108MasterCard Authentication Solutions for Chip ................................................................6-108Data Element List ............................................................................................................6-109
Profile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (2) ...............................................................6-112
Cardholder Verification ...................................................................................................6-113Application Usage Control ..............................................................................................6-113Application Interchange Profile ......................................................................................6-113Issuer Risk Management .................................................................................................6-113
©2010 MasterCardvi 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Table of Contents
PayPass...........................................................................................................................6-114MasterCard Authentication Solutions for Chip ................................................................6-114Data Element List ............................................................................................................6-115
Profile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe GradeIssuer (3)...............................................................................................................................6-118
Cardholder Verification ...................................................................................................6-119Application Usage Control ..............................................................................................6-119Application Interchange Profile ......................................................................................6-119Issuer Risk Management .................................................................................................6-119PayPass...........................................................................................................................6-120MasterCard Authentication Solutions for Chip ................................................................6-121Data Element List ............................................................................................................6-121
Profile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe GradeIssuer (4)...............................................................................................................................6-124
Cardholder Verification ...................................................................................................6-125Application Usage Control ..............................................................................................6-125Application Interchange Profile ......................................................................................6-125Issuer Risk Management .................................................................................................6-125PayPass...........................................................................................................................6-126MasterCard Authentication Solutions for Chip ................................................................6-127Data Element List ............................................................................................................6-128
Profile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer(3) .........................................................................................................................................6-131
Cardholder Verification ...................................................................................................6-132Application Usage Control ..............................................................................................6-132Application Interchange Profile ......................................................................................6-132Issuer Risk Management .................................................................................................6-132PayPass...........................................................................................................................6-133MasterCard Authentication Solutions for Chip ................................................................6-133Data Element List ............................................................................................................6-134
Chapter 7 Standard Profiles for MasterCard Electronic................................ 7-iProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full ChipIssuer ....................................................................................................................................... 7-1
Cardholder Verification ...................................................................................................... 7-1Application Usage Control ................................................................................................. 7-1Application Interchange Profile ......................................................................................... 7-1Issuer Risk Management .................................................................................................... 7-1PayPass.............................................................................................................................. 7-2MasterCard Authentication Solutions for Chip ................................................................... 7-2Data Element List ............................................................................................................... 7-2
Profile 52: MasterCard Electronic with no offline CAM and signature—Full ChipIssuer ....................................................................................................................................... 7-5
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 vii
Table of Contents
Cardholder Verification ...................................................................................................... 7-5Application Usage Control ................................................................................................. 7-6Application Interchange Profile ......................................................................................... 7-6Issuer Risk Management .................................................................................................... 7-6PayPass.............................................................................................................................. 7-6MasterCard Authentication Solutions for Chip ................................................................... 7-6Data Element List ............................................................................................................... 7-6
Profile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer...................... 7-9Cardholder Verification .................................................................................................... 7-10Application Usage Control ............................................................................................... 7-10Application Interchange Profile ....................................................................................... 7-10Issuer Risk Management .................................................................................................. 7-10PayPass............................................................................................................................ 7-11MasterCard Authentication Solutions for Chip ................................................................. 7-11Data Element List ............................................................................................................. 7-11
Chapter 8 Standard Profiles for PayPass ....................................................... 8-iProfiles Overview for PayPass ................................................................................................. 8-1
Profile 91: Maestro PayPass with CDA .................................................................................... 8-1Data Elements for Application Selection............................................................................ 8-1Data Elements Referenced in the AFL (PayPass) ............................................................... 8-2Get Processing Options Response ..................................................................................... 8-4Card Risk Management ...................................................................................................... 8-4Secret Keys ........................................................................................................................ 8-5Miscellaneous .................................................................................................................... 8-6
Profile 92: MasterCard/Debit MasterCard PayPass with SDA, signature preferred to onlinePIN........................................................................................................................................... 8-7
Data Elements for Application Selection............................................................................ 8-7Data Elements Referenced in the AFL (PayPass) ............................................................... 8-7Get Processing Options Response ................................................................................... 8-11Card Risk Management .................................................................................................... 8-11Secret Keys ...................................................................................................................... 8-12Miscellaneous .................................................................................................................. 8-13
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred tosignature ................................................................................................................................ 8-13
Data Elements for Application Selection.......................................................................... 8-14Data Elements Referenced in the AFL (PayPass) ............................................................. 8-14Get Processing Options Response ................................................................................... 8-18Card Risk Management .................................................................................................... 8-18Secret Keys ...................................................................................................................... 8-19Miscellaneous .................................................................................................................. 8-19
©2010 MasterCardviii 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Table of Contents
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to onlinePIN......................................................................................................................................... 8-20
Data Elements for Application Selection.......................................................................... 8-20Data Elements Referenced in the AFL (PayPass) ............................................................. 8-21Get Processing Options Response ................................................................................... 8-25Card Risk Management .................................................................................................... 8-25Secret Keys ...................................................................................................................... 8-26Miscellaneous .................................................................................................................. 8-27
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred tosignature ............................................................................................................................... 8-27
Data Elements for Application Selection.......................................................................... 8-28Data Elements Referenced in the AFL (PayPass) ............................................................. 8-28Get Processing Options Response ................................................................................... 8-32Card Risk Management .................................................................................................... 8-32Secret Keys ...................................................................................................................... 8-33Miscellaneous .................................................................................................................. 8-34
Appendix A Supplementary Data Elements per Card Version.....................A-iCounter Limits and Previous Transaction.................................................................................A-1
Counters and Data Elements with a Fixed Initial Value...........................................................A-1
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 ix
Chapter 1 Using this DocumentThis chapter outlines the standardized sets of card personalization data that an issuer can use fortheir M/Chip 4 cards to meet most common business requirements for contact payments, PayPass,and chip authentication.
This chapter outlines the standardized sets of card personalization data that an issuer can usefor their M/Chip 4 cards to meet most common business requirements for contact payments, andchip authentication.
Purpose.......................................................................................................................................... 1-1
Related Information ................................................................................................................. 1-1
Audience........................................................................................................................................ 1-1
Benefits .......................................................................................................................................... 1-2
Support .......................................................................................................................................... 1-2
Overview of Standard Profiles ....................................................................................................... 1-2
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 1-i
Using this DocumentPurpose
PurposeThis document provides a set of standard card personalization profiles thatissuers can use to personalize M/Chip 4 cards.
The profiles cover requirements for:
• Contact interface
• Contactless interface (PayPass)
• MasterCard Authentication Solutions for Chip
The standard card personalization profiles presented in this document areoptional and designed to address common issuing requirements in each marketand region that is migrating to chip technology.
Issuers are recommended to contact their MasterCard regional office to checkon the standard profiles which are fine tuned to their specific country orregion’s market requirements. Profiles are not restricted to a specific region,although they are designed with the needs of a region in mind.
If a standard profile is not used, issuers must still respect the chip personalizationrequirements detailed in:
• MasterCard Authentication Solutions for Chip (MAS4C): PersonalizationProfiles For M/Chip 4 Using PLA Technology (AA4C) and CAP Technology(CAP)
• M/Chip Personalization Data Specifications and Profiles
• PayPass Personalization Data Specifications
Related Information
The following documents provide information related to the subjects discussedin this manual:
• M/Chip Processing Services—Service Description
• M/Chip Requirements
For definitions of key terms used in this document, please refer to theMasterCard Dictionary on the Member Publications home page (on MasterCardOnLine® and the MasterCard Electronic Library CD-ROM).
AudienceThis document is intended for use by issuers, personalization bureaus, andprocessors involved in the issuance and personalization of M/Chip 4 basedcards.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 1-1
Using this Document
Benefits
BenefitsBy using these standard card personalization profiles, issuers gain the followingbenefits:
• Define parameters that are accurate for the specific market and productproposition
• Avoid or reduce the time (and implicit costs) needed to analyze MasterCarddocumentation to determine what personalization parameters to use
• Have off-the-shelf card personalization profiles with defined characteristicsthat are compliant with the recommendations and the mandates expressedin MasterCard personalization requirements
• A reduction in the time and administration necessary to complete CardPersonalization Validation (CPV)
Issuers are, of course, able to perform their own analysis to determine theirindividual card personalization parameters. However, in doing so, issuers mustbalance the time, effort and costs of this analysis against the benefits that maybe achieved by using the standard card personalization parameters providedin this document.
MasterCard recommends using a Standard Profile wherever one is available tomeet an issuer’s business requirements.
SupportFor support and assistance with implementing the standard card profiles pre-sented in this document, please contact [email protected].
Overview of Standard ProfilesStandard Profiles are available for the following brands:
• Maestro®
• MasterCard®/Debit MasterCard®
• MasterCard® Electronic™
Standard Profiles are available for the following regions:
• Asia Pacific
• Canada
• Europe
• Latin America, Caribbean
• South Asia, Middle East, Africa
The Standard Profiles are designed to meet the usual business requirements forthe market. When using a Standard Profile, all values defined by the profilemust be used without alteration. Any changes made mean that the settings arenot consistent with the standard profile and a full CPV certification is required.
©2010 MasterCard1-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Using this Document
Overview of Standard Profiles
The Standard Profiles are for use with the M/Chip 4 platform. Depending onthe standard card personalization profile used, the chip application will beM/Chip 4 Lite or M/Chip 4 Select.
These profiles are suitable for issuers subscribing to the M/Chip CryptogramPre-validation Service or to the Combined Service Option as defined in M/ChipProcessing Services—Service Description.
The Standard Profiles provide all the necessary personalization parametersexcept for those that are card specific (such as PAN) and a limited number thatare specific to the issuer and their situation, and must therefore be defined bythe issuer, such as country code, currency code, issuer keys and certificatesand offline limits.
All standard card personalization profiles use “semi-grade” or “mag stripe grade”card settings. The use of the semi-grade setting improves the card acceptance insome countries where the issuer Authentication Data is sometimes not deliveredto the card after an online authorization. A transaction can be approved offlineeven if no ARPC is received but the offline risk control counters are not reset,ensuring the card does not approve subsequent transactions without properissuer control.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 1-3
Chapter 2 Principles and Issuer DecisionsThe following chapter defines card usage, types, and the requirements for using standard profiles.
Card Application ............................................................................................................................ 2-1
Card Functions............................................................................................................................... 2-1
Contact Payment...................................................................................................................... 2-1
Contactless Payment ................................................................................................................ 2-1
MasterCard Authentication Solutions for Chip ......................................................................... 2-1
File Structures ................................................................................................................................ 2-3
Issuer Host Grade Processing ........................................................................................................ 2-3
Chip Host Grade...................................................................................................................... 2-3
Mag Stripe Host Grade............................................................................................................. 2-3
Card Authentication ....................................................................................................................... 2-4
Cardholder Verification .................................................................................................................. 2-4
Online Processing.......................................................................................................................... 2-5
Exclusively-Online Cards ......................................................................................................... 2-5
Online-Preferring Cards ........................................................................................................... 2-5
Debit MasterCard ........................................................................................................................... 2-5
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 2-i
Principles and Issuer DecisionsCard Application
Card ApplicationStandard Profiles are for use with cards using an M/Chip 4 application.
If the card supports a dynamic offline card authentication method (CAM), anM/Chip Select application must be used. If the card does not support dynamicoffline CAM, an M/Chip Lite, or an M/Chip Select application may be used.
M/Chip 4 version 1.1a or 1.1b may be used. Either version supports theMasterCard SKD method for the AC key derivation used in these profiles.
Standard profiles cannot be used with older versions of M/Chip, such asM/Chip 2.1.
Card Functions
Contact Payment
Standard Profiles are used with cards that support a single payment application.
Standard Profiles do not support cards with multiple payment applications,although the personalization values listed may be used on different applicationsand submitted to the CPV process.
Contactless Payment
The card may also support a contactless interface (PayPass).
Five separate Standard Profiles for PayPass personalization are defined. Foreach contact Standard Profile selected, a single PayPass profile is defined.
Standard Profiles do not support PayPass cards using PayPass—M/Chip Flex.
MasterCard Authentication Solutions for Chip
The card may be personalized to also support MasterCard AuthenticationSolutions for Chip (MAS4C) as part of the payment application. MasterCardsuggests adding this personalization option to all cards is worthwhile even ifthe issuer has no short term plans to implement MAS4C.
The Chip Authentication Program (CAP) is a cardholder authentication methodwhich builds upon the authentication capabilities provided by EMV. CAP usesan EMV chip card and a Personal Card Reader (PCR) to generate a CAP Token.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 2-1
Principles and Issuer Decisions
Card Functions
The Advanced Authentication for Chip (AA4C) further develops CAP. It is basedon the PLA specification, and:
• Accommodates cards that do not support offline (plaintext) PIN verification1
• Generates a CAP Token using either numeric or alphanumeric characters
The personalization settings described in this document support both CAP andAA4C solutions depending on the capability of the Personal Card Reader. If theStandard Profile does not support offline plain text PIN, then AA4C PersonalCard Reader must be used.
Two additional data elements must be personalized when using StandardProfiles to support MAS4C as described in this document:
• Issuer Authentication Flags (tag “9F55”)
• Issuer Proprietary Bitmap (tag “9F56”)
Partial personalization (for example:, IPB personalized on the card but noIAF personalized) is not accepted. Both data elements (IPB and IAF) must beretrievable using READ RECORD (AFL) only (No FCI Template.)
A CAP token of a maximum of 8 characters (alphanumeric) or 12 digits(numeric) is produced by these settings, depending on the type of personalcard reader used with the card.
The Standard Profiles described in this document do not support MAS4C usinga dedicated authentication application.
If an issuer decides to use a standard payment profile described in thisdocument without IAF and IPB and add a separate cardholder authenticationapplication (CAA), then the personalization of the CAA must comply with thepersonalization profiles defined to support MAS4C and approval will follow thenormal Card Personalization Verification procedure.
In order to validate a CAP Token, the issuer’s CAP Token Validation Service(CTVS) must be able to manage the Application Transaction Counter (ATC)and compute the Application Cryptogram based on the data carried by theCAP Token and other values known to the CTVS (static or derived). It is partof the basic security requirements to check the ATC values in order to counterreplay attacks. Cross contamination between payment and authentication maybe mitigated and controlled using a set of straightforward rules & checks. Tosupport mag stripe grade issuers and others wanting to implement MAS4C withlittle host system impact, MasterCard provides an on behalf CTVS.
1. PCRs compliant with this new specification skip the requirement for PIN entry when the EMVcard does not indicate support for offline (plaintext) PIN in the CVM List. Successful offlinePIN Verification is required if the card supports offline (plaintext) PIN.
©2010 MasterCard2-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Principles and Issuer Decisions
File Structures
File StructuresIssuers are free to develop their own file structures on their chip cards forcontact payments, but it must not conflict with the PayPass requirements if thecard supports a dual interface.
When implementing PayPass, issuers must use the file structures defined foreach profile.
Issuer Host Grade Processing
Chip Host Grade
With Chip Host Grade, the issuer host system is able to receive chip data,validate the ARQC cryptogram, analyze the TVR and CVR, and use theinformation to influence the authorization decision. An ARPC is generated withthe authorization response.
If the issuer has Chip Host Grade, the card will be configured as “semi-grade.”This means that, in order to improve acceptance where there may be issuesin the acquirer infrastructure, this profile will approve transactions approvedonline even if no ARPC is provided to the card. To ensure a high level of riskcontrol, offline counters are not reset unless the card receives a valid ARPC.
Issuers that subscribe to the M/Chip Cryptogram Pre-validation Service or tothe Combined Service Option as defined in M/Chip Processing Services—ServiceDescription are considered as operating in Chip Host Grade.
Mag Stripe Host Grade
With Mag Stripe Host Grade, the issuer host system is not able to generate anARPC with the authorization response.
The issuer may or may not be able to interpret the TVR and CVR received withthe authorization message and influence the authorization response accordingly.This capability will influence several settings on the card and is therefore usedto help define mag-stripe grade profiles.
If the issuer has Mag Stripe Host Grade, the card will be configured as“mag-stripe grade.” In this profile the card will approve transactions approvedonline with no ARPC and the offline counters on the card are reset. Usingmag-stripe grade introduces extra risk for the issuer as a stolen card can havethe offline counters reset by a fraudster without any cryptographic control.
Issuers that subscribe to the M/Chip Conversion Service as defined in M/ChipProcessing Services—Service Description are considered as operating inMag-Stripe Host Grade.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 2-3
Principles and Issuer Decisions
Card Authentication
Card AuthenticationProfiles support:
• SDA—where simple static data authentication is acceptable to the issuerfor offline transactions
• DDA—where dynamic data authentication is required by the issuer foroffline transactions
• SDA and DDA on the same card—is not supported in these profiles
• CDA—where dynamic data authentication is required by the issuer foroffline transactions using the Combined Data Authentication that links theauthentication to the card transaction decision. DDA is also supportedwhen the card supports CDA as CDA support is not currently mandated onterminals. SDA is not supported in these profiles
• No offline CAM—where the card is an “online only” card
CDA profiles should only be used in markets where the local terminalinfrastructure supports all currently valid MasterCard public keys.
If the card supports dynamic offline CAM methods, an M/Chip Select applicationmust be used. If the card does not support dynamic offline CAM, an M/ChipLite application may be used.
Cardholder VerificationAll Standard Profiles support online PIN for ATMs. Every profile has “onlinePIN if unattended cash” or “online PIN if the terminal supports” as the firstentry in the CVM list.
offline PIN must be supported for Maestro and may be supported for MasterCardand MasterCard Electronic.
If the card supports offline PIN, then:
• Offline—plain text PIN is used on SDA cards and cards that do not supportan offline CAM
• Offline—enciphered PIN and offline, plain text PIN (in that order) are usedon DDA capable cards
The offline enciphered PIN uses the DDA key
For MasterCard and MasterCard Electronic, online PIN may be preferred tosignature at the POS.
If offline PIN fails or PIN entry is not possible for online PIN, the transactionmay be declined offline or may result in an online authorization. Where theissuer has a mag-stripe grade host and is not able to interpret the TVR / CVRand offline PIN is used, these transactions should be declined offline.
©2010 MasterCard2-4 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Principles and Issuer DecisionsOnline Processing
Online Processing
Exclusively-Online Cards
An exclusively-online card never approves a transaction offline. If onlineauthorization is not available, the card declines offline.
MasterCard cards must not be personalized to work exclusively online.MasterCard Electronic® cards must be personalized to be exclusively online.Maestro® cards may be exclusively online.
Unless the card also supports encrypted offline PIN, or the issuer operateswith a mag-stripe grade host, an exclusively-online card should not supportoffline CAM.
If the card does support encrypted offline PIN, or the issuer host is mag-stripegrade, the card is made exclusively online by the CIAC settings. Issuers arerecommended to use DDA cards in this situation.
Exclusively online cards should be personalized with their upper offline limitsset to zero.
Online-Preferring Cards
Online-preferring cards always request an online authorization, but may accepttransactions offline in certain situations (that is, when an online connection isnot available). MasterCard credit cards may be online-preferring.
Cards that normally work online should be personalized with their lower offlinelimits set to zero. The card may also be personalized as online-preferring bythe CIAC settings. Using the lower offline limits makes it easier to changethe status of the card post issuance.
All profiles that support offline transactions may be personalized asonline-preferring, domestically, internationally or both, and the CIAC settingsadjusted accordingly.
MasterCard cards should usually be able to authorize a controlled amount oftransactions at offline terminals and should not be personalized to routinelydecline all offline transactions.
Debit MasterCardIf the MasterCard Standard Profiles are used for Debit MasterCard, the settingsdefined in this book may be varied in that:
• The Application Label (tag 50) should be “Debit MasterCard.”
• The Application Usage Control (tag 9F07) should be “FFC0” to allow forcash back.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 2-5
Chapter 3 Selecting a ProfileMembers should check with their MasterCard Regional Office to confirm which Standard Profiles areappropriate for their market.
The tables in this chapter indicate which profiles are available in each region and the decision criteriafor identifying which profile is appropriate to the issuer’s needs.
Asia Pacific Region......................................................................................................................... 3-1
Canada Region............................................................................................................................... 3-2
Europe Region ............................................................................................................................... 3-3
Latin America and the Caribbean Region....................................................................................... 3-4
South Asia/Middle East/Africa Region ........................................................................................... 3-5
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 3-i
Selecting a Profile
Asia Pacific Region
Asia Pacific RegionSeven Standard Profiles have been defined for different business requirementsin the Asia Pacific region for the MasterCard product.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 3-1
Selecting a Profile
Canada Region
Canada RegionThree Standard Profiles have been defined for different business requirementsin the Canada region for the MasterCard product.
©2010 MasterCard3-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Selecting a ProfileEurope Region
Europe RegionNine Standard Profiles have been defined for different business requirementsin the Europe region.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 3-3
Selecting a Profile
Latin America and the Caribbean Region
Latin America and the Caribbean RegionTen Standard Profiles have been defined for different business requirements inthe Latin America and the Caribbean region.
©2010 MasterCard3-4 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Selecting a Profile
South Asia/Middle East/Africa Region
South Asia/Middle East/Africa RegionSeven Standard Profiles have been defined for different business requirementsin the South Asia/Middle East/Africa region.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 3-5
Chapter 4 Issuer-Defined Data ElementsThe following data elements are defined by the issuer and are not fixed per the Standard Profile.
Issuer-Defined Data Elements........................................................................................................ 4-1
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 4-i
Issuer-Defined Data ElementsIssuer-Defined Data Elements
Issuer-Defined Data ElementsData elements marked with an asterisk (*) are optional.
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date* 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer1
Cardholder Name 5F20 Determined by issuer
Determined by issuer2
Cardholder Name Extended* 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuingthe card
Language Preference* 5F2D Determined by issuer
Track 1 Discretionary Data* 9F1F Determined by issuer
Track 2 Discretionary Data* 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer. Normally‘0001’ for a card supporting just oneapplication.
Application File Locator 94 Determined by issuer
Lower Consecutive Offline Limit 9F14 Determined by issuer3
Upper Consecutive Offline Limit 9F23 Determined by issuer4
1. Use of the Application PAN Sequence Number is mandatory as it used by the M/Chip 4 appli-cation in the AC key derivation.
2. Cardholder Name must not be supported on the contactless interface.
3. A “normally online” card may set the LCOL to zero
4. The UCOL may not normally be set to zero for MasterCard cards
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 4-1
Issuer-Defined Data ElementsIssuer-Defined Data Elements
Data Element Name Tag Mandatory Value
Lower Cumulative Offline TransactionAmount
CA Determined by issuer5
Upper Cumulative Offline TransactionAmount
CB Determined by issuer6
CRM Country Code C8 Same value as Issuer Country Codetag 5F28
Must not be ‘0000’
Reference (Offline) PIN N/A Determined by issuer7
SM for Integrity Master Key (MKSMI) N/A Determined by issuer
SM for Confidentiality Master Key(MKSMC)
N/A Determined by issuer
AC Master Key (MKAC) N/A Determined by issuer
Application Transaction Counter Limit N/A Determined by issuer
Key Derivation Index N/A Determined by issuer
Application Life Cycle Data 9F7E Determined by issuer
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
5. A “normally online” card may set the LCOTA to zero
6. The UCOTA may not normally be set to zero for MasterCard cards
7. Only required if card supports offline PIN
©2010 MasterCard4-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Chapter 5 Standard Profiles for MaestroThis chapter details the Standard Profiles that are available to an issuer for use with the Maestroproduct.
Profile 01: Maestro with SDA—Full Chip Issuer ............................................................................ 5-1
Cardholder Verification ............................................................................................................ 5-1
Application Usage Control ....................................................................................................... 5-1
Application Interchange Profile ............................................................................................... 5-1
Issuer Risk Management .......................................................................................................... 5-1
PayPass.................................................................................................................................... 5-3
MasterCard Authentication Solutions for Chip ......................................................................... 5-3
Profile 02: Maestro with DDA—Full Chip Issuer ........................................................................... 5-6
Cardholder Verification ............................................................................................................ 5-7
Application Usage Control ....................................................................................................... 5-7
Application Interchange Profile ............................................................................................... 5-7
Issuer Risk Management .......................................................................................................... 5-7
PayPass.................................................................................................................................... 5-9
MasterCard Authentication Solutions for Chip ......................................................................... 5-9
Data Element List ..................................................................................................................... 5-9
Profile 03: Maestro with CDA and DDA—Full Chip Issuer.......................................................... 5-13
Cardholder Verification .......................................................................................................... 5-13
Application Usage Control ..................................................................................................... 5-13
Application Interchange Profile ............................................................................................. 5-13
Issuer Risk Management ........................................................................................................ 5-13
PayPass.................................................................................................................................. 5-15
MasterCard Authentication Solutions for Chip ....................................................................... 5-15
Data Element List ................................................................................................................... 5-15
Profile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpretTVR/CVR...................................................................................................................................... 5-19
Cardholder Verification .......................................................................................................... 5-19
Application Usage Control ..................................................................................................... 5-19
Application Interchange Profile ............................................................................................. 5-19
Issuer Risk Management ........................................................................................................ 5-19
PayPass.................................................................................................................................. 5-20
MasterCard Authentication Solutions for Chip ....................................................................... 5-20
Data Element List ................................................................................................................... 5-20
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-i
Standard Profiles for Maestro
Profile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpretTVR/CVR...................................................................................................................................... 5-24
Cardholder Verification .......................................................................................................... 5-24
Application Usage Control ..................................................................................................... 5-24
Application Interchange Profile ............................................................................................. 5-24
Issuer Risk Management ........................................................................................................ 5-24
PayPass.................................................................................................................................. 5-25
MasterCard Authentication Solutions for Chip ....................................................................... 5-25
Data Element List ................................................................................................................... 5-25
©2010 MasterCard5-ii 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
Profile 01: Maestro with SDA—Full Chip IssuerThis Standard Profile is for the issuer of Maestro cards supporting SDA in aFull Chip grade host processing environment or the issuer is using one of theappropriate MasterCard on-behalf services.
The card supports offline PIN (plain text) which is preferred to online PIN atthe POS. The card will always use online PIN at ATMs. Signature and “no CVM”are not supported. If offline PIN fails or if PIN entry is bypassed or not possible,the card will try to go online and decline the transaction if this is not possible.
The card may operate offline and Lower and Upper Limit parameters areused in risk management to decide whether to accept the transaction offlineor to request an online authorization. The card may be configured as onlinepreferring.
NOTE
This profile will normally be implemented on M/Chip 4 Lite. This profile may be implementedon M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions) or Manual
Cash (cash advance)*• Offline plain text PIN*, if the terminal is able to perform it• Online PIN* for other cases (such as any terminal does not support offline
PIN)* If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-1
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification is unsuccessful, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working, then the transaction must go online. If it isnot possible to go online, then the transaction is rejected.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
©2010 MasterCard5-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile cannot also support PayPass.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Table 5.1—Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing the card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-3
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
Bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000043060
©2010 MasterCard5-4 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Application Label 50 MAESTRO
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FFC0
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-5
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 BC 98 00
Issuer Action Code—Default 9F0D F0 50 BC 80 00
CVM List 8E 00000000 00000000 4201 0204 0103 0200
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 39 FB 00
3F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 39 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 02: Maestro with DDA—Full Chip IssuerThis Standard Profile is for the issuer of Maestro cards supporting DDA in aFull Chip grade host processing environment or the issuer uses one of theappropriate MasterCard on-behalf services.
©2010 MasterCard5-6 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
The card supports offline PIN (enciphered or plain text) which is preferred toonline PIN at the POS. The card will always use online PIN at ATMs. Signatureand “no CVM” are not supported. If offline PIN fails or if PIN entry is bypassedor not possible, the card will try to go online and decline the transactionif this is not possible.
The card may operate offline and Lower and Upper Limit parameters areused in risk management to decide whether to accept the transaction offlineor to request an online authorization. The card may be configured as onlinepreferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions) or Manual
Cash (cash advance)*• Offline enciphered or plain text PIN*, if the terminal is able to perform it• Online PIN* for other cases (such as any terminal does not support offline
PIN)* If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-7
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
• If ICC Data is missing, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card appears on an exception file, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working, then the transaction must go online. If it isnot possible to go online, then the transaction is rejected.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
©2010 MasterCard5-8 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 91 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-9
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
©2010 MasterCard5-10 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
ICC Public Key Remainder 9F48 Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000043060
Application Label 50 MAESTRO
Application Preferred Name 9F12 Presence and value determined by issuer
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Usage Control 9F07 FFC0
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-11
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 BC 98 00
Issuer Action Code—Default 9F0D B8 50 BC 80 00
CVM List 8E 00000000 00000000 4201 0204 4403 01030200
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 39 FB 00
3F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 39 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard5-12 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
Profile 03: Maestro with CDA and DDA—Full Chip IssuerThis Standard Profile is for the issuer of Maestro cards supporting CDA andDDA in a Full Chip grade host processing environment or the issuer uses oneof the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered or plain text) which is preferred toonline PIN at the POS. The card will always use online PIN at ATMs. Signatureand “no CVM” are not supported. If offline PIN fails or if PIN entry is bypassedor not possible, the card will try to go online and decline the transactionif this is not possible.
The card may operate offline and Lower and Upper Limit parameters areused in risk management to decide whether to accept the transaction offlineor to request an online authorization. The card may be configured as onlinepreferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions) or Manual
Cash (cash advance)*• Offline enciphered or plain text PIN*, if the terminal is able to perform it• Online PIN* for other cases (such as any terminal does not support offline
PIN)* If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• CDA and DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-13
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If CDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working, then the transaction must go online. If it isnot possible to go online, then the transaction is rejected.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
©2010 MasterCard5-14 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. The cardmay alternatively request that the transaction go online. If it is not possibleto go online, then the transaction is accepted offline. It is more flexible tomake the card “on-line preferring”, if required, by setting the LCOL andLCOA to zero, as this can be updated in the future by a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 91 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-15
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
©2010 MasterCard5-16 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000043060
Application Label 50 MAESTRO
Application Preferred Name 9F12 Presence and value determined by issuer
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Usage Control 9F07 FFC0
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-17
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F BC 70 BC 98 00
Issuer Action Code—Default 9F0D BC 50 BC 80 00
CVM List 8E 00000000 00000000 4201 0204 4403 01030200
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 39 FB 00
3F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 39 50 00
Application Interchange Profile 82 39 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard5-18 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
Profile 04: Maestro with SDA—Mag Stripe Grade Issuerwhere issuer can interpret TVR/CVR
This Standard Profile is for the issuer of Maestro cards supporting SDA in a MagStripe grade host processing environment. However, the issuer can interpret theTVR and CVR received in authorization messages and take action accordingly.
The card supports offline PIN (plain text) but online PIN is always preferred.The card will always use online PIN at ATMs. Signature and “no CVM” are notsupported. If offline PIN fails or if PIN entry is bypassed or not possible, thecard will try to go online and decline the transaction if this is not possible.
The card may not operate offline and will decline transactions that are notapproved online.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if the terminal is able to perform it• Offline plain text PIN*, if the terminal is able to perform it
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back. The issuer may choose not to support domesticCash Back on the card.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
The card is configured as “online only” and will never approve an offlinetransaction.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-19
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
The settings for risk management are:
• If the transaction is an international transaction, then the transaction mustgo online. If it is not possible to go online, then the transaction is rejected.
• If the transaction is a domestic transaction, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is “unable to go online” the transaction is rejected.
PayPass
Cards supporting this profile cannot also support PayPass.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing the card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCard5-20 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
Data Element Name Tag Mandatory Value
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag 84
Dedicated File Name 84 A0000000043060
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-21
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
Data Element Name Tag Mandatory Value
Application Label 50 MAESTRO
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FFC0
(FF 40 may alternatively be used ifdomestic Cash Back is not supported)
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
CRM Currency Code C9 Same value as Application Currency Codetag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, please setthese entry(ies) with CRM Currency Code)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
©2010 MasterCard5-22 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
Data Element Name Tag Mandatory Value
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 BC 98 00
Issuer Action Code—Default 9F0D F0 50 BC 88 00
CVM List 8E 00000000 00000000 4203 0103
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 3F FB 00
Card Issuer Action Code—Default C4 7F 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-23
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
Profile 05: Maestro with SDA—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR
This Standard Profile is for the issuer of Maestro cards supporting SDA in a MagStripe grade host processing environment. The issuer cannot interpret the TVRand CVR received in authorization messages. The issuer will decline offlinetransactions where offline PIN errors occur.
The card supports offline PIN (plain text) but online PIN is always preferred.The card will always use online PIN at ATMs. Signature and “no CVM” are notsupported. If offline PIN fails or if PIN entry is bypassed or not possible, thetransaction will be declined.
The card may not operate offline and will decline transactions that are notapproved online.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN*, if the terminal is able to perform it• Offline plain text PIN*, if the terminal is able to perform it
* If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
The card is configured as “online only” and will never approve an offlinetransaction.
©2010 MasterCard5-24 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
The settings for risk management are:• If the cardholder verification fails, then the transaction the transaction is
rejected offline.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then the
transaction the transaction is rejected offline.• If the PIN is bypassed, then the transaction is rejected offline.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction is rejected offline.• If the transaction is an international transaction, then the transaction must
go online. If it is not possible to go online, then the transaction is rejected.• If the transaction is a domestic transaction, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the transaction is “unable to go online” the transaction is rejected.
PayPass
Cards supporting this profile cannot also support PayPass
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-25
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
Data Element Name Tag Mandatory Value
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
©2010 MasterCard5-26 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
Data Element Name Tag Mandatory Value
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000043060
Application Label 50 MAESTRO
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FFC0
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 5-27
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
Data Element Name Tag Mandatory Value
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 A8 00 00
Issuer Action Code—Online 9F0F F0 70 14 98 00
Issuer Action Code—Default 9F0D F0 50 14 88 00
CVM List 8E 00000000 00000000 0203 0103
Card Issuer Action Code—Decline C3 19 00 00
Card Issuer Action Code—Online C5 26 FB 00
Card Issuer Action Code—Default C4 66 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard5-28 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Chapter 6 Standard Profiles for MasterCard/DebitMasterCard
This chapter details the Standard Profiles that are available to an issuer for use with theMasterCard/Debit MasterCard® product.
Profile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1) ........... 6-1
Cardholder Verification ............................................................................................................ 6-1
Application Usage Control ....................................................................................................... 6-1
Application Interchange Profile ............................................................................................... 6-2
Issuer Risk Management .......................................................................................................... 6-2
PayPass.................................................................................................................................... 6-3
MasterCard Authentication Solutions for Chip ......................................................................... 6-3
Data Element List ..................................................................................................................... 6-3
Profile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2) ........... 6-7
Cardholder Verification ............................................................................................................ 6-7
Application Usage Control ....................................................................................................... 6-8
Application Interchange Profile ............................................................................................... 6-8
Issuer Risk Management .......................................................................................................... 6-8
PayPass.................................................................................................................................... 6-9
MasterCard Authentication Solutions for Chip ......................................................................... 6-9
Data Element List ................................................................................................................... 6-10
Profile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)........... 6-13
Cardholder Verification .......................................................................................................... 6-14
Application Usage Control ..................................................................................................... 6-14
Application Interchange Profile ............................................................................................. 6-14
Issuer Risk Management ........................................................................................................ 6-14
PayPass.................................................................................................................................. 6-16
MasterCard Authentication Solutions for Chip ....................................................................... 6-16
Data Element List ................................................................................................................... 6-16
Profile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)............ 6-19
Overview ............................................................................................................................... 6-19
Cardholder Verification .......................................................................................................... 6-20
Application Usage Control ..................................................................................................... 6-20
Application Interchange Profile ............................................................................................. 6-20
Issuer Risk Management ........................................................................................................ 6-20
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-i
Standard Profiles for MasterCard/Debit MasterCard
PayPass.................................................................................................................................. 6-22
MasterCard Authentication Solutions for Chip ....................................................................... 6-22
Data Element List ................................................................................................................... 6-22
Profile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)............ 6-25
Cardholder Verification .......................................................................................................... 6-26
Application Usage Control ..................................................................................................... 6-26
Application Interchange Profile ............................................................................................. 6-26
Issuer Risk Management ........................................................................................................ 6-27
PayPass.................................................................................................................................. 6-28
MasterCard Authentication Solutions for Chip ....................................................................... 6-28
Data Element List ................................................................................................................... 6-28
Profile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(1) ................................................................................................................................................ 6-32
Overview ............................................................................................................................... 6-32
Cardholder Verification .......................................................................................................... 6-32
Application Usage Control ..................................................................................................... 6-32
Application Interchange Profile ............................................................................................. 6-33
Issuer Risk Management ........................................................................................................ 6-33
PayPass.................................................................................................................................. 6-34
MasterCard Authentication Solutions for Chip ....................................................................... 6-34
Data Element List ................................................................................................................... 6-34
Profile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(2) ................................................................................................................................................ 6-38
Cardholder Verification .......................................................................................................... 6-38
Application Usage Control ..................................................................................................... 6-39
Application Interchange Profile ............................................................................................. 6-39
Issuer Risk Management ........................................................................................................ 6-39
PayPass.................................................................................................................................. 6-40
MasterCard Authentication Solutions for Chip ....................................................................... 6-40
Data Element List ................................................................................................................... 6-41
Profile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(3) ................................................................................................................................................ 6-44
Cardholder Verification .......................................................................................................... 6-45
Application Usage Control ..................................................................................................... 6-45
Application Interchange Profile ............................................................................................. 6-45
Issuer Risk Management ........................................................................................................ 6-45
PayPass.................................................................................................................................. 6-47
©2010 MasterCard6-ii 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCard
MasterCard Authentication Solutions for Chip ....................................................................... 6-47
Data Element List ................................................................................................................... 6-47
Profile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)........... 6-51
Cardholder Verification .......................................................................................................... 6-51
Application Usage Control ..................................................................................................... 6-51
Application Interchange Profile ............................................................................................. 6-51
Issuer Risk Management ........................................................................................................ 6-52
PayPass.................................................................................................................................. 6-53
MasterCard Authentication Solutions for Chip ....................................................................... 6-53
Data Element List ................................................................................................................... 6-53
Profile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)........... 6-57
Cardholder Verification .......................................................................................................... 6-57
Application Usage Control ..................................................................................................... 6-57
Application Interchange Profile ............................................................................................. 6-57
Issuer Risk Management ........................................................................................................ 6-58
PayPass.................................................................................................................................. 6-59
MasterCard Authentication Solutions for Chip ....................................................................... 6-59
Data Element List ................................................................................................................... 6-59
Profile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer(1) ................................................................................................................................................ 6-63
Cardholder Verification .......................................................................................................... 6-63
Application Usage Control ..................................................................................................... 6-63
Application Interchange Profile ............................................................................................. 6-64
Issuer Risk Management ........................................................................................................ 6-64
PayPass.................................................................................................................................. 6-65
MasterCard Authentication Solutions for Chip ....................................................................... 6-65
Data Element List ................................................................................................................... 6-65
Profile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer(2) ................................................................................................................................................ 6-69
Overview ............................................................................................................................... 6-69
Cardholder Verification .......................................................................................................... 6-70
Application Usage Control ..................................................................................................... 6-70
Application Interchange Profile ............................................................................................. 6-70
Issuer Risk Management ........................................................................................................ 6-70
PayPass.................................................................................................................................. 6-71
MasterCard Authentication Solutions for Chip ....................................................................... 6-72
Data Element List ................................................................................................................... 6-72
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-iii
Standard Profiles for MasterCard/Debit MasterCard
Profile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer can interpret TVR/CVR ........................................................................................... 6-75
Cardholder Verification .......................................................................................................... 6-76
Application Usage Control ..................................................................................................... 6-76
Application Interchange Profile ............................................................................................. 6-76
Issuer Risk Management ........................................................................................................ 6-76
PayPass.................................................................................................................................. 6-78
MasterCard Authentication Solutions for Chip ....................................................................... 6-78
Data Element List ................................................................................................................... 6-78
Profile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (1) ................................................................................ 6-82
Cardholder Verification .......................................................................................................... 6-82
Application Usage Control ..................................................................................................... 6-82
Application Interchange Profile ............................................................................................. 6-83
Issuer Risk Management ........................................................................................................ 6-83
PayPass.................................................................................................................................. 6-84
MasterCard Authentication Solutions for Chip ....................................................................... 6-84
Data Element List ................................................................................................................... 6-84
Profile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (2) ................................................................................ 6-88
Cardholder Verification .......................................................................................................... 6-88
Application Usage Control ..................................................................................................... 6-88
Application Interchange Profile ............................................................................................. 6-89
Issuer Risk Management ........................................................................................................ 6-89
PayPass.................................................................................................................................. 6-90
MasterCard Authentication Solutions for Chip ....................................................................... 6-90
Data Element List ................................................................................................................... 6-90
Profile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (3) ................................................................................ 6-94
Cardholder Verification .......................................................................................................... 6-94
Application Usage Control ..................................................................................................... 6-94
Application Interchange Profile ............................................................................................. 6-95
Issuer Risk Management ........................................................................................................ 6-95
PayPass.................................................................................................................................. 6-96
MasterCard Authentication Solutions for Chip ....................................................................... 6-96
Data Element List ................................................................................................................... 6-96
Profile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (4) ...............................................................................6-100
©2010 MasterCard6-iv 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCard
Cardholder Verification .........................................................................................................6-100
Application Usage Control ....................................................................................................6-101
Application Interchange Profile ............................................................................................6-101
Issuer Risk Management .......................................................................................................6-101
PayPass.................................................................................................................................6-102
MasterCard Authentication Solutions for Chip ......................................................................6-102
Data Element List ..................................................................................................................6-103
Profile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (1) ...............................................................................6-106
Cardholder Verification .........................................................................................................6-107
Application Usage Control ....................................................................................................6-107
Application Interchange Profile ............................................................................................6-107
Issuer Risk Management .......................................................................................................6-107
PayPass.................................................................................................................................6-108
MasterCard Authentication Solutions for Chip ......................................................................6-108
Data Element List ..................................................................................................................6-109
Profile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (2) ...............................................................................6-112
Cardholder Verification .........................................................................................................6-113
Application Usage Control ....................................................................................................6-113
Application Interchange Profile ............................................................................................6-113
Issuer Risk Management .......................................................................................................6-113
PayPass.................................................................................................................................6-114
MasterCard Authentication Solutions for Chip ......................................................................6-114
Data Element List ..................................................................................................................6-115
Profile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer(3) ...............................................................................................................................................6-118
Cardholder Verification .........................................................................................................6-119
Application Usage Control ....................................................................................................6-119
Application Interchange Profile ............................................................................................6-119
Issuer Risk Management .......................................................................................................6-119
PayPass.................................................................................................................................6-120
MasterCard Authentication Solutions for Chip ......................................................................6-121
Data Element List ..................................................................................................................6-121
Profile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer(4) ...............................................................................................................................................6-124
Cardholder Verification .........................................................................................................6-125
Application Usage Control ....................................................................................................6-125
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-v
Standard Profiles for MasterCard/Debit MasterCard
Application Interchange Profile ............................................................................................6-125
Issuer Risk Management .......................................................................................................6-125
PayPass.................................................................................................................................6-126
MasterCard Authentication Solutions for Chip ......................................................................6-127
Data Element List ..................................................................................................................6-128
Profile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3) ...........6-131
Cardholder Verification .........................................................................................................6-132
Application Usage Control ....................................................................................................6-132
Application Interchange Profile ............................................................................................6-132
Issuer Risk Management .......................................................................................................6-132
PayPass.................................................................................................................................6-133
MasterCard Authentication Solutions for Chip ......................................................................6-133
Data Element List ..................................................................................................................6-134
©2010 MasterCard6-vi 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Profile 11: MasterCard/Debit MasterCard with SDA andoffline PIN—Full Chip Issuer (1)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (plain text) which is preferred to signature,which is preferred to online PIN at the POS. The card will always use onlinePIN at ATMs. “No CVM” is also supported. If offline PIN fails or if PIN entryis bypassed or not possible, the card will try to go online and decline thetransaction if this is not possible.
This profile differs from Profile 12 in that signature is preferred to online PIN atthe POS. The profile differs from Profile 13 in that PIN issues lead to an onlineauthorization request rather than an offline decline.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normally beset to zero on a MasterCard product. The card may be configured as onlinepreferring.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Signature, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN or signature and certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-1
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCard6-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 92 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-3
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
Signed Static Application Data 93
©2010 MasterCard6-4 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-5
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 AC 98 00
Issuer Action Code—Default 9F0D F0 50 AC 00 00
CVM List 8E 00000000 00000000 4201 4103 5E03 42031F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
©2010 MasterCard6-6 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 12: MasterCard/Debit MasterCard with SDA andoffline PIN—Full Chip Issuer (2)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use onlinePIN at ATMs. “No CVM” is also supported. If offline PIN fails or if PIN entryis bypassed or not possible, the card will try to go online and decline thetransaction if this is not possible.
This profile differs from Profile 11 in that online PIN is preferred to signature atthe POS.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normally beset to zero on a MasterCard product. The card may be configured as onlinepreferring.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline plain text PIN, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN and certain Cardholder Activated Terminals)• Signature, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-7
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.
©2010 MasterCard6-8 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is declined.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 93 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-9
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-10 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-11
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 AC 98 00
Issuer Action Code—Default 9F0D F0 50 AC 88 00
CVM List 8E 00000000 00000000 4201 4103 4203 5E031F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
©2010 MasterCard6-12 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 13: MasterCard/Debit MasterCard with SDA andoffline PIN—Full Chip Issuer (3)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (plain text) which is preferred to signature,which is preferred to online PIN at the POS. The card will always use onlinePIN at ATMs. “No CVM” is also supported. If offline PIN fails or if PIN entryis bypassed or not possible, the card will try to go online and decline thetransaction if this is not possible.
The profile differs from Profile 11 in that PIN issues lead to an offline declinerather than an online authorization request.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normally beset to zero on a MasterCard product. The card may be configured as onlinepreferring.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-13
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline plain text PIN, if the terminal is able to perform it• Signature, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN or signature and certain Cardholder Activated Terminals)• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.
©2010 MasterCard6-14 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction is rejected.• If the PIN is bypassed, then the transaction is rejected.• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-15
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 92 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
©2010 MasterCard6-16 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-17
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 28 00 00
Issuer Action Code—Online 9F0F F0 70 84 98 00
Issuer Action Code—Default 9F0D F0 50 84 00 00
CVM List 8E 00000000 00000000 4201 4103 5E03 42031F03
©2010 MasterCard6-18 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Card Issuer Action Code—Decline C3 18 00 00
Card Issuer Action Code—Online C5 01 FB 00
07 FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 01 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 14: MasterCard/Debit MasterCard with SDA andsignature—Full Chip Issuer (1)
Overview
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-19
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
The card does not support offline PIN. online PIN is preferred to signatureat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 15 in that online PIN is preferred to signature atthe POS.
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Online PIN, if the terminal is able to perform it• Signature, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
©2010 MasterCard6-20 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the PIN is bypassed, then the transaction must go online. If it is not
possible to go online, then the transaction is accepted.• If the PIN pad is not working the terminal takes no action on this issue.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedrejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-21
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 93 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
©2010 MasterCard6-22 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-23
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 8C 98 00
Issuer Action Code—Default 9F0D F0 50 84 88 00
©2010 MasterCard6-24 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
CVM List 8E 00000000 00000000 4201 4203 5E03 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
(82 00 may alternatively be used if theissuer supports EMV CSK)
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 15: MasterCard/Debit MasterCard with SDA andsignature—Full Chip Issuer (2)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-25
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 14 in that signature is preferred to online PIN atthe POS.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normallybe set to zero on a MasterCard product. Internationally, the card is onlinepreferring. The card may be configured as online preferring domestically also.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Signature, if the terminal is able to perform it
• Online PIN for other cases such as certain Cardholder Activated Terminals
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:
• SDA
• Terminal Risk Management
• Cardholder Verification
©2010 MasterCard6-26 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the PIN is bypassed, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the PIN pad is not working the terminal takes no action on this issue.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is declined.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-27
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 92 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCard6-28 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-29
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
©2010 MasterCard6-30 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 8C 98 00
Issuer Action Code—Default 9F0D F0 50 8C 08 00
CVM List 8E 00000000 00000000 4201 5E03 4203 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 04 FB 00
06 FB 00 may be used to make thecard “online preferring” in a domesticenvironment
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-31
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Profile 16: MasterCard/Debit MasterCard with DDA andoffline PIN—Full Chip Issuer (1)
Overview
This Standard Profile is for the issuer of MasterCard cards supporting DDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered or plain text) which is preferred tosignature, which is preferred to online PIN at the POS. The card will alwaysuse online PIN at ATMs. “No CVM” is also supported. If offline PIN fails or ifPIN entry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 17 in that signature is preferred to online PIN atthe POS. The profile differs from Profile 18 in that PIN issues lead to an onlineauthorization request rather than an offline decline.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normally beset to zero on a MasterCard product. The card may be configured as onlinepreferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline enciphered or plain text PIN, if the terminal is able to perform it• Signature, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN or signature such as certain Cardholder Activated Terminals)• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
©2010 MasterCard6-32 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-33
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 94 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
©2010 MasterCard6-34 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-35
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
ICC Public Key Certificate 9F46
©2010 MasterCard6-36 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 AC 98 00
Issuer Action Code—Default 9F0D B8 50 AC 00 00
CVM List 8E 00000000 00000000 4201 4403 4103 5E034203 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-37
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 17: MasterCard/Debit MasterCard with DDA andoffline PIN—Full Chip Issuer (2)
This Standard Profile is for the issuer of MasterCard cards supporting DDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered and plain text) which is preferred toonline PIN, which is preferred to signature at the POS. The card will alwaysuse online PIN at ATMs. “No CVM” is also supported. If offline PIN fails or ifPIN entry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 16 in that online PIN is preferred to signature atthe POS.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normally beset to zero on a MasterCard product. The card may be configured as onlinepreferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline enciphered or plain text PIN, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN such as certain Cardholder Activated Terminals)
©2010 MasterCard6-38 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
• Signature, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-39
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 95 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
©2010 MasterCard6-40 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-41
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 or FF40 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
©2010 MasterCard6-42 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 AC 98 00
Issuer Action Code—Default 9F0D B8 50 AC 88 00
CVM List 8E 00000000 00000000 4201 4403 4103 42035E03 1F03
Card Issuer Action Code—Decline C3 00 00 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-43
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 18: MasterCard/Debit MasterCard with DDA andoffline PIN—Full Chip Issuer (3)
This Standard Profile is for the issuer of MasterCard cards supporting DDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered and plain text) which is preferred tosignature, which is preferred to online PIN at the POS. The card will alwaysuse online PIN at ATMs. “No CVM” is also supported. If offline PIN fails or ifPIN entry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
The profile differs from Profile 16 in that PIN issues lead to an offline declinerather than an online authorization request.
©2010 MasterCard6-44 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normally beset to zero on a MasterCard product. The card may be configured as onlinepreferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline enciphered or plain text PIN, if the terminal is able to perform it• Signature, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN or signature such as certain Cardholder Activated Terminals)• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-45
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
• If ICC Data is missing, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card appears on an exception file, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction is rejected.• If the PIN is bypassed, then the transaction is rejected.• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
©2010 MasterCard6-46 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 94 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuingthe card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-47
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of recordsfor log file)
Certification Authority Public KeyIndex
8F Determined by issuer/personaliza-tion system
Issuer Public Key Certificate 90 Calculated by MasterCardCertification Authority
Issuer Public Key Remainder 92 Calculated by MasterCardCertification Authority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN SequenceNo.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data AuthenticationTag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personaliza-tion system
DDOL 9F49 9F3704
©2010 MasterCard6-48 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Nametag 84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined byissuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFIof the cyclic transaction log file(11) Byte 2: Maximum number ofrecords in the Transaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero notallowed)
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer (zero notallowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case thatone or several entries are not used,please set these entry(ies) with CRMCurrency Code)
CRM Country Code C8 Same value as Issuer Country Codetag 5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-49
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 28 00 00
Issuer Action Code—Online 9F0F B8 70 84 98 00
Issuer Action Code—Default 9F0D B8 50 84 00 00
CVM List 8E 00000000 00000000 4201 4403 41035E03 4203 1F03
Card Issuer Action Code—Decline C3 18 00 00
Card Issuer Action Code—Online C5 01 FB 00
07 FB 00 may be used to make thecard “online preferring”
Card Issuer Action Code—Default C4 01 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F2A 02 9A 03 9C 01 9F 37 04 9F 3501 9F 45 02 F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 0000 00 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard6-50 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Profile 19: MasterCard/Debit MasterCard with DDA andsignature—Full Chip Issuer (1)
This Standard Profile is for the issuer of MasterCard cards supporting DDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. online PIN is preferred to signatureat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed, the card will try to go online and acceptthe transaction offline if this is not possible.
This profile differs from Profile 20 in that online PIN is preferred to signature atthe POS.
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Online PIN, if the terminal is able to perform it• Signature, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-51
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the PIN is bypassed, then the transaction must go online. If it is not
possible to go online, then the transaction is accepted.• If the PIN pad is not working the terminal takes no action on this issue.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedrejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
©2010 MasterCard6-52 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 95 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-53
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
©2010 MasterCard6-54 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
ICC Public Key Remainder 9F478Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-55
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 8C 98 00
Issuer Action Code—Default 9F0D B8 50 84 88 00
CVM List 8E 00000000 00000000 4201 4203 5E03 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 80 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard6-56 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Profile 20: MasterCard/Debit MasterCard with DDA andsignature—Full Chip Issuer (2)
This Standard Profile is for the issuer of MasterCard cards supporting DDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 19 in that signature is preferred to online PIN atthe POS.
The card must be able to operate offline and Upper Limit parameters are usedin risk management to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product. The profile is online preferring internationally.Domestically, the card may be configured as online preferring.
NOTE
This profile must be implemented M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Signature, if the terminal is able to perform it• Online PIN for other cases such as certain Cardholder Activated Terminals• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-57
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the PIN is bypassed, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the PIN pad is not working the terminal takes no action on this issue.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
©2010 MasterCard6-58 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 94 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-59
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
©2010 MasterCard6-60 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-61
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 8C 98 00
Issuer Action Code—Default 9F0D B8 50 8C 88 00
CVM List 8E 00000000 00000000 4201 5E03 4203 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 04 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 80 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard6-62 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Profile 21: MasterCard/Debit MasterCard with CDA/DDAand offline PIN—Full Chip Issuer (1)
This Standard Profile is for the issuer of MasterCard cards supporting CDA andDDA and offline PIN in a Full Chip grade host processing environment or theissuer uses one of the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered or plain text) which is preferred tosignature, which is preferred to online PIN at the POS. The card will alwaysuse online PIN at ATMs. “No CVM” is also supported. If offline PIN fails or ifPIN entry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 22 in that the card supports offline PIN.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normally beset to zero on a MasterCard product. The card may be configured as onlinepreferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline enciphered or plain text PIN, if the terminal is able to perform it
• Signature, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN or signature such as certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-63
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Application Interchange Profile
Functions that the card requests:• CDA and DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If CDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCard6-64 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 94 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-65
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-66 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-67
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F BC 70 AC 98 00
Issuer Action Code—Default 9F0D BC 50 AC 00 00
CVM List 8E 00000000 00000000 4201 4403 4103 5E034203 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
©2010 MasterCard6-68 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 39 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 22: MasterCard/Debit MasterCard with CDA/DDAand signature—Full Chip Issuer (2)
Overview
This Standard Profile is for the issuer of MasterCard cards supporting CDA andDDA and no offline PIN in a Full Chip grade host processing environment orthe issuer uses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 21 in that off-line PIN is not supported.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normallybe set to zero on a MasterCard product. Internationally, the profile is onlinepreferring. Domestically, the card may be configured as online preferring.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-69
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Signature, if the terminal is able to perform it• Online PIN for other cases such as certain Cardholder Activated Terminals• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• CDA and DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If CDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.
©2010 MasterCard6-70 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 94 should be used.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-71
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
©2010 MasterCard6-72 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48 Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-73
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F BC 70 8C 98 00
Issuer Action Code—Default 9F0D BC 50 8C 08 00
CVM List 8E 00000000 00000000 4201 5E03 4203 1F03
Card Issuer Action Code—Decline C3 00 00 00
©2010 MasterCard6-74 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
can interpret TVR/CVR
Data Element Name Tag Mandatory Value
Card Issuer Action Code—Online C5 04 FB 00
06 FB 00 may be used to make thecard “online preferring” in a domesticenvironment
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 39 00
CDOL 1 Related Data Length C7 2B
Application Control D5 80 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 23: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer caninterpret TVR/CVR
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. However, theissuer can interpret the TVR and CVR received in authorization messages andtake action accordingly.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use onlinePIN at ATMs. “No CVM” is also supported. If offline PIN fails or if PIN entryis bypassed or not possible, the card will try to go online and decline thetransaction if this is not possible.
This profile differs from profile 24 as the issuer can interpret the TVR and CVRso does not need to decline certain conditions offline.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-75
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercan interpret TVR/CVR
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline plain text PIN, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN such as certain Cardholder Activated Terminals)• Signature, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals•
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.
©2010 MasterCard6-76 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
can interpret TVR/CVR
• If SDA fails, then the transaction must go online. If it is not possible to goonline, then the transaction is rejected.
• If ICC Data is missing, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card appears on an exception file, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-77
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercan interpret TVR/CVR
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 93 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCard6-78 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
can interpret TVR/CVR
Data Element Name Tag Mandatory Value
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-79
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercan interpret TVR/CVR
Data Element Name Tag Mandatory Value
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
©2010 MasterCard6-80 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
can interpret TVR/CVR
Data Element Name Tag Mandatory Value
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 AC 98 00
Issuer Action Code—Default 9F0D F0 50 AC 08 00
CVM List 8E 00000000 00000000 4201 4103 4203 5E031F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 1F FB 00
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-81
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
Profile 24: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (1)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages and sowill decline offline transactions where offline PIN errors occur.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use online PINat ATMs. “No CVM” is also supported. If offline PIN fails or if PIN entry isbypassed or not possible, the transaction will be declined.
This profile differs from profile 23 as the issuer cannot interpret the TVR andCVR so declines certain conditions offline.
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• Signature, if the terminal is able to perform it
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
©2010 MasterCard6-82 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction the transaction is
rejected offline.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then the
transaction the transaction is rejected offline.• If the PIN is bypassed, then the transaction is rejected offline.• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction is rejected offline.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-83
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 93 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
©2010 MasterCard6-84 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-85
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
©2010 MasterCard6-86 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 A8 00 00
Issuer Action Code—Online 9F0F F0 70 04 98 00
Issuer Action Code—Default 9F0D F0 50 04 08 00
CVM List 8E 00000000 00000000 4201 4103 4203 5E031F03
Card Issuer Action Code—Decline C3 19 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-87
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Profile 25: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (2)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages and sowill decline offline transactions where offline PIN errors occur.
The card supports offline PIN (plain text) which is preferred to signature, whichis preferred to online PIN at the POS. The card will always use online PINat ATMs. “No CVM” is also supported. If offline PIN fails or if PIN entry isbypassed or not possible, the transaction will be declined.
This profile differs from profile 24 as signature is preferred to online PIN.
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Signature, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
©2010 MasterCard6-88 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction the transaction is
rejected offline.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then the
transaction the transaction is rejected offline.• If the PIN is bypassed, then the transaction is rejected offline.• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction is rejected offline.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-89
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 92 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
©2010 MasterCard6-90 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of recordsfor log file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personal-ization system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-91
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
9F4A: Static Data Authentication TagList
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined byissuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero notallowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero notallowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
©2010 MasterCard6-92 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 A8 00 00
Issuer Action Code—Online 9F0F F0 70 04 98 00
Issuer Action Code—Default 9F0D F0 50 04 08 00
CVM List 8E 00000000 00000000 4201 4103 5E034203 1F03
Card Issuer Action Code—Decline C3 19 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-93
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (3)
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 26: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (3)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages but willallow online authorization of transactions where offline PIN errors occur.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use online PINat ATMs. “No CVM” is also supported. In the event of PIN or CVM issues thecard initiates an online authorization or declines the transaction as describedbelow.
This profile differs from profile 24 as the issuer wants to allow CVM fallbackand only decline transactions where CVM processing fails
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• Signature, if the terminal is able to perform it
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
©2010 MasterCard6-94 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (3)
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction the transaction is
rejected offline.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the terminal takes no action on this issue.• If the PIN pad is not working the terminal takes no action on this issue.• If the terminal erroneously considers the offline PIN to be approved, but it
has not been approved by the card, then the transaction is rejected offline.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-95
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (3)
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 93 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
©2010 MasterCard6-96 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (3)
Data Element Name Tag Mandatory Value
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
Signed Static Application Data 93
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-97
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (3)
Data Element Name Tag Mandatory Value
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
©2010 MasterCard6-98 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (3)
Data Element Name Tag Mandatory Value
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 80 00 00
Issuer Action Code—Online 9F0F F0 70 24 98 00
Issuer Action Code—Default 9F0D F0 50 24 08 00
CVM List 8E 00000000 00000000 4201 4103 4203 5E031F03
Card Issuer Action Code—Decline C3 01 00 00
Card Issuer Action Code—Online C5 0E FB 00
Card Issuer Action Code—Default C4 08 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-99
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (4)
Data Element Name Tag Mandatory Value
Issuer Authentication Flags (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 27: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (4)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages but willallow online authorization of transactions where offline PIN errors occur.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use online PINat ATMs. “No CVM” is also supported. In the event of PIN or CVM issues thecard initiates an online authorization or declines the transaction as describedbelow.
This profile differs from profile 26 as signature is preferred to online PIN.
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Signature, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
©2010 MasterCard6-100 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (4)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction the transaction is
rejected offline.• If the offline PIN fails (or if the offline PIN try limit is exceeded), then
the transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the terminal takes no action on this issue.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-101
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (4)
• If the PIN pad is not working the terminal takes no action on this issue.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction is rejected offline.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 92 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
©2010 MasterCard6-102 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (4)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-103
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (4)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
©2010 MasterCard6-104 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (4)
Data Element Name Tag Mandatory Value
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 80 00 00
Issuer Action Code—Online 9F0F F0 70 24 98 00
Issuer Action Code—Default 9F0D F0 50 24 08 00
CVM List 8E 00000000 00000000 4201 4103 5E03 42031F03
Card Issuer Action Code—Decline C3 01 00 00
Card Issuer Action Code—Online C5 0E FB 00
Card Issuer Action Code—Default C4 08 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-105
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 28: MasterCard/Debit MasterCard with SDA andsignature—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (1)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages.
The card does not support offline PIN. online PIN is preferred to signatureat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed or CVM processing is unsuccessful, the cardinitiates an online authorization or declines the transaction if this is not possible.
This profile differs from Profile 29 in that online PIN is preferred to signature atthe POS. This profile differs from Profile 30 in that certain transaction errors aredeclined offline.
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
©2010 MasterCard6-106 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if the terminal is able to perform it• Signature, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals•
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-107
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction is rejected.• If the PIN is bypassed, then the transaction is rejected.• If the PIN pad is not working the terminal takes no action on this issue.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 93 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB). The CAP Token Validationrequires ATC management and AC validation by the issuer using either a hostedCTVS or delegating the CAP Token validation to a third party, for example:MasterCard On Behalf Service.
©2010 MasterCard6-108 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-109
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
©2010 MasterCard6-110 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 88 00 00
Issuer Action Code—Online 9F0F F0 70 04 98 00
Issuer Action Code—Default 9F0D F0 50 04 08 00
CVM List 8E 00000000 00000000 4203 5E03 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-111
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 29: MasterCard/Debit MasterCard with SDA andsignature—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (2)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed or CVM processing is unsuccessful, the cardinitiates an online authorization or declines the transaction if this is not possible.
This profile differs from Profile 28 in that signature is preferred to online PIN atthe POS.
The profile is online preferring. The card must be able to operate offline andUpper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCard6-112 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Signature, if the terminal is able to perform it• Online PIN, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-113
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
• If the cardholder verification fails, then the transaction is rejected.
• If the PIN is bypassed, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 92 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB). The CAP Token Validationrequires ATC management and AC validation by the issuer using either a hostedCTVS or delegating the CAP Token validation to a third party, for example:MasterCard On Behalf Service.
©2010 MasterCard6-114 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-115
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
©2010 MasterCard6-116 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 88 00 00
Issuer Action Code—Online 9F0F F0 70 04 98 00
Issuer Action Code—Default 9F0D F0 50 04 08 00
CVM List 8E 00000000 00000000 4201 5E03 4203 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-117
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 30: MasterCard/Debit MasterCard with SDA andsignature—Mag Stripe Grade Issuer (3)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Mag Stripe grade host processing environment.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed or CVM processing is unsuccessful, thecard declines the transaction offline.
This profile differs from Profile 29 in that certain transactions errors areauthorized online.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normally beset to zero on a MasterCard product. The card may be configured as onlinepreferring.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCard6-118 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Signature, if the terminal is able to perform it• Online PIN, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-119
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 93 should be used.
©2010 MasterCard6-120 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB). The CAP Token Validationrequires ATC management and AC validation by the issuer using either a hostedCTVS or delegating the CAP Token validation to a third party, for example:MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-121
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
Data Element Name Tag Mandatory Value
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
©2010 MasterCard6-122 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
Data Element Name Tag Mandatory Value
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 AC 98 00
Issuer Action Code—Default 9F0D F0 50 AC 08 00
CVM List 8E 00000000 00000000 4201 5E03 4203 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-123
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Data Element Name Tag Mandatory Value
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 31: MasterCard/Debit MasterCard with SDA andsignature—Mag Stripe Grade Issuer (4)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Mag Stripe grade host processing environment. It includes aspecial setting to require online PIN domestically.
The card does not support offline PIN. Signature is preferred to online PINat the POS internationally. The card will always use online PIN at ATMs.“No CVM” is also supported. If PIN entry is bypassed or CVM processing isunsuccessful, the card declines the transaction offline.
This profile differs from Profile 30 in that domestic transactions require onlinePIN.
©2010 MasterCard6-124 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
The profile is online preferring for international transactions and online onlydomestically. The card must be able to operate offline and Upper Limitparameters are used in risk management to decide whether to accept thetransaction offline if online authorization is not completed. The Upper Limitsmay not normally be set to zero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Online PIN, if above amount “x”• Signature, if the terminal is able to perform it• Online PIN, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-125
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
• If ICC Data is missing, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card appears on an exception file, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.• If the cardholder verification fails, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the PIN is bypassed, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the PIN pad is not working the terminal takes no action on this issue.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card will request that the transactiongo online. If it is not possible to go online, then the transaction is acceptedoffline.
• If the transaction is domestic, the card will request that the transaction goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is “unable to go online” the transaction is rejected.
PayPass
Cards supporting this profile can also support PayPass.
©2010 MasterCard6-126 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
PayPass Standard Profile 93 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB). The CAP Token Validationrequires ATC management and AC validation by the issuer using either a hostedCTVS or delegating the CAP Token validation to a third party, for example:MasterCard On Behalf Service.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-127
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-128 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-129
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Data Element Name Tag Mandatory Value
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 8C 98 00
Issuer Action Code—Default 9F0D F0 50 8C 88 00
CVM List 8E 00000001 00000000 4201 4206 5E03 42031F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 42 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
©2010 MasterCard6-130 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 32: MasterCard/Debit MasterCard with SDA andsignature—Full Chip Issuer (3)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. “No CVM” is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 14 in that signature is preferred to online PIN atthe POS.
The card must be able to operate offline and Lower and Upper Limit parametersare used in risk management to decide whether to accept the transaction offlineor to request an online authorization. The Upper Limits may not normallybe set to zero on a MasterCard product. Internationally, the card is onlinepreferring. The card may be configured as online preferring domestically also.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-131
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Signature, if the terminal is able to perform it• Online PIN for other cases such as certain Cardholder Activated Terminals• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not normally supported.
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card the terminal takes no action on this issue.
©2010 MasterCard6-132 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working the terminal takes no action on this issue.• If the transaction amount exceeds the terminal floor limit, then the
transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is declined.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
PayPass
Cards supporting this profile can also support PayPass.
PayPass Standard Profile 92 should be used.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-133
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-134 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or
Debit MasterCard
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-135
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Upper Cumulative Offline TransactionAmount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 8C 98 00
Issuer Action Code—Default 9F0D F0 50 8C 88 00
CVM List 8E 00000000 00000000 4201 5E03 4203 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 04 FB 00
06 FB 00 may be used to make thecard “online preferring” in a domesticenvironment
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
©2010 MasterCard6-136 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 6-137
Chapter 7 Standard Profiles for MasterCard ElectronicThis chapter details the Standard Profiles that are available to an issuer for use with the MasterCardElectronic product.
Profile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer............ 7-1
Cardholder Verification ............................................................................................................ 7-1
Application Usage Control ....................................................................................................... 7-1
Application Interchange Profile ............................................................................................... 7-1
Issuer Risk Management .......................................................................................................... 7-1
PayPass.................................................................................................................................... 7-2
MasterCard Authentication Solutions for Chip ......................................................................... 7-2
Data Element List ..................................................................................................................... 7-2
Profile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer .............. 7-5
Cardholder Verification ............................................................................................................ 7-5
Application Usage Control ....................................................................................................... 7-6
Application Interchange Profile ............................................................................................... 7-6
Issuer Risk Management .......................................................................................................... 7-6
PayPass.................................................................................................................................... 7-6
MasterCard Authentication Solutions for Chip ......................................................................... 7-6
Data Element List ..................................................................................................................... 7-6
Profile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer............................ 7-9
Cardholder Verification .......................................................................................................... 7-10
Application Usage Control ..................................................................................................... 7-10
Application Interchange Profile ............................................................................................. 7-10
Issuer Risk Management ........................................................................................................ 7-10
PayPass.................................................................................................................................. 7-11
MasterCard Authentication Solutions for Chip ....................................................................... 7-11
Data Element List ................................................................................................................... 7-11
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 7-i
Standard Profiles for MasterCard ElectronicProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer
Profile 51: MasterCard Electronic with no offline CAM andoffline PIN—Full Chip Issuer
This Standard Profile is for the issuer of MasterCard Electronic cards supportingoffline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services. The cards willonly approve transactions if they are authorized online. The card does notsupport offline CAM.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use online PINat ATMs. “No CVM” is not supported. If offline PIN fails or if PIN entry isbypassed or not possible, the card will try to go online.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• Signature*, if the terminal is able to perform it
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:
• Terminal Risk Management
• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 7-1
Standard Profiles for MasterCard ElectronicProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer
The card is configured as “online only” and will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an international transaction, then the transaction mustgo online. If it is not possible to go online, then the transaction is rejected.
• If the transaction is an domestic transaction, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
PayPass
PayPass is not supported for MasterCard Electronic Standard Profiles.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCard7-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard ElectronicProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F N/A
Issuer Public Key Certificate 90 N/A
Issuer Public Key Remainder 92 N/A
Issuer Public Key Exponent 9F32 N/A
Static Data Authentication Tag List 9F4A N/A
Signed Static Application Data 93 N/A
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MC Electronic
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 7-3
Standard Profiles for MasterCard ElectronicProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B0 70 AC 98 00
Issuer Action Code—Default 9F0D B0 50 AC 80 00
CVM List 8E 00000000 00000000 4201 4103 4203 1E03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 1F FB 00
Card Issuer Action Code—Default C4 1F 50 00
Application Interchange Profile 82 18 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
©2010 MasterCard7-4 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard ElectronicProfile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 52: MasterCard Electronic with no offline CAM andsignature—Full Chip Issuer
This Standard Profile is for the issuer of MasterCard Electronic cards notsupporting offline PIN in a Full Chip grade host processing environment or theissuer uses one of the appropriate MasterCard on-behalf services. The cardswill only approve transactions if they are authorized online. The card does notsupport offline CAM.
The card supports online PIN, which is preferred to signature at the POS. Thecard will always use online PIN at ATMs. Neither offline PIN nor “No CVM”are supported. If PIN entry is bypassed or not possible, the card will try togo online.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if the terminal is able to perform it
• Signature*, if the terminal is able to perform it
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 7-5
Standard Profiles for MasterCard ElectronicProfile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The card is configured as “online only” and will never approve an offlinetransaction.
The settings for risk management are:• If the transaction is an international transaction, then the transaction must
go online. If it is not possible to go online, then the transaction is rejected.• If the transaction is an domestic transaction, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.
PayPass
PayPass is not supported for MasterCard Electronic Standard Profiles.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
©2010 MasterCard7-6 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard ElectronicProfile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer
Data Element Name Tag Mandatory Value
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
Certification Authority Public KeyIndex
8F N/A
Issuer Public Key Certificate 90 N/A
Issuer Public Key Remainder 92 N/A
Issuer Public Key Exponent 9F32 N/A
Static Data Authentication Tag List 9F4A N/A
Signed Static Application Data 93 N/A
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MC Electronic
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 7-7
Standard Profiles for MasterCard ElectronicProfile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer
Data Element Name Tag Mandatory Value
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
©2010 MasterCard7-8 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
Issuer Action Code—Online 9F0F B0 70 8C 98 00
Issuer Action Code—Default 9F0D B0 50 8C 80 00
CVM List 8E 00000000 00000000 4203 1E03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 06 50 00
Application Interchange Profile 82 18 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 53: MasterCard Electronic with DDA and offlinePIN—Full Chip Issuer
This Standard Profile is for the issuer of MasterCard Electronic cards supportingoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services. The cards will onlyapprove transactions if they are authorized online. The card supports DDA.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 7-9
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
The card supports offline PIN (enciphered and plain text) which is preferred toonline PIN, which is preferred to signature at the POS. The card will always useonline PIN at ATMs. “No CVM” is not supported. If offline PIN fails or if PINentry is bypassed or not possible, the card will try to go online.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline enciphered or plain text PIN, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• Signature*, if the terminal is able to perform it
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:
• DDA
• Terminal Risk Management
• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The card is configured as “online only” and will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an international transaction, then the transaction mustgo online. If it is not possible to go online, then the transaction is rejected.
• If the transaction is an domestic transaction, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
©2010 MasterCard7-10 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
PayPass
PayPass is not supported for MasterCard Electronic Standard Profiles.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C 9F 4D020Bxx (xx number of records forlog file)
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 7-11
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MC Electronic
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
©2010 MasterCard7-12 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer (zero not allowed)
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer (zero not allowed)
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03
PIN Try Counter 9F17 03
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Previous Transaction History 00
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 AC 98 00
Issuer Action Code—Default 9F0D B8 50 AC 80 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 7-13
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
CVM List 8E 00000000 00000000 4201 4403 4103 42031E03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 1F FB 00
Card Issuer Action Code—Default C4 1F 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard7-14 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Chapter 8 Standard Profiles for PayPassThis chapter details the Standard Profiles that are available to an issuer for the PayPass contactlessinterface. M/Chip 4 is a dual-interface application.
Profiles Overview for PayPass ....................................................................................................... 8-1
Profile 91: Maestro PayPass with CDA .......................................................................................... 8-1
Data Elements for Application Selection.................................................................................. 8-1
Data Elements Referenced in the AFL (PayPass) ..................................................................... 8-2
Mandatory File Structure for PayPass Standard Profiles—SFI 1 ......................................... 8-2
Mandatory File Structure for PayPass Standard Profiles—SFI 2 ......................................... 8-2
Mandatory File Structure for PayPass Standard Profiles—SFI 3 ......................................... 8-3
Mandatory File Structure for PayPass Standard Profiles—SFI 4 ......................................... 8-4
Data Elements that Must Not Be Included......................................................................... 8-4
Get Processing Options Response ........................................................................................... 8-4
Card Risk Management ............................................................................................................ 8-4
Secret Keys .............................................................................................................................. 8-5
Miscellaneous .......................................................................................................................... 8-6
Profile 92: MasterCard/Debit MasterCard PayPass with SDA, signature preferred to onlinePIN................................................................................................................................................. 8-7
Data Elements for Application Selection.................................................................................. 8-7
Data Elements Referenced in the AFL (PayPass) ..................................................................... 8-7
Mandatory File Structure for PayPass Standard Profiles—SFI 1 ......................................... 8-7
Mandatory File Structure for PayPass Standard Profiles—SFI 2 ......................................... 8-9
Mandatory File Structure for PayPass Standard Profiles—SFI 3 ....................................... 8-10
Mandatory File Structure for PayPass Standard Profiles—SFI 4 ....................................... 8-10
Data Elements that Must Not Be Included....................................................................... 8-11
Get Processing Options Response ......................................................................................... 8-11
Card Risk Management .......................................................................................................... 8-11
Secret Keys ............................................................................................................................ 8-12
Miscellaneous ........................................................................................................................ 8-13
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred tosignature ...................................................................................................................................... 8-13
Data Elements for Application Selection................................................................................ 8-14
Data Elements Referenced in the AFL (PayPass) ................................................................... 8-14
Mandatory File Structure for PayPass Standard Profiles—SFI 1 ....................................... 8-14
Mandatory File Structure for PayPass Standard Profiles—SFI 2 ....................................... 8-16
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-i
Standard Profiles for PayPass
Mandatory File Structure for PayPass Standard Profiles—SFI 3 ....................................... 8-17
Mandatory File Structure for PayPass Standard Profiles—SFI 4 ....................................... 8-17
Data Elements that Must Not Be Included....................................................................... 8-17
Get Processing Options Response ......................................................................................... 8-18
Card Risk Management .......................................................................................................... 8-18
Secret Keys ............................................................................................................................ 8-19
Miscellaneous ........................................................................................................................ 8-19
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to onlinePIN............................................................................................................................................... 8-20
Data Elements for Application Selection................................................................................ 8-20
Data Elements Referenced in the AFL (PayPass) ................................................................... 8-21
Mandatory File Structure for PayPass Standard Profiles—SFI 1 ....................................... 8-21
Mandatory File Structure for PayPass Standard Profiles—SFI 2 ....................................... 8-22
Mandatory File Structure for PayPass Standard Profiles—SFI 3 ....................................... 8-23
Mandatory File Structure for PayPass Standard Profiles—SFI 4 ....................................... 8-24
Data Elements that Must Not Be Included....................................................................... 8-24
Get Processing Options Response ......................................................................................... 8-25
Card Risk Management .......................................................................................................... 8-25
Secret Keys ............................................................................................................................ 8-26
Miscellaneous ........................................................................................................................ 8-27
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature.................................................................................................................................................... 8-27
Data Elements for Application Selection................................................................................ 8-28
Data Elements Referenced in the AFL (PayPass) ................................................................... 8-28
Mandatory File Structure for PayPass Standard Profiles—SFI 1 ....................................... 8-28
Mandatory File Structure for PayPass Standard Profiles—SFI 2 ....................................... 8-30
Mandatory File Structure for PayPass Standard Profiles—SFI 3 ....................................... 8-31
Mandatory File Structure for PayPass Standard Profiles—SFI 4 ....................................... 8-31
Data Elements that Must Not Be Included....................................................................... 8-32
Get Processing Options Response ......................................................................................... 8-32
Card Risk Management .......................................................................................................... 8-32
Secret Keys ............................................................................................................................ 8-33
Miscellaneous ........................................................................................................................ 8-34
©2010 MasterCard8-ii 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profiles Overview for PayPass
Profiles Overview for PayPassDepending on the Standard Profile adopted for the contact interface, one of thestandard profiles for PayPass will apply, according to the following table.
Contact StandardProfile
PayPass StandardProfile
Contact StandardProfile
PayPass StandardProfile
Profile 01 n/a Profile 21 PayPass Profile 94
Profile 02 PayPass Profile 91 Profile 22 PayPass Profile 94
Profile 03 PayPass Profile 91 Profile 23 PayPass Profile 93
Profile 04 n/a Profile 24 PayPass Profile 93
Profile 05 n/a Profile 25 PayPass Profile 92
Profile 11 PayPass Profile 92 Profile 26 PayPass Profile 93
Profile 12 PayPass Profile 93 Profile 27 PayPass Profile 92
Profile 13 PayPass Profile 92 Profile 28 PayPass Profile 93
Profile 14 PayPass Profile 93 Profile 29 PayPass Profile 92
Profile 15 PayPass Profile 92 Profile 30 PayPass Profile 92
Profile 16 PayPass Profile 94 Profile 31 PayPass Profile 93
Profile 17 PayPass Profile 95 Profile 32 PayPass Profile 92
Profile 18 PayPass Profile 94 Profile 51 n/a
Profile 19 PayPass Profile 95 Profile 52 n/a
Profile 20 PayPass Profile 94 Profile 53 n/a
Profile 91: Maestro PayPass with CDAThis profile may be used with the contact Standard Profile 02 or 03.
The PayPass interface supports CDA.
Data Elements for Application Selection
Data Element Name Tag Mandatory Values Presence
AID '4F' A0000000043060 M
DF Name '84' A0000000043060 M
Application Label '50' MAESTRO O
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-1
Standard Profiles for PayPass
Profile 91: Maestro PayPass with CDA
Data Element Name Tag Mandatory Values Presence
Application PriorityIndicator
'87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
FCI Issuer DiscretionaryData
'BF0C' Determined by issuer O
Log Entry '9F4D' Byte 1: Lower bits containthe SFI of the transactionlog file (11) Byte 2:Maximum number ofrecords in the transactionlog file
O
Data Elements Referenced in the AFL (PayPass)
Mandatory File Structure for PayPass Standard Profiles—SFI 1
SFI 1 contains the data objects for PayPass—Mag Stripe transactions. ThePayPass—Mag Stripe profile is not supported for Maestro PayPass.
Data Element Name Tag Mandatory Values Presence
Mag Stripe Application VersionNumber
9F6C' 'FFFF' M
Mandatory File Structure for PayPass Standard Profiles—SFI 2
Data Element Name Tag Mandatory Values Presence
Track 2 Equivalent Data '57' Determined by issuer M
Application Primary AccountNumber
'5A' Determined by issuer M
Application Expiration Date '5F24' Determined by issuer M
Application Effective Date '5F25' Determined by issuer O
Issuer Country Code '5F28' Determined by issuer M
Application PAN SequenceNumber
'5F34' Determined by issuer M
©2010 MasterCard8-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 91: Maestro PayPass with CDA
Data Element Name Tag Mandatory Values Presence
CDOL1 '8C' 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 039C 01 9F 37 04 9F 35 019F 45 02 9F 4C 08 9F 3403
M
CDOL2 '8D' 91 0A 8A 02 95 05 9F 3704 9F 4C 08
M
CVM List '8E' 00000000 00000000 1F03 M
Application Usage Control '9F07' 3D00 M
Application Version Number '9F08' 0002 M
Issuer Action Code—Denial '9F0E' 00 00 00 00 00 M
Issuer Action Code—Online '9F0F' B4 70 80 80 00 M
Issuer Action Code—Default '9F0D' B4 50 80 80 00 M
Application Currency Code '9F42' Determined by issuer C
SDA Tag List '9F4A' 82 M
Mandatory File Structure for PayPass Standard Profiles—SFI 3
Table 8.1—Record 1 of SFI 3
Data Element Name Tag Mandatory Values Presence
Certification Authority PublicKey Index
'8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer (Seenote below)
C
Issuer Public Key Certificate '90' Determined by issuer M
NOTE
The Issuer Public Key Remainder is present if NI > (NCA—36).
Table 8.2—Record 2 of SFI 3
Data Element Name Tag Mandatory Values Presence
Signed Static Application Data '93' 'FF' M
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-3
Standard Profiles for PayPass
Profile 91: Maestro PayPass with CDA
Mandatory File Structure for PayPass Standard Profiles—SFI 4
Table 8.3—Record 1 of SFI 4
Data Element Name Tag Mandatory Values Presence
ICC Public Key Exponent '9F47' Determined by issuer M
ICC Public Key Remainder '9F48' Determined by issuer (Seenote below)
C
NOTE
The ICC Public Key Remainder is present if NIC > (NI—42).
Table 8.4—Record 2 of SFI 4
Data Element Name Tag Mandatory Values Presence
ICC Public Key Certificate '9F46' Determined by issuer M
Data Elements that Must Not Be Included
The following data element must not be included in the records referencedin the AFL (PayPass).
Data Element Name Tag
Cardholder Name '5F20'
Get Processing Options Response
Table 8.5—Persistent Data Elements for Get Processing Options Response
Data Element Name Tag Mandatory Values
AIP (PayPass) 'D8' 1980
AFL (PayPass) 'D9' 08 01 01 00 10 01 01 01 18 01 02 00 2001 02 00 20 01 02 00 20 01 02 00
Card Risk Management
Unless otherwise indicated, card risk management data elements are sharedbetween the contact and contactless interface and must be configured in thesame way as for the M/Chip 4 application.
©2010 MasterCard8-4 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 91: Maestro PayPass with CDA
Table 8.6—Persistent Data Elements for Card Risk Management
Data Element Name Tag Mandatory Values
Lower Consecutive OfflineLimit
'9F14' Determined by issuer.
Upper Consecutive OfflineLimit
'9F23' Determined by issuer
Lower Cumulative OfflineTransaction Amount
'CA' Determined by issuer.
Upper Cumulative OfflineTransaction Amount
'CB' Determined by issuer
Application Control (PayPass) 'D7' 00 00 80
Card Issuer Action Code(PayPass)—Decline
'CF' 08 00 00
Card Issuer Action Code(PayPass)—Online
'CE' 00 F0 00, or 06 F0 00 for onlinepreferring card
Card Issuer Action Code(PayPass)—Default
'CD' 00 50 00
CDOL1 Related Data Length 'C7' 2B
CRM Country Code 'C8' Same value as Issuer Country Code.
CRM Currency Code 'C9' Same value as Application CurrencyCode
Currency Conversion table 'D1' Determined by issuer (see notebelow)
Additional Check Table 'D3' Not used. Personalized withhexadecimal zeroes
NOTE
The currency code in each entry in the Currency Conversion table must be set to the same valueas the CRM Currency Code.
Secret Keys
The Triple DES keys listed below are derived from their corresponding issuermaster keys using a unique identifier from the card such as the PAN, and areoften referred to as diversified keys.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-5
Standard Profiles for PayPass
Profile 91: Maestro PayPass with CDA
Table 8.7—Triple DES keys
Data Element Name Tag Mandatory Values
ICC Dynamic Number MasterKey (MKIDN)
– Determined by issuer
SM for Integrity Master Key(MKSMI)
– Determined by issuer
SM for Confidentiality MasterKey (MKSMC)
– Determined by issuer
AC Master Key (MKAC) – Determined by issuer
ICC Derived Key for CVC3Generation (KDCVC3)
– Not used. Random non-zero valuerecommended
Table 8.8—RSA keys
Data Element Name Tag Mandatory Values
Length of ICC Public KeyModulus
– Determined by issuer
ICC Private Key – Determined by issuer
Length of ICC PIN EnciphermentPublic Key Modulus
– Determined by issuer
ICC PIN Encipherment PrivateKey
– Determined by issuer
Miscellaneous
Table 8.9—Miscellaneous Persistent Data Elements
Data Element Name Tag Mandatory Values
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separationof the loading of the application codeand the personalization data, only partof the Application Life Cycle Data maybe personalized
Log Format '9F4F' Content of records in Log of Transactions
Static CVC3TRACK1 'DA' 0000
Static CVC3TRACK2 'DB' 0000
©2010 MasterCard8-6 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 92: MasterCard/Debit MasterCard PayPass with SDA, signature preferred to online PIN
Data Element Name Tag Mandatory Values
IVCVC3TRACK1 'DC' 0000
IVCVC3TRACK2 'DD' 0000
Profile 92: MasterCard/Debit MasterCard PayPass withSDA, signature preferred to online PIN
This profile may be used with the contact Standard Profile 11, 13, 15 25, 27,29, 30, or 32.
The PayPass interface supports SDA.
Data Elements for Application Selection
Data Element Name Tag Mandatory Values Presence
AID '4F' A0000000041010 M
DF Name '84' A0000000041010 M
Application Label '50' MASTERCARD orDebit MasterCard
O
Application Priority Indicator '87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
FCI Issuer Discretionary Data 'BF0C' Determined by issuer O
Log Entry '9F4D' Byte 1: Lower bitscontain the SFI of thetransaction log file(11) Byte 2: Maximumnumber of records inthe transaction log file
O
Data Elements Referenced in the AFL (PayPass)
Mandatory File Structure for PayPass Standard Profiles—SFI 1
SFI 1 contains the data objects for PayPass—Mag Stripe transactions. ThePayPass—Mag Stripe data objects must always be included in Record 1 of SFI 1.The first four bytes of the AFL (PayPass) must always be equal to '08010100'.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-7
Standard Profiles for PayPass
Profile 92: MasterCard/Debit MasterCard PayPass with SDA, signature preferred to online PIN
Table 8.10—Record 1, SFI 1
Data Element Name Tag Mandatory Values Presence
Mag Stripe Application VersionNumber
'9F6C' '0001' M
PCVC3TRACK1 '9F62' Determined by issuer (Seenotes C and D below)
M
PUNATCTRACK1 '9F63' Determined by issuer (Seenotes C and E below)
M
Track 1 Data '56' Determined by issuer (Seenotes A and B below)
M
NATCTRACK1 '9F64' Determined by issuer (Seenotes E and F below)
M
PCVC3TRACK2 '9F65' Determined by issuer (Seenotes C and D below)
M
PUNATCTRACK2 '9F66' Determined by issuer (Seenotes C and E below)
M
Track 2 Data '9F6B' Determined by issuer(See note B below)
M
NATCTRACK2 '9F67' Determined by issuer (Seenotes E and F below)
M
NOTE
A) The storage of the cardholder name in the Track 1 Data is prohibited by MasterCard. Issuers mustuse a space character followed by the surname separator (" /").
NOTE
B) The placeholders for the dynamic data in the discretionary data, at the positions where thePayPass reader stores the ATC, UN, CVC3 and n<CS.Subscript>UN</CS.Subscript>, should be filledwith zeroes (hexadecimal zeroes ('0') for Track 2 Data and ASCII zeroes ('30') for Track 1 Data). Theleast significant position of the discretionary data is used by the PayPass reader to store nUN. Ifthe issuer intends to use MasterCard On-behalf Service for dynamic CVC3 verification and if thePAN Sequence Number is present in the discretionary data and if the PAN Sequence Number is usedfor the derivation of KDCVC3, then the length of the PAN Sequence Number must be maximum 1significant digit.
NOTE
C) The bit map must only have non-zero bits that refer to available positions in the discretionary datafield of the corresponding Track Data. The least significant bit of the bit map must be set to zero.
NOTE
D) The number of non-zero bits in the bit map must be greater than or equal to 3.
©2010 MasterCard8-8 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 92: MasterCard/Debit MasterCard PayPass with SDA, signature preferred to online PIN
NOTE
E) The number of non-zero bits in PUNATCTRACK1 minus the value of NATCTRACK1 must be greater thanor equal to zero, less than or equal to 8 and equal to the number of non-zero bits in PUNATCTRACK2minus the value of NATCTRACK2.
NOTE
F) If the issuer intends to make use of the MasterCard on-behalf Service for dynamic CVC3verification, then the value of NATCTRACK1 and the value of NATCTRACK2 must be greater than or equalto 3 for the CVC3 Validation in Stand-in Service or greater than or equal to 2 for the Dynamic CVC3Pre-validation Service or the PayPass Mapping Service (processing only option).
Mandatory File Structure for PayPass Standard Profiles—SFI 2
Table 8.11—Record 1, SFI 2
Data Element Name Tag Mandatory Values Presence
Track-2 Equivalent Data '57' Determined by issuer(See note A below)
M
Application Primary AccountNumber
'5A' Determined by issuer M
Application Expiration Date '5F24' Determined by issuer M
Application Effective Date '5F25' Determined by issuer O
Issuer Country Code '5F28' Determined by issuer M
Application PAN SequenceNumber
'5F34' Determined by issuer M
CDOL1 '8C' M/Chip Lite: 9F 02 06 9F03 06 9F 1A 02 95 05 5F2A 02 9A 03 9C 01 9F 3704 9F 35 01 9F 45 02 9F34 03
M/Chip Select: 9F 02 069F 03 06 9F 1A 02 95 055F 2A 02 9A 03 9C 01 9F37 04 9F 35 01 9F 45 029F 4C 08 9F 34 03
M
CDOL2 '8D' M/Chip Lite: 91 0A 8A02 95 05
M/Chip Select: 91 0A 8A02 95 05 9F 37 04 9F 4C08
M
CVM List '8E' 00000000 00000000 5E034203 1F03
M
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-9
Standard Profiles for PayPass
Profile 92: MasterCard/Debit MasterCard PayPass with SDA, signature preferred to online PIN
Data Element Name Tag Mandatory Values Presence
Application Usage Control '9F07' 3D00 M
Application Version Number '9F08' 0002 M
Issuer Action Code—Denial '9F0E' 00 00 00 00 00 M
Issuer Action Code—Online '9F0F' F0 70 84 80 00 M
Issuer Action Code—Default '9F0D' F0 50 84 00 00 M
Application Currency Code '9F42' Determined by issuer C
SDA Tag List '9F4A' 82 M
NOTE
A) An issuer that supports online PIN change using the PVV on the Track 2 Equivalent Data mustnot include the Track 2 Equivalent Data in a record used as input for static data authentication. Inthis case, the standard profile cannot be used.
Mandatory File Structure for PayPass Standard Profiles—SFI 3
Table 8.12—Record 1, SFI 3
Data Element Name Tag Mandatory Values Presence
Certification Authority Public KeyIndex
'8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer(See note below)
C
Issuer Public Key Certificate '90' Determined by issuer M
NOTE
The Issuer Public Key Remainder is present if NI > (NCA—36).
Table 8.13—Record 2, SFI 3
Data Element Name Tag Mandatory Values Presence
Signed Static Application Data '93' Determined by issuer M
Mandatory File Structure for PayPass Standard Profiles—SFI 4
SFI 4 is only present when CDA is supported and is not used in this profile.
©2010 MasterCard8-10 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 92: MasterCard/Debit MasterCard PayPass with SDA, signature preferred to online PIN
Data Elements that Must Not Be Included
The following data element must not be included in the records referencedin the AFL (PayPass).
Table 8.14—Data Elements that Must Not Be Included
Data Element Name Tag
Cardholder Name '5F20'
Get Processing Options Response
Table 8.15—Persistent Data Elements for Get Processing Options Response
Data Element Name Tag Mandatory Values
AFL (PayPass) 'D9' 08 01 01 00 10 01 01 01 18 01 02 00
AIP (PayPass) 'D8' 5880
Card Risk Management
Unless otherwise indicated, card risk management data elements are sharedbetween the contact and contactless interface and must be configured in thesame way as for the M/Chip 4 application.
Table 8.16—Persistent Data Elements for Card Risk Management
Data Element Name Tag Mandatory Values
Lower Consecutive Offline Limit '9F14' Determined by issuer
Upper Consecutive Offline Limit '9F23' Determined by issuer
Lower Cumulative OfflineTransactionAmount
'CA' Determined by issuer
Upper Cumulative OfflineTransaction Amount
'CB' Determined by issuer
Application Control (PayPass) 'D7' 00 00 40
Card Issuer Action Code(PayPass)—Decline
'CF' 08 00 00
Card Issuer Action Code(PayPass)—Online
'CE' 00 F0 00, or 06 F0 00 for onlinepreferring card
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-11
Standard Profiles for PayPass
Profile 92: MasterCard/Debit MasterCard PayPass with SDA, signature preferred to online PIN
Data Element Name Tag Mandatory Values
Card Issuer Action Code(PayPass)—Default
'CD' 00 50 00
CDOL1 Related Data Length 'C7' M/Chip Lite: 23
M/Chip Select: 2B
CRM Country Code 'C8' Same value as Issuer Country Code
CRM Currency Code 'C9' Same value as Application CurrencyCode
Currency Conversion table 'D1' Determined by issuer (See note below)
Additional Check Table 'D3' Not used. Personalized withhexadecimal zeroes
NOTE
The currency code in each entry in the Currency Conversion table must be set to the same valueas the CRM Currency Code.
Secret Keys
The Triple DES keys listed below are derived from their corresponding issuermaster keys using a unique identifier from the card such as the PAN, and areoften referred to as diversified keys.
Table 8.17—Triple DES Keys
Data Element Name Tag Mandatory Values
ICC Dynamic Number MasterKey (MKIDN)
– Determined by issuer
AC Master Key (MKAC) – Determined by issuer
SM for Integrity Master Key(MKSMI)
– Determined by issuer
SM for Confidentiality MasterKey (MKSMC)
– Determined by issuer
ICC Derived Key for CVC3Generation (KDCVC3)
– Determined by issuer
©2010 MasterCard8-12 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred to signature
Miscellaneous
Table 8.18—Miscellaneous Persistent Data Elements
Data Element Name Tag Mandatory Values
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separationbetween the loading of the applicationcode and the personalization data on thehardware, only part of the ApplicationLife Cycle Data may be personalized
Log Format '9F4F' The content of records in the Log ofTransactions
Static CVC3TRACK1 'DA' '0000'
Static CVC3TRACK2 'DB' '0000'
IVCVC3TRACK1 'DC' Determined by issuer (See notes A andB below)
IVCVC3TRACK2 'DD' Determined by issuer (See notes A andB below)
NOTE
A) MasterCard strongly recommends to use for IVCVC3TRACK1 the two least significant bytes of theresult of a MAC over the Track 1 Data as stored in Record 1, SFI 1. In the same way IVCVC3TRACK2should be the two least significant bytes of the result of a MAC calculated over the Track 2 Dataas stored in Record 1, SFI 1.
If the issuer intends to use MasterCard On-behalf Service for dynamic CVC3 verification, then forIVCVC3 generation the placeholders for the dynamic data in the discretionary data of Track 1 Dataand Track 2 Data, at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN, mustbe filled with zeroes (hexadecimal zeroes for Track 2 Data and ASCII zeroes ('30') for Track 1 Data).
NOTE
B) MasterCard strongly recommends to use for IVCVC3 generation the ISO/IEC 9797-1 MACalgorithm 3 with DES block cipher and an initial vector of zero (8 bytes). If the issuer intends to useMasterCard On-behalf Service for dynamic CVC3 verification, then this algorithm must be used.
Profile 93: MasterCard/Debit MasterCard PayPass withSDA, online PIN preferred to signature
This profile may be used with the contact Standard Profile 12, 14, 23, 24, 26,28, or 31.
The PayPass interface supports SDA.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-13
Standard Profiles for PayPass
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred to signature
Data Elements for Application Selection
Data Element Name Tag Mandatory Values Presence
AID '4F' A0000000041010 M
DF Name '84' A0000000041010 M
Application Label '50' MASTERCARD orDebit MasterCard
O
Application Priority Indicator '87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
FCI Issuer Discretionary Data 'BF0C' Determined by issuer O
Log Entry '9F4D' Byte 1: Lower bitscontain the SFI of thetransaction log file(11) Byte 2: Maximumnumber of records inthe transaction log file
O
Data Elements Referenced in the AFL (PayPass)
Mandatory File Structure for PayPass Standard Profiles—SFI 1
SFI 1 contains the data objects for PayPass—Mag Stripe transactions. ThePayPass—Mag Stripe data objects must always be included in Record 1 of SFI 1.The first four bytes of the AFL (PayPass) must always be equal to '08010100'.
Table 8.19—Record 1, SFI 1
Data Element Name Tag Mandatory Values Presence
Mag Stripe Application VersionNumber
'9F6C' '0001' M
PCVC3TRACK1 '9F62' Determined by issuer (Seenotes C and D below)
M
PUNATCTRACK1 '9F63' Determined by issuer (Seenotes C and E below)
M
Track 1 Data '56' Determined by issuer (Seenotes A and B below)
M
NATCTRACK1 '9F64' Determined by issuer (Seenotes E and F below)
M
©2010 MasterCard8-14 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred to signature
Data Element Name Tag Mandatory Values Presence
PCVC3TRACK2 '9F65' Determined by issuer (Seenotes C and D below)
M
PUNATCTRACK2 '9F66' Determined by issuer (Seenotes C and E below)
M
Track 2 Data '9F6B' Determined by issuer(See note B below)
M
NATCTRACK2 '9F67' Determined by issuer (Seenotes E and F below)
M
NOTE
A) The storage of the cardholder name in the Track 1 Data is prohibited by MasterCard. Issuers mustuse a space character followed by the surname separator (" /").
NOTE
B) The placeholders for the dynamic data in the discretionary data, at the positions where thePayPass reader stores the ATC, UN, CVC3 and nUN, should be filled with zeroes (hexadecimal zeroes('0') for Track 2 Data and ASCII zeroes ('30') for Track 1 Data). The least significant position of thediscretionary data is used by the PayPass reader to store nUN. If the issuer intends to use MasterCardOn-behalf Service for dynamic CVC3 verification and if the PAN Sequence Number is present in thediscretionary data and if the PAN Sequence Number is used for the derivation of KDCVC3, then thelength of the PAN Sequence Number must be maximum 1 significant digit.
NOTE
C) The bit map must only have non-zero bits that refer to available positions in the discretionary datafield of the corresponding Track Data. The least significant bit of the bit map must be set to zero.
NOTE
D) The number of non-zero bits in the bit map must be greater than or equal to 3.
NOTE
E) The number of non-zero bits in PUNATCTRACK1 minus the value of NATCTRACK1 must be greater thanor equal to zero, less than or equal to 8 and equal to the number of non-zero bits in PUNATCTRACK2minus the value of NATCTRACK2.
NOTE
F) If the issuer intends to use MasterCard On-behalf Service for dynamic CVC3 verification, then thevalue of NATCTRACK1 and the value of NATCTRACK2 must be greater than or equal to 3 for the CVC3Validation in Stand-in Service or greater than or equal to 2 for the Dynamic CVC3 Pre-validationService or the PayPass Mapping Service (processing only option).
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-15
Standard Profiles for PayPass
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred to signature
Mandatory File Structure for PayPass Standard Profiles—SFI 2
Table 8.20—Record 1, SFI 2
Data Element Name Tag Mandatory Values Presence
Track-2 Equivalent Data '57' Determined by issuer(See note A below)
M
Application Primary AccountNumber
'5A' Determined by issuer M
Application Expiration Date '5F24' Determined by issuer M
Application Effective Date '5F25' Determined by issuer O
Issuer Country Code '5F28' Determined by issuer M
Application PAN SequenceNumber
'5F34' Determined by issuer M
CDOL1 '8C' M/Chip Lite: 9F 02 06 9F03 06 9F 1A 02 95 05 5F2A 02 9A 03 9C 01 9F 3704 9F 35 01 9F 45 02 9F34 03
M/Chip Select: 9F 02 069F 03 06 9F 1A 02 95 055F 2A 02 9A 03 9C 01 9F37 04 9F 35 01 9F 45 029F 4C 08 9F 34 03
M
CDOL2 '8D' M/Chip Lite: 91 0A 8A02 95 05
M/Chip Select: 91 0A 8A02 95 05 9F 37 04 9F 4C08
M
CVM List '8E' 00000000 00000000 42035E03 1F03
M
Application Usage Control '9F07' 3D00 M
Application Version Number '9F08' 0002 M
Issuer Action Code—Denial '9F0E' 00 00 00 00 00 M
Issuer Action Code—Online '9F0F' F0 70 84 80 00 M
Issuer Action Code—Default '9F0D' F0 50 84 00 00 M
Application Currency Code '9F42' Determined by issuer C
SDA Tag List '9F4A' 82 M
©2010 MasterCard8-16 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred to signature
NOTE
A) An issuer that supports online PIN change using the PVV on the Track 2 Equivalent Data mustnot include the Track 2 Equivalent Data in a record used as input for static data authentication. Inthis case, the standard profile cannot be used.
Mandatory File Structure for PayPass Standard Profiles—SFI 3
Table 8.21—Record 1, SFI 3
Data Element Name Tag Mandatory Values Presence
Certification Authority Public KeyIndex
'8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer(See note below)
C
Issuer Public Key Certificate '90' Determined by issuer M
NOTE
The Issuer Public Key Remainder is present if NI > (NCA—36).
Table 8.22—Record 2, SFI 3
Data Element Name Tag Mandatory Values Presence
Signed Static Application Data '93' Determined by issuer M
Mandatory File Structure for PayPass Standard Profiles—SFI 4
SFI 4 is only present when CDA is supported and is not used in this profile.
Data Elements that Must Not Be Included
The following data element must not be included in the records referencedin the AFL (PayPass).
Table 8.23—Data Elements that Must Not Be Included
Data Element Name Tag
Cardholder Name '5F20'
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-17
Standard Profiles for PayPass
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred to signature
Get Processing Options Response
Table 8.24—Persistent Data Elements for Get Processing Options Response
Data Element Name Tag Mandatory Values
AFL (PayPass) 'D9' 08 01 01 00 10 01 01 01 18 01 02 00
AIP (PayPass) 'D8' 5880
Card Risk Management
Unless otherwise indicated, card risk management data elements are sharedbetween the contact and contactless interface and must be configured in thesame way as for the M/Chip 4 application.
Table 8.25—Persistent Data Elements for Card Risk Management
Data Element Name Tag Mandatory Values
Lower Consecutive Offline Limit '9F14' Determined by issuer
Upper Consecutive Offline Limit '9F23' Determined by issuer
Lower Cumulative OfflineTransactionAmount
'CA' Determined by issuer
Upper Cumulative OfflineTransaction Amount
'CB' Determined by issuer
Application Control (PayPass) 'D7' 00 00 40
Card Issuer Action Code(PayPass)—Decline
'CF' 08 00 00
Card Issuer Action Code(PayPass)—Online
'CE' 00 F0 00, or 06 F0 00 for onlinepreferring card
Card Issuer Action Code(PayPass)—Default
'CD' 00 50 00
CDOL1 Related Data Length 'C7' M/Chip Lite: 23
M/Chip Select: 2B
CRM Country Code 'C8' Same value as Issuer Country Code
CRM Currency Code 'C9' Same value as Application CurrencyCode
Currency Conversion table 'D1' Determined by issuer (See note below)
Additional Check Table 'D3' Not used. Personalized withhexadecimal zeroes
©2010 MasterCard8-18 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 93: MasterCard/Debit MasterCard PayPass with SDA, online PIN preferred to signature
NOTE
The currency code in each entry in the Currency Conversion table must be set to the same valueas the CRM Currency Code.
Secret Keys
The Triple DES keys listed below are derived from their corresponding issuermaster keys using a unique identifier from the card such as the PAN, and areoften referred to as diversified keys.
Table 8.26—Triple DES Keys
Data Element Name Tag Mandatory Values
ICC Dynamic Number MasterKey (MKIDN)
– Determined by issuer
AC Master Key (MKAC) – Determined by issuer
SM for Integrity Master Key(MKSMI)
– Determined by issuer
SM for Confidentiality MasterKey (MKSMC)
– Determined by issuer
ICC Derived Key for CVC3Generation (KDCVC3)
– Determined by issuer
Miscellaneous
Table 8.27—Miscellaneous Persistent Data Elements
Data Element Name Tag Mandatory Values
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separationbetween the loading of the applicationcode and the personalization data on thehardware, only part of the ApplicationLife Cycle Data may be personalized
Log Format '9F4F' The content of records in the Log ofTransactions
Static CVC3TRACK1 'DA' '0000'
Static CVC3TRACK2 'DB' '0000'
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-19
Standard Profiles for PayPass
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to online PIN
Data Element Name Tag Mandatory Values
IVCVC3TRACK1 'DC' Determined by issuer (See notes A andB below)
IVCVC3TRACK2 'DD' Determined by issuer (See notes A andB below)
NOTE
A) MasterCard strongly recommends to use for IVCVC3TRACK1 the two least significant bytes of theresult of a MAC over the Track 1 Data as stored in Record 1, SFI 1. In the same way IVCVC3TRACK2should be the two least significant bytes of the result of a MAC calculated over the Track 2 Dataas stored in Record 1, SFI 1.
If the issuer intends to use MasterCard On-behalf Service for dynamic CVC3 verification, then forIVCVC3 generation the placeholders for the dynamic data in the discretionary data of Track 1 Dataand Track 2 Data, at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN, mustbe filled with zeroes (hexadecimal zeroes for Track 2 Data and ASCII zeroes ('30') for Track 1 Data).
NOTE
B) MasterCard strongly recommends to use for IVCVC3 generation the ISO/IEC 9797-1 MACalgorithm 3 with DES block cipher and an initial vector of zero (8 bytes). If the issuer intends to useMasterCard On-behalf Service for dynamic CVC3 verification, then this algorithm must be used.
Profile 94: MasterCard/Debit MasterCard PayPass withCDA, signature preferred to online PIN
This profile may be used with the contact Standard Profile 16, 18, 20, 21 or 22.
The PayPass interface supports CDA.
Data Elements for Application Selection
Data Element Name Tag Mandatory Values Presence
AID '4F' A0000000041010 M
DF Name '84' A0000000041010 M
Application Label '50' MASTERCARD orDebit MasterCard
O
Application Priority Indicator '87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
©2010 MasterCard8-20 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to online PIN
Data Element Name Tag Mandatory Values Presence
FCI Issuer Discretionary Data 'BF0C' Determined by issuer O
Log Entry '9F4D' Byte 1: Lower bitscontain the SFI of thetransaction log file(11) Byte 2: Maximumnumber of records inthe transaction log file
O
Data Elements Referenced in the AFL (PayPass)
Mandatory File Structure for PayPass Standard Profiles—SFI 1
SFI 1 contains the data objects for PayPass—Mag Stripe transactions. ThePayPass—Mag Stripe data objects must always be included in Record 1 of SFI 1.The first four bytes of the AFL (PayPass) must always be equal to '08010100'.
Table 8.28—Record 1, SFI 1
Data Element Name Tag Mandatory Values Presence
Mag Stripe Application VersionNumber
'9F6C' '0001' M
PCVC3TRACK1 '9F62' Determined by issuer (Seenotes C and D below)
M
PUNATCTRACK1 '9F63' Determined by issuer (Seenotes C and E below)
M
Track 1 Data '56' Determined by issuer (Seenotes A and B below)
M
NATCTRACK1 '9F64' Determined by issuer (Seenotes E and F below)
M
PCVC3TRACK2 '9F65' Determined by issuer (Seenotes C and D below)
M
PUNATCTRACK2 '9F66' Determined by issuer (Seenotes C and E below)
M
Track 2 Data '9F6B' Determined by issuer(See note B below)
M
NATCTRACK2 '9F67' Determined by issuer (Seenotes E and F below)
M
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-21
Standard Profiles for PayPass
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to online PIN
NOTE
A) The storage of the cardholder name in the Track 1 Data is prohibited by MasterCard. Issuers mustuse a space character followed by the surname separator (" /").
NOTE
B) The placeholders for the dynamic data in the discretionary data, at the positions where thePayPass reader stores the ATC, UN, CVC3 and nUN, should be filled with zeroes (hexadecimal zeroes('0') for Track 2 Data and ASCII zeroes ('30') for Track 1 Data). The least significant position of thediscretionary data is used by the PayPass reader to store nUN. If the issuer intends to use MasterCardOn-behalf Service for dynamic CVC3 verification and if the PAN Sequence Number is present in thediscretionary data and if the PAN Sequence Number is used for the derivation of KDCVC3, then thelength of the PAN Sequence Number must be maximum 1 significant digit.
NOTE
C) The bit map must only have non-zero bits that refer to available positions in the discretionary datafield of the corresponding Track Data. The least significant bit of the bit map must be set to zero.
NOTE
D) The number of non-zero bits in the bit map must be greater than or equal to 3.
NOTE
E) The number of non-zero bits in PUNATCTRACK1 minus the value of NATCTRACK1 must be greater thanor equal to zero, less than or equal to 8 and equal to the number of non-zero bits in PUNATCTRACK2minus the value of NATCTRACK2.
NOTE
If the issuer intends to use MasterCard On-behalf Service for dynamic CVC3 verification, then thevalue of NATCTRACK1 and the value of NATCTRACK2 must be greater than or equal to 3 for the CVC3Validation in Stand-in Service or greater than or equal to 2 for the Dynamic CVC3 Pre-validationService or the PayPass Mapping Service (processing only option).
Mandatory File Structure for PayPass Standard Profiles—SFI 2
Table 8.29—Record 1, SFI 2
Data Element Name Tag Mandatory Values Presence
Track-2 Equivalent Data '57' Determined by issuer(See note A below)
M
Application Primary AccountNumber
'5A' Determined by issuer M
Application Expiration Date '5F24' Determined by issuer M
Application Effective Date '5F25' Determined by issuer O
©2010 MasterCard8-22 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to online PIN
Data Element Name Tag Mandatory Values Presence
Issuer Country Code '5F28' Determined by issuer M
Application PAN SequenceNumber
'5F34' Determined by issuer M
CDOL1 '8C' 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 039C 01 9F 37 04 9F 35 019F 45 02 9F 4C 08 9F 3403
M
CDOL2 '8D' 91 0A 8A 02 95 05 9F 3704 9F 4C 08
M
CVM List '8E' 00000000 00000000 5E034203 1F03
M
Application Usage Control '9F07' 3D00 M
Application Version Number '9F08' 0002 M
Issuer Action Code—Denial '9F0E' 00 00 00 00 00 M
Issuer Action Code—Online '9F0F' F0 70 84 80 00 M
Issuer Action Code—Default '9F0D' F0 50 84 00 00 M
Application Currency Code '9F42' Determined by issuer C
SDA Tag List '9F4A' 82 M
NOTE
A) An issuer that supports online PIN change using the PVV on the Track 2 Equivalent Data mustnot include the Track 2 Equivalent Data in a record used as input for static data authentication. Inthis case, the standard profile cannot be used.
Mandatory File Structure for PayPass Standard Profiles—SFI 3
Table 8.30—Record 1, SFI 3
Data Element Name Tag Mandatory Values Presence
Certification Authority Public KeyIndex
'8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer(See note below)
C
Issuer Public Key Certificate '90' Determined by issuer M
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-23
Standard Profiles for PayPass
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to online PIN
NOTE
The Issuer Public Key Remainder is present if NI > (NCA—36).
Table 8.31—Record 2, SFI 3
Data Element Name Tag Mandatory Values Presence
Signed Static Application Data '93' Determined by issuer M
Mandatory File Structure for PayPass Standard Profiles—SFI 4
SFI 4 is only present when CDA is supported (AIP (PayPass)[1][7] = 1).
Table 8.32—Record 1, SFI 4
Data Element Name Tag Mandatory Values Presence
ICC Public Key Exponent '9F47' Determined by issuer M
ICC Public Key Remainder '9F48' Determined by issuer(See note below)
C
NOTE
The ICC Public Key Remainder is present if NIC > (NI—42).
Table 8.33—Record 2, SFI 4
Data Element Name Tag Mandatory Values Presence
ICC Public Key Certificate '9F46' Determined by issuer M
Data Elements that Must Not Be Included
The following data element must not be included in the records referencedin the AFL (PayPass).
Table 8.34—Data Element that Must Not Be Included
Data Element Name Tag
Cardholder Name '5F20'
©2010 MasterCard8-24 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to online PIN
Get Processing Options Response
Table 8.35—Persistent Data Elements for Get Processing Options Response
Data Element Name Tag Mandatory Values
AFL (PayPass) 'D9' 08 01 01 00 10 01 01 01 18 01 02 00 2001 02 00
AIP (PayPass) 'D8' 1980
Card Risk Management
Unless otherwise indicated, card risk management data elements are sharedbetween the contact and contactless interface and must be configured in thesame way as for the M/Chip 4 application.
Table 8.36—Persistent Data Elements for Card Risk Management
Data Element Name Tag Mandatory Values
Lower Consecutive Offline Limit '9F14' Determined by issuer
Upper Consecutive Offline Limit '9F23' Determined by issuer
Lower Cumulative OfflineTransactionAmount
'CA' Determined by issuer
Upper Cumulative OfflineTransaction Amount
'CB' Determined by issuer
Application Control (PayPass) 'D7' 00 00 40
Card Issuer Action Code(PayPass)—Decline
'CF' 08 00 00
Card Issuer Action Code(PayPass)—Online
'CE' 00 F0 00, or 06 F0 00 for onlinepreferring card
Card Issuer Action Code(PayPass)—Default
'CD' 00 50 00
CDOL1 Related Data Length 'C7' 2B
CRM Country Code 'C8' Same value as Issuer Country Code
CRM Currency Code 'C9' Same value as Application CurrencyCode
Currency Conversion table 'D1' Determined by issuer (See note below)
Additional Check Table 'D3' Not used. Personalized withhexadecimal zeroes.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-25
Standard Profiles for PayPass
Profile 94: MasterCard/Debit MasterCard PayPass with CDA, signature preferred to online PIN
NOTE
The currency code in each entry in the Currency Conversion table must be set to the same valueas the CRM Currency Code.
Secret Keys
The Triple DES keys listed below are derived from their corresponding issuermaster keys using a unique identifier from the card such as the PAN, and areoften referred to as diversified keys.
Table 8.37—Triple DES Keys
Data Element Name Tag Mandatory Values
ICC Dynamic Number MasterKey (MKIDN)
– Determined by issuer
AC Master Key (MKAC) – Determined by issuer
SM for Integrity Master Key(MKSMI)
– Determined by issuer
SM for Confidentiality MasterKey (MKSMC)
– Determined by issuer
ICC Derived Key for CVC3Generation (KDCVC3)
– Determined by issuer
Table 8.38—RSA Keys
Data Element Name Tag Mandatory Values
Length of ICC Public KeyModulus
– Determined by issuer
ICC Private Key – Determined by issuer
Length of ICC PIN EnciphermentPublic Key Modulus
– Determined by issuer
ICC PIN Encipherment PrivateKey
– Determined by issuer
©2010 MasterCard8-26 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
Miscellaneous
Table 8.39—Miscellaneous Persistent Data Elements
Data Element Name Tag Mandatory Values
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separationbetween the loading of the applicationcode and the personalization data on thehardware, only part of the ApplicationLife Cycle Data may be personalized
Log Format '9F4F' The content of records in the Log ofTransactions
Static CVC3TRACK1 'DA' '0000'
Static CVC3TRACK2 'DB' '0000'
IVCVC3TRACK1 'DC' Determined by issuer (See notes A andB below)
IVCVC3TRACK2 'DD' Determined by issuer (See notes A andB below)
NOTE
A) MasterCard strongly recommends to use for IVCVC3TRACK1 the two least significant bytes of theresult of a MAC over the Track 1 Data as stored in Record 1, SFI 1. In the same way IVCVC3TRACK2should be the two least significant bytes of the result of a MAC calculated over the Track 2 Dataas stored in Record 1, SFI 1.
If the issuer intends to use MasterCard On-behalf Service for dynamic CVC3 verification, then forIVCVC3 generation the placeholders for the dynamic data in the discretionary data of Track 1 Dataand Track 2 Data, at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN, mustbe filled with zeroes (hexadecimal zeroes for Track 2 Data and ASCII zeroes ('30') for Track 1 Data).
NOTE
B) MasterCard strongly recommends to use for IVCVC3 generation the ISO/IEC 9797-1 MACalgorithm 3 with DES block cipher and an initial vector of zero (8 bytes). If the issuer intends to useMasterCard On-behalf Service for dynamic CVC3 verification, then this algorithm must be used.
Profile 95: MasterCard/Debit MasterCard PayPass withCDA, online PIN preferred to signature
This profile may be used with the contact Standard Profile 17 or 19.
The PayPass interface supports CDA.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-27
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
Data Elements for Application Selection
Data Element Name Tag Mandatory Values Presence
AID '4F' A0000000041010 M
DF Name '84' A0000000041010 M
Application Label '50' MASTERCARD orDebit MasterCard
O
Application Priority Indicator '87' Determined by issuer O
Language Preference '5F2D' Determined by issuer O
Issuer Code Table Index '9F11' Determined by issuer O
Application Preferred Name '9F12' Determined by issuer O
FCI Issuer Discretionary Data 'BF0C' Determined by issuer O
Log Entry '9F4D' Byte 1: Lower bitscontain the SFI of thetransaction log file(11) Byte 2: Maximumnumber of records inthe transaction log file
O
Data Elements Referenced in the AFL (PayPass)
Mandatory File Structure for PayPass Standard Profiles—SFI 1
SFI 1 contains the data objects for PayPass—Mag Stripe transactions. ThePayPass—Mag Stripe data objects must always be included in Record 1 of SFI 1.The first four bytes of the AFL (PayPass) must always be equal to '08010100'.
Table 8.40—Record 1, SFI 1
Data Element Name Tag Mandatory Values Presence
Mag Stripe Application VersionNumber
'9F6C' '0001' M
PCVC3TRACK1 '9F62' Determined by issuer (Seenotes C and D below)
M
PUNATCTRACK1 '9F63' Determined by issuer (Seenotes C and E below)
M
Track 1 Data '56' Determined by issuer (Seenotes A and B below)
M
NATCTRACK1 '9F64' Determined by issuer (Seenotes E and F below)
M
©2010 MasterCard8-28 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
Data Element Name Tag Mandatory Values Presence
PCVC3TRACK2 '9F65' Determined by issuer (Seenotes C and D below)
M
PUNATCTRACK2 '9F66' Determined by issuer (Seenotes C and E below)
M
Track 2 Data '9F6B' Determined by issuer(See note B below)
M
NATCTRACK2 '9F67' Determined by issuer (Seenotes E and F below)
M
NOTE
A) The storage of the cardholder name in the Track 1 Data is prohibited by MasterCard. Issuers mustuse a space character followed by the surname separator (" /").
NOTE
B) The placeholders for the dynamic data in the discretionary data, at the positions where thePayPass reader stores the ATC, UN, CVC3 and nUN, should be filled with zeroes (hexadecimal zeroes('0') for Track 2 Data and ASCII zeroes ('30') for Track 1 Data). The least significant position of thediscretionary data is used by the PayPass reader to store nUN. If the issuer intends to use MasterCardOn-behalf Service for dynamic CVC3 verification and if the PAN Sequence Number is present in thediscretionary data and if the PAN Sequence Number is used for the derivation of KDCVC3, then thelength of the PAN Sequence Number must be maximum 1 significant digit.
NOTE
C) The bit map must only have non-zero bits that refer to available positions in the discretionary datafield of the corresponding Track Data. The least significant bit of the bit map must be set to zero.
NOTE
D) The number of non-zero bits in the bit map must be greater than or equal to 3.
NOTE
E) The number of non-zero bits in PUNATCTRACK1 minus the value of NATCTRACK1 must be greater thanor equal to zero, less than or equal to 8 and equal to the number of non-zero bits in PUNATCTRACK2minus the value of NATCTRACK2.
NOTE
F) If the issuer intends to use MasterCard On-behalf Service for dynamic CVC3 verification, then thevalue of NATCTRACK1 and the value of NATCTRACK2 must be greater than or equal to 3 for the CVC3Validation in Stand-in Service or greater than or equal to 2 for the Dynamic CVC3 Pre-validationService or the PayPass Mapping Service (processing only option).
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-29
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
Mandatory File Structure for PayPass Standard Profiles—SFI 2
Table 8.41—Record 1, SFI 2
Data Element Name Tag Mandatory Values Presence
Track-2 Equivalent Data '57' Determined by issuer(See note A below)
M
Application Primary AccountNumber
'5A' Determined by issuer M
Application Expiration Date '5F24' Determined by issuer M
Application Effective Date '5F25' Determined by issuer O
Issuer Country Code '5F28' Determined by issuer M
Application PAN SequenceNumber
'5F34' Determined by issuer M
CDOL1 '8C' 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 039C 01 9F 37 04 9F 35 019F 45 02 9F 4C 08 9F 3403
M
CDOL2 '8D' 91 0A 8A 02 95 05 9F 3704 9F 4C 08
M
CVM List '8E' 00000000 00000000 42035E03 1F03
M
Application Usage Control '9F07' 3D00 M
Application Version Number '9F08' 0002 M
Issuer Action Code—Denial '9F0E' 00 00 00 00 00 M
Issuer Action Code—Online '9F0F' F0 70 84 80 00 M
Issuer Action Code—Default '9F0D' F0 50 84 00 00 M
Application Currency Code '9F42' Determined by issuer C
SDA Tag List '9F4A' 82 M
NOTE
A) An issuer that supports online PIN change using the PVV on the Track 2 Equivalent Data mustnot include the Track 2 Equivalent Data in a record used as input for static data authentication. Inthis case, the standard profile cannot be used.
©2010 MasterCard8-30 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
Mandatory File Structure for PayPass Standard Profiles—SFI 3
Table 8.42—Record 1, SFI 3
Data Element Name Tag Mandatory Values Presence
Certification Authority Public KeyIndex
'8F' Determined by issuer M
Issuer Public Key Exponent '9F32' Determined by issuer M
Issuer Public Key Remainder '92' Determined by issuer(See note below)
C
Issuer Public Key Certificate '90' Determined by issuer M
NOTE
The Issuer Public Key Remainder is present if NI > (NCA—36).
Table 8.43—Record 2, SFI 3
Data Element Name Tag Mandatory Values Presence
Signed Static Application Data '93' Determined by issuer M
Mandatory File Structure for PayPass Standard Profiles—SFI 4
SFI 4SFI 4 is only present when CDA is supported (AIP (PayPass)[1][7] = 1).
Table 8.44—Record 1, SFI 4
Data Element Name Tag Mandatory Values Presence
ICC Public Key Exponent '9F47' Determined by issuer M
ICC Public Key Remainder '9F48' Determined by issuer(See note below)
C
NOTE
The ICC Public Key Remainder is present if NIC > (NI—42).
Table 8.45—Record 2, SFI 4
Data Element Name Tag Mandatory Values Presence
ICC Public Key Certificate '9F46' Determined by issuer M
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-31
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
Data Elements that Must Not Be Included
The following data element must not be included in the records referencedin the AFL (PayPass).
Table 8.46—Data Element that Must Not Be Included
Data Element Name Tag
Cardholder Name '5F20'
Get Processing Options Response
Table 8.47—Persistent Data Elements for Get Processing Options Response
Data Element Name Tag Mandatory Values
AFL (PayPass) 'D9' 08 01 01 00 10 01 01 01 18 01 02 00 2001 02 00
AIP (PayPass) 'D8' 1980
Card Risk Management
Unless otherwise indicated, card risk management data elements are sharedbetween the contact and contactless interface and must be configured in thesame way as for the M/Chip 4 application.
Table 8.48—Persistent Data Elements for Card Risk Management
Data Element Name Tag Mandatory Values
Lower Consecutive Offline Limit '9F14' Determined by issuer
Upper Consecutive Offline Limit '9F23' Determined by issuer
Lower Cumulative OfflineTransaction Amount
'CA' Determined by issuer
Upper Cumulative OfflineTransaction Amount
'CB' Determined by issuer
Application Control (PayPass) 'D7' 00 00 40
Card Issuer Action Code(PayPass)—Decline
'CF' 08 00 00
Card Issuer Action Code(PayPass)—Online
'CE' 00 F0 00, or 06 F0 00 for onlinepreferring card
©2010 MasterCard8-32 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
Data Element Name Tag Mandatory Values
Card Issuer Action Code(PayPass)—Default
'CD' 00 50 00
CDOL1 Related Data Length 'C7' 2B
CRM Country Code 'C8' Same value as Issuer Country Code
CRM Currency Code 'C9' Same value as Application CurrencyCode
Currency Conversion table 'D1' Determined by issuer (See note below)
Additional Check Table 'D3' Not used. Personalized withhexadecimal zeroes
NOTE
The currency code in each entry in the Currency Conversion table must be set to the same valueas the CRM Currency Code.
Secret Keys
The Triple DES keys listed below are derived from their corresponding issuermaster keys using a unique identifier from the card such as the PAN, and areoften referred to as diversified keys.
Table 8.49—Triple DES Keys
Data Element Name Tag Mandatory Values
ICC Dynamic Number MasterKey (MKIDN)
– Determined by issuer
AC Master Key (MKAC) – Determined by issuer
SM for Integrity Master Key(MKSMI)
– Determined by issuer
SM for Confidentiality MasterKey (MKSMC)
– Determined by issuer
ICC Derived Key for CVC3Generation (KDCVC3)
– Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-33
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
Table 8.50—RSA Keys
Data Element Name Tag Mandatory Values
Length of ICC Public KeyModulus
– Determined by issuer
ICC Private Key – Determined by issuer
Length of ICC PINEncipherment Public KeyModulus
– Determined by issuer
ICC PIN Encipherment PrivateKey
– Determined by issuer
Miscellaneous
Table 8.51—Miscellaneous Persistent Data Elements
Data Element Name Tag Mandatory Values
Key Derivation Index – Determined by issuer
Application Life Cycle Data '9F7E' Depending on the possible separationbetween the loading of the applicationcode and the personalization data on thehardware, only part of the ApplicationLife Cycle Data may be personalized.
Log Format '9F4F' The content of records in the Log ofTransactions
Static CVC3TRACK1 'DA' '0000'
Static CVC3TRACK2 'DB' '0000'
IVCVC3TRACK1 'DC' Determined by issuer (See notes A andB below)
IVCVC3TRACK2 'DD' Determined by issuer (See notes A andB below)
NOTE
A) MasterCard strongly recommends to use for IVCVC3TRACK1 the two least significant bytes of theresult of a MAC over the Track 1 Data as stored in Record 1, SFI 1. In the same way IVCVC3TRACK2should be the two least significant bytes of the result of a MAC calculated over the Track 2 Dataas stored in Record 1, SFI 1.
If the issuer intends to use MasterCard On-behalf Service for dynamic CVC3 verification, then forIVCVC3 generation the placeholders for the dynamic data in the discretionary data of Track 1 Dataand Track 2 Data, at the positions where the PayPass reader stores the ATC, UN, CVC3 and nUN, mustbe filled with zeroes (hexadecimal zeroes for Track 2 Data and ASCII zeroes ('30') for Track 1 Data).
©2010 MasterCard8-34 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)
Standard Profiles for PayPass
Profile 95: MasterCard/Debit MasterCard PayPass with CDA, online PIN preferred to signature
NOTE
B) MasterCard strongly recommends to use for IVCVC3 generation the ISO/IEC 9797-1 MACalgorithm 3 with DES block cipher and an initial vector of zero (8 bytes). If the issuer intends to useMasterCard On-behalf Service for dynamic CVC3 verification, then this algorithm must be used.
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 8-35
Appendix A Supplementary Data Elements per CardVersion
This appendix describes the supplementary data that you need to personalize in M/Chip 4 cards.Some data is specific to the version of the M/Chip specification that you are using.
Counter Limits and Previous Transaction.......................................................................................A-1
Counters and Data Elements with a Fixed Initial Value .................................................................A-1
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 A-i
Supplementary Data Elements per Card Version
Counter Limits and Previous Transaction
Counter Limits and Previous TransactionData Element Name Tag Recommended Values
Application Transaction Counter Limit 4E 20
Previous Transaction History 00 or 08
Bad Cryptogram Counter Limit 04 00
MAC in Script Counter Limit 0F (See note A below)
Global MAC in Script Counter Limit 00 4E 20 (See note A below)
AC Session Key Counter Limit 04 00 (See note B and C below)
SMI Session Key Counter Limit 04 00 (See note B below)
CFDC limit for Integrity Session Key 02 00 (See note A below)
CFDC limit for Confidentiality Session Key 02 00 (See note A below)
CFDC limit for AC Session Key 02 00 (See note A below)
NOTE
A) M/Chip 4 Version 1.1a only
NOTE
B) M/Chip 4 Version 1.1b only
NOTE
C) If a magnetic stripe grade profile is used for the contact interface or the card is being used forMasterCard Authentication Solutions for Chip, then the AC Session Key Counter Limit must be set tothe same value as the Application Transaction Counter Limit ('4E20').
Counters and Data Elements with a Fixed Initial ValueData Element Name Tag Recommended Values
Cumulative Offline Transaction Amount 00 00 00 00 00 00
Consecutive Offline Transactions Number 00
Script Counter '9F5F' 00
Log of The Current Transaction x (x=1...10 or more) 00…00
Application Transaction Counter '9F36' 0000
Global MAC in Script Counter 000000 (See note A)
AC Session Key Counter 0000 (See note B)
©2010 MasterCardM/Chip Card Personalization Standard Profiles (Including PayPass) • 19 February 2010 A-1
Supplementary Data Elements per Card Version
Counters and Data Elements with a Fixed Initial Value
Data Element Name Tag Recommended Values
SMI Session Key Counter 0000 (See note B)
Bad Cryptogram Counter 0000
Security Limits Status 'DF02' 00 (See note B)
NOTE
A) M/Chip 4 Version 1.1a only
NOTE
B) M/Chip 4 Version 1.1b only
©2010 MasterCardA-2 19 February 2010 • M/Chip Card Personalization Standard Profiles (Including PayPass)