ISO Standard | ISO Protocols | Girmiti Software - 3 minutes read
The Girmiti team helps and works closely with our customers to understand the existing scope, current business scenarios, flows of the existing systems, to provide the consulting solutions to Build, Architect, Enhance Features, Design, Develop, Test, Automate, Deploy, UAT.
The card sequence number is critical to cryptogram validation. It may be carried in different fields within the authorization and clearing messages. For example, Field 23 carries the card sequence number in some implementations. When two or more cards are associated with a single account number, this field contains the number assigned to a specific card. Read more about ISO Standard
Off-line Chip Data Authentication
Validates the integrity of the chip itself and for genuineness of the issuerDDA - Dynamic Data Authentication
Utilizes chip data and dynamic transaction data for authentication. Below are the advantages:
- More secure
- Significantly minimizes counterfeit fraud
- For use by contact interface only
- Includes RSA cryptographic support on the chip Fast DDA (FDDA) – utilizes a predefined list of data elements for authentication, rather than using the Default Data Object List (DDOL) that is on the card and used for standard DDA signatures
- FDDA is quicker due to less data used in the signature created by the card and subsequently verified by the terminal.
- Mandated by Visa for use in contact-less and dual interface, If Off-line Data
- Authentication is used
CDA - Combined Data Authentication
Multiple iterations of DDA authentication methodology are utilized. Mandated by MasterCard for use in contact-less and dual interface, if Off-line Data Authentication is used.
SDA – Static Data Authentication
Utilizes only static elements from the chip for authentication
- Less secure than other options
- More prone to fall victim to counterfeit fraud
- No RSA cryptographic support on chip
- Least costly
- This option is not supported for all Card associations
In case of adaptation of ISO 20022 in Acquirer to Acquirer model, EPAS format of ISO 20022 would be one to use.
Field 55 is defined as a generic, flexible, variable length container that conforms to tag-length-value (TLV) encoding. Every data element carried in the field has a specific tag, followed by the length of the data and then the actual data. Each tag is defined by EMV or specified in the relevant payment brand specifications. The application cryptogram, the terminal unpredictable number, the transaction amount, issuer scripts, and the form factor indicator are typical of the types of data passed in this field.
Girmiti also has relevant experience to help the customers and partners to have the Solutions certified by Card Payment Schemes/PNOs, processors with respect to their business segments.