The technology that lies behind EMV both contact and NFC transactions is to some extent a black box that just does what it does and when it doesn't quite do what is expected this can cause confusion and problems for the users and operators of the cards and terminals. To fully cover all of the areas is far too much for this short article, you only have to look at the size of the EMV books to understand that fully. Therefore the aim of this article is to explain the way some of the NFC technology works in a live environment.
In this article we will look at two sets of data elements and settings used in an NFC transaction. These are the CTQ (Card Transaction Qualifiers) and the TTQ (Terminal Transaction Qualifiers). As always we will use the short abbreviations, just to confuse the un-imitated, the CTQ and the TTQ.
CTQ (Card Transaction Qualifiers)
The CTQ on the card is set by the Card Issuer at the time of its issuance and determines what actions will take place at the Point of Sale (POS) when a transaction takes place. In this standard operating procedure across EMV the Card Issuer enforces his control at the POS based on the settings they code into the card and this is true of the CTQ as much as the other settings not being discussed.
CTQ Byte 1:
|8||True||Online PIN Required|
|6||True||Go Online if Offline Data Authentication Fails and Reader is online capable.|
|5||True||Switch Interface if Offline Data Authentication fails and Reader supports VIS.|
|4||True||Go Online if Application Expired.|
|3||True||Switch Interface for CashTransactions.|
|2||True||Switch Interface for Cashback Transactions|
CTQ Byte 2:
|8||True||Consumer Device CVMPerformed.Note: Bit 8 is not used by cards compliant with VISA specification, and is commonly set to False.|
|7||True||Card supports Issuer Update Processing at the POS.|
The CTQ controls, by the settings of the various bits, the following areas of a transaction:
- If the application has expired the setting of the CTQ will define whether the transactions will be sent online or will be declined immediately.
- If a cash transaction is being performed the CTQ defines whether the transaction should be switched to become a contact transaction n or is to be declined.
- If fDDA (authentication check) fails again the CTQ has three choices that it can send the transaction online, switch it to a contact transaction or decline it.
- When a CTQ is not returned by the card to the terminal and the reader needs a CVM (from its TTQ) the reader will decide on using a signature, an online Pin or to decline the transaction, in that order.
- When a CTQ is returned by the card to the reader it will decide on which CVM should or can be used in the order Online PIN or Signature.
The CTQ results are returned in both the authorisation and clearing messages and are part of the valuable source of data returned in every transaction. This data is of value to the card issuer as it helps define what is happening at the Point of Sale and can be used in the development of the way we work.
TTQ (Terminal Transaction Qualifiers)
The TTQ on the terminal can be set to a default or can be set by the Merchant / Acquirer to suit their terminal installation. However where used the CTQ will override the TTQ.
TTQ Byte 1:
|8||True||Contactless MSD supported|
|7||True||Contactless VSDC supported|
|6||True||Contactless qVSDC supported|
|5||True||EMV contact chip supported|
|3||True||Online PIN supported|
|1||True||Offline Data Authentication (ODA) for Online Authorizations supported.|
TTQ Byte 2:
|8||True||Online cryptogram required|
|6||True||(Contact Chip) Offline PIN supported|
TTQ Byte 3:
|8||True||Issuer Update Processing Supported|
|7||True||Mobile functionality supported (Consumer Device CVM)|
TTQ Byte 4: All RFU
The TTQ controls, by the settings of the various bits, the following areas of a transaction:
- The TTQ define if qVSDC and / or MSD are supported by the reader. Only those supported can be used in a transaction. qVSDC is the Visa c=EMV based NFC card whist MSD is the Visa Magnetic stripe Data NFC card. MasterCard have similar solutions.
- If the card is MSD only and supports Cryptogram Version No 17 and online cryptogram is required.
- It defines if the terminal supports Issuer Update and online capability.
- If qVSDC is used and the amount is zero the transaction must go online.
- For different types of transactions such as Purchase, Purchase with Cashback and Cash transactions the TTQ defines what is supported.
- In pre-processing the TTQ define if an NFC transaction is supported.
- If it is supported it defines what is required, Online Cryptogram, Value greater than CVM Limit then CVM required.
The TTQ values used and set during the transaction are transient, they are reported in the authorisation and clearing messages, but have no affect on subsequent transactions, unlike some settings in the contact side of EMV that do have an effect on subsequent transactions.
Basically between their settings the CTQ and The TTQ define how a transaction will react to any transaction taking place and they define what is required and how a transaction will be completed.
This is a very short description of how CTQ and TTQ work but I hope it helps to start lifting the lid on the black box we call EMV.