PBOC financial IC card, card and terminal interaction 13 Steps, Introduction-Group Three

VII: TERMINAL risk Management-required but includes optional steps
Exception file: The terminal checks whether the application master account is in the Exception file list (the card number blacklist).
Merchant forced Online: The merchant can force the current transaction to be online processing.
Minimum limit: The online authorization is required to control the current transaction amount of the transaction or the same card for several consecutive trades where the accumulated amount exceeds a certain value.
Random Trading Options: Control transactions based on the amount of the current transaction randomly determines whether the transaction is online authorized. (Optional support)
Frequency check: Requires a card to be traded online after a certain number of consecutive offline transactions.
New card check: Determine if the card is used for the first time.

6 x

"The terminal must have risk management capabilities, but the checks are optional. Terminals and cards provided by the terminal and the data can be a minimum limit check, transaction frequency check, new card inspection, terminal anomaly file check, merchant forced transaction online, random selection of online transactions and other ways to complete the transaction management.
where random trading options
Interpolation factor = (authorization amount-threshold)/(minimum-threshold)
Trade Target percent = ((maximum target percentage-target percentage) x interpolation factor) + target percentage
The terminal generates a random number between 1-99 if this random number is less than or equal to
The target percentage is randomly selected and the transaction is selected.
Frequency check
After the number of consecutive offline times has reached a certain number of times, the frequency check allows the issuing bank to
Online processing of transactions. In the frequency check processing, the terminal sends the data (GET)
Allows you to read the last online ATC register and ATC value in the card. The number of consecutive offline transactions is ATC
And the difference between the last online ATC register. 】

Eight: Terminal behavior analysis-required
The terminal behavior analysis consists of two steps : Checking transaction processing results (TVR, TAC, IAC) and requesting redaction.
The terminal applies the rules set by the issuing bank in the card and the receiving line in the terminal, and determines the results of the offline processing to determine whether the transaction can be approved offline, rejected offline, or online authorized.
Terminal data: Terminal verification result TVR, terminal behavior Code TAC (set by the collection line).
ICC data: Issuer line Code of conduct IAC (set by issuing bank).

"Terminal must have terminal behavior analysis function. Terminal behavior analysis determines how to continue trading (approve offline, offline deny, online authorization) based on offline data authentication, processing restrictions, cardholder verification, results of terminal risk management, and risk management parameters set up in terminals and cards. Set up a card rule in the Issuer Code (IACs) field that is sent by the card to the terminal, and set up a terminal rule in the Terminal Behavior Code (TACS). After deciding on the transaction processing, the terminal applies ciphertext to the card request. Different application secrets correspond to different transaction processing. 】

The terminal compares the bits in IAC and TAC with the terminal validation result (TVR). If TVR and IAC or
The corresponding bits in the TAC are set to "1" and the corresponding IAC or TAC is adopted.

The processing steps of the terminal are as follows:
Step 1: Terminal comparison iac-reject and TVR.
Step 2: The terminal makes a similar comparison to tac-rejection and TVR.
Step 3: If the terminal has online processing power (except for terminals that are only online), it should be compared with TVR using iac-online and tac-online.
Step 4: Use the iac--default and tac--defaults to compare with TVR if the terminal is an offline terminal only or when there is an online processing capability where the endpoint cannot be brought online for some reason.
Step 5: If the corresponding bit does not appear in the above comparison in the case of ' 1 ', then the terminal:
1. Place the authorization response code as ' Y1 ' (offline approval);
2. Set the P1 parameter of the Generate AC (Request for redaction) command to the Request Trade certificate (TC);
3. Apply the redaction step for the request.

Request ciphertext based on the results of the terminal behavior analysis:

The terminal is sent to the card through the GAC commands, the card performs the card behavior analysis, and generates the application ciphertext as a response to the GAC command.

IX: Card behavior Analysis-prerequisites but includes optional steps
The terminal's judgment on the outcome of the transaction is not final, and the result of the card's evaluation of the transaction, i.e. the card behavior analysis, is obtained through the Generate AC command.
Card behavior analysis allows the issuing bank to set up frequency checks and other risk management within the card.
The included checks are:
Last transaction behavior.
Whether the card is a new card.
Offline transaction count and cumulative offline amount.
After the card behavior analysis is finished, the card returns an application cipher to the terminal. AAC indicates a transaction rejection, ARQC represents a request for online authorization, and TC indicates offline approval.
Rules for card responses applying redaction types:

"The IC card can perform a risk management algorithm defined by the issuing bank to prevent the issuer from being cheated. When the card receives the application ciphertext request of the terminal, the card carries out the card risk management check to decide whether or not to change the transaction processing set by the terminal, the check may include: The previous unfinished online transaction, the previous transaction issuing bank certification failure or the offline data authentication failure, reached the limit of the number of transactions or the amount of money. When the check is complete, the card uses the app data and a cryptographic process key stored on the card to generate the application cipher. It then returns the cipher to the terminal. This step is performed within the IC card . 】

Go to: PBOC financial IC card, card and terminal interaction 13 Steps, Introduction-Group Three

PBOC financial IC card, card and terminal interaction 13 Steps, Introduction-Group Three