Bangladesh Bank

TakaPay Terminal
Specification

Version: 1.0_Draft

Date: 2024/01/31

Protected: Distribution to TakaPay Members only C3-1

 Table of Contents
Document control 4

Introduction 5

Chapter 1 Terminal Application Overview 6

Chapter 2 Transactions and minimum requirement 21

Chapter 3 Card Interaction 22

Chapter 4 Application/Kernel Selection 28

Chapter 5 Initiate Application processing 34

Chapter 6 Read Application Data 36

Chapter 7 Offline data authentication 38

Chapter 8 Processing restrictions 39

Chapter 9 Cardholder verification 40

Chapter 10 Terminal Risk Management 42

Chapter 11 Terminal action analysis 43

Chapter 12 Card Action Analysis 45

Chapter 13 Online processing 46

Chapter 14 Issuer to card script processing 47

Chapter 15 Completion 48

Chapter 16 Fallback Transaction 50

Chapter 17 Transaction processing 51

Chapter 18 Transaction completion 54

Appendix A Configuration parameters 55

Protected: Distribution to TakaPay Members only C3-2

Copyright, confidentiality and disclaimer

Copyright in this document belongs to Bangladesh Bank (here after referred as BB).

This document contains the latest information available at the time of publication. However, BB reserves
the right to modify the information described herein at any time, with or without published notification. BB
does not warrant the accuracy of the information contained in this document and BB has no liability for
any reliance by any party on the information contained in this document or for any direct or indirect,
special, consequential losses or punitive damages under any cause of action, whether in contract, tort,
under indemnity or statute (including for loss of data, loss of reputation, loss of business opportunity or
loss of anticipated savings) in connection with this document.

All information contained herein is confidential and proprietary to BB. No part of this document may be
reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying,
recording or information retrieval systems, except where expressly permitted by BB.

Written and published by BB

Protected: Distribution to TakaPay Members only C3-3

Document control

Amendment history

Version Date Amende Comments

1.0 31 January Fime Initial draft

2024

Acknowledgement

Bangladesh bank gratefully acknowledges the contributions of participants across the industry, from
within TakaPay, within its Membership, and from within its vendors, in the creation and ongoing
development of this document.

Protected: Distribution to TakaPay Members only C3-4

Introduction

This document defines Taka Pay EMV based specification for Contactless Terminals, which will be used
for supporting standard payments as well as low value payment segments such as transit, loyalty, parking,
toll etc.

Reference

Reference Title Version

EMV. Integrated Circuit Card Specifications for
[EMV-1] Version 4.4
Payment Systems. Book 1
EMV. Integrated Circuit Card Specifications for
[EMV-2] Version 4.4
Payment Systems. Book 2
EMV. Integrated Circuit Card Specifications for
[EMV-3] Version 4.4.
Payment Systems. Book 3
EMV. Integrated Circuit Card Specifications for
[EMV-4] Version 4.4.
Payment Systems. Book 4
EMV Contactless Specifications for Payment Systems
[EMV-A] Version 2.10
Book A
EMV Contactless Specifications for Payment Systems
[EMV-B] Version 2.10
Book B
EMV Level 1 Specifications for Payment Systems -
[EMV-D] Version 3.1
EMV Contactless Specifications
PURE contactless reader Specifications for PURE
[PURE-CLT] Version 2.1.8
Dual-Interface cards and Mobile PURE (THALES)
Table 1: Reference document

Protected: Distribution to TakaPay Members only C3-5

Chapter 1 Terminal Application Overview

1.1. Type of Terminals supported

Terminal means any POS Terminal or ATM supporting TakaPay applications Terminals can be
categorized according to the following features:

Environment: Attended or unattended

✓ Nature: POS (road toll gates, metro AFC gates), Tap-to-Phone, ATM, Kiosk
✓ Communication means: Online or offline
✓ Interface supported: contact or contactless
✓ PIN entry capacity: Equipped or not with a PIN pad

Feature

An attendant (an agent of the merchant or of the acquirer) is present at

Attended the point of transaction and participates in the transaction by entering
transaction-related data. The transaction occurs ‘face to face’.
The cardholder conducts the transaction at the point of transaction
Unattended without the participation of an attendant (agent of the merchant or of
the acquirer). The transaction does not occur ‘face to face’.
The transaction can normally only be approved in real time by
Online only
transmission of an authorization request message.
Offline with Depending upon transaction characteristics, the transaction can be
online completed offline by the terminal or online in real time. It is equivalent
capability to ‘Online with offline capability’, ‘Offline capable’ and ‘Online capable’.
Table 2: Terminal Type

The terminals covered in this document are:

• Contact only or Contact/Contactless attended and unattended POS terminals directly connected
to switch,
• Contact only or contact/contactless unattended ATM terminals directly connected to switch

Protected: Distribution to TakaPay Members only C3-6

 1.2. Architecture
The TakaPay terminal system architecture as described in the diagram below is defined on a logical
level. Figure 2 is provided for illustrative purposes only and does not require any specific terminal
hardware or software.

Figure 1: TakaPay Terminal System Architecture

An TakaPay Chip-enabled terminal must include:

✓ Terminal Application software in charge of the interface with merchant, with the cardholder and
with the Acquirer network,
✓ The EMV Level 1 Chip contact reader, EMV Level 1 Chip contactless reader or both;
✓ The EMV Level 2 Contact Application kernel, the TakaPay Contactless kernel or both;
✓ The TakaPay Chip and Contactless terminal application and configuration parameters,
✓ and support for both TakaPay AID (A0000009101010) and as well as partial name selection

Rule 1 If contact Interface is enable, the Terminal and ICC communication shall be
compliant to the contact communication protocol as specified in [EMV Book
1]
Rule 2 If Contactless Interface is enable, the TakaPay Chip contactless reader shall
be compliant to the contactless communication protocol as specified in [EMV
contactless protocol Book D].
Rule 3 The Contact kernel module must be compliant with the EMV Book 1- 4
specifications
Rule 4 The Contactless kernel module must be compliant with the PURE
Contactless kernel specifications and EMV Book B. The options that must be
supported are defined in chapter 1.5 Contactless reader Configuration .

This specification describes full Chip processing between the TakaPay Chip contact terminal and
TakaPay Chip contactless cards where the terminal must be capable of providing chip data to the

Protected: Distribution to TakaPay Members only C3-7

payment/Acquirer host. When a contactless reader is supported, the specifications also describe
processing of the data and outcomes provided by the PURE Contactless kernel.

1.3. Terminal application overview

The terminal application can be divided into three main functional blocks, as illustrated in Figure 2
below.

Figure 2: Terminal Application Overview

This is based on the figure in EMV Book A, (section 5.3) and extends the concepts to the EMV contact
kernel and the mag stripe kernel. This figure is for illustrative purposes only.

Based on an external event or action, the terminal starts the payment application and will initiate the
transaction.

Transaction processing is responsible for validating and processing all the data and the outcomes from
the card interaction layer. This function will perform the online processing and restart a card interaction
process if necessary. This function completes the transaction and will control the transaction
parameters for each kernel.

The Card interaction is responsible for activating and deactivating the kernel and handles the
communication and interaction with cards.

Protected: Distribution to TakaPay Members only C3-8

 1.4. Contact Terminal Configuration

When processing an TakaPay Chip contact transaction the TakaPay Chip device must, at a minimum,
support the following:

• EMVCo Common Core Definition (CCD) Compliant device

• Application selection using PSE
• Partial application selection

The TakaPay Chip device must support the AID: A0000009101010

In addition, the following data elements must be set in the TakaPay Chip device:

• Application Version Number – 0001

• Terminal Action Codes (TACs) (Refer to Annex A)

The table below will list the minimum features which must be supported to process an TakaPay Chip
contact transaction.

Functionality
• Application Interchange Profile Mandatory
Initiate Application (AIP – Tag ‘82’) As specified in [EMV Book 3] section
Processing • Application File Locator 10.1
(AFL – Tag ‘94’)
Mandatory

Read Application Data As specified in [EMV Book 3] section

10.2

Mandatory

As specified in [EMV Book 3] section

10.3

Offline Data Cryptographic validation as specified

Authentication in [EMV Book 2] section 6

• SDA • Optional
• DDA • Optional
• CDA • Optional
Mandatory

Processing Restrictions As specified in [EMV Book 3] section

10.4

Protected: Distribution to TakaPay Members only C3-9

Functionality
• Application Version Number (AVN) • Mandatory
• Application Usage Control (AUC) • Mandatory
• Effective Date • Mandatory
• Expiration Date • Mandatory
Mandatory

As specified in [EMV Book 3] section

10.5
Cardholder Verification
• Online PIN • Mandatory
• Enciphered Offline PIN • Mandatory
• Other CVMs as specified in [EMV • Optional
Book 4] annex A2.
Mandatory

As specified in [EMV Book 3] section

Terminal Risk 10.6
Management (TRM)
• Terminal Floor Limit • Mandatory
• Random Transaction Selection • Optional
• Velocity checking • Optional
Mandatory
Terminal Action Analysis As specified in [EMV Book 3] section
10.7
Mandatory
Card Action Analysis As specified in [EMV Book 3] section
10.8
Mandatory
Online Processing As specified in [EMV Book 3] section
10.9
Issuer to Card Script Mandatory
As specified in [EMV Book 3] section
processing
10.10
Mandatory
Completion As specified in [EMV Book 3] section
10.11
Table 3: Contact Kernel minimum features

Protected: Distribution to TakaPay Members only C3-10

 1.5. Contactless Reader Configuration

For each supported combination {AID; Kernel Id}, the terminal shall have EP Configuration
Data and Kernel Configuration Data.

1. Entry Point Configuration Data

For each supported type of transaction, a set of static data for Entry Point processing. The
value of this data is persistent and represents transactional configuration information, such as
contactless limits and CVM limits. Exceptional updates happen outside of transaction
processing.

Table 2-7 defines the available data set for each Combination. All configured data sets will be
available for Entry Point processing. All elements defined in Table 4 are optional and may be
omitted from a specific instance of a combination.

Feature

Terminal Floor Limit (Tag '9F1B'), if present

Reader CVM Required Limit,
Reader Contactless Transaction Limit
Reader Contactless Floor Limit
Table 4: Entry Point Configuration Data

The setting of these tags will be detailed in annex B

2. Kernel Configuration Data

For each supported Type of Transaction a set of static Data for Kernel configuration.

The value of this data is persistent from one transaction to the next and represents
configuration information such as the mode (EMV / mag stripe), CVM support, online/offline
capabilities, and the RID-specific CA public key dataset. Updates of these values are
exceptional and always occur outside of transaction processing. Details of the data that must
be configured for each kernel can be found in the corresponding kernel specifications.
Requirements related to these data are specified in section Kernel Configuration Data.

Kernel Configuration Data

Several implementation options are available in the PURE Contactless reader specifications
(reference [PURE-CLT]). This section details the options that a Terminal Vendor must support.
It provides also recommendations related to the additional options that may be required in the
future.

Protected: Distribution to TakaPay Members only C3-11


PURE Kernel Option
Implementation option 1:
Retrieval of data element
values stored in EEPROM
memory slot
(option IO_Option1)
Implementation option 2:
Update of data element
values stored in EEPROM
memory slot
(option IO_Option2)
Implementation option 3:
terminal supporting only
fixed Amount transaction
(option IO_Option3)
Implementation option 4:
Application Authentication
Transaction support
(option IO_Option4)
Implementation option 5:
Capacity to restrict list of
supported applications
(option IO_Option5)
Implementation option 6:
long tap
(option IO_Option6)
Implementation option 7:
online additional tap
(option IO_Option7)
Implementation option 8:
ECHO command support
(option IO_Option8)
Support of DDA
(option AC_DDA)
Support of SDA
(option AC_SDA)
Support of CDA
(option AC_CDA)
Capacity to perform
Offline CAM regardless the
decision of the nature
(online / offline) of the
transaction
(option AC_OfflineCAM)
Recommendations
Comment
for Pakapay brand
This option may be useful if the
terminal application supports also non-
Not required
payment application requiring the
storage of information inside the chip
This option may be useful if the
terminal application supports also non-
Not required
payment application requiring the
storage of information inside the chip
This option may be useful for one
machine selling goods at one single
Not required
price (no need to re-do preliminary
processing for each payment)
This option may be useful if the
terminal application needing only to Not required
authenticate the card
This option may be useful when the
acquirer wants that the terminal
Not required
support only applications which AID
begin with a specific value.
This option may be required in the
future if contactless-only form factor Not required
with offline capacity, are issued.
This option may be required in the
future if contactless-only form factor Not required
with offline capacity, are issued.
This option may be required by future
Not required
Stored Value applications.
This option is required only when the
kernel supports the implementation Not required
option n° 4
Not required Not required
Mandatory option Required
Transit terminal requires it. Mandatory
Protected: Distribution to TakaPay Members only C3-12
 Recommendations
PURE Kernel Option Comment
for Pakapay brand
Capacity to switch to
Conditional option: It shall be
contact interface when the
supported when the POS Terminal is
terminal support both
contact capable. Off course when the Configurable
contactless interface and
POS Terminal is Contactless only then
contact interface
it shall not be supported.
(option AC_Contact)
Card Balance Retrieval Useful for Offline capable prepaid
Not required
(option AC_Balance) product
Option to stop the
transaction when the card
preliminary decision is to Not required Not required
decline the transaction
(option AC_Decline)
Support of terminal
checks during transaction
processing (expiration date
Mandatory option Mandatory
check, application usage
check...)
(option AC_TRM)
Support of cardholder
verification using the EMV
This option is required for the support
defined method based on Mandatory
of High Value Payment transactions.
CVM List
(option AC_CVM)
Online PIN support
Mandatory option Mandatory
(option AC_OnlinePIN)
Signature support
Mandatory option Mandatory
(option AC_Signature)
Support of Confirmation
This option is not used by dual-
Code checked using Mobile
interface cards but is required for Mandatory
handset
Mobile NFC based Payment means.
(option AC_CC_Tap)
Table 5 - TakaPay Contactless Kernel options

Rule 5 A contactless enabled terminal must support a PURE contactless

kernel compliant with the PURE contactless kernel specifications
(reference [PURE-CLT]).
Rule 6 The PURE contactless reader/kernel must support all the options
listed as “required” or “mandatory” in the Table 5 – PURE Contactless
Reader/Kernel implementation options.
Rule 7 The PURE contactless reader/kernel should be capable to support all
the options listed as “configurable” in the Table 5 – PURE Contactless
Reader/Kernel implementation options.

Protected: Distribution to TakaPay Members only C3-13

Thus the TakaPay Contactless POS implementation Options and Kernel Capabilities should be
configured as follows:
Byte Bit Contactless POS Implementation Options Value
Implementation option 1: Retrieval of data element values
stored in EEPROM using GET DATA command
8 0
0= Implementation option 1 is either not supported or not
selected by the Acquirer
Implementation option 2: Update of data element values
stored in EEPROM data slots using PUT DATA command
7 (no secure messaging) 0
0= Implementation option 2 is either not supported or not
selected by the Acquirer
Implementation option 3: terminal supporting only fixed
Amount transaction7
1 = Implementation option 3 is supported meaning the POS
6 terminal has a fixed amount (POS for vending machine, POS 0
for transit…)
0= Implementation option 3 is not selected by the Acquirer
(Generic POS)
1 Implementation option 4: Application Authentication
Transaction support
5 0
0= Implementation option 4 is either not supported or not
selected by the Acquirer.
Implementation option 5: Capacity to restrict list of
supported applications
4 0
0 = Implementation option 5 is no supported and not selected
by the Acquirer
Implementation option 6: Long Tap support
3 0= Implementation option 6 is either not supported or not 0
selected by the Acquirer
Implementation option 7: Online Additional Tap support
2 0= Implementation option 7 is either not supported or not 0
selected by the Acquirer
Implementation option 8: ECHO command support
1 0= Implementation option 8 is either not supported or not 0
selected by the Acquirer
Table 6 - Contactless POS Implementation Options

The TakaPay POS must support a parameter for declaration of the options selected by the Acquirer for
the AID supported. This parameter is the “Contactless Application Capabilities” parameter defined below.

Both the contactless reader and the contactless kernel are using this parameter. It may be either shared
by both POS modules or duplicated in each module

This parameter has two distinct names:

• Contactless Application Capabilities is the name of the parameter when it is used by the contactless
reader
• Contactless Kernel Capabilities is the name of the parameter when it is used by the contactless kernel

Protected: Distribution to TakaPay Members only C3-14

Byte Bit Contactless Kernel Capabilities Value
8-7 RFU 00
EMV contactless Mode support: (AC_Mode)
6 1
1 = EMV contactless mode supported
EMV contact transaction support : (AC_Contact)
5 1 = EMV contact transaction supported 0/1
0 = EMV contact transaction not supported
Terminal capability to process a contactless transaction
1
4 online (AC_Offline) 0
0 = Online capable reader .
Online PIN support (AC_OnlinePIN)
3 0
1= Online-PIN supported
Signature support (AC_Signature)
2 1
1= Signature supported
1 RFU 0
‘26’ or
‘36’
2 8-1 RFU (00000000) ‘00’
Support of additional tap for Issuer Response communication
8 (AC_Online_Tap, IO_Option7) 0
0= terminal does not support this option
Terminal capability: Support of Consumer Device CVM
checking (AC_CC_Tap)
7 1
1= terminal supports the Confirmation Code as a possible
CVM
3 Support of torn transaction recovery using ECHO command
6 (AC_ECHO, IO_Option8) 0= terminal does not support 0
this option
Support of long tap for Issuer Response communication
5 (AC_Long_Tap, IO_Option6) 0= terminal does not support 0
this option
4-1 RFU (0000) 0000
‘40’
8 RFU (0) 0
Application Authentication Transaction support
(AC_Auth_Appli, IO_Option4)
7 0
0= Application Authentication Transaction support is not
4 selected by the Acquirer
6-5 RFU 00
Retrieval of card Balance and CRM Currency Code
4 0
supported (AC_Balance)

Protected: Distribution to TakaPay Members only C3-15

 Byte Bit Contactless Kernel Capabilities Value
3 RFU 0
Stop transaction at GET PROCESSING OPTIONS command
2 level if CCID indicates that the transaction is declined 1
(AC_Decline)
Offline CAM checking requirements (AC_OfflineCAM)
1 1= Offline CAM required in all circumstances (transaction 1
approved, declined or processed online)
‘03’
Terminal Interchange Profile (TIP)
Reliability of TIP byte value in TTPI (AC_Reliab)
8 1
(always 1 “Reliable information”)
SDA support (AC_SDA)
7 1= SDA is supported 0
0= SDA is not supported
DDA support AC_DDA)
6 1= DDA is supported 0
0= DDA is not supported
Cardholder verification method supported by the terminal
(AC_CVM)
5 5 1
1= Terminal supports cardholder verification using EMV-
defined method based on CVM List
Support of the EMV contact defined Processing Restriction
checks and Terminal Risk Management checks (AC_TRM)
4 1= Terminal supports terminal checks (Processing restriction 1
and terminal risk management) in addition to contactless
reader Pre-processing checks
3-2 RFU (00) 00
CDA support (AC_CDA)
1 1
1= CDA is supported
‘99’
Kernel Capabilities Value ‘26 00 40
03 99’ or
’36 00 40
03 99’
Table 7: Contactless POS Implementation Options

The Terminal Transaction Processing Information (TTPI), tag ‘C7’, is a PURE kernel internal, transaction-
dynamic parameter for giving terminal transaction processing information to the card (so the card can
determine the terminal capabilities and status). It includes:

• Some (static) information copied from the Contactless Application/Kernel Capabilities, and
• Some (dynamic) transaction indicators from the result of the Pre-Processing function

Protected: Distribution to TakaPay Members only C3-16

The Terminal Transaction Processing Information (TTPI) is normally a parameter initialized by the PURE
kernel and it does not need to be defined or configured.

If it is not the case, its value has to be initialized using PURE Contactless Application/Kernel
Capabilities Options value and the result of the pre-processing checks.

Byte Bit TTPI bit meaning and category Value

8-7 RFU 00
Contactless Application/Kernel
6 EMV contactless Mode support: Capability Byte 1 value
(AC_Mode)
Contactless Application/Kernel
5 EMV contact transaction support Capability Byte 1 value
(AC_Contact)
Contactless Application/Kernel
Terminal capability to process a
1 4 Capability Byte 1 value
transaction online
(AC_Offline)
Contactless Application/Kernel
3 Online PIN support Capability Byte 1 value
(AC_OnlinePIN)
Contactless Application/Kernel
2 Signature support Capability Byte 1 value
(AC_Signature)
1 RFU 0
Value of “Reader Contactless
Initial terminal request related to Floor Limit Exceeded”
8
transaction completion Contactless Pre-Processing
Indicator
Value of “CVM Required Limit
Terminal request related to cardholder
7 Exceeded” Contactless Pre-
verification
Processing Indicator
Value of “Status Check
Single unit of currency (Status Check) Requested” Contactless Pre-
6
Check result Processing Indicator (‘0’ if not
2 supported)
Value of “Zero Amount”
5 Zero Amount Check result Contactless Pre-Processing
Indicator (‘0’ if not supported)
4 RFU (0) 0
Contactless Application/Kernel
Terminal requirement related to offline
2 Capability Byte 4 value
CAM
(AC_OfflineCAM)
1 RFU (0) 0

Protected: Distribution to TakaPay Members only C3-17

Byte Bit TTPI bit meaning and category Value
Contactless Application/Kernel
Support of additional tap for Issuer
8 Capability Byte 3 value
Response communication
(AC_Online_Tap)
7 Contactless Application/Kernel
Support of Consumer Device CVM
Capability Byte 3 value
3 checking as a possible CVM method
(AC_CC_Tap)
6 Contactless Application/Kernel
Support of torn transaction recovery
Capability Byte 3 value
using ECHO command
(AC_ECHO)
5-1 RFU (000000) 000000

4 8 -1 RFU (00000000) 00000000

Terminal Interchange Profile (TIP)

Contactless Application/Kernel
8 Reliability of TIP byte value in TTPI Capability Byte 5 value
(AC_Reliab)
Contactless Application/Kernel
7 SDA support Capability Byte 5 value
(AC_SDA)
If implementation 4 is supported,
DDA support Contactless Application/Kernel
6 1= DDA is supported Capability Byte 5 value
0= DDA is not supported (AC_DDA)
5 In the other cases, 0
Contactless Application/Kernel
Cardholder verification method
5 Capability Byte 5 value
supported by the terminal
(AC_CVM)
Contactless Application/Kernel
Support of complementary terminal
4 Capability Byte 5 value
checks and terminal action analysis
(AC_TRM)
3-2 RFU (00) 00
Contactless Application/Kernel
1 CDA support Capability Byte 5 value
(AC_CDA)
Table 8: TTPI Initial Value

Protected: Distribution to TakaPay Members only C3-18

 1.6. PIN Entry Device

Terminals with PIN entry devices accepting TakaPay Chip and Contactless cards must be Payment
Card Industry PIN Transaction Security standards (PCI-PTS) approved. PIN security and encryption shall
comply with AS2805 parts 3 and 5.4.

As per PCI-PTS requirements, Terminals without PIN entry devices are required to comply with subsets
in PCI-PTS standards like SRED, Open Protocols Module and etc. Therefore, Terminals without PIN
entry devices shall also be PCI-PTS approved.

1.7. Receipt requirement

The TakaPay Chip device must provide the following information:

Rule 8 At a minimum, for all types of TakaPay transaction (contact and

contactless transactions), the receipt should contain the following
information:
✓ Masked PAN Card number
Full PAN Card number for merchant receipt,
Masked PAN Card number for cardholder receipt.
✓ Authorization Identification Response for transactions
approved online
✓ Card network name (i.e. “TakaPay”)
✓ Merchant name and location
✓ Transaction amount and transaction currency symbol
✓ Terminal country code
✓ Transaction date and time
✓ Transaction type (Purchase, Refund, etc.)
✓ AID of the application selected as required by EMV
✓ Label of the application selected:
o Application Preferred Name, Tag ‘9F12’, if present in
the card and if character set indicated in the Tag ‘9F11’
in the card is supported by the Terminal
o Otherwise: Application Label, Tag ‘50’ in the card

Rule 9 At the end of a contact or contactless transaction, the merchant’s copy

of the terminal receipt shall contain other chip-related data to allow the
recovering of the whole transaction data:

Retrieved from the Card

✓ PAN Sequence Number (Tag ‘5F34’)
✓ Issuer Application Data (Tag ‘9F10’)
✓ Application Transaction Counter (Tag ‘9F36’)
Generated by the terminal :
✓ Terminal Verification Results (Tag ‘95’)

Protected: Distribution to TakaPay Members only C3-19

 ✓ Unpredictable number (Tag ‘9F37’)

1.8. Security Requirement

Certificate Authority Public Key management

Acquirers shall ensure that all deployed BB Chip-compliant devices are loaded with the latest BB
Certificate Authority Public Key (CAPK) to ensure that the card-signed data is authenticated
appropriately. Revoked BB CAPKs as well as BB test CAPKs must not be present in production BB
Chip devices. It is recommended that deployed BB Chip-compliant devices can remotely update and
remove CAPKs.

Card Data

Storage of card data (e.g. PAN, expiry date, and cardholder name) must be PCI-DSS compliant.
To ensure transaction data security, TakaPay terminals must be PCI-approved.

Protected: Distribution to TakaPay Members only C3-20

Chapter 2 Transactions and minimum requirement

Refer to the below table for transaction types and entry modes supported by POS and ATM terminals.

POS ATM Point of Service Entry Mode

Transaction type
With PIN With Out PIN With PIN

Not Contact
Purchase M M
Applicable Contactless

Not Contact
Refund M M
Applicable Contactless
Not Contact
Pre-Authorization M M
Applicable Contactless
Not Not
Cash Withdrawal M Contact
Applicable Applicable
Not Contact
Cash Advance M M
Applicable Contactless
Not Not
Cash deposit M Contact
Applicable Applicable
For POS : Contact
Bill Payment M M M Contactless
For ATM: Contact only
Not Not
Funds Transfer M Contact
Applicable Applicable
Not Not
Balance Inquiry M Contact
Applicable Applicable
Not Not
Mini statement M Contact
Applicable Applicable
Table 9: Transaction Types

Protected: Distribution to TakaPay Members only C3-21

Chapter 3 Card Interaction

This section describes Overview, Events processing, Pre-processing, Interface selection (Card is
inserted/swiped and present, Manually entered card data)

3.1. Overview

Card interaction covers the following items:

• Selection of the interface

• Selection of the application and the kernel
• Preparation of all data required by the kernel and the card to process the transaction
• Activation of the kernel
• Reading the card data and exchanging data with the kernel and the card
• Handling the outcome.

This function consolidates all processes related to the exchange of data with the card, irrespective of the
chosen interface. It oversees Card Interaction processing, which is responsible for handling the data
necessary for cards to execute transactions:

• Terminal configuration data (e.g. Country Code, Merchant ID, Acquirer ID),
• Term app profile (e.g. TACs,),
• Transaction data (e.g. Amounts, Transaction Type, date, time),
• Kernel data (e.g. UN)

3.2. Pre-processing

This function is the initial step executed when the terminal application initiates a transaction, constituting
the primary process in Card Interaction. It is performed to commence a new transaction or when an
Outcome. Start is A. The transaction is identified as a Purchase, Refund, withdrawal, cash, cash advance
and Deposit.

Pre-processing is used to perform preliminary checks before the card is docked or presented. In addition
to [EMV Book B] section 3.1 when Contactless is supported, the function checks the Amounts value
received.

Protected: Distribution to TakaPay Members only C3-22

 Figure 3: Pre-Processing flow

If the function is successfully performed, then the terminal will perform the next function, Interface
Selection.

Protected: Distribution to TakaPay Members only C3-23

If errors occur (e.g. time-out, required data not entered), the transaction is aborted.

The TakaPay terminal application must initialize transaction data with the values as detailed in below.

Transaction description Amount, Authorised (Tag 9F02) Amount, Other (Tag 9F03)
Purchase Goods value Zero
Refund Refund value Zero

In Contactless, the terminal/reader shall pre-process the transaction as defined in [EMV Entry Point
Book B] section 3.1, i.e. preparation of the parameters for all combinations supported in the terminal
AID list.

3.3. Interface selection

This function is employed to designate the interface for reading card data If contact interface is not
supported when contact protocol not enable or not implemented, the terminal shall activate contactless
protocol. .

The cardholder is prompted to insert if not already done. If contactless mode is both supported and
permitted for the selected combinations, the function will activate the chip contactless protocol, as
specified in [EMV Book B] section 3.3. Additionally, the terminal application initializes the Number of
remaining chip reads to “2”, as indicated below.

Protected: Distribution to TakaPay Members only C3-24

Figure 4: Interface Selection flow – Part 1

Protected: Distribution to TakaPay Members only C3-25

 Figure 5: Interface Selection flow – Part 2

If the contactless reader has not been used, then the contactless interface must be deactivated.

During this processing the following types of errors may occur:

• Card not inserted, not presented; data not entered (time-out);

• Card removed during chip processing;
• Chip error;

Protected: Distribution to TakaPay Members only C3-26

 • Missing data;

If one of these errors occurs the terminal shall abort the transaction and be in the State ‘Idle’.

Card is presented

The terminal application must perform Protocol Activation as specified in [EMV Book B] Section 3.2 and
[EMV Book D] (i.e. anti-collision is checked).

The terminal should initialise the data as described below

Data element Value

Interface Set interface indicator to Contactless

Card is inserted

The terminal application must perform Protocol Activation as specified in [EMV Book 1].
The terminal should initialize the data as described below:

Data element Value

Interface Set interface indicator to Contact

Protected: Distribution to TakaPay Members only C3-27

 Chapter 4 Application/Kernel Selection

TakaPay terminal shall support EMV contact interface and contactless interface.

Depending on the terminal interface selected, different mechanisms are used to select the card
application, the kernel, and initialize the processing parameters associated with the terminal application
profile. At the end of this processing the card application and the kernel are known.

Figure 6: Application/kernel Selection

If the process is successful, then the terminal is in the state “Selected”.

During this processing the following types of errors may occur

• Card blocked;
• Candidate list empty;
• Card read error;
• Missing data;
• Data error (mandatory data is missing).

TakaPay contact terminal shall perform Application Selection as defined in section 12 of [EMV-1].
TakaPay contact terminal could optionally support PSE.

TakaPay contactless terminal performs Application Selection as defined in [PURE-CLT].

The terminal must be loaded with TakaPay Application Identifier (AID) - A0000009101010

Protected: Distribution to TakaPay Members only C3-28

 4.1. EMV Contact Application Selection

Upon the identification of a contact card insertion into the terminal reader, the terminal payment
application is mandated to initiate a call to the EMV Contact Level 2 kernel. The primary responsibility of
this kernel is to execute Application Selection as defined in [EMV Book 1] section 12, thereby facilitating
the appropriate processing of the inserted contact card.

In this transaction step, the application that will be used to perform the payment transaction (e.g., a credit
or debit application) is chosen. This is determined by analyzing the applications that are supported by
both the chip card and the terminal, and, if there are multiple applications, identifying their priority. This
step results in either a single application being chosen or in transaction termination.

Protected: Distribution to TakaPay Members only C3-29

Protected: Distribution to TakaPay Members only C3-30
 Figure 7: EMV Contact Application Selection Flow

4.2. Contactless Application Selection

Upon detecting a contactless card being tapped on the reader, the responsibility for executing Application
Selection lies with either the terminal payment application or the Entry Point. This process aligns with the
guidelines outlined in [EMV Book B] section 3.3.

At the very least, TakaPay Chip contactless terminal is required to provide support for partial selection,
as mandated by CCD requirements.

The contactless reader has to process the transaction using the kernel associated to the application
selected.

If the kernel requests the contactless reader to select the next application available in the application
candidate list, the application previously selected is removed from the Application Candidate List and the
terminal has to process with the updated Application Candidate List

Protected: Distribution to TakaPay Members only C3-31

Protected: Distribution to TakaPay Members only C3-32
Figure 8: Contactless Application Selection Flow

Protected: Distribution to TakaPay Members only C3-33

Chapter 5 Initiate Application processing

This Section indicates to the Card that processing of the transaction starts with this step. This step is
performed as described in [EMV4.3iii] Section 10.1 and in contactless as defined in [PURE-CLT]
section 9.2.6.

Upon selecting the application of interest, the terminal is required to initiate the transaction with the GET
PROCESSING OPTIONS command, as per the table below. The application counter (ATC) should be
incremented at the start of each transaction.

The constructed data object returned as a response to the GET PROCESSING OPTIONS command will
have a tag of '77' (i.e., Format 2) and will include the AIP (Tag 82), which indicates the functionality
supported by the card, and the AFL (Tag 94), which indicates the location of the application data.

The content in the GPO response varies depending on the type of interface, the Card and Terminal
capabilities.

If the card returns SW1SW2 = 9000, the GET PROCESSING OPTIONS command was successful, and
the terminal may proceed to the Read Application Data step. If the card returns any other values, the
transaction cannot be performed with this application. In such cases, the terminal must exclude the
current application and return to the Application Selection step to select the next application (AID) in the
candidate list.

Protected: Distribution to TakaPay Members only C3-34

Figure 9: Initiate Application Processing Flow

Protected: Distribution to TakaPay Members only C3-35

Chapter 6 Read Application Data

This section explains how Terminal obtains the necessary data from a card to complete a transaction
using the READ RECORD command. When the GET PROCESSING OPTIONS command is sent, the
card returns an AFL (Application File Locator) list, which specifies the files and records that will be used
in the transaction processing.

The READ RECORD processing requirements for the contact interface are defined in [EMV4.3iii]
Section 10.2 and for contactless, it shall also compliance with [PURE-CLT] section 9.2.7.

Optionally, the terminal can send GET DATA Command to retrieve card proprietary data. The
processing of this data is out of scope of this specification.

Protected: Distribution to TakaPay Members only C3-36

 Figure 10: Read Application Data Flow

Protected: Distribution to TakaPay Members only C3-37

Chapter 7 Offline data authentication

This section provides a clear description of Offline Data Authentication (ODA), which is an essential
transaction step that a terminal uses to authenticate the card and ensure the integrity of the application
data provided by the card
The Offline Data Authentication shall be performed by the EMV Contact kernel as defined in [EMV
Book 3] section 10.3. and in contactless as defined in [PURE-CLT] section 9.2.9.

The terminal uses information obtained during Read Application Data to confirm that the chip card has
not been altered since its personalization, and that the data on the chip card was created by the authentic
issuer.

This validation is performed using three types of RSA keys: the Certificate Authority Public Keys (CA
PKs), the Issuer Public Keys, and the ICC Public Keys. The CA PKs are created by the Certificate
Authority and stored in the terminal, while the Issuer Public Keys and ICC Public Keys are generated by
the Issuer and placed on the chip card during personalization.

The results of Offline Data Authentication are stored in the Terminal Verification Results (TVR) for use
later in the transaction. This step is crucial to ensure the safety and security of the transaction, and it
should not be overlooked.

Only CDA will be supported and in contactless mode.

Protected: Distribution to TakaPay Members only C3-38

Chapter 8 Processing restrictions

This section clearly outlines the critical nature of "Process Restrictions," which is an obligatory step
performed by the Terminal. The purpose of this function is to ensure that the Terminal's application is
fully compatible with the Card application and to make necessary adjustments, including the possibility
of rejecting the transaction if required.

The Processing restriction functionality shall be performed by the EMV Contact kernel as specified in
[EMV Book 3] section 10.4 and [EMV Book 4] section 6.3.3 and in contactless as defined in [PURE-
CLT] section 9.2.10

During the Processing Restrictions step, the Terminal conducts multiple checks to identify any restrictions
on the application for the transaction being performed.

The Terminal may also perform the following checking (based on data provided during the completion of
the “READ RECORD” command):

Feature Purpose Interface

The Terminal has to compare its application version
Application Contact
number against the one read in the card. If they do not
Version Number Contactless
match, the Terminal shall set the TVR B2b8 to ‘1’
The Terminal shall check for restrictions limiting the
application geographically or relative to certain types of
Application Contact
transactions. If the usage conditions are not met, the
Usage Control Contactless
Terminal shall set the TVR B2b5 to ‘1’ (Requested service
not allowed for card product)
The Terminal has to check if the application effective date
is greater than the current date. If the application effective
Application date is greater than the current date, the Terminal shall set Contact
Effective Date TVR B2b6 to ‘1’. For an application effective date without Contactless
a day number specified, the last day of the month should
be used
The Terminal shall read the Expiration Date from tag 5F24
if present, otherwise extract it from the Track 2 Equivalent
Application Data, and compare that value with the date of the Contact
Expiration Date transaction. If the date of the transaction is greater than Contactless
the expiration date, the Terminal shall set the TVR B2b7
to ‘1’ (Expired application).
The Terminal may have an internal file that references a
special PAN (for example, it can be a blacklist PAN to
indicate which PANs shall generate a decline transaction).
Exception File Contact
If a Terminal has this type of file, it must check that the
PAN read is not present in this file. If present, the Terminal
has to set TVR B1b5 to ‘1’).
Table 10: Restriction Processing Features

Protected: Distribution to TakaPay Members only C3-39

Chapter 9 Cardholder verification

This critical step is performed to ensure that the person presenting the card to the terminal is indeed the
rightful owner of the card. It is important to note that the Terminal must support Cardholder Verification
to carry out this step effectively. To accomplish this, a Cardholder Verification Method (CVM) that is
supported by both the chip card and the terminal is utilized.

The Cardholder Verification Method (CVM) functionality shall be performed by the EMV Contact kernel
as specified in [EMV Book 3] section 10.5 to determine which CVM to use.
The Contactless Kernel is configured in order to support Cardholder verification using the EMV defined
method based on CVM List.
The TakaPay Chip contact terminal application, via Terminal Capabilities (Tag 9F33), shall instruct the
EMV Contact kernel to support Online PIN and signature.
The TakaPay Chip contact terminal application shall not support any PIN bypass processing.

Data used in contact mode: Terminal capabilities and CVM list.

Data used in contactless mode: TTPI and CVM list.

Note: In contactless, only Signature and Online PIN are supported.

Protected: Distribution to TakaPay Members only C3-40

 Figure 11: CVM Flow

Protected: Distribution to TakaPay Members only C3-41

Chapter 10 Terminal Risk Management

This section describes TRM step performed by terminal which ensures that high value transactions
should go online for Issuer authorization, and that a proportion of lower value transactions should go
online periodically to protect against credit and fraud

The Terminal risk management functionality shall be performed by the EMV Contact kernel as specified
in [EMV Book 3] section 10.6 and in contactless as defined in [PURE-CLT] section 9.2.12.

TRM functionality Support Interface

Terminal Floor
Mandatory Contact
Limit
Random
Transaction Optional Contact
Selection
Contact
Velocity Checking Optional*
Contactless
Table 11: Terminal Risk Features

*if EMV-defined Processing Restriction and Terminal Risk Management” bit is set to ‘1’.The TakaPay
contactless kernel has to process Terminal Velocity Checking.

Protected: Distribution to TakaPay Members only C3-42

Chapter 11 Terminal action analysis

This section describes about Terminal Action Analysis which is a mandatory step where the Terminal
applies rules set by the issuer (in the Card) and rules set by Taka Pay (in the Terminal) to decide how
the transaction should be processed.
The Terminal Action Analysis functionality shall be performed by the EMV Contact kernel as specified
in [EMV Book 3] section 10.7 and in contactless as defined in [PURE-CLT] section 9.2.13.

TAA consists of two parts:

• Offline processing results checks

The terminal recommends an approach for processing the remainder of the transaction by comparing
the bits set in the TVR during offline processing against rules placed in the terminal by the payment brand
and in the chip card by the Issuer. These rules govern the level of risk acceptable for various transaction
conditions.
Up to this point in the transaction, all processing was completed offline. Moving forward, data is generated
that may be sent to the Issuer during authorization or clearing.

• Request (1st) application cryptogram

A security element called a cryptogram is used to secure this data and to provide validation that the chip
card involved is genuine.
This step results in a request for the chip card to decline, send online, or approve the transaction.

TakaPay terminal performs a Terminal Action Analysis (TAA) based on logical tests on the card data,
and by a bitmap match between the Terminal Action Code (TAC) and the Issuer Action Code (IAC).
The TAC value shall be configured based on the terminal type and on the online/offline capability:

Terminal type Value

Contact POS - TAC-Default: FC F8 FC F8 00
- TAC- Denial: 00 10 00 00 00
- TAC-Online: FC F8 E4 F8 00

ATM - TAC-Default: FC F8 FC F8 00
- TAC- Denial: 00 10 00 00 00
- TAC-Online: FC F8 E4 F8 00

Contactless offline-
- TAC-Default: B4 F8 D4 F8 00
capable terminal
- TAC- Denial: 00 10 00 00 00
- TAC-Online: B4 F8 D4 F8 00

Contactless online-only
- TAC-Default: FF FF FF FF FF
terminal
- TAC- Denial: 00 10 00 00 00

Protected: Distribution to TakaPay Members only C3-43

 - TAC-Online: FF FF FF FF FF

Table 12: Terminal Action Analysis values

Protected: Distribution to TakaPay Members only C3-44

Chapter 12 Card Action Analysis
This section describes about the Card Action Analysis (CAA) process which is a mandatory step
performed by the Card and is triggered when the Terminal issues the GENERATE AC command for a
given transaction.
The Card Action Analysis management functionality shall be performed by the EMV Contact kernel as
specified in [EMV Book 3] section 10.8 and in contactless as defined in [PURE-CLT] section 9.2.14.

The Card online/offline decision is specified by its response to each issuance of the GENERATE AC
command in Card Action Analysis (CAA)

This step results in the chip card responding to the terminal with a cryptogram reflecting its decision on
how the transaction should progress (i.e., decline offline, send online, or approve offline).

Protected: Distribution to TakaPay Members only C3-45

Chapter 13 Online processing

Online Processing is performed to allow the issuer to review transactions and to authorize or reject
them.
The Online Processing functionality shall be performed by the EMV Contact kernel as specified in
[EMV Book 3] section 10.9 and in contactless as defined in [PURE-CLT] section 9.2.18 K18.6.

When going online, the Terminal provides the issuer with data elements used during the transaction,
including the ARQC and other data returned by the Card during CAA.

Online Processing also allows the issuer to return data, including an Authorization Response Cryptogram
(ARPC), to Card via the Terminal.

In Contactless, Long Tap and Additional Tap are not supported.

The terminal should display a message indicating whether the transaction is going online with “ONLINE
REQUEST"

Protected: Distribution to TakaPay Members only C3-46

Chapter 14 Issuer to card script processing

Issuer Script Processing enables Issuers to modify the Card application parameters (i.e. personalised
data) without reissuing the Card. This processing is only for Contact kernel.
Issuer-to-card script processing for a TakaPay Chip transaction must be compliant with EMV Book 3
specification.

With this function, the Issuer transmits commands in Issuer scripts contained in the authorization
response message. The Terminal extracts the commands from the script then passes these commands
in sequence to the Card, where they are executed if secure messaging requirements are satisfied.

The Issuer Script functionality allows the issuer to manage card updates. This functionality shall only be
supported for contact transactions.

Figure 12: Issuer Script Processing Flow

Protected: Distribution to TakaPay Members only C3-47

Chapter 15 Completion

Completion is the last step of the transaction unless card re-presentment is required. The objective of
this step is to communicate the transaction decision to the user and perform additional processes if
necessary (depending of the transaction decision). This section shall compliance with [EMV-3] and
[PURE-CLT].

The completion decision may be:

Offline declined: The transaction has been declined. The Terminal shall notify the user and log
information regarding the transaction. The Terminal may ask the user to present a new card or to switch
to another interface.

Offline approved: The transaction has been approved without sending the transaction online for
authorization. The Terminal shall log transaction information for later authorization (if configured to
support Deferred Authorization) and / or clearing (that may occur at a later time).

Online approved: The transaction has been processed online, and the Issuer approved the transaction.
Information concerning the transaction may be logged (but this is not mandatory as the Issuer has already
obtained all of the information required for clearing). The Terminal notifies the user that the transaction
has been approved online.

Online declined: The transaction has been processed online and the Issuer declined the transaction.
Information concerning the transaction may be logged (but this is not mandatory because no clearing is
required). The terminal notifies the user that the transaction has been online declined.

Switch to another interface: The transaction cannot be processed using the contactless interface but
may be processed via a magnetic stripe or contact interface. The Terminal notifies the user to use another
interface.

Upon receiving the authorization decision from the issuer, the terminal should display a message
indicating whether the transaction was "APPROVED" or "DECLINED", along with a reason code that
should be printed on the receipt
.

Protected: Distribution to TakaPay Members only C3-48

Figure 13: Completion Processing Flow

Protected: Distribution to TakaPay Members only C3-49

Chapter 16 Fallback Transaction

Fallback transaction is not supported on contactless-only terminals.

TakaPay contactless terminal shall prioritize the use of the contactless interface before requesting the
use of contact. If the chip card is mal-functioning, the terminal could request the cardholder to insert the
card. This kind of transaction processing is called “Fallback”.

After the failure of contactless interface transaction, the terminal shall request a Fallback processing
using the contact interface.

Select contactless interface

Failure

Select contact interface

Failure

Protected: Distribution to TakaPay Members only C3-50

Chapter 17 Transaction processing

This process starts when the terminal is in the state ‘Initiated’, meaning all conditions have been satisfied
to perform the transaction (i.e. purchase, purchase with Cash-out, Cash-out, deposit and refund). The
processing steps are based on the concepts of Entry Point except that the function “Protocol activation”
and the outcome processing are extended to all types of interfaces available (i.e. chip card reader, mag
stripe reader, contactless reader, manual entry keypad).
If any processes described here end with an error, the terminal application must abort the transaction
and be in the state “Idle”.
If any processes described here end with an error, the terminal application must abort the transaction
and be in the state “Idle”.

4.3. Transaction control

This function controls the application selection for EMV contact and Contactless processing and
provides the application profile to the kernel.

• Purchase, Cash Withdrawal, Cash Advance and Cash deposit

All amounts must be provided to the Pre-processing function to start the processing.
The Application Selection follows EMV rules if EMV Contact kernel is selected (card is docked) or follows
either the Entry Point rules if the card is tapped.
If any contact terminal of type other than Attended (Type = ‘x1,’x2’ or ‘x3) is unable to provide amount
during initiation of transaction processing, the amount field in the PDOL shall be filled with hexadecimal
zeroes (See Section 6.3.1 in [EMV Book 4]). The amounts in CDOL1 and Field 55 shall be consistent
and can be of actual transaction amount or any other predefined amount (e.g. $100 for fuel pumps).

• Bill Payment, Funds Transfer, Balance Inquiry

The TakaPay Chip terminal application is only used to retrieve the PAN and the Expiry date if not entered
using Manually Entry technology.
The amount if needed must be provided to the Pre-processing function to start processing.
The TakaPay terminal application shall retrieve the Track 2 Equivalent Data (Tag 57) from the TakaPay
Chip card via the contact kernel during READ APPLICATION DATA and may continue processing as per
mag stripe transaction, or request the contact kernel to complete EMV transaction.
For contactless, the TakaPay terminal application shall receive the Track 2 Equivalent Data (Tag 57)
from the TakaPay contactless kernel post contactless session, where the contactless kernel completes
EMV transaction.
• Online request outcome processing

This function performs online authorization. If PIN entry is required and not performed by the kernel,
then PIN entry is also performed during this stage.
✓ Online PIN for TakaPay Mag-stripe/EMV kernel
✓ Online PIN for Contactless kernel

Protected: Distribution to TakaPay Members only C3-51

If the process is successful, the terminal application is in the state “Online”.
At minimum, the following data elements must be present in the online message in field DE-55:
Presence Presence
Tag Tag Name length
Contact Contactless
5F2A Transaction Currency Code 2 M M
Application Interchange Profile
82 2 M M
(AIP)
Dedicated File Name (AID) of
84 5-16 M M
the application selected
Terminal Verification Results
95 5 M M
(TVR)
9A Transaction Date 3 M M
9C Transaction Type 1 M M
9F02 Amount, Authorized (Numeric) 6 M M
9F03 Amount, Other (Numeric) 6 M M
Up to 32
9F10 Issuer Application Data (IAD) M M
bytes
9F26 Application Cryptogram (AC) 8 M M
Cryptogram Information Data
9F27 1 M M
(CID)
9F34 CVM Result 3 M M
Application Transaction
9F36 2 M M
Counter (ATC)
9F37 Unpredictable Number (UN) 4 M M
9F1A Terminal Country Code 2 M M
9F35 Terminal Type 1 M M
Up to 250
9F77 Terminal Dedicated Data C C
bytes
Application PAN Sequence
5F34 1 C C
Number
5F20 Cardholder Name 2-26 C C
Up to 19
57 Track 2 Equivalent Data M M
bytes
Up to 10
5A PAN C C
bytes
9F1F Track 1 Discretionary Data var C C
9F19 Token requestor ID 6 C C
9F24 Payment Account Reference 29 C C

Protected: Distribution to TakaPay Members only C3-52

 9F25 Four Last Digit 2 C C
Table 13: Transaction Data to be inlcuded

The format of the financial and authorisation request/response messages between the Acquirer and the
Issuer shall be compliant with Detailed ISO8583 Message v1.18
Where a transaction contains encrypted PIN data (bit 52), the encrypted PIN data must be formatted in
accordance with one of PIN Block formats specified in AS2805 part 3 with the exception of formats 1, 2
and 8
• Pre-authorization
For unattended devices where the cost of the goods or services to be provided is not predetermined
such as fuel dispensers and card-activated phones, short duration pre-authorisations will be generated
which are also referred to as Purchase/Reversal/Advice transactions.

• Cancellation/Reversal (TDC)
Reversals of transactions, processed as EMV, must be reversed with data elements contained in DE55
based on the results of the final (second) cryptogram generation. For reversals that are the result of a
network timeout an ARQC can be sent in DE55.

Protected: Distribution to TakaPay Members only C3-53

Chapter 18 Transaction completion

This function performs the final outcome, log transaction, store transaction data and provide a receipt.

20.1 Message displayed

Rule 10 If display is supported, depending on the final outcome provided by the

kernel, the terminal shall display the appropriate message to the
merchant and to the cardholder

20.2 Receipt printing

2 copies of the terminal receipt are to be considered: the cardholder’s copy and the merchant’s copy of
the terminal receipt
Rule 11 For all contact transactions and all contactless transactions made with
TakaPay payment application, a cardholder receipt should be available if
the terminal has that capability.
Rule 12 For all contact and contactless transactions, a merchant receipt must
always be available to the merchant if the terminal has that capability.
Rule 13 At the end of a contactless chip transaction, when one receipt is printed, it
shall contain following additional information:
“CONTACTLESS” should be written on the receipt to differentiate one
contactless transaction from one contact transaction and provide a receipt
according to chapter “1.7 Receipt requirement” and using the receipt DOL.

20.3 Transaction log

Rule 14 Merchant shall be able to extract from the transaction log all the transactions
that have been made with a TakaPay chip card.
The following list of data elements shall identify a unique transaction:
Data element name Tag
Acquirer Identifier 9F01
Merchant Identifier 9F16
Terminal Identification 9F1C
Transaction Date 9A
Transaction Time 9F21
Transaction Sequence Counter 9F41
Table 14: Data Elements Identifying Unique Transaction

Protected: Distribution to TakaPay Members only C3-54

Appendix A Configuration parameters

Terminal Configuration:

When processing an TakaPay Chip contact transaction the TakaPay Chip device must, at a minimum,
support the following:
• EMVCo Common Core Definition (CCD) Compliant device
• Application selection using PSE
• Partial application selection

The TakaPay Chip device must support the AID: A0000009101010

In addition, the following data elements must be set in the TakaPay Chip device:
• Application Version Number – 0001
• Terminal Action Codes (TACs) (Refer to Annex A)

Data Element Group Data elements Tag

Application Identifier (AID), Label and
Application Selection Indicator for each
9F06
AID:
Value: ‘A0000009101010’
Application Version Number (AVN) :
9F09
Value: 01 00
Acquirer Identifier 9F01
Interface Device (IFD) Serial Number 9F1E

Common Data Terminal Identification 9F1C

Merchant Category Code (MCC) 9F15
Merchant Identifier 9F16
Merchant Name and Location 9F4E
Terminal Type 9F35
Terminal Country Code 9F1A
Terminal Capabilities 9F33
Additional Terminal Capabilities 9F40
Terminal Floor Limit At Acquirer discretion
Terminal Action Code (TAC)-Default FC F8 FC F8 00
Contact POS device
Terminal Action Code (TAC)-Denial 00 10 00 00 00
Terminal Action Code (TAC)-Online FC F8 E4 F8 00
Contactless POS Terminal Floor Limit (Tag '9F1B'), if At Acquirer discretion
Device (Offline/Online) present

Protected: Distribution to TakaPay Members only C3-55

 Data Element Group Data elements Tag
Reader CVM Required Limit, TBD
Reader Contactless Transaction Limit TBD
Reader Contactless Floor Limit TBD
Terminal Action Code (TAC)-Default B4 F8 D4 F8 00
Terminal Action Code (TAC)-Denial 00 10 00 00 00
Terminal Action Code (TAC)-Online B4 F8 D4 F8 00
Terminal Floor Limit 00000000
Terminal Action Code (TAC)-Default FF FF FF FF FF
Contact ATM
Terminal Action Code (TAC)-Denial 00 10 00 00 00
Terminal Action Code (TAC)-Online FF FF FF FF FF
Terminal Floor Limit (Tag '9F1B'), if 00000000
present
Reader CVM Required Limit, TBD
Reader Contactless Transaction Limit TBD
Contactless POS
Device (Online Only) Reader Contactless Floor Limit 000000000000
Terminal Action Code (TAC)-Default FF FF FF FF FF
Terminal Action Code (TAC)-Denial 00 10 00 00 00
Terminal Action Code (TAC)-Online FF FF FF FF FF

Protected: Distribution to TakaPay Members only C3-56

A.2 Contact POS TACs
Contact POS TAC- Denial (00 10 00 00 00)
Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Data authentication was not performed
0 Static data authentication failed
0 ICC data missing
0 Card appears on terminal exception file
0 Dynamic data authentication failed
0 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different application
0 version
0 Expired application
0 Application not yet effective
1 Requested service not allowed for card product
0 New card
0 0 0 RFU
Byte 3
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Cardholder verification was not successful
0 Unrecognized CVM
0 PIN try Limit exceeded
PIN entry required but PIN pad not
0 present/working
PIN entry required, PIN pad present but PIN not
0 entered
0 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Transaction exceeds floor limit
0 Lower consecutive offline limit exceeded
0 Upper consecutive offline limit exceeded
Transaction selected randomly for online
0 processing
0 Merchant forced transaction online

Protected: Distribution to TakaPay Members only C3-57

 0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
Script processing failed before final GENERATE
0 AC
Script processing failed after final GENERATE
0 AC
0 0 0 0 RFU

Contact POS TAC- Online (FC F8 E4 F8 00)

Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Data authentication was not performed
1 Static data authentication failed
1 ICC data missing
1 Card appears on terminal exception file
1 Dynamic data authentication failed
1 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different application
1 version
1 Expired application
1 Application not yet effective
1 Requested service not allowed for card product
1 New card
0 0 0 RFU
Byte 3
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Cardholder verification was not successful
1 Unrecognized CVM
1 PIN try Limit exceeded
PIN entry required but PIN pad not
0 present/working
PIN entry required, PIN pad present but PIN not
0 entered

Protected: Distribution to TakaPay Members only C3-58

 1 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Transaction exceeds floor limit
1 Lower consecutive offline limit exceeded
1 Upper consecutive offline limit exceeded
Transaction selected randomly for online
1 processing
1 Merchant forced transaction online
0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
Script processing failed before final GENERATE
0 AC
Script processing failed after final GENERATE
0 AC
0 0 0 0 RFU

Contact POS TAC- Default (FC F8 FC F8 00)

Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Data authentication was not performed
1 Static data authentication failed
1 ICC data missing
1 Card appears on terminal exception file
1 Dynamic data authentication failed
1 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different application
1 version
1 Expired application

Protected: Distribution to TakaPay Members only C3-59

 1 Application not yet effective
1 Requested service not allowed for card product
1 New card
0 0 0 RFU
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Cardholder verification was not successful
1 Unrecognized CVM
1 PIN try Limit exceeded
PIN entry required but PIN pad not
1 present/working
PIN entry required, PIN pad present but PIN not
1 entered
1 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Transaction exceeds floor limit
1 Lower consecutive offline limit exceeded
1 Upper consecutive offline limit exceeded
Transaction selected randomly for online
1 processing
1 Merchant forced transaction online
0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
Script processing failed before final GENERATE
0 AC
Script processing failed after final GENERATE
0 AC
0 0 0 0 RFU

Protected: Distribution to TakaPay Members only C3-60

A.3 ATM TACs
ATM TAC- Denial (00 10 00 00 00)
Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Data authentication was not performed
0 Static data authentication failed
0 ICC data missing
0 Card appears on terminal exception file
0 Dynamic data authentication failed
0 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different application
0 version
0 Expired application
0 Application not yet effective
1 Requested service not allowed for card product
0 New card
0 0 0 RFU
Byte 3
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Cardholder verification was not successful
0 Unrecognized CVM
0 PIN try Limit exceeded
PIN entry required but PIN pad not
0 present/working
PIN entry required, PIN pad present but PIN not
0 entered
0 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Transaction exceeds floor limit
0 Lower consecutive offline limit exceeded
0 Upper consecutive offline limit exceeded
Transaction selected randomly for online
0 processing
0 Merchant forced transaction online

Protected: Distribution to TakaPay Members only C3-61

 0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
Script processing failed before final GENERATE
0 AC
Script processing failed after final GENERATE
0 AC
0 0 0 0 RFU

ATM TAC- Online (FC F8 E4 F8 00)

Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Data authentication was not performed
1 Static data authentication failed
1 ICC data missing
1 Card appears on terminal exception file
1 Dynamic data authentication failed
1 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different application
1 version
1 Expired application
1 Application not yet effective
1 Requested service not allowed for card product
1 New card
0 0 0 RFU
Byte 3
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Cardholder verification was not successful
1 Unrecognized CVM
1 PIN try Limit exceeded
PIN entry required but PIN pad not
0 present/working
PIN entry required, PIN pad present but PIN not
0 entered

Protected: Distribution to TakaPay Members only C3-62

 1 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Transaction exceeds floor limit
1 Lower consecutive offline limit exceeded
1 Upper consecutive offline limit exceeded
Transaction selected randomly for online
1 processing
1 Merchant forced transaction online
0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
Script processing failed before final GENERATE
0 AC
Script processing failed after final GENERATE
0 AC
0 0 0 0 RFU

ATM TAC- Default (FC F8 FC F8 00)

Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Data authentication was not performed
1 Static data authentication failed
1 ICC data missing
1 Card appears on terminal exception file
1 Dynamic data authentication failed
1 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different application
1 version
1 Expired application
1 Application not yet effective
1 Requested service not allowed for card product

Protected: Distribution to TakaPay Members only C3-63

 1 New card
0 0 0 RFU
Byte 3
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Cardholder verification was not successful
1 Unrecognized CVM
1 PIN try Limit exceeded
1 PIN entry required but PIN pad not present/working
PIN entry required, PIN pad present but PIN not
1 entered
1 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Transaction exceeds floor limit
1 Lower consecutive offline limit exceeded
1 Upper consecutive offline limit exceeded
1 Transaction selected randomly for online processing
1 Merchant forced transaction online
0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
0 Script processing failed before final GENERATE AC
0 Script processing failed after final GENERATE AC
0 0 0 0 RFU

Protected: Distribution to TakaPay Members only C3-64

A.4 Contactless Offline Capable terminal TACs
Contactless TAC- Denial (00 10 00 00 00)
Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Data authentication was not performed
0 Static data authentication failed
0 ICC data missing
0 Card appears on terminal exception file
0 Dynamic data authentication failed
0 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different application
0 version
0 Expired application
0 Application not yet effective
1 Requested service not allowed for card product
0 New card
0 0 0 RFU
Byte 3
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Cardholder verification was not successful
0 Unrecognized CVM
0 PIN try Limit exceeded
PIN entry required but PIN pad not
0 present/working
PIN entry required, PIN pad present but PIN not
0 entered
0 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Transaction exceeds floor limit
0 Lower consecutive offline limit exceeded
0 Upper consecutive offline limit exceeded
Transaction selected randomly for online
0 processing

Protected: Distribution to TakaPay Members only C3-65

 0 Merchant forced transaction online
0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
Script processing failed before final GENERATE
0 AC
Script processing failed after final GENERATE
0 AC
0 0 0 0 RFU

Contactless TAC- Online (FC F8 D4 F8 00)

Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Data authentication was not performed
1 Static data authentication failed
1 ICC data missing
1 Card appears on terminal exception file
1 Dynamic data authentication failed
1 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different application
1 version
1 Expired application
1 Application not yet effective
1 Requested service not allowed for card product
1 New card
0 0 0 RFU
Byte 3
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Cardholder verification was not successful
1 Unrecognized CVM
0 PIN try Limit exceeded
PIN entry required but PIN pad not
1 present/working

Protected: Distribution to TakaPay Members only C3-66

 PIN entry required, PIN pad present but PIN not
0 entered
1 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Transaction exceeds floor limit
1 Lower consecutive offline limit exceeded
1 Upper consecutive offline limit exceeded
Transaction selected randomly for online
1 processing
1 Merchant forced transaction online
0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
Script processing failed before final GENERATE
0 AC
Script processing failed after final GENERATE
0 AC
0 0 0 0 RFU

Contactless TAC- Default (FC F8 D4 F8 00)

Byte 1
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Data authentication was not performed
1 Static data authentication failed
1 ICC data missing
1 Card appears on terminal exception file
1 Dynamic data authentication failed
1 Combined DDA/AC generation failed
0 0 RFU
Byte 2
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
Chip card and terminal have different
1 application version
1 Expired application

Protected: Distribution to TakaPay Members only C3-67

 1 Application not yet effective
1 Requested service not allowed for card product
1 New card
0 0 0 RFU
Byte 3
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Cardholder verification was not successful
1 Unrecognized CVM
0 PIN try Limit exceeded
PIN entry required but PIN pad not
1 present/working
PIN entry required, PIN pad present but PIN
0 not entered
1 Online PIN entered
0 0 RFU
Byte 4
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 Transaction exceeds floor limit
1 Lower consecutive offline limit exceeded
1 Upper consecutive offline limit exceeded
Transaction selected randomly for online
1 processing
1 Merchant forced transaction online
0 0 0 RFU
Byte 5
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
0 Default TDOL used
0 Issuer authentication failed
Script processing failed before final
0 GENERATE AC
Script processing failed after final GENERATE
0 AC
0 0 0 0 RFU

Protected: Distribution to TakaPay Members only C3-68