The technology that lies behind EMV both contact and NFC transactions is to some extent a black box that just does what it does and when it doesn’t quite do what is expected this can cause confusion and problems for the users and operators of the cards and terminals. To fully cover all of the areas is far too much for this short article, you only have to look at the size of the EMV books to understand that fully. Therefore the aim of this article is to explain the way some of the NFC technology works in a live environment.
In this article we will look at two sets of data elements and settings used in an NFC transaction. These are the CTQ (Card Transaction Qualifiers) and the TTQ (Terminal Transaction Qualifiers). As always we will use the short abbreviations, just to confuse the un-imitated, the CTQ and the TTQ.
The CTQ on the card is set by the Card Issuer at the time of its issuance and determines what actions will take place at the Point of Sale (POS) when a transaction takes place. In this standard operating procedure across EMV the Card Issuer enforces his control at the POS based on the settings they code into the card and this is true of the CTQ as much as the other settings not being discussed.
CTQ Byte 1:
|8||True||Online PIN Required|
|6||True||Go Online if Offline Data Authentication Fails and Reader is online capable.|
|5||True||Switch Interface if Offline Data Authentication fails and Reader supports VIS.|
|4||True||Go Online if Application Expired.|
|3||True||Switch Interface for CashTransactions.|
|2||True||Switch Interface for Cashback Transactions|
CTQ Byte 2:
|8||True||Consumer Device CVMPerformed.Note: Bit 8 is not used by cards compliant with VISA specification, and is commonly set to False.|
|7||True||Card supports Issuer Update Processing at the POS.|
The CTQ controls, by the settings of the various bits, the following areas of a transaction:
The CTQ results are returned in both the authorisation and clearing messages and are part of the valuable source of data returned in every transaction. This data is of value to the card issuer as it helps define what is happening at the Point of Sale and can be used in the development of the way we work.
The TTQ on the terminal can be set to a default or can be set by the Merchant / Acquirer to suit their terminal installation. However where used the CTQ will override the TTQ.
TTQ Byte 1:
|8||True||Contactless MSD supported|
|7||True||Contactless VSDC supported|
|6||True||Contactless qVSDC supported|
|5||True||EMV contact chip supported|
|3||True||Online PIN supported|
|1||True||Offline Data Authentication (ODA) for Online Authorizations supported.|
TTQ Byte 2:
|8||True||Online cryptogram required|
|6||True||(Contact Chip) Offline PIN supported|
TTQ Byte 3:
|8||True||Issuer Update Processing Supported|
|7||True||Mobile functionality supported (Consumer Device CVM)|
TTQ Byte 4: All RFU
The TTQ controls, by the settings of the various bits, the following areas of a transaction:
The TTQ values used and set during the transaction are transient, they are reported in the authorisation and clearing messages, but have no affect on subsequent transactions, unlike some settings in the contact side of EMV that do have an effect on subsequent transactions.
Basically between their settings the CTQ and The TTQ define how a transaction will react to any transaction taking place and they define what is required and how a transaction will be completed.
This is a very short description of how CTQ and TTQ work but I hope it helps to start lifting the lid on the black box we call EMV.