M/Chip CardPersonalization
Standard Profiles1 April 2011
Notices
Proprietary Rights The information contained in this document is proprietary and confidentialto MasterCard International Incorporated, one or more of its affiliated entities(collectively “MasterCard”), or both.
This material may not be duplicated, published, or disclosed, in whole or inpart, without the prior written permission of MasterCard.
Trademarks Trademark notices and symbols used in this document reflect the registrationstatus of MasterCard trademarks in the United States. Please consult withthe Customer Operations Services team or the MasterCard Law Departmentfor the registration status of particular product, program, or service namesoutside the United States.
All third-party product and service names are trademarks or registeredtrademarks of their respective owners.
Billing For printed documents, MasterCard will bill principal members. Pleaserefer to the appropriate MasterCard Consolidated Billing System (MCBS)document for billing-related information.
Information AvailableOnline
MasterCard provides details about the standards used for thisdocument—including times expressed, language use, and contactinformation—on the Member Publications Support page available onMasterCard OnLine®. Go to Member Publications Support for centralizedinformation.
Translation A translation of any MasterCard manual, bulletin, release, or otherMasterCard document into a language other than English is intended solelyas a convenience to MasterCard members and other customers. MasterCardprovides any translated document to its members and other customers “ASIS” and makes no representations or warranties of any kind with respectto the translated document, including, but not limited to, its accuracy orreliability. In no event shall MasterCard be liable for any damages resultingfrom members’ and other customers’ reliance on any translated document.The English version of any MasterCard document will take precedence overany translated version in any legal proceeding.
Publication Code PSP
©2010 MasterCard1 April 2011 • M/Chip Card Personalization Standard Profiles
Summary of Changes, 1 April 2011This document reflects changes associated with the 1 April 2011 update. Some of the changes thatwere previously identified in the Errata, published in 9 February 2011, have been incorporatedin this update and are outlined in the Summary of Changes. To locate these changes online, onthe Adobe toolbar, click Find. In the Find box, type *chg*, and then press ENTER. To move tothe next change, press ENTER again.
Description of Change Where to Look
To ensure that members have access to current contact information and standardsused for MasterCard documentation, MasterCard has created the MemberPublications Support page. As a result, MasterCard has removed some contentfrom this document, including times expressed, language use, and contactinformation, which members now can find online.
Member PublicationsSupport page onMasterCard OnLine®
Added Profile 06 to Chapter 5. Profile 06: Maestroonline only with nooffline CAM
Added Chapter 8 Chapter 8
Added Profile 33 to Chapter 6. Profile 33:MasterCard/DebitMasterCard online onlywith no offline CAM –offline PIN
Added Profile 34 to Chapter 6. Profile 34:MasterCard/DebitMasterCard online onlywith no offline CAMand no offline PIN
Added Cirrus® to standard profiles list in Overview section. Revisions toparagraphs.
Overview of StandardProfiles
Revised paragraphs in Card Functions section. Card Functions
Revised paragraphs in Online Processing section. Online Processing
Modified images to add new profiles, Cirrus profile, and change Office to Offline. Chapter 3
Added table entries and footnotes. Issuer-Defined DataElements
Revised sentence in Risk Management section throughout manual. Issuer RiskManagement
Modified Mandatory Value for Application Label to Maestro or MAESTROthroughout manual.
Modified Mandatory Value for Log Entry to Determined by issuer throughoutmanual.
Removed Application Transaction Counter Limit and Previous Transaction Historyfrom Data Element List throughout manual.
Data Element List
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 1
Description of Change Where to Look
Removed card must be able to operate offline from several areas throughoutmanual.
Profile 11:MasterCard/DebitMasterCard with SDAand offline PIN—FullChip Issuer (1)
Added asterick next to Signature under Cardholder Verfication section throughoutmanual.
Cardholder Verification
Revised sentence under Application Usage Control section throughout manual. Application UsageControl
Modified Mandatory Value for Application Label to MasterCard or MASTERCARDor Debit MasterCard or DEBIT MASTERCARD throughout manual.
Data Element List
Removed (zero not allowed) from Upper Consecutive Offline Limit and UpperCumulative Offline Transaction Amount throughout manual.
Data Element List
Modified Mandatory Value for CVM List from 5E03 to 1E03 throughout manual. Data Element List
Modified Mandatory Value for Application Control in Profile 15. Data Element List
Revised paragraphs in Profile 29. Profile 29:MasterCard/DebitMasterCard with SDAand signature—MagStripe Grade Issuerwhere issuer cannotinterpret TVR/CVR (2)
Revised paragraphs in Profile 31.
Modified Mandatory Value for Signed Static Application Data.
Profile 31:MasterCard/DebitMasterCard with SDAand signature—MagStripe Grade Issuer (4)
Modified Mandatory Value for Application Label to MC Electronic or MCELECTRONIC.
Data Element List
Modified Mandatory Values for Lower Consecutive Offline Limit, UpperConsecutive Offline Limit, Lower Cumulative Offline Transaction Amount, andUpper Cumulative Offline Transaction Acount in Profile 51, 52, and 53.
Data Element List
©2010 MasterCard2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Table of Contents
Chapter 1 Using this Document ..................................................................... 1-iPurpose.................................................................................................................................... 1-1
Related Information ........................................................................................................... 1-1
Audience.................................................................................................................................. 1-1
Benefits .................................................................................................................................... 1-2
Support .................................................................................................................................... 1-2
Overview of Standard Profiles ................................................................................................. 1-2
Chapter 2 Principles and Issuer Decisions...................................................... 2-iCard Application ...................................................................................................................... 2-1
Card Functions......................................................................................................................... 2-1Contact Payment................................................................................................................ 2-1MasterCard Authentication Solutions for Chip ................................................................... 2-1
File Structures .......................................................................................................................... 2-3
Issuer Host Grade Processing .................................................................................................. 2-3Chip Host Grade................................................................................................................ 2-3Mag Stripe Host Grade....................................................................................................... 2-3
Card Authentication ................................................................................................................. 2-4
Cardholder Verification ............................................................................................................ 2-4
Online Processing.................................................................................................................... 2-5Exclusively-Online Cards ................................................................................................... 2-5Online-Preferring Cards ..................................................................................................... 2-5
Debit MasterCard ..................................................................................................................... 2-5
Chapter 3 Selecting a Profile .......................................................................... 3-iAsia Pacific Region .................................................................................................................. 3-1
Canada Region......................................................................................................................... 3-2
Europe Region ......................................................................................................................... 3-3
Latin America and the Caribbean Region................................................................................. 3-4
South Asia/Middle East/Africa Region ..................................................................................... 3-5
Chapter 4 Issuer-Defined Data Elements....................................................... 4-iIssuer-Defined Data Elements.................................................................................................. 4-1
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 i
Table of Contents
Chapter 5 Standard Profiles for Maestro....................................................... 5-iProfile 01: Maestro with SDA—Full Chip Issuer ...................................................................... 5-1
Cardholder Verification ...................................................................................................... 5-1Application Usage Control ................................................................................................. 5-1Application Interchange Profile ......................................................................................... 5-1Issuer Risk Management .................................................................................................... 5-1MasterCard Authentication Solutions for Chip ................................................................... 5-3Data Element List ............................................................................................................... 5-3
Profile 02: Maestro with DDA—Full Chip Issuer ..................................................................... 5-6Cardholder Verification ...................................................................................................... 5-7Application Usage Control ................................................................................................. 5-7Application Interchange Profile ......................................................................................... 5-7Issuer Risk Management .................................................................................................... 5-7MasterCard Authentication Solutions for Chip ................................................................... 5-9Data Element List ............................................................................................................... 5-9
Profile 03: Maestro with CDA and DDA—Full Chip Issuer.................................................... 5-13Cardholder Verification .................................................................................................... 5-13Application Usage Control ............................................................................................... 5-13Application Interchange Profile ....................................................................................... 5-13Issuer Risk Management .................................................................................................. 5-13MasterCard Authentication Solutions for Chip ................................................................. 5-15Data Element List ............................................................................................................. 5-15
Profile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpretTVR/CVR................................................................................................................................ 5-18
Cardholder Verification .................................................................................................... 5-19Application Usage Control ............................................................................................... 5-19Application Interchange Profile ....................................................................................... 5-19Issuer Risk Management .................................................................................................. 5-19MasterCard Authentication Solutions for Chip ................................................................. 5-20Data Element List ............................................................................................................. 5-20
Profile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpretTVR/CVR................................................................................................................................ 5-23
Cardholder Verification .................................................................................................... 5-23Application Usage Control ............................................................................................... 5-24Application Interchange Profile ....................................................................................... 5-24Issuer Risk Management .................................................................................................. 5-24MasterCard Authentication Solutions for Chip ................................................................. 5-24Data Element List ............................................................................................................. 5-25
Profile 06: Maestro online only with no offline CAM ............................................................ 5-28Cardholder Verification .................................................................................................... 5-28Application Usage Control ............................................................................................... 5-28Application Interchange Profile ....................................................................................... 5-28
©2010 MasterCardii 1 April 2011 • M/Chip Card Personalization Standard Profiles
Table of Contents
Issuer Risk Management .................................................................................................. 5-29MasterCard Authentication Solutions for Chip ................................................................. 5-29Data Element List ............................................................................................................. 5-29
Chapter 6 Standard Profiles for MasterCard/Debit MasterCard .................. 6-iProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer(1) ............................................................................................................................................ 6-1
Cardholder Verification ...................................................................................................... 6-1Application Usage Control ................................................................................................. 6-1Application Interchange Profile ......................................................................................... 6-2Issuer Risk Management .................................................................................................... 6-2MasterCard Authentication Solutions for Chip ................................................................... 6-3Data Element List ............................................................................................................... 6-3
Profile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer(2) ............................................................................................................................................ 6-7
Cardholder Verification ...................................................................................................... 6-7Application Usage Control ................................................................................................. 6-7Application Interchange Profile ......................................................................................... 6-8Issuer Risk Management .................................................................................................... 6-8MasterCard Authentication Solutions for Chip ................................................................. 6-10Data Element List ............................................................................................................. 6-10
Profile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer(3) .......................................................................................................................................... 6-13
Cardholder Verification .................................................................................................... 6-14Application Usage Control ............................................................................................... 6-14Application Interchange Profile ....................................................................................... 6-14Issuer Risk Management .................................................................................................. 6-14MasterCard Authentication Solutions for Chip ................................................................. 6-15Data Element List ............................................................................................................. 6-16
Profile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer(1) .......................................................................................................................................... 6-19
Overview ......................................................................................................................... 6-19Cardholder Verification .................................................................................................... 6-20Application Usage Control ............................................................................................... 6-20Application Interchange Profile ....................................................................................... 6-20Issuer Risk Management .................................................................................................. 6-20MasterCard Authentication Solutions for Chip ................................................................. 6-21Data Element List ............................................................................................................. 6-21
Profile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer(2) .......................................................................................................................................... 6-25
Cardholder Verification .................................................................................................... 6-25Application Usage Control ............................................................................................... 6-26Application Interchange Profile ....................................................................................... 6-26
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 iii
Table of Contents
Issuer Risk Management .................................................................................................. 6-26MasterCard Authentication Solutions for Chip ................................................................. 6-27Data Element List ............................................................................................................. 6-27
Profile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(1) .......................................................................................................................................... 6-31
Overview ......................................................................................................................... 6-31Cardholder Verification .................................................................................................... 6-32Application Usage Control ............................................................................................... 6-32Application Interchange Profile ....................................................................................... 6-32Issuer Risk Management .................................................................................................. 6-32MasterCard Authentication Solutions for Chip ................................................................. 6-33Data Element List ............................................................................................................. 6-34
Profile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(2) .......................................................................................................................................... 6-37
Cardholder Verification .................................................................................................... 6-38Application Usage Control ............................................................................................... 6-38Application Interchange Profile ....................................................................................... 6-38Issuer Risk Management .................................................................................................. 6-38MasterCard Authentication Solutions for Chip ................................................................. 6-40Data Element List ............................................................................................................. 6-40
Profile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(3) .......................................................................................................................................... 6-43
Cardholder Verification .................................................................................................... 6-44Application Usage Control ............................................................................................... 6-44Application Interchange Profile ....................................................................................... 6-44Issuer Risk Management .................................................................................................. 6-44MasterCard Authentication Solutions for Chip ................................................................. 6-46Data Element List ............................................................................................................. 6-46
Profile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer(1) .......................................................................................................................................... 6-49
Cardholder Verification .................................................................................................... 6-50Application Usage Control ............................................................................................... 6-50Application Interchange Profile ....................................................................................... 6-50Issuer Risk Management .................................................................................................. 6-50MasterCard Authentication Solutions for Chip ................................................................. 6-51Data Element List ............................................................................................................. 6-52
Profile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer(2) .......................................................................................................................................... 6-55
Cardholder Verification .................................................................................................... 6-56Application Usage Control ............................................................................................... 6-56Application Interchange Profile ....................................................................................... 6-56Issuer Risk Management .................................................................................................. 6-56MasterCard Authentication Solutions for Chip ................................................................. 6-57
©2010 MasterCardiv 1 April 2011 • M/Chip Card Personalization Standard Profiles
Table of Contents
Data Element List ............................................................................................................. 6-57
Profile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full ChipIssuer (1)................................................................................................................................ 6-61
Cardholder Verification .................................................................................................... 6-61Application Usage Control ............................................................................................... 6-62Application Interchange Profile ....................................................................................... 6-62Issuer Risk Management .................................................................................................. 6-62MasterCard Authentication Solutions for Chip ................................................................. 6-63Data Element List ............................................................................................................. 6-64
Profile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer(2) .......................................................................................................................................... 6-67
Overview ......................................................................................................................... 6-67Cardholder Verification .................................................................................................... 6-68Application Usage Control ............................................................................................... 6-68Application Interchange Profile ....................................................................................... 6-68Issuer Risk Management .................................................................................................. 6-68MasterCard Authentication Solutions for Chip ................................................................. 6-69Data Element List ............................................................................................................. 6-69
Profile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer can interpret TVR/CVR........................................................................... 6-73
Cardholder Verification .................................................................................................... 6-74Application Usage Control ............................................................................................... 6-74Application Interchange Profile ....................................................................................... 6-74Issuer Risk Management .................................................................................................. 6-74MasterCard Authentication Solutions for Chip ................................................................. 6-75Data Element List ............................................................................................................. 6-76
Profile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (1) ................................................................ 6-79
Cardholder Verification .................................................................................................... 6-79Application Usage Control ............................................................................................... 6-80Application Interchange Profile ....................................................................................... 6-80Issuer Risk Management .................................................................................................. 6-80MasterCard Authentication Solutions for Chip ................................................................. 6-81Data Element List ............................................................................................................. 6-81
Profile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (2) ................................................................ 6-85
Cardholder Verification .................................................................................................... 6-86Application Usage Control ............................................................................................... 6-86Application Interchange Profile ....................................................................................... 6-86Issuer Risk Management .................................................................................................. 6-86MasterCard Authentication Solutions for Chip ................................................................. 6-87Data Element List ............................................................................................................. 6-88
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 v
Table of Contents
Profile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (3) ................................................................ 6-91
Cardholder Verification .................................................................................................... 6-92Application Usage Control ............................................................................................... 6-92Application Interchange Profile ....................................................................................... 6-92Issuer Risk Management .................................................................................................. 6-92MasterCard Authentication Solutions for Chip ................................................................. 6-93Data Element List ............................................................................................................. 6-94
Profile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (4) ................................................................ 6-97
Cardholder Verification .................................................................................................... 6-97Application Usage Control ............................................................................................... 6-98Application Interchange Profile ....................................................................................... 6-98Issuer Risk Management .................................................................................................. 6-98MasterCard Authentication Solutions for Chip ................................................................. 6-99Data Element List ............................................................................................................. 6-99
Profile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (1) ...............................................................6-103
Cardholder Verification ...................................................................................................6-103Application Usage Control ..............................................................................................6-104Application Interchange Profile ......................................................................................6-104Issuer Risk Management .................................................................................................6-104MasterCard Authentication Solutions for Chip ................................................................6-105Data Element List ............................................................................................................6-106
Profile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe GradeIssuer where issuer cannot interpret TVR/CVR (2) ...............................................................6-109
Cardholder Verification ...................................................................................................6-109Application Usage Control ..............................................................................................6-110Application Interchange Profile ......................................................................................6-110Issuer Risk Management .................................................................................................6-110MasterCard Authentication Solutions for Chip ................................................................6-111Data Element List ............................................................................................................6-111
Profile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe GradeIssuer (3)...............................................................................................................................6-115
Cardholder Verification ...................................................................................................6-115Application Usage Control ..............................................................................................6-116Application Interchange Profile ......................................................................................6-116Issuer Risk Management .................................................................................................6-116MasterCard Authentication Solutions for Chip ................................................................6-117Data Element List ............................................................................................................6-118
Profile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe GradeIssuer (4)...............................................................................................................................6-121
Cardholder Verification ...................................................................................................6-122
©2010 MasterCardvi 1 April 2011 • M/Chip Card Personalization Standard Profiles
Table of Contents
Application Usage Control ..............................................................................................6-122Application Interchange Profile ......................................................................................6-122Issuer Risk Management .................................................................................................6-122MasterCard Authentication Solutions for Chip ................................................................6-124Data Element List ............................................................................................................6-125
Profile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer(3) .........................................................................................................................................6-128
Cardholder Verification ...................................................................................................6-129Application Usage Control ..............................................................................................6-129Application Interchange Profile ......................................................................................6-129Issuer Risk Management .................................................................................................6-129MasterCard Authentication Solutions for Chip ................................................................6-130Data Element List ............................................................................................................6-131
Profile 33: MasterCard/Debit MasterCard online only with no offline CAM – offlinePIN........................................................................................................................................6-134
Cardholder Verification ...................................................................................................6-134Application Usage Control ..............................................................................................6-135Application Interchange Profile ......................................................................................6-135Issuer Risk Management .................................................................................................6-135MasterCard Authentication Solutions for Chip ................................................................6-135Data Element List ............................................................................................................6-135
Profile 34: MasterCard/Debit MasterCard online only with no offline CAM and no offlinePIN........................................................................................................................................6-138
Cardholder Verification ...................................................................................................6-139Application Usage Control ..............................................................................................6-139Application Interchange Profile ......................................................................................6-139Issuer Risk Management .................................................................................................6-139MasterCard Authentication Solutions for Chip ................................................................6-140Data Element List ............................................................................................................6-140
Chapter 7 Standard Profiles for MasterCard Electronic................................ 7-iProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full ChipIssuer ....................................................................................................................................... 7-1
Cardholder Verification ...................................................................................................... 7-1Application Usage Control ................................................................................................. 7-1Application Interchange Profile ......................................................................................... 7-1Issuer Risk Management .................................................................................................... 7-1MasterCard Authentication Solutions for Chip ................................................................... 7-2Data Element List ............................................................................................................... 7-2
Profile 52: MasterCard Electronic with no offline CAM and signature—Full ChipIssuer ....................................................................................................................................... 7-5
Cardholder Verification ...................................................................................................... 7-5Application Usage Control ................................................................................................. 7-5
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 vii
Table of Contents
Application Interchange Profile ......................................................................................... 7-5Issuer Risk Management .................................................................................................... 7-5MasterCard Authentication Solutions for Chip ................................................................... 7-6Data Element List ............................................................................................................... 7-6
Profile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer...................... 7-9Cardholder Verification ...................................................................................................... 7-9Application Usage Control ................................................................................................. 7-9Application Interchange Profile ......................................................................................... 7-9Issuer Risk Management .................................................................................................. 7-10MasterCard Authentication Solutions for Chip ................................................................. 7-10Data Element List ............................................................................................................. 7-10
Chapter 8 Standard Profiles for Cirrus........................................................... 8-iProfile 81: Cirrus...................................................................................................................... 8-1
Cardholder Verification ...................................................................................................... 8-1Application Usage Control ................................................................................................. 8-1Application Interchange Profile ......................................................................................... 8-1Issuer Risk Management .................................................................................................... 8-1MasterCard Authentication Solutions for Chip ................................................................... 8-1Data Element List ............................................................................................................... 8-2
Appendix A Supplementary Data Elements Per Card Version .....................A-iCounter Limits and Previous Transaction.................................................................................A-1
Counters and Data Elements with a Fixed Initial Value...........................................................A-1
©2010 MasterCardviii 1 April 2011 • M/Chip Card Personalization Standard Profiles
Chapter 1 Using this DocumentThis chapter outlines the standardized sets of card personalization data that an issuer can usefor their M/Chip 4 cards to meet most common business requirements for contact payments, andchip authentication.
Purpose.......................................................................................................................................... 1-1
Related Information ................................................................................................................. 1-1
Audience........................................................................................................................................ 1-1
Benefits .......................................................................................................................................... 1-2
Support .......................................................................................................................................... 1-2
Overview of Standard Profiles ....................................................................................................... 1-2
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 1-i
Using this DocumentPurpose
PurposeThis document provides a set of standard card personalization profiles thatissuers can use to personalize M/Chip 4 cards.
The profiles cover requirements for:
• Contact interface
• MasterCard Authentication Solutions for Chip
The standard card personalization profiles presented in this document areoptional and designed to address common issuing requirements in each marketand region that is migrating to chip technology.
Issuers are recommended to contact their MasterCard regional office to checkon the standard profiles which are fine tuned to their specific country orregion’s market requirements. Profiles are not restricted to a specific region,although they are designed with the needs of a region in mind.
If a standard profile is not used, issuers must still respect the chip personalizationrequirements detailed in:
• MasterCard Authentication Solutions for Chip (MAS4C): PersonalizationProfiles For M/Chip 4 Using PLA Technology (AA4C) and CAP Technology(CAP)
• M/Chip Personalization Data Specifications and Profiles
Related Information
The following documents provide information related to the subjects discussedin this manual:
• M/Chip Processing Services—Service Description
• M/Chip Requirements
For definitions of key terms used in this document, please refer to theMasterCard Dictionary on the Member Publications home page (on MasterCardOnLine® and the MasterCard Electronic Library CD-ROM).
AudienceThis document is intended for use by issuers, personalization bureaus, andprocessors involved in the issuance and personalization of M/Chip 4 basedcards.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 1-1
Using this Document
Benefits
BenefitsBy using these standard card personalization profiles, issuers gain the followingbenefits:• Define parameters that are accurate for the specific market and product
proposition• Avoid or reduce the time (and implicit costs) needed to analyze MasterCard
documentation to determine what personalization parameters to use• Have off-the-shelf card personalization profiles with defined characteristics
that are compliant with the recommendations and the mandates expressedin MasterCard personalization requirements
• A reduction in the time and administration necessary to complete CardPersonalization Validation (CPV)
Issuers are able to perform their own analysis to determine their individualcard personalization parameters. However, in doing so, issuers must balancethe time, effort and costs of this analysis against the benefits that may beachieved by using the standard card personalization parameters provided inthis document.
MasterCard recommends using a Standard Profile wherever one is available tomeet an issuer’s business requirements.
SupportFor support and assistance with implementing the standard card profiles pre-sented in this document, please contact [email protected].
Overview of Standard Profiles *chg*
Standard Profiles are available for the following brands:• Cirrus®
• Maestro®
• MasterCard®/Debit MasterCard®
• MasterCard® Electronic™
Standard Profiles are available for the following regions:• Asia Pacific• Canada• Europe• Latin America, Caribbean• South Asia, Middle East, Africa
The Standard Profiles are designed to meet the usual business requirements forthe market. When using a Standard Profile, all values defined by the profilemust be used without alteration. Any changes made mean that the settings arenot consistent with the standard profile and a full CPV certification is required.
©2010 MasterCard1-2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Using this Document
Overview of Standard Profiles
The Standard Profiles are for use with the M/Chip 4 platform. Depending onthe standard card personalization profile used, the chip application will beM/Chip 4 Lite or M/Chip 4 Select.
These profiles are suitable for issuers subscribing to the M/Chip CryptogramPre-validation Service or to the Combined Service Option as defined in M/ChipProcessing Services—Service Description.
The Standard Profiles provide all the necessary personalization parametersexcept for those that are card specific (such as PAN) and a limited number thatare specific to the issuer and their situation, and must therefore be defined bythe issuer, such as country code, currency code, issuer keys and certificatesand offline limits.
All standard card personalization profiles use “semi-grade” or “mag stripe grade”card settings. The use of the semi-grade setting improves the card acceptance insome countries where the Issuer Authentication Data is sometimes not deliveredto the card after an online authorization. A transaction can be approved evenif an ARPC is not received but the offline risk control counters are not reset,ensuring the card does not approve subsequent transactions without properissuer control.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 1-3
Chapter 2 Principles and Issuer DecisionsThe following chapter defines card usage, types, and the requirements for using standard profiles.
Card Application ............................................................................................................................ 2-1
Card Functions............................................................................................................................... 2-1
Contact Payment...................................................................................................................... 2-1
MasterCard Authentication Solutions for Chip ......................................................................... 2-1
File Structures ................................................................................................................................ 2-3
Issuer Host Grade Processing ........................................................................................................ 2-3
Chip Host Grade...................................................................................................................... 2-3
Mag Stripe Host Grade............................................................................................................. 2-3
Card Authentication ....................................................................................................................... 2-4
Cardholder Verification .................................................................................................................. 2-4
Online Processing.......................................................................................................................... 2-5
Exclusively-Online Cards ......................................................................................................... 2-5
Online-Preferring Cards ........................................................................................................... 2-5
Debit MasterCard ........................................................................................................................... 2-5
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 2-i
Principles and Issuer DecisionsCard Application
Card ApplicationStandard Profiles are for use with cards using an M/Chip 4 application.
If the card supports a dynamic offline card authentication method (CAM), anM/Chip Select application must be used. If the card does not support dynamicoffline CAM, an M/Chip Lite, or an M/Chip Select application may be used.
M/Chip 4 version 1.1a or 1.1b may be used. Either version supports theMasterCard SKD method for the AC key derivation used in these profiles.
Standard profiles cannot be used with older versions of M/Chip, such asM/Chip 2.1.
Card Functions
Contact Payment
Standard Profiles are used with cards that support a single payment application.
Standard Profiles do not support cards with multiple payment applications,although the personalization values listed may be used on different applicationsand submitted to the CPV process. *chg*
A separate application for MasterCard Authentication Solutions for Chip may beused with a Standard Profile.
MasterCard Authentication Solutions for Chip *chg*
Standard profiles may be used with a separate MasterCard AuthenticationSolutions for Chip application.
The card may also be personalized to support MasterCard AuthenticationSolutions for Chip (MAS4C) as part of the payment application. MasterCardsuggests adding this personalization option to all cards even if the issuer has noshort term plans to implement MAS4C.
The Chip Authentication Program (CAP) is a cardholder authentication methodwhich builds upon the authentication capabilities provided by EMV. CAP usesan EMV chip card and a Personal Card Reader (PCR) to generate a CAP Token.
The Advanced Authentication for Chip (AA4C) further develops CAP. It is basedon the PLA specification and:
• Accommodates cards that do not support offline (plaintext) PIN verification1
• Generates a CAP Token using either numeric or alphanumeric characters
1. PCRs compliant with this new specification skip the requirement for PIN entry when the EMVcard does not indicate support for offline (plaintext) PIN in the CVM List. Successful offlinePIN Verification is required if the card supports offline (plaintext) PIN.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 2-1
Principles and Issuer Decisions
Card Functions
The personalization settings described in this document support both CAP andAA4C solutions depending on the capability of the Personal Card Reader. If theStandard Profile does not support offline plain text PIN, then AA4C PersonalCard Reader must be used.
Two additional data elements must be personalized when using StandardProfiles to support MAS4C as described in this document:
• Issuer Authentication Flags (tag “9F55”)
• Issuer Proprietary Bitmap (tag “9F56”)
Partial personalization (for example, IPB personalized on the card but no IAFpersonalized) is not accepted. Both data elements (IPB and IAF) must beretrievable using READ RECORD (AFL) only (No FCI Template).
A CAP token of a maximum of 8 characters (alphanumeric) or 12 digits(numeric) is produced by these settings, depending on the type of personalcard reader used with the card.
If an issuer decides to use a standard payment profile described in thisdocument without IAF and IPB and add a separate cardholder authenticationapplication (CAA), then the personalization of the CAA must comply with thepersonalization profiles defined to support MAS4C and approval will follow thenormal Card Personalization Verification procedure.
In order to validate a CAP Token, the issuer’s CAP Token Validation Service(CTVS) must be able to manage the Application Transaction Counter (ATC) andcompute the Application Cryptogram based on the data carried by the CAPToken and other values known to the CTVS (static or derived). It is part of thebasic security requirements to check the ATC values in order to counter replayattacks. Cross contamination between payment and authentication may bemitigated and controlled using a set of straightforward rules and checks. Tosupport mag stripe grade issuers and others wanting to implement MAS4C withlittle host system impact, MasterCard provides on behalf of CTVS.
©2010 MasterCard2-2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Principles and Issuer Decisions
File Structures
File StructuresIssuers are free to develop their own file structures on their chip cards forcontact payments, but it must not conflict with the PayPass requirements if thecard supports a dual interface.
Issuer Host Grade Processing
Chip Host Grade
With Chip Host Grade, the issuer host system is able to receive chip data,validate the ARQC cryptogram, analyze the TVR and CVR, and use theinformation to influence the authorization decision. An ARPC is generated withthe authorization response.
If the issuer has Chip Host Grade, the card will be configured as “semi-grade.”This means that, in order to improve acceptance where there may be issuesin the acquirer infrastructure, this profile will approve transactions approvedonline even if no ARPC is provided to the card. To ensure a high level of riskcontrol, offline counters are not reset unless the card receives a valid ARPC.
Issuers that subscribe to the M/Chip Cryptogram Pre-validation Service or tothe Combined Service Option as defined in M/Chip Processing Services—ServiceDescription are considered as operating in Chip Host Grade.
Mag Stripe Host Grade
With Mag Stripe Host Grade, the issuer host system is not able to generate anARPC with the authorization response.
The issuer may or may not be able to interpret the TVR and CVR received withthe authorization message and influence the authorization response accordingly.This capability will influence several settings on the card and is therefore usedto help define mag-stripe grade profiles.
If the issuer has Mag Stripe Host Grade, the card will be configured as“mag-stripe grade.” In this profile the card will approve transactions approvedonline with no ARPC and the offline counters on the card are reset. Usingmag-stripe grade introduces extra risk for the issuer as a stolen card can havethe offline counters reset by a fraudster without any cryptographic control.
Issuers that subscribe to the M/Chip Conversion Service as defined in M/ChipProcessing Services—Service Description are considered as operating inMag-Stripe Host Grade.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 2-3
Principles and Issuer Decisions
Card Authentication
Card AuthenticationProfiles support:
• SDA—where simple static data authentication is acceptable to the issuerfor offline transactions
• DDA—where dynamic data authentication is required by the issuer foroffline transactions
• SDA and DDA on the same card—is not supported in these profiles
• CDA—where dynamic data authentication is required by the issuer foroffline transactions using the Combined Data Authentication that links theauthentication to the card transaction decision. DDA is also supportedwhen the card supports CDA as CDA support is not currently mandated onterminals. SDA is not supported in these profiles
• No offline CAM—where the card is an online only card
CDA profiles should only be used in markets where the local terminalinfrastructure supports all currently valid MasterCard public keys.
If the card supports dynamic offline CAM methods, an M/Chip Select applicationmust be used. If the card does not support dynamic offline CAM, an M/ChipLite application may be used. *chg*
Issuers must follow the requirements in the M/Chip Requirements to ensure anappropriate CAM is used for the product and region in which the card is issued.
Cardholder VerificationAll Standard Profiles support online PIN for ATMs. Every profile has “onlinePIN if unattended cash” or “online PIN if the terminal supports” as the firstentry in the CVM list.
Offline PIN must be supported for Maestro and may be supported forMasterCard and MasterCard Electronic.
If the card supports offline PIN, then:
• Offline—plain text PIN is used on SDA cards and cards that do not supportan offline CAM
• Offline—enciphered PIN and offline, plain text PIN (in that order) are usedon DDA capable cards
The offline enciphered PIN uses the DDA key
For MasterCard and MasterCard Electronic, online PIN may be preferred tosignature at the POS.
If offline PIN fails or PIN entry is not possible for online PIN, the transactionmay be declined offline or may result in an online authorization. Where theissuer has a mag-stripe grade host and is not able to interpret the TVR/CVR andoffline PIN is used, these transactions should be declined offline.
©2010 MasterCard2-4 1 April 2011 • M/Chip Card Personalization Standard Profiles
Principles and Issuer DecisionsOnline Processing
Online Processing
Exclusively-Online Cards
An exclusively-online card never approves a transaction offline. If onlineauthorization is not available, the card declines offline. *chg*
Cirrus and MasterCard Electronic® cards must be personalized to be exclusivelyonline. Maestro® cards and certain MasterCard card programs may beexclusively online. Refer to the M/Chip Requirements manual.
Unless the card also supports encrypted offline PIN, or the issuer operateswith a mag-stripe grade host, an exclusively-online card should not supportoffline CAM.
If the card does support encrypted offline PIN, or the issuer host is mag-stripegrade, the card is made exclusively online by the CIAC settings. Issuers arerecommended to use DDA cards in this situation.
Exclusively online cards should be personalized with their upper offline limitsset to zero.
Online-Preferring Cards *chg*
Online-preferring cards always request an online authorization, but may accepttransactions offline in certain situations (that is, when an online connection isnot available). Maestro and MasterCard cards may be online-preferring.
Cards that normally work online should be personalized with their lower offlinelimits set to zero. The card may also be personalized as online-preferring bythe CIAC settings. Using the lower offline limits makes it easier to changethe status of the card post issuance. *chg*
MasterCard cards, unless Unembossed MasterCard or part of a prepaid program,should be able to authorize a controlled amount of transactions at offlineterminals and should not be personalized to routinely decline all offlinetransactions.
Debit MasterCardIf the MasterCard Standard Profiles are used for Debit MasterCard, the settingsdefined in this book will change as follows:
• The Application Label (tag 50) should be “Debit MasterCard.”
• The Application Usage Control (tag 9F07) should be “FFC0” to allow forcash back.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 2-5
Chapter 3 Selecting a ProfileMembers should check with their MasterCard Regional Office to confirm which Standard Profiles areappropriate for their market.
The tables in this chapter indicate which profiles are available in each region and the decision criteriafor identifying which profile is appropriate to the issuer’s needs.
Asia Pacific Region......................................................................................................................... 3-1
Canada Region............................................................................................................................... 3-2
Europe Region ............................................................................................................................... 3-3
Latin America and the Caribbean Region....................................................................................... 3-4
South Asia/Middle East/Africa Region ........................................................................................... 3-5
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 3-i
Selecting a Profile
Asia Pacific Region
Asia Pacific Region *chg*
Ten Standard Profiles have been defined for different business requirements inthe Asia Pacific region for the MasterCard product.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 3-1
Selecting a Profile
Canada Region
Canada Region *chg*
Seven Standard Profiles have been defined for different business requirementsin the Canada region for the MasterCard product.
©2010 MasterCard3-2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Selecting a ProfileEurope Region
Europe Region *chg*
Thirteen Standard Profiles have been defined for different business requirementsin the Europe region.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 3-3
Selecting a Profile
Latin America and the Caribbean Region
Latin America and the Caribbean Region *chg*
Fourteen Standard Profiles have been defined for different businessrequirements in the Latin America and the Caribbean region.
©2010 MasterCard3-4 1 April 2011 • M/Chip Card Personalization Standard Profiles
Selecting a Profile
South Asia/Middle East/Africa Region
South Asia/Middle East/Africa Region *chg*
Ten Standard Profiles have been defined for different business requirements inthe South Asia/Middle East/Africa region.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 3-5
Chapter 4 Issuer-Defined Data ElementsThe following data elements are defined by the issuer and are not fixed per the Standard Profile.
Issuer-Defined Data Elements........................................................................................................ 4-1
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 4-i
Issuer-Defined Data ElementsIssuer-Defined Data Elements
Issuer-Defined Data ElementsData elements marked with an asterisk (*) are optional. *chg*
Data Element Name Tag Value *chg*
AC Master Key (MKAC) N/A Determined by issuer
Application Currency Code*1 9F42 Determined by issuer
Application Currency Exponent *1 9F44 Determined by issuer
Application Effective Date* 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application File Locator 94 Determined by issuer
Application Life Cycle Data 9F7E Determined by issuer
Application Preferred Name* 9F12 Determined by issuer.
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number2
5F34 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer. Normally‘0001’ for a card supporting just oneapplication.
Cardholder Name3 5F20
Cardholder Name Extended* 9F0B Determined by issuer
CRM Country Code C8 Same value as Issuer Country Codetag 5F28
Must not be ‘0000’
CRM Currency Code *chg*C9 *chg*Same value as Application Currency *chg*Code tag 9F42 (if present)
1. Mandatory for Standard Profile 31.
2. Use of the Application PAN Sequence Number is mandatory as it is used by the M/Chip 4application in the AC key derivation.
3. The Cardholder Name must not be present on the contactless interface.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 4-1
Issuer-Defined Data ElementsIssuer-Defined Data Elements
Data Element Name Tag Value *chg*
Currency Conversion Table *chg*D1 *chg*Determined by the issuer (in case *chg*that one or several entries are notused, please set these entries withCRM Currency Code).
FCI Issuer Discretionary Data*4 *chg*BF0C *chg*9F 4D020Bxx (xx is the number of *chg*records for log file).
Issuer Country Code 5F28 Country code of the bank issuingthe card
Issuer Code Table* *chg*9F11 *chg*Supports the character set of the *chg*Application Preferred Name.
Must be present if ApplicationPreferred Name (tag 9F12) ispresent.
Key Derivation Index N/A Determined by issuer
Language Preference* 5F2D Determined by issuer
Log Entry (in the FCI)* 4 *chg*9F4D *chg*Byte 1: Lower bits contain the SFI *chg*of the cyclic transaction log file(11). Byte 2: Maximum number ofrecords in the transaction log file.
Lower Consecutive Offline Limit5 9F14 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount6
CA Determined by issuer *chg*
Reference (Offline) PIN*7 N/A Determined by issuer
SM for Confidentiality Master Key(MKSMC)*
N/A Determined by issuer
SM for Integrity Master Key (MKSMI)* N/A Determined by issuer
Track 1 Discretionary Data* 9F1F Determined by issuer
Track 2 Discretionary Data* 9F20 Determined by issuer
4. If either FCI Issuer Discrtionary Data (BF0C) or Log Entry (9F4D) is present then the othermust also be present.
5. An online preferring card may set the LCOL to zero
6. An online preferring card may set the LCOTA to zero.
7. Only required if card supports offline PIN
©2010 MasterCard4-2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Issuer-Defined Data ElementsIssuer-Defined Data Elements
Data Element Name Tag Value *chg*
Track 2 Equivalent Data 57 Determined by issuer
Upper Consecutive Offline Limit8 9F23 Determined by issuer
Upper Cumulative Offline TransactionAmount9
CB Determined by issuer
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
8. The UCOL may only be set to zero for certain MasterCard card programs.
9. The UCOTA may only be set to zero for certain MasterCard card programs.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 4-3
Chapter 5 Standard Profiles for MaestroThis chapter details the Standard Profiles that are available to an issuer for use with the Maestroproduct.
Profile 01: Maestro with SDA—Full Chip Issuer ............................................................................ 5-1
Cardholder Verification ............................................................................................................ 5-1
Application Usage Control ....................................................................................................... 5-1
Application Interchange Profile ............................................................................................... 5-1
Issuer Risk Management .......................................................................................................... 5-1
MasterCard Authentication Solutions for Chip ......................................................................... 5-3
Data Element List ..................................................................................................................... 5-3
Profile 02: Maestro with DDA—Full Chip Issuer ........................................................................... 5-6
Cardholder Verification ............................................................................................................ 5-7
Application Usage Control ....................................................................................................... 5-7
Application Interchange Profile ............................................................................................... 5-7
Issuer Risk Management .......................................................................................................... 5-7
MasterCard Authentication Solutions for Chip ......................................................................... 5-9
Data Element List ..................................................................................................................... 5-9
Profile 03: Maestro with CDA and DDA—Full Chip Issuer.......................................................... 5-13
Cardholder Verification .......................................................................................................... 5-13
Application Usage Control ..................................................................................................... 5-13
Application Interchange Profile ............................................................................................. 5-13
Issuer Risk Management ........................................................................................................ 5-13
MasterCard Authentication Solutions for Chip ....................................................................... 5-15
Data Element List ................................................................................................................... 5-15
Profile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpretTVR/CVR...................................................................................................................................... 5-18
Cardholder Verification .......................................................................................................... 5-19
Application Usage Control ..................................................................................................... 5-19
Application Interchange Profile ............................................................................................. 5-19
Issuer Risk Management ........................................................................................................ 5-19
MasterCard Authentication Solutions for Chip ....................................................................... 5-20
Data Element List ................................................................................................................... 5-20
Profile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpretTVR/CVR...................................................................................................................................... 5-23
Cardholder Verification .......................................................................................................... 5-23
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-i
Standard Profiles for Maestro
Application Usage Control ..................................................................................................... 5-24
Application Interchange Profile ............................................................................................. 5-24
Issuer Risk Management ........................................................................................................ 5-24
MasterCard Authentication Solutions for Chip ....................................................................... 5-24
Data Element List ................................................................................................................... 5-25
Profile 06: Maestro online only with no offline CAM .................................................................. 5-28
Cardholder Verification .......................................................................................................... 5-28
Application Usage Control ..................................................................................................... 5-28
Application Interchange Profile ............................................................................................. 5-28
Issuer Risk Management ........................................................................................................ 5-29
MasterCard Authentication Solutions for Chip ....................................................................... 5-29
Data Element List ................................................................................................................... 5-29
©2010 MasterCard5-ii 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
Profile 01: Maestro with SDA—Full Chip IssuerThis Standard Profile is for the issuer of Maestro cards supporting SDA in aFull Chip grade host processing environment or the issuer is using one of theappropriate MasterCard on-behalf services.
The card supports offline PIN (plain text) which is preferred to online PIN atthe POS. The card will always use online PIN at ATMs. Signature and No CVMare not supported. If offline PIN fails or if PIN entry is bypassed or not possible,the card will try to go online and decline the transaction if this is not possible.
The card may operate offline and Lower and Upper Limit parameters areused in risk management to decide whether to accept the transaction offlineor to request an online authorization. The card may be configured as onlinepreferring.
NOTE
This profile will normally be implemented on M/Chip 4 Lite. This profile may be implementedon M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions) or Manual
Cash (cash advance)*• Offline plain text PIN*, if the terminal is able to perform it• Online PIN* for other cases (such as any terminal does not support offline
PIN)* If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-1
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification is unsuccessful, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working, then the transaction must go online. If it isnot possible to go online, then the transaction is rejected.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
©2010 MasterCard5-2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Table 5.1—Data Element List
Data Element Name Tag Mandatory Value
AC Master Key (MKAC) Determined by issuer
Application Control D5 84 00
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application File Locator 94 Determined by issuer
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Application Interchange Profile 82 58 00
Application Label 50 Maestro or MAESTRO *chg*
Application Life Cycle Data 9F7E Determined by issuer
Application Preferred Name 9F12 Presence and value determined by issuer
Application Primary AccountNumber
5A Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-3
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
Bits 4–1: priority of the application-determined by issuer
Application Usage Control 9F07 FFC0
Application Version Number 9F08 00 02
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Default C4 39 50 00
Card Issuer Action Code—Online C5 39 FB 00
3F FB 00 may be used to make the card“online preferring”
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
CRM Country Code C8 Same value as Issuer Country Code tag5F28
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
CVM List 8E 00000000 00000000 4201 0204 0103 0200
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
©2010 MasterCard5-4 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 01: Maestro with SDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Dedicated File Name 84 A0000000043060
Default ARPC Response Code D6 0010
FCI Issuer Discretionary Data BF0C Determined by issuer *chg*
Issuer Action Code—Default 9F0D F0 50 BC 80 00
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 BC 98 00
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Issuer Country Code 5F28 Country code of the bank issuing the card
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00
Key Derivation Index Determined by issuer
Language Preference 5F2D Determined by issuer
Log Entry (in the FCI) 9F4D Determined by issuer
Lower Consecutive Offline Limit 9F14 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
PIN Try Counter 9F17 03 or greater
PIN Try Limit N/A 03 or greater
Reference (Offline) PIN N/A Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-5
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
Static Data Authentication Tag List 9F4A 82
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 02: Maestro with DDA—Full Chip IssuerThis Standard Profile is for the issuer of Maestro cards supporting DDA in aFull Chip grade host processing environment or the issuer uses one of theappropriate MasterCard on-behalf services.
©2010 MasterCard5-6 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
The card supports offline PIN (enciphered or plain text) which is preferred toonline PIN at the POS. The card will always use online PIN at ATMs. Signatureand No CVM are not supported. If offline PIN fails or if PIN entry is bypassedor not possible, the card will try to go online and decline the transactionif this is not possible.
The card may operate offline and Lower and Upper Limit parameters areused in risk management to decide whether to accept the transaction offlineor to request an online authorization. The card may be configured as onlinepreferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions) or Manual
Cash (cash advance)*• Offline enciphered or plain text PIN*, if the terminal is able to perform it• Online PIN* for other cases (such as any terminal does not support offline
PIN)* If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-7
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
• If ICC Data is missing, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card appears on an exception file, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working, then the transaction must go online. If it isnot possible to go online, then the transaction is rejected.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
©2010 MasterCard5-8 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
AC Master Key (MKAC) Determined by issuer
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application File Locator 94 Determined by issuer
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Application Interchange Profile 82 38 00
Application Label 50 Maestro or MAESTRO *chg*
Application Life Cycle Data 9F7E Determined by issuer
Application Preferred Name 9F12 Presence and value determined byissuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application Usage Control 9F07 FFC0
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-9
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Application Version Number 9F08 00 02
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Default C4 39 50 00
Card Issuer Action Code—Online C5 39 FB 00
3F FB 00 may be used to make the card“online preferring”
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
CDOL 1 Related Data Length C7 2B
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
CRM Country Code C8 Same value as Issuer Country Code tag5F28
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
CVM List 8E 00000000 00000000 4201 0204 44030103 0200
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
DDOL 9F49 9F3704
Dedicated File Name 84 A0000000043060
Default ARPC Response Code D6 0010
FCI Issuer Discretionary Data BF0C Determined by issuer
©2010 MasterCard5-10 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48 Determined by issuer/personalizationsystem
Issuer Action Code—Default 9F0D B8 50 BC 80 00
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 BC 98 00
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Issuer Country Code 5F28 Country code of the bank issuing thecard
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-11
Standard Profiles for MaestroProfile 02: Maestro with DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Key Derivation Index Determined by issuer
Language Preference 5F2D Determined by issuer
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Lower Consecutive Offline Limit 9F14 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
PIN Try Counter 9F17 03 or greater
PIN Try Limit N/A 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
Static Data Authentication Tag List 9F4A 82
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard5-12 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
Profile 03: Maestro with CDA and DDA—Full Chip IssuerThis Standard Profile is for the issuer of Maestro cards supporting CDA andDDA in a Full Chip grade host processing environment or the issuer uses oneof the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered or plain text) which is preferred toonline PIN at the POS. The card will always use online PIN at ATMs. Signatureand No CVM are not supported. If offline PIN fails or if PIN entry is bypassedor not possible, the card will try to go online and decline the transactionif this is not possible.
The card may operate offline and Lower and Upper Limit parameters areused in risk management to decide whether to accept the transaction offlineor to request an online authorization. The card may be configured as onlinepreferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions) or Manual
Cash (cash advance)*• Offline enciphered or plain text PIN*, if the terminal is able to perform it• Online PIN* for other cases (such as any terminal does not support offline
PIN)* If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• CDA and DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-13
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If CDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working, then the transaction must go online. If it isnot possible to go online, then the transaction is rejected.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
©2010 MasterCard5-14 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. The cardmay alternatively request that the transaction go online. If it is not possibleto go online, then the transaction is accepted offline. It is more flexible tomake the card “on-line preferring”, if required, by setting the LCOL andLCOA to zero, as this can be updated in the future by a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing the card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application may beselected without confirmation of cardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-15
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag 84
©2010 MasterCard5-16 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 03: Maestro with CDA and DDA—Full Chip Issuer
Data Element Name Tag Mandatory Value
Dedicated File Name 84 A0000000043060
Application Label 50 Maestro or MAESTRO *chg*
Application Preferred Name 9F12 Presence and value determined by issuer
Issuer Code Table Index 9F11 Supports the character set of the ApplicationPreferred Name
Application Usage Control 9F07 FFC0
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
CRM Currency Code C9 Same value as Application Currency Codetag 9F42
Currency Conversion table D1 Determined by issuer (in case that one orseveral entries are not used, please set theseentry(ies) with CRM Currency Code)
CRM Country Code C8 Same value as Issuer Country Code tag 5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F BC 70 BC 98 00
Issuer Action Code—Default 9F0D BC 50 BC 80 00
CVM List 8E 00000000 00000000 4201 0204 4403 01030200
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-17
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
Data Element Name Tag Mandatory Value
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 39 FB 00
3F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 39 50 00
Application Interchange Profile 82 39 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 029A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 00 0000 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 04: Maestro with SDA—Mag Stripe Grade Issuerwhere issuer can interpret TVR/CVR
This Standard Profile is for the issuer of Maestro cards supporting SDA in a MagStripe grade host processing environment. However, the issuer can interpret theTVR and CVR received in authorization messages and take action accordingly.
The card supports offline PIN (plain text) but online PIN is always preferred.The card will always use online PIN at ATMs. Signature and No CVM are notsupported. If offline PIN fails or if PIN entry is bypassed or not possible, thecard will try to go online and decline the transaction if this is not possible.
The card may not operate offline and will decline transactions that are notapproved online.
©2010 MasterCard5-18 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if the terminal is able to perform it
• Offline plain text PIN*, if the terminal is able to perform it
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back. The issuer may choose not to support domesticCash Back on the card.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:
• SDA
• Terminal Risk Management
• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
The card is configured as “online only” and will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an international transaction, then the transaction mustgo online. If it is not possible to go online, then the transaction is rejected.
• If the transaction is a domestic transaction, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is “unable to go online” the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-19
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing the card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
©2010 MasterCard5-20 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
Data Element Name Tag Mandatory Value
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag 84
Dedicated File Name 84 A0000000043060
Application Label 50 Maestro or MAESTRO *chg*
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FFC0
(FF 40 may alternatively be used ifdomestic Cash Back is not supported)
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-21
Standard Profiles for MaestroProfile 04: Maestro with SDA—Mag Stripe Grade Issuer where issuer can interpret TVR/CVR
Data Element Name Tag Mandatory Value
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
CRM Currency Code C9 Same value as Application Currency Codetag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, please setthese entry(ies) with CRM Currency Code)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 BC 98 00
Issuer Action Code—Default 9F0D F0 50 BC 88 00
CVM List 8E 00000000 00000000 4203 0103
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 3F FB 00
Card Issuer Action Code—Default C4 7F 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
©2010 MasterCard5-22 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 05: Maestro with SDA—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR
This Standard Profile is for the issuer of Maestro cards supporting SDA in a MagStripe grade host processing environment. The issuer cannot interpret the TVRand CVR received in authorization messages. The issuer will decline offlinetransactions where offline PIN errors occur.
The card supports offline PIN (plain text) but online PIN is always preferred.The card will always use online PIN at ATMs. Signature and No CVM are notsupported. If offline PIN fails or if PIN entry is bypassed or not possible, thetransaction will be declined.
The card may not operate offline and will decline transactions that are notapproved online.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN*, if the terminal is able to perform it
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-23
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
• Offline plain text PIN*, if the terminal is able to perform it
* If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international use, for example: Goods,Services, Cash, and Cash Back.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:
• SDA
• Terminal Risk Management
• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via Issuer Action codes (IAC)and by the card via Card Issuer Action Codes during each transaction.
The card is configured as “online only” and will never approve an offlinetransaction.
The settings for risk management are:
• If the cardholder verification fails, then the transaction the transaction isrejected offline.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), then thetransaction the transaction is rejected offline.
• If the PIN is bypassed, then the transaction is rejected offline.
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction is rejected offline.
• If the transaction is an international transaction, then the transaction mustgo online. If it is not possible to go online, then the transaction is rejected.
• If the transaction is a domestic transaction, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is “unable to go online” the transaction is rejected.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party(for example, MasterCard On–behalf Service).
©2010 MasterCard5-24 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-25
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
Data Element Name Tag Mandatory Value
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000043060
Application Label 50 MAESTRO or Maestro *chg*
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FFC0
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
©2010 MasterCard5-26 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 05: Maestro with SDA—Mag Stripe Grade Issuer where issuer cannot interpret TVR/CVR
Data Element Name Tag Mandatory Value
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 A8 00 00
Issuer Action Code—Online 9F0F F0 70 14 98 00
Issuer Action Code—Default 9F0D F0 50 14 88 00
CVM List 8E 00000000 00000000 0203 0103
Card Issuer Action Code—Decline C3 19 00 00
Card Issuer Action Code—Online C5 26 FB 00
Card Issuer Action Code—Default C4 66 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-27
Standard Profiles for MaestroProfile 06: Maestro online only with no offline CAM
Data Element Name Tag Mandatory Value
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version. *chg*
Profile 06: Maestro online only with no offline CAMThis Standard Profile is for the issuer of online only Maestro cards.
The card supports offline PIN (plain text) which is preferred to online PIN at thePOS. The card will always use online PIN at ATMs. Signature and No CVM arenot supported. If offline PIN fails or if PIN Entry is bypassed or not possible,the card will try to go online and decline the transaction if this is not possible.
The card may not operate offline and offline CAM is not supported.
This profile may be implemented on M/Chip 4 Lite or on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method List is:• Online PIN, if transaction is Unattended Cash (ATM transactions) or Manual
Cash (cash advance).• Offline plain text PIN*, if the terminal is able to process this method.• Online PIN* for other cases such as any Terminal does not support offline
PIN.*If these CVM are not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any Domestic and International usage (Good, Services,Cash, Cash Back).
The card can be used at ATM, POS and any other devices.
Application Interchange Profile
Functions that the card requests to be done are:• Terminal Risk Management• Cardholder Verification
©2010 MasterCard5-28 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 06: Maestro online only with no offline CAM
Issuer Risk Management
Risk management may be performed by the Terminal via the Issuer Actioncodes (IAC) and by the Card via the Card Issuer Action Codes (CIAC) duringeach transaction.
The card is configured as online only so will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an International Transaction, then the transaction mustgo online. If it is not possible to go online then the transaction is rejected.
• If the transaction is a Domestic Transaction, then the transaction must goonline. If it is not possible to go online then the transaction is rejected.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing the card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-29
Standard Profiles for MaestroProfile 06: Maestro online only with no offline CAM
Data Element Name Tag Mandatory Value
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F N/A
Issuer Public Key Certificate 90 N/A
Issuer Public Key Remainder 92 N/A
Issuer Public Key Exponent 9F32 N/A
Static Data Authentication Tag List 9F4A N/A
Signed Static Application Data 93 N/A
Application Identifier if cardsupports a PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000043060
Application Label 50 Maestro or MAESTRO *chg*
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FFC0
Log Entry (in the FCI) 9F4D Determined by issuer
Default ARPC Response Code D6 10
Lower Consecutive Offline Limit 9F14 00
Upper Consecutive Offline Limit 9F23 00
Lower Cumulative OfflineTransaction Amount
CA 00000000000
Upper Cumulative OfflineTransaction Amount
CB 00000000000
CRM Currency Code C9 Same value as Application Currency Codetag 9F42
©2010 MasterCard5-30 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MaestroProfile 06: Maestro online only with no offline CAM
Data Element Name Tag Mandatory Value
Currency Conversion Table D1 Determined by issuer (in case that one orseveral entries are not used, please setthese entry with CRM Currency Code)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key(MKSMI)
Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B0 70 BC 98 00
Issuer Action Code—Default 9F0D B0 50 BC 88 00
CVM List 8E 00000000 00000000 4201 0204 0103 0200
Card Issuer Action Code – Decline C3 00 00 00
Card Issuer Action Code – Online C5 3F FB 00
Card Issuer Action Code – Default C4 7F 50 00
Application Interchange Profile 82 18 00
M/Chip Lite: 23CDOL 1 Related Data Length C7
M/Chip Select: 2B
Application Control D5 84 00
M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
CDOL 1 8C
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
M/Chip Lite: 91 0A 8A 02 95 05CDOL 2 8D
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 5-31
Standard Profiles for MaestroProfile 06: Maestro online only with no offline CAM
Data Element Name Tag Mandatory Value
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap(If cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version
©2010 MasterCard5-32 1 April 2011 • M/Chip Card Personalization Standard Profiles
Chapter 6 Standard Profiles for MasterCard/DebitMasterCard
This chapter details the Standard Profiles that are available to an issuer for use with theMasterCard/Debit MasterCard® product.
Profile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1) ........... 6-1
Cardholder Verification ............................................................................................................ 6-1
Application Usage Control ....................................................................................................... 6-1
Application Interchange Profile ............................................................................................... 6-2
Issuer Risk Management .......................................................................................................... 6-2
MasterCard Authentication Solutions for Chip ......................................................................... 6-3
Data Element List ..................................................................................................................... 6-3
Profile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2) ........... 6-7
Cardholder Verification ............................................................................................................ 6-7
Application Usage Control ....................................................................................................... 6-7
Application Interchange Profile ............................................................................................... 6-8
Issuer Risk Management .......................................................................................................... 6-8
MasterCard Authentication Solutions for Chip ....................................................................... 6-10
Data Element List ................................................................................................................... 6-10
Profile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)........... 6-13
Cardholder Verification .......................................................................................................... 6-14
Application Usage Control ..................................................................................................... 6-14
Application Interchange Profile ............................................................................................. 6-14
Issuer Risk Management ........................................................................................................ 6-14
MasterCard Authentication Solutions for Chip ....................................................................... 6-15
Data Element List ................................................................................................................... 6-16
Profile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)............ 6-19
Overview ............................................................................................................................... 6-19
Cardholder Verification .......................................................................................................... 6-20
Application Usage Control ..................................................................................................... 6-20
Application Interchange Profile ............................................................................................. 6-20
Issuer Risk Management ........................................................................................................ 6-20
MasterCard Authentication Solutions for Chip ....................................................................... 6-21
Data Element List ................................................................................................................... 6-21
Profile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)............ 6-25
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-i
Standard Profiles for MasterCard/Debit MasterCard
Cardholder Verification .......................................................................................................... 6-25
Application Usage Control ..................................................................................................... 6-26
Application Interchange Profile ............................................................................................. 6-26
Issuer Risk Management ........................................................................................................ 6-26
MasterCard Authentication Solutions for Chip ....................................................................... 6-27
Data Element List ................................................................................................................... 6-27
Profile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(1) ................................................................................................................................................ 6-31
Overview ............................................................................................................................... 6-31
Cardholder Verification .......................................................................................................... 6-32
Application Usage Control ..................................................................................................... 6-32
Application Interchange Profile ............................................................................................. 6-32
Issuer Risk Management ........................................................................................................ 6-32
MasterCard Authentication Solutions for Chip ....................................................................... 6-33
Data Element List ................................................................................................................... 6-34
Profile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(2) ................................................................................................................................................ 6-37
Cardholder Verification .......................................................................................................... 6-38
Application Usage Control ..................................................................................................... 6-38
Application Interchange Profile ............................................................................................. 6-38
Issuer Risk Management ........................................................................................................ 6-38
MasterCard Authentication Solutions for Chip ....................................................................... 6-40
Data Element List ................................................................................................................... 6-40
Profile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer(3) ................................................................................................................................................ 6-43
Cardholder Verification .......................................................................................................... 6-44
Application Usage Control ..................................................................................................... 6-44
Application Interchange Profile ............................................................................................. 6-44
Issuer Risk Management ........................................................................................................ 6-44
MasterCard Authentication Solutions for Chip ....................................................................... 6-46
Data Element List ................................................................................................................... 6-46
Profile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)........... 6-49
Cardholder Verification .......................................................................................................... 6-50
Application Usage Control ..................................................................................................... 6-50
Application Interchange Profile ............................................................................................. 6-50
Issuer Risk Management ........................................................................................................ 6-50
MasterCard Authentication Solutions for Chip ....................................................................... 6-51
©2010 MasterCard6-ii 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCard
Data Element List ................................................................................................................... 6-52
Profile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)........... 6-55
Cardholder Verification .......................................................................................................... 6-56
Application Usage Control ..................................................................................................... 6-56
Application Interchange Profile ............................................................................................. 6-56
Issuer Risk Management ........................................................................................................ 6-56
MasterCard Authentication Solutions for Chip ....................................................................... 6-57
Data Element List ................................................................................................................... 6-57
Profile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer(1) ................................................................................................................................................ 6-61
Cardholder Verification .......................................................................................................... 6-61
Application Usage Control ..................................................................................................... 6-62
Application Interchange Profile ............................................................................................. 6-62
Issuer Risk Management ........................................................................................................ 6-62
MasterCard Authentication Solutions for Chip ....................................................................... 6-63
Data Element List ................................................................................................................... 6-64
Profile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer(2) ................................................................................................................................................ 6-67
Overview ............................................................................................................................... 6-67
Cardholder Verification .......................................................................................................... 6-68
Application Usage Control ..................................................................................................... 6-68
Application Interchange Profile ............................................................................................. 6-68
Issuer Risk Management ........................................................................................................ 6-68
MasterCard Authentication Solutions for Chip ....................................................................... 6-69
Data Element List ................................................................................................................... 6-69
Profile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer can interpret TVR/CVR ........................................................................................... 6-73
Cardholder Verification .......................................................................................................... 6-74
Application Usage Control ..................................................................................................... 6-74
Application Interchange Profile ............................................................................................. 6-74
Issuer Risk Management ........................................................................................................ 6-74
MasterCard Authentication Solutions for Chip ....................................................................... 6-75
Data Element List ................................................................................................................... 6-76
Profile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (1) ................................................................................ 6-79
Cardholder Verification .......................................................................................................... 6-79
Application Usage Control ..................................................................................................... 6-80
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-iii
Standard Profiles for MasterCard/Debit MasterCard
Application Interchange Profile ............................................................................................. 6-80
Issuer Risk Management ........................................................................................................ 6-80
MasterCard Authentication Solutions for Chip ....................................................................... 6-81
Data Element List ................................................................................................................... 6-81
Profile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (2) ................................................................................ 6-85
Cardholder Verification .......................................................................................................... 6-86
Application Usage Control ..................................................................................................... 6-86
Application Interchange Profile ............................................................................................. 6-86
Issuer Risk Management ........................................................................................................ 6-86
MasterCard Authentication Solutions for Chip ....................................................................... 6-87
Data Element List ................................................................................................................... 6-88
Profile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (3) ................................................................................ 6-91
Cardholder Verification .......................................................................................................... 6-92
Application Usage Control ..................................................................................................... 6-92
Application Interchange Profile ............................................................................................. 6-92
Issuer Risk Management ........................................................................................................ 6-92
MasterCard Authentication Solutions for Chip ....................................................................... 6-93
Data Element List ................................................................................................................... 6-94
Profile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (4) ................................................................................ 6-97
Cardholder Verification .......................................................................................................... 6-97
Application Usage Control ..................................................................................................... 6-98
Application Interchange Profile ............................................................................................. 6-98
Issuer Risk Management ........................................................................................................ 6-98
MasterCard Authentication Solutions for Chip ....................................................................... 6-99
Data Element List ................................................................................................................... 6-99
Profile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (1) ...............................................................................6-103
Cardholder Verification .........................................................................................................6-103
Application Usage Control ....................................................................................................6-104
Application Interchange Profile ............................................................................................6-104
Issuer Risk Management .......................................................................................................6-104
MasterCard Authentication Solutions for Chip ......................................................................6-105
Data Element List ..................................................................................................................6-106
©2010 MasterCard6-iv 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCard
Profile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuerwhere issuer cannot interpret TVR/CVR (2) ...............................................................................6-109
Cardholder Verification .........................................................................................................6-109
Application Usage Control ....................................................................................................6-110
Application Interchange Profile ............................................................................................6-110
Issuer Risk Management .......................................................................................................6-110
MasterCard Authentication Solutions for Chip ......................................................................6-111
Data Element List ..................................................................................................................6-111
Profile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer(3) ...............................................................................................................................................6-115
Cardholder Verification .........................................................................................................6-115
Application Usage Control ....................................................................................................6-116
Application Interchange Profile ............................................................................................6-116
Issuer Risk Management .......................................................................................................6-116
MasterCard Authentication Solutions for Chip ......................................................................6-117
Data Element List ..................................................................................................................6-118
Profile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer(4) ...............................................................................................................................................6-121
Cardholder Verification .........................................................................................................6-122
Application Usage Control ....................................................................................................6-122
Application Interchange Profile ............................................................................................6-122
Issuer Risk Management .......................................................................................................6-122
MasterCard Authentication Solutions for Chip ......................................................................6-124
Data Element List ..................................................................................................................6-125
Profile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3) ...........6-128
Cardholder Verification .........................................................................................................6-129
Application Usage Control ....................................................................................................6-129
Application Interchange Profile ............................................................................................6-129
Issuer Risk Management .......................................................................................................6-129
MasterCard Authentication Solutions for Chip ......................................................................6-130
Data Element List ..................................................................................................................6-131
Profile 33: MasterCard/Debit MasterCard online only with no offline CAM – offline PIN ...........6-134
Cardholder Verification .........................................................................................................6-134
Application Usage Control ....................................................................................................6-135
Application Interchange Profile ............................................................................................6-135
Issuer Risk Management .......................................................................................................6-135
MasterCard Authentication Solutions for Chip ......................................................................6-135
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-v
Standard Profiles for MasterCard/Debit MasterCard
Data Element List ..................................................................................................................6-135
Profile 34: MasterCard/Debit MasterCard online only with no offline CAM and no offlinePIN..............................................................................................................................................6-138
Cardholder Verification .........................................................................................................6-139
Application Usage Control ....................................................................................................6-139
Application Interchange Profile ............................................................................................6-139
Issuer Risk Management .......................................................................................................6-139
MasterCard Authentication Solutions for Chip ......................................................................6-140
Data Element List ..................................................................................................................6-140
©2010 MasterCard6-vi 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Profile 11: MasterCard/Debit MasterCard with SDA andoffline PIN—Full Chip Issuer (1)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (plain text) which is preferred to signature, whichis preferred to online PIN at the POS. The card will always use online PIN atATMs. No CVM is also supported. If offline PIN fails or if PIN entry is bypassedor not possible, the card will try to go online and decline the transactionif this is not possible.
This profile differs from Profile 12 in that signature is preferred to online PIN atthe POS. The profile differs from Profile 13 in that PIN issues lead to an onlineauthorization request rather than an offline decline. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.The card may be configured as online preferring.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Signature*, if the terminal is able to perform it *chg*
• Online PIN for other cases (such as any terminal that does not supportoffline PIN or signature and certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-1
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCard6-2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-3
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
©2010 MasterCard6-4 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MASTERCARD or MasterCard or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-5
Standard Profiles for MasterCard/Debit MasterCardProfile 11: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 AC 98 00
Issuer Action Code—Default 9F0D F0 50 AC 00 00
CVM List 8E 00000000 00000000 4201 4103 1E03 4203 *chg*1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard6-6 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
Profile 12: MasterCard/Debit MasterCard with SDA andoffline PIN—Full Chip Issuer (2)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use onlinePIN at ATMs. No CVM is also supported. If offline PIN fails or if PIN entryis bypassed or not possible, the card will try to go online and decline thetransaction if this is not possible.
This profile differs from Profile 11 in that online PIN is preferred to signature atthe POS. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.The card may be configured as online preferring.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• Signature* if the terminal is able to perform it *chg*
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-7
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is declined.
©2010 MasterCard6-8 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-9
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
©2010 MasterCard6-10 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-11
Standard Profiles for MasterCard/Debit MasterCardProfile 12: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 AC 98 00
Issuer Action Code—Default 9F0D F0 50 AC 88 00
CVM List 8E 00000000 00000000 4201 4103 4203 1E03 *chg*1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
©2010 MasterCard6-12 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 13: MasterCard/Debit MasterCard with SDA andoffline PIN—Full Chip Issuer (3)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (plain text) which is preferred to signature, whichis preferred to online PIN at the POS. The card will always use online PIN atATMs. No CVM is also supported. If offline PIN fails or if PIN entry is bypassedor not possible, the card will try to go online and decline the transactionif this is not possible.
The profile differs from Profile 11 in that PIN issues lead to an offline declinerather than an online authorization request. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.The card may be configured as online preferring.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-13
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline plain text PIN, if the terminal is able to perform it• Signature*, if the terminal is able to perform it *chg*
• Online PIN for other cases (such as any terminal that does not supportoffline PIN or signature and certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCard6-14 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction is rejected.
• If the PIN is bypassed, then the transaction is rejected.• If the PIN pad is not working, then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-15
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-16 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-17
Standard Profiles for MasterCard/Debit MasterCardProfile 13: MasterCard/Debit MasterCard with SDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 28 00 00
Issuer Action Code—Online 9F0F F0 70 84 98 00
Issuer Action Code—Default 9F0D F0 50 84 00 00
CVM List 8E 00000000 00000000 4201 4103 1E03 4203 *chg*1F03
Card Issuer Action Code—Decline C3 18 00 00
Card Issuer Action Code—Online C5 01 FB 00
07 FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 01 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
©2010 MasterCard6-18 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 14: MasterCard/Debit MasterCard with SDA andsignature—Full Chip Issuer (1)
Overview
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. Online PIN is preferred to signatureat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 15 in that online PIN is preferred to signature atthe POS. *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
NOTE
This profile is normally implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-19
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Online PIN, if the terminal is able to perform it• Signature*, if the terminal is able to perform it *chg*
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
©2010 MasterCard6-20 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is accepted.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedrejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-21
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-22 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-23
Standard Profiles for MasterCard/Debit MasterCardProfile 14: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 8C 98 00
Issuer Action Code—Default 9F0D F0 50 84 88 00
CVM List 8E 00000000 00000000 4201 4203 1E03 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
©2010 MasterCard6-24 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 15: MasterCard/Debit MasterCard with SDA andsignature—Full Chip Issuer (2)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 14 in that signature is preferred to online PIN atthe POS. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.Internationally, the card is online preferring. The card may be configured asonline preferring domestically also.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Signature*, if the terminal is able to perform it *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-25
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
• Online PIN for other cases such as certain Cardholder Activated Terminals• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
©2010 MasterCard6-26 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is declined.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-27
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-28 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-29
Standard Profiles for MasterCard/Debit MasterCardProfile 15: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 8C 98 00
Issuer Action Code—Default 9F0D F0 50 8C 08 00
CVM List 8E 00000000 00000000 4201 1E03 4203 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 04 FB 00
06 FB 00 may be used to make thecard “online preferring” in a domesticenvironment
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
©2010 MasterCard6-30 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 16: MasterCard/Debit MasterCard with DDA andoffline PIN—Full Chip Issuer (1)
Overview
This Standard Profile is for the issuer of MasterCard cards supporting DDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered or plain text) which is preferred tosignature, which is preferred to online PIN at the POS. The card will alwaysuse online PIN at ATMs. No CVM is also supported. If offline PIN fails or ifPIN entry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 17 in that signature is preferred to online PIN atthe POS. The profile differs from Profile 18 in that PIN issues lead to an onlineauthorization request rather than an offline decline. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.The card may be configured as online preferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-31
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline enciphered or plain text PIN, if the terminal is able to perform it• Signature*, if the terminal is able to perform it *chg*
• Online PIN for other cases (such as any terminal that does not supportoffline PIN or signature such as certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCard6-32 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-33
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-34 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-35
Standard Profiles for MasterCard/Debit MasterCardProfile 16: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 AC 98 00
Issuer Action Code—Default 9F0D B8 50 AC 00 00
CVM List 8E 00000000 00000000 4201 4403 4103 1E03 *chg*4203 1F03
Card Issuer Action Code—Decline C3 00 00 00
©2010 MasterCard6-36 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 17: MasterCard/Debit MasterCard with DDA andoffline PIN—Full Chip Issuer (2)
This Standard Profile is for the issuer of MasterCard cards supporting DDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered and plain text) which is preferred toonline PIN, which is preferred to signature at the POS. The card will alwaysuse online PIN at ATMs. No CVM is also supported. If offline PIN fails or ifPIN entry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 16 in that online PIN is preferred to signature atthe POS. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.The card may be configured as online preferring.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-37
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline enciphered or plain text PIN, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN such as certain Cardholder Activated Terminals)• Signature*, if the terminal is able to perform it *chg*
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.
©2010 MasterCard6-38 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-39
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
©2010 MasterCard6-40 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-41
Standard Profiles for MasterCard/Debit MasterCardProfile 17: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 or FF40 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 AC 98 00
©2010 MasterCard6-42 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Issuer Action Code—Default 9F0D B8 50 AC 88 00
CVM List 8E 00000000 00000000 4201 4403 4103 4203 *chg*1E03 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 18: MasterCard/Debit MasterCard with DDA andoffline PIN—Full Chip Issuer (3)
This Standard Profile is for the issuer of MasterCard cards supporting DDA andoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered and plain text) which is preferred tosignature, which is preferred to online PIN at the POS. The card will alwaysuse online PIN at ATMs. No CVM is also supported. If offline PIN fails or ifPIN entry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-43
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
The profile differs from Profile 16 in that PIN issues lead to an offline declinerather than an online authorization request. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.The card may be configured as online preferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline enciphered or plain text PIN, if the terminal is able to perform it• Signature*, if the terminal is able to perform it *chg*
• Online PIN for other cases (such as any terminal that does not supportoffline PIN or signature such as certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.
©2010 MasterCard6-44 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
• If DDA fails, then the transaction must go online. If it is not possible to goonline, then the transaction is rejected.
• If ICC Data is missing, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card appears on an exception file, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction is rejected.
• If the PIN is bypassed, then the transaction is rejected.• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-45
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing the card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application may beselected without confirmation of cardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
©2010 MasterCard6-46 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag 84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBIT MASTERCARD
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-47
Standard Profiles for MasterCard/Debit MasterCardProfile 18: MasterCard/Debit MasterCard with DDA and offline PIN—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
Issuer Code Table Index 9F11 Supports the character set of the ApplicationPreferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application Currency Codetag 9F42
Currency Conversion table D1 Determined by issuer (in case that one orseveral entries are not used, please set theseentry(ies) with CRM Currency Code)
CRM Country Code C8 Same value as Issuer Country Code tag 5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 28 00 00
Issuer Action Code—Online 9F0F B8 70 84 98 00
Issuer Action Code—Default 9F0D B8 50 84 00 00
CVM List 8E 00000000 00000000 4201 4403 4103 1E03 *chg*4203 1F03
Card Issuer Action Code—Decline C3 18 00 00
©2010 MasterCard6-48 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Card Issuer Action Code—Online C5 01 FB 00
07 FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 01 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 *chg*9A 03 9C 01 9F 37 04 9F 35 01 9F 45 02 9F4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 00 0000 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 19: MasterCard/Debit MasterCard with DDA andsignature—Full Chip Issuer (1)
This Standard Profile is for the issuer of MasterCard cards supporting DDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. online PIN is preferred to signatureat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed, the card will try to go online and acceptthe transaction offline if this is not possible.
This profile differs from Profile 20 in that online PIN is preferred to signature atthe POS. *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-49
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Online PIN, if the terminal is able to perform it• Signature*, if the terminal is able to perform it *chg*
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.
©2010 MasterCard6-50 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is accepted.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedrejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-51
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-52 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F478Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-53
Standard Profiles for MasterCard/Debit MasterCardProfile 19: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 8C 98 00
Issuer Action Code—Default 9F0D B8 50 84 88 00
CVM List 8E 00000000 00000000 4201 4203 1E03 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 80 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
©2010 MasterCard6-54 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 20: MasterCard/Debit MasterCard with DDA andsignature—Full Chip Issuer (2)
This Standard Profile is for the issuer of MasterCard cards supporting DDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 19 in that signature is preferred to online PIN atthe POS. *chg*
Upper Limit parameters are used in risk management to decide whether toaccept the transaction offline if online authorization is not completed. TheUpper Limits may not normally be set to zero on a MasterCard product. Theprofile is online preferring internationally. Domestically, the card may beconfigured as online preferring.
NOTE
This profile must be implemented M/Chip 4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-55
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Signature*, if the terminal is able to perform it *chg*
• Online PIN for other cases such as certain Cardholder Activated Terminals• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
©2010 MasterCard6-56 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-57
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-58 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-59
Standard Profiles for MasterCard/Debit MasterCardProfile 20: MasterCard/Debit MasterCard with DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 8C 98 00
Issuer Action Code—Default 9F0D B8 50 8C 88 00
CVM List 8E 00000000 00000000 4201 1E03 4203 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 04 FB 00
06 FB 00 may be used to make thecard "online preferring" in a domesticenvironment
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 80 00
©2010 MasterCard6-60 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 21: MasterCard/Debit MasterCard with CDA/DDAand offline PIN—Full Chip Issuer (1)
This Standard Profile is for the issuer of MasterCard cards supporting CDA andDDA and offline PIN in a Full Chip grade host processing environment or theissuer uses one of the appropriate MasterCard on-behalf services.
The card supports offline PIN (enciphered or plain text) which is preferred tosignature, which is preferred to online PIN at the POS. The card will alwaysuse online PIN at ATMs. No CVM is also supported. If offline PIN fails or ifPIN entry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 22 in that the card supports offline PIN. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.The card may be configured as online preferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline enciphered or plain text PIN, if the terminal is able to perform it• Signature*, if the terminal is able to perform it *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-61
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
• Online PIN for other cases (such as any terminal that does not supportoffline PIN or signature such as certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• CDA and DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If CDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
©2010 MasterCard6-62 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-63
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-64 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-65
Standard Profiles for MasterCard/Debit MasterCardProfile 21: MasterCard/Debit MasterCard with CDA/DDA and offline PIN—Full Chip Issuer (1)
Data Element Name Tag Mandatory Value
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F BC 70 AC 98 00
Issuer Action Code—Default 9F0D BC 50 AC 00 00
CVM List 8E 00000000 00000000 4201 4403 4103 1E03 *chg*4203 1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 39 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
©2010 MasterCard6-66 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 22: MasterCard/Debit MasterCard with CDA/DDAand signature—Full Chip Issuer (2)
Overview
This Standard Profile is for the issuer of MasterCard cards supporting CDA andDDA and no offline PIN in a Full Chip grade host processing environment orthe issuer uses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 21 in that off-line PIN is not supported. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.Internationally, the profile is online preferring. Domestically, the card maybe configured as online preferring.
NOTE
This profile must be implemented on M/Chip 4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-67
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Signature*, if the terminal is able to perform it *chg*
• Online PIN for other cases such as certain Cardholder Activated Terminals• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• CDA and DDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If DDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If CDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCard6-68 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-69
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-70 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
ICC Public Key Remainder 9F48 Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-71
Standard Profiles for MasterCard/Debit MasterCardProfile 22: MasterCard/Debit MasterCard with CDA/DDA and signature—Full Chip Issuer (2)
Data Element Name Tag Mandatory Value
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F BC 70 8C 98 00
Issuer Action Code—Default 9F0D BC 50 8C 08 00
CVM List 8E 00000000 00000000 4201 1E03 4203 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 04 FB 00
06 FB 00 may be used to make thecard “online preferring” in a domesticenvironment
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 39 00
CDOL 1 Related Data Length C7 2B
Application Control D5 80 00
©2010 MasterCard6-72 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
can interpret TVR/CVR
Data Element Name Tag Mandatory Value
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 23: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer caninterpret TVR/CVR
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. However, theissuer can interpret the TVR and CVR received in authorization messages andtake action accordingly.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use onlinePIN at ATMs. No CVM is also supported. If offline PIN fails or if PIN entryis bypassed or not possible, the card will try to go online and decline thetransaction if this is not possible.
This profile differs from profile 24 as the issuer can interpret the TVR and CVRso does not need to decline certain conditions offline. *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-73
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercan interpret TVR/CVR
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline plain text PIN, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN such as certain Cardholder Activated Terminals)• Signature*, if the terminal is able to perform it *chg*
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
•* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is normally supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCard6-74 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
can interpret TVR/CVR
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-75
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercan interpret TVR/CVR
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-76 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
can interpret TVR/CVR
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-77
Standard Profiles for MasterCard/Debit MasterCardProfile 23: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercan interpret TVR/CVR
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 AC 98 00
Issuer Action Code—Default 9F0D F0 50 AC 08 00
CVM List 8E 00000000 00000000 4201 4103 4203 1E03 *chg*1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 1F FB 00
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
©2010 MasterCard6-78 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 24: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (1)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages and sowill decline offline transactions where offline PIN errors occur.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use onlinePIN at ATMs. No CVM is also supported. If offline PIN fails or if PIN entry isbypassed or not possible, the transaction will be declined.
This profile differs from profile 23 as the issuer cannot interpret the TVR andCVR so declines certain conditions offline. *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-79
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
• Offline plain text PIN, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN and certain Cardholder Activated Terminals)• Signature*, if the terminal is able to perform it *chg*
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction the transaction isrejected offline.
©2010 MasterCard6-80 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
• If the offline PIN fails (or if the offline PIN try limit is exceeded), then thetransaction the transaction is rejected offline.
• If the PIN is bypassed, then the transaction is rejected offline.• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction is rejected offline.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-81
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-82 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-83
Standard Profiles for MasterCard/Debit MasterCardProfile 24: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 A8 00 00
Issuer Action Code—Online 9F0F F0 70 04 98 00
Issuer Action Code—Default 9F0D F0 50 04 08 00
CVM List 8E 00000000 00000000 4201 4103 4203 1E03 *chg*1F03
Card Issuer Action Code—Decline C3 19 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
©2010 MasterCard6-84 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 25: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (2)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages and sowill decline offline transactions where offline PIN errors occur.
The card supports offline PIN (plain text) which is preferred to signature, whichis preferred to online PIN at the POS. The card will always use online PIN atATMs. No CVM is also supported. If offline PIN fails or if PIN entry is bypassedor not possible, the transaction will be declined.
This profile differs from profile 24 as signature is preferred to online PIN. *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-85
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline plain text PIN, if the terminal is able to perform it• Signature*, if the terminal is able to perform it *chg*
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
©2010 MasterCard6-86 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction the transaction isrejected offline.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), then thetransaction the transaction is rejected offline.
• If the PIN is bypassed, then the transaction is rejected offline.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction is rejected offline.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-87
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-88 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personal-ization system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication TagList
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined byissuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-89
Standard Profiles for MasterCard/Debit MasterCardProfile 25: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 A8 00 00
Issuer Action Code—Online 9F0F F0 70 04 98 00
Issuer Action Code—Default 9F0D F0 50 04 08 00
CVM List 8E 00000000 00000000 4201 4103 1E03 *chg*4203 1F03
Card Issuer Action Code—Decline C3 19 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
©2010 MasterCard6-90 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (3)
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 26: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (3)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages but willallow online authorization of transactions where offline PIN errors occur.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use online PINat ATMs. No CVM is also supported. In the event of PIN or CVM issues the cardinitiates an online authorization or declines the transaction as described below.
This profile differs from profile 24 as the issuer wants to allow CVM fallbackand only decline transactions where CVM processing fails *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-91
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (3)
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline plain text PIN, if the terminal is able to perform it• Online PIN for other cases (such as any terminal that does not support
offline PIN and certain Cardholder Activated Terminals)• Signature*, if the terminal is able to perform it *chg*
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.
©2010 MasterCard6-92 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (3)
• If the card application has expired, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the card application is not yet effective, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction the transaction isrejected offline.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then no action is taken on this issue. *chg*
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction is rejected offline.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-93
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (3)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-94 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (3)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-95
Standard Profiles for MasterCard/Debit MasterCardProfile 26: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (3)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 80 00 00
Issuer Action Code—Online 9F0F F0 70 24 98 00
Issuer Action Code—Default 9F0D F0 50 24 08 00
CVM List 8E 00000000 00000000 4201 4103 4203 1E03 *chg*1F03
Card Issuer Action Code—Decline C3 01 00 00
Card Issuer Action Code—Online C5 0E FB 00
Card Issuer Action Code—Default C4 08 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
©2010 MasterCard6-96 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (4)
Data Element Name Tag Mandatory Value
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 27: MasterCard/Debit MasterCard with SDA andoffline PIN—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (4)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andoffline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages but willallow online authorization of transactions where offline PIN errors occur.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use online PINat ATMs. No CVM is also supported. In the event of PIN or CVM issues the cardinitiates an online authorization or declines the transaction as described below.
This profile differs from profile 26 as signature is preferred to online PIN. *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Offline plain text PIN, if the terminal is able to perform it
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-97
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (4)
• Signature*, if the terminal is able to perform it *chg*
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction the transaction isrejected offline.
©2010 MasterCard6-98 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (4)
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the PIN is bypassed, then no action is taken on this issue. *chg*
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction is rejected offline.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB). The CAP TokenValidation requires ATC management and AC validation by the issuer usingeither a hosted CTVS or delegating the CAP Token validation to a third party,for example: MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-99
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (4)
Data Element Name Tag Mandatory Value
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-100 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (4)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-101
Standard Profiles for MasterCard/Debit MasterCardProfile 27: MasterCard/Debit MasterCard with SDA and offline PIN—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (4)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 80 00 00
Issuer Action Code—Online 9F0F F0 70 24 98 00
Issuer Action Code—Default 9F0D F0 50 24 08 00
CVM List 8E 00000000 00000000 4201 4103 1E03 4203 *chg*1F03
Card Issuer Action Code—Decline C3 01 00 00
Card Issuer Action Code—Online C5 0E FB 00
Card Issuer Action Code—Default C4 08 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
©2010 MasterCard6-102 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 28: MasterCard/Debit MasterCard with SDA andsignature—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (1)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages.
The card does not support offline PIN. online PIN is preferred to signatureat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed or CVM processing is unsuccessful, the cardinitiates an online authorization or declines the transaction if this is not possible.
This profile differs from Profile 29 in that online PIN is preferred to signature atthe POS. This profile differs from Profile 30 in that certain transaction errors aredeclined offline. *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if the terminal is able to perform it
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-103
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
• Signature*, if the terminal is able to perform it *chg*
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals
•* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction is rejected.• If the PIN is bypassed, then the transaction is rejected.• If the PIN pad is not working then no action is taken on this issue. *chg*
©2010 MasterCard6-104 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB). The CAP Token Validationrequires ATC management and AC validation by the issuer using either a hostedCTVS or delegating the CAP Token validation to a third party, for example,MasterCard On Behalf Service.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-105
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-106 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-107
Standard Profiles for MasterCard/Debit MasterCardProfile 28: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (1)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 88 00 00
Issuer Action Code—Online 9F0F F0 70 04 98 00
Issuer Action Code—Default 9F0D F0 50 04 08 00
CVM List 8E 00000000 00000000 4203 1E03 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
©2010 MasterCard6-108 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 29: MasterCard/Debit MasterCard with SDA andsignature—Mag Stripe Grade Issuer where issuer cannotinterpret TVR/CVR (2)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Mag Stripe grade host processing environment. The issuercannot interpret the TVR and CVR received in authorization messages. *chg*
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed or CVM processing is unsuccessful, thecard declines the transaction offline.
This profile differs from Profile 28 in that signature is preferred to online PIN atthe POS. *chg*
The profile is online preferring. Upper Limit parameters are used in riskmanagement to decide whether to accept the transaction offline if onlineauthorization is not completed. The Upper Limits may not normally be set tozero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Signature*, if the terminal is able to perform it *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-109
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
• Online PIN, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction is rejected.• If the PIN is bypassed, then the transaction is rejected.• If the PIN pad is not working then no action is taken on this issue. *chg*
©2010 MasterCard6-110 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• Domestic Transactions must go online. If it is not possible to go online,then the transaction is accepted.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB). The CAP Token Validationrequires ATC management and AC validation by the issuer using either a hostedCTVS or delegating the CAP Token validation to a third party, for example:MasterCard On Behalf Service.
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-111
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-112 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuer
cannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-113
Standard Profiles for MasterCard/Debit MasterCardProfile 29: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer where issuercannot interpret TVR/CVR (2)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 88 00 00
Issuer Action Code—Online 9F0F F0 70 04 98 00
Issuer Action Code—Default 9F0D F0 50 04 08 00
CVM List 8E 00000000 00000000 4201 1E03 4203 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
©2010 MasterCard6-114 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
Data Element Name Tag Mandatory Value
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 30: MasterCard/Debit MasterCard with SDA andsignature—Mag Stripe Grade Issuer (3)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Mag Stripe grade host processing environment.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed or CVM processing is unsuccessful, thecard declines the transaction offline.
This profile differs from Profile 29 in that certain transactions errors areauthorized online. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.The card may be configured as online preferring.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Signature*, if the terminal is able to perform it *chg*
• Online PIN, if the terminal is able to perform it
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-115
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
• No CVM* (no verification of the cardholder), for certain CardholderActivated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the offline PIN fails (or if the offline PIN try limit is exceeded), thenthe transaction must go online. If it is not possible to go online, then thetransaction is rejected.
©2010 MasterCard6-116 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the terminal erroneously considers the offline PIN to be approved, but ithas not been approved by the card, then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is accepted offline.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• It is more flexible to make the card “on-line preferring,” if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB). The CAP Token Validationrequires ATC management and AC validation by the issuer using either a hostedCTVS or delegating the CAP Token validation to a third party, for example:MasterCard On Behalf Service.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-117
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCard6-118 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-119
Standard Profiles for MasterCard/Debit MasterCardProfile 30: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (3)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Application Transaction CounterLimit
Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 AC 98 00
Issuer Action Code—Default 9F0D F0 50 AC 08 00
CVM List 8E 00000000 00000000 4201 1E03 4203 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 19 FB 00
1F FB 00 may be used to make the card“online preferring”
Card Issuer Action Code—Default C4 19 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
©2010 MasterCard6-120 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 31: MasterCard/Debit MasterCard with SDA andsignature—Mag Stripe Grade Issuer (4)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Mag Stripe grade host processing environment. It includes aspecial setting to require online PIN domestically. *chg*
The card does not support offline PIN. Signature is preferred to online PIN atthe POS internationally. The card will always use online PIN at ATMs. No CVMis also supported. If PIN entry is bypassed or CVM processing is unsuccessful,the card initiates an online authorization or declines the transaction if this isnot possible.
This profile differs from Profile 30 in that domestic transactions require onlinePIN. *chg*
The profile is online preferring for international transactions and online onlydomestically. Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline if online authorization is not completed.The Upper Limits may not normally be set to zero on a MasterCard product.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-121
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if transaction is Unattended Cash (ATM transactions)• Online PIN, if above amount “x”• Signature*, if the terminal is able to perform it *chg*
• Online PIN, if the terminal is able to perform it• No CVM* (no verification of the cardholder), for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
©2010 MasterCard6-122 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
• If the card is a new card then no action is taken on this issue. *chg*
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is international, the card will request that the transactiongo online. If it is not possible to go online, then the transaction is acceptedoffline.
• If the transaction is domestic, the card will request that the transaction goonline. If it is not possible to go online, then the transaction is rejected.
• If the transaction is “unable to go online” the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-123
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB). The CAP Token Validationrequires ATC management and AC validation by the issuer using either a hostedCTVS or delegating the CAP Token validation to a third party, for example:MasterCard On Behalf Service.
©2010 MasterCard6-124 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-125
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
9F42: Application Currency Code *chg*
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Byte 1: Lower bits contain the SFI ofthe cyclic transaction log file (11) Byte2: Maximum number of records in theTransaction Log file
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
©2010 MasterCard6-126 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 31: MasterCard/Debit MasterCard with SDA and signature—Mag Stripe Grade Issuer (4)
Data Element Name Tag Mandatory Value
Lower Cumulative OfflineTransaction Amount
CA Determined by issuer
Upper Cumulative OfflineTransaction Amount
CB Determined by issuer *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 8C 98 00
Issuer Action Code—Default 9F0D F0 50 8C 88 00
CVM List 8E 00000001 00000000 4201 4207 5E03 4203 *chg*1F03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 42 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-127
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 32: MasterCard/Debit MasterCard with SDA andsignature—Full Chip Issuer (3)
This Standard Profile is for the issuer of MasterCard cards supporting SDA andno offline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services.
The card does not support offline PIN. Signature is preferred to online PINat the POS. The card will always use online PIN at ATMs. No CVM is alsosupported. If PIN entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
This profile differs from Profile 14 in that signature is preferred to online PIN atthe POS. *chg*
Lower and Upper Limit parameters are used in risk management to decidewhether to accept the transaction offline or to request an online authorization.The Upper Limits may not normally be set to zero on a MasterCard product.Internationally, the card is online preferring. The card may be configured asonline preferring domestically also.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
©2010 MasterCard6-128 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN—if transaction is Unattended Cash (ATM transactions)• Signature*—if the terminal is able to perform it *chg*
• Online PIN—for other cases such as certain Cardholder Activated Terminals• No CVM* (no verification of the cardholder)—for certain Cardholder
Activated Terminals* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported for MasterCard. *chg*
For Debit MasterCard, Cash Back must be supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• SDA• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The settings for risk management are:• If offline CAM is not performed, then the transaction must go online. If it is
not possible to go online, then the transaction is rejected.• If SDA fails, then the transaction must go online. If it is not possible to go
online, then the transaction is rejected.• If ICC Data is missing, then the transaction must go online. If it is not
possible to go online, then the transaction is rejected.• If the card appears on an exception file, then the transaction must go
online. If it is not possible to go online, then the transaction is rejected.• If the card application has expired, then the transaction must go online. If it
is not possible to go online, then the transaction is rejected.• If the card application is not yet effective, then the transaction must go
online. If it is not possible to go online, then the transaction is acceptedoffline.
• If card usage is not allowed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the card is a new card then no action is taken on this issue. *chg*
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-129
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
• If the cardholder verification fails, then the transaction must go online. If itis not possible to go online, then the transaction is rejected.
• If the PIN is bypassed, then the transaction must go online. If it is notpossible to go online, then the transaction is rejected.
• If the PIN pad is not working then no action is taken on this issue. *chg*
• If the transaction amount exceeds the terminal floor limit, then thetransaction must go online. If it is not possible to go online, then thetransaction is rejected.
• If the terminal forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the merchant forces the transaction online, then the transaction must goonline. If it is not possible to go online, then the transaction is declined.
• If the Lower Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is accepted offline.
• If the Lower Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is acceptedoffline.
• If the Upper Consecutive Offline Limit is exceeded (for a transactionperformed in a non-issuer currency), then the transaction must go online. Ifit is not possible to go online, then the transaction is rejected.
• If the Upper Cumulative Offline Transaction Amount is exceeded (for atransaction performed in the issuer currency), then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
• International transactions must go online. If it is not possible to go online,then the transaction is accepted.
• If the transaction is domestic, the card takes no action on this issue. Thecard may alternatively request that the transaction go online. If it is notpossible to go online, then the transaction is accepted offline.
• The offline transaction counters will be reset whenever a transaction isapproved, even if there is no ARPC.
• It is more flexible to make the card “on-line preferring”, if required, bysetting the LCOL and LCOA to zero, as this can be updated in the futureby a script command.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
©2010 MasterCard6-130 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-131
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
DAC: Determined by issuer/personaliza-tion system
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
Signed Static Application Data 93
9F4A: Static Data Authentication Tag List
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MasterCard or MASTERCARD or *chg*
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00 or
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0012
Lower Consecutive Offline Limit 9F14 Determined by issuer
Upper Consecutive Offline Limit 9F23 Determined by issuer *chg*
Lower Cumulative Offline TransactionAmount
CA Determined by issuer
Upper Cumulative Offline TransactionAmount
CB Determined by issuer *chg*
©2010 MasterCard6-132 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 32: MasterCard/Debit MasterCard with SDA and signature—Full Chip Issuer (3)
Data Element Name Tag Mandatory Value
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F F0 70 8C 98 00
Issuer Action Code—Default 9F0D F0 50 8C 88 00
CVM List 8E 00000000 00000000 4201 1E03 4203 1F03 *chg*
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 04 FB 00
06 FB 00 may be used to make thecard “online preferring” in a domesticenvironment
Card Issuer Action Code—Default C4 00 50 00
Application Interchange Profile 82 58 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-133
Standard Profiles for MasterCard/Debit MasterCardProfile 33: MasterCard/Debit MasterCard online only with no offline CAM – offline PIN
Data Element Name Tag Mandatory Value
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version. *chg*
Profile 33: MasterCard/Debit MasterCard online only withno offline CAM – offline PIN
This Standard Profile is for the issuer of online only MasterCard cards with nooffline CAM. The card supports offline PIN. This Profile may only be usedwith MasterCard programs that allow exclusively on-line personalization. Referto the M/Chip Requirements manual.
The card supports offline PIN (plain text) which is preferred to signature,which is preferred to on-line PIN at the POS. The card always will always useonline PIN at ATMs. No CVM is also supported. If offline PIN fails or if PINEntry is bypassed or not possible, the card will try to go online and declinethe transaction if this is not possible.
The card may not operate offline and offline CAM is not supported.
This profile will normally be implemented on M/Chip 4 Lite. The profile maybe implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method List is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to process it
©2010 MasterCard6-134 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 33: MasterCard/Debit MasterCard online only with no offline CAM – offline PIN
• Signature*, if the terminal is able to process it• Online PIN for other cases, such as any Terminal that does not support
Offline PIN or signature and certain Cardholder Activated Terminals• No CVM* (no verification of the Cardholder), for certain Cardholder
Activated Terminals*If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any Domestic and International usage (Good, Services,Cash). Cash Back is not normally supported.
For Debit MasterCard, domestic and international Cash Back must be supported.
The card can be used at ATM, POS and any other devices.
Application Interchange Profile
Functions that the card request to be done are:• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management may be performed by the Terminal via the Issuer Actioncodes (IAC) and by the Card via the Card Issuer Action Codes (CIAC) duringeach transaction.
The card is configured as online only so will never approval an offlinetransaction.
The settings for risk management are:• If the transaction is an International Transaction: then the transaction must
go online. If it is not possible to go online then the transaction is rejected.• If the transaction is a Domestic Transaction: then the transaction must go
online. If it is not possible to go online then the transaction is rejected.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-135
Standard Profiles for MasterCard/Debit MasterCardProfile 33: MasterCard/Debit MasterCard online only with no offline CAM – offline PIN
Data Element Name Tag Mandatory Value
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing the card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F N/A
Issuer Public Key Certificate 90 N/A
Issuer Public Key Remainder 92 N/A
Issuer Public Key Exponent 9F32 N/A
Static Data Authentication Tag List 9F4A N/A
Application Identifier if cardsupports a PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
MasterCard or MASTERCARD orApplication Label 50
Debit MasterCard or DEBITMASTERCARD
©2010 MasterCard6-136 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 33: MasterCard/Debit MasterCard online only with no offline CAM – offline PIN
Data Element Name Tag Mandatory Value
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
FF00 for MasterCard, orApplication Usage Control 9F07
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 00
Upper Consecutive Offline Limit 9F23 00
Lower Cumulative OfflineTransaction Amount
CA 00000000000
Upper Cumulative OfflineTransaction Amount
CB 00000000000
CRM Currency Code C9 Same value as Application Currency Codetag 9F42
Currency Conversion Table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B0 70 AC 98 00
Issuer Action Code—Default 9F0D B0 50 AC 88 00
CVM List 8E 00000000 00000000 4201 4103 1E03 42031F03
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-137
Standard Profiles for MasterCard/Debit MasterCardProfile 34: MasterCard/Debit MasterCard online only with no offline CAM and no offline PIN
Data Element Name Tag Mandatory Value
Card Issuer Action Code – Decline C3 00 00 00
Card Issuer Action Code – Online C5 1F FB 00
Card Issuer Action Code – Default C4 1F 50 00
Application Interchange Profile 82 18 00
M/Chip Lite: 23
CDOL 1 Related Data Length C7 M/Chip Select: 2B
Application Control D5 84 00
M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
CDOL 1 8C
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
M/Chip Lite: 91 0A 8A 02 95 05CDOL 2 8D
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version. *chg*
Profile 34: MasterCard/Debit MasterCard online only withno offline CAM and no offline PIN
This Standard Profile is for the issuer of online only MasterCard cards with nooffline CAM and no offline PIN. This Profile may only be used with MasterCardprograms that allow exclusively on-line personalization (see the M/ChipRequirements).
The card does not support offline PIN. Signature is preferred to on-line PINat the POS. The card always will use online PIN at ATMs. No CVM is alsosupported. If PIN Entry is bypassed, the card will try to go online and declinethe transaction if this is not possible.
©2010 MasterCard6-138 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 34: MasterCard/Debit MasterCard online only with no offline CAM and no offline PIN
The card may not operate offline and offline CAM is not supported.
This profile will normally be implemented on M/Chip 4 Lite. The profile maybe implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method List is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Signature*, if the terminal is able to perform it
• Online PIN for other cases, such as any Terminal that does not supportOffline PIN or signature and certain Cardholder Activated Terminals
• No CVM* (no verification of the Cardholder), for certain CardholderActivated Terminals
* If this CVM is not successful then CVM processing has failed.
Application Usage Control
The card is valid for any Domestic and International usage (Good, Services,Cash). Cash Back is not normally supported.
For Debit MasterCard, domestic and international Cash Back must be supported.
The card can be used at ATM, POS and any other devices.
Application Interchange Profile
Functions that the card request to be done are:
• Terminal Risk Management
• Cardholder Verification
Issuer Risk Management
Risk management may be performed by the Terminal via the Issuer Actioncodes (IAC) and by the Card via the Card Issuer Action Codes (CIAC) duringeach transaction.
The card is configured as online only so will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an International Transaction: then the transaction mustgo online. If it is not possible to go online then the transaction is rejected.
• If the transaction is a Domestic Transaction: then the transaction must goonline. If it is not possible to go online then the transaction is rejected.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-139
Standard Profiles for MasterCard/Debit MasterCardProfile 34: MasterCard/Debit MasterCard online only with no offline CAM and no offline PIN
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F N/A
Issuer Public Key Certificate 90 N/A
Issuer Public Key Remainder 92 N/A
©2010 MasterCard6-140 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard/Debit MasterCardProfile 34: MasterCard/Debit MasterCard online only with no offline CAM and no offline PIN
Data Element Name Tag Mandatory Value
Issuer Public Key Exponent 9F32 N/A
Static Data Authentication Tag List 9F4A N/A
Application Identifier if cardsupports a PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
MasterCard or MASTERCARD orApplication Label 50
Debit MasterCard or DEBITMASTERCARD
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
FF00 for MasterCard, orApplication Usage Control 9F07
FFC0 for Debit MasterCard
Log Entry (in the FCI) 9F4D Determined by issuer
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 00
Upper Consecutive Offline Limit 9F23 00
Lower Cumulative OfflineTransaction Amount
CA 00000000000
Upper Cumulative OfflineTransaction Amount
CB 00000000000
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion Table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 6-141
Standard Profiles for MasterCard/Debit MasterCardProfile 34: MasterCard/Debit MasterCard online only with no offline CAM and no offline PIN
Data Element Name Tag Mandatory Value
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B0 70 8C 98 00
Issuer Action Code—Default 9F0D B0 50 8C 88 00
CVM List 8E 00000000 00000000 4201 1E03 4203 1F03
Card Issuer Action Code – Decline C3 00 00 00
Card Issuer Action Code – Online C5 06 FB 00
Card Issuer Action Code – Default C4 06 50 00
Application Interchange Profile 82 18 00
M/Chip Lite: 23
CDOL 1 Related Data Length C7 M/Chip Select: 2B
Application Control D5 80 00
M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
CDOL 1 8C
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
M/Chip Lite: 91 0A 8A 02 95 05CDOL 2 8D
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (If cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCard6-142 1 April 2011 • M/Chip Card Personalization Standard Profiles
Chapter 7 Standard Profiles for MasterCard ElectronicThis chapter details the Standard Profiles that are available to an issuer for use with the MasterCardElectronic product.
Profile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer............ 7-1
Cardholder Verification ............................................................................................................ 7-1
Application Usage Control ....................................................................................................... 7-1
Application Interchange Profile ............................................................................................... 7-1
Issuer Risk Management .......................................................................................................... 7-1
MasterCard Authentication Solutions for Chip ......................................................................... 7-2
Data Element List ..................................................................................................................... 7-2
Profile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer .............. 7-5
Cardholder Verification ............................................................................................................ 7-5
Application Usage Control ....................................................................................................... 7-5
Application Interchange Profile ............................................................................................... 7-5
Issuer Risk Management .......................................................................................................... 7-5
MasterCard Authentication Solutions for Chip ......................................................................... 7-6
Data Element List ..................................................................................................................... 7-6
Profile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer............................ 7-9
Cardholder Verification ............................................................................................................ 7-9
Application Usage Control ....................................................................................................... 7-9
Application Interchange Profile ............................................................................................... 7-9
Issuer Risk Management ........................................................................................................ 7-10
MasterCard Authentication Solutions for Chip ....................................................................... 7-10
Data Element List ................................................................................................................... 7-10
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 7-i
Standard Profiles for MasterCard ElectronicProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer
Profile 51: MasterCard Electronic with no offline CAM andoffline PIN—Full Chip Issuer
This Standard Profile is for the issuer of MasterCard Electronic cards supportingoffline PIN in a Full Chip grade host processing environment or the issueruses one of the appropriate MasterCard on-behalf services. The cards willonly approve transactions if they are authorized online. The card does notsupport offline CAM.
The card supports offline PIN (plain text) which is preferred to online PIN,which is preferred to signature at the POS. The card will always use onlinePIN at ATMs. No CVM is not supported. If offline PIN fails or if PIN entry isbypassed or not possible, the card will try to go online.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline plain text PIN, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• Signature*, if the terminal is able to perform it
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:
• Terminal Risk Management
• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 7-1
Standard Profiles for MasterCard ElectronicProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer
The card is configured as “online only” and will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an international transaction, then the transaction mustgo online. If it is not possible to go online, then the transaction is rejected.
• If the transaction is an domestic transaction, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
©2010 MasterCard7-2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard ElectronicProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F N/A
Issuer Public Key Certificate 90 N/A
Issuer Public Key Remainder 92 N/A
Issuer Public Key Exponent 9F32 N/A
Static Data Authentication Tag List 9F4A N/A
Signed Static Application Data 93 N/A
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MC Electronic or MC ELECTRONIC *chg*
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 00 *chg*
Upper Consecutive Offline Limit 9F23 00 *chg*
Lower Cumulative Offline TransactionAmount
CA 000000000000 *chg*
Upper Cumulative Offline TransactionAmount
CB 000000000000 *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 7-3
Standard Profiles for MasterCard ElectronicProfile 51: MasterCard Electronic with no offline CAM and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B0 70 AC 98 00
Issuer Action Code—Default 9F0D B0 50 AC 80 00
CVM List 8E 00000000 00000000 4201 4103 4203 1E03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 1F FB 00
Card Issuer Action Code—Default C4 1F 50 00
Application Interchange Profile 82 18 00
CDOL 1 Related Data Length C7
M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 84 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
©2010 MasterCard7-4 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard ElectronicProfile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 52: MasterCard Electronic with no offline CAM andsignature—Full Chip Issuer
This Standard Profile is for the issuer of MasterCard Electronic cards notsupporting offline PIN in a Full Chip grade host processing environment or theissuer uses one of the appropriate MasterCard On-behalf Services. The cardswill only approve transactions if they are authorized online. The card does notsupport offline CAM.
The card supports online PIN, which is preferred to signature at the POS. Thecard will always use online PIN at ATMs. Neither offline PIN nor No CVMare supported. If PIN entry is bypassed or not possible, the card will try togo online.
NOTE
This profile normally is implemented on M/Chip 4 Lite. The profile may be implemented on M/Chip4 Select.
Cardholder Verification
The Cardholder Verification Method list is:• Online PIN, if the terminal is able to perform it• Signature*, if the terminal is able to perform it
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:• Terminal Risk Management• Cardholder Verification
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 7-5
Standard Profiles for MasterCard ElectronicProfile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer
The card is configured as “online only” and will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an international transaction, then the transaction mustgo online. If it is not possible to go online, then the transaction is rejected.
• If the transaction is an domestic transaction, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (AA4C) by addingthe optional data elements (both IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
©2010 MasterCard7-6 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard ElectronicProfile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer
Data Element Name Tag Mandatory Value
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F N/A
Issuer Public Key Certificate 90 N/A
Issuer Public Key Remainder 92 N/A
Issuer Public Key Exponent 9F32 N/A
Static Data Authentication Tag List 9F4A N/A
Signed Static Application Data 93 N/A
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MC Electronic or MC ELECTRONIC *chg*
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 00 *chg*
Upper Consecutive Offline Limit 9F23 00 *chg*
Lower Cumulative Offline TransactionAmount
CA 000000000000 *chg*
Upper Cumulative Offline TransactionAmount
CB 000000000000 *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 01
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 7-7
Standard Profiles for MasterCard ElectronicProfile 52: MasterCard Electronic with no offline CAM and signature—Full Chip Issuer
Data Element Name Tag Mandatory Value
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B0 70 8C 98 00
Issuer Action Code—Default 9F0D B0 50 8C 80 00
CVM List 8E 00000000 00000000 4203 1E03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 06 FB 00
Card Issuer Action Code—Default C4 06 50 00
Application Interchange Profile 82 18 00
CDOL 1 Related Data Length C7 M/Chip Lite: 23
M/Chip Select: 2B
Application Control D5 80 00
CDOL 1 8C M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F35 01 9F 45 02 9F 34 03
M/Chip Select: 9F 02 06 9F 03 06 9F 1A02 95 05 5F 2A 02 9A 03 9C 01 9F 37 049F 35 01 9F 45 02 9F 4C 08 9F 34 03
CDOL 2 8D M/Chip Lite: 91 0A 8A 02 95 05
M/Chip Select: 91 0A 8A 02 95 05 9F 3704 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
©2010 MasterCard7-8 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
Profile 53: MasterCard Electronic with DDA and offlinePIN—Full Chip Issuer
This Standard Profile is for the issuer of MasterCard Electronic cards supportingoffline PIN in a Full Chip grade host processing environment or the issuer usesone of the appropriate MasterCard on-behalf services. The cards will onlyapprove transactions if they are authorized online. The card supports DDA.
The card supports offline PIN (enciphered and plain text) which is preferred toonline PIN, which is preferred to signature at the POS. The card will alwaysuse online PIN at ATMs. No CVM is not supported. If offline PIN fails or if PINentry is bypassed or not possible, the card will try to go online.
NOTE
This profile must be implemented on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is:
• Online PIN, if transaction is Unattended Cash (ATM transactions)
• Offline enciphered or plain text PIN, if the terminal is able to perform it
• Online PIN for other cases (such as any terminal that does not supportoffline PIN and certain Cardholder Activated Terminals)
• Signature*, if the terminal is able to perform it
* If this CVM is not successful, then CVM processing has failed.
Application Usage Control
The card is valid for any domestic and international usage, including Goods,Services, or Cash. Cash Back is not supported.
The card can be used at ATM, POS, and any other devices.
Application Interchange Profile
Functions that the card requests:
• DDA
• Terminal Risk Management
• Cardholder Verification
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 7-9
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
Issuer Risk Management
Risk management is performed by the terminal via the Issuer Action Codes(IAC) and by the card via the Card Issuer Action Codes (CIAC) during eachtransaction.
The card is configured as “online only” and will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an international transaction, then the transaction mustgo online. If it is not possible to go online, then the transaction is rejected.
• If the transaction is an domestic transaction, then the transaction must goonline. If it is not possible to go online, then the transaction is rejected.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may optionally support MAS4C (CAP and AA4C)by adding the optional data elements (IAF and IPB).
Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary AccountNumber
5A Determined by issuer
Application Primary AccountNumber Sequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing thecard
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
©2010 MasterCard7-10 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
bit 8 must be 0 = Application maybe selected without confirmation ofcardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F Determined by issuer/personalizationsystem
Issuer Public Key Certificate 90 Calculated by MasterCard CertificationAuthority
Issuer Public Key Remainder 92 Calculated by MasterCard CertificationAuthority
Issuer Public Key Exponent 9F32 03
Static Data Authentication Tag List 9F4A 82
Static Data to be authenticated
5F 25: Application Effective Date
5F 24: Application Expiration Date
9F 07: Application Usage Control
5A: Application PAN
5F 34: Application PAN Sequence No.
8E: CVM List
9F0D: IAC—Default
9F0E: IAC—Denial
9F0F: IAC—Online
5F28: Issuer Country Code
9F4A: Static Data Authentication Tag List
8C: CDOL1
ICC Public Key Certificate 9F46
8D: CDOL2
ICC Public Key Exponent 9F47 03
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 7-11
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
ICC Public Key Remainder 9F48Determined by issuer/personalizationsystem
DDOL 9F49 9F3704
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag84
Dedicated File Name 84 A0000000041010
Application Label 50 MC Electronic or MC ELECTRONIC *chg*
Issuer Code Table Index 9F11 Supports the character set of theApplication Preferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 FF00
Log Entry (in the FCI) 9F4D Determined by issuer *chg*
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 00 *chg*
Upper Consecutive Offline Limit 9F23 00 *chg*
Lower Cumulative OfflineTransaction Amount
CA 000000000000 *chg*
Upper Cumulative OfflineTransaction Amount
CB 000000000000 *chg*
CRM Currency Code C9 Same value as Application CurrencyCode tag 9F42
Currency Conversion table D1 Determined by issuer (in case that oneor several entries are not used, pleaseset these entry(ies) with CRM CurrencyCode)
CRM Country Code C8 Same value as Issuer Country Code tag5F28
PIN Try Limit N/A 03 or greater
PIN Try Counter 9F17 03 or greater
Reference (Offline) PIN N/A Determined by issuer
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
©2010 MasterCard7-12 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for MasterCard ElectronicProfile 53: MasterCard Electronic with DDA and offline PIN—Full Chip Issuer
Data Element Name Tag Mandatory Value
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 00 00 00
Issuer Action Code—Online 9F0F B8 70 AC 98 00
Issuer Action Code—Default 9F0D B8 50 AC 80 00
CVM List 8E 00000000 00000000 4201 4403 4103 42031E03
Card Issuer Action Code—Decline C3 00 00 00
Card Issuer Action Code—Online C5 1F FB 00
Card Issuer Action Code—Default C4 1F 50 00
Application Interchange Profile 82 38 00
CDOL 1 Related Data Length C7 2B
Application Control D5 8C 00
CDOL 1 8C 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A02 9A 03 9C 01 9F 37 04 9F 35 01 9F 4502 9F 4C 08 9F 34 03
CDOL 2 8D 91 0A 8A 02 95 05 9F 37 04 9F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
Issuer Authentication Flags (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F55 F0
Issuer Proprietary Bitmap (if cardsupports MasterCard AuthenticationSolutions for Chip)
9F56 01 80 00 7F FF FF F0 00 00 00 00 00 0000 00 00 30 00 FF 00 00 00
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version.
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 7-13
Chapter 8 Standard Profiles for CirrusThis chapter details the Standard Profile that is available to an issuer for use with the Cirrus products.
Profile 81: Cirrus............................................................................................................................ 8-1
Cardholder Verification ............................................................................................................ 8-1
Application Usage Control ....................................................................................................... 8-1
Application Interchange Profile ............................................................................................... 8-1
Issuer Risk Management .......................................................................................................... 8-1
MasterCard Authentication Solutions for Chip ......................................................................... 8-1
Data Element List ..................................................................................................................... 8-2
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 8-i
Standard Profiles for CirrusProfile 81: Cirrus
Profile 81: Cirrus *chg*
This Standard Profile is for the issuer of Cirrus cards in either a Full Chip gradeor Mag Stripe grade host processing environment.
The card will always use online PIN at ATMs. If PIN Entry is bypassed orunsuccessful the card will decline the transaction offline.
The card may not operate offline and offline CAM is not supported.
This profile may be implemented on M/Chip 4 Lite or on M/Chip 4 Select.
Cardholder Verification
The Cardholder Verification Method list is Online PIN always. If this CVM is notsucessful, then CVM processing has failed.
Application Usage Control
The card is valid for Domestic and International cash usage.
The card can be used at ATMs or other terminals for cash.
Application Interchange Profile
Functions that the card request to be done are:
• Terminal Risk Management
• Cardholder Verification
Issuer Risk Management
Risk management may be performed by the Terminal via the Issuer Actioncodes (IAC) and by the Card via the Card Issuer Action Codes (CIAC) duringeach transaction.
The card is configured as online only so will never approve an offlinetransaction.
The settings for risk management are:
• If the transaction is an International Transaction, then the transaction mustgo online. If it is not possible to go online then the transaction is rejected.
• If the transaction is an Domestic Transaction, then the transaction must goonline. If it is not possible to go online then the transaction is rejected.
MasterCard Authentication Solutions for Chip
Cards supporting this profile may not optionally support MAS4C (CAP andAA4C) by adding the optional data elements (both IAF and IPB).
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 8-1
Standard Profiles for CirrusProfile 81: Cirrus
Data Element List
Table 8.1—Data Element List
Data Element Name Tag Mandatory Value
Application Currency Code 9F42 Determined by issuer
Application Currency Exponent 9F44 Determined by issuer
Application Effective Date 5F25 Determined by issuer
Application Expiration Date 5F24 Determined by issuer
Application Primary Account Number 5A Determined by issuer
Application Primary Account NumberSequence Number
5F34 Determined by issuer
Cardholder Name 5F20 Determined by issuer
Cardholder Name Extended 9F0B Determined by issuer
Issuer Country Code 5F28 Country code of the bank issuing the card
Language Preference 5F2D Determined by issuer
Track 1 Discretionary Data 9F1F Determined by issuer
Track 2 Discretionary Data 9F20 Determined by issuer
Track 2 Equivalent Data 57 Determined by issuer
bit 8 must be 0 = Application may beselected without confirmation of cardholder
Application Priority Indicator 87
bits 4–1: priority of the application-determined by issuer
Application File Locator 94 Determined by issuer
Application Version Number 9F08 00 02
FCI Issuer Discretionary Data BF0C Determined by issuer
Certification Authority Public KeyIndex
8F N/A
Issuer Public Key Certificate 90 N/A
Issuer Public Key Remainder 92 N/A
Issuer Public Key Exponent 9F32 N/A
Static Data Authentication Tag List 9F4A N/A
©2010 MasterCard8-2 1 April 2011 • M/Chip Card Personalization Standard Profiles
Standard Profiles for CirrusProfile 81: Cirrus
Data Element Name Tag Mandatory Value
Signed Static Application Data 93 N/A
Application Identifier if card supportsa PSE
4F Same value as Dedicated File Name tag 84
Dedicated File Name 84 A0000000046000
Application Label 50 Cirrus or CIRRUS
Issuer Code Table Index 9F11 Supports the character set of the ApplicationPreferred Name
Application Preferred Name 9F12 Presence and value determined by issuer
Application Usage Control 9F07 C300
Log Entry (in the FCI) 9F4D Determined by issuer
Default ARPC Response Code D6 0010
Lower Consecutive Offline Limit 9F14 00
Upper Consecutive Offline Limit 9F23 00
Lower Cumulative Offline TransactionAmount
CA 00000000000
Upper Cumulative Offline TransactionAmount
CB 00000000000
CRM Currency Code C9 Same value as Application Currency Codetag 9F42
Currency Conversion Table D1 Determined by issuer (in case that oneor several entries are not used, set theseentry(ies) with CRM Currency Code)
CRM Country Code C8 Same value as Issuer Country Code tag 5F28
PIN Try Limit N/A 01
PIN Try Counter 9F17 01
Reference (Offline) PIN N/A N/A
SM for Integrity Master Key (MKSMI) Determined by issuer
SM for Confidentiality Master Key(MKSMC)
Determined by issuer
AC Master Key (MKAC) Determined by issuer
Key Derivation Index Determined by issuer
Issuer Action Code—Denial 9F0E 00 00 98 00 00
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 8-3
Standard Profiles for CirrusProfile 81: Cirrus
Data Element Name Tag Mandatory Value
Issuer Action Code—Online 9F0F B0 70 04 98 00
Issuer Action Code—Default 9F0D B0 70 04 98 00
CVM List 8E 00000000 00000000 0200
Card Issuer Action Code – Decline C3 00 00 00
Card Issuer Action Code – Online C5 06 FB 00
Card Issuer Action Code – Default C4 46 50 00
Application Interchange Profile 82 18 00
M/Chip Lite: 23CDOL 1 Related Data Length C7
M/Chip Select: 2B
Application Control D5 80 00
M/Chip Lite: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 3501 9F 45 02 9F 34 03
CDOL 1 8C
M/Chip Select: 9F 02 06 9F 03 06 9F 1A 0295 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 3501 9F 45 02 9F 4C 08 9F 34 03
M/Chip Lite: 91 0A 8A 02 95 05CDOL 2 8D
M/Chip Select: 91 0A 8A 02 95 05 9F 37 049F 4C 08
Application Life Cycle Data 9F7E Determined by issuer
See also the card counter and limits data elements shown in AppendixA—Supplementary Data Elements per Card Version
©2010 MasterCard8-4 1 April 2011 • M/Chip Card Personalization Standard Profiles
Appendix A Supplementary Data Elements Per CardVersion
This appendix describes the supplementary data that you need to personalize in M/Chip 4 cards.Some data is specific to the version of the M/Chip specification that you are using.
Counter Limits and Previous Transaction.......................................................................................A-1
Counters and Data Elements with a Fixed Initial Value .................................................................A-1
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 A-i
Supplementary Data Elements Per Card Version
Counter Limits and Previous Transaction
Counter Limits and Previous TransactionData Element Name Tag Recommended Values
Application Transaction Counter Limit 4E 20
Previous Transaction History 00 or 08
Bad Cryptogram Counter Limit 04 00
MAC in Script Counter Limit 0F (See note A below)
Global MAC in Script Counter Limit 00 4E 20 (See note A below)
AC Session Key Counter Limit 04 00 (See note B and C below)
SMI Session Key Counter Limit 04 00 (See note B below)
CFDC limit for Integrity Session Key 02 00 (See note A below)
CFDC limit for Confidentiality Session Key 02 00 (See note A below)
CFDC limit for AC Session Key 02 00 (See note A below)
NOTE
A) M/Chip 4 Version 1.1a only
NOTE
B) M/Chip 4 Version 1.1b only
NOTE
C) If a magnetic stripe grade profile is used for the contact interface or the card is being used forMasterCard Authentication Solutions for Chip, then the AC Session Key Counter Limit must be set tothe same value as the Application Transaction Counter Limit ('4E20').
Counters and Data Elements with a Fixed Initial ValueData Element Name Tag Recommended Values
Cumulative Offline Transaction Amount 00 00 00 00 00 00
Consecutive Offline Transactions Number 00
Script Counter '9F5F' 00
Log of The Current Transaction x (x=1...10 or more) 00…00
Application Transaction Counter '9F36' 0000
Global MAC in Script Counter 000000 (See note A)
AC Session Key Counter 0000 (See note B)
©2010 MasterCardM/Chip Card Personalization Standard Profiles • 1 April 2011 A-1
Supplementary Data Elements Per Card Version
Counters and Data Elements with a Fixed Initial Value
Data Element Name Tag Recommended Values
SMI Session Key Counter 0000 (See note B)
Bad Cryptogram Counter 0000
Security Limits Status 'DF02' 00 (See note B)
NOTE
A) M/Chip 4 Version 1.1a only
NOTE
B) M/Chip 4 Version 1.1b only
©2010 MasterCardA-2 1 April 2011 • M/Chip Card Personalization Standard Profiles