payments api EMV data cybersource

Question

I am trying to use the Payment API using EMV data at cybersource.

https://apitest.cybersource.com/pts/v2/payments

This information needs to send: I am not sure where I can get the Tags and and how to structure the Track Data.

"pointOfSaleInformation": { "terminalId": "12345678", "catLevel": "2", "entryMode": "contactless", "terminalCapabiity": "5", "terminalPinCapability": "0", "emv": { "tags": "5F2A0209768407A00000000410109F360200039F03060000000000009C01005F3401019F10120110A0000F040000000000000000000000FF9F33030008C89A032204259F2608093A260A58500E949F2701809F020600000000010082021B809F34033F00029F1A0209769F37046F4D8104950500200000019F6E06005601023030" }, "trackData": ";5413330089700042=49122010123456789?", "serviceCode": "201" }

I am using this Testing Master card data getting from EMV READER. Not sure What i am missing.

==================

command :00A404000E325041592E5359532E444446303100 result =6F23840E325041592E5359532E4444463031A511BF0C0E610C4F07A00000000410108701019000 command :00A4040007A000000004101000 result =6F3B8407A0000000041010A530500F505043204D43442030312076322032BF0C1C5F5019494343534F4C205C2A2F204D43443031205C2A2F2076322E329000 command :80A8000002830000 result =7716820259809410080101001001010118010200200102009000 command :00B2010C00 result =707C9F6C0200019F62060000003800009F630600000000E0E0563B42353431333333303038393630303031305E5449502F504159504153535E32353132323031303030303030303030303030303030303030303030309F6401039F6502000E9F66020E709F6B135555555555554444D25122019000990000000F9F6701039000 command :00B2011400 result =7081AD57115555555555554444D251220101234091725A0855555555555544445F200C455445432F504159504153535F24032512315F25030401015F280200565F3401018C219F02069F03069F1A0295055F2A029A039C019F37049F35019F45029F4C089F34038D0C910A8A0295059F37049F4C088E0E000000000000000042035E031F039F0702FF009F080200029F0D0500000000009F0E0500000000009F0F0500000000009F420209789F4A01829000

command :00B2011C00 result =7081A08F01FA9F3201039204D35241079081901889B997E6FCE84B4AE7AB87431CBDB3DF8C1D5A55A7F60D2959AF3A5104E7588317ED74086668CF1A054784F7493C6D747FA796EC14D333A68EC7E00862959A0BD0F0482080B71AC1B7625B1B8B1F35A6691999BA78F592E23F95E99609D108CF1C0E308A8BF64FBDE837D3CE138A50DC50AF4B41EE53D98A11B6A81DDD44CC430C1EF3BB9D1D75A02FAA9C814AFC589000 command :00B2021C00 result =707293702C126F220EF4BF638970F8ABEEDD8B84868F66B17E12BF0FFD71C0BE57EA0B8061B3B1D53679FB6A1BDDF459781C4EBBF8928D274E23C197FC32EF4C9625A61FFC0FF258FFDF8651C77CA53EF0E83F04249E2C4395A507E1EC0CBC45AE23733FE3265205D30F61EA16A4F41A925F0E729000 command :00B2012400 result =70219F4701039F481A00000000000000066000000000000000000000000000000000559000 command :00B2022400 result =70739F467058A1035BA1333D9F85F0392C4DA1C377B70BC6F39B64D767FA31313BB47FB890650B1E372A1B1B024C8AD19FE38D412CCA433E48C3A1A18AA9F1B73497DCE9876944029664202485F39DA5532BFA60F5C53706A9BE016F0576BB1C2F704903D1EADD1A2132DB5C4B07D8323B6EE1B68F9000

Get correct data and send it to API

Answer 1

the command-result string pairs you got from the EMV reader app are data exchanges between the terminal and the card--the commands come from the terminal/reader and the results from the card (or card emulator).

Each byte string (an "APDU") contains nested data structures that include different types of control information as well as the data from the card and the terminal. The data, and some of the control structures, are given as tags in "TLV" (tag, length, value) format.

To understand the APDU formats and the relevant tags, you should read through the introductory EMV books 1 and 3, and then book C-2 for Mastercard -- see https://www.emvco.com/specifications/. For example, the first command-result pairs in your reader output break down like this:

COMMAND: 00 A4 04 00 0E
    A4: SELECT
    DATA: 325041592E5359532E444446303100 ("2PAY.SYS.DDF01")

RESPONSE:
6F 23  840E325041592E5359532E4444463031A511BF0C0E610C4F07A0000000041010870101    File Control Information
    84 0E  325041592E5359532E4444463031    DF NAME: "2PAY.SYS.DDF01"
    A5 11           FCI Proprietary Template
        BF0C 0E  610C4F07A0000000041010870101   # FCI Issuer Discretionary Data
              61 0C  4F07A0000000041010870101       # FCI Application Directory Entry
                  4F 07  A0000000041010                 # ADF Name: MASTERCARD CREDIT/DEBIT
                  87 01  01                             # Application Priority Indicator
    90 00                                 SW1 SW2

COMMAND: 00 A4 04 00 07
    A4: SELECT
    DATA: A000000004101000

RESPONSE:
6F 3B  8407A0000000041010A530500F505043204D43442030312076322032BF0C1C5F5019494343534F4C205C2A2F204D43443031205C2A2F2076322E32    File Control Information
    84 07  A0000000041010    DF NAME: MASTERCARD CREDIT/DEBIT
    A5 30           FCI Proprietary Template
          50 0F  505043204D43442030312076322032 # Application Label: "PPC MCD 01 v2 2"
        BF0C 1C  5F5019494343534F4C205C2A2F204D43443031205C2A2F2076322E32 # FCI Issuer Discretionary Data
            5F50 19  494343534F4C205C2A2F204D43443031205C2A2F2076322E32 # Issuer URL: "ICCSOL \*/ MCD01 \*/ v2.2"
    90 00                                 SW1 SW2

[Secondly, from a compliance point of view, you can't just use a reader application to read cards and submit transactions. You need to write an "entry point" (as specified in EMV books A and B) and "kernels" for your reader that follow the C-2 and C-3 specifications for Mastercard and Visa. Those kernels needs to be tested and approved by a lab accredited by Mastercard. Plus your terminal app needs to meet PCI's respective security standard (PCI CPOC or SPOC if you're developing a mobile app) and be tested/approved against that standard. Your processor will require these approvals before you can submit transactions through Cybersource to the processor.]