Transcript
MasterCard PayPass ®
™
Mag Stripe, Terminal Implementation Requirements
TABLE OF CONTENTS 1
PURPOSE OF THESE REQUIREMENTS ....................................................................................2 1.1 Scope of These Requirements ........................................................................................2 1.2 Effect of These Requirements ........................................................................................2 1.3 Guidance on Terminology ..............................................................................................3
2
MASTERCARD PAYPASS OVERVIEW......................................................................................4 2.1 What Is MasterCard PayPass? ........................................................................................4 2.2 How Is MasterCard PayPass Used? ................................................................................7 2.2.1 The Payment Process............................................................................................7 2.2.2 Where Can MasterCard PayPass Be Used? ..........................................................8 2.3 How MasterCard PayPass Works ....................................................................................9 2.3.1 MasterCard PayPass Cards and Devices................................................................9 2.3.2 MasterCard PayPass Terminals............................................................................12 2.3.3 How to Tap PayPass Cards and Devices ..............................................................13 2.3.4 Ensuring MasterCard PayPass Interoperability ....................................................15 2.4 Processing MasterCard PayPass Transactions ................................................................15 2.4.1 Process Description ............................................................................................15 2.4.2 Transaction Coding ............................................................................................17 2.4.3 POS Entry Mode/POS Terminal Data Input Capability ........................................18 2.4.4 Signature and Chargeback Requirements ..........................................................19 2.4.5 Refunds ............................................................................................................19
3
PAYPASS TERMINAL DEVELOPMENT ....................................................................................20 3.1 License and Specifications ............................................................................................20 3.2 Terminal Configurations ..............................................................................................21
4
TERMINAL REQUIREMENTS..................................................................................................24 4.1 Implementing the PayPass Specifications ......................................................................24 4.1.1 Communication Protocol ..................................................................................24 4.1.2 Application Protocol ..........................................................................................26 4.2 Payment Processing ......................................................................................................29 4.2.1 Identification of PayPass Transactions and Terminal Capabilities ........................29 4.2.2 PayPass Payment Processing Requirements ........................................................30 4.3 Terminal Ergonomics ....................................................................................................33 4.3.1 PayPass Landing Zone Identifier and Operating Volume ....................................33 4.3.2 PayPass Reader Status and Read Indication ........................................................35 4.3.3 Transaction Processing Indicators ......................................................................39 4.3.4 Design Considerations ......................................................................................39 4.4 Physical and Environmental Requirements ....................................................................41
5
PAYPASS CERTIFICATION AND TESTING..............................................................................42 5.1 PayPass Terminal Testing ..............................................................................................43 5.2 Design Review..............................................................................................................45 5.3 TTA ..............................................................................................................................46 5.3.1 TTA Level 1 ........................................................................................................46 5.3.2 TTA Level 2 ........................................................................................................46 5.4 PED Approval ..............................................................................................................47 5.5 TQM ............................................................................................................................47 5.6 POS Systems Testing ....................................................................................................47
APPENDICES ......................................................................................................................................48 Appendix A, Global Operations Bulletin No. 6, 1 June 2005....................................................48 Appendix B, Glossary ..............................................................................................................54 Appendix C, Consumer Interface Methods .............................................................................60 Appendix D, Terminal Requirements Summary ........................................................................65
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
1
1.
PURPOSE OF THESE REQUIREMENTS
The purpose of this document is to help terminal developers and their customers to implement terminal devices that will ensure a quality consumer experience. PayPass enables consumers to either tap their PayPass card or device on PayPass-enabled terminals or use the PayPass card’s traditional magnetic stripe at all other MasterCard locations. These requirements will: • Help terminal vendors to understand PayPass and implement terminals that provide PayPass acceptance. • Provide guidance on integrating PayPass functionality into retail systems using type approved components.
1.1 Scope of These Requirements These requirements are limited to the implementation of MasterCard PayPass—Mag Stripe. This is the version of PayPass intended for use where transactions are predominantly authorized online, such as in North America. It does not describe how to implement other MasterCard chip applications or M/Chip functions. It describes the incremental changes required to enable merchants’ point-of-sale (POS) systems to accept PayPass transactions. These requirements address the requirements that need to be met to support PayPass and associated approval processes for terminal equipment.
1.2 Effect of These Requirements These requirements are intended to provide general guidance to help terminal manufacturers develop equipment to accept PayPass transactions. The responsibility for the content and execution of any implementation for such developments will remain with the terminal manufacturer. To the extent permitted by law, neither MasterCard International nor any of its affiliates, employees, or offices shall be liable to any recipient of these requirements, or any other third party for any loss, damages (including direct, special, punitive, exemplary, incidental or consequential damages), or costs (including attorneys’ fees) which arise out of, or are related to these requirements. The foregoing limitation of liability shall apply to any claim or cause of action under law or equity whatsoever, including contract, warranty, strict liability, or negligence, even if MasterCard has been notified of the possibility of such damages or claim. Where these requirements refer to the availability of services and/or documentation from MasterCard, the terms on which such services or documentation are made available shall be specified by MasterCard as and when such services or documentation are requested.
2
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
These requirements must be kept strictly confidential and must not be disclosed to any third party save to such of your employees as are required to have access to the same in the performance of their duties. Save as above, these requirements may not be duplicated, published, or disclosed in whole or part without the written permission of MasterCard International Incorporated.
1.3 Guidance on Terminology Due to the legacy of the plastic card industry and the fact that the first PayPass-compliant form factor is card based, the term “card” is used frequently throughout. However, the contactless nature of PayPass permits non-card form factors. These are referred to as PayPass devices. The functionality of both PayPass cards and devices is driven by the chip inside and is independent of the form factor in which the chip resides. In the majority of cases, the form factor makes no difference to the functionality of a PayPass-compliant terminal, and therefore the default reference for the consumer token in this document is either “PayPass card” or “PayPass card or device.” Where there are specific requirements or considerations resulting from the form factor, mainly in the context of consumer-to-terminal usability, then this will be clear from the use of the reference “device.” All other terms are detailed in Appendix B, Glossary.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
3
2.
MASTERCARD PAYPASS OVERVIEW
2.1 What Is MasterCard PayPass? PayPass is MasterCard International’s proximity payments program. It allows consumers to make MasterCard payments without having to hand over or swipe a payment card. To make a payment, the consumer simply taps their PayPass card or device on to a PayPass reader. The details are read from the card or device using the contactless interface, and an enhanced payment transaction is then performed over the standard magnetic stripe network infrastructure. PayPass is ideal for those environments where speed and convenience are valued; for example, fuel pumps, quick-service restaurants (QSRs), drive-thrus, convenience stores, vending machines, and toll booths. MasterCard PayPass cards look similar to standard MasterCard cards, except that they include the PayPass identifier on the front and a shorter signature panel, as used for chip cards, on the back. However, in addition to a magnetic stripe on the back, embedded inside the card there is a contactless chip that stores and processes the payment account data and a connected antenna that typically runs around the perimeter of the card as shown in Figure 1a or, in some circumstances where fourth-line embossing is required, in a reduced configuration (Figure 1b).
Figure 1a, MasterCard PayPass Card with Full Antenna Configuration
Figure 1b, MasterCard PayPass Card with Reduced Antenna Configuration
4
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
PayPass devices are available in a variety of forms, from the traditional card introduced above to smallersized 2D and 3D key fobs. In fact, PayPass devices have the potential to be a wide range of shapes and sizes. The design choice resides with the financial institution issuing the device to the consumer. While the external shape and size can vary, the internal workings of all PayPass devices are similar. Each device contains a chip that stores and processes account data along with an antenna that is used to transmit data through the air to the PayPass reader, and from the reader to the card or device. The antenna is connected to the chip and, typically, runs near the inside perimeter of the card or device. PayPass devices (2D and 3D fobs) typically make use of the same chip and application software as PayPass cards, but with the chip and antenna contained in a different housing. PayPass devices conduct MasterCard PayPass transactions in the same way as PayPass cards. To make a payment, a PayPass device is tapped on a PayPass reader in the same way a PayPass card would be. PayPass readers do not need to be changed to accept PayPass device-initiated transactions. Examples of two potential PayPass device designs, a 2D fob and 3D fob, are illustrated below:
Figure 2, MasterCard PayPass 2D Fob
Figure 3, MasterCard PayPass 3D Fob
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
5
2. MASTERCARD PAYPASS OVERVIEW
MasterCard PayPass consumers simply tap their card or device on the PayPass reader (read starts typically within 1.5 inches or 4 cm). The PayPass “landing zone,” where consumers should tap their card or device, is clearly indicated by the PayPass landing zone identifier, an example of which is shown in Figure 7.
Figure 4, MasterCard PayPass Device Presentation
MasterCard PayPass readers include an antenna and connected electronics that allow a PayPass card or device to be read. These readers may be integrated within a payment terminal or stand alone. MasterCard PayPass–capable POS terminals therefore may support acceptance of both traditional magnetic stripe and PayPass, or PayPass-only transactions. Examples of both types are shown below.
Combined Magnetic Stripe Terminal and PayPass Reader (with PIN pad and electronic signature capture display)
PayPass-only Reader
Used to provide PayPass and magnetic stripe acceptance at POS
Used to provide PayPassonly acceptance at POS Figure 5, MasterCard PayPass POS Equipment
6
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Once the data has been read by the PayPass reader, the payment transaction data is passed through the merchant’s POS system and is processed through the payment systems network used for existing card-based transactions. The MasterCard PayPass program includes the following: • Detailed specifications for all aspects of the program • Type approval services for vendor products (cards, terminals, and devices) to ensure compliance with the specifications and interoperability • Marketing and promotional materials and advertising • Consumer marketing materials for issuers • Merchant POS materials • Business and technical support to MasterCard issuers, acquirers, and merchants deploying PayPass
2.2 How Is MasterCard PayPass Used? 2.2.1 The Payment Process A typical PayPass transaction sequence is shown below.
Figure 6, Typical MasterCard PayPass Transaction
Step 1—PayPass terminal/ reader in the ready state waiting for consumer to present card or device. A single indicator light shows the ready state.
Step 2—Consumer taps card or device on landing zone and terminal reads data. Once completed, visual and audible cues are provided.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Step 3—Consumer removes card or device. The visual indicators go off and the transaction is processed in the normal way by the merchant.
7
2. MASTERCARD PAYPASS OVERVIEW All PayPass terminals must identify where a customer must tap their PayPass card or device to achieve a successful read; this identified area is referred to as the “landing zone.”
Figure 7, Example of a MasterCard PayPass Landing Zone Identifier
The landing zone must be a clearly distinguishable area on the terminal. To ensure a consistent approach of identifying the landing zone, the contactless symbol must be placed in the center of the landing zone in a position on the terminal that indicates the strongest part of the radio frequency signal that the terminal generates, referred to as the “operating volume,” to read the PayPass card or device. If space permits, MasterCard PayPass and other scheme branding may also be placed on the landing zone as long as branding rules are maintained and the contactless symbol is not obscured in any way and continues to indicate the center of the landing zone. If space on the landing zone does not permit scheme branding to be included, then this should be placed in such a way as not to detract the customer from identifying the contactless symbol and the landing zone. MasterCard PayPass terminal product approval uses the contactless symbol during testing to identify the landing zone and test that the center of the contactless symbol is positioned directly over the strongest part of the operating volume. 2.2.2 Where Can MasterCard PayPass Be Used? The MasterCard PayPass contactless functionality can be used at any merchant location that has installed PayPass terminals. The merchant segments where PayPass is expected to be most attractive include: • QSRs/Fast Food Restaurants (MCC 5814)
• Video Rental Stores (MCC 7841)
• Movie Theaters (MCC 7832)
• Bookstores (MCC 5942)
• Parking Lots (MCC 7523)
• Music Stores (MCC 5735)
• Convenience Stores/Vending Machines (MCC 5499)
• Newsstands (MCC 5994)
• Drug Stores/Pharmacies (MCC 5912)
• Grocery Stores/Supermarkets (MCC 5411) • Dry Cleaners (MCC 7216)
• Gas Stations/Petroleum (pay-at-the-pump and in-store) (MCC 5541)
8
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
2.3 How MasterCard PayPass Works 2.3.1 MasterCard PayPass Cards and Devices PayPass cards and devices all consist, at the basic level, of an antenna connected to a chip in a module (b and c in Figure 8 below). These components are typically encapsulated into “carriers” of different shapes and sizes. For a MasterCard PayPass card, the components are contained in a card-sized sheet of plastic, known as an inlay (b, c, and d). This inlay is sandwiched between front and back plastic sheets (a and e) to form a finished card.
(a) Card Front (b) Antenna (c) Chip Module/Package (d) Inlay (e) Card Back
Figure 8, MasterCard PayPass Card Construction
The PayPass chip is encoded with data and contains cryptographic data used to authenticate the card or device to the issuer. PayPass chips are both powered by and communicate using radio frequency (RF) energy provided by the PayPass reader. In simple terms, the reader makes energy available to the chip by inducing an electromagnetic field into the air close to the reader. When the chip is moved into this field, electrical energy is provided to it via the antenna (a coil of wire). This energy is used to power the chip; the PayPass card or device does not need a battery. In addition to powering the chip, the reader communicates information to it by changing the amount of energy sent. The chip detects the changes and captures messages from the reader. The chip is also able to send messages to the reader by changing the amount of energy that it uses. The reader detects the change in energy and uses this to understand messages sent back to it.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
9
2. MASTERCARD PAYPASS OVERVIEW
The contactless nature of the chip and reader interaction allows the form factor that contains the PayPass chip and antenna to vary in shape and size, since they do not need to be physically inserted or slid through a reader. MasterCard PayPass cards are the traditional bankcard size and shape as defined by ISO 7810. MasterCard PayPass devices, however, can be created in a variety of forms depending on issuer requirements and consumer needs. For example, a small device may be created that can be attached to a key ring, which, as it is easily carried, may increase convenience for the consumer. Although PayPass devices do not look like PayPass cards, their internal workings may be the same. They typically contain the same chip, the same application software, and a radio antenna. As the antenna usually runs around the edge of the device, it is likely that the internal layout of components will be different for each device design. The use of a MasterCard PayPass device is permitted only as a companion device to a MasterCard card. From a consumer’s point of view the most significant difference between PayPass cards and devices is their physical appearance. MasterCard has not imposed constraints on the physical size and shape of PayPass devices and, providing the device complies as required with all MasterCard branding, rules, and approval requirements, issuers are able to use any design form factors. The following diagram illustrates an example of a PayPass 2D fob that could be manufactured and personalized in the same way as a PayPass card. A small signature panel is provided with room for an external unique identifier.
Figure 9, MasterCard PayPass 2D Fob
In common with a full-sized card, the PayPass 2D fob contains all the elements needed for PayPass proximity payments. The difference is that the antenna is smaller. This is illustrated in Figure 10.
10
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
(a) Fob Back Containing Signature Panel (optional) (b) Antenna (c) PayPass Chip (d) Inlay (e) Fob Front
Figure 10, MasterCard PayPass 2D Fob Construction
An example of a PayPass 3D fob that attaches to a key ring is illustrated in the diagram below.
Figure 11, MasterCard PayPass 3D Fob
As with a standard MasterCard PayPass card, the PayPass 3D fob contains all the elements needed for PayPass transactions, with antenna design such that the minimum requirements for range can be met. It is also possible for PayPass chips to be embedded into consumer devices, such as a watch or a cell phone, either during manufacture or after purchase. In these circumstances, the consumer device may well have a pre-existing antenna (e.g., a cell phone).
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
11
2. MASTERCARD PAYPASS OVERVIEW
2.3.2 MasterCard PayPass Terminals Information communicated by the PayPass chip is taken by a PayPass reader, formatted appropriately, and then processed through the merchant’s existing POS systems for authorization, clearing, and settlement. All MasterCard PayPass terminals utilize a common user interface to provide a consistent consumer and merchant experience. This ensures that consumers and merchants always know what to expect at the POS when using PayPass. This is a key element in making PayPass “The Simpler Way to Pay™.” Audiovisual cues are used to guide consumers through a PayPass transaction, as follows: 1) Ready State The PayPass terminal is in the ready state when a single indicator light shows. This indicates that the PayPass reader is ready to accept a PayPass card or device.
2) Reading The PayPass reader detects that a MasterCard PayPass card or device is present and reads the data required for processing the transaction. PayPass reading range is typically 1.5 inches (4 cm).
3) Completion State Once the PayPass card or device has been read (this typically takes 0.2 seconds), the terminal will display a sequence of visual indicators, and a sound cue, usually a number of beeps, is heard. Once all visual indicators are lit, they will stay on for approximately 0.3 seconds, during which the sound cue can also be heard. This indicates that the consumer can remove the PayPass card or device. 4) Final End State or Error Soon after the PayPass chip is read, the terminal returns to the ready state, waiting for the appearance of a new PayPass card or device. In some cases, the PayPass reader may fail to read the card or device (e.g., if it is not PayPass capable or if more than one PayPass card or device is detected). In this case, neither visual nor audible cues will operate and the PayPass terminal will remain in the ready state. Figure 12, Typical MasterCard PayPass Terminal Audiovisual Sequence
12
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
While the reader indicates a successful read using visual and audible cues, it is important to remember that a successful read is only the first step in a payment transaction. The PayPass visual and audible cues do not indicate that the transaction has been authorized, just that the PayPass read process is complete and the consumer can remove their card or device from the reader. The authorization is indicated by the POS equipment in the same manner as for all MasterCard-based transactions. 2.3.3 How to Tap PayPass Cards and Devices In order for PayPass cards and devices to be read, they must be presented to the PayPass terminal in the correct manner as shown in Figure 13 (a and b) below. This is where the card or device is in the center of the landing zone and is close to being flat against the universal contactless symbol shown in Figure 13(c).
a) Correct “almost-flat” presentation for PayPass card
b) Correct presentation (keys and other contactless devices held away from the terminal) for PayPass fob
c) Universal contactless symbol
Figure 13, Correct Presentations of PayPass Cards and Devices
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
13
2. MASTERCARD PAYPASS OVERVIEW
Presenting a PayPass card or device on edge to the landing zone (Figure 14 [a and b]), as if cutting it with a knife, or with other PayPass cards or devices or other non-PayPass contactless cards or devices at the same time (Figure 14[c]) is incorrect; only the PayPass card or device to be used should be presented.
a) Incorrect “on-edge” card presentation
b) Incorrect “on-edge” device presentation
c) Incorrect presentation: only the PayPass card or device to be used should be presented, e.g., a wallet/purse with multiple cards should not be presented.
Figure 14, Incorrect Presentations of PayPass Cards and Devices
If a PayPass card or device is attached to a bunch of keys, other metallic objects, or other contactless devices as shown in Figure 15, these should all be kept away from the terminal, typically in the palm of the user’s hand. If keys or other contactless devices are presented to the PayPass terminal they may interfere with the reading of the device being presented.
Incorrect presentation: other metallic objects or other contactless devices should all be kept away from the terminal, typically in the palm of the user‘s hand.
Figure 15, Incorrect Presentation of Other Object or Contactless Device
The likelihood of a terminal read error will be greatly diminished if the guidelines above are followed. 14
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
2.3.4 Ensuring MasterCard PayPass Interoperability PayPass cards, devices, readers, and terminals are manufactured by multiple vendors. To ensure that all PayPass cards and devices work with all PayPass readers, MasterCard provides detailed specifications and requires vendors to submit products for type approval testing before deploying these into the marketplace. The MasterCard PayPass specifications are based on international standards for contactless chip cards, namely the ISO/IEC 14443 standard. The detailed MasterCard PayPass specifications, available to licensees, can be obtained by sending an e-mail request to
[email protected].
2.4 Processing MasterCard PayPass Transactions 2.4.1 Process Description Once a card or device has been read, the authorization message is transmitted to the acquirer in the same way as a traditional magnetic stripe transaction. While no new data protocols are necessary, it is important to note the following aspects of MasterCard PayPass transaction processing: • Transaction Authorization and Clearing—These process flows are the same as for magnetic stripe transactions or M/Chip transactions. • Transaction Coding—PayPass is designed to have minimal impact on merchants’ and acquirers’ existing systems. Merchants do, however, need to ensure that their acquirer has up-to-date information on PayPass terminal capability, that PayPass transactions are coded correctly, and that the acquirer has completed end-to-end testing with MasterCard CIS to ensure data element compliance with credit, signature debit, and PIN debit transactions. (More detail on transaction coding is provided in Section 2.4.2, Transaction Coding.) • Existing Payment Program Rules—PayPass improves the process for reading the payment account data and can be used with different payment products. However, it is important to remember that the rules applying to these underlying payment programs must still be observed. Therefore, if the underlying payment program requires that the consumer sign a receipt or enter a PIN, then all participants in the payment process must comply with these requirements.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
15
2. MASTERCARD PAYPASS OVERVIEW
A typical PayPass transaction is shown in the sequence below: 1
Transaction amount sent to PayPass-enabled consumer-facing terminal (CFT) a from the electronic cash register (ECR) b . The CFT a is connected to the ECR via a cable c so that dual amount entry is not required.
2i
Consumer presents device to CFT.
2ii PayPass reader reads data from the PayPass device
in 0.2 seconds. 2iii PayPass device is removed.
3
If required, consumer enters PIN for online verification. This is submitted as part of the online authorization process detailed next.
4
Online authorization of the transaction is obtained (via high-speed connection such as a DSL modem) from the payment acquirer d .
5
When required, a receipt is printed 5i and a consumer signature is physically 5ii or electronically captured 5iii .
Figure 16, Typical MasterCard PayPass Transaction Including Authorization
REQUIREMENT 1
MasterCard PayPass transactions must be processed online to realize full risk management capabilities.
16
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
MasterCard PayPass transactions are passed from the merchant to the payment account issuer via the merchant acquirer in the normal way, consistent with the rules for the underlying payment program. The only difference is that the transaction is coded to indicate a PayPass-read transaction using the correct POS entry mode and Terminal Data Input Capability values in the relevant data elements within the various MasterCard network messages. These values are used by the MasterCard payment account issuer to identify and differentiate PayPass-read transactions from magnetic stripe–read transactions and to allow appropriate risk management decisions to be made. 2.4.2 Transaction Coding It is important from a risk management and information management perspective that MasterCard PayPass transactions and PayPass terminal capability can be identified from transaction data. Issuers, acquirers, merchants, and MasterCard require information on the entry mode for each transaction and the POS terminal capability to: • Identify and prevent fraud at the merchant. • Monitor usage of cards, devices, and terminals. • Track terminal PayPass capability. • Measure return on investment in enabling cards or devices and POS terminals. • Manage chargeback processing. To facilitate the above, the POS system must include new values in certain existing data elements in the authorization and clearing records. • The appropriate Banknet and GCMS messages must be populated with the corresponding POS entry mode. • It is also important to indicate whether the POS is PayPass-enabled or not (regardless of how a transaction is initiated).
REQUIREMENT 2
Correct coding and processing of MasterCard PayPass transactions and terminal capability are mandatory for all PayPass authorization and clearing messages.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
17
2. MASTERCARD PAYPASS OVERVIEW 2.4.3 POS Entry Mode/POS Terminal Data Input Capability Merchant POS systems must provide the information needed by acquirers to populate data elements that indicate a PayPass transaction. Merchants must ensure that: • POS equipment communicates the POS entry mode (contactless, swiped, or keyed) to their acquirer. Acquirers must ensure that: • Merchants are fully aware of the capabilities of each terminal, particularly those that are enabled to accept PayPass cards or devices. • They correctly code and pass the Banknet and GCMS messages to indicate the correct POS entry mode (contactless, swiped, or keyed). • They correctly code transactions to indicate that a terminal is able to accept PayPass cards or devices. This is normally done by the acquirer managing a list of terminal capabilities against the terminal identification number. PayPass issuers must ensure that: • Their systems can correctly receive and process the messages containing the POS entry mode (DE 22) and POS Terminal Device Data Input Capability (DE 61) data elements and make appropriate authorization decisions. More Information Details of the above requirements can be found in Section 6 of the MasterCard PayPass Product Guide (available by sending an e-mail to
[email protected]) and in the appendices of these requirements as noted: • Appendix A, “Data Element Values for MasterCard PayPass,” Global Operations Bulletin No. 6, 1 June 2005, pp. 60–65
18
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
2.4.4 Signature and Chargeback Requirements The rules governing PayPass-read payment transactions are dictated by the rules of the payment product (credit, debit, etc.) referenced by the account number on the PayPass card or device, and the rules governing acceptance in the merchant location where the transaction occurs. While the fundamentals of a transaction remain the same, the physical characteristics of PayPass devices may introduce some differences in the overall payment process—for example, when making a purchase, a PayPass card or device remains in the possession of the consumer throughout the transaction, and the device itself may not have a signature panel, making signature verification challenging. These variations have been accommodated by changes to the rules governing the underlying payment product. A signature is not required and a receipt is optional for a transaction equal to or less than the equivalent of US $25 undertaken using a PayPass card or device. PIN may be required for debit. A properly identified PayPass transaction (magnetic stripe-read or M/Chip-read), equal to or less than the equivalent of US $25, is protected against chargebacks under the following reason codes: Message Reason Code 4801 4802 4837
Description Requested Transaction Data Not Received Requested/Required Information Illegible or Missing No Cardholder Authorization
NOTE
For Quick Payment Service (QPS) registered merchants who accept PayPass, the QPS program supersedes the PayPass rules. For more information on the QPS program, please refer to the QPS Manual. 2.4.5 Refunds The processes associated with MasterCard PayPass transactions are identical to those for traditional magnetic stripe card–read transactions. Therefore, if a consumer is entitled to a refund or if a transaction needs to be voided, existing processes apply. One of the requirements for refunds is that the originating card or device be used at the time of the refund. This requirement is unchanged; the PayPass card or device should be used to process refunds. Merchants must ensure that the consumer refund service area is suitably equipped with PayPass terminals.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
19
3.
PAYPASS TERMINAL DEVELOPMENT
3.1 License and Specifications The following PayPass specifications are available to companies who have entered into a PayPass license agreement with MasterCard. • PayPass—ISO/IEC 14443 Implementation Specification • PayPass—M/Chip Technical Specification • PayPass—Mag Stripe Technical Specification • MasterCard PayPass Branding Guidelines These are the defining documents to be used for developing MasterCard PayPass–compliant terminals. NOTE
To become a PayPass licensee and obtain the latest specifications, send an e-mail to
[email protected].
The remainder of this section provides an overview of the possible set up of PayPass-capable POS payment systems. This is intended to convey that there are a number of possible ways to implement PayPass. Section 5 concentrates on providing guidance on terminal design and implementation of the above specifications. Compliance with these requirements will ensure the optimal level of quality for MasterCard PayPass terminals. The license agreement requires the licensee to submit PayPass-enabled terminals to MasterCard International’s testing and type approval process to determine compliance with the above specifications. The details of the testing and certification processes are contained in Section 4 of these requirements. The specifications and the testing process represent the minimum level of quality required for MasterCard PayPass terminals.
20
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
3.2 Terminal Configurations PayPass acceptance functionality may be included within, or added to, existing POS systems in a number of ways. For the purpose of these requirements, a functional block diagram of a PayPass acceptance terminal system is shown in Figure 17 below.
Figure 17, Block Diagram of a PayPass Acceptance Terminal System
REQUIREMENT 3
Connecting a PayPass reader to an existing magnetic stripe terminal using any form of dynamic magnetic stripe or magnetic induction coupling to the existing magnetic stripe reader is not permitted by MasterCard.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
21
3. PAYPASS TERMINAL DEVELOPMENT
Based on the generic functional model shown in Figure 17, two typical terminal system configurations are shown in Figures 18 and 19.
Figure 18, Example of a Typical PayPass Terminal Configuration
In the example shown above, the PayPass payment terminal includes all the payment device processing functionality required to process a transaction. Communication with an acquirer is via the provision of a suitable communication interface. Within a retail environment, this terminal enables PayPass acceptance and can replace the current payment device acceptance terminal.
22
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
In the example shown below, a PayPass peripheral reader is designed only to add PayPass acceptance functionality to an existing POS system. The PayPass reader operates independently of the POS system, containing functionality to communicate with PayPass cards and devices and provide data equivalent to a magnetic stripe image to the POS system. Typically, such a reader will not contain any credit/debit processing functionality or the ability to communicate with the acquirer.
Figure 19, Example of a Typical PayPass Terminal Configuration
NOTE
PayPass terminal/reader vendors are not limited to implementing the configurations shown in Figures 18 and 19.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
23
4.
TERMINAL REQUIREMENTS
This section details specific requirements for designing PayPass-enabled POS terminals. These requirements must be fulfilled by the POS terminal and, where appropriate, other components of the POS system. A summary list of these requirements is provided for reference in Appendix D.
4.1 Implementing the PayPass Specifications 4.1.1 Communication Protocol MasterCard has developed a PayPass-specific implementation specification of the international proximity device standard ISO/IEC 14443. This specification, PayPass ISO/IEC 14443 Implementation Specification, also incorporates aspects on the proximity test methods standard ISO/IEC 10373 part 6. Terminals are required to comply with the PayPass ISO/IEC 14443 Implementation Specification in precedence to the corresponding international standards. The following summary of the differences is given for information only; please refer to the full specification for the normative requirements. REQUIREMENT 4
All MasterCard PayPass terminals must comply with the PayPass ISO/IEC 14443 Implementation Specification.
4.1.1.1 Anti-Collision ISO/IEC 14443 allows for multiple proximity cards in the reader’s field simultaneously. However, the PayPass Implementation Specification determines that only one device should be in the field and specifies that, if the terminal detects multiple cards, the transaction must not start. Therefore, for PayPass, collision resolution is a redundant function. While the PayPass anti-collision procedure is backwards compatible with existing cards and reuses functionality that is already present in terminals, PayPass requires less functionality than defined in the ISO/IEC 14443 international standard. As a result, the terminal should not implement the redundant functionality. The state machine of the terminal is simplified and a number of options in the international standard specifically developed for collision resolution (time slot and probabilistic approach) are not required. Collision detection takes precedence over collision resolution to increase the speed of PayPass transactions.
24
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
4.1.1.2 Specific Device and Terminal Requirements Within the international standard, it is not always obvious to determine whether a requirement applies to the card or the terminal. In some cases parameters necessary for interoperability are not defined or are left open to interpretation. The PayPass ISO/IEC 14443 Implementation Specification seeks to clearly separate card and terminal requirements and ensure all parameters necessary for interoperability are defined. This includes new requirements for signal stability (bandwidth), jitter, duty cycle, and rise and fall times. Additional requirements have also been included to cover exception processing for negative cases. 4.1.1.3 Tolerances Tolerances have been added to all specified parameters and values. These tolerances allow for aging of components, temperature fluctuations, measurement errors, component spread, etc., and are vital to interoperability. 4.1.1.4 Operating Volume Within the international standard, the operating volume of the terminal is defined as “manufacturer specified positions” where the PayPass Coupling Device (PCD) creates the appropriate field to power up a card. The PayPass ISO/IEC 14443 Implementation Specification defines a minimum operating volume, as well as the position of the operating volume with respect to the terminal. The new concept of “landing plane” is introduced in order to guarantee consistent consumer experience independent of shape and size of the terminal. 4.1.1.5 Type A and Type B Interoperability PayPass allows cards and devices to be either Type A or Type B compliant. A PayPass terminal must support both. A new polling protocol has been defined in the implementation specification, supporting both Type A and B, as well as a method of assuring that a card is removed from the field before a new transaction can be initiated.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
25
4. TERMINAL REQUIREMENTS
4.1.2 Application Protocol The PayPass—Mag Stripe Technical Specification detail the terminal application–level requirements and the process for interactions with PayPass cards and devices. This section describes the transaction flow specific to PayPass—Mag Stripe. Typically, this is implemented in the PayPass application logic component, within the PayPass terminal (see Figure 20). REQUIREMENT 5
All MasterCard PayPass terminals must comply with the MasterCard PayPass Technical Specification. This includes all POS terminals, or ECRs, that have a PayPass reader attached, where changes may need to be implemented within POS software. The normative requirements and detail of implementing the functionality given here are defined in the PayPass—Mag Stripe Technical Specification, Part II. For information purposes only, a pictorial representation of the interaction between a PayPass device and reader is shown in Figure 20.
26
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
PayPass—Mag Stripe Terminal/Reader
PayPass—Mag Stripe Card/Device
Detects card or device.
Card or device powers up.
Selects PayPass Payment System Environment (PPSE) and receives list of device applications.
Returns File Control Information (FCI) of the PPSE.
Selects PayPass device application using Application Identifier (AID).
Returns FCI of the payment application.
Initiates new transaction. Processes transaction as PayPass—Mag Stripe.
Increments Application Transaction Counter (ATC). Returns Application Interchange Profile (AIP) and Application File Locator (AFL).
Obtains data elements from device using files at specific positions and initializes processing parameters.
Returns device data (track data, Consumer Verification Method [CVM]).
Creates Unpredictable Number (UN) and sends to PayPass device. Formats discretionary data field and track data for authorization request.
Creates CVC3. Returns CVC3, ATC.
Detects card or device removal.
Card or device powers down.
The reader provides the payment processing engine the data equivalent to Track 1 and 2 magnetic stripe data. Figure 20, PayPass Card/Device Interaction With Terminal/Reader
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
27
4. TERMINAL REQUIREMENTS
The functionality shown in Figure 20 must be completed within 250 ms of a PayPass card or device being presented to the reader. Once the interaction is completed, if the details cannot be transferred within an appropriate period to the payment-processing engine, the card details will be deleted from the reader and the transaction cancelled. REQUIREMENT 6
All MasterCard PayPass terminals must complete the PayPass card- or device-to-POS terminal communication in less than 250 ms. The Track 1 and 2 data sets obtained from the PayPass card may contain different information. Therefore, the data on the two equivalent tracks must not be interchanged. REQUIREMENT 7
The Track 1 and 2 data obtained from the PayPass card or device must be presented to the payment processing engine without modification. The PayPass Mag Stripe application logic component in the terminal does not verify the content of the Track 1 and 2 equivalent data received from the PayPass card. This means no cryptographic functionality is required within this component. However, the PayPass application logic component is required to generate an eight-digit UN to support the cryptographic process undertaken by the PayPass card. The design revision of the hardware and software elements of the PayPass application logic component must be unique and identifiable. In addition, the component must also maintain the version number of the PayPass application with which it is compliant. This is used during interaction with the PayPass card. REQUIREMENT 8
The PayPass application logic component must maintain the version number of the PayPass—Mag Stripe Technical Specification with which it is compliant. The POS system terminal developer is free to select the most appropriate interface type and protocol to be used between the PayPass—Mag Stripe reader, PayPass application logic component, and the payment processing engine. Other than transferring the data correctly, and the payment processing engine being able to identify the entry method used (e.g., contactless, swiped, or keyed), no further requirements are defined for this interface.
28
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
4.2 Payment Processing This section describes the payment processing requirements specific to processing MasterCard payment transactions using the PayPass—Mag Stripe profile. The normative requirements and low-level detail of implementing this functionality are detailed within the following: • MasterCard Scheme Rules. • Acquirer-specific host interface requirements. • PayPass—Mag Stripe Technical Specification, Part II. Processing MasterCard payment transactions that have been obtained using the PayPass interface is fundamentally the same as processing the payment details obtained by swiping the magnetic stripe, with the underlying scheme and payment product rules defining the process and requirements. However, there are some significant variations that the POS terminal must cater to and this section describes these. 4.2.1 Identification of PayPass Transactions and Terminal Capabilities The acquirer of the transaction is required to provide MasterCard and issuers of PayPass cards and devices with confirmation that: • The payment was transacted using the PayPass interface. • The terminal was capable of transacting with PayPass. The process by which the acquirer communicates this data through MasterCard’s Banknet and GCMS systems is defined; however, the process by which this information is transferred from merchant to acquirer is not. Terminal vendors should therefore provide functionality in the terminal that identifies both the payment read process (magnetic stripe swipe, contact chip read, or contactless read) and the terminal’s capabilities to have performed these different read processes. This information should be provided to the acquirer with each transaction, in a manner and format agreed upon with the acquirer.
REQUIREMENT 9
POS terminals must be capable of providing information to connected systems on the payment read process (magnetic stripe swipe, contact chip read, contactless chip read, etc.) for each payment transaction and on the terminal’s capabilities to perform the different read processes.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
29
4. TERMINAL REQUIREMENTS
4.2.2 PayPass Payment Processing Requirements While the specific configuration of POS terminal systems supporting PayPass is left open to accommodate differing merchant requirements, it is important to ensure that the complete system facilitates a fast payment process for PayPass transactions. This is a key component supporting the merchant’s business case and “The Simpler Way to Pay ” proposition that PayPass delivers. REQUIREMENT 10
Double entry of purchase information for PayPass transactions is not permitted. PayPass terminals should therefore be linked to ECR systems for electronic transfer of purchase amount.
Figure 21 provides a walk-through of the typical PayPass-enabled payment process. It should be remembered that this may vary depending on the particular requirements of the purchase transaction, the payment product on the PayPass card and the program rules for the particular merchant environment. The following examples illustrate this point: • When a MasterCard PayPass card or device is used by a consumer to complete a payment transaction for a purchase at or below the equivalent of US $25, the POS terminal must proceed and complete the transaction without any further consideration or merchant interaction, including the entry of a PIN. • For QPS registered merchants who accept PayPass, the QPS program supersedes the PayPass rules. For more information on QPS, please refer to the QPS Manual.
30
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
PayPass—Payment Processing Engine
Receive PayPass Data
Entry of Online PIN
Obtain Authorization
Record Transaction Data
The PayPass reader functional module passes the Track 1 and 2 equivalent data from the PayPass card to the payment processing engine.
Checks (if available) the CVM list provided by the PayPass card,* or uses the default CVM list held by the terminal to establish if consumer verification is needed. If the PIN is required, and supported by the terminal, the reader prompts for the online PIN to be entered by the consumer. Sends authorization request message via a MasterCard acquirer. Uses approval or decline from issuer in response message.
Records transaction data in terminal log for subsequent use in clearing message.
If required, prints receipt. Print Receipt
Capture Signature
If the CVM list requires consumer verification by signature, prompts for signature.
Figure 21, Example PayPass Payment Processing
* Currently, no deployed PayPass devices support CVM list processing. These terminals request consumer verification based on the default rules held internally. However, all terminals must support the processing of a CVM list held by a PayPass card or device.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
31
4. TERMINAL REQUIREMENTS
REQUIREMENT 11
POS terminals must comply with the processing rules defined by the combination of payment product, merchant program, and transaction amount.
REQUIREMENT 12
Subject to compliance with Requirement 8, payment transactions initiated by a PayPass-read process should complete as quickly as possible with minimal additional involvement of the consumer and merchant. As with magnetic stripe–read transactions, the payment processing engine decides whether or not to print a receipt. Additionally, the consumer may request a receipt if they require one. When a receipt is printed, the input method used for the transaction will be identified. This will help both the consumer and the merchant identify if it was a PayPass transaction, in the event of a reversal. REQUIREMENT 13
If the POS device prints a receipt, the input method must be shown as “Contactless” or “CONTACTLESS” for PayPass—Mag Stripe transactions.
It is possible that the consumer will tap their PayPass card on a terminal at any stage in a transaction, as the card is not under the direct control of the POS operator. Such occurrences should be anticipated and have no adverse effect on the processing of the transaction. If the current magnetic stripe–read acceptance procedures allow swiping at any time, the PayPass acceptance process should allow for tapping at any time also. However, the POS system must not buffer or store card details when a PayPass card is presented in advance of a new transaction starting. This is to ensure that details from a previous transaction are not mistakenly used. REQUIREMENT 14
POS transaction reports must specifically identify PayPass transactions.
REQUIREMENT 15
If a payment transaction was originated by a PayPass card or device, then the POS terminal must allow for a transaction reversal to be completed by the same PayPass card or device. NOTE
PayPass cards are not expected to include the consumer name in Track 1 data. POS systems that obtain and make use of the consumer name from Track 1 data obtained from a magnetic stripe read must accommodate this difference. 32 MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
4.3 Terminal Ergonomics MasterCard requires that all PayPass terminals utilize a common user interface to ensure a consistent consumer and merchant experience. This ensures that consumers and merchants always know what to expect when using PayPass. This is a key element of making PayPass “The Simpler Way to Pay.” 4.3.1 PayPass Landing Zone Identifier and Operating Volume MasterCard has developed the PayPass landing zone identifier, an example of which is shown in Figure 22. All PayPass terminals must identify where the consumer must tap their PayPass card or device to achieve a successful read, and this identified area is referred to as the “landing zone.” The landing zone must be a clearly distinguishable area on the terminal. To ensure a consistent approach of identifying the landing zone, the contactless symbol must be placed in the center of the landing zone in a position on the terminal that indicates the strongest part of the radio frequency signal that the terminal generates, referred to as the “operating volume,” to read the PayPass card or device. If space permits, MasterCard PayPass and other scheme branding may also be placed on the landing zone as long as branding rules are maintained and the contactless symbol is not obscured in any way and continues to indicate the center of the landing zone. If space on the landing zone does not permit scheme branding to be included, then this should be placed in such a way as not to distract the customer from identifying the contactless symbol and the landing zone. MasterCard PayPass terminal product approval uses the contactless symbol during testing to identify the landing zone and test that the center of the contactless symbol is positioned directly over the strongest part of the operating volume.
Figure 22, Example of a PayPass Landing Zone Identifier
The shape of the landing zone identifier may be changed to fit the ergonomics of the landing zone, as defined in the MasterCard PayPass Branding Guidelines. REQUIREMENT 16
All MasterCard PayPass terminals must display a PayPass landing zone identifier that includes the PayPass identifier as specified in the MasterCard PayPass Branding Guidelines. NOTE
The MasterCard brand strategy and integration group may be contacted by e-mail at
[email protected] or via the brand identity hotline at (914) 249-1236. MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
33
4. TERMINAL REQUIREMENTS
REQUIREMENT 17
All MasterCard PayPass terminals must use materials for the landing zone identifier that are not degraded by use. The landing zone identifier should show no significant noticeable degradation after one million “contacted” presentations (i.e., where the card or device physically impacts the landing zone during the tap process).
The MasterCard type approval process (see Section 5) will make measurements using the center of the landing zone identifier as the reference position. A minimum operating volume is defined, based on this reference position, within which all PayPass cards and devices must operate correctly. The operating volume is defined within the PayPass ISO/IEC 14443 Implementation Specification and represented in Figure 23 below:
Figure 23, PayPass Operating Volume
REQUIREMENT 18
The landing zone identifier must be positioned on the landing plane at the center of the operating volume generated by the PayPass reader.
NOTE
The operating volume defined within the PayPass specifications represents only the minimum acceptable read range permitted under predefined test conditions. PayPass suppliers should consider the environment in which their products are to be installed and design them such that they always provide acceptable range between the consumer’s card or device and the reader.
34
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
4.3.2 PayPass Reader Status and Read Indication Unlike many magnetic stripe–read payments, where the consumer hands their card to the merchant who then manages the remainder of the payment process, MasterCard PayPass requires the consumer to interact directly with the acceptance terminal. It is critical, therefore, that the consumer find the process simple. The terminal should ensure that the consumer understands what is happening at all stages of the payment process. The following requirements assist the consumer in understanding a) if a terminal is ready to read prior to presentment of a PayPass card or device, b) that it is actually reading during presentment, and c) when it has completed the reading process. The indicators required are a mixture of visual and audio prompts. All PayPass terminals must indicate readiness and a successful device read using a standard set of lights or a standard display sequence. Requirements for the indication are detailed below. REQUIREMENT 19
All MasterCard PayPass terminals must include a single permanent indicator, preferably a green light or a light emitting diode (LED), not more than one-half inch from the PayPass landing zone identifier that indicates the terminal is “powered on” and ready to read PayPass cards or devices.
REQUIREMENT 20
All MasterCard PayPass–equipped POS systems must provide a visible cue, typically on a liquid crystal display (LCD) screen, indicating when the consumer should tap or swipe their card.
4.3.2.1 Visual Indicators Terminals must indicate that a PayPass card or device has been read, either by using a set of lights/LEDs or a set of graphics on a screen/LCD. These must be clearly visible to the consumer throughout the presentment of the PayPass card or device and implemented in accordance with the following detailed timings.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
35
4. TERMINAL REQUIREMENTS
REQUIREMENT 21
When the PayPass terminal uses the light/LED method for read indication, an additional three indicators must light in sequence. These four indicators must be an equal distance apart and this distance must not be less than one-half inch. The four indicators must be identical and positioned on a horizontal line. The indicators must be triggered in sequence with timing as specified in Figure 24, upon successful read of a PayPass device. These lights should be visible to the consumer at all times.
Figure 24, PayPass Audio and Visual Sequence Using Indicators
36
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
REQUIREMENT 22
When the PayPass terminal uses the graphic/LCD method for read indication, it must provide an additional four indicators in the form of the PayPass Radial Mark, as specified in the MasterCard PayPass Branding Guidelines. Indicators must be triggered in sequence with timing as specified in Figure 25.
NOTE
The PayPass ready indicator specified in Requirement 16 is still required if the graphic/LCD method is used.
Figure 25, PayPass Audio and Visual Sequence Using an LCD Screen
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
37
4. TERMINAL REQUIREMENTS The radial mark shown below is for illustration only; please refer to the MasterCard PayPass Branding Guidelines for specific details.
Figure 26, PayPass Radial Mark
REQUIREMENT 23
All PayPass terminals must implement either the light/LED indication method or the graphic/LCD indication method to show that a card or device has been read.
REQUIREMENT 24
PayPass indicators must remain visible to the consumer even when subjected to high levels of ambient light such as sunlight.
4.3.2.2 Diagnostic Signaling The “PayPass ready” indicator in normal operation will remain permanently illuminated and may not be used for other signaling purposes. However, the following options may be incorporated: 1. When the unit is initially powered on, it is optional whether this indicator remains off until the unit is ready to accept the first transaction. 2. When the unit is initially powered on, it is optional whether this indicator may be used for diagnostic purposes. After two seconds of the unit being powered on, the indicator must either remain on or off. 3. It is optional whether internal diagnostics can control this indicator, turning it permanently off when a fault is detected. 4.3.2.3 Audible Indicators In addition to the visual indicators, PayPass terminals must also provide in parallel a sequence of audible tones to alert the consumer to the fact that the terminal has started, is reading, and has finished the reading of the PayPass card or device. The timing of the tones, and the required frequencies that must accompany each visual indication process, are shown in Figures 24 and 25.
38
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
REQUIREMENT 25
All MasterCard PayPass terminals must include an audible cue comprising a sequence of four audible tones to signify the terminal is reading the consumer’s PayPass card. Each tone should be at 1500 Hz (±100 Hz) for 50 ms, followed by a 10 ms gap before the next one. The first tone should commence at the start of the read process. The volume of the audible cue should be at an appropriate level to be heard by the consumer in the target retail environment.
NOTE
When a PayPass card cannot be read, for example when multiple contactless cards or devices are presented simultaneously, an informative message should appear on the consumer display to prompt the consumer to re-present only one.
4.3.3 Transaction Processing Indicators While the reader indicates a successful read with audio/visual effects, it is important to remember that this only starts the normal device transaction—the transaction must still be routed for authorization and clearing. This indicator sequence/animation does not indicate that the transaction has been authorized. This is done as normal by the POS equipment showing additional messages on a consumer-facing display (where a consumer display is supported), to guide the consumer through the payment process. Examples of this are provided in Appendix C. REQUIREMENT 26
POS systems incorporating PayPass must provide clear indication to the consumer when a transaction is being authorized so that the consumer is informed during the short delay while this happens.
4.3.4 Design Considerations Terminals that accept magnetic stripe or contact chip cards must also ensure that there is no confusion about the technology the consumer wants to use (be it magnetic stripe, contact chip, or PayPass). The antenna location, and associated operating volume, must be designed such that they do not interfere with magnetic stripe or contact chip acceptance. If the consumer wants to conduct a magnetic stripe or contact chip transaction with a PayPass device, the magnetic stripe reader and contact chip reader should be sufficiently remote from the PayPass reader to ensure that the PayPass reader does not detect the presence of the device.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
39
4. TERMINAL REQUIREMENTS
REQUIREMENT 27
All MasterCard PayPass terminals must be designed such that when a PayPass card or device is presented, neither the indicators nor the display are visually obscured from the consumer by any of the following: • The PayPass card or device • The consumer’s hand or arm • Keys or anything that can be typically expected to be attached to the PayPass device REQUIREMENT 28
When designing a PayPass terminal, consideration must be made for both left- and righthanded, visually impaired, aurally impaired, and less-able consumers. REQUIREMENT 29
All MasterCard PayPass terminals must be designed to avoid accidental capture of MasterCard PayPass payment account information when a consumer intends to transact using the card’s magnetic stripe or contact chip. The branding requirements for PayPass terminals and readers are defined in the MasterCard PayPass Branding Guidelines. These guidelines define the artwork, colors, and minimum size requirements. The main requirements concern the consumer interface including the landing zone identifier and the radial mark.
MasterCard PayPassExclusive Terminal
Multifunction Terminal
Multifunction Terminal
Figure 27, PayPass Terminal Branding Guidelines
It should be noted that where the MasterCard PayPass brand identifier is displayed with other brands on a POS terminal, the PayPass brand must appear in a size at least equal to the largest other brand displayed.
40
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
4.4 Physical and Environmental Requirements All PayPass terminal equipment must be designed and constructed to be fit for the environment for which it may be installed. For example, in many restaurant or entertainment environments liquid spillage may occur. The reader must also be resistant against the ingress of dirt and be easy to clean. Additionally, as the landing zone is required to be consumer facing, consideration should be made regarding how the reader is to be secured and how robust the reader should be. Statutory requirements also exist in all markets with regard to product safety, emissions, and susceptibility to external influence. Merchants and system integrators may also specify additional physical and environmental requirements. All PayPass terminal equipment must fulfill these requirements with compliance certified as required by statutory bodies. REQUIREMENT 30
Where MasterCard PayPass readers are added as terminal modules, they must meet the same requirements as the base unit, including the following: • Electrical reliability and regulations • Environmental specifications • Transportation (shock and bump, etc.) specifications • Early life failure mode specifications • Electromagnetic compatibility (EMC) specifications • Electrostatic discharge (ESD) specifications • Best practices
REQUIREMENT 31
All MasterCard PayPass terminals must be designed to prevent the introduction of foreign objects which may degrade unit performance or be used to capture PayPass payment application data from the PayPass card or device. NOTE
Consideration shall be given that in some retail environments a consumer-facing terminal may be subjected to physical abuse by consumers. It is recommended that it be constructed from durable materials and have the facility to be securely attached to a counter or mounting location. NOTE
Consideration shall be given that in some retail environments a PayPass terminal may be located in a position where liquid spillage may occur. It is recommended for such environments that the terminal be sealed to prevent liquids from causing damage to the internal components of the device.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
41
5.
PAYPASS CERTIFICATION AND TESTING
PayPass testing and certification processes are part of MasterCard’s approval mechanism to achieve global interoperability of PayPass.
Figure 28, PayPass Global Interoperability
As part of these processes, MasterCard has defined formal certification requirements that must be undertaken before PayPass terminals may be supplied to merchants and used for MasterCard PayPass acceptance. In addition to these formal requirements, MasterCard recommends that further testing be undertaken for each functional element within a system/network as part of supplier’s/acquirer’s business-as-usual commissioning and acceptance processes. Figure 29 illustrates the functional elements of the entire MasterCard PayPass program and the required testing associated with each. The diagram identifies the main elements of terminal testing, which are then examined in individual subsections.
42
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Figure 29, MasterCard PayPass Certification and Testing Overview*
5.1 PayPass Terminal Testing MasterCard provides a range of services and technical support to assist vendors during PayPass development and installation. The support services include product approval and a help desk for responding to technical questions regarding the MasterCard PayPass specifications. The contact e-mail address for this is:
[email protected].
* The POS system shown represents the main logical components; implementations of actual systems may vary.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
43
5. PAYPASS CERTIFICATION AND TESTING
MasterCard’s terminal approval process is based on the following principles: • Terminals supporting PayPass acceptance need to be type approved. • Compliance tests are performed in MasterCard-accredited testing laboratories. • Testing laboratories sign a service agreement with the vendor. • Testing laboratories prepare a detailed test report for the vendor. • The vendor needs to request approval from MasterCard. • MasterCard is the approval authority and issues the approval statement. Vendors can benefit from the approval and support services to ensure that the product implementation complies with MasterCard requirements. MasterCard provides a Terminal Design Review service that will evaluate the design of the terminal at the earliest possible stage against the implementation requirements outlined in this document. This service will also ensure that the Type Approval Testing services are appropriate for the terminal’s design. In addition to formal Terminal Type Approval (TTA) testing of a terminal, MasterCard operates a Terminal Quality Management (TQM) program. Terminals that incorporate a PIN Entry Device (PED) must also be submitted for PED security evaluation. The TQM program assures quality levels for all MasterCard PayPass terminals. TQM provides merchants and acquirers with assurances that the terminal vendor has the capability to produce PayPass product consistent with the original samples for which the TTA approvals were awarded. Therefore repeatability of product conformity is a crucial quality aspect that is assured through the TQM program. The Payment Card Industry POS PED Security Evaluation Program is only applicable for terminals that incorporate the facility to allow the consumer to enter their PIN. It defines the requirements and guidelines for conducting a security evaluation of hardware and application software used to provide this functionality.
44
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Figure 30 below gives an overview of the terminal approval process.
Figure 30, Terminal Approval Process Overview
For more information please refer to the MasterCard documents: “PayPass Terminal Approval Process” or “PayPass Terminal Vendor Approval Services.” Both are available through your MasterCard representative or by contacting the MasterCard PayPass testing team by e-mail at
[email protected].
5.2 Design Review At the earliest possible stage in the development of a PayPass terminal, the design shall be submitted to MasterCard to allow a design review to be performed. The purpose of a design review is to ensure that the proposed PayPass product meets the requirements outlined here with respect to form factor and design. The design review also allows MasterCard to adapt, where required, the available vendor testing services to support the requirements of new PayPass product designs.
NOTE
The design should be submitted to MasterCard as early as possible in the development life cycle.
REQUIREMENT 32
The design of all new MasterCard PayPass terminals must be submitted for review.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
45
5. PAYPASS CERTIFICATION AND TESTING
5.3 TTA The PayPass TTA process is part of the MasterCard approval mechanism to achieve global interoperability of PayPass products. All MasterCard PayPass terminals must be certified. 5.3.1 TTA Level 1 The terminal’s contactless communication interface to the PayPass card or device is tested separately from the PayPass payment application. Interface testing is split into an analog interface test phase (the MasterCard equivalent of ISO/IEC 14443-2), and a digital test phase (the MasterCard equivalent of ISO/IEC 14443-3 and ISO/IEC 14443-4). Terminal samples are to be prepared for testing according to a defined test configuration. A specific test application (“loop-back”) is required to test the PayPass antenna and RF interface separate from the application. MasterCard International–accredited independent testing laboratories conduct all tests. TTA Level 1 provides a document confirming that the specific interface module adheres to the PayPass—ISO/IEC 14443 Implementation Specification. MasterCard maintains a list of approved interface modules for MasterCard acquirers, and suppliers who are part of the MasterCard vendor program. 5.3.2 TTA Level 2 TTA Level 2 testing verifies compliance with the payment application as specified in PayPass— Mag Stripe Technical Specifications. The terminal must have a PayPass antenna and RF interface module that is Level 1–approved. NOTE
TTA Level 2 should only be started once TTA Level 1 has been completed successfully.
MasterCard has prepared test requirements, test cases, and executable test scripts. These test scripts are implemented on a test tool for use in accredited testing laboratories. Level 2 test cases address the functional needs of terminal manufacturers, chip device manufacturers, and application software developers. Test scripts are run according to the test cases published by MasterCard for Level 2 approval. The tool has been optimized for completeness and efficiency and has a user-friendly interface that provides “plug-and-test” capability. TTA Level 2 provides a document confirming that the specific terminal adheres to the PayPass— Mag Stripe Technical Specification. MasterCard maintains a list of approved MasterCard PayPass terminals for MasterCard acquirers.
NOTE
The combination of TTA Level 1 and TTA Level 2 is referred to as TTA.
46
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
REQUIREMENT 33
All MasterCard PayPass terminals must successfully complete the TTA process.
5.4 PED Approval If the PayPass terminal contains a PED to allow the consumer to key in their PIN, then the terminal must also comply with requirements of the Payment Card Industry POS PED Security Evaluation Program. REQUIREMENT 34
All MasterCard PayPass terminals with a PED must additionally have had this approved by the Payment Card Industry POS PED Security Evaluation program.
For more information on this program in relation to a PayPass terminal, please e-mail
[email protected].
5.5 TQM The TQM approval service ensures that terminal vendors follow industry best practices during terminal manufacture. Its objective is to deliver consistently reliable terminals that conform to the original sample tested and approved during the TTA process. TQM monitors all stages of the preparation and production of PayPass terminals, including the design and production of reader hardware, as well as terminal manufacture. REQUIREMENT 35
All MasterCard PayPass terminals must obtain a PayPass TQM Conformity Statement.
Upon successful completion of the TQM process, MasterCard grants a PayPass TQM Conformity Statement. For further information on the TQM process, please e-mail
[email protected].
5.6 POS Systems Testing Sections 5.1 to 5.4 describe the testing and approval processes that a PayPass terminal vendor will need to supply product to merchants, as required by MasterCard for PayPass acceptance. Merchants and acquirers will additionally have their own set of applications, communications, and testing requirements that PayPass terminal developers should consider as they design, build, and test terminals. Once a MasterCard-approved PayPass terminal has been installed by a merchant and transactions can be processed, MasterCard can provide support and recommendations to ensure a successful end-to-end test of the entire payment process. For more information on end-to-end testing support, please e-mail
[email protected]. MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
47
APPENDICES
Appendix A, Global Operations Bulletin No. 6, 1 June 2005
48
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
49
APPENDICES
Appendix A, Global Operations Bulletin No. 6, 1 June 2005—continued
50
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
51
APPENDICES
Appendix A, Global Operations Bulletin No. 6, 1 June 2005—continued
52
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
53
APPENDICES
Appendix B, Glossary
54
Term
Description
2D Device
This term is used to describe the physical characteristics of the device such that, as per traditional ISO 7810 cards, the length and breadth of the device are significantly greater than its thickness. The thickness is uniform across the device and is similar to ISO 7810 cards (e.g., a PayPass 2D fob device).
2D Fob
A 2D PayPass device that is manufactured in the form of a traditional card (ISO 7810) but ends up as a different size and shape. Typically, a PayPass 2D fob will be either die-cut from a full-size card after personalization or a score is made in the card plastic such that it can be snapped out by the consumer after fulfillment.
3D Device
This term is used to describe the physical characteristics of the device such that, unlike traditional cards, the thickness of the device is noticeable and of similar magnitude to its other dimensions (e.g., a PayPass 3D fob device).
3D Fob
A 3D PayPass device.
3DES
Triple DES Cryptographic Algorithm. An enhanced cryptographic algorithm, based on the DES Cryptographic Algorithm, adopted by the National Bureau of Standards for Data Security.
Account Number
The 16-digit identifier of a credit or debit card.
Acquirer
Member of MasterCard International involved in signing and servicing merchants that accept MasterCard.
Antenna
Coil of wire through which RF energy is provided.
Application File Locator (AFL)
Identifies the records available to the application and the reference to their location in files in the chip card’s memory.
Application Identifier (AID)
Identifier of an application in the chip card, coded in hexadecimal.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Term
Description
Application Interchange Profile (AIP)
Indicator of the capabilities of the chip card to support specific functions.
Application Transaction Counter (ATC)
A mechanism for tracking the transactions done using a specific account; used to prevent fraudulent use or cloning of a card or device.
Authorization
The process of confirming that a payment account is valid and is approved.
Broadband
A network connection with capacity to send and receive large amounts of data relatively quickly (vs. dial-up).
Card
Plastic form factor compliant with ISO 7810 that contains a payment application coded on a magnetic stripe.
Card Authentication Method (CAM)
Method used to verify that a card or device is genuinely the one issued to the consumer.
Card or Device Holder
See Consumer.
Card Verification Code 1 (CVC1)
A code contained in a card’s magnetic stripe data that verifies a specific card is physically present at the POS; used to reduce the risk of counterfeiting fraud.
Card Verification Code 2 (CVC2)
Value generated by the issuer and printed on a signature panel on the back of the card; implemented for manual (visual) use during MOTO and e-commerce transactions.
Card Verification Code 3 (CVC3)
Value used in place of CVC1 in the Discretionary Data field of the Track 1 and 2 data for MasterCard PayPass transactions; usually a dynamic cryptogram generated by the card or device, but may be a static cryptogram.
Certification
The process of confirming that a card, device, reader, terminal, or software application is approved for use.
Chargeback
A transaction disputed by the consumer or issuer that is represented back to the merchant.
Clearing
The process of remitting a sales draft for settlement.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
55
APPENDICES
Appendix B, Glossary—continued
56
Term
Description
Companion Card
An ISO-compliant MasterCard card with which a companion PayPass device shares a single MasterCard account relationship between the issuer and the consumer.
Compute Cryptographic Checksum (CCC)
Card/device command supported for PayPass—Mag Stripe transactions; returns the CVC3 value for the transaction.
Consumer
The payment accountholder to whom the PayPass card or device is issued.
Consumer Verification Method (CVM)
Method used to verify the identity of the payment accountholder.
Contactless Chip
The RF chip found inside a PayPass card or device; when connected to an antenna, it permits card or device transactions without swiping the magnetic stripe.
Data Element 22
The portion of a MasterCard authorization message that denotes how the account number was read/entered into the POS device (e.g., magnetic stripe read, key entered, read via a PayPass reader).
Data Element 61
The portion of a MasterCard authorization message that denotes the various capabilities of a POS terminal (e.g., equipped with mag stripe reader, smart card reader, etc.).
Electronic Cash Register (ECR)
Cash register that is integrated with payment acceptance tools and/or order system.
Embedded Device
A PayPass device that is manufactured to be contained in a consumer device such as a watch or a cell phone.
File Control Information (FCI)
The string of data bytes available in response to a SELECT command.
Floor Limit
The preset amount under which a transaction does not require online authorization.
Form Factor
The physical characteristics of a device, including its size and shape.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Term
Description
Help Desk
A call center dedicated to assisting users with a technology (e.g., a merchant help desk might provide information to merchants when they experience difficulty with a terminal).
Implementation Plan
A plan that maps the implementation of a project and all the steps required to achieve this.
Integrated Circuit Card (ICC)
The ISO/IEC term for a chip card/device or a smart card.
International Standards Organization (ISO)
An international organization that sets standards for technology to assure that products are interoperable from one country to the next.
Issuer
Member of MasterCard International that issues MasterCard payment accounts to their consumers.
Kiosks
Locations where consumers interact with or without the oversight of a clerk or merchant staff person.
Linked Card
See Companion Card.
Magnetic Stripe (Mag Stripe)
Reference to a conventional (ISO/IEC 7810) magnetic stripe as defined and used by the MasterCard network.
Magnetic Stripe Reader (MSR)
The part that physically reads the data encoded on a card’s magnetic stripe.
Member
Financial institution registered as a member of MasterCard and involved in issuing or acquiring activity.
Merchant
An organization accepting cards or devices as a payment instrument. Has a relationship with an acquirer.
PayPass Application
The software that executes on a PayPass chip.
PayPass Card
A proximity device containing a PayPass chip and application that has the characteristics of the traditional bankcard form factor, as specified in ISO 7810.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
57
APPENDICES
Appendix B, Glossary—continued
58
Term
Description
PayPass Card (or Device)
Card (or device) provided by an issuer containing a contactless chip that uses RF, supplied via an antenna, to run a PayPass application configured for a consumer.
PayPass Chip
The integrated circuit chip contained within a PayPass card or device that executes the PayPass application.
PayPass Coupling Device (PCD)
The PayPass reader utilizes an inductive coupling, energizing RF field to both power the PayPass card or device and control data exchange when modulated. PCDs typically have an operating range of less than 4 inches and may form part of a merchant terminal.
PayPass Payment System Environment (PPSE)
The list of contactless applications, indicated through their AID, available on a PayPass card.
Personal Identification Number (PIN)
A number used by an issuer to authenticate a consumer (a type of CVM).
PIN Pad
A numeric keypad into which a consumer can type a PIN.
Point of Sale (POS)
The point where a consumer pays for merchandise; may encompass a cash register, card or device terminal, PayPass reader, etc.
Primary Account Number (PAN)
See Account Number.
Processing Options Data Object List (PDOL)
List of data objects that the terminal should provide to the card or device.
Proximity Coupling Device (PCD)
The PayPass reader or terminal.
Proximity Device
A consumer device that can be read from a distance (within a specified range) without physical contact. PayPass cards and devices are proximity devices.
Quick Payment Service (QPS)
A MasterCard program that allows approved merchants in certain merchant category codes to accept transactions under US $25 without a consumer signature.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Term
Description
Quick-Service Restaurant (QSR)
A restaurant where consumers are served food quickly, either via drive-thru or at a counter.
Radio Frequency (RF)
A technology that allows two devices to communicate via radio waves.
Read
The act of a MasterCard terminal communicating with a MasterCard card or device and receiving consumer payment data; this may be via the magnetic stripe swipe process or from a PayPass RF interaction.
Reader
Refers to the terminal component that communicates with the PayPass card or device to receive the required information and transmit it to the POS payment application.
Serial/RS232 Port
A physical hardware interface on a PC, ECR, terminal, or other electronic device used to connect peripheral devices.
Settlement
The process by which an issuer pays an acquirer for transactions made by its consumers.
Stand-alone Terminal
Terminal that is not integrated with a cash register.
Static CVC3
A CVC3 value calculated using a CVC1 algorithm, but using different input data to generate a value that differs from CVC1.
Terminal
Term often used to refer to a POS device.
Transaction
A payment for goods or services.
Unpredictable Number (UN)
A number generated by the PayPass reader that cannot be calculated or predicted in advance.
USB Connections
A physical hardware interface on a PC, ECR, terminal, or other electronic device used to connect peripheral devices.
Vendor
A company that sells terminals or other goods or services.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
59
APPENDICES
Appendix C, Consumer Interface Methods Method 1 Method 1 describes an optimal PayPass transaction instigated by the consumer before the amount payable is displayed and when no signature is required for consumer verification. The consumer is invited to present their PayPass card before the amount payable appears on the consumer-facing display. Typically this means that a consumer may tap their card or device at any time before the account details are needed by the electronic cash register (ECR). The terminal reads the PayPass card or device. When the order is complete the amount payable should be displayed to the consumer. The ECR automatically processes the transaction. The outcome of the authorization request is displayed to the consumer.
Figure C-1, Optimal PayPass Transaction—Pre-amount Tap
60
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
This method: • Optimizes the purchase process because account information is ready for processing, allowing the authorization request to start as soon as the order is complete. • Encourages consumers to present their card or device early, avoiding the delays that sometimes occur when they are asked later in the purchase process, i.e., removes “fumble time” from the purchase. • Simplifies the consumer experience since they may tap their card or device whenever they are ready. • Is not recommended where the amount presented is often disputed by the consumer as this would result in a refund being required, which is undesirable. This method must be implemented carefully to ensure that payment details from the correct card or device are used. For example, any buffer that temporarily stores the card or device details must be cleared after each transaction or after a period of time, if a transaction has not occurred, to avoid the card or device details from an earlier PayPass read being used.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
61
APPENDICES
Appendix C, Consumer Interface Methods—continued Method 2 Method 2 describes an optimal PayPass transaction instigated by the consumer after the amount payable is displayed and when no signature is required for consumer verification. The amount payable by the consumer is displayed on the consumer-facing display and the consumer is invited to present their PayPass card or device. Once the terminal has read the account information, it automatically starts processing the transaction. After obtaining authorization in the normal way the consumer is informed of the outcome.
Figure C-2, Optimal PayPass Transaction—Post-amount Tap
This method: • Is similar in speed to Method 1 except that the transaction does not begin until the consumer has presented their card or device following the amount being presented. • Is similar in simplicity to Method 1 except that the consumer must wait for the amount to be presented before they can present their card. • Ensures that the consumer approves the amount to be charged before presenting their card or device. • Is recommended where the amount may be disputed.
62
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Method 3 Method 3 describes a PayPass debit transaction instigated by the consumer before the amount payable is displayed and when PIN is required for consumer verification. The consumer is invited to present their PayPass card or device before the amount payable appears on the consumer-facing display. Once the terminal has read the account information, the consumer is requested to select either credit or debit. In this method the consumer selects debit and enters their PIN before the terminal continues processing the transaction and displays the amount payable. The transaction is then authorized in the normal way and the consumer is informed of the outcome.
Figure C-3, PIN Debit Transaction—Pre-amount Tap
This method: • Minimizes any delay caused by PIN entry since this can be done while the order is being completed. • Should not be used where amounts are often disputed, as per Method 1.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
63
APPENDICES
Appendix C, Consumer Interface Methods—continued Method 4 Method 4 describes a PayPass debit transaction instigated by the consumer after the amount payable is displayed and when a PIN is required for consumer verification. The amount payable by the consumer is displayed on the consumer-facing display and the consumer is invited to present their PayPass card or device. Once the terminal has read the account information, the consumer is requested to select either credit or debit. In this method the consumer selects debit and enters their PIN before the terminal continues processing the transaction. The transaction is then authorized in the normal way and the consumer is informed of the outcome.
Figure C-4, PIN Debit Transaction—Post-amount Tap
This method: • Is similar in speed to Method 3 except that the transaction does not begin until the consumer has presented their card or device following the amount being presented. • Ensures that the consumer approves the amount to be charged before presenting their card or device. • Is recommended where the amount may be disputed, as per Method 2. 64
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Appendix D, Terminal Requirements Summary Number
Requirement
1
MasterCard PayPass transactions must be processed online to realize full risk management capabilities.
2
Correct coding and processing of MasterCard PayPass transactions and terminal capability are mandatory for all PayPass authorization and clearing messages.
3
Connecting a PayPass reader to an existing magnetic stripe terminal using any form of dynamic magnetic stripe or magnetic induction coupling to the existing magnetic strip reader is not permitted by MasterCard.
4
All MasterCard PayPass terminals must comply with the PayPass ISO/IEC 14443 Implementation Specification.
5
All MasterCard PayPass Terminals must comply with the MasterCard PayPass Technical Specification. This includes all POS terminals, or ECRs, that have a PayPass reader attached, where changes may need to be implemented within POS software.
6
All MasterCard PayPass terminals must complete the PayPass card- or device-to-POS terminal communication in less than 250 ms.
7
The Track 1 and 2 data obtained from the PayPass card or device must be presented to the payment processing engine without modification.
8
The PayPass application logic component must maintain the version number of the PayPass—Mag Stripe Technical Specification with which it is compliant.
9
POS terminals must be capable of providing information to connected systems on the payment read process (magnetic stripe swipe, contact chip read, contactless chip read, etc.) for each payment transaction and on the terminal’s capabilities to perform the different read processes.
10
Double entry of purchase information for PayPass transactions is not permitted. PayPass terminals should therefore be linked to ECR systems for electronic transfer of purchase amount.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
65
APPENDICES
Appendix D, Terminal Requirements Summary—continued Number
66
Requirement
11
POS terminals must comply with the processing rules defined by the combination of payment product, merchant program, and transaction amount.
12
Subject to compliance with Requirement 8, payment transactions initiated by a PayPass-read process should complete as quickly as possible with minimal additional involvement of the consumer and merchant.
13
If the POS device prints a receipt, the input method must be shown as “Contactless” or “CONTACTLESS” for PayPass—Mag Stripe transactions.
14
POS transaction reports must specifically identify PayPass transactions.
15
If a payment transaction was originated by a PayPass card or device, then the POS terminal must allow for a transaction reversal to be completed by the same PayPass card or device.
16
All MasterCard PayPass terminals must display a PayPass landing zone identifier that includes the PayPass identifier as specified in the MasterCard PayPass Branding Guidelines.
17
All MasterCard PayPass terminals must use materials for the landing zone identifier that are not degraded by use. The landing zone identifier should show no significant noticeable degradation after one million “contacted” presentations (i.e., where the card or device physically impacts the landing zone during the tap process).
18
The landing zone identifier must be positioned on the landing plane at the center of the operating volume generated by the PayPass reader.
19
All MasterCard PayPass terminals must include a single permanent indicator, preferably a green light or a light emitting diode (LED), not more than one-half inch from the PayPass landing zone identifier that indicates the terminal is “powered on” and ready to read PayPass cards or devices.
20
All MasterCard PayPass–equipped POS systems must provide a visible cue, typically on a liquid crystal display (LCD) screen, indicating when the consumer should tap or swipe their card.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
Number
Requirement
21
When the PayPass terminal uses the light/LED method for read indication, an additional three indicators must light in sequence. These four indicators must be an equal distance apart and this distance must not be less than one-half inch. The four indicators must be identical and positioned on a horizontal line. The indicators must be triggered in sequence with timing as specified in Figure 24, upon successful read of a PayPass device. These lights should be visible to the consumer at all times.
22
When the PayPass terminal uses the graphic/LCD method for read indication, it must provide an additional four indicators in the form of the PayPass Radial Mark, as specified in the MasterCard PayPass Branding Guidelines. Indicators must be triggered in sequence with timing as specified in Figure 25.
23
All PayPass terminals must implement either the light/LED indication method or the graphic/LCD indication method to show that a card or device has been read.
24
PayPass indicators must remain visible to the consumer even when subjected to high levels of ambient light such as sunlight.
25
All MasterCard PayPass terminals must include an audible cue comprising a sequence of four audible tones to signify the terminal is reading the consumer’s PayPass card. Each tone should be at 1500 Hz (±100 Hz) for 50 ms, followed by a 10 ms gap before the next one. The first tone should commence at the start of the read process. The volume of the audible cue should be at an appropriate level to be heard by the consumer in the target retail environment.
26
POS systems incorporating PayPass must provide clear indication to the consumer when a transaction is being authorized so that the consumer is informed during the short delay while this happens.
27
All MasterCard PayPass terminals must be designed such that when a PayPass card or device is presented, none of the indicators nor the display are visually obscured from the consumer by any of the following: • The PayPass card or device • The consumer’s hand or arm • Keys or anything that can be typically expected to be attached to the PayPass device
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
67
APPENDICES
Appendix D, Terminal Requirements Summary—continued Number
68
Requirement
28
When designing a PayPass terminal, consideration must be made for both left- and right-handed, visually impaired, aurally impaired, and less-able consumers.
29
All MasterCard PayPass terminals must be designed to avoid accidental capture of MasterCard PayPass payment account information when a consumer intends to transact using the card’s magnetic stripe or contact chip.
30
Where MasterCard PayPass readers are added as terminal modules, they must meet the same requirements as the base unit, including the following: • Electrical reliability and regulations • Environmental specifications • Transportation (shock and bump, etc.) specifications • Early life failure mode specifications • Electromagnetic compatibility (EMC) specifications • Electrostatic discharge (ESD) specifications • Best practices
31
All MasterCard PayPass terminals must be designed to prevent the introduction of foreign objects which may degrade unit performance or be used to capture payment application data from the PayPass card or device.
32
The design of all new MasterCard PayPass terminals must be submitted for review.
33
All MasterCard PayPass terminals must successfully complete the TTA process.
34
All MasterCard PayPass terminals with a PED must additionally have had this approved by the Payment Card Industry POS PED Security Evaluation program.
35
All MasterCard PayPass terminals must obtain a PayPass TQM Conformity Statement.
MASTERCARD PAYPASS — MAG STRIPE, TERMINAL IMPLEMENTATION REQUIREMENTS
www.paypass.com For questions e-mail
[email protected]
PayPass–22 v.2
©2006 MasterCard International Incorporated
