6 Visa Contact VIS and EMV Settings

You can set this to ANY, however you should consider the following:

Visa currently recommend that this SHOULD be set to b0, in case an acquirer error causes the ARPC to be altered when sent to the card. (However, this makes it difficult to verify the ARPC is correct.)

HOWEVER, there are advantages to setting this to b1, so that an invalid ARPC will decline the transaction.

This ensures that ARPC is working, and also prevents fake online responses (as Thredd and Visa will always send a valid ARPC.)

So Thredd recommend you consider setting this to b1.

We recommend that this SHOULD be set to b1, for the same reasons as above.

You can set this to ANY.

But if setting to b1, understand that a new card must be issued if the offline PIN is blocked.

You can set this to ANY.

But if setting to b1, this might prevent the offline PIN being reset by Thredd if the offline PIN is blocked on the chip.

You can set this to ANY.

However, having set to b1 will assist in diagnosing any Issuer Script failures.

You can set this to ANY.

But if setting to b1, if the offline PIN is blocked, a new card must be issued.

This MUST be set to b0.

Thredd does support Issuer Script MAC Chaining

Thredd recommend it SHOULD be set to b0, to retain backwards compatibility with the standard way the Visa Card script results work, so that anyone manually looking at the values is not confused.

However, there is no automated Thredd process for checking the “script failed” or script command counter, so you can set this to ANY.

You can set this to ANY.

However, note that Thredd does not currently support validation of the IDD MAC.

You can set this to ANY.

(This bit will be sent in the CVR and Thredd will inspect it to determine the Secure Messaging key derivation method.)

You can set this to ANY.

Note however that Thredd recommends it SHOULD be set to b1 if the card supports this, in order to avoid man-in-the-middle wedge attacks on chip transactions.

You can set this to ANY.

However, if Issuer Action Code – Denial (Tag ‘9F0E’) byte 3 bit 8 (cardholder verification) is ‘1’, then it is very important that if Offline PIN CV fails, the CVM list will try online PIN.

This MUST be set to one of the following:

Thredd also supports Cryptogram version hex ’11’ (decimal 17), but this is only for contactless only.

See Appendix 1: Mastercard Cryptogram Version Number Values.

Any other cryptogram version number will result in a decline.

You can set this to ANY.

But note that they should set this with care, since if a test would always be TRUE for all transactions, the card is effectively useless, and a new one may need to be issued.

If set to ‘1’ (decline offline if cardholder verification failed), then they should ensure that this will not prevent the card coming online to receive a new offline PIN.

If this set to ‘1’, then the CVM list (tag ‘8E’) must be setup to ensure there that a blocked offline PIN does not permanently prevent the card going online to retrieve a new offline PIN. (See CVM list Tag ‘8E’ above.)

You can set this to ANY.

But note that care should be taken when deciding how to set this.

You can set this to ANY.

But note that care should be taken when deciding how to set this.

First byte MUST be ‘06’ or ‘1F’.

Any other value will result in transactions being declined.

See Appendix 1: Mastercard Cryptogram Version Number Values.

See also “Derivation Key Index” and “Cryptogram Version Number” above.

Note that Thredd does not currently support sending “proprietary authentication data”.

You can set this to ANY.

The transaction log can be useful:

• for cardholders (if offline transactions are supported, and you provide a way of reading the transaction log available to the cardholder)

• for the Issuer or Program Manager if you physically possess the card, and have a reader, to diagnose what happened on previous transactions.