4. NEPALPAY Card Specification

This chapter describes the specification of NEPALPAY IC card.

4.1 Track 1 Specification

The Track 1 should confirm to ISO 7811-2 and ISO 7813. ISO 7811-2 comply for following elements.

i) Physical properties

ii) Performance characteristics

iii) Density

iv )Signal level

v) Recording angle tolerances

vi ) Error detection

vii) Permissible surface variation

viii) Character sets

ix ) Appearance of the magnetic stripe

4.1.1 Track 1 Encoding Format

The table below lists the Track 1 field names and their length as per ISO 7813. The maximum length of Track 1 is 79 characters.

Field Number	Length	Field Name
1	1	Start Sentinel
2	1	Format Code
3	16 - 19	Primary Account Number (PAN)
4	1	Separator
5	2 - 26	Cardholder Name
6	1	Separator
7	4	Card Expiration Date
8	3	Service Code
9	3	Card Verification Data 1
10	10	National Identification Number
11	Balance of Available Digits	Discretionary Data
12	1	End Sentinel
13	1	Longitudinal Redundancy Check
Total	79 Characters

Table 4: Track 1 Encoding Format

4.1.2 Track 1 Data Element Description

Field 1: Start Sentinel

Field 1: Start Sentinel
Length:	1
Format:	Alphanumeric
Description:	Indicates the initial data position on the track.
Valid Value:	% (Percentage Sign)

Field 2: Format Code

Field 2: Format Code
Length:	1
Format:	Alphanumeric
Description:	Specifies the format for Track 1 encoding.
Valid Value:	B

Field 3: Primary Account Number (PAN)

Field 3: Primary Account Number (PAN)
Length:	16 - 19
Format:	Numeric
Description:	A number identifying the card number.
Valid Value:	0 to 9

Field 4: Separator

Field 4: Separator
Length:	1
Format:	Alphanumeric
Description:	Indicates the end of a variable length of PAN.
Valid Value:	^ (Caret Symbol)

Field 5: Cardholder Name

Field 5: Cardholder Name
Length:	2 - 26
Format:	Alphanumeric
Description:	Cardholder’s Name.
Valid Value:	Alphanumeric including Hyphen, Suffix, Surname separator, Title separator, Title (optional)

Field 6: Separator

Field 6: Separator
Length:	1
Format:	Alphanumeric
Description:	Indicates the end of a variable length of Cardholder Name.
Valid Value:	^ (Caret Symbol)

Field 7: Card Expiration Date

Field 7: Card Expiration Date
Length:	4
Format:	Numeric Date (YYMM)
Description:	Year and month after which the card can no longer be used.
Valid Value:	YY must be 00 to 99; MM must be 01 to 12

Field 8: Service Code

Field 8: Service Code
Length:	3
Format:	Numeric
Description:	A sequence of digits that, taken as a whole, defines various services; and identifies card restrictions.
Valid Value:	1. The value allowed for EMV domestic and International Cards is 226 (2 – International Integrated Circuit Card, 2 – Positive Authorization Mandatory, 6 – Prompt for PIN if PIN pad present)

Service Code can be expressed with the following digit combinations.

Digit 1 (most significant): Interchange and technology
Digit 1	Meaning
0	Reserved for future use by ISO
1	Available for international interchange
2	Available for international interchange and with integrated circuit, which should be used for the financial transaction when feasible
3	Reserved for future use by ISO
4	Reserved for future use by ISO
5	Available for national interchange only, except under bilateral agreement
6	Available for national interchange only, except under bilateral agreement, and with integrated circuit, which should be used for the financial transaction when feasible
7	Not available for general interchange, except under bilateral agreement
8	Reserved for future use by ISO
9	Test

Digit 2: Authorization processing

Digit 2	Meaning
0	Transactions are authorized following the normal rules
1	Reserved for future use by ISO
2	Transactions are authorized by issuer and should be online
3	Reserved for future use by ISO
4	Transactions are authorized by issuer and should be online, except under bilateral agreement
5	Reserved for future use by ISO
6	Reserved for future use by ISO
7	Reserved for future use by ISO
8	Reserved for future use by ISO
9	Reserved for future use by ISO

Digit 3: Range of services and PIN requirements

Digit 3	Meaning
0	No restrictions and PIN required
1	No restrictions
2	Goods and services only (no cash)
3	ATM only and PIN required
4	Cash only
5	Goods and services only (no cash) and PIN required
6	No restrictions and require PIN when feasible
7	Goods and services only (no cash) and require PIN when feasible
8	Reserved for future use by ISO
9	Reserved for future use by ISO

Field 9: Card Verification Data 1

Field 9: Card Verification Data 1 (CVD 1)
Length:	3
Format:	Numeric
Description:	CVD 1 is a three-digit value encoded on Track 1 in 3 contiguous positions on NEPALPAY cards.
Valid Value:	0 to 9

Field 10: National Identification Number

Field 10: National Identification Number
Length:	10
Format:	Alphanumeric
Description:	10 Digit National ID Number
Valid Value:	0 to 9

Field 11: Discretionary Data

Field 11: Discretionary Data
Length:	79 – used no. of digits (Balance of Available Digits)
Format:	Alphanumeric
Description:	Includes any valid information that the issuer wants to have transmitted in the transactions.
Valid Value:	Any valid non-control or non-reserved character. E.g. of reserved or control characters are separator characters, start sentinel, end sentinel, etc.

Field 12: End Sentinel

Field 12: End Sentinel
Length:	1
Format:	Alphanumeric
Description:	Character that follows the final character of data recorded on the track.
Valid Value:	?

Field 13: Longitudinal Redundancy Check

Field 13: Longitudinal Redundancy Check
Length:	1
Format:	Numeric
Description:	Verification value that ensures that no data has been lost in the stripe-reading process. The LRC is equivalent to a check digit of the entire track, including the control characters.
Valid Value:	Any computed value

4.2 Track 2 Specification

The Track 2 should confirm to ISO 7811-2 and ISO 7813. ISO 7811-2 comply for following elements. i) Physical properties ii) Performance characteristics iii) Density iv) Signal level v) Recording angle tolerances vi) Error detection vii) Permissible surface variation viii) Character sets ix) Appearance of the magnetic stripe

4.2.1 Track 2 Encoding Format

The table below lists the Track 2 field names and their length as per ISO 7813. The maximum length of Track 2 is 40 characters.

Field Number	Length	Field Name
1	1	Start Sentinel
2	16 - 19	Primary Account Number (PAN)
3	1	Separator
4	4	Card Expiration Date
5	3	Service Code
6	3	Card Verification Data 1
7	Balance of Available Digits	Discretionary Data
8	1	End Sentinel
9	1	Longitudinal Redundancy Check
Total	40 Characters

Table 5: Track 2 Encoding Format

4.2.2 Track 2 Data Element Description

Field 1: Start Sentinel

Field 1: Start Sentinel
Length:	1
Format:	Alphanumeric
Description:	Indicates the initial data position on the track.
Valid Value:	;

Field 2: Primary Account Number (PAN)

Field 2: Primary Account Number (PAN)
Length:	16 - 19
Format:	Numeric
Description:	A number identifying the card number.
Valid Value:	0 to 9 without spaces

Field 3: Separator

Field 3: Separator
Length:	1
Format:	Alphanumeric
Description:	Indicates the end of a variable length of PAN.
Valid Value:	= (equal sign)

Field 4: Card Expiration Date

Field 4: Card Expiration Date
Length:	4
Format:	Numeric Date (YYMM)
Description:	Year and month after which the card can no longer be used.
Valid Value:	YY must be 00 to 99; MM must be 01 to 12

Field 5: Service Code

Field 5: Service Code
Length:	3
Format:	Numeric Date
Description:	A sequence of digits that, taken as a whole, defines various services; and identifies card restrictions.
Valid Value:	The value allowed for EMV domestic and International Cards is 226 (2 – International Integrated Circuit Card, 2 – Positive Authorization Mandatory, 6 – Prompt for PIN if PIN pad present)

Service Code can be expressed with the following digit combinations.

Digit 1	Meaning
0	Reserved for future use by ISO
1	Available for international interchange
2	Available for international interchange and with integrated circuit, which should be used for the financial transaction when feasible
3	Reserved for future use by ISO
4	Reserved for future use by ISO
5	Available for national interchange only, except under bilateral agreement
6	Available for national interchange only, except under bilateral agreement, and with integrated circuit, which should be used for the financial transaction when feasible
7	Not available for general interchange, except under bilateral agreement
8	Reserved for future use by ISO
9	Test

Digit 2	Meaning
0	Transactions are authorized following the normal rules
1	Reserved for future use by ISO
2	Transactions are authorized by issuer and should be online
3	Reserved for future use by ISO
4	Transactions are authorized by issuer and should be online, except under bilateral agreement
5	Reserved for future use by ISO
6	Reserved for future use by ISO
7	Reserved for future use by ISO
8	Reserved for future use by ISO
9	Reserved for future use by ISO

Digit 3	Meaning
0	No restrictions and PIN required
1	No restrictions
2	Goods and services only (no cash)
3	ATM only and PIN required
4	Cash only
5	Goods and services only (no cash) and PIN required
6	No restrictions and require PIN when feasible
7	Goods and services only (no cash) and require PIN when feasible
8	Reserved for future use by ISO
9	Reserved for future use by ISO

Field 6: Card Verification Data 1

Field 6: Card Verification Data 1 (CVD 1)
Length:	3
Format:	Numeric
Description:	CVD 1 is a three-digit value encoded on Track 2 in 3 contiguous positions on NEPALPAY cards.
Valid Value:	0 to 9

Field 7: Discretionary Data

Field 7: Discretionary Data
Length:	40 – used no. of digits (Balance of Available Digits)
Format:	Alphanumeric
Description:	Includes any valid information that the issuer wants to have transmitted in the transactions.
Valid Value:	Any valid non-control or non-reserved character. E.g. of reserved or control characters are separator characters, start sentinel, end sentinel, etc.

Field 8: End Sentinel

Field 8: End Sentinel
Length:	1
Format:	Alphanumeric
Description:	Character that follows the final character of data recorded on the track.
Valid Value:	? (Question Mark)

Field 9: Longitudinal Redundancy Check

Field 9: Longitudinal Redundancy Check
Length:	1
Format:	Numeric
Description:	Verification value that ensures that no data has been lost in the stripe-reading process. The LRC is equivalent to a check digit of the entire track, including the control characters.
Valid Value:	Any computed value

4.3 EMV Chip Specification

The EMV Chip Specifications significantly improve the security for face-to-face payment transactions by providing features for reducing the fraud that result from counterfeit and lost and stolen cards. By reducing counterfeit and lost and stolen card fraud, EMV chip technology offers real benefits to retailers, acquirers, card issuers and cardholders with following features:

i) Authentication of the chip card: Verifies that the card is genuine so as to protect against counterfeit fraud for both online authorized and offline transactions.

ii) Risk management parameters: Defines the conditions under which the issuer will permit the transaction to be conducted offline and the conditions that force transactions online for authorization, such as if offline limits have been exceeded.

iii) Transaction Integrity: For Digitally signing payment data.

iv) Cardholder Verification Method: To protect against lost and stolen card fraud.

4.4 EMV IC Card File Structure

An application in the Integrated Circuit Card (ICC) includes a set of items of information. These items of information may be accessible to the terminal after a successful application selection. An item of information is called a data element. A data element is the smallest piece of information that may be identified by a name, a description of logical content, a format, and a coding.

4.4.1 File Structure of ICC

The files within the ICC are seen from the terminal as a tree structure. Every branch of the tree is an Application Definition File (ADF) or a Directory Definition File (DDF). An ADF is the entry point to one or more Application Elementary Files (AEFs). An ADF and its related data files are seen as being on the same branch of the tree. A DDF is an entry point to AEFs, ADFs or other DDFs.

Figure 2: ICC File Structure

A dedicated file (DF) as defined in ISO/IEC 7816-4 and containing an FCI is mapped onto an ADF or a DDF. It may give access to elementary files and DFs. The DF at the highest level of the card is the master file (MF).

An elementary file (EF) as defined in ISO/IEC 7816-4 is mapped onto the AEF. An EF is never used as an entry point to another file.

An ADF is seen from the terminal as a file containing only data objects encapsulated in its file control information (FCI). The tree structure of ADFs:

Enables the attachment of data files to an application.

Ensures the separation between applications.

Allows access to the logical structure of an application by its selection.

The structure of AIDs, ADF Names and DF Names is according to ISO/IEC 7816-4 and consists of two parts: i) A Registered Application Provider Identifier (RID) of 5 bytes, unique to an application provider and assigned according to ISO/IEC 7816-4. ii) An optional field assigned by the application provider of up to 11 bytes. This field is known as a Proprietary Application Identifier Extension (PIX) and may contain any 0–11 Byte value specified by the provider. The meaning of this field is defined only for the specific RID and need not be unique across different RIDs.

Additional ADFs defined under the control of other application providers may be present in the ICC but shall avoid duplicating the range of RIDs assigned to payment systems. Compliance with ISO/IEC 7816-4 will assure this avoidance.

4.4.3 Structure of Payment System Environment (PSE)

For the contact card, the PSE is accessed via a DDF with the name ‘1PAY.SYS.DDF01’. In case the card is an NFC card then it will have PPSE (Proximity Payment System Environment) with the name "2PAY.SYS.DDF01". The presence of this DDF in the ICC is optional but if it is present, this DDF is mapped onto a DF within the card, which may or may not be the MF, and shall contain a Payment System Directory. The directory attached to the PSE DDF contains entries for ADFs. Files revealed by this PSE assures international operability of the card.

4.4.4 Matching Terminal Applications to ICC Applications

The terminal shall maintain a list of applications supported by the terminal identified by their AIDs. The terminal determines which applications in the ICC are supported by comparing the AIDs for applications supported by the terminal with the DF Names of applications supported by the ICC. This can be done using two approaches as:

i) Using the PSE: If a terminal chooses to support application selection using the PSE method, it can determine the applications supported by the card.

ii) Using a List of AIDs: If either the card or the terminal does not support the PSE method or if the terminal is unable to find a matching application using the Payment System Directory selection method, the terminal shall use a list of AIDs that it supports to build the candidate list.

4.4.5 EMV IC Card Data Objects

A data object consists of a tag, a length, and a value (TLV).

A tag (T) uniquely identifies a data object within the environment of an application.

The length (L) is the length of the value field of the data object.

The value (V) field of a data object may consist of either a single data element or one or more data objects. As illustrated below, when a data object encapsulates a single data element, it is called a primitive data object. When a data object encapsulates one or more data objects, it is called a constructed data object. The value field of a constructed data object is called a template. The terminal shall be capable of correctly interpreting Tag Length Value (TLV) data objects.

Primitive data object

Tag (T)	Length (L)	Value (V)

Constructed data object

Tag (T)	Length (L)	Primitive or constructed Data object number 1	...	Primitive or constructed data object number n

4.5 NEPALPAY IC Card Data Objects

The NEPALPAY application has been developed to work on chip cards that have two external interfaces: a contact and a contactless interface. This is a dual-interface application capable of performing transactions through both the contact and contactless interfaces with the restriction that a card can only use one interface at a time. The NEPALPAY card application maintains three sets of data:

i) Data objects for when the contact interface is used

ii) Data objects for when the contactless interface is used

iii) Common data objects used across both interfaces

The NEPALPAY card application has been developed in such a way that it knows at every stage of the transaction which set of data to use. Most data objects are shared between the contact and contactless interface and need to be personalized only once. The persistent data objects that are not shared are the following:

• Application Control

• Card Issuer Action Codes

• Application Interchange Profile (AIP)

• Application File Locator (AFL)

When personalizing the additional NEPALPAY data objects, the following must be considered:

• The Card Issuer Action Codes and Application Control must be configured to indicate that offline PIN is not supported over the contactless interface.

• The AIP must be configured to indicate that the card supports the NEPALPAY profile. This automatically results in a different Signed Static Application Data (SSAD) for the contactless and contact interface.

• The AFL must be personalized with the predefined NEPALPAY value. The fixed value for the AFL imposes constraints on the organization of the data objects into the files referenced in the AFL.

4.5.1 NEPALPAY IC Card Chip Data Elements

The Card personalization profile defines the application configuration for use in a dual-interface Card. It uses NEPALPAY Profile-I (For NEPALPAY Domestic Cards) and NEPALPAY Profile-II (For NEPALPAY International Cards) which can be used for NEPALPAY dual interface Cards. The NEPALPAY card specification adheres to the D-PAS Specification Profile 10 for the Contact interface, Profile 30 for the Contactless interface and encompassing both for dual interface standards.

4.5.1.1 Chip Data Elements for NEPALPAY Profile-I

The following tables summarize the chip data elements required for Cardholder data, application data, and Card Authentication Method (CAM) data elements for NEPALPAY Domestic Debit/Prepaid/Credit contact and contactless common interface:

Card Profile
				Contact	Contactless D-PAS
		P/PSE Supported		Yes	Yes
		Offline Data Authentication Supported		DDA, CDA	CDA only
			Is the Card Online Only?	Yes	Yes
			Consecutive Transaction limit 1 (CVM-Cons limit 1)		0
			Consecutive Transaction limit 2 (CVM-Cons limit 2)		0
			CVM Cumulative Transaction limit 1 (CVM-Cum limit 1)		000000000000
			CVM Cumulative Transaction limit 2 (CVM-Cum limit 2)		000000000000
			CVM Single Transaction Amount limit 1 (CVM-STA 1)		000000000000
			CVM Single Transaction Amount limit 2 (CVM-STA 2)		000000000000
			Contactless Consecutive Transaction limit (CL-Cons limit)		0
			Contactless Cumulative Transaction limit (CL-Cum limit)		000000000000
			Cumulative Single Transaction Amount limit (CL-STA)		000000000000
		Online PIN		Yes	Yes
		Offline PIN		None	None
		Is transaction recovery supported on Contactless?			No
		Track 1 Discretionary Data (Tag 9F1F) supported?		Yes	Yes
		Which Cryptogram Version Number (CVN) supported		5	15
		Tearing Recovery			NO
		Derivation Key Index (DKI)		01
		Security Limits
			ATC Limits	FFFF
			Encrypted PIN cryptography failure limit	FFFF
			Failed MAC limit	FF
			Lifetime MAC Limit	FFFFFF
			Session MAC Limit	OF

P/PSE
	Length	Data object name	Tag	Contact	Contactless
				Value
	var.	DF Name	84	1PAY.SYS.DDF01	2PAY.SYS.DDF01
	var. (5-16)	FCI Proprietary Template	A5
	2	SFI of the Directory Elementary File
	var. (2-8)	Language Preference	5F2D	Yes
		High to low Priority
		1		en
		2
		3
		4
	var.	FCI Issuer Discretionary Data	BF0C
	Var. max 252	Directory Entry: Contactless D-PAS	61
	5-16	ADF Name	4F	A0000001523010	A0000001523010
	var. (1-16)	Application Label	50	DISCOVER	DISCOVER
	1	Application Priority Indicator	87	01	01
	4	Issuer Identification Number Extended	9F0C
	3	Issuer Identifier Number	42
	2	Kernel Identifier	9F2A		06
	var.	Extended Selection	9F29
	var.	Application Selection Registered Proprietary Data	9F0A

FCI Information
	Length	Data object name	Tag	Contact	Contactless D-PAS
				Value
	var.	File Control Information
	var. (7-16)	DF Name	84	A0000001523010	A0000001523010
	var.	FCI Proprietary Template	A5
	var. (1-16)	Application Label	50	DISCOVER	DISCOVER
	1	Application Priority Indicator	87	01	01
	Var.	PDOL	9F38		9F66049F02069F03069F1A025F2A029A039C019F3704
	var. (2-8)	Language Preference	5F2D	Yes
		High to low Priority
		1		en
		2
		3
		4
	1	Issuer Code Table Index	9F11	01	01
	Var.(1-16)	Application Preferred Name	9F12	NEPALPAY	NEPALPAY
	var.	FCI Issuer Discretionary Data	BF0C
	4	Issuer Identification Number Extended	9F0C
	3	Issuer Identifier Number	42
	2	Application Selection tag	DF62
	2	Log Entry	9F4D	0D0A	0D0A
	1	Card Feature Version Number	DF3A
	var.	Card Feature Descriptor	DF3B
	8	Form Factor Identifier	9F6E
	var.	Application Selection Registered Proprietary Data	9F0A

Get Processing Options
	Length	Data object name	Tag	Contact	Contactless D-PAS
				Value
	Var.	Application File Locator	94	Data preparation	Data preparation
	var.	Track 2 Equivalent Data	57	Data preparation
	2	Application Interchange Profile	82	3D 00	19 00
	3	Application Configuration Options	C1/C0	01 00 00	03 00 00
	3	Card Action Code-Denial	C5	00 00 00
	3	Card Action Code-Default	C6	06 50 00
	3	Card Action Code-Online	C7	06 FB 00
	2	CRM Country Code	D2	524	Nepal
	2	CRM Currency Code	D3	524	Nepalese rupee
	5	Currency Conversion Code1	C3	0000000000
	5	Currency Conversion Code 2	C4	0000000000
	var.	Log Format	9F4F	9F02065F2A029A039F36029F34039F5 2079F1A0295059C018A029F37049F03 069F53089F66049F7102
	1-32	Extended Logging Data	DF3C
	2	Card Processing Requirement (CPR)	9F71		00 CB
	3	CRM-Card Action Code-Switch Interface	DF30		04 08 00
	3	CRM - Card Action Code - Denial	DF31		00 00 00
	3	CRM-Card Action Code-Online	DF32		DC FE FF
	3	CRM-Card Action Code-Default	DF33		DC BE EB
	2	CVM-Card Action Code-Online PIN	DF34		DC 80
	2	CVM-Card Action Code-Signature	DF35		9C 80
	10-32	Issuer Application Data	9F10	0105000000000000000000	0115000000000000000000

Data Objects
	Length	Data object name	Tag	Contact	Contactless D-PAS
				Value
	48	Issuer Life Cycle Data	C2	Data preparation	Data preparation
	1	Application State	9F78	01
	var.	CVM List	8E	00000000 00000000 0203 1E03 1F03
	2	Application Currency Code	9F42	524	Nepalese rupee
	1	Application Currency Exponent	9F44	2
	2	Issuer Country Code	5F28	524	Nepal
	2	Service Code	5F30	226
	1	Pin Try Counter	9F17
	var.	Application Primary Account Number	5A	Data preparation
	var.	Cardholder Name	5F20	Issuer Defined	Issuer Defined
	var.	Cardholder Name Extended	9F0B	Issuer Defined
	var.	Track 2 Equivalent Data	57	Data preparation
	var.	Track 1 Discretionary Data	9F1F	Data preparation
	1	Application PAN Sequence Number	5F34	Data preparation	Data preparation
	3	Application Effective Date	5F25	Issuer Defined
	3	Application Expiration Date	5F24	Issuer Defined
	2	Application Version Number	9F08	0001
	2	Application Usage Control	9F07	FF 00
	5	Issuer Action Code - Default	9F0D	BC 60 8C 88 00
	5	Issuer Action Code - Denial	9F0E	00 00 00 00 00
	5	Issuer Action Code - Online	9F0F	BC 68 9C 98 00
	Var.	Payment Account Reference - PAR	9F24
	Var.	CDOL1	8C	9F02069F03069F 1A0295055F2A029A03 9C019F37049F35019F3403
	Var.	CDOL2	8D	910A8A0295059F3704
	1	Static Data Authentication Tag List	9F4A	82	82
	Var.	Key Length		1984
	NI-NCA+36	Issuer Public Key Remainder	Data preparation	Data preparation
	NCA	Issuer Public Key Certificate	90	Data preparation	Data preparation
	1 or 3	ICC Public Key Exponent	9F47	Data preparation	Data preparation
	N1	ICC Public Key Certificate	9F46	Data preparation	Data preparation
	NIC-NI+42	ICC Public Key Remainder	9F48	Data preparation	Data preparation
	var.	Issuer Application Data Object List	D0	Issuer Defined
	var.	Issuer Defined Data Tags	DF01	Issuer Defined
			DF02	Issuer Defined
			DF03	Issuer Defined
			DF04	Issuer Defined
			DF05	Issuer Defined
			DF06	Issuer Defined
			DF07	Issuer Defined
			DF08	Issuer Defined
			DF09	Issuer Defined
			DF0A	Issuer Defined
	6	Lower Cumulative Offline Amount (LCOA)	C8	000000000000
	6	Upper Cumulative Offline Amount (UCOA)	C9	000000000000
	6	Single Transaction Amount (STA) limit	CA	000000000000
	1	Lower Consecutive Offline Limit (LCOL)	CB	00
	1	Upper Consecutive Offline Limit (UCOL)	CC	00
	1	Number of Consecutive Offline Transactions (NCOT) Counter	CD	Data preparation
	6	Cumulative Offline Amount Counter (COA)	CE	Data preparation
	6	CVM-Accumulator	D4	Data preparation
	1	CVM-Counter	D9	Data preparation
	1	Consecutive Transaction limit 1 (CVM-Cons limit 1)	DA	00
	1	Consecutive Transaction limit 2 (CVM-Cons limit 2)	DB	00
	6	CVM Cumulative Transaction limit 1 (CVM-Cum limit 1)	D5	000000000000
	6	CVM Cumulative Transaction limit 2 (CVM-Cum limit 2)	D6	000000000000
	6	CVM Single Transaction Amount limit 1 (CVM-STA 1)	D7	000000000000
	6	CVM Single Transaction Amount limit 2 (CVM-STA 2)	D8	000000000000
	1	Contactless Consecutive Transaction limit (CL-Cons limit)	DF44	00
	6	Contactless Cumulative Transaction limit (CL-Cum limit)	DF41	000000000000
	6	Cumulative Single Transaction Amount limit (CL-STA)	DF42	000000000000
	6	Contactless - Accumulator	DF40	Data preparation
1	Contactless - Counter	DF43	Data preparation
6	Counters and Accumulator Control Options (CACO)	DE	E0 01 61 01 01 00
3	DCVV	9F7E
5-16	Card Authentication Related Data (CARD)	9F69
var.	Track 1 Data	56	Data preparation
var.	Contactless D-PAS Default Profile	BF50	Data preparation
var.	Transaction Profile Object	DF20	Data preparation
var. (11-64)	Card ID	DF3E	Data preparation

Table 6: NEPALPAY Profile-I

4.5.1.2 Chip Data Elements for NEPALPAY Profile-II

NEPALPAY Profile-II summarize the chip data elements required for Cardholder data, application data, and Card Authentication Method (CAM) data elements for NEPALPAY International Debit/Prepaid/Credit Dual Interface Card: Implementation of this profile is identical to NEPAL PAY CARD Profile-I except for application currency code and application usage control.

Card Profile
			Contact	Contactless D-PAS
	P/PSE Supported		Yes	Yes
	Offline Data Authentication Supported		DDA, CDA	CDA only
		Is the Card Online Only?	Yes	Yes
		Consecutive Transaction limit 1 (CVM-Cons limit 1)		0
		Consecutive Transaction limit 2 (CVM-Cons limit 2)		0
		CVM Cumulative Transaction limit 1 (CVM-Cum limit 1)		000000000000
		CVM Cumulative Transaction limit 2 (CVM-Cum limit 2)		000000000000
		CVM Single Transaction Amount limit 1 (CVM-STA 1)		000000000000
		CVM Single Transaction Amount limit 2 (CVM-STA 2)		000000000000
		Contactless Consecutive Transaction limit (CL-Cons limit)		0
		Contactless Cumulative Transaction limit (CL-Cum limit)		000000000000
		Cumulative Single Transaction Amount limit (CL-STA)		000000000000
	Online PIN		Yes	Yes
	Offline PIN		None	None
	Is transaction recovery supported on Contactless?			No
	Track 1 Discretionary Data (Tag 9F1F) supported?		Yes	Yes
	Which Cryptogram Version Number (CVN) supported		5	15
	Tearing Recovery			No
	Derivation Key Index (DKI)		01
	Security Limits
		ATC Limits	FFFF
		Encrypted PIN cryptography failure limit	FFFF
		Failed MAC limit	FF
		Lifetime MAC Limit	FFFFFF
		Session MAC Limit	0F

P/PSE	Length	Data object name	Tag	Contact	Contactless
				Value
	var.	DF Name	84	1PAY.SYS.DDF01	2PAY.SYS.DDF01
	var. (5-16)	FCI Proprietary Template	A5
	2	SFI of the Directory Elementary File
	var. (2-8)	Language Preference	5F2D	Yes
		High to low Priority
		1		en
		2
		3
		4
	var.	FCI Issuer Discretionary Data	BF0C
	Var. max 252	Directory Entry: Contactless D-PAS	61
	5-16	ADF Name	4F	A0000001523010	A0000001523010
	var. (1-16)	Application Label	50	DISCOVER	DISCOVER
	1	Application Priority Indicator	87	01	01
	4	Issuer Identification Number Extended	9F0C
	3	Issuer Identifier Number	42
	2	Kernel Identifier	9F2A		06
	Var.	Extended Selection	9F29
	Var.	Application Selection Registered Proprietary Data	9F0A

FCI Information
	Length	Data object name	Tag	Contact	Contactless D-PAS
				Value
	var.	File Control Information
	var. (7-16)	DF Name	84	A0000001523010	A0000001523010
	var.	FCI Proprietary Template	A5
	var. (1-16)	Application Label	50	DISCOVER	DISCOVER
	1	Application Priority Indicator	87	01	01
	Var.	PDOL	9F38		9F66049F02069F03069F1 A025F2A029A039C019F3704
	var. (2-8)	Language Preference	5F2D	Yes
		High to low Priority
		1		en
		2
		3
		4
	1	Issuer Code Table Index	9F11	01	01
	Var.(1-16)	Application Preferred Name	9F12	NEPALPAY	NEPALPAY
	var.	FCI Issuer Discretionary Data	BF0C
	4	Issuer Identification Number Extended	9F0C
	3	Issuer Identifier Number	42
	2	Application Selection tag	DF62
	2	Log Entry	9F4D	0D0A	0D0A
	1	Card Feature Version Number	DF3A
	var.	Card Feature Descriptor	DF3B
	8	Form Factor Identifier	9F6E
	var.	Application Selection Registered Proprietary Data	9F0A

Get Processing Options
	Length	Data object name	Tag	Contact	Contactless D-PAS
				Value
	Var.	Application File Locator	94	Data preparation	Data preparation
	var.	Track 2 Equivalent Data	57	Data preparation
	2	Application Interchange Profile	82	3D 00	19 00
	3	Application Configuration Options	C1/C0	01 00 00	03 00 00
	3	Card Action Code-Denial	C5	00 00 00
	3	Card Action Code-Default	C6	06 50 00
	3	Card Action Code-Online	C7	06 FB 00
	2	CRM Country Code	D2	524	Nepal
	2	CRM Currency Code	D3	524	Nepalese rupee
	5	Currency Conversion Code1	C3	0000000000
	5	Currency Conversion Code 2	C4	0000000000
	var.	Log Format	9F4F	9F02065F2A029A039F36029F34039F52079F1A0295059C018A029F37049F03069F53089F66049F7102
	1-32	Extended Logging Data	DF3C
	2	Card Processing Requirement (CPR)	9F71		00 CB
	3	CRM-Card Action Code-Switch Interface	DF30		04 08 00
	3	CRM - Card Action Code - Denial	DF31		00 00 00
	3	CRM-Card Action Code-Online	DF32		DC FE FF
	3	CRM-Card Action Code-Default	DF33		DC BE EB
	2	CVM-Card Action Code-Online PIN	DF34		DC 80
	2	CVM-Card Action Code-Signature	DF35		9C 80
	10-32	Issuer Application Data	9F10	0105000000000000000000	0115000000000000000000

Data Objects
	Length	Data object name	Tag	Contact	Contactless D-PAS
				Value
	48	Issuer Life Cycle Data	C2	Data preparation	Data preparation
	1	Application State	9F78	01
	var.	CVM List	8E	00000000 00000000 0203 1E03 1F03
	2	Application Currency Code	9F42	840	(USD)
	1	Application Currency Exponent	9F44	2
	2	Issuer Country Code	5F28	524	Nepal
	2	Service Code	5F30	226
	1	Pin Try Counter	9F17
	var.	Application Primary Account Number	5A	Data preparation
	var.	Cardholder Name	5F20	Issuer Defined	Issuer Defined
	var.	Cardholder Name Extended	9F0B	Issuer Defined
	var.	Track 2 Equivalent Data	57	Data preparation
	var.	Track 1 Discretionary Data	9F1F	Data preparation
	1	Application PAN Sequence Number	5F34	Data preparation	Data preparation
	3	Application Effective Date	5F25	Issuer Defined
	3	Application Expiration Date	5F24	Issuer Defined
	2	Application Version Number	9F08	0001
	2	Application Usage Control	9F07	56 00
	5	Issuer Action Code - Default	9F0D	BC 60 8C 88 00
	5	Issuer Action Code - Denial	9F0E	00 00 00 00 00
	5	Issuer Action Code - Online	9F0F	BC 68 9C 98 00
	var	Payment Account Reference - PAR	9F24
	39	CDOL1	8C	9F02069F03069F1A0295055F2A029A039C019F37049F35019F3403
	12 or 18	CDOL2	8D	910A8A0295059F3704
	1	Static Data Authentication Tag List	9F4A	82	82
	1 or 3	Issuer Public Key Exponent	9F32	Data preparation	Data preparation
	NI-NCA+36	Issuer Public Key Remainder	92	Data preparation	Data preparation
	NCA	Issuer Public Key Certificate	90	Data preparation	Data preparation
	1 or 3	ICC Public Key Exponent	9F47	Data preparation	Data preparation
	NI	ICC Public Key Certificate	9F46	Data preparation	Data preparation
	NIC-NI+42	ICC Public Key Remainder	9F48	Data preparation	Data preparation
	var.	Issuer Application Data Object List	D0	Issuer Defined
	var.	Issuer Defined Data Tags	DF01	Issuer Defined
			DF02	Issuer Defined
			DF03	Issuer Defined
			DF04	Issuer Defined
			DF05	Issuer Defined
			DF06	Issuer Defined
			DF07	Issuer Defined
			DF08	Issuer Defined
			DF09	Issuer Defined
			DF0A	Issuer Defined
	6	Lower Cumulative Offline Amount (LCOA)	C8	000000000000
	6	Upper Cumulative Offline Amount (UCOA)	C9	000000000000
	6	Single Transaction Amount (STA) limit	CA	000000000000
	1	Lower Consecutive Offline Limit (LCOL)	CB	00
	1	Upper Consecutive Offline Limit (UCOL)	CC	00
	1	Number of Consecutive Offline Transactions (NCOT) Counter	CD	Data preparation
	6	Cumulative Offline Amount Counter (COA)	CE	Data preparation
	6	CVM-Accumulator	D4	Data preparation
	1	CVM-Counter	D9	Data preparation
	1	Consecutive Transaction limit 1 (CVM-Cons limit 1)	DA		00
	1	Consecutive Transaction limit 2 (CVM-Cons limit 2)	DB		00
	6	CVM Cumulative Transaction limit 1 (CVM-Cum limit 1)	D5		000000000000
	6	CVM Cumulative Transaction limit 2 (CVM-Cum limit 2)	D6		000000000000
	6	CVM Single Transaction Amount limit 1 (CVM-STA 1)	D7		000000000000
	6	CVM Single Transaction Amount limit 2 (CVM-STA 2)	D8		000000000000
	1	Contactless Consecutive Transaction limit (CL-Cons limit)	DF44		00
	6	Contactless Cumulative Transaction limit (CL-Cum limit)	DF41		000000000000
	6	Cumulative Single Transaction Amount limit (CL-STA)	DF42		000000000000
	6	Contactless - Accumulator	DF40		Data preparation
1	Contactless - Counter	DF43		Data preparation
6	Counters and Accumulator Control Options (CACO)	DE		E0 01 61 01 01 00
3	DCVV	9F7E
5-16	Card Authentication Related Data (CARD)	9F69
var.	Track 1 Data	56		Data preparation
var.	Contactless D-PAS Default Profile	BF50		Data preparation
var.	Transaction Profile Object	DF20	Data preparation
var. (11-64)	Card ID	DF3E	Data preparation	Data preparation

Table 7: NEPALPAY Profile-II

4.6 Card Profile Data Elements

This section provides a set of tables showing the technical specifications for each of the data elements required to implement this profile including, as appropriate: definitions, conditions, values, tags, field names and field lengths.

4.6.1 Payment System Environment (PSE):

A logical construct within the ICC, the entry point to which is a Directory Definition File (DDF) named 1PAY.SYS.DDF01. This DDF contains a Payment System Directory which in turn contains entries for one or more Application Definition Files (ADFs) which are formatted according to this specification. The presence of the PSE on the ICC is optional. PSE entry for each registered payment application shall have the following format.

Tag-Length	VALUE
70xx	Template (xx denotes length of following bytes)
	61xx		Application Template
			4Fxx	‘A0000001523010’ || PIX
			50xx	Alphanumeric encoded name of application e.g., “DISCOVER”
			8701	Priority Indicator
			Tag || ‘xx’	Other optional Data Objects allowed in EMV
			73xx	Directory Discretionary Template
				9F0Axx	Application Selection Registered Proprietary Data
				Tag || ‘xx’	Other optional Data Objects allowed in EMV within template ‘73’

Table 8: - PSE Record Format

4.6.2 Proximity Payment System Environment (PPSE):

The list of applications supported by a contactless card and used during the selection process. For NEPALPAY, the PPSE list would include the Contactless (CTL) NEPALPAY applications (credit, debit, prepaid).

4.6.3 Offline Data Authentication(ODA):

A process whereby the card is validated at the point of transaction using RSA(Rivest–Shamir–Adleman) public key technology to protect against counterfeit or skimming. EMV includes three forms:

i) Static Data Authentication (SDA)

ii) Dynamic Data Authentication (DDA)

iii) Combined DDA/AC Generation (CDA)

4.6.4 CVM Consecutive Transaction limit 1 (CVM-Cons limit 1):

CTL NEPALPAY proprietary data element specifying the maximum number of Contactless transactions allowed before a particular CVM is required by the card. If the CVM-Counter is used and has exceeded the CVM-Cons limit 1, the ‘Consecutive CVM Transaction limit 1 exceeded’ bit (B3b6) of CVR is set.

4.6.5 CVM Consecutive Transaction limit 2 (CVM-Cons limit 2):

CTL NEPALPAY proprietary data element specifying the maximum number of Contactless transactions allowed before a particular CVM is required by the card. If the CVM-Counter is used and has exceeded the CVM-Cons limit 2, the ‘Consecutive CVM Transaction limit 2 exceeded’ bit (B3b5) of CVR is set.

4.6.6 CVM Cumulative Transaction limit 1 (CVM-Cum limit 1):

CTL NEPALPAY proprietary data element specifying the maximum total amount of Contactless transactions in the supported currencies allowed before a particular CVM is required by the card. If the CVM-Accumulator is used and has exceeded the CVM-Cum limit 1, the ‘Cumulative CVM Transaction Amount limit 1 exceeded’ bit (B3b4) of CVR is set. Note: the value of this limit shall be less than 999999999999.

4.6.7 CVM Cumulative Transaction limit 2 (CVM-Cum limit 2):

CTL NEPALPAY proprietary data element specifying the maximum total amount of Contactless transactions in the supported currencies allowed before a particular CVM is required by the card. If the CVM-Accumulator is used and has exceeded the CVM-Cum limit 2, the ‘Cumulative CVM Transaction Amount limit 2 exceeded’ bit (B3b3) of CVR is set. Note: the value of this limit shall be less than 999999999999.

4.6.8 CVM Single Transaction Amount limit 1 (CVM-STA 1):

CTL NEPALPAY proprietary data element specifying the single amount of the transaction in the reference currency allowed before a particular CVM is required by the card. If the transaction amount has exceeded this limit, the ‘CVM Single Transaction Amount limit 1 exceeded’ bit (B3b2) of CVR bit is set. Note: the value of this limit shall be less than 999999999999.

4.6.9 CVM Single Transaction Amount limit 2 (CVM-STA 2):

CTL NEPALPAY proprietary data element specifying the single amount of the transaction in the reference currency allowed before a particular CVM is required by the card. If the transaction amount has exceeded this limit, the ‘CVM Single Transaction Amount limit 2 exceeded’ bit (B3b1) of CVR bit is set. Note: the value of this limit shall be less than 999999999999.

4.6.10 Contactless Consecutive Transaction limit (CL-Cons limit):

CTL NEPALPAY proprietary data element specifying the maximum number of Contactless transactions allowed before a transaction is forced to be processed with another interface (for a Dual-Interface implementation) or online and declined if the transaction cannot be completed online. If the CL-NCOT counter is used and has exceeded the CL-Cons limit, the ‘Consecutive Contactless Transaction limit exceeded’ bit (B5b8) of CVR is set.

4.6.11 Contactless Cumulative Transaction limit (CL-Cum limit):

CTL NEPALPAY proprietary data element specifying the maximum total amount of Contactless transactions in the supported currencies allowed before a transaction is forced to be processed with another interface (for a Dual Interface implementation) or online and declined if the transaction cannot be completed online. If the CL-COA accumulator is used and has exceeded the CL-COA limit, the ‘Cumulative Contactless Transaction limit exceeded’ bit (B5b7) of CVR is set.

4.6.12 Cumulative Single Transaction Amount limit (CL-STA):

CTL NEPALPAY proprietary data element specifying the single amount of the transaction in the reference currency allowed before a transaction is forced to be processed with another interface. If the transaction amount has exceeded this limit, the ‘Single Contactless Transaction Amount limit exceeded’ bit (B5b6) of CVR bit is set. Note: the value of this limit shall be less than 999999999999.

4.6.13 Online PIN:

A method of PIN verification whereby the PIN entered by the cardholder into the Terminal PIN pad is enciphered and included in the online authorization request message sent to the Issuer.

4.6.14 Offline PIN:

A PIN value stored on the card that is validated at the point of transaction between the card and the Terminal. Offline PIN Verification is the process whereby a cardholder-entered PIN is passed to the card for comparison to a PIN value stored secretly on the card.

4.6.15 Track 1 Discretionary Data:

Discretionary part of track 1 according to [ISO/IEC 7813]. Contains data equivalent to Magnetic Stripe Track 1 discretionary data. Optionally contained in Terminal file records. See Table 4: Track 1 Encoding Format

4.6.16 Cryptogram Version Number (CVN):

The version of the algorithm that is included in the CL-ACO and used by the card to generate an Application Cryptogram (TC, ARQC, or AAC). CTL NEPALPAY supports differing Cryptogram Version Numbers (CVNs) depending on the chosen cryptographic key type (i.e. 3DES or AES), interface (i.e. contact or contactless), and data elements included in the generation of Application Cryptograms (i.e. depending on CL-ACO B2b7).

Algorithm	For Contact:		For Contactless:
	ACO B2b3	ACO B2b7	CVN	CL-ACO B2B7	CVN
3DES	0	0	5	0	15
3DES	0	1	6	1	16
AES	0	0	7	0	17
AES	0	1	8	1	18
3DES	1	0	25
3DES	1	1	26
AES	1	0	27
AES	1	1	28

Table 9: – CVN Value

4.6.17 Tearing Recovery (TR):

An optional Terminal capability to recover and resume processing in the event of a torn contactless transaction. Interaction between card and the reader can be interrupted if the card is removed prematurely from the RF field or when a protocol error occurs. Contactless NEPALPAY allows for recovery from this kind of error, commonly known as a “torn transaction”, by requesting the card be re-presented to the reader and by using the RESUME GET PROCESSING OPTIONS command to resume transaction processing, as shown in the following figure. Tearing Recovery may be used when supported by both the card and the Terminal.

4.6.18 Derivation Key Index (DKI):

It specifies the Issuer’s master key set used to derive the card’s ICC Master keys (used to generate the Application Cryptogram, or verify secure messaging). Up to 16 ICC Master Keys may be personalized, each key set having its own DKI value. The value of DKI is sent to the Issuer as part of the Issuer Application Data (IAD).

4.6.19 Security Limits (Data Content for DGI ‘4001’):

This DGI (Data Group Identifier) pertains to personalizing the security domain.

Tag	Data Element Length	Byte	Recommended Value
-	ATC Limit	2	FFFF
-	Encrypted PIN cryptography failure limit	2	FFFF
-	Failed MAC limit	1	FF
-	Lifetime MAC Limit	3	FFFFFF
-	Session MAC Limit	1	0F

Table 10: - DGI ‘4001’ – Security limits

4.6.20 Application Transaction Counter Limits (ATCL):

ATC Incremented during successful processing of a GET PROCESSING OPTIONS (GPO) command unless there is an early exit from this command. When the ATC reaches the ATC limit the application is disabled and returns an error response of ‘6985’ to all subsequent commands, except the SELECT command. This shall be shared with Contact NEPALPAY application for a Dual Interface implementation.

4.6.21 Encrypted PIN cryptography failure limit (EPCFL):

EPCF Counts the number of unsuccessful offline encrypted PIN decryptions occurring in the application’s lifetime. When the EPCF counter reaches the “EPCF limit” the application is disabled and returns ‘6985’ on all subsequent commands, except the ‘Select’ command.

4.6.22 Failed Message Authentication Code limit(FMACL):

Indicates the allowed number of scripted command MACs which have failed verification. Used to protect SMI keys. When the “Failed MAC” counter reaches the “Failed MAC limit” the current command is aborted with a ‘6985’ error response, and no other scripted commands will be accepted in the current session.

4.6.23 Lifetime Message Authentication Code Limit (LMACL):

It indicates the allowed total number of scripted command MAC verifications that may be performed over the lifetime of the application. When the “Lifetime Failed MAC” counter reaches the “Lifetime MAC limit” the application is disabled and returns ‘6985’ on all subsequent commands, except the ‘Select’ command.

4.6.24 Session Message Authentication Code Limit (SMACL):

It indicates the allowed total number of scripted command MACs verified during the current session. When the “Session MAC” counter reaches the “Session MAC limit” the current command is aborted with a ‘6985’ error response, and no other scripted commands will be accepted in the current session.

4.6.25 DF Name:

Identifies the name of the DF as described in [ISO/IEC 7816-4] and containing a FCI (File Control Information) mapped on to an ADF (Application Definition Files) or a DDF (Directory Definition File).

4.6.26 FCI (File Control Information) Proprietary Template:

Identifies the data object proprietary to this specification in the FCI template according to ISO/IEC 7816-4

4.6.27 SFI (Short File Identifier) of the Directory Elementary File:

SFI identifies the AEF referenced in commands related to a given ADF or DDF. The SFI is a binary value in the range 1 to 30, coded on the first 5 bits [MSB (Most Significant Byte)] of a byte. Actual value is thus 'left-shifted' by 3 bits.

4.6.28 Language Preference:

1-4 languages stored in order of preference, each represented by 2 alphabetical characters according to ISO 639-1.

4.6.29 FCI (File Control Information) Issuer Discretionary Data:

Issuer discretionary part of the FCI Proprietary Template. Chip cards that support data storage will include a Card Feature Version Number (tag ‘DF3A’) and Card Feature Descriptor (tag ‘DF3B’) in the FCI Issuer Discretionary Data (tag ‘BF0C’) of their application SELECT response messages. FCI is the information that is returned to the terminal in response to a SELECT command.

4.6.30 Directory Entry:

A data object that holds the mapping of a Container ID to a Data Container, and other information about the Data Container. It contains one or more data objects relevant to an application directory entry according to [ISO 7816-5]. It is an entry in a chip card’s Data Storage Directory that identifies an allocated Data Container’s Container ID and other attributes.

Byte	Meaning
1-4	The Data Container’s unique Container ID.
5
b8	b7	b6	b5	b4	b3	b2	b1	Meaning
0	0	0	0	0	0	0	0	RFU
x	x	x	x	x	x	x	1	Record number (1-24).
1	1	1	1	1	1	1	1	RFU
6
b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	0	0	Unallocated
-	-	-	-	-	-	0	1	Issuer Container
-	-	-	-	-	-	1	0	Transient Container
-	-	-	-	-	-	1	1	Operator Container
x	x	x	x	x	x	-	-	RFU
7-8	Write Counter – a counter incremented by the chip card each time the associated Data Container is updated. A container’s initial Write Counter value is loaded during container allocation, and is defined by: The Issuer for Operator Containers and Issuer Containers, or The card for Transient Containers, and is set to 1 (specifically, it is set to zero during allocation but is immediately incremented by 1 because it has been updated).
9-10	Integrity Code – a value set by the card each time the associated Data Container is updated, where it is set to equal: ((leftmost 2 bytes of DSD_UN) OR ‘000F’). i.e., the Integrity Code equals the most significant three nibbles of DSD_UN and the least significant nibble. Note: When reading the Data Storage Directory, the least significant nibble of an Integrity Code may not always equal ‘F’. Other values are possible for dual interface cards, where Data Containers may be updated via the contactless interface equals ‘F’.

Table 11: Directory Entry Format

4.6.31 Application Definition File (ADF) Name:

A file that contains information specific to an application on the chip card. It Identifies the application (AID) as described in [ISO/IEC 7816-5]. The AID is made up of the Registered Application Provider Identifier (RID) and the Proprietary Identifier Extension (PIX).

4.6.32 Application Label:

Mnemonic associated with AID according to [ISO/IEC 7816-5]. Used in application selection. Application Label is mandatory in the File Control Information (FCI) of an Application Definition File (ADF) and mandatory in an ADF directory entry.

4.6.33 Application Priority Indicator (API):

It indicates the priority of a given application or group of applications in a directory. Issuers shall pay attention to the setting of bit 8 of the API. If the bit is set, the associated application is not eligible at terminals that do not support a terminal customer dialogue cardholder confirmation facility, such as vending machines and toll gates. A priority indicator value of 1 indicates the highest priority.

Byte 1
b8	b7	b6	b5	b4	b3	b2	b1	Meaning
1	-	-	-	-	-	-	-	Application may not be selected without confirmation of cardholder
-	0	0	0	-	-	-	-	RFU
-	-	-	-	X	X	X	X	No priority Assigned/Order in which application is to be listed or selected

Table 12: Application Priority Indicator (API) Encoding

4.6.34 Issuer Identification Number Extended:

It is an additional value of BIN that can’t be included in Tag 42.

4.6.35 Issuer Identifier Number (IIN):

The number that identifies the major industry and the card issuer forms the first part of the primary account number (PAN). It carries the same meaning as a bank identification number (BIN).

4.6.36 Kernel Identifier:

The term Kernel ID is used to identify the kernel(s) kept in the Reader, and the term Kernel Identifier is used to identify the kernel(s) indicated by the card.

4.6.37 Extended Selection:

An option in which Entry Point appends the value indicated by the Extended Selection data element to the ADF name in the SELECT command.

4.6.38 Application Selection Registered Proprietary Data:

Data element that is conveyed to the terminal to enable market specific proprietary terminal functionality that is based on application proprietary data. The value field of the Application Selection Registered Proprietary Data object follows the following format: ID1, L1, V1, ID2, L2, V2, … Where:

• ID is a two-byte Proprietary Data Identifier. Proprietary Data Identifiers are registered by EMVCo.

• L is the length of the value field coded in 1 byte (0 to 255).

• V is the value field. Its content is proprietary and format is out of scope of D-PAS. The Application Selection Registered Proprietary Data is a primitive data object and its value field is not BER-TLV coded.

In particular:

• IDs have no structure (they are not tags according to BER-TLV coding).

• The lengths L are always 1 byte.

• IDs can appear in the Application Selection Registered Proprietary Data only if:

• they have been registered by EMVCo;

• and their usage by the Terminal is according to their intended usage, as agreed by EMVCo during registration.

4.6.39 File Control Information:

It contains application information and is returned as response data in a SELECT command. This is a constructed data object.

Tag	Value
6F	FCI Template
	84	DF Name
	A5	FCI Proprietary Template
		50	Application Label
		87	Application Priority Indicator
		5F2D	Language Preference
		9F11	Issuer Code Table Index
		9F12	Application Preferred Name
		9F38	PDOL
		BF0C	FCI Issuer Discretionary Data
			42	Issuer Identifier Number
			5F28	Issuer Country Code
			9F4D	Log Entry
			DF62	Application Selection Tag
			DF3A	Card Feature Version Number
			DF3B	Card Feature Descriptor
			9F6E	Form Factor Indicator
			9F0A	Application Selection Registered Proprietary Data
C1 = Mandatory if Extended Logging is enabled
C2 = Mandatory if Data Storage and / or Extended Logging are enabled.

Table 13: The FCI structure

4.6.40 Processing Data Objects List (PDOL):

It contains a list of terminal resident data objects (tags and lengths) needed by the card application in processing the GET PROCESSING OPTIONS command.

Tag	Data	Length
9F66	Terminal Transaction Qualifiers (TTQ)	4
9F02	Amount, Authorized	6
9F03	Amount, Other	6
9F1A	Terminal Country Code	2
5F2A	Transaction Currency Code	2
9A	Transaction Date	3
9C	Transaction Type	1
9F37	Unpredictable Number	4

Table 14: Processing Data Objects List

4.6.41 Issuer Code Table Index:

Indicates the code table according to ISO/IEC 8859-1 for displaying the Application Preferred Name.

4.6.42 Application Preferred Name:

It is preferred mnemonic associated with the AID.

4.6.43 Application Selection tag:

It contains Terminal provided data to be forwarded to the Card with the GENERATE AC command, as per DSDOL formatting.

4.6.44 Transaction Log Entry:

If transaction Logging is supported, devices that read the Transaction Log use the Log Entry data element to determine the location (SFI) and the maximum number of Transaction Log records A terminal obtains this value from the SELECT response in the FCI. This data element is also personalized outside the SELECT response, so that the application knows where to log transactions and the maximum number of records supported in the Transaction Log file. Note: [EMV] specifies that the transaction log file should be in an SFI between 11 and 30.

Byte 1
b8	b7	b6	b5	b4	b3	b2	b1	Meaning
0	0	0	-	-	-	-	-	RFU
-	-	-	X	X	X	X	X	SFI containing the cyclic Transaction Log file
Byte 2
b8	b7	b6	b5	b4	b3	b2	b1	Meaning
X	X	X	X	X	X	X	X	Maximum number of records in the Transaction Log file

Table 15: Transaction Log Entry Data Element format

Example: A Log Entry Data Element (Tag 9F4D) with the following content ‘0D0A’ indicates that the transaction log file is located in SFI 13 and contains a maximum of 10 records.

4.6.45 Card Feature Version Number:

The Card Feature Version Number shall be personalized if Data Storage or Extended Logging is required. The current Card Feature Version Number is ‘02’.

4.6.46 Card Feature Descriptor:

The card feature description shall be personalized if data storage or extended logging are required. Where the Multiple Application Mechanism is implemented, bytes 2 and 3 of the Card Feature Descriptor of the Subsidiary Data Storage Application shall be personalized with the same values as in the Principal Data Storage Application.

Byte	Meaning
1	Feature configuration options, encoded as:
	Bits 8-6: 000 (RFU)
	Bits 5-4: 00 (Reserved for transit use).
	Bit 3: 0 = Contactless tearing recovery is not supported*, 1 = Contactless tearing recovery is supported*.
	Bit 2: 0 = Extended Logging is not supported, 1 = Extended Logging is supported.
	Bit 1: 0 = Data Storage not supported, 1 = Data Storage supported.
2	Short File Identifier (SFI) of the Data Store. Format b, encoded as:
	Bits 8-4: SFI (set to 00000b if the card does not support Data Storage)
	Bits 3-1: 000 (RFU)
3	The number of Data Containers in the Data Store. Format b. Set to ’00’ if the card does not support Data Storage.
4+	Card ID – the card’s globally unique identifier. Format b. Shall match the Card ID (tag ‘DF3E’) personalized in one of the signed AFL records.
* Relevant for dual interface cards

Table 16: Card Feature Descriptor Format

4.6.47 Form Factor Identifier:

Element indicates the form factor of the device used. The value of the data element is proprietary and defined by NEPALPAY.

Byte/Bit	Value	Attribute	Comments
1/8-5	01	FFI Version
1/4-3	00 – Regular EMV	Payment Platform	Regular chip based Transactions e.g.: chip card, stickers, key fob, etc.
	01 – SE		Secure Element based solution e.g. Apple Pay
	10 – HCE		Host Card Emulation based solution e.g. Android Pay
	11 – RFU
1/2-1	00	RFU
2/8-1	00 – Plastic Contact Only Card	Device Type
	01 – Plastic Dual Interface Card
	02 – Plastic Contactless Only Card
	03 – Plastic Contactless Sticker
	04 – Phone
	05 – Watch
	06 – Glasses/VR Headset
	07 – Bracelet
	08 – Key fob
	09 – Smart ring
	0A-EF – RFU
	FF – Other Device type
3/8-3	00 – Java Plastic Card	OS Family
	01 – Multos Plastic Card
	02 – Apple iOS
	03 – Apple Watch OS
	04 – Google Android
	05 – Samsung Tizen
	06 – Microsoft Windows
	07-3E – RFU
	3F – Other OS Family
3/2-1	00	RFU
4/8	1 – Contact Supported	Interfaces Supported
	0 – Contact Not Supported
4/7	1 – Contactless Supported
	0 – Contactless Not Supported
4/6	1 – In-App Supported
	0 – In-App Not Supported
4/5-1	00000 – RFU
5/8	1 – CDCVM based on Passcode Supported	Security Features
	0 – CDCVM based on Passcode Not Supported
5/7	1 – CDCVM based on Fingerprint/Palmprint Matching Supported
	0 – CDCVM based on Fingerprint/Palmprint Matching Not Supported
	1 – CDCVM based on Face Recognition Supported
	0 – CDCVM based on Face Recognition Not Supported
5/5	1 – CDCVM based on Pulse/Heartbeat Recognition Supported
	0 – CDCVM based on Pulse/Heartbeat Recognition Not Supported
5/4	0000 – RFU
6/8	1 – Non Financial Infrastructure Communication Supported	Communication Features	Device has ability to communicate outside of the Financial Infrastructure (internet, Bluetooth, telephony etc.)
	0 – Non Financial Infrastructure Communication Not Supported
6/7	1 – Accepts Input		Device has ability to accept input from cardholder (keyboard, voice, etc.)
	0 – Does not Accept Input
6/6	1 – On Device OTP Supported		Device can accept/generate a one-time password (e.g.: RSA token)
	0 – On Device OTP Not Supported
6/5	1 – 2-Way Messaging Supported		Device can send and receive text messages (special variety of non- financial infrastructure communication)
	0 – 2-Way Messaging Not Supported
6/4-1	0000 – RFU
7/8-1	00 – RFU
8/8-1	00 – RFU

Table 17: Form Factor Indicator

4.6.48 Application File Locator (AFL):

The AFL is a list identifying the files and records to be used in the processing of a transaction. The terminal shall only read the records named in the AFL.

B1		B2	B3	B4
SFI XXXXX	000	First Record no.	Last Record no.	Last Authenticated Record no.

Table 18: Structure of an Application File Locator (AFL) entry

Byte	Acceptable Range	Description
B1	NA	The first five MSB contain the SFI number. The three LSB bits shall always be 0.
B2	Never 0	The first/only record number read from the file.
B3	>= B2	The last record number to be read from the file. If (B3 > B2) read records B2 to B3 from the file. If (B3 == B2) read record B2 from the file.
B4	0 to (B3-B2) + 1	Number of records involved in Offline Data Authentication. Starting from B2.

Table 19: AFL Description

4.6.49 Track 2 Equivalent Data:

It contains data equivalent to Track 2 Magnetic Stripe data. Contained in Terminal file records. See Table 5: Track 2 Encoding Format

4.6.50 Application Interchange Profile (AIP):

The AIP indicates the capabilities of the card to support specific functions in the application.

Byte	Bit	Definition	Contact Value	Contactless EMV
1	8	RFU	0	0
	7	Static Data Authentication (SDA) supported	0	0
	6	Dynamic Data Authentication (DDA) supported	1	0
	5	Cardholder verification is supported	1	1
	4	Terminal risk management is to be performed	1	1
	3	Issuer authentication is supported	1	0
	2	RFU	0	0
	1	Combined Data Authentication (CDA) supported	1	1
			3D	19
2	8	RFU	0	0
	7	RFU	0	0
	6	RFU	0	0
	5	RFU	0	0
	4	RFU	0	0
	3	RFU	0	0
	2	RFU	0	0
	1	RFU	0	0
			00	00

Table 20: Application Interchange Profile (AIP)

4.6.51 Application Configuration Options C1/C0:

Byte	Bit	Definition Contact - Tag C1	Val	Definition Contactless - Tag C0	Val
1	8	Offline enciphered PIN verification supported (RFU for SDA-only application)	0	RFU	0
	7	Separate Key pair used for Offline enciphered PIN verification (RFU for SDA-only application)	0	RFU	0
	6	Skip CAC Default check on CAT3 Terminals	0	PTC checking is supported (dual interface implementation only).	0
	5	Authorization response with no Issuer authentication data accepted	0	Confirmation Code supported only if CDCVM supported	0
	4	Reset Offline counters during Partial Chip Implementation Transaction	0	Prepaid Product	0
	3	Transaction logging is supported: Log approved Transactions	0	Wearable device	0
	2	Transaction logging is supported: Log online requested Transactions	0	Transaction logging is supported: log all Transactions	1
	1	Transaction logging is supported: Log declined offline and online Transactions	1	Domestic Transaction based on Country Code (otherwise it is based on Currency Code)	1
			01		03
2	8	Offline plaintext PIN verification supported	0	AFL inclusion for online Transaction	0
	7	Data input for ARQC (0=include IAD, 1=include only CVR)	0	Data input for ARQC (0 = Include IAD, 1 = Include only CVR)	0
	6	Use of Issuer Discretionary Data (IDD)/IADOL in Issuer Application Data	0	Use of Issuer Discretionary Data (IDD)/IADOL in Issuer Application Data	0
	5	Enable Issuer Defined Data Tags (IDDT)	0	Enable Issuer Defined Data Tags (IDDT)	0
	4	Activate / Enable all predefined PDOL checks	0	Activate /enable all predefined PDOL checks	0
	3	CVR input for ARQC and IAD (0 = Use first six CVR bytes, 1 = Use all seven CVR bytes)	0	RFU	0
	2	READ RECORD, and GET DATA only after GET PROCESSING OPTIONS (GPO)	0	GET DATA only after GET PROCESSING OPTIONS (GPO)	0
	1	Allow retrieval of values and limits of counters, as well as ‘Offline balance’.	0	Separate Key pair used for CDA computation over contactless interface	0
			00		00
3	8	RFU	0	Offline Data Authentication supported for online transactions	0
	7	RFU	0	CDCVM Allowed for Cash Advance	0
	6	RFU	0	Commit after READ RECORD	0
	5	CDCVM Reader requires pre-entry only (as it is powered by the card)	0	Card Only: CDCVM Reader requires pre-entry only (as it is powered by the card)	0
	4	Card has a display	0	Card Only: Card has a display	0
	3	Confirmation Code supported (only if CDCVM supported)	0	Mobile Only: Passcode Verification required for non-matching currency	0
	2	RFU	0	RFU	0
	1	RFU	0	RFU	0
			00		00

Table 21: Application Configuration Options (ACO)

4.6.52 Card Action Codes (CACs):

NEPALPAY application proprietary data elements indicating Issuer-specified action for the card to take for certain exception conditions. Each profile contains Card Action Codes for Denial, Default, and Online. Each CAC is compared to the Card Verification Results to take transaction decisions. CAC bytes 1, 2 and 3 match CVR bytes 4, 5 and 7.

Byte	Bit	Definition	Denial	Online	Default
1	8	Unable to go on-line during previous Transaction	0	0	0
	7	Issuer Authentication not performed during previous online Transaction.	0	0	0
	6	Issuer Authentication failed during previous Transaction	0	0	0
	5	Script received on previous transaction	0	0	0
	4	Script failed on previous transaction	0	0	0
	3	PTH forced on-line ('Go online next Transaction')	0	1	1
	2	PDOL forced on-line (during GPO)	0	1	1
	1	PDOL forced decline (during GPO)	0	0	0
			00	06	06
2	8	Invalid PDOL check	0	1	0
	7	Offline PIN verification failed	0	1	1
	6	PIN Try Limit Exceeded	0	1	0
	5	Lower Consecutive Offline Transaction limit exceeded (LCOL)	0	1	1
	4	Upper Consecutive Offline Transaction limit exceeded (UCOL)	0	1	0
	3	Lower Cumulative Offline Transaction Amount limit exceeded (LCOA)	0	0	0
	2	Upper Cumulative Offline Transaction Amount limit exceeded (UCOA)	0	1	0
	1	Single Transaction Amount limit exceeded (STA)	0	1	0
			00	FB	50
3	8	RFU	0	0	0
	7	RFU	0	0	0
	6	RFU	0	0	0
	5	Data Storage Failed limit exceeded (only if data storage supported)	0	0	0
	4	Data Storage Directory retrieved (only if data storage supported)	0	0	0
	3	Neither Offline PIN verification nor CDCVM performed	0	0	0
	2	CDCVM performed (only if CDCVM supported)	0	0	0
	1	CDCVM performed and failed (only if CDCVM supported)	0	0	0
			00	00	00

Table 22: Card Action Code (Contact - CAC) - Tag C5, C6, C7

4.6.52.1 CAC – Denial:

It is used by the Issuer to set the situations when a transaction is always declined at the 1st GENERATE AC.

4.6.52.2 CAC - Default:

It is used by the Issuer to set the situations when a transaction is declined if the terminal is not online-capable or if connection to the Issuer is not possible.

4.6.52.3 CAC – Online:

It is used by the Issuer to set the situations when a transaction goes online if the terminal is online-capable.

4.6.53 CRM Country Code:

Internal card data element, used in Card Risk Management to identify International / Domestic transactions. Equivalent to EMV element ‘5F28’, which is located in Terminal file records.

4.6.54 CRM Currency Code:

Internal card data element, used in Card Risk Management to identify transaction currency, and apply currency conversion parameters. Equivalent to EMV element ‘9F42’, which is located in Terminal file records.

4.6.55 Currency Conversion Code (CCC) 1,2:

The Currency Conversion Code is used to convert transactions in a recognized currency code into the primary currency code. The application increments COA with the converted amount. An Issuer Script may be used to modify this data element

Byte	Data	Length
1-2	Secondary Currency Code (according to [ISO 4217])	2
3-4	Conversion rate: Decimal BCD coding of the multiplication factor used to convert the Secondary Application Currency Code to the card’s Primary Application Currency Code	2
5	Conversion exponent: A signed number used to indicate the power of 10 used to modify the Conversion Rate with b1-b7 indicating the value of the exponent and b8 indicating the sign. If(b8 = 1b) sign is negative Approximate Value = Transaction Amount * Conversion Rate)/10 Conversion exponent(b7 to b1) If(b8 = 0b) sign is positive Approximate Value = Transaction Amount * Conversion Rate *10 Conversion exponent(b7 to b1) Note: Approximate Value shall never be larger than 999999999999	1

Table 23: Currency Conversion Code Content

4.6.56 Log Format:

It identifies the content of records (tag and length) that are logged by the card application. This value may be obtained from the application using the GET DATA command. The Log Format is coded like a Data Objects List (DOL).

Tag	Data	Length
9F02	Amount, Authorized	6
5F2A	Transaction Currency Code	2
9A	Transaction Date	3
9F36	Application Transaction Counter (ATC)	2
9F34	CVM Results	3
9F52	Contact CVR	7
9F1A	Terminal Country Code	2
95	TVR	5
9C	Transaction Type	1
8A	Authorization Response Code	2
9F37	Unpredictable Number	4
9F03	Amount, Other	6
9F53	CL CVR	8
9F66	Terminal Transaction Qualifiers (TTQ)	4
9F71	Card Processing Requirement (CPR)	2

Table 24: Log Format- Dual Interface

4.6.57 Extended Logging Data:

It is used to include optional Merchant data in the application’s transaction log. Extended Logging is enabled when the Extended Logging Data tag is personalized in the Transaction Log Format. If enabled, the Card Feature Version Number and Card Feature Descriptor shall also be present, and the Card Feature Descriptor shall be personalized with field B1b2 = 1.

4.6.58 Card Processing Requirement (CPR):

It indicates the card requirements necessary to process the transaction to the reader.

Byte	Bit	Definition	Value
1	8	Online PIN required	0
	7	Signature required	0
	6	PID Limit reached - Loyalty Transaction approved	0
	5	Consumer Device CVM performed	0
	4	RFU	0
	3	RFU	0
	2	RFU	0
	1	RFU	0
			00
2	8	Switch to other interface if unable to process online	1
	7	Process online if CDA failed	1
	6	Decline/switch other interface if CDA failed	0
	5	Issuer update processing supported	0
	4	Process online if Card expired	1
	3	Decline if Card expired	0
	2	CVM fallback to signature allowed	1
	1	CVM fallback to No CVM allowed	1
			CB

Table 25: Card Processing Requirement (CL-CPR)

4.6.59 CRM - Card Action Code:

It indicates Issuer-specified actions for the card to take for certain exception conditions. CRM-CACs are used during Card Risk Analysis (CRA). Byte 1 is compared to Byte 2 of the CL-CVR and Bytes 2-3 are compared to Bytes 4 and 5 of the CL-CVR.

Byte	Bit	Definition	Other Interface	Denial	Online	Default
1	8	Online cryptogram (ARQC) required.	0	0	1	1
	7	Transaction Type required to be processed online with online PIN CVM (e.g., purchase with cash-back, prepaid top-up, etc.)	0	0	1	1
	6	Transaction type required to be processed offline without any CVM.	0	0	0	0
	5	Domestic Transaction (based on Contactless-ACO setting).	0	0	1	1
	4	International Transaction	0	0	1	1
	3	PIN try limit exceeded (dual-Interface implementation only)	1	0	1	1
	2	CDCVM not performed (only if CDCVM supported)	0	0	0	0
	1	CDCVM failed (only if CDCVM supported)	0	0	0	0
			04	00	DC	DC
2	8	CDA failed during previous contactless Transaction	0	0	1	1
	7	Last contactless Transaction not completed	0	0	1	0
	6	“Go on-line next Transaction” was set by contact or contactless application	0	0	1	1
	5	Issuer Authentication failed during previous contact or contactless Transaction	0	0	1	1
	4	Script failed on previous contact or contactless Transaction	1	0	1	1
	3	Invalid PDOL check	0	0	1	1
	2	PDOL forced online (during GPO)	0	0	1	1
	1	PDOL forced decline (during GPO)	0	0	0	0
			08	00	FE	BE
3	8	CL-Consecutive Transaction Limit exceeded	0	0	1	1
	7	CL- Cum exceeded	0	0	1	1
	6	Single Contactless Transaction Amount limit exceeded	0	0	1	1
	5	LCOL exceeded	0	0	1	0
	4	UCOL exceeded	0	0	1	1
	3	LCOA exceeded	0	0	1	0
	2	UCOA exceeded	0	0	1	1
	1	Single Transaction Amount limit exceeded	0	0	1	1
			00	00	FF	EB

Table 26: CRM - Card Action Code (CL-CRM CAC) - Tag DF30, DF31, DF32, DF33

4.6.59.1 CRM - Card Action Code - Switch Interface:

It is used by the Issuer to specify when a transaction is terminated to use another interface.

4.6.59.2 CRM - Card Action Code - Denial:

It is used by the Issuer to specify when a transaction is declined.

4.6.59.3 CRM - Card Action Code - Online:

It is used by the Issuer to specify when a transaction goes online.

4.6.59.4 CRM - Card Action Code - Default:

It is used by the Issuer to specify when a transaction shall be declined at an offline-only reader.

4.6.60 CVM - Card Action Code:

It indicates Issuer-specified CVMs to verify the cardholder. CVM-CACs are used during Card Risk Analysis (CRA). Byte 1 is compared to Byte 2 of the CL-CVR and Byte2 is compared to Byte 3 of the CL-CVR.

Byte	Bit	Definition	Online PIN Value	Signature Value
1	8	Online cryptogram (ARQC) required.	1	1
	7	Transaction Type required to be processed online with online PIN CVM (e.g., purchase with cash-back, prepaid top-up, etc.)	1	0
	6	Transaction type required to be processed offline without any CVM.	0	0
	5	Domestic Transaction (based on Contactless-ACO setting).	1	1
	4	International Transaction.	1	1
	3	PIN try limit exceeded (dual-Interface implementation only)	1	1
	2	CDCVM performed (only if CDCVM supported)	0	0
	1	CDCVM performed and failed (only if CDCVM supported)	0	0
			DC	9C
2	8	CVM Required	1	1
	7	Mobile Only: CDCVM local validation performed	0	0
	6	Consecutive CVM Transaction Limit 1 (CVM-Cons 1) exceeded	0	0
	5	Consecutive CVM Transaction Limit 2 (CVM-Cons 2) exceeded	0	0
	4	Cumulative CVM Transaction Amount Limit 1 (CVM-Cum 1) exceeded	0	0
	3	Cumulative CVM Transaction Amount Limit 2 (CVM-Cum 2) exceeded	0	0
	2	CVM-STA 1 exceeded	0	0
	1	CVM-STA 2 exceeded	0	0
			80	80

Table 27: CVM - Card Action Code (CL-CVM CAC) - Tag DF34, DF35

5.8.61.1 CVM - Card Action Code - Online PIN:

It is used by the Issuer to specify when online PIN shall be processed if supported by the reader.

5.8.61.2 CVM- Card Action Code - Signature:

It is used by the Issuer to specify when a signature shall be requested if supported by the reader.

4.6.61 Issuer Application Data (IAD):

It Contains proprietary application data to be transmitted to the Issuer in an online transaction (in the authorization request) and after transaction completion in the clearing record. It is the concatenation of internal card data elements listed in the following table and Issuer Discretionary Data (IDD). If present, the IDD allows the Issuer to transmit online additional data as PDS items or tags that are not available in the authorization request. The Issuer selects those data by using IADOL.

Data Element	Length (Contact)	Length (Contactless)
Derivation Key Index (DKI)	1	1
Cryptogram Version Number (CVN)	1	1
Card Verification Results (CVR) (contains profile ID, PTC, Script Counter)	6 (if ACO B2b3 = 0) or 7 (if ACO B2b3 = 1)	8
Issuer Discretionary Data items listed in IADOL	n	n

Table 28: Issuer Application Data

4.6.62 Issuer Life Cycle Data:

It provides application version information, type approval information, and Issuer specified data. Issuer Life Cycle Data is stored at the application level and may be obtained using the GET DATA command

Data Element	Length (bytes)	Description
Version number	1	Identifies the version of NEPALPAY implemented.
Approval ID	7	Identifier assigned by NEPALPAY upon completion of type approval testing, and during letter of approval issuance to vendor.
Application Issuer Life Cycle Data	20	Issuer specified data element. The contents of this data element may be set during data preparation. The coding of the contents of this field is not specified by NEPALPAY but is at the discretion of the Issuer. Typical data might include application AID, Issuer IIN or BIN.
Application Code ID	20	Application provider specified data element. Parameters identify the behavior of the application. This data element is set during pre-personalization or coded into the application. The coding of the contents of this field is not specified by NEPALPAY but is at the discretion of the application provider. Typical data might include application configuration option, PRU, application version, application provider ID.

Table 29: Issuer Life Cycle Data

4.6.63 Application State:

It is used on dual-interface Cards to indicate if Contactless NEPALPAY is activated or deactivated. The value may be obtained using the GET DATA command and can be updated using a PUT DATA command.

Meaning	Value
Application deactivated	00
Application activated	01

Table 30: Application State Encoding

4.6.64 CVM List:

Identifies a prioritized list of methods of verification of the cardholder supported by the application. Each entry in the list specifies a method, encoded in 2 bytes.

Byte	Meaning	Condition				Recommended Value
1-4	Amount X	M				00000000
5-8	Amount Y	M				00000000
Byte 9-10
Order	Authentication Method	Selection Condition	Action for CVM Failure	CVM Code	CVM Condition Code	Value
1	Online PIN	If Supported by the Terminal	Failed CVM Processing	00000010	03	0203
2	Signature	If Supported by the Terminal	Failed CVM Processing	00011110	03	1E03
3	No CVM	If Supported by the Terminal	Failed CVM Processing	00011111	03	1F03

Table 31: CVM List

4.6.65 Application Currency Code:

It indicates the currency in which the account is managed according to ISO4217. This data object shall be present if the CVM List contains a condition code value of 06, 07, 08, or 09.

4.6.66 Application Currency Exponent:

It indicates the implied position of the decimal point from the right of the amount represented according to ISO 4217. The decimal point location of amounts expressed in the currency code specified in the Application Currency Code. This Data Object shall be present if the CVM List contains a condition code value of: 06, 07, 08, or 09.

4.6.67 Issuer Country Code:

Indicates the country of the Issuer according to ISO 3166. The terminal uses this data with AUC to check geographic restrictions.

4.6.68 Service Code:

The service code helps determine the card’s acceptance conditions, such as whether it can be used for international transactions, cash withdrawals, or purchases. Pin required or not?

	Position 1	Position 2	Position 3
Value	Interchange- Technology	Authorization Processing	Allowed Services- PIN Requirements
0	Reserved for future use by ISO	Normal	No restrictions -PIN Required
1	International Magnetic Card	Reserved for future use by ISO	No restrictions
2	International Integrated Circuit Card	By Issuer via Online	Goods and services only
3	Reserved for future use by ISO	ATM only	PIN Required
4	Reserved for future use by ISO	By Issuer via Online unless explicit bilateral agreement applies	Cash only
5	National Magnetic Stripe Card	Reserved for future use by ISO	Goods and services only -PIN Required
6	National Integrated Circuit Card	Reserved for future use by ISO	No restrictions -Prompt for PIN if PED present
7	Private	Reserved for future use by ISO	Goods and services only -Prompt for PIN if PED present
8	Reserved for future use by ISO	Reserved for future use by ISO	Reserved for future use by ISO
9	Test	Reserved for future use by ISO	Reserved for future use by ISO

Table 32: Service Code

4.6.69 Pin Try Counter:

Global counter indicating the number of PIN tries remaining. Initial value is set by the Issuer at personalization time. Decremented by 1 each time an incorrect PIN is entered. Reset to the PIN Try Limit when the correct PIN is entered or when the PIN is changed or unblocked by the Issuer.

4.6.70 Application Primary Account Number:

Valid cardholder account number. Contained in Terminal File records. Odd length PANs are padded with hex ‘F’ for storage in the ICC. Recommendation: pad with a maximum of 1 ‘F’.

4.6.71 Cardholder Name:

Indicates cardholder name according to ISO 7813.

4.6.72 Cardholder Name Extended:

Extends Cardholder Name to 45 bytes if required.

4.6.73 Application PAN Sequence Number:

Identifies and differentiates cards with the same PAN. Contained in Terminal File records.

4.6.74 Application Effective Date:

Date from which the application may be used. Contained in Terminal File records.

4.6.75 Application Expiration Date:

Date after which the application is no longer valid. Contained in Terminal File records.

4.6.76 Application Version Number:

It identifies the format of the Issuer Application Data and the CVR used. Contained in Terminal File Records. The current NEPALPAY application version number is ‘0002’.

4.6.77 Application Usage Control:

Indicates Issuer’s specified restrictions on the geographic usage and services allowed for the application.

Byte	Bit	Definition	Domestic	International
1	8	Valid for domestic cash Transactions	1	0
	7	Valid for international cash Transactions	1	1
	6	Valid for domestic goods	1	0
	5	Valid for international goods	1	1
	4	Valid for domestic services	1	0
	3	Valid for international services	1	1
	2	Valid at ATMs	1	1
	1	Valid at terminals other than ATMs	1	0
			FF	56
2	8	Domestic cashback allowed	0	0
	7	International cashback allowed	0	0
	6	RFU	0	0
	5	RFU	0	0
	4	RFU	0	0
	3	RFU	0	0
	2	RFU	0	0
	1	RFU	0	0
			00	00

Table 33: Application Usage Control (AUC)

Note: As our transactions from Nepal, India, and Bhutan are considered domestic, they have different currency codes, so we can’t segregate domestic and international transactions. Therefore, control should be applied at the network level.

4.6.78 Issuer Action Code

ICC contains Issuer Action Codes used by the terminal for Denial, Default, and Online during the Terminal Action Analysis.

Byte	Bit	Definition	Denial	Online	Default
1	8	Offline data authentication was not performed	0	1	1
	7	SDA failed	0	0	0
	6	ICC data missing	0	1	1
	5	Card appears on terminal exception file	0	1	1
	4	DDA Failed	0	1	1
	3	CDA failed	0	1	1
	2	SDA Selected	0	0	0
	1	RFU	0	0	0
			00	BC	BC
2	8	ICC and terminal have different application versions	0	0	0
	7	Expired application	0	1	1
	6	Application not yet effective	0	1	1
	5	Requested service not allowed for card product	0	0	0
	4	New Card	0	1	0
	3	RFU	0	0	0
	2	RFU	0	0	0
	1	RFU	0	0	0
			00	68	60
3	8	Cardholder verification was not successful	0	1	1
	7	Unrecognized Cardholder Verification Method (CVM)	0	0	0
	6	PIN Try Limit Exceeded	0	0	0
	5	PIN entry required but PIN pad not present or not working	0	1	0
	4	PIN entry required, PIN pad present but PIN not entered	0	1	1
	3	Online PIN entered	0	1	1
	2	RFU	0	0	0
	1	RFU	0	0	0
			00	9C	8C
4	8	Transaction exceeds floor limit	0	1	1
	7	Lower Consecutive Offline Limit Exceeded	0	0	0
	6	Upper Consecutive Offline Limit Exceeded	0	0	0
	5	Transaction selected randomly for online processing	0	1	0
	4	Merchant forced transaction online	0	1	1
	3	RFU	0	0	0
	2	RFU	0	0	0
	1	RFU	0	0	0
			00	98	88
5	8	Default TDOL Used	0	0	0
	7	Issuer Authentication was unsuccessful	0	0	0
	6	Script processing failed before final GENERATE AC	0	0	0
	5	Script processing failed after final GENERATE AC	0	0	0
	4	Reserved for future use by the EMV Contactless Specifications	0	0	0
	3	Reserved for future use by the EMV Contactless Specifications	0	0	0
	2	Reserved for future use by the EMV Contactless Specifications	0	0	0
	1	Reserved for future use by the EMV Contactless Specifications	0	0	0
			00	00	00

Table 34: Issuer Action Code (Contact - IAC) - Tag 9F0D, 9F0E, 9F0F

4.6.78.1 Issuer Action Code – Default:

It specifies the Issuer’s conditions that cause a transaction to be declined if it might have been approved online, but the terminal is unable to process the transaction online.

4.6.78.2 Issuer Action Code – Denial:

It specifies the Issuer’s conditions that cause the decline of a transaction without attempt to go online.

4.6.78.3 Issuer Action Code – Online:

It specifies the Issuer’s conditions that cause a transaction to be transmitted online.

4.6.79 Payment Account Reference (PAR):

Static reference defined in [EMV SB-167] that represents the account that a PAN is associated with. This can be used to represent multiple PANs associated with an account where business processes shall work across those PANs consistently (e.g. to enable Merchants and Acquirers to make a link between tokenized and non-tokenized PANs on the same payment account in order to enable back-office processing and value-added services).

4.6.80 Card Risk Management Data Object List 1(CDOL 1):

It is a list of the tags and lengths of data elements that shall be passed to the ICC in the 1st GENERATE AC command.

TAG	DATA ELEMENT	LENGTH
9F02	Amount, Authorized	6
9F03	Amount, Other	6
9F1A	Terminal Country Code	2
95	Terminal Verification Results	5
5F2A	Transaction Currency Code	2
9A	Transaction Date	3
9C	Transaction Type	1
9F37	Unpredictable Number	4
9F35	Terminal Type	1
9F34	CVM Results	3

Table 35: CDOL1 Content

4.6.81 Card Risk Management Data Object List 2 (CDOL2):

It is a list of the tags and lengths of data elements that shall be passed to the ICC in the 2nd GENERATE AC command.

TAG	DATA ELEMENT	LENGTH
91	Issuer Authentication Data	10
8A	Authorization Response Code	2
95	Terminal Verification Results	5
9F37	Unpredictable Number	4

Table 36: CDOL2 Content

4.6.82 Static Data Authentication (SDA) Tag List:

List of tags of primitive data objects defined in the EMV specification whose value fields are to be included in the Signed Static Application Data or ICC Public Key Certificate or ICC PIN Encipherment Public Key Certificate. If supported, the SDA Tag List contains only the tag of the Application Interchange Profile.

4.6.83 Issuer Public Key Exponent:

Issuer Public Key exponent used for the verification of the Signed Static Application Data and the ICC Public Key Certificate.

4.6.84 Certification Authority Public Key Index:

It identifies the DFS Certificate Authority Public Key/Private Key pair used in offline static and dynamic data Authentication (SDA, DDA, and CDA, Offline Enciphered PIN supported)

4.6.85 Key Length:

Recommended Value: 1984

4.6.86 Issuer Public Key Remainder:

Remaining digits of the Issuer Public Key Modulus.

4.6.87 Issuer Public Key Certificate:

Issuer Public Key certified by the DCI Certification Authority for use in offline static and dynamic data authentication (SDA, DDA, CDA).

4.6.88 ICC Public Key Exponent:

ICC Public Key exponent used for the verification of the Signed Dynamic Application Data.

4.6.89 ICC Public Key Certificate:

ICC Public Key certified by the Issuer.

4.6.90 ICC Public Key Remainder:

Remaining digits of the ICC Public Key Modulus.

4.6.91 Issuer Application Data Object List (IADOL):

It is personalized by the Issuer, indicates the contents in Issuer Application Data. IADOL allows the Issuer to request date element such as Offline counters or IDDT items. This adds flexibility to the application. The contents of the IADOL shall be such that the total length of the Issuer Discretionary Data is such that the overall length of the IAD is less than or equal to 32 bytes. The following table provides a list of data objects which may be included in IADOL list.

Tag	Data Element	Length
‘00C2’	Issuer Life Cycle Data	48 *
‘00C3’	Currency Conversion Code 1	5
‘00C4’	Currency Conversion Code 2	5
‘00C5’	Card Action Code – Denial *profile-specific	3 *
‘00C6’	Card Action Code – Default *profile-specific	3 *
‘00C7’	Card Action Code – Online *profile-specific	3 *
‘00C8’	Lower Cumulative Offline Amount (LCOA) *profile-specific	6
‘00C9’	Upper Cumulative Offline Amount (UCOA) *profile-specific	6
‘00CA’	Single Transaction Amount (STA) limit *profile-specific	6
‘00CB’	Lower Consecutive Offline Limit (LCOL) *profile-specific	1
‘00CC’	Upper Consecutive Offline Limit (UCOL) *profile-specific	1
‘00CD’	Number of Consecutive Offline Transactions (NCOT) Counter *profile-specific	1
‘00CE’	Cumulative Offline Amount Counter (COA) *profile-specific	6
‘00D1’	Offline Balance	6
‘00DC’	CDCVM Type	1
‘DF45’	CDCVM Status	1
‘9F34’	CVM Results	3
‘DF01’ – ‘DF0A’	Issuer Defined Data Tag (IDDT) 0 –- 9	Var.
‘DF36’	Key Index	1
‘DF38’	Data Storage Failed Counter	1

Table 37: Tags Supported by Issuer Application Data Object List (IADOL) List – Contact Card

Tag	Data Element	Length
‘00C8’	Lower Cumulative Offline Amount (LCOA) *profile-specific	6
‘00C9’	Upper Cumulative Offline Amount (UCOA) *profile-specific	6
‘00CA’	Single Transaction Amount (STA) limit *profile-specific	6
‘00CB’	Lower Consecutive Offline Limit (LCOL) *profile-specific	1
‘00CC’	Upper Consecutive Offline Limit (UCOL) *profile-specific	1
‘00CD’	Number of Consecutive Offline Transactions (NCOT) Counter *profile-specific	1
‘00CE’	Cumulative Offline Amount Counter (COA) *profile-specific	6
‘00D4’	CVM-Accumulator	6
‘00D9’	CVM-Counter	1
‘00DC’	CDCVM Type	1
‘DF45’	CDCVM Status	1
‘DF40’	CL-Accumulator	6
‘DF43’	CL-Counter	1
‘00D1’	Offline Balance	6
‘DF01’ – ‘DF0A’	Issuer Defined Data Tag (IDDT) 0 –- 9	Var.
‘DF36’	Key Index	1
‘DF38’	Data Storage Failed Counter	1
‘DF6x’	PID Counter ‘6x’ | PID Counter Limit ‘6x’ | PID Minimum Amount ‘6x’ (where x is ‘A’ to ‘F’)	20 bytes with the last 12 bytes padded to ‘FF”
‘DF7x’	PID Accumulator ‘7x’ | PID Accumulator Limit ‘7x’ (where x is ‘A’ to ‘F’)	20 bytes with the last 8 bytes padded to ‘FF”
‘DF5x’	PID Counter ‘5x’ | PID Counter Limit ‘5x’ | PID Accumulator ‘5x’ | PID Accumulator limit ‘5x’ | PID Minimum Amount ‘5x’	20 bytes

Table 38: Tags Supported by Issuer Application Data Object List (IADOL) List – Contactless Card

4.6.92 Issuer Defined Data Tags (IDDT):

IDDT are proprietary data tags in the range DF01 to DF0A which are available to the Issuer for non EMV use. The elements are accessible using PUT DATA and GET DATA commands.

4.6.93 Lower Cumulative Offline Amount (LCOA):

It is specifying the maximum total amount of offline transactions in the primary and secondary currencies allowed for the transaction profile before a transaction is forced to go online. The LCOA limit may be profile-specific. If a profile-specific COA has exceeded the profile-specified LCOA limit, the ‘Lower Cumulative Offline Transaction Amount limit exceeded’ bit of CVR is set. Note: the value of this limit shall be less than 999999999999.

4.6.94 Upper Cumulative Offline Amount (UCOA):

It is specifying the maximum total amount of offline transactions in the primary and secondary currencies allowed for the transaction profile before a transaction is declined after an online transaction is unable to be performed. UCOA may be profile-specific. If the profile-specific COA counter has exceeded the profile-specified UCOA limit, the ‘Upper Cumulative Offline Transaction Amount limit exceeded’ bit of CVR is set during 1st Generate AC velocity checks. Note: the value of this limit shall be less than 999999999999.

4.6.95 Single Transaction Amount (STA) limit:

It is specifying the single amount of the transaction in the reference currency allowed for the card application/transaction profile before a transaction is forced to go online. If the transaction amount has exceeded this limit, the relevant CVR bit is set. Note: the value of this limit shall be less than 999999999999.

4.6.96 Lower Consecutive Offline Limit (LCOL):

It is specifying the maximum number of offline transactions allowed for the transaction profile before a transaction is forced to go online. The NCOT counter and LCOL limit may be profile-specific. If the profile-specified NCOT counter has exceeded the profile-specified LCOL, the ‘Lower Consecutive Offline Transaction limit exceeded’ bit of CVR is set (Byte 5, bit 5).

4.6.97 Upper Consecutive Offline Limit (UCOL):

It is specifying the maximum number of offline transactions allowed for the transaction profile before a transaction is declined after an online transaction is unable to be performed. UCOL may be profile-specific. If the profile-specified NCOT has exceeded this limit, the ‘Upper Consecutive Offline Transaction limit exceeded’ bit of CVR is set during 1st Generate AC velocity checks.

4.6.98 Number of Consecutive Offline Transactions (NCOT) Counter:

It is representing a profile-specific counter of consecutive offline transactions that have occurred for that card application since the last time a transaction went online. NCOT is used to perform card velocity checking. NCOT is initialized to zero. Incremented by 1 each time a transaction is completed offline. Optionally: Not incremented by 1 if the transaction amount is zero (if PRU B2b8 = ‘1’). Optionally: Reset to zero when a transaction is online approved by Issuer, regardless of the presence and validity of Issuer Authentication Data. By default: Reset to zero when a transaction is online approved by Issuer, Issuer Authentication is performed and successful, and appropriate CSU bit is set. The value of the profile-specific NCOT may be sent to the Issuer as part of the Issuer Application Data, if included in the IADOL list. If contained in Issuer application Data, and the appropriate configuration item is set, the NCOT may also be included in the Application Cryptogram.

4.6.99 Cumulative Offline Amount Counter (COA):

It is representing a profile-specific counter of cumulative total amount of offline transactions in the in the primary and secondary currencies for the card application since the last time a transaction went online. COA is used to perform card velocity checking. COA is initialized to zero and incremented by the amount authorized each time a transaction in the reference currency is completed offline. COA is reset to zero when a transaction is online approved by Issuer, Issuer Authentication succeeds, and appropriate CSU bit is set. Option: Reset to zero when a transaction is online approved by Issuer, regardless of whether Issuer Authentication Data is received and/or is successfully verified. The value of COA may be sent to the Issuer as part of the Issuer Application Data (if COA tag is included in IADOL). If COA is in Issuer application data, and the appropriate configuration item is set, it may also be included in Application Cryptogram.

4.6.100 CVM-Accumulator:

It is representing a counter of the cumulative total amount of transactions in the supported currencies that have occurred for CTL NEPALPAY since the last time a CVM was required. CVM-Accumulator is checked against CVM-Cum limit 1 and CVM-Cum limit 2 to determine the cumulative amount that a card can accept before requiring to perform a particular CVM (i.e., Online PIN or Signature).

4.6.101 CVM-Counter:

It is representing a counter of consecutive Contactless transactions that have occurred for the CTL NEPALPAY since the last time a CVM was required. CVM-Counter is checked against CVM-Cons limit 1 and CVM-Cons limit 2 to determine how often a CVM (i.e., Online PIN or Signature) must be performed by the reader.

4.6.102 Contactless – Accumulator:

It is representing a counter of the cumulative total amount of Contactless transactions in the supported currencies that have occurred via CTL NEPALPAY since the last time a transaction went online. CL- Accumulator is checked against CL-Cum limit to determine the cumulative offline amount that a card can accept before requiring an online authorization or using the Contact Interface (for a Dual-Interface implementation). CL- Accumulator and CL-Cum limit are only used if CACO B1b8 is set to ‘1’. Otherwise, CTL NEPALPAY uses COA and its related limits LCOA and UCOA.

4.6.103 Contactless – Counter:

It is representing a counter of consecutive Contactless transactions that have occurred via CTL NEPALPAY since the last time a transaction went online. CL-Counter is checked against CL-Cons limit to determine how often a Contactless transaction must be processed online or using another interface (for a Dual-Interface implementation). CL-Counter and CL-Cons limit are only used if CACO B1b7 is set to ‘1’. Otherwise, CTL NEPALPAY uses NCOT and its related limits LCOL and UCOL.

4.6.104 Counters and Accumulator Control Options (CACO):

Counters and accumulators supported in addition to Number of Consecutive Offline Transaction (NCOT) and Cumulative Offline Amount (COA), Operation of accumulators and counters (e.g., amount or transaction to be used), Conditions of reset, Retrieval access restrictions, and Specific features related to sharing options with the Contact Interface.

Byte	Bit	Definition	Value
Global Control Options
1	8	Use CL-Accumulator	1
	7	Use CL-Counter	1
	6	Use CVM-Accumulator	1
	5	Use CVM-Counter	0
	4	Count/Accumulate refund Transactions	0
	3	Count zero amount Transactions	0
	2	RFU	0
	1	Allow retrieval of values and limits of CRM/CVM counters and accumulators through GET DATA command	0
			E0
COA (CRM-Accumulator)
2	8	Usage of Amounts, Authorized and Other	0
	7
	6	RFU	0
	5	RFU	0
	4	Reset counters and accumulators if ARQC required	0
	3	RFU	0
	2	UCOA and LCOA must be shared with the contact interface	0
	1	Shared with contact interface (for dual-interface implementation only) If set, the accumulator and counter should be reset only over the Contact interface, with appropriate CSU bits set (B2b-1)	1
			01
NCOT (CRM-Counter)
3	8	Count all Transactions with non-matching currency codes	0
	7		1
	6		1
	5	RFU	0
	4	Reset counters and accumulators if ARQC required	0
	3	RFU	0
	2	UCOL and LCOL must be shared with the contact interface	0
	1	Shared with contact interface (for dual-interface implementation only) If set, the accumulator and counter should be reset only over the Contact interface, with appropriate CSU bits set (B2b-1)	1
			61
CL-Accumulator and CL-Counter
4	8	Use Amount, Authorized provided in tag ‘‘9F02’’	0
	7		0
	6	RFU	0
	5		0
	4	Reset counters and accumulators if ARQC required	0
	3	RFU	0
	2	STA must be shared with the contact interface	0
	1	Shared with contact interface (for dual-interface implementation only) If set, the accumulator and counter should be reset only over the Contact interface, with appropriate CSU bits set (B2b-1)	1
			01
CVM-Accumulator and CVM-Counter
5	8	Use Amount, Authorized provided in tag ‘‘9F02’’	0
	7		0
	6	RFU	0
	5	RFU	0
	4	Reset counters and accumulators if ARQC required	0
	3	RFU	0
	2	RFU	0
	1	Shared with contact interface (for dual-interface implementation only) to be reset by CSU when appropriate bits are set (B2b2-1)	1
			01
Prepaid Accumulator
6	8	Use Amount, Authorized provided in tag ‘‘9F02’’	0
	7		0
	6	Credit refund transactions	0
	5	Debit cashback transactions	0
	4	RFU	0
	3	RFU	0
	2	Allow retrieval of values and limits of ‘Offline balance’ using GPO or GET DATA	0
	1	Shared with contact interface (for dual-interface implementation only) to be reset by CSU when appropriate bits are set (B2b2-1)	0
			00

Table 39: Counters and Accumulator Control Options

4.6.105 Dynamic Card Verification Value (DCVV):

It is generated by the NEPALPAY application as a unique value for each transaction. In this a new CVV is dynamically generated at regular intervals. This CVV will only work until the next number is generated. It adds an extra layer of protection against fraud, especially for online and card-not-present transactions.

4.6.106 Card Authentication Related Data (CARD):

It contains the Fast-Dynamic Data Authentication (fDDA) Version Number, Card Unpredictable Number, and Card Transaction Qualifiers. For transactions where fDDA is performed, the Card Authentication Related Data is returned in the last record specified by the Application File Locator for that transaction.

4.6.107 Track 1 Data:

Track 1 shall be coded according to [ISO/IEC 7813]. The maximum length of Track 1 is 79 characters as shown in the Table 4: Track 1 Encoding Format.

4.6.108 Contactless NEPALPAY Default Profile:

It indicates the Issuer’s configuration of ‘transaction profile’ (AIP and AFL) used in Initiate Application Processing to generate the response to the (DATA) GET PROCESSING OPTIONS command. It also configures the risk management counter limits when a profile is selected. The profile ID is set in relevant CVR bits. CTL NEPALPAY shall be able to support a minimum of 3 profiles. The maximum is limited by Issuer requirement and application design. For Dual-Interface implementations, the application may have the Contact NEPALPAY TPO and Contactless NEPALPAY TPO concatenated to store both sets of tags in the same object. NEPALPAY TPO concatenations shall always begin with Contact NEPALPAY TPO, followed by the Contactless NEPALPAY TPO. The total length in this case would be 220 bytes. Where a counter or accumulator is shared between the contact and contactless interfaces, and that counter or accumulator is in the contact profile concatenated with the contactless profile, it will be this element that is shared. However, where a given counter or accumulator is not shared, the element in the contactless profile, or the default contactless profile will be used, even if the element is present in the contact profile.

Tag	Value	Length
DF67	Profile Resource Usage (PRU)	4 bytes
82	Application Interchange Profile (AIP)	2 bytes
94	Application File Locator (AFL)	var up to 32 bytes
9F07	Application Usage Control (AUC)	2 bytes
9F71	Card Processing Requirements (CPR)	2 bytes
DF30	Card Risk Management (CRM)-CAC Switch Interface	3 bytes
DF31	CRM-CAC Denial	3 bytes
DF32	CRM-CAC Online	3 bytes
DF33	CRM-CAC Default	3 bytes
CD	Number of Consecutive Offline Transaction (NCOT) Counter	1 byte
CE	Cumulative Offline Amount (COA)	6 bytes
CB	Lower Consecutive Offline Transaction Limit (LCOL) limit	1 byte
CC	Upper Consecutive Offline Transaction Limit (UCOL) limit	1 byte
C8	Lower Cumulative Offline Amount (LCOA) limit	6 bytes
C9	Upper Cumulative Offline Amount (UCOA) limit	6 bytes
CA	Single Transaction Amount (STA) limit	6 bytes
DF34	Card Verification Method (CVM)-CAC Online-PIN	2 bytes
DF35	CVM-CAC Signature	2 bytes
D4	CVM-Accumulator	6 bytes
D9	CVM-Counter	1 byte
DA	CVM-Cons limit 1	1 byte
DB	CVM-Cons limit 2	1 byte
D5	CVM-Cum limit 1	6 bytes
D6	CVM-Cum limit 2	6 bytes
D7	CVM-STA limit 1	6 bytes
D8	CVM-STA limit 2	6 bytes
DF40	Contactless (CL)-Accumulator	6 bytes
DF43	CL-Counter	1 byte
DF44	CL-Cons limit	1 byte
DF41	CL-Cum limit	6 bytes
DF42	CL-STA limit	6 bytes
DF36	Key Index	1 byte

Table 40: Data Content for Template ‘BF50’Entry

4.6.109 Transaction Profile Object:

It indicates the Issuer’s configuration of ‘transaction profile’ (AIP, AFL and ACO) used in Initiate Application Processing to generate the response to the GET PROCESSING OPTIONS command. It also configures the risk management counters, limits and Key Index to use when a profile is selected. The profile ID is set in relevant CVR bits. The NEPALPAY application shall be able to support a minimum of 3 profiles. The maximum is limited by Issuer requirement and application design.

Tag	Field Name	Length
DF67	Profile Resource Usage (PRU)	2 bytes
82	Application Interchange Profile (AIP)	2 bytes
94	Application File Locator (AFL)	32 bytes
C5	Card Action Code (CAC) Denial	3 bytes
C7	CAC Online	3 bytes
C6	CAC Default	3 bytes
CB	Lower Consecutive Offline Transaction Limit (LCOL)	1 byte
CC	Upper Consecutive Offline Transaction Limit (UCOL)	1 byte
C8	Lower Cumulative Offline Amount (LCOA) limit	6 bytes
C9	Upper Cumulative Offline Amount (UCOA) limit	6 bytes
CA	Single Transaction Amount (STA) limit	6 bytes
DF36	Key Index	1 byte

Table 41: Transaction Profile Object

4.6.110 Card ID:

The Card ID is a NEPALPAY application proprietary data element used conditionally by terminals during ODA. Contained in Terminal File Records. If personalized, the Card ID must match the value encoded into the Card ID field of the Card Feature Descriptor. The terminal will compare the values during ODA and, if they do not match, will consider ODA failed. If used, Card ID must be included in a signed record referenced by the AFL.

Code	Country name
004	Afghanistan
050	Bangladesh
064	Bhutan
144	Sri Lanka
156	China
356	India
462	Maldives
524	Nepal
586	Pakistan
840	United States of America

Table 42: ISO 639 List

4.6.112 ISO 4217:

ISO 4217 is the international standard describing three-letter codes (also known as the currency code) to define the names of currencies, as established by the International Organization for Standardization (ISO). The ISO 4217 code list is the common way in banking and business, all over the world, for defining different currencies

Code	Num	decimal	Currency	Country Name
AFN	971	2	Afghan afghani	Afghanistan
BDT	050	2	Bangladeshi taka	Bangladesh
BTN	064	2	Bhutanese ngultrum	Bhutan
LKR	144	2	Sri Lankan rupee	Sri Lanka
INR	356	2	Indian rupee	India
CNY	156	2	Chinese yuan	China
MVR	462	2	Maldivian rufiyaa	Maldives
NPR	524	2	Nepalese rupee	Nepal
PKR	586	2	Pakistani rupee	Pakistan
USD	840	2	United States dollar	United States of America

Table 43: ISO 4217

4.6.113 ISO/IEC 7811-2:

ISO/IEC 7811-2 specifies requirements for a low coercivity magnetic stripe (including any protective overlay) on an identification card, the encoding technique, and coded character sets. It takes into consideration both human and machine aspects and states minimum requirements12. This standard defines the characteristics for identification cards and their use for international interchange. The low coercivity magnetic stripe is commonly found on various cards, such as credit cards, debit cards, and access cards. It plays a crucial role in storing data for identification and transaction purposes. If you’re interested in the technical details, ISO/IEC 7811-2 provides guidelines for creating and using these magnetic stripes effectively.

4.6.114 ISO/IEC 7813:

ISO/IEC 7813 is an international standard codified by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It defines properties of financial transaction cards, such as ATM or credit cards1. Let’s delve into the details:

a) Physical Characteristics: Embossed characters, Embossing of expiration date, Magnetic stripe, Integrated circuit with contacts, Integrated circuit without contacts

b) Magnetic tracks: Track 1, Track 2, Track 3

4.6.115 ISO/IEC 7816-4:

ISO/IEC 7816-4 is a standard that specifies the organization, security, and commands for interchange of identification cards and integrated circuit cards. It covers various aspects related to these cards, including:

a) Command-Response Pairs: This standard defines the contents of command-response pairs exchanged at the interface between the card and the external world.

b) Data Retrieval: It outlines the means of retrieving data elements and data objects from the card.

c) Historical Bytes: The document describes the structures and contents of historical bytes used to describe the operating characteristics of the card.

d) Application Structures: It specifies structures for applications and data within the card, as seen at the interface during command processing.

e) Access Methods: ISO/IEC 7816-4 defines access methods to files and data within the card.

f) Security Architecture: The standard establishes a security architecture that defines access rights to files and data within the card.

g) Application Identification: It provides means and mechanisms for identifying and addressing applications within the card.

h) Secure Messaging: Methods for secure messaging are also covered.

i) Algorithms: While it does not describe these algorithms, it does specify access methods to the algorithms processed by the card.

Importantly, ISO/IEC 7816-4 does not describe the physical interface technology or the internal implementation of the cards. It is independent of the physical interface and applies to cards accessed by methods such as contacts, close coupling, and radio frequency. If a card supports multiple physical interfaces simultaneously, the relationship between different physical interfaces falls outside the scope of this.

4.6.116 ISO/IEC 7816-5:

ISO/IEC 7816-5 is a standard related to identification cards and integrated circuit cards. It provides guidelines for using an application identifier to determine the presence of an application within a card and retrieve relevant information. Specifically, ISO/IEC 7816-5:2004 focuses on ensuring the uniqueness of application identifiers through international registration. This standard defines the registration procedure, the responsible authorities, and the availability of a register that links the registered parts of the identifiers to the relevant application providers. In summary, ISO/IEC 7816-5 plays a crucial role in maintaining consistency and uniqueness in application identifiers across integrated circuit cards

4.6.117 ISO/IEC 8859-1:

ISO/IEC 8859-1:1998, Information technology — 8-bit single-byte coded graphic character sets — Part 1: Latin alphabet No. 1, is part of the ISO/IEC 8859 series of ASCII-based standard character encodings, first edition published in 1987. ISO/IEC 8859-1 encodes what it refers to as “Latin alphabet no. 1", consisting of 191 characters from the Latin script. This character-encoding scheme is used throughout the Americas, Western Europe, Oceania, and much of Africa. It is the basis for some popular 8-bit character sets and the first two blocks of characters in Unicode.

4.6.118 Changes required to issue a domestic/international card

Card Type	Domestic Debit/Credit/Prepaid	International Debit/Credit/Prepaid
Profile Name	NEPALPAY CARD Profile-I	NEPALPAY CARD Profile-II
Application Currency Code (9F42)	524	840
Application Usage Control (9F07)	FF 00	56 00
Transaction Type	Online Only	Online Only
BIN	Different	Different

Table 44: Changes required to issue a domestic/international card

4.6.119 Reference Materials:

This document relied on references from the list provided in the table below.

Document Type	Title	Source
D-PAS Documents	Discover Contact D-PAS Connect: Card Application Specification	Available from Discover Implementation Manager
	Discover Contactless D-PAS Connect: Card Application Specification	Available from Discover Implementation Manager
	Discover D-PAS and D-PAS Connect: Certification Manual for Issuer and Acquirers	Available from Discover Implementation Manager
	Discover Contact D-PAS and D-PAS Connect: Issuer Implementation Guide	Available from Discover Implementation Manager
	Discover Contactless D-PAS and D-PAS Connect: Issuer Implementation Guide	Available from Discover Implementation Manager
	Discover External DGN D-PAS Connect Personalization Profiles Guide	Available from Discover Implementation Manager
EMVCoTM Specification	EMV® Integrated Circuit Card Specifications for Payment Systems, version 4.3, November 2011	Available from the EMVCoTM website (https://www.emvco.com/)
	EMV Contactless Specifications for Payment Systems, version 2.6, March 2016	Available from the EMVCoTM website (https://www.emvco.com/)

Table 45: Reference Materials