Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

What's up with ODA (offline data authentication) in the US Market

...

and can I turn off ODA (SDA, DDA, or CDA) support for Augusta?

Answer:

CAPKs are used by the terminal to perform security-related matters with the card. More specifically they are used to perform ODA (offline data authentication). So, the question has been posed... "Do I need to load CAPKs for a device deployed in the US (online-only market)?" The answer depends on the terminal settings and processor requirements. If the terminal settings define the ODA (SDA, DDA, or CDA) as supported (as is the case for ID TECH's Augusta and Augusta S products), and the processor requires successful ODA (when supported) to approve transactions, then yes, you WILL need to load CAPKs.

...

  • Augusta supports ODA always. It cannot be turned off with the currently available Terminal Settings (link: Which Terminal Settings Am I Allowed to Change?)

  • Tag 95 has four bits relative to the subject (link:  What does TVR mean?)

    • Byte 1: 

      0------- Offline data authentication was not performed
      -0------ SDA failed
      --0----- ICC data missing
      ---0---- Card appears on terminal exception file
      ----0--- DDA failed
      -----0-- CDA failed
      ------0- SDA selected
      -------0 RFU

  • If either the card or the terminal does not support ODA, then Byte 1 bit 8 of tag 95 will be set (Offline data authentication was not performed). 

    • Note: Augusta supports ODA and most cards support ODA. But, some do not 

  • If the terminal and the card both support ODA then ODA will be attempted. If no CAPKs exist it will fail. The result will be that either bit 7, bit 4, or bit 3 will be set.

Terminal Verification Results (Tag 95), byte 1, has results for Offline Data Authentication:

Bit 8:  Offline data authentication not performed
This is triggered to "1" if:
The Application Interchange Profile (tag 82), Byte 1, supported authentication methods does NOT HAVE A MATCHING SUPPORTED authentication method in Terminal Capabilities (Tag 9F33), byte 3.

...