Which Terminal Settings Am I Allowed to Change?

ID TECH incorporates an approved EMV Level 2 Kernel (referred to as the Kernel) into its various products. There are five principal configurations certified in the Kernel: 1C, 2C, 3, 4C, and 5C. Each has major and minor parameters. Customers can configure those parameters to suit their product needs. However, according to EMV rule, only minor parameters, and certain specific functions in the major parameters, are allowed to be changed for each configuration.

When the Kernel is incorporated into the firmware for a product, the firmware needs to limit the host so that only the allowable bits in the major parameters can be changed. A hash is used to verify that no major bits have changed in the config parameters. If you attempt to change any bits that aren't considered minor, the change will be disallowed and flagged as an error.

EMV Rules on Major and Minor Parameters

The Kernel is certified for five configurations. Each configuration has major parameters and minor parameters according to EMV rules. The parameters are set via TLVs. Each tag has its own default value for each configuration.

Seven tags govern the major parameters. Those major parameters cannot be changed according to EMV rules, with the exception of certain bits. The following are the tags for major parameters:

9F33: 3 bytes

9F35: 1 byte

9F40: 5 bytes

DF11: 1 byte

DF26: 1 byte

DF27: 1 byte

DFEE1E: 8 bytes

There are no restrictions in minor parameters and they can be changed according to EMV rules.

Restricted Bits in Major Parameters

Three tags contain parameters that can be configured. The other four tags cannot be changed. Within the configurable parameters, certain restrictions apply, as follows. (Note that bit numbering begins at one and goes through 8.)

Tag 9F33: Terminal Capabilities

Byte 1: Bit 6 (IC with Contacts) NOT ALLOWED TO CHANGE

Byte 2: Bits 8,7,6,5,4 (CVM Capability) NOT ALLOWED TO CHANGE

Byte 3: Bits 8,7,4 (Security Capability, SDA/DDA/CDA) NOT ALLOWED TO CHANGE

Tag 9F40: Additional Terminal Capabilities

Byte 1, Bits 8,7,6,5 (Transaction Type Goods, Cash, Services, Cashback) NOT ALLOWED TO CHANGE

Byte 4, Bits 2,1 (Code tables 10-9, these all need to be 0) NOT ALLOWED TO CHANGE

Byte 5, Bits 8,7,6,5,4,3,2,1 (Code tables 2-8, these all need to be 0, Bit 1 needs to be 1) NOT ALLOWED TO CHANGE. 

Tag DFEE1E: Terminal Configuration

Byte 2: Bits 8,7,6,3 (PSE, Cardholder Confirmation, Preferred Display Order, Default DDOL) NOT ALLOWED TO CHANGE

Byte 3: Bits 8,7,6,5,4,3 (CAPK action, PIN functions) NOT ALLOWED TO CHANGE

Byte 4: Bits 8,7,6,5,4,3 (TRM Settings) NOT ALLOWED TO CHANGE

Byte 5: Bits 8,7,6,5,4,3,2 (TAC/IAC settings) NOT ALLOWED TO CHANGE

Byte 6: Bits 8,7,6,5,4,3,2 (Advise/Referral/Batch) NOT ALLOWED TO CHANGE

Changes to the other four major TLVs are not permitted.

Product Notes

The default configuration for Spectrum Pro is 4C, which only supports no CVM.  3C adds chip and PIN capabilities with the addition with a PIN pad (L100). Neither 3C nor 4C allow for chip-and-signature (chip-and-sig wouldn't make sense for Spectrum Pro, which is an unattended device).

Augusta supports 2C (which allows cardholder confirmation of Language Selection and application selection) and 5C (no customer confirmations). For Quick Chip, use 5C (2C will work as well. But some card will require the customer choose from multiple applications (i.g. credit or debit) or languages available on the card. So, 2C will work but it is not as quick).

Terminal 1C is for attended devices using chip and PIN (e.g. PISCES). 

See the table below for additional information about ID TECH EMV L2 Kernel configurations.