Got a chip to scratch?

This blog post will describe how to read data from EMV chip based credit cards.  The information contained on these cards should be kept confidential.  The bad guys already know how to do this so there is no harm in arming the good guys too.

So what does any sane tech guy do when the new EMV point of sales solution you rolled out at work doesn’t process cards like you would expect?  That’s right, they start to read the EMV specifications and ISOs.

I guess I shouldn’t have been surprised to learn the chip in your fancy new credit card is really just a plain old smart card.  That means I can use any compliant smart card reader to get the data.  On my Windows 10 box I used the Alcey Portable all-in-one reader.  Easy setup and no fuss.  There are hundreds of others out there that I’m sure will work just as well or perhaps better.  For $15 this one is working well for me.  This coupled with Nic Bedford’s amazingly simple EMV Card Browser utility and we have a solution!

While there is a wealth of information on the card, my efforts only focused on a few tags and how to decode them.  For each Application ID (AID) on the card I needed to understand what the the Tag 87 – Application Priority Indicator (API) and Tag 8E Cardholder Verification Method (CVM) was.  Here is a snip from a Visa debit card.

Tag 87: 02
Tag 8E: 000000000000000002010004020542001F00

Tag 87: 01
Tag 8E: 0000000000000000020142041E0402055E0042001F00

At least Tag 87 is easy enough to understand.  As for the others we need some help.   For the AID I came across the EFTLab Complete list of Application Identifiers.  While I cannot guarantee this list is 100% accurate or kept up to date it did accurately reference both the AID above.  Now we know what payment applications our card offers and the priority it would like POS to use them in.  Looks like the card wants the POS to prefer Visa Credit over Visa Debit.

The EMV specifications linked above does an excellent job of breaking down how to translate the CVM into something useful.  However, I’m lazy.  A bit more searching and lo and behold someone has done the work already.  Head over to the TVR Decoder site, change the decode from TVR to CVM list, and enter the hex string from Tag 8E above.  Bingo, a human readable list for the CVM.

Now to have another call with the software provider.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s