We will instruct here how to read contactless data from payment contactless cards such as Visa, Mastercard, or American Express. Everything in this post is confirmed during our application development.
For Visa. Mastercard, and Interac contactless EMV cards, the flow is complete on the card side. On the reader side, it is not complete. The payment transaction completion is out of scope here.
For other payment cards, the flow may be not complete. Why someone would need to read contactless data without actually making a payment transaction? Sometimes cards are need to be read to identify card PAN (or DPAN in case of Google Pay or Apple Pay) and use it as a pass or discount token for certain services that have already been purchased with the same card.
- One example would be an account-based transit fare collection system (see more details here).
- Another example could be a campus-like card, i.e. Wonderland or Zoo pass.
Please follow How To Read NFC Card Directories first. You can continue if you have found at least one Directory Entry in the card.
Step 1. Select a payment application by issuing Select command with an ADF name found in the Directory Entry. The response data is a bit different in two cases (at least for the cards we tested):
- The response does not have the card PDOL (tag “9F38”)
- The response has the card PDOL tag. To our experience, If this is a virtual card application within Google Pay or Apple Pay, the response most likely has the card PDOL tag.
Step 2. If there is the PDOL tag, it make sense to issue Get Processing Options (GPO) command and get the AFL (Tag “94”) in the response.
In order to execute GPO, you need to build a terminal PDOL (this is not an easy thing to do but we do this in our Android app NFC EMV Explorer).
Step 3. Read records. If GPO returns the AFL, you can derive what records you have to read from the AFL.
If GPO fails or does not respond with the AFL, it is really a challenge to read records. In some cases the card does not allow to do this. When it does, you need to know which records to read, and this depends on the payment application (ADF and kernel).
Step 4. Execute Generate AC command. Visa does not require this. Mastercard and Interac – does.
After that, you should either instruct your NFC reader to turn off the electromagnetic field, to prevent potential card damage.
Step 5. Find card PAN. It can be either in GPO Response, or in records you have read. It may be located in the following tags:
- PAN (tag “5A”)
- Track 1 equivalent data (tag “56”)
- Track 2 equivalent data (tag “9F6B”)
Please note, that if this is a virtual card application within Google Pay, you will get DPAN, not PAN. See related problems here.
You can also find Expiration Date somewhere in the card data you read but it is not real. You cannot find CVV1 or CVV2 in the card data you read.
Surprisingly, some card disclose the actual cardholder name in tag 5F20 that they should not do.