How To Read Visa Card NFC Data

We will instruct here how to read contactless data from Visa Credit application on the card.

This flow is different from complete Visa transaction flow. Why someone would need to read contactless data? Sometimes cards are need to be read to identify card PAN (or DPAN in case of Google Pay or Apple Pay) and use it as a pass or discount token for certain cervices that have already been purchased before with the same card.

  • One example would be an account-based transit fare collection system (see more details here).
  • Another example could be a campus-like card, i.e. Wonderland or Zoo pass.

Please follow How To Read NFC Card Directories first. You can continue if you found a Directory Entry for Visa Credit.

Step-by-Step Instructions

Step 1. Select Visa Application by issuing Select command with ADF name 0xA000031010. In the ADPU Response, you will find tag “9F38” – card PDOL (tag sequence to look into “6F” -> “A5” -> “9F38”). The card PDOL is the list of data elements that you need to include to the Terminal PDOL list used on the following step.

Step 2. Build a Terminal PDOL in tag “83” and issue Get Processing Options APDU command, with this tag in the data.

  • You need this step If you want to execute DDA (dynamic data authentication) to ensure that the card is genuine or if you are dealing with a form factor which is not a card but an application encapsulated in a Google Pay or Apple Pay wallet.
  • Otherwise, you may wish to skip this step, because building the Terminal PDOL correctly is not an easy task and it requires Visa documentation.
  • In the APDU Response to GPO command, you will get Tag “77”.
  • There are some interesting tags in Tag “77” which you may need to complete DDA. As to the Card PAN (or DPAN), you can find it in Tag “57” – Track 2 Equivalent Data.
  • Tag “57” id as good as the one you can obtain reading card data on Step 3 which will not work with Google Pay and Apple Pay. So you can do the same thing here you would do on Step 4.

Step 3. (This will not work with Google Pay and Apple Pay). Issue command Read Record , to read Record #1 in file #1 (sometimes – in file #2) and find there Tag “57”- Track 2 Equivalent Data.

After that, you should either instruct your NFC reader to turn off the electromagnetic field or quickly remove the card from the field.

Step 4. Extract Card PAN from the record you read. It is the first 8-byte field in the body of Tag “57” , in the form of 16 packed decimal digits. E.g. PAN “1234567890123456” will be presented as hexadecimal number 0x1234567890123456

You can also find Expiration Date in Track 2 Equivalent Data but it is not real. You cannot find in the card data you read a real cardholder name, CVV1, and CVV2. All that makes the data you obtained useless for the purpose of making a fraudulent transaction: either e-commerce one (card not present, MOTO), or via faked chip, or faked magnetic stripe one, or contactless one.

That is why having and using NFC EMV contactless cards is safe. You do not need to protect your contactless card by placing it in a electromagnetic field screening box, but you may wish to do this because some reckless hackers, trying to read your card data, may burn your card contactless receiving equipment by using too strong electromagnetic field for too long.