claves del PR-keting

7.4 POS Terminal Requirements... 171 7.4.1 Contactless–enabled POS Terminals... 171 7.4.4 Signature-based Maestro POS Terminals...174 7.6 ATM Terminal and PIN-based In-Branch Terminal Requirements...174 7.6.2 PIN-based In-Branch Terminals... 175 7.7 Hybrid Terminal Requirements... 175 7.7.1 Hybrid POS Terminal Requirements... 176 7.7.2 Hybrid ATM Terminal and PIN-based In-Branch Terminal Requirements... 176 Latin America and the Caribbean Region... 176 7.4 POS Terminal Requirements... 176 7.4.1 Contactless–enabled POS Terminals... 176 7.7 Hybrid Terminal Requirements...177 Middle East/Africa Region... 177 7.3 Contactless Payment Functionality...177 7.3.1 Contactless Reader Requirements... 177 7.7 Hybrid Terminal Requirements... 177 7.7.1 Hybrid POS Terminal Requirements... 177 United States Region...177 7.4 POS Terminal Requirements... 177 7.4.1 Contactless–enabled POS Terminals... 177 7.6 ATM Terminal and PIN-based In-Branch Terminal Requirements...178 7.7 Hybrid Terminal Requirements... 178

7.1 Terminal Eligibility

The following types of terminals, when compliant with the applicable technical requirements and other Standards, are eligible to be Terminals:

1. Any ATM Terminal or PIN-based In-Branch Terminal that is owned, operated or controlled by a Customer;

2. Any ATM Terminal that is owned, operated or controlled by an entity that is ineligible to be a Customer, provided that such ATM Terminal is connected to the Interchange System by a Principal or Affiliate;

3. Any POS Terminal that is owned, operated or controlled by a Merchant, provided that such POS Terminal is connected to the Interchange System by a Principal or Association; and 4. Any other type of terminal which the Corporation may authorize.

A terminal that dispenses scrip is ineligible to be a POS Terminal, ATM Terminal, or PIN-based In-Branch Terminal.

7.2 Terminal Requirements

1. Have an online connection to the Acquirer host system for the authorization of Transactions, except where offline-only processing is specifically permitted by the

Standards. If online PIN is a supported CVM, the Terminal must be able to encrypt PINs at the point of entry and send them to the Acquirer host system in encrypted form in accordance with the PIN security Standards.

2. Accept any Card that conforms with the encoding Standards, including but not limited to the acceptance of all valid PAN lengths, major industry identifier numbers and BINs/IINs, effective and expiration dates, chip application effective dates, service code values, and characters encoded in the discretionary data.

3. Support all required Transaction types and valid Transactions in accordance with the Standards; and

4. Have a magnetic stripe reader capable of reading Track 2 data encoded on the magnetic stripe of a Card, and transmit all such data for authorization;

5. Not perform tests or edits on Track 1 data for the purpose of disqualifying Cards from eligibility for Interchange System processing;

6. For magnetic stripe Transactions, perform a check (either at the Terminal or in the Acquirer host system) of the track layout, limited to the start sentinel, separator, end sentinel, and Longitudinal Redundancy Check (LRC), to ensure that the Card conforms to the technical specifications set forth in Appendix A of the Security Rules and Procedures manual. If an LRC error occurs or the track data cannot be interpreted correctly or verified, the

Transaction must not be processed or recorded; and

7. Prevent additional Transactions from being entered into the system while a Transaction is being processed.

A Cardholder-facing or unattended Terminal additionally must:

1. Ensure privacy of PIN entry to the Cardholder (where PIN processing is required and/or supported);

2. Provide Cardholder operating instructions in English as well as the local language, as selected by the Cardholder. Two or more languages may be displayed simultaneously. In the Europe Region, operating instructions in French and German must also be available whenever technically feasible, and Spanish and Italian are recommended; and

3. Have a screen display that enables the Cardholder to view the data (other than the PIN), entered into the Terminal by that Cardholder, or the response received as the result of the Cardholder’s Transaction request. This data will include the application labels or preferred names on a multi-application Card, and the amount of the Transaction; and

Refer to the Security Rules and Procedures for additional requirements related to Terminal security, PIN processing, and use of service codes. Refer to Rule 3.9 for requirements relating to Terminal-generated Transaction receipts, including truncation of the primary account number (PAN).

7.2.1 Terminal Function Keys

The support of the following function keys on a Terminal that supports entry of a PIN is recommended:

1. A key used to restart the process of PIN entry or entry of the Transaction amount. The preferred color is yellow, and the preferred label is CORR or CANCEL.

2. A key used to complete the process of PIN entry or entry of the Transaction amount. The preferred color is green, and the preferred label is OK.

3. A key used to terminate a Transaction. The preferred color is red, and the preferred label is

STOP or CANCEL. In the Europe Region, this key is mandatory. The key must allow the

Cardholder to cancel a Transaction prior to the final step that results in the submission of an authorization request.

7.2.2 Terminal Responses

A Terminal must be able to display or print the response required in the applicable technical specifications. The Acquirer or Merchant must provide an appropriate message to the

Cardholder whenever the attempted Transaction is rejected, either with a specific reason or by referring the Cardholder to the Issuer.

7.2.3 Terminal Transaction Log

The Acquirer must maintain a Terminal Transaction log. The log must include, at a minimum, the same information provided on the Cardholder receipt, including the Card sequence number, if present. The log must include the full PAN, unless otherwise supported by

supplementary reported data, and must not include the PIN or any discretionary data from the Card’s magnetic stripe or chip. Only the data necessary for research should be recorded. An Issuer may request a copy of this information.

The Terminal must not electronically record a Card’s full magnetic stripe or chip data for the purpose of allowing or enabling subsequent authorization requests, after the initial

authorization attempt. The only exception to this Rule is for Merchant-approved Maestro POS Transactions, which may be logged until either the Transaction is authorized or the end of the 13-day period during which the Merchant may make attempts to obtain an authorization pursuant to the Standards, whichever occurs first.

When an attempted Transaction is rejected, an indication or reason for the rejection must be included on the Terminal Transaction log.

7.3 Contactless Payment Functionality

A Terminal may be deployed with both contact and contactless payment functionality. For purposes of this Rule, a “contactless-enabled” Terminal is any POS Terminal (including any MPOS Terminal), ATM Terminal, or PIN-based In-Branch Terminal with a contactless reader that is activated and that accepts Cards and Access Devices based on contactless magnetic stripe technology (“Magnetic Stripe Mode”) and also optionally contactless chip technology (“EMV Mode”).

Refer to Rules 7.4.1, 7.4.2, 7.5, and 7.6.3 for additional contactless-enabled Terminal requirements. Refer to Rules 4.4 through 4.7 regarding Contactless Transaction processing.

7.3.1 Contactless Reader Requirements

The reader of a contactless-enabled Terminal must:

• Comply with MasterCard Contactless Reader Specification Version 3.0 (MCL 3.0) or EMV CL Book C-2; and

• For POS Terminals only (including MPOS Terminals), be configured to support Consumer Device CVM (CDCVM) and the processing of Contactless Transactions that exceed the applicable Cardholder verification method (CVM) limit amount up to the amount that the same POS Terminal supports on its contact interface.

These requirements take effect:

• 1 January 2016 for any contactless-enabled Terminal submitted to the Corporation for M- TIP testing as a new project; and

• 1 January 2019 for all contactless-enabled Terminals.

The contactless CVM limit for Transactions where CDCVM is not used is unaffected by this change.

NOTE: Modifications to this Rule appear in the "Europe Region" and "Middle East/Africa Region" sections at the end of this chapter.

7.3.2 Proximity Coupling Device Requirements

The Proximity Coupling Device (PCD) of a newly deployed contactless reader must comply with the latest EMV CL Book D version, as follows.

For new contactless reader deployments, the Acquirer must ensure that any contactless reader submitted to the Corporation for M- TIP testing on or after…

Uses a PCD that is compliant with…

1 April 2015 EMV CL Book D Version 2.2 or above (or a PCD of equivalent quality)

1 January 2017 EMV CL Book D Version 2.3.1 or above

1 January 2019 EMV CL Book D Version 2.5 (if available) or above

NOTE: A new contactless reader deployment means the introduction of contactless payment functionality at a location or the complete replacement of all contactless readers at a location. A contactless reader based on an older version of PCD is of equivalent quality to EMV CL Version 2.2 if it has passed Version 2.2 Confidence Testing.