0

got the value, but cannot find a reference: 1F4A6332A0000000001003027300000000400000000000000000000000000000

Any idea? It looks like CVN 4A, but there is no info about it

user478681
  • 8,330
  • 4
  • 26
  • 34

1 Answers1

0

Tag 9F10 means it's an Issuer Application Data object that is completely issuer proprietary. In practice, there are several well established card applications in the market that are used by issuers, but even so, other card applications may be expected and there is no reliable way to differentiate between them without being an issuer for that particular card. Any data that will be sent by the card application in this object should not be interpreted without knowledge of the card application and I would not advise attempting that as they often look very similar to each other.

Michal Gluchowski
  • 1,197
  • 8
  • 16
  • Dziękuję, Michal! I can only say that this value produced from one of the applications of major schemes (most probably Visa). Unfortunately I don't have more data. Also, just found a short note that perhaps CVN 4A (if it is indeed the CVN in the second byte) used for Apply Pay in UK... but that's all. – user478681 Nov 21 '22 at 16:11
  • @user478681 it certainly looks familiar to VCPCS with fingerprint verification performed on SE, but it may be almost anything. Card applications may use it freely as long as issuing system will know what to do with it. In my academic paper years ago I was using IAD to transfer across many transactions some larger risk management parameters in chunks. – Michal Gluchowski Nov 23 '22 at 10:00
  • ok, maybe.. but I've rather expected that at least partially the data in IAD will be standardized. And for the pure proprietary stuff the issuer can use, for example, dedicated space in it - Issuer Discretionary Data (IDD). At least Visa assumes such a possibility through IDD Option 0 – user478681 Nov 23 '22 at 10:22
  • Each card spec does that. Since every spec defines card internal processes differently, CVR inside IAD which inherently is a result of these processes has different definitions as well. There is no generic way to handle these and my suggestion is always to avoid parsing any proprietary data on your own in business logic. It is doable for fun or for debugging purposes as you may know or guess which spec is it based on, but the business logic you may implement based on that will be flawed. – Michal Gluchowski Nov 23 '22 at 17:07