Table of Contents
Overview
American Express has introduced a mandate around contactless transactions. This article goes into the details of this mandate and how this affects integrators using ChipDNA Windows, Linux, Android and iOS.
Mandate
In September 2019, card issuers in the European Union and European Economic Area (EU/EEA) will be required to comply with the updated PSD2, Strong Customer Authentication (SCA) regulatory requirements. For contactless transactions, this requires two factor authentication when 150 Euros or 5 consecutive contactless transactions have been completed since the card was last authenticated.
American Express have developed requirements that meet the PSD2 SCA regulation, in which the card and terminal will return a specific tag requesting a fall forward to insert the card as a method of cardholder verification.
What do I need to do?
NMI has included support for the changes required for further cardholder verification by American Express in ChipDNA 2.11 Aurora. This is handled automatically for the integrator in ChipDNA Windows, Linux, Android and iOS. All ChipDNA solutions that utilize American Express in the EU/EEA must deploy, at a minimum, ChipDNA 2.11 by September 2019 to ensure they are compliant with the regulatory changes.
How does it affect me?
ChipDNA’s transaction flow will be altered in the event a fall forward event is triggered requiring further cardholder verification. If your integration expects a specific transaction flow, this will need to be accounted for. In the event a fall forward occurs, the following events will unfold (italics highlight the additional steps):
- Transaction Started
- Card Requested
- Card Tapped
- Card Details Returned
- Online Auth Requested
- Online Auth Completed
- Card Insertion Requested
- Card Inserted
- Card Details Returned
- PIN Entry Initiated
- Online Auth Requested
- Online Auth Completed
- Transaction Finished
- Card Removal Requested
- Card Removed