If present, EMV Tag 91 Issuer Authentication Data can have several different formats when returned in a transaction response. From my (limited) understanding, this may be determined by the card brand.
For example
I need to solve a problem where Tag 8A Authorization Response Data is not returned as part of the EMV tag data in the case of a non approval response. The payment platform has advised to take the last 2 bytes of tag 91 and assign it to tag 8A, but tag 91 does not always contain the Authorization Response Code Value and Tag 8A is not always returned in some cases or brands.
I'd like to implement a more robust fix where we validate the format of tag 91 instead of just saying If Visa... do this... If Discover.... do that.
Any suggestions on how tag 91 is structured such as a reference to EMV Book documentation would be greatly appreciated.
Thank you,
I investigated this problem in past and here are the results.
In case tag 0x8A
is unknown it can be taken from tag 0x91
, but only for some Card Brands/profiles.
In general, if the length of 0x91
is 10 bytes (20 hex chars), the tag value can split to:
0x8A
) or Card Status Update (CSU) or ARPC Response Code;The tag 0x8A
presented inside tag 0x91
in next card profiles:
IT IS NOT a case to extract 0x8A
value from tag 0x91
for next card profiles:
0x91
placed Card Status Update (CSU);0x91
with different length or inside tag 0x91
placed ARPC Response Code. It is not ARC;0x91
;Extraction of tag 0x8A
value from tag 0x91
may work only as temporary solution. You may see not all card profiles allow it.
In fact it needs to be returned in clear form Acquirer in the reply message.
Good luck.