The objective of this report is to observe and describe a real world online transaction made between a debit card issued by an Estonian bank and a payment terminal issued by a Estonian bank. In this process we can learn how the EMV protocol works and which protocol features are used in a Chip-and-PIN card issued by an Estonian bank.
The transaction analyzed in this report was captured using a terminal from a friendly merchant in Tartu and using a Visa Electron debit card issued by SEB Estonia. The amount of transaction was 0.99 EUR. The transaction was performed in September, 2014. The full output (all requests and responses) with annotation can be found from the appendix.
The report has been published for UT course “Research Seminar in Cryptography (MTAT.07.022)”.
APDU trace is OK, interpretation is not correct. The whole section 2.3 is wrong, that’s exactly how T=0 works (which is the only protocol supported by simtrace)