EMV Sandbox
Reduce certification risk with fast, self-service EMV testing.
What is it?
NMI’s EMV Sandbox is a flexible testing platform that allows for validation of credit and debit transactions against predefined test cases, with a specific focus on EMV. It does this by running different checks on the transaction request and then compiles a list of issues it finds which are then returned in the transaction response. This list can then be used to make informed amendments to the integration.
By using this testing platform, it ensures that the integration is in the best possible shape. For example; it could be used before EMV certification begins, saving value time during the formal process. The automated nature of the tool allows integrators to take control of their testing and move at their own pace.
Getting Started
Coming Soon!
Selecting a Test Case
Testing of an integration can be done by selecting specific test cases provided by the EMV Sandbox. This is done by putting the name of the test case in the reference request field, at XPath: Request/TransactionDetails/Reference. For example, to select the Visa Contact 01 test case the XML request might look like this:
<Request type="CardEaseXML" version="1.5.0">
<TransactionDetails>
...
<Reference>Visa Contact 01</Reference>
...
</TransactionDetails>
...
</Request>
Available Test Cases
| Test Case Name | Requirements | Response for Correct Request | Response for Incorrect Request |
|---|---|---|---|
| Visa Contact 01 | PAN: 4761730000000011Track2: 4761730000000011D311220113031006Transaction Type: Auth | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920304 | ResultCode: 1 (Declined) |
| MC Contact 01 | PAN: 5413330089020045Track2: 5413330089020045D2512201019460027FTransaction Type: AuthAmount: 1000 (Minor) | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920305 | ResultCode: 1 (Declined) |
| Maestro Contact 01 | PAN: 6799998900000200051FTrack2: 6799998900000200051D2512220080810790Transaction Type: AuthAmount: 1000 (Minor) | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920306 | ResultCode: 1 (Declined) |
| Amex Contact 01 | PAN: 374245001721009Track2: 374245001721009D241220115041234500000FTransaction Type: AuthAmount: 4800 (Minor) | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920307 | ResultCode: 1 (Declined) |
| Discover Contact 01 | PAN: 36070500100715Track2: 36070500100715D2605201180400060200000FTransaction Type: AuthAmount: 1200 (Minor) | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920308 | ResultCode: 1 (Declined) |
| Mastercard Contactless No CVM 01 | PAN: 2223600089700011Track2: 2223600089700011D49122010123456789Transaction Type: AuthAmount: 1000 (Minor) | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920309 | ResultCode: 1 (Declined) |
| Mastercard Contactless Online PIN 01 | PAN: 5413330089700505Track2: 5413330089700505D49122030123456789Transaction Type: AuthAmount: 6000 (Minor)Pin: 431555 | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920310 | ResultCode: 1 (Declined) |
| Mastercard Contactless Refund 01 | PAN: 2223600089700011Track2: 2223600089700011D49122010123456789Transaction Type: RefundAmount: 1000 (Minor) | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920311 | ResultCode: 1 (Declined) |
| Maestro Contact Online PIN 01 | PAN: 5413330089099056Track2: 5413330089099056D2512220085130519FTransaction Type: AuthAmount: 1000 (Minor)Pin: 4315 | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920312 | ResultCode: 1 (Declined) |
| Mastercard Contactless SCA Response 01 | PAN: 5413330089700653Track2: 5413330089700653D49122010123456789Transaction Type: AuthAmount: 665 (Minor) | ResultCode: 1 (Declined)AcquirerResponseCode: 65 | ResultCode: 0 (Approved)AcquirerResponseCode: 00AuthCode: 920313 |
Validation Errors
If a request data is not correct, because it has missing/incorrect ICC tags for example, the response will contain further information at XPath:
Response/Result/PaymentProviderError.An example of this might look like the following:
<Response type="CardEaseXML" version="1.5.0">
...
<Result>
...
<PaymentProviderError code="validation_failure">Tag 4F - Tag missing | Tag 5F30 - Tag missing</PaymentProviderError>
...
</Result>
...
</Response>
What validations errors can be returned and what they mean is described below. The output can be interpreted as follows: Tag (tag number) - (List of errors with that ICC tag separated by a semi-colon). For example, if ICC tag 5F30 was the incorrect length and format the output might be something like:
Tag 5F30 - Invalid length: 1, Expected: [2]; Incorrect format, Expected NUMIf there are issues with multiple ICC tags they are separated in the output by a vertical bar character ‘|’. An example of this can be seen above.
The possible validation errors that the testing platform may return are defined in the table below:
| Error | Description |
|---|---|
| Bit 13 (Enciphered PIN for offline verification) does not match terminal configuration | The Terminal Capabilities ICC tag does not match the expected value based on what is provided in the CardholderAuthentication/Offline XML request field. |
| Bit 14 (Signature (paper)) does not match terminal configuration | The Terminal Capabilities ICC tag does not match the expected value based on what is provided in the CardholderAuthentication/Signature XML request field. |
| Bit 15 (Enciphered PIN for online verification) does not match terminal configuration | The Terminal Capabilities ICC tag does not match the expected value based on what is provided in the CardholderAuthentication/OnlinePin XML request field. |
| Bit 16 (Plaintext PIN for offline ICC verification) does not match terminal configuration | The Terminal Capabilities ICC tag does not match the expected value based on what is provided in the CardholderAuthentication/OfflinePin XML request field. |
| Bit 22 (IC with contacts) does not match terminal configuration | The Terminal Capabilities ICC tag does not match the expected value based on what is provided in the CardInput/ContactEmv XML request field. |
| Bit 23 (Magnetic stripe) does not match terminal configuration | The Terminal Capabilities ICC tag does not match the expected value based on what is provided in the CardInput/Magstripe XML request field. |
| Bit 24 (Manual key entry) does not match terminal configuration | The Terminal Capabilities ICC tag does not match the expected value based on what is provided in the CardInput/Keyed XML request field. |
| Bit at position X incorrect, Expected: Y | The ICC tag had an unexpected bit value at bit position X according to what the selected test case expected. |
| Does not match boarded country code, Expected: X | The Terminal CountryCode ICC tag does not match the country code boarded for. |
| Does not match boarded currency code, Expected: X | The Transaction Currency Code ICC tag does not match the currency boarded for. |
| Does not match expected terminal type | The Terminal Type ICC tag is not the expected value for the request. |
| Does not match expected value, Expected: X | The ICC tag/value did not match the expected value for the selected test case. |
| Does not match request value, Expected: X | The ICC tag value does not match the equivalent value in the XML request. For example, the Amount XML field and the Amount Authorized ICC tag. |
| Failed to verify cryptogram | Either the Application Cryptogram ICC tag is incorrect or a tag it’s computation relies on has a validation error. |
| Hex character at position X incorrect, Expected: Y | The ICC tag value was partially incorrect at character position X and it was expected to be character Y. |
| Incorrect format | Service was unable to parse the ICC tag format. |
| Incorrect format, Expected ALPHANUM | The ICC tag was in an incorrect format. Should have been specifically alphanumeric: [a-zA-Z0-9]. |
| Incorrect format, Expected HEX | The ICC tag was in an incorrect format. Should have been specifically hexadecimal: [a-fA-F0-9]. |
| Incorrect format, Expected NUM | The ICC tag was in an incorrect format. Should have been specifically numeric: [0-9]. |
| Invalid length: X, Expected: [Y, Z] | The ICC tag was the wrong length, in bytes. This message is used when an ICC tag can have a variable length. X = request value length, Y = expected minimum inclusive length, Z = expected maximum inclusive length. |
| Invalid tag value | The ICC tag had a null value. |
| No bit at position X (Too short) | The ICC tag value was too short compared to what the selected test case expected. |
| Online pin CVM used on terminal without reported support | The CVM Results ICC tag indicates an unsupported CVM was used, according to TerminalCapabilities. |
| Pin CVM used on terminal without reported support | The CVM Results ICC tag indicates an unsupported CVM was used, according to TerminalCapabilities. |
| Signature CVM used on terminal without reported support | The CVM Results ICC tag indicates an unsupported CVM was used, according to TerminalCapabilities. |
| Tag missing | A mandatory ICC tag is missing from the request. |
| Tag should not be present | The ICC tag is not applicable and should be removed. |
| Unknown format | Service was unable to parse the ICC tag format. |
| Unknown test case reference | The value in the reference request field is not a valid test case name. |
| Value length incorrect, Expected: X | The ICC tag was the incorrect length, in bytes, according to what was expected by the test case. |