When communicating with an EMV chip card, the card may reply to a command with error code SW1 SW2 = ’69 85′. In this post, we’ll analyze why this error code may be returned in response to the GET PROCESSING OPTIONS (GPO) command.
The GPO command “initiates the transaction within the ICC“, as defined in EMV 4.3 book 3, section ‘6.5.8 GET PROCESSING OPTIONS Command-Response APDUs‘. Status word ‘6985’ is defined as “Command not allowed” (“conditions of use not satisfied”), in EMV 4.3 book 3, section ‘6.3.5 Coding of the Status Bytes. This often happens when the GPO command contains an invalid response to the card Processing Data Options List (PDOL). The PDOL (tag 9F38) is requested by the card in its response to the SELECT AID command. For example, a valid PDOL for an Interac Flash transaction would be :
9F 38 15 9F 59 03 9F 5A 01 9F 02 06 9F 1A 02 5F 2A 02 9F 37 04 9F 58 01 Which is parsed as :
TAG LEN MEANING 9F59 03 Terminal Transaction Information 9F5A 01 Terminal transaction Type 9F02 06 amount, authorised 9F1A 02 Terminal country code 5F2A 02 Transaction currency code 9F37 04 Unpredictable number 9F58 01 Merchant Type Indicator
In this example, user reports that his Interac Flash card responds with error ’69 85′ to the GPO command. His GPO command is formatted as follow :
80 A8 00 00 15 83 13 00 00 99 00 00 00 00 00 00 00 01 24 01 24 00 00 01 23 00 00 The GPO command structure seems to be valid. Its length matches the one of the data requested by the card in its PDOL. But let’s take a look closer, and compare the PDOL responses values with the ones from a valid(accepted) GPO command :
TAG LEN MEANING REJECTED GPO ACCEPTED GPO 9F59 03 Terminal Transaction Information 000099 C08000 9F5A 01 Terminal transaction Type 00 00 9F02 06 amount, authorised 000000000000 000000001000 9F1A 02 Terminal country code 0124 0124 5F2A 02 Transaction currency code 0124 0124 9F37 04 Unpredictable number 00000123 823DDE7A 9F58 01 Merchant Type Indicator 00 01
You’ll notice that :
- The Terminal Transaction Information seems invalid. It should be set according to the reader capabilities, and 99 doesn’t seem very valid.
- The amount may not be supported by the card : trying to do a 0$ purchase may not seem legitimate to the card.
- The merchant type indicator is invalid. Valid values range from 01 to 05 according to the Interac Flash specification.
Replacing these values with proper ones solved the issue. So, whenever a card responds to the GPO command with 6985, you should start by checking if the PDOL response is valid, both in terms of structure and values, before thinking of more unusual error sources. If you know some other common cases in which GPO may return error code ‘6985’, thanks to let me know in the comments !