Posts: 1
Registered: ‎02-26-2012

x_tran_key in Card Not Present Certification

As part of the certification process, are you asking me to pass my transaction key as a parameter?  Doesn't this nullify the entire idea of security if the key used to encrypt the parameters is passed along as a parameter?  I'm looking at the Testing Criteria Guide for Card Not Present 3.1 Application on page 7.


S. Geralnik

Posts: 590
Registered: ‎08-21-2009

Re: x_tran_key in Card Not Present Certification

The guide that you are looking at was written originally for certification with AIM only.  When using AIM, you would always pass in the transaction key.  If you are using DPM, the fingerprint and associated fields would take the place of the transaction key.  I'll make a note for our certication team to see if we can get the guide updated to reflect that.