VISA CVV Service Generate (CSNBCSG and CSNECSG)

Use the VISA CVV Service Generate callable service to generate a:

VISA Card Verification Value (CVV)
MasterCard Card Verification Code (CVC)
Diner’s Club Card Verification Value (CVV)

as defined for track 2.

This service generates a CVV that is based upon the information that the PAN_data, the expiration_date, and the service_code parameters provide.

The service uses the Key-A and the Key-B keys to cryptographically process this information. Key-A and Key-B can be single-length DATA or MAC keys or a combined Key-A, Key-B double length MAC key. If the requested CVV is shorter than 5 characters, the CVV is padded on the right by space characters. The CVV is returned in the 5-byte variable that the CVV_value parameter identifies. When you verify a CVV, compare the result to the value that the CVV_value supplies.

The callable service name for AMODE(64) invocation is CSNECSG.

Format

CALL CSNBCSG(
             return_code,
             reason_code,
             exit_data_length,
             exit_data,
             rule_array_count,
             rule_array,
             PAN_data,
             expiration_date,
             service_code,
             CVV_key_A_Identifier,
             CVV_key_B_Identifier,
             CVV_value)

Parameters

return_code

Direction	Type
Output	Integer

The return code specifies the general result of the callable service. ICSF and cryptographic coprocessor return and reason codes lists the return codes.

reason_code

Direction	Type
Output	Integer

The reason code specifies the result of the callable service that is returned to the application program. Each return code has different reason codes assigned to it that indicates specific processing problems. ICSF and cryptographic coprocessor return and reason codes lists the reason codes.

exit_data_length

Direction	Type
Input/Output	Integer

The length of the data that is passed to the installation exit. The data is identified in the exit_data parameter.

exit_data

Direction	Type
Input/Output	String

The data that is passed to the installation exit.

rule_array_count

Direction	Type
Input	Integer

The number of keywords you are supplying in the rule_array parameter. The parameter rule_array_count must be 0, 1, or 2.

rule_array

Direction	Type
Input	String

Keywords that provide control information to the callable service. Each keyword is left-justified in 8-byte fields, and padded on the right with blanks. All keywords must be in contiguous storage.

Table 1. CVV Generate Rule Array Keywords
Keyword	Meaning
*PAN data length (optional)*
PAN-13	Specifies that the length of the PAN data is 13 bytes. PAN-13 is the default value.
PAN-14	Specifies that the length of the PAN data is 14 bytes.
PAN-15	Specifies that the length of the PAN data is 15 bytes.
PAN-16	Specifies that the length of the PAN data is 16 bytes.
PAN-17	Specifies that the length of the PAN data is 17 bytes.
PAN-18	Specifies that the length of the PAN data is 18 bytes.
PAN-19	Specifies that the length of the PAN data is 19 bytes. Requires z990, z890, z9 EC or z9 BC with Jan. 2005 or higher version of Licensed Internal Code (LIC).
*CVV length (optional)*
CVV-1	Specifies that the CVV is to be computed as one byte, followed by 4 blanks. CVV-1 is the default value.
CVV-2	Specifies that the CVV is to be computed as 2 bytes, followed by 3 blanks.
CVV-3	Specifies that the CVV is to be computed as 3 bytes, followed by 2 blanks.
CVV-4	Specifies that the CVV is to be computed as 4 bytes, followed by 1 blank.
CVV-5	Specifies that the CVV is to be computed as 5 bytes.

PAN_data

Direction	Type
Input	String

The PAN_data parameter specifies an address that points to the place in application data storage that contains personal account number (PAN) information in character form. The PAN is the account number as defined for the track-2 magnetic-stripe standards.

If the PAN-13 keyword is specified in the rule array, 13 characters are processed.
If the PAN-14 keyword is specified in the rule array, 14 characters are processed.
If the PAN-15 keyword is specified in the rule array, 15 characters are processed.
If the PAN-16 keyword is specified in the rule array, 16 characters are processed.
If the PAN-17 keyword is specified in the rule array, 17 characters are processed.
If the PAN-18 keyword is specified in the rule array, 18 characters are processed.
If the PAN-19 keyword is specified in the rule array, 19 characters are processed.

Even if you specify the PAN-13, PAN-14 or PAN-15 keywords, the server might copy 16 bytes to a work area. Therefore ensure that the callable service can address 16 bytes of storage.

expiration_date

Direction	Type
Input	String

The expiration_date parameter specifies an address that points to the place in application data storage that contains the card expiration date in numeric character form in a 4-byte field. The application programmer must determine whether the CVV will be calculated with the date form of YYMM or MMYY.

service_code

Direction	Type
Input	String

The service_code parameter specifies an address that points to the place in application data storage that contains the service code in numeric character form in a 3-byte field. The service code is the number that the track-2 magnetic-stripe standards define. The service code of '000' is supported.

CVV_key_A_Identifier

Direction	Type
Input/Output	String

A 64-byte string that is the internal key token containing a single-length DATA or MAC key or double-length MAC key or the label of a CKDS record containing a single-length DATA or MAC key or double-length MAC key. MACVER keys are not supported.

When this key is a double-length key, CVV_key_B_identifier must be 64 byte of binary zero. When a double-length MAC key is used, the CV bits 0-3 must indicate a CVVKEY-A key (0010).

A single-length key contains the key-A key that encrypts information in the CVV process. The left half of a double-length key contains the key-A key that encrypts information in the CVV process and the right half contains the key-B key that decrypts information.

CVV_key_B_Identifier

Direction	Type
Input/Output	String

A 64-byte string that is the internal key token containing a single-length DATA or MAC key or the label of a CKDS record containing a single-length DATA or MAC key. MACVER keys are not supported. When CVV_key_A_identifier a double-length key, this parameter must be 64 byte of binary zero. The key contains the key-B key that decrypts information in the CVV process.

CVV_value

Direction	Type
Output	String

The CVV_value parameter specifies an address that points to the place in application data storage that will be used to store the computed 5-byte character output value.

Usage notes

SAF may be invoked to verify the caller is authorized to use this callable service, the key label, or internal secure key tokens that are stored in the CKDS or PKDS.

Access control point

The VISA CVV Generate access control point controls the function of this service.

Required hardware

This table lists the required cryptographic hardware for each server type and describes restrictions for this callable service.

Table 2. VISA CVV service generate required hardware
Server	Required cryptographic hardware	Restrictions
IBM eServer zSeries 990 IBM eServer zSeries 890	PCI X Cryptographic Coprocessor Crypto Express2 Coprocessor	Combined CVV keys are not supported.
IBM System z9 EC IBM System z9 BC	Crypto Express2 Coprocessor	Combined CVV keys are not supported.
IBM System z10 EC IBM System z10 BC	Crypto Express2 Coprocessor Crypto Express3 Coprocessor	Combined CVV keys are not supported.
IBM zEnterprise 196 IBM zEnterprise 114	Crypto Express3 Coprocessor	Combined CVV keys require the Sep. 2011 or later licensed internal code (LIC).
IBM zEnterprise EC12 IBM zEnterprise BC12	Crypto Express3 Coprocessor Crypto Express4 CCA Coprocessor
IBM z13	Crypto Express5 CCA Coprocessor