The Visa International Service Association (VISA) and MasterCard International, Incorporated have specified a cryptographic method to calculate a value that relates to the personal account number (PAN), the card expiration date, and the service code. The VISA card-verification value (CVV) and the MasterCard card-verification code (CVC) can be encoded on either track 1 or track 2 of a magnetic striped card and are used to detect forged cards. Because most online transactions use track-2, the ICSF callable services generate and verify the CVV² by the track-2 method.

The VISA CVV generate callable service calculates a 1- to 5-byte value through the DES-encryption of the PAN, the card expiration date, and the service code using two data-encrypting keys or two MAC keys. The VISA CVV service verify callable service calculates the CVV by the same method, compares it to the CVV supplied by the application (which reads the credit card's magnetic stripe) in the CVV_value, and issues a return code that indicates whether the card is authentic.

Clear PIN Encrypt Callable Service (CSNBCPE and CSNECPE)

To format a PIN into a PIN block format and encrypt the results, use the Clear PIN Encrypt callable service. You can also use this service to create an encrypted PIN block for transmission. With the RANDOM keyword, you can have the service generate random PIN numbers. Use of this service requires the optional PCIXCC, CEX2C, or CEX3C. An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for formatting an encrypted PIN block into IBM 3621 format or IBM 3624 format. See Clear PIN Encrypt (CSNBCPE and CSNECPE) for more information.

Clear PIN Generate Alternate Callable Service (CSNBCPA and CSNECPA)

To generate a clear VISA PIN validation value from an encrypted PIN block, call the clear PIN generate alternate callable service. This service also supports the IBM-PINO algorithm to produce a 3624 offset from a customer selected encrypted PIN.

An enhanced PIN security mode is available for extracting PINs from encrypted PIN blocks. This mode only applies on PCICC, PCIXCC, CEX2C, or CEX3C, when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. See Clear PIN Generate Alternate (CSNBCPA and CSNECPA) for more information.

Clear PIN Generate Callable Service (CSNBPGN and CSNEPGN)

To generate personal identification numbers, call the Clear PIN generate callable service. Using a PIN generation algorithm, data used in the algorithm, and the PIN generation key, the callable service generates a clear PIN, a PIN verification value, or an offset. The callable service can only execute in special secure mode, which is described in Special Secure Mode.

CVV Key Combine Callable Service (CSNBCKC and CSNECKC)

This callable service combines 2 single-length CCA internal key tokens into 1 double-length CCA key token containing a CVVKEY-A key type. This combined double-length key satisfies current VISA requirements and eases translation between TR-31 and CCA formats for CVV keys.

The callable service name for AMODE(64) is CSNECKC.

Encrypted PIN Generate Callable Service (CSNBEPG and CSNEEPG)

To generate personal identification numbers, call the Encrypted PIN generation callable service. Using a PIN generation algorithm, data used in the algorithm, and the PIN generation key, the callable service generates a PIN and using a PIN block format and the PIN encrypting key, formats and encrypts the PIN. Use of this service requires the optional PCICC, PCIXCC, CEX2C, or CEX3C. An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for formatting an encrypted PIN block into IBM 3621 format or IBM 3624 format. See Encrypted PIN Generate (CSNBEPG and CSNEEPG) for more information.

Encrypted PIN Translate Callable Service (CSNBPTR and CSNEPTR)

To translate a PIN from one PIN-encrypting key to another or from one PIN block format to another or both, call the Encrypted PIN translation callable service. You must identify the input PIN-encrypting key that originally enciphers the PIN. You also need to specify the output PIN-encrypting key that you want the callable service to use to encipher the PIN. If you want to change the PIN block format, specify a different output PIN block format from the input PIN block format. An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for formatting an encrypted PIN block into IBM 3621 format or IBM 3624 format. The enhanced security mode is also available for extracting PINs from encrypted PIN blocks. This mode only applies when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. See Encrypted PIN Translate (CSNBPTR and CSNEPTR) for more information.

Encrypted PIN Verify Callable Service (CSNBPVR and CSNEPVR)

To verify a supplied PIN, call the Encrypted PIN verify callable service. You need to specify the supplied enciphered PIN, the PIN-encrypting key that enciphers it, and other relevant data. You must also specify the PIN verification key and PIN verification algorithm. It compares the two personal identification numbers; if they are the same, it verifies the supplied PIN. See Financial Services for additional information.

An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for extracting PINs from encrypted PIN blocks. This mode only applies when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. See Encrypted PIN Verify (CSNBPVR and CSNEPVR) for more information.

PIN Change/Unblock Callable Service (CSNBPCU and CSNEPCU)

To support PIN change algorithms specified in the VISA Integrated Circuit Card Specification, call the PIN change/unblock callable service. The service can be executed on z890/z990 and later machines.

An enhanced PIN security mode, on PCICC, PCIXCC, CEX2C, and CEX3C, is available for extracting PINs from encrypted PIN blocks. This mode only applies when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. See PIN Change/Unblock (CSNBPCU and CSNEPCU) for more information.

Transaction Validation Callable Service (CSNBTRV and CSNETRV)

To support generation and validation of American Express card security codes, call the transaction validation callable service. The service can be executed on z890/z990 and later machines.