The cryptogram comes back from the card in tag 9F26 (an EMVCo-defined tag, not a proprietary ID TECH tag).A cryptogram (a unique 8-byte piece of data produced by the card, using a private key known only to the card) is produced before the Completion stage of the transaction and a second cryptogram is produced after the call to complete the transaction.Transaction results are returned in TLVs (“tags”).Most of the back-and-forth talk between the chip card and the reader happens at the kernel level, outside the control of application logic.Unlike MSR (magstripe) transactions, an EMV transaction occurs in multiple stages.In Part I of this post, we talked a bit about EMV transactions and how they’re structured.
