Card (ICC)Format: bLength: 8
9F26

Application Cryptogram (AC)

Tag ID
9F26
Format
b
Length (bytes)
8
Source
Card (ICC)

What it is

The Application Cryptogram (ACApplication CryptogramA cryptogram the card generates to approve or decline a transaction: TC (approve offline), ARQC (go online), or AAC (decline).) is an 8-byte MAC the card computes over transaction data using a session key derived from its card master key. Its type — AAC (decline), TC (offline approve) or ARQCApplication Request CryptogramThe cryptogram a card produces when it wants the transaction sent online to the issuer for approval.View in glossary → (go online) — is announced in the Cryptogram Information Data (9F27).

An ARQCApplication Request CryptogramThe cryptogram a card produces when it wants the transaction sent online to the issuer for approval.View in glossary → is verified by the issuer during online authorisation; the issuer then returns an ARPC for the card to check. The cryptogram is the cryptographic heart of EMV: it binds the approval to this specific card, terminal and amount.

Where it appears

Returned by the card in the GENERATE ACApplication CryptogramA cryptogram the card generates to approve or decline a transaction: TC (approve offline), ARQC (go online), or AAC (decline). response; the ARQCApplication Request CryptogramThe cryptogram a card produces when it wants the transaction sent online to the issuer for approval.View in glossary → is validated by the issuer.

Specification reference

Defined in: EMV 4.x Book 3 (Application Specification), Annex A — Data Element Dictionary

Example values

A1B2C3D4E5F60718An 8-byte application cryptogram