[anhlong]

let's first define terminology. ARQC is what the card calculates - only if issuer authentication is required.
*this is THAT, when the card, based on its settings or according to the instructions and choice of terminal / ATM, taken on the basis of the settings of the terminal-
asks for approval to approve / reject to the bank the card of which she is. if the terminal and the card decide to conduct a transaction differently,
*and it is possible, no ARQC is used during the transaction. ARQC is implemented through symmetric encryption keys.
who knows only the card and the bank that issued the card (issuer). asymmetric encryption when using mapped
when personalizing, the private key is not used when calculating ARQC. will be used during an ARQC transaction or not: is decided
both by card and terminal. if the issuer bank has set up the card so that it requires ARQC for certain terminal characteristics
(online authorization), it will be ARQC, even if the terminal proves to be noncontradicting to conduct a transaction without ARQC. if the bank owns
the terminal set up the terminal so that it required ARQC for certain transactions, then the transaction will either be implemented through ARQC
*either will be rejected. ARQC is online. if the operation is offline - ARQC is not needed
The ARQC is transmitted to the terminal; the terminal sends the ARQC to the bank to the acquirer that issued the terminal. the acquirer bank is packing ARQC in the iso8583 messaging standard
and sends to the network of the payment system - which sends a message to the bank to the issuer. which handles ARQC
and decides to approve or reject the transaction. and a solution seasoned as needed with additional instructions (what data on the card should be rewritten by the terminal)
sends back the same way. through the payment system. to the acquirer's bank that sends the data to the terminal - which sends it to the card. The answer is called ARPC.