Offline data authentication

Offline data authentication (ODA) is a cryptographic check that allows a payment terminal to perform offline authentication with a contactless payment card or mobile device. The purpose of ODA is to allow transactions to be completed with a high level of trust even when the terminal is offline at the time of the transaction. That is, payments will successfully process when the terminal comes back online.

This feature is ideal for transit stations where the terminals aren't always online or have less-reliable connections. The main benefit to the use of ODA is the enhanced user experience, as it allows faster passage through the turnstile. Ideally, the gates open within 500 milliseconds of when the user taps their mobile device.

To use ODA, it must be supported by the card networks and the customer’s card issuers in your region. Coverage varies by country and network. Contact your payment processor for coverage information.

How ODA works

The Android-powered mobile device and the payment terminal use certificates to verify the authenticity of the card issuer and the card network. However, they can't verify whether the card account has an available balance or is under the account's limit. If a card gets declined later when the transaction is processed, then we recommend that you blacklist the account so that no further use is allowed.

Data on the mobile device

Google Pay uses keys and certificates from the payment network and issuing bank, which allow it to authenticate in offline mode with the payment terminal.

Figure 1 describes the keys and certification details used by the Android-powered device:

Figure 1: Information on the user's device

Communication between the mobile device and the payment terminal

Figure 2 shows the specific sequence in which the Android-powered device and the payment terminal exchange data. This sequence allows the device and terminal to authenticate each other.

Figure 2: Data exchanged between the user's device and the terminal

How to implement ODA

Most large payment networks allow the use of ODA for transit purposes. ODA implementation specifications vary by payment network. We recommend that you work with the payment networks to understand their requirements for ODA and implement it by their specifications.