During Second Card Action Analysis, ICC may request the terminal to complete the transaction by either accepting or declining. And, this request may differ from the result of online processing.
I found in EMV that details of this card risk management like the algorithms within ICC are outside the scope of EMV specifications.
I would like to know some example scenarios where the online processing result is ACCEPTING but the card risk management result is DECLINING.
So, could anyone suggest how can I obtain information about these algorithms? Are there others specification about this? Thank you in advance!
Even though issuers are free to use any algorithm of their choice, the one you see generally implemented is Triple DES. Download and Read EMVCo Book 2 Security and Key Management specification.
Sample cases where card declines a transactions which is approved offline is
Unless EMV CPS application used, refer the corresponding payment scheme specification.