Authorizattion System Manual

June 9, 2016 | Author: Paul_Escudier_EXP | Category: N/A
Share Embed Donate


Short Description

Download Authorizattion System Manual...

Description

Return to Menu

Information Replacement

about this Replacement

The April 2006 Authorization System Manual replaces your existing manual.

What is in the new This new version reflects changes effective with Banknet Release 06.1. version? Please refer to: •

“Summary of Changes” for a comprehensive list of changes reflected in this update.



“Using this Manual” for a complete list of the contents of this manual.

Billing

MasterCard will bill principal members for this document. Please refer to the appropriate MasterCard Consolidated Billing System Manual for billingrelated information.

Questions?

If you have questions about this manual, please contact the Customer Operations Services team or your regional help desk. Please refer to “Using this Manual” for more contact information.

MasterCard is Listening…

Please take a moment to provide us with your feedback about the material and usefulness of the Authorization System Manual using the following email address: [email protected] We continually strive to improve our publications. Your input will help us accomplish our goal of providing you with the information you need.

Summary

of Changes

Authorization System Manual, April 2006

Change Summary

Description of Change

Where to Look

MIP X-Code Limits updates

The MIP X-Code Limits table was updated to show the established X-Code limits for World MasterCard™ Cards and Platinum MasterCard™ Cards.

Chapter 2

Online authorization message updates

Information about online authorization messages and flows was updated.

Chapter 5

Central Authorization Processing Service (CAPS) updates

With the elimination of bulk types SI001 (Sequential Response File) and SI002 (Sequential Audit File) and the replacement of SI003 with RB28, CAPS information was updated.

Chapter 8 Chapter 11

Account Balance Responses and Balance Inquiries updates

This update includes changes to the Account Balance Responses and Balance Inquiries information.

Chapter 9

Authorization Multiple Currency Conversion (AMCC) service update

MasterCard updated the AMCC service to allow all acquirers to submit authorization request messages containing any valid MasterCard transaction currency. MasterCard will no longer require acquirers to sign-up for the acquirer Authorization Multiple Currency Conversion (AMCC) service to process transactions in their local currencies.

Chapter 9

Implementation of Partial Effective with Banknet Release 06.1, the Authorization Chapter 9 Approvals System will allow issuers to approve a portion of the requested transaction amount by responding with the approved amount and a new partial approval response code in authorization response messages. Implementation of Recurring Payment Cancellation Service

Effective with Banknet Release 06.1, MasterCard introduced the new Recurring Payment Cancellation Service. This optional service allows issuers to specify criteria to block recurring payment transactions identified in authorization messages and clearing records.

Page 1 of 2

Chapter 9

Change Summary

Description of Change

MasterCard-acquired Visa Information about the Market-specific Data Identifier (VisaTransactions update only) and the Prestigious Properties Indicator was added.

Where to Look Chapter 9

Purchase with Cash Back MasterCard enhanced Stand-In Processing to allow issuers to Chapter 9 Transactions for Debit choose Stand-In to process Purchase of Goods or Services MasterCard Cards update with Cash Back transactions that are PIN-based, signaturebased, or both for Debit MasterCard® cards. Authorization Parameter Summary Report (SI737010-AA) update

In the Global Parameters section of the Authorization Parameter Summary Report (SI737010-AA), a new RPCS participant parameter field was added to support RPCS participation.

Chapter 10

Smart Card Transactions update

Effective with Banknet Release 06.1, the Authorization System now gives acquirers additional information about chip cryptogram validation issuers and allows additional types of chip transactions.

Chapter 12

Additionally, effective 1 January 2006, all new acquirers that choose to process smart card transactions must support Full Grade Processing for smart card transactions. Terminology change

References to the Merchant Category Code (MCC) were changed to Card Acceptor Business Code/Merchant Category Code (MCC).

Page 2 of 2

Various chapters

Authorization System Manual April 2006

Copyright

The information contained in this manual is proprietary and confidential to MasterCard International Incorporated (MasterCard) and its members. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard.

Trademarks

Trademark notices and symbols used in this manual reflect the registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States. All third-party product and service names are trademarks or registered trademarks of their respective owners.

Media

This document is available: •

On MasterCard OnLine®



On the MasterCard Electronic Library CD-ROM



In printed format



Translated into Spanish



Translated into Portuguese

MasterCard International Incorporated 2200 MasterCard Boulevard O’Fallon MO 63368-7263 USA 1-636-722-6100 www.mastercard.com

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Publication Code: AP

Table of Contents

Using this Manual Purpose................................................................................................................... 1 Audience................................................................................................................. 1 Overview ................................................................................................................ 1 Excerpted Text ....................................................................................................... 3 Language Use ......................................................................................................... 3 Times Expressed..................................................................................................... 3 Revisions ................................................................................................................. 4 Related Information................................................................................................ 4 Related Forms......................................................................................................... 5 Support ................................................................................................................... 5 Member Relations Representative ................................................................... 6 Regional Representative................................................................................... 7

Chapter 1

System Overview Definition of the MasterCard Authorization System...........................................1-1 MIP.................................................................................................................1-2 Banknet Network ..........................................................................................1-2 Acquirer Interfaces ........................................................................................1-2 Issuer Interfaces ............................................................................................1-2 Stand-In System Processing ..........................................................................1-3 Gateways .......................................................................................................1-3 Features of the System ........................................................................................1-4 Access to All Members 24 Hours a Day, 365 Days a Year..........................1-4 Fast and Cost Effective Authorization Processing........................................1-4 Interfaces to Support Non-MasterCard Card Processing .............................1-4 Backup to Primary Routing and Authorizing Paths.....................................1-5 Authorization Multiple Currency Conversion Capability.............................1-6 Support of Security Functions ......................................................................1-6 Reporting .......................................................................................................1-8

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

i

Table of Contents

Smart Card Technology.......................................................................................1-9 Business Benefits of Smart Card Technology ..............................................1-9 Functions Unique to Smart Card Technology..............................................1-9

Chapter 2

Basic Authorization Concepts Participants in Authorization Processing ............................................................2-1 Cardholder.....................................................................................................2-1 Merchant........................................................................................................2-1 Acquirer .........................................................................................................2-2 Issuer .............................................................................................................2-2 Other Participants..........................................................................................2-2 Accessing the Authorization System...................................................................2-4 Acquirer Methods..........................................................................................2-4 Issuer Methods ..............................................................................................2-6 Authorization Responses.....................................................................................2-8 Approve.........................................................................................................2-9 Decline ..........................................................................................................2-9 Refer to Card Issuer ....................................................................................2-10 Capture Card ...............................................................................................2-10 Limit-1 Processing .............................................................................................2-11 Limit-1 Limits ...............................................................................................2-11 “Nth” Transaction ........................................................................................2-12 Stand-In System Tests .................................................................................2-12 Limit-1 Processing Flow..............................................................................2-12 Limit-1 Processing Results...........................................................................2-14 X-Code Processing ............................................................................................2-14 Acquirer Host X-Code Processing ..............................................................2-14 Rules for Acquirer Host X-Code Processing ..............................................2-15 Acquirer MIP X-Code Processing ...............................................................2-15 X-Code Processing of Non-MasterCard Card Programs ............................2-18

ii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Table of Contents

Chapter 3

MasterCard Authorization Message Flows Basic Authorization Flow ....................................................................................3-1 Variations on the Basic Authorization Flow for MasterCard Cards ...................3-2 Authorization Processing Occurs at the Acquirer MIP ................................3-3 Issuer Is Online but the Transaction Cannot Follow the Primary Path ......3-3 Issuer is a CAPS Issuer..................................................................................3-5

Chapter 4

Acquirer and Issuer Responsibilities Acquirer Responsibilities.....................................................................................4-1 Processing Authorization Requests...............................................................4-1 Assisting in Investigation of Counterfeits and Criminal Cases ....................4-5 Billing ............................................................................................................4-5 Issuer Responsibilities .........................................................................................4-6 Encoding and Validating the CVC 1 Value ..................................................4-6 Imprinting and Validating the CVC 2 Value ................................................4-7 Issuing and Validating PIN Data ..................................................................4-7 Processing Authorization Requests...............................................................4-7 Call Referral Responses.................................................................................4-8 File Maintenance .........................................................................................4-10 Billing ..........................................................................................................4-10

Chapter 5

Online Authorization Messages Message Types.....................................................................................................5-1 Using Authorization Messages ............................................................................5-2 Processing Authorization Transactions...............................................................5-2 Authorization Request/0100 and Authorization Request Response/0110 Messages........................................................................................................5-3 Authorization Advice/0120 and Authorization Advice Response/0130 Messages........................................................................................................5-3 Acquirer Response Acknowledgement/0180 Messages...............................5-6 Authorization Negative Acknowledgement/0190 Messages........................5-7 Processing Issuer File Update Messages ............................................................5-8

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

iii

Table of Contents

Processing Reversal Request/Advice Messages..................................................5-9 Acquirer Reversal Request/0400 and Acquirer Reversal Request Response/0410 Messages..............................................................................5-9 Acquirer Reversal Advice/0420 and Reversal Advice Response/0430 Messages......................................................................................................5-10 Processing Administrative Advice Messages ....................................................5-11 Using Network Management Request Messages..............................................5-13 Standard Network Management/08xx Messages .......................................5-13 Retrieving Store-and-Forward (SAF) Messages (Issuers) ...........................5-15

Chapter 6

Stand-In Processing Stand-In Processing Service ................................................................................6-1 How Stand-In Processing Works ........................................................................6-1 Range Blocks.................................................................................................6-2 Account Listings ............................................................................................6-2 Stand-In Processing Parameters....................................................................6-2 Stand-In Processing Security Services ..........................................................6-3 Decision Matrix .............................................................................................6-3 Stand-In Tests ......................................................................................................6-4 Range Blocks Test.........................................................................................6-5 Account File Test...........................................................................................6-6 Expiration Date Test .....................................................................................6-6 M/Chip Cryptogram Validation Test.............................................................6-7 PIN Verification Test .....................................................................................6-7 CVC 1 Test.....................................................................................................6-8 AAV Verification Test....................................................................................6-9 Merchant Suspicious Test .............................................................................6-9 Transaction Limits Test ...............................................................................6-10 Accumulative Limits Test ............................................................................6-17 Cash Disbursement Accumulator Test .......................................................6-18 Stand-In Response.......................................................................................6-18

iv

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Table of Contents

Exceptions and Additions to the Stand-In Process ..........................................6-19 Online Transactions ....................................................................................6-19 Gold MasterCard Card Accounts ................................................................6-19 VIP Accounts ...............................................................................................6-20 CAPS Accounts ............................................................................................6-20

Chapter 7

Setting Stand-In Parameters: Online Issuer Establishing Parameters.......................................................................................7-1 To Complete the Worksheet.........................................................................7-1 Default Values ...............................................................................................7-2 On Every Page ..............................................................................................7-2 New or Existing Account Ranges .......................................................................7-4 Important Dates...................................................................................................7-4 How MasterCard Uses this Information .......................................................7-4 When Changes are Effective.........................................................................7-4 Telephone Numbers............................................................................................7-5 How to Complete this Section......................................................................7-5 How MasterCard Uses this Information .......................................................7-5 When Changes Are Effective ........................................................................7-5 Hours of Operation for Call Referral Center ......................................................7-6 How to Complete this Section......................................................................7-6 How Stand-In Processing Uses this Information .........................................7-9 Noncompliance Assessments........................................................................7-9 When Changes Are Effective ......................................................................7-10 Holidays for Call Referral Center......................................................................7-10 How to Complete this Section....................................................................7-10 How Stand-In Processing Uses this Information .......................................7-11 When Changes Are Effective ......................................................................7-11 Transaction Category Code Global Parameters................................................7-11 How to Complete this Section....................................................................7-11 How Stand-In Processing Uses this Information .......................................7-12 When Changes Are Effective ......................................................................7-12

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

v

Table of Contents

Transaction Category Code Local Use Parameters...........................................7-13 How to Complete this Section....................................................................7-13 How Stand-In Processing Uses this Information .......................................7-14 When Changes Are Effective ......................................................................7-14 Accumulative Limits ..........................................................................................7-15 How to Complete this Section....................................................................7-15 How Stand-In Processing Uses this Information .......................................7-16 When Changes Are Effective ......................................................................7-17 Cash Disbursement Accumulative Limits..........................................................7-17 How to Complete this Section....................................................................7-17 How Stand-In Processing Uses this Information .......................................7-17 When Changes Are Effective ......................................................................7-18 Decision Matrix..................................................................................................7-18 How to Complete this Section....................................................................7-18 How Stand-In Processing Uses this Information .......................................7-19 When Changes Are Effective ......................................................................7-19 Range Blocking .................................................................................................7-20 How to Complete this Section....................................................................7-20 How Stand-In Processing Uses this Information .......................................7-21 When Changes Are Effective ......................................................................7-21 Expanded Parameter Combinations .................................................................7-21 How to Complete this Section....................................................................7-21 How Stand-In Processing Uses this Information .......................................7-23 When Changes Are Effective ......................................................................7-23 VIP Controls.......................................................................................................7-24 How to Complete this Section....................................................................7-24 How Stand-In Processing Uses this Information .......................................7-25 When Changes Are Effective ......................................................................7-25 Limit-1 Processing .............................................................................................7-25 How to Complete this Section....................................................................7-25 How Stand-In Processing Uses this Information .......................................7-26 When Changes Are Effective ......................................................................7-26

vi

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Table of Contents

Chapter 8

Central Authorization Processing Service Introduction to CAPS...........................................................................................8-1 Who Are CAPS Members? .............................................................................8-1 How Do CAPS Members Send Data to MasterCard?....................................8-1 When Does CAPS Apply Data to the Account File? ....................................8-1 What Data does MasterCard Provide for Members? ....................................8-2 CAPS Features......................................................................................................8-2 Sending and Retrieving CAPS Files via MasterCard File Express ......................8-4 When to Send the Sequential Account File .................................................8-4 Emergency Maintenance to the Account File ..............................................8-7 File Layouts..........................................................................................................8-9 Sequential Account File ................................................................................8-9 Completing the Stand-In Processing Worksheet..............................................8-12 To Complete the Worksheet.......................................................................8-13 Default Values .............................................................................................8-13 On Every Page ............................................................................................8-14 Important Dates.................................................................................................8-14 How MasterCard Uses this Information .....................................................8-14 When Changes are Effective.......................................................................8-15 Telephone Numbers..........................................................................................8-15 How to Complete this Section....................................................................8-15 How MasterCard Uses this Information .....................................................8-15 When Changes are Effective.......................................................................8-15 Hours of Operation for Call Referral Center ....................................................8-16 How to Complete this Section....................................................................8-16 How Stand-In Processing Uses this Information .......................................8-19 Noncompliance Assessments......................................................................8-19 When Changes Are Effective ......................................................................8-20 Holidays for Call Referral Center......................................................................8-20 How to Complete this Section....................................................................8-20 How Stand-In Processing Uses this Information .......................................8-21 When Changes Are Effective ......................................................................8-21

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

vii

Table of Contents

Cash Disbursement Accumulative Limits..........................................................8-21 How to Complete this Section....................................................................8-21 How Stand-In Processing Uses this Information .......................................8-21 When Changes Are Effective ......................................................................8-22 Decision Matrix..................................................................................................8-22 How to Complete this Section....................................................................8-22 How Stand-In Processing Uses this Information .......................................8-23 When Changes Are Effective ......................................................................8-23 Range Blocking .................................................................................................8-24 How to Complete this Section....................................................................8-24 How Stand-In Processing Uses this Information .......................................8-25 When Changes Are Effective ......................................................................8-25 Expanded Parameter Combinations .................................................................8-25 How to Complete this Section....................................................................8-25 How Stand-In Processing Uses this Information .......................................8-27 When Changes Are Effective ......................................................................8-27 VIP Controls.......................................................................................................8-27 How to Complete this Section....................................................................8-28 How Stand-In Processing Uses this Information .......................................8-28 When Changes Are Effective ......................................................................8-28

Chapter 9

Authorization Services Detail Account Balance Response.................................................................................9-1 Account Management..........................................................................................9-2 Account Management System.......................................................................9-2 Account File ..................................................................................................9-2 Recurring Payment Cancellation Service (RPCS) .........................................9-3 Blocking Ranges of Accounts .......................................................................9-3 Address Verification Service................................................................................9-5 Participation Requirements ...........................................................................9-5 Indicating AVS Participation during Sign-in.................................................9-5 AVS Process...................................................................................................9-5 Address Key ..................................................................................................9-6 Issuer Procedures ........................................................................................9-10

viii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Table of Contents

Authorization Multiple Currency Conversion...................................................9-11 Using AMCC ................................................................................................9-11 Signing Up for AMCC..................................................................................9-11 Participating in AMCC.................................................................................9-11 Data Elements Used by AMCC ...................................................................9-12 AMCC Processing Logic ..............................................................................9-12 Acquirer Processing Logic ..........................................................................9-13 Issuer Processing Logic...............................................................................9-14 Examples of AMCC Processing...................................................................9-15 Balance Inquiries...............................................................................................9-23 ATM Balance Inquiries................................................................................9-23 Point-of-Sale (POS) Terminal Balance Inquiries........................................9-24 Card Level Support............................................................................................9-26 Card Validation Code 1 Verification in Stand-In Processing ...........................9-27 Assigning Multiple Sets of DES Keys to an Account Range......................9-27 Assigning the Same Set of DES Keys to an Account Range......................9-27 Reporting CVC 1 Verification in Stand-In Processing................................9-34 Card Validation Code 2 Verification .................................................................9-35 CVC 2...........................................................................................................9-35 Conditions for CVC 2 Verification ..............................................................9-35 Participation Requirements .........................................................................9-35 Authorization System Processing Flow Diagrams......................................9-37 Card Validation Code Verification for Emergency Card Replacements ..........9-43 How to Request CVC Verification for ECR Service....................................9-43 Use of CVC Keys.........................................................................................9-43 Cardholder-activated Terminals ........................................................................9-44 Types of CATs .............................................................................................9-44 Automated Dispensing Machines ...............................................................9-44 Self-service Terminals .................................................................................9-45 Limited Amount Terminals .........................................................................9-45 In-flight Commerce .....................................................................................9-46 Electronic Commerce Transactions ............................................................9-48 Transponder Transactions ..........................................................................9-48 Check Guarantee...............................................................................................9-49 Requirements for Authorization Request/0100 Messages..........................9-49

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

ix

Table of Contents

Requirements for Authorization Request Response/0110 Messages.........9-49 Country Level Authorization .............................................................................9-50 Process for Country Level Authorization ...................................................9-50 Electronic Commerce ........................................................................................9-51 Member Requirements ................................................................................9-51 Process for an Electronic Commerce Transaction .....................................9-51 Types of Electronic Commerce Transactions.............................................9-52 Flow of an Electronic Commerce Authorization Transaction ...................9-53 Expired Card Override ......................................................................................9-57 System Definition of an Expired Card........................................................9-57 Expired Card Tests ......................................................................................9-57 Fleet Card Transactions.....................................................................................9-62 Incentive Interchange Rates........................................................................9-62 Transmitting Fleet Card Data in Authorization Request/0100 Messages......................................................................................................9-62 Fleet Card Authorization Response ............................................................9-63 Initiating Fleet Card Support.......................................................................9-63 Global Automated Referral Service...................................................................9-64 Benefits of Using GARS ..............................................................................9-64 GARS Process ..............................................................................................9-64 Acquirer Use of GARS.................................................................................9-68 Issuer Use of GARS .....................................................................................9-72 Monitoring Call Referral Activity ................................................................9-75 To Request GARS or Change GARS Parameters ........................................9-75 M/Chip On-behalf Services...............................................................................9-76 Chip to Magnetic Stripe Conversion...........................................................9-76 M/Chip Cryptogram Pre-validation Service................................................9-77 M/Chip Cryptogram Validation in Stand-In Processing.............................9-77 Magnetic Stripe Compliance Program ..............................................................9-78 Participating in the Magnetic Stripe Compliance Program........................9-78 Requirements for Magnetic Stripe Compliance..........................................9-79 Risk of Not Participating .............................................................................9-80 Manual Telex Authorization Requests ..............................................................9-81 Telex Requests ............................................................................................9-81 Telex Responses..........................................................................................9-84

x

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Table of Contents

Authorization Request Response................................................................9-85 MasterCard ATM Network.................................................................................9-87 Data Security ...............................................................................................9-87 ATM Locator ................................................................................................9-87 ATM Directory.............................................................................................9-88 Benefits........................................................................................................9-88 Supported Transactions ..............................................................................9-89 Interfaces to the MasterCard ATM Network...............................................9-89 For More Information..................................................................................9-90 MasterCard SecureCode ....................................................................................9-91 Universal Cardholder Authentication Field ................................................9-91 SecureCode Authentication Platforms ........................................................9-91 Licensing SecureCode Specifications..........................................................9-91 Accountholder Authentication Value .........................................................9-92 Comparison of Security Protocols ..............................................................9-94 MasterCard-acquired Visa Transactions............................................................9-95 Issuer Options .............................................................................................9-95 CPS Transactions .........................................................................................9-95 Indicators.....................................................................................................9-95 Retail Key Entry Program............................................................................9-97 Secure Electronic Commerce Verification Service .....................................9-98 Visa Commercial Card Inquiry....................................................................9-98 Visa CVV2....................................................................................................9-99 Visa Fleet Card ............................................................................................9-99 For More Information..................................................................................9-99 Member-defined Data ..................................................................................... 9-100 Structure of Member-defined Data ........................................................... 9-100 Merchant Advice Codes .................................................................................. 9-101 DE 48, Subelement 84 Values................................................................... 9-101 Common DE 39 Values............................................................................. 9-101 DE 48, Subelement 84 with DE 39 ........................................................... 9-102 Partial Approvals ............................................................................................. 9-103 Alternate Processing.................................................................................. 9-103 For More Information................................................................................ 9-103

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

xi

Table of Contents

Payment Transaction Authorization................................................................ 9-104 Person-to-Person Transactions ................................................................. 9-104 Payment Transaction Blocking ................................................................. 9-106 Alternate Processing.................................................................................. 9-107 PIN Processing................................................................................................. 9-109 Acquirer Requirements ............................................................................. 9-109 Issuer Requirements.................................................................................. 9-110 Support for Both Acquiring and Issuing Processing ............................... 9-111 Authorization System Security Requirements........................................... 9-112 PIN Verification ......................................................................................... 9-118 PIN Verification in Stand-In Processing ................................................... 9-118 PIN Key Exchange and Processing Forms ............................................... 9-119 Portfolio Sales Support.................................................................................... 9-120 Full BIN Transfer....................................................................................... 9-120 Partial BIN Transfer................................................................................... 9-121 Fees............................................................................................................ 9-122 Promotion Code .............................................................................................. 9-123 Purpose of Using a Promotion Code ....................................................... 9-123 How the Promotion Code Service Works ................................................ 9-123 To Participate in the Promotion Code Service......................................... 9-123 Purchase of Goods or Services with Cash Back Transactions for Debit MasterCard Cards............................................................................................. 9-124 To Participate ............................................................................................ 9-124 For More Information................................................................................ 9-124 Proximity Chip Payments................................................................................ 9-125 Recurring Payments......................................................................................... 9-126 Indicating a Recurring Payment ............................................................... 9-126 Recurring Payment Cancellation Service........................................................ 9-127 Benefits of RPCS........................................................................................ 9-127 How RPCS Works...................................................................................... 9-127 Authorization Reports ............................................................................... 9-128 To Participate ............................................................................................ 9-128 For More Information................................................................................ 9-128 RiskFinder ........................................................................................................ 9-129 Using RiskFinder ....................................................................................... 9-129

xii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Table of Contents

To Participate ............................................................................................ 9-129 For More Information................................................................................ 9-129 Transaction Research Request ........................................................................ 9-130 Conducting a Transaction Research Request ........................................... 9-130 Using the MasterCard eService Transaction Research Tool .................... 9-130 Accessing the Transaction Research Tool ................................................ 9-131 Using the Transaction Research Request Form ....................................... 9-135 Understanding Fees for Transaction Research Requests ......................... 9-135 Travel Industries Premier Service ................................................................... 9-136 To Participate ............................................................................................ 9-136 For More Information................................................................................ 9-136 Velocity Monitoring......................................................................................... 9-137 Types of Velocity Monitoring ................................................................... 9-137 Velocity Monitoring Reports ..................................................................... 9-137 Requesting AVM or MVM ......................................................................... 9-138

Chapter 10 Reports Related Reports in Other Manuals....................................................................10-1 Presentation of Reports in this Manual ............................................................10-1 Report Header Information...............................................................................10-2 Authorization Summary Report (AB505010-AA) ..............................................10-3 Report Sample .............................................................................................10-4 Field Descriptions ..................................................................................... 10-11 Authorization Parameter Summary Report (SI737010-AA) ............................ 10-19 Report Sample ........................................................................................... 10-20 Field Descriptions ..................................................................................... 10-25 Authorization Summary by CAT Level Report (SI458010-AA)....................... 10-33 Report Sample ........................................................................................... 10-34 Field Descriptions ..................................................................................... 10-36 GARS Weekly Issuer Transaction Detail Report (GR122010-AA).................. 10-39 Report Sample ........................................................................................... 10-40 Field Descriptions ..................................................................................... 10-41

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

xiii

Table of Contents

GARS Weekly Acquirer Transaction Detail Report (GR122010-BB).............. 10-45 Report Sample ........................................................................................... 10-46 Field Descriptions ..................................................................................... 10-47 GARS Monthly Acquirer Response Report (GR128010-AA)........................... 10-51 Report Sample ........................................................................................... 10-52 Field Descriptions ..................................................................................... 10-53 GARS Monthly Acquirer Response Below Target Report (GR128010-BB) ... 10-55 Report Sample ........................................................................................... 10-56 Field Descriptions ..................................................................................... 10-57 GARS Monthly Issuer Call Referral Report (GR129010-AA)........................... 10-59 Report Sample ........................................................................................... 10-60 Field Descriptions ..................................................................................... 10-61 Daily Activity Report (SI441010-A) ................................................................. 10-63 Report Sample ........................................................................................... 10-64 Field Descriptions ..................................................................................... 10-64

Chapter 11 Testing Member Testing.................................................................................................11-1 Who Must Test ............................................................................................11-1 How to Prepare for Testing........................................................................11-1 How to Perform Testing .............................................................................11-8 How to Begin Production Processing ........................................................11-8 CAPS Member Testing.......................................................................................11-9 When to Test ...............................................................................................11-9 How to Prepare for Testing........................................................................11-9 How to Perform Testing ........................................................................... 11-10 How to Begin Processing ......................................................................... 11-11

Chapter 12 Smart Card Transactions Overview ...........................................................................................................12-1 Acquirer Responsibilities...................................................................................12-1 Requirements for Merchants and Service Providers ..................................12-1

xiv

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Table of Contents

Transaction Processing Categories .............................................................12-2 Cardholder-controlled Remote Devices .....................................................12-2 Hybrid Terminal Requirements ..................................................................12-3 Fallback Procedures ....................................................................................12-5 Terminal Cardholder Verification Method Policy ......................................12-6 Hybrid Terminal Risk Management............................................................12-6 Acquirer Processing Requirements.............................................................12-8 Issuer Responsibilities .......................................................................................12-8 Smart Card Requirements ...........................................................................12-9 Minimum Personalization Requirements....................................................12-9 Card Risk Management ............................................................................. 12-10 Velocity Check .......................................................................................... 12-10 Cumulative Amount Check....................................................................... 12-10 Issuer Processing Requirements ............................................................... 12-10 Cardholder Authentication Method ................................................................ 12-11 CAM Policy ................................................................................................ 12-11 Offline SDA CAM ...................................................................................... 12-12 Offline DDA CAM ..................................................................................... 12-12 Online CAM and Online Mutual Authentication...................................... 12-13 Cardholder Verification Method ..................................................................... 12-13 CVM Policy ................................................................................................ 12-14 Block/Unblock .......................................................................................... 12-14 PIN Block .................................................................................................. 12-14

Appendix A Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards ................................................................... A-1 Flows for a Peer-to-Peer Visa Issuer—Transaction Does Not Qualify for CPS.......................................................................................................... A-1 Flows for a Peer-to-Peer Visa Issuer—Transaction Qualifies for CPS ....... A-4 Flows for a Non–Peer-to-Peer Visa Issuer .................................................. A-7 Authorization Flows for Non-MasterCard, Non-Visa Cards ............................ A-10 Primary Path—Direct to Designated Endpoint ......................................... A-10 Secondary Path—X-Code Processing ........................................................ A-11

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

xv

Table of Contents

Appendix B File Layouts In-flight Commerce Blocked Gaming File......................................................... B-1 Store-and-Forward Message Transmission File (T230) ..................................... B-3

xvi

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Using this Manual This chapter contains information that helps you understand and use this document.

Purpose...................................................................................................................1 Audience.................................................................................................................1 Overview ................................................................................................................1 Excerpted Text .......................................................................................................3 Language Use .........................................................................................................3 Times Expressed.....................................................................................................3 Revisions .................................................................................................................4 Related Information................................................................................................4 Related Forms.........................................................................................................5 Support ...................................................................................................................5 Member Relations Representative ...................................................................6 Regional Representative...................................................................................7

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

i

Using this Manual Purpose

Purpose The MasterCard Authorization System Manual helps member personnel gain a basic understanding of the structure of the MasterCard International Incorporated (“MasterCard”) Authorization System and how to use it. This manual describes requirements and procedures for member participation in authorization services provided by MasterCard.

Audience MasterCard provides this manual to members and their authorized agents. Specifically, the following personnel should find this manual useful: •

Management staff—to gain a high-level understanding of authorization processing and associated services, responsibilities, and processing alternatives



Security staff—to review authorization tools available for reducing transaction risk levels



Systems personnel—to become familiar with transaction data flows and the MasterCard Authorization System



Operations staff—to establish procedures for various aspects of the authorization process, including authorization requests and special services such as address verification and authorization report monitoring



Merchant support staff—to gain an understanding of the Authorization System as a whole and to develop procedures for merchants

Overview The following table provides an overview of this manual. Chapter

Description

Table of Contents

A list of the manual’s chapters and sections. Each entry lists a chapter and page number.

Using this Manual

A description of the manual’s purpose and its contents.

1

An overview of the MasterCard Authorization System, providing a high-level definition of its features and related systems and services.

System Overview

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

1

Using this Manual Overview

Chapter

Description

2

Basic Authorization Concepts

A discussion of participants in the Authorization System, authorization responses, ways to access the Authorization System, Limit-1 processing, and X-Code processing.

3

MasterCard Authorization Message Flows

Illustrations and descriptions of authorization message flows for MasterCard® credit card programs.

4

Acquirer and Issuer Responsibilities

A description of the authorization-related responsibilities that acquirers and issuers must fulfill.

5

Online Authorization Messages

Procedures for online issuers and acquirers to perform authorization processing, including basic information about the purpose and function of online messages.

6

Stand-In Processing

A description of how Stand-In processing responds to authorization requests on behalf of the issuer.

7

Setting Stand-In Parameters: Online Issuer

Procedures for online issuers to establish Stand-In parameters using the Stand-In Processing Worksheet.

8

Central Authorization Processing Service

A description of the CAPS service and files it uses, procedures for sending and retrieving CAPS files, file layouts, and procedures for establishing Stand-In parameters using the Stand-In Processing Worksheet.

9

Authorization Services Detail

Detailed information about services provided by MasterCard that support and enhance the basic functions of the Authorization System.

10 Reports

Detailed description and samples of reports produced by the MasterCard Authorization System.

11 Testing

Procedures for testing the ability to participate in the MasterCard Authorization System and testing value-added services.

12 Smart Card Transactions

Policies and standards for authorizing transactions processed using smart cards.

A

Non-MasterCard Authorization Message Flows

Illustrations and descriptions of Visa and other nonMasterCard authorization message flows.

B

File Layouts

File layouts for the In-flight Commerce Blocked Gaming File and the Store-and-Forward Message Transmission File.

Forms

2

Forms related to the MasterCard Authorization System.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Using this Manual Excerpted Text

Excerpted Text At times, this document may include text excerpted from another document. A note before the repeated text always identifies the source document. In such cases, we included the repeated text solely for the reader’s convenience. The original text in the source document always takes legal precedence.

Language Use The spelling of English words in this manual follows the convention used for U.S. English as defined in Merriam-Webster’s Collegiate Dictionary. MasterCard is incorporated in the United States and publishes in the United States. Therefore, this publication uses U.S. English spelling and grammar rules. An exception to the above spelling rule concerns the spelling of proper nouns. In this case, we use the local English spelling.

Times Expressed MasterCard is a global company with locations in many time zones. The MasterCard operations and business centers are in the United States. The operations center is in St. Louis, Missouri, and the business center is in Purchase, New York. For operational purposes, MasterCard refers to time frames in this manual as either “St. Louis time” or “New York time.” Coordinated Universal Time (UTC) is the basis for measuring time throughout the world. You can use the following table to convert any time used in this manual into the correct time in another zone:

Standard time

St. Louis, Missouri USA

Purchase, New York USA

Central Time

Eastern Time

09:00

10:00

15:00

09:00

10:00

14:00

UTC

(last Sunday in October to the first Sunday in April a) Daylight saving time

(first Sunday in April to the last Sunday in October) a

For Central European Time, the last Sunday in October to the last Sunday in March.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

3

Using this Manual Revisions

Revisions MasterCard periodically will issue revisions to this document as we implement enhancements and changes, or as corrections are required. With each revision, we include a “Summary of Changes” describing how the text changed. Revision markers (vertical lines in the right margin) indicate where the text changed. The month and year of the revision appear at the right of each revision marker. Occasionally, we may publish revisions or additions to this document in a Global Operations Bulletin or other bulletin. Revisions announced in another publication, such as a bulletin, are effective as of the date indicated in that publication, regardless of when the changes are published in this manual.

Related Information The following documents and resources provide information related to the subjects discussed in this manual. Please refer to the Quick Reference Booklet for descriptions of these documents.

4



Account Management User Manual



Bylaws and Rules



Chargeback Guide



Customer Interface Specification



Data Communications Manual



EMV2000, Integrated Circuit Card Specification for Payment Systems, Version 4.0, December 2000



Interchange Compliance Manual



MasterCard Consolidated Billing System Manual



MasterCard Credit Authorization Simulator



MasterCard File Express Client Users’ Guide



MasterCard File Express Scheduler Users’ Guide



MasterCard Interface Processor Member Manual



SecureCode Member Enrollment and Implementation Guide



MDS Online Specifications



Member Information Manual

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Using this Manual Related Forms



Security Rules and Procedures



Settlement Manual

Members that use the Cirrus® service and logo or that process online debit transactions should refer to the debit processing manuals recommended by the Customer Operations Services team. For definitions of key terms used in this document, please refer to the MasterCard Dictionary on the Member Publications home page (on MasterCard OnLine® and the MasterCard Electronic Library CD-ROM). To order MasterCard manuals, please use the Ordering Publications service on MasterCard OnLine®, or contact the Customer Operations Services team.

Related Forms Forms referenced in the Authorization System Manual are provided at the end of this manual. In addition, forms are available in the Business Forms section of MasterCard OnLine®.

Support Please address your questions to the Customer Operations Services team as follows: Phone:

1-800-999-0363 or 1-636-722-6176 1-636-722-6292 (Spanish language support)

Fax:

1-636-722-7192

E-mail:

Canada, Caribbean, Latin America, South Asia/Middle East/Africa, and U.S.

[email protected]

Asia/Pacific: Australia and New Zealand

[email protected]

China, Hong Kong, and Taiwan

[email protected]

South East Asia

[email protected]

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5

Using this Manual Support

Japan/Guam

[email protected]

Korea

[email protected]

Europe

[email protected]

Spanish language support

[email protected]

Vendor Relations, all regions

[email protected]

Address:

MasterCard International Incorporated Customer Operations Services 2200 MasterCard Boulevard O’Fallon MO 63368-7263 USA

Telex:

434800 answerback: 434800 ITAC UI

Member Relations Representative Member Relations representatives assist U.S. members with marketing inquiries. They interpret member requests and requirements, analyze them, and if approved, monitor their progress through the various MasterCard departments. This does not cover support for day-to-day operational problems, which the Customer Operations Services team addresses. For the name of your U.S. Member Relations representative, contact your local Member Relations office: Atlanta Chicago Purchase San Francisco

6

1-678-459-9000 1-847-375-4000 1-914-249-2000 1-925-866-7700

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Using this Manual Support

Regional Representative The regional representatives work out of the regional offices. Their role is to serve as intermediaries between the members and other departments in MasterCard. Members can inquire and receive responses in their own languages and during their offices; hours of operation. For the name of the regional office serving your area, call the Customer Operations Services team at: Phone:

1-800-999-0363 or 1-636-722-6176 1-636-722-6292 (Spanish language support)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7

1

System Overview This chapter provides basic information about the MasterCard Authorization System: what it is, what it does, and whom it serves. The chapter highlights features of the Authorization System that contribute to its flexibility, usefulness, and adaptability to member needs. It also directs you to additional sources of information regarding specific topics related to authorization.

Definition of the MasterCard Authorization System...........................................1-1 MIP.................................................................................................................1-2 Banknet Network ..........................................................................................1-2 Acquirer Interfaces ........................................................................................1-2 Issuer Interfaces ............................................................................................1-2 Stand-In System Processing ..........................................................................1-3 Gateways .......................................................................................................1-3 Features of the System ........................................................................................1-4 Access to All Members 24 Hours a Day, 365 Days a Year..........................1-4 Fast and Cost Effective Authorization Processing........................................1-4 Interfaces to Support Non-MasterCard Card Processing .............................1-4 Backup to Primary Routing and Authorizing Paths.....................................1-5 Authorization Multiple Currency Conversion Capability.............................1-6 Support of Security Functions ......................................................................1-6 Account Management System ................................................................1-6 Address Verification Service ...................................................................1-6 Card Validation Code Verification..........................................................1-7 Global Automated Referral Service (GARS)...........................................1-7 M/Chip Cryptogram Pre-validation Service ...........................................1-7 M/Chip Cryptogram Validation in Stand-In Processing ........................1-7 MasterCard SecureCode Accountholder Authentication Value (AAV) Verification...................................................................................1-8 MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing ...............................................................................................1-8 PIN Verification.......................................................................................1-8 Reporting .......................................................................................................1-8 Smart Card Technology.......................................................................................1-9 Business Benefits of Smart Card Technology ..............................................1-9 Functions Unique to Smart Card Technology..............................................1-9

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

1-i

System Overview Definition of the MasterCard Authorization System

Definition of the MasterCard Authorization System The MasterCard Authorization System is an international message processing system that serves all MasterCard principal, affiliate, and associate members: large and small, automated and non-automated. The system transmits authorization validation data among issuers, acquirers, and points of interaction. The MasterCard Authorization System refers to both hardware (the physical communications lines of the Banknet® telecommunications network and MasterCard interface processors [MIPs]) and software (the Banknet authorization application). For information about Banknet components and interfaces, see the descriptions following Figure 1.1. For information about Financial Transaction/02XX messages and the MasterCard Debit Switch® (MDS), see the MDS Online Specifications manual. Figure 1.1—MasterCard Authorization System Gateways

MIP

Acquirer Interfaces

Issuer Interfaces

Banknet Network MIP

MIP

MIP Stand-In

Note

MasterCard reserves the right to record, store, and use all data transmitted via the MasterCard Authorization System in online electronic transactions, subject to MasterCard privacy and security compliance policies and applicable laws and regulations, without further notice.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

1-1

System Overview Definition of the MasterCard Authorization System

MIP The MasterCard interface processor (MIP) is a front-end communications processor placed on-site at a MasterCard member’s facility or at a processor or hub site. It provides access to the Banknet® telecommunications network. MIPs provide access to all MasterCard electronic funds transfer (EFT) products and to a wide variety of other EFT services via MasterCard gateways. MIP software supports issuing and acquiring functions, including routing MasterCard transactions to issuers, acquirers, and Stand-In System processing and switching non-MasterCard transactions to appropriate destinations via the gateways.

Banknet Network The Banknet network is the MasterCard worldwide packet-switching network. It is the primary data transport communications facility that links all MasterCard members and MasterCard data processing centers.

Acquirer Interfaces Most acquirers access the MasterCard Authorization System via the online method, through connectivity between the acquirer host and a MIP. MasterCard offers other interfaces to acquirers that do not have online connectivity. MasterCard converts messages sent through these other interfaces into online messages. See chapter 2 for details about these access methods.

Issuer Interfaces Most issuers access the MasterCard Authorization System online, through connectivity between the issuer host and a MIP. MasterCard also performs authorization processing on behalf of issuers that do not have online connectivity, through the Central Authorization Processing Service (CAPS). See chapter 2 for more information about online access and CAPS processing.

1-2

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

System Overview Definition of the MasterCard Authorization System

Stand-In System Processing The Stand-In host contains the issuer information necessary to perform authorization processing for online issuers that are unavailable or that cannot be reached, and for all CAPS members. The Stand-In System also performs the following functions: •

Processes file maintenance to the Account File



Processes network management messages for online members (see chapter 5)



Generates Authorization Advice/0120 (store-and-forward) messages to advise online issuers of authorizations processed on their behalf

Gateways The Banknet authorization application has interfaces called gateways that permit processing between the Banknet network and other networks, as shown in Figure 1.2. Figure 1.2—Authorization Interfaces Credit/Debit Processors MasterCard/ Cirrus ATM Network

Visa American Express Diners Club Carte Blanche JCB Check Guarantee

Banknet Network Acquirer

MIP

Regional Networks

Maestro Network Bankcard Associations

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

1-3

System Overview Features of the System

Features of the System To support members, MasterCard developed, and continues to enhance, the Authorization System to meet members’ current and future needs. The Authorization System provides the following features: •

Access to all members 24 hours a day, 365 days a year



Fast and cost-effective authorization processing



Interfaces to support non-MasterCard card processing



Backup to primary routing and authorizing paths



Multiple currency conversion capability



Support of security functions



Reporting

Access to All Members 24 Hours a Day, 365 Days a Year The MasterCard Authorization System operates on a continuous basis, ensuring that cardholders can use a MasterCard card program anytime and that acquirers and issuers always have access to MasterCard authorization processing facilities.

Fast and Cost Effective Authorization Processing The structure of the Banknet network enhances fast and cost-effective processing by allowing transactions to travel the shortest route to their destinations. The network’s design consists of redundant paths guaranteeing that there are always two or more paths to a given destination. If for some reason part of the network is down, this multiple routing structure of the Banknet network allows the transaction to continue to travel the next shortest route, eliminating congestion on the network.

Interfaces to Support Non-MasterCard Card Processing The Authorization System supports processing of the following types of cards:

1-4



American Express



Diners Club



JCB



Private label cards

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

System Overview Features of the System



Proprietary cards



Visa

Acquirers, therefore, can process a wide variety of card brands via their access to the MasterCard Banknet network.

Backup to Primary Routing and Authorizing Paths At times, members may experience internal communication problems, scheduled down times, or network problems. The MasterCard Authorization System provides backup authorization alternatives ensuring that an authorization response occurs for every authorization transaction. Routing and authorizing alternatives include the following: •

The network routes transactions via multiple paths, decreasing the impact of

trouble spots on the network. •

Stand-In processing uses issuer-established parameters to process

authorization transactions at the St. Louis Operations Center (Central Site) on behalf of online issuers that are unavailable or cannot be reached. •

X-Code processing processes authorization transactions at the MasterCard interface processor (MIP) or at the acquirer’s host for transactions that cannot travel beyond that point.

MasterCard also provides routing and authorization alternatives that members select ahead of time to enhance their productivity and the usefulness of the Authorization System to them. These alternatives include the following: •

Limit-1 processing allows issuers to establish parameters by transaction

category, instructing MasterCard to process on behalf of the issuer without forwarding the transaction. •

Floor limit values allow the merchant to authorize certain transactions at the point of interaction without requesting authorization from the issuer. For a list of current floor limit values, see the Quick Reference Booklet.



Special routing gives issuers the option of having authorization requests for

cards within a particular bank identification number (BIN) range routed according to the parameters and endpoint established for some other BIN. For example, after acquiring a portfolio, an issuer can request special routing to ensure that authorization requests for the cards in the new portfolio are processed using the Stand-In limits, Limit-1 parameters, and established endpoint for the issuer’s other BIN(s).

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

1-5

System Overview Features of the System

Authorization Multiple Currency Conversion Capability Authorization Multiple Currency Conversion (AMCC) is an optional service that allows issuers and acquirers to process authorization transactions in their local currency. See chapter 9 for details about AMCC.

Support of Security Functions The following services are used in conjunction with authorization processing to minimize risk: •

Account Management System (AMS)



Address Verification Service (AVS)



Card validation code (CVC) verification



Global Automated Referral Service (GARS)



M/Chip Cryptogram Pre-validation Service



M/Chip Cryptogram Validation in Stand-In Processing



MasterCard® SecureCode™ Accountholder Authentication Value (AAV) Verification



MasterCard® SecureCode™ Dynamic AAV Verification in Stand-In Processing



Personal Identification Number (PIN) verification

Account Management System AMS provides protection at the account number level against unauthorized card use. AMS collects and distributes restricted account listings to help acquirers avoid authorizing transactions involving restricted cards. In addition to providing electronic and paper listings to acquirers, AMS sends account information to acquirer MIPs. AMS listings are also considered by the Account File to enhance the security of Limit-1, X-Code, and Stand-In authorization processing. See the Account Management User Manual for more information about AMS.

Address Verification Service AVS reduces the risk of non–face-to-face transactions through validation of the cardholder’s billing address. AVS supports transmission of address data, allowing the user to compare the billing address requested for the transaction with the billing address on file for the cardholder. See chapter 9 for details about AVS.

1-6

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

System Overview Features of the System

Card Validation Code Verification CVC 1 is a code algorithmically derived by the issuer and encoded in the magnetic stripe. This code helps the issuer determine if the card is genuine or counterfeit. CVC 2 is a three-digit code algorithmically derived by the issuer and indent printed on the signature panel to the right of the account number. See chapter 9 for details about both CVC 1 and CVC 2 participation.

Global Automated Referral Service (GARS) GARS supports issuer call referrals by providing the acquirer with a single phone number to respond to any call referral. This increases the completion rate of call referrals issued. See chapter 9 for more information about GARS.

M/Chip Cryptogram Pre-validation Service The M/Chip Cryptogram Pre-validation service is for issuers that use the M/Chip Select 2.0, M/Chip Lite 2.1, M/Chip 4.0 (EMV96 and EMV2000 session key derivations), and EMV CCD-compliant chip cards. This service validates the Authorization Request Cryptogram (ARQC) and generates the Authorization Response Cryptogram (ARPC) on behalf of an issuer. See chapter 9 for more information about this service.

M/Chip Cryptogram Validation in Stand-In Processing M/Chip Cryptogram Validation in Stand-In Processing is available for issuers that use the M/Chip Select 2.0, M/Chip Lite 2.1, M/Chip 4.0 (EMV96 and EMV2000 session key derivations) and EMV CCD-compliant chip cards. The M/Chip Cryptogram Validation in Stand-In Processing on-behalf service supports issuers that process chip transactions on an ongoing basis, including the validation of the authorization request cryptogram (ARQC) and generation of the authorization response cryptogram (ARPC) on their hosts when the issuer is signed out, the transaction cannot be delivered to the issuer, or the issuer timed out. See chapter 9 for more information about using M/Chip Cryptogram Validation in Stand-In Processing.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

1-7

System Overview Features of the System

MasterCard SecureCode Accountholder Authentication Value (AAV) Verification MasterCard offers AAV verification service on every authorization transaction that contains the Universal Cardholder Authentication Field (UCAF) data regardless of whether the issuer’s host system is available or unavailable to respond to the Authorization Request/0100 message. See chapter 9 for more information about this service.

MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing MasterCard offers AAV verification service for authorization transactions processed by the Stand-In System that contain AAV data in DE 48 (Additional Data—Private Use), subelement 43 (Universal Cardholder Authentication Field [UCAF]) of the Authorization Request/0100 message. Issuers may request that Stand-In System processing only perform the AAV verification test when the issuer’s host system is unavailable to respond to the Authorization Request/0100 message containing AAV data. See chapter 9 for more information about this service.

PIN Verification PIN is a proven technology for authenticating the identity of the cardholder. MasterCard provides an optional PIN verification service for all purchase transactions that contain a PIN. A PIN Verification in Stand-In System processing service is also available. See chapter 9 for more information about PIN verification services.

Reporting MasterCard produces a variety of authorization-related reports that display member authorization activity. These reports help members plan and manage their authorization process. See chapter 10 for information about reports.

1-8

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

System Overview Smart Card Technology

Smart Card Technology Smart card technology offers substantial benefits and unique transaction features. Smart cards offer a secure means to authenticate both the card and the cardholder.

Business Benefits of Smart Card Technology Smart card technology offers four major business benefits to the payment business: •

Reduces fraud—both counterfeit and “lost, stolen, never received” fraud



Enhances credit control



Reduces operational costs



Provides a platform for added-value opportunities

Functions Unique to Smart Card Technology Smart cards offer unique transaction features, such as: Fully offline—Through card and terminal interaction, a smart card transaction

may take place in a fully offline mode Offline personal identification number (PIN)—Depending on product rules and

thus smart card personalization and terminal capabilities, the PIN may be checked offline Offline and Online CAM—Allows verification if a smart card is genuine Control of offline spending—Allows a method of controlling the maximum

number of consecutive offline transactions, maximum cumulative amount, and risk assessment of the transaction

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

1-9

2

Basic Authorization Concepts This chapter presents basic and alternative authorization concepts used by the MasterCard Authorization System.

Participants in Authorization Processing ............................................................2-1 Cardholder.....................................................................................................2-1 Merchant........................................................................................................2-1 Acquirer .........................................................................................................2-2 Issuer .............................................................................................................2-2 Other Participants..........................................................................................2-2 Accessing the Authorization System...................................................................2-4 Acquirer Methods..........................................................................................2-4 Online Host-to-MIP Access.....................................................................2-5 Manual Telex Access ..............................................................................2-6 Issuer Methods ..............................................................................................2-6 Online Host-to-MIP Access.....................................................................2-6 CAPS ........................................................................................................2-8 Authorization Responses.....................................................................................2-8 Approve.........................................................................................................2-9 Decline ..........................................................................................................2-9 Refer to Card Issuer ....................................................................................2-10 Capture Card ...............................................................................................2-10 Limit-1 Processing .............................................................................................2-11 Limit-1 Limits ...............................................................................................2-11 “Nth” Transaction ........................................................................................2-12 Stand-In System Tests .................................................................................2-12 Limit-1 Processing Flow..............................................................................2-12 Limit-1 Processing Results...........................................................................2-14

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-i

Basic Authorization Concepts

X-Code Processing ............................................................................................2-14 Acquirer Host X-Code Processing ..............................................................2-14 Rules for Acquirer Host X-Code Processing ..............................................2-15 Acquirer MIP X-Code Processing ...............................................................2-15 MIP X-Code Limits ................................................................................2-17 Liability for X-Code Transactions .........................................................2-18 X-Code Processing of Non-MasterCard Card Programs ............................2-18

2-ii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts Participants in Authorization Processing

Participants in Authorization Processing Figure 2.1 presents the entities that participate in a typical authorization transaction in relation to each other and the Banknet® telecommunications network. Figure 2.1—Participants in a Typical Authorization Transaction

Cardholder

Merchant

Banknet Network Acquirer

MIP

MIP

Issuer

Cardholder A cardholder is a person to whom a card has been issued or a person who is authorized to use the card. In an authorization transaction, the cardholder presents the card or cardholder account number as payment in exchange for goods or services.

Merchant The merchant is a retailer, or any other person, firm, or corporation that (pursuant to a merchant agreement) agrees to accept credit cards, debit cards, or both, when properly presented.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-1

Basic Authorization Concepts Participants in Authorization Processing

Acquirer An acquirer is a licensed member that acquires the data relating to a transaction from the card acceptor or merchant and submits that data for authorization. The acquirer also supports clearing and settlement functions to exchange funds between the issuer and the merchant.

Issuer An issuer is a licensed member that issues cards and is responsible for approving or declining authorization requests. The issuer also bills cardholders and supports clearing and settlement functions to exchange funds between the cardholder and the acquirer.

Other Participants Figure 2.2 presents other entities that may participate in the authorization transaction in place of the issuer and acquirer. It shows these entities in relation to each other and to the cardholder, merchant, and the Banknet network. Figure 2.2—Other Participants in a Typical Authorization Transaction

Cardholder

Merchant

Agent on Behalf of the Member

2-2

Banknet Network MIP

MIP

Agent on Behalf of the Member

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts Participants in Authorization Processing

As Figure 2.2 shows, an issuer or acquirer may contract with an agent to perform any of a variety of authorization functions on behalf of the member. The agent may assist a member in such activities as issuing cards, processing authorization transactions, or processing card portfolios.

Note

Throughout this manual, functional references to “issuers” and “acquirers” also refer to others acting as authorized agents for issuers or acquirers. MasterCard members are responsible for the acts and omissions of their agents, including those with respect to MasterCard rules, regulations, policies, and procedures.

Figure 2.3 and Figure 2.4 show that MasterCard can act on behalf of the issuers in the following ways: •

MasterCard Stand-In System acts on behalf of the issuers by receiving authorization requests at Central Site and generating authorization responses based on the issuer’s predetermined parameters. For more information about Stand-In System processing, see chapter 6.

Figure 2.3—MasterCard Stand-In System Processing Acting in Issuing Capacity

Cardholder

Merchant

Banknet Network Acquirer

MIP

MIP

Issuer

Stand-In MIP



MasterCard X-Code and cardholder-activated terminal (CAT) processing perform issuing functions by receiving and responding to authorization requests at the acquirer MIP. See the information on X-Code Processing later in this chapter.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-3

Basic Authorization Concepts Accessing the Authorization System

Figure 2.4—MasterCard X-Code and CAT Processing Acting in Issuing Capacity

Cardholder

Merchant

Acquirer

MIP

Accessing the Authorization System To process authorization activity, acquirers and issuers must access the Banknet network. This network is the path by which they send and receive authorization messages and related data. Selecting a particular authorization processing access method depends on a number of factors, including: •

Physical installations present at the point of interaction and at the member site



Volume of incoming and outgoing authorizations



Member location

For help in selecting an appropriate access method, members may contact a Customer Implementation Services specialist using the contact information shown in the Using this Manual chapter.

Acquirer Methods The following access options are available to acquirers:

2-4



Online host-to-MIP access



Manual telex

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts Accessing the Authorization System

Online Host-to-MIP Access The following diagrams show configurations for connectivity to a MIP or MIPs for online access. Figure 2.5—Acquirer Online—Direct Host to MIP Connectivity

Banknet Network Acquirer

MIP

Figure 2.6—Acquirer Online—Direct Host to Multiple MIP Connectivity

MIP Banknet Network Acquirer

MIP

MIP

To have direct connectivity to a MIP, the acquirer must have a host computer that can support this type of connectivity. Figure 2.7—Acquirer Online—Shared MIP Connectivity

Acquirer 1

Banknet Network Shared MIP

Acquirer 2

When several acquirers have connectivity to a shared MIP, the MIP is located at the site of one of the acquirers. Other acquirers access the MIP via a dedicated phone line. The acquirer with the MIP on-site controls the MIP console.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-5

Basic Authorization Concepts Accessing the Authorization System

Manual Telex Access Figure 2.8 shows the method for connecting to the Banknet network using manual telex. Figure 2.8—Manual Telex Access to the Banknet Network Global Service Center Acquirer Outside the U.S. region

Banknet Network MIP

Manual telex acquirers send authorization requests via telex to the MasterCard Global Service Center. A Global Service Center representative sends the request to the Banknet network, and receives the authorization response. This representative then informs the acquirer of the response via telex.

Note

Members in the U.S. region may not use manual telex as an access method. Members in regions outside the U.S. region may not use manual telex as their primary method of accessing the Banknet network for authorization requests.

Issuer Methods Issuers may choose either of the following authorization options: •

Online host-to-MIP access to the Banknet network



Central Authorization Processing Service (CAPS)

Interfaces for access to the Account Management System (AMS) and the Account File for file maintenance are documented in the Account Management User Manual. They may differ from the issuer’s access method for authorization processing.

Online Host-to-MIP Access Online host-to-MIP issuers receive authorization requests from the Authorization System via a MIP connected to the issuer’s host. They format and return authorization request responses directly using the messages outlined in the Customer Interface Specification manual.

2-6

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts Accessing the Authorization System

Figure 2.9, Figure 2.10, and Figure 2.11 show configurations for connectivity to a MIP or MIPs for online access. Figure 2.9—Issuer Online—Direct Host to MIP Connectivity

Banknet Network Issuer

MIP

Figure 2.10—Issuer Online—Direct Host to Multiple MIP Connectivity

MIP Banknet Network Issuer

MIP

MIP

To have direct connectivity to a MIP, the issuer must have a host computer that can support this type of connectivity. Figure 2.11—Issuer Online—Shared MIP Connectivity

Issuer 1

Issuer

Banknet Network Shared MIP

Issuer 2

When several issuers have connectivity to a shared MIP, the MIP is located at the site of one of the issuers. Other issuers access the MIP via a dedicated phone line. The issuer with the MIP on-site controls the MIP console.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-7

Basic Authorization Concepts Authorization Responses

CAPS CAPS issuers use Stand-In System processing for all of their authorization processing. These issuers do not have an online connection to the Banknet network. They connect to the Banknet network using MasterCard File Express, a MasterCard communications software package. Through MasterCard File Express, CAPS members provide MasterCard with a file containing all accounts in the issuer’s cardholder base. They send this file as often as necessary to provide MasterCard with current account listings and the associated availableto-buy. MasterCard sends CAPS members a daily Sequential Response File, which contains a record of all authorization requests that MasterCard processed on the member’s behalf. They may also receive the Daily Activity Report via fax or mail. This report contains supplemental information not found in the file. Each CAPS member must complete the Stand-In Processing Worksheet for CAPS Members to designate limits and range blocks. For detailed information about CAPS, sending and receiving CAPS files, and completing the Stand-In Processing Worksheet for CAPS Members, see chapter 8.

Authorization Responses Every authorization request receives an authorization response that directs the acquirer or the merchant on how to proceed with the transaction. The response received is typically a code that identifies the action that the merchant should take. The format of the authorization response depends on the acquirer’s access method.

2-8



If the acquirer is online, the Authorization Request Response/0110 message includes a two-digit response code in Data Element 39 (Response Code). This code informs the acquirer of the action to be taken (approve, decline, refer to card issuer, or capture card). For a complete list of all possible DE 39 response codes and the actions they should prompt, see the Customer Interface Specification manual.



If the transaction is a smart card approved transaction, the smart card must generate a transaction certificate (TC). The acquirer assumes the risk for all smart card transactions that do not have a TC. The acquirer can provide the TC, the chip-related data, and the issuer’s approval code with the clearing message. For more information about the authorization of smart card transactions, see chapter 12.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts Authorization Responses



If the transaction is a non–face-to-face smart card transaction completed from a cardholder-controlled remote device, the authorization response cryptogram (ARPC) with an authorization response code can replace the TC. The acquirer assumes the risk for all transactions that use a cardholder-controlled remote device but do not have an ARPC and an authorization response code.

Regardless of the format in which the authorization response is received, the response always prompts one of the following actions on the part of the merchant: •

Approve



Decline



Refer to card issuer



Capture card

Approve The transaction is authorized as reported. •

For magnetic stripe and key-entered transactions, the issuer provides a sixdigit authorization code to the acquirer when it approves a transaction for the purchase of goods or services or cash disbursement.



For smart card transactions, the smart card produces a TC when it approves a transaction for the purchase of goods or services or cash disbursement.



For non–face-to-face smart card transactions completed using cardholdercontrolled remote devices, the authorization response cryptogram (ARPC) with an authorization response code can replace the TC and chip-related data.

The merchant still must perform its normal review process, such as verifying the signature on the card are often included, before completing the transaction.

Decline The merchant may not complete the transaction. The merchant may return the card, but may not accept the card in payment for the program or service for that transaction amount.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-9

Basic Authorization Concepts Authorization Responses

For smart card transactions, the smart card generates an application authentication cryptogram (AAC) when the transaction is declined offline or online. Acquirers assume the risk if a merchant completes a smart card transaction when the smart card generated an AAC.

Refer to Card Issuer The acquirer or merchant must contact the card issuer for further instructions. (The call referral is a fraud prevention tool that the issuer should use when it suspects or is attempting to prevent fraud at the point of interaction.) Acquirers may use the Global Automated Referral Service (GARS) described in chapter 9. MasterCard encourages effective issuer use of the “refer to card issuer” authorization response through a tiered pricing structure for excess call referral transactions. Higher charges apply for lower transaction amounts, and lower charges apply for higher transaction amounts. For more information, see the MasterCard Consolidated Billing System Manual. MasterCard Stand-In System processing never generates a “refer to card issuer” response in the following situations: •

When the transaction is a mail order/telephone order (MO/TO) transaction



When the acquirer is responding to a “refer to card issuer” response, the issuer is unavailable, and Stand-In System processes the GARS transaction



When the transaction is an ATM transaction



When the issuer’s call center is closed

If the smart card transaction goes online and the issuer responds with “refer to card issuer,” the merchant and acquirer should follow “refer to card issuer” procedures. The issuer can then provide a code for the merchant to type in, indicating whether to approve or decline the transaction. Based on the approval code, the smart card will generate a TC if the transaction is approved or an AAC if the transaction is declined.

Capture Card The acquirer or merchant must use its best efforts to retain the card by reasonable and peaceful means. For instructions on how to return a recovered card to the issuer, see the Security Rules and Procedures manual.

2-10

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts Limit-1 Processing

Limit-1 Processing If the issuer is online and chooses to truncate a certain percentage of transactions to reduce the number of transactions that the issuer must process, the issuer can establish Limit-1 transaction limits using the Stand-In Processing Worksheet. For details about establishing these limits, see chapter 7. Limit-1 processing does not apply to the following types of transactions: •

Address Verification Service



Balance Inquiry



ATM cash disbursement transactions



Unique transactions (including In-flight Commerce Terminal/Level 4 gaming transactions)



CAT Self-service Terminals/Level 2



CAT Automated Dispensing Machines/Level 1



Transactions that contain a “merchant suspicious” indicator



Transactions that contain card validation code 2 (CVC 2) data

For all other transactions, Limit-1 processing applies the following checks: 1. Checks for the Nth transaction and sends Nth transactions directly to the issuer for processing. 2. Compares the transaction amount to the Limit-1 amounts established by the issuer on the Stand-In Processing Worksheet. Limit-1 processing sends transactions with transaction amounts greater than the Limit-1 amounts directly to the issuer for processing. 3. Applies all of the usual Stand-In System tests described in chapter 6 to remaining transactions.

Limit-1 Limits Limit-1 processing forwards transactions with transaction amounts greater than the established limit to the issuer for approval. MasterCard has established a default Limit-1 limit of USD 0; all transactions are automatically forwarded to the issuer for issuers that do not designate separate limits. Online acquirers can override issuer Limit-1 values and forward MO/TO and electronic commerce transactions from their MIP to issuers to reduce the risk of Limit-1 approval for MO/TO and electronic commerce transactions.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-11

Basic Authorization Concepts Limit-1 Processing

“Nth” Transaction Limit-1 processing forwards one transaction (the “Nth” transaction) to the issuer at established intervals, regardless of the transaction amount. A counter on each acquiring MIP maintains the transaction count for each issuer. For example, MasterCard has established a default of 9,999 for the Nth value. At each acquiring MIP, every 9,999th transaction received for each issuer for Limit-1 processing automatically goes to the issuer for authorization unless the issuer designates a different “Nth” value on the Stand-In Processing Worksheet.

Stand-In System Tests The Authorization System applies the Stand-In System tests described in chapter 6 to Limit-1 transactions that are less than or equal to the Limit-1 transaction limit and that are not the Nth transaction. Members that establish Limit-1 values should review their limits for the StandIn Accumulative Limits test. These limits must be sufficient to accommodate Limit-1 transaction volumes in Stand-In System processing. Stand-In processing applies the member-defined Accumulative Limits test to all transactions (including Limit-1 transactions) that the Stand-In System processes.

Limit-1 Processing Flow Limit-1 processing follows one of two possible flows as shown in Figure 2.12 and Figure 2.13. •

2-12

The transaction amount in the Authorization Request/0100 is greater than the Limit-1 transaction amount limit or the transaction is the Nth transaction. The Authorization System forwards these transactions to the issuer.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts Limit-1 Processing

Figure 2.12—Limit-1: Transaction Amount is Greater than Limit or Transaction is Nth Transaction

Banknet Network Acquirer

MIP

MIP

Issuer

MIP

Stand-In



The transaction amount in the Authorization Request/0100 is less than or equal to the Limit-1 transaction amount limit. The Stand-In System processes these transactions.

Figure 2.13—Limit-1: Transaction Amount is Less than or Equal to Limit

Banknet Network Acquirer

MIP

MIP

Issuer

MIP

Stand-In

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-13

Basic Authorization Concepts X-Code Processing

Limit-1 Processing Results Online issuers can see the results of Limit-1 processing as follows: •

On the X-Code and Limit-1 Weekly Detail Authorizations Report (AB110010-AA). For a sample of the report, see the MasterCard Consolidated Billing System Manual.



In the Authorization Advice/0120 (Store-and-Forward) messages, which the Authorization System creates for each Limit-1 transaction. To learn how to retrieve these messages, see chapter 5.

X-Code Processing X-Code processing applies only when the acquirer is online. It can occur at either of the following locations: •

Acquirer host



Acquirer MIP

The descriptions here apply only to MasterCard card programs. For X-Code processing of all other card brands, see “X-Code Processing of Non-MasterCard Card Programs” later in this chapter.

Acquirer Host X-Code Processing Acquirer host X-Code processing occurs when the acquirer host cannot communicate with the acquirer MIP, as shown in Figure 2.14. Figure 2.14—Acquirer Host X-Code Processing

3 1 X 1 Acquirer

Banknet Network

X MIP

MIP

Issuer

2

2-14

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts X-Code Processing

Stage Description 1.

The acquirer creates an authorization request; however, the acquirer host cannot communicate with the acquirer MIP.

2.

The acquirer responds to the authorization request based on the rules for acquirer host X-Code processing.

3.

The acquirer may be required to phone or telex the issuer for approval based on the rules for X-Code processing.

Rules for Acquirer Host X-Code Processing For acquirer host X-Code processing, the acquirer must approve and bear liability for the transaction, after validating that the account is not listed as restricted on the Electronic Warning Bulletin file, when the transaction amount is less than or equal to USD 300, except in the circumstances listed below. The issuer bears liability for authorization requests that it approves. The acquirer must phone or telex the issuer for approval in any of the following instances: •

The transaction amount is more than USD 300.



The card is not present.



The merchant suspects that the card may be stolen or counterfeit, or the transaction or the customer causes the merchant to be suspicious.



The transaction type is one of the following: cash disbursement, unique, mail order/telephone order, electronic commerce order, or payment transaction.

If the transaction amount is more than USD 300 and the acquirer cannot reach the issuer, the acquirer may do any of the following: •

Approve the transaction (and bear liability for the total amount).



Decline the transaction.



Continue attempting to reach the issuer.

Acquirer MIP X-Code Processing Acquirer MIP X-Code processing occurs when: •

The acquirer MIP cannot communicate with the Banknet network.



The acquirer MIP does not receive a response from the issuer or the StandIn System within the time frame established by MasterCard.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

2-15

Basic Authorization Concepts X-Code Processing

Figure 2.15—Acquirer MIP X-Code Processing 1

Banknet Network

2 Acquirer

MIP

MIP

Issuer

MIP

Stand-In

Stage

Description

1.

The authorization request is routed to the acquirer MIP on its way to the issuer. However, one of the following scenarios occurs:

2.

2-16



The acquirer MIP cannot communicate with the Banknet network.



The Banknet network cannot communicate with the issuer MIP and the Banknet network cannot communicate with the Stand-In MIP.



The Banknet network cannot communicate with the issuer MIP and the Stand-In MIP cannot communicate with the Stand-In host.



The Banknet network cannot communicate with the Stand-In MIP and the issuer MIP cannot communicate with the issuer host.

The acquirer MIP generates an authorization response as follows: MIP X-Code Authorization Response

Type of Transaction

Decline



Transactions that contain a PIN (ATM)



Non–face-to-face transactions that exceed the MasterCard X-Code limits (see the MIP X-Code Limits table)



Transactions that contain the “merchant suspicious” indicator

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Basic Authorization Concepts X-Code Processing

Stage

Description

Refer to Card Issuer



Transactions that occur at a cardholder-activated terminal (CAT)/Level 1



Cash disbursement



Payment transaction



Unique



Transactions that exceed the MasterCard X-Code limits (see the MIP X-Code Limits table)

Capture Card

Transactions for accounts that are listed on the Electronic Warning Bulletin file or on the Warning Notice

Approve

Transactions that are less than or equal to the MasterCard X-Code limits and do not meet any of the criteria listed above

The Authorization System generates Authorization Advice/0120 messages to report the results of X-Code processing. Online issuers can retrieve the messages using the process described in chapter 5.

MIP X-Code Limits The following table shows established X-Code limits. Transactions must be less than or equal to these limits to be approved. Type of Transaction

MIP X-Code Limits

Transaction using World MasterCard™ Card

USD 2,500

Transaction using Platinum MasterCard™ Card

USD 1,500

Transaction using either MasterCard BusinessCard® Card or MasterCard Corporate Card™

USD 1,000

Transaction using all other MasterCard cards

USD 600

Transaction that occurs at a CAT Self-service Terminal/Level 2

USD 100

In-flight Commerce Terminal/Level 4 gaming transaction (TCC is U and MCC is 7995). For CAT Level 4 non-gaming transactions, the appropriate USD 600 or USD 1,000 limit applies.

USD 350

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Apr 2006

2-17

Basic Authorization Concepts X-Code Processing

Liability for X-Code Transactions The issuer is liable for transactions that are approved under acquirer MIP XCode, up to the MIP X-Code limits specified in above table. The acquirer may raise the X-Code limits at its own risk via the MIP console. For more information about how to do this, see the MasterCard Interface Processor Member Manual. If the acquirer raises the limits, it is liable for the entire amount of any transaction greater than the MasterCard default limits. For example, suppose that the acquirer raises the USD 600 limit for all other MasterCard cards to USD 1,000. If a transaction is approved for USD 900 under the raised X-Code limit, then the acquirer is liable for the entire USD 900. The acquirer is liable under chargeback reason code 08 (Requested/Required Authorization Not Obtained). The issuer is liable only for transaction amounts that are less than or equal to the MasterCard default amounts.

X-Code Processing of Non-MasterCard Card Programs Acquirer Host X-Code processing of non-MasterCard cards is subject to the guidelines of the individual card brand. Acquirer MIP X-Code processing of non-MasterCard cards is the same as for MasterCard cards with the following exceptions and clarifications. The following table shows MIP X-Code limits for non-MasterCard cards. Type of Transaction

2-18

MIP X-Code Limit

Response if the transaction is greater than the limit

All Visa

0

Decline

Non-MasterCard, non-Visa MO/TO, ATM, and “merchant suspicious”

0

Decline

All other non-MasterCard, non-Visa

0

Refer to Card Issuer

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

3

MasterCard Authorization Message Flows This chapter explains the flow of authorization messages that involve a MasterCard® card.

Basic Authorization Flow ....................................................................................3-1 Variations on the Basic Authorization Flow for MasterCard Cards ...................3-2 Authorization Processing Occurs at the Acquirer MIP ................................3-3 MIP Edits Cause an Error Response by the Acquirer MIP ....................3-3 Transaction is a CAT Limited Amount Terminal/Level 3 ......................3-3 X-Code Processing Applies ....................................................................3-3 Limit-1 Processing Applies .....................................................................3-3 Issuer Is Online but the Transaction Cannot Follow the Primary Path ......3-3 Secondary Path for Online Members—Stand-In System Processing ....3-4 Tertiary Path for Online Members—X-Code Processing.......................3-5 Issuer is a CAPS Issuer..................................................................................3-5 Primary Path for CAPS Members—Stand-In System Processing ...........3-5 Secondary Path for CAPS Members—X-Code Processing.....................3-6

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

3-i

MasterCard Authorization Message Flows Basic Authorization Flow

Basic Authorization Flow Although the authorization process contains many variables for routing and authorizing, it is helpful to have an understanding of the basic flow of an authorization request. Figure 3.1 depicts this basic flow. This basic authorization flow assumes that the card involved is a MasterCard card, that the issuer and acquirer are online members, and that the issuer has instructed MasterCard to forward all requests. Figure 3.1—Basic Authorization Flow

Cardholder 7

1

Merchant 6

2 3

3 4

5

5 Acquirer

MIP

3 4

3 4

Banknet Network

4 MIP

Issuer

Stage

Description

1.

The cardholder presents the card to the merchant for a face-to-face transaction or provides the card number, expiration date, name, and address when placing a mail, phone, or electronic commerce (e-commerce) order.

2.

The merchant forwards the transaction to the acquirer for approval.

3.

The acquirer requests authorization for the transaction by generating an authorization request message. The authorization request travels through an acquiring MasterCard interface processor (MIP), to the Banknet® telecommunications network, through an issuer MIP, and then to the issuer’s host.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

3-1

MasterCard Authorization Message Flows Variations on the Basic Authorization Flow for MasterCard Cards

Note

Stage

Description

4.

The issuer returns an authorization response message to the acquirer to indicate what action the merchant should take for the transaction. The authorization response travels through the Banknet network to the acquirer.

5.

Online acquirers may send an authorization acknowledgement message confirming receipt of the response.

6.

The acquirer responds to the merchant.

7.

The merchant completes the transaction according to the authorization response returned.

Throughout the remainder of this chapter, diagrams omit reference to the cardholder and merchant. Note that all authorization flows begin with the cardholder and end with the merchant applying the authorization response.

Variations on the Basic Authorization Flow for MasterCard Cards Authorization flows will differ from the basic flow shown in Figure 3.1 when the following situations apply:

Note

3-2



Authorization processing occurs at the acquirer MIP.



Limit-1 processing applies.



The issuer is online but the transaction cannot follow the primary path.



The issuer is a CAPS issuer.



The smart card authorizes the transaction offline.

Throughout this manual, the acquirer MIP in the diagrams refers to whichever MIP accepts the authorization request and forwards it through the Banknet network.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

MasterCard Authorization Message Flows Variations on the Basic Authorization Flow for MasterCard Cards

Authorization Processing Occurs at the Acquirer MIP The acquirer MIP (and not the issuer) processes the authorization transaction when any of the following situations occur: •

MIP edits cause an error response at the acquirer MIP.



The transaction is a cardholder-activated terminal (CAT) Limited Amount Terminal/Level 3 transaction.



X-Code processing applies.

MIP Edits Cause an Error Response by the Acquirer MIP The acquirer MIP performs certain editing functions to ensure validity and inclusion of required fields. If the transaction does not pass certain edits, the authorization request goes no further than the MIP, which returns an error response. See the Customer Interface Specification manual to determine which fields are mandatory, which are dependent on specific conditions, and which are optional.

Transaction is a CAT Limited Amount Terminal/Level 3 CAT Limited Amount Terminal/Level 3 transactions originate from cardholderactivated terminals such as vending machines that generate low risk, low dollar amount transactions. CAT Level 3 transactions are authorized at the merchant site.

X-Code Processing Applies See chapter 2 for a description of X-Code processing.

Limit-1 Processing Applies See chapter 2 for a description of Limit-1 processing.

Issuer Is Online but the Transaction Cannot Follow the Primary Path If a transaction involving an online issuer cannot follow the basic authorization flow, then it can follow a secondary path or a tertiary path. If the Authorization System cannot route these transactions via the primary path to the issuer, it generates one of the following responses:

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

3-3

MasterCard Authorization Message Flows Variations on the Basic Authorization Flow for MasterCard Cards



Transactions that contain an AVS request only receive a response of “service not available.” If the transaction contains an authorization request and an AVS request, the authorization request receives the appropriate authorization response and the AVS request receives a response of “service not available.”



Balance inquiry transactions receive a response of “service not available.”



Transactions containing unverified PIN data receive a response of “decline,” unless the issuer participates in PIN Verification in the Stand-In System processing.

Secondary Path for Online Members—Stand-In System Processing If any of the following conditions apply for online issuers, the system routes the transaction to Stand-In processing: •

The issuer is not signed in.



The transaction could not be delivered to the issuer.



The issuer does not respond with an Authorization Request Response/0110 message within 10 seconds, causing a “time out” at the acquiring MIP.

In these cases, the transaction follows the flow depicted in Figure 3.2. Figure 3.2—Secondary Path for Online Members: To Stand-In System Processing 1

1 4

4 Acquirer

5

MIP

X

X

Banknet Network

6

6

5

MIP

6

4 2

Issuer

MIP 4

2 6 3

Stand-In

3-4

3

SAF Queue

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

MasterCard Authorization Message Flows Variations on the Basic Authorization Flow for MasterCard Cards

Stage Description 1.

After receiving the merchant request for authorization, the acquirer generates an authorization request, which travels through the Banknet network.

2.

The Banknet network, unable to route the authorization request to the online issuer, routes it to Central Site for Stand-In processing. See chapter 6 for information about Stand-In processing.

3.

At Central Site, Stand-In processing generates an authorization response, based on the issuer’s parameters. Stand-In processing also generates authorization advice messages, as appropriate, and stores them in a store-and-forward (SAF) queue.

4.

The Banknet network routes the Stand-In authorization response to the acquirer.

5.

Online acquirers may send an authorization acknowledgement message confirming receipt of the response.

6.

When issuer connectivity is reestablished, the issuer may retrieve the SAF messages generated by Stand-In processing to adjust cardholder available-tobuy positions appropriately. See the Customer Interface Specification manual for the format and contents of a SAF message.

Tertiary Path for Online Members—X-Code Processing If neither the primary path nor the secondary path is available for the transaction, X-Code processing is performed at the acquirer MIP. See “MIP XCode Limits” in chapter 2 for this processing flow.

Issuer is a CAPS Issuer If a transaction involves a CAPS issuer, there are two paths this transaction can follow: a primary and a secondary path.

Primary Path for CAPS Members—Stand-In System Processing If the issuer is a CAPS member, the transaction follows the flow depicted in Figure 3.1. This flow does not apply to AVS only or balance inquiry transactions. These transactions are not supported for CAPS members and receive an authorization response of “service not supported.”

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

3-5

MasterCard Authorization Message Flows Variations on the Basic Authorization Flow for MasterCard Cards

Figure 3.3—Primary Path for CAPS Members: Stand-In System Processing 1

1 4

4 Acquirer

5

MIP

Banknet Network

5

Issuer 2

Primary Stand-In or CAPS

4

MIP 4

2

3 Stand-In

Stage Description 1.

After receiving the merchant request for authorization, the acquirer generates an authorization request, which travels through the Banknet network.

2.

The Authorization System automatically routes the request to Central Site for Stand-In processing. See chapter 6 for information about Stand-In processing.

3.

At Central Site, Stand-In processing generates an authorization response, based on CAPS parameters.

4.

The Banknet network routes the Stand-In authorization response to the acquirer.

5.

Online acquirers may send an authorization acknowledgement message confirming receipt of the response.

Secondary Path for CAPS Members—X-Code Processing If any of the conditions described in chapter 2 apply; that is, if the primary path is not available for the transaction, X-Code processing is performed at the acquirer MIP.

3-6

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

4

Acquirer and Issuer Responsibilities This chapter discusses acquirer and issuer responsibilities relating to participation in the MasterCard Authorization System.

Acquirer Responsibilities.....................................................................................4-1 Processing Authorization Requests...............................................................4-1 Accessing the Banknet Network ............................................................4-1 Creating and Sending Authorization Requests ......................................4-2 Expired Card .....................................................................................4-2 Invalid BIN........................................................................................4-2 Cash Disbursement...........................................................................4-2 Electronic Commerce Transactions..................................................4-2 Magnetic Stripe Compliance Program .............................................4-3 Card-read Data Storage Standards ...................................................4-4 Voice Authorization Requests ..........................................................4-4 Mail Order/Telephone Order Batch Authorization Request/0100 Messages ....................................................................4-4 Receiving the Authorization Response ..................................................4-4 Call Referral Responses ....................................................................4-4 Maintaining Authorization Logs..............................................................4-5 Assisting in Investigation of Counterfeits and Criminal Cases ....................4-5 Billing ............................................................................................................4-5 Issuer Responsibilities .........................................................................................4-6 Encoding and Validating the CVC 1 Value ..................................................4-6 Imprinting and Validating the CVC 2 Value ................................................4-7 Issuing and Validating PIN Data ..................................................................4-7 Processing Authorization Requests...............................................................4-7 Establishing Stand-In Processing Authorization Parameters .................4-8 Maintaining an Authorization Log..........................................................4-8 Supporting AVS Requests for U.S. Issuers .............................................4-8 Call Referral Responses.................................................................................4-8 File Maintenance .........................................................................................4-10 Billing ..........................................................................................................4-10

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

4-i

Acquirer and Issuer Responsibilities Acquirer Responsibilities

Acquirer Responsibilities As MasterCard members, acquirers enter into written agreements with their merchants. These acquirer-merchant agreements must in substance contain certain provisions described in the Bylaws and Rules manual.

Note

The acquirer is responsible for making applicable MasterCard rules, regulations, procedures, and policies known to its merchants and is responsible for merchant violations of them.

Acquirers must provide adequate and reasonable authorization services to their merchants, regardless of their location. Acquirers that have entered into an agreement with merchants also have responsibilities regarding the following: •

Processing authorization requests



Assisting in investigation of counterfeits and criminal cases



Billing

Processing Authorization Requests To process authorization requests, acquirers must be able to do the following: •

Access the Banknet® telecommunications network



Create and send authorization request messages



Receive the authorization response



Maintain authorization transaction logs

Accessing the Banknet Network Acquirers must have access to the Banknet network to generate authorization requests and receive authorization responses. Acquirer options for establishing access to the network are addressed in chapter 2 of this manual and in the Data Communications Manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

4-1

Acquirer and Issuer Responsibilities Acquirer Responsibilities

Creating and Sending Authorization Requests For all transactions other than On-Us (any transaction in which the acquirer and issuer are the same member), the acquirer formats and sends an authorization request. Acquirers must forward authorization requests under all conditions identified in the Chargeback Guide and according to the following specifications. Expired Card Acquirers should forward, and not decline, any transactions with an expired expiration date. Issuer-approved expired card transactions are not eligible for chargeback if the Authorization Request/0100 message accurately presents the expiration date. See the Chargeback Guide for more information about chargeback rights associated with expired cards. Invalid BIN Acquirers must forward an authorization request even if the BIN appears to be invalid. An acquirer may not decline a transaction unless it has received a response of “invalid card number” from the Authorization System. Cash Disbursement See the GCMS Reference Manual for specific procedures related to processing cash disbursements. Electronic Commerce Transactions MasterCard monitors authorization data originating from electronic commerce (e-commerce) merchants. Acquirers with merchants that fail to identify ecommerce transactions properly are subject to noncompliance assessments. MasterCard also monitors and identifies merchants and acquirers to verify that they do not resubmit declined Authorization Request/0100 messages with different values in these data elements. Merchants and acquirers should not present Authorization Request/0100 messages using one card acceptor business code/merchant category code (MCC) or with e-commerce transaction identifiers and then, when declined, subsequently resubmit the transaction with different MCCs or with e-commerce transaction identifiers to bypass issuer strategies and obtain issuer approval.

4-2

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Acquirer and Issuer Responsibilities Acquirer Responsibilities

Acquirer Certification

Acquirers must certify that they properly identify e-commerce transactions. Acquirers must submit to MasterCard a certification letter, signed by their chief financial officer or internal auditor, stating that all electronic commerce transactions are being identified properly. MasterCard must receive the certification letter within 30 days from the date that the acquirer begins to process electronic commerce transactions. Acquirers must send the certification letter to: MasterCard International Incorporated Attention: Manager, Fraud Control Operations, Security and Risk Services Department 2200 MasterCard Blvd. O’Fallon MO 63368-7263 USA Magnetic Stripe Compliance Program MasterCard recommends that all acquirers participate in the Magnetic Stripe Compliance Program. This program focuses on ensuring that merchants capture complete and unaltered track data. Acquirers benefit from participating in this program by significantly reducing fraud. Acquirers that participate in the Magnetic Stripe Compliance Program and use multiple processors (including processors used for emergency situations) must complete the Magnetic Stripe Monitoring process for each processor they use. Interchange compliance requires that MasterCard approve participating acquirer/processor combinations for magnetic stripe compliance. Transactions submitted for clearing by acquirer/processor combinations not approved for magnetic stripe compliance are not eligible for some interchange rates and may be subject to interchange adjustment.

Note

Members that choose to participate in the International Electronic Interchange (IEI) program must first become approved participants in the Magnetic Stripe Compliance Program.

See chapter 9 for more information about participating in the Magnetic Stripe Compliance Program.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

4-3

Acquirer and Issuer Responsibilities Acquirer Responsibilities

Card-read Data Storage Standards No card-read data may be displayed, replicated or stored by any acquirer, merchant, point-of-interaction terminal or other device, or representative of the acquirer or merchant (including Third Party Processors [TPPs] and Data Storage Entities [DSEs]), except card account number, expiration date, service code, and cardholder name, if present. See the Bylaws and Rules manual and the Security Rules and Procedures manual for the detailed rules and noncompliance assessments that apply. Voice Authorization Requests Acquirers that initiate an authorization request based on a phone call from the merchant must verify the account number with the merchant to ensure that it was correctly relayed before declining an authorization. Mail Order/Telephone Order Batch Authorization Request/0100 Messages Unless agreed to otherwise by the acquirer and issuer, under no circumstances can an acquirer or its merchant submit batch Authorization Request/0100 messages presorted in BIN order.

Receiving the Authorization Response Acquirers may receive any of the authorization responses outlined in chapter 2. When the acquirer receives the authorization response, it passes the response on to the merchant. The acquirer bears responsibility for application of the response. If, in response to an authorization request, the acquirer is instructed to obtain or to hold on to a card or is given other instructions, the acquirer must inform the merchant that it shall use its best efforts, by reasonable and peaceful means, to comply with such instructions. Call Referral Responses Acquirers have the following additional responsibilities regarding call referral responses:

4-4



Establish a merchant call referral response rate of 60%.



Monitor individual merchant performance.



Encourage, where possible or appropriate, three-way communication to allow merchants, cardholders, and issuers to exchange information during a call referral response call.



Develop and distribute educational materials for merchants.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Acquirer and Issuer Responsibilities Acquirer Responsibilities



Apply all call referral standards to the rules governing Member Service Providers (MSPs). The Bylaws and Rules manual describes MSP responsibilities.

Maintaining Authorization Logs Acquirers that process authorizations must maintain, for at least 120 days, a record or log of all authorization transactions. The log must include all data files pertinent to each request and corresponding authorization response. If an authorization transaction occurred at an electronic terminal, the acquirer must maintain a log containing the following information: •

Authorization code given by the issuer or the transaction certificate (TC) given by the smart card



Substitute number generated by the acquirer and printed on the terminal receipt, if not the same as the authorization code



Number of days allowed for a presentment, in the case of a delayed delivery because of a partial payment (see the Bylaws and Rules manual)



Indication that the merchant reported that the card may be stolen or counterfeit or that the transaction caused the merchant to be suspicious, if this situation occurred

Assisting in Investigation of Counterfeits and Criminal Cases See the Security Rules and Procedures manual for information about a member’s responsibility to provide assistance as necessary to MasterCard and other members that are performing investigations.

Billing All authorization processing activities are billed through the MasterCard Consolidated Billing System (MCBS). Charges and credits to the acquirer are listed as “billing events,” and include the following categories of authorization activity: •

Use of the network (acquirer access fees)



Use of value-added services. See chapter 9 for a description of these services.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

4-5

Acquirer and Issuer Responsibilities Issuer Responsibilities



Call referrals (calls to the issuer) −

The acquirer receives a credit for responding to call referrals within established time frames. This applies only if the acquirer uses the Global Automated Referral Service (GARS). See chapter 9 for more information about GARS.



The acquirer may request a credit for call referral responses that did not use GARS. The credit covers the costs of contacting the issuer. The acquirer requests the credit via a Fee Collection/1740 message.

For a complete description of billing events for authorization services, see the MasterCard Consolidated Billing System Manual.

Issuer Responsibilities Issuers have responsibilities regarding the following aspects of participation in the MasterCard Authorization System: •

Encoding and validating the card validation code 1 (CVC 1) value



Imprinting and validating the card validation code 2 (CVC 2) value



Issuing and validating PIN data



Processing authorization requests



Call referral responses



File maintenance



Billing

Encoding and Validating the CVC 1 Value Issuers must encode the magnetic stripe on all cards with the CVC 1 value. For information about the placement of the CVC 1 value within the magnetic stripe, see chapter 9. Online issuers also must validate the CVC 1 value when they receive the Authorization Request/0100 message if the Authorization Request/0100 message contains value 80, 90, or 91 in subfield 1 of the Point-of-Service (POS) Entry Mode field. The issuer must indicate a CVC 1 validation failure by placing a “Y” in subelement 87 of the Additional Data field in the Authorization Request Response/0110 message.

4-6

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Acquirer and Issuer Responsibilities Issuer Responsibilities

Imprinting and Validating the CVC 2 Value Issuers must imprint the CVC 2 value on the signature panel of the card. For information about the verification process performed by the issuer, see chapter 9.

Issuing and Validating PIN Data Issuers must be able to receive and process MasterCard purchase authorizations that contain a personal identification number (PIN). For more information about preparing issuers’ systems to receive and to process PIN authorization requests, see chapter 9.

Processing Authorization Requests Issuers receive authorization requests from acquirers and provide authorization responses directing acquirers about how to handle the transactions. Each issuer is responsible for the provision of authorization service 24 hours a day, every day of the year at its own expense. In addition, each issuer participating in the MasterCard Authorization System or any local or regional message switching service with other members must have adequate back-up procedures and personnel. The issuer must be able to process incoming and outgoing interchange authorizations if the member’s connection with the MasterCard Authorization System or the local or regional service becomes inoperable for any reason. Each issuer also is responsible for the authorizations that it or its agent generates, including gratuities included in the total transaction amount and any transaction resulting from a variance granted by MasterCard pursuant to the Bylaws and Rules manual. To provide authorization responses, most issuers access the MasterCard Authorization System online, through connectivity between the issuer host and a MIP. MasterCard also performs authorization processing on behalf of members that do not have online connectivity, through the Central Authorization Processing Service (CAPS). Chapter 2 describes this option.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

4-7

Acquirer and Issuer Responsibilities Issuer Responsibilities

Establishing Stand-In Processing Authorization Parameters All issuers must complete the Stand-In Processing Worksheet to establish parameters for Stand-In authorization processing. Online issuers also may establish parameters for Limit-1 processing on this worksheet. See chapters 6, 7, and 8 for detailed information about Stand-In processing and completing the Stand-In Processing Worksheet.

Maintaining an Authorization Log Issuers must maintain written records, logs, or computer records of all authorizations granted showing the date of issue for at least 120 days.

Supporting AVS Requests for U.S. Issuers MasterCard mandates that all issuers in the U.S. region must support Address Verification Service (AVS) processing. Issuers must test their ability to accept and to transmit AVS messages. See the Customer Interface Specification manual for online processing formats for AVS.

Call Referral Responses Issuers have the following responsibilities regarding call referral responses. They must: •

Be available to respond to all call referrals at the time of issuance.



Process an Authorization Advice/0120 message that informs the issuer that Stand-In Processing responded to the Authorization Request/0100 message that prompted a call referral response.



Not issue call referrals to merchant categories that represent unattended point-of-interaction (POI) transactions including:





4-8



Automated teller machines (MCC 6011)



Cardholder-activated terminals (CAT) (including MCC 5542)

Not issue call referrals under any circumstances to the following merchant categories: −

Fast food (quick service) restaurants (MCC 5814)



Mail order and direct marketing (MCC 5960–5969)

Apply all call referral standards to Member Service Providers (MSPs). The Bylaws and Rules manual describes MSPs.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Acquirer and Issuer Responsibilities Issuer Responsibilities



Not use call referrals as a primary method for activating new or reissued cards to minimize the impact on cardholders and merchants at the pointof-interaction.



Adhere to the following minimum standards for all call referrals, domestic and international, whether processed through the Global Automated Referral Service (GARS) or direct member-to-member communications. The standards apply to the amount of time the issuer has to respond to incoming referral calls from acquirers and to the average monthly duration of each referral call: −

On an incoming phone call (voice or GARS) from an acquirer, the issuer must answer the call within 30 seconds. Then the issuer must retrieve the call from its queue and initiate discussion with the acquirer within the next 30 seconds. The issuer also must limit the duration of each call to five minutes, measured as a monthly average.



On an incoming telex from an acquirer, the issuer must retrieve the message from its queue and initiate a response to the acquirer within two minutes. The issuer also must limit the duration of each call to 10 minutes, measured as a monthly average.

Issuers that use card activation programs are encouraged to: •

Place stickers on the front of new cards and send them with mailing inserts instructing cardholders to activate their accounts.



Call cardholders who have not activated their accounts one week after cards are mailed.



Respond to an authorization request on an inactivated card with a call referral.

All phone calls and telex messages processed through GARS that are not answered by the issuer within the required time frames are routed to the MasterCard Stand-In facility at Central Site for processing. MasterCard uses the issuer-defined Stand-In parameters to complete the transaction. Charges to the issuer apply for the following: •

Completed GARS calls initiated by the acquirer



Noncompliance assessment for Stand-In processing if the issuer fails to answer a GARS call within 30 seconds or a telex within two minutes



Reimbursement to the acquirer for call referral responses that did not use GARS (requested in the Fee Collection/1740 message)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

4-9

Acquirer and Issuer Responsibilities Issuer Responsibilities

Contact Customer Technology and Operations Services for any of the following: •

Questions or problems concerning GARS



Billing inquiries



Requests for a Stand-In Processing Worksheet to update Stand-In processing parameters or phone numbers

File Maintenance Issuers maintain the account listings of restricted, negative, and positive cards used by Stand-In processing for online and CAPS members. They may list accounts in the following files: •

Account File



Account Management System

See the Account Management User Manual for more information about these files, including how to access the files, record formats, and detailed instructions for performing file maintenance.

Billing All authorization processing activities are billed through the MasterCard Consolidated Billing System (MCBS). Charges to the issuer include the following categories of authorization activity: •

Use of the Banknet network (issuer access fees)



Use of value-added services (see chapter 9 for a description of these services)



Call referrals (charge to the issuer for issuing call referral responses and for receiving response calls from acquirers)

For a complete description of billing events for authorization services, see the MasterCard Consolidated Billing System Manual.

4-10

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

5

Online Authorization Messages This chapter outlines the authorization messages that online issuers and acquirers use to process authorizations. CAPS members do not use these messages and should see chapters 6, 7, and 8 for information about authorization processing by the Stand-In System.

Message Types.....................................................................................................5-1 Using Authorization Messages ............................................................................5-2 Processing Authorization Transactions...............................................................5-2 Authorization Request/0100 and Authorization Request Response/ 0110 Messages...............................................................................................5-3 Authorization Advice/0120 and Authorization Advice Response/ 0130 Messages...............................................................................................5-3 Authorization Advice/0120—Acquirer-generated..................................5-4 Authorization Advice/0120—Issuer-generated ......................................5-5 Authorization Advice/0120—System-generated ....................................5-5 Acquirer Response Acknowledgement/0180 Messages...............................5-6 Authorization Negative Acknowledgement/0190 Messages........................5-7 Processing Issuer File Update Messages ............................................................5-8 Processing Reversal Request/Advice Messages..................................................5-9 Acquirer Reversal Request/0400 and Acquirer Reversal Request Response/0410 Messages..............................................................................5-9 Acquirer Reversal Advice/0420 and Reversal Advice Response/0430 Messages......................................................................................................5-10 Processing Administrative Advice Messages ....................................................5-11 Using Network Management Request Messages..............................................5-13 Standard Network Management/08xx Messages .......................................5-13 Retrieving Store-and-Forward (SAF) Messages (Issuers) ...........................5-15

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-i

Online Authorization Messages Message Types

Message Types The following table lists the message types supported by the Authorization System. Check marks ( ) indicate who initiates the message. See the Customer Interface Specification manual for the data elements in each message. Online issuers and acquirers should use this chapter with the Customer Interface Specification manual. For debit transactions (02xx messages), see the MDS Online Specifications manual. Message Category

Message Initiator MasterCard

Issuer

Acquirer

Authorization/01xx Messages 0100

Authorization Request

0110

Authorization Request Response

0120

Authorization Advice

0130

Authorization Advice Response

0180

Authorization Acknowledgement

0190

Apr 2006

(optional for acquirers)

Authorization Negative Acknowledgement

Issuer File Update/03xx Messages 0302

Issuer File Update Request

0312

Issuer File Update Request Response

Acquirer Reversal Request/Advice/04xx Messages 0400

Acquirer Reversal Request

0410

Acquirer Reversal Request Response

0420

Acquirer Reversal Advice

0430

Acquirer Reversal Advice Response

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-1

Online Authorization Messages Using Authorization Messages

Message Category

Message Initiator MasterCard

Issuer

Acquirer

Administrative Advice/06xx Messages 0620

Administrative Advice

0630

Administrative Advice Response

Network Management/08xx Messages 0800

Network Management Request

0810

Network Management Request Response

0820

Network Management Advice

Using Authorization Messages The messages shown in the previous table are used to perform standard authorization functions and are described in the following topics. For information about exception processing, see the Customer Interface Specification manual. Authorization messages are not intended for posting to the cardholder’s account for billing purposes. Members should delay posting to the cardholder’s account until clearing and settlement are complete. For detailed information about clearing and settlement, see the GCMS Reference Manual and the Settlement Manual.

Processing Authorization Transactions Issuers receive authorization-related messages from acquirers for transactions for their cardholders. They must respond to these messages with response messages. Issuers that use on-behalf services also receive messages from MasterCard.

5-2

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Online Authorization Messages Processing Authorization Transactions

Authorization Request/0100 and Authorization Request Response/0110 Messages When issuers receive Authorization Request/0100 messages, they must decide whether to approve or decline a transaction. Issuers may use a variety of checks using the data contained in the request and the spending limits in the cardholder’s activity file. After issuers perform the validation checks appropriate for the transaction, they send back an Authorization Request Response/0110 message. The following diagram illustrates the standard authorization transaction process. Figure 5.1—Authorization Request/0100 and Authorization Request Response/0110 1

0100 0110

Acquirer

4

Banknet Network

2

0100 0110

3 Issuer

Stage Description 1.

The acquirer initiates an Authorization Request/0100 message and sends it to the Authorization System.

2.

The Authorization System forwards the Authorization Request/0100 message to the issuer.

3.

The issuer generates an appropriate Authorization Request Response/0110 message and sends it to the Authorization System.

4.

The Authorization System forwards the Authorization Request Response/0110 message to the acquirer.

Authorization Advice/0120 and Authorization Advice Response/0130 Messages When issuers receive an advice, they must acknowledge receipt of the advice by sending an advice response message to acquirers. The following diagrams illustrate Authorization Advice/0120 message and Authorization Advice Response/0130 message process.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-3

Online Authorization Messages Processing Authorization Transactions

Authorization Advice/0120—Acquirer-generated Acquirers can submit an Authorization Advice/0120—Acquirer-generated message when the acquirer responds to an authorization request if the Authorization Request/0100 message cannot be delivered to the Authorization System because of a system failure. If the acquirer approves the Authorization Request/0100 message, the acquirer can create an Authorization Advice/0120—Acquirer-generated message to notify the issuer of the approved authorization. The Authorization System responds to the Authorization Advice/0120— Acquirer-generated message with an Authorization Advice Response/0130— System-generated message. Figure 5.2—Authorization Advice/0120—Acquirer-generated and Authorization Advice Response/0130—System-generated 1

Acquirer

0120 0130

Banknet Network 2

Stage Description 1.

The acquirer initiates an Authorization Advice/0120—Acquirer-generated message and sends it to the Authorization System.

2.

The Authorization System returns an Authorization Advice Response/0130— System-generated message to the acquirer to indicate positive receipt of the Authorization Advice/0120—Acquirer-generated message. The Authorization System adds the Authorization Advice/0120—Acquirergenerated messages to SAF several times a day. SAF will retain these messages for four days for the issuer to retrieve.

Note

Acquirers may resend an Authorization Advice/0120—Acquirer-generated message if the acquirer does not receive an Authorization Advice Response/0130—System-generated message. Acquirers cannot approve chip card transactions on behalf of the issuer.

5-4

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Online Authorization Messages Processing Authorization Transactions

Authorization Advice/0120—Issuer-generated Authorization Request/0100 messages can contain BINs that members have selected for scoring. For these transactions, issuers create and send Authorization Advice/0120 messages to the RiskFinder scoring system. The RiskFinder scoring system sends to the issuer an Authorization Advice Response/0130 to acknowledge receipt of the Authorization Advice/0120 message. Figure 5.3—Authorization Advice/0120—Issuer-generated and Authorization Advice Response/0130—System-generated

Banknet Network

0120

Issuer

0130

0120

0130

RiskFinder

Stage Description 1.

The issuer initiates an Authorization Advice/0120—Issuer-generated message and sends it to the Authorization System. The Authorization System forwards the message to the RiskFinder scoring system.

2.

The RiskFinder scoring system creates an Authorization Advice Response/0130—System-generated message and sends it to the Authorization System. The Authorization System forwards the Authorization Advice Response/0130—System-generated message to the issuer to indicate positive receipt of the Authorization Advice/0120—Issuer-generated message.

Authorization Advice/0120—System-generated When the Stand-In System responds to an Authorization Request/0100 message on behalf of the issuer, the Stand-In System generates an authorization response, based on the issuer’s parameters. The Stand-In System also generates an Authorization Advice/0120—System-generated message.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-5

Online Authorization Messages Processing Authorization Transactions

Figure 5.4—Authorization Advice/0120—System-generated and Authorization Advice Response/0130—Issuer-generated

Banknet Network

1

0120 0130

Acquirer

Issuer

3

0130

0120

1

2

Stand-In System

. Stage Description 1.

The Stand-In System generates an Authorization Advice/0120—Systemgenerated message, and sends it to the issuer.

2.

The issuer returns an Authorization Advice Response/0130—Issuer-generated message.

3.

The Stand-In System receives the Authorization Advice Response/0130—Issuergenerated to indicate positive receipt of the Authorization Advice/0120— System-generated message.

Issuers may differentiate between the acquirer-generated or system-generated Authorization Advice/0120 messages by examining the values in DE 60 (Advice Reason Code).

Acquirer Response Acknowledgement/0180 Messages The Authorization System provides an optional response acknowledgement for authorization messages. This process uses Authorization Acknowledgement/0180 messages. Acquirers are not required to support Authorization Acknowledgement/0180 messages; however, MasterCard encourages acquirers to support these messages. Acquirers can select this option at network configuration time.

5-6

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Online Authorization Messages Processing Authorization Transactions

The following diagram illustrates the Acquirer Response Acknowledgement process that is used to support authorization-related messages. Figure 5.5—Acquirer Response Acknowledgement/0180 1

0100 0110

5

0180

Acquirer

2 4

Banknet Network

0100 0110 3 Issuer

Stage Description 1.

The acquirer initiates an Authorization Request/0100 message and sends it to the Authorization System.

2.

The Authorization System forwards the Authorization Request/0100 message to the issuer.

3.

The issuer creates the appropriate Authorization Request Response/0110 message and sends it to the Authorization System.

4.

The Authorization System forwards the Authorization Request Response/0110 message to the acquirer.

5.

The acquirer sends an Authorization Acknowledgement/0180 message back to the Authorization System, indicating that the acquirer received and secured the preceding Authorization Request Response/0110 message at the application level. In most cases, the acquirer should send the Authorization Acknowledgement/0180 message to the Authorization System: •

Immediately after it secures (or logs) the Authorization Request Response/0110 message



Before the transaction actually is completed at the point of interaction

An Authorization Acknowledgement/0180 message does not necessarily indicate that the transaction was successfully completed at the point of interaction.

Authorization Negative Acknowledgement/0190 Messages If the issuer host generates a valid Authorization Request Response/0110 message approving an authorization request, but the Authorization System cannot deliver it to the acquirer MIP, the Stand-In System processes the transaction and generates a response on behalf of the issuer. The following diagram explains the sequence if the issuer generates an invalid response.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-7

Online Authorization Messages Processing Issuer File Update Messages

Figure 5.6—Invalid 0110 Response from Issuer 0100 1

1

0110 5

1

0100 0110

1

0190

3

2

MIP 5 4

MIP

Issuer

0100

MIP 0110

Acquirer

Banknet Network

0100 4 5 0110

Stand-In

Stage Description 1.

The acquirer sends the Authorization Request/0100 message.

2.

The issuer generates an invalid Authorization Request Response/0110 message.

3.

The Authorization System sends an Authorization Response Negative Acknowledgement/0190 message to the issuer.

4.

The Authorization System routes the Authorization Request/0100 message to the Stand-In System.

5.

The Stand-In System generates an Authorization Request Response/0110 message and sends it to the acquirer.

Processing Issuer File Update Messages Issuers use Issuer File Update Request/302 and Issuer File Update Request Response/0312 messages to update individual data files or system parameter tables that the Authorization System maintains on their behalf. The Authorization System uses these data files to control the operation of standard and optional features that customers may select when they participate in one or more of the MasterCard program and service offerings. The following diagram illustrates the standard Issuer File Update Request/302 and Issuer File Update Request Response/0312 message process.

5-8

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Online Authorization Messages Processing Reversal Request/Advice Messages

Figure 5.7—Issuer File UpdateRequest/0302 and Issuer File Update Request Response/0312

Banknet Network Acquirer

0302 2

1

0312 Issuer

0302

0312

1

2 Account Management Repository (AMR)

Stage Description 1.

The issuer initiates an Issuer File Update Request/0302 message.

2.

The Authorization System performs the requested issuer file update task and issues an Issuer File Update Request Response/0312 message back to the issuer. A Response Indicator field in the Issuer File Update Request Response/0312 message indicates whether the issuer file update was completed successfully.

Processing Reversal Request/Advice Messages The Authorization System supports two types of reversals: system-generated and acquirer-generated. Acquirer-generated messages include the Acquirer Reversal Request/0400 and the Acquirer Reversal Request Response/0410. System-generated messages include the Acquirer Reversal Advice/0420 and the Acquirer Reversal Advice Response/0430.

Acquirer Reversal Request/0400 and Acquirer Reversal Request Response/0410 Messages An Acquirer Reversal Request/0400 message generated by an acquirer is used when the acquirer is unable to deliver an issuer’s Authorization Request Response/0110 to a merchant. Merchants also can initiate an Acquirer Reversal Request/0400 message to reverse the full amount of the original authorization amount.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-9

Online Authorization Messages Processing Reversal Request/Advice Messages

The Acquirer Reversal Request Response/0410 message is sent in response to an Acquirer Reversal Request/0400 message and denotes the disposition of the Acquirer Reversal Request/0400 message. The following diagram illustrates the flow of the Acquirer Reversal Request/0400 and Acquirer Reversal Request Response/0410 message to reverse the full transaction amount of the Authorization Request/0100 message. Figure 5.8—Acquirer Reversal Request/0400 and Acquirer Reversal Request Response/0410 1

Acquirer

0400 0410

4

Banknet Network

2

0400 0410

3

Issuer

Stage Description 1.

The acquirer initiates an Acquirer Reversal Request/0400 message and submits it to the Authorization System.

2.

The Authorization System forwards the Acquirer Reversal Request/0400 message to the issuer.

3.

The issuer generates an appropriate Acquirer Reversal Request Response/0410 message and submits it to the Authorization System.

4.

The Authorization System forwards the Acquirer Reversal Request Response/0410 message to the acquirer.

Acquirer Reversal Advice/0420 and Reversal Advice Response/0430 Messages The Authorization System supports system-generated reversals that reverse the effect of a previous authorization. When the Authorization System determines that no issuer Authorization Request Response/0110 or Acquirer Reversal Request Response/0410 message is received, or the issuer’s approved Authorization Request Response/0110 or Acquirer Reversal Request Response/0410 message was unused or was undelivered, it generates an Acquirer Reversal Advice/0420 message and sends it to the issuer. The issuer responds to an Acquirer Reversal Advice/0420 message with an Acquirer Reversal Advice Response/0430 message to indicate positive receipt of the Acquirer Reversal Advice/0420 message.

5-10

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Online Authorization Messages Processing Administrative Advice Messages

Note

MasterCard currently supports Acquirer Reversal Advice/0420 messages that only the Authorization System generates.

The following diagram illustrates the standard Acquirer Reversal Advice/0420 message process. Figure 5.9—Acquirer Reversal Advice/0420 and Acquirer Reversal Advice Response/0430

Banknet Network Acquirer

1

0420 0430

2 Issuer

Stage Description 1.

The Authorization System sends an Acquirer Reversal Advice/0420 message to the issuer.

2.

The issuer responds to the Authorization System with an Acquirer Reversal Advice Response/0430 message to acknowledge positive receipt of the Acquirer Reversal Advice/0420 message.

Processing Administrative Advice Messages Administrative Advice/0620 and Administrative Advice Response/630 messages are administrative messages that two parties participating in a given MasterCard program or service offering can use when using the Authorization System. The Authorization System routes messages from an originator to a receiver and, in general, does not distinguish whether the originator or receiver is an issuer or an acquirer. Administrative advice messages are used for the following reasons: •

To return indecipherable messages to a message originator with an appropriate error condition code indicating the point at which the Authorization System terminated message parsing or message processing. In general, messages returned in Administrative Advice/0620 messages will have improperly coded or garbled Message Type Indicators (MTIs) or improperly coded bit maps.



To transmit administrative (free-format) textual messages between any two parties participating as customers on the Authorization System.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-11

Online Authorization Messages Processing Administrative Advice Messages

In all cases, DE 60 (Advice Reason Code) within the Administrative Advice/0620 message determines the specific reason for the advice message. The following diagram illustrates the administrative advice message process used to return an invalid message. Figure 5.10—Invalid Message—Administrative Advice/0620 and Administrative Advice Response/630

Invalid message

1 CPS

0620

Banknet Network

2 0630

3

Stage Description 1.

A customer processor system (CPS) generates an invalid message and forwards it to the Authorization System.

2.

The Authorization System returns an Administrative Advice/0620 message to the CPS, with an appropriate error condition code indicating the point at which the Authorization System terminated message parsing or message processing.

3.

The CPS acknowledges receipt of the Administrative Advice/0620 message and returns an Administrative Advice Response/0630 message to the Authorization System.

The following diagram illustrates the administrative advice message process used to transmit administrative (free-format) textual messages between any two parties participating as customers on the Authorization System. Figure 5.11—Administrative Advice/0620 and Administrative Advice Response/630 1 CPS

5-12

0620 0630

2

Banknet Network

3

0620 0630

4

CPS

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Online Authorization Messages Using Network Management Request Messages

Stage Description 1.

A customer processor system (CPS) generates an Administrative Advice/0620 message and forwards it to the Authorization System. Note that the “CPS” may be an issuer, an acquirer, or any other customer processing facility communicating via the Authorization System.

2.

The Authorization System acknowledges receipt of the Administrative Advice/0620 message by returning an Administrative Advice Response/0630 message to the originating CPS.

3.

The Authorization System forwards the Administrative Advice/0620 message to the receiving destination CPS.

4.

The receiving CPS acknowledges receipt of the Administrative Advice/0620 message by returning an Administrative Advice Response/0630 message to the Authorization System.

Using Network Management Request Messages The Authorization System uses network management messages to coordinate system or network events or tasks. These messages also are used to communicate network status conditions. Typical uses of network management messages include the following: • • • • • •

Sign-in to and sign-out from the Authorization System Perform encryption key management tasks Request SAF message transmission Advise of SAF end-of-file/end-of-transmission conditions Sign-in to and sign-out from RiskFinder by BIN Request RiskFinder SAF message transmission

Standard Network Management/08xx Messages The following diagrams illustrate using the Network Management Request/0800 and Network Management Request Response/0810 messages, as well as the Network Management Advice/0820 message processes between the Authorization System and any external processing systems to which it interfaces.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-13

Online Authorization Messages Using Network Management Request Messages

Figure 5.12—Network Management/08xx—Member-initiated 1

0800

Issuer or Acquirer

0810

2

Banknet Network

Stage Description 1.

The issuer or acquirer sends a Network Management Request/0800 message to the Authorization System.

2.

The Authorization System generates a Network Management Response/0810 message to acknowledge receipt of the Network Management Request/0800 message.

Figure 5.13—Network Management/08xx—System-initiated

Issuer or Acquirer

0800

1 0810

2

Banknet Network

Stage Description 1.

The Authorization System generates the Network Management Request/0800 message.

2.

The issuer or acquirer generates a Network Management Response/0810 message to acknowledge receipt of the Network Management Request/0800 message.

The following diagram illustrates the standard Network Management Advice/0820 message process between the Authorization System and the issuer or acquirer. Figure 5.14—Network Management Advice/0820—System-initiated

Issuer or Acquirer

5-14

0820

Banknet Network

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Online Authorization Messages Using Network Management Request Messages

Retrieving Store-and-Forward (SAF) Messages (Issuers) The Authorization System places advice messages into the SAF queue. The SAF queue retains all of these messages for four days for the issuer to retrieve. The following diagram explains the flow for SAF retrieval. Figure 5.15—SAF Retrieval Process 1 Banknet Network Acquirer

MIP

1

2 3

4 5

MIP Issuer

0800 1 2 0810 0120, 0420, 0620 3 0130, 0430, 0630 4 0820 5

Issuer

1 4

MIP

2 3 4 5

3

2

Stand-In

SAF Queue

5

Stage Description 1.

The issuer sends a Network Management Request/0800 message to request SAF messages. The network management code included in DE 70 (Network Management Information Code) identifies this as a SAF request.

2.

The Stand-In System generates the Network Management Request Response/0810 acknowledgement message.

3.

The Banknet SAF process forwards an Authorization Advice/0120, Acquirer Reversal Advice/0420, or Administrative Advice/0620 message to the issuer.

4.

The issuer must generate an Authorization Advice Response/0130, Acquirer Reversal Advice Response/0430, or Administrative Advice Response/0630 message. These response messages advise the Stand-In System that the issuer received the previous Authorization Advice/0120, Acquirer Reversal Advice/0420, or Administrative Advice/0620 message and prompt the Stand-In System to send the next Authorization Advice/0120, Acquirer Reversal Advice/0420, or Administrative Advice/0620 message. Each time the Stand-In System receives an Authorization Advice Response/0130, Acquirer Reversal Advice Response/0430, or Administrative Advice Response/0630 message, the Stand-In System sends the issuer the next message. If the Stand-In System does not receive an Authorization Advice Response/0130, Acquirer Reversal Advice Response/0430, or Administrative Advice Response/0630 message within three minutes, the Stand-In System assumes the issuer did not receive the previous message and ends the SAF session.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

5-15

Online Authorization Messages Using Network Management Request Messages

Stage Description 5.

When there are no more Authorization Advice/0120, Acquirer Reversal Advice/0420, and Administrative Advice/0620 messages in the queue, the Stand-In System generates a Network Management Advice/0820 message.

When an issuer has a large number of SAF records (for example, because of an extended outage), MasterCard can provide SAF records to the issuer using any of the following transmission methods: •

Bulk file type T230



Complex-to-complex (CTC) file transmission



Magnetic tape

When MasterCard begins to create the bulk file for transmission via these methods, it halts the online transmission of SAF records. This halt prevents MasterCard from distributing duplicate SAF records via both bulk file and online transmission.

5-16

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

6

Stand-In Processing This chapter describes the Stand-In processing facility at MasterCard Central Site. It explains the tests that Stand-In processing performs and the order in which Stand-In performs them to ensure appropriate authorization responses.

Stand-In Processing Service ................................................................................6-1 How Stand-In Processing Works ........................................................................6-1 Range Blocks.................................................................................................6-2 Account Listings ............................................................................................6-2 Stand-In Processing Parameters....................................................................6-2 Stand-In Processing Security Services ..........................................................6-3 Decision Matrix .............................................................................................6-3 Stand-In Tests ......................................................................................................6-4 Range Blocks Test.........................................................................................6-5 Account File Test...........................................................................................6-6 Expiration Date Test .....................................................................................6-6 M/Chip Cryptogram Validation Test.............................................................6-7 PIN Verification Test .....................................................................................6-7 CVC 1 Test.....................................................................................................6-8 AAV Verification Test....................................................................................6-9 Merchant Suspicious Test .............................................................................6-9 Transaction Limits Test ...............................................................................6-10 Parameter Combinations.......................................................................6-11 Examples of Parameter Combinations...........................................6-11 Mandatory MasterCard Parameter Combinations ................................6-12 MasterCard Processing..........................................................................6-14 Examples of Application of Transaction Limits Parameter Combinations..................................................................................6-14 Accumulative Limits Test ............................................................................6-17 Cash Disbursement Accumulator Test .......................................................6-18 Stand-In Response.......................................................................................6-18

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-i

Stand-In Processing

Exceptions and Additions to the Stand-In Process ..........................................6-19 Online Transactions ....................................................................................6-19 Gold MasterCard Card Accounts ................................................................6-19 VIP Accounts ...............................................................................................6-20 CAPS Accounts ............................................................................................6-20

6-ii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Stand-In Processing Service

Stand-In Processing Service Stand-In processing is a MasterCard service that responds to authorization requests on behalf of the issuer. Stand-In processing is available to all issuers 24 hours a day, 365 days a year. However, Stand-In processing responds only when the issuer is unavailable or cannot be reached, as follows: •



Stand-In processing responds for online issuers only when the issuer is not signed in, the transaction cannot be delivered to the issuer, or the issuer MIP times out (does not receive an authorization response within specified time limits). Stand-In processing responds for Central Authorization Processing Service (CAPS) issuers 100% of the time.

Stand-In processing does not apply to the following types of transactions. Transaction Type

Authorization Response from StandIn Processing

Transactions that contain only an Address Verification Service (AVS) request

Service not available

Balance inquiry transactions

Service not available

Transactions containing unverified PIN data, unless the issuer participates in PIN Verification in Stand-In processing

Decline

How Stand-In Processing Works Stand-In processes authorization requests according to a series of tests. To determine an authorization response, these tests rely on data in the authorization message and some or all of the following data provided by the issuer: •

Range Blocks



Account Listings



Stand-In Processing Parameters



Stand-In Processing Security Services



Decision Matrix

See Figure 6.1 and the explanations that follow.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-1

Stand-In Processing How Stand-In Processing Works

Figure 6.1—Data Used by Stand-In Processing Account File Banknet Network Acquirer

VIP accounts Gold accounts Negative accounts Restricted accounts

Authorization Request

Stand-In (Stand-In tests applied)

MIP Central Site

Transaction Limits Accumulative Limits Decision Matrix Range Blocks CVC Parameters PIN Parameters M/Chip Parameters AAV Parameters

Account listings

Issuer Security Service Forms Stand-In Worksheet

Range Blocks Issuers may list a range of account numbers to indicate that they have not issued the numbers to cardholders.

Account Listings The issuer may list accounts in the Account File as negative, restricted, VIP, or Gold. Issuers may list individual card numbers to identify exception accounts that are processed differently than regular accounts. They can list these accounts with either higher limit, such as the limits for Gold MasterCard® cards and VIP cards or as negative or restricted accounts that must be declined or captured. If Stand-In processing determines that an account is listed in the Account File or AMS, Stand-In processing is modified as described in the Account File Test section later in this chapter. See the Account Management User Manual (or for CAPS issuers, chapter 8) for a description of how to list accounts.

Stand-In Processing Parameters Issuers use the Stand-In Processing Worksheet to provide MasterCard with the parameters for processing authorization requests. Issuers define: •

Amount limits that apply for a particular combination of parameters in the

authorization request

6-2

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing How Stand-In Processing Works



Accumulative number and amount limits that are calculated over a specified

number of days Stand-In processing is based on limits and transaction amounts in U.S. dollars or AMCC currency. Online issuers should refer to chapter 7 and CAPS issuers should refer to chapter 8 for instructions on using the Stand-In Processing Worksheet to provide parameters.

Stand-In Processing Security Services The issuer provides the key components from the issuer’s security service calculation. For transactions that meet the criteria, Stand-In processing validates the security service for the services the issuer has chosen. For issuers that choose to participate in an optional security service, Stand-In processing applies the appropriate service test. Online and CAPs issuers that want to take advantage of one of the optional security services must use the Key Validation Service Specification Form and follow the procedures in the On-behalf Key Management (OBKM) Document Set. Currently, issuers may choose from the following security services (described later in this chapter): •

M/Chip Cryptogram Validation in Stand-In Processing



Personal Identification Number (PIN) Verification



Card Validation Code 1 (CVC 1) Verification



MasterCard® SecureCode™ Dynamic AAV Verification in Stand-In Processing

Decision Matrix The issuer defines which authorization response Stand-In processing should use if an authorization request fails a particular test. On the Stand-In Processing Worksheet, issuers complete a decision matrix. The decision matrix advises Stand-In processing of the authorization response to return when a transaction fails certain tests. In the decision matrix, issuers specify authorization responses for: •

Times when the issuer’s authorization center is open versus when it is closed

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-3

Stand-In Processing Stand-In Tests



Times when the issuer’s authorization system is signed-in versus when it is signed-out (for online issuers)

The following table provides a schematic representation of the decision matrix. Account File Test Within Hours of Operation

Outside Hours of Operation

Transaction Accumulative Limits Test Limits Test VIP Test

Issuer is signed-in and down or timed out

N or C

N or C

N or C

N or C

Issuer is signed-out

N or C

N or C

N or C

N or C

Issuer is signed-in and down or timed-out

N

N or A

N

N

Issuer is signed-in

N

N or A

N

N

A = Skip the Transaction Limits test (go to the next test even if the transaction is over the limit) N = Decline request C = Call referral (verbal contact required to complete the transaction)

During Stand-In processing, whenever an authorization request fails one of the tests that requires the decision matrix to determine an authorization response, Stand-In processing refers to these issuer-defined choices. If Stand-In processing is invoked during the call referral process, Stand-In processing will not generate a second response of “call referral.”

Stand-In Tests The Stand-In tests systematically review the authorization request to determine an appropriate authorization response. Figure 6.2 shows the Stand-In tests in the order in which Stand-In performs them.

6-4

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Stand-In Tests

Figure 6.2—Stand-In Tests (listed in the order in which they are performed) Stand-In receives the authorization request

PIN Verification Test

Accumulative Limits Test

Range Blocks Test

CVC 1 Test

Cash Disbursement Accumulator Test

Account File Test

AAV Verification Test

Stand-In Response

Expiration Date Test

Merchant Suspicious Test

M/Chip Cryptogram Validation Test

Transaction Limits Test

Stand-In processing performs the tests only until it reaches a test result that allows it to generate an authorization response. If Stand-In processing performs the Range Blocks test and the authorization request fails that test, for example, Stand-In processing immediately generates the authorization response and does not perform any of the subsequent tests. The following information describes the tests performed by Stand-In processing to determine an authorization response. Stand-In processing performs the tests in the order in which this chapter lists them.

Range Blocks Test Issuers may block a range of account numbers to indicate that they have not issued the numbers to cardholders. Issuers establish range blocks on the Stand-In Processing Worksheet.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-5

Stand-In Processing Stand-In Tests

The Range Blocks test determines whether the account number in the transaction falls within a blocked range. If it does, Stand-In processing returns a response of “invalid card number.” Setting up range blocks for Stand-In processing is optional.

Account File Test The Account File test determines whether the Account File lists the account number in the transaction as an exception account. Stand-In processing returns an authorization response based on the entry reason in the Account File and the Stand-In processing decision matrix, as follows: •

If Stand-In processing determines that an account is listed in the Account File with entry reason F (fraud), L (lost), P (capture card), S (stolen), or X (counterfeit), it immediately generates a “capture card” response.



Restricted accounts listed in the Account Management System (AMS) generate an authorization response of “capture card.”



Issuers can add restricted accounts to the Account File only by the Account Management System. These accounts are identified by entry reason R in the Account File, and always generate an authorization response of “capture card.”



If the account is listed with entry reason C (credit), O (other), or U (unauthorized use), Stand-In processing returns a response based on the issuer’s Decision Matrix for the Account File test.



If the account is listed in the Account File with entry reason G (Gold MasterCard Card account) or V (VIP account), Stand-In processing continues testing. Stand-In uses the tests that are applicable for these types of accounts. See “Exceptions and Additions to the Stand-In Process” later in this chapter.

Expiration Date Test Stand-In processing always performs the expiration date test. The expiration date test determines whether the expiration date provided in the request message is less than the current year and month, or is more than 20 years in the future. Signature-based non-expiring cards (YY/MM of 4912) are excluded from this test.

6-6

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Stand-In Tests

M/Chip Cryptogram Validation Test M/Chip Cryptogram Validation in Stand-In Processing is an optional on-behalf service. The M/Chip Cryptogram Validation in Stand-In Processing on-behalf service supports issuers that process chip transactions on an on-going basis, including the validation of the authorization request cryptogram (ARQC) and generation of the authorization response cryptogram (ARPC) on their hosts when the issuer is signed out, the transaction cannot be delivered to the issuer, or the issuer timed out. MasterCard performs the cryptographic support and provides authorization processing for issuers that use the M/Chip Select 2.0, M/Chip Lite 2.1, and M/Chip 4.0 (EMV96 and EMV2000 session key derivations). MasterCard also supports EMV Common Core Definition (CCD), which specifies a minimum common set of card application implementation options, card application behaviors, and data element definitions to create a transaction that complies with EMV standards. Stand-In processing performs this test only if the transaction meets the following criteria: • •

The issuer has requested participation in this service. The transaction contains chip card data elements.

For transactions that qualify for this service, Stand-In processing: • • • • •

Validates the ARQC and the TVR/CVR fields according to a default pattern Approves or declines the transaction Generates the ARPC Creates the Authorization Request Response/0110 message Creates the Authorization Advice/0120 message

Issuers that want to take advantage of M/Chip Cryptogram Validation in StandIn Processing must use the Key Validation Service Specification Form and follow the procedures in the On-behalf Key Management (OBKM) Documentation Set.

PIN Verification Test The PIN Verification in Stand-In processing test is an optional service. StandIn processing performs the test only if the issuer has requested participation in this service.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-7

Stand-In Processing Stand-In Tests

The PIN Verification in Stand-In processing service processes transactions that contain unverified PIN data in the Authorization Request/0100 message. Issuers that want MasterCard to verify the PIN provided in DE 52 (Personal ID Number [PIN] Data) on transactions processed by Stand-In processing must provide PIN processing parameters to MasterCard. WHEN the PIN Data is...

THEN Stand-In processing...

Valid

Proceeds to the next appropriate Stand-In processing test.

Invalid

Sends a response of decline in the Authorization Request Response/0110 message to the acquirer.

Members that want to take advantage of the PIN Verification in Stand-In Processing service must use the Key Validation Service Specification Form and follow the procedures in the On-behalf Key Management (OBKM) Documentation Set. See chapter 9 for more information about the PIN Verification in Stand-In processing service.

CVC 1 Test The card validation code 1 (CVC 1) test is an optional service. Stand-In processing performs the test only if the transaction meets the following criteria: •

The issuer has requested participation in this service.



The authorization request contains full-unaltered track 1 or track 2 data and value 80, 90, or 91 in Point-of-Service (POS) Entry Mode field.

A value of 80 indicates that a chip-capable terminal was unable to process a chip card transaction using data on the chip; therefore, the terminal defaulted to the magnetic stripe-read PAN. The full track data has been read from the data encoded on the card and transmitted within the Authorization Request/0100 in DE 45 (Track 1 Data) or DE 35 (Track 2 Data) without alteration or truncation. To use this value, the acquirer must be qualified to use value 90. A value of 90 indicates that the PAN was entered via magnetic stripe. The full track data has been read from the data encoded on the card and transmitted within the authorization request in DE 35 (Track 2 Data) or DE 45 (Track 1 Data) without alteration or truncation.

6-8

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Stand-In Tests

A value of 91 indicates that the PAN was entered via contactless magnetic stripe—the full track data has been read from the data on the card and transmitted within the authorization request in DE 35 (Track 2 Data) or DE 45 (Track 1 Data) without alteration or truncation. If the transaction meets the criteria for the CVC 1 test, Stand-In processing verifies that the CVC 1 is valid. If the CVC 1 is not valid, Stand-In processing uses the Account File Test column of the issuer’s Decision Matrix to determine a response of either “refer to card issuer” or “decline.” See chapter 9 for information about signing up for CVC 1 Verification in StandIn processing.

Note

Stand-In processing does not verify CVC 2 values.

AAV Verification Test The MasterCard® SecureCode™ Dynamic AAV Verification in Stand-In Processing test is an optional service. Issuers may request that Stand-In processing perform the AAV verification test when the issuer’s host system is unavailable to respond to the Authorization Request/0100 message containing AAV data. Stand-In processing forwards to the issuer the Authorization Advice/0120 message where DE 48, subelement 71 (On-behalf Services) contains: •

Subfield 1 (On-behalf [OB] Service) with value 06



Subfield 2 (On-behalf [OB] Result 1) with value I, U, or V

See chapter 9 for more information about the MasterCard SecureCode Dynamic AAV Verification in Stand-In processing service.

Merchant Suspicious Test To perform this test, Stand-In processing examines the authorization request to determine whether the merchant suspicious indicator is present. If Stand-In processing finds a merchant suspicious indicator in the request, it generates a response of “decline.” See DE 61, subfield 8 (POS Transaction Security) field in the Customer Interface Specification manual for the code representing the merchant suspicious indicator.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-9

Stand-In Processing Stand-In Tests

Transaction Limits Test To perform the Transaction Limits Test, Stand-In processing compares the applicable amount in the authorization request to the transaction limit designated by the issuer on the Stand-In Processing Worksheet. If a mail order/telephone order (MO/TO) transaction exceeds the established transaction limit, Stand-In processing issues a response of “decline.” For any other type of transaction, if the transaction exceeds the established transaction limit, Stand-In processing refers to the issuer’s Decision Matrix to determine an authorization response. Based on the Decision Matrix, Stand-In processing either: •

Generates a response of “refer to card issuer” or “decline.” If the account is a VIP account, Stand-In processing uses the VIP Test section of the Decision Matrix to determine a response.



Continues to the next Stand-In test.

Issuers designate transaction limits by combinations of the transaction limits parameters. Combinations may include any or all of the following parameters: •

Country Code

The country code is a three-digit, numeric code that identifies the country. Issuers may use these codes to establish higher or lower transaction limits for a country or countries where the transaction is acquired. •

Promotion Code

The promotion code is a six-character, alphanumeric code that the issuer establishes to identify transactions that meet the requirements for an issuer’s promotional program. Issuers may use these codes to establish particular transaction limits for transactions that meet their program requirements. •

Cardholder-activated terminal (CAT) level indicator

CAT level indicator is a one-digit, numeric code that identifies transactions that occur at one of the four types of CATs or that use electronic commerce or transponder technology (described in chapter 9). Issuers may use these codes to establish particular transaction limits for CAT transactions. •

Transaction Category Code (TCC)

TCC is a one-character, alphabetic code that identifies the type of transaction. Issuers may use these codes to establish particular transaction limits based on the type of transaction.

6-10

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Stand-In Tests



Card Acceptor Business Code/Merchant Category Code (MCC)

MCC is a four-digit, numeric code that identifies the card acceptor business/merchant category that best describes the business conducted. Issuers may use these codes to establish higher or lower transaction limits for certain merchants. For a list of valid numeric country codes, valid TCCs, and valid MCCs, see the Quick Reference Booklet . For more information about promotion code requirements in authorization messages and CAT level values (DE 61, subfield 10), see the Customer Interface Specification.

Parameter Combinations Parameter combinations are established by BIN or ICA number. Each combination may include some or all of the following: •

One promotion code



One cardholder-activated terminal (CAT) level indicator



Up to 10 specific TCCs or up to 10 specific MCCs



Up to 10 specific country codes

Issuers may establish as many as 19 of these parameter combinations. MasterCard requires that three of these combinations be established as CAT Level 2, In-flight Commerce Gaming, and Transaction Category Code Global parameter combinations (described later in this chapter). Issuers also sequence their parameter combinations to instruct Stand-In processing of the order in which it should apply the specific transaction limits. Examples of Parameter Combinations The following examples show parameter combinations that a member can establish. Example 1

The issuer instructed Stand-In processing to use a transaction limit of USD 2000 when the card is present and USD 500 when the card is not present, when the Authorization Request/0100 message also contains promotion code PM0111 and card acceptor business code/merchant category code (MCC) 5511. Country code 000 instructs Stand-In processing to apply these limits globally— regardless of the country where the transaction takes place.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-11

Stand-In Processing Stand-In Tests

Country Promotion Code Code

000

CAT Level

TCC

PM0111

MCC

5511

Transaction Limit Card Present

Card Not Present

USD 2000

USD 500

Example 2

The issuer instructed Stand-In processing to use a transaction limit of USD 40 when the card is present and USD 0 when the card is not present, when the Authorization Request/0100 message also contains country code 454, CAT level indicator 2, and MCC 5542. Country Promotion Code Code

454

CAT Level

TCC

2

MCC

5542

Transaction Limit Card Present

Card Not Present

USD 40

USD 0

Example 3

The issuer instructed Stand-In processing to use a transaction limit of USD 1000 when the card is present and USD 450 when the card is not present, when the Authorization Request/0100 message also contains Transaction Category Code (TCC) O and country code 626. The issuer also instructed Stand-In processing to use a transaction limit of USD 1000 when the card is present and USD 750 when the card is not present, when the Authorization Request/0100 message contains TCC H and country code 626. Country Promotion Code Code

626

CAT Level

TCC

MCC

Transaction Limit Card Present

Card Not Present

O

USD 1000

USD 450

H

USD 1000

USD 750

Mandatory MasterCard Parameter Combinations Issuers must have certain parameter combinations to ensure compliance with MasterCard-established transaction limits. The three required parameter combinations are described on the following pages. Each of these parameter combinations applies to a specific BIN and uses one of the 19 combinations available to the issuer.

6-12

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Stand-In Tests

CAT Level 2 (Self-service Terminal) parameter (MasterCard established mandatory limits)

The following table shows the MasterCard-mandated transaction limits for transactions containing CAT level indicator 2. Country code 000 shows that Stand-In processing applies these transaction limits globally. Country Promotion Code Code

000

CAT Level

2

TCC

MCC

Transaction Limit Card Present

Card Not Present

T

USD 0

USD 0

R

USD 100

USD 0

F

USD 0

USD 0

O

USD 0

USD 0

P

USD 0

USD 0

H

USD 100

USD 0

A

USD 100

USD 0

X

USD 100

USD 0

Z

USD 0

USD 0

U

USD 0

USD 0

C

USD 0

USD 0

CAT Level 4 In-flight Commerce Gaming Parameter (MasterCard-established mandatory limits)

MasterCard limits apply only to in-flight commerce gaming, and not to other in-flight commerce activity. The following table shows the MasterCard-mandated transaction limits for Inflight Commerce Gaming transactions (CAT level indicator 4 with MCC 7995). MasterCard instructs Stand-In processing to use a transaction limit of USD 350 when the card is present and USD 0 when the card is not present, when the Authorization Request/0100 message contains CAT level indicator 4 and MCC 7995. Country code 000 shows that Stand-In processing applies these transaction limits globally.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-13

Stand-In Processing Stand-In Tests

Country Promotion Code Code

000

CAT Level

4

TCC

MCC

7995

Transaction Limit Card Present

Card Not Present

USD 350

USD 0

Transaction Category Code Parameter (MasterCard-established minimum limits or higher issuer-defined limits)

All issuers must have transaction limits by TCC. MasterCard has established minimum TCC limits, which are defined in chapter 7. Issuers may establish higher limits for some or all TCCs, and they may establish different limits for card present and card not present point-of-interaction situations. Current issuer-defined TCC limits are reported by BIN to each issuer weekly on the Authorization Parameter Summary Report (SI737010-AA).

MasterCard Processing To apply transaction limits parameters, MasterCard maintains a matrix for each issuer that contains all of the parameter combinations for that issuer (up to 19 combinations). Each time an authorization request is forwarded to Stand-In processing, the system sequentially reviews the matrix, stopping on the first parameter combination that has matching criteria in the Authorization Request/0100 message, and using the limits established for that combination to process the request. Examples of Application of Transaction Limits Parameter Combinations Figure 6.3 shows parameter combinations established by an issuer for a particular BIN. This issuer chose to define three new parameter combinations (the first three in the matrix) in addition to the three required parameter combinations (the last three in the matrix). The sixth parameter combination in the matrix shows that the issuer is using MasterCard default transaction limits for online issuers (see chapter 7 for default limits) except for a higher limit defined for TCC A when the card is present.

6-14

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Stand-In Tests

Figure 6.3—Sample Matrix Sequence Country Number Code

Promotion CAT Code Level TCC

TCC Transaction Limit Card Present

1

000

2

454

3

626

4

5

000

6

000

Card Not Present

PM0111

000

© 2006 MasterCard International Incorporated

2

2

O

USD 1000

450

H

USD 1000

750

T

USD 0

0

R

USD 100

0

F

USD 0

0

O

USD 0

0

H

USD 100

0

A

USD 100

0

X

USD 100

0

Z

USD 0

0

U

USD 0

0

C

USD 0

0

P

USD 0

0

4

Authorization System Manual • April 2006

MCC

T

USD 150

USD 150

R

USD 500

USD 500

F

USD 225

USD 225

O

USD 450

USD 450

H

USD 750

USD 750

A

USD 500

USD 375

X

USD 1125

USD 1125

Z

USD 0

USD 0

U

USD 150

USD 150

C

USD 200

USD 200

P

USD 0

USD 0

MCC Transaction Limit Card Present

Card Not Present

5511

USD 2000

USD 500

5542

USD 40

USD 0

7995

USD 350

USD 0

6-15

Stand-In Processing Stand-In Tests

Example 1

Incoming Authorization Request/0100 message contains the BIN corresponding to this matrix, country code 626, an indicator that the card is present, TCC O, MCC 8062, and a transaction amount of USD 750. For the Transaction Limits section of Stand-In processing, Stand-In reviews the matrix line by line: •

Because the authorization request does not contain promotion code PM0111 and MCC 5511, processing continues past the first line.



Because the request does not contain country code 454, CAT level indicator 2, and MCC 5542, it also continues past the second line.



On the third line, country code 626 and TCC O in the matrix match the country code and TCC in the Authorization Request/0100 message. Because the matrix does not contain an MCC, processing uses the TCC in the authorization request and disregards MCC 8062. Therefore, Stand-In processing applies the transaction limits for this parameter combination.

Because the card is present, Stand-In processing applies a transaction limit of USD 1000 to this transaction. The transaction amount of USD 750 is less than the limit, so it will pass this transaction limit test. Example 2

Incoming Authorization Request/0100 message contains the BIN corresponding to this matrix, country code 840, CAT level indicator 2, an indicator that the card is present, TCC R, MCC 5542, and a transaction amount of USD 75. Stand-In processing reviews the matrix line by line:

6-16



Because the authorization request does not contain promotion code PM0111 and MCC 5511, processing continues past the first line.



Because the request does not contain country code 454, CAT level indicator 2, and MCC 5542, it also continues past the second line.



Because the request does not contain country code 626 and TCC O or H, it also continues past the third line.



On the fourth line, the country code is global (applies to any country), and CAT level 2 matches the CAT level in the Authorization Request/0100 message. In addition, limits by TCC in the matrix match TCC R in the authorization request. Therefore, Stand-In processing applies the transaction limits for this parameter combination.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Stand-In Tests

Because the card is present and the authorization request contains TCC R, Stand-In processing applies a transaction limit of USD 100 to this transaction. The transaction amount of USD 75 is less than the limit, so it will pass this transaction limit test. Example 3

Incoming Authorization Request/0100 message contains the BIN corresponding to this matrix, country code 454, an indicator that the card is not present, TCC A, MCC 3360, and a transaction amount of USD 450. Stand-In processing reviews the matrix line by line: •

Because the authorization request does not contain promotion code PM0111 and MCC 5511, processing continues past the first line.



Although the request does contain country code 454, it does not contain a CAT level indicator 2 or MCC 5542, and therefore it continues past the second line.



Because the request does not contain country code 626 and TCC O or H, it also continues past the third line.



Because the request does not contain CAT level indicator 2, processing continues past the fourth line.



Because the request does not contain CAT level indicator 4 and MCC 7995, processing continues past the fifth line.



On the sixth line, the country code is global (applies to any country), and limits by TCC in the matrix match TCC A in the authorization request. Therefore, Stand-In processing applies the transaction limits for this parameter combination.

Because the card is not present and the authorization request contains TCC A, Stand-In processing applies a transaction limit of USD 375 to this transaction. The transaction amount of USD 450 is more than the limit, so it will fail this transaction limit test.

Accumulative Limits Test To perform the Accumulative Limits test, Stand-In processing compares the cumulative number of transactions approved on the current day and over the previous two, three, and four groups of days with the parameters for those numbers designated by the issuer. Stand-In processing also compares the cumulative amount of all transactions approved on the current day and over the past two, three, and four groups of days with the parameters for those amounts designated by the issuer.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-17

Stand-In Processing Stand-In Tests

For example, assume the issuer designated the following accumulative limits: Current Day Day 2 Day 3 Day 4

two transactions and USD 1200 four transactions and USD 1200 four transactions and USD 1200 four transactions and USD 1200

A cardholder that had two transactions approved by Stand-In processing for a total dollar amount of USD 500 on Day 1 would have available a maximum of two more transactions and USD 700 that could be approved through Stand-In during the following three days. For an MO/TO request, if the cumulative number or dollar amount in the request exceeds the limit established by the issuer, Stand-In processing generates a response of “decline.” For any other type of transaction, if the cumulative number or dollar amount in the request exceeds the limit established by the issuer, Stand-In processing generates a response of either “refer to card issuer” or “decline,” based on the Decision Matrix.

Cash Disbursement Accumulator Test Setting up the cash disbursement accumulator is optional. To perform this test, Stand-In processing compares the cumulative amount of approved cash disbursement transactions (with transaction category code C) for the particular account with the issuer-established limits. If the transaction amount plus the cumulative amount of cash disbursements for the account exceed the established limits, Stand-In processing returns a response of either “refer to card issuer” or “decline,” based on the Decision Matrix (Accumulative Limits Test column).

Stand-In Response If Stand-In processing performs all of the tests described earlier without generating a response of “decline,” “refer to card issuer,” or “capture card,” Stand-In processing approves the authorization request. It also adds the transaction amount to the cardholder’s accumulative record in preparation for the next comparison with the Accumulative Limits.

6-18

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Stand-In Processing Exceptions and Additions to the Stand-In Process

Exceptions and Additions to the Stand-In Process Stand-In processing performs the tests as described earlier in the order listed, until it generates an authorization response. For the following types of transactions, however, Stand-In processing modifies processing or performs additional steps: •

Online



Gold MasterCard® Card



VIP



CAPS

Online Transactions Stand-In processing performs all steps of the testing process as described. In addition, for online issuers, when Stand-In processing generates an authorization response of “approved,” “decline,” or “capture card,” it also creates a store-and-forward (SAF) advice message, which contains the transaction data for the authorization request. The issuer can retrieve these SAF messages online (described in chapter 5).

Gold MasterCard Card Accounts If a Gold MasterCard Card account is within a BIN range (defined to at least 11 digits) containing exclusively Gold MasterCard cards, the Transaction Limits Test uses the transaction limits established for that Gold range. Issuers establish Gold MasterCard Card ranges using the Gold MasterCard Card Range Identification Form (located in the Account Management User Manual). After an issuer has established a Gold MasterCard Card range, MasterCard deletes any of the issuer’s individual Gold MasterCard card listings that fall within that range from the Account File. If the account is part of a mixed BIN, however, Stand-In processing cannot determine the program type based on the BIN. To identify the account as a Gold MasterCard Card account, the issuer must also list the account in the Account File with entry reason G.

Note

If the account is part of a mixed BIN and is not also listed in the Account File with entry reason G, the Transaction Limits Test defaults to the transaction limits for the programs other than Gold MasterCard Cards in the BIN range.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

6-19

Stand-In Processing Exceptions and Additions to the Stand-In Process

VIP Accounts To identify VIP accounts, issuers establish transaction limits and accumulative limits in the VIP Controls section of the Stand-In Processing Worksheet. Stand-In processing proceeds as follows for VIP accounts. Stage Description 1.

If the transaction fails the Transaction Limits Test, Stand-In processing applies the response designated in the VIP Test section of the Decision Matrix. If the transaction passes the Transaction Limits Test, Stand-In processing proceeds to the Accumulative Limits Test.

2.

During the Accumulative Limits Test, Stand-In processing applies the Days and Count Limit parameters designated by the issuer in the VIP Control section of the Stand-In Processing Worksheet.

3.

If the transaction fails the Accumulative Limits Test, Stand-In processing applies the response designated in the VIP Test section of the Decision Matrix.

4.

If the transaction passes the Accumulative Limits Test, Stand-In processing adds the transaction amount to the VIP accumulation amount for that cardholder. Stand-In processing compares the sum to the VIP amount designated in the Account File. If the transaction fails the Accumulative Amount Test for VIP cards, Stand-In processing applies the response designated in the VIP Test section of the Decision Matrix.

5.

If the transaction passes the Accumulative Amount Test, Stand-In processing applies the next test.

CAPS Accounts CAPS issuers list all of their positive accounts as VIP accounts (described in chapter 8). If Stand-In processing does not find a CAPS account listed in the Account File with entry reason V, P, or R, during the Account File test, it generates a response of “decline.” In addition, for CAPS issuers, whenever Stand-In processing generates an authorization response of “decline,” it also creates a record for the CAPS Sequential Response File with an R in the Response Indicator field and a space in the Reject Reason field.

6-20

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

7

Setting Stand-In Parameters: Online Issuer This chapter outlines the responsibilities of online issuers to establish Stand-In parameters and the procedures for doing so.

Establishing Parameters.......................................................................................7-1 To Complete the Worksheet.........................................................................7-1 Default Values ...............................................................................................7-2 Setting Limits Lower than the MasterCard Minimums ...........................7-2 On Every Page ..............................................................................................7-2 New or Existing Account Ranges .......................................................................7-4 Important Dates...................................................................................................7-4 How MasterCard Uses this Information .......................................................7-4 When Changes are Effective.........................................................................7-4 Telephone Numbers............................................................................................7-5 How to Complete this Section......................................................................7-5 How MasterCard Uses this Information .......................................................7-5 When Changes Are Effective ........................................................................7-5 Hours of Operation for Call Referral Center ......................................................7-6 How to Complete this Section......................................................................7-6 One Opening and One Closing Within One Day .................................7-7 Two Openings and Closings Within One Day ......................................7-7 Daylight Saving Time Date Range .........................................................7-8 Coordinated Universal Time (UTC) Offset ............................................7-9 How Stand-In Processing Uses this Information .........................................7-9 Noncompliance Assessments........................................................................7-9 When Changes Are Effective ......................................................................7-10 Holidays for Call Referral Center......................................................................7-10 How to Complete this Section....................................................................7-10 How Stand-In Processing Uses this Information .......................................7-11 When Changes Are Effective ......................................................................7-11

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-i

Setting Stand-In Parameters: Online Issuer

Transaction Category Code Global Parameters................................................7-11 How to Complete this Section....................................................................7-11 How Stand-In Processing Uses this Information .......................................7-12 When Changes Are Effective ......................................................................7-12 Transaction Category Code Local Use Parameters...........................................7-13 How to Complete this Section....................................................................7-13 How Stand-In Processing Uses this Information .......................................7-14 When Changes Are Effective ......................................................................7-14 Accumulative Limits ..........................................................................................7-15 How to Complete this Section....................................................................7-15 Accumulative Limits Example ..............................................................7-16 How Stand-In Processing Uses this Information .......................................7-16 When Changes Are Effective ......................................................................7-17 Cash Disbursement Accumulative Limits..........................................................7-17 How to Complete this Section....................................................................7-17 How Stand-In Processing Uses this Information .......................................7-17 When Changes Are Effective ......................................................................7-18 Decision Matrix..................................................................................................7-18 How to Complete this Section....................................................................7-18 How Stand-In Processing Uses this Information .......................................7-19 When Changes Are Effective ......................................................................7-19 Range Blocking .................................................................................................7-20 How to Complete this Section....................................................................7-20 How Stand-In Processing Uses this Information .......................................7-21 When Changes Are Effective ......................................................................7-21 Expanded Parameter Combinations .................................................................7-21 How to Complete this Section....................................................................7-21 How Many Limits You Can Establish...................................................7-23 Using the Expanded Parameter Combinations....................................7-23 How Stand-In Processing Uses this Information .......................................7-23 When Changes Are Effective ......................................................................7-23 VIP Controls.......................................................................................................7-24 How to Complete this Section....................................................................7-24 How Stand-In Processing Uses this Information .......................................7-25 When Changes Are Effective ......................................................................7-25

7-ii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer

Limit-1 Processing .............................................................................................7-25 How to Complete this Section....................................................................7-25 How Stand-In Processing Uses this Information .......................................7-26 When Changes Are Effective ......................................................................7-26

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-iii

Setting Stand-In Parameters: Online Issuer Establishing Parameters

Establishing Parameters To generate authorization responses, Stand-In processing must have issuer parameters on file. Issuers establish or update parameters by completing the Stand-In Processing Worksheet for Online Issuers. The Stand-In Processing Worksheet for Online Issuers is required for all online issuers. Issuers must complete at least one worksheet for each issuing ICA number. Issuers may list multiple account ranges on one worksheet if both of the following statements are true: •

You are available to respond to call referrals for all listed account ranges at the phone numbers that you list during the times that you list on the worksheet.



You want to establish the same parameters for all listed account ranges.

If different account ranges have different hours of operation for referral handling or different parameters, you must complete a separate worksheet for each account range.

To Complete the Worksheet To complete the Stand-In Processing Worksheet for Online Issuers, follow these steps. Step

Action

1.

Determine how much of the form you need to complete. IF you are filling out the form…

THEN you must complete…

For the first time

The entire form

To update your existing parameters

Only the applicable pages of the form

2.

Copy the appropriate pages of the form. (MasterCard suggests that you always leave one sample copy in this manual.)

3.

Complete the appropriate pages of the form.

4.

On each page that you complete, print your name (the person who completed the form) on the Contact Name line, sign your name on the Contact Signature line, write your Phone number, and provide the Completed date.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-1

Setting Stand-In Parameters: Online Issuer Establishing Parameters

Step

Action

5.

Fax or mail the completed pages to: MasterCard International Attention: Customer Operations Services 2200 MasterCard Boulevard O’Fallon MO 63368-7263 USA Fax: 1-636-722-7192

Default Values MasterCard has established minimum and maximum values for certain parameters. The form lists these minimum and maximum values. •

If you do not establish higher limits by writing your higher limits on the form, MasterCard will apply the minimum limits as default values for your limits.



If you want MasterCard to set the minimum limits as your limits, select the default check box on the form above the place to establish your limits.

Setting Limits Lower than the MasterCard Minimums If an issuer needs to establish limits that are lower than the MasterCard minimums for certain transaction category codes (TCCs), the issuer must request these lower limits in writing. The issuer must receive approval from MasterCard before establishing limits that are lower than the minimums. However, an issuer may set lower limits for card acceptor business code/merchant category code (MCC) 7995 (Gambling) without requesting approval. For questions about lower limits, please contact the Customer Operations Services team.

On Every Page Include the following information on each page of the worksheet: Account Range: Enter the account range. ICA: Enter the six-digit ICA number.

7-2

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Establishing Parameters

Card Program: Enter the three-digit product code for which the values on this worksheet apply. Valid codes include but are not limited to:

Product Code

Card Program

MBE

MasterCard® Electronic BusinessCard

MCB

MasterCard BusinessCard® Card

MCC

Mixed BIN

MCF

MasterCard Corporate Fleet Card®

MCG

Gold MasterCard® Card

MCO

MasterCard Corporate Card™

MCP

MasterCard Corporate Purchasing™ Card

MCS

MasterCard® Standard Card

MCW

World MasterCard™ Card

MCX

MasterCard® Card (international use)

MDB

MasterCard BusinessCard® debit card

MDG

Debit Gold MasterCard®

MDM

Maestro® point-of-sale debit program

MDO

Debit MasterCard Other

MDP

Debit Platinum MasterCard®

MDS

Debit MasterCard®

MDW

World MasterCard® debit card

MEB

MasterCard Executive BusinessCard™

MEC

MasterCard® Electronic Commercial

MEO

MasterCard Corporate Executive Card™

MPL

Platinum MasterCard™ Card

MPP

MasterCard® Prepaid Card

MWB

World MasterCard BusinessCard™

MWO

World MasterCard™ Corporate Card

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-3

Setting Stand-In Parameters: Online Issuer New or Existing Account Ranges

New or Existing Account Ranges You must specify if this request is for a new account range or an existing account range. IF this request is for…

THEN…

A new account range

Select the check box before a new account range.

An existing account range

Select the check box before an existing account range.

You should use a separate form for new or existing account ranges.

Important Dates The important dates section is required. The important dates section allows you to inform the Customer Operations Services team of the dates you want the requested account range and ICA number to be live. Additionally, you can inform the Customer Operations Services team of the date you intend to begin issuing cards with the requested account range and ICA number.

How MasterCard Uses this Information MasterCard will attempt to accommodate your requested live date. Customer Operations Services will confirm this date, dependent on the receipt of complete, accurate, and legible information.

When Changes are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Please confirm the effective date of these changes with the Customer Operations Services team.

7-4

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Telephone Numbers

Telephone Numbers The telephone numbers section is required. This section allows you to designate the phone numbers for departments within your organization that support authorization processes.

How to Complete this Section Phone Number for Call Referral Center (for the center that will receive the call referral phone call): Enter the phone number that acquirers use to call for

authorization when you (or Stand-In) issue call referral responses. This is the phone number to which Global Automated Referral Service (GARS) calls are connected. Phone Number for Security Department: Enter the phone number of your

Security Contact (for general security-related issues). Phone Number for Reporting Lost or Stolen Cards: Enter the phone number that

cardholders call to report a lost or stolen card. Phone Number for Customer Service: Enter the phone number of the department or person that receives the calls from cardholders. Processor Name (if applicable): If you use a processor, enter its name.

How MasterCard Uses this Information The Global Automated Referral Service (GARS) and the Customer Operations Services team use these phone numbers when contacting the issuer.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Please confirm the effective date of these changes with the Customer Operations Services team.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-5

Setting Stand-In Parameters: Online Issuer Hours of Operation for Call Referral Center

Hours of Operation for Call Referral Center The hours of operation for call referral center section is required. This section allows you to specify the times when your call referral center is available to accept call referrals.

How to Complete this Section If you are available for call referral handling 24 hours a day, 7 days a week, select the Check this box for default of open 24 hours, 7 days a week check box. If you are not available for call referral handling 24 hours a day, 7 days a week, please read the following explanations: •

The times specified between “Open” and “Close” must include all of the times that you are available for call referral handling within the hours 00:00– 24:00 on each day. If your call center was open Monday night and is still open Tuesday morning until 01:00, for example, you must show the first Open/Close times on Tuesday as: 00:00–01:00.



The Open time for each associated Close time must be less than the Close time. If your call center opens at 05:00, for example, it must close later than 05:00. If the Open time is 05:00, a Close time of 24:00 is valid. If the Open time is 05:00, a Close time of 01:00 is not valid.

Complete each column as described below. The time in any Open column may not be earlier than 00:00, and the time in any Close column may not be later than 24:00.

7-6

Step

Action

1.

In the first column (Open), enter the first time (beginning at 00:00, which is midnight) that your facility is available to handle call referrals. This could be as early as 00:00, which may mean that your facility is still open from the previous night.

2.

In the second column (Close), enter the first time during that 24-hour day (between the hours of 00:00 and 24:00) that your facility is unavailable to handle call referrals.

3.

In the third column (Open), enter the second time during that 24-hour day (between the hours of 00:00 and 24:00) that your facility opens to handle call referrals. This time must be greater than the time in the second column.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Hours of Operation for Call Referral Center

Step

Action

4.

In the fourth column (Close), enter the next time during that 24-hour day (between the hours of 00:00 and 24:00) that your facility stops being available to handle call referrals. If your facility stays open through the night and into the next day, you must still enter 24:00 (midnight) as the closing time for this day. In this case, the next day opens at 00:00 (also midnight).

One Opening and One Closing Within One Day If you open your facility once and close it once within the same day, between the hours of 00:00 and 24:00, use the first two columns to record your hours of operation. The following example illustrates sample hours of operation for a facility that is available at these times: •

From 05:00 to 24:00 every day except Sunday



From 10:00 to 17:00 on Sunday

Example—One Opening and One Closing Open (HH:MM)

Close (HH:MM)

Open (HH:MM)

Close (HH:MM)

Monday

05:00

24:00

:

:

Tuesday

05:00

24:00

:

:

Wednesday

05:00

24:00

:

:

Thursday

05:00

24:00

:

:

Friday

05:00

24:00

:

:

Saturday

05:00

24:00

:

:

Sunday

10:00

17:00

:

:

Two Openings and Closings Within One Day If you open and close your facility more than once between the hours of 00:00 and 24:00 on any given day, use all four columns to record your hours of operation. Remember to show all of the times that you are available for call referral handling within the hours 00:00–24:00 on each day. The following example illustrates sample hours of operation for a facility that is available to handle call referrals during these times: •

Open from 07:00 Monday to 01:00 Tuesday

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-7

Setting Stand-In Parameters: Online Issuer Hours of Operation for Call Referral Center

• • • • • •

Open from 07:00 Tuesday to 01:00 Wednesday Open from 07:00 Wednesday to 01:00 Thursday Open from 07:00 Thursday to 01:00 Friday Open from 07:00 Friday to 01:00 Saturday Open from 07:00 Saturday to 01:00 Sunday Closed between 01:00 Sunday and 07:00 Monday

Example—Two Openings and Two Closings Open (HH:MM)

Close (HH:MM)

Open (HH:MM)

Close (HH:MM)

Monday

07:00

24:00

:

:

Tuesday

00:00

01:00

07:00

24:00

Wednesday

00:00

01:00

07:00

24:00

Thursday

00:00

01:00

07:00

24:00

Friday

00:00

01:00

07:00

24:00

Saturday

00:00

01:00

07:00

24:00

Sunday

00:00

01:00

:

:

Daylight Saving Time Date Range The daylight saving time date range does not apply if the call referral center is open 24 hours, 7 days a week with no holidays. If the call referral center is not open 24 hours, 7 days a week with no holidays, follow these steps. Step

Action

1.

IF the local time of your Call Referral Center… Does not use daylight saving time

THEN… Select the Check this box if the local time for the Call Referral Center does not use daylight saving time check box. Do not fill out the rest of this section.

Uses daylight saving time

7-8

Go to step 2.

2.

After From: provide the month, day, and year (MMDDYY) and the hour and minute (HH:MM) that daylight saving time begins (in your local time).

3.

After To: provide the month, day, year, hour, and minute that it ends (in your local time).

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Hours of Operation for Call Referral Center

Coordinated Universal Time (UTC) Offset The UTC offset does not apply if the call referral center is open 24 hours, 7 days a week with no holidays. If the call referral center is not open 24 hours, 7 days a week with no holidays, follow these steps. Step

Action

1.

IF local time for your Call Referral Center is…

THEN…

Behind UTC

Select the check box before Behind (“-”) UTC.

Ahead UTC

Select the check box before Ahead (“+”) UTC.

2.

On the same line that you selected the check box, enter the amount of time difference (in hours and minutes) between the local time for your call referral center and UTC.

How Stand-In Processing Uses this Information If Stand-In processes a transaction, Stand-In processing issues call referrals only during the hours that you establish as “open” on this form. Your call referral center must be available to take call referrals during the hours that you establish as open on this form.

Noncompliance Assessments Issuers must be available to take call referrals during the hours that they establish as “open” on the Stand-In Processing Worksheet. MasterCard examines issuer transactions for the week and compares them to the Hours of Operation that the issuer indicates on this worksheet. Stand-In processing issues call referrals only during the hours that the issuer establishes as “open.”

Note

The issuer is charged a fee for each day that it issues call referrals during the hours that it establishes as “closed” on the Stand-In Processing Worksheet. The issuer also is charged a fee for each call referral that it issues during the hours that it establishes as “closed” on the Stand-In Processing Worksheet.

For more information about noncompliance assessments and for a complete description of the billing events for authorization services, see the MasterCard Consolidated Billing System Manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-9

Setting Stand-In Parameters: Online Issuer Holidays for Call Referral Center

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Please confirm the effective date of these changes with the Customer Operations Services team.

Holidays for Call Referral Center The holidays for call referral center section is required.

Note

Issuers must complete and submit this section of the worksheet every year.

This section tells MasterCard the times when your call referral center availability differs from the schedule that you provided in the hours of operation for call referral center section.

How to Complete this Section To provide information for the holidays for call referral center section, follow these steps. Step

Action

1.

After For Year at the top of the page, enter the year for which these holidays apply.

2.

IF your Call Referral Center…

THEN…

Does not close for any holidays

Select the Check this box for default of no holidays check box. Do not complete any more of this section.

Closes for holidays

Go to step 3.

3.

For each day that you will not be available as stated under Call Referral Center Hours of Operation, enter the month and day under MM/DD.

4.

If you can accept call referrals for part of a holiday, enter the times that you will be available under Open and Close. If your office will close for the entire day, enter 00:00 under Open and 00:00 under Close.

7-10

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Transaction Category Code Global Parameters

How Stand-In Processing Uses this Information Stand-In processing issues call referrals only during the hours that you establish as open in this section. Stand-In processing will not issue call referrals when your call referral center is closed for a holiday.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Transaction Category Code Global Parameters The transaction category code (TCC) global parameters section is required. Provide information in this section only if your account range is a global use account range.

Note

You should only complete page 4 of the worksheet if the account range you are completing the worksheet for is not a Local Use Only Account Range. If it is a Local Use Only Account Range, provide information about your TCC parameters on page 5, “Transaction Category Code Local Use Parameters” and “Transaction Category Code Global Parameters.”

The TCC global parameters section allows you to set dollar limits for authorization transactions, based on a variety of parameters, which apply to all countries. If you want to set Stand-In processing limits in a currency other than U.S. dollars, you must participate in the Authorization Multiple Currency Conversion (AMCC) service. For more information about AMCC, see chapter 9. For information about charges for global limits, see the MasterCard Consolidated Billing System Manual.

How to Complete this Section The worksheet allows you either to choose default limits, which MasterCard has already established, or to specify your own limits in U.S. dollars or AMCC currency. You can establish distinct transaction limits for: •

Transaction category codes (TCCs)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-11

Setting Stand-In Parameters: Online Issuer Transaction Category Code Global Parameters



Card present at the point of interaction or card not present at the point of interaction

IF you want to…

THEN…

Use the MasterCard default limits for this Select the Check this box to use the global parameter combination minimum/default values in U.S. dollars (same values for card present and card not present)

check box. Establish transaction limits that are greater than the default limits shown on the form −Or− Establish different limits for card present and card not present point-of-interaction situations

Enter the dollar amounts under the Card Present and Card Not Present columns. Note: Issuers may not designate transaction limits that are less than the MasterCard defaults.

Define limits for Stand-In processing in U.S. dollars or AMCC currency

Enter the three-digit currency code.

Have Stand-In processing skip the Transaction Limits test

Enter value A for the Transaction Limits test in the Decision Matrix on page 7 of the form. Note: Stand-In processing will apply only

Accumulative Limits if value A appears in the Decision Matrix for the Transaction Limits test.

How Stand-In Processing Uses this Information Stand-In processing uses these limits during the Transaction Limits test. Stand-In applies the limits based on the characteristics of each authorization request. If the characteristics of the authorization request are TCC O and “card not present,” for example, Stand-In processing applies the limits that you established for that particular situation.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

7-12

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Transaction Category Code Local Use Parameters

Transaction Category Code Local Use Parameters The transaction category code (TCC) local use parameters section is required for members using Local Use Only Account Ranges. Provide information in this section only if your account range is a Local Use Only Account Range.

Note

You should only complete page 5 of the worksheet if the account range you are completing the worksheet for is a Local Use Only Account Range. If it is a global use account range, provide information about your TCC parameters on page 4, “Transaction Category Code Global Parameters.”

The TCC local use parameters section allows you to set limits for authorization transactions, based on a variety of parameters, that apply to the home country assigned for your Local Use Only Account Range. Additionally, you may provide TCC global parameters for your Local Use Only Account Range for all countries except for the home country assigned for your Local Use Only Account Range. If you want to set Stand-In processing limits in a currency other than U.S. dollars, you must participate in the Authorization Multiple Currency Conversion (AMCC) service. For more information about AMCC, see chapter 9. For information about charges for global limits, see the MasterCard Consolidated Billing System Manual.

How to Complete this Section The worksheet allows you to specify your own limits for your Local Use Only Account Range. You can establish distinct transaction limits for: •

Transaction category codes (TCCs)



Card present at the point of interaction or card not present at the point of interaction (POI)

IF you want to…

THEN…

Establish distinct transaction limits for different TCCs

Enter the amounts under the Card Present and Card Not Present columns.

−Or− Establish different limits for card present and card not present point-of-interaction situations

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-13

Setting Stand-In Parameters: Online Issuer Transaction Category Code Local Use Parameters

IF you want to…

THEN…

Define limits for Stand-In processing in U.S. dollars or AMCC currency

Enter the three-digit currency code.

Have Stand-In processing skip the Transaction Limits test

Enter value A for the Transaction Limits test in the Decision Matrix on page 7 of the form. Note: Stand-In processing will apply only

Accumulative Limits if value A appears in the Decision Matrix for the Transaction Limits test.

How Stand-In Processing Uses this Information Stand-In processing uses these amount limits during the Transaction Limits test. Stand-In applies the limits based on the data in each authorization request. If the data in the authorization request is TCC O and card not present, for example, Stand-In processing applies the limits that you established for that particular situation.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

7-14

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Accumulative Limits

Accumulative Limits The accumulative limits section is required. This section allows you to establish the cumulative number and amount of transactions allowed over a range of four days. If you want to set Stand-In processing limits in a currency other than U.S. dollars, you must participate in the Authorization Multiple Currency Conversion (AMCC) service. For more information about AMCC, see chapter 9.

How to Complete this Section The worksheet allows you either to choose default values, which MasterCard has already established, or to specify your own values.

Note

Carefully select the values for these fields because a cardholder can easily reach the limits without spending a large amount.

IF you want to…

THEN…

Use the MasterCard default values

Select the Check this box to use the minimum/default values listed below check box.

Define limits for Stand-In processing in U.S. dollars or AMCC currency

Enter the three-digit currency code.

Establish issuer-specific accumulative limits

Enter the limits in the spaces provided, under Number of Approved Transactions Allowed and Accumulative Approved Allowed. Enter an amount for each column and for each of the Day Ranges (1, 2, 3, and 4). Note: Issuers may not designate

accumulative limits that are less than the MasterCard defaults.

Note

Day 1 of the issuer’s accumulative limit must be equal to or greater than the issuer’s highest TCC global limit.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-15

Setting Stand-In Parameters: Online Issuer Accumulative Limits

Accumulative Limits Example The following example shows a completed set of accumulative limits. In this example, which uses the MasterCard default amounts, Stand-In processing will approve a maximum of four transactions within any span of four days. Stand-In processing will approve as many as: • • • •

Two transactions on the current day Four transactions between the previous day and the current day Four transactions across a three-day span Four transactions across any four days

Therefore, a cardholder who has had two transactions approved by Stand-In processing on day 1 could have a maximum of two more transactions approved by Stand-In processing over the next three days. In this example, Stand-In processing also can authorize as much as USD 1,200 in transactions. Stand-In processing will approve as much as: • • • •

USD USD USD USD

1,200 1,200 1,200 1,200

on the current day between the previous day and the current day across a three-day span across any four days

Therefore, a cardholder charging USD 600 during the first two days would have access to USD 600 during the next two days.

Day Range

Number of Approved Transactions Allowed (Maximum of 99)

Accumulative Approved Amount Allowed (Maximum equivalent of USD 99,999)

1

2

1200

2

4

1200

3

4

1200

4

4

1200

How Stand-In Processing Uses this Information Stand-In processing uses these limits during the Accumulative Limits test. If an authorization request exceeds any of these limits, Stand-In processing responds according to the parameters that you established in the Decision Matrix, Accumulative Limit Test column.

7-16

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Cash Disbursement Accumulative Limits

If the issuer has not established accumulative limits, Stand-In processing uses the MasterCard default amounts shown on the worksheet.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Cash Disbursement Accumulative Limits The cash disbursement accumulative limits section is optional. The cash disbursement accumulative limits allow you to establish separate limits specific to cash disbursement.

How to Complete this Section After Days, specify any number of days (up to 45) to control the velocity of MasterCard accounts used for cash withdrawal. After Accumulative Amount Allowed, enter the maximum amount to be accumulated during the Days range.

How Stand-In Processing Uses this Information Stand-In processing uses these limits during the Accumulative Limits test. Any time an authorization request for a cash disbursement exceeds these limits, Stand-In processing responds according to the parameters that you established in the Decision Matrix, Accumulative Limit Test column.

Note

Stand-In processing counts cash disbursement transactions when it calculates the accumulative limits. The values that you establish here for cash disbursement transactions should not conflict with what you established in the previous accumulative limits.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-17

Setting Stand-In Parameters: Online Issuer Decision Matrix

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Decision Matrix The decision matrix section is required. This section allows you to specify how Stand-In processing will respond when a transaction fails any of the following Stand-In processing tests: •

Account File test



Transaction Limits test



Accumulative Limits test



VIP Limits test

This section defines the authorization response that Stand-In processing will generate in response to an authorization request.

How to Complete this Section The worksheet allows you either to choose default values, which MasterCard has already established, or to specify your own values. If you want to use the MasterCard default values for the decision matrix, select the Check this box to use the default values listed below check box. To specify your own values, designate the following Stand-In responses. Value

Description

C

Refer to card issuer.

N

Decline—If the test fails and the entry reason in the Account File is C (credit), U (unauthorized use), or O (other). Capture Card—If the test fails and the entry reason in the Account File is P (capture card), F (fraud), L (lost), S (stolen), or X (counterfeit).

A

7-18

Continue Stand-In processing. Skip the Transaction Limits test and go to the next Stand-In test.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Decision Matrix

Account File Test: Enter a value to indicate the authorization response that you

want Stand-In processing to generate when one of the following is true: •

The account is listed on the Account File with an entry reason of C (credit), O (other), or U (unauthorized use).



The transaction failed the CVC 1 Test.

Entry reasons of F (fraud), L (lost), P (capture card), S (stolen), or X (counterfeit) always result in a “capture card” response. Transaction Limits Test: Enter a value to indicate the authorization response that

you want Stand-In processing to generate when it receives an authorization request that exceeds the Transaction Limits.

Note

If you enter value A for the Transaction Limits test, Stand-In will skip the Expanded Parameter Combinations and the Transaction Category Code Global Parameters. Stand-In will apply only Accumulative Limits.

Accumulative Limits Test: Enter a value to indicate the authorization response

that you want Stand-In processing to generate when it receives an authorization request that exceeds the Accumulative Limits. VIP Limits Test: Enter a value to indicate the authorization response that you

want Stand-In processing to generate when it receives an authorization request that exceeds the VIP limits.

How Stand-In Processing Uses this Information Stand-In processing uses the instructions in this section when a transaction fails one of these Stand-In processing tests.

Note

If you enter value A for the Transaction Limits test, Stand-In processing will skip the Expanded Parameters and the Global Limits. As a result, Stand-In processing will test only the Accumulative Limits.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-19

Setting Stand-In Parameters: Online Issuer Range Blocking

Range Blocking The range blocking section is optional. Issuers use range blocking to combat fraud. The range blocking section identifies ranges of card numbers within your account ranges that you: •

Have not issued to cardholders (and that should be blocked) or



Blocked previously and now want to unblock.



For information about the charges for range blocking, see the MasterCard Consolidated Billing System Manual.

How to Complete this Section To complete this section, follow these steps.

Note

Step

Action

1.

In the From account number column, enter the first 11 digits of the account number at the beginning of the range. (The first six of the 11 digits must be the BIN.)

2.

In the Through account number column, enter the first 11 digits of the account number at the end of the range. (The first six of the 11 digits must be the BIN.)

3.

Select the Block check box or Unblock check box to indicate whether this range of card numbers should be blocked or unblocked.

Remember to submit this section of the form again to MasterCard when you decide to issue cards within these blocked ranges. Because the most current form entirely replaces all previously requested range blocks, you must list all range blocks that you require each time you submit the form.

To unblock a portion of a range that is currently blocked, submit the form unblocking the entire range that is blocked and submit the new range to be blocked on the same form.

7-20

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Expanded Parameter Combinations

How Stand-In Processing Uses this Information Stand-In processing issues a response of “invalid card number” (regardless of the acquiring country) for any authorization request within the blocked ranges.

Note

Range blocking only applies for transactions processed by Stand-In processing. Card numbers within the blocked ranges do not automatically appear in the Account Management System (AMS) Electronic Warning Bulletin file.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Expanded Parameter Combinations The expanded parameters section is optional. Issuers use expanded parameters to help reduce fraud or for special promotional programs. The expanded parameters section allows you to set limits for authorization transactions based on a variety of transactions. If you want to set Stand-In processing limits in a currency other than U.S. dollars, you must participate in the Authorization Multiple Currency Conversion (AMCC) service. For more information about AMCC, see chapter 9.

How to Complete this Section The worksheet allows you either to choose default limits, which MasterCard has already established, or to specify your own limits. Country Codes: You can designate as many as 10 individual countries for

which these transaction limits will apply. Use the three-digit country codes listed in the Quick Reference Booklet. Designate 000 to establish limits that apply to all countries. If you do not enter a country code, MasterCard will use 000 as the default.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-21

Setting Stand-In Parameters: Online Issuer Expanded Parameter Combinations

Promotion Code: A promotion code is an alphanumeric code that can be included in the Authorization Request/0100 message. Stand-In processing can use the code to identify transactions that apply to an issuer’s promotion program. The promotion code allows the issuer to use different criteria to determine authorization responses for transactions that occur at the participating merchants.

IF you…

THEN…

Want these transaction limits to apply to a specific promotion code

Enter the promotion code.

Do not want these transaction limits to apply to a specific promotion code

Leave these spaces blank.

CAT Level: A cardholder-activated terminal (CAT) is a bankcard reading remote

device (usually unattended) that dispenses a product or provides a service. A CAT must be one of the following types of terminals: •

Automated Dispensing Machine/Level 1



Self-service Terminal/Level 2



Limited Amount Terminal/Level 3



In-flight Commerce Terminal/Level 4



Electronic Commerce/Level 6



Transponder/Level 7

IF you…

THEN…

Want these transaction limits to apply to a specific CAT level

Enter the CAT level.

Do not want to restrict these transaction limits to a particular CAT level

Leave this space blank.

Currency Code: Enter the three-digit currency code. Transaction Category Codes or Card Acceptor Business Code/Merchant Category Codes: Enter values for up to 10 TCCs or up to 10 MCCs. You cannot enter both TCC and MCC limits. If you enter values only for card present, MasterCard

will apply these values to both card present and card not present situations.

7-22

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Expanded Parameter Combinations

How Many Limits You Can Establish You can establish as many as 17 sets of limits. To create additional sets of limits, copy the form as many as 17 times and send it with different combinations of limits. In addition, MasterCard also has established two required sets of limits.

Using the Expanded Parameter Combinations IF you want to…

THEN…

Raise Stand-In processing limits to accommodate a seasonal adjustment, such as a holiday shopping season, in one country



Enter the Country Code of that specific country. Enter the transaction limits by TCC for that country



On a separate page, enter a Country Code of 000. Enter the transaction limits by TCC that apply to all other acquiring countries.



Enter the account range, ICA number, and card program of the local-use-only cards.



Enter the Country Code of the specific countries in which the cards may be used. Enter the transaction limits by TCC for that country.

−And− Retain the default limits for all other acquiring countries Set limits for local-use-only cards, that is, cards that can be used only within a particular country

How Stand-In Processing Uses this Information Stand-In processing uses these amount limits during the Transaction Limits test. Stand-In processing applies the limits based on the characteristics of each authorization request. For example, if you establish transaction limits for country 454, Stand-in processing applies your established limits to all authorization requests from country 454.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-23

Setting Stand-In Parameters: Online Issuer VIP Controls

VIP Controls The VIP controls section is optional. This section allows you to set specific limits that Stand-In processing applies to accounts listed in the Account File as VIP. The VIP designation is a method of identifying accounts that the issuer wants Stand-In to process differently from MasterCard cards, BusinessCard cards, and Gold MasterCard cards.

How to Complete this Section To designate an account as VIP, the issuer enters entry reason V when listing the account in the Account File. See the Account Management User Manual for listing procedures. You must complete all of the options in this field if you are supporting VIP accounts. Country Code: Enter the country code to which these VIP limits should apply. Single Transaction Limit: Enter the maximum amount that you want Stand-In

processing to authorize for any single transaction involving a VIP account. You must indicate a value in this field if you are supporting VIP accounts. The amount may not be greater than USD equivalent 99,999. Do not enter zero in this field. (Entering zero would cause all transactions to fail this test.) Accumulative Limits: Days: Specify any number of days (up to 99) during

which Stand-In processing should measure the total number of authorization transactions authorized. The MasterCard default is four. Transactions: Enter the maximum number of transactions (up to 999) involving

a VIP account that you want Stand-In to authorize during the number of days specified above. You must indicate a value in this field if you are supporting VIP accounts. Do not enter zero in this field. Entering zero will cause all transactions to fail this test. Currency Code: Enter the three-digit currency code.

If you want to set Stand-In processing limits in a currency other than U.S. dollars, you must participate in the Authorization Multiple Currency Conversion (AMCC) service. For more information about AMCC, see chapter 9.

7-24

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Setting Stand-In Parameters: Online Issuer Limit-1 Processing

How Stand-In Processing Uses this Information During the Accumulative Limits test for VIP accounts, Stand-In processing applies the Days and Count Limit parameters designated in this section of the form.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Limit-1 Processing The Limit-1 processing section is optional. Issuers should complete this section only if you want Limit-1 processing. Limit-1 processing allows the issuer to: •

Route transactions that have small dollar amounts to Stand-In processing.



Apply all of the Stand-In tests to these transactions.

Issuers most often use Limit-1 processing to control their volume of transactions. See chapter 2 for more information about Limit-1 processing.

How to Complete this Section Enter dollar amounts to establish limits for Travel, Retail, Mail/Telephone/ Electronic Commerce, and Cash Disbursement transactions. Issuer Floor Limit-1 in USD: The values established in this category reside on all acquirer MIPs. The MIP sends transactions to Stand-In processing if the amount is less than or equal to the Issuer Floor Limit-1 and all of the following are true:



The card number is not listed as a restricted card on the Electronic Warning Bulletin file.



The transaction does not include an Address Verification Service Request.



The transaction was not generated at a cardholder-activated terminal SelfService Terminal/Level 2.



The transaction is not an ATM transaction.



The transaction does not contain a “merchant suspicious” indicator.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

7-25

Setting Stand-In Parameters: Online Issuer Limit-1 Processing

Nth Transaction: This value tells the acquiring MIP that for every Nth

transaction less than the Issuer Floor Limit-1, the MIP routes the transaction directly to the issuer for approval. Enter the desired numeric value to establish the Nth transaction.

How Stand-In Processing Uses this Information Limit-1 processing determines when transactions will be routed to Stand-In processing based on the U.S. dollar limit and the Nth transaction indicated in this section of the form.

Note

Stand-In processing counts Limit-1 transactions when determining cumulative amounts. If you establish Limit-1 values, ensure that your Accumulative Limits support the volume of Limit-1 transactions.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

7-26

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

8

Central Authorization Processing Service This chapter describes the Central Authorization Processing Service (CAPS).

Introduction to CAPS...........................................................................................8-1 Who Are CAPS Members? .............................................................................8-1 How Do CAPS Members Send Data to MasterCard?....................................8-1 When Does CAPS Apply Data to the Account File? ....................................8-1 What Data does MasterCard Provide for Members? ....................................8-2 CAPS Features......................................................................................................8-2 Sending and Retrieving CAPS Files via MasterCard File Express ......................8-4 When to Send the Sequential Account File .................................................8-4 Input File Type Field ..............................................................................8-5 Transmission of Multiple Files................................................................8-5 Entry Reason Field ..................................................................................8-6 Credit Availability Field ..........................................................................8-6 MasterCard Edits .....................................................................................8-6 MasterCard File Express Security ...........................................................8-7 Reporting of Errors in the Sequential Account File...............................8-7 Emergency Maintenance to the Account File ..............................................8-7 Transmission and Effective Times..........................................................8-8 Transmission of a Subsequent Full File Replace ...................................8-8 File Layouts..........................................................................................................8-9 Sequential Account File ................................................................................8-9 Completing the Stand-In Processing Worksheet..............................................8-12 To Complete the Worksheet.......................................................................8-13 Default Values .............................................................................................8-13 Setting Limits Lower than the MasterCard Minimums .........................8-14 On Every Page ............................................................................................8-14 Important Dates.................................................................................................8-14 How MasterCard Uses this Information .....................................................8-14 When Changes are Effective.......................................................................8-15

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-i

Central Authorization Processing Service

Telephone Numbers..........................................................................................8-15 How to Complete this Section....................................................................8-15 How MasterCard Uses this Information .....................................................8-15 When Changes are Effective.......................................................................8-15 Hours of Operation for Call Referral Center ....................................................8-16 How to Complete this Section....................................................................8-16 One Opening and One Closing Within One Day ...............................8-17 Two Openings and Closings Within One Day ....................................8-17 Daylight Saving Time Date Range .......................................................8-18 Coordinated Universal Time (UTC) Offset ..........................................8-19 How Stand-In Processing Uses this Information .......................................8-19 Noncompliance Assessments......................................................................8-19 When Changes Are Effective ......................................................................8-20 Holidays for Call Referral Center......................................................................8-20 How to Complete this Section....................................................................8-20 How Stand-In Processing Uses this Information .......................................8-21 When Changes Are Effective ......................................................................8-21 Cash Disbursement Accumulative Limits..........................................................8-21 How to Complete this Section....................................................................8-21 How Stand-In Processing Uses this Information .......................................8-21 When Changes Are Effective ......................................................................8-22 Decision Matrix..................................................................................................8-22 How to Complete this Section....................................................................8-22 How Stand-In Processing Uses this Information .......................................8-23 When Changes Are Effective ......................................................................8-23 Range Blocking .................................................................................................8-24 How to Complete this Section....................................................................8-24 How Stand-In Processing Uses this Information .......................................8-25 When Changes Are Effective ......................................................................8-25 Expanded Parameter Combinations .................................................................8-25 How to Complete this Section....................................................................8-25 How Many Limits You Can Establish...................................................8-26 Using the Expanded Parameter Combinations....................................8-27 How Stand-In Processing Uses this Information .......................................8-27 When Changes Are Effective ......................................................................8-27

8-ii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service

VIP Controls.......................................................................................................8-27 How to Complete this Section....................................................................8-28 How Stand-In Processing Uses this Information .......................................8-28 When Changes Are Effective ......................................................................8-28

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-iii

Central Authorization Processing Service Introduction to CAPS

Introduction to CAPS CAPS provides certain members with a 24-hour authorization service called Stand-In processing. Stand-In processing (described in chapter 6) provides authorization responses to acquirers on behalf of the issuer. It uses the following two types of data that the issuer provides: •

Issuer cardholder listings and available-to-buy amounts that are maintained in the Account File.



Issuer-defined parameters for approving authorization transactions.

CAPS members list positive and negative card accounts in the Account File for authorization responses that prompt the merchant to approve, decline, or capture the card. All positive card accounts have entry reason V (VIP) for CAPS listing purposes, including accounts that have standard authorization limits. CAPS members also may list restricted accounts in the Account Management System (AMS) to direct the merchant to capture the card. For information about listing in AMS, see the Account Management User Manual.

Who Are CAPS Members? CAPS members do not have MIPs to maintain the Account File; however, they do have connection to the Banknet® telecommunications network via a PC.

How Do CAPS Members Send Data to MasterCard? Issuers transmit a CAPS file of cardholder listings (the Sequential Account File) to MasterCard via the MasterCard File Express transfer facility. Members use this file to add, update, or delete records from the Account File. (File layouts for the Sequential Account File appear later in this chapter.) For more information about CAPS members sending data to MasterCard, contact the Customer Operations Services team. Issuers establish parameters on the Stand-In Processing Worksheet for CAPS Issuers (see Figure 8.1).

When Does CAPS Apply Data to the Account File? MasterCard updates the Account File during nightly maintenance with data that the issuer sends in CAPS files. It modifies issuer parameters whenever the issuer sends MasterCard a revised Stand-In Processing worksheet.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-1

Central Authorization Processing Service CAPS Features

Figure 8.1—Flow of Data Between the Issuer and Stand-In Processing

Sequential Account File

Issuer

Account File Stand-In

Stand-In Worksheet

Daily Activity Report

What Data does MasterCard Provide for Members? MasterCard provides the Daily Activity Report that contains supplemental transaction information, such as reversal transactions performed on behalf of the issuer; detailed fail codes indicating the reason why Stand-In processing or X-Code processing declined a transaction; and the authorization approval code if the transaction was approved. See chapter 10 for a sample of this report.

CAPS Features CAPS offers members the following features: •

Provision of 100% of authorization responses

CAPS responds to authorization requests on behalf of the issuer 24 hours a day, 7 days a week. •

Adjustment of cardholder credit

CAPS keeps track of the cumulative number and amount of credit card transactions it approves. It adjusts available cardholder credit by this amount before comparing the next authorization request to the available credit. Whenever the issuer updates the credit available, CAPS resets the cumulative tally to zero. •

Easy access to the service

CAPS members use the MasterCard File Express transfer facility to transmit the files between the issuer’s PC and MasterCard.

8-2

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service CAPS Features



Secure access to the service

The MasterCard security system monitors all access to MasterCard File Express. The security system allows only authorized personnel to access and exchange CAPS data through MasterCard File Express. •

File maintenance as needed

Members can transmit requests to add, update, or delete accounts from the Account File as often as they like to maintain the files—weekly, daily, or multiple times during the day. MasterCard performs nightly file maintenance. See “When to Send the Sequential Account File” later in this chapter. •

Emergency file maintenance

MasterCard allows the issuer to send requests via fax for an emergency add, update, or delete to the Account File. MasterCard operators apply these requests periodically throughout the day. See “Emergency Maintenance to the Account File” later in this chapter. •

Choice regarding the size of transmissions

Issuers can transmit full file replacements or individual record updates. •

Secure data transmission

MasterCard OnLine® compresses and encrypts CAPS data between the user’s desktop and MasterCard. •

Edited data

MasterCard edits the data submitted by the member to ensure that the data is valid and that required data elements are present. •

Information to maintain issuer records

MasterCard makes the editing results and file maintenance available, including emergency file maintenance, to enable the issuer to keep its own records current. MasterCard creates the Daily Activity Report for this purpose.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-3

Central Authorization Processing Service Sending and Retrieving CAPS Files via MasterCard File Express

Sending and Retrieving CAPS Files via MasterCard File Express Issuers send and retrieve CAPS files using the MasterCard File Express software. MasterCard File Express allows issuers to exchange data files from a PC to MasterCard using a variety of options for connectivity to MasterCard OnLine. Contact Online Solutions and Services at 1-800-288-3381 (within the U.S. region) or 1-636-722-6636 (in regions outside the U.S. region) for details about connectivity options. MasterCard File Express establishes identification codes for the applications used to send and unload CAPS files. The following table lists the files available and the associated MasterCard File Express identification codes. Application Identification Codes

File

RB28

Sequential Account File

RM001

Authorization Velocity Monitoring Report

When to Send the Sequential Account File Issuers can transmit the Sequential Account File anytime; however, MasterCard must receive transmissions by 23:00 St. Louis time to be effective with that day’s maintenance cycle. MasterCard performs CAPS maintenance to the Account File each night at 24:00 midnight. Follow these steps to send the Sequential Account File to MasterCard via MasterCard File Express. Details about particular fields and transmission of multiple files follow these procedures. Step

Action

1.

Create a header record (see Figure 8.3 for field descriptions and valid values). Each transmission of the file must be in ascending sequence by cardholder number within ICA number and each ICA number should appear only once within a transmission. Note: An incorrect value for ICA number in the header record causes CAPS to

reject the entire transmission. 2.

Create detail records (see Figure 8.4). Note: Do not include duplicate cardholder numbers within an update

transmission. If the system detects a duplicate number, the second record is rejected. 3.

8-4

Create a trailer record (see Figure 8.5).

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Sending and Retrieving CAPS Files via MasterCard File Express

Step

Action

4.

Place the RB28 file into the MasterCard File Express File Type directory RB28.

5.

Start the application and send the RB28 file to MasterCard using the steps outlined in the MasterCard File Express Client Users’ Guide.

Input File Type Field In the Input File Type field, issuers may choose either F (full file replace) or U (update batch). •

Full file replace replaces card numbers at the bank identification number

(BIN) level. If an ICA number is associated with multiple BINs, only the BINs submitted for the full file replace are affected. Select the full file replace option in this field to establish a file at MasterCard for the first time. •

Update batch replaces card numbers at the account level. An update transmission affects only the account numbers present in the detail records.

Issuers must establish an entire transmission as either a full file replace or as an update.

Note

CAPS rejects all records in any transmission that includes headers with both the full file replace code and the update code.

Transmission of Multiple Files Exercise caution when transmitting multiple files within a single MasterCard processing cycle (same day). CAPS applies transmissions in order of the date and time that you created them (recorded in the Transmittal ID field of the header and trailer records). This order becomes critical when the following situations occur: •

If you send two full file replace transmissions in one day, CAPS rejects the first transmission and accepts the second.



If you send an update transmission followed by a full file replace transmission on the same day, the system rejects the update transmission and processes the full file replace.

This logic applies to multiple ICA number transmissions also.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-5

Central Authorization Processing Service Sending and Retrieving CAPS Files via MasterCard File Express

Entry Reason Field In the Entry Reason field, issuers can choose one of the following entry reason values. Entry Reason

Description

V (VIP card)

Prompts Stand-In processing to initiate the Stand-In processing tests described in chapter 6 to determine an authorization response

P (Capture card)

Prompts Stand-In processing to issue an authorization response of capture card

R (Decline)

Prompts Stand-In processing to issue an authorization response of decline.

Credit Availability Field The issuer can update the credit available by submitting a Sequential Account File Record with 217 (Add/Update) in the Record Code field, and the correct dollar amount in the Credit Availability field. The new 217 record replaces the values from the previous Sequential Account File record. To maintain accurate records of available credit for each cardholder, the CAPS issuer must refer to the Issuer CAPS Authorization Detail Report in addition to the CAPS files. This report shows transactions that X-Code processing approved when CAPS was unavailable. (See chapter 2 for an explanation of X-Code processing.) Because this type of processing occurs only when CAPS cannot be reached, CAPS does not report it in a CAPS file and does not adjust cardholder credit limits for these transactions. CAPS issuers receive the Issuer CAPS Authorization Detail Report automatically. See the MasterCard Consolidated Billing System Reports manual for a layout of this report.

MasterCard Edits Edits verify that the issuer PC is set up to send for that particular ICA number. During nightly processing, it also verifies that the ICA number is set up for CAPS and that all detail records are for the same ICA number. Finally, it edits the Sequential Account File to ensure that the BIN is valid and that required data elements are present.

8-6

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Sending and Retrieving CAPS Files via MasterCard File Express

MasterCard File Express Security All data files sent to MasterCard are associated with the user’s ICA number and endpoint. MasterCard File Express authenticates each user during the login process. MasterCard File Express then determines which file types the user is eligible to access, and provides the authenticated user access only to those file types.

Reporting of Errors in the Sequential Account File MasterCard File Express returns error messages in the Daily Account File Activity Report. See the Account Management User Manual for a sample of the Daily Account File Activity Report. Correct and resubmit rejected transactions as appropriate.

Emergency Maintenance to the Account File In an emergency situation, issuers can send adds, updates, or deletes to the MasterCard Global Service Center. The Global Service Center enters these file maintenance requests online. Follow these steps for emergency file maintenance requests. Before you need this service, send a letter on your letterhead stationery to your MasterCard Customer Operations Services representative stating the name and signature of all persons authorized to make an emergency update request. (You may require dual signatures on emergency update requests; if you do, state this in the letter.) MasterCard keeps the letter in your file and sends a copy to the Global Service Center. When you need this service, follow these steps.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-7

Central Authorization Processing Service Sending and Retrieving CAPS Files via MasterCard File Express

Step

Action

1.

Type your request on letterhead stationery. Include the following information:

2.



The words EMERGENCY ACCOUNT FILE MAINTENANCE as the subject of the letter



The words EMERGENCY ACCOUNT FILE MAINTENANCE as the subject of the letter



Your ICA number



The cardholder number(s) you want to add, update, or delete



File maintenance action(s): Add, Update, or Delete



The entry reason (for Add and Update requests only): V (VIP), R (Decline), or P (Capture Card)



Credit limits (for Add and Update VIP accounts only)



Authorized signatures

Send the request to MasterCard via fax to 1-636-722-7192.

Transmission and Effective Times Issuers can request emergency file maintenance anytime. Personnel at the MasterCard Global Service Center perform the file maintenance every two hours on the even hour (St. Louis time), 7 days a week: • • • • • • • • • • • •

00:00 (midnight) 02:00 04:00 06:00 08:00 10:00 12:00 (noon) 14:00 16:00 18:00 20:00 22:00

Transmission of a Subsequent Full File Replace If you send a full file replace transmission after requesting emergency file maintenance, verify that you included in the full file replace the change affected by your emergency request. If you do not, the full file replace transmission will negate the emergency change made by the Global Service Center.

8-8

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service File Layouts

File Layouts The following pages include the file layouts for the Sequential Account File.

Sequential Account File The Sequential Account File transmitted to MasterCard must contain the records shown in Figure 8.2. Figure 8.2—Sequential Account File Records Record Type

Description

253

Identifies the ICA header record and processing options. The information defined in the header record identifies the type of file.

217

Identifies an Add/Update Detail record. The same record type is used for both full file replace and update files.

223

Identifies a Delete Detail record. Delete records are present only on update files.

263

Identifies the ICA trailer record. A trailer must follow all the detail records submitted for an ICA number.

Figure 8.3——Sequential Account File ICA Header Record Field Name Transaction Code

Position Length Comments/Valid Values 1–3

3

Code indicating the type of record. Valid value: 253

Issuer ICA Number

4–9

6

Requesting issuer’s customer identification number.

Report Control

10–10

1

Constant value: 0

Account File Indicator

11–11

1

Code identifying this record as one that will go to the Account File. Valid value: P

Member Type

12–12

1

Code identifying the location of the member. Valid values:

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

D

=

Member in the U.S. region

I

=

Member in a region outside the U.S. region

8-9

Central Authorization Processing Service File Layouts

Field Name Input File Type

Position Length Comments/Valid Values 13–13

1

Code indicating the type of file maintenance requested. Valid values:

Transmittal ID

14–22

9

F

=

Full file replace

U

=

Update batch

The Julian date, hour, and minute the member created the file. Note: All ICA headers in a transmission must have the same Transmittal ID.

Format: YYJJJHHMM YY

=

year

JJJ

=

day

HH

=

hour

MM

=

minute

Note: The Transmittal ID field will be zeros when the initial full file replace is transmitted for an ICA number.

Last Update Info

23–31

9

The Julian date and hour/minutes stamp from the last Sequential Account File the member used to update its cardholder account listing at MasterCard. Format: YYJJJHHMM

Filler

8-10

32–50

19

YY

=

Year

JJJ

=

Day

HH

=

Hour

MM

=

Minute

Valid values: spaces

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service File Layouts

Figure 8.4—Sequential Account File Detail Record Field Name Transaction Code

Position Length Comments/Valid Values 1–3

3

Code indicating the type of record. Valid values: 217

=

Add/Update record

223

=

Delete record

Note: Only the Record Code and Cardholder Number fields are used when validating Delete records.

Cardholder Number

4–19

16

Number that is embossed, encoded, or both on the card. Issuers may input only those account numbers that contain their assigned BINs. Format: Right-justified with leading zeros Note: No check-digit verification is performed. The cardholder number is processed as presented.

Entry Reason

20–20

1

Reason for listing this card. Valid values:

Credit Availability

21–29

9

V

= VIP card

P

= Capture Card

R

= Decline

Cumulative dollar limit for this account in U.S. dollars. Format: Zero-fill for requests with entry reasons other than “V.” For requests with entry reason V, enter amounts in whole dollars (for example, 5000 for USD 5,000.00).

Filler

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

30–50

21

Constant spaces

8-11

Central Authorization Processing Service Completing the Stand-In Processing Worksheet

Figure 8.5—Sequential Account File ICA Trailer Record Field Name Transaction Code

Position Length Comments/Valid Values 1–3

3

Code indicating the type of record. Valid value: 263

Issuer ICA Number Transmittal ID

4–9

6

Echo of the header record.

10–18

9

Echo of the header record. Note: When data for multiple ICA numbers are transmitted in one file, the same information must be included in the transmittal ID for each ICA number.

Record Count

19–27

9

The total number of detail records for this ICA number. Format: Zero-filled; right-justified

Filler

28–50

23

Constant spaces

Completing the Stand-In Processing Worksheet To generate authorization responses, Stand-In processing must have issuer parameters on file. Issuers establish or update parameters by completing the Stand-In Processing Worksheet for CAPS Issuers (Stand-In Processing worksheet). The Stand-In Processing worksheet is required for all CAPS issuers. You must complete at least one worksheet for each issuing ICA. You may list multiple bank identification numbers (BINs) on one worksheet if both of the following statements are true: •

You are available to respond to call referrals for all listed BINs at the phone numbers that you list during the times that you list on the worksheet.



You want to establish the same parameters for all listed BINs.

If different BINs have different hours of operation for referral handling or different parameters, you must complete a separate worksheet for each BIN.

8-12

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Completing the Stand-In Processing Worksheet

To Complete the Worksheet To complete the Stand-In Processing worksheet, follow these steps. Step

Action

1.

Determine how much of the form you need to complete. IF you are filling out the form…

THEN you must complete…

For the first time

The entire form

To update your existing parameters

Only the applicable pages of the form.

2.

Copy the appropriate pages of the form. (MasterCard suggests that you always leave one sample copy in this manual.)

3.

Complete the appropriate pages of the form.

4.

On each page that you complete, print your name (the person who completed the form) on the Contact Name line, sign your name on the Contact Signature line, print your Phone number, and provide the date (the Completed date).

5.

Fax or mail the completed pages to: MasterCard International Attention: Customer Operations Services 2200 MasterCard Boulevard O’Fallon MO 63368-7263 USA Fax: 1-636-722-7192

Default Values MasterCard has established minimum and maximum values for certain parameters. The form lists these minimum and maximum values. •

If you do not establish higher limits by writing your higher limits on the form, MasterCard will apply the minimum limits as default values for your limits.



If you want MasterCard to set the minimum limits as your limits, select the default box on the form above the place to establish your limits.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-13

Central Authorization Processing Service Important Dates

Setting Limits Lower than the MasterCard Minimums If an issuer needs to establish limits that are lower than the MasterCard minimums for certain transaction category codes (TCCs), the issuer must request these lower limits in writing. The issuer must receive approval from MasterCard before establishing limits that are lower than the minimums. However, an issuer may set lower limits for card acceptor business code/merchant category code (MCC) 7995 (Gambling) without requesting approval. For questions about lower limits, contact the Customer Operations Services team.

On Every Page Include the following information on each page of the worksheet: BIN: Enter the bank identification number. ICA: Enter the six-digit ICA number. Card Program: For MasterCard use. All CAPS accounts are established as VIP

accounts.

Important Dates The important dates section is required. This section allows you to inform Customer Operations Services of the dates you want the requested BIN and ICA number to be live. Additionally, you can inform the Customer Operations Services team of the date you intend to begin issuing cards with the requested BIN and ICA number.

How MasterCard Uses this Information MasterCard will attempt to accommodate your requested live date.

Note

8-14

Customer Operations Services will confirm this date, dependent on the receipt of complete, accurate, and legible information.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Telephone Numbers

When Changes are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Telephone Numbers The telephone numbers section is required. This section allows you to designate the phone numbers for departments within your organization that support authorization processes.

How to Complete this Section Phone Number for Call Referral Center (for the center that will receive the call referral phone call): Enter the phone number acquirers use to call for

authorization when you (or Stand-In processing) issue call referral responses. This is the phone number to which Global Automated Referral Service (GARS) calls are connected. Phone Number for Security Department: Enter the phone number of your Security Contact (for general security-related issues). Phone Number for Reporting Lost or Stolen Cards: Enter the phone number that

cardholders call to report a lost or stolen card. Phone Number for Customer Service: Enter the phone number of the department or person that receives the calls from cardholders. Processor Name (if applicable): If you use a processor, enter its name.

How MasterCard Uses this Information The Global Automated Referral Service (GARS) and the Customer Operations Services team use these phone numbers when contacting the issuer.

When Changes are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-15

Central Authorization Processing Service Hours of Operation for Call Referral Center

Hours of Operation for Call Referral Center The hours of operation for call referral center section is required. This section allows you to specify the times when your call referral center is available to accept call referrals.

How to Complete this Section If you are available for call referral handling 24 hours a day, 7 days a week, select the Check box for default of open 24 hours, 7 days a week check box. If you are not available for call referral handling 24 hours a day, 7 days a week, read the following explanations: •

The times specified between “Open” and “Close” must include all of the times that you are available for call referral handling within the hours 00:00– 24:00 on each day. If your call center was open Monday night and is still open on Tuesday morning until 01:00, for example, you must show the first Open/Close times on Tuesday as 00:00–01:00.



The Open time for each associated Close time must be less than the Close time. If your call center opens at 05:00, for example, it must close later than 05:00. If the Open time is 05:00, a Close time of 24:00 is valid. If the Open time is 05:00, a Close time of 01:00 is not valid.

Complete each column as described below. The time in any Open column may not be earlier than 00:00 and the time in any Close column may not be later than 24:00.

8-16

Step

Action

1.

In the first column (Open), enter the first time (beginning at 00:00, which is midnight) that your facility is available to handle call referrals. This could be as early as 00:00, which means that your facility is still open from the previous night.

2.

In the second column (Close), enter the first time during that 24-hour day (between the hours of 00:00 and 24:00) that your facility stops being available to handle call referrals.

3.

In the third column (Open), enter the second time during that 24-hour day (between the hours of 00:00 and 24:00) that your facility opens to handle call referrals. This time must be greater than the time in the second column.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Hours of Operation for Call Referral Center

Step

Action

4.

In the fourth column (Close), enter the next time during that 24-hour day (between the hours of 00:00 and 24:00) that your facility stops being available to handle call referrals. If your facility stays open through the night and into the next day, you must still write 24:00 (midnight) as the closing time for this day. In this case, the next day opens at 00:00 (also midnight).

One Opening and One Closing Within One Day If you open your facility once and close it once within the same day, between the hours of 00:00 and 24:00, use the first two columns to record your hours of operation. The following example illustrates sample hours of operation for a facility that is available at the following times: •

From 05:00 to 24:00 every day except Sunday



From 10:00 to 17:00 on Sunday

Example—One Opening and One Closing Open (HH:MM)

Close (HH:MM)

Open (HH:MM)

Close (HH:MM)

Monday

05:00

24:00

:

:

Tuesday

05:00

24:00

:

:

Wednesday

05:00

24:00

:

:

Thursday

05:00

24:00

:

:

Friday

05:00

24:00

:

:

Saturday

05:00

24:00

:

:

Sunday

10:00

17:00

:

:

Two Openings and Closings Within One Day If you open and close your facility more than once between the hours of 00:00 and 24:00 on any given day, you should use all four columns to record your hours of operation. Remember to show all of the times that you are available for call referral handling within the hours 00:00–24:00 on each day. The following example illustrates sample hours of operation for a facility that is available to handle call referrals during the following times: •

Open from 07:00 Monday to 01:00 Tuesday

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-17

Central Authorization Processing Service Hours of Operation for Call Referral Center

• • • • • •

Open from 07:00 Tuesday to 01:00 Wednesday Open from 07:00 Wednesday to 01:00 Thursday Open from 07:00 Thursday to 01:00 Friday Open from 07:00 Friday to 01:00 Saturday Open from 07:00 Saturday to 01:00 Sunday Closed between 01:00 Sunday and 07:00 Monday

Example—Two Openings and Two Closings Open (HH:MM)

Close (HH:MM)

Open (HH:MM)

Close (HH:MM)

Monday

07:00

24:00

:

:

Tuesday

00:00

01:00

07:00

24:00

Wednesday

00:00

01:00

07:00

24:00

Thursday

00:00

01:00

07:00

24:00

Friday

00:00

01:00

07:00

24:00

Saturday

00:00

01:00

07:00

24:00

Sunday

00:00

01:00

:

:

Daylight Saving Time Date Range The daylight saving time date range does not apply if the call referral center is open 24 hours, 7 days a week with no holidays. If the call referral center is not open 24 hours, 7 days a week with no holidays, follow these steps. Step

Action

1.

IF the local time of your Call Referral Center… Does not use daylight saving time

THEN… Select the Check this box if the local time for the Call Referral Center does not use daylight saving time check box. Do not fill out the rest of this section.

Uses daylight saving time

8-18

Go to step 2.

2.

After “From:” provide the month, day, and year (MMDDYY) and the hour and minute (HHMM) that daylight saving time begins (in your local time).

3.

After “To:” provide the month, day, year, hour, and minute that it ends (in your local time).

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Hours of Operation for Call Referral Center

Coordinated Universal Time (UTC) Offset The UTC offset does not apply if the call referral center is open 24 hours, 7 days a week with no holidays. If the call referral center is not open 24 hours, 7 days a week with no holidays, follow these steps. Step

Action

1.

IF local time for your Call Referral Center is…

THEN…

Behind UTC

Select the check box before Behind (“-”) UTC.

Ahead UTC

Select the check box before Ahead (“+”) UTC.

2.

On the same line that you selected the check box, enter the amount of time difference (in hours and minutes) between the local time for your call referral center and UTC.

How Stand-In Processing Uses this Information If Stand-In processes a transaction, Stand-In processing issues call referrals only during the hours that you establish as “open” on this form. Your call referral center must be available to take call referrals during the hours that you establish as “open” on this form.

Noncompliance Assessments Issuers must be available to take call referrals during the hours that they establish as “open” on the Stand-In Processing worksheet. MasterCard examines issuer transactions for the week and compares them to the Hours of Operation that the issuer indicates on this worksheet. Stand-In processing issues call referrals only during the hours that the issuer establishes as “open.” The issuer is charged a fee for each day that it issues call referrals during the hours that it establishes as “closed” on the Stand-In Processing worksheet. The issuer also is charged a fee for each call referral that it issues during the hours that it establishes as “closed” on the Stand-In Processing worksheet. For more information about noncompliance assessments and for a complete description of the billing events for authorization services, see the MasterCard Consolidated Billing System Manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-19

Central Authorization Processing Service Holidays for Call Referral Center

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Holidays for Call Referral Center The holidays for call referral center section is required.

Note

Issuers must complete and submit this section of the worksheet every year.

This section tells MasterCard the times when your call referral center availability differs from the schedule that you provided in the hours of operation for call referral center section.

How to Complete this Section To complete the holidays for call referral center section, follow these steps. Step

Action

1.

After For Year at the top of the page, enter the year for which these holidays apply.

2.

IF your Call Referral Center…

THEN…

Does not close for any holidays

Select the Check this box for default of no holidays check box. Do not complete any more of this section.

Closes for holidays

Go to step 3.

3.

For each day that you will not be available as stated under Call Referral Center Hours of Operation, enter the month and day under MM/DD.

4.

If you can accept call referrals for part of a holiday, enter the times that you will be available under Open and Close. If your office will close for the entire day, enter 00:00 under Open and 00:00 under Close.

8-20

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Cash Disbursement Accumulative Limits

How Stand-In Processing Uses this Information Stand-In processing issues call referrals only during the hours that you establish as “open” in this section. Stand-In processing will not issue call referrals when your call referral center is closed for a holiday.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Cash Disbursement Accumulative Limits The cash disbursement accumulative limits section is optional. This section allows you to establish separate limits specific to cash disbursement.

How to Complete this Section After Days, specify any number of days (up to 45) to control the velocity of MasterCard accounts used for cash withdrawal. After Accumulative Dollars Allowed, enter the maximum U.S. dollar amount to be accumulated during the Days range.

How Stand-In Processing Uses this Information Stand-In processing uses these limits during the Accumulative Limits test. Any time an authorization request for a cash disbursement exceeds these limits, Stand-In processing responds according to the parameters that you established on the Decision Matrix in the Accumulative Limit Test column.

Note

Stand-In processing counts cash disbursement transactions when it calculates the accumulative limits. The values that you establish here for cash disbursement transactions should not conflict with what you established in the previous accumulative limits.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-21

Central Authorization Processing Service Decision Matrix

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Decision Matrix The decision matrix section is required. This section allows you to specify how Stand-In processing will respond when a transaction fails any of the following Stand-In processing tests: •

Account File test



Transaction Limits test



Accumulative Limits test



VIP Limits test

This section defines the authorization response that Stand-In processing will generate in response to an authorization request.

How to Complete this Section The worksheet allows you either to choose default values, which MasterCard has already established, or to specify your own values. If you want to use the MasterCard default values for the decision matrix, select the Check this box to use the default values listed below check box. To specify your own values, designate the following Stand-In processing responses. Code

Stand-In Processing Response Descriptions

C

Refer to card issuer.

N

Decline—If the test fails and the entry reason in the Account File is C (credit), U (unauthorized use), or O (other). Capture Card—If the test fails and the entry reason in the Account File is P (capture card), F (fraud), L (lost), S (stolen), or X (counterfeit).

A

8-22

Continue Stand-In processing. (Skip the Transaction Limits test and go to the next Stand-In processing test.)

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Decision Matrix

Account File Test: Enter a value to indicate the authorization response that you

want Stand-In processing to generate when one of the following is true: •

The account is listed on the Account File with an entry reason of C (credit), O (other), or U (unauthorized use).



The transaction failed the CVC 1 Test.

Entry reasons of F (fraud), L (lost), P (capture card), S (stolen), or X (counterfeit) always result in a capture card response. Transaction Limits Test: Enter a value to indicate the authorization response that

you want Stand-In processing to generate when it receives an authorization request that exceeds the Transaction Limits.

Note

If you enter value A for the Transaction Limits test, Stand-In processing will skip the Expanded Parameter Combinations and the Transaction Category Code Global Parameters. Stand-In processing will apply only Accumulative Limits.

Accumulative Limits Test: Enter a value to indicate the authorization response

that you want Stand-In processing to generate when it receives an authorization request that exceeds the Accumulative Limits. VIP Limits Test: Enter a value to indicate the authorization response that you

want Stand-In processing to generate when it receives an authorization request that exceeds the VIP limits.

How Stand-In Processing Uses this Information Stand-In processing uses the instructions in this section when a transaction fails one of these Stand-In processing tests.

Note

If you enter value A for the Transaction Limits test, Stand-In processing will skip the Expanded Parameters and the Global Limits. As a result, Stand-In processing will test only the Accumulative Limits.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-23

Central Authorization Processing Service Range Blocking

Range Blocking The range blocking section is optional. Issuers use range blocking to combat fraud. The range blocking section identifies ranges of card numbers within your BINs that you: •

Have not issued to cardholders (and that should be blocked), or



Blocked previously and now want to unblock

For information about the charges for range blocking, see the MasterCard Consolidated Billing System Manual.

How to Complete this Section To prepare this section of the form, follow these steps.

Note

Step

Action

1.

In the From account number column, enter the first 11 digits of the account number at the beginning of the range. (The first six of the 11 digits must be the BIN.)

2.

In the Through account number column, enter the first 11 digits of the account number at the end of the range. (The first six of the 11 digits must be the BIN.)

3.

Select Block or Unblock to indicate whether this range of card numbers should be blocked or unblocked.

Remember to submit this section of the form again to MasterCard when you decide to issue cards within these blocked ranges. Because the most current form entirely replaces all previously requested range blocks, you must list all range blocks that you require each time you submit the form.

To unblock a portion of a range that is currently blocked, submit the form unblocking the entire range that is blocked and submit the new range to be blocked on the same form.

8-24

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service Expanded Parameter Combinations

How Stand-In Processing Uses this Information Stand-In processing issues a response of “invalid card number” (regardless of the acquiring country) for any authorization request within the blocked ranges.

Note

Range blocking only applies for transactions processed by Stand-In processing. Card numbers within the blocked ranges do not automatically appear in the Account Management System (AMS) electronic warning bulletin file.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

Expanded Parameter Combinations The expanded parameters section is optional. Issuers use expanded parameters for helping to reduce fraud and for special promotional programs The expanded parameters section allows you to set dollar limits for authorization transactions based on a variety of transactions.

How to Complete this Section The worksheet allows you either to choose default limits, which MasterCard has already established, or to specify your own limits. Country Codes: You can designate as many as 10 individual countries for

which these transaction limits will apply. Use the three-digit country codes listed in the Quick Reference Booklet. Designate 000 to establish limits that apply to all countries. If you do not enter a country code, MasterCard will use 000 as the default. Promotion Code: A promotion code is an alphanumeric code that can be

included in the Authorization Request/0100 message. Stand-In processing uses the code to identify transactions that apply to an issuer’s promotion program. The promotion code allows the issuer to use different criteria to determine authorization responses for transactions that occur at the participating merchants.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-25

Central Authorization Processing Service Expanded Parameter Combinations

IF you…

THEN…

Want these transaction limits to apply to a specific promotion code

Enter the promotion code.

Do not want these transaction limits to apply to a specific promotion code

Leave these spaces blank.

CAT Level: A cardholder-activated terminal (CAT) is a bankcard reading remote

device (usually unattended) that dispenses a product or provides a service. A CAT must be one of the following types of terminals: •

Automated Dispensing Machine/Level 1



Self-service Terminal/Level 2



Limited Amount Terminal/Level 3



In-flight Commerce Terminal/Level 4



Electronic Commerce/Level 6



Transponder/Level 7

IF you…

THEN…

Want these transaction limits to apply to a specific CAT level

Enter the CAT level.

Do not want to restrict these transaction limits to a particular CAT level

Leave this space blank.

Transaction Category Codes or Card Acceptor Business Code/Merchant Category Codes: Enter values in U.S. dollars for up to 10 TCCs or up to 10 MCCs. You cannot enter both TCC and MCC limits. If you enter values only for card present,

MasterCard will apply these values to both card present and card not present situations.

How Many Limits You Can Establish You can establish as many as 17 sets of limits. To create additional sets of limits, copy the form as many as 17 times and send it with different combinations of limits. In addition, MasterCard also has established two required sets of limits.

8-26

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Central Authorization Processing Service VIP Controls

Using the Expanded Parameter Combinations IF you want to… •



THEN…

Raise Stand-In processing limits to • accommodate a seasonal adjustment, such as a holiday shopping season in one country, and • Retain the default limits for all other acquiring countries

Set limits for local-use-only cards; that is, cards that can be used only within a particular country

Enter the Country Code of that specific country. Enter the transaction limits by TCC for that country, and On a separate page, enter a Country Code of 000. Enter the transaction limits by TCC that apply to all other acquiring countries.



Enter the BIN, ICA, and card program of the local-use-only cards.



Enter the Country Code of the specific countries in which the cards may be used. Enter the transaction limits by TCC for that country.

How Stand-In Processing Uses this Information Stand-In processing uses these dollar limits during the Transaction Limits test. Stand-In processing applies the limits based on the characteristics of each authorization request. If you establish transaction limits for country 454, for example, Stand-In processing applies your established limits to all authorization requests from country 454.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

VIP Controls The VIP controls section is optional. This section allows you to set specific limits that Stand-In processing applies to accounts listed in the Account File as VIP. The VIP designation is a method of identifying accounts that the issuer wants Stand-In to process differently from MasterCard® cards, MasterCard® BusinessCard cards, and Gold MasterCard® cards.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

8-27

Central Authorization Processing Service VIP Controls

How to Complete this Section To designate an account as VIP, the issuer enters an Entry Reason of V when listing the account in the Account File. For listing procedures, see the Account Management User Manual. You must complete all of the options in this field if you are supporting VIP accounts. Country Code: Enter the country code to which these VIP limits should apply. Single Transaction Limit: Enter the maximum amount that you want Stand-In

processing to authorize for any single transaction involving a VIP account. You must indicate a value in this field if you are supporting VIP accounts. The amount may not be greater than USD 99,999. Do not enter zero in this field. Entering zero will cause all transactions to fail this test. Accumulative Limits Days: Specify any number of days (up to 99) during which

Stand-In processing should measure the total number of authorization transactions authorized. The MasterCard default is four. Transactions: Enter the maximum number of transactions (up to 999) involving

a VIP account that you want Stand-In processing to authorize during the number of days specified above. You must indicate a value in this field if you are supporting VIP accounts. Do not enter zero in this field. (Entering zero will cause all transactions to fail this test.)

How Stand-In Processing Uses this Information During the Accumulative Limits test for VIP accounts, Stand-In processing applies the Days and Count Limit parameters designated in this section of the form.

When Changes Are Effective Changes submitted in this section will be effective after Customer Operations Services receives complete, accurate, and legible information. Confirm the effective date of these changes with the Customer Operations Services team.

8-28

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

9

Authorization Services Detail This chapter describes MasterCard services that interface with and add value to the MasterCard Authorization System. This chapter also includes information about requesting and using these services.

Account Balance Response.................................................................................9-1 Account Management..........................................................................................9-2 Account Management System.......................................................................9-2 Account File ..................................................................................................9-2 Recurring Payment Cancellation Service (RPCS) .........................................9-3 Blocking Ranges of Accounts .......................................................................9-3 Address Verification Service................................................................................9-5 Participation Requirements ...........................................................................9-5 Indicating AVS Participation during Sign-in.................................................9-5 AVS Process...................................................................................................9-5 Address Key ..................................................................................................9-6 Issuer Procedures ........................................................................................9-10 Authorization Multiple Currency Conversion...................................................9-11 Using AMCC ................................................................................................9-11 Signing Up for AMCC..................................................................................9-11 Participating in AMCC.................................................................................9-11 Data Elements Used by AMCC ...................................................................9-12 AMCC Processing Logic ..............................................................................9-12 Acquirer Processing Logic ..........................................................................9-13 Issuer Processing Logic...............................................................................9-14 Examples of AMCC Processing...................................................................9-15 Balance Inquiries...............................................................................................9-23 ATM Balance Inquiries................................................................................9-23 Point-of-Sale (POS) Terminal Balance Inquiries........................................9-24 Card Level Support............................................................................................9-26 Card Validation Code 1 Verification in Stand-In Processing ...........................9-27 Assigning Multiple Sets of DES Keys to an Account Range......................9-27 Assigning the Same Set of DES Keys to an Account Range......................9-27

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-i

Authorization Services Detail

Reporting CVC 1 Verification in Stand-In Processing................................9-34 Card Validation Code 2 Verification .................................................................9-35 CVC 2...........................................................................................................9-35 Conditions for CVC 2 Verification ..............................................................9-35 Participation Requirements .........................................................................9-35 Authorization System Processing Flow Diagrams......................................9-37 Card Validation Code Verification for Emergency Card Replacements ..........9-43 How to Request CVC Verification for ECR Service....................................9-43 Use of CVC Keys.........................................................................................9-43 Cardholder-activated Terminals ........................................................................9-44 Types of CATs .............................................................................................9-44 Automated Dispensing Machines ...............................................................9-44 Self-service Terminals .................................................................................9-45 Limited Amount Terminals .........................................................................9-45 In-flight Commerce .....................................................................................9-46 Electronic Commerce Transactions ............................................................9-48 Transponder Transactions ..........................................................................9-48 Check Guarantee...............................................................................................9-49 Requirements for Authorization Request/0100 Messages..........................9-49 Requirements for Authorization Request Response/0110 Messages.........9-49 Country Level Authorization .............................................................................9-50 Process for Country Level Authorization ...................................................9-50 Electronic Commerce ........................................................................................9-51 Member Requirements ................................................................................9-51 Process for an Electronic Commerce Transaction .....................................9-51 Types of Electronic Commerce Transactions.............................................9-52 Flow of an Electronic Commerce Authorization Transaction ...................9-53 Expired Card Override ......................................................................................9-57 System Definition of an Expired Card........................................................9-57 Expired Card Tests ......................................................................................9-57 Fleet Card Transactions.....................................................................................9-62 Incentive Interchange Rates........................................................................9-62 Transmitting Fleet Card Data in Authorization Request/0100 Messages......................................................................................................9-62 Fleet Card Authorization Response ............................................................9-63

9-ii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail

Initiating Fleet Card Support.......................................................................9-63 Global Automated Referral Service...................................................................9-64 Benefits of Using GARS ..............................................................................9-64 GARS Process ..............................................................................................9-64 Acquirer Use of GARS.................................................................................9-68 Issuer Use of GARS .....................................................................................9-72 Monitoring Call Referral Activity ................................................................9-75 To Request GARS or Change GARS Parameters ........................................9-75 M/Chip On-behalf Services...............................................................................9-76 Chip to Magnetic Stripe Conversion...........................................................9-76 M/Chip Cryptogram Pre-validation Service................................................9-77 M/Chip Cryptogram Validation in Stand-In Processing.............................9-77 Magnetic Stripe Compliance Program ..............................................................9-78 Participating in the Magnetic Stripe Compliance Program........................9-78 Requirements for Magnetic Stripe Compliance..........................................9-79 Risk of Not Participating .............................................................................9-80 Manual Telex Authorization Requests ..............................................................9-81 Telex Requests ............................................................................................9-81 Telex Responses..........................................................................................9-84 Authorization Request Response................................................................9-85 MasterCard ATM Network.................................................................................9-87 Data Security ...............................................................................................9-87 ATM Locator ................................................................................................9-87 ATM Directory.............................................................................................9-88 Benefits........................................................................................................9-88 Supported Transactions ..............................................................................9-89 Interfaces to the MasterCard ATM Network...............................................9-89 For More Information..................................................................................9-90 MasterCard SecureCode ....................................................................................9-91 Universal Cardholder Authentication Field ................................................9-91 SecureCode Authentication Platforms ........................................................9-91 Licensing SecureCode Specifications..........................................................9-91 Accountholder Authentication Value .........................................................9-92 Comparison of Security Protocols ..............................................................9-94

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-iii

Authorization Services Detail

MasterCard-acquired Visa Transactions............................................................9-95 Issuer Options .............................................................................................9-95 CPS Transactions .........................................................................................9-95 Indicators.....................................................................................................9-95 Retail Key Entry Program............................................................................9-97 Secure Electronic Commerce Verification Service .....................................9-98 Visa Commercial Card Inquiry....................................................................9-98 Visa CVV2....................................................................................................9-99 Visa Fleet Card ............................................................................................9-99 For More Information..................................................................................9-99 Member-defined Data .....................................................................................9-100 Structure of Member-defined Data ........................................................... 9-100 Merchant Advice Codes ..................................................................................9-101 DE 48, Subelement 84 Values................................................................... 9-101 Common DE 39 Values.............................................................................9-101 DE 48, Subelement 84 with DE 39 ........................................................... 9-102 Partial Approvals ............................................................................................. 9-103 Alternate Processing.................................................................................. 9-103 For More Information................................................................................ 9-103 Payment Transaction Authorization................................................................ 9-104 Person-to-Person Transactions ................................................................. 9-104 Payment Transaction Blocking ................................................................. 9-106 Alternate Processing.................................................................................. 9-107 PIN Processing.................................................................................................9-109 Acquirer Requirements .............................................................................9-109 Issuer Requirements.................................................................................. 9-110 Support for Both Acquiring and Issuing Processing ............................... 9-111 Authorization System Security Requirements...........................................9-112 PIN Verification .........................................................................................9-118 PIN Verification in Stand-In Processing ...................................................9-118 PIN Key Exchange and Processing Forms ............................................... 9-119 Portfolio Sales Support....................................................................................9-120 Full BIN Transfer....................................................................................... 9-120 Partial BIN Transfer...................................................................................9-121 Fees............................................................................................................9-122

9-iv

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail

Promotion Code ..............................................................................................9-123 Purpose of Using a Promotion Code ....................................................... 9-123 How the Promotion Code Service Works ................................................9-123 To Participate in the Promotion Code Service......................................... 9-123 Purchase of Goods or Services with Cash Back Transactions for Debit MasterCard Cards............................................................................................. 9-124 To Participate ............................................................................................ 9-124 For More Information................................................................................ 9-124 Proximity Chip Payments................................................................................9-125 Recurring Payments.........................................................................................9-126 Indicating a Recurring Payment ............................................................... 9-126 Recurring Payment Cancellation Service........................................................ 9-127 Benefits of RPCS........................................................................................9-127 How RPCS Works......................................................................................9-127 Authorization Reports ...............................................................................9-128 To Participate ............................................................................................ 9-128 For More Information................................................................................ 9-128 RiskFinder ........................................................................................................9-129 Using RiskFinder ....................................................................................... 9-129 To Participate ............................................................................................ 9-129 For More Information................................................................................ 9-129 Transaction Research Request ........................................................................9-130 Conducting a Transaction Research Request ........................................... 9-130 Using the MasterCard eService Transaction Research Tool .................... 9-130 Accessing the Transaction Research Tool ................................................ 9-131 Using the Transaction Research Request Form ....................................... 9-135 Understanding Fees for Transaction Research Requests ......................... 9-135 Travel Industries Premier Service ................................................................... 9-136 To Participate ............................................................................................ 9-136 For More Information................................................................................ 9-136 Velocity Monitoring......................................................................................... 9-137 Types of Velocity Monitoring ................................................................... 9-137 Velocity Monitoring Reports ..................................................................... 9-137 Requesting AVM or MVM .........................................................................9-138

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-v

Authorization Services Detail Account Balance Response

Account Balance Response

Apr 2006

The account balance response enables issuers to transmit account balance information in authorization response messages. Issuers can use the account balance response for prepaid accounts and in ATM transactions. The account balance response is an “unsolicited” transmission of account balance data to the point-of-sale (POS) terminal or ATM. This feature is supported on both approved and declined authorization responses. When the issuer provides the available balance in the authorization response, POS and ATM terminals that are programmed to accept account balance data can display or print the available balance. •

Approved Responses—The available balance on an approved response is the account balance after the transaction amount has been deducted from the account.



Declined Responses—The account balance response is used on a declined

response to expedite split-tender purchases. For POS transactions where a prepaid card is used, this feature gives the cardholder and the merchant the information needed to process a split-tender transaction. The merchant can submit another authorization request for the purchase using a lower amount that can be approved by the prepaid issuer, and ask the cardholder to provide another form of payment for the remaining purchase amount. The available balance returned in a declined response identifies the current account balance, without deducting the declined transaction amount. MasterCard limits the account balance response to use on prepaid accounts and in ATM transactions. MasterCard advises issuers that they must not use the unsolicited account balance response for credit or debit accounts in POS transactions. Issuers that provide unsolicited credit or debit account balance information in POS transactions increase the potential for fraudulent activity and concerns for cardholder privacy. The Authorization System forwards the account balance response provided by the issuer to the acquirer only when it is returned in an ATM transaction or in a POS transaction for a prepaid account. Issuers must not transmit balance information for credit or debit accounts, unless it is for an ATM transaction.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-1

Authorization Services Detail Account Management

Account Management Issuers can manage restricted, negative, and preferred accounts through the:

Note



Account Management System (AMS)



Account File



Recurring Payment Cancellation Service (RPCS)

For information about any of the programs described in this chapter, contact the Customer Operations Services team. Unless otherwise noted, request all forms from the Customer Operations Services team.

Account Management System AMS allows members to identify and manage restricted accounts. AMS collects and distributes MasterCard restricted account listings in the Electronic Warning Bulletin file and paper Warning Notice for use in authorization processing. Generally, issuers list the following kinds of accounts in AMS: •

Lost



Stolen



Counterfeit



Severe credit problems with continued activity

Listing in AMS provides issuers with the following benefits: •

Warning bulletin chargeback rights



“Capture card” response for Stand-In, Limit-1, and X-Code processing

For More Information For details about AMS, see the Account Management User Manual.

Account File The Account File resides at Central Site and contains a list of negative accounts, restricted accounts, and preferred accounts.

9-2

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Authorization Services Detail Account Management

The Account File provides information about negative accounts, restricted accounts, and preferred accounts for Stand-In processing to use when making an authorization decision on behalf of the issuer. Issuers list the following types of accounts in the Account File: • •

VIP and Gold MasterCard® Card accounts that require higher authorization limits Negative accounts that require a Stand-In authorization response of decline, refer to card issuer, or capture card



Restricted accounts available from AMS

For More Information For details about the Account File, see the Account Management User Manual.

Recurring Payment Cancellation Service (RPCS)

Apr 2006

RPCS allows issuers to specify criteria to block recurring payment transactions identified in authorization messages and clearing records.

For More Information For details about RPCS, see the Account Management User Manual.

Blocking Ranges of Accounts MasterCard provides members two ways to list account ranges to stop the acceptance of a range of cards. The following table explains how to create two types of blocked listings. Type of Listing

How to List

Where it Goes

Group or Series

The issuer requests the Group or Series in writing.

MasterCard adds the listing to AMS.

Range Block

The issuer establishes the range block on the Stand-In Processing Worksheet.

MasterCard adds the listing to the Account File.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-3

Authorization Services Detail Account Management

The following table compares the levels of protection provided by the listing types. Type of Listing

9-4

Levels of Protection StandIn/Limit-1

Under Merchant X-Code Floor Limit

Chargeback Rights under Reason Code 4807

Group or Series

Yes

Yes

Yes

Only in catastrophic situations when approved by MasterCard

Range Block

Yes

Yes

No

No

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Address Verification Service

Address Verification Service The Address Verification Service (AVS) is a service for online members that verifies the cardholder’s billing address. This service protects against the fraudulent use of cards in non–face-to-face transactions.

Participation Requirements You must have online access to participate in AVS. IF the member…

AND is located…

THEN participation is…

Issues cards

In the U.S. region

Required

Issues cards

In a region other than the U.S. that supports AVS use for the region

Optional

Indicating AVS Participation during Sign-in When the issuer signs into the Banknet® telecommunications network, the issuer can choose to: •

Indicate that it does not participate in AVS using AVS Service Indicator 0



Receive AVS data in non-condensed format using AVS Service Indicator 1



Receive AVS data in condensed format using AVS Service Indicator 2



Receive AVS data in condensed format using AVS Service Indicator 3

See chapter 5 for more information about signing into the Banknet network.

AVS Process The following table shows the stages in an AVS transaction. Stage Description 1.

The acquirer generates an Authorization Request/0100 message with noncondensed address data included in DE 120 (Record Data). 1.

Banknet Network Acquirer

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

MIP

9-5

Authorization Services Detail Address Verification Service

Stage Description 2.

The issuer MIP applies an algorithm to construct the address key, which the issuer uses to verify the address. 2.

Banknet Network Acquirer

3.

MIP

Issuer

MIP

The issuer host compares the address key in DE 120 to the address key in the issuer database. 3.

Banknet Network Acquirer

4.

MIP

Issuer

MIP

The issuer generates an Authorization Request Response/0110 message with the AVS response included in DE 48 (Additional Data—Private Use), subelement 83 (Address Verification Service Response). Banknet Network Acquirer

MIP

MIP

4.

Issuer

Address Key The address key is the part of the Authorization Request/0100 message that contains the address data. To achieve a complete match, the key that AVS sends in DE 120 (Record Data) must be the same as the key in the issuer’s database. The address key consists of the following subelements in DE 120: •

Cardholder postal/ZIP code



Cardholder address (condensed or non-condensed)

Cardholder Postal/ZIP Code The cardholder postal/ZIP code has a fixed length of 9 bytes. AVS does not condense the cardholder postal/ZIP code.

9-6

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Address Verification Service

Cardholder Address The length of the cardholder address depends on whether it is condensed or non-condensed. Non-condensed Using AVS Service Indicator 1 A non-condensed cardholder address includes the address data exactly as the acquirer provides it in DE 120. A non-condensed address key includes both the cardholder postal/ZIP code and the cardholder address data exactly as the acquirer provided them in DE 120. Condensed Using AVS Service Indicator 2 A condensed cardholder address using AVS Service Indicator 2 includes the first five numeric values at the beginning of the cardholder address (when scanning the address from left to right) provided by the acquirer in DE 120. The condensed address key (cardholder postal/ZIP code plus cardholder address) is a fixed length of 14 bytes. It includes the entire cardholder postal/ZIP code and the condensed cardholder address. MasterCard leftjustifies and blank-fills both portions of the key, as needed. Process to Condense the Address Key Using AVS Service Indicator 2 The following table shows the process to condense the address key. Stage Description 1.

The condensing algorithm begins condensing with the numeric value in the left-most position.

2.

The algorithm extracts the first five numeric values of the cardholder address (when scanning the address from left to right). The condensing algorithm ignores all special characters (such as hyphens [-], slashes [/ or \], and number signs [#]).

3.

AVS constructs the condensed AVS key.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-7

Authorization Services Detail Address Verification Service

Condensed Using AVS Service Indicator 3 A condensed cardholder address includes as many as five numeric values at the beginning of the cardholder address provided by the acquirer in DE 120. The condensed address key (cardholder postal/ZIP code plus cardholder address) is a fixed length of 14 bytes. It includes the entire cardholder postal/ZIP code and the condensed cardholder address. MasterCard leftjustifies and blank-fills both portions of the key, as needed. Process to Condense the Address Key Using AVS Service Indicator 3 The following table shows the process to condense the address key. Stage Description 1. 2.

The condensing algorithm begins condensing with the numeric value in the left-most position. The algorithm extracts up to five numeric values that appear before the first alphabetic character or space.

The condensing algorithm: •

Ignores all special characters (such as hyphens [-], slashes [/ or \], and number signs [#])



Excludes the portions of the address that could be open to misinterpretation, such as apartment numbers

3.

When AVS finds a space or an alphabetic character, it stops examining the cardholder billing address.

4.

AVS constructs the condensed AVS key.

Non-condensed versus Condensed The following table provides an example of a non-condensed address key compared to a condensed address key. Non-condensed 63110 1520 Main Street, Apartment 3

Condensed Using AVS Service Indicator 2

Condensed Using AVS Service Indicator 3

63110 _ _ _ _ 15203

63110 _ _ _ _ 1520

Example 1—Complete Match The cardholder billing address is 1520 Main Street, Apartment 3. The issuer is using a condensed address key using AVS Service Indicator 3.

9-8

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Address Verification Service

The cardholder neglects to provide the merchant with the apartment number 3, so the merchant omits the apartment number from the AVS request. However, the matching algorithm still finds a complete match. Merchant enters Postal/ZIP Code

Cardholder Address

AVS Address Key

Issuer’s Address Key

Result/Explanation

63110

1520 Main Street

63110_ _ _ _ 1520

63110_ _ _ _ 1520

Complete Match

The issuer builds its address key based on the AVS algorithm. Both the issuer’s address key and the AVS algorithm extract only the numeric values that precede the first space in this example (1520). Therefore, when the merchant does not enter the apartment number, this still results in a complete AVS match.

Example 2—No Match The cardholder’s address is 54 East Street; however, the cardholder provides the merchant with the address of 59 East Street. Merchant enters: Postal/ZIP Code

Cardholder Address

AVS Address Key

63110

59 East Street

63110_ _ _ _ 59 _ _ _ 63110_ _ _ _ 54_ _ _ No Match The issuer’s address key does not match the cardholder address given by the cardholder.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Issuer’s Address Key

Result/Explanation

9-9

Authorization Services Detail Address Verification Service

Issuer Procedures The following table shows the process that issuers follow to receive and respond to AVS requests. Stage Description 1.

The issuer signs on to the Authorization System using a Sign-In Request/0800 message. IF the issuer receives…

THEN the issuer signs on with value…

Non-condensed AVS data

1 in DE 94, byte 3.

Condensed AVS data using 2 in DE 94, byte 3. AVS Service Indicator 2 Condensed AVS data using 3 in DE 94, byte 3. AVS Service Indicator 3 For members using group sign-in, the value chosen applies to all BINs in the group.

9-10

2.

When the issuer receives an AVS request, the issuer verifies the cardholder billing address, matching it against the issuer’s address file.

3.

The issuer generates an Authorization Request Response/0110 that includes the AVS response (and an authorization response, if the AVS request accompanied an authorization request).

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Authorization Multiple Currency Conversion

Authorization Multiple Currency Conversion Authorization Multiple Currency Conversion (AMCC) allows issuers and acquirers to process authorization transactions in local currency. Issuers that participate in AMCC may define transaction amount limits and accumulative amount limits for Stand-In processing in U.S. dollars or their AMCC currency. To indicate amount limits in U.S. dollars or their AMCC currency, issuers may complete the Stand-In Processing Worksheet for Online Issuers. AMCC processing occurs at the member MIP. AMCC is an optional service for issuers. AMCC is automatically provided to acquirers.

Apr 2006

Using AMCC Members can use AMCC according to the following guidelines. Each participating…

Can use AMCC by…

Acquirer

Submitting authorization requests in local currency.

Online issuer

Receiving authorization transactions in the issuer-specified currency (specified by BIN).

CAPS issuer

Receiving: •

The Sequential Response File with AMCC records containing amounts in the issuer’s specified currency. (See chapter 8 for layouts of this file.)



The Daily Activity Report in the issuer-specified currency. (See chapter 10 for a sample of this report.)

Signing Up for AMCC

Apr 2006

Issuers must complete the Authorization Multiple Currency Conversion (AMCC) Request Form to sign up for AMCC. Acquirers are set up automatically for AMCC, and do not need to complete the Authorization Multiple Currency Conversion (AMCC) Request Form.

Participating in AMCC All issuers and acquirers must complete testing to participate in AMCC. See chapter 11 for information about testing.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-11

Authorization Services Detail Authorization Multiple Currency Conversion

Data Elements Used by AMCC AMCC uses the following data elements. Data Element Number

Data Element Name

4

Transaction Amount (acquirer currency)

49

Transaction Currency Code

5

Settlement/Banknet Amount (always U.S. dollars)

9

Settlement/Banknet Conversion Rate

50

Settlement/Banknet Currency Code (always 840)

6

Cardholder Billing Amount (issuer currency)

10

Cardholder Billing Conversion Rate

51

Cardholder Billing Currency Code

16

Currency Conversion Table Date

54

Additional Amounts (used for Balance Inquiry transactions)

For details about data requirements, see the Customer Interface Specification manual.

AMCC Processing Logic AMCC processing prevents redundancy of data in the authorization transaction.

Note

The Authorization System inserts amount and currency combinations only once per message.

For example, an amount in Japanese yen with a currency code of 392 (for Japanese yen) appears only once per message.

9-12

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Authorization Multiple Currency Conversion

To ensure that amount and currency combinations appear only once, the following processing logic applies. Data Element Contains…

It is…

4

The acquirer’s currency.

Always present.

5

The transaction amount in U.S. dollars.

IF…

THEN…

DE 4 is in U.S. dollars

DE 5 is not present.

DE 4 is not in U.S. dollars

DE 5 is present.

IF…

THEN…

The acquirer currency (DE 4) is the same as the issuer currency

DE 6 is not present. (For example, if DE 4 is Canadian dollars and the issuer’s currency is Canadian dollars, DE 6 is not present.)

The issuer currency is U.S. dollars

DE 6 is not present because the amount in U.S. dollars already appears in DE 5.

The issuer currency is not U.S. dollars or the same as the acquirer currency

DE 6 is present.

6

The transaction amount in the issuer’s currency.

Apr 2006

Acquirer Processing Logic Apr 2006

Acquirers send data in the following message types: •

Authorization Request/0100



Authorization Advice/0120—Acquirer-generated



Acquirer Reversal Request/0400

Data Element

Containing…

4

The transaction amount in any International Organization for Standardization (ISO) currency

49

The ISO currency code for the currency of the transaction amount listed in DE 4

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-13

Authorization Services Detail Authorization Multiple Currency Conversion

All acquirers must be able to receive additional amount-related data elements 5, 6, 9, 10, 16, 50, and 51 in authorization response messages.

Apr 2006

Balance Inquiry Transactions The MasterCard® ATM Network accepting MasterCard®, Maestro®, and Cirrus® brands (MasterCard ATM Network) is the acquirer for balance inquiry transactions. Balance inquiry processing uses DE 54. Issuers that participate in AMCC may return as many as two balances in the response message. Therefore, the acquirer (the MasterCard ATM Network) may receive as many as four DE 54 subelements after currency conversion occurs. For more information about DE 54, see the Customer Interface Specification manual.

Issuer Processing Logic Issuers that participate in AMCC read the data related to the issuer’s selected currency in the following message types: •

Authorization Request/0100



Authorization Advice/0120—Acquirer-generated



Authorization Advice/0120—System-generated



Acquirer Reversal Request/0400



Acquirer Reversal Advice/0420

The issuer’s currency does not always appear in the same data element. Therefore, the issuer’s host computer must search for the issuer currency in DE 4, DE 5, or DE 6 according to the AMCC processing logic described earlier in the “AMCC Processing Logic” section.

Balance Inquiry Transactions For balance inquiry processing, issuers may return as many as two balances, using the DE 54 subelement definition specified in the Customer Interface Specification manual. Issuers returning more than two balances will receive a format error.

9-14

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Authorization Services Detail Authorization Multiple Currency Conversion

Examples of AMCC Processing The examples illustrate the possible combinations of data elements that issuers and acquirers may receive in the following authorization messages: •

Authorization Request/0100 and Authorization Request Response/0110



Authorization Advice/0120 and Authorization Advice Response/0130



Acquirer Reversal Request/0400 and Acquirer Reversal Request Response/0410



Acquirer Reversal Advice/0420 and Acquirer Reversal Advice Response/0430

Apr 2006

These examples use the following codes: JPY

= Amount in Japanese Yen

392 = Currency Code for Japanese Yen

CAD = Amount in Canadian Dollars

124 = Currency Code for Canadian Dollars

USD = Amount in U.S. Dollars

840 = Currency Code for U.S. Dollars

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-15

Authorization Services Detail Authorization Multiple Currency Conversion

Both Acquirer and Issuer Participate in AMCC, Using Different Currencies Figure 9.1 illustrates the exchange of data when: Member

AMCC Participant

Location

Processing Currency

Acquirer

Yes

Japan

Japanese yen

Issuer

Yes

Canada

Canadian dollars Authorization Request Response/0110 Message

Message Type Authorization Request/0100 Message

Figure 9.1—Acquirer in Japan, Issuer Uses Canadian Dollars

Acquirer

Banknet Processing

Issuer

0100 Request

Sends:

Converts the amount in DE 4 (Transaction Amount) to DE 5 (Settlement Amount in U.S. Dollars) Adds DE 9 (Settlement Conversion Rate)

DE 4 = JPY DE 49 = 392

Adds DE 50 (Settlement Currency Code, always 840) Converts the amount in DE 4 to DE 6 (Cardholder Billing Amount)

Receives: DE 4 = JPY DE 49 = 392 DE 5 = USD DE 50 = 840 DE 9 = Rate

Calculates DE 10 (Cardholder Billing Conversion Rate)

DE 6 = CAD DE 51 = 124 DE 10 = Rate

Adds DE 51 (Cardholder Billing Currency Code)

DE 16 = Date

Adds DE 16 (Currency Conversion Table Date)

0110 Response

Receives:

Sends:

DE 4 = JPY DE 49 = 392

DE 4 = JPY DE 49 = 392

DE 5 = USD DE 50 = 840 DE 9 = Rate

9-16

Logs key data elements

DE 5 = USD DE 50 = 840 DE 9 = Rate

DE 6 = CAD DE 51 = 124 DE 10 = Rate

DE 6 = CAD DE 51 = 124 DE 10 = Rate

DE 16 = Date

DE 16 = Date

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Authorization Multiple Currency Conversion

Both Acquirer and Issuer Participate in AMCC, Using the Same Currency Figure 9.2 illustrates the exchange of data when: Member

AMCC Participant

Location

Processing Currency

Acquirer

Yes

Japan

Japanese yen

Authorization Request/0100 Message

Issuer

Yes

Japan

Japanese yen

Authorization Request Response/0110 Message

Message Type

Figure 9.2—Acquirer in Japan, Issuer Uses Japanese Yen

Acquirer 0100 Request

Sends:

DE 4 = JPY DE 49 = 392

Banknet Processing

Converts the amount in DE 4 (Transaction Amount) to DE 5 (Settlement Amount in U.S. Dollars) Adds DE 9 (Settlement Conversion Rate) Adds DE 50 (Settlement Currency Code, always 840) Adds DE 16 (Currency Conversion Table Date) Note: Banknet Processing does not create DE 6, DE 51, or DE 10 because DE 4 = DE 6.

Issuer

Receives: DE 4 = JPY DE 49 = 392 DE 5 = USD DE 50 = 840 DE 9 = Rate DE 16 = Date

0110 Response

Receives:

Sends:

DE 4 = JPY DE 49 = 392 DE 5 = USD DE 50 = 840 DE 9 = Rate DE 16 = Date

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

DE 4 = JPY DE 49 = 392 Logs key data elements

DE 5 = USD DE 50 = 840 DE 9 = Rate DE 16 = Date

9-17

Authorization Services Detail Authorization Multiple Currency Conversion

Both Acquirer and Issuer Participate in AMCC, Using U.S. Dollars Figure 9.3 illustrates the exchange of data when: Member

AMCC Participant

Location

Processing Currency

Acquirer

Yes

Any country U.S. dollars

Authorization Request/0100 Message

Issuer

Yes

Any country U.S. dollars

Authorization Request Response/0110 Message

Message Type

Figure 9.3—Acquirer in U.S., Issuer uses U.S. Dollars

Acquirer

Banknet Processing

Issuer

0100 Request

Sends: DE 4 = USD DE 49 = 840

Note: Banknet processing does not create DE 5, DE 50, or DE 9 because DE 4 already contains U.S. dollars.

Receives: DE 4 = USD DE 49 = 840

It does not create DE 6, DE 51, or DE 10 because DE 4 = DE 6.

0110 Response

Receives: DE 4 = USD DE 49 = 840

9-18

Sends: Logs key data elements

DE 4 = USD DE 49 = 840

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Authorization Multiple Currency Conversion

Both Acquirer and Issuer Participate in AMCC, Using Different Currencies Figure 9.4 illustrates the exchange of data when: Member

AMCC Participant

Location

Processing Currency

Acquirer

Yes

Any country U.S. dollars

Issuer

Yes

Canada

Message Type Authorization Request/0100 Message

Canadian dollars Authorization Request Response/0110 Message

Figure 9.4—Acquirer in U.S. Issuer Uses Canadian Dollars

Acquirer

Banknet Processing

Issuer

0100 Request

Sends: DE 4 = USD DE 49 = 840

Converts the amount in DE 4 (Transaction Amount) to DE 6 (Cardholder Billing Amount)

Receives:

Calculates DE 10 (Cardholder Billing Conversion Rate)

DE 4 = USD DE 49 = 840

Adds DE 51 (Cardholder Billing Currency Code)

DE 6 = CAD DE 51 = 124 DE 10 = Rate

Adds DE 16 (Currency Conversion Table Date) Note: Banknet processing does not create DE 5, DE 50, and DE 9 because DE 4 = USD.

DE 16 = Date

0110 Response

Receives:

Sends:

DE 4 = USD DE 49 = 840

DE 4 = USD DE 49 = 840

DE 6 = CAD DE 51 = 124 DE 10 = Rate DE 16 = Date

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Logs key data elements.

DE 6 = CAD DE 51 = 124 DE 10 = Rate DE 16 = Date

9-19

Authorization Services Detail Authorization Multiple Currency Conversion

Acquirer Participates in AMCC, Issuer Does Not Participate in AMCC Figure 9.5 illustrates the exchange of data when: Member

AMCC Participant

Location

Processing Currency

Acquirer

Yes

Japan

Japanese yen

Issuer

No

Any country U.S. dollars

Message Type Authorization Request/0100 Message Authorization Request Response/0110 Message

Figure 9.5—Acquirer in Japan, Issuer Does Not Participate In AMCC

Acquirer

Banknet Processing

Issuer

0100 Request

Sends:

Receives: Converts the amount in DE 4 (Transaction Amount) from JPY currency to USD currency

DE 4 = JPY DE 49 = 392

Changes currency code in DE 49 (Transaction Currency) from JPY currency to USD currency

DE 4 = USD DE 49 = 840

0110 Response

Receives: DE 4 = JPY DE 49 = 392 DE 5 = USD DE 50 = 840 DE 9 = Rate DE 16 = Date

9-20

Changes value in DE 4 (Transaction Amount) from U.S. Dollars back to original transaction amount

Sends:

Changes value in DE 49 (Transaction Currency Code) from U.S. currency code (840) back to the original transaction currency code

DE 4 = USD DE 49 = 840

Adds DE 5 (Settlement Amount) in U.S. Dollars Adds DE 50 (Settlement Currency Code, always 840) Adds DE 9 (Settlement Conversion Rate) Adds DE 16 (Currency Conversion Table Date)

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Authorization Multiple Currency Conversion

ATM Balance Inquiry Processing—Both Issuer and Acquirer Participate in AMCC, Using Different Currencies For ATM balance inquiry transactions, the MasterCard® Debit Switch (MDS) network converts the Financial Request/0200 message into an Authorization Request/0100 message before sending it to the Banknet network. Figure 9.6 illustrates the exchange of data when: Member

AMCC Participant

Acquirer

Yes

Hong Kong Hong Kong dollars

Financial Transaction/0200 Message

Issuer

Yes

India

Authorization Request Response/0110 Message

Location

Processing Currency

Indian rupees

Message Type

Figure 9.6—ATM Balance Inquiry Processing, Acquirer in Hong Kong, Issuer in India

Acquirer

MDS Network

0200

0100

Request

Request

Banknet

Processing

Issuer

DE 4 = HKD (0$) Sends:

Sends:

DE 4 = HKD (0$)

DE 4 = HKD (0$)

DE 49 = 344

DE 49 = 344

DE 49 = 344 Adds DE 6, DE 51, DE 10, and DE 16.

DE 6 = INR DE 51 = 356 DE 10 = Rate DE 16 = Date

0210 Response

0110 Response Sends:

Receives:

Sends:

DE 4 = HKD (0$)

DE 4 = HKD (0$)

DE 49 = 344

DE 49 = 344

DE 54A = INR DE 54B = HKD

DE 54A = INR DE 54B = HKD

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Appends the HKD value to DE 54 (adding DE 54B)

DE 4 = HKD (0$) DE 49 = 344 DE 6 = INR DE 51 = 356 DE 10 = Rate DE 16 = Date DE 54A = INR

9-21

Authorization Services Detail Authorization Multiple Currency Conversion

ATM Balance Inquiry Processing—Acquirer Participates in AMCC, Issuer Does Not Participate in AMCC Figure 9.7 illustrates the exchange of data when: Member

AMCC Participant

Acquirer

Yes

Hong Kong Hong Kong dollars

Financial Transaction Request/0200 Message

Issuer

No

Any country U.S. dollars

Authorization Request Response/0110 Message

Location

Processing Currency

Message Type

Figure 9.7—ATM Balance Inquiry Processing, Acquirer in Hong Kong, Issuer Does Not Participate in AMCC

Acquirer

MDS Network

0200 Request

0100 Request

Sends: DE 4 = HKD (0$) DE 49 = 344

Banknet Processing

Sends: DE 4 = HKD (0$) DE 49 = 344

Converts DE 4 to USD and changes DE 49 to 840

0210 Response

9-22

Issuer

Receives:

Sends:

DE 4 = HKD (0$) DE 49 = 344

DE 4 = HKD (0$) DE 49 = 344

DE 54A = USD DE 54B = HKD

DE 54A = USD DE 54B = HKD

DE 4 = USD ($) DE 49 = 840

0110 Response

Changes DE 4 to HKD and DE 49 to 344 Appends the HKD value to DE 54 (adding DE 54B)

Sends: DE 4 = USD (0$) DE 49 = 840 DE 54A = USD

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Balance Inquiries

Balance Inquiries

Apr 2006

MasterCard supports two types of balance inquiry requests for cardholders to perform balance inquiries: •

ATM balance inquiries



Point-of-sale terminals balance inquiries

The balance inquiry service is optional for issuers.

ATM Balance Inquiries The ATM balance inquiry allows MasterCard cardholders to perform a balance inquiry on the MasterCard ATM network.

Alternate Processing The Authorization System does not support Limit–1 processing for ATM balance inquiries. If the issuer participates in ATM balance inquiries, all ATM balance inquiries will be forwarded to the issuer for processing. ATM balance inquiries are not eligible for processing by the Stand-In System or the X-Code System. If the issuer is unavailable, the Authorization System will return an Authorization System or issuer system inoperative response to the acquirer.

To Participate Issuers that choose to participate in this service must contact the MasterCard Global Debit Services Department.

For More Information For details about data requirements, see the Customer Interface Specification manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-23

Authorization Services Detail Balance Inquiries

Point-of-Sale (POS) Terminal Balance Inquiries

Apr 2006

The POS balance inquiry enables cardholders and acquirers to check the remaining amount of funds on a MasterCard prepaid card. This feature makes it easier for the cardholder to completely redeem the funds on the prepaid card and reduces the potential of a declined authorization request because the purchase amount exceeds the funds available on the card. Therefore, this feature can help to reduce checkout times and lost sales. Upon receipt of a POS balance inquiry, participating issuers return the available balance in the authorization response. The Authorization System performs any applicable currency conversion and forwards the available balance to the acquirer. The acquirer provides the available balance to the merchant for display on the customer’s printed receipt. There are two types of POS terminal balance inquiries: •

Cardholder-initiated balance inquiry—Cardholders can ask the cashier to

check a card’s remaining balance before making a purchase. The cardholder and cashier can then determine whether the entire purchase amount can be funded by the prepaid card or whether a supplemental payment method (split tender) is needed to complete the purchase. •

Processor-initiated automated balance inquiry—Acquirers can expedite sales

by sending an automatic POS balance inquiry on a specified range of prepaid accounts issued by the merchant. The cashier can then inform customers in advance whether they will need to use a split tender to complete the purchase. POS balance inquires are supported in the following messages: •

Authorization Request/0100



Authorization Request Response/0110



RiskFinder Authorization Advice/0120 (Member-initiated and MIP-initiated)

Alternate Processing The Authorization System does not support Limit–1 processing for POS balance inquiries. If the issuer participates in POS balance inquiries, all POS balance inquiries will be forwarded to the issuer for processing. POS balance inquiries are not eligible for processing by the Stand-In System or the X-Code System. If the issuer is unavailable, the Authorization System will return an Authorization System or issuer system inoperative response to the acquirer.

9-24

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Authorization Services Detail Balance Inquiries

To Participate Issuers may complete the Point-of-Sale (POS) Inquiry Participation form available in the Business Forms section of MasterCard OnLine® (under Resources in the main menu) and at the end of this manual.

For More Information For details about the data requirements, see the Customer Interface Specification manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-25

Authorization Services Detail Card Level Support

Card Level Support Card level support for transactions processed by Stand-In processing allow issuers to distinguish between individual cards when the same Primary Account Number (PAN) is used for multiple cards. Issuers may list accounts in the Account File at the individual card level. Issuers must notify MasterCard for each account range for which they want to participate in card level support using the Card Level Support form. Issuers that participate in card level support must ensure that the following card level information is present on cards within the specified range: •

Card Sequence Number—the three-position card sequence number

distinguishes between cards that use the same PAN. This three-position number is located in the discretionary data field of Track 2 data in the magnetic stripe on the back of each card. For chip cards, it may be encoded on the chip. •

Card Expiration Date—the expiration date of the listed card.

Stand-In processing requires the presence of the following data elements in authorization requests associated with account ranges that participate in card level support: •

Card Sequence Number—DE 35 (Track 2 Data) contains the card sequence

number. •

Card Expiration Date—DE 14 (Date, Expiration), DE 35 (Track 2 Data) may

contain the card expiration date.

9-26

WHEN…

THEN Stand-In processing…

The card sequence number or card expiration date is not present in Authorization Request/0100 messages that are sent to Stand-In for authorization processing

Rejects the Authorization Request/0100 message by returning a DE 39 (Response Code) of 05 (Do not honor) in the Authorization Request Response/0110 message.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code 1 Verification in Stand-In Processing

Card Validation Code 1 Verification in Stand-In Processing Card validation code 1 (CVC 1) verification in Stand-In processing provides additional protection during Stand-In processing. When the issuer times out or is unavailable, normal Stand-In processing runs through a series of tests to determine an authorization response. If the issuer is signed up for CVC 1 verification, Stand-In processing performs an additional test to verify that the CVC 1 is valid. MasterCard requires that issuers provide the Data Encryption Standard (DES) keys to MasterCard for each account range that participates in CVC 1 verification in Stand-In processing. MasterCard offers the following options for CVC 1 verification in Stand-In processing: •

Allow issuers to assign multiple sets of DES keys to an account range.



Allow issuers to assign the same set of DES keys to an account range.

CVC 1 verification in Stand-In processing is an optional service.

Note

The CVC 2 value, described in chapter 1, does not apply to CVC 1 verification in Stand-In processing.

Assigning Multiple Sets of DES Keys to an Account Range MasterCard supports the issuers’ ability to change the position of the CVC 1 value in the discretionary data field on the track data. Issuers can designate which set of CVC 1 parameters to use for an account range based on the card expiration date. Members that want to use this functionality can request this service by completing the Key Validation Service Specification Form and following the procedures in the On-behalf Key Management (OBKM) Document Set.

Assigning the Same Set of DES Keys to an Account Range MasterCard supports the issuers’ ability to assign the same set of DES keys to an account range. Following are the requirements with which an issuer must comply to be eligible to participate in CVC 1 verification in Stand-In processing for the use of the same set of DES keys.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-27

Authorization Services Detail Card Validation Code 1 Verification in Stand-In Processing

You must use the DES method to calculate the CVC 1 for an entire BIN. MasterCard allows members to calculate CVC 1 values using any of three different calculation methods. However, CVC 1 verification in Stand-In processing only supports the DES method. For a detailed description of this calculation method, see the Security Rules and Procedures manual. You must encode the CVC 1 within the Discretionary Data field in both track 1 and track 2 of the magnetic stripe. The Discretionary Data field is field 9 in track 1 and field 6 in track 2. Refer to the following tables for specific information about the layouts of track 1 and track 2.

Layout for Encoding Track 1 The following table shows the correct layout for encoding track 1. The Discretionary Data field (the location of the CVC 1) is field 9. Field Number Field Name

F=Fixed V=Variable

Maximum Length

1

Start Sentinel

F

1

2

Format code–B (encode character B)

F

1

3

Account number

F

16

4

Separator

F

1

5

Cardholder name

V

2–26

6

Separator

F

1

7

Expiration date

F

4

8

Service code

F

3

9

Discretionary data (must include CVC 1)

V

24

10

End sentinel

F

1

11

Longitudinal redundancy check

F

1

Total record length—The maximum character count for track 1 may not exceed 79 including all control characters.

Figure 9.8 is another representation of the track 1 data.

9-28

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code 1 Verification in Stand-In Processing

Figure 9.8—Track 1 Data Graphic Format Code Start Sentinel

Account Number

10

End Sentinel

Separator

Separator

Discretionary Data

Cardholder Name

20

30

40

60

Card Expiration Date

Service Code 50

70

LRC

79

CVC (3 contiguous digits anywhere within the Discretionary Data field)

Layout for Encoding Track 2 The following table shows the correct layout for encoding track 2. The Discretionary Data field (the location of the CVC 1) is field 6. Field Number

Field Name

F=Fixed V=Variable

Maximum Length

1

Start Sentinel

F

1

2

Account number

F

16

3

Separator

F

1

4

Expiration date

F

4

5

Service code (must be numeric)

F

3

6

Discretionary data (must include CVC 1)

V

13

7

End sentinel

F

1

8

Longitudinal redundancy check

F

1

Total record length—the maximum character count for track 2 may not exceed 40 including all control characters.

Figure 9.9 is another representation of the track 2 data.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-29

Authorization Services Detail Card Validation Code 1 Verification in Stand-In Processing

Figure 9.9—Track 2 Data Graphic Start Sentinel pos. 1

Separator pos. 18 Account Number pos. 2–17

1

1 0

Card Expiration Date pos. 19–22

2 0

End Sentinel pos. 39

Service Code pos. 23–25 Discretionary Data pos. 26–38

3 0

LRC pos. 40 4 0

C V C

(3 contiguous digits anywhere within the Discretionary Data field)

The same set of DES keys must apply to the CVC 1 for the entire BIN. (That is, you may not have one key for the beginning of the BIN and another key for the end of the BIN. Only one DES key may exist for each BIN.) Also, the same set of DES keys must apply between track 1 and track 2. (You may not have one key for track 1 and another key for track 2.) You may encode the CVC 1 anywhere within the Discretionary Data field. However, the location of the CVC 1 (within each track) must be the same for the entire BIN. The location of the CVC 1 on track 1 does not have to be the same as for track 2. They just have to be the same within each track.

Key Management Your secure management of the secret cryptographic keys is also an absolute requirement during generation, distribution, custody, storage, use, and eventual destruction of the keys. You must include monitoring, backup, and recovery procedures that provide for secure audit trails, according to industry standards, such as those of ISO. You also should use the “split knowledge/dual control” method for transmitting key components to MasterCard. MasterCard manages all DES keys under the International Organization for Standardization (ISO) standards, using the “split knowledge/dual control” method for handling keys. For example, no single MasterCard staff member ever receives or manages all sets of key components. This method for handling keys ensures that the keys are not compromised.

9-30

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code 1 Verification in Stand-In Processing

Signing Up for CVC 1 Verification To sign up for CVC 1 verification in Stand-In processing for same set of DES keys service, follow these steps. Step

Action

1.

Generate the CVC 1 key components.

2.

Send the key components to MasterCard using the forms provided at the end of this manual.

Sending the CVC 1 Key Components to MasterCard You may use either of the following methods to send the CVC 1 key components: •

Zone Control Master Key (ZCMK) method



Two-component Method

ZCMK Method To use the ZCMK method, follow these steps. Step

Action

1.

Identify three employees to generate and send the ZCMK components and keys: Security Officer No. 1 Security Officer No. 2 Security Officer No. 3

2.

Generate the three ZCMK components.

3.

Send the ZCMK components to MasterCard using the forms provided at the end of this manual. Each security officer must complete different forms, as follows: Security Officer No. 1—Complete the ZCMK/Component No. 1 form. Send the form to MasterCard in an envelope labeled “No. 1.” Security Officer No. 2—Complete the ZCMK/Component No. 2 form. Obtain a secure envelope containing the ZCMK/Component No. 3 form from Security Officer No. 3. Send both forms to MasterCard in an envelope labeled “No. 2.” Security Officer No. 3—Complete the ZCMK/Component No. 3 form. Put the form in a secure envelope and give it to Security Officer No. 2.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-31

Authorization Services Detail Card Validation Code 1 Verification in Stand-In Processing

Note

Step

Action

4.

Complete the following documents and send them to MasterCard in an envelope labeled “No. 3”: •

ZCMK/Encrypted Keys A and B Form



Location Specification Form



Test Data Form



Account Range Specification Form, if necessary. (Read the directions on the form to determine if you need to complete it.)

If you specify an account range on the Account Range Specification Form, MasterCard performs CVC 1 verifications only on account numbers within the range provided and with an expiration date equal to or greater than the date specified.

Two-component Method To use the two-component method, follow these steps. Step

Action

1.

Identify two employees to generate and send Component 1 and Component 2 for each key, Key A and Key B: Security Officer No. 1 Security Officer No. 2

2.

Using Key A and Key B from your DES calculation of the CVC 1, generate two components for each key. Key/component combinations must be the same for track 1 as for track 2. For example, Track 1/Key A/Component No. 1 must be the same as Track 2/Key A/Component No. 1.

3.

Send the key components to MasterCard using the following forms provided at the end of this manual. (Complete all of the forms for each account range.) Each security officer must complete different forms, as follows: Security Officer No. 1

Complete the Keys A and B/Component No. 1 Form. Send the form to MasterCard according to the instructions on the form. Security Officer No. 2

Complete the Keys A and B/Component No. 2 Form. Send the form to MasterCard according to the instructions on the form.

9-32

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code 1 Verification in Stand-In Processing

Note

Step

Action

4.

Complete the following forms and send them to MasterCard. (Complete all of the forms for each account range.) •

Location Specification Form



Test Data Form



Account Range Specification Form, if necessary. (Read the directions on the form to determine if you need to complete it.)

If you specify an account range on the Account Range Specification Form, MasterCard performs CVC 1 verification only on account numbers within the range provided and with an expiration date equal to or greater than the date specified.

Verifying CVC 1 Data For issuers to participate in CVC 1 verification, the following process must occur. Stage Description 1.

The separate MasterCard security officers receive their designated envelopes, which contain the forms described under “How to Sign Up for the CVC 1 Service.” They verify that no obvious damage has occurred to the envelopes in the mail. (If there is apparent damage, MasterCard notifies the security contact listed on your CVC forms to determine a course of action.)

2.

The MasterCard security officers enter the CVC 1 keys in their possession separately into a hardware cryptographic device.

3.

Using authorization logs for both track 1 and track 2 data and the test data that you provided on the Test Data Form, MasterCard tests CVC 1 processing.

4.

If you are using the ZCMK method, MasterCard also verifies that the CVC 1 keys entered by MasterCard to the cryptographic device are correct according to the key check values that you provided on the forms.

5.

MasterCard works with you if any pre-production issues require resolution.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-33

Authorization Services Detail Card Validation Code 1 Verification in Stand-In Processing

Test Cards Members can expedite the process for verifying CVC 1 data for Stand-In processing by sending test cards to: MasterCard International Incorporated Attention: Data Integrity Department 2200 MasterCard Boulevard O’Fallon MO 63368-7263 USA Sending test cards to MasterCard can be particularly useful for members in regions that rarely use track 1 data.

Reporting CVC 1 Verification in Stand-In Processing Regardless of the CVC 1 verification method you are using—multiple sets of DES keys or single set of DES keys—the results of CVC 1 verification in StandIn processing appear on the following reports: •

All members: Authorization Summary Report (AB505010-AA)

The Fail Reason category “Invalid Chip/CVC” on the Stand-In page of this report lists transactions that failed because of a combination of:





Invalid CVC (failed the CVC 1 test) and



Invalid chip (failed the M/Chip Validation test) and



Magnetic stripe CVC errors in DE 48 (failed at the MIP)

Online members: Store-and-forward records will contain value 0028 in positions 4–7 of DE 60 (Advice Detail Code) and the MCBS Issuer Authorization Detail Report will contain value 0028 under “FAIL RSN.”



CAPS members: Stand-In Daily Activity Report (SI441010-A)

The fail reason code 28 on this report indicates an authorization transaction that contained either an invalid CVC 1 or magnetic stripe CVC 1 errors. For a complete list of magnetic stripe CVC errors, see the Customer Interface Specification manual.

9-34

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code 2 Verification

Card Validation Code 2 Verification Card validation code 2 (CVC 2) verification provides added security for the card authentication process in authorization requests.

Note

Both acquirers and issuers must register with MasterCard using the CVC 2 Registration Form, available in the Business Forms section of MasterCard OnLine (under Resources in the main menu) and at the end of this manual.

CVC 2 CVC 2 is a three-digit code algorithmically derived by the issuer and indentprinted on the signature panel to the right of the account number. CVC 2 is one of several card authentication methods currently used by MasterCard to combat fraud. The use of CVC 2 deters fraudulent use of an account number.

Note

Stand-In processing does not verify CVC 2 values.

Conditions for CVC 2 Verification CVC 2 verification allows acquirers to receive online verification of CVC 2 values from issuers when the following conditions apply: •

The acquirer transmits the CVC 2 value that the cardholder has provided to the merchant in DE 48, subelement 92 of the Authorization Request/0100 message.



The issuer’s BIN is registered with MasterCard, and the issuer verifies the CVC 2 value by providing a valid response (value M, N, or P) in subelement 87 of DE 48 of the Authorization Request Response/0110 message.

Participation Requirements Following are the participation requirements for acquirers and issuers for using CVC 2 verification.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-35

Authorization Services Detail Card Validation Code 2 Verification

Acquirers When merchants provide CVC 2 data for transactions, acquirers must include the CVC 2 value in DE 48, subelement 92 of Authorization Request/0100 messages. To participate in CVC 2 verification, acquirers must be able to receive the following values in DE 48, subelement 87 of Authorization Request Response/0110 messages. Subelement 87 Value

Description

M

Valid or “matched” CVC 2 value

N

Invalid CVC 2 value

P

CVC 2 not processed

U

Issuer unregistered for CVC 2 processing

Issuers Issuers must be able to receive the CVC 2 value when present in DE 48, subelement 92 of Authorization Request/0100 messages, and provide a valid response in DE 48, subelement 87 of Authorization Request Response/0110 messages. Values M, N, or P are considered valid when used by issuers. Only MasterCard may use value U. Issuers that have not registered a BIN for CVC 2 verification or that have not provided a valid response (M, N, or P) to acquirers are not eligible to use reason code 4837 (No Cardholder Authorization) for chargebacks when acquirers provide CVC 2 data for transactions processed under that BIN. Issuers should note that if an acquirer transmits both CVC 1 and CVC 2 data, CVC 1 processing takes precedence over CVC 2 processing.

9-36

IF the CVC 1 value is…

THEN…

Invalid

Issuers should respond with value Y (Invalid CVC 1) in DE 48, subelement 87. Issuers should not verify the CVC 2 value.

Valid

Issuers must verify the CVC 2 value and send the appropriate response to the acquirer.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code 2 Verification

Authorization System Processing Flow Diagrams The following diagrams provide details about Authorization System processing flows for CVC 2 verification in these scenarios. Figure 9.10—Authorization Request/0100 with CVC 2: Registered Issuers

Merchant provides CVC 2 1

4

5

2 4 5 2 4 4

1 4 5 Acquirer

3 Banknet Network

2

2 3

MIP

MIP 4

4

Issuer

4 Central Site 4

MIP

4

Stand-in Processor

Stage Description 1.

The merchant provides the CVC 2 value, and the acquirer generates an Authorization Request/0100 message including the CVC 2 value in DE 48, subelement 92.

2.

The acquirer MIP verifies whether the issuer is registered with MasterCard to perform online CVC 2 verification. If the issuer is registered, the acquirer MIP forwards the Authorization Request/0100 message to the issuer.

3.

After the issuer transmits the Authorization Request Response/0110 message, the issuer MIP will verify that one of the following values appears in DE 48, subelement 87: •

M (Matched CVC 2 Value)



N (Invalid CVC 2 Value)



P (CVC 2 Not Processed)

Depending on whether the transaction was approved, the last stage will be either stage 4 or stage 5.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-37

Authorization Services Detail Card Validation Code 2 Verification

Stage Description 4.

IF DE 48, subelement AND IF the 87 transaction contains… was… THEN… No response Approved or an invalid response

AND THEN…

The issuer MIP returns an Authorization Response Negative Acknowledgement/0190 message with:

The acquirer MIP will forward the Authorization Request/0100 message to Stand-In processing.

DE 39 = 30 DE 44 = 048 5.

IF DE 48, subelement AND IF the 87 transaction contains… was… THEN… No response Not or an invalid approved response

AND THEN…

The acquirer MIP will forward the Authorization Request Response/0110 message to the acquirer with:

The issuer will not receive an Authorization Response Negative Acknowledgement/0190 message.

DE 48, subelement 87 = P

9-38

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code 2 Verification

Figure 9.11—Authorization Request/0100 with CVC 2: Unregistered Issuers

Merchant provides CVC 2 1

3

2

3 2

1

Acquirer

3

MIP

3

Banknet Network

2 3

2

MIP

3

Issuer

Stage Description 1.

The merchant provides the CVC 2 value, and the acquirer generates an Authorization Request/0100 message including CVC 2 in DE 48, subelement 92.

2.

The acquirer MIP verifies whether the issuer is registered with MasterCard to perform online CVC 2 verification. If the issuer is not registered, the MIP places a U (Unregistered) in DE 48, subelement 87 and forwards the Authorization Request/0100 message to the issuer without DE 48, subelement 92.

3.

After the unregistered issuer transmits the Authorization Request Response/0110 message, the acquirer MIP verifies that value U is in DE 48, subelement 87 before forwarding it to the acquirer.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-39

Authorization Services Detail Card Validation Code 2 Verification

Figure 9.12—Authorization Request/0100 with CVC 2: Routed to Stand-In Processing

X

2

Or Invalid Value

Merchant provides CVC 2

X 1

Note

3

Or

2

2

2

Acquirer

2

MIP

1

1 MIP

3

SAF Queue Issuer

Invalid Value

4

Central Site 2

Banknet Network

2

2 3

MIP

3

Stand-in Processor

3

Stand-In processing does not validate CVC 2 values.

Stage Description 1.

The merchant provides the CVC 2 value, and the acquirer generates an Authorization Request/0100 message including CVC 2 in DE 48, subelement 92.

2.

Stand-In processing responds in the following conditions:

3.

4.

9-40



The issuer is not signed in.



The transaction cannot be delivered to the issuer.



The issuer is not responding.



The issuer’s Authorization Request Response/0110 message fails an edit check and is rejected.

Stand-In processing generates the Authorization Request Response/0110 message. IF the issuer is...

THEN the Authorization System…

Unregistered

Places value U (Unregistered) in DE 48, subelement 87.

Registered

Places value P (Not Processed) in DE 48, subelement 87 and forwards the Authorization Request Response/0110 message to the acquirer.

Stand-In processing also generates Authorization Advice/0120 messages as appropriate and stores the advice in the Store-and-Forward (SAF) queue. Stand-In processing will include value U (Unregistered) in subelement 87 of DE 48 for issuers that have not registered or value P (Not Processed) for issuers that have registered.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code 2 Verification

Note

Stand-In processing uses parameters previously established by the issuer to process the Authorization Request/0100 message.

Figure 9.13—Authorization Request/0100 with CVC 2—X-Code Processing 2

2 3 Acquirer

X

Banknet Network

X

MIP

2

3

1

MIP

X

Issuer

Central Site

X Merchant

X

Stand-in Processor

MIP

Stage Description 1.

The merchant supplies the CVC 2 value to acquirer.

2.

The acquirer creates an Authorization Request/0100 message that contains CVC 2 information, but transmission is not successful.

3.

X-Code processing by the acquirer’s MIP will respond based on current XCode processing rules. WHEN the issuer is...

THEN the Authorization System…

Registered

Adds value P (Not Processed) in DE 48, subelement 87 of the Authorization Request Response/0110 message.

Not Registered

Provides value U (Unregistered) in DE 48, subelement 87 of the Authorization Request Response/0110 message.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-41

Authorization Services Detail Card Validation Code 2 Verification

Figure 9.14— Authorization Request/0100 with CVC 2—Limit-1 Processing

1 Merchant

2 Acquirer

2

Banknet Network

2

2 MIP

MIP

Issuer

Stage Description

9-42

1.

The merchant supplies the CVC 2 value to acquirer.

2.

If the issuer has registered and has chosen Limit-1 processing, and if CVC 2 is present in the Authorization Request/0100 message, the acquirer’s MIP will bypass Limit-1 processing and forward the request to the issuer for processing.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Card Validation Code Verification for Emergency Card Replacements

Card Validation Code Verification for Emergency Card Replacements Card validation code (CVC) for emergency card replacements is a service that provides a way for MasterCard to encode a CVC on the Emergency Card Replacement Service (ECR Service). The MasterCard Global Service Center provides this service for members. CVC verification for ECR Service is optional.

How to Request CVC Verification for ECR Service Members that use MasterCard ECR Service can request this service by completing the CVC Verification in Stand-In Location Specification Form.

Note

Members that do not currently use MasterCard ECR Service can request the ECR service by completing the Global Service questionnaire, available from the Customer Operations Services team.

Use of CVC Keys To produce ECRs with CVC technology, MasterCard either must obtain CVC keys from issuers or receive permission from issuers to use CVC keys that they provided to MasterCard for CVC verification in Stand-In processing. To provide MasterCard with CVC keys and specifications, complete the CVC Specification Form for Emergency Card Replacements. MasterCard securely stores these keys and components, allowing access to the information only to generate CVC coding for the ECRs processed through the Global Service Center.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-43

Authorization Services Detail Cardholder-activated Terminals

Cardholder-activated Terminals Cardholder-activated terminals (CATs) are usually unattended terminals that accept bankcards, debit, charge, and proprietary cards. These terminals are frequently installed at rail ticketing stations, gasoline stations, toll roads, parking garages, and other merchant locations.

Types of CATs MasterCard has identified the following types of CATs, defined by levels. CAT Type

Level Example

Automated Dispensing Machines

1

PIN required. Installation of ADMs must be approved and registered by MasterCard.

Self-service Terminals

2

(includes automated fuel dispensers

Limited Amount Terminals

3

Terminals with a maximum approval amount of USD 40

In-flight Commerce Terminal

4

Terminals located on airplanes

Electronic Commerce

6

Electronic commerce transactions

Transponder

7

Transponder transactions

For procedures related to authorization and other processing requirements related to each CAT level, see the GCMS Reference Manual.

Automated Dispensing Machines An Automated Dispensing Machine (ADM) is a cardholder operated, unattended device that dispenses product(s) directly to the customer, such as a fuel dispenser. ADMs must accept personal identification numbers (PINs) and must do all of the following: •

Transmit the full, unaltered magnetic stripe in the authorization request message



Authorize all transactions

These terminals must be registered with and approved by MasterCard under the requirements published in the GCMS Reference Manual.

9-44

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Cardholder-activated Terminals

Self-service Terminals A self-service terminal is a customer activated terminal, especially one including the functions both of delivering and paying for goods (for example, in an automatic fuel vending system). Example of self-service terminals include (but are not limited to) automated fuel dispensers that use card acceptor business code/merchant category code (MCC) 5542. Self-service terminals must transmit the full, unaltered magnetic stripe or required smart card information. They have a merchant floor limit of USD 0. The maximum transaction amount that may be approved for transactions originating at a self-service terminal is USD 100. Self-service terminals are not capable of accepting a PIN at the point of interaction.

MasterCard Handling of Self-service Terminal Requests Both Stand-In processing and X-Code processing also apply the maximum limit of USD 100. Self-service terminal requests are sent to the issuer whenever the issuer is available, regardless of Limit-1 parameters. For information about USD 1 authorization requests, see the GCMS Reference Manual.

Limited Amount Terminals Limited amount terminals are terminals that require offline authorization against the Electronic Warning Bulletin files, stored on the terminal or on the acquirer host. The maximum amount that may be approved for transactions originating at a limited amount terminal is USD 40. Limited Amount terminals include terminals used by industries that generate low risk, low dollar transactions, such as fast food restaurants.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-45

Authorization Services Detail Cardholder-activated Terminals

In-flight Commerce In-flight commerce (IFC) identifies transactions that are conducted via interactive video terminals by passengers on long-distance airline flights. These transactions may include the following four categories: •

Purchases (such as on-board duty-free purchases and merchandise mailed post-flight)



Entertainment (such as movies and video games)



Services (such as information services and travel and entertainment reservations)



Gaming (video versions of gambling options such as poker, slot machines, and skill-based contest games from which the players’ scores determine the winners’ allocation from a wager pool)

For processing requirements for IFC gaming transactions, see the GCMS Reference Manual.

IFC Blocked Gaming File Issuers have the option to block their cardholders from participating in IFC gaming by listing their BINs in the IFC Blocked Gaming File.

Note

The IFC Blocked Gaming File applies only to in-flight commerce gaming, and not to other IFC activity.

How to List BINs in the IFC Blocked Gaming File To list BINs in this file, complete the IFC Range Blocking for Gaming Transactions form. Effective Dates for the IFC Blocked Gaming File th

Effective dates for the IFC Blocked Gaming File are the first and 15 day of each month. MasterCard must receive issuer listings at least two weeks before the effective date to be included in the file.

9-46

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Cardholder-activated Terminals

Distribution of the IFC Blocked Gaming File Distribution of the IFC Blocked Gaming File occurs two times each month. MasterCard provides it either via a Banknet bulk file or via MasterCard File Express. See the file layout in the IFC Blocked Gaming Transactions form for more information. The distribution is a three-step process. Stage Description

Note

1.

MasterCard creates the IFC Blocked Gaming File at approximately 13:00 St. Louis time and distributes it to acquirers’ MIPs.

2.

Acquirers stage the file for unloading and distribute it to their gaming service providers.

3.

Gaming service providers must ensure timely delivery and installation of the IFC Blocked Gaming File to the on-board servers that monitor IFC transactions.

Because MasterCard requires IFC Blocked Gaming File access before every gaming transaction, acquirers and gaming service providers must distribute and install the file when they receive it.

Restrictions on IFC Gaming Wins and Losses MasterCard restricts IFC gaming wins and losses as follows: •

Net gaming losses cannot exceed USD 350 per flight per MasterCard cardholder account.



Net gaming wins cannot exceed USD 3,500 per flight per MasterCard cardholder account.

Gaming service providers must monitor IFC gaming transactions for the duration of each flight to ensure that cardholder accounts do not exceed the specified transaction limits. MasterCard Processing of IFC Gaming Transactions In-flight commerce gaming transactions bypass Limit-1 processing (that is, they go directly to the issuer). Stand-In processing and X-Code processing return a response of decline for inflight gaming transactions that exceed USD 350.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-47

Authorization Services Detail Cardholder-activated Terminals

Electronic Commerce Transactions Cardholders may initiate electronic commerce transactions from a consumer PC connected to a network such as the Internet.

Transponder Transactions Transponders use radio frequency signals to exchange identification information with unattended terminals. Cardholders can use transponders to initiate transactions at these unattended terminals.

9-48

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Check Guarantee

Check Guarantee The check guarantee service ensures funds availability when the check reaches the payee bank for clearing. MasterCard provides the check guarantee service in conjunction with TeleCheck, TeleCredit, and JBS. Check guarantee is an optional service.

Requirements for Authorization Request/0100 Messages Check guarantee transactions have particular requirements for the following fields in Authorization Request/0100 messages: •

Primary Account Number (PAN)



Processing Code



Card Acceptor ID Code



Date, Action



Account ID-1



Account ID-2

Requirements for Authorization Request Response/0110 Messages Check guarantee transactions have particular requirements for the following fields in Authorization Request Response/0110 messages: •

Response Code



Additional Data—Private Use

For the data requirements as they apply to the authorization message formats, see the Customer Interface Specification manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-49

Authorization Services Detail Country Level Authorization

Country Level Authorization Country level authorization is a service that allows issuers of local-use-only cards to have the Authorization System automatically decline all local-use-only authorization outside of their country. The Authorization System compares the data in the point-of-service (POS) country code field with the issuer’s country. The Authorization System only forwards authorizations acquired within the issuer’s country to the issuer for processing. The Authorization System declines all other transactions. Country level authorization is an optional service.

Process for Country Level Authorization The following table shows the process that the Authorization System follows if the issuer designates the BIN for local-use-only. Stage Description 1.

When the acquirer MIP receives an Authorization Request/0100 message, the Authorization System checks whether the issuer designated the BIN for localuse-only.

2.

For BINs for which the issuer designated the BIN for local-use-only, the Authorization System compares: The issuer’s country on file at MasterCard to The POS Country Code, DE 61 (Point-of-Service [POS] Data), positions 14–16 of

the Authorization Request/0100 message. An accurate match depends on acquirers including the correct data in this field.

WHEN the issuer’s country…

Note

THEN the Authorization System…

Matches the POS Country Code

Continues with normal processing.

Does not match the POS Country Code

Returns a response of 62 (Restricted Card) in DE 39 (Response Code) of the Authorization Request Response/0110 message.

Use of the Country Level Authorization service does not alter a member’s responsibility for the use of local-use-only cards outside the country of issuance, including liability for all authorized and all below-the-floor-limit transactions. In addition, MasterCard assumes no liability for improper authorizations of such transactions that may result from issuer, acquirer, or merchant errors, or from Authorization System or Country Level Authorization service outages.

9-50

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Electronic Commerce

Electronic Commerce Electronic commerce transactions are non–face-to-face, online transactions that use electronic media over a network, either public such as the Internet or private such as an extranet. Cardholders usually initiate electronic commerce transactions from consumer PCs.

Member Requirements To be able to process electronic commerce transactions, members must meet the following requirements.

Issuers All issuers must be able to receive and process all electronic commerce data present in the Authorization Request/0100 messages.

Acquirers All acquirers must properly identify electronic commerce messages within the Authorization Request/0100. They must be able to receive and to process electronic commerce Authorization Request Response/0110 messages. MasterCard may assess financial noncompliance assessments to acquirers that do not properly identify electronic commerce messages.

Process for an Electronic Commerce Transaction The following diagram illustrates the flow of a typical electronic commerce transaction. Figure 9.15—Flow of an Electronic Commerce Transaction Internet

Banknet Network Merchant

Acquirer

Issuer

Cardholder at PC

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-51

Authorization Services Detail Electronic Commerce

Stage Description 1.

A cardholder accesses a merchant’s Web site via the Internet and requests to make a purchase.

2.

The merchant submits the cardholder’s information to the acquirer.

3.

The acquirer sends an Authorization Request/0100 message, through the Banknet network to the issuer.

4.

The issuer makes the authorization decision and replies using an Authorization Request Response/0110 message.

Types of Electronic Commerce Transactions There are various types of electronic commerce transactions that members may send and receive through the Banknet® telecommunications network. For more information regarding MasterCard® SecureCode™, including detailed transaction flows and participation requirements, see the SecureCode Member Enrollment and Implementation Guide. The Authorization Request (Electronic Commerce Purchase)/0100 message is described as follows: When requesting authorization for an electronic commerce transaction, acquirers send the types of data shown in the next table in the Authorization Request (Electronic Commerce Purchase)/0100 message. This data allows issuers to assess the risk associated with electronic commerce transactions. Required Fields for the Authorization Request (Electronic Commerce Purchase)/0100

9-52

Required Data

DE 22 (Point-of-Service [POS] Entry Mode), subfield 1 (POS Terminal PAN Entry Mode)

81 = PAN entry via electronic commerce, including chip

DE 61 (Point-of-Service [POS] Data), position 3 (POS Terminal Location Indicator)

2

= Off premises of card acceptor facility (cardholder terminal including home PC, mobile phone, PDA)

DE 61 (Point-of-Service [POS] Data), position 4 (POS Cardholder Presence Indicator)

5

= Electronic order (home PC, Internet, mobile phone, PDA)

DE 61 (Point-of-Service [POS] Data), position 10 (CAT Level Indicator)

6

= Electronic commerce

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Electronic Commerce

Required Fields for the Authorization Request (Electronic Commerce Purchase)/0100

Required Data

DE 48, the first data position (Additional Data—Private Use)

TCC of T (Phone, Mail, or Electronic Commerce Order) TCC of U (Unique) TCC of P (Payment Transaction)

DE 48 (Additional Data—Private Use), subelement 40 (Electronic Commerce Merchant/Cardholder Certificate Serial Numbers)

Merchant or cardholder certificate serial number, or both (as applicable)

DE 48 (Additional Data—Private Use), subelement 42, subfield 01 (Electronic Commerce Security Level Indicator and UCAF Collection Indicator)

Electronic Commerce Security Level Indicators, which includes: •

Security Protocol



Type of Cardholder Authentication (that is, whether there is any cardholder certificate or chip card-produced cryptogram associated with the transaction)



Universal Cardholder Authentication Field (UCAF) Collection Indicator, which denotes the UCAF capabilities of the merchant’s Web site

DE 48 (Additional Data—Private Use), subelement 43 (Universal Cardholder Authentication Field [UCAF])

UCAF data (as applicable)

DE 55 (Integrated Circuit Card (ICC) System-related Data)

Integrated circuit card produced cryptogram (only applies if cryptogram is sent to the merchant)

Flow of an Electronic Commerce Authorization Transaction An electronic commerce authorization transaction may follow different processes, depending on the security protocol involved in the transaction. Following are flows and process information for authorization transactions using: •

No security protocol



Channel encryption



SecureCode transaction using the Universal Cardholder Authentication Field (UCAF)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-53

Authorization Services Detail Electronic Commerce

No Security Protocol The following diagram illustrates the flow of an electronic commerce Authorization Request/0100 and the Authorization Request Response/0110. The example shows a transaction with no security protocol. Figure 9.16—Electronic Commerce Flow—No Security Protocol 3

1

4

No authentication of merchant. Merchant sees all cardholder information

Acquirer has no authentication of merchant or cardholder.

2 No protection over the Internet

Issuer has no authentication of merchant or cardholder. 5 0100

Merchant

7

8

Acquirer

0110

0100 MIP

0110

Banknet Network

0100

0100 0110

MIP

0110

Issuer 6

Stage Description

9-54

1.

The cardholder browses the Internet until the cardholder is ready to make a purchase from a merchant. In this example, the cardholder does not have authentication of the merchant at any time.

2.

The cardholder’s browser sends the purchase and payment information over the Internet to the merchant. In this example, no security protocol protects the request.

3.

The merchant receives the purchase information and has access to all of the cardholder account data that the cardholder provided (including payment information).

4.

The merchant requests authorization from the acquirer.

5.

The acquirer generates an Authorization Request/0100, including both of the following: •

Cardholder payment data



Appropriate data element values that identify this as an electronic commerce transaction with no security protocol and no cardholder authentication

6.

The issuer receives the authorization request and generates an Authorization Request Response/0110.

7.

The acquirer receives the Authorization Request Response/0110 and sends the response back to the merchant.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Electronic Commerce

8.

The merchant provides acknowledgement to the cardholder (still unprotected as it travels over the Internet).

Channel Encryption Figure 9.17 illustrates the flow of an electronic commerce Authorization Request/0100 message and the Authorization Request Response/0110 message. The example shows a transaction that uses channel encryption protocol between the cardholder and the merchant. Figure 9.17—Electronic Commerce Flow 4

3 No authentication of merchant. Merchant sees all cardholder information.

1

Acquirer has no authentication of merchant or cardholder.

2 Protection over the internet

Issuer has no authentication of merchant or cardholder. 5 0100

Merchant

8

7

Acquirer

0110

0100 MIP

0110

Banknet Network

0100

0100 0110

MIP

0110

Issuer 6

Goods and Services Order

Can open purchase information Authorization Request

Payment Information

Can open payment information

Opens payment information Authorization Request Response

Response

Stage Description 1.

The cardholder browses the Internet until the cardholder is ready to make a purchase from a merchant.

2.

The cardholder’s browser, which supports channel encryption (that is, SSL), sends the purchase and payment information to the merchant. Channel encryption protects the information over the Internet.

3.

The merchant receives the purchase information and has access to all of the cardholder account data that the cardholder provided.

4.

The merchant requests authorization from the acquirer.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-55

Authorization Services Detail Electronic Commerce

Stage Description 5.

9-56

The acquirer generates an Authorization Request/0100 message, including both of the following: •

The cardholder payment data



The appropriate data element values that identify this as an electronic commerce transaction with channel encryption protocol and no cardholder authentication.

6.

The issuer receives the authorization request and generates an Authorization Request Response/0110 message.

7.

The acquirer receives the Authorization Request Response/0110 and sends the response back to the merchant.

8.

The merchant provides acknowledgement to the cardholder (protected by channel encryption as it travels over the Internet).

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Expired Card Override

Expired Card Override Overriding expired card tests allows issuers to override possible expiration date keying errors, to support reissued cards, and to identify transactions they may otherwise approve. Issuers will receive all Authorization Request/0100 messages containing expired expiration dates. Issuers will have the opportunity to review each transaction, and subsequently approve or decline each transaction.

Note

MasterCard will automatically enable issuers for Expired Card Override. Issuers that want MasterCard to reject MasterCard Authorization Request/0100 messages containing expired expiration dates must complete the Expiration Date Test Form.

System Definition of an Expired Card The Authorization System defines an expired card as a card with an expiration date of one of the following: •

Earlier than the current processing year and month



20 years later than the current processing year

Members can locate the expiration date in DE 14 (Date, Expiration), and from the magnetic stripe track, in DE 45 (Track 1 Data), or DE 35 (Track 2 Data).

Expired Card Tests The expired card tests occur at the acquirer MIP. The following table provides examples of MasterCard expired card test logic. Transaction Date

Authorization Authorization Card Expiration Request Expiration System Date (MM/YY) Date (YY/MM) Response Explanation of Logic

0902 (September 2002)

1002 (October 2002)

0210 (October 2002)

Accept

October 2002 is later than the current processing year and month. The system accepts the date as valid.

0902 (September 2002)

0201 (February 2001)

0102 (February 2001)

Decline

February 2001 is earlier than the current processing year and month. The system declines the date as expired.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-57

Authorization Services Detail Expired Card Override

Transaction Date

Authorization Authorization Card Expiration Request Expiration System Date (MM/YY) Date (YY/MM) Response Explanation of Logic

0902 (September 2002)

0822 (August 2022)

2208 (August 2022)

Accept

August 2022 is less than 20 years from September 2002. The system accepts the date as valid, because 2022 is still within 20 years from 2002.

0902 (September 2002)

0123 (January 2023)

2301 (January 2023)

Decline

January 2023 is 20 years and four months from September 2002. The system declines the dates as expired, because 2023 is more than 20 years from 2002.

Issuer is Enabled for Expired Card Override When a transaction fails the expired card tests and the issuer is enabled for Expired Card Override, the Authorization System forwards the Authorization Request/0100 message to the issuer for processing.

Issuer is Not Enabled for Expired Card Override If the issuer is not enabled for Expired Card Override, the Authorization System generates an “expired card” authorization response of 54 (Expired Card) in DE 39 (Response Code) of the Authorization Request Response/0110 message sent to the acquirer.

Potential Inappropriate Declines If the issuer is not enabled for Expired Card Override, the Authorization System may decline cardholder transactions that the issuer would have approved if the Authorization Request/0100 messages were sent to the issuer.

Expiration Date Errors Expired card tests at the acquirer MIP assume that the expiration date in the authorization message is correct. However, improper keying, misunderstanding of the date, or other human error can cause the expiration date listed in the authorization message to be incorrect. The following table provides an example of a reason a merchant might receive an incorrect expired card authorization response.

9-58

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Expired Card Override

Transaction Date 0902 (September 2002)

Authorization Authorization Card Expiration Request Expiration System Date (MM/YY) Date (YY/MM) Response Explanation of Error 05/31/03

3105 Decline (merchant entered 0531 instead of 0503)

May 2003 is eight months from September 2002. However, the merchant entered the month (05) and the day (31), but not the year (03). The Authorization System reads the expiration date as May 2031.

The system declines the date as expired, because 2031 is more than 20 years from 2002. However, the expiration date is valid, and perhaps the issuer would have accepted the transaction.

Alternate Processing If the issuer is enabled for Expired Card Override and is unavailable, the Authorization System performs the expired card tests, either in Stand-In processing or during X-Code processing. Stand-In Processing Stand-In performs an expired card test. For transactions that fail the expired card test, Stand-In processing: •

Returns to the acquirer code 54 (Expired card) in DE 39 (Response Code) of the Authorization Request Response/0110 message



Stores the transaction in the Store-and-Forward queue with code 0029 in DE 60 of the Authorization Advice/0120 message, available for issuer retrieval. (Code 0029 indicates that Stand-In processing returned code 54 in the Authorization Request Response/0110 message.)



Identifies the transactions with reason code R (Negative File) on the following reports: −

AB201010-AA (Authorization Detail)



AB111010-AA (Stand-In Detail Authorization)



AB517010-AA (Issuer Call Referral Tiered Detail)

See the MasterCard Consolidated Billing System Manual for samples of these reports.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-59

Authorization Services Detail Expired Card Override

Figure 9.18—Expired Card Override—Stand-In Processing Expired Card Test Override: Yes

Issuer is unavailable.

Banknet Network Acquirer

x

x MIP

MIP

Issuer

MIP 0110 message: For expired dates, Stand-In returns "54" in DE 39.

Store-and-Forward Queue: For expired dates, Stand-In stores "0029" in DE 60, positions 4-7

Stand-In Processing

SAF Queue

Stand-In performs the expired date edit.

X-Code Processing X-Code processing performs an expired card test. For transactions that fail the expired card test, X-Code processing returns to the acquirer code 54 in DE 39 of the Authorization Request Response/0110 message.

9-60

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Expired Card Override

Figure 9.19—Expired Card Override: X-Code Processing Expired Card Test Override: Yes

Issuer is unavailable. Banknet Network

Acquirer 0110 message: For expired dates, X-Code returns "54" in DE 39.

MIP

x

x

x MIP

Issuer

X-Code performs the expired date edit. MIP

x Stand-In Processing

Stand-In is unavailable.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-61

Authorization Services Detail Fleet Card Transactions

Fleet Card Transactions Fleet Card transactions are identified by the following characteristics: •

Bank identification number (BIN) range 556000–556999



MCC 4468, 5499, 5541, 5542, 5983, or 7511 (or 9752, United Kingdom only)

Incentive Interchange Rates Acquirers receive incentive interchange rates for transactions that support the data collection requirements of MasterCard Corporate Fleet Card® transactions. To receive the incentive interchange rates for Fleet Card transactions, acquirers must capture specific data to support submission requirements for clearing records. For clearing record requirements, see the GCMS Reference Manual.

Transmitting Fleet Card Data in Authorization Request/0100 Messages To support Fleet Card transactions, acquirers must include specific data in Authorization Request/0100 messages. To determine which data to include, the merchant terminal must recognize the Product Type Code on the magnetic stripe. The Product Type Code determines the: •

Terminal prompt at the POI location



Data that the acquirer must include in the DE 48 (Additional Data—Private Use) field of the Authorization Request/0100 message

Terminal Prompt at the POI Location When the merchant terminal reads the Product Type Code, the terminal responds by prompting for certain information.

9-62

Product Type Code Value

Terminal Prompt—Acquirer May Receive from Merchant

1

ID Number and Odometer

2

Vehicle Number and Odometer

3

Driver Number and Odometer

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Fleet Card Transactions

Product Type Code Value

Terminal Prompt—Acquirer May Receive from Merchant

4

Odometer Only

5

No Prompt

Data in the Authorization Request/0100 Message When the acquirer receives the Fleet Card data from the merchant, the acquirer must include some of the data in the DE 48 (Additional Data—Private Use) field of the Authorization Request/0100 message. Product Type Code Value

Acquirer Must Include in the 0100 Message

Position in the Authorization Request/0100 Message

1

ID Number

DE 48, subelement 98

2

Vehicle Number

DE 48, subelement 99

3

Driver Number

DE 48, subelement 98

4

None

None

5

None

None

Fleet Card Authorization Response Acquirers that support the Fleet Card program must also be able to interpret the additional data provided by the issuer in DE 44 of the Authorization Request Response/0110 message. If the issuer declines a transaction because of an invalid driver, ID, or vehicle number, the issuer will return an Authorization Request Response/0110 message with value 12 in DE 39. The issuer will return additional data in DE 44 that explains the reason for the decline. The terminal at the point of interaction must display this additional data.

Initiating Fleet Card Support To learn more about supporting the Fleet Card program, contact the Customer Operations Services team. Refer to the contact numbers in the Using this Manual chapter.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-63

Authorization Services Detail Global Automated Referral Service

Global Automated Referral Service The Global Automated Referral Service (GARS) is a service that streamlines the process of responding to call referrals for both acquirers and issuers. GARS is mandatory in the U.S. region and optional for members outside the U.S. region.

Benefits of Using GARS GARS reduces the processing time for call referrals from an average of 20 minutes to an average of five minutes or less. It includes the following features: •

A toll-free phone number connecting acquirers to issuers worldwide, with telex processing where necessary. Routing is based on the card account number entered by the acquirer. (For the toll-free phone number that applies to your area, contact the Customer Operations Services team.)



Issuer response time parameters to support the timely provision of authorization responses



Stand-In processing for calls not answered within the required time frame, to guarantee a timely response to the acquirer



Tracking and reporting of issuer and acquirer performance



Performance monitoring and pricing that motivate call referral completion and eliminate unnecessary issuance of call referrals

GARS Process When the merchant receives a “refer to card issuer” authorization response, the merchant calls the acquirer. The acquirer calls GARS, which uses one of the following four paths to obtain an authorization response:

9-64



GARS connects the acquirer to the issuer



GARS connects the acquirer to Stand-In processing



A GSC agent sends a telex to the issuer



A GSC agent connects the acquirer to Stand-In processing

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Global Automated Referral Service

Figure 9.20—GARS Connects Acquirer to Issuer

GARS Acquirer

Issuer

GARS connects the acquirer to the issuer. The acquirer receives the authorization response from the issuer and relays the response to the merchant. Figure 9.21—GARS Connects Acquirer to Stand-In Processing

GARS Acquirer

Issuer does not respond within 30 seconds

Issuer

Stand-In

If the issuer does not respond to the phone call within 30 seconds, GARS connects the acquirer to MasterCard Stand-In processing. The acquirer receives the authorization response from MasterCard Stand-In processing. The acquirer relays the response to the merchant. Figure 9.22—GSC Agent Sends Telex to Issuer

GARS Acquirer

MasterCard GSC Agent Issuer

If the issuer does not use GARS, GARS connects the acquirer to a MasterCard Global Service Center agent. The agent initiates a telex to the issuer. The issuer provides the authorization response to the Global Service Center agent, who communicates the response to the acquirer. The acquirer relays the response to the merchant.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-65

Authorization Services Detail Global Automated Referral Service

Figure 9.23—GSC Agent Connects Acquirer to Stand-In Processing

GARS Acquirer

GSC agent connects the acquirer to Stand-In.

MasterCard GSC Issuer does not Agent respond to the telex within two minutes.

Issuer

Stand-In

The agent connects the acquirer with Stand-In processing if either of the following is true: •

The issuer does not acknowledge the telex within two minutes, or



The issuer acknowledges the telex within two minutes but does not provide an authorization response within 10 minutes.

The acquirer receives the authorization response from Stand-In processing. The acquirer relays the response to the merchant. Figure 9.24 illustrates the entire GARS process with all four paths.

9-66

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Global Automated Referral Service

Figure 9.24—GARS Process Flow

Merchant Merchant receives call referral response and calls acquirer.

Acquirer

Acquirer calls GARS.

GSC agent

Yes: GARS connects acquirer to a GSC agent.

Is a telex required?

No: GARS routes call to issuer. Issuer

Issuer responds in < two minutes?

No: GSC agent connects acquirer to Stand-In.

GSC agent telexes issuer and provides reponse to acquirer.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Stand-In

Stand-In provides response to acquirer.

No: GARS connects acquirer to Stand-In.

Issuer responds in < 30 seconds?

Yes: GARS connects issuer and acquirer.

9-67

Authorization Services Detail Global Automated Referral Service

Acquirer Use of GARS GARS helps acquirers to more quickly receive a response to a call referral from issuers.

Acquirer Procedures Acquirers receiving a “refer to card issuer” authorization response should use the following procedure to receive an authorization decision from the issuer.

9-68

Step

IF…

THEN you should…

1.

You receive an authorization response of “refer to card issuer.”

Dial the GARS phone number for your country (provided when you sign up for GARS) within 11 minutes of the issuance of the “refer to card issuer” message.

2.

GARS says, “Welcome to the Enter your six-digit billing ICA number, MasterCard Global Automated Referral followed by the pound sign (#). Service. If you make an error entry at any time, press the star key. Please enter the Acquiring ICA number followed by the pound sign.”

3.

GARS says, “The ICA number entered is XXXXXX. If correct, press one. If not correct, press two.”

Press either the one (1) or two (2) key.

4.

GARS says, “Please enter the MasterCard account number followed by the pound sign.”

Enter the 16-digit MasterCard cardholder account number followed by the pound sign (#).

5.

GARS validates the MasterCard account number, dials the issuer, and the issuer comes on the line.

Discuss the authorization transaction

6.

The issuer provides you with an authorization response.

Provide the merchant with the issuer’s authorization response.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Global Automated Referral Service

Stand-In Processing Procedures If the issuer does not connect with the call within 30 seconds, GARS connects you to Stand-In processing. To receive an authorization decision from StandIn processing, follow these steps. Step

IF…

THEN you should…

1.

GARS says, “We appreciate your patience. The issuer is not available at this time. Your call will now be serviced by MasterCard Stand-In processing.”

Follow the instructions given by GARS.

2.

GARS says “For a code 10 call, press 1. For all other calls, press the pound (#) key.”

IF you press…

THEN GARS will…

1 for a code 10 call

Transfer the call to a MasterCard agent for assistance.

# for another type of call

Go to step 3.

3.

GARS says “Please enter the MCC number, followed by the pound sign.”

Enter the MCC number and the pound sign.

4.

GARS says “Please enter the merchant number, followed by the pound sign.”

Enter the merchant number and the pound sign

5.

GARS says “Please enter the four digit expiration date in MM/YY format, followed by the pound sign.”

Enter the four-digit expiration date in MM/YY format and the pound sign.

6.

GARS says “Please enter the transaction amount in U.S. dollars and cents, followed by the pound sign.”

Enter the transaction amount in U.S. dollars and cents and the pound sign

7.

GARS says, “You entered X dollars and X cents. If correct, press 1. If not correct, press 2.”

IF you press…

THEN GARS will…

1

Go to step 8.

2

Repeat step 6.

8.

GARS says “Please choose one of the following transaction types:

Enter the number for the transaction type of this transaction.



For retail, press 1.



IF you press…

THEN GARS will…

For phone or mail order,

1, 2, 3, or 4

Go to step 10.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-69

Authorization Services Detail Global Automated Referral Service

Step

IF…

THEN you should… press 2.

9.

10.



For cash advance, press 3.



For travel, press 4.



For all other transaction types, press 5.”

GARS says: •

“For automobiles, press 1.



For food, press 2.



For hotel, press 3.



For tuition or hospital, press 4.



For unique, press 5.



For payment, press 6.”

5

Go to step 9.

Enter the number for the transaction type of this transaction.

GARS provides one of the Provide the merchant with Stand-In following authorization responses: processing’s authorization response. •

“The approval code is XXXXXX. To repeat the approval code, press 1. To end this call, press 2.”



“This transaction has been declined. Thank you for calling MasterCard International. Goodbye.”

Telex Processing Procedures If the GARS database determines that a telex must be used to complete the call, GARS places you on hold (and does not initiate Stand-In processing). A MasterCard Global Service Center agent telexes the issuer. The MasterCard agent obtains an authorization response from the issuer and provides the authorization response. The MasterCard agent initiates Stand-In processing if: •

The issuer does not acknowledge the telex within two minutes, or



The issuer acknowledges the telex within two minutes but does not provide an authorization response within 10 minutes.

In this case, the Stand-In Processing procedures apply. Stand-In processing provides the authorization response to you.

9-70

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Global Automated Referral Service

Acquirer Best Practices MasterCard recommends that acquirers promote efficient and accurate processing of call referrals by using the following practices when talking to issuers’ agents: •

Be prepared to provide the following authorization request information to the issuer’s agent: −

ICA number



Card account number



Expiration date



Card acceptor business code/merchant category code (MCC)



Transaction amount in U.S. dollars



Keep the merchant on hold on another phone line, in case the issuer’s agent requests additional information from the cardholder or merchant. (Acquirers should not conference merchants into phone calls with the issuers’ agents.)



Initiate the conversation with slow, distinct pronunciation. Be aware that the issuer’s agent might not be comfortable with the acquirer’s primary language.



Request clarification when uncertain of the communication.

If the issuer or its agent cannot respond to the call referral in a timely manner, through either GARS or the MasterCard International Telecommunications Authorizations Center (ITAC), GARS routes the call referral to the MasterCard Central Site Stand-In processing facility. Acquirers should allow additional time to complete the call and be prepared to provide additional authorization information, as required by Stand-In processing. Acquirers should monitor call referral response rates to identify merchants that do not comply with the call referral process. To help acquirers monitor their merchants, MasterCard provides GARS members with the Monthly Acquirer Response Below Target Report (GR128010-BB). Acquirers receive reimbursement automatically when they use GARS in response to a “refer to card issuer” authorization response.

Note

Reimbursement to acquirers using GARS is automatic. If acquirers use memberto-member methods of communication, they must request reimbursement through the 667 record (usage code 100).

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-71

Authorization Services Detail Global Automated Referral Service

Methods Acquirers Can Use to Improve GARS Performance The acquirer can improve GARS performance and ensure that it qualifies for reimbursement by doing the following: •

Test your phone system to ensure that it generates true touch-tones on outbound calls. The GARS connection to the issuer is dependent on touch-tones.



Communicate the GARS procedures to your agents. MasterCard is available to assist you in your training efforts.



Consider adding a conference call feature to your phone system so that you, your merchant, the cardholder, and the issuer can interact directly.



Consider adding speed dialing to your phone system to save time when calling GARS.



Communicate the GARS procedures and the importance of GARS to your merchants. Encourage them to call you (rather than request another form of payment) when a call referral message appears on their POI devices.

Issuer Use of GARS GARS helps issuers because it provides them with a method to more quickly respond to acquirers requesting authorizations for call referral responses.

Issuer Procedures When you issue a response of “refer to card issuer” and the acquirer contacts you via GARS, follow these steps. Step

IF…

THEN you should…

1.

GARS says, “Incoming MasterCard referral call. Press the zero key and the pound key now.”

Press the required zero (0) and pound (#) keys within 30 seconds.

GARS connects you with the acquirer to discuss the transaction.

Obtain the necessary authorization information from the acquirer and communicate your authorization response to the acquirer.

2.

9-72

If you do not enter “0#” within 30 seconds, GARS connects the acquirer to Stand-In processing for the authorization response.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Global Automated Referral Service

Issuer Best Practices MasterCard recommends that issuers promote efficient and accurate processing of call referrals by using the following practices when talking to acquirers’ agents: •

Initiate the conversation with slow, distinct pronunciation. Be aware that the acquirer’s agent might not be comfortable with the issuer’s primary language.



Request clarification when uncertain of the communication.

To improve their call referral processes, issuers should monitor: •

The number of call referrals they generate in response to Authorization Request/0100 messages. Issuers should use call referrals only for high-risk situations because call referrals result in an expensive and time-consuming process, which can be detrimental to cardholder relationships.



The rate of call referrals going to Stand-In processing. Issuers should ensure that they have sufficient call center staff and a stable telecommunications infrastructure to be able to support the number of call referrals they generate.



The average duration of call referrals. Issuers should try to meet the goal of keeping call referrals to five minutes or less. Short call durations result in reduced transaction times, improve the call referral process for merchants and cardholders, and provide the best use of resources.

To help monitor Stand-In processing response rates and call durations, MasterCard provides the following reports to GARS issuers: •

Weekly Issuer Transaction Detail Report (GR122010-AA)



Monthly Issuer Call Referral Report (GR129010-AA)

Issuers should establish Stand-In processing transaction limits that are specific to transactions approved through GARS call referrals. The MasterCard Central Site Stand-In processing facility ensures a timely authorization decision when the issuer is not available. MasterCard suggests that GARS issuers establish two phone numbers for GARS call referral processing. Issuers can have all intracountry call referrals routed to one phone number and all intercountry call referrals routed to another phone number. Issuers can better anticipate potential language differences and offer enhanced services to cardholders traveling outside of their countries.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-73

Authorization Services Detail Global Automated Referral Service

Charges to the issuer apply for issuing each call referral and for completed GARS calls initiated by the acquirer. Issuers also pay a noncompliance assessment for Stand-In processing if they fail to answer a GARS call within 30 seconds or a GARS telex within two minutes.

Methods Issuers Can Use to Improve GARS Performance Issuers can use the following methods to improve GARS performance: •

Ensure that your phone system can generate true touch-tone signals. If you use an automated system such as a Voice Response Unit to answer incoming calls, be sure the system responds with a zero key followed by a pound key (0, #). This will allow the acquirer’s agent to hear the instruction of your automated system to expedite your call referral response.



Ensure that your system is prepared to answer phone calls within 30 seconds and telex calls within two minutes. Calls not answered within these time frames will be routed to the Stand-In System.



Determine whether to establish specific Stand-In transaction limits for GARS. (Complete the GARS Initiation and Change Form to establish specific limits.)



Determine whether to establish one phone number for all incoming GARS calls or two phone numbers: one for GARS requests from acquirers located outside of the issuer country and one for domestic GARS requests. Indicate the phone numbers on the GARS Initiation and Change form.



Review the information you provided to Stand-In processing either online or on the Stand-In Processing Worksheet. In particular, check the following: −

Referral phone number provided. GARS uses this number to route calls to you.



Stand-In processing parameters

Submit any changes to your member representative at least 15 days before using a new phone number or new parameters.

9-74



Determine your ability to handle the volume of completed call referrals using GARS. Because GARS call referrals are fast and easy, there may be an increase in the ratio of calls completed to referrals issued. You may want to consider adjusting staffing and equipment levels to ensure higher control and risk reduction and avoid excessive Stand-In processing fees.



Communicate to your employees the importance of answering GARS calls quickly to avoid additional Stand-In processing fees. MasterCard is available to assist you in your training efforts.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Global Automated Referral Service

Monitoring Call Referral Activity The minimum response and talk-time standards outlined in chapter 4 apply to all call referrals—domestic and international—whether processed through GARS or direct member-to-member communications.

Issuer and Acquirer Performance Reports Issuers and acquirers can monitor call referrals completed through GARS using the following reports found in chapter 10: • • • • •

GARS GARS GARS GARS GARS

Weekly Acquirer Transaction Detail Report Weekly Issuer Call Detail Report Monthly Acquirer Response Report Monthly Acquirer Response Below Target Report Monthly Issuer Call Referral Report

In addition, samples of the following reports showing charges or reimbursements associated with GARS appear in the MasterCard Consolidated Billing System Manual: •

Issuer Authorization Detail Report and Issuer Call Referral Detail Report— shows issuer charges for call referrals



Acquirer Authorization Detail Report and Acquirer Call Referral Detail Report—shows acquirer reimbursement for completed call referrals



Call Referral Summary Report—shows tiered pricing for excessive issuer call referral activity



Guaranteed Issuer Availability Report

Store-and-Forward Messages Issuers also can monitor call referrals completed through GARS via store-andforward (SAF) messages. MasterCard generates Authorization Advice/0120 messages for GARS transactions that Stand-In processes. MasterCard uses a promotion code of “MCGARS” to identify GARS Stand-In activity. See chapter 5 for more information about retrieving SAF messages, and the “Promotion Code” topic in this chapter for more information about promotion code.

To Request GARS or Change GARS Parameters To begin to use GARS or to change GARS parameters, complete the GARS Initiation and Change Form. Send it to the address or fax number on the form.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-75

Authorization Services Detail M/Chip On-behalf Services

M/Chip On-behalf Services MasterCard provides M/Chip on-behalf services to help issuers that want to migrate to MasterCard M/Chip technology without having to make an initial investment to completely upgrade their host systems for M/Chip processing. The on-behalf services support issuers using M/Chip technology by performing all or part of the M/Chip-related authorization processing on behalf of the issuer for a designated account range. The Chip to Magnetic Stripe Conversion and the M/Chip Cryptogram Prevalidation on-behalf services are provided on a permanent basis. The M/Chip Cryptogram Validation in Stand-In Processing on-behalf service is provided on a dynamic basis if an issuer is not able to respond to an authorization request. Issuers that want to use M/Chip on-behalf services may select only one of the following services: • • •

Chip to Magnetic Stripe Conversion M/Chip Cryptogram Pre-validation M/Chip Cryptogram Validation in Stand-In Processing

To implement one of these services, complete the Key Validation Service Specification Form and follow the procedures in the On-behalf Key Management (OBKM) Document Set.

Chip to Magnetic Stripe Conversion MasterCard provides Chip to Magnetic Stripe Conversion to issuers by performing all or part of the M/Chip-related authorization processing on behalf of the issuer for a designated account range. MasterCard removes designated M/Chip-related data elements and alters others before forwarding the transaction to the issuer. MasterCard notifies the issuer that the transaction was an M/Chip transaction and that MasterCard altered the transaction information before sending it to the issuer. Providing this information allows the issuer to make the authorization decision based on information remaining in the authorization request, without having to reject the transaction because it does not currently process M/Chip transactions. For more information about using the Chip to Magnetic Stripe Conversion service, see the Customer Interface Specification manual. The Chip to Magnetic Stripe Conversion service is optional.

9-76

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail M/Chip On-behalf Services

M/Chip Cryptogram Pre-validation Service The M/Chip Cryptogram Pre-validation service is for issuers that use the M/Chip Select 2.0, M/Chip Lite 2.1, M/Chip 4.0 (EMV96 and EMV2000 session key derivations) and EMV CCD-compliant chip cards. This service validates the Authorization Request Cryptogram (ARQC) and generates the Authorization Response Cryptogram (ARPC) on behalf of an issuer. After performing this service, MasterCard notifies issuers of the results of the cryptogram validation. Issuers may use these results in the authorization approval process. For more information about using the M/Chip Cryptogram Pre-validation service, see the Customer Interface Specification manual. The M/Chip Cryptogram Pre-validation service is optional.

M/Chip Cryptogram Validation in Stand-In Processing M/Chip Cryptogram Validation in Stand-In Processing is available for issuers that use the M/Chip Select 2.0, M/Chip Lite 2.1, M/Chip 4.0 (EMV96 and EMV2000 session key derivations) and EMV CCD-compliant chip cards. This service authorizes M/Chip transactions within Stand-In processing when an issuer host is not available. When Stand-In processing authorizes M/Chip transactions, MasterCard validates the ARQC, processes the authorization request based on the issuer’s Stand-In parameters, and generates the ARPC. For more information about using M/Chip Cryptogram Validation in Stand-In Processing, see the Customer Interface Specification manual. M/Chip Cryptogram Validation in Stand-In Processing is optional.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-77

Authorization Services Detail Magnetic Stripe Compliance Program

Magnetic Stripe Compliance Program The Magnetic Stripe Compliance Program provides an opportunity for acquirers and processors to verify that they are capturing and sending complete and unaltered track data, identical to the data encoded on the magnetic stripe of the MasterCard card. The Magnetic Stripe Compliance Program is optional for acquirers, to assist their efforts to reduce fraud.

Note

MasterCard recommends that all acquirers participate in the Magnetic Stripe Compliance Program.

Participating in the Magnetic Stripe Compliance Program To become a participant in the Magnetic Stripe Compliance Program, acquirers must use the following process. Step

Action

1.

Complete the Magnetic Stripe Compliance Program Application, identifying each processor they will use.

2.

Submit the forms to the Customer Operations Services team.

3.

Begin submitting Authorization Request/0100 messages with value 90 in DE 22 (Point-of-Service [POS] Entry Mode), subfield 1 (POS Terminal PAN Entry Mode) so that MasterCard can monitor the inclusion of complete and unaltered track data.

4.

Review the Magnetic Stripe Compliance monitoring reports provided by MasterCard. These reports separate track data errors at the merchant and terminal levels, according to acquirer/processor combination.

5.

If necessary, resolve any errors identified by the monitoring reports.

MasterCard approves an acquirer for the Magnetic Stripe Compliance Program when that acquirer resolves all integrity errors and successfully completes the monitoring step.

Note

9-78

Acquirers must notify MasterCard when they make any changes to their acquirer/processor combinations. Examples of such changes include changing the Forwarding Institution ID Code for transaction routing or changing the Acquiring Institution ID Code for transaction routing.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Magnetic Stripe Compliance Program

Monitoring Phase Monitoring typically lasts for seven calendar days, but it can last longer if the reports identify integrity errors.

Note

Until the acquirer completes the monitoring phase of the Magnetic Stripe Compliance Program, MasterCard will alter the value in DE 22, subfield 1 to value 02, indicating that the track data may not be complete.

If MasterCard alters the value in DE 22, subfield 1 from value 90 to value 02 while the acquirer is in the monitoring phase, MasterCard will include information for the issuer in DE 48, subelements 88 and 89. Subelement 88 will contain value Y to indicate that MasterCard changed value 90 to value 02. Subelement 89 will contain data to indicate edit errors in the Authorization Request/0100 message.

Requirements for Magnetic Stripe Compliance Following are the program requirements:

Note



Track 1 data, if present, must be complete and unaltered. (If Track 1 data is not present, Track 2 data must be present.)



Track 2 data, if present, must be complete and unaltered. (If Track 2 data is not present, Track 1 data must be present.)



DE 32 (Acquiring Institution ID Code) must equal a preceding zero and then the MasterCard ICA number.



DE 22, subfield 1 (POS Terminal PAN Entry Mode) must contain value 90.



DE 48, position 1 (Transaction Category Code) cannot contain value T.



DE 61, subfield 4 must contain value 0, indicating that the cardholder is present.



DE 61, subfield 5 must contain value 0, indicating that the card is present.



If Track 1 or Track 2 data is used to generate other data elements, the acquirer must ensure that the data values match. For example, the PAN (DE 2) must match the card number in the track data, and the Expiration Date (DE 14) must match the expiration date in the track data.

Issuers can vary the length of their track data and the subelements within the track data.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-79

Authorization Services Detail Magnetic Stripe Compliance Program

MasterCard Edits MasterCard edits Authorization Request/0100 messages from the previous day’s activity to ensure that it is consistent with the requirements documented in the Customer Interface Specification manual. When MasterCard identifies erroneous data, MasterCard informs the primary member contact listed on the Magnetic Stripe Compliance Program Application of the erroneous data. After an acquirer becomes a participant in the Magnetic Stripe Compliance Program, MasterCard continues to provide information about erroneous magnetic stripe data. The magnetic stripe compliance report provides information at the acquirer/processor, merchant, and terminal levels to help acquirers resolve issues.

Risk of Not Participating Acquirers that do not participate in the Magnetic Stripe Compliance Program are at risk for:

Note

9-80



Message reason code 4862 (Counterfeit Transaction Magnetic Stripe POS Fraud). For more information, see the Chargeback Guide.



Interchange rate adjustments—Interchange compliance requires that MasterCard approve participating acquirer/processor combinations for magnetic stripe compliance.



Transactions submitted for clearing by acquirer/processor combinations not approved for magnetic stripe compliance are not eligible for some interchange rates and may be subject to interchange adjustment. For more information, see the Interchange Compliance Manual.



Rejection of the clearing transaction for the International Electronic Interchange (IEI) rate.

Members that choose to participate in the International Electronic Interchange (IEI) program must first become approved participants in the Magnetic Stripe Compliance Program.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Manual Telex Authorization Requests

Manual Telex Authorization Requests Only acquirers in regions outside the U.S. can request authorization via manual telex. These acquirers may send manual telex authorization requests only when their primary authorization method has failed. Acquirers may perform authorization processing via manual telex using the following procedures.

Telex Requests To request authorizations via manual telex, follow these steps. Acquirers that do not use the Global Automated Referral Service (GARS) may use manual telex in response to a call referral. Step

Action

1.

Prepare a telex using the format illustrated in Figure 9.25.

2.

Dial telex number: (U.S. country code) 434800. The MasterCard International Telex Authorization Center (ITAC) has six rotary lines available and receives telex calls on the first available line. It sends the response: 434800 ITAC UI.

3.

After receiving the proper telex response, transmit the prepared telex.

Figure 9.25—Authorization Request Manual Telex Sample

R634253 C5419843331777778 E0798 D312.00 TH9999 I1990 M 8921205

Note

Requesting authorization through MasterCard ensures that you will be reimbursed for the cost of the telex.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-81

Authorization Services Detail Manual Telex Authorization Requests

Manual Telex Authorization Request Field Definitions Field Name

Entry Required?

Field Description

R (REFERENCE NUMBER)

Yes

The field identifier (R) followed by the number identifying this authorization request. Valid Values: Up to seven characters (alphanumeric)

Format: RNNNNNN R

= the letter R

NNNNNN = the reference number C (CARD NUMBER)

Yes

The field identifier (C) followed by the account number on which authorization is being requested. Valid Values: 17 characters (alphanumeric). Account number must be numeric.

Format: CN

E (EXPIRATION DATE)

Conditional

C

= the letter C

N

= the 16-digit account number

The field identifier (E) followed by the expiration date of the card. If date is unknown, skip this field entirely and enter the dollar amount field immediately after the card number. Valid Values: Five alphanumeric

characters. Format: EMMYY E

= field identifier

MM = Month YY = Year D (DOLLAR AMOUNT)

Yes

The field identifier (D) followed by the dollar amount for which authorization is being requested. Valid values: Up to 12 alphanumeric characters, including the decimal point. (For example, D312.00)

Format: DNNNNNNNN.NN D = the letter D

9-82

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Manual Telex Authorization Requests

Field Name

Entry Required?

Field Description NNNNNNNN.NN = dollar amount in U.S. dollars

T (TRANSACTION TYPE CODE/MCC)

Yes

The field identifier (T), the type of transaction, and the card acceptor business code/merchant category code (MCC). Valid values: Six alphanumeric

characters Format: TXMMMM T = the letter T X = alphabetic transaction type code (See below.) MMMM = Four-digit MCC. (See the Quick Reference Booklet for a list of valid MCCs.) Transaction Type Codes:

A = Automobile/Vehicle Rental C = Cash Disbursement F = Restaurant H = Hotel/Motel and Cruise Ship Services O = College/School Expense/ Hospitalization P = Payment Transaction R = Retail/All Other Transaction T = Mail Order/Telephone Order/ Electronic Commerce Order/ Preauthorized Order U = Unique Transaction X = Transportation Z = ATM Cash Disbursement I (ICA NUMBER)

Yes

The field identifier (I) followed by the MasterCard-assigned customer ID. Valid values: Six numeric characters

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-83

Authorization Services Detail Manual Telex Authorization Requests

Field Name

Entry Required?

Field Description

M (MERCHANT SUSPICIOUS)

No

The field identifier (M), which indicates that the transaction causes suspicion. This field is optional. Valid value: The letter M Note: The acquirer may contact the

issuer directly under extremely suspicious conditions. MERCHANT NUMBER

Yes

The merchant identification number that the acquirer assigns. Valid values: Up to 15 digits

Telex Responses After sending an authorization request, wait for the telex response. The ITAC operator will send the response to you within three minutes. If a response is not immediately available, you will receive the response CB. This indicates that the authorization reply is not immediately available. When you receive the response CB, terminate the telex call. ITAC will contact you as soon as the response is ready. See Figure 9.26 and the field descriptions for a sample of this response. Figure 9.26—Delayed Response

R634253 CB

Manual Telex Delayed Response Field Descriptions Field Name

Field Description

R (REFERENCE NUMBER)

The field identifier (R) plus an echo of the reference number in the authorization request.

(RESPONSE)

Message indicating that the response is delayed. Valid value: CB

9-84

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Manual Telex Authorization Requests

Authorization Request Response You will receive one of the following responses: •

Approved



Decline



Capture Card



Card Number Invalid

If you are a U.S. region acquirer responding to a call referral, ITAC will phone you with the authorization response. The following conditions apply for acquirers outside the U.S. region: •

If you are a GARS acquirer and the call referral originated via phone, ITAC will transmit the response via phone.



If you are a non-GARS acquirer or a GARS acquirer that received the call referral via telex, ITAC will transmit the response via telex.



See Figure 9.27 for a sample response via telex. Disconnect the telex line when you receive the response.

Responses generated by either MasterCard or the issuer contain the reference number and the authorization response as shown in following illustration. Figure 9.27—Approved Response

R634253 Code is 123456

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-85

Authorization Services Detail Manual Telex Authorization Requests

Approved Response Field Descriptions Field Name

Field Description

R (REFERENCE NUMBER)

The field identifier (R) plus an echo of the reference number in the authorization request.

(RESPONSE)

The authorization response generated by MasterCard or the issuer. Preferred values are as follows:

Code is

= Approved, followed by the authorization code, consisting of two to six alphanumeric characters

Decline

= Refused

Capture Card

= Pick Up

Card Number Invalid

= Indicates that the cardholder number in the authorization request is invalid. Verify the cardnumber and make a second attempt.

The issuer may include in the authorization response any information that the issuer decides is necessary (for example, a telex response may include the cardholder’s address or mother’s maiden name); this supplies a means for the merchant to positively identify the cardholder. This information may appear anywhere on the telex.

9-86

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail MasterCard ATM Network

MasterCard ATM Network The MasterCard® ATM Network provides cash access around the world to credit and ATM debit cardholders by accepting cards bearing the MasterCard, Maestro, and Cirrus logos. All MasterCard issuers must participate in the MasterCard ATM Network to provide cash access to their cardholders. Where permitted, issuers may provide to their cardholders the option of conducting balance inquiries and merchandise purchases using the MasterCard ATM Network. The MasterCard ATM Network is the world’s largest global ATM network. It has more ATMs, in more countries, accessed by more cardholders, conducting the most transactions than any other ATM network. The MasterCard ATM Network and member processors continue to provide a superior percentage of completed transactions. Cardholders using MasterCard, Maestro, and Cirrus branded cards know that they can expect to receive the cash they requested.

Data Security The MasterCard ATM Network rules require that all ATMs migrate to triple data encryption standard (triple DES) for encryption of cardholder-entered personal identification number (PIN). The triple DES encryption technology reduces the likelihood of fraud losses by making it more difficult for criminals to discover sensitive account information.

ATM Locator The MasterCard ATM Locator is a set of Web sites and toll-free automated voice recognition systems that cardholders use to search for ATMs. Cardholders access the MasterCard ATM Locator using: • • • • • •

The Internet Mobile phones Personal digital assistants Voice response telephone numbers Onboard vehicle navigation systems Bank Web sites

Maps and directions to ATMs are available in many countries.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-87

Authorization Services Detail MasterCard ATM Network

ATM Directory The MasterCard ATM Directory enables members and processors to efficiently manage and market their ATM location information. ATM location information may include enhanced details, such as: • • • • • • •

Phone numbers Airport locations Location descriptions Hours of operation Landmarks ATM types Handicap accessibility information

Benefits The MasterCard ATM Network provides numerous benefits to cardholders, acquirers, and issuers. •





9-88

The MasterCard ATM Network provides cardholders with: −

Worldwide access to cash 24 hours a day, seven days a week



No need to carry large sums of cash



Favorable currency conversion exchange rate

Acquirers benefit from the MasterCard ATM Network because the network provides: −

Interchange income each time a MasterCard or Cirrus cardholder uses an ATM owned by that acquirer that displays the MasterCard and Cirrus logos



Competitive advantage by accepting MasterCard, Maestro, and Cirrus cards having worldwide recognition and acceptance



More transactions from more cardholders, lowering the cost per transaction

Issuers benefit from the MasterCard ATM Network because the network provides: −

Competitive advantage by offering MasterCard, Maestro, and Cirrus cards having worldwide recognition and acceptance



Fee revenue opportunities

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail MasterCard ATM Network

Supported Transactions The MasterCard ATM Network supports a variety of transactions, including: •

Cash withdrawal from debit accounts



Cash disbursement from credit accounts



Account balance inquiry from debit accounts



Available balance inquiry from credit accounts



Merchandise purchase from debit accounts for items, such as postage stamps and other items approved by MasterCard. Acquirers must successfully complete testing for ATM merchandise transaction before submitting merchandise purchase transactions to MasterCard.

Interfaces to the MasterCard ATM Network MasterCard issuers can choose either of the following options to receive authorization requests for ATM transactions: •

A direct interface to the MasterCard ATM Network



An interface via the Banknet network to the MasterCard ATM Network

Direct Interface Issuers that choose to interface directly with the MasterCard ATM Network receive ATM transactions via a Financial Transaction Request/0200 message. For a description of the 0200 messages, see the MDS Online Specifications and the Cirrus Worldwide Operating Rules.

Interface via the Banknet Network If the issuer chooses to receive ATM transactions via the Banknet network, the issuer receives ATM transactions in an Authorization Request/0100 message. Choosing to receive ATM transactions via the Banknet network in Authorization Request/0100 messages gives issuers the following additional options: •

MasterCard validation of the PIN



Application of MasterCard Stand-In processing when the issuer is unavailable (only if MasterCard also validates the PIN)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-89

Authorization Services Detail MasterCard ATM Network

PIN Validation Issuers can choose to have MasterCard validate the PINs or to validate the PINs themselves. IF…

THEN…

MasterCard validates the PIN

MasterCard performs this service before forwarding the Authorization Request/0100 message to the issuer.

The issuer validates the PIN

MasterCard forwards the PIN to the issuer with the Authorization Request/0100 message.

Issuers that validate their own PINs must send to MasterCard the encryption key to translate encrypted PINs in the online request message. Issuers that choose to have MasterCard validate PINs for ATM transactions must complete the PIN Processing Profile form and must provide PIN verification keys by completing the Hard Copy Key Exchange form. Stand-In Processing Issuers can choose whether to have Stand-In processing process online request ATM transactions when they are not available. Issuers may choose to have MasterCard validate a PIN if a PIN is present in an online request message when the issuer is unavailable. IF the issuer requests that…

THEN MasterCard…

MasterCard perform Stand-In processing and PIN validation

Processes the online request message and validates the PIN.

MasterCard not perform PIN validation during Returns a response of “decline” when Stand-In processing the issuer is unavailable.

See chapter 6 for more information about Stand-In processing tests.

For More Information For more information about ATM participation, see the Security Rules and Procedures.

9-90

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail MasterCard SecureCode

MasterCard SecureCode MasterCard® SecureCode™ builds upon the infrastructure requirements for channel encryption with the additional benefit of cardholder authentication. When used in conjunction with components of the MasterCard payment infrastructure, this program provides a mechanism for online merchants to potentially receive an enhanced payment guarantee similar to what retailers (non-Internet) receive with qualifying physical point-of-sale transactions.

Universal Cardholder Authentication Field The Universal Cardholder Authentication Field (UCAF) is a standard, globally interoperable method of collecting cardholder authentication data at the point of interaction. Within the MasterCard authorization networks, UCAF is a universal, multipurpose data transport infrastructure that is used to communicate authentication information between cardholders, merchants, issuers, and acquirers. It is a variable length (maximum 32 characters) field with a flexible data structure that can be tailored to support the needs of issuer security and authentication approaches.

SecureCode Authentication Platforms MasterCard SecureCode offers a flexible and robust solution for cardholder authentication. Recognizing that one size does not fit all, MasterCard places a premium on flexibility, enabling issuers to choose from a broad array of security solutions for authenticating their cardholders, which includes both password and smart card-based approaches. Based on the MasterCard implementation of the 3-D Secure protocol issuers may use issuer-assigned or cardholder-selected passwords to authenticate their cardholders. The Chip Authentication Program (CAP), also based on the 3-D Secure protocol, provides a seamless integration of both EMV and 3-D Secure technologies that result in stronger authentication than traditional static password solutions.

Licensing SecureCode Specifications The design specifications associated with SecureCode are based on MasterCard intellectual property. MasterCard licenses the specification to technology vendors and members to integrate into their current authentication security solutions and platforms.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-91

Authorization Services Detail MasterCard SecureCode

Technology vendors that want to integrate SecureCode functionality into current or future products first must establish licensing agreements with MasterCard.

Accountholder Authentication Value The Accountholder Authentication Value (AAV) is a MasterCard® SecureCode™ -specific implementation of UCAF related to issuer authentication platforms that incorporate the Secure Payment Application (SPA) algorithm. SPA is a MasterCard security method designed to authenticate cardholders when they pay online. AAV is generated by the issuer and presented to the merchant for placement in the authorization request upon successful authentication of the cardholder. UCAF is used to transmit the AAV from the merchant to the issuer for authentication purposes during the authorization process. Issuers that want to use AAV verification may implement the following AAV verification services: •

MasterCard SecureCode AAV Verification



MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing

To implement the MasterCard SecureCode AAV Verification service, complete the Key Validation Service Specification Form and follow the procedures in the On-behalf Key Management (OBKM) Document Set.

MasterCard SecureCode AAV Verification Service MasterCard offers AAV verification service on every authorization transaction that contains UCAF data—regardless of whether the issuer’s host system is available or unavailable to respond to the Authorization Request/0100 message. When the issuer’s host system is available and after the verification process is complete, MasterCard includes in the Authorization Request/0100 message DE 48, subelement 71 (On-behalf Services) containing: •

Subfield 1 (On-behalf [OB] Service) with the value 05



Subfield 2 (On-behalf [OB] Result 1) with the value I, U, or V

When the issuer’s host system is unavailable, Stand-In processing forwards to the issuer the Authorization Advice/0120 message where DE 48, subelement 71 contains: •

9-92

Subfield 1 (On-behalf [OB] Service) with the value 05

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail MasterCard SecureCode



Subfield 2 (On-behalf [OB] Result 1) with the value I, U, or V

For more information about using the SecureCode AAV Verification service, see the Customer Interface Specification manual. MasterCard SecureCode AAV Verification service is an optional on-behalf service.

MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing MasterCard offers AAV verification service for authorization transactions processed by Stand-In processing that contain AAV data in DE 48, subelement 43 (Universal Cardholder Authentication Field [UCAF]) of the Authorization Request/0100 message. Issuers that want to participate in the MasterCard SecureCode Dynamic AAV verification in Stand-In processing will provide the confidential key data that MasterCard will use in the verification process. MasterCard applies an algorithm to the issuer’s confidential key data, the AAV, and the issuer’s PAN to determine the validity of the AAV data provided by the acquirer. MasterCard uses DE 48, subelement 71 (On-behalf Services) in the Authorization Advice/0120 message to communicate the results of the AAV verification test to the issuer: •

Subfield 1 (On-behalf [OB] Service) contains value 06 (MasterCard SecureCode Dynamic AAV Verification Service).



Subfield 2 (On-behalf [OB] Result 1) contains one of the following values:





I (Invalid)



U (Unable to process)



V (Valid)

Subfield 3 (On-behalf [OB] Result 2) is always blank (space).

MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing is an optional service.

For More Information For more information regarding SecureCode, including detailed transaction flows and participation requirements, see the SecureCode Member Enrollment and Implementation Guide. For additional information about the data elements required to support the use of UCAF, see the Customer Interface Specification manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-93

Authorization Services Detail MasterCard SecureCode

Comparison of Security Protocols The following table lists the features provided by each security protocol described in this chapter. Type of Security Protocol Feature

None

Protection of Unprotected information over the Internet Protection of information at the merchant site

Channel Encryption

SecureCode (using UCAF)

Protected

Protected

Payment information

Payment information

Payment information

unprotected. (Merchant

unprotected. (Merchant

sees all cardholder information.)

sees all cardholder information.)

unprotected unless used in conjunction with pseudo– account number solution.

(Merchant sees all cardholder information. Merchant should encrypt all sensitive data behind a firewall, as specified in MasterCard Best Practices.) Authentication of Acquirer

No authentication

No authentication

No authentication

Authentication of Merchant for payment

No authentication

No authentication

No authentication

Authentication of Cardholder for payment

No authentication

No authentication

Reliable authentication provided by the MasterCard issuer

9-94

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail MasterCard-acquired Visa Transactions

MasterCard-acquired Visa Transactions The MasterCard Authorization System allows acquirers to process Visa transactions via the connection to the MasterCard Banknet network. It supports both transactions that qualify for the Custom Payment Service (CPS) and transactions that do not.

Issuer Options Issuers may choose to accept Visa activity using their connection to the Banknet network. This connection is called “peer-to-peer.” If the issuer is not peer-to-peer, MasterCard routes authorization requests to the Visa network.

CPS Transactions For Visa transactions that indicate CPS, MasterCard routes the authorization request to the Visa network. MasterCard-acquired CPS transactions have particular requirements for the Authorization Request/0100 and the Authorization Request Response/0110 messages. For the data requirements as they apply to the authorization message formats, see the Customer Interface Specification manual.

Alternate Processing If the Visa network is unavailable to authorize a CPS transaction through the MasterCard gateway, MasterCard processes the authorization request using the MasterCard Stand-In parameters for Visa activity.

Indicators MasterCard provides support of various Visa programs by the use of specific indicators in Authorization Request/0100 messages.

Authorization Characteristics Indicator MasterCard members that acquire Visa transactions can receive valid Visa response values for the Authorization Characteristics Indicator (ACI).

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-95

Authorization Services Detail MasterCard-acquired Visa Transactions

MasterCard forwards the ACI value provided by Visa in DE 48, subelement 90 (Visa Custom Payment Service [CPS] Request) of Authorization Request Response/0110 messages.

Mail/Telephone or Electronic Commerce Indicator Visa allows acquirers to participate in its interregional interchange reimbursement fee (IRF) program in cases where the merchant and acquirer met and complied with SET requirements even though the cardholder did not. MasterCard acquirers forwarding Visa electronic commerce transactions must have the following values in Authorization Request/0100 messages. Data Element

Value

Description

DE 61, subfield 10

6

Electronic Commerce

DE 48, subelement 40, subfield 01

Variable binary To indicate that the merchant is SETvalue1–16 positions compliant

DE 48, subelement 40, subfield 02

Not present

To indicate that the cardholder is not SET-compliant

DE 48, subelement 42, subfield 01, position 1-2

91

To indicate no security protocol, cardholder certificate not used

Market-specific Data Identifier (Visa-only) The Visa Market-Specific Data Identifier is a value used in Visa transactions to show the market-specific data identifier. Acquirers provide the appropriate Visa market-specific data identifier.

Prestigious Properties Indicator The Prestigious Properties Indicator is a value used in Visa transactions to specify participants in the Visa Prestigious Lodging program. Acquirers provide the appropriate Visa Prestigious properties indicator.

Relationship Participant Indicator The Relationship Participant Indicator is a value used in Visa transactions to show that merchants have had long-term relationships with a cardholder from whom they regularly collect recurring payments. MasterCard acquirers forwarding Visa transactions with a Relationship Participant Indicator must have value R in DE 48, subelement 86 (Visa Relationship Participant Indicator) of Authorization Request/0100 messages.

9-96

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Authorization Services Detail MasterCard-acquired Visa Transactions

Transponder Indicator Cardholders may use transponders, which use radio frequency signals, to exchange identification information with cardholder-activated terminals or other point-of-interaction (POI) devices to initiate a transaction. These non– face-to-face transactions occur when the card is not present (when the transponder is the device activating the transaction). MasterCard members acquiring Visa transactions with a transponder must have value 7 in DE 61, subfield 10 in Authorization Request/0100 messages. This value indicates that a transponder was used to exchange authorization information.

U.S. Deferred Billing Indicator The U.S. Deferred Billing Indicator is a value used by U.S. acquirers in Visa transactions to notify U.S. issuers that the transaction is being submitted to bill the cardholder for merchandise that was received within the past 90 days. MasterCard acquirers forwarding Visa transactions with the U.S. Deferred Billing Indicator must have value D in DE 48, subelement 78 (Visa U.S. Deferred Billing Indicator) in Authorization Request/0100 messages.

U.S. Existing Debt Indicator When MasterCard acquirers in the U.S. region forward to Visa through the Banknet network transactions that pay an existing debt, they must indicate such in Authorization Request/0100 messages. Acquirers must include value 9 in DE 48, subelement 85 (Visa U.S. Existing Debt Indicator) to indicate that the transaction is a payment for an existing debt.

Retail Key Entry Program MasterCard acquirers forwarding Visa Retail Key Entry transactions must have the following values in Authorization Request/0100 messages. Data Element

Value

Description

DE 22 (Point-of-Service [POS] Entry 01 Mode), subfield 1 (POS Terminal PAN Entry Mode)

Indicates that the card number was keyed into the POS device

DE 61 (Point-of-Service [POS] Data), 0 subfield 4 (POS Cardholder Presence)

Indicates that the cardholder is present

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-97

Authorization Services Detail MasterCard-acquired Visa Transactions

Note

Data Element

Value

Description

DE 61, subfield 5 (POS Card Presence)

0

Indicates that the card is present

DE 61, subfield 11 (POS Card Data Terminal Input Capability)

2, 5, 7, or 8 Indicates that the POS terminal can transmit magnetic stripe data

For a transaction to be forwarded automatically to the Visa gateway, acquirers must identify transactions as CPS transactions. Meeting Retail Key Entry criteria will not force a transaction to the Visa gateway if the issuer is a MasterCard peer-to-peer participant.

Secure Electronic Commerce Verification Service The MasterCard Authorization System supports the Visa secure electronic commerce verification service. MasterCard will forward to the Visa gateway Authorization Request/0100 messages including secure electronic commerce data that also contain a Visa account number in DE 2 (Primary Account Number [PAN]). To participate, acquirers must provide all electronic commerce data elements, including the data elements for the secure electronic commerce verification, in Authorization Request/0100 messages. Acquirers must use DE 48, subelement 43 (UCAF), and subelement 44 (Electronic Commerce Transaction Identifier) to send the secure electronic commerce data in Authorization Request/0100 messages. If Visa responds with a Cardholder Authentication Verification Value (CAVV) Results Code, MasterCard will forward the code values to the acquirer in DE 48, subelement 45 (Electronic Commerce Transaction Response Code) of the Authorization Request Response/0110 message.

Visa Commercial Card Inquiry Acquirers can inquire on Visa Commercial Cards using specific values in DE 48, subelement 94 (Visa Commercial Card inquiry request and response indicator). These values are described in the Customer Interface Specification manual.

9-98

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail MasterCard-acquired Visa Transactions

Visa CVV2 MasterCard supports processing of Visa CVV2 transactions in the same subelements that support MasterCard CVC 2 data. Acquirers must provide one of the following Visa-defined scenarios in DE 48, subelement 92 (Visa CVV2 Data) in the Authorization Request/0100 message: • • • •

Merchant did not provide CVV2 or it was deliberately bypassed CVV2 value present CVV2 value is on card, but illegal Cardholder states no CVV2 is on the card

MasterCard forwards the following Visa-defined responses in DE 48, subelement 87 (Visa CVV2 Response) in the Authorization Request Response/0110 message: • • • • •

CVV2 match CVV2 no match Not processed CVV2 is on the card, but the merchant has indicated that CVV2 is not present Issuer is not Visa-certified for CVV2, has not provided Visa encryption keys, or both

Visa Fleet Card MasterCard supports processing of Visa Fleet Card transactions through the Banknet network in DE 48, subelement 93 (Visa Fleet Card ID Request Data) indicator. For more detailed information, see the Customer Interface Specification manual.

For More Information Appendix A includes diagrams that show the routing of these transactions.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-99

Authorization Services Detail Member-defined Data

Member-defined Data MasterCard allows members to exchange as many as 99 bytes of memberdefined data to and from another member in authorization messages. Members may use member-defined data to transmit information such as: •

Loyalty program information



Promotional information



Details about a purchase



Any other business-related data

Structure of Member-defined Data Acquirers may provide as many as 99 bytes of member-defined data in DE 124 of the Authorization Request/0100 message. Issuers may provide as many as 99 bytes of member-defined data in DE 124 of the Authorization Request Response/0110 message. Issuers will receive DE 124 in Authorization Advice/0120 messages if DE 124 was present in the Authorization Request/0100 sent by the acquirer and the transaction was processed by Stand-In processing, Limit-1, or X-Code. The Authorization System will not edit the content of DE 124 as long as it is alphanumeric/special character data and is only as many as 99 bytes in length. The Authorization System will limit the length of the member-defined data in DE 124 to 99 bytes in Authorization Request/0100 messages and 99 bytes in Authorization Request Response/0110 messages. For additional details on providing member-defined data in DE 124, see the Customer Interface Specification manual

9-100

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Merchant Advice Codes

Merchant Advice Codes MasterCard supports the use of Merchant Advice codes for issuers to communicate clearly with merchants: • •

The reason for approving or declining a transaction The actions merchants can take to continue to serve their customers

Issuers can use Merchant Advice codes to provide specific direction to acquirers.

DE 48, Subelement 84 Values Issuers can use the following values to indicate Merchant Advice codes in Authorization Request Response/0110 messages, DE 48, subelement 84. Value

Description

01

New Account Information Available

02

Cannot Approve at This Time

03

Do Not Try Again

21

Recurring Payment Cancellation Service

Apr 2006

Common DE 39 Values The following table lists the most common values for DE 39 that issuers send in conjunction with the Merchant Advice codes. Value

Description

00

Approved

05

Do not honor

14

Invalid card number

51

Insufficient funds/over credit limit

54

Expired card

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-101

Authorization Services Detail Merchant Advice Codes

DE 48, Subelement 84 with DE 39 In conjunction with existing values in DE 39 in Authorization Request Response/0110 messages, issuers should use the Merchant Advice codes provided in DE 48, subelement 84 to communicate which actions merchants can take to best support cardholders. The following table provides examples of how issuers and acquirers should use the combination of DE 48, subelement 84 and DE 39. DE 48, Merchant Advice Examples of DE 39 subelement 84 Description Reasons

9-102

00 05 14 51 54

01

51

02

New account information available

• • • •

05 14 51 54

03

05

21

Cannot Approve at • This Time • Do not try again

Suggested Merchant Action

Obtain new Account upgrade account information before Portfolio sale next billing cycle Conversion Expired card

Over credit limit Insufficient funds



Account closed



Fraudulent

Recurring Payment Cardholder canceled Cancellation agreement Service

Recycle transaction 72 hours later Obtain another type of payment from customer Do not submit

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Authorization Services Detail Partial Approvals

Partial Approvals The partial approval enables issuers to approve a portion of a requested transaction amount, instead of declining the entire authorization request when the transaction amount exceeds the amount of funds available on a prepaid card. When the acquirer transmits an indicator in the authorization request that the merchant terminal supports partial approvals, the issuer has the option to respond with the partial approval amount and partial approval response code. The cardholder can then choose to use a supplemental payment method (split tender) to pay the balance and complete the purchase. The partial approval can reduce checkout times and enable cardholders to use a prepaid card’s entire balance, even when the available balance is unknown and does not cover the entire purchase. Upon receipt of a partial approval, acquirers often send a balance due message to the integrated terminal. This message indicates the difference between the original purchase amount and the partial amount approved by the issuer. By displaying the remaining balance due amount, the cashier can quickly and accurately prompt the customer to complete the split-tender purchase.

Alternate Processing The Stand-In processing and X-Code processing do not provide partial approval responses to authorization requests because these systems do not maintain prepaid card balances.

For More Information For details about the data requirements, see the Customer Interface Specification manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-103

Apr 2006

Authorization Services Detail Payment Transaction Authorization

Payment Transaction Authorization Person-to-person transactions allow the movement of funds between two parties, a payer (sender) and a payee (recipient). These transactions are often non–face-to-face payments used to complete electronic commerce transactions, such as purchases made at auction Web sites or online money transfers unrelated to a purchase of goods or services.

Person-to-Person Transactions Person-to-person transactions may be initiated by consumer, business, or corporate cardholders. Person-to-person transactions usually require: • •

A funding transaction initiated by the payer A payment transaction initiated by the payee

Funding Transaction In the funding transaction, the payer initiates the transfer of funds to a payment transaction provider through a Web site maintained by the payment transaction provider. The payer usually indicates the name and e-mail address of the payee to receive the payment amount. The following diagram illustrates one type of funding transaction successfully using a MasterCard card. Figure 9.28—Funding Transactions 1 Cardholder Payer

6

Payment Transaction Provider Web Site

2

3

5

4 Acquirer

Issuer

Stage Description

9-104

1.

The payer authorizes the payment transaction provider to transfer funds to a designated payee, entering MasterCard account information via the payment transaction provider Web site.

2.

The payment transaction provider Web site forwards authorization information for the payment amount to an acquirer.

3.

The acquirer transmits an Authorization Request/0100 message to the payer’s issuer.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Payment Transaction Authorization

Stage Description 4.

The payer’s issuer responds with an Authorization Request Response/0110 message to the acquirer.

5.

The acquirer forwards authorization response information to the payment transaction provider Web site.

6.

The payment transaction provider Web site confirms that the person-to-person transaction has been initiated, usually providing a confirmation number and transaction details.

Funding transactions occur independently of subsequent Payment Transactions. For example, funding transactions initiated by the payer can use different methods of payment than the Payment Transaction initiated by the payee.

Payment Transaction The payment transaction is used to transfer funds to a payee (the recipient of the payment transaction). The following diagram illustrates how the payment transaction pays the cardholder payee when using Authorization System enhancements. Figure 9.29—Payment Transaction Authorizations 1 2 Cardholder Payee

7

Payment Transaction Provider Web Site

3

4

6

5 Acquirer

Issuer

Stage Description 1.

After the payer has requested a transfer of funds using his or her payment account to the payee, the MasterCard payment transaction provider sends an e-mail message to the payee to advise that funds are currently payable to the payee.

2.

The payee enters MasterCard account information via the payment transaction provider Web site.

3.

The payment transaction provider Web site forwards authorization information to an acquirer.

4.

The acquirer transmits an Authorization Request (Payment Transaction)/0100 message to the payee’s issuer.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-105

Authorization Services Detail Payment Transaction Authorization

Stage Description 5.

The payee’s issuer responds with an Authorization Request Response/0110 message to the acquirer.

6.

The acquirer forwards authorization information to the payment transaction provider Web site.

7.

The payment transaction provider Web site confirms that funds have been transferred to the payee’s MasterCard account, usually providing a confirmation number and transaction details.

Payment Transaction Blocking Issuers can block Payment Transaction authorizations at the account number range level (as many as 11 digits).

Requirements MasterCard must approve all requests to block Payment Transaction authorizations. Issuers requesting to block Payment Transactions must follow these steps. Step

Action

1.

Document the legal restrictions that would prevent their participation in Payment Transactions.

2.

Complete and submit the Payment Transaction Blocking Form.

For account ranges that issuers have arranged to have blocked, the Authorization System rejects Payment Transactions containing any account number within the account range listed in the Payment Transaction Blocked BIN file.

Optional Acquirer Use of the Payment Transaction Blocked BIN File Registered acquirers also have the option to receive the Payment Transaction Blocked BIN file and may deny Payment Transactions to cardholders with accounts in the blocked account ranges. When acquirers submit Payment Transaction authorizations to issuers that MasterCard approved for Payment Transaction account range blocking, the acquirer MIP will reject the authorization. The MIP returns a response code of “Transaction not permitted to issuer/cardholder” (DE 39 = 57) to the acquirer.

9-106

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Payment Transaction Authorization

Alternate Processing Members can choose to use Stand-In processing for Payment Transactions. Member cannot use Limit-1 processing or X-Code processing for Payment Transactions.

Note

MasterCard does not encourage members to use Stand-In processing for Payment Transaction authorizations.

Stand-In Processing If members choose to use Stand-In processing for Payment Transaction authorizations, MasterCard recommends that members use discretion for these transactions. Parameters Issuers may specify Stand-In processing parameters for Payment Transactions, including TCC global parameters and expanded parameter combinations with a TCC of P. The minimum/default value for Payment Transaction limits in StandIn processing is USD 0.

Note

Stand-In processing declines Payment Transactions for issuers that do not specify a higher Stand-In processing limit for Payment Transactions. To set higher Stand-In processing limits, use the Stand-In Processing Worksheet to submit your requested limits.

Velocity Testing Stand-In processing does not accumulate payment transaction activity for velocity testing. Stand-In processing does not add Payment Transactions to the cumulative number of approved transactions allowed or to the cumulative approved amounts allowed by the issuer.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-107

Authorization Services Detail Payment Transaction Authorization

Limit-1 Processing Limit-1 processing cannot be established for Payment Transactions.

X-Code Processing Acquirer MIP X-Code processing will not approve Payment Transactions. When X-Code processing processes the authorization, it will generate an authorization response of “refer to card issuer” (DE 39 = 01) for the Payment Transaction. During acquirer host X-Code processing, the acquirer must issue a “refer to card issuer” response to the merchant for Payment Transaction authorizations.

9-108

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail PIN Processing

PIN Processing The Authorization System supports processing of MasterCard purchase transactions that contain a personal identification number (PIN). Cardholders may enter a PIN at the point of interaction as an alternative to signing a sales slip.

Acquirer Requirements Acquirers that choose to support PIN authorization requests must use their existing Banknet MIP Authorization System interface connections with no changes in authorization message routing. Acquirers must comply with the following steps before processing MasterCard purchase transactions that contain a PIN in Authorization/01xx messages. Step

Action

1.

Determine whether to support static or dynamic PEK exchanges. The Authorization System and members’ systems use PEKs to encrypt or decrypt PINs. PEKs provide a secure means of passing PIN information in Authorization/01xx messages. Acquirers must determine whether they will support either static or dynamic PEK exchanges. For increased security, MasterCard strongly recommends using dynamic PEK exchanges.

2.

Be compliant with MasterCard Magnetic Stripe Compliance Program. Because PIN verification requires valid track data, only acquirers that comply with MasterCard Magnetic Stripe Compliance Program to provide complete and unaltered track data in their Authorization Request/0100 messages can support PIN processing. See the magnetic stripe compliance requirements in this chapter and in the Customer Interface Specification manual.

3.

Ensure that applicable data elements are present in Authorization Request/0100 messages. For PIN authorization requests, Authorization Request/0100 messages must contain the following data elements:

4.



DE 22 (Point-of-Service [POS] Entry Mode)



DE 26 (POS PIN Capture Code)



DE 45 (Track 1 Data) or DE 35 (Track 2 Data)



For CAT/Level 1 transactions, DE 61 (Point-of-Service [POS] Data)



DE 52 (PIN Data)

Ensure the ability to process applicable data elements in Authorization Request Response/0110 messages.

For detailed data element descriptions, see the Customer Interface Specification manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-109

Authorization Services Detail PIN Processing

Issuer Requirements Issuers must comply with the following steps before verifying the PINs in MasterCard purchase transactions that contain a PIN in Authorization Request/0100 messages. Step

Action

1.

Determine the method for receiving purchase transactions that contain a PIN from the following options: •

Through a Banknet network Authorization Request/0100 message interface—this method is the default method for issuers that currently receive their MasterCard ATM cash disbursement and ATM balance inquiry activity using this interface. Static PEKs that are already active and operational at the MDS will be used for each of the issuer’s bank identification number (BIN)/card ranges. Issuers may choose to support dynamic PEK exchanges instead.



Through an MDS Financial Transaction Request/0200 message interface— this method is the default method for issuers that currently receive their MasterCard debit activity, ATM activity, or both using this interface. These transactions are identified as “preauthorization requests” with value 4 in position 7 of DE 61 because they must be cleared through the MasterCard clearing facility (the Global Clearing Management System) with all other purchase activity. PEKs that are already active and operational at the MDS will be used for each of the issuer’s BIN/card ranges.

Note: Members inform MasterCard which method they select by completing

and returning to MasterCard the PIN Processing Profile Form. 2.

Determine whether to support dynamic PEK exchanges. For dynamic PEK exchanges, the Authorization System and the issuer must establish a new single Key Encryption Key (KEK) for all BINs that the issuer will process. This new KEK must be associated with the issuer’s Member Group ID that the issuer uses for sign-on, sign-off, and store-and-forward (SAF) sessions for the associated BINs. The issuer must complete the Member-Initiated KEK Part Exchange Form. For increased security, MasterCard strongly recommends using dynamic PEKs.

9-110

3.

Ensure the ability to process applicable data elements in Authorization Request/0100 messages.

4.

Ensure the ability to process applicable data elements in Authorization Advice/0120 messages.

5.

Ensure the ability to process applicable data elements in Acquirer Reversal Advice/0420 messages.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail PIN Processing

Note

If an issuer does not comply with the requirements for verifying PIN data, the Authorization System will forward all authorization requests for purchase transactions that contain a PIN to the issuer with PIN data containing zeroes. The issuer can then make the authorization decision based on other data within the authorization message.

For detailed data element descriptions, see the Customer Interface Specification manual.

Stand-In, Limit-1, and Acquirer MIP X-Code Processing Issuers may choose to have the Authorization System to verify PIN data on their behalf. If the Authorization System performs PIN verification, it can perform Stand-In, Limit-1, and X-Code processing using the existing authorization-qualifying criteria (issuer or MasterCard), when applicable. If the Authorization System does not verify the PIN data and the issuer is unavailable or unable to process the Authorization Request/0100 message, the Authorization System responds to the acquirer with an Authorization Request Response/0110 message indicating the issuer could not process the Authorization Request/0100 message.

Support for Both Acquiring and Issuing Processing Members that support both acquiring and issuing authorization processing may use the same PEK for all purchase transactions that contain a PIN. To use the same PEK, the member must use the same Customer ID as follows: •

As the Member Group ID for establishing the static PEK or the KEK.



In DE 32 or DE 33 in all acquired transactions.



In Member Group ID (DE 2) and DE 33 of the Network Management Request (PEK Exchange—On Demand)/0800 message.



In DE 2 of the Network Management Request/0800 group sign-in message.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-111

Authorization Services Detail PIN Processing

Authorization System Security Requirements Within the Authorization System environment, security includes ensuring message security and integrity as well as protection against cardholder PIN disclosure. MasterCard uses secure PIN encryption in the Authorization System to protect all PINs.

Encryption The approach that the Authorization System uses for network security management is PIN encryption using data encryption standard (DES). Members may choose to use either single DES or triple DES. The acquirer must send the entered PIN to the MDS, encrypted in an ANSI block format (see Figure 9.30). To encrypt a PIN, use the following requirements:

9-112



The first digit of the first block contains the control character “0,” followed by a number representing the length of the PIN, and then the PIN itself. The remaining digits of the block are filled with the pad character “F.”



The first four characters of the second block contain “0000,” followed by the 12 right-most digits of the PAN, excluding the check digit.



In formatting an ANSI PIN block, the acquirer makes the two 16-digit blocks “Exclusive-OR” (XOR).



After creation, the PIN block goes through the DES algorithm with the 16digit key (PEK), producing the encrypted PIN block, which is sent to the MDS. If MasterCard does not perform PIN verification, the issuer receives the encrypted PIN block for PIN verification.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail PIN Processing

Figure 9.30—ANSI PIN Block Format

Entered PIN: "1234" PAD: "F" PEK: "935A342A1122B33B" Account #: "5415973333334456" Partial PAN: "597333333445" Code 1

PIN Block Calculation

PIN Length

0

4

PIN

pad chair

1234

FFFFFFFFFF

ANSI PIN Block

XOR 0000

597333333445

Ctrl

04126D8CCCCCCBBAA

Partial PAN

Encryption PIN Block

PEK

04126D8CCCCCCBBAA

935A342A1122B33B

DES Algorithm Encode

Encrypted PIN Block

C4E1E07AEFCC16B5

Decryption Encrypted PIN Block

PEK

C4E1E07AEFCC16B5

935A342A1122B33B

DES Algorithm Encode PIN Block

© 2006 MasterCard International Incorporated

04126D8CCCCCCBBAA

Authorization System Manual • April 2006

9-113

Authorization Services Detail PIN Processing

Security Security using DES depends on the secrecy of the keys used, and therefore on the management of the keys (see Figure 9.31). The Authorization System implements the “zone” approach rather than the “end-to-end” approach to key management. The following table describes the difference between the two types of key management. Zone

End-to-End

Encryption of data between zones using a PEK unique to the Authorization System/member pair. Data that must be transmitted through several zones is decrypted and re-encrypted at each entity. For dynamic PEK exchanges, the Authorization System/member pair must also maintain a unique KEK.

Encryption of data between its origination point and final destination using a key unique to the end-to-end pair. Data is encrypted at the source and not decrypted until reaching the final destination. Each point of origin must maintain a unique key for each final destination to which it transmits, and each final destination must maintain a unique key for each point of entry from which it can receive.

MasterCard chose the zone approach instead of the end-to-end approach for the following reasons: •

Key exchange is required only between issuers and acquirers connected to the Authorization System.



The approach does not require loading keys to the terminal for every card that processes MasterCard purchase transactions containing a PIN.

For MasterCard purchase transactions that contain a PIN, all PINs must be encrypted at the point of entry (the terminal). The PIN remains encrypted until the issuer receives it for verification. It is translated from one zone’s PEK to another zone’s PEK as it is passed from one member to another through the Authorization System. When the member passes the PIN to the Authorization System, the Authorization System translates it using the ANSI PIN block format. The ANSI PIN block is the only format that the Authorization System supports.

9-114

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail PIN Processing

Figure 9.31—Zone Key Management HSM that stores PEK 1

Point of Interaction

HSM that stores PEK 1

Point of Interaction

PEK 1 used

Zone 1

HSM that stores PEK 1 and 2

Acquirer

PEK 2 used

HSM that stores PEK 2 and 3

Zone 2

MasterCard Authorization System

PEK 3 used

Zone 3

HSM that stores PEK 3

Issuer

Establishing PEKs The Authorization System shares a PEK with each member during PIN transaction processing. The Authorization System and member use ANSI PIN block formatting for encryption and decryption. The member may use the same or a separate PEK for issuing and acquiring transactions. PEK Storage Members are responsible for safely storing their PEKs by encrypting them under a proprietary Master File Key using hardware security procedures. Members must store PEKs within a Tamper Resistant Security Module (TRSM).

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-115

Authorization Services Detail PIN Processing

PEK Implementation When new PEKs are created, the member has five minutes to implement the new PEK. During that period, the Authorization System attempts decryption using the previous PEK in the event that the new PEK is in error. PEK Exchange Methods The Authorization System and members exchange PEKs in two manners: statically and dynamically. Acquirers and issuers connected to the Banknet network that are processing MasterCard purchase transactions that contain a PIN may use either static or dynamic key encryption to translate the PIN in DE 52.

Note

For increased security, MasterCard strongly recommends using dynamic PEKs.

Static PEK The Authorization System and the member do not exchange the static PEK online; they create it through a manual (offline) process. Members must use the Static PEK Component Form to create the static PEK with MasterCard. The MasterCard and Member Key Officers 1 must adhere to the strict procedure described on the form to establish the static PEK. Dynamic PEK The Authorization System randomly generates dynamic PEKs for each member. Only the Authorization System can send a new dynamic PEK; however, a member may request a new PEK at any time. The Authorization System will create a new dynamic PEK automatically online every 24 hours or every 2,500 transactions, whichever occurs first. It will also create a new dynamic PEK after five consecutive Sanity Check errors.

1

9-116

MasterCard recommends that Member Key Officers not have extensive technical backgrounds.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail PIN Processing

Establishing KEKs The Authorization System sends new dynamic PEKs online using Network Management (08xx) messages. The member must establish the Key Exchange Key (KEK) with the Authorization System before exchanging dynamic PEKs. The Authorization System and the member use a shared KEK to encrypt and decrypt each PEK. The Authorization System and each member are jointly responsible for generating the unique KEKs used to exchange and encrypt PEKs. The Authorization System uses the following process to create and communicate dynamic PEKs. Stage Description 1.

The Authorization System uses the KEK to encrypt the new PEK and check value.

2.

The Authorization System sends the new PEK to the issuer in an online Network Management Request (PEK Exchange)/0800 message.

3.

The member validates the check value and loads the new PEK.

4.

The member uses the check values to ensure that the Authorization System generated the new PEK from the same unique KEK established between the member and the Authorization System.

Sanity Check Errors The Authorization System changes the PEK after five consecutive Sanity Check errors. Sanity Check errors are those that the PSD detects as possible PEK corruption by verifying that the cleartext PIN block is in the expected format. Members must use the Member-Initiated KEK Part Exchange Form to create the KEK with MasterCard. The MasterCard and Member Key Officers must adhere to strict procedure described on the form to establish the KEK.

Master File Key MasterCard recommends that each member establish a Master File Key (MFK) to encrypt PEKs and KEKs for secure storage on a database. MFKs work in a similar manner to PEKs and KEKs in that they are comprised of key parts. Each member is responsible to generate and securely maintain its proprietary MFK.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-117

Authorization Services Detail PIN Processing

PIN Verification MasterCard provides a PIN verification service for all purchase transactions that contain a PIN. The PIN verification service is an optional service.

Note

Track data must be present for MasterCard to perform PIN validation because the Authorization System must have a means to obtain offset data from the issuer.

If the issuer chooses to have the Authorization System perform PIN verification, it must provide PIN processing parameters to MasterCard. These parameters determine placement of PIN verification track data. If the issuer currently uses the PIN Verification Service that the MDS provides for ATM cash disbursement and balance inquiries, the issuer may choose to have the Authorization System perform PIN verification on all PIN-based purchase activity using the same parameters.

PIN Verification in Stand-In Processing MasterCard provides a PIN verification service for transactions processed by Stand-In processing that contain unverified PIN data in Authorization Request/0100 messages. Issuers that want MasterCard to verify the PIN provided in DE 52 (Personal ID Number [PIN] Data) on transactions processed by Stand-In processing must provide PIN processing parameters to MasterCard. WHEN the PIN data is…

THEN Stand-In processing…

Valid

Proceeds to the next appropriate Stand-In processing test.

Invalid

Sends a response of decline in the Authorization Request Response/0110 message to the acquirer.

MasterCard uses DE 48, subelement 80 (PIN Service Code) and DE 60 (Advice Reason Code), subfield 2 (Advice Detail Code) in the Authorization Advice/0120 message to communicate the results of the PIN verification test to the issuer.

9-118

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail PIN Processing

THEN DE 48, subelement 80 contains…

AND DE 60, subfield 2 contains…

The PIN is valid

PV (the Authorization System verified the PIN)

Not applicable

The PIN is invalid

PI (the Authorization System was unable to verify the PIN)

0004 (Reject: Invalid PIN)

The Authorization System is unable to perform PIN verification

PI (the Authorization System was unable to verify the PIN)

0030 (Reject: Unable to verify PIN data)

WHEN…

The PIN Verification in Stand-In processing is an optional service. Members that want to use the PIN Verification in Stand-In Processing service can request this service by completing the Key Validation Service Specification Form and following the procedures in the On-behalf Key Management (OBKM) Document Set.

PIN Key Exchange and Processing Forms MasterCard strongly recommends that issuers use dynamic (online) key encryption to process MasterCard transactions containing PIN data. However, if an issuer chooses to use static (hard copy) key encryption for PIN-based MasterCard credit card transactions, the issuer must complete one or both sets of the following forms as applicable: •

For ATM transactions—Issuers connecting to the MDS through the Banknet network to process ATM transactions in the Authorization Request/0100 message format must complete the PIN Processing Profile and the Hard Copy Key Exchange forms, available in the Business Forms section of MasterCard OnLine and at the end of this manual.



For PIN-based purchase and other non-ATM transactions—Issuers connecting

to the MDS through the Banknet network to process MasterCard purchase transactions and other non-ATM transactions in the Authorization Request/0100 message format must complete the PIN Processing Profile and the Static PIN Encryption Key (PEK) Component Form.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-119

Authorization Services Detail Portfolio Sales Support

Portfolio Sales Support MasterCard offers the following support for members when they buy or sell a portfolio. Service Available for Full BIN Transfer

Service

Partial BIN Transfer

Transfer of BINs from one member to another. After MasterCard transfers the BIN, the Authorization System processes all transactions within the BIN under the new ICA. Transfer of AMS account listings from one member to another. After MasterCard transfers the listings, the new ICA maintains the listings.

Full BIN Transfer To transfer an entire BIN from one ICA number to another, contact the Customer Operations Services team and request support for a portfolio transfer. You will need to provide the following information: • • • •

Old ICA number New ICA number Time and date on which the transfer will be effective BIN that you are buying or selling

Automatic AMS Transfer If you are requesting an automatic AMS transfer as part of the BIN transfer, then complete section “e” of the Member Conversion Questionnaire. (The Customer Operations Services team will provide the questionnaire.) For examples of the automatic transfer of AMS accounts and for billing information for that service, see the Account Management User Manual. The following table shows the stages in the transfer of BINs and AMS accounts.

9-120

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Portfolio Sales Support

Stage When it Occurs

Description

1.

Before the planned transfer date

The member (new ICA number or old ICA number) requests support for a portfolio transfer.

2.

At the time and date when the transfer is effective

The Authorization System moves authorization processing from the old ICA to the new ICA.

3.

On the transfer effective date, after the authorization processing transfer

MasterCard automatically transfers the ownership of the AMS accounts from the old ICA to the new ICA.

4.

On the evening of the transfer effective date

The Daily Account File Activity Report for the new ICA shows the account listings under the new ICA.

Partial BIN Transfer To transfer a part of a BIN from one member to another, notify the Customer Operations Services team in writing. You will need to provide the following information: • Old ICA • New ICA • Time and date on which the transfer will be effective • Which portion of the BIN requires the new routing

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-121

Authorization Services Detail Portfolio Sales Support

Transfer Process for a Partial BIN The following table shows the stages in the partial transfer of a BIN. Stage When it Occurs

Description

1.

Before the planned transfer date

The member (new ICA or old ICA) requests support for the transfer.

2.

At the time and date when the transfer is effective



The Authorization System routes authorization requests for the transferred part of the BIN to the new endpoint.



The Limit-1 and Stand-In parameters of the new ICA number and BIN govern processing for the transferred part of the BIN.



MasterCard bills all issuing authorization charges to the new ICA number.



The new ICA number can add accounts within the BIN to AMS and to the Account File.

Fees The following fees apply to portfolio sales services. Service

Fee

Full BIN—Authorization Processing

Flat fee, billed to the requesting member.

Full BIN—AMS account transfer



Flat fee, billed at ICA/BIN level



Per-account fee, billed at the account level for each account transfer

Partial BIN—Authorization Processing

Flat fee per portfolio and BIN, billed to the requesting member

The members involved in the portfolio sale may decide which of them will receive the charges for the Full BIN—AMS account transfer fees. MasterCard can bill one member for both fees, or MasterCard can bill one member for the flat fee and another member for the per-account fee.

9-122

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Promotion Code

Promotion Code The promotion code is an alphanumeric code that members can include in the Authorization Request/0100 message. The promotion code service is an optional service.

Purpose of Using a Promotion Code Issuers may decide to offer a promotion to merchants. This promotion may require issuers to use different authorization criteria than they do with most transactions. The promotion code allows the issuer to recognize that this transaction uses the different criteria to determine authorization responses for transactions that occur at the participating merchants. MasterCard may also specify other uses of the promotion code. When MasterCard specifies these other uses, the Customer Interface Specification manual provides details about them.

How the Promotion Code Service Works The following table shows the process for participating members to use a promotion code. Stage Description 1.

The merchant includes the promotion code when it sends transaction data to the acquirer.

2.

The acquirer sends the promotion code in DE 48 (Additional Data—Private Use) of the Authorization Request/0100 message to the issuer for the authorization decision.

3.

The issuer can use the promotion code to identify transactions that occur at a merchant that participates in that issuer’s promotion program.

For details about the data requirements, see the Customer Interface Specification manual.

To Participate in the Promotion Code Service Issuers must notify MasterCard to participate in this service. To participate, contact the Customer Operations Services team.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-123

Authorization Services Detail Purchase of Goods or Services with Cash Back Transactions for Debit MasterCard Cards

Purchase of Goods or Services with Cash Back Transactions for Debit MasterCard Cards MasterCard supports Purchase of Goods or Services with Cash Back transactions for Debit MasterCard® cards. This feature allows acquirers and issuers to process Debit MasterCard non-ATM transactions through their Banknet® connection. MasterCard allows the use of Purchase of Goods or Services with Cash Back in Authorization/01xx and Reversal/04xx messages for Debit MasterCard cards. Issuers may choose whether to allow the Stand-In System to process Purchase of Goods or Services with Cash Back transactions that are either PIN-based, signature-based, or both for Debit MasterCard cards. To indicate the Stand-In System to process Purchase of Goods or Services with Cash Back transactions for PIN-based, signature-based, or both for Debit MasterCard cards, issuers may update the Purchase of Goods and Services with Cash Back for Debit MasterCard Cards Participation form. Support of Purchase of Goods or Services with Cash Back is optional for acquirers and issuers that process Debit MasterCard cards.

To Participate Issuers may complete the Purchase of Goods or Services with Cash Back for Debit MasterCard Cards Participation form, available in the Business Forms section of MasterCard OnLine (under Resources in the main menu) and at the end of this manual.

For More Information For details about the data requirements, see the Customer Interface Specification manual.

9-124

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Authorization Services Detail Proximity Chip Payments

Proximity Chip Payments The MasterCard Proximity Chip Payment solution, also known as Paypass®, is part of the global Proximity Payments Program and is designed to enrich the traditional card with a new contactless interface. The contactless interface provides cardholder and merchant benefits that are particularly relevant in environments such as: •

Unattended Point-of-Service (POS) devices (for example, gas pumps and vending machines)



Mass throughput venues (for example, quick service and drive-through restaurants)

Proximity Chip Payments do not require cardholders holding a contactless MasterCard Chip card to swipe their card through or to insert their card into a card reader or terminal. Instead, cardholders only need to present their contactless card in “proximity” of a specially equipped merchant terminal to make a payment.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-125

Authorization Services Detail Recurring Payments

Recurring Payments Recurring payments are payments by an issuer to an acquirer on behalf of a cardholder who authorizes a merchant to bill the cardholder’s account on a recurring basis (such as monthly or quarterly). The amount of each payment may be the same or may fluctuate.

Indicating a Recurring Payment Acquirers can indicate to issuers that a transaction is a recurring payment by including value 4 in DE 61, subfield 4 in Authorization Request/0100 messages.

Note

The recurring payment indicator in DE 61, subfield 4 is required for all recurring payment transactions.

For more information about recurring payments, see “Merchant Advice Codes” earlier in this chapter.

9-126

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Recurring Payment Cancellation Service

Recurring Payment Cancellation Service

Apr 2006

The Recurring Payment Cancellation Service (RPCS) is an optional service that allows issuers to specify criteria to block recurring payment transactions identified in authorization messages and clearing records.

Benefits of RPCS RPCS provides the following benefits to the parties involved in processing recurring payment transactions: •

Increases cardholder confidence to engage in preauthorized recurring payment transactions



Promotes recurring payments to increase cardholder transaction volume



Reduces cardholder dissatisfaction due to being charged after terminating a recurring payment arrangement with a merchant



Reduces chargebacks and costs of chargeback handling

How RPCS Works Issuers participating in RPCS submit recurring payment blocking criteria to the MasterCard RPCS File database using Issuer File Update/03xx messages (MCC 105) or by notifying the Global Service Center by mail, telex, or fax. The Authorization System uses the issuer payment blocking criteria to decline online authorization requests for recurring payments, and the Global Clearing Management System (GCMS) uses the same issuer criteria to reject clearing records. Acquirers receive Authorization Request Response/0110 messages containing DE 48 (Additional Data—Private Use), subelement 84 (Merchant Advice Code) with value 21 (Recurring Payment Cancellation Service) indicating RPCS service. Issuers receive a store-and-forward Authorization Advice/0120 message indicating that the authorization request was blocked by the Authorization System.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-127

Authorization Services Detail Recurring Payment Cancellation Service

Authorization Reports

Apr 2006

The following reports provide information that support RPCS: •

The Authorization Parameter Summary Report (SI737010-AA) includes a RPCS participant parameter in the Global Parameters.



The Daily Account File Activity Report (AM700010-AA) includes a section to report the RPCS account maintenance activity. This section groups RPCS activity by rejected, accepted, and purged.



The Delete Preview Report (AM710010-AA) includes a section to report the RPCS accounts that are due to be deleted in the next three weeks. A total field by ICA of RPCS accounts to be purged also will display.

For samples of these reports and field descriptions, see chapter 10.

To Participate Issuers must notify MasterCard to participate in this service. To request participation, contact the Customer Operations Services team.

For More Information For details about the data requirements, see the Customer Interface Specification manual.

9-128

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail RiskFinder

RiskFinder RiskFinder™ is a service that MasterCard offers to help issuers more effectively predict fraudulent card use. RiskFinder uses a state-of-the-art neural network to evaluate authorization transactions and produce a transaction score relative to the potential fraudulent use of the card. RiskFinder is an optional service.

Using RiskFinder RiskFinder bases scores on merchant and cardholder data available to the issuer’s RiskFinder scoring system. This global information complements members’ current account-based fraud prediction systems. For members not currently using any fraud predictive model, this package provides a comprehensive tool to help issuers potentially reduce fraudulent card use.

To Participate Issuers must notify MasterCard to participate in this service. To request participation, contact the Customer Operations Services team.

For More Information Members can obtain more information about RiskFinder from the Customer Interface Specification manual or by contacting the Customer Operations Services team.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-129

Authorization Services Detail Transaction Research Request

Transaction Research Request A transaction research request is a request by a member for MasterCard to provide information about a transaction.

Conducting a Transaction Research Request Members can use either of the following two methods to research information about previous transactions: •

MasterCard eService Transaction Research tool. This tool allows members to conduct research about specific transactions or a range of transactions for an account number. The report provides members with transactional data such as card number, card validation code 2 (CVC 2) response, pointof-sale (POS) entry mode, cardholder present information, Merchant Advice Code, and message type identifier (MTI).



Authorization Research Request form to request for the Customer Operations Services team to perform the research for you. The team provides information about authorization transactions, duplicate reports, microfiche re-creation, currency conversion rates, BIN ICAs, and conversions.

Using the MasterCard eService Transaction Research Tool The MasterCard eService Transaction Research tool allows users to search the MasterCard data warehouse for transactions that a member has processed as either an issuer or an acquirer. This capability: •

Provides secure access to proprietary authorization information



Retrieves 17 relevant transaction data elements online with the option to view all available data elements for a transaction.



Returns the data within seconds after the member electronically submits the request for research

In addition, users can print the transaction data or export the information into a Microsoft® Excel file. The transaction data is stored in the MasterCard data warehouse and is available to members for 180 days. Most transactions are available within six to 12 hours of the transaction time.

9-130

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Transaction Research Request

To access the MasterCard eService Transaction Request tool, members must be licensed users. To become a licensed user, follow these steps. Step

Action

1.

Log on to MasterCard OnLine® at www.mastercardonline.com.

2.

Under the Products menu, click Order Products. The MasterCard Product Catalog page appears.

3.

Click the letter E in the alphabet (the first letter in the MasterCard eService product name) to go to the MasterCard eService products.

4.

Scroll to the eService Transaction Research section.

5.

Click New Product Request to request access or Update Product Access to request a change to an existing profile.

6.

Complete the online form, and then click Submit

For help with requesting this process, send an e-mail to [email protected].

Accessing the Transaction Research Tool After being licensed, follow these steps to access the Transaction Research tool. Step

Action

1.

Log on to MasterCard OnLine at www.mastercardonline.com.

2.

On the Products menu, point to My Products, and then click MasterCard eService. The MasterCard eService home page appears.

3.

On the Tools menu, click Transaction Research. The Transaction Research page appears.

The following procedure explains how to use the Transaction Research tool.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-131

Authorization Services Detail Transaction Research Request

Figure 9.32—MasterCard eService Transaction Research Tool

9-132

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Transaction Research Request

Step

Action

1.

In the Card Number box, enter the cardholder account number that you want to research. Note: MasterCard uses the optional ICA number for your tracking purposes

only. If you enter an ICA number here, it will appear on your billing report to help you identify transactions. 2.

In the Data Range area, enter a starting transaction date and an ending transaction date using a MM/DD/YYYY format. Note: Click the Calendar link to select a date.

3.

If you want to identify a transaction more specifically by its approval code, enter the Authorization Code.

4.

If you want to identify a transaction more specifically by its amount, select one of the following options:

5.



Click All Transactions to retrieve all transactions.



Click Single Transaction, and then enter the amount in U.S. dollars to identify a single transaction.



Click Transaction Range, and then enter a starting transaction amount in U.S. dollars and the ending transaction amount in U.S. dollars to identify a range of transactions.

Click Search.

Figure 9.33 provides a sample of the search results screen that the MasterCard eService Transaction Research tool provides.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-133

Authorization Services Detail Transaction Research Request

Figure 9.33—MasterCard eService Transaction Research Tool, Results Screen

To display the detailed results for a specific transaction, select the transaction you want, and then click Detail. Figure 9.34 provides a sample of the detailed results that the MasterCard eService Transaction Research tool provides.

9-134

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Transaction Research Request

Figure 9.34—MasterCard eService Transaction Research Tool, Detail Results Screen

Using the Transaction Research Request Form You also may submit a transaction research request by completing and sending the Transaction Research Request form to MasterCard. If you do, MasterCard will send you a letter, with the authorization information, that you can use for chargeback purposes. If you request the services informally via a member representative, you will not receive a letter.

Understanding Fees for Transaction Research Requests A general research fee applies to each member inquiry requesting information that is readily available to the member in a MasterCard publication, report, service, or other source. See the MasterCard Consolidated Billing System Manual for fees and billing information. (The billing events are 2RP1778, 2AB1698, and 2AB1699.)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-135

Authorization Services Detail Travel Industries Premier Service

Travel Industries Premier Service The Travel Industries Premier Service supports express services that are part of preferred customer programs. The vehicle rental and lodging industries frequently support these express services. The Travel Industries Premier Service uses value P in DE 48 (Additional Data— Private Use) of the Authorization Request/0100 to identify transactions that require express services. The code indicates that the cardholder is enrolled in a merchant preferred customer program. MasterCard does not capture magnetic stripe data on the transaction when value P is present.

To Participate Acquirers must notify MasterCard to participate in this service. To request participation, contact the Customer Operations Services team.

For More Information For details about the data requirements, see the Customer Interface Specification manual.

9-136

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Authorization Services Detail Velocity Monitoring

Velocity Monitoring Velocity monitoring reports specific information about unusual authorization activity, based on parameters that members supply. The purpose of the service is to help members identify fraudulent transactions or merchants. Velocity monitoring uses the activity that the Authorization System processes and the member-supplied parameters to produce reports. Velocity monitoring is an optional service.

Types of Velocity Monitoring MasterCard provides two types of velocity monitoring: •

Authorization Velocity Monitoring (AVM) allows members to identify possible

fraudulent transactions. •

Merchant Velocity Monitoring (MVM) allows members to identify possible

fraudulent merchants.

Velocity Monitoring Reports Members have the following options for receiving reports: •

Members can receive the AVM and MVM reports as a bulk file via the mainframe (with setup through the Product Support Department), or



Using the Fraud Velocity Monitor software on MasterCard OnLine®, members can retrieve their reports online. For AVM, members also can set their parameters online. For MVM, members also can set their variances and thresholds online.

AVM Reporting AVM reports identify accounts for which authorization activity met or exceeded the criteria that the member specified. Members can specify parameters for: • • • • • •

All transactions By region By industry By product type For unique transaction types For MCC combinations

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

9-137

Authorization Services Detail Velocity Monitoring

The following parameters apply: •

The number of attempted authorization requests for an account within the 48-hour reporting period



The total dollar amount of all attempted authorizations for an account within the 48-hour reporting period



The highest dollar amount of a single authorization request for an account within the last 24 hours of the reporting period



The number of key-entered authorization requests within the 48-hour reporting period



A CAT or other leading MCC and up to five subsequent MCCs. These identify transactions that occur at the leading MCC, which are immediately followed by a transaction at one of the subsequent MCCs.

MVM Reporting At the end of each authorization day (from midnight to midnight, St. Louis time), the Authorization System scans all Banknet authorization activity for unusual activity by an individual merchant. The Authorization System compares particular data elements against pre-established thresholds. The criteria to monitor merchants include the following: • • • • • • • •

Total amount of authorization activity in U.S. dollars Number of authorization requests Average authorization request amount Percentage of keyed versus swiped authorization requests Percentage of approvals versus non-approval authorization responses Single maximum authorization request amount Multiple authorization requests on a single account Multiple authorization requests for a single amount, regardless of the cardholder account number

Requesting AVM or MVM Both AVM and MVM are optional services. To request these services or to find out more about them, see the Security Rules and Procedures manual. You also can contact the Customer Operations Services team.

9-138

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

10

Reports This chapter contains information about the reports and logs related to the MasterCard Authorization System.

Related Reports in Other Manuals....................................................................10-1 Presentation of Reports in this Manual ............................................................10-1 Report Header Information...............................................................................10-2 Authorization Summary Report (AB505010-AA) ..............................................10-3 Report Sample .............................................................................................10-4 Field Descriptions .....................................................................................10-11 Authorization Parameter Summary Report (SI737010-AA) ............................ 10-19 Report Sample ........................................................................................... 10-20 Field Descriptions .....................................................................................10-25 Header Information ............................................................................ 10-25 Global Parameters............................................................................... 10-26 Stand-In Parameters ............................................................................ 10-28 Authorization Summary by CAT Level Report (SI458010-AA)....................... 10-33 Report Sample ........................................................................................... 10-34 Field Descriptions .....................................................................................10-36 GARS Weekly Issuer Transaction Detail Report (GR122010-AA).................. 10-39 Report Sample ........................................................................................... 10-40 Field Descriptions .....................................................................................10-41 GARS Weekly Acquirer Transaction Detail Report (GR122010-BB).............. 10-45 Report Sample ........................................................................................... 10-46 Field Descriptions .....................................................................................10-47 GARS Monthly Acquirer Response Report (GR128010-AA)........................... 10-51 Report Sample ........................................................................................... 10-52 Field Descriptions .....................................................................................10-53

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-i

Reports

GARS Monthly Acquirer Response Below Target Report (GR128010-BB)................................................................................................ 10-55 Report Sample ........................................................................................... 10-56 Field Descriptions .....................................................................................10-57 GARS Monthly Issuer Call Referral Report (GR129010-AA)...........................10-59 Report Sample ........................................................................................... 10-60 Field Descriptions .....................................................................................10-61 Daily Activity Report (SI441010-A) ................................................................. 10-63 Report Sample ........................................................................................... 10-64 Field Descriptions .....................................................................................10-64 Issuer Information............................................................................... 10-64 Acquirer Information .......................................................................... 10-66 AMCC Information .............................................................................. 10-67

10-ii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Related Reports in Other Manuals

Related Reports in Other Manuals Please refer to the MasterCard Consolidated Billing System Manual for layouts of authorization detail and billing reports, including the following reports. Report Name

Report Number

Issuer Authorization Detail Report

AB201010-A2

Acquirer Authorization Detail Report

AB202010-A1

Billable Customer Summary

GB071010-AA

Customer Service Summary

GB073010-AA

Customer Service Roll-Up

GB074010-AA

Please refer to the Account Management User Manual for layouts of all reports related to listing accounts in the Account Management System (AMS), the Account File, or the Merchant File.

Presentation of Reports in this Manual This manual introduces each report with an overview that contains the following information: •

Title—Name or title of the report



Generated by—System generating the report



Purpose—Reason for providing the report



Description—Kind of information included in the report



Frequency—How often the report is generated



Distribution Methods—Distribution alternatives and associated bulk file or MasterCard File Express application identification numbers

A sample of the report follows each overview, with numbers next to fields that may require description. The field descriptions for the report follow the report sample.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-1

Reports Report Header Information

Report Header Information To avoid redundancy, the bullets below describe header information contained in all the reports generated by the MasterCard Authorization System. This information is not described with the individual report descriptions.

10-2



The report number appears in the upper left-hand corner of each report and identifies the report by number.



The report header is located in the upper center of each report and identifies the report by name.



The page number appears in the upper right-hand corner of each report and identifies the page number within the report.



The date appears in the upper right-hand corner of each report and identifies the date the report was generated. All are St. Louis dates.



The time, when it appears, is in the upper right-hand corner of each report and identifies the time the report was generated. All are St. Louis times.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary Report (AB505010-AA)

Authorization Summary Report (AB505010-AA) Title

Authorization Summary Report

Generated by

MasterCard Authorization System

Purpose

To provide members with a tool for analyzing authorization performance.

Description

This report shows authorization transaction processing volumes and percentages by BIN for the week. It reflects transactions that use the Banknet® telecommunications network and billable items.

Frequency

Weekly

Distribution Methods

Paper (Sent to the authorization contact established on the Principal Member Questionnaire.); MasterCard eService, MasterCard File Express, complex-to-complex, bulk ID (T829)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-3

Reports Authorization Summary Report (AB505010-AA)

Report Sample REPORT AB505010-AA

MEMBER PROCESSED ACTIVITY

MASTERCARD INTERNATIONAL INC. AUTHORIZATION SUMMARY FOR MCBS BILLING WEEK BEGINNING 04/16/05 AND ENDING 04/22/05 ICA 999999 PREFIX 999900 THRU 999999

DATE 04/26/05

MEMBER VOLUME

MEMBER YTD VOLUME

SYSTEM VOLUME

SYSTEM YTD VOLUME

ACCEPT PERCENT OF TOTAL

564,630 90.2

22,883,608 90.5

50,564,716 96.2

1,889,434,968 96.4

00017/07153

DECLINE PERCENT OF TOTAL

59,215 9.5

2,307,720 9.1

1,741,380 3.3

60,674,795 3.1

00002/07153

CALL-ME PERCENT OF TOTAL

0 0.0

0 0.0

150,001 0.3

5,834,621 0.3

PICK-UP PERCENT OF TOTAL

2,075 0.3

87,892 0.3

121,165 0.2

4,411,816 0.2

625,920

25,279,220

52,577,262

1,960,356,200

TOTAL MEMBER PROCESSED

PAGE 1 TIME 05:58:39

WEEKLY RANK

N/A

00010/07153

----------------------------------------------------------------------------------------------------------------------------MEMBER APPROVALS BY TRANSACTION TYPE

AVERAGE DOLLARS

TOTAL DOLLARS

TOTAL VOLUME

YTD AVERAGE DOLLARS

YTD TOTAL DOLLARS

YTD TOTAL VOLUME

MAIL/TELEPHONE

62.98

4,551,994.70

72,276

65.15

185,280,386.57

2,843,761

RETAIL

58.86

23,437,278.81

398,177

59.18

956,823,819.59

16,168,211

CASH ADVANCE

515.73

1,521,389.34

2,950

500.61

68,338,524.18

136,511

COLLEGE/HOSPITAL

128.54

188,570.61

1,467

159.22

11,772,145.33

73,935

HOTEL/MOTEL

129.13

2,524,940.10

19,554

124.37

96,485,766.89

775,819

VEHICLE RENTAL

147.57

672,896.56

4,560

151.75

27,413,086.86

180,651

TRANSPORTATION

205.26

1,153,968.62

5,622

210.15

50,413,442.93

239,892

RESTAURANT

33.25

1,942,706.50

58,435

33.58

80,370,436.82

2,393,379

CIRRUS/ATM

.00

.00

0

395.35

5,139.61

13

270.75

430,219.68

1,589

259.43

18,532,388.74

71,436

.00

.00

0

0

0

0

64.51

36,423,964.92

564,630

65.35

1,495,435,137.52

22,883,608

UNIQUE PAYMENT TXN TOTAL MEMBER APPROVALS

10-4

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary Report (AB505010-AA)

REPORT AB505010-AA

STAND-IN PROCESSED ACTIVITY ACCEPT PERCENT OF TOTAL DECLINE PERCENT OF TOTAL CALL-ME PERCENT OF TOTAL PICK-UP PERCENT OF TOTAL TOTAL STAND-IN PROCESSED TIMED OUT PERCENT OF TOTAL MEMBER DOWN PERCENT OF TOTAL SIGNED OUT PERCENT OF TOTAL

MASTERCARD INTERNATIONAL INC. AUTHORIZATION SUMMARY FOR MCBS BILLING WEEK BEGINNING 04/16/05 AND ENDING 04/22/05 ICA 999999 PREFIX 999900 THRU 999999 MEMBER VOLUME 411 94.9 20 4.6 0 0.0 2 0.5 433 397 91.7 0 0.0 0 0.0

MEMBER YTD VOLUME 41,001 91.0 3,676 8.2 0 0.0 357 0.8 45,034 5,718 12.7 37,815 84.0 1,501 3.3

SYSTEM VOLUME 232,355 86.2 15,356 5.7 20,625 7.7 1,083 0.4 269,419 98,929 36.7 116,520 43.2 53,970 20.0

SYSTEM YTD VOLUME 8,355,358 88.4 500,897 5.3 552,119 5.8 39,632 0.4 9,448,006 3,876,488 41.0 3,172,070 33.6 2,399,448 25.4

DATE 04/26/05

TIME

PAGE 2 05:58:39

WEEKLY RANK 00108/07153 00158/07153 N/A 00067/07153

00046/07153 00364/07153 N/A

NON-ACCEPTED

AUTHORIZATIONS BY FAIL REASON MEMBER DOLLAR FAIL REASON VOLUME VOLUME AUTH FILE TRANS LIMIT DAY 1 TRANS DAY 1 DOLLARS DAY 2 TRANS DAY 2 DOLLARS DAY 3 TRANS DAY 3 DOLLARS DAY 4 TRANS DAY 4 DOLLARS VIP ACCUM LIMIT CASH ADV ACCUMS MERCH SUSPIC INVALID CHIP/CVC

ACCEPTED DOLLARS LIMIT-1 MIP PROCESSED ACTIVITY

$19,193.36

0 20 0 0 0 0 0 0 0 0 0 0 0 0

.00 15595.02 .00 .00 .00 .00 .00 .00 .00 .00 .00 .00 .00 .00

NON-ACCEPTED DOLLARS

$15,684.82

MEMBER VOLUME

MEMBER YTD VOLUME

SYSTEM VOLUME

SYSTEM YTD VOLUME

WEEKLY RANK

ACCEPT PERCENT OF TOTAL

0 0.0

0 0.0

1,319,640 99.9

78,253,680 99.9

N/A

DECLINE PERCENT OF TOTAL

0 0.0

0 0.0

0 0.0

0 0.0

N/A

CALL-ME PERCENT OF TOTAL

0 0.0

0 0.0

0 0.0

0 0.0

N/A

PICK-UP PERCENT OF TOTAL

0 0.0

0 0.0

665 0.1

45,597 0.1

N/A

0

0

1,320,305

78,299,277

TOTAL LIMIT-1 PROCESSED

-------------------------------------------------------------------------------------------------------------------------------------

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-5

Reports Authorization Summary Report (AB505010-AA)

REPORT AB505010-AA

MASTERCARD INTERNATIONAL INC. PAGE 3 AUTHORIZATION SUMMARY DATE 04/26/05 TIME 05:58:39 FOR MCBS BILLING WEEK BEGINNING 04/16/05 AND ENDING 04/22/05 ICA 999999 PREFIX 999900 THRU 999999 ------------------------------------------------------------------------------------------------------------------------------------MAIL/TELEPHONE PERCENT OF TOTAL

0 0.0

0 0.0

10,479 0.8

429,365 0.5

N/A

CASH ADVANCE PERCENT OF TOTAL

0 0.0

0 0.0

294 0.0

24,068 0.0

N/A

RETAIL PERCENT OF TOTAL

0 0.0

0 0.0

1,116,166 84.5

69,546,553 88.8

N/A

TRAVEL/ENTERTAINMENT PERCENT OF TOTAL

0 0.0

0 0.0

193,366 14.6

8,299,291 10.6

N/A

X-CODE MIP PROCESSED ACTIVITY

MEMBER VOLUME

MEMBER YTD VOLUME

SYSTEM VOLUME

SYSTEM YTD VOLUME

ACCEPT PERCENT OF TOTAL

459 95.4

27,852 96.9

48,775 79.7

2,139,689 78.2

00020/07153

DECLINE PERCENT OF TOTAL

8 1.7

103 0.4

6,182 10.1

282,101 10.3

00087/07153

CALL-ME PERCENT OF TOTAL

14 2.9

723 2.5

6,222 10.2

313,486 11.5

00033/07153

PICK-UP PERCENT OF TOTAL

0 0.0

52 0.2

47 0.1

2,216 0.1

N/A

TOTAL X-CODE PROCESSED

481

28,730

61,226

2,737,492

MEMBER VOLUME

MEMBER YTD VOLUME

SYSTEM VOLUME

SYSTEM YTD VOLUME

WEEKLY RANK

ACCEPT PERCENT OF TOTAL

0 0.0

23 52.3

19 48.7

1,866 56.0

N/A

DECLINE PERCENT OF TOTAL

0 0.0

21 47.7

20 51.3

1,465 44.0

N/A

CALL-ME PERCENT OF TOTAL

0 0.0

0 0.0

0 0.0

0 0.0

N/A

PICK-UP PERCENT OF TOTAL

0 0.0

0 0.0

0 0.0

0 0.0

N/A

0

44

39

3,331

MEMBER VOLUME

MEMBER YTD VOLUME

SYSTEM VOLUME

SYSTEM YTD VOLUME

ACCEPT PERCENT OF TOTAL

51 100.0

84 100.0

542 98.5

1,882 94.2

00000/13568

DECLINE PERCENT OF TOTAL

0 0.0

0 0.0

3 0.5

16 10.3

N/A

CALL-ME PERCENT OF TOTAL

0 0.0

0 0.0

5 0.9

101 5.1

N/A

PICK-UP PERCENT OF TOTAL

0 0.0

0 0.0

0 0.0

0 0.0

N/A

51

84

550

2,000

MIP PROCESSED ACTIVITY

TOTAL MIP PROCESSED

BAT PROCESSED ACTIVITY

TOTAL BAT PROCESSED

10-6

WEEKLY RANK

WEEKLY RANK

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary Report (AB505010-AA)

REPORT AB505010-AA

MASTERCARD INTERNATIONAL INC. AUTHORIZATION SUMMARY FOR MCBS BILLING WEEK BEGINNING 04/16/05 AND ENDING 04/22/05 ICA 999999 PREFIX 999900 THRU 999999

PAGE 4 TIME 05:58:39

DATE 04/26/05

WEEKLY TOTALS -----------------------------------------------------------------------------------------------------------------------------------WEEKLY TOTAL ACTIVITY

MEMBER VOLUME

MEMBER YTD VOLUME

SYSTEM VOLUME

SYSTEM YTD VOLUME

ACCEPT PERCENT OF TOTAL

565,500 90.2

22,952,484 90.5

52,165,505 96.2

1,978,185,561 96.5

00017/07153

DECLINE PERCENT OF TOTAL

59,243 9.5

2,311,520 723

1,762,938 3.3

61,459,258 3.0

00002/07153

CALL-ME PERCENT OF TOTAL

14 0.0

9.1 0.0

176,848 0.3

6,700,226 0.3

00711/07153

PICK-UP PERCENT OF TOTAL

2,077 0.3

88,301 0.3

122,960 0.2

4,499,261 0.2

00010/07153

626,834

25,353,028

54,228,251

2,050,844,306

TOTAL PROCESSED

REPORT AB505010-AA ACQUIRER GENERATED REVERSAL

MASTERCARD INTERNATIONAL, INC. AUTHORIZATION SUMMARY

WEEKLY RANK

PAGE 5 DATE 04/26/05 TIME 05:58:39

FOR MCBS BILLING WEEK BEGINNING 04/16/05 AND ENDING 04/22/05 ICA 999999

REVERSAL PROCESSED ACTIVITY

REVERSAL

REVERSAL YTD

PREFIX 999900 THRU 999999

SYSTEM

SYSTEM YTD

WEEKLY

VOLUME

VOLUME

VOLUME

VOLUME

RANK

0

0

0

5

N/A

0.0

0.0

0.0

100.0

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

5

ACCEPT PERCENT OF TOTAL

DECLINE PERCENT OF TOTAL

CALL-ME PERCENT OF TOTAL

PICK-UP PERCENT OF TOTAL

TOTAL REVERSAL PROCESSED

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

N/A

N/A

N/A

10-7

Reports Authorization Summary Report (AB505010-AA)

--------------------------------------------------------------------------------------------------------------------------------

REVERSAL APPROVALS BY

AVERAGE

TOTAL

TOTAL

YTD AVERAGE

YTD TOTAL

YTD TOTAL

TRANSACTION TYPE

DOLLARS

DOLLARS

VOLUME

DOLLARS

DOLLARS

VOLUME

MAIL/TELEPHONE

.00

.00

0

.00

.00

0

RETAIL

.00

.00

0

.00

.00

0

CASH ADVANCE

.00

.00

0

.00

.00

0

COLLEGE/HOSPITAL

.00

.00

0

.00

.00

0

HOTEL/MOTEL

.00

.00

0

.00

.00

0

VEHICLE RENTAL

.00

.00

0

.00

.00

0

TRANSPORTATION

.00

.00

0

.00

.00

0

RESTAURANT

.00

.00

0

.00

.00

0

CIRRUS/ATM

.00

.00

0

.00

.00

0

UNIQUE

.00

.00

0

.00

.00

0

PAYMENT TXN

.00

.00

0

.00

.00

0

.00

.00

0

.00

.00

0

TOTAL REVERSAL APPROVALS

10-8

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary Report (AB505010-AA)

--------------------------------------------------------------------------------------------------------------------------------

MIP REV PROCESSED ACTIVITY

ACCEPT PERCENT OF TOTAL

DECLINE PERCENT OF TOTAL

CALL-ME PERCENT OF TOTAL

PICK-UP PERCENT OF TOTAL

TOTAL MIP REV PROCESSED

REVERSAL

REVERSAL YTD

SYSTEM

SYSTEM YTD

WEEKLY

VOLUME

VOLUME

VOLUME

VOLUME

RANK

N/A

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

2

0.0

0.0

0.0

100.0

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

2

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

N/A

N/A

N/A

10-9

Reports Authorization Summary Report (AB505010-AA)

REPORT AB505010-AA

MASTERCARD INTERNATIONAL, INC.

ACQUIRER GENERATED REVERSAL

AUTHORIZATION SUMMARY

PAGE

6

DATE 04/26/05 TIME 05:58:39

FOR MCBS BILLING WEEK BEGINNING 04/16/05 AND ENDING 04/22/05 ICA 999999

PREFIX 999999 THRU 999900

-----------------------------------------------------------------------------------------------------------------

W E E K L Y

T O T A L S

-----------------------------------------------------------------------------------------------------------------

WEEKLY REVERSAL TOTAL ACTIVITY

ACCEPT PERCENT OF TOTAL

DECLINE PERCENT OF TOTAL

CALL-ME PERCENT OF TOTAL

PICK-UP PERCENT OF TOTAL

TOTAL PROCESSED

10-10

REVERSAL

REVERSAL YTD

SYSTEM

SYSTEM YTD

WEEKLY

VOLUME

VOLUME

VOLUME

VOLUME

RANK

0

0

0

0

N/A

0.0

0.0

0.0

0.0

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

0

0.0

0.0

0.0

0.0

0

0

0

0

N/A

N/A

N/A

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary Report (AB505010-AA)

Field Descriptions Field

Description

Member Processed Activity

Summary of all authorization activity received and processed by the issuer, listed by the following response categories: •

Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

Member Volume

Total transaction volume processed by the member that generated the specific response and the percentage it represents of total member transaction volume. The sample report shows that the member approved (ACCEPT) 564,630 authorization requests, which were 90.2% of the 625,920 requests processed by the member that week.

Member YTD Volume (member year-to-date volume)

Summary of the member’s authorization volume for the calendar year-to-date (by response category) and the percentage it represents of total member volume for the year-to-date.

System Volume

Volume of authorization transactions processed by the entire membership that week and the percentage it represents of total volume for the membership for the week.

System YTD Volume (system year-to-date volume)

Volume of authorization transactions processed by the entire membership for the calendar year-to-date and the percentage it represents of total volume for the membership for the year-to-date.

Weekly Rank

Ranking by bank identification number (BIN) of member volume within the membership (compared to total system volume). This field shows where each BIN stands in relation to other BINs. In the sample, the Weekly Rank column at the Accept Category line shows 00017/07153. This indicates that this BIN ranks 17th out of a total of 7,153 BINs in issuing approvals; 16 BINs issued more approvals and 7,136 BINs issued fewer approvals.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-11

Reports Authorization Summary Report (AB505010-AA)

10-12

Field

Description

Member Approvals by Transaction Type

Summary of all “approved” responses returned, broken down by the following transaction categories: •

Mail/Telephone



Retail



Cash Advance



College/Hospital



Hotel/Motel



Vehicle Rental



Transportation



Restaurant



Cirrus/ATM



Unique



Payment Transaction

Average Dollars

Average dollar amount approved for the week, listed by transaction type. The sample report shows that the average amount for Mail Order/Telephone Order (MO/TO) transactions approved for the week was USD 62.98. This amount is the result of dividing the TOTAL DOLLARS by the TOTAL VOLUME.

Total Dollars

Total dollar amount approved for the week, listed by transaction type

Total Volume

Total transaction volume processed by the member for the week, listed by transaction type. In the sample, the total volume for MO/TO transactions is 72,276. This indicates that out of a total of 564,630 approved transactions, 72,276 were for MO/TO.

YTD Average Dollars (year-to-date average dollars)

Average U.S. dollar amount approved, by transaction type, for the calendar year-to-date. This amount is the result of dividing the YTD TOTAL DOLLARS by the YTD TOTAL VOLUME.

YTD Total Dollars (year-to-date total dollars)

Total U.S. dollar amount approved by the member, listed by transaction type, for the calendar year-to-date.

YTD Total Volume (year-to-date total volume)

Total transaction volume approved by the member, listed by transaction type, for the calendar year-to-date.

Total Member Approvals

Average U.S. dollar amount, total U.S. dollar amount, total transaction volume, and year-to-date totals for all transactions approved by the member.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary Report (AB505010-AA)

Field

Description

Stand-In Processed Activity

Summary of all authorization activity received and processed by Stand-In processing, listed by the following response categories: •

Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

See field descriptions for an explanation of Member Volume, Member YTD Volume, System Volume, System YTD Volume, and Weekly Rank. All values are for authorization activity processed by Stand-In processing on behalf of the member. Timed Out (Percent of Total)

Number of times the Banknet authorization application sent the original authorization request to the issuer for processing but the acquiring MIP did not receive a response in the allocated time. The second line indicates the percentage of total authorization requests that timed out in this manner.

Member Down (Percent of Total)

Number of authorization requests sent to Stand-In processing because the Banknet authorization application recognized that the issuer’s host was down. Transactions that left the acquiring node but did not reach the issuing MIP, or did reach the issuing MIP but could not communicate with the issuer’s host, are included in this count. The second line indicates the percentage of total authorization requests sent that the application handled in this manner.

Signed Out (Percent of Total)

Number of transactions sent to Stand-In processing because the issuer was signed out. The second line indicates the percentage of total authorization requests sent that went to Stand-In processing for this reason.

Non-accepted Authorizations by Summary of all authorization activity processed by StandIn that Stand-In did not approve because it failed the Fail Reason

indicated tests performed during Stand-In processing. Fail Reason

List of the Stand-In tests that authorization requests must pass to be approved. Note: The Fail Reason INVALID CHIP/CVC includes both transactions that failed for invalid CHIP/CVC in Stand-In and transactions that failed for magnetic stripe/CVC error (codes A–J) at the MIP.

Member Volume

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Total volume of transactions declined authorization because of failure to pass the Stand-In test listed.

10-13

Reports Authorization Summary Report (AB505010-AA)

Field

Description Dollar Volume

Total U.S. dollar amount declined authorization because of failure to pass the Stand-In test listed.

Accepted Dollars

Total U.S. dollar amount that Stand-In authorized on behalf of the issuer for the week reported.

Non-Accepted Dollars

Total U.S. dollar amount that Stand-In did not authorize when processing on behalf of the issuer for the week reported.

Limit-1 MIP Processed Activity

Summary of all authorization activity processed on the member’s behalf using Limit-1, broken down by the following response categories: •

Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

The second part of this page breaks down Limit-1 activity by the four Limit-1 categories: •

Mail/Telephone



Cash Advance (cash disbursement)



Retail



Travel/Entertainment

See field descriptions for an explanation of Member Volume, Member YTD Volume, System Volume, System YTD Volume, and Weekly Rank. All values are for authorization activity processed using Limit-1 parameters.

10-14

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary Report (AB505010-AA)

Field

Description

X-Code MIP Processed Activity

Summary of all authorization activity processed as X-Code transactions at the acquirer MIP. These transactions are transactions that were more than Limit-1 and should have gone to the issuer or to Stand-In for processing, but the authorization application could not obtain a response from either one. Transactions are listed by the following response categories: •

Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

See field descriptions for an explanation of Member Volume, Member YTD Volume, System Volume, System YTD Volume, and Weekly Rank. All values are for authorization activity processed at the acquirer MIP using X-Code parameters. MIP Processed Activity

Summary of all authorization activity involving certain cardholder-activated terminals processed at the MIP that would not be processed by an issuer or Stand-In. Transactions are listed by the following response categories: •

Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

See field descriptions for an explanation of Member Volume, Member YTD Volume, System Volume, System YTD Volume, and Weekly Rank. All values are for authorization activity processed at the MIP using X-Code parameters.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-15

Reports Authorization Summary Report (AB505010-AA)

Field

Description

BAT Processed Activity

Summary of all authorization activity processed at the RSC. Transactions are listed by the following response categories: •

Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

See field descriptions for an explanation of Member Volume, Member YTD Volume, System Volume, System YTD Volume, and Weekly Rank. All values are for authorization activity processed at the Regional Service Center (RSC) using BAT parameters. Weekly Total Activity

Summary of total transaction volume processed by the member, Stand-In, Limit-1, X-Code, MIP, and BAT on behalf of the member for the week reported. See field descriptions for an explanation of Member Volume, Member YTD Volume, System Volume, System YTD Volume, and Weekly Rank.

Reversal Processed Activity

10-16

Summary of Acquirer Reversal Request/0400 message activity received and processed by the issuer, listed by the following response categories: •

Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

Reversal Volume

Total reversal volume processed by the member that generated the specific response and the percentage it represents of total member transaction volume.

Reversal YTD Volume (reversal year-to-date volume)

Summary of the member’s reversal volume for the calendar year-to-date (by response category) and the percentage it represents of total member volume for the year-to-date.

System Volume

Volume of reversal transactions processed by the entire membership that week and the percentage it represents of total volume for the membership for the week.

System YTD Volume (system year-to-date volume)

Volume of reversal transactions processed by the entire membership for the calendar year-to-date and the percentage it represents of total volume for the membership for the year-to-date.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary Report (AB505010-AA)

Field

Description Weekly Rank

Ranking by bank identification number (BIN) of member volume within the membership (compared to total system volume). This field shows where each BIN stands in relation to other BINs.

Total Reversal Processed

Average U.S. dollar amount, total U.S. dollar amount, total transaction volume, and year-to-date totals for all transactions approved by the member.

Reversal Approvals by Transaction Type

Summary of all “approved” responses returned, broken down by the following transaction categories: •

Mail/Telephone



Retail



Cash Advance



College/Hospital



Hotel/Motel



Vehicle Rental



Transportation



Restaurant



Cirrus/ATM



Unique



Payment Transaction

Average Dollars

Average dollar amount approved for the week, listed by transaction type.

Total Dollars

Total dollar amount approved for the week, listed by transaction type

Total Volume

Total transaction volume processed by the member for the week, listed by transaction type.

YTD Average Dollars (year-to-date average dollars)

Average U.S. dollar amount approved, by transaction type, for the calendar year-to-date. This amount is the result of dividing the YTD TOTAL DOLLARS by the YTD TOTAL VOLUME.

YTD Total Dollars (year-to-date total dollars)

Total U.S. dollar amount approved by the member, listed by transaction type, for the calendar year-to-date.

YTD Total Volume (year-to-date total volume)

Total transaction volume approved by the member, listed by transaction type, for the calendar year-to-date.

Total Reversals Approvals

Average U.S. dollar amount, total U.S. dollar amount, total transaction volume, and year-to-date totals for all transactions approved by the member.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-17

Reports Authorization Summary Report (AB505010-AA)

Field

Description

Stand-In Reversal Processed Activity

Summary of all reversal activity received and processed by Stand-In, listed by the following response categories: •

Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

See field descriptions for an explanation of Reversal Volume, Reversal YTD Volume, System Volume, System YTD Volume, and Weekly Rank. All values are for authorization activity processed by Stand-In processing on behalf of the member. Total Stand-In Reversal Processed Weekly Total Activity

Total reversal transaction volume, and year-to-date totals for all reversals approved by the member. Summary of total reversal transaction volume processed by the member, Stand-In, Limit-1, X-Code, MIP, and BAT on behalf of the member for the week reported. See field descriptions for an explanation of Reversal Volume, Reversal YTD Volume, System Volume, System YTD Volume, and Weekly Rank.

10-18

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Parameter Summary Report (SI737010-AA)

Authorization Parameter Summary Report (SI737010-AA) Title

Authorization Parameter Summary Report

Generated by

MasterCard Authorization System

Purpose

To provide members with a list of authorization parameters.

Description

This report includes a comprehensive list of the parameters that the member uses. It includes global parameters and Stand-In parameters. MasterCard provides updates to this report when members’ parameters change.

Frequency

Weekly

Distribution Methods

Paper (Sent to the authorization contact established on the Principal Member Questionnaire); MasterCard eService, MasterCard File Express, complex-to-complex, bulk ID (T300)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-19

Reports Authorization Parameter Summary Report (SI737010-AA)

Report Sample SI737010-AA ICA: 123456 ACQUIRER PARAMETERS N/A ISSUER PARAMETERS ACCOUNT RANGE: FROM: 59999999990 THRU: 59999999999

MASTERCARD INTERNATIONAL AUTHORIZATION PARAMETER SUMMARY REPORT

RUN DATE

11/28/05 PAGE: 1

GLOBAL PARAMETERS ---------------------------------------------------------------------------------------------------------------------------PRODUCT CODE AMCC PARTICIPANT CVC2 PARTICIPANT AVS LEVEL PARTICIPANT RPCS PARTICIPANT MPL N Y 3 Y 840 ---------------------------------------------------------------------------------------------------------------------------EXPIRATION DATE PARTICIPANT POS BALANCE INQUIRY PARTICIPANT ACQUIRER REVERSAL MESSAGE PARTICIPATION Y N N - ISSUER DOES NOT RECEIVE THE 0400 MESSAGE ---------------------------------------------------------------------------------------------------------------------------IN-FLIGHT COMMERCE BLOCKED RANGE ---------------------------------------------------------------------------------------------------------------------------PAYMENT TRANSACTION BLOCKED RANGE ---------------------------------------------------------------------------------------------------------------------------GARS PARTICIPANT AUTHORIZATION REFERRAL INTERNATIONAL GARS SECURITY NUMBER Y 1-800-555-5555 1-800-555-0000 1-800-555-5555 ---------------------------------------------------------------------------------------------------------------------------LOST/STOLEN CUSTOMER SERVICE 1-800-555-5555 1-800-555-5555 ----------------------------------------------------------------------------------------------------------------------------LOST/STOLEN CUSTOMER SERVICE 1-800-999-9999 1-800-999-9999 -----------------------------------------------------------------------------------------------------------------------------

10-20

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Reports Authorization Parameter Summary Report (SI737010-AA)

SI737010-AA ICA: 123456 ACQUIRER PARAMETERS N/A ISSUER PARAMETERS

MASTERCARD INTERNATIONAL AUTHORIZATION PARAMETER SUMMARY REPORT

RUN DATE PAGE:

11/28/05 2

ACCOUNT RANGE: FROM: 59999999990 THRU: 59999999999 STAND-IN PARAMETERS ----------------------------------------------------------------------------------------------------------------------------HOURS OF OPERATION: UTC. OFFSET: 0000 + OR - + D.S.T. START DATE: 000000 TIME: 0000 END DATE: 000000 TIME: 0000 LOCAL TIME OPEN CLSE OPEN CLSE OPEN CLSE SUN 0000 2400 0000 0000 0000 0000 MON 0000 2400 0000 0000 0000 0000 TUE 0000 2400 0000 0000 0000 0000 WED 0000 2400 0000 0000 0000 0000 THU 0000 2400 0000 0000 0000 0000 FRI 0000 2400 0000 0000 0000 0000 SAT 0000 2400 0000 0000 0000 0000 ----------------------------------------------------------------------------------------------------------------------------HOLIDAYS FOR CALL REFERRAL CENTER:

01. 02. 03. 04. 05. 06. 07. 08. 09. 10. 11. 12. 13.

DATE N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

OPEN N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

CLSE N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

OPEN N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

CLSE N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26.

DATE N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

OPEN N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

CLSE N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

OPEN N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

CLSE N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A

10-21

Reports Authorization Parameter Summary Report (SI737010-AA)

SI737010-AA ICA: 123456 ACQUIRER PARAMETERS N/A ISSUER PARAMETERS

MASTERCARD INTERNATIONAL AUTHORIZATION PARAMETER SUMMARY REPORT

RUN DATE PAGE:

11/28/05 3

ACCOUNT RANGE: FROM: 59999999990 THRU: 59999999999 STAND-IN PARAMETERS ------------------------------------------------------------------------------------------- --------------------------------DECISION MATRIX: OPEN SIGNED-IN: AUTHORIZATION TRANSACTION ACCUMULATIVES VIP N N N N OPEN SIGNED-OUT: AUTHORIZATION TRANSACTION ACCUMULATIVES VIP N N N N CLOSED SIGNED-IN: AUTHORIZATION TRANSACTION ACCUMULATIVES VIP N N N N CLOSED SIGNED-OUT: AUTHORIZATION TRANSACTION ACCUMULATIVES VIP N N N N ----------------------------------------------------------------------------------------------------------------------------CARD LEVEL SUPPORT PARTICIPANT MULTI-CURRENCY LIMITS PARTICIPANT N N -----------------------------------------------------------------------------------------------------------------------------

SI737010-AA ICA: 123456 ACQUIRER PARAMETERS N/A ISSUER PARAMETERS

MASTERCARD INTERNATIONAL AUTHORIZATION PARAMETER SUMMARY REPORT

RUN DATE PAGE:

11/28/05 4

ACCOUNT RANGE: FROM: 59999999990 THRU: 59999999999 ----------------------------------------------------------------------------------------------------------------------------TRANSACTION PROCESSING PARAMETERS: TARGET COUNTRY GLOBAL TCC T R F O H A X Z U C P -

PROMO CODE ******

VALUES MAIL/PHONE RETAIL RESTAURANT COLLEGE/HOSPITAL HOTEL/MOTEL AUTOMOBILE OTHER TRANSPORT ATM UNIQUE CASH ADVANCE PAYMENT

10-22

CAT LEVEL *

PRODUCT ID MMM

CARD PRESENT 100 500 225 450 750 375 1125 0 150 200 0

MCC/TCC TCC

CURRENCY CODE 840

CARD NOT PRESENT 200 500 225 450 750 375 1125 0 150 200 0

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Parameter Summary Report (SI737010-AA)

SI737010-AA ICA: 123456 ACQUIRER PARAMETERS N/A ISSUER PARAMETERS

MASTERCARD INTERNATIONAL AUTHORIZATION PARAMETER SUMMARY REPORT

RUN DATE PAGE:

11/28/05 5

ACCOUNT RANGE: FROM: 59999999990 THRU: 59999999999 ----------------------------------------------------------------------------------------------------------------------------TRANSACTION PROCESSING PARAMETERS: TARGET COUNTRY GLOBAL TCC T R F O H A X Z U C P -

PROMO CODE ******

VALUES MAIL/PHONE RETAIL RESTAURANT COLLEGE/HOSPITAL HOTEL/MOTEL AUTOMOBILE OTHER TRANSPORT ATM UNIQUE CASH ADVANCE PAYMENT

CAT LEVEL *

PRODUCT ID VIP

CARD PRESENT 999999 999999 999999 999999 999999 999999 999999 999999 999999 999999 0

MCC/TCC TCC

CURRENCY CODE 840

CARD NOT PRESENT 999999 999999 999999 999999 999999 999999 999999 999999 999999 999999 0

----------------------------------------------------------------------------------------------------------------------------TRANSACTION PROCESSING PARAMETERS: TARGET COUNTRY GLOBAL

PROMO CODE ******

MCC LIMITS: MCC CARD PRESENT 7995 350

CAT LEVEL 4

PRODUCT ID MMM

CARD NOT PRESENT 0

© 2006 MasterCard International Incorporated

MCC/TCC MCC

CURRENCY CODE 840

Authorization System Manual • April 2006

10-23

Reports Authorization Parameter Summary Report (SI737010-AA)

SI737010-AA ICA: 123456 ACQUIRER PARAMETERS N/A ISSUER PARAMETERS

MASTERCARD INTERNATIONAL AUTHORIZATION PARAMETER SUMMARY REPORT

RUN DATE PAGE:

11/28/05 6

ACCOUNT RANGE: FROM: 59999999990 THRU: 59999999999 ----------------------------------------------------------------------------- ----------------------------------------------ACCUMULATIVE LIMITS: CURRENCY CODE: 840 DAYS COUNT AMOUNT 01 2 1200 02 4 1200 03 4 1200 04 4 1200 CASH ADVANCE:

DAYS 0

AMOUNT 0

----------------------------------------------------------------------------------------------------------------------------VIP CONTROLS: DAYS COUNT 4 999 ----------------------------------------------------------------------------------------------------------------------------GROUP & SERIES: FROM: 5412-3456-7890-0000 THRU: 5412-3999-9999-9999

REGIONS: A: X B: X C: X D: X E: X 1: X ----------------------------------------------------------------------------------------------------------------------------STAND-IN BLOCKED RANGE: FROM: 5999999999000000000 FROM: 5999999999900000000

THRU: 5999999999010000000 THRU: 5999999999960000000

-----------------------------------------------------------------------------------------------------------------------------

SI737010-AA ICA: 123456 ACQUIRER PARAMETERS N/A ISSUER PARAMETERS

MASTERCARD INTERNATIONAL AUTHORIZATION PARAMETER SUMMARY REPORT

RUN DATE 11/28/05 PAGE: 7

ACCOUNT RANGE: FROM: 59999999990 THRU: 59999999999 ----------------------------------------------------------------------------------------------------------------------------CVC1 PROCESSING PARAMETERS: FROM: 59000000000 THRU: 59999999999 NO QUALIFYING EXPIRATION DATE RANGES FOUND -

CVC VERIFICATION ON ENTIRE CVC RANGE.

----------------------------------------------------------------------------------------------------------------------------LIMIT 1 PROCESSING MAIL/TELEPHONE: 150 TRAVEL: 25 CASH-DISBURSEMENT: 50 RETAIL: 100 NTH TRANSACTION: 3 ------------------------------------------------------------------------ ---------------------------------------------------ON-BEHALF SERVICES DESCRIPTION M/CHIP CRYPTOGRAM VALIDATION IN STAND-IN * END OF DETAIL RECORDS * *************************************************** BOTTOM OF DATA **********************************************************

10-24

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Parameter Summary Report (SI737010-AA)

Field Descriptions The Authorization Parameter Summary Report (SI737010-AA) includes: • • •

Note

Header Information Global Parameters Stand-In Parameters

MasterCard provides an updated version of this report for members when their parameters change.

Header Information The Authorization Parameter Summary Report (SI737010-AA) header information includes the following data: ICA

Unique six-digit ID number assigned by MasterCard to identify a member or processing end-point. (Sequenced by ICA.)

Acquirer Parameters— For future use. N/A Issuer Parameters

All parameters relating to that issuer.

Account Range

Range of accounts within “From…Thru.” These range numbers are associated with the member’s ICA number.

From: Thru:

Range of account numbers for the issuer’s parameters. The report shows the first 19 digits of each range.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-25

Reports Authorization Parameter Summary Report (SI737010-AA)

Global Parameters The Authorization Parameter Summary Report (SI737010-AA) global parameters include the following data: Field

Description

Product Code

Three-position field that identifies Financial Network Codes.

AMCC Participant

A one-character flag that indicates whether an account range processes authorizations in its own currency. Y—Report includes the currency code of the participant.



N—Report does not include the currency code of the participant.

Currency Code

Three-digit number that identifies the participant’s currency code.

CVC 2 Participant

A one-character flag that indicates whether a member participates in CVC 2. CVC 2 is a three-digit numeric character code that is indent-printed into the signature panel in the back of a card.

AVS Level Participant

RPCS Participant

10-26





Y—Member participates in CVC 2.



N—Member does not participate in CVC 2.

A one-position field that indicates a member’s AVS service level. •

0—AVS not supported.



1—Issuer provides AVS, receives full address data.



2—Issuer provides AVS, receives condensed address data. (This level supports the algorithm that uses the first five numeric digits in an address [when scanning the address from left to right].)



3—Issuer provides AVS, receives condensed address data. (This level supports the algorithm that uses the first five numeric digits in an address. This algorithm stops searching for numbers after it encounters an alphabetic character or space [when scanning the address from left to right.])

A one-character flag that indicates whether a member participates in the Recurring Payment Cancellation Service (RPCS). •

Y—Member participates in RPCS.



N—Member does not participate in RPCS.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Reports Authorization Parameter Summary Report (SI737010-AA)

Field

Description

Expiration Date Participant

A one-character flag that indicates whether a member participates in the Expired Card Override service.

POS Balance Inquiry Participant

Acquirer Reversal Message Participation

In-flight Commerce Blocked Range



Y—Member participates in the Expired Card Override service.



N—Member does not participate in the Expired Card Override service.

One-position field that indicates whether the account range participates in POS balance inquiries. •

Y—Account range participates in POS balance inquiries.



N—Account range does not participate in POS balance inquiries.

A field that indicates whether the issuer participates in the acquirer reversal request message functionality: •

Y—Issuer receives the 0400 message



N—Issuer does not receive the 0400 message

Two 19-digit account range numbers that indicate the “from” and the “to” account ranges to block for in flight commerce service. In-flight commerce (IFC) is a service that identifies transactions conducted via interactive video terminals by passengers on a long-distance airplane flight.

Payment Transaction Blocked Range

Two 19-digit numeric account range numbers that indicate the “from” and the “to” account ranges to block for this transaction type. A Payment Transaction is a transaction in which a Payment Service Provider facilitates the transfer of funds to an issuer for posting to a cardholder’s MasterCard account.

GARS Participant

Flag that indicates whether the member is a Global Automated Referral System (GARS) participant. •

Y—Member participates in the GARS service.



N—Member does not participate in the GARS service.

Authorization Referral

Indicates the phone number GARS uses to contact the issuer on domestic-call referral responses.

International GARS

Indicates the phone number GARS uses to contact the issuer on international call referral responses.

Security Number

Indicates the phone number for reporting security issues.

Lost/Stolen

Indicates the phone number for reporting lost or stolen MasterCard® cards.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-27

Reports Authorization Parameter Summary Report (SI737010-AA)

Field

Description

Customer Service

Indicates the phone number for cardholder inquiries.

Stand-In Parameters The Authorization Parameter Summary Report (SI737010-AA) Stand-In parameters include the following data: Field

Description

Hours of Operation

Indicates the hours of operations for the issuer’s authorization system.

UTC Offset

Time difference between the member’s local time and Coordinated Universal Time (UTC—formerly GMT [Greenwich mean time]). UTC Offset represents whether the local time is ahead (+) or behind (-) UTC by the number of hours indicated in the UTC Offset field.

D.S.T.

Daylight Saving Time (D.S.T.) represents the daylightsaving time start and end dates and times for the member.

Local Time

Indicates the open and close local time for the member.

Holidays for Call Referral Center

Definition of 26 holidays for the issuer’s Call Referral Center, with up to two openings and closings per holiday.

Decision Matrix

A matrix that contains values that represent a member’s choice of Stand-In processing responses to transactions if a transaction goes to Stand-In processing in a given state. C—Call referral



N—Decline



A—Continue with Stand-In processing



P—Capture card

Open Signed In, Closed Signed In

Indicates times when the issuer’s authorization center is open versus when it is closed.

Open Signed Out, Closed Signed Out

Indicates times when the issuer’s authorization center is signed in versus when it is signed out (for online issuers).

Card Level Support Participant

10-28



A one-character flag that indicates if the member is a Card Level Support participant. •

Y—Member participates in Card Level Support.



N—Member does not participate in Card Level Support.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Parameter Summary Report (SI737010-AA)

Field

Description

Multi-Currency Limits Participant

A one-character flag that indicates if the member participates in multi-currency limits in Stand-In processing.

Transaction Processing Parameters Target Country



Y—Member participates in multi-currency limits.



N—Member does not participate in multi-currency limits.

This section of the report depends on the number of rules that apply to a member. The report reflects all rules that apply to that particular member. Indicates the acquirer country for which the limits are applied. MasterCard has established minimum and maximum values for certain parameters. MasterCard will set the minimum limits as default values to establish member’s limits.

Promo Code

(Promotion Code)

CAT Level

Product ID

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006



Foreign Default—Established limits outside of the country of issuance.



Global—Established limits for all members by product code, MCC, and/or CAT level.

Indicates the promotion code for which the limits are applied. Lists the six-character alphanumeric codes that an issuer establishes to identify transactions that meet requirements for an issuer’s promotional program for a card range. Lists a one-character numeric code that identifies transactions that occur at a CAT. A CAT is a cardholderactivated terminal that is usually unattended and accepts bankcards, debit, charge, and proprietary cards for a card range. CATs are defined by levels. •

0—Not a CAT transaction



1—Automated dispensing machines with PIN



2—Self-service terminals



3—Limited-amount terminals



4—In-flight commerce terminals



6—Electronic commerce



7—Transponder

Lists the three-character code that identifies the type of card program for an account, such as Gold MasterCard® card.

10-29

Reports Authorization Parameter Summary Report (SI737010-AA)

Field

Description

MCC/TCC

Lists the card acceptor business code/merchant category code (MCC) and the transaction category code (TCC) for which limits are applied.

Currency Code

Three-digit number that identifies the member’s chosen currency code for amount limits.

Card Present Amount

Transaction amount limit when a card is present.

Card Not Present Amount

Transaction amount limit when a card is not present.

Accumulative Limits

Currency Code

VIP Controls

Four-day accumulative day and amount limits established by the issuer. The accumulation limits are for the number of transactions and amounts. Stand-In processing will not approve any amount that raises the accumulative amount already approved above the specified limit for the specified period of days. Three-digit number that identifies the member’s chosen currency code for amount limits. Indicates specific limits that Stand-In processing applies to accounts listed in the Account File as VIP. The VIP designation is a method of identifying accounts that the issuer wants Stand-In to process differently from MasterCard cards, BusinessCard cards, and Gold MasterCard cards. During the Accumulative Limits test for VIP accounts, Stand-In processing applies the Days and Count Limit parameters.

10-30

Group and Series

Identifies a range of card account numbers listed on a Warning Notice or in the Electronic Warning Bulletin file submitted by MasterCard on behalf of an issuer to the Account Management System for the purpose of notifying a merchant to capture any card bearing an account number that falls within that range.

Regions

There is a Warning Notice for each region outside of the United States. The following list defines the geographical areas that make up each of these regions: •

A—Canada



B—Caribbean, Central America, Mexico, and South America



C—Asia/Pacific



D—Europe



E—South Asia/Middle East/Africa (SAMEA)

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Parameter Summary Report (SI737010-AA)

Field

Description

Stand-In Blocked Range

Identifies a range of card numbers within a BIN that have not been issued to cardholders or card ranges previously blocked and should be unblocked. Range blocking only applies for transactions processed by Stand-In. Card numbers within blocked ranges do not automatically appear in the Account Management System (AMS) Electronic Warning Bulletin file.

CVC 1 Processing Parameters

Indicates if the IIN listed participates in Card Validation Code 1 (CVC 1) verification in Stand-In processing. A two-part card security feature, CVC 1 is a three-digit value encoded on tracks 1 and 2 in three contiguous positions in the “discretionary data” field of a magnetic stripe on a MasterCard card.

From:

Thru:

Qualifying account BIN range that the member wants to target for CVC 1 verification in Stand-In processing. Members specify qualifying BIN ranges when they sign up for CVC 1 verification in Stand-In processing. Each qualifying BIN range has an associated expiration date. If the report shows qualifying BIN ranges, then MasterCard performs CVC 1 verification in Stand-In processing only on the qualifying BIN ranges. Within the qualifying BIN ranges, MasterCard performs CVC 1 verification only when the expiration date on the account is equal to or greater than the expiration date listed for the qualifying BIN range. If the report does not show qualifying BIN ranges, then the report prints the following message: NO QUALIFYING EXPIRATION DATE RANGES FOUND— CVC VERIFICATION ON ENTIRE CVC RANGE In this case, MasterCard performs CVC 1 verification in Stand-In processing on the entire BIN range shown in report sample. If there are no account ranges defined for CVC 1 verification, then the report prints the following message: THERE ARE NO RANGES DEFINED FOR CVC 1 VERIFICATION.

Exp Date Year/Mo

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Date the card expires.

10-31

Reports Authorization Parameter Summary Report (SI737010-AA)

Field

Description

Limit 1 Processing

Processing that limits the number of transactions that the Authorization System forwards to the issuer. Limit-1 processing is part of Stand-In processing, and it uses issuer-defined parameters to return an authorization response. Limit-1 processing responds to authorization requests without forwarding them to the issuer when the transaction amount is equal to or less than the issuerdefined amount limits, and the transaction does not fail any of the Stand-In tests.

Mail/Telephone

Current Limit-1 value established by the issuer for mail/telephone transactions.

Travel

Current Limit-1 value established by the issuer for transactions.

Cash-Disbursement

Current Limit-1 value established by the issuer for cash disbursement transactions.

Retail

Current Limit-1 value established by the issuer for retail transactions.

Nth Transaction

Indicates how many transactions Limit-1 can process before sending the next transaction to the issuer for processing. The sample report indicates that this issuer allows the MIP to process 9,998 transactions on their behalf under Limit-1 processing. The Authorization System will transmit each 9,999th transaction acquired at a particular acquiring MIP to the issuer for processing.

On-behalf Services

10-32

Lists the on-behalf service description for the on-behalf services that are enabled for an account range. There is a maximum of 10 on-behalf services.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary by CAT Level Report (SI458010-AA)

Authorization Summary by CAT Level Report (SI458010AA) Title

Authorization Summary by CAT Level

Generated by

MasterCard Authorization System

Purpose

To provide members with a tool for analyzing authorization performance for cardholder-activated transactions.

Description

MasterCard produces this report for each CAT level. The report shows authorization transaction processing volumes and percentages by BIN for the week for the CAT level of the report. It reflects network usage (that is, transactions that travel across the Banknet network, not only billable items, which are listed apart from other transactions in the authorization detail reports located in the MasterCard Consolidated Billing System Manual. The report displays activity by authorization response: Accept (“approved”), Decline (“decline”), Call-Me (“refer to card issuer”), and Pick-Up (“capture card”). It also displays transactions by transaction category (such as mail/telephone and retail).

Frequency

Weekly

Distribution Methods

Paper (Sent to the authorization contact established on the Principal Member Questionnaire); MasterCard eService

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-33

Reports Authorization Summary by CAT Level Report (SI458010-AA)

Report Sample REPORT SI458010-AA

CAT 2 PROCESSED ACTIVITY

MASTERCARD INTERNATIONAL, INC. AUTHORIZATION SUMMARY BY CAT LEVEL FOR CAT 2 WEEK BEGINNING 06/21/99 AND ENDING 06/27/99 ICA 999999 PREFIX 999999 MEMBER VOLUME

MEMBER YTD VOLUME

SYSTEM VOLUME

SYSTEM YTD VOLUME

ACCEPT PERCENT OF TOTAL

68 98.5

3,025 97.7

6,440,271 98.0

102,163,683 98.5

DECLINE PERCENT OF TOTAL

1 1.5

45 1.5

109,948 1.7

1,362,904 1.3

CALL-ME PERCENT OF TOTAL

0 0.0

18 0.8

10,016 0.2

105,310 0.1

PICK-UP PERCENT OF TOTAL

0 0.0

8 0.3

9,809 0.1

126,016 0.1

69

3,096

6,570,042

103,757,913

TOTAL MEMBER PROCESSED

PAGE 1 DATE 06/29/99

TIME 18:42:23

-----------------------------------------------------------------------------------------------------------------------------------APPROVALS BY TRANSACTION TYPE MAIL/TELEPHONE

AVERAGE DOLLARS

TOTAL DOLLARS

TOTAL VOLUME

YTD AVERAGE DOLLARS

YTD TOTAL DOLLARS

YTD TOTAL VOLUME

1.00

45.00

45

1.00

139.00

139

43.45

782.21

18

35.17

100,833.28

2,861

CASH ADVANCE

0.00

0.00

0

0.00

0.00

0

COLLEGE/HOSPITAL

0.00

0.00

0

0.00

0.00

0

HOTEL/MOTEL

0.00

0.00

0

683.80

1,991.40

3

VEHICLE RENTAL

0.00

0.00

0

0.00

0.00

0

TRANSPORTATION

0.00

0.00

0

99.20

496.00

5

RESTAURANT

61.33

184.00

3

89.71

1,435.43

16

CIRRUS/ATM

0.00

0.00

0

0.00

0.00

0

RETAIL

UNIQUE TOTAL MEMBER APPROVALS

10-34

0.00

0.00

0

34.00

34.00

1

15.32

1,011.21

86

34.62

104,729.11

3,025

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary by CAT Level Report (SI458010-AA)

REPORT SI458010-AA

CAT 2 PROCESSED ACTIVITY

MASTERCARD INTERNATIONAL, INC. AUTHORIZATION SUMMARY BY CAT LEVEL FOR CAT 2 WEEK BEGINNING 06/21/99 AND ENDING 06/27/99 ICA 999999 - TOTAL FOR ALL PREFIXES

PAGE 2 DATE 06/29/99

MEMBER VOLUME

MEMBER YTD VOLUME

SYSTEM VOLUME

SYSTEM YTD VOLUME

ACCEPT PERCENT OF TOTAL

94 92.2

8,480 95.4

6,440,271 98.0

102,163,683 98.5

DECLINE PERCENT OF TOTAL

8 7.8

330 3.7

109,948 1.7

1,362,904 1.3

CALL-ME PERCENT OF TOTAL

0 0.0

69 0.8

10,016 0.2

105,310 0.1

PICK-UP PERCENT OF TOTAL

0 0.0

13 0.1

9,809 0.1

126,016 0.1

TIME 18:42:23

TOTAL MEMBER PROCESSED 102 8,892 6,570,042 103,757,913 ----------------------------------------------------------------------------------------------------------------------------APPROVALS BY AVERAGE TOTAL TOTAL YTD AVERAGE YTD TOTAL YTD TOTAL TRANSACTION TYPE DOLLARS DOLLARS VOLUME DOLLARS DOLLARS VOLUME MAIL/TELEPHONE

1.00

64.00

64

2.09

414.95

198

35.60

961.32

27

37.96

313,467.25

8,257

CASH ADVANCE

0.00

0.00

0

0.00

0.00

0

COLLEGE/HOSPITAL

0.00

0.00

0

0.00

0.00

0

HOTEL/MOTEL

0.00

0.00

0

663.80

1,991.40

3

VEHICLE RENTAL

0.00

0.00

0

0.00

0.00

0

RETAIL

TRANSPORTATION

0.00

0.00

0

99.20

496.00

5

RESTAURANT

61.33

184.00

3

89.71

1,435.43

16

CIRRUS/ATM

0.00

0.00

0

0.00

0.00

0

0.00 12.87

0.00 1,209.32

0 94

34.00 37.48

34.00 317,839.03

1 8,480

UNIQUE TOTAL MEMBER APPROVALS

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-35

Reports Authorization Summary by CAT Level Report (SI458010-AA)

Field Descriptions Field

Description

CAT Processed Activity Summary of all authorization activity received and processed

by the issuer for the CAT level on the report, listed by the following response categories: Accept (“approved”)



Decline



Call-Me (“refer to card issuer”)



Pick-Up (“capture card”)

Member Volume

Total CAT transaction volume processed by the member that generated the specific response and the percentage it represents of total member CAT transaction volume. The sample report shows that the member approved (ACCEPT) 68 CAT 2 authorization requests, which were 98.5% of the 69 CAT 2 requests processed by the member that week.

Member YTD Volume

Summary of the member’s CAT authorization volume for the calendar year-to-date (by response category) and the percentage it represents of total member CAT volume for the year-to-date.

(member year-to-date volume) System Volume

Volume of CAT authorization transactions processed by the entire membership that week and the percentage it represents of total CAT volume for the membership for the week.

System YTD Volume

Volume of CAT authorization transactions processed by the entire membership for the calendar year-to-date and the percentage it represents of total CAT volume for the membership for the year-to-date.

(system year-to-date volume) Total Member Processed

10-36



Total member CAT volume, year-to-date volume, system volume, and system year-to-date volume for all authorization responses.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Authorization Summary by CAT Level Report (SI458010-AA)

Field

Description

Approvals by Transaction Type

Summary of all “approved” responses returned for CAT transactions, divided by the following transaction categories: •

Mail/Telephone



Retail



Cash Advance



College/Hospital



Hotel/Motel



Vehicle Rental



Transportation



Restaurant



Cirrus/ATM



Unique



Payment Transaction

Average Dollars

Average dollar amount approved for CAT transactions for the week, listed by transaction type. The sample report shows that the average amount for Restaurant CAT 2 transactions approved for the week was USD 61.33. This amount is the result of dividing the TOTAL DOLLARS by the TOTAL VOLUME.

Total Dollars

Total dollar amount approved for CAT transactions for the week, listed by transaction type.

Total Volume

Total CAT transaction volume processed by the member for the week, listed by transaction type. In the sample, the total volume for Restaurant transactions is 3. This indicates that out of a total of 86 approved CAT 2 transactions, 3 were for Restaurant.

YTD Average Dollars

Average U.S. dollar amount approved, by transaction type, for CAT transactions for the calendar year-to-date. This amount is the result of dividing the YTD TOTAL DOLLARS by the YTD TOTAL VOLUME.

(year-to-date average dollars) YTD Total Dollars

(year-to-date total dollars) YTD Total Volume

(year-to-date total volume)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Total U.S. dollar amount of CAT transactions approved by the member for the calendar year-to-date. Total CAT transaction volume approved by the member for the calendar year-to-date.

10-37

Reports Authorization Summary by CAT Level Report (SI458010-AA)

10-38

Field

Description

Total Member Approvals

Average U.S. dollar amount, total U.S. dollar amount, total transaction volume, and year-to-date totals for all CAT transactions approved by the member.

Total For All Prefixes

Activity totals for all the member’s BINs (all of the previous pages of the report). Totals are listed by authorization response (accept, decline, call-me, and pick-up) and by transaction category (mail/telephone, retail, and so on).

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Weekly Issuer Transaction Detail Report (GR122010-AA)

GARS Weekly Issuer Transaction Detail Report (GR122010AA) Generated by

Global Automated Referral Service

Purpose

To provide issuers the information necessary to monitor GARS performance.

Description

Provides details for each GARS transaction and a summary page. Reports GARS transactions that occurred the previous week (Sunday through Saturday).

Frequency

Weekly

Distribution Methods

Banknet bulk ID T892, paper, magnetic tape, cartridge, MasterCard eService (MasterCard distributes this report according to the address and distribution media designated on the GARS Initiation and Change Form.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-39

Reports GARS Weekly Issuer Transaction Detail Report (GR122010-AA)

Report Sample GR122010-AA

MASTERCARD INTERNATIONAL GARS WEEKLY ISSUER TRANSACTION DETAIL REPORT

ISSUER:

540000

ACQUIRER 001235

MEMBER NAME: CARD NUMBER

5000000000000001

STAND-IN CODE 10=N

MCC=5999

RUN DATE:

MM/DD/YY

PAGE:

1

ABC FINANCIAL INSTITUTION TRAN DATE/TIME 11/31/98 TCC=01

DURATION

OUT DIAL NO.

4:02

555-555-5555

14:55:00

EXP DTE=05/00 AMT= $100.00

CALL COMPLETION ISSUER RING, NO ANSWER

RESPONSE = APPROVAL

001237

5000000000000002

11/31/98

15:01:01

3:45

555-555-5555

ISSUER INTERNATIONAL

001238

5000000000000003

12/01/99

02:22:01

0:20

555-555-5555

ABANDON CALL

001239

5000000000000004

12/01/99

03:04:44

3:45

555-555-5555

ISSUER LINE BUSY

STAND-IN CODE 10=N 001230

MCC=6010

5000000000088885

GR122010-AA

TCC=04

EXP DTE=10/01 AMT= $300.00

12/02/99

14:15:25

8:45

RESPONSE = DECLINE 312-123-4567

MASTERCARD INTERNATIONAL GARS WEEKLY ISSUER TRANSACTION DETAIL REPORT

ISSUER:

540000

ACQUIRER

MEMBER NAME:

CARD NUMBER

ISSUER DOMESTIC

RUN DATE:

MM/DD/YY

PAGE:

2

ABC FINANCIAL INSTITUTION TRAN DATE/TIME

DURATION

OUT DIAL NO.

CALL COMPLETION

-------------------- ISSUER 540000 ACTIVITY -----------------------TOTAL CALLS

5

TOTAL EXCEPTIONS

1

TOTAL ISSUER

2

TOTAL STAND-IN

2

TOTAL STAND-IN APPROVALS

1

TOTAL STAND-IN NON-APPROVAL

1

STAND-IN APPROVAL PERCENTAGE

50.00 %

TOTAL TELEX TO TELEX

0

TOTAL TELEX TO PHONE

1

TOTAL PHONE TO TELEX

0

TOTAL PHONE TO PHONE

1

AVERAGE CALL DURATION

10-40

5:04

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Weekly Issuer Transaction Detail Report (GR122010-AA)

Field Descriptions Field

Description

Issuer

The ICA number of the issuer that receives this report

Member Name

Financial institution name of the issuer that receives this report

Acquirer

The ICA number of the acquirer associated with the particular GARS call

Card Number

The card number that the acquirer’s agent entered for the particular GARS call

Tran Date/Time

The date and time when GARS received the call from the acquirer

Duration

The duration of the call in minutes and seconds

Out Dial No.

The issuer or ITAC phone number to which GARS connected the acquirer

Call Completion

Result of the GARS call. Each transaction will list one of the messages in the following table.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Message Text

Used When…

Action Taken

Abandon Call

The call duration was less than one minute.

GARS ended the call.

Invalid Check Digit

The card number entered contains an invalid check digit.

GARS transferred the call to a GARS agent for assistance.

Invalid Issuer Phone Number

The issuer phone number is invalid.

GARS transferred the call to a GARS agent for assistance.

Issuer

GARS connected the call to the issuer’s agent.

Call successfully completed.

Issuer Domestic

GARS connected the call to the issuer’s agent using the issuer’s domestic phone line.

Call successfully completed.

10-41

Reports GARS Weekly Issuer Transaction Detail Report (GR122010-AA)

Field

10-42

Description Message Text

Used When…

Action Taken

Issuer International

GARS connected the call to the issuer’s agent using the issuer’s international phone line.

Call successfully completed.

Issuer Line Busy

The issuer’s phone line was busy.

Stand-In processing generated the authorization response.

Issuer Ring, No Answer

The issuer’s agent did not answer the call.

Stand-In processing generated the authorization response.

ITAC Agent

GARS connected the call to an ITAC agent, who sent a telex to the issuer.

Call successfully completed.

ITAC Agent Transfer

The issuer did not answer the ITAC agent’s telex message.

Stand-In processing generated the authorization response.

Merchant Suspicious

The acquiring agent GARS transferred indicated a merchant the call to a GARS suspicious condition agent for assistance. when entering Stand-In information for GARS.

Problem On Circuit

GARS could not place the call. The phone number may be invalid.

Stand-In processing generated the authorization response.

SI Invalid Card Number

Stand-In processing returned a response of “Invalid Card Number.”

GARS ended the call.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Weekly Issuer Transaction Detail Report (GR122010-AA)

Field

Description Message Text

Used When…

Action Taken

Telephone Circuit After three attempts, Busy GARS was unable to place the call because the circuit was busy.

Stand-In processing generated the authorization response.

Stand In

Indicates that Stand-In processing occurred for the GARS transaction. The fields on the Stand-In line provide the information that the acquirer’s agent entered for Stand-In processing.

Code 10 = N

Confirmation that the acquiring agent did not indicate a merchant suspicious condition.

MCC =

The four-digit merchant category code that the acquiring agent entered to GARS.

TCC =

The transaction category code that the acquiring agent entered to GARS. Refer to the field codes and the corresponding TCCs in the table below. Field Codes that Appear on the Report

TCC

Meaning

01

R

Retail

02

T

Mail Order/Telephone Order

03

C

Cash

04

X

Airline and other Transportation

11

A

Automobile/Vehicle Rental

12

F

Restaurant

13

H

Hotel/Motel

14

O

Hospitalization/College

15

U

Unique

16

P

Payment Transaction

EXP DTE =

The expiration date of the card that the acquiring agent entered to GARS.

AMT =

The transaction amount that the acquiring agent entered to GARS.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-43

Reports GARS Weekly Issuer Transaction Detail Report (GR122010-AA)

10-44

Field

Description

Response

The authorization response that Stand-In generated to complete the GARS call.

Total Calls

The total number of calls that GARS processed, including exception calls (see “Total Exceptions” below), calls that GARS processed via Stand-In, and calls that either the issuer or ITAC processed.

Total Exceptions

The total number of calls that GARS processed for any of the following reasons: •

Abandon Call



Invalid Check Digit



Invalid Issuer Phone Number



Merchant Suspicious



SI Invalid Card Number

Total Issuer

The total number of calls that GARS connected to the issuer or to an ITAC agent.

Total Stand-In

The total number of calls that GARS processed via Stand-In.

Total Stand-In Approvals

The total number of calls that GARS processed via Stand-In and that Stand-In approved.

Total Stand-In NonApproval

The total number of calls that GARS processed via Stand-In that Stand-In did not approve.

Stand-In Approval Percentage

The percentage of calls that resulted in an approval from Stand-In in relation to the total number of GARS calls that Stand-In processed.

Total Telex To Telex

The total number of calls that the acquirer entered via telex to ITAC and that ITAC connected to the issuer via telex.

Total Telex To Phone

The total number of calls that the acquirer entered via telex to ITAC and that ITAC connected to the issuer via phone.

Total Phone To Telex

The total number of GARS calls that the acquirer entered via phone, that GARS subsequently connected to ITAC, and that ITAC connected to the issuer via telex.

Total Phone To Phone

The total number of GARS calls that the acquirer entered via phone and that GARS connected to the issuer via phone.

Average Call Duration

The average duration of the call in minutes and seconds for all calls that Stand-In, the issuer, or ITAC processed. (This average excludes the Exceptions category of GARS calls.)

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Weekly Acquirer Transaction Detail Report (GR122010-BB)

GARS Weekly Acquirer Transaction Detail Report (GR122010-BB) Generated by

Global Automated Referral Service

Purpose

To provide acquirers the information necessary to monitor GARS performance.

Description

Provides details for each GARS transaction and a summary page. Reports GARS transactions that occurred the previous week (Sunday through Saturday).

Frequency

Weekly

Distribution Methods

Banknet bulk ID T892, paper, magnetic tape, cartridge, MasterCard eService MasterCard distributes this report according to the address and distribution media designated on the GARS Initiation and Change Form.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-45

Reports GARS Weekly Acquirer Transaction Detail Report (GR122010-BB)

Report Sample GR122010-BB

MASTERCARD INTERNATIONAL

ICA 540000 ACQUIRER: ISSUER

RUN DATE:

GARS WEEKLY ACQUIRER TRANSACTION DETAIL REPORT 001234

MEMBER NAME:

CARD NUMBER

11/31/98

DURATION

541235000000001

STAND-IN

CODE 10=N

001237

5412370000000002

11/31/98

15:01:01

3:45

001238

5412380000000003

12/01/99

02:22:01

0:20

414-123-1234

001239

5412390000000004

12/01/99

03:04:44

3:45

123-234-567-8901

STAND-IN

CODE 10=N

001230

5412300000000005

4:02

TCC=01 EXP DTE=05/00 AMT= $100.00

TCC=03 EXP DTE=10/01 AMT= $300.00 12/02/99

GR122010-BB

14:15:25

312-123-4567

ACQUIRER:

44-542-456-7890

MEMBER NAME:

CARD NUMBER

ISSUER RING NO ANSWER

ISSUER INTERNATIONAL ABANDON CALL ISSUER LINE BUSY

RESPONSE = DECLINE

8:45

000-004-2174

ITAC AGENT

RUN DATE:

GARS WEEKLY ACQUIRER TRANSACTION DETAIL REPORT 001234

CALL COMPLETION

RESPONSE = APPROVAL

MASTERCARD INTERNATIONAL

ICA 540000

ISSUER

14:55:00

OUT DIAL NO.

001235

MCC=6010

NNNNNN

ABC FINANCIAL INSTITUTION TRAN DATE/TIME

MCC=5999

12/06/99

PAGE:

12/06/99

PAGE:

2

ABC FINANCIAL INSTITUTION

TRAN DATE/TIME

DURATION

OUT DIAL NO.

CALL COMPLETION

-------------------- ACQUIRER 001234 ACTIVITY -------------------------

TOTAL CALLS

5

TOTAL EXCEPTIONS

1

TOTAL ISSUER

2

TOTAL STAND-IN

2

TOTAL STAND-IN APPROVALS

1

TOTAL STAND-IN NON-APPROVAL

1

STAND-IN APPROVAL PERCENTAGE

50.00 %

TOTAL TELEX TO TELEX

0

TOTAL TELEX TO PHONE

0

TOTAL PHONE TO TELEX

1

TOTAL PHONE TO PHONE

1

AVERAGE CALL DURATION

10-46

5:04

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Weekly Acquirer Transaction Detail Report (GR122010-BB)

Field Descriptions Field

Description

Acquirer

The ICA of the acquirer that receives this report.

Member Name

Financial institution name of the acquirer that receives this report.

Issuer

The ICA of the issuer associated with the particular GARS call.

Card Number

The card number that the acquirer’s agent entered for the particular GARS call.

Tran Date/Time

The date and time when GARS received the call from the acquirer.

Duration

The duration of the call in minutes and seconds.

Out Dial No.

The issuer or ITAC phone number to which GARS connected the acquirer.

Call Completion

Result of the GARS call. Each transaction will list one of the messages in the following table.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

Message Text

Used When...

Action Taken

Abandon Call

The call duration was GARS ended the less than one minute. call.

Invalid Card Number

The card number entered is not a MasterCard number.

GARS ended the call.

Invalid Check Digit

The card number entered contains an invalid check digit.

GARS transferred the call to a GARS agent for assistance.

Invalid ICA

The acquiring agent did not confirm the acquiring ICA or the acquiring ICA is invalid.

GARS ended the call.

Invalid Issuer

GARS transferred The card number entered is not within a the call to a GARS valid MasterCard BIN. agent for assistance.

Invalid Issuer Phone Number

The issuer phone number is invalid.

GARS transferred the call to a GARS agent for assistance.

Issuer

GARS connected the call to the issuer’s agent.

Call successfully completed.

10-47

Reports GARS Weekly Acquirer Transaction Detail Report (GR122010-BB)

Field

10-48

Description Message Text

Used When...

Action Taken

Issuer Domestic

GARS connected the call to the issuer’s agent using the issuer’s domestic phone line.

Call successfully completed.

Issuer International

GARS connected the call to the issuer’s agent using the issuer’s international phone line.

Call successfully completed.

Issuer Line Busy

The issuer’s phone line was busy.

Stand-In processing generated the authorization response.

Issuer Ring, No Answer

The issuer’s agent did Stand-In processing not answer the call. generated the authorization response.

ITAC Agent

GARS connected the Call successfully call to an ITAC agent, completed. who sent a telex to the issuer.

ITAC Agent Transfer

The issuer did not Stand-In processing answer the ITAC generated the agent’s telex message. authorization response.

Merchant Suspicious

The acquiring agent GARS transferred indicated a merchant the call to a GARS suspicious condition agent for assistance. when entering StandIn information for GARS.

Problem On Circuit

GARS could not place the call. The phone number may be invalid.

SI Invalid Card Number

Stand-In processing GARS ended the returned a response of call. “Invalid Card Number.”

Stand-In processing generated the authorization response.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Weekly Acquirer Transaction Detail Report (GR122010-BB)

Field

Description Message Text

Used When...

Action Taken

Telephone Circuit After three attempts, Busy GARS was unable to place the call because the circuit was busy.

Stand-In processing generated the authorization response.

Stand-In

Indicates that Stand-In processing occurred for the GARS transaction. The fields on the Stand-In line provide the information that the acquirer’s agent entered for Stand-In processing.

Code 10 = N

Confirmation that the acquiring agent did not indicate a merchant suspicious condition.

MCC =

The four-digit MCC that the acquiring agent entered to GARS.

TCC =

The transaction category code that the acquiring agent entered to GARS. Refer to the field codes and the corresponding TCCs in the table below. Field Codes that Appear on the Report

TCC

Meaning

01

R

Retail

02

T

Mail Order/Telephone Order

03

C

Cash

04

X

Airline and other Transportation

11

A

Automobile/Vehicle Rental

12

F

Restaurant

13

H

Hotel/Motel

14

O

Hospitalization/College

15

U

Unique

16

P

Payment Transaction

Exp Dte =

The expiration date of the card that the acquiring agent entered to GARS.

Amt =

The transaction amount that the acquiring agent entered to GARS.

Response =

The authorization response that Stand-In generated to complete the GARS call.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-49

Reports GARS Weekly Acquirer Transaction Detail Report (GR122010-BB)

10-50

Field

Description

Total Calls

The total number of calls that GARS processed, including exception calls (see “Total Exceptions” below), calls that GARS processed via Stand-In, and calls that either the issuer or ITAC processed.

Total Exceptions

The total number of calls that GARS processed for any of the following reasons: •

Abandon Call



Invalid Card Number



Invalid Check Digit



Invalid ICA



Invalid Issuer



Invalid Issuer Phone Number



Merchant Suspicious



SI Invalid Card Number

Total Issuers

The total number of calls that GARS connected to the issuer or to an ITAC agent.

Total Stand-In

The total number of calls that GARS processed via Stand-In.

Total Stand-In Approval

The total number of calls that GARS processed via Stand-In and that Stand-In approved.

Total Stand-In NonApproval

The total number of calls that GARS processed via Stand-In that Stand-In did not approve.

Stand-In Approval Percentage

The percentage of calls that resulted in an approval from Stand-In in relation to the total number of GARS calls that Stand-In processed.

Total Telex to Telex

The total number of calls that the acquirer entered via telex to ITAC and that ITAC connected to the issuer via telex.

Total Telex to Phone

The total number of calls that the acquirer entered via telex to ITAC and that ITAC connected to the issuer via phone.

Total Phone to Telex

The total number of GARS calls that the acquirer entered via phone, that GARS subsequently connected to ITAC, and that ITAC connected to the issuer via telex.

Total Phone to Phone

The total number of GARS calls that the acquirer entered via phone and that GARS connected to the issuer via phone.

Average Call Duration

The average duration of the call in minutes and seconds for all calls that Stand-In, the issuer, or ITAC processed. (This average includes the Exceptions category of GARS calls.)

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Monthly Acquirer Response Report (GR128010-AA)

GARS Monthly Acquirer Response Report (GR128010-AA) Generated By

Global Automated Referral Service

Purpose

To provide the acquirer with an informational tool to help monitor the handling of call referrals.

Description

Identifies merchants by terminal location that have received call referrals and displays the number of responses by TCC and MCC. Calculates the response rate and compares it to the MasterCard target response rate.

Frequency

Monthly

Distribution Methods

Banknet bulk ID T892, paper, magnetic tape, cartridge, MasterCard eService MasterCard distributes this report according to the address and distribution media designated on the GARS Initiation and Change Form.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-51

Reports GARS Monthly Acquirer Response Report (GR128010-AA)

Report Sample GR128010-AA

MASTERCARD INTERNATIONAL GARS MONTHLY ACQUIRER RESPONSE REPORT

MONTH ENDING ACQUIRER

TRAN TYPE

12/27/98

PAGE:

1

12/27/98

123456

PROCESSOR

RUN DATE:

MEMBER

ABC FINANCIAL INSTITUTION

654321

MCC

MERCHANT

TERMINAL

TOTAL REFERRALS

TOTAL RESPONSE

RESPONSE PERCENTAGE

C

6010

12223333

4445555

145

35

24.13 %

C

6010

22333333

5556666

30

15

50.00 %

PROCESSOR TOTALS------------------------------------TOTAL CALL REFERRALS RECEIVED

175

TOTAL RESPONSES

50

CALL REFERRAL RESPONSE RATE

28.57 %

MASTERCARD RESPONSE RATE TARGET

60.00 %

PROCESSOR TRAN TYPE

666666

MCC

MERCHANT

TERMINAL

TOTAL REFERRALS

TOTAL RESPONSE

RESPONSE PERCENTAGE

R

5999

334455

77888

10

2

20.00 %

R

7699

55566666

22333

25

5

20.00 %

PROCESSOR TOTALS------------------------------------TOTAL CALL REFERRALS RECEIVED

35

TOTAL RESPONSES

7

CALL REFERRAL RESPONSE RATE

20.00 %

MASTERCARD RESPONSE RATE TARGET

60.00 %

GR128010-AA

MASTERCARD INTERNATIONAL GARS MONTHLY ACQUIRER RESPONSE REPORT

MONTH ENDING ACQUIRER

RUN DATE:

12/27/98

PAGE:

2

12/27/98

123456

MEMBER

ABC FINANCIAL INSTITUTION

ACQUIRER TOTALS-------------------------------------TOTAL CALL REFERRALS RECEIVED TOTAL RESPONSES

210 57

CALL REFERRAL RESPONSE RATE

27.14 %

MASTERCARD RESPONSE RATE TARGET

60.00 %

10-52

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Monthly Acquirer Response Report (GR128010-AA)

Field Descriptions Field

Description

Acquirer

The ICA number of the acquirer that receives this report.

Member

Financial institution name of the acquirer that receives this report.

Processor

The ICA number of the processor associated with the particular GARS call.

Tran Type

The TCC for the transaction type.

(transaction type)

Valid codes are: A = Automobile/Vehicle Rental C = Cash Disbursement F = Restaurant H = Hotel/Motel and Cruise Ship Service O = Hospitalization and Cruise Ship Service P = Payment Transaction R = Retail U = Unique Transportation X = Transportation

MCC

(card acceptor business code/merchant category code)

The numerical representation of the type of business in which the merchant is engaged. Refer to the Quick Reference Booklet for a list of codes.

Merchant

The merchant identification code.

Terminal

Identification number of the merchant terminal.

Total Referrals

Total number of referrals processed during the billing month.

Total Responses

Total number of responses completed during the billing month.

Response Percentage

Percentage of responses to referrals processed during the billing month.

Processor Totals

Total number of referrals, responses, and the response percentage for the particular processor.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-53

Reports GARS Monthly Acquirer Response Report (GR128010-AA)

10-54

Field

Description

Total Call Referrals Received

Referrals processed during the billing month for all merchants for this processor.

Total Responses

GARS calls placed during the billing month for all merchants for this processor.

Call Referral Response Rate

Percent of GARS calls placed to referrals processed during the billing month for all merchants for this processor.

MasterCard Response Rate Target

Referral response rate standard set by MasterCard.

Acquirer Totals

Total number of referrals, responses, and the response percentage for the particular acquirer.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Monthly Acquirer Response Below Target Report (GR128010-BB)

GARS Monthly Acquirer Response Below Target Report (GR128010-BB) Generated By

Global Automated Referral Service

Purpose

To provide the acquirer with an informational tool to help monitor the response rates for call referrals. The report compares the call referrals answered to the target rate (60% of call referrals received by each terminal).

Description

Identifies merchants by terminal location that have call referral response rates below the target rate established by MasterCard.

Frequency

Monthly

Distribution Methods Banknet bulk ID T892, paper, magnetic tape,

cartridge, MasterCard eService MasterCard distributes this report according to the address and distribution media designated on the GARS Initiation and Change Form.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-55

Reports GARS Monthly Acquirer Response Below Target Report (GR128010-BB)

Report Sample GR128010-BB

MASTERCARD INTERNATIONAL

RUN DATE:

GARS MONTHLY ACQUIRER RESPONSE BELOW TARGET REPORT MONTH ENDING ACQUIRER

C C

1

12/27/98

123456

PROCESSOR TRAN TYPE

PAGE:

12/27/98

MEMBER

ABC FINANCIAL INSTITUTION

654321 MCC

MERCHANT

6010 6010

TERMINAL

12223333 22333333

4445555 5556666

TOTAL REFERRALS 145 30

TOTAL RESPONSES

RESPONSE PERCENTAGE

35 15

24.13 % 50.00 %

PROCESSOR TOTALS------------------------------------TOTAL CALL REFERRALS RECEIVED

175

TOTAL RESPONSES

50

CALL REFERRAL RESPONSE RATE

28.57 %

MASTERCARD RESPONSE RATE TARGET

60.00 %

PROCESSOR

666666

TRAN TYPE

MCC

MERCHANT

TERMINAL

R

5999

334455

77888

R

7699

55566666

22333

TOTAL REFERRALS

TOTAL RESPONSE

RESPONSE PERCENTAGE

10

2

20.00 %

25

5

20.00 %

PROCESSOR TOTALS------------------------------------TOTAL CALL REFERRALS RECEIVED

35

TOTAL RESPONSES

7

CALL REFERRAL RESPONSE RATE

20.00 %

MASTERCARD RESPONSE RATE TARGET

60.00 %

GR128010-BB

MASTERCARD INTERNATIONAL

RUN DATE:

GARS MONTHLY ACQUIRER RESPONSE BELOW TARGET REPORT MONTH ENDING ACQUIRER

12/27/98

PAGE:

2

12/27/98

123456

MEMBER

ABC FINANCIAL INSTITUTION

ACQUIRER TOTALS-------------------------------------TOTAL CALL REFERRALS RECEIVED TOTAL RESPONSES

210 57

CALL REFERRAL RESPONSE RATE

27.14 %

MASTERCARD RESPONSE RATE TARGET

60.00 %

10-56

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Monthly Acquirer Response Below Target Report (GR128010-BB)

Field Descriptions Field

Description

Acquirer

The ICA number of the acquirer that receives this report.

Member

Financial institution name of the acquirer that receives this report.

Processor

The ICA number of the processor associated with the particular GARS call.

Tran Type

The code for the transaction type. Valid codes are:

(transaction type)

MCC

(card acceptor business code/merchant category code)

A

=

Automobile/Vehicle Rental

C

=

Cash Disbursement

F

=

Restaurant

H

=

Hotel/Motel and Cruise Ship Service

O

=

Hospitalization and College/School Expense

P

=

Payment Transaction

R

=

Retail

U

=

Unique Transaction

X

=

Transportation

The numerical representation of the type of business in which the merchant is engaged. Refer to the Quick Reference Booklet for a list of codes.

Merchant

The merchant identification code.

Terminal

Identification number of the merchant terminal.

Total Referrals

Total number of referrals processed during the billing month.

Total Responses

Total number of responses completed during the billing month.

Response Percentage

Percentage of responses to referrals processed during the billing month.

Processor Totals

Total number of referrals and responses below the target rate, and the percentage of all below-target responses to referrals for the particular processor.

Total Call Referrals Received

Total referrals below the target rate that this processor processed during the billing month for all merchants.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-57

Reports GARS Monthly Acquirer Response Below Target Report (GR128010-BB)

10-58

Field

Description

Total Responses

Total GARS calls placed during the billing month that were below the target rate. Includes activity for all merchants for this processor.

Call Referral Response Rate

Percent of GARS calls placed to referrals processed during the billing month for all merchants for this processor. The percent is always less than the target rate when it appears on this report.

MasterCard Response Rate Target

Referral response rate standard set by MasterCard.

Acquirer Totals

Total number of referrals, responses, and the response percentage that were below the target rate for the particular acquirer.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Monthly Issuer Call Referral Report (GR129010-AA)

GARS Monthly Issuer Call Referral Report (GR129010-AA) Generated By

Global Automated Referral Service

Purpose

For use by the issuer to monitor GARS performance.

Description

Summary totals of call referrals issued, calls received, and calculation of issuer’s call response rate.

Frequency

Monthly

Distribution Methods

Banknet bulk ID T892, paper, magnetic tape, cartridge, MasterCard eService MasterCard distributes this report according to the address and distribution media designated on the GARS Initiation and Change Form.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-59

Reports GARS Monthly Issuer Call Referral Report (GR129010-AA)

Report Sample GR129010-AA

MASTERCARD INTERNATIONAL SUMMARY REPORTING GARS MONTHLY ISSUER CALL REFERRAL REPORT

MONTH ENDING ISSUER

03/01/01 1 17:18:38

03/01/01

123456

MEMBER

ABC FINANCIAL INSTITUTION

GARS VOICE / TELEX TOTAL CALLS

GARS / INTERNET 955

TOTAL TRANSACTIONS

TOTAL EXCEPTIONS

150

TOTAL EXCEPTIONS

TOTAL ISSUER

745

TOTAL ISSUER

TOTAL STAND-IN STAND-IN PERCENTAGE TOTAL STAND-IN APPROVALS TOTAL STAND-IN NON-APPROVAL STAND-IN APPROVAL PERCENTAGE

60 7.45 %

0

TOTAL PHONE TO TELEX

0

TOTAL CALL REFERRALS ISSUED RESPONSE PERCENTAGE

32

TOTAL STAND-IN NON-APPROVAL

145

AVERAGE CALL DURATION

TOTAL STAND-IN STAND-IN PERCENTAGE

10

TOTAL TELEX TO PHONE

TOTAL PHONE TO PHONE

12

TOTAL STAND-IN APPROVALS

83.33 %

483

448

50

TOTAL TELEX TO TELEX

10-60

RUN DATE: PAGE TIME:

STAND-IN APPROVAL PERCENTAGE

6.79 % 25 7 78.13 %

700 4:13 2,245 35.86 %

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports GARS Monthly Issuer Call Referral Report (GR129010-AA)

Field Descriptions Field

Description

Issuer

The ICA number of the issuer that receives this report.

Member

Financial institution name of the issuer that receives this report.

Total Calls

The total number of calls that GARS processed, including exception calls (see “Total Exceptions” below), calls that GARS processed via Stand-In processing, and calls that either the issuer or ITAC processed.

Total Exceptions

The total number of calls that GARS processed for any of the following reasons: •

Abandon Call



Invalid Card Number



Invalid Check Digit



Invalid ICA



Invalid Issuer



Invalid Issuer Phone Number



Merchant Suspicious



SI Invalid Card Number

Total Issuer

The total number of calls that GARS connected to the issuer or to an ITAC agent.

Total Stand-In

The total number of calls that GARS processed via Stand-In processing.

Stand-In Percentage

The percentage of calls that GARS processed via Stand-In processing (excluding “Total Exceptions”).

Total Stand-In Approvals

The total number of calls that GARS processed via Stand-In processing and that Stand-In approved.

Total Stand-In NonApproval

The total number of calls that GARS processed via Stand-In that Stand-In processing did not approve.

Stand-In Approval Percentage

The percentage of calls that resulted in an approval from Stand-In in relation to the total number of GARS calls that Stand-In processed.

Total Telex to Telex

The total number of calls that the acquirer entered via telex to ITAC and that ITAC processed.

Total Telex to Phone

The total number of calls that the acquirer entered via telex to ITAC and that ITAC connected to the issuer via phone.

Total Phone to Telex

The total number of GARS calls that the acquirer entered via phone, that GARS subsequently connected to ITAC, and that ITAC processed.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-61

Reports GARS Monthly Issuer Call Referral Report (GR129010-AA)

10-62

Field

Description

Total Phone to Phone

The total number of GARS calls that the acquirer entered via phone and that GARS connected to the issuer via phone.

Average Call Duration

The average duration of the call in minutes and seconds for all calls that Stand-In, the issuer, or ITAC processed. (This average includes the Exceptions category of GARS calls.)

Total Call Referrals Issued

The total number of call referral responses that the issuer issued and that the acquirer entered to GARS.

Response Percentage

The percentage of calls that GARS processed (excluding “Total Exceptions”) compared to the total call referrals issued.

Total Transactions

The total number of transactions that GARS/Internet processed, including exception transactions (see “Total Exceptions” below), transactions that GARS/Internet processed via Stand-In processing, and transactions that either the issuer or ITAC processed.

Total Exceptions

The total number of incomplete transactions that GARS/Internet processed.

Total Issuer

The total number of transactions that GARS/Internet connected to the issuer or to an ITAC agent.

Total Stand-In

The total number of transactions that GARS/Internet processed via Stand-In.

Stand-In Percentages

The percentage of transactions that GARS/Internet processed via Stand-In (“Total Transactions” minus “Total Exceptions”).

Total Stand-In Approvals

The total number of transactions that GARS/Internet processed via Stand-In and that Stand-In approved.

Total Stand-In NonApprovals

The total number of transactions that GARS/Internet processed via Stand-In that Stand-In did not approve.

Stand-In Approval Percentage

The percentage of calls that resulted in an approval from Stand-In in relation to the total number of GARS/Internet transactions that Stand-In processed.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Daily Activity Report (SI441010-A)

Daily Activity Report (SI441010-A) Title

Daily Activity Report (SI441010-A)

Generated by

MasterCard Authorization System

Purpose

To provide CAPS issuers with the information they need to update their cardholder accounts and make updates to the Stand-In system.

Description

This report is generated by ICA number and contains information pertaining to each authorization request.

Frequency

Daily

Distribution Methods

Banknet bulk ID T829, MasterCard File Express, paper (mail or fax), MasterCard eService MasterCard distributes this report according to the authorization contact established on the Principal Member Questionnaire, or by calling the Customer Operations Services team.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

10-63

Reports Daily Activity Report (SI441010-A)

Report Sample SI441010-A

MASTERCARD INTERNATIONAL STAND-IN AUTHORIZATION

RUN DATE: 11/01/98 PAGE: 1

DAILY ACTIVITY REPORT *---------------------------------ISSUER-----------------------------* *-----------------ACQUIRER-----------------------* TRAN PROCESS ACTIVITY TRANSACTION ADVICE FAIL REF STAND-IN TYPE ICA CARDHOLDER NO. DATE CODE PROCESS AMOUNT DATE TIME REASON/DETAIL CODE NUMBER ICA RESPONSE POS TYPE 540000 0000000000000073 11/01/98 000000 999,999,999.99 11/01/98 04:48:54 STANDIN/APPROVE BTT005 1111 APRV 833333 999 R 540000 0000000000000669 11/01/98 000000 4.00 11/01/98 03:56:20 STANDIN/APPROVE QYMM66 1111 APRV 835000 999 R REV 540000 0000000000000669 11/01/98 000000 4.00 11/01/98 03:56:20 STANDIN/APPROVE QYMM66 1111 APRV 835000 999 R 540000 0000000000000042 11/01/98 000000 2,416.00 11/01/98 03:48:06 MLIMIT1/APPROVE QYMGH2 1111 999 H 540000 0000000000000053 11/01/98 000000 .62 10/31/98 07:14:42 X-CODE /CAPTURE 02 HR14XS 1111 999 R 540000 0000000000000063 11/01/98 000000 1.87 10/31/98 07:32:16 X-CODE /APPROVE HR5CXS 1111 999 R 540000 0000000000000022 11/01/98 000000 4.00 10/31/98 15:01:17 X-CODE /REFER 06 QWTLH2 1111 999 R 540000 0000000000000088 11/01/98 000000 114.93 10/31/98 12:16:50 MLIMIT1/CAPTURE 02 BT0TR4 1111 999 R 540000 0000000000000078 11/01/98 000000 12.00 10/31/98 10:32:16 MLIMIT1/DECLINE 01 QS6MH2 1111 999 R 540000 0000000000000006 11/01/98 000000 9.05 10/31/98 10:00:56 STANDIN/DECLINE 01 LYGKXS 1111 DECLINE 999 R 540000 0000000000000007 11/01/98 003000 72.53 11/01/98 10:53:26 00 123456 1111 812345 999 R CH AMT/CURR/RATE: 263.72/532/00000000 TRAN AMT/CURR/RATE: 246.60/528/1.664422 RATE DATE: 11/01

Field Descriptions Issuer Information Field

Description

Tran Type

If the transaction is a reversal of a prior authorization request, this field will contain “REV.” Otherwise, this field is blank.

(transaction type)

10-64

ICA

ICA number of the member that issued the card for which authorization was requested.

Cardholder No.

Cardholder number contained in the original authorization request received by Stand-In processing. See Data Element 2 in the Customer Interface Specification manual.

Process Date

Date the report was generated in MM/DD/YY (month/day/year) format.

Activity Code

Processing code of the authorization request. See Data Element 3 in the Customer Interface Specification manual.

Process Amount

Transaction amount contained in the original authorization request, as requested and entered by the acquirer. This amount is listed in settlement currency (U.S. dollars).

Transaction Date

Date (St. Louis time) that the authorization request was processed by Stand-In in MM/DD/YY (month/day/year) format. This is the transmission date of the authorization request. See Data Element 7 in the Customer Interface Specification manual.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Daily Activity Report (SI441010-A)

Field

Description

Transaction Time

Time (St. Louis time) that the authorization request was processed by Stand-In in HH:MM:SS (hour: minute: second) format. This is the transmission time of the authorization request. See DE 7 (Transmission Date and Time) in the Customer Interface Specification manual.

Advice Reason/Detail

The reason for the advice, followed by the advice detail. The advice reason indicates whether Stand-In, X-Code, or Limit-1 processing at the MIP processed the transaction. The advice detail gives the authorization response that Stand-In, X-Code, or Limit-1 processing at the MIP returned on behalf of the CAPS issuer

Fail Code

Code indicating the reason why Stand-In, X-Code, or Limit-1 processing at the MIP did not approve the transaction.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

01

Reject

Decline

02

Reject

Capture Card

03

Reject

Issuer not participating

04

Reject

Invalid PIN

05

Reject

ATM

06

Reject

Transaction limit test/Refer to card issuer

07

Reject

VIP cumulative limit test

08

Reject

Merchant suspicious indicator test

09

Reserved

10

Reserved

11

Reject

Day 1/number of transactions

12

Reject

Day 2/number of transactions

13

Reject

Day 3/number of transactions

14

Reject

Day 4/number of transactions

15

Reject

Day 1/amount

16

Reject

Day 2/amount

17

Reject

Day 3/amount

18

Reject

Day 4/amount

19

Reject

Extended Cash Disbursement cumulative amount

20

Reject

No procurement record

21

Reject

VIP transaction limit test

10-65

Reports Daily Activity Report (SI441010-A)

Field

Description 22

Reject

No category record

23

Reject

Not authorized

24

Reject

Single cash disbursement limit test

25

Reject

Monthly cash disbursement limit test

26

Reject

Single limit test

27

Reject

Monthly limit test

28

Reject

Invalid CVC

Acquirer Information Field

Description

REF Number

Banknet reference number.

ICA

ICA number (Customer ID) of the acquirer that transmitted the authorization request. See DE 32 (Acquiring Institution ID Code) in the Customer Interface Specification manual.

Stand-In Response

Authorization response that Stand-In processing sends to the acquirer on behalf of the issuer. If the transaction is an approval, a six-digit authorization approval code beginning with “8” appears in this field. If X-Code or Limit-1 processing at the MIP generates the authorization response, this field is blank.

POS

Numeric country code of the acquirer sending the authorization request. See the list of country codes in the Quick Reference Booklet.

(point of sale) Type

10-66

Transaction category code. See DE 48 in the Customer Interface Specification manual. Valid values include: A

=

Automobile/Vehicle Rental

C

=

Cash Disbursement

F

=

Restaurant

H

=

Hotel/Motel and Cruise Ship Services

O

=

Hospitalization and College/School Expenses

P

=

Payment Transaction

R

=

Retail

T

=

Mail Order/Telephone Order

U

=

Unique Transaction

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Reports Daily Activity Report (SI441010-A)

Field

Description X

=

Transportation

Z

=

Automated Teller Machine (ATM) Cash Disbursement

AMCC Information Participating issuers and acquirers see the following fields on the Daily Activity Report. These fields appear as a second line of data for each transaction only if currency conversion occurred for the transaction. When present, all of the fields in the second line of data will be populated. Field

Description

CH Amt/Curr/Rate

The transaction amount in issuer currency, followed by the currency code of the issuer currency, followed by the conversion rate used to convert the amount in acquirer currency into the amount in issuer currency. See DE 6, DE 10, and DE 51 in the Customer Interface Specification manual.

(Cardholder Amount/Currency/ Rate) Tran Amt/Curr/Rate

(Transaction Amount/Currency/ Rate)

Rate Date

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

The transaction amount in acquirer currency, followed by the currency code of the acquirer currency, followed by the conversion rate used to convert the amount in acquirer currency into the amount in U.S. dollars (shown in the Process Amount field). See DE 4 and DE 49 in the Customer Interface Specification manual. The month and day that the conversion rate is effective to convert the transaction amount from the acquirer currency into the currency of settlement (U.S. dollars). See DE 16 in the Customer Interface Specification manual.

10-67

11

Testing This chapter contains information about authorization testing procedures for online and CAPS members.

Member Testing.................................................................................................11-1 Who Must Test ............................................................................................11-1 How to Prepare for Testing........................................................................11-1 Select Authorization Service Features ..................................................11-2 Establish a Member Test System ..........................................................11-2 ISO 8583–1987 Transaction Format ...............................................11-2 Response Codes..............................................................................11-3 Communications Interface..............................................................11-4 Prepare MasterCard Test Systems.........................................................11-4 Member Testing Fees .....................................................................11-4 Offline Testing via the MasterCard Credit Authorization Simulator .........................................................................................11-5 Issuer Simulator Testing...........................................................11-5 Acquirer Simulator Testing.......................................................11-6 Scheduling Installation of the Simulator........................................11-6 For More Information .....................................................................11-7 Online Testing via the Member Test Facility.................................11-7 Scheduling Online Member Testing ..............................................11-7 How to Perform Testing .............................................................................11-8 How to Begin Production Processing ........................................................11-8 CAPS Member Testing.......................................................................................11-9 When to Test ...............................................................................................11-9 How to Prepare for Testing........................................................................11-9 How to Perform Testing ........................................................................... 11-10 How to Begin Processing ......................................................................... 11-11

© 2005 MasterCard International Incorporated

Authorization System Manual • April 2006

11-i

Testing Member Testing

Member Testing The following guidelines provide information for online members about: •

Who must test



How to prepare for testing



How to perform testing



How to begin processing

Who Must Test Members must complete testing under the following circumstances: •

If they are a new online MasterCard member (that is, they have a direct connection to a MasterCard interface processor [MIP]) or CAPS issuer



When they choose to begin using a new authorization feature or change authorization software or hardware that interfaces with the Banknet network



When a MasterCard Global Operations Bulletin announces enhancements to the Authorization Service and states that the enhancements require testing

How to Prepare for Testing New members must apply for membership and complete all required forms. The Customer Operations Services team or regional representative helps prospective new members fill out the forms. MasterCard does not permit conversion to production until all related paperwork is completed, including the Net Settlement Questionnaire and the Principal Member Questionnaire.

Note

Members may contact Customer Operations Services for complete instructions about applying for MasterCard membership and selecting authorization services.

© 2005 MasterCard International Incorporated

Authorization System Manual • April 2006

11-1

Testing Member Testing

Select Authorization Service Features New online members may implement any of the authorization-related procedures and services listed below. Members must test all authorization service features that they choose to implement. Customer Implementation Services specialists provide suggested test scripts based on the specific set of authorization services the member implements. •

Authorization processing (sending and receiving MasterCard authorization transaction messages)



Address Verification Service (AVS) (mandatory for U.S. region members only)



Authorization processing of Visa transactions or transactions involving other card types, such as American Express, Diners Club, and JCB



Card validation code (CVC) verification



Receiving Authorization Request/0100 ATM transactions



Check verification



Balance inquiry



Issuing of Debit MasterCard® cards



Participation in AMCC

Establish a Member Test System Members are encouraged to establish a separate member test system that emulates the capabilities of their production processing systems. The member test system must support the following: •

The MasterCard CIS International Organization for Standardization (ISO) 8583–1987 transaction format



All mandatory online message formats (see Figure 11.1) that apply for the member’s processing type (issuer or acquirer)



All response codes in the authorization request response that the issuer chooses to support



A dedicated communications interface (outlined following the required message formats)

ISO 8583–1987 Transaction Format See the Customer Interface Specification manual for message formats, record layouts, field definitions, and a description of the MasterCard application of the ISO 8583–1987 message standard.

11-2

© 2005 MasterCard International Incorporated

April 2006 • Authorization System Manual

Testing Member Testing

Figure 11.1—Online Message Formats that Members Must Test

IF the member…

Note

Then the member must test for support of the following message types:

Acquires authorizations (acquirer functionality)



0100—Authorization Request



0110—Authorization Request Response

Authorizes transactions (issuer functionality)



0100—Authorization Request



0110—Authorization Request Response



0120—Authorization Advice



0130—Authorization Advice Response



0190—Authorization Negative Acknowledgement



0400—Acquirer Reversal Request (full reversal)



0410—Acquirer Reversal Request Response (full reversal)



0420—Acquirer Reversal Advice



0430—Acquirer Reversal Advice Response



0620—Administrative Advice



0630—Administrative Advice Response



0800—Network Management Request



0810—Network Management Request Response



0820—Network Management Advice

MasterCard recommends that acquirers and issuers test the usage of Acquirer Reversal Request/0400 and Acquirer Reversal Request Response/0410 messages.

Response Codes Issuers can choose to support any of the optional response codes outlined in the Customer Interface Specification manual. Issuers must test for mandatory codes. Acquirers must test for receipt of all codes.

© 2005 MasterCard International Incorporated

Authorization System Manual • April 2006

11-3

Testing Member Testing

Communications Interface Members must support a dedicated communications interface for testing. Members should choose TCP/IP as this is the preferred communications protocol. New members can only implement TCP/IP. Legacy protocols will no longer be implemented for new members, and existing members must migrate to TCP/IP by July 2006. Refer to the Data Communications Manual for further details about the TCP/IP protocol.

Prepare MasterCard Test Systems New online members that have established a direct connection to a MIP should initially test their authorization system offline by installing the MasterCard Credit Authorization Simulator. Members coordinate simulator testing with Customer Implementation Services. Using the MasterCard Credit Authorization Simulator, online members can test authorization system features independently in a stand-alone test environment. Following testing with the simulator, online members send their test results to MasterCard. Members may then schedule online testing with the Member Test Facility. Customer Implementation Services also coordinates online testing with the Member Test Facility. Member Testing Fees The following table provides pricing and support fees for the MasterCard Credit Authorization Simulator software package. Simulator Testing

Fee

Initial Purchase of MasterCard Credit Authorization Simulator

USD 9,500

Monthly maintenance per simulator

USD 180

Additional simulator support per hour

USD 300

On-site support per day

USD 1,500

Travel and accommodation expenses for on-site support

Actual cost incurred

The following table provides pricing and support fees for online testing and exception online testing. Examples of exception online testing include:

11-4



Testing outside of published available test hours



Test requests received less than five days before the test date



Beginning online testing when inaccurate or incomplete simulator trace files have been submitted and have not been validated

© 2005 MasterCard International Incorporated

April 2006 • Authorization System Manual

Testing Member Testing

Member Test Facility Testing

Fee

Online member testing per hour

USD 300

Exception online member testing per hour

USD 500

Offline Testing via the MasterCard Credit Authorization Simulator The MasterCard Credit Authorization Simulator is an authorization application that runs under Microsoft® Windows NT and Windows 2000. After the member has established a host test system, the simulator is installed on a PC connected to the member host. The resulting interface simulates the actual interface between the member host and the MIP. The simulator provides all the testing capabilities that are available with online testing. Testing with the simulator can minimize the time required to perform online testing. With the simulator, members can: •

Conduct extensive preparations for online testing in an offline environment



Replicate the tests and procedures for scheduled online testing

The simulator provides an emulation tool for complete end-to-end application testing for both release-related changes and internal testing purposes. Using the simulator, members can test internally-developed systems and vendorpurchased systems. MasterCard updates the simulator two times a year, to coincide with the Banknet releases. Generally, the most current version of the simulator is available three or four weeks before MasterCard makes online testing with the Member Test Facility available to members for each release. Issuer Simulator Testing The simulator allows issuers to create messages that their host systems would expect to receive from MasterCard for processing. Examples of internal testing that issuers can perform with the simulator are: • • • •

Verification of fraud parameters Messaging-error testing Billing cycle or new card program processing Error reproduction for developer analysis

During issuer testing, the simulator sends CIS messages to the issuer host system.

© 2005 MasterCard International Incorporated

Authorization System Manual • April 2006

11-5

Testing Member Testing

Figure 11.2—Issuer Host System Testing Authorization Request/0100 Authorization Request Response/0110 Simulator

Host as Issuer

Acquirer Simulator Testing For acquirers, the simulator supports testing all transactions that need to be routed to MasterCard systems. Acquirers can test all point-of-interaction (POI) locations and Internet-based transaction processing systems. During acquirer testing, the simulator responds to messages it receives from the acquirer host. The test simulator supports all CIS message types. Figure 11.3—Acquirer Host System Testing Authorization Request/0100 Authorization Request Response/0110 Host as Acquirer

Simulator

Scheduling Installation of the Simulator New members should contact Customer Implementation Services to request the test simulator and schedule installation of the MasterCard Credit Authorization Simulator as soon as they become MasterCard members. MasterCard assigns a Customer Implementation Services specialist to members who are preparing for offline testing. Members should follow these general steps to install and test with the MasterCard Credit Authorization Simulator:

11-6

Step

Action

1.

The member establishes communications connectivity between the simulator and the host environment.

2.

The Customer Implementation Services specialist selects the authorization test cases that are appropriate to the member’s processing system. The member modifies the test scripts provided with the simulator to include memberspecific data.

© 2005 MasterCard International Incorporated

April 2006 • Authorization System Manual

Testing Member Testing

Step

Action

3.

During a test session, the simulator and the member host system exchange authorization messages. Trace files record the results of the test session for analysis. Members view the trace files to determine any errors that occur during authorization message processing.

4.

When testing is completed, the member forwards the trace file to the assigned Customer Implementation Services specialist to confirm test results.

For More Information For more information about the MasterCard Credit Authorization Simulator software, please contact: Simulator Support Fax:

1-636-722-2797

E-mail:

[email protected]

Online Testing via the Member Test Facility After members have successfully completed testing of their host system with the offline simulator, they may schedule online testing with the Member Test Facility. In most cases, MasterCard will assign the same Customer Implementation Services specialist to support both offline and online testing by a new member. Scheduling Online Member Testing MasterCard schedules members for online testing sessions of one or two hours in length. Members must schedule online testing with Customer Implementation Services at least 10 business days before testing. If members need MasterCard to change the MIP before testing, members must notify Customer Implementation Services at least 15 days before testing. In addition, if members must cancel scheduled testing, they must notify Customer Implementation Services more than five days before the scheduled test date to avoid being charged for testing. Outside the U.S. region, members can schedule online testing by contacting their regional representative.

© 2005 MasterCard International Incorporated

Authorization System Manual • April 2006

11-7

Testing Member Testing

How to Perform Testing On the scheduled online test date, members send and receive the appropriate CIS message types listed in Figure 11.1. For example, issuers sign on with the Network Management Request/0800 message, and then receive Authorization Request/0100 messages from MasterCard. Acquirers send Authorization Request/0100 messages to MasterCard, and receive Authorization Request Response/0110 messages from MasterCard. The testing session will include all CIS message types appropriate to the member’s processing system. If testing reveals any errors, the Customer Implementation Services specialist consults with the member to correct the errors. Members can schedule additional testing sessions to test the corrections to their host systems.

How to Begin Production Processing After the member has successfully completed online testing, the Customer Implementation Services specialist schedules production implementation of the member’s Authorization System interface.

Note

The member must inform the Customer Implementation Services specialist of the actual cut-over production date (or postponement of a previously scheduled cut-over date), at least ten business days before the actual date.

The member should have procedures to support a backout plan in the event of irrecoverable problems experienced during production implementation. This backout plan should include the following: •

Ability to switch back to previous processing environment or alternate processing capability



24-hour availability of the member’s operations staff

MasterCard closely monitors activity during and after implementation, actively reviewing logs to verify accurate processing of authorizations. After production implementation, MasterCard encourages members to keep the member test system available to support testing of any future application or interface changes. Online acquirers and all CAPS members may begin sending messages immediately after conversion. Online issuers must initiate online processing with a sign-in (Network Management Request/0800) message. MasterCard responds to the sign-in request by directing authorization traffic to the issuer.

11-8

© 2005 MasterCard International Incorporated

April 2006 • Authorization System Manual

Testing CAPS Member Testing

CAPS Member Testing The following testing directions for CAPS members include information on: •

When to test



How to prepare for testing



How to perform testing



How to begin processing

When to Test The member must complete testing for CAPS whenever MasterCard implements enhancements to CAPS or the Daily Activity Report and notifies the member that the enhancements require testing.

How to Prepare for Testing Before beginning testing, the member should do the following: •

Contact a Customer Implementation Services specialist at least two weeks before testing begins to arrange a testing schedule. Use the contact information shown in the Using this Manual chapter.



Complete the following preparations for testing: −

Install MasterCard OnLine® and the MasterCard File Express software, which will permit the member to send and receive files.



Provide the Customer Implementation Services specialist with the names and user IDs of the personnel who will be using MasterCard File Express.

The Customer Implementation Services specialist will establish the MasterCard File Express applications and coordinate setting up the necessary databases and security functions with the names and user IDs that the member provides.

© 2005 MasterCard International Incorporated

Authorization System Manual • April 2006

11-9

Testing CAPS Member Testing

How to Perform Testing On the testing date arranged with the Customer Implementation Services specialist, the member follows these steps: Step

Action

1.

Create a Sequential Account File, referring to the record layouts in chapter 8 for field attributes and valid values. Set the Last Update Info field to zeros for this initial transmission, and include all of the accounts in your cardholder base in the file. This will build your Positive File. Make sure that the file you create contains all of the cards in your cardholder base because after implementation of CAPS, MasterCard will set Stand-In limits to zeros, and CAPS processing will approve only the cards in the CAPS file.

2.

Start MasterCard File Express. When you sign on, select region C (for certification) not region P (for production). Send the Sequential Account File using application ID RB28. At midnight of the day you send the Sequential Account File, Stand-In processing will process the file.

3.

Via facsimile, send to your Customer Implementation Services specialist a list of test account numbers and authorization amounts (based on the account numbers that you sent in step 1). MasterCard uses this list to create authorization requests and run them against your positive file of accounts (the accounts that you sent in step 1.) Be sure that some of the test authorization amounts you send would cause the accounts to go over their credit limit, so that some of the authorization requests receive a “Decline” response. As the authorization requests are run, the credit limits on your positive file also are updated accordingly.

4.

5.

6.

11-10

Create an updated Sequential Account File. Refer to the record layout of this file in chapter 8. •

Add five accounts to the file.



Delete five accounts from the file.



Change five accounts in the file.

Send another updated Sequential Account File to MasterCard and making the following modifications: •

Delete two accounts from the file.



Change two accounts in the file.

If you request to receive a Daily Activity Report, your Customer Implementation Services specialist will create this and send it to you.

© 2005 MasterCard International Incorporated

April 2006 • Authorization System Manual

Testing CAPS Member Testing

How to Begin Processing The date of production cutover must be at least six business days after successful completion of testing. (This allows MasterCard time to update all master files and submit the required paperwork to set up a new member.) The Customer Implementation Services specialist will coordinate with each member to implement the cutover to production as needed.

© 2005 MasterCard International Incorporated

Authorization System Manual • April 2006

11-11

12

Smart Card Transactions This chapter addresses acquirer and issuer responsibilities relating to the ability of smart cards to perform authorizations offline as well as online. In addition, this chapter provides basic information about the various types of authorization processing for transactions read from the chip on a MasterCard®.

Overview ...........................................................................................................12-1 Acquirer Responsibilities...................................................................................12-1 Requirements for Merchants and Service Providers ..................................12-1 Transaction Processing Categories .............................................................12-2 Full Grade Processing...........................................................................12-2 Cardholder-controlled Remote Devices .....................................................12-2 Hybrid Terminal Requirements ..................................................................12-3 Multi-application Capabilities of Hybrid Terminals.............................12-5 Fallback Procedures ....................................................................................12-5 Cardholder-activated Terminals............................................................12-6 Terminal Cardholder Verification Method Policy ......................................12-6 Hybrid Terminal Risk Management............................................................12-6 Terminal Floor Limit Check..................................................................12-7 Velocity Check ......................................................................................12-7 Acquirer Processing Requirements.............................................................12-8 Issuer Responsibilities .......................................................................................12-8 Smart Card Requirements ...........................................................................12-9 Minimum Personalization Requirements....................................................12-9 Card Risk Management .............................................................................12-10 Velocity Check .......................................................................................... 12-10 Cumulative Amount Check....................................................................... 12-10 Issuer Processing Requirements ............................................................... 12-10 Cardholder Authentication Method ................................................................12-11 CAM Policy ................................................................................................12-11 Offline SDA CAM ......................................................................................12-12 Offline DDA CAM .....................................................................................12-12 Online CAM and Online Mutual Authentication...................................... 12-13

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

12-i

Smart Card Transactions

Cardholder Verification Method .....................................................................12-13 CVM Policy ................................................................................................12-14 Block/Unblock ..........................................................................................12-14 PIN Block ..................................................................................................12-14

12-ii

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Smart Card Transactions Overview

Overview Members are not required to support smart card transactions. However, members must comply with all relevant rules if they choose to do any of the following: •

Acquire smart card transactions



Issue smart cards

Acquirer Responsibilities The acquirer or its designated agent must: •

Properly encode the Authorization Request/0100 message, including identifying the transaction as a smart card–read in DE 22 (Point-of-Service [POS] Entry Mode). If applicable, send the smart card data in DE 55 (Integrated Circuit Card [ICC] System-related Data).



Develop and support member service procedures for the chip-based application and products. The service procedures must comply with MasterCard standards.



For acquirers processing chip transactions—support receipt of DE 48, subelement 74, which contains information when there is a chip cryptogram issue.

Apr 2006

Requirements for Merchants and Service Providers Acquirers are responsible for: •

Recruiting merchants and service providers into the chip-based programs



The sales and service support provided by service providers. This support includes, but is not limited to: −

Risk management



Terminal deployment



Display of the MasterCard acceptance mark



All transaction collection and processing operations, including but not limited to exception item processing.



Settlement with service providers or merchants.



Ensuring that all terminal, service provider, or merchant requirements are met.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

12-1

Smart Card Transactions Acquirer Responsibilities

Note

Depending on agreed card/terminal CVM method, acquirers that support chip transaction processing may send credit cash advance transactions using chip cards with online PIN for added security.

Apr 2006

Transaction Processing Categories Effective 1 January 2006, all new acquirers that choose to process smart card transactions must support Full Grade Processing for smart card transactions. Acquirers will send DE 55 (Integrated Circuit Card [ICC] System-Related Data) in the related network messages.

Full Grade Processing Full Grade authorization requests have the following characteristics: •

They are captured at type-approved terminals that meet MasterCard specifications.



They provide the data element that identifies the authorization request as chip-read (DE 22).



They provide all of the data elements that are necessary to the transaction, including the data element cryptograms that contain chip-related information (DE 23 and DE 55).

Technical requirements for Full Grade processing are defined in the M/Chip— Functional Architecture for Debit and Credit manual.

Cardholder-controlled Remote Devices MasterCard does not require that cardholder-controlled remote devices that accept MasterCard-branded smart card payment applications be hybrid terminals. However, these devices must meet appropriate MasterCard typeapproval requirements.

12-2

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Smart Card Transactions Acquirer Responsibilities

Hybrid Terminal Requirements Acquirers that want to process both smart card transactions and magnetic stripe transactions must use hybrid terminals. All point-of-interaction (POI) hybrid terminals must conform to the following specifications and rules. •

Hybrid terminals must support the following functions as required by these rules. −

Fallback Procedures



Hybrid Terminal Risk Management



Cardholder Authentication Method (CAM) Policy



Cardholder Verification Method (CVM) Policy



Hybrid terminals that read and process EMV-compliant payment applications must read and process EMV-compliant MasterCard payment applications.



Hybrid terminals must support offline dynamic data authentication (DDA), online mutual authentication (OMA), and script processing.



Hybrid terminals must support and perform the Validity Dates Check. The Validity Dates Check reduces the offline risk relative to not yet effective or expired applications. The hybrid terminal must check the transaction date against the Application Effective Date and the Application Expiration Date, which are personalized on the smart card. If the Validity Dates Check fails, the hybrid terminal can either force the transaction online to the issuer or decline the transaction.



Hybrid terminals must support previous versions of MasterCard branded payment applications residing on smart cards.



Hybrid terminals must be able to support separate floor limits for: −

A chip floor limit



A magnetic stripe floor limit



A floor limit for transactions that fall back to magnetic stripe

Terminals that support both debit and credit must have separate limits for each.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

12-3

Smart Card Transactions Acquirer Responsibilities



Hybrid terminal floor limits must equal the default values that MasterCard provides. When the hybrid terminal determines whether to perform a transaction online or offline, it must compare the maximum transaction amount of the smart card with the terminal floor limit. IF…

THEN…

The floor limit of the hybrid terminal is lower

The transaction may occur offline.

The maximum transaction amount of the smart card is lower

The transaction must occur online.



Hybrid terminals must request a transaction certificate for all approved smart card transactions. Hybrid terminals must allow the merchant to enter a decline advice, so that the smart card can generate an application authentication cryptogram (AAC).



Hybrid terminals must try to perform the transaction using the chip first, when a smart card is presented.



Hybrid terminals must comply with the EMV specifications and be type approved by MasterCard according to the process described in the M/Chip Customer Implementation Guide.



Hybrid terminals must be able to read all of the mandatory parameters for card personalization and to apply the processing restrictions that the EMV specifications describe.



Hybrid terminals must identify in the authorization messages transactions that originate from EMV-compliant terminals when the hybrid terminals are activated to read and process smart card payment applications.



Hybrid terminals must identify smart card transactions in the authorization message as smart card–read.



Hybrid terminals must be capable of performing online and offline transactions, except that self-service terminals or CAT Level 3 and CAT Level 4 terminals may be offline capable only.



Hybrid terminals must provide the card acceptor business code/merchant category code (MCC) and transaction category code (TCC) to the smart card.



Hybrid terminals must meet security guidelines defined by MasterCard. Refer to the Cryptographic Modules Manual to review the security guidelines for hybrid terminals. To get access to the Cryptographic Modules Manual, contact [email protected].

12-4

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Smart Card Transactions Acquirer Responsibilities

Multi-application Capabilities of Hybrid Terminals All hybrid terminals must support the full use of the multi-application capabilities of smart cards as follows: •

Hybrid terminals must contain a complete list of all Application Identifiers for all of the programs that the terminals accept.



Hybrid terminals must receive and keep updates of Application Identifiers for all of the programs that the terminals accept.



Hybrid terminals must try to match all of the Application Identifiers contained in the terminal with the Application Identifiers on any EMV compliant smart card that cardholders use.



Hybrid terminals must display to cardholders all of the accepted Application Labels or Preferred Names and the transaction amount. Multiple matching applications must be displayed in the issuer’s priority sequence as indicated on the chip of the smart card.



Hybrid terminals must allow cardholders to select which application to use, when multiple matching applications exist.



Hybrid terminals must allow cardholders to approve or cancel transactions before dispensing goods or performing services.

MasterCard recommends that messages on the screen be available in both English and the local language, particularly at unattended terminals.

Fallback Procedures Members use fallback procedures when a smart card is present at a hybrid terminal and the merchant processes the transaction by using the magnetic stripe or by manually entering the PAN because the merchant cannot process the transaction using smart card technology. If fallback procedures produce a transaction authorization, the acquirer must indicate the fallback condition in the authorization request with a value of 79 or 80 in DE 22 (POS Entry Mode). Acquirers must send transactions resulting from fallback procedures online to the issuer for authorization even if the amount is less than the terminal floor limit. (Because MasterCard rules prohibit CAT Level 3 and CAT Level 4 terminals from performing fallback procedures, MasterCard does not require these terminals to send transactions resulting from fallback procedures to the issuers.)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

12-5

Smart Card Transactions Acquirer Responsibilities

Cardholder-activated Terminals Depending on the rules of the region in which the CAT exists, following are MasterCard’s rules about performing fallback procedures from hybrid CATs. CAT Level Terminal Type

Allowance of Fallback Procedures

1

Automated Dispensing Machine

May perform fallback procedures (unless prohibited by the region)

2

Self-service Terminal

May perform fallback procedures (unless prohibited by the region)

3

Limited Amount Terminal

Prohibited from performing fallback procedures

4

In-flight Commerce Terminal

Prohibited from performing fallback procedures

Terminal Cardholder Verification Method Policy The following table shows the requirements for cardholder verification method (CVM) for various types of terminals. Type of Terminal

Required CVM

Optional CVM

Attended hybrid POI



Signature verification for all transactions



Alphanumeric PIN pad that complies with EMV specifications

CAT Level 1

Online PIN for all transactions

CAT Level 2 and 3

None

CAT Level 4

Offline PIN for transactions

Offline PIN (at the acquirer’s option)

Hybrid Terminal Risk Management Terminal Risk Management is a set of calculations performed by the terminal during offline transactions to help protect acquirers, issuers, and the system from fraud. All hybrid terminals must support the following Terminal Risk Management functions:

12-6



Terminal Floor Limit Check



Velocity Checking

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Smart Card Transactions Acquirer Responsibilities

Additional Terminal Risk Management functions that may be supported, at the acquirer’s option, include but are not limited to Random Transaction Selection (“1 in N”). If, as a result of Terminal Risk Management functions, the transaction must be authorized online, the terminal must use DE 55 in the authorization message to identify the reason and condition that forced the transaction online.

Terminal Floor Limit Check The purpose of the Terminal Floor Limit Check is to determine, for transactions where the floor limit is greater than zero, whether the transaction must be processed online. All hybrid terminals that are capable of online processing must perform the Terminal Floor Limit Check. Transactions that are above the terminal floor limit must be sent online to the issuer for authorization. If an online authorization cannot be obtained, then the chip must do one of the following, according to the issuer’s personalization parameters, which are programmed in the chip: •

Decline the transaction



Authorize the transaction offline

Terminals that operate offline only (CAT Level 3 and CAT Level 4 terminals) are not required to perform a Terminal Floor Limit Check.

Velocity Check The Velocity Check verifies that the total number of consecutive, offline, approved transactions that the smart card performs does not exceed a maximum number. The Velocity Check reduces the offline risk where the floor limit is greater than zero, because it requires online authorization of transactions at pre-set intervals, as required by MasterCard. All online capable hybrid terminals must perform the Velocity Check. If an online authorization can not be obtained, then the chip must do one of the following, according to the issuer’s personalization parameters, which are programmed in the chip: •

Decline the transaction



Authorize the transaction offline

Terminals that operate offline only (CAT Level 3 and CAT Level 4 terminals) are not required to perform the Velocity Check.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

12-7

Smart Card Transactions Issuer Responsibilities

Acquirer Processing Requirements The acquirer of smart card transactions must: •

Adapt its processing to map smart card data elements between the card and the terminal, the acquirer’s host system, and MasterCard networks’ messages.



Identify smart card transactions in authorization and clearing messages.

Issuer Responsibilities The issuer or its designated agent must: •

Identify its MasterCard products and applications in accordance with the Application Identifier list that MasterCard provides



Develop and support member service procedures for chip-based applications and products, in compliance with MasterCard standards



Maintain inventory and establish audit and control procedures for smart cards. Issuers must store smart cards in a safe and secure manner



Support re-issuance of its cards for: −

Expired card replacement



Defective cards



Lost cards



Stolen cards



Non-receipt of issue cards (NRI). (The cardholder never received the newly issued card.)



Meet all smart card requirements.



Conduct chip-based applications, products, and programs in a safe, secure, and sound manner.



Maintain records of all applications and operating systems it provides on individual smart cards.



For issuers processing chip transactions—accept and process credit cash advance transactions using chip cards with online PIN.

The issuer is responsible to MasterCard for the content and performance of all chip-based applications and programs that it or its designated agent issues on its behalf.

12-8

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Apr 2006

Smart Card Transactions Issuer Responsibilities

Smart Card Requirements All smart cards must: •

Be able to generate responses to the terminal as specified in the EMV specifications.



Support offline static data authentication (SDA) card authentication method (CAM).



Support both signature and online PIN as the cardholder verification method (CVM). ATMs require online PIN as the CVM.



Include in the discretionary data on the magnetic stripe data a service code indicating that the smart card is “chip-capable” (2xx is the code for international usage, and 6xx is the code for domestic-only usage).

At the issuer’s option, smart cards also may: •

Support offline dynamic data authentication (DDA) CAM.



Support offline PIN as the CVM. Issuers also may choose to require PIN entry for certain transactions.



Support online mutual authentication (OMA).



Perform card risk management functions, including maximum transaction amount and cumulative amount.



Support script processing.



Contain additional personalization parameters not in conflict with any provision of MasterCard rules.



Contain multiple applications and products on the chip, as allowed by MasterCard rules. Refer to the Bylaws and Rules manual for more information about MasterCard rules governing smart card applications.

Minimum Personalization Requirements Personalization elements for all MasterCard branded smart cards must conform to the requirements set forth in M/Chip—Functional Architecture for Debit and Credit manual.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

12-9

Smart Card Transactions Issuer Responsibilities

Card Risk Management Issuers may design and implement their own card risk management features to be personalized in their smart cards. These features may include but are not limited to: •

Checking that the number of consecutive offline transactions do not exceed the issuer defined Lower or Upper Consecutive Offline Limits, as appropriate



Assessment of potential risk associated with each MCC



Assessment of potential risk associated with each TCC

As a result of issuer-defined card risk management, a transaction may be: •

Authorized offline



Routed to the issuer for online authorization



Declined

Velocity Check The Velocity Check is an optional check for issuers. It verifies that the number of consecutive offline transactions does not exceed an issuer defined maximum number of offline transactions. When the smart card’s internal counter value is equal to or greater than the Upper Consecutive Offline Limit, the chip will go online to the issuer for authorization.

Cumulative Amount Check Cumulative Amount Check is an optional check for issuers. It compares the cumulative transaction value against the maximum cumulative amount, as defined by the issuer. The Cumulative Amount Check only applies to same currency accommodations.

Issuer Processing Requirements The issuer of smart cards must adapt its authorization, clearing, and settlement processing to support new smart card data elements, received in Authorization System and MasterCard® Debit Switch messages.

12-10

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Smart Card Transactions Cardholder Authentication Method

Cardholder Authentication Method Cardholder authentication method (CAM) is a method to reduce risk by determining if a card is genuine. CAM helps to control counterfeit and to decrease the risk of fraud occurring after a card is lost or stolen but before it is reported as lost or stolen or counterfeit fraud below the floor limits.

CAM Policy MasterCard requires all issuers and acquirers to support offline static data authentication (SDA) CAM for all credit transactions except at ATMs. With the exception of 100 percent online environments, MasterCard also requires all acquirers to support offline dynamic data authentication (DDA) CAM for some credit point-of-interaction (POI) transactions. Members must follow the requirements described in MasterCard chip specifications to authenticate smart card transactions. With the exception of 100 percent online terminals, all hybrid terminals must support both offline SDA CAM and offline DDA CAM. For 100 percent online terminals, support of offline SDA CAM and offline DDA CAM is at the acquirer’s option. If the 100 percent online terminal supports offline CAM, it must support both offline SDA CAM and offline DDA CAM. The following table shows the processing instructions for various scenarios. IF…

THEN…

Offline SDA CAM or offline DDA CAM The transaction must go online to the issuer fails for authorization. The issuer must process the transaction via dynamic online CAM in a full grade environment. If online authorization is not obtained, the transaction must be declined by the acquirer. Offline SDA CAM or offline DDA CAM The transaction must go online to the issuer is not performed in a 100% online for authorization. environment The issuer must process the transaction via dynamic online CAM in a full grade environment. If online authorization is not obtained, the transaction must be declined by the acquirer.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

12-11

Smart Card Transactions Cardholder Authentication Method

IF…

THEN…

Online processing is requested but is not available.

The merchant must not capture the card unless either the issuer or the smart card instructs the merchant to capture the card

Offline CAM fails at a CAT Level 3 or 4 The transaction must be declined. terminal

Offline SDA CAM SDA requires the creation of a fixed cryptographic signature over the application data to be protected before the issuer personalizes the smart card. For example, the signature should be over the PAN or the expiration date. Then, the issuer personalizes the smart card with the cryptographic signature and the protected application data. Using SDA, the smart card is passive and the terminal is active. During a transaction, the terminal verifies this cryptographic signature by doing all of the following: •

Reading the protected application data from the card



Calculating a new cryptographic signature



Comparing the new cryptographic signature with the cryptographic signature personalized on the smart card

Offline DDA CAM Like SDA, DDA requires the creation of a fixed cryptographic signature over the application data to be protected before the issuer personalizes the smart card. Then, the issuer personalizes the smart card with the cryptographic signature and the protected application data. Using DDA, the smart card and the hybrid terminal are both active, and must be capable of executing a public key algorithm. During a transaction, DDA requires the smart card to create a new, different (dynamic) cryptographic response to a challenge from the hybrid terminal. This response is a card encryption (using an application-level or card-level secret key) of the protected application data (for example, PAN, expiration date), and is a pre-personalized digital signature and a random number from the terminal.

12-12

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Smart Card Transactions Cardholder Verification Method

The terminal authenticates the card by validating the encryption of the terminal-generated random number. The terminal verifies the pre-personalized cryptographic signature by doing all of the following: •

Reading the protected application data from the smart card



Calculating a new cryptographic signature



Comparing the new cryptographic signature with the cryptographic signature decrypted from the card-generated dynamic cryptogram

Online CAM and Online Mutual Authentication Using online CAM, the chip computes a new digital signature for each transaction, and the issuer verifies the signature online, using the same secret key. While online, the chip also can check the authenticity of the issuer. Online mutual authentication (OMA) is an optional process for issuers. OMA is the process by which the issuer and the chip authenticate each other. OMA can occur only when an online authorization request to the issuer is initiated. OMA can only be performed at a terminal supported by a Full Grade network. All transactions completed from cardholder-controlled remote devices must use online CAM and OMA. Acquirers assume the risk if they complete a transaction using cardholder-controlled devices without online authorization. The smart card must generate an authorization request cryptogram (ARQC) for all online transactions.

Cardholder Verification Method Cardholder verification methods (CVM) check that the user of the card is the genuine cardholder. This process reduces the risk associated with the following situations: •

Lost cards



Stolen cards



Non-receipt of issue (NRI). (The cardholder never received the newly issued card.)

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

12-13

Smart Card Transactions Cardholder Verification Method

CVM Policy Smart cards must support signature for transactions and must accept signature as the CVM for all transactions at attended terminals. The issuer may choose to support offline PIN in addition to signature. Online PIN is the required CVM for all ATM transactions. All PINs must be between 4 and 12 digits. MasterCard strongly recommends that issuers provide cardholders with the ability to select their own PINs in a secure environment. The PIN validation value (PVV) on the magnetic stripe must be consistent with and correspond to the PVV on the chip.

Block/Unblock The issuer may block one or more applications on a smart card during any online dialogue or transaction. Reasons for blocking applications include but are not limited to: •

The application ID number appears on the Emergency BIN List



CAM failure



CVM failure

PIN Block If a PIN is required to conduct a payment transaction, the terminal will prompt the cardholder to enter a PIN. It will allow the cardholder to attempt to enter the correct PIN several times, as specified by the issuer. If the cardholder does not successfully enter the correct PIN within the PIN Try Limit parameter that the issuer specifies on the smart card, then the PIN is blocked and no further PIN attempts are permitted. The transaction proceeds in accordance with the Issuer Action Codes and Terminal Action Codes set by the issuer and acquirer, respectively. As a result, the transaction may be declined offline or forced online to the issuer. An acquirer may choose to set a lower PIN Try Limit at its terminals than issuers specify on their smart cards. If an acquirer chooses to set a PIN Try Limit, it must do so according to MasterCard rules.

12-14

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

A

Non-MasterCard Authorization Message Flow This chapter explains MasterCard support of non-MasterCard transactions and illustrates the flows of authorization messages for those types of transactions.

Authorization Flows for Visa Cards ................................................................... A-1 Flows for a Peer-to-Peer Visa Issuer—Transaction Does Not Qualify for CPS.......................................................................................................... A-1 Primary Path—Direct to the Issuer ....................................................... A-1 Secondary Path—Routing through the Visa Network .......................... A-2 Tertiary Path—X-Code Processing ........................................................ A-3 Flows for a Peer-to-Peer Visa Issuer—Transaction Qualifies for CPS ....... A-4 Primary Path— Routing through the Visa Network ............................. A-4 Secondary Path—MasterCard Stand-In Processing............................... A-5 Tertiary Path—MasterCard X-Code Processing..................................... A-6 Flows for a Non–Peer-to-Peer Visa Issuer .................................................. A-7 Primary Path—Routing through the Visa Network .............................. A-7 Secondary Path—MasterCard Stand-In Processing............................... A-8 Tertiary Path—MasterCard X-Code Processing..................................... A-9 Authorization Flows for Non-MasterCard, Non-Visa Cards ............................ A-10 Primary Path—Direct to Designated Endpoint ......................................... A-10 Secondary Path—X-Code Processing ........................................................ A-11

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

A-i

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Authorization Flows for Visa Cards When an acquirer enters a Visa transaction into the MasterCard authorization network, MasterCard provides one or more of the following paths to ensure proper authorization: •

Direct to the Visa issuer (only when the Visa issuer has a direct connection to the Banknet® telecommunications network [“peer-to-peer”] and the transaction does not qualify for the Visa Custom Payment Service [CPS] program. 1)



Routing to the Visa issuer through the Visa network



Routing to MasterCard Stand-In processing



Routing to MasterCard X-Code processing

The paths described as primary on the following pages are always the first path attempted. Secondary paths are followed only if the primary path is unavailable. Tertiary paths are followed only if the first two paths are unavailable.

Flows for a Peer-to-Peer Visa Issuer—Transaction Does Not Qualify for CPS If the transaction is for a peer-to-peer Visa issuer and does not qualify for the CPS program, the transaction follows one of the flows depicted in Figure A.1, Figure A.2, and Figure A.3. To receive Visa transactions via this direct connection, the Visa issuer must be set up for peer-to-peer processing by a MasterCard Customer and Technology Support representative and must complete testing. Contact a MasterCard Customer Technology and Operations Services representative to arrange for this service. Figure A.7, Figure A.8, and Figure A.9 address transaction flows to Visa issuers that have not been set up as peer-to-peer.

Primary Path—Direct to the Issuer If the transaction can be delivered directly to the Visa issuer, the transaction follows the flow depicted in the following diagram.

1

CPS is a Visa interchange discount program that applies to certain transactions routed through the Visa authorization network.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

A-1

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Figure A.1—Authorization Flow Peer-to-Peer Issuer Non-CPS Transaction Direct to the Issuer 1

1

2 3 Acquirer

2

Banknet Network

1

1 2

MIP

2 MIP

Issuer Visa

Stage Description 1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Authorization System routes the Visa authorization request through the Banknet network to the Visa issuer.

2.

The Visa issuer formats an authorization response conforming to MasterCard specifications. The request travels back to the Banknet network. The Banknet network delivers the authorization response to the acquirer.

3.

Online acquirers may generate an authorization acknowledgement message to acknowledge receipt of the response.

Secondary Path—Routing through the Visa Network If the Banknet connectivity to the Visa issuer is not functioning, the Authorization System routes the transaction to the Visa network via a MasterCard gateway, as shown in Figure A.2. Visa issuers do not receive PIN data with Visa ATM transactions that are routed to the gateway. Figure A.2—Authorization Flow Peer-to-Peer Issuer Non-CPS Transaction to the Issuer Via the Visa Network 1

1 4

Acquirer

4

Banknet Network

MIP 4

MIP

2

MIP MasterCard (Gateway) 3

A-2

2

VISA

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Stage Description 1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Visa authorization request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System, unable to route the authorization request to the Visa issuer, routes it instead to the MasterCard gateway to the Visa authorization network.

3.

The Authorization System receives the authorization response from Visa.

4.

The Authorization System delivers the authorization response to the acquirer.

Tertiary Path—X-Code Processing If Banknet connectivity to both the Visa issuer and the Visa network is down, MasterCard X-Code processing returns a response of “decline,” as illustrated in the following diagram. Figure A.3—Authorization Flow Peer-to-Peer Issuer Non-CPS Transaction X-Code Processing 1

1 Banknet Network

2 Acquirer

MIP

Issuer 1

VISA

MIP MasterCard (Gateway) VISA

Stage Description 1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Visa authorization request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System is unable to deliver the request to the Visa issuer or the Visa network. X-Code processing returns a response code that indicates, “Authorization System or issuer system inoperative” and that prompts an acquirer response of “decline.”

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

A-3

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Flows for a Peer-to-Peer Visa Issuer—Transaction Qualifies for CPS If the peer-to-peer Visa issuer chooses to receive Visa transactions via its Banknet connection and the transaction does qualify for the CPS program, the transaction follows one of the flows depicted in Figure A.4, Figure A.5, and Figure A.6. Although the Visa issuer in this scenario is directly connected to the Banknet network, MasterCard nevertheless attempts to route the transaction through the Visa network to secure the CPS discounts for the issuer.

Primary Path— Routing through the Visa Network The primary path for transactions that qualify for the CPS program always leads to the Visa network. Visa issuers do not receive PIN data with Visa ATM transactions that are routed to the gateway. Figure A.4—Authorization Flow Peer-to-Peer Issuer CPS Transaction to the Issuer via the Visa Network 1

1

4

4

5 Acquirer

MIP

Banknet Network 3

2

MIP MasterCard (Gateway) 3 2

VISA

Stage Description

A-4

1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Visa authorization request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System routes the authorization request to the Visa network.

3.

Visa delivers an authorization response to the Banknet network.

4.

The Authorization System delivers the authorization response to the acquirer.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Stage Description 5.

The acquirer has the option to return an acknowledgement message.

Secondary Path—MasterCard Stand-In Processing If the connectivity between the Banknet network and the Visa network is down, MasterCard routes the CPS-qualifying authorization request to MasterCard Stand-In processing. Stand-In processing approves Visa transactions that are less than or equal to USD 100, provided:

Note



They are not on the Visa negative file, which MasterCard updates once a week with current listings, and



They are not ATM, cash disbursement, or unique transactions.

Cash disbursement and unique transactions receive a response of “refer to card issuer.” Visa ATM transactions receive a response of “decline.”

Figure A.5—Authorization Flow Peer-to-Peer Issuer CPS Transaction to MasterCard Stand-In Processing 1

1 3

Banknet Network

3

4 Acquirer

MIP 3

2

MIP MasterCard (Gateway)

MIP 3

1

2

Stand-In

VISA 2

Visa Negative File

Stage Description 1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Visa authorization request flows through the acquirer MIP to the Banknet network.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

A-5

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Stage Description 2.

The Authorization System, unable to route the request to the Visa network, routes it instead to MasterCard Stand-In processing, where it is checked against the Visa negative file.

3.

Stand-In processing generates an authorization response, according to MasterCard parameters for Visa transactions, and delivers the response to the acquirer.

4.

The acquirer may return an authorization acknowledgement message.

Tertiary Path—MasterCard X-Code Processing If Banknet connectivity to both the Visa network and MasterCard Stand-In processing is not functional, MasterCard X-Code processing returns a response of “decline,” as shown in the following diagram. Figure A.6—Authorization Flow Peer-to-Peer Issuer CPS Transaction X-Code Processing 1

1

2 Acquirer

Banknet Network

1

MIP

MIP

MIP MasterCard (Gateway)

Stand-In VISA MasterCard Stand-In Host

Visa Negative File

Stage Description

A-6

1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Visa authorization request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System is unable to route the request to the Visa network or Stand-In processing. X-Code processing at the acquirer MIP returns a response code that indicates, “Authorization System or issuer system inoperative” and that prompts an acquirer response of “decline.”

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Flows for a Non–Peer-to-Peer Visa Issuer If the Visa issuer is not connected to the Banknet network or chooses not to receive Visa transactions via its Banknet connection, the transaction follows one of the flows depicted in the following illustrations.

Primary Path—Routing through the Visa Network When the issuer does not have direct connectivity to the Banknet network, the primary path for all transactions leads to the Visa network, as shown in Figure A.7. Visa issuers do not receive PIN data with Visa ATM transactions that are routed to the gateway. Figure A.7—Authorization Flows Non–Peer-to-Peer Issuer to the Issuer via the Visa Network 1

1

4

4

5 Acquirer

MIP

Banknet Network 3

Issuer

2

Visa

MIP MasterCard (Gateway) 3

2

VISA

Stage Description 1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Visa authorization request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System routes the request to the Visa network.

3.

The Visa network delivers an authorization response to the Banknet network.

4.

The Authorization System delivers the authorization response to the acquirer.

5.

The acquirer may return an authorization acknowledgement message.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

A-7

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Secondary Path—MasterCard Stand-In Processing If the connectivity between the Banknet network and the Visa network is down, MasterCard routes the authorization request to MasterCard Stand-In processing. Stand-In processing approves Visa transactions that are less than or equal to USD 100, provided

Note



They are not on the Visa negative file, which MasterCard updates once a week with current listings, and



They are not ATM, cash disbursement, or unique transactions.

Visa cash disbursement and unique transactions receive a response of “refer to card issuer.” Visa ATM transactions receive a response of “decline.”

Figure A.8—Authorization Flow Non–Peer-to-Peer Issuer to MasterCard Stand-In Processing 1

1

3 Acquirer

3 4 MIP

Banknet Network

1

2 3

MIP MasterCard (Gateway)

MIP 2 3 Stand-In

VISA 2

Visa Negative File

Stage Description

A-8

1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Visa authorization request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System, unable to route the authorization request to the Visa network, routes it instead to MasterCard Stand-In processing, where it is checked against a file of negative Visa accounts updated weekly by MasterCard.

3.

Stand-In processing generates an authorization response and delivers the response over the Banknet network to the acquirer.

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Non-MasterCard Authorization Message Flow Authorization Flows for Visa Cards

Stage Description 4.

The acquirer may return an authorization acknowledgement message.

Tertiary Path—MasterCard X-Code Processing If Banknet connectivity to both the Visa network and Stand-In processing is not functional, MasterCard X-Code processing returns a response of “decline,” as shown in the following diagram. Figure A.9—Authorization Flow Non–Peer-to-Peer Issuer X-Code Processing 1

1

2 Acquirer

Banknet Network 1

MIP

MIP

Stand-In

MIP MasterCard (Gateway) VISA

Stage Description 1.

The acquirer creates an authorization request conforming to MasterCard specifications for Visa transactions. The Visa authorization request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System is unable to route the authorization request to the Visa network or Stand-In processing. X-Code processing at the acquirer MIP returns a response code that indicates, “Authorization System or issuer system inoperative” and that prompts an acquirer response of “decline.”

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

A-9

Non-MasterCard Authorization Message Flow Authorization Flows for Non-MasterCard, Non-Visa Cards

Authorization Flows for Non-MasterCard, Non-Visa Cards Acquirers can process any of the following card brands via the Banknet network: •

American Express



Diners Club



enRoute



JCB

MasterCard also supports processing of a number of private label cards. If the card is among those listed above or one of the supported private label cards, the transaction follows one of the flows depicted in Figure A.10 and Figure A.11.

Note

Non-MasterCard ATM transactions are automatically declined at the acquirer MIP.

Primary Path—Direct to Designated Endpoint The primary path for non-MasterCard, non-Visa transactions always leads directly to the endpoint designated for the specific card brand, as illustrated in the following diagram. Figure A.10—Authorization Flow Direct to Designated Endpoint 1

1

4 Acquirer

4 MIP Acquirer

Banknet Network

3

2

MIP MasterCard (Gateway) 2 3 Endpoint

A-10

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

Non-MasterCard Authorization Message Flow Authorization Flows for Non-MasterCard, Non-Visa Cards

Stage Description 1.

The acquirer creates an authorization request conforming to MasterCard specifications for the particular card brand. The request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System routes the authorization request to the appropriate endpoint (such as a processor, card issuer, or other network).

3.

The endpoint returns an authorization response to the Banknet network.

4.

The Authorization System delivers the authorization response to the acquirer.

Secondary Path—X-Code Processing If connectivity to the proper endpoint does not exist, MasterCard performs XCode processing and issues a “refer to card issuer” response (except for MO/TO and ATM transactions, which receive a “decline” response). See Figure A.11. Figure A.11—Authorization Flow X-Code Processing 1

1

2 Acquirer

Banknet Network

MIP 1

MIP MasterCard

Endpoint

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

A-11

Non-MasterCard Authorization Message Flow Authorization Flows for Non-MasterCard, Non-Visa Cards

Stage Description

A-12

1.

The acquirer creates an authorization request conforming to MasterCard specifications for the particular card brand. The request flows through the acquirer MIP to the Banknet network.

2.

The Authorization System, unable to route the request to the appropriate endpoint, performs X-Code processing, returning authorization responses as follows: Response

Transaction Type

Decline

MO/TO, ATM, or merchant suspicious transactions

Refer to Card Issuer

All other transactions

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

B

File Layouts This chapter provides file layouts for the In-flight Commerce Blocked Gaming File and Store-and-Forward Message Transmission File (T230).

In-flight Commerce Blocked Gaming File......................................................... B-1 Store-and-Forward Message Transmission File (T230) ..................................... B-3

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

B-i

File Layouts In-flight Commerce Blocked Gaming File

In-flight Commerce Blocked Gaming File The In-flight Commerce (IFC) Blocked Gaming File has the following specifications: Frequency: Media:

Generated twice per month Bulk File (bulk type T104) or MasterCard File Express (ID AM005) 100 Fixed block 1,000

LRECL: Format: Block Size:

Refer to the following file layouts for both bulk file and MasterCard File Express. IFC Blocked Gaming File Header Record

Field Name

Position

Length Comments/Valid Values

Record Type

1–3

3

Constant RHD

Processing Date

4–11

8

Date of file creation. Format: =

YYYYMMDD

YYYY =

Year

MM

=

month

DD

=

Day

Valid value: Must be numeric Filler

12–100

89

Valid values: spaces

IFC Blocked Gaming File Financial Detail Record

Field Name

Position

Length

Comments/Valid Values

Record Type

1–3

3

Constant DTL

From BIN

4–22

19

First account number in the BIN range to be blocked. Format: Numeric, left-justified; zero-filled.

To BIN

23–41

19

Last account number in the BIN range to be blocked. Format: Numeric, left-justified; nine-filled.

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

B-1

File Layouts In-flight Commerce Blocked Gaming File

Field Name ICA

Position

Length

42–46

6

Comments/Valid Values ICA number associated with the blocked BIN. Format: Numeric, left-justified; zero-filled.

Effective Date

47–54

8

Date the BIN should begin being blocked. Format:

=

YYYYMMDD

YYYY

=

year

MM

=

month

DD

=

day

Valid value: Must be numeric Filler

55–100

46

Valid values: spaces

IFC Blocked Gaming File Trailer Record

Field Name

Position

Length

Record Type

1–3

3

Constant TRL

Record Count

4–12

9

Numeric

13–100

88

Valid values: spaces

Filler

B-2

Comments/Valid Values

© 2006 MasterCard International Incorporated

April 2006 • Authorization System Manual

File Layouts Store-and-Forward Message Transmission File (T230)

Store-and-Forward Message Transmission File (T230) The Store-and-Forward (SAF) Message Transmission File (T230) has the following specifications: Frequency: Media: LRECL: Format: Block size:

On request Bulk File (bulk type T230) or Tape 1012 Fixed block 1012

SAF Message Transmission File Header Record

Field Name

Position

Attribute

Comments/Valid Values

Record Type

1–4

an…4

Valid value: 0001

Transmission Date

5–10

n…6

YYMMDD

Transmission Time

11–14

n…4

HHSS

Filler

15–1012

an…998

Valid value: spaces

SAF Message Transmission File Detail Record

Field Name

Position

Attribute

Comments/Valid Values

Record Type

1–4

an…4

Valid values: 0120, 0420, 0620

ISO Messages

5–1012

an…1008

Left-justified with spaces

SAF Message Transmission File Trailer Record

Field Name

Position

Attribute

Comments/Valid Values

Record Type

1–4

an…4

Valid value: 9999

Detailed Record Count

5–10

n…6

Number of detailed records contained in the file

Filler

11–1012

an…1002

Valid value: spaces

© 2006 MasterCard International Incorporated

Authorization System Manual • April 2006

B-3

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF