Introduction to ISO 8583 - CodeProject
March 20, 2017 | Author: suryabagaskara | Category: N/A
Short Description
Download Introduction to ISO 8583 - CodeProject...
Description
3/14/2014
Introduction to ISO 8583 - CodeProject
Articles » General Reading » Scrapbook » General
Introduction to ISO 8583 By Suman Kumar, 7 Aug 2010 4.78 (23 votes)
Introduction Whenever we use credit/debit/ATM card, the data traverse from one system to another. A card-based transaction typically needs to travel between a numbers of systems. For example, a purchase made in a store may travel from the merchant terminal, through an acquirer network or networks, to the issuing bank where the cardholder's account is held. The transaction carries information about the type of transaction, the card used, the merchant, the transaction amount, security information, and so on. The response, authorizing or declining the transaction, needs to be returned via the same route to the terminal. The data interchange that takes place between different systems needs to follow standard formats for integration, exchange and interoperability. There are many such standards existing. In Healthcare industry HL7, DICOM (Digital Imaging and Communications in Medicine) are the protocols implemented by the system, similarly in financial world there are the standards (protocols) ISO8583, ISO7816 etc, for the various kind of data interchange. ISO (International Organization for Standardization) is a worldwide federation of national standards bodies. ISO 8593 is Financial Transaction card originated, Interchange message specifications adopted by wide segment of Payment Industry (including Acquirers and Issuers). Standard can be further extended to support the transactions taking place between POS (Point of Sale Terminals) and Merchant Acquirer. ISO 8583 specifies message structure, format and content, data element and values of data elements. Application specification may remain at private level (implementer) and the method (message) by which settlement takes place is not within the scope of ISO. Cardholder-originated transactions include purchase, withdrawal, deposit, refund, reversal, balance inquiry, payments and inter-account transfers. ISO 8583 also defines system-to-system messages for secure key exchanges, reconciliation of totals, and other administrative purposes. ISO 8583 Message Structure The ISO message consists of three major parts; the header, application data, and the trailer. The header and trailer envelop the application data and are used for routing and message integrity. The application data consist of ISO message including Message Type Indicator (MTI), BIT MAP (indicating which data elements are present) and ISO Data Element (the fields of the message). Application Data Field #
Description
0
MTI Message Type Indicator
1 - Bitmap
64 (or 128) bits indicating presence/absence of other fields
2 - 128
Other fields as specified in bitmap
Overall we can visualize the transmission of data trough a pipe in below given order: HEADER Now we can jump into details of the different components of the application data. Message Type Indicator (MTI) This is a 4 digit numeric field, which classifies the high level function of the message. A Message Type Indicator includes the ISO 8583 version, the Message Class, Message Sub-class, and Transaction Originator. Different versions of the ISO 8583 standard are indicated in the first position of the Message Type Indicator. 0xxx
ISO 8583:1987 version
1xxx
ISO 8583:1993 version
2xxx
Reserved for ISO use
3xxx
Reserved for ISO use
4xxx
Reserved for ISO use
5xxx
Reserved for ISO use
6xxx
Reserved for ISO use
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
1/11
3/14/2014
Introduction to ISO 8583 - CodeProject
7xxx
Reserved for ISO use
8xxx
Reserved for national use
9xxx
Reserved for private use
Message Class Message Sub-class Incrementing the fourth position by one indicates a repeat request (except in x300 messages). For example: 1100 = Authorization Request; 1101 Authorization Request Repeat. Transaction Originator Transaction Originator
Description
0
Acquirer
1
Acquirer repeat
2
Card issuer
3
Card issuer repeat
4
Other
5
Other repeat
6-9
Reserved for ISO use
So by knowing the MTI value we can identify the type of message. For Example: If MTI value is 1200, then from the table above we can find other details. First position is for Version Number and value in MTI is 1, so message version is based on ISO 8583:1993. Second Position is for Message Class and value in MTI is 2, so message is a financial message. Third position is for message sub-class/function and the value in MTI is 0, so the given message is a request message. Fourth position is for Transaction Originator and value in MTI is 0, so the message is coming from Acquirer. When we consolidate all these we do find that message with MTI value 1200 is an ISO 1993 Financial Request Message sent by Acquirer. So if we summarize, then Message Class/Type is (a n4 - 4 Digits Numeric Value) required for all ISO 8583 messages in order to identify the message class and the Message Type can be one of the following values (this is a partial list): MTI
Description
x100
Authorization Request
x101
Authorization Request Repeat
x102
Authorization completion confirmation
x103
Authorization completion confirmation repeat
x110
Authorization Response
x112
Authorization completion response
x120
Authorization Advice
x121
Authorization advice repeat
x122
Authorization advice completion confirmation
x123
Authorization advice completion confirmation Report
x130
Authorization Advice Response
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
2/11
3/14/2014
Introduction to ISO 8583 - CodeProject
x132
Authorization advice completion response
x200
Financial Request
x210
Financial Response
x220
Financial Advice
x230
Financial Advice Response
x300
Acquirer File Update Request
x302
Issuer File Update Request
x310
Acquirer File Update Response
x312
Issuer File Update Response
x320
Acquirer File Update Advice
x322
Issuer File Update Advice
x330
Acquirer File Update Advice Response
x332
Issuer File Update Advice Response
x400
Acquirer Reversal Request
x402
Issuer Reversal Request
x410
Acquirer Reversal Request Response
x412
Issuer Reversal Request Response
x420
Acquirer Reversal Advice
x422
Issuer Reversal Advice
x430
Acquirer Reversal Advice Response
x432
Issuer Reversal Advice Response
x5xx
Reconciliation Request Messages
x6xx
Administrative Request Messages
x800
Network Management Request
x810
Network Management Request Response
Bitmap(s) A bitmap is an indexing technique used in an ISO 8583 message to indicate which Data Elements are present. The presence of a data element in a specific message is indicated by a one (1) in the assigned position; a zero (0) indicates the absence of a data element in the assigned position. Each application transaction includes one (1) bit map. A bit map consists of 64 bits numbered from the left starting with bit 1. The first bit of the bit map represents a secondary bit map. If any ISO message does not support secondary bit map processing, then the first bit of the bit map is '0'. Bit 1
Bit 2
Bit 3
Bit 4
Field 1 Secondary bit map. ‘1’ if present else ‘0’
Field 2 Primary Account Number
Field 3 Processing Code
Field 4 Amount, Trans
…
Bit 64 Field 64 Message Auth Code
A message contains at least one bitmap called the Primary Bitmap, indicating the presence of Data Elements 1 up to 64. A Secondary Bitmap may be located at Data Element one, and hence the first bit in Primary Bitmap tells us whether there is a secondary bitmap or not. The secondary bitmap indicates the presence of Data Elements 65 up to 128.
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
3/11
3/14/2014
Introduction to ISO 8583 - CodeProject
A message can contain up to three bitmaps in the latest version of the ISO 8583 standard. The bitmap may be transmitted as 8 bytes (binary), or sometimes with the 8 bytes unpacked into 16 hexadecimal characters 1-9, A-F (ASCII).
Data Elements Data Elements are fields carrying the information of the transaction itself. There are up to 128 Data Elements in the original ISO 8583 (1987) standard, and up to 192 Data Elements in later releases. Each Data Element has a specified meaning and format. ISO 8583 also includes some general purpose Data Elements and system-specific Data Elements that are used in different ways by different standards derived from ISO 8583. For example: Bit value 2 is assigned to Primary Account Number, 3 is assigned to Processing Code, 4 is for Transaction Amount similarly, and so on. And bit value 128 is for Message Authentication Code Field. For each data element ISO specifies the data format and size. ISO also specifies which all data elements are mandatory or optional for a particular message.
Data Element Format ISO-8583 specifies different kind of fields that basically fall in following categories: • Fixed length • Numeric • Alphanumeric • Binary • Variable length • Max-length 99 • Numeric • Alphanumeric • Binary • Max-length 999 • Numeric • Alphanumeric • Binary • Nested message Each Data Element has a standard format. This consists of the allowed content of the field (numeric, binary, etc) as well as the allowed length. This is indicated by the convention of allowed content followed by length as described in the following sections.
Field Type Attributes Abbreviation
Meaning
a
Alphabetic, including Blanks
n
Numeric Values only
s
Special Characters only
an
Alphanumeric
as
Alphabetic & Special Characters only
ns
Numeric and Special Characters only
ans
Alphabetic, numeric & Special Characters
b
Binary Data
z
Tracks 2 & 3 code set as defined in ISO 7811 & ISO 7813
h
Hex Data
LL, LLL
Length of variable field that follows. ‘LL’ - Two-digit length indicator (1 byte BCD) ‘LLL - 3digit length indicator (2 bytes BCD)
..17
Variable field of up to 17. The ‘..’ is a two-digit length indicator (1 byte BCD) specifying the number of digits defining the length of the variable data to follow. Variable field of up to 125 characters. The ‘…’ is a three-digit length indicator (2 bytes
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
4/11
3/14/2014
Introduction to ISO 8583 - CodeProject
..125
BCD), specifying the number of digits defining the length of the variable data to follow.
A Data Element may have a fixed or variable length. A length indicator precedes a variable length field in a message.
Fixed Length Data Element Fixed-length Data Elements have a defined length in the ISO 8583 standard, and no length indicator is required in the message. These are indicated by including the length after the allowed content e.g. Data Element 3 has format 'n6', which means a fixed-length field of 6 numeric digits.
Variable Length Data Element Other data elements may have variable length, and a length indicator is included before the data element in the message. The length indicator itself has a defined length: for example, a 1-digit length indicator is only sufficient for a variable-length field with a length from 1 up to 9, while a 3-digit length indicator can support field values up to 999. Variable length fields are indicated by two dots '..' followed by the maximum length of the field. The length indicator is represented by a number of 'L' characters corresponding to the length of the length indicator e.g. Data Element 2 has format n..19, LLVAR which means a field with a maximum of 19 numeric digits with a 2-digit length indicator. The problem is not complexity but diversity, ISO-8583 is not specific about how a given field is represented, so you can have a numeric field represented as a sequence of ASCII characters, EBCDIC characters, BCD, etc. Variable length fields have a prefix specifying its length, but how this is represented is not defined, different vendors uses different representations (i.e. BCD, EBCDIC, binary value).
Sample Messages [Refer Appendix A for number system basics]
Sample 1: 0800 Message #
Name
Value
Hex Value
0
MTI
0800
08 00
1
PRIMARY BITMAP
Indicates presence of fields 3, 11 and 41
20 20 00 00 00 80 00 00
3
PROCESSING CODE
000000
00 00 00
11
SYSTEM TRACE AUDIT NUMBER
000001
00 00 01
41
CARD ACCEPTOR TERMINAL IDENTIFICATION
29110001
32 39 31 31 30 30 30 31
Here is the binary representation of our 0800 message: 080020200000008000000000000000013239313130303031 In above example, 0800 is the message type indicator; first position represents version number: • 0 is for version 1987 Second position is message class: • 8 is for network management Third position is message sub-class/function: • 0 is for request And last position is used to describe transaction originator: • 0 is for acquirer So "0800" is a version 1987 network management request. Next we have field 1, primary bitmap: Primary Bitmap
Byte
Hex Value
Bit Value
Field #
0
20
0010 0000
3
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
5/11
3/14/2014
Introduction to ISO 8583 - CodeProject
1
20
0010 0000
2
00
0000 0000
3
00
0000 0000
4
00
0000 0000
5
80
1000 0000
6
00
0000 0000
7
00
0000 0000
11
41
So we've parsed MTI, (0800) bitmap (2020000000800000), we know fields 3, 11 and 41 are present, so our next field is number 3. In our example, field #3 is using a BCD representation, so a value of "000000" is represented with just three bytes whose values are "00 00 00". Same goes for field #11 whose value is "000001", it's represented as "00 00 01". In our example, field #41 is an 8-byte alphanumeric field represented as 8 ASCII characters Message: 08002020 00000080 00000000 00000001 32393131 30303031 MTI: 0800 Bitmap: 20200000 00800000 Field 03: 000000 Field 11: 000001 Field 41: 3239313130303031 (ASCII for "29110001")
Sample 2: Another 0800 message In above sample, two new fields#60 and #70 are present. Here is our message representation: Message: 0800A020 00000080 00100400 00000000 00000000 00000001 32393131 30303031 00105445 5354204D 45535347 0301 MTI: 0800 Primary bitmap: A0200000 00800010 Secondary bitmap: 04000000 00000000 Field 03: 000000 Field 11: 000001 Field 41: 3239313130303031 (ASCII for "29110001") Field 60: 0010 54455354204D45535347 (length=10, value="TEST MESSG") Field 70: 0301 Let's break down this bitmap: Primary Bitmap
Byte
Hex Value
Bit Value
Field #
0
A0
1010 0000
Secondary bitmap present plus #3
1
20
0010 0000
11
2
00
0000 0000
3
00
0000 0000
4
00
0000 0000
5
80
1000 0000
6
00
0000 0000
41
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
6/11
3/14/2014 7
Introduction to ISO 8583 - CodeProject 10
0001 0000
60
Secondary Bitmap
Byte
Hex Value
Bit Value
Field #
0
04
0000 0100
70
1
00
0000 0000
2
00
0000 0000
3
00
0000 0000
4
00
0000 0000
5
80
0000 0000
6
00
0000 0000
7
00
0000 0000
To make things complex to developers, different vendors choose different padding styles when handling odd length BCD fields. So in order to represent "003" one vender may use two bytes with the values "00 03" while another may use "00 30". Same goes for variable length fields, field length as well as field values can be padded right or left, that's not defined by ISO-8583, it's just a matter of fact of different implementations. Then we have nested fields, some implementations use reserved for private use fields to carry other ISO-8583 messages. These messages are usually packed as variable length binary fields as seen by outer message.
Real Life Samples A real example may help us to understand what kind of information is exchanged during an authorization request, and response: Sample Authorization Request
Field #
Description
Value
Comments
0
MTI
0100
Authorization request
2
Primary Account Number
4321123443211234
3
Processing Code
000000
4
Transaction Amount
000000012300
i.e. 123.00
7
Transmission data/time
0304054133
MMYYHHMMSS
11
System trace audit number
001205
14
Expiration date
0205
18
Merchant Type
5399
22
POS Entry Mode
022
25
POS Condition Code
00
35
4321123443211234=02051
2312312332
37
Retrieval Reference Number
206305000014
41
Terminal ID
29110001
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
YYMM
Swiped Card
Track 2
7/11
3/14/2014
Introduction to ISO 8583 - CodeProject
42
Merchant ID
1001001
49
Currency
840
American Dollars
Sample Authorization Response Transmission protocol Once we have a binary representation of a given ISO-8583 message we have to transmit it over the wire using some communication protocol (i.e. TCP/IP, UDP/IP, X.25, SDLC, SNA, ASYNC, QTP, SSL, etc.). ISO-8583 does not define any communication protocol; so different vendors have chosen different protocols. Many implementations (specially old ones) require support for some kind of routing information (i.e. a CICS transaction name), so they use different sorts of headers. A few of them (specially stream based ones) require some kind of trailers as well. Transmission protocol is composed of an • Optional header • ISO-8583 message data • Optional trailers A TCP/IP based implementations may use a couple of bytes to indicate message length, so our 0800 example described earlier would be sent as: 00 46 08 00 A0 20 00 00 00 80 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 01 32 39 31 31 30 30 30 31 00 10 54 45 53 54 20 4D 45 53 53 47 03 01 0046 is the message length expressed in network byte order. But this is just one way of specifying message length, other implementation may choose to send four ASCII bytes, i.e. 30 30 34 36 08 00 A0 20 00 00 00 80 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 01 32 39 31 31 30 30 30 31 00 10 54 45 53 54 20 4D 45 53 53 47 03 01 30303436 being the ASCII representation of "0046". A few of them perform odd things with those headers, flagging rejected messages (i.e. you send a 0100 and instead of receiving a 0110 with a suitable response code you get back your own 0100 with some proprietary flag in the header indicating for example a temporarily failure such as destination unreachable).
Conclusion There are many different implementations of ISO8583, and many local variations. Although ISO 8583 defines a common standard, it is not typically used directly by systems or networks. Instead, there are a number of different standards in use on different transaction networks, all based on ISO 8583 but with proprietary variations.
Appendix A Number System The base value of a number system is the number of different values the set has before repeating itself. For example, decimal has a base of ten values, 0 to 9. Different number system and its base value are as below: Binary = 2 (0, 1) Octal = 8 (0 - 7) Decimal = 10 (0 - 9) Duodecimal = 12 (used for some purposes by the Romans) Hexadecimal = 16 (0 - 9, A-F) Vigesimal = 20 (used by the Mayans) Sexagesimal = 60 (used by the Babylonians) Binary Number System is commonly used in computers. For detailed discussion, please refer to any elementary computing science book.
Nibble A nibble is group of four bits, or half an octet (an octet being an 8-bit byte). As a nibble contains four bits, there are sixteen (2 4) possible values, so a nibble corresponds to a single hexadecimal digit (thus, it is often referred to as a "hex digit" or "hexit"). A full byte is represented by two hexadecimal digits. Therefore, it is common to display a byte of information as two nibbles. A set of three nibbles can be referred as a tribble. The nibble is often called a semioctet in a networking or telecommunication context.
BCD http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
8/11
3/14/2014
Introduction to ISO 8583 - CodeProject
Binary code decimal digits (0-9) are represented using FOUR bits. The valid combinations of bits and their respective values are
Binary Value
Digit
0000
0
0001
1
0010
2
0011
3
0100
4
0101
5
0110
6
0111
7
1000
8
1001
9
The binary combinations 1010 to 1111 are invalid and are not used. If the computer stores one BCD digit per byte, then it is called normal BCD. The unused nibble may be either all 0's or all 1's. If two BCD digits are stored per byte, it is called Packed BCD. This occurs in data transmission where numbers are being transmitted over a communications link. Packed BCD reduces the amount of time spent transmitting the numbers, as each data byte transmitted results in the sending of two BCD digits. Consider the storing of the digits 56 in Packed BCD format. 7
6
5
4
3
2
1
0
0
1
0
1
0
1
1
0
MSB
< Bit Number
LSB
The UPPER nibble holds the value 5, whilst the LOWER nibble holds the value 6. So the BCD equivalent of (56) 10 is (0101 0110) BCD.
EBCDIC EBCDIC (Extended Binary Coded Decimal Interchange Code) is an 8-bit character encoding. EBCDIC was developed separately from ASCII. EBCDIC is an 8-bit encoding, versus the 7-bit encoding of ASCII. A single EBCDIC byte occupies eight bits, which are divided in two halves or nibbles. The first four bits is called the zone and represent the category of the character, whereas the last four bits is called the digit and identify the specific character.
EBCDIC/ASCII Tables Equivalency Character
EBCDIC
ASCII
HEX/BINARY
HEX/BINARY
A
C1 1100 0001
41 0100 0001
B
C2 1100 0010
C
Character
EBCDIC
ASCII
HEX/BINARY
HEX/BINARY
S
E2 1110 0010
53 0101 0011
42 0100 0010
T
E3 1110 0011
54 0101 0100
C3 1100 0011
43 0100 0011
U
E4 1110 0100
55 0101 0101
D
C4 1100 0100
44 0100 0100
V
E5 1110 0101
56 0101 0110
E
C5 1100 0101
45 0100 0101
W
E6 1110 0110
57 0101 0111
F
C6 1100 0110
46 0100 0110
X
E7 1110 0111
58 0101 1000
G
C7 1100 0111
47 0100 0111
Y
E8 1110 1000
59 0101 1001
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
9/11
3/14/2014
Introduction to ISO 8583 - CodeProject
H
C8 1100 1000
48 0100 1000
Z
E9 1110 1001
5A 0101 1010
I
C9 1100 1001
49 01001 001
0
F0 1111 0000
30 0011 0000
J
D1 1101 0001
4A 0100 1010
1
F1 1111 0001
31 0011 0001
K
D2 1101 0010
4B 0100 1011
2
F2 1111 0010
32 0011 0010
L
D3 1101 0011
4C 0100 1100
3
F3 1111 0011
33 0010 0110
M
D4 1101 0100
4D 0100 1101
4
F4 1111 0100
34 0011 0100
N
D5 1101 0101
4E 0100 1110
5
F5 1111 0101
35 0011 0101
O
D6 1101 0110
4F 0100 1111
6
F6 1111 0110
36 0011 0110
P
D7 1101 0111
50 0101 0000
7
F7 1111 0111
37 0011 0111
Q
D8 1101 1000
51 0101 0001
8
F8 1111 1000
38 0011 1000
R
D9 1101 1001
52 0101 0010
9
F9 1111 1001
39 0011 1001
Space
40 0100 0000
20 0010 0000
Example: 46 (Decimal) = 101110 (Binary) = 2E (Hex) = 0100 0110 (BCD) = 34 36 (ASCII) = F4 F6 (EBCDIC)
License This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)
About the Author Suman Kumar Web Developer India
No Biography provided
Comments and Discussions 15 messages have been posted for this article Visit http://www.codeproject.com/Articles/100084/Introduction-to-ISO to post and view comments on this article, or click here to get a print view with messages. Permalink | Advertise | Privacy | Mobile Web03 | 2.8.140311.1 | Last Updated 7 Aug 2010
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
Article Copyright 2010 by Suman Kumar Everything else Copyright © CodeProject, 1999-2014 Terms of Use
10/11
3/14/2014
Introduction to ISO 8583 - CodeProject
http://www.codeproject.com/Articles/100084/Introduction-to-ISO?display=Print
11/11
View more...
Comments
