ISO 8583

ISO8583 is an international standard for financial transaction card originated interchange messaging. It is the International Organization for Standardization standard for systems that exchange electronic transactions initiated by cardholders using payment cards.

ISO8583 defines a message format and a communication flow so that different systems can exchange these transaction requests and responses. The vast majority of transactions made when a customer uses a card to make a payment in a store (EFTPOS) use ISO 8583 at some point in the communication chain, as do transactions made at ATMs. In particular, both the MasterCard and Visa networks base their authorization communications on the ISO 8583 standard, as do many other institutions and networks.

Although ISO 8583 defines a common standard, it is not typically used directly by systems or networks. It defines many standard fields (data elements) which remain the same in all systems or networks, and leaves a few additional fields for passing network-specific details. These fields are used by each network to adapt the standard for its own use with custom fields and custom usages.

Introduction

The ISO8583 specification has three parts:

  • Part 1: Messages, data elements, and code values[1]
  • Part 2: Application and registration procedures for Institution Identification Codes (IIC)[2]
  • Part 3: Maintenance procedures for the aforementioned messages, data elements and code values[3]

Message format

A card-based transaction typically travels from a transaction-acquiring device, such as a point-of-sale terminal or an automated teller machine (ATM), through a series of networks, to a card issuing system for authorization against the card holder's account. The transaction data contains information derived from the card (e.g., the card number or card holder details), the terminal (e.g., the merchant number), the transaction (e.g., the amount), together with other data which may be generated dynamically or added by intervening systems. Based on this information, the card issuing system will either authorize or decline the transaction and generate a response message which must be delivered back to the terminal within a predefined time period.

An ISO8583 message is made of the following parts:

  • Message type indicator (MTI)
  • One or more bitmaps, indicating which data elements are present
  • Data elements, the actual information fields of the message

The placements of fields in different versions of the standard varies; for example, the currency elements of the 1987 and 1993 versions of the standard are no longer used in the 2003 version, which holds currency as a sub-element of any financial amount element. As of June 2017, however ISO8583:2003 has yet to achieve wide acceptance. ISO8583 messaging has no routing information, so is sometimes used with a TPDU header.

Cardholder-originated transactions include purchase, withdrawal, deposit, refund, reversal, balance inquiry, payments and inter-account transfers. ISO8583 also defines system-to-system messages for secure key exchanges, reconciliation of totals, and other administrative purposes.

Message type indicator (MTI)

The message type indicator is a four-digit numeric field which indicates the overall function of the message. A message type indicator includes the ISO8583 version, the Message Class, the Message Function and the Message Origin, as described below.

ISO 8583 version

The first digit of the MTI indicates the ISO 8583 version in which the message is encoded.

CodeMeaning
0xxxISO8583:1987
1xxxISO8583:1993
2xxxISO8583:2003
3xxx Reserved by ISO
4xxx
5xxx
6xxx
7xxx
8xxxNational use
9xxxPrivate use

Message class

Position two of the MTI specifies the overall purpose of the message.

CodeMeaningUsage
x0xxReserved by ISO
x1xxAuthorization messageDetermine if funds are available, get an approval but do not post to account for reconciliation. Dual message system (DMS), awaits file exchange for posting to the account.
x2xxFinancial messagesDetermine if funds are available, get an approval and post directly to the account. Single message system (SMS), no file exchange after this.
x3xxFile actions messageUsed for hot-card, TMS and other exchanges
x4xxReversal and chargeback messages Reversal (x4x0 or x4x1): Reverses the action of a previous authorization.
Chargeback (x4x2 or x4x3): Charges back a previously cleared financial message.
x5xxReconciliation messageTransmits settlement information message.
x6xxAdministrative messageTransmits administrative advice. Often used for failure messages (e.g., message reject or failure to apply).
x7xxFee collection messages
x8xxNetwork management messageUsed for secure key exchange, logon, echo test and other network functions.
x9xxReserved by ISO

Message function

Position three of the MTI specifies the message function which defines how the message should flow within the system. Requests are end-to-end messages (e.g., from acquirer to issuer and back with time-outs and automatic reversals in place), while advices are point-to-point messages (e.g., from terminal to acquirer, from acquirer to network, from network to issuer, with transmission guaranteed over each link, but not necessarily immediately).

CodeMeaningNotes
xx0xRequestRequest from acquirer to issuer to carry out an action; issuer may accept or reject
xx1xRequest responseIssuer response to a request
xx2xAdviceAdvice that an action has taken place; receiver can only accept, not reject
xx3xAdvice responseResponse to an advice
xx4xNotificationNotification that an event has taken place; receiver can only accept, not reject
xx5xNotification acknowledgementResponse to a notification
xx6xInstruction ISO 8583:2003
xx7xInstruction acknowledgement
xx8x Reserved for ISO useSome implementations (such as MasterCard) use for positive acknowledgment.[4]
xx9xSome implementations (such as MasterCard) use for negative acknowledgement.[5]

Message origin

Position four of the MTI defines the location of the message source within the payment chain.

CodeMeaning
xxx0Acquirer
xxx1Acquirer repeat
xxx2Issuer
xxx3Issuer repeat
xxx4Other
xxx5Other repeat
xxx6 Reserved by ISO
xxx7
xxx8
xxx9

Examples

Given an MTI value of 0110, the following example lists what each position indicates:

  • 0xxx → version of ISO 8583 (0 = 1987 version)
  • x1xx → class of the message (1 = authorization message)
  • xx1x → function of the message (1 = response)
  • xxx0 → who began the communication (0 = acquirer)

Therefore, MTI 0110 is an authorization response message where actual transaction was originated by the acquirer.

Bearing each of the above four positions in mind, an MTI will completely specify what a message should do, and how it is to be transmitted around the network. Unfortunately, not all ISO 8583 implementations interpret the meaning of an MTI in the same way. However, a few MTIs are relatively standard:

MTIMeaningUsage
0100Authorization RequestRequest from a point-of-sale terminal for authorization for a cardholder purchase
0110Authorization ResponseRequest response to a point-of-sale terminal for authorization for a cardholder purchase
0120Authorization AdviceWhen the point-of-sale device breaks down and you have to sign a voucher
0121Authorization Advice RepeatIf the advice times out
0130Issuer Response to Authorization AdviceConfirmation of receipt of authorization advice
0200Acquirer Financial RequestRequest for funds, typically from an ATM or pinned point-of-sale device
0210Issuer Response to Financial RequestIssuer response to request for funds
0220Acquirer Financial Advicee.g. Checkout at a hotel. Used to complete transaction initiated with authorization request
0221Acquirer Financial Advice RepeatIf the advice times out
0230Issuer Response to Financial AdviceConfirmation of receipt of financial advice
0320Batch UploadFile update/transfer advice
0330Batch Upload ResponseFile update/transfer advice response
0400Acquirer Reversal RequestReverses a transaction
0420Acquirer Reversal Advice
0430Acquirer Reversal Advice Response
0510Batch Settlement ResponseCard acceptor reconciliation request response
0800Network Management RequestHypercom terminals initialize request. Echo test, logon, logoff etc.
0810Network Management ResponseHypercom terminals initialize response. Echo test, logon, logoff etc.
0820Network Management AdviceKey change

Bitmaps

In ISO 8583, a bitmap is a field or subfield within a message, which indicates whether other data elements or data element subfields are present elsewhere in the message.

A field is considered to be present only when the corresponding bit in the bitmap is set. For example, a hex with value 0x82 (decimal 130) is binary 1000 0010, which means fields 1 and 7 are present in the message and fields 2, 3, 4, 5, 6 and 8 are not.

The bitmap may be represented as 8 bytes of binary data or as 16 hexadecimal characters (0–9, A–F) in the ASCII or EBCDIC character sets. A message will contain at least one bitmap, called the primary bitmap, which indicates which of data elements 1 to 64 are present. The presence of an optional secondary bitmap is also indicated by the first bit in the primary bitmap. If present, the secondary bitmap indicates whether data elements 65 to 128 are present. Similarly, a tertiary bitmap can be used to indicate the presence of fields 129 to 192, although these data elements are rarely used.

Examples

Given a bitmap value of 22 10 00 11 02 C0 48 04,

0x22 = 0010 0010 (counting from the left, the third and seventh bits are 1, indicating that fields 3 and 7 are present)
0x10 = 0001 0000 (the first bit corresponds to field 9, so the fourth bit here indicates field 12 is present)
0x00 = 0000 0000 (no fields present)
0x11 = 0001 0001 (fields 28 and 32 are present)
0x02 = 0000 0010 (field 39 is present)
0xC0 = 1100 0000 (fields 41 and 42 are present)
0x48 = 0100 1000 (fields 50 and 53 are present)
0x04 = 0000 0100 (field 62 is present)
nth bit 0102030405060
1234567890123456789012345678901234567890123456789012345678901234
Bitmap 0010001000010000000000000001000100000010110000000100100000000100

Therefore, the given bitmap defines the following fields present in the message:
3, 7, 12, 28, 32, 39, 41, 42, 50, 53, 62

Data elements

Data elements are the individual fields carrying the transaction information. There are up to 128 data elements specified in the original ISO 8583:1987 standard, and up to 192 data elements in later releases. The 1993 revision added new definitions, deleted some, while leaving the message format itself unchanged.

While each data element has a specified meaning and format, the standard also includes some general purpose data elements and system- or country-specific data elements which vary enormously in use and form from implementation to implementation.

Each data element is described in a standard format which defines the permitted content of the field (numeric, binary, etc.) and the field length (variable or fixed), according to the following table:

AbbreviationMeaning
aAlpha, including blanks
nNumeric values only
x+n Numeric (amount) values, where the first byte is either 'C' to indicate a positive or Credit value, or 'D' to indicate a negative or Debit value, followed by the numeric value (using n digits)
sSpecial characters only
anAlphanumeric
asAlpha & special characters only
nsNumeric and special characters only
ansAlphabetic, numeric and special characters.
bBinary data
zTracks 2 and 3 code set as defined in ISO/IEC 7813 and ISO/IEC 4909 respectively
. or .. or ...variable field length indicator, each . indicating a digit.
x or xx or xxxfixed length of field, or maximum length in the case of variable length fields.

Additionally, each field may be either fixed or variable length. If variable, the length of the field will be preceded by a length indicator.

TypeMeaning
Fixedno field length used
LLVAR or (..xx)Where 0 < LL < 100, means two leading digits LL specify the field length of field VAR
LLLVAR or (...xxx)Where 0 < LLL < 1000, means three leading digits LLL specify the field length of field VAR
LL and LLL are hex or ASCII. A VAR field can be compressed or ASCII depending of the data element type.LL can be one or two bytes. For example, if compressed as one hex byte, '27x means there are 27 VAR bytes to follow. If ASCII, the two bytes '32x, '37x mean there are 27 bytes to follow. Three-digit field length LLL uses two bytes with a leading '0' nibble if compressed, or three bytes if ASCII. The format of a VAR data element depends on the data element type. If numeric it will be compressed, e.g. 87456 will be represented by three hex bytes '087456x. If ASCII then one byte for each digit or character is used, e.g. '38x, '37x, '34x, '35x, '36x.

Examples

Field DefinitionMeaning
n 6Fixed length field of six digits
n.6LVAR numeric field of up to 6 digits in length
a..11LLVAR alpha field of up to 11 characters in length
b...999LLLVAR binary field of up to 999 bits in length

ISO-defined data elements (ver 1987)

Data fieldTypeUsage
1b 64Second Bitmap
2n..19Primary account number (PAN)
3n 6Processing code
4n 12Amount, transaction
5n 12Amount, settlement
6n 12Amount, cardholder billing
7n 10Transmission date & time
8n 8Amount, cardholder billing fee
9n 8Conversion rate, settlement
10n 8Conversion rate, cardholder billing
11n 6System trace audit number (STAN)
12n 6Local transaction time (hhmmss)
13n 4Local transaction date (MMDD)
14n 4Expiration date
15n 4Settlement date
16n 4Currency conversion date
17n 4Capture date
18n 4Merchant type, or merchant category code
19n 3Acquiring institution (country code)
20n 3PAN extended (country code)
21n 3Forwarding institution (country code)
22n 3Point of service entry mode
23n 3Application PAN sequence number
24n 3Function code (ISO 8583:1993), or network international identifier (NII)
25n 2Point of service condition code
26n 2Point of service capture code
27n 1Authorizing identification response length
28x+n 8Amount, transaction fee
29x+n 8Amount, settlement fee
30x+n 8Amount, transaction processing fee
31x+n 8Amount, settlement processing fee
32n ..11Acquiring institution identification code
33n ..11Forwarding institution identification code
34ns ..28Primary account number, extended
35z ..37Track 2 data
36n ...104Track 3 data
37an 12Retrieval reference number
38an 6Authorization identification response
39an 2Response code
40an 3Service restriction code
41ans 8Card acceptor terminal identification
42ans 15Card acceptor identification code
43ans 40Card acceptor name/location (1–23 street address, –36 city, –38 state, 39–40 country)
44an ..25Additional response data
45an ..76Track 1 data
46an ...999Additional data (ISO)
47an ...999Additional data (national)
48an ...999Additional data (private)
49a or n 3Currency code, transaction
50a or n 3Currency code, settlement
51a or n 3Currency code, cardholder billing
52b 64Personal identification number data
53n 16Security related control information
54an ...120Additional amounts
55ans ...999ICC data – EMV having multiple tags
56ans ...999Reserved (ISO)
57ans ...999 Reserved (national)
58ans ...999
59ans ...999
60ans ...999Reserved (national) (e.g. settlement request: batch number, advice transactions: original transaction amount, batch upload: original MTI plus original RRN plus original STAN, etc.)
61ans ...999Reserved (private) (e.g. CVV2/service code   transactions)
62ans ...999Reserved (private) (e.g. transactions: invoice number, key exchange transactions: TPK key, etc.)
63ans ...999Reserved (private)
64b 64Message authentication code (MAC)
65b 1Extended bitmap indicator
66n 1Settlement code
67n 2Extended payment code
68n 3Receiving institution country code
69n 3Settlement institution country code
70n 3Network management information code
71n 4Message number
72n 4Last message's number
73n 6Action date (YYMMDD)
74n 10Number of credits
75n 10Credits, reversal number
76n 10Number of debits
77n 10Debits, reversal number
78n 10Transfer number
79n 10Transfer, reversal number
80n 10Number of inquiries
81n 10Number of authorizations
82n 12Credits, processing fee amount
83n 12Credits, transaction fee amount
84n 12Debits, processing fee amount
85n 12Debits, transaction fee amount
86n 16Total amount of credits
87n 16Credits, reversal amount
88n 16Total amount of debits
89n 16Debits, reversal amount
90n 42Original data elements
91an 1File update code
92an 2File security code
93an 5Response indicator
94an 7Service indicator
95an 42Replacement amounts
96b 64Message security code
97x+n 16Net settlement amount
98ans 25Payee
99n ..11Settlement institution identification code
100n ..11Receiving institution identification code
101ans ..17File name
102ans ..28Account identification 1
103ans ..28Account identification 2
104ans ...100Transaction description
105ans ...999 Reserved for ISO use
106ans ...999
107ans ...999
108ans ...999
109ans ...999
110ans ...999
111ans ...999
112ans ...999 Reserved for national use
113ans ...999
114ans ...999
115ans ...999
116ans ...999
117ans ...999
118ans ...999
119ans ...999
120ans ...999 Reserved for private use
121ans ...999
122ans ...999
123ans ...999
124ans ...999
125ans ...999
126ans ...999
127ans ...999
128b 64Message authentication code

Processing code

The following is a table specifying the message type and processing code for each transaction type.

TransactionMessage typeProcessing code
Authorization 0100 00 a0 0x
Balance inquiry 31 a0 0x
Sale 0200 00 a0 0x
Cash 01 a0 0x
Void 02 a0 0x
Mobile topup 57 a0 0x

Response code

Ver 1987

The following table shows response codes and their meanings for ISO8583-1987, later versions uses 3 and 4 digit response codes.

31 ||Bank not supported

CodeMeaning
00Successful approval/completion or that VIP PIN verification is valid
01Refer to card issuer
02Refer to card issuer, special condition
03Invalid merchant or service provider
04Pickup
05Do not honor
06General error
07Pickup card, special condition (other than lost/stolen card)
08Honor with identification
09Request in progress
10Partial approval
11VIP approval
12Invalid transaction
13Invalid amount (currency conversion field overflow) or amount exceeds maximum for card program
14Invalid account number (no such number)
15No such issuer
16Insufficient funds
17Customer cancellation
19Re-enter transaction
20Invalid response
21No action taken (unable to back out prior transaction)
22Suspected Malfunction
25Unable to locate record in file, or account number is missing from the inquiry
28File is temporarily unavailable
30Format error
41Merchant should retain card (card reported lost)
43Merchant should retain card (card reported stolen)
51Insufficient funds
52No checking account
53No savings account
54Expired card
55Incorrect PIN
56No Card Record
57Transaction not permitted to cardholder
58Transaction not allowed at terminal
59Suspected fraud
61Activity amount limit exceeded
62Restricted card (for example, in country exclusion table)
63Security violation
65Activity count limit exceeded
68Response received too late
75Allowable number of PIN-entry tries exceeded
76Unable to locate previous message (no match on retrieval reference number)
77Previous message located for a repeat or reversal, but repeat or reversal data are inconsistent with original message
78’Blocked, first used’—The transaction is from a new cardholder, and the card has not been properly unblocked.
80Visa transactions: credit issuer unavailable. Private label and check acceptance: Invalid date
81PIN cryptographic error found (error found by VIC security module during PIN decryption)
82Negative CAM, dCVV, iCVV, or CVV results
83Unable to verify PIN
85No reason to decline a request for account number verification, address verification, CVV2 verification; or a credit voucher or merchandise return
91Issuer unavailable or switch inoperative (STIP not applicable or available for this transaction)
92Destination cannot be found for routing
93Transaction cannot be completed, violation of law
94Duplicate transmission
95Reconcile error
96System malfunction, System malfunction or certain field error conditions
B1Surcharge amount not permitted on Visa cards (U.S. acquirers only)
N0Force STIP
N3Cash service not available
N4Cashback request exceeds issuer limit
N7Decline for CVV2 failure
P2Invalid biller information
P5PIN change/unblock request declined
P6Unsafe PIN
Q1Card authentication failed
R0Stop payment order
R1Revocation of authorization order
R3Revocation of all authorizations order
XAForward to issuer
XDForward to issuer
Z3Unable to go online
Ver 1993
Code Description
000‑099 Used in 1110, 1120, 1121, 1140 and 1210, 1220, 1221 and 1240 messages to indicate that the transaction has been approved.
0 approved
1 honour with identification
2 approved for partial amount
3 approved (VIP)
4 approved, update track 3
5 approved, account type specified by card issuer
6 approved for partial amount, account type specified by card issuer
7 approved, update ICC
008‑059 reserved for ISO use
060‑079 reserved for national use
080‑099 reserved for private use
100‑199 Used in 1110, 1120, 1121, 1140 and 1210, 1220, 1221 and 1240 messages to indicate that the transaction has been processed for authorization by or on behalf of the card issuer and has been denied (not requiring a card pick-up)
100 do not honour
101 expired card
102 suspected fraud
103 card acceptor contact acquirer
104 restricted card
105 card acceptor call acquirer's security department
106 allowable PIN tries exceeded
107 refer to card issuer
108 refer to card issuer's special conditions
109 invalid merchant
110 invalid amount
111 invalid card number
112 PIN data required
113 unacceptable fee
114 no account of type requested
115 requested function not supported
116 not sufficient funds
117 incorrect PIN
118 no card record
119 transaction not permitted to cardholder
120 transaction not permitted to terminal
121 exceeds withdrawal amount limit
122 security violation
123 exceeds withdrawal frequency limit
124 violation of law
125 card not effective
126 invalid PIN block
127 PIN length error
128 PIN key synch error
129 suspected counterfeit card
130‑159 reserved for ISO use
160‑179 reserved for national use
180‑199 reserved for private use
200‑299 Used in 1110, 1120, 1121, 1140 and 1210, 1220, 1221 and 1240 messages to indicate that the transaction has been processed for authorization by or on behalf of the card issuer and has been denied requiring the card to be picked up.
200 do not honour
201 expired card
202 suspected fraud
203 card acceptor contact acquirer
204 restricted card
205 card acceptor call acquirer's security department
206 allowable PIN tries exceeded
207 special conditions
208 lost card
209 stolen card
210 suspected counterfeit card
211‑259 reserved for ISO use
260‑279 reserved for national use
280‑299 reserved for private use
300‑399 Used in 1314, 1324, 1325 and 1344 messages to indicate the result of the file action.
300 successful
301 not supported by receiver
302 unable to locate record on file
303 duplicate record, old record replaced
304 field edit error
305 file locked out
306 not successful
307 format error
308 duplicate, new record rejected
309 unknown file
310‑359 reserved for ISO use
360‑379 reserved for national use
380‑399 reserved for private use
400‑499 Used in 1430, 1432, 1440 and 1442 messages to indicate the result of the reversal or chargeback.
400 accepted
401‑459 reserved for ISO use
460‑479 reserved for national use
480‑499 reserved for private use
500‑599 Used in 1510, 1512, 1530 and 1532 messages to indicate the result of a reconciliation.
500 reconciled, in balance
501 reconciled, out of balance
502 amount not reconciled, totals provided
503 totals not available
504 not reconciled, totals provided
505‑559 reserved for ISO use
560‑579 reserved for national use
580‑599 reserved for private use
600‑699 Used in 1614, 1624, 1625, and 1644 messages
600 accepted
601 not able to trace back original transaction
602 invalid reference number
603 reference number/PAN incompatible
604 POS photograph is not available
605 item supplied
606 request cannot be fulfilled - required/requested documentation is not available
607‑659 reserved for ISO use
660‑679 reserved for national use
680‑699 reserved for private use
700‑799 Used in 1720, 1721, 1740, 1722, 1723 and 1742 messages.
700 accepted
701‑749 reserved for ISO use
750‑769 reserved for national use
770‑799 reserved for private use
800‑899 Used in 1814, 1824, 1825 and 1844 messages.
800 accepted
801‑859 reserved for ISO use
860‑879 reserved for national use
880‑899 reserved for private use
900 Advice acknowledged, no financial liability accepted
901 Advice acknowledged, financial liability accepted
902‑949 Used in request response and advice response messages to indicate transaction could not be processed.
902 invalid transaction
903 re-enter transaction
904 format error
905 acquirer not supported by switch
906 cutover in process
907 card issuer or switch inoperative
908 transaction destination cannot be found for routing
909 system malfunction
910 card issuer signed off
911 card issuer timed out
912 card issuer unavailable
913 duplicate transmission
914 not able to trace back to original transaction
915 reconciliation cutover or checkpoint error
916 MAC incorrect
917 MAC key sync error
918 No communication keys available for use
919 encryption key sync error
920 security software/hardware error - try again
921 security software/hardware error - no action
922 message number out of sequence
923 request in progress
924‑929 reserved for ISO use
930‑939 reserved for national use
940‑949 reserved for private use
950‑999 Used in advice response messages (1x3x) to indicate the reason for rejection of the transfer of financial liability.
950 violation of business arrangement
951‑983 reserved for ISO use
984‑991 reserved for national use
992‑999 reserved for private use


Point of service entry modes

The point of service entry mode value consists of 2 parts:

1. PAN entry mode, the first 2 digits

2. PIN entry capability, the third digit

The following table shows PAN entry modes and their meanings.

PAN Entry ModeMeaning
00Unknown
01Manual
02Magnetic stripe
03Bar code
04OCR
05Integrated circuit card (ICC). CVV can be checked.
07Auto entry via contactless EMV.
80 Fallback from integrated circuit card (ICC) to magnetic stripe
90Magnetic stripe as read from track 2. CVV can be checked.
91Auto entry via contactless magnetic stripe
95Integrated circuit card (ICC). CVV may not be checked.
99Same as original transaction.

The following table shows PIN entry capabilities and their meanings.

PIN Entry CapabilityMeaning
0Unknown
1Terminal can accept PINs
2Terminal cannot accept PINs

See also

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.