Changes for page Payment Service Provider API ISO 8583:1993 (IFSF) H2H description

Last modified by Bjørnar Ruud on 2021/03/18 10:47

From version 30.12

edited by Pål-Eirik Askerød
on 2017/11/01 12:21

To version 30.13

edited by Pål-Eirik Askerød
on 2017/11/01 13:14

Change comment: There is no comment for this version

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -124,6
          +124,9 @@
  The third party host has the possibility to perform offline stand-in, thought this needs to be agreed with the indididual card issuers. Otherwise the station might not be reimbursed.
++(% class="wikigeneratedid" %)
++==   ==
++
  == PIN Validation ==
  PayEx perform online PIN validation on payment cards where PayEx is the acquirer, on all other cartds PIN is validated by the third party acuirer.  PayEx will not interpret P-22 Point-Of-Service code to determine if it needs to validate PIN or not on PayEx fuel cards, but 3rd patry aquirers might so it's good practice to use P-22 correctly.
@@ -134,36
          +134,44 @@
  * P-52 – PIN data
  * P-53 – Security related information
++(% class="wikigeneratedid" %)
++==   ==
++
  == Security documentation ==
  Here you can find details regarding the security aspects of this H2H integration.
-- __[[SECURITY SPECIFICATION>>doc:.PayEx IFSF H2H Security specification.WebHome]]__
++__[[SECURITY SPECIFICATION>>doc:.PayEx IFSF H2H Security specification.WebHome]]__
--(% class="wikigeneratedid" %)
--==  ==
++==   ==
  == Message field details ==
  **P-3 PROCESSING CODE**
--Code used to describe the effect of a transaction on the customer account and the accounts affected. Fixed 00000000 : Goods and services
++Code used to describe the effect of a transaction on the customer account and the accounts affected. Currently fixed 00000000 : Goods and services
++
  **P-4 AMOUNT, TRANSACTION**
  The amount is a numeric value, expressed without a decimal separator. Where a minor unit of currency applies, the relevant minor unit data element indicates the number of decimal places in the relevant amount.  Example : 1 kr = 100
++
  **P-7 DATE AND TIME, TRANSMISSION**
  Date and time of message transmission from the third party host.
++
  **P-11 SYSTEM TRACE AUDIT NUMBER**
  Number assigned by the third party host to assist in identifying a transaction uniquely. Range 000001 till 999999. Every message must have a new STAN, repeats use the same STAN as the original message.
++
++
  **P-12 DATE AND TIME, LOCAL TRANSACTION**
  Date and time of the transaction when performed on the POS.
++
  **P-22 POINT OF SERVICE DATA CODE**
  A series of codes intended to identify terminal capability, terminal environment and presentation security data.
@@ -228,38
          +228,47 @@
  b)    Original amount reconciliation, n 12.
  Absence of data shall be indicated by zeroes. These parts shall be used when attempting to perform a partial approval and shall contain the original amounts.
++
  **P-33 FORWARDING INSTITUTION IDENTIFICATION CODE**
 digit code identifying the 3rd patry host. Each 3rd party integrated with PayEx will be assigned a unique code that they are to use in all messages where P-33 is specified.
++
  **P-38 APPROVAL CODE**
  Code assigned by the authorising institution indicating approval.
++
  **P-39 ACTION CODE**
  See action code page for codes that can be returned by PayEx.
++
  **P-41 Card acceptor terminal identification**
  Needs to be unique per POS terminal at the merchant site. For Indoor terminals use the range 1-99 and for outdoor terminals 100-199. PayEx needs to be informed of how many terminals that are installed at the merchant site.
++
  **P-42 Card acceptor identification code**
 digit unique ID provided by PayEx for each merchant.
++
  **P-43 Card acceptor name/location**
  The name and location of the card acceptor.
++
  **P-48 MESSAGE CONTROL DATA ELEMENTS**
  Used for the control of messages between the POS and the FEP. These are present in field 48 as a variable content data element. It uses a standard bit map to identify the specific data elements present in field 48. The format is LLLVAR with a maximum length of 999. The 8 byte bit map is the first item (element 48-0) in the data element.
--P-48-4 BATCH/SEQUENCE NUMBER
++**P-48-4 BATCH/SEQUENCE NUMBER**
++
  This field identifies the transactions associated with a particular settlement period. This number starts at one and increments with each Reconciliation.
--P-48-8 CUSTOMER DATA
++**P-48-8 CUSTOMER DATA**
++
  The customer data is any data entered by the customer or cashier as required by the authorizer to complete the transaction. Transactions requiring customer data may be related to fleet fuelling, cheque authorizations or any other type of retail store management functions. Up to sixteen separate entries are supported. Each entry consists of two elements, the type of customer data entered and the variable length value of the entered data. Successive entries are separated by a back-slash (\). (Note: the LVAR method is not used for these entries.) The entire data element has a maximum length of 250 bytes and is parsed as an LLLVAR field.
  |=Element|=Name|=Attribute|=Description
@@ -277,22
          +277,17 @@
  D - Customer verification code
  G - Alphanumeric entered data
++The information encoded on track 2 of the magnetic stripe as defined in ISO7813, excluding beginning and ending sentinels and longitudinal redundancy check characters.
--The information encoded on track 2 of the magnetic stripe as defined in ISO7813, excluding beginning and ending sentinels and longitudinal redundancy check characters.**P-48-9 TRACK II OF VEHICLE CARD**
--**P-48-14 PIN ENCRYPTION METHODOLOGY**
++**P-48-9 TRACK II OF VEHICLE CARD**
-- ‘13’: PayEx H2H shared keys
-- ‘33’: ZKA MS/SK PAC H2H (**Currently not supported**)
++**P-48-14 PIN ENCRYPTION METHODOLOGY**
++See [[security documentation>>doc:.PayEx IFSF H2H Security specification.WebHome]] section for details.
--When P-52 is present, this field must also be present. When field P-52 is NOT present, field 48-14 should also NOT be present.
--The value currently supported by PayEx is ‘13’ and refers to PayEx H2H shared keys. **Other values are currently not supported**.
--
--PayEx H2H shared key scheme defines a pin encryption key that is used to encrypt the pin block. See security documentation section for details.
--
  **P-48-32 VAT PERCENTAGES**
  List of VAT codes accompanied with their corresponding VAT percentage.
@@ -310,6
          +310,7 @@
 - On the Card
 - Automatic Licence Plate Recognition
++
  **P-48-38 PUMP LINKED INDICATOR**
  Indicating whether the fuel pump reading is is linked to the payment terminal:
@@ -321,37
          +321,21 @@
  **P-48-39 DELIVERY NOTE NUMBER**
  Number allocated by the terminal given to the customer as printed on the ticket.
++
  **P-49 CURRENCY CODE , TRANSACTION**
  All transactions are in local currency, as defined during system installation. Actual value is as defined by ISO 4217.
++
  **P-52 PIN DATA**
  ISO 9564-1 format 0 PIN block encrypted with PIN encryption key.
++See[[ security documentation>>doc:.PayEx IFSF H2H Security specification.WebHome]] section for details.
++
  **P-53 SECURITY RELATED CONTROL INFORMATION**
--(% style="width:1468px" %)
--|=Element|=Name|=Format|=Attribute|=(% style="width: 731px;" %)Description
--|53| |n|2|(% style="width:731px" %)LLVAR length field
--|53-1|Master key generation number|n|1|(% style="width:731px" %)Identifies the master key generation. **Currently NOT supported**
--|53-2|Key version of master key|n|1|(% style="width:731px" %)Identifies the key version. **Currently NOT supported**
--|53-3|MAC random value|b|16|(% style="width:731px" %)ZKA MAC random value. **Currently NOT supported**
--|53-4|PAC random value|b|16|(% style="width:731px" %)(((
--ZKA PAC random value. Zero filled if no PIN block in the message. **Currently NOT supported**
--)))
--|53-5|Data encryption random value|b|16|(% style="width:731px" %)ZKA Data encryption random value. **Currently NOT supported**
--|53-6|H2H Key version|n|2|(% style="width:731px" %)Version of keys shared by PayEx with 3rd party.
++See[[ security documentation>>doc:.PayEx IFSF H2H Security specification.WebHome]] section for details.
--**PayEx shared key scheme**
--
--PayEx supplies key version to be sent in 53-6. This scheme defines 3 different keys for MAC, PIN and Data encryption which will be shared between PayEx and 3rd party. See security documentation section for details.
--
--
--**ZKA scheme (Currently not supported)**
--
--PayEx defines the value of 53-1 and 53-2. Note that a set of different values are defined for both test and production. Also values are unique for every third party (host).
--
--For optimal security it is a good practice to use different random values for the MAC and PAC. However the security impact of having the same random number for PAC and MAC is very limited. Especially because in the MK/SK security scheme an XOR of the Master key with a fixed Control Mask is done, where the Control Mask value is different for PIN and MAC. So even if the MAC session key would be compromised the PIN session key still cannot be determined even when the same random number is used. It is important to assure that different random numbers are used for every transaction.
  **P-56 ORIGINAL DATA ELEMENTS**
@@ -400,8
          +400,8 @@
  |=Number|=Format|=Field|=Description
  |63-3|n 3 |Product code|3-digit product code that defines the type of product sold
--|63-4|a 1 |Unit ofg measure|Indicates the meaning of the Quantity field. ‘U’  Sold per Unit
--‘O’ Unit of Measurement undefined ‘L’  Sold per Litre
++|63-4|a 1 |Unit of measure|Indicates the meaning of the Quantity field. ‘U’  Sold per Unit
++‘O’ Unit of Measurement undefined ‘L’  Sold per Litre.
  |63-5|n 9|Quantity|Number of product units
  | | |Separator|‘\’ To separate Quantity from Unit-Price
  |63-6|sn 9|Unit price|Starts with a Minus sign when Unit price is negative. First digit is exponent. Typically 3 for fuels, and 2 for shop articles. Remaining digits are actual unit price
@@ -410,42
          +410,15 @@
  | | |Separator|‘\’ To separate the Amount from the Vat Code
  |63-8|an 1|Tax code|1 digit VAT code
  |63-9|n 14|Additional Product code|Up to 14 digits article number as known in the POS
--| | |Teminator |‘\’ To mark the end of this sales item
++| | |Terminator |‘\’ To mark the end of this sales item
  **P-64 MAC**
--MAC is calculated/verified according to the “IFSF X9.19 Retail CBC MAC (3DES)” (see Appendix D in [2]), using the “Derivation of the MAC session key” (see 5.2.2 Derivation of the MAC session key in [2]).
++MAC is calculated/verified according to the “ANS X9.9 Option 1 (binary data) procedure using ISO 16609 CBC-mode Triple-DES” (see [[security documentation>>doc:.PayEx IFSF H2H Security specification.WebHome]] for details).
  The input for the MAC calculation/verification will be the SHA-256 of the IFSF message. The message length header and the MAC block itself are not included, however the MAC bit in the bitmap is part of the message and is already set when calculating the MAC.
--In pseudo code it is as follows (the sign is used for assignment):
--Input :
--
--* The four 8-byte blocks B1 .. B4 from the SHA256
--* MAC session key <Kl, Kr> (left and right halfs)
--
--Output :
--
--* 8-byte MAC M
--
--Function X9.19retailMAC:
--
--* M <- 0x0000 0000 0000 0000
--
--For each 8-byte block b in B1 to B4 do:
--
--* M <- M XOR b
--* M <- 1DES_encrypt(Kl, M)
--
--Done
--
--* M <- 1DES_decrypt(Kr, M)
--* M <- 1DES_encrypt(Kl, M)
--
--End function
--
--
  **P-127 Encrypted data**
--This field contains the encrypted track2 data. See security documentation section for details on how to generate this field.
++This field contains the encrypted track2 data. See [[security documentation>>doc:.PayEx IFSF H2H Security specification.WebHome]] section for details on how to generate this field.