PayEx Developer Portal - Payment Service provider API ISO8583

(% class="WordSection1" %)

(((

= Overview =

The purpose of the H2H PayEx link is to enable authorization and settlement of card transactions, where PayEx is end host for that card, or just an PSP. The third party host acts as a gateway in between payment terminals and PayEx.

6

7

8

[[image:pos server.png]]

The third party host can be a single or dual host system.

14

PayEx has a fully redundant system, with an active/active configuration.

15

The third party host(s) connect to PayEx loadbalanser

16

17

18

== Supported massage types ==

19

20

21

|=Message Type|=Reference

22

|1100/1110|[[AUTHORISATION REQUEST>>doc:AUTHORISATION REQUEST 1100/1110]]

23

|1200/1210|[[FINANCIAL TRANSACTION REQUEST>>doc:.FINANCIAL TRANSACTION REQUEST 1200/1210.WebHome]]

24

|1220/1221/1230|[[FINANCIAL TRANSACTION ADVICE>>doc:FINANCIAL TRANSACTION ADVICE 1220/1221/1230]]

25

|1420/1421/1430|[[REVERSAL ADVICE>>doc:REVERSAL ADVICE 1420/1421/1430]]

26

|1820/1830|[[NETWORK MANAGEMENT>>doc:.NETWORK MANAGEMENT 1820/1830.WebHome]]

27

28

* Message types not included in the table above are not supported. E-g reconciliation is not supported

29

Only the Financial transaction advice (1220), Reversal Advice (1420) use repeat messages. Repeats are to be sent according to xxxxxxx rules

30

* Advice can be declined by PayEx for technical reasons. In this case the third party host need to retry the advice until manual intervention or the advice has been accepted. It’s expected that the third party implement a retry delay (to-be-defined). After 6 retry attemps have failed manual intervention by third party and PayEx support must be initiated.

== Message layout ==

This section covers message types and fields supported by PayEx

35

36

37

|=Presence|=Title|=Description

38

|C|Conditional|The data element’s presence depends on specific circumstances, witch are described either directly or by reference in the message content table.

39

|CE|Conditional echo|The response message must have the same data element if the data element was present in the original message

40

|M|Mandatory|Data element must be present in the specified message

41

|ME|Mandatory echo|The response message must have the same data element and value as sent in the original message request or advice message

42

|O|Optional|The data element may or may not be present in the message

43

)))

44

45

Optional fields may always be present in requests, even when not needed. In such case, they will be ignored. Requests received missing a mandatory field will be 904 - Format Error.

46

47

The third party host must ignore unknown fields included in the response messages.

48

49

When no usage notes are given in the field description, the field should be used as described in IFSF [1].

50

51

The “Format”-column can contain following info:

52

53

* LL: Variable length field, max 99 bytes as data. The field contains 2 bytes holding the length of the data. Example: 303101 a one byte field with LL = 3031 and the data is 01.

54

* LLL: Variable length field, max 999 bytes as data. The field contains 3 bytes holding the length of the data. Example: 30303101 a one byte field with LLL = 303031 and the data is 01.

55

* Date/time field formats, YYMMDDhhmmss (or variations), where:

56

** YY : Last 2 digits of the year, 00 through 99

57

** MM: Month, 01 through 12.

58

** DD: Day, 01 through 31

59

** hh: Hour, 00 through 23

60

** mm: Minutes, 00 through 59

61

** ss: Seconds, 00 through 59

62

63

The “Type”-column can contain:

64

65

* a : Alphabetic character [a..z,A..Z]

66

* n : Numeric BCD-digit. [0..9]

67

* ans: alphabetic, numeric and special characters

68

* an : alphabetic and numeric.

69

* s : Special characters.

70

* b : Binary

71

* p: pad character, space

72

* x: “C” for credit, “D” for debit and shall always be associated with a numerical amount data element.

73

74

The “Size”-column can contain:

75

76

* Variable length fields have a size that looks like “..nn”, where nn is the maximum number of characters or bytes.

77

* A fixed length field has “n” as size content, with n the number of characters or bytes.

78

79

All fixed length “n” data elements are assumed to be right justified with leading zeroes. All other fixed length data elements are left justified with trailing spaces. In all “b” data elements, blocks of 8 bits are assumed to be left justified with trailing zeroes.

80

81

82

== Message protocol ==

83

84

All messages are transferred using TCP/IP sockets.

85

86

The message will be encapsulated in a transmission frame as follows:

87

88

* The first 4 digits contain the length of the message in ASCII (decimal value, most significant digit first). The length field includes all bytes from the first byte of the message ID up to the last byte of the last field.

89

* This 4-digit length field is immediately followed by the message ID, also in ASCII (decimal value, most significant digit first).

90

* An 8 byte message bitmap, which is a binary field (so not ASCII encoded).

91

* Message fields, which could be ASCII or binary encoded. The fields with format ‘n, ns, an, ans, anp or x’ are ASCII encoded, while the fields with format ‘b’ are binary encoded. The following conventions shall be applied to all data elements:

92

** All fixed length numeric data element values shall be right justified with leading zeroes.

93

** All fixed length data elements with alphabetic or special characters shall be left justified with trailing blanks.

94

** All fixed length binary data elements shall be right justified with leading zeroes.

95

** The position of a character or a bit in a data element shall be counted from the left beginning with one (1).(See also section 5.1 Attribute specification in [01])

96

** No trailer is included.

97

98

Example: An imaginary message which consists only of a message ID “0300” and an empty bitmap (all zeros) will be transmitted as follows:

|=Length|=(((

Message ID

)))|=Bitmap

|=0x30 0x30 0x31 0x32|=0x30 0x33 0x30 0x30|=0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00

105

106

Example: An 1820 message, without MAC, will be transmitted as follows: Message bytes (hex):

107

303035303138323002300101000000003039313031353238343133383239313030393039313031353238343138333130353130303331

|Message Length|n|ASCII|30303530|0050

112

|Massage ID|n|ASCII|31383230|1820

113

|Bitmat|b|Binary|0230010100000000|

114

|7 - Date/Time|n|ASCII|30393130313532383431|0910152841

115

|11 - STAN|n|ASCII|333832393130|382910

116

|12 - Date/Time|n|ASCII|303930393130313532383431|090910152841

117

|24 - Function code|n|ASCII|383331|831

118

119

120

The PayEx response timeout is set to XX seconds. If after xx+1 seconds, no response has been received, the third party host needs to take the appropriate action based on the message type. (E.g. send a reversal)

121

122

The third party host has the possibility to perform offline stand-in, thought this needs to be agreed with the indididual card issuers. Otherwise the station might not be reimbursed.

== PIN Validation ==

PayEx perform online PIN validation on paye,ent cards where PayEx is the acquirer, on all other cartds PIN is validated by the third party acuirer. PayEx will not interpret P-22 Point-Of-Service code to determine if it needs to validate PIN or not on PayEx fuel cards, but 3rd patry aquirers might so it's good practice to use P-22 correctly.

128

129

Fields required for PIN validation are:

130

131

* P-48-14 – PIN encryption Methodology

132

* P-52 – PIN data

133

* P-53 – Security related information

134

135

136

== Message field details ==

**P-2 PAN**

Personal Account Number, identifies the card.Only mandatory for Manual PAN transactions (replacement for Track2Data P35)

142

143

**P-3 PROCESSING CODE**

144

145

Code used to describe the effect of a transaction on the customer account and the accounts affected. Fixed 00000000 : Goods and services

146

147

**P-4 AMOUNT, TRANSACTION**

148

149

The amount is a numeric value, expressed without a decimal separator. Where a minor unit of currency applies, the relevant minor unit data element indicates the number of decimal places in the relevant amount. Example : 1 kr = 100

150

151

**P-7 DATE AND TIME, TRANSMISSION**

152

153

Date and time of message transmission from the third party host.

154

155

**P-11 SYSTEM TRACE AUDIT NUMBER**

156

157

Number assigned by the third party host to assist in identifying a transaction uniquely. Range 000001 till 999999. Every message must have a new STAN, repeats use the same STAN as the original message.

158

**P-12 DATE AND TIME, LOCAL TRANSACTION**

159

160

Date and time of the transaction when performed on the POS.

**P-14 DATE EXPIRY**

Month and year of card expiry. Only mandatory for a manual PAN transaction

165

166

**P-22 POINT OF SERVICE DATA CODE**

167

168

A series of codes intended to identify terminal capability, terminal environment and presentation security data.

169

170

|=Point of service date code|=Description

171

|POS 1: Card data input capabilities|2: magnetic stripe read A: RFID

172

B: Magnetic stripe reader and key entry

173

C: Magnetic stripe reader, ICC and key entry

174

D: Magnetic stripe reader and ICC

175

|Pos 2: Cardholder authentication capability|1: PIN

176

Y: Signature,plaintext/enciphered PIN offline and ‘no cvm’ capable, enciphered pin online

177

|Pos 3: Card capture capability|0:None

178

T: None and SDA/DDA/CDA capable

179

|Pos 4: Operating environment|(((

180

1: On premises of card acceptor, attended

181

2: On premises of card acceptor, unattended

182

)))

183

|Pos 5: Cardholder present|0: Cardholder present

184

|Pos 6: Card present|1: Card present

185

|Pos 7: Card data input mode|2: Magnetic stripe read

186

3: Bar code

187

5: ICC

188

6: Key entered A: RFID

189

D: Magnetic stripe read following failed chip card read

190

|Pos 8: Cardholder authentication method|0: Not authenticated

191

1: PIN

192

5: Manual signature verification

193

|Pos 9: Cardholder authentication entity|0: Not authenticated

194

1: ICC

195

2: Card acceptor device 3: Authorizing Agent

196

|Pos 10: Card data output capability|1: None

197

3: ICC

198

|Pos 11: Terminal output capability|2: Printing

199

4: Printing and display

200

|Pos 12: PIN capture capability|C: Twelve characters

201

202

**P-24 FUNCTION CODE**

203

204

|=Function code|=Description

205

|101|Original authorization, amount estimated used in 1100

206

|200|Original financial request/advice Used in 1200/1220/1221

207

|201|Previously approved authorisation, amount the same Used in 1220/1221

208

|202|Previously approved authorisation, amount differs Used in 1220/1221

209

|400|Full reversal Used in 1420/1421

210

|831|Echo test Used in 1820

211

212

**P-25 MESSAGE REASON CODE**

213

214

|=reason code |=Description

215

|1003|Card issuer unabailable

216

|1004|Terminal processed

217

|1508|On-line forced by terminal

218

|4000|Customer cancellation

219

|4020|Invalid response, no action taken

220

|4021|Timeout waiting for response

221

|4351|Cancellation - unmatched signature

222

223

**P-30 ORIGINAL AMOUNT**

224

225

The original amount data element is a constructed element of two parts with a total of 24 positions:

226

a) Original amount transaction, n 12;

227

b) Original amount reconciliation, n 12.

228

Absence of data shall be indicated by zeroes. These parts shall be used when attempting to perform a partial approval and shall contain the original amounts.

229

230

**P-32 ACQUIRING INSTITUTION IDENTIFICATION CODE**

231

232

ISO 3166 - numeric country code of country where the POS transaction took place.

233

234

|=Country|=ISO numeric country code

|Norway|

|Sweden|

|Danmark|

|Finland|

**P-33 FORWARDING INSTITUTION IDENTIFICATION CODE**

241

242

10 digit code identifying the 3rd patry host. Each 3rd party integrated with PayEx will be assigned a unique code that they are to use in all messages where P-33 is specified.

243

244

245

**P-35 TRACK 2 DATA**

246

247

The information encoded on track 2 of the magnetic stripe as defined in ISO7813, excluding beginning and ending sentinels and longitudinal redundancy check characters as defined therein.

248

249

Example: 123456789012345=00112233

250

251

252

**P-38 APPROVAL CODE**

253

254

Code assigned by the authorising institution indicating approval.

**P-39 ACTION CODE**

See action code page for codes that can be returned by PayEx.

260

261

262

**P-41 Card acceptor terminal identification**

263

Needs to be unique per POS terminal at the merchant site. For Inndoor terminals use the range 1-99 and for outdoor terminals 100-199. PayEx needs to be informed of how many terminals that are installed at the merchant site.

264

265

**P-42 Card acceptor identification code**

266

267

8 digit unique ID provided by PayEx for each merchant.

268

269

**P-43 Card acceptor name/location**

270

271

The name and location of the card acceptor.

272

273

**P-48 MESSAGE CONTROL DATA ELEMENTS**

274

Used for the control of messages between the POS and the FEP. These are present in field 48 as a variable content data element. It uses a standard bit map to identify the specific data elements present in field 48. The format is LLLVAR with a maximum length of 999. The 8 byte bit map is the first item (element 48-0) in the data element.

275

276

P-48-4 BATCH/SEQUENCE NUMBER

277

278

This field identifies the transactions associated with a particular settlement period. This number starts at one and increments with each Reconciliation.

P-48-8 CUSTOMER DATA

The customer data is any data entered by the customer or cashier as required by the authorizer to complete the transaction. Transactions requiring customer data may be related to fleet fuelling, cheque authorizations or any other type of retail store management functions. Up to sixteen separate entries are supported. Each entry consists of two elements, the type of customer data entered and the variable length value of the entered data. Successive entries are separated by a back-slash (\). (Note: the LVAR method is not used for these entries.) The entire data element has a maximum length of 250 bytes and is parsed as an LLLVAR field.

283

284

|=Element|=Name|=Attribute|=Description

285

|48-8-1|Number of customer data fields|n2|Count of customer data entries to follow.Note: this value must be from 1 to 16.

286

|48-8-2|Type of customer data|an 1|Identifies the type of customer data entered. (see P48-8-2)

287

|48-8-3|Value of customer data|ans...99|Data entered by customer orcashier.

288

289

290

P-48-8-2 TYPE OF CUSTOMER DATA

|=Code|=Description

|1|Vehicle Number

|3|Driver ID

|4|Mileage

|5|Driver license number

297

|B|Unit number / Fleed ID

298

|D|Customer verification code

299

|G|Alphanumeric entred data

| |

**P-48-9 TRACK II OF VEHICLE CARD**

304

305

The information encoded on track 2 of the magnetic stripe as defined in ISO7813, excluding beginning and ending sentinels and longitudinal redundancy check characters.

306

307

**P-48-14 PIN ENCRYPTION METHODOLOGY**

308

309

Fixed value ‘33’: ZKA MS/SK PAC H2H

310

When P-52 is present, this field must also be present. When field P-52 is NOT present, field 48-14 should also NOT be present.

311

312

The value supported by PayEx is ‘33’ and refers to 3DES ZKA UKPT. Other values are not supported.

313

314

The first digit (3) refers to key management type ‘ZKA UKPT’ and the second digit (3) refers to the cryptographic algorithm ‘3DES with double length key’. A double length key means 2X56 bits effective key length.

315

316

317

**P-48-32 VAT PERCENTAGES**

318

319

List of VAT codes accompanied with their corresponding VAT percentage.

320

321

The purpose of this field is to link the VAT codes as used in field P-63 Product data, P-63-8 tax code, to actual VAT percentages. As the incoming link can be multi-country, and PayEx does not have product codes per VAT rate, the VAT rates need to be provided in every transaction.

322

323

Individual items are separated with a backslash character.

324

Only VAT codes used in the product data (P-63) need to be described in this array. Others will be ignored.

325

326

327

**P-48-37 VEHICLE IDENTIFICATION ENTRY MODE**

328

Only present when a vehicle number is available (P48-8). Defines how the vehicle number was entered:

329