Payment between POS Terminal and Bank

StackOverflow https://stackoverflow.com/questions/8486129

Question

I want to make program to talk between a Bank and POS Terminal Devices without using any third party tools. Let's assume that, currently, this program will only be used to talk with a specific bank through bank switching IP address + Port number.

Firstly, let's assume that I get this output by swiping a credit card at a POS terminal.

%B1234123412341234
^CardUser/John^030510100000019301000000877000000?;1234123412341234=0305101193010877?

Then I categorize this raw data to Track 1, Format B, and Track 2, according to this wiki link.

Track 1 Format B 

%
B
1234123412341234
^
CardUser/John
^
0305
101
00000019301000000877000000
?

Track 2

;
1234123412341234
=
0305
101
193010877
?

Then, I will use this code to read those formats using a C# program.

protected void CardReader_OTC(object sender, EventArgs e)
{
    bool CaretPresent = false;
    bool EqualPresent = false;

    CaretPresent = CardReader.Text.Contains("^");
    EqualPresent = CardReader.Text.Contains("=");

    if (CaretPresent)
    {
        string[] CardData = CardReader.Text.Split('^');
        //B1234123412341234^CardUser/John^030510100000019301000000877000000?

        PersonName.Text = FormatName(CardData[1]);
        CardNumber.Text = FormatCardNumber(CardData[0]);
        CardExpiration.Text = CardData[2].Substring(2, 2) + "/" + CardData[2].Substring(0, 2);
    }
    else if (EqualPresent)
    {
        string[] CardData = CardReader.Text.Split('=');
        //1234123412341234=0305101193010877?

        CardNumber.Text = FormatCardNumber(CardData[0]);
        CardExpiration.Text = CardData[1].Substring(2, 2) + "/" + CardData[1].Substring(0, 2);
    }
}

After all of my above code, I think I need to use ISO 8583 messaging protocol to send my data to bank.

My data will include

  1. Track 1 + Track 2 information.
  2. Money amount to withdraw for any kind of purchasing process.

I want 2 of these items to include at ISO message which I will send to the bank.

My questions are:

  1. Is this correct business flow to interact with a bank? I would like to get any suggestions.

  2. Is it possible to combine two of these items in a single ISO message, which will go to bank?

Please give me suggestions, any references, or any web links.

Was it helpful?

Solution

if you are to use ISO 8583 message format then you need to pass the card information in one of the following fields:

  • DE2 = Card Number
  • DE35 = Track II
  • DE45 = Track I

    you can pass DE2 with DE35 or De45 but no one passed both 35 and 45

    next you need to pass the expiry date, which is stored in DE14

    you also need to pass what type of transaction this is, which is the first 2 digits of DE3, and it will be 00 for purchases, 11 for manual cash, the remaining can either be 0000 or if you specify account type then digits 3 and 4 will represent account type, rest should be 00 since there is no To-Account in these transactions

    you need to pass the amount in the field DE4

    you need to pass a trace number in DE11

    fields DE41, DE42 and DE43 are used as well to identify the terminal you are using and the merchant owning such terminal

    the fields DE7, DE12 are used to specify date/time of transaction

    Field DE49 used to specify currency of transaction

    Field DE18 is important to specify the Merchant Category Code of the POS terminal you use, which is what type of activity this merchant follow

    DE19 can be used to specify the country

    DE25 for the entry mode (are you using chip, magnetic stripe, manual entry?)

    this is the minimum you should follow, however, it depends on the acquiring bank, what are the specifications they require minumum

    • OTHER TIPS

    I dun know whether it is going to help you now or not. As it has been more than 2 years and You might have found the solution to this.. Still I am trying to give brief description :

    Firstly when the card (debit/credit) is swiped at the MSR head of the POS terminal then the card data details from T1 & T2 are used to form a ISO 8583 packet.

    You have to decide which version of ISO 8583 you would be using and same has to be followed by the payment switch whom your POS will be going to hit.

    Lets assume you are using ISO 8583 v2003.

    Now when the card is swiped, ur POS terminal will form a ISO8583 packet, encrypt it and send to the payment switch over a secure tunnel (TCP-IP). Now this switch will be connected to payment gateway (it can be connected to banks, or one or more PG) and the request will be forwarded to the PG form the payment switch.

    After authorization and authentication PG will response back to the request via Payment switch to POS terminal.

    Point to be noted: 1. Your POS terminal should be PCI PTS POI certified for legally swiping any VISA/MC/Amex card 2. PCI PTS have security requirements and they your device should comply 3. ISO 8583 standard have different MTI for different types of financial request. For ex for SALE you will have to send MTI 200/210, for reversal MTI 420/430, for sign on and key exchange MTI 804/810, etc.

    You have to possess deep knowledge of 8583 standard to form Data packets.

    If you want me to explain the security requirements or more about ISO8583, let me know.

    Licensed under: CC-BY-SA with attribution
    Not affiliated with StackOverflow
    scroll top