Professional Documents
Culture Documents
Authorizattion System Manual PDF
Authorizattion System Manual PDF
Replacement The April 2006 Authorization System Manual replaces your existing
manual.
What is in the new This new version reflects changes effective with Banknet Release 06.1.
version?
Please refer to:
• “Summary of Changes” for a comprehensive list of changes reflected in
this update.
• “Using this Manual” for a complete list of the contents of this manual.
Billing MasterCard will bill principal members for this document. Please refer to
the appropriate MasterCard Consolidated Billing System Manual for billing-
related information.
Questions? If you have questions about this manual, please contact the Customer
Operations Services team or your regional help desk. Please refer to
“Using this Manual” for more contact information.
MasterCard is Please take a moment to provide us with your feedback about the material
Listening… and usefulness of the Authorization System Manual using the following e-
mail address:
publications@mastercard.com
MIP X-Code Limits The MIP X-Code Limits table was updated to show the Chapter 2
updates established X-Code limits for World MasterCard™ Cards and
Platinum MasterCard™ Cards.
Online authorization Information about online authorization messages and flows Chapter 5
message updates was updated.
Central Authorization With the elimination of bulk types SI001 (Sequential Chapter 8
Processing Service Response File) and SI002 (Sequential Audit File) and the Chapter 11
(CAPS) updates replacement of SI003 with RB28, CAPS information was
updated.
Account Balance This update includes changes to the Account Balance Chapter 9
Responses and Balance Responses and Balance Inquiries information.
Inquiries updates
Authorization Multiple MasterCard updated the AMCC service to allow all acquirers Chapter 9
Currency Conversion to submit authorization request messages containing any
(AMCC) service update valid MasterCard transaction currency. MasterCard will no
longer require acquirers to sign-up for the acquirer
Authorization Multiple Currency Conversion (AMCC) service
to process transactions in their local currencies.
Implementation of Partial Effective with Banknet Release 06.1, the Authorization Chapter 9
Approvals System will allow issuers to approve a portion of the
requested transaction amount by responding with the
approved amount and a new partial approval response code
in authorization response messages.
Page 1 of 2
Change Summary Description of Change Where to Look
MasterCard-acquired Visa Information about the Market-specific Data Identifier (Visa- Chapter 9
Transactions update only) and the Prestigious Properties Indicator was added.
Purchase with Cash Back MasterCard enhanced Stand-In Processing to allow issuers to Chapter 9
Transactions for Debit choose Stand-In to process Purchase of Goods or Services
MasterCard Cards update with Cash Back transactions that are PIN-based, signature-
based, or both for Debit MasterCard® cards.
Smart Card Transactions Effective with Banknet Release 06.1, the Authorization Chapter 12
update System now gives acquirers additional information about
chip cryptogram validation issuers and allows additional
types of chip transactions.
Additionally, effective 1 January 2006, all new acquirers that
choose to process smart card transactions must support Full
Grade Processing for smart card transactions.
Terminology change References to the Merchant Category Code (MCC) were Various chapters
changed to Card Acceptor Business Code/Merchant
Category Code (MCC).
Page 2 of 2
Authorization
System Manual
April 2006
Copyright The information contained in this manual is proprietary and
confidential to MasterCard International Incorporated (MasterCard)
and its members.
Trademarks Trademark notices and symbols used in this manual reflect the
registration status of MasterCard trademarks in the United States.
Please consult with the Customer Operations Services team or the
MasterCard Law Department for the registration status of particular
product, program, or service names outside the United States.
1-636-722-6100
www.mastercard.com
Audience................................................................................................................. 1
Overview ................................................................................................................ 1
Times Expressed..................................................................................................... 3
Revisions ................................................................................................................. 4
Related Information................................................................................................ 4
Related Forms......................................................................................................... 5
Support ................................................................................................................... 5
Member Relations Representative ................................................................... 6
Regional Representative................................................................................... 7
Authorization Responses.....................................................................................2-8
Approve.........................................................................................................2-9
Decline ..........................................................................................................2-9
Refer to Card Issuer ....................................................................................2-10
Capture Card ...............................................................................................2-10
Important Dates...................................................................................................7-4
How MasterCard Uses this Information .......................................................7-4
When Changes are Effective.........................................................................7-4
Telephone Numbers............................................................................................7-5
How to Complete this Section......................................................................7-5
How MasterCard Uses this Information .......................................................7-5
When Changes Are Effective ........................................................................7-5
Decision Matrix..................................................................................................7-18
How to Complete this Section....................................................................7-18
How Stand-In Processing Uses this Information .......................................7-19
When Changes Are Effective ......................................................................7-19
VIP Controls.......................................................................................................7-24
How to Complete this Section....................................................................7-24
How Stand-In Processing Uses this Information .......................................7-25
When Changes Are Effective ......................................................................7-25
CAPS Features......................................................................................................8-2
Sending and Retrieving CAPS Files via MasterCard File Express ......................8-4
When to Send the Sequential Account File .................................................8-4
Emergency Maintenance to the Account File ..............................................8-7
File Layouts..........................................................................................................8-9
Sequential Account File ................................................................................8-9
Important Dates.................................................................................................8-14
How MasterCard Uses this Information .....................................................8-14
When Changes are Effective.......................................................................8-15
Telephone Numbers..........................................................................................8-15
How to Complete this Section....................................................................8-15
How MasterCard Uses this Information .....................................................8-15
When Changes are Effective.......................................................................8-15
Decision Matrix..................................................................................................8-22
How to Complete this Section....................................................................8-22
How Stand-In Processing Uses this Information .......................................8-23
When Changes Are Effective ......................................................................8-23
VIP Controls.......................................................................................................8-27
How to Complete this Section....................................................................8-28
How Stand-In Processing Uses this Information .......................................8-28
When Changes Are Effective ......................................................................8-28
Account Management..........................................................................................9-2
Account Management System.......................................................................9-2
Account File ..................................................................................................9-2
Recurring Payment Cancellation Service (RPCS) .........................................9-3
Blocking Ranges of Accounts .......................................................................9-3
Balance Inquiries...............................................................................................9-23
ATM Balance Inquiries................................................................................9-23
Point-of-Sale (POS) Terminal Balance Inquiries........................................9-24
Check Guarantee...............................................................................................9-49
Requirements for Authorization Request/0100 Messages..........................9-49
Chapter 10 Reports
Related Reports in Other Manuals....................................................................10-1
GARS Monthly Acquirer Response Below Target Report (GR128010-BB) ... 10-55
Report Sample ........................................................................................... 10-56
Field Descriptions ..................................................................................... 10-57
Chapter 11 Testing
Member Testing.................................................................................................11-1
Who Must Test ............................................................................................11-1
How to Prepare for Testing........................................................................11-1
How to Perform Testing .............................................................................11-8
How to Begin Production Processing ........................................................11-8
Acquirer Responsibilities...................................................................................12-1
Requirements for Merchants and Service Providers ..................................12-1
Purpose...................................................................................................................1
Audience.................................................................................................................1
Overview ................................................................................................................1
Times Expressed.....................................................................................................3
Revisions .................................................................................................................4
Related Information................................................................................................4
Related Forms.........................................................................................................5
Support ...................................................................................................................5
Member Relations Representative ...................................................................6
Regional Representative...................................................................................7
Purpose
The MasterCard Authorization System Manual helps member personnel gain a
basic understanding of the structure of the MasterCard International
Incorporated (“MasterCard”) Authorization System and how to use it. This
manual describes requirements and procedures for member participation in
authorization services provided by MasterCard.
Audience
MasterCard provides this manual to members and their authorized agents.
Specifically, the following personnel should find this manual useful:
• Management staff—to gain a high-level understanding of authorization
processing and associated services, responsibilities, and processing
alternatives
• Security staff—to review authorization tools available for reducing
transaction risk levels
• Systems personnel—to become familiar with transaction data flows and the
MasterCard Authorization System
• Operations staff—to establish procedures for various aspects of the
authorization process, including authorization requests and special services
such as address verification and authorization report monitoring
• Merchant support staff—to gain an understanding of the Authorization
System as a whole and to develop procedures for merchants
Overview
The following table provides an overview of this manual.
Chapter Description
Table of Contents A list of the manual’s chapters and sections. Each entry
lists a chapter and page number.
Using this Manual A description of the manual’s purpose and its contents.
1 System Overview An overview of the MasterCard Authorization System,
providing a high-level definition of its features and related
systems and services.
Chapter Description
2 Basic Authorization A discussion of participants in the Authorization System,
Concepts authorization responses, ways to access the Authorization
System, Limit-1 processing, and X-Code processing.
3 MasterCard Illustrations and descriptions of authorization message
Authorization Message flows for MasterCard® credit card programs.
Flows
4 Acquirer and Issuer A description of the authorization-related responsibilities
Responsibilities that acquirers and issuers must fulfill.
5 Online Authorization Procedures for online issuers and acquirers to perform
Messages authorization processing, including basic information
about the purpose and function of online messages.
6 Stand-In Processing A description of how Stand-In processing responds to
authorization requests on behalf of the issuer.
7 Setting Stand-In Procedures for online issuers to establish Stand-In
Parameters: Online parameters using the Stand-In Processing Worksheet.
Issuer
8 Central Authorization A description of the CAPS service and files it uses,
Processing Service procedures for sending and retrieving CAPS files, file
layouts, and procedures for establishing Stand-In
parameters using the Stand-In Processing Worksheet.
9 Authorization Services Detailed information about services provided by
Detail MasterCard that support and enhance the basic functions
of the Authorization System.
10 Reports Detailed description and samples of reports produced by
the MasterCard Authorization System.
11 Testing Procedures for testing the ability to participate in the
MasterCard Authorization System and testing value-added
services.
12 Smart Card Policies and standards for authorizing transactions
Transactions processed using smart cards.
A Non-MasterCard Illustrations and descriptions of Visa and other non-
Authorization Message MasterCard authorization message flows.
Flows
B File Layouts File layouts for the In-flight Commerce Blocked Gaming
File and the Store-and-Forward Message Transmission
File.
Forms Forms related to the MasterCard Authorization System.
Excerpted Text
At times, this document may include text excerpted from another document. A
note before the repeated text always identifies the source document. In such
cases, we included the repeated text solely for the reader’s convenience. The
original text in the source document always takes legal precedence.
Language Use
The spelling of English words in this manual follows the convention used for
U.S. English as defined in Merriam-Webster’s Collegiate Dictionary.
MasterCard is incorporated in the United States and publishes in the United
States. Therefore, this publication uses U.S. English spelling and grammar
rules.
An exception to the above spelling rule concerns the spelling of proper nouns.
In this case, we use the local English spelling.
Times Expressed
MasterCard is a global company with locations in many time zones. The
MasterCard operations and business centers are in the United States. The
operations center is in St. Louis, Missouri, and the business center is in
Purchase, New York.
Revisions
MasterCard periodically will issue revisions to this document as we implement
enhancements and changes, or as corrections are required.
Related Information
The following documents and resources provide information related to the
subjects discussed in this manual. Please refer to the Quick Reference Booklet
for descriptions of these documents.
Members that use the Cirrus® service and logo or that process online debit
transactions should refer to the debit processing manuals recommended by the
Customer Operations Services team.
For definitions of key terms used in this document, please refer to the
MasterCard Dictionary on the Member Publications home page (on
MasterCard OnLine® and the MasterCard Electronic Library CD-ROM).
Related Forms
Forms referenced in the Authorization System Manual are provided at the end
of this manual. In addition, forms are available in the Business Forms section
of MasterCard OnLine®.
Support
Please address your questions to the Customer Operations Services team as
follows:
Fax: 1-636-722-7192
Asia/Pacific:
Japan/Guam helpdesk.tokyo@mastercard.com
Korea korea_helpdesk@mastercard.com
Europe css@mastercard.com
For the name of your U.S. Member Relations representative, contact your local
Member Relations office:
Atlanta 1-678-459-9000
Chicago 1-847-375-4000
Purchase 1-914-249-2000
San Francisco 1-925-866-7700
Regional Representative
The regional representatives work out of the regional offices. Their role is to
serve as intermediaries between the members and other departments in
MasterCard. Members can inquire and receive responses in their own
languages and during their offices; hours of operation.
For the name of the regional office serving your area, call the Customer
Operations Services team at:
MIP
Acquirer Issuer
Banknet
Interfaces Interfaces
Network
MIP MIP
MIP
Stand-In
Note MasterCard reserves the right to record, store, and use all data transmitted via
the MasterCard Authorization System in online electronic transactions, subject
to MasterCard privacy and security compliance policies and applicable laws and
regulations, without further notice.
MIP
The MasterCard interface processor (MIP) is a front-end communications
processor placed on-site at a MasterCard member’s facility or at a processor or
hub site. It provides access to the Banknet® telecommunications network.
MIPs provide access to all MasterCard electronic funds transfer (EFT) products
and to a wide variety of other EFT services via MasterCard gateways. MIP
software supports issuing and acquiring functions, including routing
MasterCard transactions to issuers, acquirers, and Stand-In System processing
and switching non-MasterCard transactions to appropriate destinations via the
gateways.
Banknet Network
The Banknet network is the MasterCard worldwide packet-switching network.
It is the primary data transport communications facility that links all MasterCard
members and MasterCard data processing centers.
Acquirer Interfaces
Most acquirers access the MasterCard Authorization System via the online
method, through connectivity between the acquirer host and a MIP.
Issuer Interfaces
Most issuers access the MasterCard Authorization System online, through
connectivity between the issuer host and a MIP.
See chapter 2 for more information about online access and CAPS processing.
Gateways
The Banknet authorization application has interfaces called gateways that
permit processing between the Banknet network and other networks, as
shown in Figure 1.2.
Credit/Debit
Processors
Visa
MasterCard/ American Express
Cirrus ATM Diners Club
Network Carte Blanche
JCB
Check Guarantee
Banknet
Network
Bankcard
Associations
• Proprietary cards
• Visa
Acquirers, therefore, can process a wide variety of card brands via their access
to the MasterCard Banknet network.
See chapter 9 for details about both CVC 1 and CVC 2 participation.
Issuers may request that Stand-In System processing only perform the AAV
verification test when the issuer’s host system is unavailable to respond to the
Authorization Request/0100 message containing AAV data. See chapter 9 for
more information about this service.
PIN Verification
PIN is a proven technology for authenticating the identity of the cardholder.
MasterCard provides an optional PIN verification service for all purchase
transactions that contain a PIN. A PIN Verification in Stand-In System
processing service is also available. See chapter 9 for more information about
PIN verification services.
Reporting
MasterCard produces a variety of authorization-related reports that display
member authorization activity. These reports help members plan and manage
their authorization process. See chapter 10 for information about reports.
Authorization Responses.....................................................................................2-8
Approve.........................................................................................................2-9
Decline ..........................................................................................................2-9
Refer to Card Issuer ....................................................................................2-10
Capture Card ...............................................................................................2-10
Cardholder
Merchant
Banknet
Network
Cardholder
A cardholder is a person to whom a card has been issued or a person who is
authorized to use the card. In an authorization transaction, the cardholder
presents the card or cardholder account number as payment in exchange for
goods or services.
Merchant
The merchant is a retailer, or any other person, firm, or corporation that
(pursuant to a merchant agreement) agrees to accept credit cards, debit cards,
or both, when properly presented.
Acquirer
An acquirer is a licensed member that acquires the data relating to a
transaction from the card acceptor or merchant and submits that data for
authorization. The acquirer also supports clearing and settlement functions to
exchange funds between the issuer and the merchant.
Issuer
An issuer is a licensed member that issues cards and is responsible for
approving or declining authorization requests. The issuer also bills
cardholders and supports clearing and settlement functions to exchange funds
between the cardholder and the acquirer.
Other Participants
Figure 2.2 presents other entities that may participate in the authorization
transaction in place of the issuer and acquirer. It shows these entities in
relation to each other and to the cardholder, merchant, and the Banknet
network.
Cardholder
Merchant
Agent
Agent
Banknet on
on Behalf
Network Behalf
of the
of the
Member
MIP MIP Member
Note Throughout this manual, functional references to “issuers” and “acquirers” also
refer to others acting as authorized agents for issuers or acquirers. MasterCard
members are responsible for the acts and omissions of their agents, including
those with respect to MasterCard rules, regulations, policies, and procedures.
Figure 2.3 and Figure 2.4 show that MasterCard can act on behalf of the issuers
in the following ways:
• MasterCard Stand-In System acts on behalf of the issuers by receiving
authorization requests at Central Site and generating authorization
responses based on the issuer’s predetermined parameters. For more
information about Stand-In System processing, see chapter 6.
Cardholder
Merchant
Banknet
Network
Stand-In
MIP
Cardholder
Merchant
Acquirer MIP
Acquirer Methods
The following access options are available to acquirers:
• Online host-to-MIP access
• Manual telex
Banknet
Network
Acquirer MIP
MIP
Banknet
Network
Acquirer MIP
MIP
To have direct connectivity to a MIP, the acquirer must have a host computer
that can support this type of connectivity.
Acquirer 1 Banknet
Network
Shared
MIP
Acquirer 2
When several acquirers have connectivity to a shared MIP, the MIP is located
at the site of one of the acquirers. Other acquirers access the MIP via a
dedicated phone line. The acquirer with the MIP on-site controls the MIP
console.
Global
Service Banknet Network
Center
Acquirer MIP
Outside the
U.S. region
Manual telex acquirers send authorization requests via telex to the MasterCard
Global Service Center. A Global Service Center representative sends the
request to the Banknet network, and receives the authorization response. This
representative then informs the acquirer of the response via telex.
Note Members in the U.S. region may not use manual telex as an access method.
Members in regions outside the U.S. region may not use manual telex as their
primary method of accessing the Banknet network for authorization requests.
Issuer Methods
Issuers may choose either of the following authorization options:
• Online host-to-MIP access to the Banknet network
• Central Authorization Processing Service (CAPS)
Interfaces for access to the Account Management System (AMS) and the
Account File for file maintenance are documented in the Account Management
User Manual. They may differ from the issuer’s access method for
authorization processing.
Figure 2.9, Figure 2.10, and Figure 2.11 show configurations for connectivity to
a MIP or MIPs for online access.
Banknet
Network
Issuer MIP
MIP
Banknet
Network
Issuer MIP
MIP
To have direct connectivity to a MIP, the issuer must have a host computer
that can support this type of connectivity.
Shared
MIP
Issuer 2
When several issuers have connectivity to a shared MIP, the MIP is located at
the site of one of the issuers. Other issuers access the MIP via a dedicated
phone line. The issuer with the MIP on-site controls the MIP console.
CAPS
CAPS issuers use Stand-In System processing for all of their authorization
processing. These issuers do not have an online connection to the Banknet
network. They connect to the Banknet network using MasterCard File Express,
a MasterCard communications software package. Through MasterCard File
Express, CAPS members provide MasterCard with a file containing all accounts
in the issuer’s cardholder base. They send this file as often as necessary to
provide MasterCard with current account listings and the associated available-
to-buy. MasterCard sends CAPS members a daily Sequential Response File,
which contains a record of all authorization requests that MasterCard processed
on the member’s behalf. They may also receive the Daily Activity Report via
fax or mail. This report contains supplemental information not found in the
file.
Each CAPS member must complete the Stand-In Processing Worksheet for
CAPS Members to designate limits and range blocks.
For detailed information about CAPS, sending and receiving CAPS files, and
completing the Stand-In Processing Worksheet for CAPS Members, see chapter
8.
Authorization Responses
Every authorization request receives an authorization response that directs the
acquirer or the merchant on how to proceed with the transaction. The
response received is typically a code that identifies the action that the
merchant should take.
Approve
The transaction is authorized as reported.
• For magnetic stripe and key-entered transactions, the issuer provides a six-
digit authorization code to the acquirer when it approves a transaction for
the purchase of goods or services or cash disbursement.
• For smart card transactions, the smart card produces a TC when it
approves a transaction for the purchase of goods or services or cash
disbursement.
• For non–face-to-face smart card transactions completed using cardholder-
controlled remote devices, the authorization response cryptogram (ARPC)
with an authorization response code can replace the TC and chip-related
data.
The merchant still must perform its normal review process, such as verifying
the signature on the card are often included, before completing the
transaction.
Decline
The merchant may not complete the transaction. The merchant may return the
card, but may not accept the card in payment for the program or service for
that transaction amount.
If the smart card transaction goes online and the issuer responds with “refer to
card issuer,” the merchant and acquirer should follow “refer to card issuer”
procedures. The issuer can then provide a code for the merchant to type in,
indicating whether to approve or decline the transaction. Based on the
approval code, the smart card will generate a TC if the transaction is approved
or an AAC if the transaction is declined.
Capture Card
The acquirer or merchant must use its best efforts to retain the card by
reasonable and peaceful means. For instructions on how to return a recovered
card to the issuer, see the Security Rules and Procedures manual.
Limit-1 Processing
If the issuer is online and chooses to truncate a certain percentage of
transactions to reduce the number of transactions that the issuer must process,
the issuer can establish Limit-1 transaction limits using the Stand-In Processing
Worksheet. For details about establishing these limits, see chapter 7.
For all other transactions, Limit-1 processing applies the following checks:
1. Checks for the Nth transaction and sends Nth transactions directly to the
issuer for processing.
2. Compares the transaction amount to the Limit-1 amounts established by the
issuer on the Stand-In Processing Worksheet. Limit-1 processing sends
transactions with transaction amounts greater than the Limit-1 amounts
directly to the issuer for processing.
3. Applies all of the usual Stand-In System tests described in chapter 6 to
remaining transactions.
Limit-1 Limits
Limit-1 processing forwards transactions with transaction amounts greater than
the established limit to the issuer for approval. MasterCard has established a
default Limit-1 limit of USD 0; all transactions are automatically forwarded to
the issuer for issuers that do not designate separate limits.
Online acquirers can override issuer Limit-1 values and forward MO/TO and
electronic commerce transactions from their MIP to issuers to reduce the risk
of Limit-1 approval for MO/TO and electronic commerce transactions.
“Nth” Transaction
Limit-1 processing forwards one transaction (the “Nth” transaction) to the
issuer at established intervals, regardless of the transaction amount. A counter
on each acquiring MIP maintains the transaction count for each issuer. For
example, MasterCard has established a default of 9,999 for the Nth value.
At each acquiring MIP, every 9,999th transaction received for each issuer for
Limit-1 processing automatically goes to the issuer for authorization unless the
issuer designates a different “Nth” value on the Stand-In Processing Worksheet.
Members that establish Limit-1 values should review their limits for the Stand-
In Accumulative Limits test. These limits must be sufficient to accommodate
Limit-1 transaction volumes in Stand-In System processing. Stand-In
processing applies the member-defined Accumulative Limits test to all
transactions (including Limit-1 transactions) that the Stand-In System processes.
Banknet
Network
Acquirer MIP MIP Issuer
MIP
Stand-In
Banknet
Network
Acquirer MIP MIP Issuer
MIP
Stand-In
X-Code Processing
X-Code processing applies only when the acquirer is online. It can occur at
either of the following locations:
• Acquirer host
• Acquirer MIP
The descriptions here apply only to MasterCard card programs. For X-Code
processing of all other card brands, see “X-Code Processing of Non-MasterCard
Card Programs” later in this chapter.
1 X
Banknet
1 X Network
Acquirer MIP MIP Issuer
2
Stage Description
1. The acquirer creates an authorization request; however, the acquirer host
cannot communicate with the acquirer MIP.
2. The acquirer responds to the authorization request based on the rules for
acquirer host X-Code processing.
3. The acquirer may be required to phone or telex the issuer for approval based
on the rules for X-Code processing.
The issuer bears liability for authorization requests that it approves. The
acquirer must phone or telex the issuer for approval in any of the following
instances:
• The transaction amount is more than USD 300.
• The card is not present.
• The merchant suspects that the card may be stolen or counterfeit, or the
transaction or the customer causes the merchant to be suspicious.
• The transaction type is one of the following: cash disbursement, unique,
mail order/telephone order, electronic commerce order, or payment
transaction.
If the transaction amount is more than USD 300 and the acquirer cannot reach
the issuer, the acquirer may do any of the following:
• Approve the transaction (and bear liability for the total amount).
• Decline the transaction.
• Continue attempting to reach the issuer.
1
Banknet
2 Network
MIP
Stand-In
Stage Description
1. The authorization request is routed to the acquirer MIP on its way to the
issuer. However, one of the following scenarios occurs:
• The acquirer MIP cannot communicate with the Banknet network.
• The Banknet network cannot communicate with the issuer MIP and
the Banknet network cannot communicate with the Stand-In MIP.
• The Banknet network cannot communicate with the issuer MIP and
the Stand-In MIP cannot communicate with the Stand-In host.
• The Banknet network cannot communicate with the Stand-In MIP
and the issuer MIP cannot communicate with the issuer host.
Stage Description
• Transactions that occur at a
cardholder-activated terminal
(CAT)/Level 1
Refer to Card Issuer • Cash disbursement
• Payment transaction
• Unique
• Transactions that exceed the
MasterCard X-Code limits (see the
MIP X-Code Limits table)
Capture Card Transactions for accounts that are listed
on the Electronic Warning Bulletin file
or on the Warning Notice
Approve Transactions that are less than or equal
to the MasterCard X-Code limits and do
not meet any of the criteria listed above
The acquirer may raise the X-Code limits at its own risk via the MIP console.
For more information about how to do this, see the MasterCard Interface
Processor Member Manual.
If the acquirer raises the limits, it is liable for the entire amount of any
transaction greater than the MasterCard default limits. For example, suppose
that the acquirer raises the USD 600 limit for all other MasterCard cards to USD
1,000. If a transaction is approved for USD 900 under the raised X-Code limit,
then the acquirer is liable for the entire USD 900. The acquirer is liable under
chargeback reason code 08 (Requested/Required Authorization Not Obtained).
The issuer is liable only for transaction amounts that are less than or equal to
the MasterCard default amounts.
The following table shows MIP X-Code limits for non-MasterCard cards.
Figure 3.1 depicts this basic flow. This basic authorization flow assumes that
the card involved is a MasterCard card, that the issuer and acquirer are online
members, and that the issuer has instructed MasterCard to forward all requests.
Cardholder
1
7
Merchant
2
6
3 3 3 3
4 4 Banknet 4 4
5 Network
5
Acquirer MIP MIP Issuer
Stage Description
1. The cardholder presents the card to the merchant for a face-to-face
transaction or provides the card number, expiration date, name, and
address when placing a mail, phone, or electronic commerce (e-commerce)
order.
2. The merchant forwards the transaction to the acquirer for approval.
3. The acquirer requests authorization for the transaction by generating an
authorization request message. The authorization request travels through
an acquiring MasterCard interface processor (MIP), to the Banknet®
telecommunications network, through an issuer MIP, and then to the
issuer’s host.
Stage Description
4. The issuer returns an authorization response message to the acquirer to
indicate what action the merchant should take for the transaction. The
authorization response travels through the Banknet network to the
acquirer.
5. Online acquirers may send an authorization acknowledgement message
confirming receipt of the response.
6. The acquirer responds to the merchant.
7. The merchant completes the transaction according to the authorization
response returned.
Note Throughout the remainder of this chapter, diagrams omit reference to the
cardholder and merchant. Note that all authorization flows begin with the
cardholder and end with the merchant applying the authorization response.
Note Throughout this manual, the acquirer MIP in the diagrams refers to whichever
MIP accepts the authorization request and forwards it through the Banknet
network.
In these cases, the transaction follows the flow depicted in Figure 3.2.
1 1 Banknet X X
4 4 Network 6 6
Acquirer 5 5
MIP MIP Issuer
6
4 2
MIP
2 6
4
3
Stand-In 3 SAF
Queue
Stage Description
1. After receiving the merchant request for authorization, the acquirer generates
an authorization request, which travels through the Banknet network.
2. The Banknet network, unable to route the authorization request to the online
issuer, routes it to Central Site for Stand-In processing. See chapter 6 for
information about Stand-In processing.
3. At Central Site, Stand-In processing generates an authorization response, based
on the issuer’s parameters. Stand-In processing also generates authorization
advice messages, as appropriate, and stores them in a store-and-forward (SAF)
queue.
4. The Banknet network routes the Stand-In authorization response to the
acquirer.
5. Online acquirers may send an authorization acknowledgement message
confirming receipt of the response.
6. When issuer connectivity is reestablished, the issuer may retrieve the SAF
messages generated by Stand-In processing to adjust cardholder available-to-
buy positions appropriately. See the Customer Interface Specification manual
for the format and contents of a SAF message.
This flow does not apply to AVS only or balance inquiry transactions. These
transactions are not supported for CAPS members and receive an authorization
response of “service not supported.”
1 1
Banknet
4 4
Network
5 5
Acquirer MIP Issuer
2 Primary
4 Stand-In
or CAPS
MIP
4 3
2
Stand-In
Stage Description
1. After receiving the merchant request for authorization, the acquirer generates
an authorization request, which travels through the Banknet network.
2. The Authorization System automatically routes the request to Central Site for
Stand-In processing. See chapter 6 for information about Stand-In processing.
3. At Central Site, Stand-In processing generates an authorization response, based
on CAPS parameters.
4. The Banknet network routes the Stand-In authorization response to the
acquirer.
5. Online acquirers may send an authorization acknowledgement message
confirming receipt of the response.
Acquirer Responsibilities.....................................................................................4-1
Processing Authorization Requests...............................................................4-1
Accessing the Banknet Network ............................................................4-1
Creating and Sending Authorization Requests ......................................4-2
Expired Card .....................................................................................4-2
Invalid BIN........................................................................................4-2
Cash Disbursement...........................................................................4-2
Electronic Commerce Transactions..................................................4-2
Magnetic Stripe Compliance Program .............................................4-3
Card-read Data Storage Standards ...................................................4-4
Voice Authorization Requests ..........................................................4-4
Mail Order/Telephone Order Batch Authorization
Request/0100 Messages ....................................................................4-4
Receiving the Authorization Response ..................................................4-4
Call Referral Responses ....................................................................4-4
Maintaining Authorization Logs..............................................................4-5
Assisting in Investigation of Counterfeits and Criminal Cases ....................4-5
Billing ............................................................................................................4-5
Acquirer Responsibilities
As MasterCard members, acquirers enter into written agreements with their
merchants. These acquirer-merchant agreements must in substance contain
certain provisions described in the Bylaws and Rules manual.
Note The acquirer is responsible for making applicable MasterCard rules, regulations,
procedures, and policies known to its merchants and is responsible for
merchant violations of them.
Expired Card
Acquirers should forward, and not decline, any transactions with an expired
expiration date. Issuer-approved expired card transactions are not eligible for
chargeback if the Authorization Request/0100 message accurately presents the
expiration date. See the Chargeback Guide for more information about
chargeback rights associated with expired cards.
Invalid BIN
Cash Disbursement
See the GCMS Reference Manual for specific procedures related to processing
cash disbursements.
MasterCard also monitors and identifies merchants and acquirers to verify that
they do not resubmit declined Authorization Request/0100 messages with
different values in these data elements. Merchants and acquirers should not
present Authorization Request/0100 messages using one card acceptor
business code/merchant category code (MCC) or with e-commerce transaction
identifiers and then, when declined, subsequently resubmit the transaction
with different MCCs or with e-commerce transaction identifiers to bypass issuer
strategies and obtain issuer approval.
Acquirer Certification
Acquirers that participate in the Magnetic Stripe Compliance Program and use
multiple processors (including processors used for emergency situations) must
complete the Magnetic Stripe Monitoring process for each processor they use.
See chapter 9 for more information about participating in the Magnetic Stripe
Compliance Program.
Acquirers that initiate an authorization request based on a phone call from the
merchant must verify the account number with the merchant to ensure that it
was correctly relayed before declining an authorization.
• Apply all call referral standards to the rules governing Member Service
Providers (MSPs). The Bylaws and Rules manual describes MSP
responsibilities.
Billing
All authorization processing activities are billed through the MasterCard
Consolidated Billing System (MCBS). Charges and credits to the acquirer are
listed as “billing events,” and include the following categories of authorization
activity:
• Use of the network (acquirer access fees)
• Use of value-added services. See chapter 9 for a description of these
services.
For a complete description of billing events for authorization services, see the
MasterCard Consolidated Billing System Manual.
Issuer Responsibilities
Issuers have responsibilities regarding the following aspects of participation in
the MasterCard Authorization System:
• Encoding and validating the card validation code 1 (CVC 1) value
• Imprinting and validating the card validation code 2 (CVC 2) value
• Issuing and validating PIN data
• Processing authorization requests
• Call referral responses
• File maintenance
• Billing
Online issuers also must validate the CVC 1 value when they receive the
Authorization Request/0100 message if the Authorization Request/0100
message contains value 80, 90, or 91 in subfield 1 of the Point-of-Service (POS)
Entry Mode field.
• Not use call referrals as a primary method for activating new or reissued
cards to minimize the impact on cardholders and merchants at the point-
of-interaction.
• Adhere to the following minimum standards for all call referrals, domestic
and international, whether processed through the Global Automated
Referral Service (GARS) or direct member-to-member communications.
The standards apply to the amount of time the issuer has to respond to
incoming referral calls from acquirers and to the average monthly duration
of each referral call:
− On an incoming phone call (voice or GARS) from an acquirer, the
issuer must answer the call within 30 seconds. Then the issuer must
retrieve the call from its queue and initiate discussion with the acquirer
within the next 30 seconds. The issuer also must limit the duration of
each call to five minutes, measured as a monthly average.
− On an incoming telex from an acquirer, the issuer must retrieve the
message from its queue and initiate a response to the acquirer within
two minutes. The issuer also must limit the duration of each call to 10
minutes, measured as a monthly average.
All phone calls and telex messages processed through GARS that are not
answered by the issuer within the required time frames are routed to the
MasterCard Stand-In facility at Central Site for processing. MasterCard uses the
issuer-defined Stand-In parameters to complete the transaction.
File Maintenance
Issuers maintain the account listings of restricted, negative, and positive cards
used by Stand-In processing for online and CAPS members. They may list
accounts in the following files:
• Account File
• Account Management System
See the Account Management User Manual for more information about these
files, including how to access the files, record formats, and detailed
instructions for performing file maintenance.
Billing
All authorization processing activities are billed through the MasterCard
Consolidated Billing System (MCBS). Charges to the issuer include the
following categories of authorization activity:
• Use of the Banknet network (issuer access fees)
• Use of value-added services (see chapter 9 for a description of these
services)
• Call referrals (charge to the issuer for issuing call referral responses and for
receiving response calls from acquirers)
For a complete description of billing events for authorization services, see the
MasterCard Consolidated Billing System Manual.
Message Types.....................................................................................................5-1
Message Types
The following table lists the message types supported by the Authorization
System. Check marks ( ) indicate who initiates the message. See the
Customer Interface Specification manual for the data elements in each
message.
Online issuers and acquirers should use this chapter with the Customer
Interface Specification manual. For debit transactions (02xx messages), see the
MDS Online Specifications manual.
Authorization/01xx Messages
0100 Authorization Request
0110 Authorization Request
Response
Apr
0120 Authorization Advice 2006
0130 Authorization Advice
Response
0180 Authorization
Acknowledgement (optional for
acquirers)
Administrative Advice/06xx
Messages
0620 Administrative Advice
0630 Administrative Advice
Response
Network Management/08xx
Messages
0800 Network Management
Request
0810 Network Management
Request Response
0820 Network Management
Advice
Stage Description
1. The acquirer initiates an Authorization Request/0100 message and sends it to
the Authorization System.
2. The Authorization System forwards the Authorization Request/0100 message to
the issuer.
3. The issuer generates an appropriate Authorization Request Response/0110
message and sends it to the Authorization System.
4. The Authorization System forwards the Authorization Request Response/0110
message to the acquirer.
Authorization Advice/0120—Acquirer-generated
Acquirers can submit an Authorization Advice/0120—Acquirer-generated
message when the acquirer responds to an authorization request if the
Authorization Request/0100 message cannot be delivered to the Authorization
System because of a system failure.
1 0120
Banknet
Network
0130 2
Acquirer
Stage Description
1. The acquirer initiates an Authorization Advice/0120—Acquirer-generated
message and sends it to the Authorization System.
2. The Authorization System returns an Authorization Advice Response/0130—
System-generated message to the acquirer to indicate positive receipt of the
Authorization Advice/0120—Acquirer-generated message.
The Authorization System adds the Authorization Advice/0120—Acquirer-
generated messages to SAF several times a day. SAF will retain these
messages for four days for the issuer to retrieve.
Authorization Advice/0120—Issuer-generated
Authorization Request/0100 messages can contain BINs that members have
selected for scoring. For these transactions, issuers create and send
Authorization Advice/0120 messages to the RiskFinder scoring system. The
RiskFinder scoring system sends to the issuer an Authorization Advice
Response/0130 to acknowledge receipt of the Authorization Advice/0120
message.
0120
Banknet
Network
0130
Issuer
0120
0130
RiskFinder
Stage Description
1. The issuer initiates an Authorization Advice/0120—Issuer-generated message
and sends it to the Authorization System. The Authorization System forwards
the message to the RiskFinder scoring system.
2. The RiskFinder scoring system creates an Authorization Advice
Response/0130—System-generated message and sends it to the Authorization
System. The Authorization System forwards the Authorization Advice
Response/0130—System-generated message to the issuer to indicate positive
receipt of the Authorization Advice/0120—Issuer-generated message.
Authorization Advice/0120—System-generated
When the Stand-In System responds to an Authorization Request/0100 message
on behalf of the issuer, the Stand-In System generates an authorization
response, based on the issuer’s parameters. The Stand-In System also
generates an Authorization Advice/0120—System-generated message.
Banknet 1 0120
Network
Acquirer 0130 2 Issuer
3
1
0120
0130
Stand-In
System
Stage Description
1. The Stand-In System generates an Authorization Advice/0120—System-
generated message, and sends it to the issuer.
2. The issuer returns an Authorization Advice Response/0130—Issuer-generated
message.
3. The Stand-In System receives the Authorization Advice Response/0130—Issuer-
generated to indicate positive receipt of the Authorization Advice/0120—
System-generated message.
1 0100 2 0100
0110 4 Banknet 0110 3
5 0180 Network
Acquirer Issuer
Stage Description
1. The acquirer initiates an Authorization Request/0100 message and sends it to
the Authorization System.
2. The Authorization System forwards the Authorization Request/0100 message to
the issuer.
3. The issuer creates the appropriate Authorization Request Response/0110
message and sends it to the Authorization System.
4. The Authorization System forwards the Authorization Request Response/0110
message to the acquirer.
5. The acquirer sends an Authorization Acknowledgement/0180 message back to
the Authorization System, indicating that the acquirer received and secured the
preceding Authorization Request Response/0110 message at the application
level.
In most cases, the acquirer should send the Authorization
Acknowledgement/0180 message to the Authorization System:
• Immediately after it secures (or logs) the Authorization Request
Response/0110 message
• Before the transaction actually is completed at the point of interaction
An Authorization Acknowledgement/0180 message does not necessarily
indicate that the transaction was successfully completed at the point of
interaction.
The following diagram explains the sequence if the issuer generates an invalid
response.
0100 1 1 1 0100 1
Banknet 0110 2
0110 5
Network
0190 3
Acquirer MIP MIP Issuer
0110
0100
5 4
0100 4 Stand-In
5 0110
MIP
Stage Description
1. The acquirer sends the Authorization Request/0100 message.
2. The issuer generates an invalid Authorization Request Response/0110 message.
3. The Authorization System sends an Authorization Response Negative
Acknowledgement/0190 message to the issuer.
4. The Authorization System routes the Authorization Request/0100 message to
the Stand-In System.
5. The Stand-In System generates an Authorization Request Response/0110
message and sends it to the acquirer.
The Authorization System uses these data files to control the operation of
standard and optional features that customers may select when they participate
in one or more of the MasterCard program and service offerings.
The following diagram illustrates the standard Issuer File Update Request/302
and Issuer File Update Request Response/0312 message process.
0302 1
Banknet
Network
2 0312
Acquirer Issuer
1
0312
0302
2
Account
Management
Repository (AMR)
Stage Description
1. The issuer initiates an Issuer File Update Request/0302 message.
2. The Authorization System performs the requested issuer file update task and
issues an Issuer File Update Request Response/0312 message back to the
issuer. A Response Indicator field in the Issuer File Update Request
Response/0312 message indicates whether the issuer file update was
completed successfully.
1 0400 2 0400
Banknet
Network
0410 4 0410 3
Acquirer Issuer
Stage Description
1. The acquirer initiates an Acquirer Reversal Request/0400 message and submits
it to the Authorization System.
2. The Authorization System forwards the Acquirer Reversal Request/0400
message to the issuer.
3. The issuer generates an appropriate Acquirer Reversal Request Response/0410
message and submits it to the Authorization System.
4. The Authorization System forwards the Acquirer Reversal Request
Response/0410 message to the acquirer.
1 0420
Banknet
Network
0430 2
Acquirer Issuer
Stage Description
1. The Authorization System sends an Acquirer Reversal Advice/0420 message to
the issuer.
2. The issuer responds to the Authorization System with an Acquirer Reversal
Advice Response/0430 message to acknowledge positive receipt of the
Acquirer Reversal Advice/0420 message.
1 Invalid
message
Banknet
CPS 0620 2 Network
3 0630
Stage Description
1. A customer processor system (CPS) generates an invalid message and forwards
it to the Authorization System.
2. The Authorization System returns an Administrative Advice/0620 message to
the CPS, with an appropriate error condition code indicating the point at
which the Authorization System terminated message parsing or message
processing.
3. The CPS acknowledges receipt of the Administrative Advice/0620 message and
returns an Administrative Advice Response/0630 message to the Authorization
System.
1 0620
0630 2 Banknet 3 0620
CPS CPS
Network 0630 4
Stage Description
1. A customer processor system (CPS) generates an Administrative Advice/0620
message and forwards it to the Authorization System. Note that the “CPS” may
be an issuer, an acquirer, or any other customer processing facility
communicating via the Authorization System.
2. The Authorization System acknowledges receipt of the Administrative
Advice/0620 message by returning an Administrative Advice Response/0630
message to the originating CPS.
3. The Authorization System forwards the Administrative Advice/0620 message to
the receiving destination CPS.
4. The receiving CPS acknowledges receipt of the Administrative Advice/0620
message by returning an Administrative Advice Response/0630 message to the
Authorization System.
1 0800
Issuer or Banknet
Acquirer 0810 2 Network
Stage Description
1. The issuer or acquirer sends a Network Management Request/0800 message to
the Authorization System.
2. The Authorization System generates a Network Management Response/0810
message to acknowledge receipt of the Network Management Request/0800
message.
1 0800 Banknet
Issuer or
Acquirer Network
0810 2
Stage Description
1. The Authorization System generates the Network Management Request/0800
message.
2. The issuer or acquirer generates a Network Management Response/0810
message to acknowledge receipt of the Network Management Request/0800
message.
1 0800 1
Banknet 2 0810 2
Network 3 0120, 0420, 0620 3
4 0130, 0430, 0630 4
Acquirer MIP 5 0820 5 Issuer
1 MIP
2 4 5 Issuer
3
1
2
Stand-In SAF
3
4 Queue
5
MIP
Stage Description
1. The issuer sends a Network Management Request/0800 message to request SAF
messages. The network management code included in DE 70 (Network
Management Information Code) identifies this as a SAF request.
2. The Stand-In System generates the Network Management Request
Response/0810 acknowledgement message.
3. The Banknet SAF process forwards an Authorization Advice/0120, Acquirer
Reversal Advice/0420, or Administrative Advice/0620 message to the issuer.
4. The issuer must generate an Authorization Advice Response/0130, Acquirer
Reversal Advice Response/0430, or Administrative Advice Response/0630
message. These response messages advise the Stand-In System that the issuer
received the previous Authorization Advice/0120, Acquirer Reversal
Advice/0420, or Administrative Advice/0620 message and prompt the Stand-In
System to send the next Authorization Advice/0120, Acquirer Reversal
Advice/0420, or Administrative Advice/0620 message.
Each time the Stand-In System receives an Authorization Advice
Response/0130, Acquirer Reversal Advice Response/0430, or Administrative
Advice Response/0630 message, the Stand-In System sends the issuer the next
message. If the Stand-In System does not receive an Authorization Advice
Response/0130, Acquirer Reversal Advice Response/0430, or Administrative
Advice Response/0630 message within three minutes, the Stand-In System
assumes the issuer did not receive the previous message and ends the SAF
session.
Stage Description
5. When there are no more Authorization Advice/0120, Acquirer Reversal
Advice/0420, and Administrative Advice/0620 messages in the queue, the
Stand-In System generates a Network Management Advice/0820 message.
When an issuer has a large number of SAF records (for example, because of
an extended outage), MasterCard can provide SAF records to the issuer using
any of the following transmission methods:
• Bulk file type T230
• Complex-to-complex (CTC) file transmission
• Magnetic tape
When MasterCard begins to create the bulk file for transmission via these
methods, it halts the online transmission of SAF records. This halt prevents
MasterCard from distributing duplicate SAF records via both bulk file and
online transmission.
Account File
Banknet
Network VIP accounts
Gold accounts
Authorization Account listings
Acquirer Negative accounts
Request Restricted accounts
Stand-In
(Stand-In
Transaction Limits Issuer
tests
applied) Accumulative Limits
Decision Matrix Security Service Forms
Range Blocks Stand-In Worksheet
CVC Parameters
MIP PIN Parameters
M/Chip Parameters
Central Site AAV Parameters
Range Blocks
Issuers may list a range of account numbers to indicate that they have not
issued the numbers to cardholders.
Account Listings
The issuer may list accounts in the Account File as negative, restricted, VIP, or
Gold.
Issuers may list individual card numbers to identify exception accounts that are
processed differently than regular accounts. They can list these accounts with
either higher limit, such as the limits for Gold MasterCard® cards and VIP cards
or as negative or restricted accounts that must be declined or captured.
• Accumulative number and amount limits that are calculated over a specified
number of days
Online issuers should refer to chapter 7 and CAPS issuers should refer to
chapter 8 for instructions on using the Stand-In Processing Worksheet to
provide parameters.
Online and CAPs issuers that want to take advantage of one of the optional
security services must use the Key Validation Service Specification Form and
follow the procedures in the On-behalf Key Management (OBKM) Document
Set.
Currently, issuers may choose from the following security services (described
later in this chapter):
• M/Chip Cryptogram Validation in Stand-In Processing
• Personal Identification Number (PIN) Verification
• Card Validation Code 1 (CVC 1) Verification
• MasterCard® SecureCode™ Dynamic AAV Verification in Stand-In
Processing
Decision Matrix
The issuer defines which authorization response Stand-In processing should
use if an authorization request fails a particular test.
Issuer is N or C N or C N or C N or C
signed-out
Issuer is N N or A N N
signed-in
A = Skip the Transaction Limits test (go to the next test even if the transaction is over
the limit)
N = Decline request
C = Call referral (verbal contact required to complete the transaction)
Stand-In Tests
The Stand-In tests systematically review the authorization request to determine
an appropriate authorization response. Figure 6.2 shows the Stand-In tests in
the order in which Stand-In performs them.
Figure 6.2—Stand-In Tests (listed in the order in which they are performed)
Cash
Range Blocks Disbursement
CVC 1 Test
Test Accumulator
Test
M/Chip Transaction
Cryptogram Limits
Validation Test Test
Stand-In processing performs the tests only until it reaches a test result that
allows it to generate an authorization response. If Stand-In processing
performs the Range Blocks test and the authorization request fails that test, for
example, Stand-In processing immediately generates the authorization
response and does not perform any of the subsequent tests.
The Range Blocks test determines whether the account number in the
transaction falls within a blocked range. If it does, Stand-In processing returns
a response of “invalid card number.” Setting up range blocks for Stand-In
processing is optional.
The expiration date test determines whether the expiration date provided in
the request message is less than the current year and month, or is more than
20 years in the future. Signature-based non-expiring cards (YY/MM of 4912)
are excluded from this test.
Stand-In processing performs this test only if the transaction meets the
following criteria:
• Validates the ARQC and the TVR/CVR fields according to a default pattern
• Approves or declines the transaction
• Generates the ARPC
• Creates the Authorization Request Response/0110 message
• Creates the Authorization Advice/0120 message
See chapter 9 for more information about the PIN Verification in Stand-In
processing service.
CVC 1 Test
The card validation code 1 (CVC 1) test is an optional service.
Stand-In processing performs the test only if the transaction meets the
following criteria:
• The issuer has requested participation in this service.
• The authorization request contains full-unaltered track 1 or track 2 data
and value 80, 90, or 91 in Point-of-Service (POS) Entry Mode field.
A value of 90 indicates that the PAN was entered via magnetic stripe. The full
track data has been read from the data encoded on the card and transmitted
within the authorization request in DE 35 (Track 2 Data) or DE 45 (Track 1
Data) without alteration or truncation.
A value of 91 indicates that the PAN was entered via contactless magnetic
stripe—the full track data has been read from the data on the card and
transmitted within the authorization request in DE 35 (Track 2 Data) or DE 45
(Track 1 Data) without alteration or truncation.
If the transaction meets the criteria for the CVC 1 test, Stand-In processing
verifies that the CVC 1 is valid. If the CVC 1 is not valid, Stand-In processing
uses the Account File Test column of the issuer’s Decision Matrix to determine
a response of either “refer to card issuer” or “decline.”
See chapter 9 for information about signing up for CVC 1 Verification in Stand-
In processing.
Issuers may request that Stand-In processing perform the AAV verification test
when the issuer’s host system is unavailable to respond to the Authorization
Request/0100 message containing AAV data.
See chapter 9 for more information about the MasterCard SecureCode Dynamic
AAV Verification in Stand-In processing service.
For any other type of transaction, if the transaction exceeds the established
transaction limit, Stand-In processing refers to the issuer’s Decision Matrix to
determine an authorization response. Based on the Decision Matrix, Stand-In
processing either:
• Generates a response of “refer to card issuer” or “decline.” If the account
is a VIP account, Stand-In processing uses the VIP Test section of the
Decision Matrix to determine a response.
• Continues to the next Stand-In test.
For a list of valid numeric country codes, valid TCCs, and valid MCCs, see the
Quick Reference Booklet . For more information about promotion code
requirements in authorization messages and CAT level values (DE 61, subfield
10), see the Customer Interface Specification.
Parameter Combinations
Parameter combinations are established by BIN or ICA number. Each
combination may include some or all of the following:
• One promotion code
• One cardholder-activated terminal (CAT) level indicator
• Up to 10 specific TCCs or up to 10 specific MCCs
• Up to 10 specific country codes
Example 1
Example 2
Example 3
MasterCard limits apply only to in-flight commerce gaming, and not to other
in-flight commerce activity.
The following table shows the MasterCard-mandated transaction limits for In-
flight Commerce Gaming transactions (CAT level indicator 4 with MCC 7995).
MasterCard instructs Stand-In processing to use a transaction limit of USD 350
when the card is present and USD 0 when the card is not present, when the
Authorization Request/0100 message contains CAT level indicator 4 and MCC
7995. Country code 000 shows that Stand-In processing applies these
transaction limits globally.
All issuers must have transaction limits by TCC. MasterCard has established
minimum TCC limits, which are defined in chapter 7. Issuers may establish
higher limits for some or all TCCs, and they may establish different limits for
card present and card not present point-of-interaction situations.
Current issuer-defined TCC limits are reported by BIN to each issuer weekly on
the Authorization Parameter Summary Report (SI737010-AA).
MasterCard Processing
To apply transaction limits parameters, MasterCard maintains a matrix for each
issuer that contains all of the parameter combinations for that issuer (up to 19
combinations). Each time an authorization request is forwarded to Stand-In
processing, the system sequentially reviews the matrix, stopping on the first
parameter combination that has matching criteria in the Authorization
Request/0100 message, and using the limits established for that combination to
process the request.
Example 1
For the Transaction Limits section of Stand-In processing, Stand-In reviews the
matrix line by line:
• Because the authorization request does not contain promotion code
PM0111 and MCC 5511, processing continues past the first line.
• Because the request does not contain country code 454, CAT level
indicator 2, and MCC 5542, it also continues past the second line.
• On the third line, country code 626 and TCC O in the matrix match the
country code and TCC in the Authorization Request/0100 message.
Because the matrix does not contain an MCC, processing uses the TCC in
the authorization request and disregards MCC 8062. Therefore, Stand-In
processing applies the transaction limits for this parameter combination.
Example 2
Because the card is present and the authorization request contains TCC R,
Stand-In processing applies a transaction limit of USD 100 to this transaction.
The transaction amount of USD 75 is less than the limit, so it will pass this
transaction limit test.
Example 3
Because the card is not present and the authorization request contains TCC A,
Stand-In processing applies a transaction limit of USD 375 to this transaction.
The transaction amount of USD 450 is more than the limit, so it will fail this
transaction limit test.
For example, assume the issuer designated the following accumulative limits:
For any other type of transaction, if the cumulative number or dollar amount in
the request exceeds the limit established by the issuer, Stand-In processing
generates a response of either “refer to card issuer” or “decline,” based on the
Decision Matrix.
Stand-In Response
If Stand-In processing performs all of the tests described earlier without
generating a response of “decline,” “refer to card issuer,” or “capture card,”
Stand-In processing approves the authorization request. It also adds the
transaction amount to the cardholder’s accumulative record in preparation for
the next comparison with the Accumulative Limits.
Online Transactions
Stand-In processing performs all steps of the testing process as described. In
addition, for online issuers, when Stand-In processing generates an
authorization response of “approved,” “decline,” or “capture card,” it also
creates a store-and-forward (SAF) advice message, which contains the
transaction data for the authorization request. The issuer can retrieve these
SAF messages online (described in chapter 5).
Note If the account is part of a mixed BIN and is not also listed in the Account File
with entry reason G, the Transaction Limits Test defaults to the transaction
limits for the programs other than Gold MasterCard Cards in the BIN range.
VIP Accounts
To identify VIP accounts, issuers establish transaction limits and accumulative
limits in the VIP Controls section of the Stand-In Processing Worksheet.
Stage Description
1. If the transaction fails the Transaction Limits Test, Stand-In processing applies
the response designated in the VIP Test section of the Decision Matrix. If the
transaction passes the Transaction Limits Test, Stand-In processing proceeds to
the Accumulative Limits Test.
2. During the Accumulative Limits Test, Stand-In processing applies the Days and
Count Limit parameters designated by the issuer in the VIP Control section of
the Stand-In Processing Worksheet.
3. If the transaction fails the Accumulative Limits Test, Stand-In processing
applies the response designated in the VIP Test section of the Decision Matrix.
4. If the transaction passes the Accumulative Limits Test, Stand-In processing
adds the transaction amount to the VIP accumulation amount for that
cardholder. Stand-In processing compares the sum to the VIP amount
designated in the Account File. If the transaction fails the Accumulative
Amount Test for VIP cards, Stand-In processing applies the response
designated in the VIP Test section of the Decision Matrix.
5. If the transaction passes the Accumulative Amount Test, Stand-In processing
applies the next test.
CAPS Accounts
CAPS issuers list all of their positive accounts as VIP accounts (described in
chapter 8).
If Stand-In processing does not find a CAPS account listed in the Account File
with entry reason V, P, or R, during the Account File test, it generates a
response of “decline.”
Establishing Parameters.......................................................................................7-1
To Complete the Worksheet.........................................................................7-1
Default Values ...............................................................................................7-2
Setting Limits Lower than the MasterCard Minimums ...........................7-2
On Every Page ..............................................................................................7-2
Important Dates...................................................................................................7-4
How MasterCard Uses this Information .......................................................7-4
When Changes are Effective.........................................................................7-4
Telephone Numbers............................................................................................7-5
How to Complete this Section......................................................................7-5
How MasterCard Uses this Information .......................................................7-5
When Changes Are Effective ........................................................................7-5
Decision Matrix..................................................................................................7-18
How to Complete this Section....................................................................7-18
How Stand-In Processing Uses this Information .......................................7-19
When Changes Are Effective ......................................................................7-19
VIP Controls.......................................................................................................7-24
How to Complete this Section....................................................................7-24
How Stand-In Processing Uses this Information .......................................7-25
When Changes Are Effective ......................................................................7-25
Establishing Parameters
To generate authorization responses, Stand-In processing must have issuer
parameters on file. Issuers establish or update parameters by completing the
Stand-In Processing Worksheet for Online Issuers.
The Stand-In Processing Worksheet for Online Issuers is required for all online
issuers. Issuers must complete at least one worksheet for each issuing ICA
number. Issuers may list multiple account ranges on one worksheet if both of
the following statements are true:
• You are available to respond to call referrals for all listed account ranges at
the phone numbers that you list during the times that you list on the
worksheet.
• You want to establish the same parameters for all listed account ranges.
Step Action
1. Determine how much of the form you need to complete.
IF you are filling out the form… THEN you must complete…
For the first time The entire form
To update your existing parameters Only the applicable pages of the form
2. Copy the appropriate pages of the form. (MasterCard suggests that you
always leave one sample copy in this manual.)
3. Complete the appropriate pages of the form.
4. On each page that you complete, print your name (the person who completed
the form) on the Contact Name line, sign your name on the Contact Signature
line, write your Phone number, and provide the Completed date.
Step Action
5. Fax or mail the completed pages to:
MasterCard International
Attention: Customer Operations Services
2200 MasterCard Boulevard
O’Fallon MO 63368-7263
USA
Fax: 1-636-722-7192
Default Values
MasterCard has established minimum and maximum values for certain
parameters. The form lists these minimum and maximum values.
• If you do not establish higher limits by writing your higher limits on the
form, MasterCard will apply the minimum limits as default values for your
limits.
• If you want MasterCard to set the minimum limits as your limits, select the
default check box on the form above the place to establish your limits.
On Every Page
Include the following information on each page of the worksheet:
Card Program: Enter the three-digit product code for which the values on this
worksheet apply. Valid codes include but are not limited to:
You should use a separate form for new or existing account ranges.
Important Dates
The important dates section is required.
The important dates section allows you to inform the Customer Operations
Services team of the dates you want the requested account range and ICA
number to be live. Additionally, you can inform the Customer Operations
Services team of the date you intend to begin issuing cards with the requested
account range and ICA number.
Telephone Numbers
The telephone numbers section is required.
This section allows you to designate the phone numbers for departments
within your organization that support authorization processes.
Phone Number for Security Department: Enter the phone number of your
Security Contact (for general security-related issues).
Phone Number for Reporting Lost or Stolen Cards: Enter the phone number that
cardholders call to report a lost or stolen card.
Phone Number for Customer Service: Enter the phone number of the department
or person that receives the calls from cardholders.
Processor Name (if applicable): If you use a processor, enter its name.
This section allows you to specify the times when your call referral center is
available to accept call referrals.
If you are not available for call referral handling 24 hours a day, 7 days a
week, please read the following explanations:
• The times specified between “Open” and “Close” must include all of the
times that you are available for call referral handling within the hours 00:00–
24:00 on each day. If your call center was open Monday night and is still
open Tuesday morning until 01:00, for example, you must show the first
Open/Close times on Tuesday as: 00:00–01:00.
• The Open time for each associated Close time must be less than the Close
time. If your call center opens at 05:00, for example, it must close later
than 05:00. If the Open time is 05:00, a Close time of 24:00 is valid. If the
Open time is 05:00, a Close time of 01:00 is not valid.
Complete each column as described below. The time in any Open column
may not be earlier than 00:00, and the time in any Close column may not be
later than 24:00.
Step Action
1. In the first column (Open), enter the first time (beginning at 00:00, which is
midnight) that your facility is available to handle call referrals. This could be
as early as 00:00, which may mean that your facility is still open from the
previous night.
2. In the second column (Close), enter the first time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility is unavailable to
handle call referrals.
3. In the third column (Open), enter the second time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility opens to handle call
referrals. This time must be greater than the time in the second column.
Step Action
4. In the fourth column (Close), enter the next time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility stops being available
to handle call referrals. If your facility stays open through the night and into
the next day, you must still enter 24:00 (midnight) as the closing time for this
day. In this case, the next day opens at 00:00 (also midnight).
The following example illustrates sample hours of operation for a facility that
is available at these times:
• From 05:00 to 24:00 every day except Sunday
• From 10:00 to 17:00 on Sunday
The following example illustrates sample hours of operation for a facility that
is available to handle call referrals during these times:
If the call referral center is not open 24 hours, 7 days a week with no holidays,
follow these steps.
Step Action
1. IF the local time of your Call
Referral Center… THEN…
Does not use daylight saving time Select the Check this box if the local
time for the Call Referral Center does
not use daylight saving time check
box.
Do not fill out the rest of this section.
Uses daylight saving time Go to step 2.
2. After From: provide the month, day, and year (MMDDYY) and the hour and
minute (HH:MM) that daylight saving time begins (in your local time).
3. After To: provide the month, day, year, hour, and minute that it ends (in your
local time).
If the call referral center is not open 24 hours, 7 days a week with no holidays,
follow these steps.
Step Action
1. IF local time for your Call
Referral Center is… THEN…
Behind UTC Select the check box before Behind (“-”) UTC.
Ahead UTC Select the check box before Ahead (“+”) UTC.
2. On the same line that you selected the check box, enter the amount of time
difference (in hours and minutes) between the local time for your call referral
center and UTC.
Noncompliance Assessments
Issuers must be available to take call referrals during the hours that they
establish as “open” on the Stand-In Processing Worksheet. MasterCard
examines issuer transactions for the week and compares them to the Hours of
Operation that the issuer indicates on this worksheet. Stand-In processing
issues call referrals only during the hours that the issuer establishes as “open.”
Note The issuer is charged a fee for each day that it issues call referrals during the
hours that it establishes as “closed” on the Stand-In Processing Worksheet.
The issuer also is charged a fee for each call referral that it issues during the
hours that it establishes as “closed” on the Stand-In Processing Worksheet.
Note Issuers must complete and submit this section of the worksheet every year.
This section tells MasterCard the times when your call referral center
availability differs from the schedule that you provided in the hours of
operation for call referral center section.
Step Action
1. After For Year at the top of the page, enter the year for which these holidays
apply.
2. IF your Call Referral Center… THEN…
Does not close for any holidays Select the Check this box for default of
no holidays check box.
Do not complete any more of this
section.
Closes for holidays Go to step 3.
3. For each day that you will not be available as stated under Call Referral
Center Hours of Operation, enter the month and day under MM/DD.
4. If you can accept call referrals for part of a holiday, enter the times that you
will be available under Open and Close.
If your office will close for the entire day, enter 00:00 under Open and 00:00
under Close.
Note You should only complete page 4 of the worksheet if the account range you are
completing the worksheet for is not a Local Use Only Account Range. If it is a
Local Use Only Account Range, provide information about your TCC parameters
on page 5, “Transaction Category Code Local Use Parameters” and “Transaction
Category Code Global Parameters.”
The TCC global parameters section allows you to set dollar limits for
authorization transactions, based on a variety of parameters, which apply to all
countries. If you want to set Stand-In processing limits in a currency other
than U.S. dollars, you must participate in the Authorization Multiple Currency
Conversion (AMCC) service. For more information about AMCC, see chapter 9.
For information about charges for global limits, see the MasterCard
Consolidated Billing System Manual.
• Card present at the point of interaction or card not present at the point of
interaction
Note You should only complete page 5 of the worksheet if the account range you are
completing the worksheet for is a Local Use Only Account Range. If it is a
global use account range, provide information about your TCC parameters on
page 4, “Transaction Category Code Global Parameters.”
The TCC local use parameters section allows you to set limits for authorization
transactions, based on a variety of parameters, that apply to the home country
assigned for your Local Use Only Account Range. Additionally, you may
provide TCC global parameters for your Local Use Only Account Range for all
countries except for the home country assigned for your Local Use Only
Account Range.
If you want to set Stand-In processing limits in a currency other than U.S.
dollars, you must participate in the Authorization Multiple Currency
Conversion (AMCC) service. For more information about AMCC, see chapter 9.
For information about charges for global limits, see the MasterCard
Consolidated Billing System Manual.
Stand-In applies the limits based on the data in each authorization request. If
the data in the authorization request is TCC O and card not present, for
example, Stand-In processing applies the limits that you established for that
particular situation.
Accumulative Limits
The accumulative limits section is required.
This section allows you to establish the cumulative number and amount of
transactions allowed over a range of four days.
If you want to set Stand-In processing limits in a currency other than U.S.
dollars, you must participate in the Authorization Multiple Currency
Conversion (AMCC) service. For more information about AMCC, see chapter 9.
Note Carefully select the values for these fields because a cardholder can easily reach
the limits without spending a large amount.
Note Day 1 of the issuer’s accumulative limit must be equal to or greater than the
issuer’s highest TCC global limit.
In this example, Stand-In processing also can authorize as much as USD 1,200
in transactions. Stand-In processing will approve as much as:
Therefore, a cardholder charging USD 600 during the first two days would
have access to USD 600 during the next two days.
If the issuer has not established accumulative limits, Stand-In processing uses
the MasterCard default amounts shown on the worksheet.
Decision Matrix
The decision matrix section is required.
This section allows you to specify how Stand-In processing will respond when
a transaction fails any of the following Stand-In processing tests:
• Account File test
• Transaction Limits test
• Accumulative Limits test
• VIP Limits test
This section defines the authorization response that Stand-In processing will
generate in response to an authorization request.
If you want to use the MasterCard default values for the decision matrix, select
the Check this box to use the default values listed below check box.
Value Description
C Refer to card issuer.
N Decline—If the test fails and the entry reason in the Account File is C (credit),
U (unauthorized use), or O (other).
Capture Card—If the test fails and the entry reason in the Account File is P
(capture card), F (fraud), L (lost), S (stolen), or X (counterfeit).
A Continue Stand-In processing. Skip the Transaction Limits test and go to the
next Stand-In test.
Account File Test: Enter a value to indicate the authorization response that you
want Stand-In processing to generate when one of the following is true:
• The account is listed on the Account File with an entry reason of C (credit),
O (other), or U (unauthorized use).
• The transaction failed the CVC 1 Test.
Transaction Limits Test: Enter a value to indicate the authorization response that
you want Stand-In processing to generate when it receives an authorization
request that exceeds the Transaction Limits.
Note If you enter value A for the Transaction Limits test, Stand-In will skip the
Expanded Parameter Combinations and the Transaction Category Code Global
Parameters. Stand-In will apply only Accumulative Limits.
VIP Limits Test: Enter a value to indicate the authorization response that you
want Stand-In processing to generate when it receives an authorization request
that exceeds the VIP limits.
Note If you enter value A for the Transaction Limits test, Stand-In processing will skip
the Expanded Parameters and the Global Limits. As a result, Stand-In
processing will test only the Accumulative Limits.
Range Blocking
The range blocking section is optional. Issuers use range blocking to combat
fraud.
The range blocking section identifies ranges of card numbers within your
account ranges that you:
• Have not issued to cardholders (and that should be blocked) or
• Blocked previously and now want to unblock.
• For information about the charges for range blocking, see the MasterCard
Consolidated Billing System Manual.
Step Action
1. In the From account number column, enter the first 11 digits of the account
number at the beginning of the range. (The first six of the 11 digits must be
the BIN.)
2. In the Through account number column, enter the first 11 digits of the account
number at the end of the range. (The first six of the 11 digits must be the
BIN.)
3. Select the Block check box or Unblock check box to indicate whether this
range of card numbers should be blocked or unblocked.
Note Remember to submit this section of the form again to MasterCard when you
decide to issue cards within these blocked ranges.
Because the most current form entirely replaces all previously requested range
blocks, you must list all range blocks that you require each time you submit the
form.
Note Range blocking only applies for transactions processed by Stand-In processing.
Card numbers within the blocked ranges do not automatically appear in the
Account Management System (AMS) Electronic Warning Bulletin file.
The expanded parameters section allows you to set limits for authorization
transactions based on a variety of transactions.
If you want to set Stand-In processing limits in a currency other than U.S.
dollars, you must participate in the Authorization Multiple Currency
Conversion (AMCC) service. For more information about AMCC, see chapter 9.
IF you… THEN…
Want these transaction limits to apply to Enter the promotion code.
a specific promotion code
Do not want these transaction limits to Leave these spaces blank.
apply to a specific promotion code
IF you… THEN…
Want these transaction limits to apply to Enter the CAT level.
a specific CAT level
Do not want to restrict these transaction Leave this space blank.
limits to a particular CAT level
Set limits for local-use-only cards, that is, • Enter the account range, ICA number,
cards that can be used only within a and card program of the local-use-only
particular country cards.
• Enter the Country Code of the specific
countries in which the cards may be
used. Enter the transaction limits by
TCC for that country.
VIP Controls
The VIP controls section is optional.
This section allows you to set specific limits that Stand-In processing applies to
accounts listed in the Account File as VIP. The VIP designation is a method of
identifying accounts that the issuer wants Stand-In to process differently from
MasterCard cards, BusinessCard cards, and Gold MasterCard cards.
You must complete all of the options in this field if you are supporting VIP
accounts.
Country Code: Enter the country code to which these VIP limits should apply.
Single Transaction Limit: Enter the maximum amount that you want Stand-In
processing to authorize for any single transaction involving a VIP account.
You must indicate a value in this field if you are supporting VIP accounts. The
amount may not be greater than USD equivalent 99,999. Do not enter zero in
this field. (Entering zero would cause all transactions to fail this test.)
Accumulative Limits: Days: Specify any number of days (up to 99) during
which Stand-In processing should measure the total number of authorization
transactions authorized. The MasterCard default is four.
If you want to set Stand-In processing limits in a currency other than U.S.
dollars, you must participate in the Authorization Multiple Currency
Conversion (AMCC) service. For more information about AMCC, see chapter 9.
Limit-1 Processing
The Limit-1 processing section is optional. Issuers should complete this
section only if you want Limit-1 processing.
Issuer Floor Limit-1 in USD: The values established in this category reside on all
acquirer MIPs. The MIP sends transactions to Stand-In processing if the
amount is less than or equal to the Issuer Floor Limit-1 and all of the following
are true:
• The card number is not listed as a restricted card on the Electronic
Warning Bulletin file.
• The transaction does not include an Address Verification Service Request.
• The transaction was not generated at a cardholder-activated terminal Self-
Service Terminal/Level 2.
• The transaction is not an ATM transaction.
• The transaction does not contain a “merchant suspicious” indicator.
Nth Transaction: This value tells the acquiring MIP that for every Nth
transaction less than the Issuer Floor Limit-1, the MIP routes the transaction
directly to the issuer for approval. Enter the desired numeric value to establish
the Nth transaction.
Introduction to CAPS...........................................................................................8-1
Who Are CAPS Members? .............................................................................8-1
How Do CAPS Members Send Data to MasterCard?....................................8-1
When Does CAPS Apply Data to the Account File? ....................................8-1
What Data does MasterCard Provide for Members? ....................................8-2
CAPS Features......................................................................................................8-2
Sending and Retrieving CAPS Files via MasterCard File Express ......................8-4
When to Send the Sequential Account File .................................................8-4
Input File Type Field ..............................................................................8-5
Transmission of Multiple Files................................................................8-5
Entry Reason Field ..................................................................................8-6
Credit Availability Field ..........................................................................8-6
MasterCard Edits .....................................................................................8-6
MasterCard File Express Security ...........................................................8-7
Reporting of Errors in the Sequential Account File...............................8-7
Emergency Maintenance to the Account File ..............................................8-7
Transmission and Effective Times..........................................................8-8
Transmission of a Subsequent Full File Replace ...................................8-8
File Layouts..........................................................................................................8-9
Sequential Account File ................................................................................8-9
Important Dates.................................................................................................8-14
How MasterCard Uses this Information .....................................................8-14
When Changes are Effective.......................................................................8-15
Telephone Numbers..........................................................................................8-15
How to Complete this Section....................................................................8-15
How MasterCard Uses this Information .....................................................8-15
When Changes are Effective.......................................................................8-15
Decision Matrix..................................................................................................8-22
How to Complete this Section....................................................................8-22
How Stand-In Processing Uses this Information .......................................8-23
When Changes Are Effective ......................................................................8-23
VIP Controls.......................................................................................................8-27
How to Complete this Section....................................................................8-28
How Stand-In Processing Uses this Information .......................................8-28
When Changes Are Effective ......................................................................8-28
Introduction to CAPS
CAPS provides certain members with a 24-hour authorization service called
Stand-In processing. Stand-In processing (described in chapter 6) provides
authorization responses to acquirers on behalf of the issuer. It uses the
following two types of data that the issuer provides:
• Issuer cardholder listings and available-to-buy amounts that are maintained
in the Account File.
• Issuer-defined parameters for approving authorization transactions.
CAPS members list positive and negative card accounts in the Account File for
authorization responses that prompt the merchant to approve, decline, or
capture the card. All positive card accounts have entry reason V (VIP) for
CAPS listing purposes, including accounts that have standard authorization
limits.
CAPS members also may list restricted accounts in the Account Management
System (AMS) to direct the merchant to capture the card. For information
about listing in AMS, see the Account Management User Manual.
Issuer Stand-In
Worksheet
Daily Activity
Report
CAPS Features
CAPS offers members the following features:
• Provision of 100% of authorization responses
CAPS responds to authorization requests on behalf of the issuer 24 hours a
day, 7 days a week.
• Adjustment of cardholder credit
CAPS keeps track of the cumulative number and amount of credit card
transactions it approves. It adjusts available cardholder credit by this
amount before comparing the next authorization request to the available
credit. Whenever the issuer updates the credit available, CAPS resets the
cumulative tally to zero.
• Easy access to the service
CAPS members use the MasterCard File Express transfer facility to transmit
the files between the issuer’s PC and MasterCard.
Follow these steps to send the Sequential Account File to MasterCard via
MasterCard File Express. Details about particular fields and transmission of
multiple files follow these procedures.
Step Action
1. Create a header record (see Figure 8.3 for field descriptions and valid values).
Each transmission of the file must be in ascending sequence by cardholder
number within ICA number and each ICA number should appear only once
within a transmission.
Note: An incorrect value for ICA number in the header record causes CAPS to
reject the entire transmission.
2. Create detail records (see Figure 8.4).
Note: Do not include duplicate cardholder numbers within an update
transmission. If the system detects a duplicate number, the second record is
rejected.
3. Create a trailer record (see Figure 8.5).
Step Action
4. Place the RB28 file into the MasterCard File Express File Type directory RB28.
5. Start the application and send the RB28 file to MasterCard using the steps
outlined in the MasterCard File Express Client Users’ Guide.
• Full file replace replaces card numbers at the bank identification number
(BIN) level. If an ICA number is associated with multiple BINs, only the
BINs submitted for the full file replace are affected.
Select the full file replace option in this field to establish a file at
MasterCard for the first time.
• Update batch replaces card numbers at the account level. An update
transmission affects only the account numbers present in the detail records.
Note CAPS rejects all records in any transmission that includes headers with both the
full file replace code and the update code.
To maintain accurate records of available credit for each cardholder, the CAPS
issuer must refer to the Issuer CAPS Authorization Detail Report in addition to
the CAPS files. This report shows transactions that X-Code processing
approved when CAPS was unavailable. (See chapter 2 for an explanation of
X-Code processing.) Because this type of processing occurs only when CAPS
cannot be reached, CAPS does not report it in a CAPS file and does not adjust
cardholder credit limits for these transactions.
CAPS issuers receive the Issuer CAPS Authorization Detail Report automatically.
See the MasterCard Consolidated Billing System Reports manual for a layout of
this report.
MasterCard Edits
Edits verify that the issuer PC is set up to send for that particular ICA number.
During nightly processing, it also verifies that the ICA number is set up for
CAPS and that all detail records are for the same ICA number. Finally, it edits
the Sequential Account File to ensure that the BIN is valid and that required
data elements are present.
Before you need this service, send a letter on your letterhead stationery to your
MasterCard Customer Operations Services representative stating the name and
signature of all persons authorized to make an emergency update request.
(You may require dual signatures on emergency update requests; if you do,
state this in the letter.) MasterCard keeps the letter in your file and sends a
copy to the Global Service Center.
Step Action
1. Type your request on letterhead stationery. Include the following information:
• The words EMERGENCY ACCOUNT FILE MAINTENANCE as the subject of
the letter
• The words EMERGENCY ACCOUNT FILE MAINTENANCE as the subject of
the letter
• Your ICA number
• The cardholder number(s) you want to add, update, or delete
• File maintenance action(s): Add, Update, or Delete
• The entry reason (for Add and Update requests only): V (VIP), R
(Decline), or P (Capture Card)
• Credit limits (for Add and Update VIP accounts only)
• Authorized signatures
2. Send the request to MasterCard via fax to 1-636-722-7192.
• 00:00 (midnight)
• 02:00
• 04:00
• 06:00
• 08:00
• 10:00
• 12:00 (noon)
• 14:00
• 16:00
• 18:00
• 20:00
• 22:00
File Layouts
The following pages include the file layouts for the Sequential Account File.
The Stand-In Processing worksheet is required for all CAPS issuers. You must
complete at least one worksheet for each issuing ICA. You may list multiple
bank identification numbers (BINs) on one worksheet if both of the following
statements are true:
• You are available to respond to call referrals for all listed BINs at the
phone numbers that you list during the times that you list on the
worksheet.
• You want to establish the same parameters for all listed BINs.
Step Action
1. Determine how much of the form you need to complete.
IF you are filling out the form… THEN you must complete…
For the first time The entire form
To update your existing parameters Only the applicable pages of the form.
2. Copy the appropriate pages of the form. (MasterCard suggests that you
always leave one sample copy in this manual.)
3. Complete the appropriate pages of the form.
4. On each page that you complete, print your name (the person who completed
the form) on the Contact Name line, sign your name on the Contact Signature
line, print your Phone number, and provide the date (the Completed date).
5. Fax or mail the completed pages to:
MasterCard International
Attention: Customer Operations Services
2200 MasterCard Boulevard
O’Fallon MO 63368-7263
USA
Fax: 1-636-722-7192
Default Values
MasterCard has established minimum and maximum values for certain
parameters. The form lists these minimum and maximum values.
• If you do not establish higher limits by writing your higher limits on the
form, MasterCard will apply the minimum limits as default values for your
limits.
• If you want MasterCard to set the minimum limits as your limits, select the
default box on the form above the place to establish your limits.
On Every Page
Include the following information on each page of the worksheet:
Card Program: For MasterCard use. All CAPS accounts are established as VIP
accounts.
Important Dates
The important dates section is required.
This section allows you to inform Customer Operations Services of the dates
you want the requested BIN and ICA number to be live. Additionally, you can
inform the Customer Operations Services team of the date you intend to begin
issuing cards with the requested BIN and ICA number.
Note Customer Operations Services will confirm this date, dependent on the receipt
of complete, accurate, and legible information.
Telephone Numbers
The telephone numbers section is required.
This section allows you to designate the phone numbers for departments
within your organization that support authorization processes.
Phone Number for Security Department: Enter the phone number of your
Security Contact (for general security-related issues).
Phone Number for Reporting Lost or Stolen Cards: Enter the phone number that
cardholders call to report a lost or stolen card.
Phone Number for Customer Service: Enter the phone number of the department
or person that receives the calls from cardholders.
Processor Name (if applicable): If you use a processor, enter its name.
This section allows you to specify the times when your call referral center is
available to accept call referrals.
If you are not available for call referral handling 24 hours a day, 7 days a
week, read the following explanations:
• The times specified between “Open” and “Close” must include all of the
times that you are available for call referral handling within the hours 00:00–
24:00 on each day. If your call center was open Monday night and is still
open on Tuesday morning until 01:00, for example, you must show the
first Open/Close times on Tuesday as 00:00–01:00.
• The Open time for each associated Close time must be less than the Close
time. If your call center opens at 05:00, for example, it must close later
than 05:00. If the Open time is 05:00, a Close time of 24:00 is valid. If the
Open time is 05:00, a Close time of 01:00 is not valid.
Complete each column as described below. The time in any Open column
may not be earlier than 00:00 and the time in any Close column may not be
later than 24:00.
Step Action
1. In the first column (Open), enter the first time (beginning at 00:00, which is
midnight) that your facility is available to handle call referrals. This could be
as early as 00:00, which means that your facility is still open from the previous
night.
2. In the second column (Close), enter the first time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility stops being available
to handle call referrals.
3. In the third column (Open), enter the second time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility opens to handle call
referrals. This time must be greater than the time in the second column.
Step Action
4. In the fourth column (Close), enter the next time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility stops being available
to handle call referrals. If your facility stays open through the night and into
the next day, you must still write 24:00 (midnight) as the closing time for this
day. In this case, the next day opens at 00:00 (also midnight).
The following example illustrates sample hours of operation for a facility that
is available at the following times:
• From 05:00 to 24:00 every day except Sunday
• From 10:00 to 17:00 on Sunday
The following example illustrates sample hours of operation for a facility that
is available to handle call referrals during the following times:
If the call referral center is not open 24 hours, 7 days a week with no holidays,
follow these steps.
Step Action
1. IF the local time of your Call
Referral Center… THEN…
Does not use daylight saving time Select the Check this box if the local
time for the Call Referral Center does
not use daylight saving time check
box.
Do not fill out the rest of this section.
Uses daylight saving time Go to step 2.
2. After “From:” provide the month, day, and year (MMDDYY) and the hour and
minute (HHMM) that daylight saving time begins (in your local time).
3. After “To:” provide the month, day, year, hour, and minute that it ends (in
your local time).
If the call referral center is not open 24 hours, 7 days a week with no holidays,
follow these steps.
Step Action
1. IF local time for your Call
Referral Center is… THEN…
Behind UTC Select the check box before Behind (“-”) UTC.
Ahead UTC Select the check box before Ahead (“+”) UTC.
2. On the same line that you selected the check box, enter the amount of time
difference (in hours and minutes) between the local time for your call referral
center and UTC.
Noncompliance Assessments
Issuers must be available to take call referrals during the hours that they
establish as “open” on the Stand-In Processing worksheet. MasterCard
examines issuer transactions for the week and compares them to the Hours of
Operation that the issuer indicates on this worksheet. Stand-In processing
issues call referrals only during the hours that the issuer establishes as “open.”
The issuer is charged a fee for each day that it issues call referrals during the
hours that it establishes as “closed” on the Stand-In Processing worksheet. The
issuer also is charged a fee for each call referral that it issues during the hours
that it establishes as “closed” on the Stand-In Processing worksheet.
Note Issuers must complete and submit this section of the worksheet every year.
This section tells MasterCard the times when your call referral center
availability differs from the schedule that you provided in the hours of
operation for call referral center section.
Step Action
1. After For Year at the top of the page, enter the year for which these holidays
apply.
2. IF your Call Referral Center… THEN…
Does not close for any holidays Select the Check this box for default of
no holidays check box.
Do not complete any more of this
section.
Closes for holidays Go to step 3.
3. For each day that you will not be available as stated under Call Referral
Center Hours of Operation, enter the month and day under MM/DD.
4. If you can accept call referrals for part of a holiday, enter the times that you
will be available under Open and Close.
If your office will close for the entire day, enter 00:00 under Open and 00:00
under Close.
After Accumulative Dollars Allowed, enter the maximum U.S. dollar amount to
be accumulated during the Days range.
Decision Matrix
The decision matrix section is required.
This section allows you to specify how Stand-In processing will respond when
a transaction fails any of the following Stand-In processing tests:
• Account File test
• Transaction Limits test
• Accumulative Limits test
• VIP Limits test
This section defines the authorization response that Stand-In processing will
generate in response to an authorization request.
If you want to use the MasterCard default values for the decision matrix, select
the Check this box to use the default values listed below check box.
Account File Test: Enter a value to indicate the authorization response that you
want Stand-In processing to generate when one of the following is true:
• The account is listed on the Account File with an entry reason of C (credit),
O (other), or U (unauthorized use).
• The transaction failed the CVC 1 Test.
Transaction Limits Test: Enter a value to indicate the authorization response that
you want Stand-In processing to generate when it receives an authorization
request that exceeds the Transaction Limits.
Note If you enter value A for the Transaction Limits test, Stand-In processing will skip
the Expanded Parameter Combinations and the Transaction Category Code
Global Parameters. Stand-In processing will apply only Accumulative Limits.
VIP Limits Test: Enter a value to indicate the authorization response that you
want Stand-In processing to generate when it receives an authorization request
that exceeds the VIP limits.
Note If you enter value A for the Transaction Limits test, Stand-In processing will skip
the Expanded Parameters and the Global Limits. As a result, Stand-In
processing will test only the Accumulative Limits.
Range Blocking
The range blocking section is optional. Issuers use range blocking to combat
fraud.
The range blocking section identifies ranges of card numbers within your BINs
that you:
• Have not issued to cardholders (and that should be blocked), or
• Blocked previously and now want to unblock
For information about the charges for range blocking, see the MasterCard
Consolidated Billing System Manual.
Step Action
1. In the From account number column, enter the first 11 digits of the account
number at the beginning of the range. (The first six of the 11 digits must be
the BIN.)
2. In the Through account number column, enter the first 11 digits of the account
number at the end of the range. (The first six of the 11 digits must be the
BIN.)
3. Select Block or Unblock to indicate whether this range of card numbers should
be blocked or unblocked.
Note Remember to submit this section of the form again to MasterCard when you
decide to issue cards within these blocked ranges.
Because the most current form entirely replaces all previously requested range
blocks, you must list all range blocks that you require each time you submit the
form.
Note Range blocking only applies for transactions processed by Stand-In processing.
Card numbers within the blocked ranges do not automatically appear in the
Account Management System (AMS) electronic warning bulletin file.
The expanded parameters section allows you to set dollar limits for
authorization transactions based on a variety of transactions.
IF you… THEN…
Want these transaction limits to apply to Enter the promotion code.
a specific promotion code
Do not want these transaction limits to Leave these spaces blank.
apply to a specific promotion code
IF you… THEN…
Want these transaction limits to apply to Enter the CAT level.
a specific CAT level
Do not want to restrict these transaction Leave this space blank.
limits to a particular CAT level
VIP Controls
The VIP controls section is optional.
This section allows you to set specific limits that Stand-In processing applies to
accounts listed in the Account File as VIP. The VIP designation is a method of
identifying accounts that the issuer wants Stand-In to process differently from
MasterCard® cards, MasterCard® BusinessCard cards, and Gold MasterCard®
cards.
You must complete all of the options in this field if you are supporting VIP
accounts.
Country Code: Enter the country code to which these VIP limits should apply.
Single Transaction Limit: Enter the maximum amount that you want Stand-In
processing to authorize for any single transaction involving a VIP account.
You must indicate a value in this field if you are supporting VIP accounts. The
amount may not be greater than USD 99,999. Do not enter zero in this field.
Entering zero will cause all transactions to fail this test.
Accumulative Limits Days: Specify any number of days (up to 99) during which
Stand-In processing should measure the total number of authorization
transactions authorized. The MasterCard default is four.
Account Management..........................................................................................9-2
Account Management System.......................................................................9-2
Account File ..................................................................................................9-2
Recurring Payment Cancellation Service (RPCS) .........................................9-3
Blocking Ranges of Accounts .......................................................................9-3
Balance Inquiries...............................................................................................9-23
ATM Balance Inquiries................................................................................9-23
Point-of-Sale (POS) Terminal Balance Inquiries........................................9-24
Check Guarantee...............................................................................................9-49
Requirements for Authorization Request/0100 Messages..........................9-49
Requirements for Authorization Request Response/0110 Messages.........9-49
PIN Processing.................................................................................................9-109
Acquirer Requirements .............................................................................9-109
Issuer Requirements.................................................................................. 9-110
Support for Both Acquiring and Issuing Processing ............................... 9-111
Authorization System Security Requirements...........................................9-112
PIN Verification .........................................................................................9-118
PIN Verification in Stand-In Processing ...................................................9-118
PIN Key Exchange and Processing Forms ............................................... 9-119
Recurring Payments.........................................................................................9-126
Indicating a Recurring Payment ............................................................... 9-126
RiskFinder ........................................................................................................9-129
Using RiskFinder ....................................................................................... 9-129
To Participate ............................................................................................ 9-129
For More Information................................................................................ 9-129
Account Management
Issuers can manage restricted, negative, and preferred accounts through the:
• Account Management System (AMS)
• Account File
Apr
• Recurring Payment Cancellation Service (RPCS) 2006
Note For information about any of the programs described in this chapter, contact
the Customer Operations Services team. Unless otherwise noted, request all
forms from the Customer Operations Services team.
Account File
The Account File resides at Central Site and contains a list of negative
accounts, restricted accounts, and preferred accounts.
The following table explains how to create two types of blocked listings.
The following table compares the levels of protection provided by the listing
types.
Participation Requirements
You must have online access to participate in AVS.
See chapter 5 for more information about signing into the Banknet network.
AVS Process
The following table shows the stages in an AVS transaction.
Stage Description
1. The acquirer generates an Authorization Request/0100 message with non-
condensed address data included in DE 120 (Record Data).
1.
Banknet
Network
Acquirer MIP
Stage Description
2. The issuer MIP applies an algorithm to construct the address key, which the
issuer uses to verify the address.
2.
Banknet
Network
Acquirer MIP MIP Issuer
3. The issuer host compares the address key in DE 120 to the address key in the
issuer database.
3.
Banknet
Network
Acquirer MIP MIP Issuer
Banknet
Network
Acquirer MIP MIP 4. Issuer
Address Key
The address key is the part of the Authorization Request/0100 message that
contains the address data.
To achieve a complete match, the key that AVS sends in DE 120 (Record Data)
must be the same as the key in the issuer’s database. The address key consists
of the following subelements in DE 120:
• Cardholder postal/ZIP code
• Cardholder address (condensed or non-condensed)
Cardholder Address
The length of the cardholder address depends on whether it is condensed or
non-condensed.
The following table shows the process to condense the address key.
Stage Description
1. The condensing algorithm begins condensing with the numeric value in the
left-most position.
2. The algorithm extracts the first five numeric values of the cardholder address
(when scanning the address from left to right).
The condensing algorithm ignores all special characters (such as hyphens [-],
slashes [/ or \], and number signs [#]).
3. AVS constructs the condensed AVS key.
The following table shows the process to condense the address key.
Stage Description
1. The condensing algorithm begins condensing with the numeric value in the
left-most position.
2. The algorithm extracts up to five numeric values that appear before the first
alphabetic character or space.
The condensing algorithm:
• Ignores all special characters (such as hyphens [-], slashes [/ or \], and
number signs [#])
• Excludes the portions of the address that could be open to
misinterpretation, such as apartment numbers
3. When AVS finds a space or an alphabetic character, it stops examining the
cardholder billing address.
4. AVS constructs the condensed AVS key.
The cardholder neglects to provide the merchant with the apartment number
3, so the merchant omits the apartment number from the AVS request.
However, the matching algorithm still finds a complete match.
Merchant enters
Postal/ZIP Cardholder AVS Issuer’s
Code Address Address Key Address Key Result/Explanation
63110 1520 Main 63110_ _ _ _ 1520 63110_ _ _ _ 1520 Complete Match
Street The issuer builds its address key
based on the AVS algorithm.
Both the issuer’s address key and
the AVS algorithm extract only
the numeric values that precede
the first space in this example
(1520). Therefore, when the
merchant does not enter the
apartment number, this still
results in a complete AVS match.
Merchant enters:
Postal/ZIP Cardholder AVS Issuer’s
Code Address Address Key Address Key Result/Explanation
63110 59 East Street 63110_ _ _ _ 59 _ _ _ 63110_ _ _ _ 54_ _ _ No Match
The issuer’s address key does not
match the cardholder address
given by the cardholder.
Issuer Procedures
The following table shows the process that issuers follow to receive and
respond to AVS requests.
Stage Description
1. The issuer signs on to the Authorization System using a Sign-In Request/0800
message.
IF the issuer receives… THEN the issuer signs on with value…
Non-condensed AVS data 1 in DE 94, byte 3.
Condensed AVS data using 2 in DE 94, byte 3.
AVS Service Indicator 2
Condensed AVS data using 3 in DE 94, byte 3.
AVS Service Indicator 3
For members using group sign-in, the value chosen applies to all BINs in the
group.
2. When the issuer receives an AVS request, the issuer verifies the cardholder
billing address, matching it against the issuer’s address file.
3. The issuer generates an Authorization Request Response/0110 that includes
the AVS response (and an authorization response, if the AVS request
accompanied an authorization request).
Issuers that participate in AMCC may define transaction amount limits and
accumulative amount limits for Stand-In processing in U.S. dollars or their
AMCC currency. To indicate amount limits in U.S. dollars or their AMCC
currency, issuers may complete the Stand-In Processing Worksheet for Online
Issuers.
Using AMCC
Members can use AMCC according to the following guidelines.
Acquirers are set up automatically for AMCC, and do not need to complete the
Authorization Multiple Currency Conversion (AMCC) Request Form.
Participating in AMCC
All issuers and acquirers must complete testing to participate in AMCC. See
chapter 11 for information about testing.
Data Element
Number Data Element Name
4 Transaction Amount (acquirer currency)
49 Transaction Currency Code
5 Settlement/Banknet Amount (always U.S. dollars)
9 Settlement/Banknet Conversion Rate
50 Settlement/Banknet Currency Code (always 840)
6 Cardholder Billing Amount (issuer currency)
10 Cardholder Billing Conversion Rate
51 Cardholder Billing Currency Code
16 Currency Conversion Table Date
54 Additional Amounts (used for Balance Inquiry transactions)
For details about data requirements, see the Customer Interface Specification
manual.
Note The Authorization System inserts amount and currency combinations only once
per message.
For example, an amount in Japanese yen with a currency code of 392 (for
Japanese yen) appears only once per message.
To ensure that amount and currency combinations appear only once, the
following processing logic applies.
Data
Element Contains… It is…
Apr
4 The acquirer’s Always present. 2006
currency.
5 The transaction IF… THEN…
amount in U.S.
DE 4 is in U.S. dollars DE 5 is not present.
dollars.
DE 4 is not in U.S. DE 5 is present.
dollars
6 The transaction IF… THEN…
amount in the
The acquirer currency DE 6 is not present. (For
issuer’s currency.
(DE 4) is the same as example, if DE 4 is Canadian
the issuer currency dollars and the issuer’s
currency is Canadian dollars,
DE 6 is not present.)
The issuer currency is DE 6 is not present because
U.S. dollars the amount in U.S. dollars
already appears in DE 5.
The issuer currency is DE 6 is present.
not U.S. dollars or the
same as the acquirer
currency
• Authorization Request/0100
• Authorization Advice/0120—Acquirer-generated
• Acquirer Reversal Request/0400
All acquirers must be able to receive additional amount-related data elements Apr
5, 6, 9, 10, 16, 50, and 51 in authorization response messages. 2006
Balance inquiry processing uses DE 54. Issuers that participate in AMCC may
return as many as two balances in the response message. Therefore, the
acquirer (the MasterCard ATM Network) may receive as many as four DE 54
subelements after currency conversion occurs.
For more information about DE 54, see the Customer Interface Specification
manual.
The issuer’s currency does not always appear in the same data element.
Therefore, the issuer’s host computer must search for the issuer currency in
DE 4, DE 5, or DE 6 according to the AMCC processing logic described earlier
in the “AMCC Processing Logic” section.
JPY = Amount in Japanese Yen 392 = Currency Code for Japanese Yen
CAD = Amount in Canadian Dollars 124 = Currency Code for Canadian Dollars
USD = Amount in U.S. Dollars 840 = Currency Code for U.S. Dollars
AMCC Processing
Member Participant Location Currency Message Type
Acquirer Yes Japan Japanese yen Authorization Request/0100
Message
Issuer Yes Canada Canadian dollars Authorization Request
Response/0110 Message
Banknet
Acquirer Issuer
Processing
0100
Request
0110
Response
Receives: Sends:
DE 4 = JPY DE 4 = JPY
DE 49 = 392 DE 49 = 392
DE 5 = USD DE 5 = USD
DE 50 = 840 DE 50 = 840
DE 9 = Rate Logs key data elements DE 9 = Rate
DE 6 = CAD DE 6 = CAD
DE 51 = 124 DE 51 = 124
DE 10 = Rate DE 10 = Rate
DE 16 = Date DE 16 = Date
AMCC Processing
Member Participant Location Currency Message Type
Acquirer Yes Japan Japanese yen Authorization Request/0100
Message
Issuer Yes Japan Japanese yen Authorization Request
Response/0110 Message
Banknet
Acquirer Issuer
0100
Processing
Request
0110
Response
Receives: Sends:
DE 4 = JPY DE 4 = JPY
DE 49 = 392 DE 49 = 392
DE 16 = Date DE 16 = Date
AMCC Processing
Member Participant Location Currency Message Type
Acquirer Yes Any country U.S. dollars Authorization Request/0100
Message
Issuer Yes Any country U.S. dollars Authorization Request
Response/0110 Message
Banknet
Acquirer Issuer
Processing
0100
Request
0110
Response
Receives: Sends:
DE 4 = USD DE 4 = USD
DE 49 = 840 Logs key data elements DE 49 = 840
AMCC Processing
Member Participant Location Currency Message Type
Acquirer Yes Any country U.S. dollars Authorization Request/0100
Message
Issuer Yes Canada Canadian dollars Authorization Request
Response/0110 Message
Banknet
Acquirer Issuer
Processing
0100
Request
0110
Response
Receives: Sends:
DE 4 = USD DE 4 = USD
DE 49 = 840 DE 49 = 840
DE 16 = Date DE 16 = Date
AMCC Processing
Member Participant Location Currency Message Type
Acquirer Yes Japan Japanese yen Authorization Request/0100
Message
Issuer No Any country U.S. dollars Authorization Request
Response/0110 Message
Banknet
Acquirer Issuer
Processing
0100
Request
Sends: Receives:
0110
Response
AMCC Processing
Member Participant Location Currency Message Type
Acquirer Yes Hong Kong Hong Kong Financial Transaction/0200
dollars Message
Issuer Yes India Indian rupees Authorization Request
Response/0110 Message
MDS Banknet
Acquirer Issuer
Network Processing
0200 0100
Request Request
DE 4 = HKD (0$)
Sends: Sends: DE 49 = 344
DE 16 = Date
0210 0110
Response Response
Sends:
DE 4 = HKD (0$)
Receives: Sends:
DE 49 = 344
Appends the HKD
DE 4 = HKD (0$) DE 4 = HKD (0$) DE 6 = INR
value to DE 54
DE 49 = 344 DE 49 = 344 (adding DE 54B) DE 51 = 356
DE 10 = Rate
DE 16 = Date
DE 54A = INR DE 54A = INR
DE 54B = HKD DE 54B = HKD DE 54A = INR
AMCC Processing
Member Participant Location Currency Message Type
Acquirer Yes Hong Kong Hong Kong Financial Transaction
dollars Request/0200 Message
Issuer No Any country U.S. dollars Authorization Request
Response/0110 Message
Figure 9.7—ATM Balance Inquiry Processing, Acquirer in Hong Kong, Issuer Does
Not Participate in AMCC
MDS Banknet
Acquirer Issuer
Network Processing
0200 0100
Request Request
Sends: Sends:
0210 0110
Response Response
Alternate Processing
The Authorization System does not support Limit–1 processing for ATM
balance inquiries. If the issuer participates in ATM balance inquiries, all ATM
balance inquiries will be forwarded to the issuer for processing.
ATM balance inquiries are not eligible for processing by the Stand-In System or
the X-Code System. If the issuer is unavailable, the Authorization System will
return an Authorization System or issuer system inoperative response to the
acquirer.
To Participate
Issuers that choose to participate in this service must contact the MasterCard
Global Debit Services Department.
The POS balance inquiry enables cardholders and acquirers to check the
remaining amount of funds on a MasterCard prepaid card. This feature makes
it easier for the cardholder to completely redeem the funds on the prepaid
card and reduces the potential of a declined authorization request because the
purchase amount exceeds the funds available on the card. Therefore, this
feature can help to reduce checkout times and lost sales.
Alternate Processing
Apr
The Authorization System does not support Limit–1 processing for POS balance 2006
inquiries. If the issuer participates in POS balance inquiries, all POS balance
inquiries will be forwarded to the issuer for processing.
POS balance inquiries are not eligible for processing by the Stand-In System or
the X-Code System. If the issuer is unavailable, the Authorization System will
return an Authorization System or issuer system inoperative response to the
acquirer.
To Participate
Issuers may complete the Point-of-Sale (POS) Inquiry Participation form
available in the Business Forms section of MasterCard OnLine® (under
Resources in the main menu) and at the end of this manual.
Issuers must notify MasterCard for each account range for which they want to
participate in card level support using the Card Level Support form.
Issuers that participate in card level support must ensure that the following
card level information is present on cards within the specified range:
• Card Sequence Number—the three-position card sequence number
distinguishes between cards that use the same PAN. This three-position
number is located in the discretionary data field of Track 2 data in the
magnetic stripe on the back of each card. For chip cards, it may be
encoded on the chip.
• Card Expiration Date—the expiration date of the listed card.
MasterCard requires that issuers provide the Data Encryption Standard (DES)
keys to MasterCard for each account range that participates in CVC 1
verification in Stand-In processing.
Note The CVC 2 value, described in chapter 1, does not apply to CVC 1 verification in
Stand-In processing.
Issuers can designate which set of CVC 1 parameters to use for an account
range based on the card expiration date.
Members that want to use this functionality can request this service by
completing the Key Validation Service Specification Form and following the
procedures in the On-behalf Key Management (OBKM) Document Set.
You must use the DES method to calculate the CVC 1 for an entire BIN.
MasterCard allows members to calculate CVC 1 values using any of three
different calculation methods. However, CVC 1 verification in Stand-In
processing only supports the DES method. For a detailed description of this
calculation method, see the Security Rules and Procedures manual.
You must encode the CVC 1 within the Discretionary Data field in both track 1
and track 2 of the magnetic stripe. The Discretionary Data field is field 9 in
track 1 and field 6 in track 2. Refer to the following tables for specific
information about the layouts of track 1 and track 2.
F=Fixed Maximum
Field Number Field Name V=Variable Length
1 Start Sentinel F 1
2 Format code–B (encode character B) F 1
3 Account number F 16
4 Separator F 1
5 Cardholder name V 2–26
6 Separator F 1
7 Expiration date F 4
8 Service code F 3
9 Discretionary data (must include V 24
CVC 1)
10 End sentinel F 1
11 Longitudinal redundancy check F 1
Total record length—The maximum character count for track 1 may not exceed 79
including all control characters.
Format End
Code Separator Separator Sentinel
Start Account
Sentinel Number Cardholder Name Discretionary Data LRC
10 20 30 40 60 70 79
Card CVC
Service
Expiration (3 contiguous digits
Code
Date anywhere within the
50 Discretionary Data field)
1 2 3 4
1
0 0 0 0
C V C
(3 contiguous digits
anywhere within the
Discretionary Data field)
The same set of DES keys must apply to the CVC 1 for the entire BIN. (That
is, you may not have one key for the beginning of the BIN and another key
for the end of the BIN. Only one DES key may exist for each BIN.) Also, the
same set of DES keys must apply between track 1 and track 2. (You may not
have one key for track 1 and another key for track 2.)
You may encode the CVC 1 anywhere within the Discretionary Data field.
However, the location of the CVC 1 (within each track) must be the same for
the entire BIN.
The location of the CVC 1 on track 1 does not have to be the same as for track
2. They just have to be the same within each track.
Key Management
Your secure management of the secret cryptographic keys is also an absolute
requirement during generation, distribution, custody, storage, use, and
eventual destruction of the keys. You must include monitoring, backup, and
recovery procedures that provide for secure audit trails, according to industry
standards, such as those of ISO. You also should use the “split
knowledge/dual control” method for transmitting key components to
MasterCard.
MasterCard manages all DES keys under the International Organization for
Standardization (ISO) standards, using the “split knowledge/dual control”
method for handling keys. For example, no single MasterCard staff member
ever receives or manages all sets of key components. This method for
handling keys ensures that the keys are not compromised.
Step Action
1. Generate the CVC 1 key components.
2. Send the key components to MasterCard using the forms provided at the end
of this manual.
ZCMK Method
Step Action
1. Identify three employees to generate and send the ZCMK components and
keys:
Security Officer No. 1
Security Officer No. 2
Security Officer No. 3
Step Action
4. Complete the following documents and send them to MasterCard in an
envelope labeled “No. 3”:
• ZCMK/Encrypted Keys A and B Form
• Location Specification Form
• Test Data Form
• Account Range Specification Form, if necessary. (Read the directions on
the form to determine if you need to complete it.)
Note If you specify an account range on the Account Range Specification Form,
MasterCard performs CVC 1 verifications only on account numbers within the
range provided and with an expiration date equal to or greater than the date
specified.
Two-component Method
Step Action
1. Identify two employees to generate and send Component 1 and Component 2
for each key, Key A and Key B:
Security Officer No. 1
Security Officer No. 2
2. Using Key A and Key B from your DES calculation of the CVC 1, generate two
components for each key. Key/component combinations must be the same for
track 1 as for track 2. For example, Track 1/Key A/Component No. 1 must be
the same as Track 2/Key A/Component No. 1.
3. Send the key components to MasterCard using the following forms provided at
the end of this manual. (Complete all of the forms for each account range.)
Each security officer must complete different forms, as follows:
Security Officer No. 1
Complete the Keys A and B/Component No. 1 Form. Send the form to
MasterCard according to the instructions on the form.
Security Officer No. 2
Complete the Keys A and B/Component No. 2 Form. Send the form to
MasterCard according to the instructions on the form.
Step Action
4. Complete the following forms and send them to MasterCard. (Complete all of
the forms for each account range.)
• Location Specification Form
• Test Data Form
• Account Range Specification Form, if necessary. (Read the directions on
the form to determine if you need to complete it.)
Note If you specify an account range on the Account Range Specification Form,
MasterCard performs CVC 1 verification only on account numbers within the
range provided and with an expiration date equal to or greater than the date
specified.
Stage Description
1. The separate MasterCard security officers receive their designated envelopes,
which contain the forms described under “How to Sign Up for the CVC 1
Service.” They verify that no obvious damage has occurred to the envelopes
in the mail. (If there is apparent damage, MasterCard notifies the security
contact listed on your CVC forms to determine a course of action.)
2. The MasterCard security officers enter the CVC 1 keys in their possession
separately into a hardware cryptographic device.
3. Using authorization logs for both track 1 and track 2 data and the test data that
you provided on the Test Data Form, MasterCard tests CVC 1 processing.
4. If you are using the ZCMK method, MasterCard also verifies that the CVC 1
keys entered by MasterCard to the cryptographic device are correct according
to the key check values that you provided on the forms.
5. MasterCard works with you if any pre-production issues require resolution.
Test Cards
Members can expedite the process for verifying CVC 1 data for Stand-In
processing by sending test cards to:
For a complete list of magnetic stripe CVC errors, see the Customer Interface
Specification manual.
Note Both acquirers and issuers must register with MasterCard using the CVC 2
Registration Form, available in the Business Forms section of MasterCard OnLine
(under Resources in the main menu) and at the end of this manual.
CVC 2
CVC 2 is a three-digit code algorithmically derived by the issuer and indent-
printed on the signature panel to the right of the account number. CVC 2 is
one of several card authentication methods currently used by MasterCard to
combat fraud. The use of CVC 2 deters fraudulent use of an account number.
Participation Requirements
Following are the participation requirements for acquirers and issuers for using
CVC 2 verification.
Acquirers
When merchants provide CVC 2 data for transactions, acquirers must include
the CVC 2 value in DE 48, subelement 92 of Authorization Request/0100
messages.
Issuers
Issuers must be able to receive the CVC 2 value when present in DE 48,
subelement 92 of Authorization Request/0100 messages, and provide a valid
response in DE 48, subelement 87 of Authorization Request Response/0110
messages. Values M, N, or P are considered valid when used by issuers. Only
MasterCard may use value U.
Issuers that have not registered a BIN for CVC 2 verification or that have not
provided a valid response (M, N, or P) to acquirers are not eligible to use
reason code 4837 (No Cardholder Authorization) for chargebacks when
acquirers provide CVC 2 data for transactions processed under that BIN.
Issuers should note that if an acquirer transmits both CVC 1 and CVC 2 data,
CVC 1 processing takes precedence over CVC 2 processing.
Merchant
provides
CVC 2
1 4 5
2 4 5 3
1 2 2 2
4 4 Banknet
3
5 4 Network
Acquirer MIP MIP 4 Issuer
4 4
Central Site
4
Stand-in
Processor
4
MIP
Stage Description
1. The merchant provides the CVC 2 value, and the acquirer generates an
Authorization Request/0100 message including the CVC 2 value in DE 48,
subelement 92.
2. The acquirer MIP verifies whether the issuer is registered with MasterCard to
perform online CVC 2 verification. If the issuer is registered, the acquirer MIP
forwards the Authorization Request/0100 message to the issuer.
3. After the issuer transmits the Authorization Request Response/0110 message,
the issuer MIP will verify that one of the following values appears in DE 48,
subelement 87:
• M (Matched CVC 2 Value)
• N (Invalid CVC 2 Value)
• P (CVC 2 Not Processed)
Depending on whether the transaction was approved, the last stage will be
either stage 4 or stage 5.
Stage Description
4. IF DE 48,
subelement AND IF the
87 transaction
contains… was… THEN… AND THEN…
No response Approved The issuer MIP returns The acquirer MIP will
or an invalid an Authorization forward the Authorization
response Response Negative Request/0100 message to
Acknowledgement/0190 Stand-In processing.
message with:
DE 39 = 30
DE 44 = 048
5. IF DE 48,
subelement AND IF the
87 transaction
contains… was… THEN… AND THEN…
No response Not The acquirer MIP will The issuer will not
or an invalid approved forward the receive an Authorization
response Authorization Request Response Negative
Response/0110 message Acknowledgement/0190
to the acquirer with: message.
DE 48, subelement 87 =
P
Merchant
provides
CVC 2
1 3
2 3
1 2 2 2
Banknet
Network
3 3 3 3
Acquirer MIP MIP Issuer
Stage Description
1. The merchant provides the CVC 2 value, and the acquirer generates an
Authorization Request/0100 message including CVC 2 in DE 48, subelement 92.
2. The acquirer MIP verifies whether the issuer is registered with MasterCard to
perform online CVC 2 verification. If the issuer is not registered, the MIP
places a U (Unregistered) in DE 48, subelement 87 and forwards the
Authorization Request/0100 message to the issuer without DE 48, subelement
92.
3. After the unregistered issuer transmits the Authorization Request
Response/0110 message, the acquirer MIP verifies that value U is in DE 48,
subelement 87 before forwarding it to the acquirer.
2 X
Or SAF
Invalid Value Queue
Merchant
provides MIP 2 Issuer
CVC 2
X Or 2
Invalid
Value
Central Site 4
1
2 2 2 3
1 1 2 2
Banknet Stand-in
Network Processor
3 3 3 3
Acquirer MIP MIP
Stage Description
1. The merchant provides the CVC 2 value, and the acquirer generates an
Authorization Request/0100 message including CVC 2 in DE 48, subelement
92.
2. Stand-In processing responds in the following conditions:
• The issuer is not signed in.
• The transaction cannot be delivered to the issuer.
• The issuer is not responding.
• The issuer’s Authorization Request Response/0110 message fails an edit
check and is rejected.
3. Stand-In processing generates the Authorization Request Response/0110
message.
IF the issuer is... THEN the Authorization System…
Unregistered Places value U (Unregistered) in DE 48, subelement
87.
Registered Places value P (Not Processed) in DE 48, subelement
87 and forwards the Authorization Request
Response/0110 message to the acquirer.
4. Stand-In processing also generates Authorization Advice/0120 messages as
appropriate and stores the advice in the Store-and-Forward (SAF) queue.
Stand-In processing will include value U (Unregistered) in subelement 87 of
DE 48 for issuers that have not registered or value P (Not Processed) for
issuers that have registered.
2 2 X Banknet
X X
3 Network
1
X Central Site
Stand-in
X Processor
Merchant MIP
Stage Description
1. The merchant supplies the CVC 2 value to acquirer.
2. The acquirer creates an Authorization Request/0100 message that contains
CVC 2 information, but transmission is not successful.
3. X-Code processing by the acquirer’s MIP will respond based on current X-
Code processing rules.
WHEN the issuer is... THEN the Authorization System…
Registered Adds value P (Not Processed) in DE 48, subelement
87 of the Authorization Request Response/0110
message.
Not Registered Provides value U (Unregistered) in DE 48,
subelement 87 of the Authorization Request
Response/0110 message.
Banknet
1 2 2 Network 2 2
Stage Description
1. The merchant supplies the CVC 2 value to acquirer.
2. If the issuer has registered and has chosen Limit-1 processing, and if CVC 2 is
present in the Authorization Request/0100 message, the acquirer’s MIP will
bypass Limit-1 processing and forward the request to the issuer for processing.
Note Members that do not currently use MasterCard ECR Service can request the ECR
service by completing the Global Service questionnaire, available from the
Customer Operations Services team.
To provide MasterCard with CVC keys and specifications, complete the CVC
Specification Form for Emergency Card Replacements.
MasterCard securely stores these keys and components, allowing access to the
information only to generate CVC coding for the ECRs processed through the
Global Service Center.
Cardholder-activated Terminals
Cardholder-activated terminals (CATs) are usually unattended terminals that
accept bankcards, debit, charge, and proprietary cards. These terminals are
frequently installed at rail ticketing stations, gasoline stations, toll roads,
parking garages, and other merchant locations.
Types of CATs
MasterCard has identified the following types of CATs, defined by levels.
ADMs must accept personal identification numbers (PINs) and must do all of
the following:
• Transmit the full, unaltered magnetic stripe in the authorization request
message
• Authorize all transactions
Self-service Terminals
A self-service terminal is a customer activated terminal, especially one
including the functions both of delivering and paying for goods (for example,
in an automatic fuel vending system). Example of self-service terminals
include (but are not limited to) automated fuel dispensers that use card
acceptor business code/merchant category code (MCC) 5542.
Self-service terminal requests are sent to the issuer whenever the issuer is
available, regardless of Limit-1 parameters.
For information about USD 1 authorization requests, see the GCMS Reference
Manual.
In-flight Commerce
In-flight commerce (IFC) identifies transactions that are conducted via
interactive video terminals by passengers on long-distance airline flights.
For processing requirements for IFC gaming transactions, see the GCMS
Reference Manual.
Note The IFC Blocked Gaming File applies only to in-flight commerce gaming, and not
to other IFC activity.
To list BINs in this file, complete the IFC Range Blocking for Gaming
Transactions form.
Distribution of the IFC Blocked Gaming File occurs two times each month.
MasterCard provides it either via a Banknet bulk file or via MasterCard File
Express. See the file layout in the IFC Blocked Gaming Transactions form for
more information.
Stage Description
1. MasterCard creates the IFC Blocked Gaming File at approximately 13:00 St.
Louis time and distributes it to acquirers’ MIPs.
2. Acquirers stage the file for unloading and distribute it to their gaming service
providers.
3. Gaming service providers must ensure timely delivery and installation of the
IFC Blocked Gaming File to the on-board servers that monitor IFC
transactions.
Note Because MasterCard requires IFC Blocked Gaming File access before every
gaming transaction, acquirers and gaming service providers must distribute and
install the file when they receive it.
Gaming service providers must monitor IFC gaming transactions for the
duration of each flight to ensure that cardholder accounts do not exceed the
specified transaction limits.
In-flight commerce gaming transactions bypass Limit-1 processing (that is, they
go directly to the issuer).
Stand-In processing and X-Code processing return a response of decline for in-
flight gaming transactions that exceed USD 350.
Transponder Transactions
Transponders use radio frequency signals to exchange identification
information with unattended terminals. Cardholders can use transponders to
initiate transactions at these unattended terminals.
Check Guarantee
The check guarantee service ensures funds availability when the check reaches
the payee bank for clearing.
For the data requirements as they apply to the authorization message formats,
see the Customer Interface Specification manual.
Stage Description
1. When the acquirer MIP receives an Authorization Request/0100 message, the
Authorization System checks whether the issuer designated the BIN for local-
use-only.
2. For BINs for which the issuer designated the BIN for local-use-only, the
Authorization System compares:
The issuer’s country on file at MasterCard to
The POS Country Code, DE 61 (Point-of-Service [POS] Data), positions 14–16 of
the Authorization Request/0100 message.
An accurate match depends on acquirers including the correct data in this field.
Note Use of the Country Level Authorization service does not alter a member’s
responsibility for the use of local-use-only cards outside the country of issuance,
including liability for all authorized and all below-the-floor-limit transactions.
In addition, MasterCard assumes no liability for improper authorizations of such
transactions that may result from issuer, acquirer, or merchant errors, or from
Authorization System or Country Level Authorization service outages.
Electronic Commerce
Electronic commerce transactions are non–face-to-face, online transactions that
use electronic media over a network, either public such as the Internet or
private such as an extranet. Cardholders usually initiate electronic commerce
transactions from consumer PCs.
Member Requirements
To be able to process electronic commerce transactions, members must meet
the following requirements.
Issuers
All issuers must be able to receive and process all electronic commerce data
present in the Authorization Request/0100 messages.
Acquirers
All acquirers must properly identify electronic commerce messages within the
Authorization Request/0100. They must be able to receive and to process
electronic commerce Authorization Request Response/0110 messages.
Internet
Banknet
Network
Merchant Acquirer Issuer
Cardholder
at PC
Stage Description
1. A cardholder accesses a merchant’s Web site via the Internet and requests to
make a purchase.
2. The merchant submits the cardholder’s information to the acquirer.
3. The acquirer sends an Authorization Request/0100 message, through the
Banknet network to the issuer.
4. The issuer makes the authorization decision and replies using an Authorization
Request Response/0110 message.
No Security Protocol
The following diagram illustrates the flow of an electronic commerce
Authorization Request/0100 and the Authorization Request Response/0110.
The example shows a transaction with no security protocol.
3 4
Stage Description
1. The cardholder browses the Internet until the cardholder is ready to make a
purchase from a merchant. In this example, the cardholder does not have
authentication of the merchant at any time.
2. The cardholder’s browser sends the purchase and payment information over
the Internet to the merchant. In this example, no security protocol protects
the request.
3. The merchant receives the purchase information and has access to all of the
cardholder account data that the cardholder provided (including payment
information).
4. The merchant requests authorization from the acquirer.
5. The acquirer generates an Authorization Request/0100, including both of the
following:
• Cardholder payment data
• Appropriate data element values that identify this as an electronic
commerce transaction with no security protocol and no cardholder
authentication
6. The issuer receives the authorization request and generates an Authorization
Request Response/0110.
7. The acquirer receives the Authorization Request Response/0110 and sends the
response back to the merchant.
Channel Encryption
Figure 9.17 illustrates the flow of an electronic commerce Authorization
Request/0100 message and the Authorization Request Response/0110 message.
The example shows a transaction that uses channel encryption protocol
between the cardholder and the merchant.
3 4
No authentication of Acquirer has no
merchant. Merchant authentication of
sees all cardholder merchant or Issuer has no
information. cardholder. authentication of
1
2 merchant or cardholder.
5
Protection
over the 0100 0100 0100 0100
Banknet
internet Network
Merchant Acquirer 0110 0110
0110 0110 MIP Issuer
8 7 MIP
6
Goods and
Services
Can open
Order
purchase
information
Authorization Request
Payment
Information Can open Opens
payment payment
information information
Response
Stage Description
1. The cardholder browses the Internet until the cardholder is ready to make a
purchase from a merchant.
2. The cardholder’s browser, which supports channel encryption (that is, SSL),
sends the purchase and payment information to the merchant. Channel
encryption protects the information over the Internet.
3. The merchant receives the purchase information and has access to all of the
cardholder account data that the cardholder provided.
4. The merchant requests authorization from the acquirer.
Stage Description
5. The acquirer generates an Authorization Request/0100 message, including
both of the following:
• The cardholder payment data
• The appropriate data element values that identify this as an electronic
commerce transaction with channel encryption protocol and no
cardholder authentication.
6. The issuer receives the authorization request and generates an Authorization
Request Response/0110 message.
7. The acquirer receives the Authorization Request Response/0110 and sends the
response back to the merchant.
8. The merchant provides acknowledgement to the cardholder (protected by
channel encryption as it travels over the Internet).
Note MasterCard will automatically enable issuers for Expired Card Override. Issuers
that want MasterCard to reject MasterCard Authorization Request/0100
messages containing expired expiration dates must complete the Expiration
Date Test Form.
Members can locate the expiration date in DE 14 (Date, Expiration), and from
the magnetic stripe track, in DE 45 (Track 1 Data), or DE 35 (Track 2 Data).
The following table provides examples of MasterCard expired card test logic.
Authorization Authorization
Transaction Card Expiration Request Expiration System
Date Date (MM/YY) Date (YY/MM) Response Explanation of Logic
0902 1002 0210 Accept October 2002 is later than the
(September (October 2002) (October 2002) current processing year and
2002) month. The system accepts the
date as valid.
0902 0201 0102 Decline February 2001 is earlier than the
(September (February 2001) (February 2001) current processing year and
2002) month. The system declines the
date as expired.
Authorization Authorization
Transaction Card Expiration Request Expiration System
Date Date (MM/YY) Date (YY/MM) Response Explanation of Logic
0902 0822 2208 Accept August 2022 is less than 20 years
(September (August 2022) (August 2022) from September 2002. The system
2002) accepts the date as valid, because
2022 is still within 20 years from
2002.
0902 0123 2301 Decline January 2023 is 20 years and four
(September (January 2023) (January 2023) months from September 2002. The
2002) system declines the dates as
expired, because 2023 is more
than 20 years from 2002.
Authorization Authorization
Transaction Card Expiration Request Expiration System
Date Date (MM/YY) Date (YY/MM) Response Explanation of Error
0902 05/31/03 3105 Decline May 2003 is eight months from
(September (merchant entered September 2002. However, the
2002) 0531 instead of 0503) merchant entered the month (05)
and the day (31), but not the year
(03). The Authorization System
reads the expiration date as May
2031.
The system declines the date as expired, because 2031 is more than 20 years
from 2002. However, the expiration date is valid, and perhaps the issuer
would have accepted the transaction.
Alternate Processing
If the issuer is enabled for Expired Card Override and is unavailable, the
Authorization System performs the expired card tests, either in Stand-In
processing or during X-Code processing.
Stand-In Processing
Stand-In performs an expired card test. For transactions that fail the expired
card test, Stand-In processing:
• Returns to the acquirer code 54 (Expired card) in DE 39 (Response Code)
of the Authorization Request Response/0110 message
• Stores the transaction in the Store-and-Forward queue with code 0029 in
DE 60 of the Authorization Advice/0120 message, available for issuer
retrieval. (Code 0029 indicates that Stand-In processing returned code 54
in the Authorization Request Response/0110 message.)
• Identifies the transactions with reason code R (Negative File) on the
following reports:
− AB201010-AA (Authorization Detail)
− AB111010-AA (Stand-In Detail Authorization)
− AB517010-AA (Issuer Call Referral Tiered Detail)
See the MasterCard Consolidated Billing System Manual for samples of
these reports.
Expired Card
Issuer is
Test Override:
unavailable.
Yes
Banknet
Network x x
Acquirer MIP MIP Issuer
MIP
0110 message:
For expired dates, Stand-In
returns "54" in DE 39. Store-and-Forward
Queue:
Stand-In For expired dates,
Processing Stand-In stores SAF
"0029" in DE 60, Queue
positions 4-7
Stand-In performs the
expired date edit.
X-Code Processing
X-Code processing performs an expired card test. For transactions that fail the
expired card test, X-Code processing returns to the acquirer code 54 in DE 39
of the Authorization Request Response/0110 message.
Expired Card
Test Override: Issuer is
Yes unavailable.
Banknet
Network x x
Stand-In
Processing
Stand-In is unavailable.
To receive the incentive interchange rates for Fleet Card transactions, acquirers
must capture specific data to support submission requirements for clearing
records.
To determine which data to include, the merchant terminal must recognize the
Product Type Code on the magnetic stripe. The Product Type Code
determines the:
• Terminal prompt at the POI location
• Data that the acquirer must include in the DE 48 (Additional Data—Private
Use) field of the Authorization Request/0100 message
Product Type
Code Value Terminal Prompt—Acquirer May Receive from Merchant
1 ID Number and Odometer
2 Vehicle Number and Odometer
3 Driver Number and Odometer
Product Type
Code Value Terminal Prompt—Acquirer May Receive from Merchant
4 Odometer Only
5 No Prompt
GARS is mandatory in the U.S. region and optional for members outside the
U.S. region.
GARS Process
When the merchant receives a “refer to card issuer” authorization response, the
merchant calls the acquirer. The acquirer calls GARS, which uses one of the
following four paths to obtain an authorization response:
• GARS connects the acquirer to the issuer
• GARS connects the acquirer to Stand-In processing
• A GSC agent sends a telex to the issuer
• A GSC agent connects the acquirer to Stand-In processing
GARS
Acquirer Issuer
GARS connects the acquirer to the issuer. The acquirer receives the
authorization response from the issuer and relays the response to the
merchant.
GARS
Issuer does not
respond within
Acquirer 30 seconds Issuer
Stand-In
If the issuer does not respond to the phone call within 30 seconds, GARS
connects the acquirer to MasterCard Stand-In processing. The acquirer
receives the authorization response from MasterCard Stand-In processing. The
acquirer relays the response to the merchant.
MasterCard
GARS GSC
Agent
Acquirer Issuer
If the issuer does not use GARS, GARS connects the acquirer to a MasterCard
Global Service Center agent. The agent initiates a telex to the issuer. The
issuer provides the authorization response to the Global Service Center agent,
who communicates the response to the acquirer. The acquirer relays the
response to the merchant.
MasterCard
GARS GSC agent connects GSC Issuer does not
the acquirer Agent respond to the telex
Acquirer to Stand-In. within two minutes. Issuer
Stand-In
The agent connects the acquirer with Stand-In processing if either of the
following is true:
• The issuer does not acknowledge the telex within two minutes, or
• The issuer acknowledges the telex within two minutes but does not
provide an authorization response within 10 minutes.
Figure 9.24 illustrates the entire GARS process with all four paths.
Merchant
Acquirer
Yes: GARS
GSC agent connects acquirer Is a telex No: GARS routes
required? call to issuer.
to a GSC agent.
Issuer
Acquirer Procedures
Acquirers receiving a “refer to card issuer” authorization response should use
the following procedure to receive an authorization decision from the issuer.
If the issuer does not connect with the call within 30 seconds, GARS connects
you to Stand-In processing. To receive an authorization decision from Stand-
In processing, follow these steps.
If the GARS database determines that a telex must be used to complete the
call, GARS places you on hold (and does not initiate Stand-In processing). A
MasterCard Global Service Center agent telexes the issuer. The MasterCard
agent obtains an authorization response from the issuer and provides the
authorization response.
If the issuer or its agent cannot respond to the call referral in a timely manner,
through either GARS or the MasterCard International Telecommunications
Authorizations Center (ITAC), GARS routes the call referral to the MasterCard
Central Site Stand-In processing facility. Acquirers should allow additional
time to complete the call and be prepared to provide additional authorization
information, as required by Stand-In processing.
Acquirers should monitor call referral response rates to identify merchants that
do not comply with the call referral process. To help acquirers monitor their
merchants, MasterCard provides GARS members with the Monthly Acquirer
Response Below Target Report (GR128010-BB).
Issuer Procedures
When you issue a response of “refer to card issuer” and the acquirer contacts
you via GARS, follow these steps.
Issuers should establish Stand-In processing transaction limits that are specific
to transactions approved through GARS call referrals. The MasterCard Central
Site Stand-In processing facility ensures a timely authorization decision when
the issuer is not available.
MasterCard suggests that GARS issuers establish two phone numbers for GARS
call referral processing. Issuers can have all intracountry call referrals routed
to one phone number and all intercountry call referrals routed to another
phone number. Issuers can better anticipate potential language differences
and offer enhanced services to cardholders traveling outside of their countries.
Charges to the issuer apply for issuing each call referral and for completed
GARS calls initiated by the acquirer. Issuers also pay a noncompliance
assessment for Stand-In processing if they fail to answer a GARS call within 30
seconds or a GARS telex within two minutes.
Store-and-Forward Messages
Issuers also can monitor call referrals completed through GARS via store-and-
forward (SAF) messages. MasterCard generates Authorization Advice/0120
messages for GARS transactions that Stand-In processes. MasterCard uses a
promotion code of “MCGARS” to identify GARS Stand-In activity. See chapter
5 for more information about retrieving SAF messages, and the “Promotion
Code” topic in this chapter for more information about promotion code.
The Chip to Magnetic Stripe Conversion and the M/Chip Cryptogram Pre-
validation on-behalf services are provided on a permanent basis. The M/Chip
Cryptogram Validation in Stand-In Processing on-behalf service is provided on
a dynamic basis if an issuer is not able to respond to an authorization request.
Issuers that want to use M/Chip on-behalf services may select only one of the
following services:
Providing this information allows the issuer to make the authorization decision
based on information remaining in the authorization request, without having to
reject the transaction because it does not currently process M/Chip
transactions.
For more information about using the Chip to Magnetic Stripe Conversion
service, see the Customer Interface Specification manual.
After performing this service, MasterCard notifies issuers of the results of the
cryptogram validation. Issuers may use these results in the authorization
approval process.
Note MasterCard recommends that all acquirers participate in the Magnetic Stripe
Compliance Program.
Step Action
1. Complete the Magnetic Stripe Compliance Program Application, identifying
each processor they will use.
2. Submit the forms to the Customer Operations Services team.
3. Begin submitting Authorization Request/0100 messages with value 90 in DE 22
(Point-of-Service [POS] Entry Mode), subfield 1 (POS Terminal PAN Entry
Mode) so that MasterCard can monitor the inclusion of complete and
unaltered track data.
4. Review the Magnetic Stripe Compliance monitoring reports provided by
MasterCard. These reports separate track data errors at the merchant and
terminal levels, according to acquirer/processor combination.
5. If necessary, resolve any errors identified by the monitoring reports.
Note Acquirers must notify MasterCard when they make any changes to their
acquirer/processor combinations. Examples of such changes include changing
the Forwarding Institution ID Code for transaction routing or changing the
Acquiring Institution ID Code for transaction routing.
Monitoring Phase
Monitoring typically lasts for seven calendar days, but it can last longer if the
reports identify integrity errors.
Note Until the acquirer completes the monitoring phase of the Magnetic Stripe
Compliance Program, MasterCard will alter the value in DE 22, subfield 1 to
value 02, indicating that the track data may not be complete.
Note Issuers can vary the length of their track data and the subelements within the
track data.
MasterCard Edits
MasterCard edits Authorization Request/0100 messages from the previous day’s
activity to ensure that it is consistent with the requirements documented in the
Customer Interface Specification manual. When MasterCard identifies
erroneous data, MasterCard informs the primary member contact listed on the
Magnetic Stripe Compliance Program Application of the erroneous data.
Acquirers may perform authorization processing via manual telex using the
following procedures.
Telex Requests
To request authorizations via manual telex, follow these steps. Acquirers that
do not use the Global Automated Referral Service (GARS) may use manual
telex in response to a call referral.
Step Action
1. Prepare a telex using the format illustrated in Figure 9.25.
2. Dial telex number: (U.S. country code) 434800. The MasterCard International
Telex Authorization Center (ITAC) has six rotary lines available and receives
telex calls on the first available line. It sends the response: 434800 ITAC UI.
3. After receiving the proper telex response, transmit the prepared telex.
Telex Responses
After sending an authorization request, wait for the telex response. The ITAC
operator will send the response to you within three minutes.
If a response is not immediately available, you will receive the response CB.
This indicates that the authorization reply is not immediately available. When
you receive the response CB, terminate the telex call. ITAC will contact you as
soon as the response is ready. See Figure 9.26 and the field descriptions for a
sample of this response.
R634253 CB
If you are a U.S. region acquirer responding to a call referral, ITAC will phone
you with the authorization response.
The following conditions apply for acquirers outside the U.S. region:
• If you are a GARS acquirer and the call referral originated via phone, ITAC
will transmit the response via phone.
• If you are a non-GARS acquirer or a GARS acquirer that received the call
referral via telex, ITAC will transmit the response via telex.
• See Figure 9.27 for a sample response via telex. Disconnect the telex line
when you receive the response.
The issuer may include in the authorization response any information that the
issuer decides is necessary (for example, a telex response may include the
cardholder’s address or mother’s maiden name); this supplies a means for the
merchant to positively identify the cardholder. This information may appear
anywhere on the telex.
The MasterCard ATM Network is the world’s largest global ATM network. It
has more ATMs, in more countries, accessed by more cardholders, conducting
the most transactions than any other ATM network. The MasterCard ATM
Network and member processors continue to provide a superior percentage of
completed transactions. Cardholders using MasterCard, Maestro, and Cirrus
branded cards know that they can expect to receive the cash they requested.
Data Security
The MasterCard ATM Network rules require that all ATMs migrate to triple data
encryption standard (triple DES) for encryption of cardholder-entered personal
identification number (PIN). The triple DES encryption technology reduces the
likelihood of fraud losses by making it more difficult for criminals to discover
sensitive account information.
ATM Locator
The MasterCard ATM Locator is a set of Web sites and toll-free automated
voice recognition systems that cardholders use to search for ATMs.
Cardholders access the MasterCard ATM Locator using:
• The Internet
• Mobile phones
• Personal digital assistants
• Voice response telephone numbers
• Onboard vehicle navigation systems
• Bank Web sites
ATM Directory
The MasterCard ATM Directory enables members and processors to efficiently
manage and market their ATM location information. ATM location information
may include enhanced details, such as:
• Phone numbers
• Airport locations
• Location descriptions
• Hours of operation
• Landmarks
• ATM types
• Handicap accessibility information
Benefits
The MasterCard ATM Network provides numerous benefits to cardholders,
acquirers, and issuers.
• The MasterCard ATM Network provides cardholders with:
− Worldwide access to cash 24 hours a day, seven days a week
− No need to carry large sums of cash
− Favorable currency conversion exchange rate
• Acquirers benefit from the MasterCard ATM Network because the network
provides:
− Interchange income each time a MasterCard or Cirrus cardholder uses
an ATM owned by that acquirer that displays the MasterCard and Cirrus
logos
− Competitive advantage by accepting MasterCard, Maestro, and Cirrus
cards having worldwide recognition and acceptance
− More transactions from more cardholders, lowering the cost per
transaction
• Issuers benefit from the MasterCard ATM Network because the network
provides:
− Competitive advantage by offering MasterCard, Maestro, and Cirrus
cards having worldwide recognition and acceptance
− Fee revenue opportunities
Supported Transactions
The MasterCard ATM Network supports a variety of transactions, including:
• Cash withdrawal from debit accounts
• Cash disbursement from credit accounts
• Account balance inquiry from debit accounts
• Available balance inquiry from credit accounts
• Merchandise purchase from debit accounts for items, such as postage
stamps and other items approved by MasterCard.
Acquirers must successfully complete testing for ATM merchandise
transaction before submitting merchandise purchase transactions to
MasterCard.
Direct Interface
Issuers that choose to interface directly with the MasterCard ATM Network
receive ATM transactions via a Financial Transaction Request/0200 message.
For a description of the 0200 messages, see the MDS Online Specifications and
the Cirrus Worldwide Operating Rules.
PIN Validation
Issuers can choose to have MasterCard validate the PINs or to validate the PINs
themselves.
IF… THEN…
MasterCard validates the PIN MasterCard performs this service before forwarding the
Authorization Request/0100 message to the issuer.
The issuer validates the PIN MasterCard forwards the PIN to the issuer with the
Authorization Request/0100 message.
Issuers that validate their own PINs must send to MasterCard the encryption
key to translate encrypted PINs in the online request message.
Issuers that choose to have MasterCard validate PINs for ATM transactions
must complete the PIN Processing Profile form and must provide PIN
verification keys by completing the Hard Copy Key Exchange form.
Stand-In Processing
Issuers can choose whether to have Stand-In processing process online request
ATM transactions when they are not available. Issuers may choose to have
MasterCard validate a PIN if a PIN is present in an online request message
when the issuer is unavailable.
MasterCard SecureCode
MasterCard® SecureCode™ builds upon the infrastructure requirements for
channel encryption with the additional benefit of cardholder authentication.
When used in conjunction with components of the MasterCard payment
infrastructure, this program provides a mechanism for online merchants to
potentially receive an enhanced payment guarantee similar to what retailers
(non-Internet) receive with qualifying physical point-of-sale transactions.
AAV is generated by the issuer and presented to the merchant for placement in
the authorization request upon successful authentication of the cardholder.
UCAF is used to transmit the AAV from the merchant to the issuer for
authentication purposes during the authorization process.
Issuers that want to use AAV verification may implement the following AAV
verification services:
• MasterCard SecureCode AAV Verification
• MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing
When the issuer’s host system is available and after the verification process is
complete, MasterCard includes in the Authorization Request/0100 message
DE 48, subelement 71 (On-behalf Services) containing:
• Subfield 1 (On-behalf [OB] Service) with the value 05
• Subfield 2 (On-behalf [OB] Result 1) with the value I, U, or V
For more information about using the SecureCode AAV Verification service,
see the Customer Interface Specification manual.
For additional information about the data elements required to support the use
of UCAF, see the Customer Interface Specification manual.
Issuer Options
Issuers may choose to accept Visa activity using their connection to the
Banknet network. This connection is called “peer-to-peer.”
CPS Transactions
For Visa transactions that indicate CPS, MasterCard routes the authorization
request to the Visa network.
For the data requirements as they apply to the authorization message formats,
see the Customer Interface Specification manual.
Alternate Processing
If the Visa network is unavailable to authorize a CPS transaction through the
MasterCard gateway, MasterCard processes the authorization request using the
MasterCard Stand-In parameters for Visa activity.
Indicators
MasterCard provides support of various Visa programs by the use of specific
indicators in Authorization Request/0100 messages.
Transponder Indicator
Cardholders may use transponders, which use radio frequency signals, to
exchange identification information with cardholder-activated terminals or
other point-of-interaction (POI) devices to initiate a transaction. These non–
face-to-face transactions occur when the card is not present (when the
transponder is the device activating the transaction).
Visa CVV2
MasterCard supports processing of Visa CVV2 transactions in the same
subelements that support MasterCard CVC 2 data.
• CVV2 match
• CVV2 no match
• Not processed
• CVV2 is on the card, but the merchant has indicated that CVV2 is not
present
• Issuer is not Visa-certified for CVV2, has not provided Visa encryption
keys, or both
Member-defined Data
MasterCard allows members to exchange as many as 99 bytes of member-
defined data to and from another member in authorization messages.
The Authorization System will not edit the content of DE 124 as long as it is
alphanumeric/special character data and is only as many as 99 bytes in length.
The Authorization System will limit the length of the member-defined data in
DE 124 to 99 bytes in Authorization Request/0100 messages and 99 bytes in
Authorization Request Response/0110 messages.
Value Description
01 New Account Information Available
02 Cannot Approve at This Time
03 Do Not Try Again
Apr
21 Recurring Payment Cancellation Service 2006
Common DE 39 Values
The following table lists the most common values for DE 39 that issuers send
in conjunction with the Merchant Advice codes.
Value Description
00 Approved
05 Do not honor
14 Invalid card number
51 Insufficient funds/over credit limit
54 Expired card
The following table provides examples of how issuers and acquirers should
use the combination of DE 48, subelement 84 and DE 39.
Partial Approvals
Apr
The partial approval enables issuers to approve a portion of a requested 2006
transaction amount, instead of declining the entire authorization request when
the transaction amount exceeds the amount of funds available on a prepaid
card.
When the acquirer transmits an indicator in the authorization request that the
merchant terminal supports partial approvals, the issuer has the option to
respond with the partial approval amount and partial approval response code.
The cardholder can then choose to use a supplemental payment method (split
tender) to pay the balance and complete the purchase. The partial approval
can reduce checkout times and enable cardholders to use a prepaid card’s
entire balance, even when the available balance is unknown and does not
cover the entire purchase.
Upon receipt of a partial approval, acquirers often send a balance due message
to the integrated terminal. This message indicates the difference between the
original purchase amount and the partial amount approved by the issuer. By
displaying the remaining balance due amount, the cashier can quickly and
accurately prompt the customer to complete the split-tender purchase.
Alternate Processing
The Stand-In processing and X-Code processing do not provide partial
approval responses to authorization requests because these systems do not
maintain prepaid card balances.
Person-to-Person Transactions
Person-to-person transactions may be initiated by consumer, business, or
corporate cardholders. Person-to-person transactions usually require:
Funding Transaction
In the funding transaction, the payer initiates the transfer of funds to a
payment transaction provider through a Web site maintained by the payment
transaction provider. The payer usually indicates the name and e-mail address
of the payee to receive the payment amount.
1 Payment 2 3
Transaction
Provider
Cardholder 6 Web Site 5 4
Payer Acquirer Issuer
Stage Description
1. The payer authorizes the payment transaction provider to transfer funds to a
designated payee, entering MasterCard account information via the payment
transaction provider Web site.
2. The payment transaction provider Web site forwards authorization information
for the payment amount to an acquirer.
3. The acquirer transmits an Authorization Request/0100 message to the payer’s
issuer.
Stage Description
4. The payer’s issuer responds with an Authorization Request Response/0110
message to the acquirer.
5. The acquirer forwards authorization response information to the payment
transaction provider Web site.
6. The payment transaction provider Web site confirms that the person-to-person
transaction has been initiated, usually providing a confirmation number and
transaction details.
Payment Transaction
The payment transaction is used to transfer funds to a payee (the recipient of
the payment transaction).
The following diagram illustrates how the payment transaction pays the
cardholder payee when using Authorization System enhancements.
1 Payment 3 4
2 Transaction
Cardholder
Provider 6 5
Payee 7 Web Site
Acquirer Issuer
Stage Description
1. After the payer has requested a transfer of funds using his or her payment
account to the payee, the MasterCard payment transaction provider sends an
e-mail message to the payee to advise that funds are currently payable to the
payee.
2. The payee enters MasterCard account information via the payment transaction
provider Web site.
3. The payment transaction provider Web site forwards authorization information
to an acquirer.
4. The acquirer transmits an Authorization Request (Payment Transaction)/0100
message to the payee’s issuer.
Stage Description
5. The payee’s issuer responds with an Authorization Request Response/0110
message to the acquirer.
6. The acquirer forwards authorization information to the payment transaction
provider Web site.
7. The payment transaction provider Web site confirms that funds have been
transferred to the payee’s MasterCard account, usually providing a
confirmation number and transaction details.
Requirements
MasterCard must approve all requests to block Payment Transaction
authorizations.
Step Action
1. Document the legal restrictions that would prevent their participation in
Payment Transactions.
2. Complete and submit the Payment Transaction Blocking Form.
For account ranges that issuers have arranged to have blocked, the
Authorization System rejects Payment Transactions containing any account
number within the account range listed in the Payment Transaction Blocked
BIN file.
Alternate Processing
Members can choose to use Stand-In processing for Payment Transactions.
Member cannot use Limit-1 processing or X-Code processing for Payment
Transactions.
Note MasterCard does not encourage members to use Stand-In processing for
Payment Transaction authorizations.
Stand-In Processing
If members choose to use Stand-In processing for Payment Transaction
authorizations, MasterCard recommends that members use discretion for these
transactions.
Parameters
Note Stand-In processing declines Payment Transactions for issuers that do not
specify a higher Stand-In processing limit for Payment Transactions. To set
higher Stand-In processing limits, use the Stand-In Processing Worksheet to
submit your requested limits.
Velocity Testing
Limit-1 Processing
Limit-1 processing cannot be established for Payment Transactions.
X-Code Processing
Acquirer MIP X-Code processing will not approve Payment Transactions.
PIN Processing
The Authorization System supports processing of MasterCard purchase
transactions that contain a personal identification number (PIN). Cardholders
may enter a PIN at the point of interaction as an alternative to signing a sales
slip.
Acquirer Requirements
Acquirers that choose to support PIN authorization requests must use their
existing Banknet MIP Authorization System interface connections with no
changes in authorization message routing. Acquirers must comply with the
following steps before processing MasterCard purchase transactions that
contain a PIN in Authorization/01xx messages.
Step Action
1. Determine whether to support static or dynamic PEK exchanges.
The Authorization System and members’ systems use PEKs to encrypt or
decrypt PINs. PEKs provide a secure means of passing PIN information in
Authorization/01xx messages. Acquirers must determine whether they will
support either static or dynamic PEK exchanges. For increased security,
MasterCard strongly recommends using dynamic PEK exchanges.
For detailed data element descriptions, see the Customer Interface Specification
manual.
Issuer Requirements
Issuers must comply with the following steps before verifying the PINs in
MasterCard purchase transactions that contain a PIN in Authorization
Request/0100 messages.
Step Action
1. Determine the method for receiving purchase transactions that contain a PIN
from the following options:
• Through a Banknet network Authorization Request/0100 message
interface—this method is the default method for issuers that currently
receive their MasterCard ATM cash disbursement and ATM balance inquiry
activity using this interface. Static PEKs that are already active and
operational at the MDS will be used for each of the issuer’s bank
identification number (BIN)/card ranges. Issuers may choose to support
dynamic PEK exchanges instead.
• Through an MDS Financial Transaction Request/0200 message interface—
this method is the default method for issuers that currently receive their
MasterCard debit activity, ATM activity, or both using this interface. These
transactions are identified as “preauthorization requests” with value 4 in
position 7 of DE 61 because they must be cleared through the MasterCard
clearing facility (the Global Clearing Management System) with all other
purchase activity. PEKs that are already active and operational at the MDS
will be used for each of the issuer’s BIN/card ranges.
Note: Members inform MasterCard which method they select by completing
and returning to MasterCard the PIN Processing Profile Form.
2. Determine whether to support dynamic PEK exchanges.
For dynamic PEK exchanges, the Authorization System and the issuer must
establish a new single Key Encryption Key (KEK) for all BINs that the issuer
will process. This new KEK must be associated with the issuer’s Member
Group ID that the issuer uses for sign-on, sign-off, and store-and-forward
(SAF) sessions for the associated BINs.
The issuer must complete the Member-Initiated KEK Part Exchange Form.
For increased security, MasterCard strongly recommends using dynamic PEKs.
Note If an issuer does not comply with the requirements for verifying PIN data, the
Authorization System will forward all authorization requests for purchase
transactions that contain a PIN to the issuer with PIN data containing zeroes.
The issuer can then make the authorization decision based on other data within
the authorization message.
For detailed data element descriptions, see the Customer Interface Specification
manual.
If the Authorization System does not verify the PIN data and the issuer is
unavailable or unable to process the Authorization Request/0100 message, the
Authorization System responds to the acquirer with an Authorization Request
Response/0110 message indicating the issuer could not process the
Authorization Request/0100 message.
Encryption
The approach that the Authorization System uses for network security
management is PIN encryption using data encryption standard (DES).
Members may choose to use either single DES or triple DES. The acquirer
must send the entered PIN to the MDS, encrypted in an ANSI block format
(see Figure 9.30).
XOR 04126D8CCCCCCBBAA
0000 597333333445
Encryption
PIN Block PEK
04126D8CCCCCCBBAA 935A342A1122B33B
Encrypted PIN
Block
C4E1E07AEFCC16B5
Decryption
Encrypted PIN Block PEK
C4E1E07AEFCC16B5 935A342A1122B33B
Security
Security using DES depends on the secrecy of the keys used, and therefore on
the management of the keys (see Figure 9.31). The Authorization System
implements the “zone” approach rather than the “end-to-end” approach to key
management.
The following table describes the difference between the two types of key
management.
Zone End-to-End
Encryption of data between zones using a Encryption of data between its origination
PEK unique to the Authorization point and final destination using a key
System/member pair. Data that must be unique to the end-to-end pair. Data is
transmitted through several zones is encrypted at the source and not decrypted
decrypted and re-encrypted at each entity. until reaching the final destination. Each
For dynamic PEK exchanges, the point of origin must maintain a unique key
Authorization System/member pair must for each final destination to which it
also maintain a unique KEK. transmits, and each final destination must
maintain a unique key for each point of
entry from which it can receive.
MasterCard chose the zone approach instead of the end-to-end approach for
the following reasons:
• Key exchange is required only between issuers and acquirers connected to
the Authorization System.
• The approach does not require loading keys to the terminal for every card
that processes MasterCard purchase transactions containing a PIN.
For MasterCard purchase transactions that contain a PIN, all PINs must be
encrypted at the point of entry (the terminal). The PIN remains encrypted
until the issuer receives it for verification. It is translated from one zone’s PEK
to another zone’s PEK as it is passed from one member to another through the
Authorization System. When the member passes the PIN to the Authorization
System, the Authorization System translates it using the ANSI PIN block format.
The ANSI PIN block is the only format that the Authorization System supports.
HSM that
stores Point of
PEK 1 Interaction
HSM that
stores Point of
Interaction PEK 1 used Zone 1
PEK 1
HSM that
stores
PEK 1 and 2
Acquirer
Zone 2
PEK 2 used
HSM that
stores
PEK 3
Issuer
Establishing PEKs
The Authorization System shares a PEK with each member during PIN
transaction processing. The Authorization System and member use ANSI PIN
block formatting for encryption and decryption.
The member may use the same or a separate PEK for issuing and acquiring
transactions.
PEK Storage
Members are responsible for safely storing their PEKs by encrypting them
under a proprietary Master File Key using hardware security procedures.
Members must store PEKs within a Tamper Resistant Security Module (TRSM).
PEK Implementation
When new PEKs are created, the member has five minutes to implement the
new PEK. During that period, the Authorization System attempts decryption
using the previous PEK in the event that the new PEK is in error.
Note For increased security, MasterCard strongly recommends using dynamic PEKs.
Static PEK
The Authorization System and the member do not exchange the static PEK
online; they create it through a manual (offline) process. Members must use
the Static PEK Component Form to create the static PEK with MasterCard. The
MasterCard and Member Key Officers 1 must adhere to the strict procedure
described on the form to establish the static PEK.
Dynamic PEK
The Authorization System randomly generates dynamic PEKs for each member.
Only the Authorization System can send a new dynamic PEK; however, a
member may request a new PEK at any time.
The Authorization System will create a new dynamic PEK automatically online
every 24 hours or every 2,500 transactions, whichever occurs first. It will also
create a new dynamic PEK after five consecutive Sanity Check errors.
1 MasterCard recommends that Member Key Officers not have extensive technical
backgrounds.
Establishing KEKs
The Authorization System sends new dynamic PEKs online using Network
Management (08xx) messages. The member must establish the Key Exchange
Key (KEK) with the Authorization System before exchanging dynamic PEKs.
The Authorization System and the member use a shared KEK to encrypt and
decrypt each PEK. The Authorization System and each member are jointly
responsible for generating the unique KEKs used to exchange and encrypt
PEKs.
Stage Description
1. The Authorization System uses the KEK to encrypt the new PEK and check
value.
2. The Authorization System sends the new PEK to the issuer in an online
Network Management Request (PEK Exchange)/0800 message.
3. The member validates the check value and loads the new PEK.
4. The member uses the check values to ensure that the Authorization System
generated the new PEK from the same unique KEK established between the
member and the Authorization System.
The Authorization System changes the PEK after five consecutive Sanity Check
errors. Sanity Check errors are those that the PSD detects as possible PEK
corruption by verifying that the cleartext PIN block is in the expected format.
Members must use the Member-Initiated KEK Part Exchange Form to create the
KEK with MasterCard. The MasterCard and Member Key Officers must adhere
to strict procedure described on the form to establish the KEK.
PIN Verification
MasterCard provides a PIN verification service for all purchase transactions that
contain a PIN.
Note Track data must be present for MasterCard to perform PIN validation because
the Authorization System must have a means to obtain offset data from the
issuer.
If the issuer currently uses the PIN Verification Service that the MDS provides
for ATM cash disbursement and balance inquiries, the issuer may choose to
have the Authorization System perform PIN verification on all PIN-based
purchase activity using the same parameters.
Members that want to use the PIN Verification in Stand-In Processing service
can request this service by completing the Key Validation Service Specification
Form and following the procedures in the On-behalf Key Management (OBKM)
Document Set.
For examples of the automatic transfer of AMS accounts and for billing
information for that service, see the Account Management User Manual.
The following table shows the stages in the transfer of BINs and AMS
accounts.
Fees
The following fees apply to portfolio sales services.
Service Fee
Full BIN—Authorization Flat fee, billed to the requesting member.
Processing
Full BIN—AMS account transfer • Flat fee, billed at ICA/BIN level
• Per-account fee, billed at the account level for
each account transfer
Partial BIN—Authorization Flat fee per portfolio and BIN, billed to the
Processing requesting member
The members involved in the portfolio sale may decide which of them will
receive the charges for the Full BIN—AMS account transfer fees. MasterCard
can bill one member for both fees, or MasterCard can bill one member for the
flat fee and another member for the per-account fee.
Promotion Code
The promotion code is an alphanumeric code that members can include in the
Authorization Request/0100 message.
This promotion may require issuers to use different authorization criteria than
they do with most transactions. The promotion code allows the issuer to
recognize that this transaction uses the different criteria to determine
authorization responses for transactions that occur at the participating
merchants.
MasterCard may also specify other uses of the promotion code. When
MasterCard specifies these other uses, the Customer Interface Specification
manual provides details about them.
Stage Description
1. The merchant includes the promotion code when it sends transaction data to
the acquirer.
2. The acquirer sends the promotion code in DE 48 (Additional Data—Private
Use) of the Authorization Request/0100 message to the issuer for the
authorization decision.
3. The issuer can use the promotion code to identify transactions that occur at a
merchant that participates in that issuer’s promotion program.
For details about the data requirements, see the Customer Interface
Specification manual.
MasterCard allows the use of Purchase of Goods or Services with Cash Back in
Authorization/01xx and Reversal/04xx messages for Debit MasterCard cards.
Issuers may choose whether to allow the Stand-In System to process Purchase Apr
of Goods or Services with Cash Back transactions that are either PIN-based, 2006
signature-based, or both for Debit MasterCard cards. To indicate the Stand-In
System to process Purchase of Goods or Services with Cash Back transactions
for PIN-based, signature-based, or both for Debit MasterCard cards, issuers
may update the Purchase of Goods and Services with Cash Back for Debit
MasterCard Cards Participation form.
To Participate
Issuers may complete the Purchase of Goods or Services with Cash Back for
Debit MasterCard Cards Participation form, available in the Business Forms
section of MasterCard OnLine (under Resources in the main menu) and at the
end of this manual.
Recurring Payments
Recurring payments are payments by an issuer to an acquirer on behalf of a
cardholder who authorizes a merchant to bill the cardholder’s account on a
recurring basis (such as monthly or quarterly). The amount of each payment
may be the same or may fluctuate.
Note The recurring payment indicator in DE 61, subfield 4 is required for all recurring
payment transactions.
For more information about recurring payments, see “Merchant Advice Codes”
earlier in this chapter.
Benefits of RPCS
RPCS provides the following benefits to the parties involved in processing
recurring payment transactions:
• Increases cardholder confidence to engage in preauthorized recurring
payment transactions
• Promotes recurring payments to increase cardholder transaction volume
• Reduces cardholder dissatisfaction due to being charged after terminating a
recurring payment arrangement with a merchant
• Reduces chargebacks and costs of chargeback handling
For samples of these reports and field descriptions, see chapter 10.
To Participate
Issuers must notify MasterCard to participate in this service. To request
participation, contact the Customer Operations Services team.
RiskFinder
RiskFinder™ is a service that MasterCard offers to help issuers more effectively
predict fraudulent card use. RiskFinder uses a state-of-the-art neural network
to evaluate authorization transactions and produce a transaction score relative
to the potential fraudulent use of the card.
Using RiskFinder
RiskFinder bases scores on merchant and cardholder data available to the
issuer’s RiskFinder scoring system. This global information complements
members’ current account-based fraud prediction systems. For members not
currently using any fraud predictive model, this package provides a
comprehensive tool to help issuers potentially reduce fraudulent card use.
To Participate
Issuers must notify MasterCard to participate in this service. To request
participation, contact the Customer Operations Services team.
This capability:
• Provides secure access to proprietary authorization information
• Retrieves 17 relevant transaction data elements online with the option to
view all available data elements for a transaction.
• Returns the data within seconds after the member electronically submits
the request for research
In addition, users can print the transaction data or export the information into
a Microsoft® Excel file.
Step Action
1. Log on to MasterCard OnLine® at www.mastercardonline.com.
2. Under the Products menu, click Order Products. The MasterCard Product
Catalog page appears.
3. Click the letter E in the alphabet (the first letter in the MasterCard eService
product name) to go to the MasterCard eService products.
4. Scroll to the eService Transaction Research section.
5. Click New Product Request to request access or Update Product Access to
request a change to an existing profile.
6. Complete the online form, and then click Submit
Step Action
1. Log on to MasterCard OnLine at www.mastercardonline.com.
2. On the Products menu, point to My Products, and then click MasterCard
eService. The MasterCard eService home page appears.
The following procedure explains how to use the Transaction Research tool.
Step Action
1. In the Card Number box, enter the cardholder account number that you want
to research.
Note: MasterCard uses the optional ICA number for your tracking purposes
only. If you enter an ICA number here, it will appear on your billing report to
help you identify transactions.
2. In the Data Range area, enter a starting transaction date and an ending
transaction date using a MM/DD/YYYY format.
Note: Click the Calendar link to select a date.
Figure 9.33 provides a sample of the search results screen that the MasterCard
eService Transaction Research tool provides.
To display the detailed results for a specific transaction, select the transaction
you want, and then click Detail.
Figure 9.34 provides a sample of the detailed results that the MasterCard
eService Transaction Research tool provides.
To Participate
Acquirers must notify MasterCard to participate in this service. To request
participation, contact the Customer Operations Services team.
Velocity Monitoring
Velocity monitoring reports specific information about unusual authorization
activity, based on parameters that members supply. The purpose of the
service is to help members identify fraudulent transactions or merchants.
Velocity monitoring uses the activity that the Authorization System processes
and the member-supplied parameters to produce reports.
AVM Reporting
AVM reports identify accounts for which authorization activity met or exceeded
the criteria that the member specified. Members can specify parameters for:
• All transactions
• By region
• By industry
• By product type
• For unique transaction types
• For MCC combinations
MVM Reporting
At the end of each authorization day (from midnight to midnight, St. Louis
time), the Authorization System scans all Banknet authorization activity for
unusual activity by an individual merchant. The Authorization System
compares particular data elements against pre-established thresholds.
Please refer to the Account Management User Manual for layouts of all reports
related to listing accounts in the Account Management System (AMS), the
Account File, or the Merchant File.
A sample of the report follows each overview, with numbers next to fields that
may require description. The field descriptions for the report follow the report
sample.
Frequency Weekly
Report Sample
----------------------------------------------------------------------------------------------------------------------------
--
MEMBER APPROVALS BY AVERAGE TOTAL TOTAL YTD AVERAGE YTD TOTAL YTD TOTAL
TRANSACTION TYPE DOLLARS DOLLARS VOLUME DOLLARS DOLLARS VOLUME
LIMIT-1 MIP PROCESSED MEMBER MEMBER YTD SYSTEM SYSTEM YTD WEEKLY
ACTIVITY VOLUME VOLUME VOLUME VOLUME RANK
DECLINE 0 0 0 0 N/A
PERCENT OF TOTAL 0.0 0.0 0.0 0.0
CALL-ME 0 0 0 0 N/A
PERCENT OF TOTAL 0.0 0.0 0.0 0.0
-------------------------------------------------------------------------------------------------------------------------------------
X-CODE MIP PROCESSED MEMBER MEMBER YTD SYSTEM SYSTEM YTD WEEKLY
ACTIVITY VOLUME VOLUME VOLUME VOLUME RANK
CALL-ME 0 0 0 0 N/A
PERCENT OF TOTAL 0.0 0.0 0.0 0.0
PICK-UP 0 0 0 0 N/A
PERCENT OF TOTAL 0.0 0.0 0.0 0.0
DECLINE 0 0 3 16 N/A
PERCENT OF TOTAL 0.0 0.0 0.5 10.3
PICK-UP 0 0 0 0 N/A
PERCENT OF TOTAL 0.0 0.0 0.0 0.0
WEEKLY TOTALS
----------------------------------------------------------------------------------------------------------------------------
---------
ACCEPT 0 0 0 5 N/A
DECLINE 0 0 0 0 N/A
CALL-ME 0 0 0 0 N/A
PICK-UP 0 0 0 0 N/A
--------------------------------------------------------------------------------------------------------------------------------
REVERSAL APPROVALS BY AVERAGE TOTAL TOTAL YTD AVERAGE YTD TOTAL YTD TOTAL
--------------------------------------------------------------------------------------------------------------------------------
MIP REV PROCESSED REVERSAL REVERSAL YTD SYSTEM SYSTEM YTD WEEKLY
ACCEPT 0 0 0 0 N/A
DECLINE 0 0 0 2 N/A
CALL-ME 0 0 0 0 N/A
PICK-UP 0 0 0 0 N/A
-----------------------------------------------------------------------------------------------------------------
W E E K L Y T O T A L S
-----------------------------------------------------------------------------------------------------------------
WEEKLY REVERSAL TOTAL REVERSAL REVERSAL YTD SYSTEM SYSTEM YTD WEEKLY
ACCEPT 0 0 0 0 N/A
DECLINE 0 0 0 0 N/A
CALL-ME 0 0 0 0 N/A
PICK-UP 0 0 0 0 N/A
TOTAL PROCESSED 0 0 0 0
Field Descriptions
Field Description
Member Processed Activity Summary of all authorization activity received and
processed by the issuer, listed by the following response
categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
Member Volume Total transaction volume processed by the member that
generated the specific response and the percentage it
represents of total member transaction volume. The
sample report shows that the member approved
(ACCEPT) 564,630 authorization requests, which were
90.2% of the 625,920 requests processed by the member
that week.
Member YTD Volume Summary of the member’s authorization volume for the
(member year-to-date calendar year-to-date (by response category) and the
volume) percentage it represents of total member volume for the
year-to-date.
System Volume Volume of authorization transactions processed by the
entire membership that week and the percentage it
represents of total volume for the membership for the
week.
System YTD Volume Volume of authorization transactions processed by the
(system year-to-date entire membership for the calendar year-to-date and the
volume) percentage it represents of total volume for the
membership for the year-to-date.
Weekly Rank Ranking by bank identification number (BIN) of member
volume within the membership (compared to total system
volume). This field shows where each BIN stands in
relation to other BINs. In the sample, the Weekly Rank
column at the Accept Category line shows 00017/07153.
This indicates that this BIN ranks 17th out of a total of
7,153 BINs in issuing approvals; 16 BINs issued more
approvals and 7,136 BINs issued fewer approvals.
Field Description
Member Approvals by Summary of all “approved” responses returned, broken
Transaction Type down by the following transaction categories:
• Mail/Telephone
• Retail
• Cash Advance
• College/Hospital
• Hotel/Motel
• Vehicle Rental
• Transportation
• Restaurant
• Cirrus/ATM
• Unique
• Payment Transaction
Average Dollars Average dollar amount approved for the week, listed by
transaction type. The sample report shows that the
average amount for Mail Order/Telephone Order
(MO/TO) transactions approved for the week was USD
62.98. This amount is the result of dividing the TOTAL
DOLLARS by the TOTAL VOLUME.
Total Dollars Total dollar amount approved for the week, listed by
transaction type
Total Volume Total transaction volume processed by the member for
the week, listed by transaction type. In the sample, the
total volume for MO/TO transactions is 72,276. This
indicates that out of a total of 564,630 approved
transactions, 72,276 were for MO/TO.
YTD Average Dollars Average U.S. dollar amount approved, by transaction
(year-to-date average type, for the calendar year-to-date. This amount is the
dollars) result of dividing the YTD TOTAL DOLLARS by the YTD
TOTAL VOLUME.
YTD Total Dollars Total U.S. dollar amount approved by the member, listed
(year-to-date total by transaction type, for the calendar year-to-date.
dollars)
YTD Total Volume Total transaction volume approved by the member, listed
(year-to-date total by transaction type, for the calendar year-to-date.
volume)
Total Member Average U.S. dollar amount, total U.S. dollar amount, total
Approvals transaction volume, and year-to-date totals for all
transactions approved by the member.
Field Description
Stand-In Processed Activity Summary of all authorization activity received and
processed by Stand-In processing, listed by the following
response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume, System
YTD Volume, and Weekly Rank. All values are for
authorization activity processed by Stand-In processing on
behalf of the member.
Timed Out Number of times the Banknet authorization application
(Percent of Total) sent the original authorization request to the issuer for
processing but the acquiring MIP did not receive a
response in the allocated time. The second line indicates
the percentage of total authorization requests that timed
out in this manner.
Member Down Number of authorization requests sent to Stand-In
(Percent of Total) processing because the Banknet authorization application
recognized that the issuer’s host was down. Transactions
that left the acquiring node but did not reach the issuing
MIP, or did reach the issuing MIP but could not
communicate with the issuer’s host, are included in this
count. The second line indicates the percentage of total
authorization requests sent that the application handled in
this manner.
Signed Out Number of transactions sent to Stand-In processing
(Percent of Total) because the issuer was signed out. The second line
indicates the percentage of total authorization requests
sent that went to Stand-In processing for this reason.
Non-accepted Authorizations by Summary of all authorization activity processed by Stand-
Fail Reason In that Stand-In did not approve because it failed the
indicated tests performed during Stand-In processing.
Fail Reason List of the Stand-In tests that authorization requests must
pass to be approved.
Note: The Fail Reason INVALID CHIP/CVC includes both
transactions that failed for invalid CHIP/CVC in Stand-In
and transactions that failed for magnetic stripe/CVC error
(codes A–J) at the MIP.
Member Volume Total volume of transactions declined authorization
because of failure to pass the Stand-In test listed.
Field Description
Dollar Volume Total U.S. dollar amount declined authorization because
of failure to pass the Stand-In test listed.
Accepted Dollars Total U.S. dollar amount that Stand-In authorized on
behalf of the issuer for the week reported.
Non-Accepted Dollars Total U.S. dollar amount that Stand-In did not authorize
when processing on behalf of the issuer for the week
reported.
Limit-1 MIP Processed Activity Summary of all authorization activity processed on the
member’s behalf using Limit-1, broken down by the
following response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
The second part of this page breaks down Limit-1 activity
by the four Limit-1 categories:
• Mail/Telephone
• Cash Advance (cash disbursement)
• Retail
• Travel/Entertainment
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume, System
YTD Volume, and Weekly Rank. All values are for
authorization activity processed using Limit-1 parameters.
Field Description
X-Code MIP Processed Activity Summary of all authorization activity processed as X-Code
transactions at the acquirer MIP. These transactions are
transactions that were more than Limit-1 and should have
gone to the issuer or to Stand-In for processing, but the
authorization application could not obtain a response
from either one.
Transactions are listed by the following response
categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume, System
YTD Volume, and Weekly Rank. All values are for
authorization activity processed at the acquirer MIP using
X-Code parameters.
MIP Processed Activity Summary of all authorization activity involving certain
cardholder-activated terminals processed at the MIP that
would not be processed by an issuer or Stand-In.
Transactions are listed by the following response
categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume, System
YTD Volume, and Weekly Rank. All values are for
authorization activity processed at the MIP using X-Code
parameters.
Field Description
BAT Processed Activity Summary of all authorization activity processed at the
RSC.
Transactions are listed by the following response
categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume, System
YTD Volume, and Weekly Rank. All values are for
authorization activity processed at the Regional Service
Center (RSC) using BAT parameters.
Weekly Total Activity Summary of total transaction volume processed by the
member, Stand-In, Limit-1, X-Code, MIP, and BAT on
behalf of the member for the week reported.
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume, System
YTD Volume, and Weekly Rank.
Reversal Processed Activity Summary of Acquirer Reversal Request/0400 message
activity received and processed by the issuer, listed by the
following response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
Reversal Volume Total reversal volume processed by the member that
generated the specific response and the percentage it
represents of total member transaction volume.
Reversal YTD Volume Summary of the member’s reversal volume for the
(reversal year-to-date calendar year-to-date (by response category) and the
volume) percentage it represents of total member volume for the
year-to-date.
System Volume Volume of reversal transactions processed by the entire
membership that week and the percentage it represents
of total volume for the membership for the week.
System YTD Volume Volume of reversal transactions processed by the entire
(system year-to-date membership for the calendar year-to-date and the
volume) percentage it represents of total volume for the
membership for the year-to-date.
Field Description
Weekly Rank Ranking by bank identification number (BIN) of member
volume within the membership (compared to total system
volume). This field shows where each BIN stands in
relation to other BINs.
Total Reversal Average U.S. dollar amount, total U.S. dollar amount, total
Processed transaction volume, and year-to-date totals for all
transactions approved by the member.
Reversal Approvals by Summary of all “approved” responses returned, broken
Transaction Type down by the following transaction categories:
• Mail/Telephone
• Retail
• Cash Advance
• College/Hospital
• Hotel/Motel
• Vehicle Rental
• Transportation
• Restaurant
• Cirrus/ATM
• Unique
• Payment Transaction
Average Dollars Average dollar amount approved for the week, listed by
transaction type.
Total Dollars Total dollar amount approved for the week, listed by
transaction type
Total Volume Total transaction volume processed by the member for
the week, listed by transaction type.
YTD Average Dollars Average U.S. dollar amount approved, by transaction
(year-to-date average type, for the calendar year-to-date. This amount is the
dollars) result of dividing the YTD TOTAL DOLLARS by the YTD
TOTAL VOLUME.
YTD Total Dollars Total U.S. dollar amount approved by the member, listed
(year-to-date total by transaction type, for the calendar year-to-date.
dollars)
YTD Total Volume Total transaction volume approved by the member, listed
(year-to-date total by transaction type, for the calendar year-to-date.
volume)
Total Reversals Average U.S. dollar amount, total U.S. dollar amount, total
Approvals transaction volume, and year-to-date totals for all
transactions approved by the member.
Field Description
Stand-In Reversal Processed Summary of all reversal activity received and processed
Activity by Stand-In, listed by the following response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Reversal
Volume, Reversal YTD Volume, System Volume, System
YTD Volume, and Weekly Rank. All values are for
authorization activity processed by Stand-In processing on
behalf of the member.
Total Stand-In Reversal Total reversal transaction volume, and year-to-date totals
Processed for all reversals approved by the member.
Weekly Total Activity Summary of total reversal transaction volume processed
by the member, Stand-In, Limit-1, X-Code, MIP, and BAT
on behalf of the member for the week reported.
See field descriptions for an explanation of Reversal
Volume, Reversal YTD Volume, System Volume, System
YTD Volume, and Weekly Rank.
Frequency Weekly
Report Sample
Apr
SI737010-AA MASTERCARD INTERNATIONAL RUN DATE 11/28/05 2006
ICA: 123456 AUTHORIZATION PARAMETER SUMMARY REPORT PAGE: 1
ACQUIRER PARAMETERS N/A
ISSUER PARAMETERS
ACCOUNT RANGE: FROM: 59999999990
THRU: 59999999999
GLOBAL PARAMETERS
----------------------------------------------------------------------------------------------------------------------------
PRODUCT CODE AMCC PARTICIPANT CVC2 PARTICIPANT AVS LEVEL PARTICIPANT RPCS PARTICIPANT
MPL N Y 3 Y
840
----------------------------------------------------------------------------------------------------------------------------
EXPIRATION DATE PARTICIPANT POS BALANCE INQUIRY PARTICIPANT ACQUIRER REVERSAL MESSAGE PARTICIPATION
-----------------------------------------------------------------------------------------------------------------------------
HOLIDAYS FOR CALL REFERRAL CENTER:
DATE OPEN CLSE OPEN CLSE DATE OPEN CLSE OPEN CLSE
01. N/A N/A N/A N/A N/A 14. N/A N/A N/A N/A N/A
02. N/A N/A N/A N/A N/A 15. N/A N/A N/A N/A N/A
03. N/A N/A N/A N/A N/A 16. N/A N/A N/A N/A N/A
04. N/A N/A N/A N/A N/A 17. N/A N/A N/A N/A N/A
05. N/A N/A N/A N/A N/A 18. N/A N/A N/A N/A N/A
06. N/A N/A N/A N/A N/A 19. N/A N/A N/A N/A N/A
07. N/A N/A N/A N/A N/A 20. N/A N/A N/A N/A N/A
08. N/A N/A N/A N/A N/A 21. N/A N/A N/A N/A N/A
09. N/A N/A N/A N/A N/A 22. N/A N/A N/A N/A N/A
10. N/A N/A N/A N/A N/A 23. N/A N/A N/A N/A N/A
11. N/A N/A N/A N/A N/A 24. N/A N/A N/A N/A N/A
12. N/A N/A N/A N/A N/A 25. N/A N/A N/A N/A N/A
13. N/A N/A N/A N/A N/A 26. N/A N/A N/A N/A N/A
-----------------------------------------------------------------------------------------------------------------------------
CARD LEVEL SUPPORT PARTICIPANT MULTI-CURRENCY LIMITS PARTICIPANT
N N
-----------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------
TRANSACTION PROCESSING PARAMETERS:
MCC LIMITS:
MCC CARD PRESENT CARD NOT PRESENT CURRENCY CODE
7995 350 0 840
-----------------------------------------------------------------------------------------------------------------------------
VIP CONTROLS:
DAYS COUNT
4 999
-----------------------------------------------------------------------------------------------------------------------------
GROUP & SERIES:
FROM: 5412-3456-7890-0000 THRU: 5412-3999-9999-9999
REGIONS: A: X B: X C: X D: X E: X 1: X
-----------------------------------------------------------------------------------------------------------------------------
STAND-IN BLOCKED RANGE:
-----------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------
CVC1 PROCESSING PARAMETERS:
FROM: 59000000000 THRU: 59999999999
NO QUALIFYING EXPIRATION DATE RANGES FOUND - CVC VERIFICATION ON ENTIRE CVC RANGE.
-----------------------------------------------------------------------------------------------------------------------------
LIMIT 1 PROCESSING
MAIL/TELEPHONE: 150
TRAVEL: 25
CASH-DISBURSEMENT: 50
RETAIL: 100
NTH TRANSACTION: 3
------------------------------------------------------------------------ ----------------------------------------------------
ON-BEHALF SERVICES
DESCRIPTION
M/CHIP CRYPTOGRAM VALIDATION IN STAND-IN
Field Descriptions
The Authorization Parameter Summary Report (SI737010-AA) includes:
• Header Information
• Global Parameters
• Stand-In Parameters
Note MasterCard provides an updated version of this report for members when their
parameters change.
Header Information
The Authorization Parameter Summary Report (SI737010-AA) header
information includes the following data:
Global Parameters
The Authorization Parameter Summary Report (SI737010-AA) global parameters
include the following data:
Field Description
Product Code Three-position field that identifies Financial Network
Codes.
AMCC Participant A one-character flag that indicates whether an account
range processes authorizations in its own currency.
• Y—Report includes the currency code of the
participant.
• N—Report does not include the currency code of the
participant.
Currency Code Three-digit number that identifies the participant’s
currency code.
CVC 2 Participant A one-character flag that indicates whether a member
participates in CVC 2. CVC 2 is a three-digit numeric
character code that is indent-printed into the signature
panel in the back of a card.
• Y—Member participates in CVC 2.
• N—Member does not participate in CVC 2.
AVS Level Participant A one-position field that indicates a member’s AVS service
level.
• 0—AVS not supported.
• 1—Issuer provides AVS, receives full address data.
• 2—Issuer provides AVS, receives condensed address
data. (This level supports the algorithm that uses the
first five numeric digits in an address [when scanning
the address from left to right].)
• 3—Issuer provides AVS, receives condensed address
data. (This level supports the algorithm that uses the
first five numeric digits in an address. This algorithm
stops searching for numbers after it encounters an
alphabetic character or space [when scanning the
address from left to right.])
Apr
RPCS Participant A one-character flag that indicates whether a member 2006
participates in the Recurring Payment Cancellation Service
(RPCS).
• Y—Member participates in RPCS.
• N—Member does not participate in RPCS.
Field Description
Expiration Date Participant A one-character flag that indicates whether a member
participates in the Expired Card Override service.
• Y—Member participates in the Expired Card Override
service.
• N—Member does not participate in the Expired Card
Override service.
POS Balance Inquiry One-position field that indicates whether the account
Participant range participates in POS balance inquiries.
• Y—Account range participates in POS balance
inquiries.
• N—Account range does not participate in POS
balance inquiries.
Acquirer Reversal Message A field that indicates whether the issuer participates in the
Participation acquirer reversal request message functionality:
• Y—Issuer receives the 0400 message
• N—Issuer does not receive the 0400 message
In-flight Commerce Blocked Two 19-digit account range numbers that indicate the
Range “from” and the “to” account ranges to block for in flight
commerce service.
In-flight commerce (IFC) is a service that identifies
transactions conducted via interactive video terminals by
passengers on a long-distance airplane flight.
Payment Transaction Two 19-digit numeric account range numbers that
Blocked Range indicate the “from” and the “to” account ranges to block
for this transaction type. A Payment Transaction is a
transaction in which a Payment Service Provider facilitates
the transfer of funds to an issuer for posting to a
cardholder’s MasterCard account.
GARS Participant Flag that indicates whether the member is a Global
Automated Referral System (GARS) participant.
• Y—Member participates in the GARS service.
• N—Member does not participate in the GARS service.
Authorization Referral Indicates the phone number GARS uses to contact the
issuer on domestic-call referral responses.
International GARS Indicates the phone number GARS uses to contact the
issuer on international call referral responses.
Security Number Indicates the phone number for reporting security issues.
Lost/Stolen Indicates the phone number for reporting lost or stolen
MasterCard® cards.
Field Description
Customer Service Indicates the phone number for cardholder inquiries.
Stand-In Parameters
The Authorization Parameter Summary Report (SI737010-AA) Stand-In
parameters include the following data:
Field Description
Hours of Operation Indicates the hours of operations for the issuer’s
authorization system.
UTC Offset Time difference between the member’s local time and
Coordinated Universal Time (UTC—formerly GMT
[Greenwich mean time]).
UTC Offset represents whether the local time is ahead (+)
or behind (-) UTC by the number of hours indicated in
the UTC Offset field.
D.S.T. Daylight Saving Time (D.S.T.) represents the daylight-
saving time start and end dates and times for the member.
Local Time Indicates the open and close local time for the member.
Holidays for Call Referral Definition of 26 holidays for the issuer’s Call Referral
Center Center, with up to two openings and closings per
holiday.
Decision Matrix A matrix that contains values that represent a member’s
choice of Stand-In processing responses to transactions if
a transaction goes to Stand-In processing in a given state.
• C—Call referral
• N—Decline
• A—Continue with Stand-In processing
• P—Capture card
Open Signed In, Indicates times when the issuer’s authorization center is
Closed Signed In open versus when it is closed.
Open Signed Out, Indicates times when the issuer’s authorization center is
Closed Signed Out signed in versus when it is signed out (for online issuers).
Card Level Support A one-character flag that indicates if the member is a Card
Participant Level Support participant.
• Y—Member participates in Card Level Support.
• N—Member does not participate in Card Level
Support.
Field Description
Multi-Currency Limits A one-character flag that indicates if the member
Participant participates in multi-currency limits in Stand-In
processing.
• Y—Member participates in multi-currency limits.
• N—Member does not participate in multi-currency
limits.
Transaction Processing This section of the report depends on the number of rules
Parameters that apply to a member. The report reflects all rules that
apply to that particular member.
Target Country Indicates the acquirer country for which the limits are
applied.
MasterCard has established minimum and maximum
values for certain parameters. MasterCard will set the
minimum limits as default values to establish member’s
limits.
• Foreign Default—Established limits outside of the
country of issuance.
• Global—Established limits for all members by
product code, MCC, and/or CAT level.
Promo Code Indicates the promotion code for which the limits are
(Promotion Code) applied. Lists the six-character alphanumeric codes that
an issuer establishes to identify transactions that meet
requirements for an issuer’s promotional program for a
card range.
CAT Level Lists a one-character numeric code that identifies
transactions that occur at a CAT. A CAT is a cardholder-
activated terminal that is usually unattended and accepts
bankcards, debit, charge, and proprietary cards for a card
range. CATs are defined by levels.
• 0—Not a CAT transaction
• 1—Automated dispensing machines with PIN
• 2—Self-service terminals
• 3—Limited-amount terminals
• 4—In-flight commerce terminals
• 6—Electronic commerce
• 7—Transponder
Product ID Lists the three-character code that identifies the type of
card program for an account, such as Gold MasterCard®
card.
Field Description
MCC/TCC Lists the card acceptor business code/merchant category
code (MCC) and the transaction category code (TCC) for
which limits are applied.
Currency Code Three-digit number that identifies the member’s chosen
currency code for amount limits.
Card Present Amount Transaction amount limit when a card is present.
Card Not Present Transaction amount limit when a card is not present.
Amount
Field Description
Stand-In Blocked Range Identifies a range of card numbers within a BIN that have
not been issued to cardholders or card ranges previously
blocked and should be unblocked. Range blocking only
applies for transactions processed by Stand-In. Card
numbers within blocked ranges do not automatically
appear in the Account Management System (AMS)
Electronic Warning Bulletin file.
CVC 1 Processing Indicates if the IIN listed participates in Card Validation
Parameters Code 1 (CVC 1) verification in Stand-In processing. A
two-part card security feature, CVC 1 is a three-digit value
encoded on tracks 1 and 2 in three contiguous positions
in the “discretionary data” field of a magnetic stripe on a
MasterCard card.
From: Thru: Qualifying account BIN range that the member wants to
target for CVC 1 verification in Stand-In processing.
Members specify qualifying BIN ranges when they sign
up for CVC 1 verification in Stand-In processing. Each
qualifying BIN range has an associated expiration date.
If the report shows qualifying BIN ranges, then
MasterCard performs CVC 1 verification in Stand-In
processing only on the qualifying BIN ranges.
Within the qualifying BIN ranges, MasterCard performs
CVC 1 verification only when the expiration date on the
account is equal to or greater than the expiration date
listed for the qualifying BIN range.
If the report does not show qualifying BIN ranges, then
the report prints the following message:
NO QUALIFYING EXPIRATION DATE RANGES FOUND—
CVC VERIFICATION ON ENTIRE CVC RANGE
In this case, MasterCard performs CVC 1 verification in
Stand-In processing on the entire BIN range shown in
report sample.
If there are no account ranges defined for CVC 1
verification, then the report prints the following message:
THERE ARE NO RANGES DEFINED FOR CVC 1
VERIFICATION.
Field Description
Limit 1 Processing Processing that limits the number of transactions that the
Authorization System forwards to the issuer. Limit-1
processing is part of Stand-In processing, and it uses
issuer-defined parameters to return an authorization
response. Limit-1 processing responds to authorization
requests without forwarding them to the issuer when the
transaction amount is equal to or less than the issuer-
defined amount limits, and the transaction does not fail
any of the Stand-In tests.
Mail/Telephone Current Limit-1 value established by the issuer for
mail/telephone transactions.
Travel Current Limit-1 value established by the issuer for
transactions.
Cash-Disbursement Current Limit-1 value established by the issuer for cash
disbursement transactions.
Retail Current Limit-1 value established by the issuer for retail
transactions.
Nth Transaction Indicates how many transactions Limit-1 can process
before sending the next transaction to the issuer for
processing. The sample report indicates that this issuer
allows the MIP to process 9,998 transactions on their
behalf under Limit-1 processing. The Authorization
System will transmit each 9,999th transaction acquired at
a particular acquiring MIP to the issuer for processing.
On-behalf Services Lists the on-behalf service description for the on-behalf
services that are enabled for an account range. There is a
maximum of 10 on-behalf services.
Frequency Weekly
Report Sample
------------------------------------------------------------------------------------------------------------------------------------
APPROVALS BY AVERAGE TOTAL TOTAL YTD AVERAGE YTD TOTAL YTD TOTAL
TRANSACTION TYPE DOLLARS DOLLARS VOLUME DOLLARS DOLLARS VOLUME
Field Descriptions
Field Description
CAT Processed Activity Summary of all authorization activity received and processed
by the issuer for the CAT level on the report, listed by the
following response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
Member Volume Total CAT transaction volume processed by the member that
generated the specific response and the percentage it
represents of total member CAT transaction volume. The
sample report shows that the member approved (ACCEPT) 68
CAT 2 authorization requests, which were 98.5% of the 69 CAT
2 requests processed by the member that week.
Member YTD Volume Summary of the member’s CAT authorization volume for the
(member year-to-date calendar year-to-date (by response category) and the
volume) percentage it represents of total member CAT volume for the
year-to-date.
System Volume Volume of CAT authorization transactions processed by the
entire membership that week and the percentage it represents
of total CAT volume for the membership for the week.
System YTD Volume Volume of CAT authorization transactions processed by the
(system year-to-date entire membership for the calendar year-to-date and the
volume) percentage it represents of total CAT volume for the
membership for the year-to-date.
Total Member Total member CAT volume, year-to-date volume, system
Processed volume, and system year-to-date volume for all authorization
responses.
Field Description
Approvals by Summary of all “approved” responses returned for CAT
Transaction Type transactions, divided by the following transaction categories:
• Mail/Telephone
• Retail
• Cash Advance
• College/Hospital
• Hotel/Motel
• Vehicle Rental
• Transportation
• Restaurant
• Cirrus/ATM
• Unique
• Payment Transaction
Average Dollars Average dollar amount approved for CAT transactions for the
week, listed by transaction type. The sample report shows
that the average amount for Restaurant CAT 2 transactions
approved for the week was USD 61.33. This amount is the
result of dividing the TOTAL DOLLARS by the TOTAL
VOLUME.
Total Dollars Total dollar amount approved for CAT transactions for the
week, listed by transaction type.
Total Volume Total CAT transaction volume processed by the member for
the week, listed by transaction type. In the sample, the total
volume for Restaurant transactions is 3. This indicates that out
of a total of 86 approved CAT 2 transactions, 3 were for
Restaurant.
YTD Average Dollars Average U.S. dollar amount approved, by transaction type, for
(year-to-date average CAT transactions for the calendar year-to-date. This amount is
dollars) the result of dividing the YTD TOTAL DOLLARS by the YTD
TOTAL VOLUME.
YTD Total Dollars Total U.S. dollar amount of CAT transactions approved by the
(year-to-date total member for the calendar year-to-date.
dollars)
YTD Total Volume Total CAT transaction volume approved by the member for the
(year-to-date total calendar year-to-date.
volume)
Field Description
Total Member Average U.S. dollar amount, total U.S. dollar amount, total
Approvals transaction volume, and year-to-date totals for all CAT
transactions approved by the member.
Total For All Prefixes Activity totals for all the member’s BINs (all of the previous
pages of the report). Totals are listed by authorization
response (accept, decline, call-me, and pick-up) and by
transaction category (mail/telephone, retail, and so on).
Frequency Weekly
Report Sample
ACQUIRER CARD NUMBER TRAN DATE/TIME DURATION OUT DIAL NO. CALL COMPLETION
STAND-IN CODE 10=N MCC=5999 TCC=01 EXP DTE=05/00 AMT= $100.00 RESPONSE = APPROVAL
STAND-IN CODE 10=N MCC=6010 TCC=04 EXP DTE=10/01 AMT= $300.00 RESPONSE = DECLINE
ACQUIRER CARD NUMBER TRAN DATE/TIME DURATION OUT DIAL NO. CALL COMPLETION
TOTAL CALLS 5
TOTAL EXCEPTIONS 1
TOTAL ISSUER 2
TOTAL STAND-IN 2
Field Descriptions
Field Description
Issuer The ICA number of the issuer that receives this report
Member Name Financial institution name of the issuer that receives this report
Acquirer The ICA number of the acquirer associated with the particular
GARS call
Card Number The card number that the acquirer’s agent entered for the
particular GARS call
Tran Date/Time The date and time when GARS received the call from the
acquirer
Duration The duration of the call in minutes and seconds
Out Dial No. The issuer or ITAC phone number to which GARS connected
the acquirer
Call Completion Result of the GARS call. Each transaction will list one of the
messages in the following table.
Message Text Used When… Action Taken
Abandon Call The call duration GARS ended the
was less than one call.
minute.
Invalid Check The card number GARS transferred
Digit entered contains an the call to a GARS
invalid check digit. agent for assistance.
Invalid Issuer The issuer phone GARS transferred
Phone Number number is invalid. the call to a GARS
agent for assistance.
Issuer GARS connected the Call successfully
call to the issuer’s completed.
agent.
Issuer Domestic GARS connected the Call successfully
call to the issuer’s completed.
agent using the
issuer’s domestic
phone line.
Field Description
Message Text Used When… Action Taken
Issuer GARS connected the Call successfully
International call to the issuer’s completed.
agent using the
issuer’s international
phone line.
Issuer Line Busy The issuer’s phone Stand-In processing
line was busy. generated the
authorization
response.
Issuer Ring, No The issuer’s agent Stand-In processing
Answer did not answer the generated the
call. authorization
response.
ITAC Agent GARS connected the Call successfully
call to an ITAC completed.
agent, who sent a
telex to the issuer.
ITAC Agent The issuer did not Stand-In processing
Transfer answer the ITAC generated the
agent’s telex authorization
message. response.
Merchant The acquiring agent GARS transferred
Suspicious indicated a merchant the call to a GARS
suspicious condition agent for assistance.
when entering
Stand-In information
for GARS.
Problem On GARS could not Stand-In processing
Circuit place the call. The generated the
phone number may authorization
be invalid. response.
SI Invalid Card Stand-In processing GARS ended the
Number returned a response call.
of “Invalid Card
Number.”
Field Description
Message Text Used When… Action Taken
Telephone Circuit After three attempts, Stand-In processing
Busy GARS was unable to generated the
place the call authorization
because the circuit response.
was busy.
Stand In Indicates that Stand-In processing occurred for the GARS
transaction. The fields on the Stand-In line provide the
information that the acquirer’s agent entered for Stand-In
processing.
Code 10 = N Confirmation that the acquiring agent did not indicate a
merchant suspicious condition.
MCC = The four-digit merchant category code that the acquiring agent
entered to GARS.
TCC = The transaction category code that the acquiring agent entered
to GARS. Refer to the field codes and the corresponding TCCs
in the table below.
Field Codes that
Appear on the
Report TCC Meaning
01 R Retail
02 T Mail Order/Telephone
Order
03 C Cash
04 X Airline and other
Transportation
11 A Automobile/Vehicle Rental
12 F Restaurant
13 H Hotel/Motel
14 O Hospitalization/College
15 U Unique
16 P Payment Transaction
EXP DTE = The expiration date of the card that the acquiring agent
entered to GARS.
AMT = The transaction amount that the acquiring agent entered to
GARS.
Field Description
Response The authorization response that Stand-In generated to
complete the GARS call.
Total Calls The total number of calls that GARS processed, including
exception calls (see “Total Exceptions” below), calls that GARS
processed via Stand-In, and calls that either the issuer or ITAC
processed.
Total Exceptions The total number of calls that GARS processed for any of the
following reasons:
• Abandon Call
• Invalid Check Digit
• Invalid Issuer Phone Number
• Merchant Suspicious
• SI Invalid Card Number
Total Issuer The total number of calls that GARS connected to the issuer or
to an ITAC agent.
Total Stand-In The total number of calls that GARS processed via Stand-In.
Total Stand-In The total number of calls that GARS processed via Stand-In
Approvals and that Stand-In approved.
Total Stand-In Non- The total number of calls that GARS processed via Stand-In
Approval that Stand-In did not approve.
Stand-In Approval The percentage of calls that resulted in an approval from
Percentage Stand-In in relation to the total number of GARS calls that
Stand-In processed.
Total Telex To Telex The total number of calls that the acquirer entered via telex to
ITAC and that ITAC connected to the issuer via telex.
Total Telex To Phone The total number of calls that the acquirer entered via telex to
ITAC and that ITAC connected to the issuer via phone.
Total Phone To Telex The total number of GARS calls that the acquirer entered via
phone, that GARS subsequently connected to ITAC, and that
ITAC connected to the issuer via telex.
Total Phone To Phone The total number of GARS calls that the acquirer entered via
phone and that GARS connected to the issuer via phone.
Average Call Duration The average duration of the call in minutes and seconds for all
calls that Stand-In, the issuer, or ITAC processed. (This
average excludes the Exceptions category of GARS calls.)
Frequency Weekly
Report Sample
GR122010-BB MASTERCARD INTERNATIONAL RUN DATE: 12/06/99
ICA 540000 GARS WEEKLY ACQUIRER TRANSACTION DETAIL REPORT PAGE: NNNNNN
ISSUER CARD NUMBER TRAN DATE/TIME DURATION OUT DIAL NO. CALL COMPLETION
STAND-IN CODE 10=N MCC=5999 TCC=01 EXP DTE=05/00 AMT= $100.00 RESPONSE = APPROVAL
STAND-IN CODE 10=N MCC=6010 TCC=03 EXP DTE=10/01 AMT= $300.00 RESPONSE = DECLINE
ISSUER CARD NUMBER TRAN DATE/TIME DURATION OUT DIAL NO. CALL COMPLETION
TOTAL CALLS 5
TOTAL EXCEPTIONS 1
TOTAL ISSUER 2
TOTAL STAND-IN 2
Field Descriptions
Field Description
Acquirer The ICA of the acquirer that receives this report.
Member Name Financial institution name of the acquirer that receives this
report.
Issuer The ICA of the issuer associated with the particular GARS call.
Card Number The card number that the acquirer’s agent entered for the
particular GARS call.
Tran Date/Time The date and time when GARS received the call from the
acquirer.
Duration The duration of the call in minutes and seconds.
Out Dial No. The issuer or ITAC phone number to which GARS connected
the acquirer.
Call Completion Result of the GARS call. Each transaction will list one of the
messages in the following table.
Message Text Used When... Action Taken
Field Description
Message Text Used When... Action Taken
Field Description
Message Text Used When... Action Taken
Field Description
Total Calls The total number of calls that GARS processed, including
exception calls (see “Total Exceptions” below), calls that GARS
processed via Stand-In, and calls that either the issuer or ITAC
processed.
Total Exceptions The total number of calls that GARS processed for any of the
following reasons:
• Abandon Call
• Invalid Card Number
• Invalid Check Digit
• Invalid ICA
• Invalid Issuer
• Invalid Issuer Phone Number
• Merchant Suspicious
• SI Invalid Card Number
Total Issuers The total number of calls that GARS connected to the issuer or
to an ITAC agent.
Total Stand-In The total number of calls that GARS processed via Stand-In.
Total Stand-In The total number of calls that GARS processed via Stand-In
Approval and that Stand-In approved.
Total Stand-In Non- The total number of calls that GARS processed via Stand-In
Approval that Stand-In did not approve.
Stand-In Approval The percentage of calls that resulted in an approval from
Percentage Stand-In in relation to the total number of GARS calls that
Stand-In processed.
Total Telex to Telex The total number of calls that the acquirer entered via telex to
ITAC and that ITAC connected to the issuer via telex.
Total Telex to Phone The total number of calls that the acquirer entered via telex to
ITAC and that ITAC connected to the issuer via phone.
Total Phone to Telex The total number of GARS calls that the acquirer entered via
phone, that GARS subsequently connected to ITAC, and that
ITAC connected to the issuer via telex.
Total Phone to Phone The total number of GARS calls that the acquirer entered via
phone and that GARS connected to the issuer via phone.
Average Call Duration The average duration of the call in minutes and seconds for all
calls that Stand-In, the issuer, or ITAC processed. (This
average includes the Exceptions category of GARS calls.)
Frequency Monthly
Report Sample
PROCESSOR 654321
PROCESSOR TOTALS-------------------------------------
TOTAL RESPONSES 50
PROCESSOR 666666
PROCESSOR TOTALS-------------------------------------
TOTAL RESPONSES 7
ACQUIRER TOTALS--------------------------------------
TOTAL RESPONSES 57
Field Descriptions
Field Description
Acquirer The ICA number of the acquirer that receives this report.
Member Financial institution name of the acquirer that receives this
report.
Processor The ICA number of the processor associated with the particular
GARS call.
Tran Type The TCC for the transaction type.
(transaction type) Valid codes are:
A = Automobile/Vehicle Rental
C = Cash Disbursement
F = Restaurant
H = Hotel/Motel and Cruise Ship Service
O = Hospitalization and Cruise Ship Service
P = Payment Transaction
R = Retail
U = Unique Transportation
X = Transportation
MCC The numerical representation of the type of business in which
(card acceptor the merchant is engaged. Refer to the Quick Reference Booklet
business for a list of codes.
code/merchant
category code)
Merchant The merchant identification code.
Terminal Identification number of the merchant terminal.
Total Referrals Total number of referrals processed during the billing month.
Total Responses Total number of responses completed during the billing
month.
Response Percentage Percentage of responses to referrals processed during the
billing month.
Processor Totals Total number of referrals, responses, and the response
percentage for the particular processor.
Field Description
Total Call Referrals Referrals processed during the billing month for all merchants
Received for this processor.
Total Responses GARS calls placed during the billing month for all merchants
for this processor.
Call Referral Response Percent of GARS calls placed to referrals processed during the
Rate billing month for all merchants for this processor.
MasterCard Response Referral response rate standard set by MasterCard.
Rate Target
Frequency Monthly
Report Sample
PROCESSOR 654321
PROCESSOR TOTALS-------------------------------------
TOTAL RESPONSES 50
PROCESSOR 666666
PROCESSOR TOTALS-------------------------------------
TOTAL RESPONSES 7
ACQUIRER TOTALS--------------------------------------
TOTAL RESPONSES 57
Field Descriptions
Field Description
Acquirer The ICA number of the acquirer that receives this
report.
Member Financial institution name of the acquirer that receives
this report.
Processor The ICA number of the processor associated with the
particular GARS call.
Tran Type The code for the transaction type. Valid codes are:
(transaction type)
A = Automobile/Vehicle Rental
C = Cash Disbursement
F = Restaurant
H = Hotel/Motel and Cruise Ship Service
O = Hospitalization and College/School Expense
P = Payment Transaction
R = Retail
U = Unique Transaction
X = Transportation
MCC The numerical representation of the type of business in
(card acceptor business which the merchant is engaged. Refer to the Quick
code/merchant category Reference Booklet for a list of codes.
code)
Merchant The merchant identification code.
Terminal Identification number of the merchant terminal.
Total Referrals Total number of referrals processed during the billing
month.
Total Responses Total number of responses completed during the billing
month.
Response Percentage Percentage of responses to referrals processed during
the billing month.
Processor Totals Total number of referrals and responses below the
target rate, and the percentage of all below-target
responses to referrals for the particular processor.
Total Call Referrals Received Total referrals below the target rate that this processor
processed during the billing month for all merchants.
Field Description
Total Responses Total GARS calls placed during the billing month that
were below the target rate. Includes activity for all
merchants for this processor.
Call Referral Response Rate Percent of GARS calls placed to referrals processed
during the billing month for all merchants for this
processor. The percent is always less than the target
rate when it appears on this report.
MasterCard Response Rate Referral response rate standard set by MasterCard.
Target
Frequency Monthly
Report Sample
Field Descriptions
Field Description
Issuer The ICA number of the issuer that receives this report.
Member Financial institution name of the issuer that receives this report.
Total Calls The total number of calls that GARS processed, including
exception calls (see “Total Exceptions” below), calls that GARS
processed via Stand-In processing, and calls that either the
issuer or ITAC processed.
Total Exceptions The total number of calls that GARS processed for any of the
following reasons:
• Abandon Call
• Invalid Card Number
• Invalid Check Digit
• Invalid ICA
• Invalid Issuer
• Invalid Issuer Phone Number
• Merchant Suspicious
• SI Invalid Card Number
Total Issuer The total number of calls that GARS connected to the issuer or
to an ITAC agent.
Total Stand-In The total number of calls that GARS processed via Stand-In
processing.
Stand-In Percentage The percentage of calls that GARS processed via Stand-In
processing (excluding “Total Exceptions”).
Total Stand-In The total number of calls that GARS processed via Stand-In
Approvals processing and that Stand-In approved.
Total Stand-In Non- The total number of calls that GARS processed via Stand-In
Approval that Stand-In processing did not approve.
Stand-In Approval The percentage of calls that resulted in an approval from
Percentage Stand-In in relation to the total number of GARS calls that
Stand-In processed.
Total Telex to Telex The total number of calls that the acquirer entered via telex to
ITAC and that ITAC processed.
Total Telex to Phone The total number of calls that the acquirer entered via telex to
ITAC and that ITAC connected to the issuer via phone.
Total Phone to Telex The total number of GARS calls that the acquirer entered via
phone, that GARS subsequently connected to ITAC, and that
ITAC processed.
Field Description
Total Phone to Phone The total number of GARS calls that the acquirer entered via
phone and that GARS connected to the issuer via phone.
Average Call Duration The average duration of the call in minutes and seconds for all
calls that Stand-In, the issuer, or ITAC processed. (This
average includes the Exceptions category of GARS calls.)
Total Call Referrals The total number of call referral responses that the issuer
Issued issued and that the acquirer entered to GARS.
Response Percentage The percentage of calls that GARS processed (excluding “Total
Exceptions”) compared to the total call referrals issued.
Total Transactions The total number of transactions that GARS/Internet processed,
including exception transactions (see “Total Exceptions”
below), transactions that GARS/Internet processed via Stand-In
processing, and transactions that either the issuer or ITAC
processed.
Total Exceptions The total number of incomplete transactions that
GARS/Internet processed.
Total Issuer The total number of transactions that GARS/Internet connected
to the issuer or to an ITAC agent.
Total Stand-In The total number of transactions that GARS/Internet processed
via Stand-In.
Stand-In Percentages The percentage of transactions that GARS/Internet processed
via Stand-In (“Total Transactions” minus “Total Exceptions”).
Total Stand-In The total number of transactions that GARS/Internet processed
Approvals via Stand-In and that Stand-In approved.
Total Stand-In Non- The total number of transactions that GARS/Internet processed
Approvals via Stand-In that Stand-In did not approve.
Stand-In Approval The percentage of calls that resulted in an approval from
Percentage Stand-In in relation to the total number of GARS/Internet
transactions that Stand-In processed.
Frequency Daily
Report Sample
Field Descriptions
Issuer Information
Field Description
Tran Type If the transaction is a reversal of a prior authorization request,
(transaction type) this field will contain “REV.” Otherwise, this field is blank.
ICA ICA number of the member that issued the card for which
authorization was requested.
Cardholder No. Cardholder number contained in the original authorization
request received by Stand-In processing. See Data Element 2 in
the Customer Interface Specification manual.
Process Date Date the report was generated in MM/DD/YY (month/day/year)
format.
Activity Code Processing code of the authorization request. See Data Element
3 in the Customer Interface Specification manual.
Process Amount Transaction amount contained in the original authorization
request, as requested and entered by the acquirer. This amount
is listed in settlement currency (U.S. dollars).
Transaction Date Date (St. Louis time) that the authorization request was
processed by Stand-In in MM/DD/YY (month/day/year) format.
This is the transmission date of the authorization request. See
Data Element 7 in the Customer Interface Specification manual.
Field Description
Transaction Time Time (St. Louis time) that the authorization request was
processed by Stand-In in HH:MM:SS (hour: minute: second)
format. This is the transmission time of the authorization
request. See DE 7 (Transmission Date and Time) in the
Customer Interface Specification manual.
Advice Reason/Detail The reason for the advice, followed by the advice detail. The
advice reason indicates whether Stand-In, X-Code, or Limit-1
processing at the MIP processed the transaction. The advice
detail gives the authorization response that Stand-In, X-Code, or
Limit-1 processing at the MIP returned on behalf of the CAPS
issuer
Fail Code Code indicating the reason why Stand-In, X-Code, or Limit-1
processing at the MIP did not approve the transaction.
01 Reject Decline
02 Reject Capture Card
03 Reject Issuer not participating
04 Reject Invalid PIN
05 Reject ATM
06 Reject Transaction limit test/Refer to card issuer
07 Reject VIP cumulative limit test
08 Reject Merchant suspicious indicator test
09 Reserved
10 Reserved
11 Reject Day 1/number of transactions
12 Reject Day 2/number of transactions
13 Reject Day 3/number of transactions
14 Reject Day 4/number of transactions
15 Reject Day 1/amount
16 Reject Day 2/amount
17 Reject Day 3/amount
18 Reject Day 4/amount
19 Reject Extended Cash Disbursement cumulative
amount
20 Reject No procurement record
21 Reject VIP transaction limit test
Field Description
22 Reject No category record
23 Reject Not authorized
24 Reject Single cash disbursement limit test
25 Reject Monthly cash disbursement limit test
26 Reject Single limit test
27 Reject Monthly limit test
28 Reject Invalid CVC
Acquirer Information
Field Description
REF Number Banknet reference number.
ICA ICA number (Customer ID) of the acquirer that transmitted
the authorization request. See DE 32 (Acquiring Institution
ID Code) in the Customer Interface Specification manual.
Stand-In Authorization response that Stand-In processing sends to
Response the acquirer on behalf of the issuer. If the transaction is an
approval, a six-digit authorization approval code beginning
with “8” appears in this field. If X-Code or Limit-1
processing at the MIP generates the authorization response,
this field is blank.
POS Numeric country code of the acquirer sending the
(point of sale) authorization request. See the list of country codes in the
Quick Reference Booklet.
Type Transaction category code. See DE 48 in the Customer
Interface Specification manual. Valid values include:
A = Automobile/Vehicle Rental
C = Cash Disbursement
F = Restaurant
H = Hotel/Motel and Cruise Ship Services
O = Hospitalization and College/School Expenses
P = Payment Transaction
R = Retail
T = Mail Order/Telephone Order
U = Unique Transaction
Field Description
X = Transportation
Z = Automated Teller Machine (ATM) Cash
Disbursement
AMCC Information
Participating issuers and acquirers see the following fields on the Daily Activity
Report. These fields appear as a second line of data for each transaction only
if currency conversion occurred for the transaction. When present, all of the
fields in the second line of data will be populated.
Field Description
CH Amt/Curr/Rate The transaction amount in issuer currency, followed by the
(Cardholder currency code of the issuer currency, followed by the
Amount/Currency/ conversion rate used to convert the amount in acquirer
Rate) currency into the amount in issuer currency. See DE 6, DE 10,
and DE 51 in the Customer Interface Specification manual.
Tran Amt/Curr/Rate The transaction amount in acquirer currency, followed by the
(Transaction currency code of the acquirer currency, followed by the
Amount/Currency/ conversion rate used to convert the amount in acquirer
Rate) currency into the amount in U.S. dollars (shown in the Process
Amount field). See DE 4 and DE 49 in the Customer Interface
Specification manual.
Rate Date The month and day that the conversion rate is effective to
convert the transaction amount from the acquirer currency into
the currency of settlement (U.S. dollars). See DE 16 in the
Customer Interface Specification manual.
Member Testing.................................................................................................11-1
Who Must Test ............................................................................................11-1
How to Prepare for Testing........................................................................11-1
Select Authorization Service Features ..................................................11-2
Establish a Member Test System ..........................................................11-2
ISO 8583–1987 Transaction Format ...............................................11-2
Response Codes..............................................................................11-3
Communications Interface..............................................................11-4
Prepare MasterCard Test Systems.........................................................11-4
Member Testing Fees .....................................................................11-4
Offline Testing via the MasterCard Credit Authorization
Simulator .........................................................................................11-5
Issuer Simulator Testing...........................................................11-5
Acquirer Simulator Testing.......................................................11-6
Scheduling Installation of the Simulator........................................11-6
For More Information .....................................................................11-7
Online Testing via the Member Test Facility.................................11-7
Scheduling Online Member Testing ..............................................11-7
How to Perform Testing .............................................................................11-8
How to Begin Production Processing ........................................................11-8
Member Testing
The following guidelines provide information for online members about:
• Who must test
• How to prepare for testing
• How to perform testing
• How to begin processing
Note Members may contact Customer Operations Services for complete instructions
about applying for MasterCard membership and selecting authorization
services.
See the Customer Interface Specification manual for message formats, record
layouts, field definitions, and a description of the MasterCard application of the
ISO 8583–1987 message standard.
Note MasterCard recommends that acquirers and issuers test the usage of Acquirer
Reversal Request/0400 and Acquirer Reversal Request Response/0410 messages.
Response Codes
Issuers can choose to support any of the optional response codes outlined in
the Customer Interface Specification manual. Issuers must test for mandatory
codes. Acquirers must test for receipt of all codes.
Communications Interface
Following testing with the simulator, online members send their test results to
MasterCard. Members may then schedule online testing with the Member Test
Facility. Customer Implementation Services also coordinates online testing
with the Member Test Facility.
The following table provides pricing and support fees for the MasterCard
Credit Authorization Simulator software package.
The following table provides pricing and support fees for online testing and
exception online testing. Examples of exception online testing include:
• Testing outside of published available test hours
• Test requests received less than five days before the test date
• Beginning online testing when inaccurate or incomplete simulator trace
files have been submitted and have not been validated
The simulator provides all the testing capabilities that are available with online
testing. Testing with the simulator can minimize the time required to perform
online testing. With the simulator, members can:
• Conduct extensive preparations for online testing in an offline environment
• Replicate the tests and procedures for scheduled online testing
MasterCard updates the simulator two times a year, to coincide with the
Banknet releases. Generally, the most current version of the simulator is
available three or four weeks before MasterCard makes online testing with the
Member Test Facility available to members for each release.
The simulator allows issuers to create messages that their host systems would
expect to receive from MasterCard for processing. Examples of internal testing
that issuers can perform with the simulator are:
During issuer testing, the simulator sends CIS messages to the issuer host
system.
Authorization Request/0100
For acquirers, the simulator supports testing all transactions that need to be
routed to MasterCard systems. Acquirers can test all point-of-interaction (POI)
locations and Internet-based transaction processing systems.
Authorization Request/0100
Step Action
1. The member establishes communications connectivity between the simulator
and the host environment.
2. The Customer Implementation Services specialist selects the authorization test
cases that are appropriate to the member’s processing system. The member
modifies the test scripts provided with the simulator to include member-
specific data.
Step Action
3. During a test session, the simulator and the member host system exchange
authorization messages. Trace files record the results of the test session for
analysis. Members view the trace files to determine any errors that occur
during authorization message processing.
4. When testing is completed, the member forwards the trace file to the assigned
Customer Implementation Services specialist to confirm test results.
Simulator Support
Fax: 1-636-722-2797
E-mail: credit.sim@mastercard.com
After members have successfully completed testing of their host system with
the offline simulator, they may schedule online testing with the Member Test
Facility. In most cases, MasterCard will assign the same Customer
Implementation Services specialist to support both offline and online testing by
a new member.
MasterCard schedules members for online testing sessions of one or two hours
in length. Members must schedule online testing with Customer
Implementation Services at least 10 business days before testing. If members
need MasterCard to change the MIP before testing, members must notify
Customer Implementation Services at least 15 days before testing. In addition,
if members must cancel scheduled testing, they must notify Customer
Implementation Services more than five days before the scheduled test date to
avoid being charged for testing.
Outside the U.S. region, members can schedule online testing by contacting
their regional representative.
Note The member must inform the Customer Implementation Services specialist of
the actual cut-over production date (or postponement of a previously scheduled
cut-over date), at least ten business days before the actual date.
The member should have procedures to support a backout plan in the event
of irrecoverable problems experienced during production implementation.
This backout plan should include the following:
• Ability to switch back to previous processing environment or alternate
processing capability
• 24-hour availability of the member’s operations staff
Online acquirers and all CAPS members may begin sending messages
immediately after conversion. Online issuers must initiate online processing
with a sign-in (Network Management Request/0800) message. MasterCard
responds to the sign-in request by directing authorization traffic to the issuer.
When to Test
The member must complete testing for CAPS whenever MasterCard
implements enhancements to CAPS or the Daily Activity Report and notifies
the member that the enhancements require testing.
Step Action
1. Create a Sequential Account File, referring to the record layouts in chapter 8
for field attributes and valid values. Set the Last Update Info field to zeros for
this initial transmission, and include all of the accounts in your cardholder
base in the file. This will build your Positive File.
Make sure that the file you create contains all of the cards in your cardholder
base because after implementation of CAPS, MasterCard will set Stand-In limits
to zeros, and CAPS processing will approve only the cards in the CAPS file.
2. Start MasterCard File Express. When you sign on, select region C (for
certification) not region P (for production). Send the Sequential Account File
using application ID RB28. At midnight of the day you send the Sequential
Account File, Stand-In processing will process the file.
3. Via facsimile, send to your Customer Implementation Services specialist a list
of test account numbers and authorization amounts (based on the account
numbers that you sent in step 1).
MasterCard uses this list to create authorization requests and run them against
your positive file of accounts (the accounts that you sent in step 1.) Be sure
that some of the test authorization amounts you send would cause the
accounts to go over their credit limit, so that some of the authorization
requests receive a “Decline” response.
As the authorization requests are run, the credit limits on your positive file
also are updated accordingly.
4. Create an updated Sequential Account File. Refer to the record layout of this
file in chapter 8.
• Add five accounts to the file.
• Delete five accounts from the file.
• Change five accounts in the file.
5. Send another updated Sequential Account File to MasterCard and making the
following modifications:
• Delete two accounts from the file.
• Change two accounts in the file.
6. If you request to receive a Daily Activity Report, your Customer
Implementation Services specialist will create this and send it to you.
Overview ...........................................................................................................12-1
Acquirer Responsibilities...................................................................................12-1
Requirements for Merchants and Service Providers ..................................12-1
Transaction Processing Categories .............................................................12-2
Full Grade Processing...........................................................................12-2
Cardholder-controlled Remote Devices .....................................................12-2
Hybrid Terminal Requirements ..................................................................12-3
Multi-application Capabilities of Hybrid Terminals.............................12-5
Fallback Procedures ....................................................................................12-5
Cardholder-activated Terminals............................................................12-6
Terminal Cardholder Verification Method Policy ......................................12-6
Hybrid Terminal Risk Management............................................................12-6
Terminal Floor Limit Check..................................................................12-7
Velocity Check ......................................................................................12-7
Acquirer Processing Requirements.............................................................12-8
Overview
Members are not required to support smart card transactions. However,
members must comply with all relevant rules if they choose to do any of the
following:
• Acquire smart card transactions
• Issue smart cards
Acquirer Responsibilities
The acquirer or its designated agent must:
• Properly encode the Authorization Request/0100 message, including
identifying the transaction as a smart card–read in DE 22 (Point-of-Service
[POS] Entry Mode). If applicable, send the smart card data in DE 55
(Integrated Circuit Card [ICC] System-related Data).
• Develop and support member service procedures for the chip-based
application and products. The service procedures must comply with
MasterCard standards.
• For acquirers processing chip transactions—support receipt of DE 48, Apr
subelement 74, which contains information when there is a chip 2006
cryptogram issue.
Apr
Note Depending on agreed card/terminal CVM method, acquirers that support chip 2006
transaction processing may send credit cash advance transactions using chip
cards with online PIN for added security.
Technical requirements for Full Grade processing are defined in the M/Chip—
Functional Architecture for Debit and Credit manual.
• Hybrid terminal floor limits must equal the default values that MasterCard
provides. When the hybrid terminal determines whether to perform a
transaction online or offline, it must compare the maximum transaction
amount of the smart card with the terminal floor limit.
IF… THEN…
The floor limit of the hybrid terminal is The transaction may occur offline.
lower
The maximum transaction amount of the The transaction must occur online.
smart card is lower
Fallback Procedures
Members use fallback procedures when a smart card is present at a hybrid
terminal and the merchant processes the transaction by using the magnetic
stripe or by manually entering the PAN because the merchant cannot process
the transaction using smart card technology.
Cardholder-activated Terminals
Depending on the rules of the region in which the CAT exists, following are
MasterCard’s rules about performing fallback procedures from hybrid CATs.
All hybrid terminals that are capable of online processing must perform the
Terminal Floor Limit Check. Transactions that are above the terminal floor
limit must be sent online to the issuer for authorization.
Terminals that operate offline only (CAT Level 3 and CAT Level 4 terminals)
are not required to perform a Terminal Floor Limit Check.
Velocity Check
The Velocity Check verifies that the total number of consecutive, offline,
approved transactions that the smart card performs does not exceed a
maximum number. The Velocity Check reduces the offline risk where the
floor limit is greater than zero, because it requires online authorization of
transactions at pre-set intervals, as required by MasterCard.
All online capable hybrid terminals must perform the Velocity Check. If an
online authorization can not be obtained, then the chip must do one of the
following, according to the issuer’s personalization parameters, which are
programmed in the chip:
• Decline the transaction
• Authorize the transaction offline
Terminals that operate offline only (CAT Level 3 and CAT Level 4 terminals)
are not required to perform the Velocity Check.
Issuer Responsibilities
The issuer or its designated agent must:
• Identify its MasterCard products and applications in accordance with the
Application Identifier list that MasterCard provides
• Develop and support member service procedures for chip-based
applications and products, in compliance with MasterCard standards
• Maintain inventory and establish audit and control procedures for smart
cards. Issuers must store smart cards in a safe and secure manner
• Support re-issuance of its cards for:
− Expired card replacement
− Defective cards
− Lost cards
− Stolen cards
− Non-receipt of issue cards (NRI). (The cardholder never received the
newly issued card.)
• Meet all smart card requirements.
• Conduct chip-based applications, products, and programs in a safe, secure,
and sound manner.
• Maintain records of all applications and operating systems it provides on
individual smart cards.
• For issuers processing chip transactions—accept and process credit cash Apr
advance transactions using chip cards with online PIN. 2006
The issuer is responsible to MasterCard for the content and performance of all
chip-based applications and programs that it or its designated agent issues on
its behalf.
Velocity Check
The Velocity Check is an optional check for issuers. It verifies that the number
of consecutive offline transactions does not exceed an issuer defined
maximum number of offline transactions. When the smart card’s internal
counter value is equal to or greater than the Upper Consecutive Offline Limit,
the chip will go online to the issuer for authorization.
CAM Policy
MasterCard requires all issuers and acquirers to support offline static data
authentication (SDA) CAM for all credit transactions except at ATMs.
With the exception of 100 percent online terminals, all hybrid terminals must
support both offline SDA CAM and offline DDA CAM. For 100 percent online
terminals, support of offline SDA CAM and offline DDA CAM is at the
acquirer’s option. If the 100 percent online terminal supports offline CAM, it
must support both offline SDA CAM and offline DDA CAM.
The following table shows the processing instructions for various scenarios.
IF… THEN…
Offline SDA CAM or offline DDA CAM The transaction must go online to the issuer
fails for authorization.
The issuer must process the transaction via
dynamic online CAM in a full grade
environment.
If online authorization is not obtained, the
transaction must be declined by the acquirer.
Offline SDA CAM or offline DDA CAM The transaction must go online to the issuer
is not performed in a 100% online for authorization.
environment The issuer must process the transaction via
dynamic online CAM in a full grade
environment.
If online authorization is not obtained, the
transaction must be declined by the acquirer.
IF… THEN…
Online processing is requested but is The merchant must not capture the card
not available. unless either the issuer or the smart card
instructs the merchant to capture the card
Offline CAM fails at a CAT Level 3 or 4 The transaction must be declined.
terminal
Using SDA, the smart card is passive and the terminal is active. During a
transaction, the terminal verifies this cryptographic signature by doing all of
the following:
• Reading the protected application data from the card
• Calculating a new cryptographic signature
• Comparing the new cryptographic signature with the cryptographic
signature personalized on the smart card
Using DDA, the smart card and the hybrid terminal are both active, and must
be capable of executing a public key algorithm. During a transaction, DDA
requires the smart card to create a new, different (dynamic) cryptographic
response to a challenge from the hybrid terminal. This response is a card
encryption (using an application-level or card-level secret key) of the protected
application data (for example, PAN, expiration date), and is a pre-personalized
digital signature and a random number from the terminal.
The smart card must generate an authorization request cryptogram (ARQC) for
all online transactions.
CVM Policy
Smart cards must support signature for transactions and must accept signature
as the CVM for all transactions at attended terminals. The issuer may choose
to support offline PIN in addition to signature. Online PIN is the required
CVM for all ATM transactions.
The PIN validation value (PVV) on the magnetic stripe must be consistent with
and correspond to the PVV on the chip.
Block/Unblock
The issuer may block one or more applications on a smart card during any
online dialogue or transaction. Reasons for blocking applications include but
are not limited to:
• The application ID number appears on the Emergency BIN List
• CAM failure
• CVM failure
PIN Block
If a PIN is required to conduct a payment transaction, the terminal will prompt
the cardholder to enter a PIN. It will allow the cardholder to attempt to enter
the correct PIN several times, as specified by the issuer. If the cardholder does
not successfully enter the correct PIN within the PIN Try Limit parameter that
the issuer specifies on the smart card, then the PIN is blocked and no further
PIN attempts are permitted. The transaction proceeds in accordance with the
Issuer Action Codes and Terminal Action Codes set by the issuer and acquirer,
respectively. As a result, the transaction may be declined offline or forced
online to the issuer.
An acquirer may choose to set a lower PIN Try Limit at its terminals than
issuers specify on their smart cards. If an acquirer chooses to set a PIN Try
Limit, it must do so according to MasterCard rules.
The paths described as primary on the following pages are always the first
path attempted. Secondary paths are followed only if the primary path is
unavailable. Tertiary paths are followed only if the first two paths are
unavailable.
1 CPS is a Visa interchange discount program that applies to certain transactions routed
through the Visa authorization network.
1 1 1 1
Banknet
2 2 2 2
Network
3
Acquirer MIP MIP Issuer
Visa
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Authorization System routes the Visa
authorization request through the Banknet network to the Visa issuer.
2. The Visa issuer formats an authorization response conforming to MasterCard
specifications. The request travels back to the Banknet network. The Banknet
network delivers the authorization response to the acquirer.
3. Online acquirers may generate an authorization acknowledgement message to
acknowledge receipt of the response.
Visa issuers do not receive PIN data with Visa ATM transactions that are routed
to the gateway.
1 1
Banknet
4 4
Network
MIP
MasterCard
(Gateway)
3 2
VISA
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the Banknet network.
2. The Authorization System, unable to route the authorization request to the
Visa issuer, routes it instead to the MasterCard gateway to the Visa
authorization network.
3. The Authorization System receives the authorization response from Visa.
4. The Authorization System delivers the authorization response to the acquirer.
1 1
2 Banknet
Network
MIP
MasterCard
(Gateway)
VISA
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the Banknet network.
2. The Authorization System is unable to deliver the request to the Visa issuer or
the Visa network. X-Code processing returns a response code that indicates,
“Authorization System or issuer system inoperative” and that prompts an
acquirer response of “decline.”
Visa issuers do not receive PIN data with Visa ATM transactions that are routed
to the gateway.
1 1
4 4 Banknet
Network
5
2
Acquirer MIP 3
MIP
MasterCard
(Gateway)
3
2 VISA
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the Banknet network.
2. The Authorization System routes the authorization request to the Visa network.
3. Visa delivers an authorization response to the Banknet network.
4. The Authorization System delivers the authorization response to the acquirer.
Stage Description
5. The acquirer has the option to return an acknowledgement message.
Note Cash disbursement and unique transactions receive a response of “refer to card
issuer.” Visa ATM transactions receive a response of “decline.”
1 1
3 3 Banknet
Network
4 1
Acquirer MIP 2
3
MIP
MasterCard
MIP (Gateway)
2
3
VISA
Visa
Stand-In 2 Negative
File
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the Banknet network.
Stage Description
2. The Authorization System, unable to route the request to the Visa network,
routes it instead to MasterCard Stand-In processing, where it is checked
against the Visa negative file.
3. Stand-In processing generates an authorization response, according to
MasterCard parameters for Visa transactions, and delivers the response to the
acquirer.
4. The acquirer may return an authorization acknowledgement message.
1 1
Banknet
2
Network
1
Acquirer MIP
MIP
MasterCard
MIP (Gateway)
Stand-In
VISA
MasterCard Visa
Stand-In Negative
Host File
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the Banknet network.
2. The Authorization System is unable to route the request to the Visa network or
Stand-In processing. X-Code processing at the acquirer MIP returns a
response code that indicates, “Authorization System or issuer system
inoperative” and that prompts an acquirer response of “decline.”
1 1
Banknet
4 4
Network
5
Acquirer MIP 2 Issuer
3 Visa
MIP
MasterCard
(Gateway)
3 2 VISA
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the Banknet network.
2. The Authorization System routes the request to the Visa network.
3. The Visa network delivers an authorization response to the Banknet network.
4. The Authorization System delivers the authorization response to the acquirer.
5. The acquirer may return an authorization acknowledgement message.
Note Visa cash disbursement and unique transactions receive a response of “refer to
card issuer.” Visa ATM transactions receive a response of “decline.”
1 1
Banknet
3 3
Network
4 1
Acquirer MIP 2
3
MIP
MasterCard
MIP (Gateway)
2
3
VISA
Visa
Stand-In 2 Negative
File
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the Banknet network.
2. The Authorization System, unable to route the authorization request to the
Visa network, routes it instead to MasterCard Stand-In processing, where it is
checked against a file of negative Visa accounts updated weekly by
MasterCard.
3. Stand-In processing generates an authorization response and delivers the
response over the Banknet network to the acquirer.
Stage Description
4. The acquirer may return an authorization acknowledgement message.
1 1
Banknet
2
Network
Acquirer MIP 1
MIP
MasterCard
MIP (Gateway)
VISA
Stand-In
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the Banknet network.
2. The Authorization System is unable to route the authorization request to the
Visa network or Stand-In processing. X-Code processing at the acquirer MIP
returns a response code that indicates, “Authorization System or issuer system
inoperative” and that prompts an acquirer response of “decline.”
1 1
Banknet
4 4 Network
Acquirer MIP
Acquirer 2
3
MIP
MasterCard
(Gateway)
2
3
Endpoint
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for the particular card brand. The request flows through the
acquirer MIP to the Banknet network.
2. The Authorization System routes the authorization request to the appropriate
endpoint (such as a processor, card issuer, or other network).
3. The endpoint returns an authorization response to the Banknet network.
4. The Authorization System delivers the authorization response to the acquirer.
1 1
Banknet
2 Network
Acquirer MIP
1
MIP
MasterCard
Endpoint
Stage Description
1. The acquirer creates an authorization request conforming to MasterCard
specifications for the particular card brand. The request flows through the
acquirer MIP to the Banknet network.
2. The Authorization System, unable to route the request to the appropriate
endpoint, performs X-Code processing, returning authorization responses as
follows:
Response Transaction Type
Decline MO/TO, ATM, or merchant suspicious transactions
Refer to Card Issuer All other transactions
Refer to the following file layouts for both bulk file and MasterCard File
Express.
Frequency: On request
Media: Bulk File (bulk type T230) or Tape
LRECL: 1012
Format: Fixed block
Block size: 1012