Professional Documents
Culture Documents
RuPay - Online
Switching Interface
Specification
Version 1.8.3 Year 2018
Table of Contents
Table of Contents __________________________________________________________________________________ 1
List of Figures ______________________________________________________________________________________ 7
List of Tables _______________________________________________________________________________________ 8
Confidentiality and Copyright Notice _________________________________________________________ 11
Document Control ________________________________________________________________________________ 12
Chapter 1 About This Manual _______________________________________________________________ 20
1.1 Audience ___________________________________________________________________________________ 20
1.2 Organization of the Manual _____________________________________________________________ 20
1.3 Exclusion ___________________________________________________________________________________ 20
1.4 Document Convention____________________________________________________________________ 20
1.5 More Information _________________________________________________________________________ 21
1.5.1 Related Publication ________________________________________________________________________________ 21
1.5.1.1 RuPay Global Clearing and Settlement (RGCS) ____________________________________________ 21
1.5.1.2 Operating Rule _______________________________________________________________________________ 21
1.5.1.3 RuPay VAS Addendum _______________________________________________________________________ 21
1.5.1.4 RuPay qSPARC _______________________________________________________________________________ 21
2.4 Transaction flow for Aadhaar Based Biometric Authentication for Card Present
Transactions _______________________________________________________________________________________ 24
2.5 Routing _____________________________________________________________________________________ 25
Chapter 3 Message Structure ________________________________________________________________ 27
3.1 Message Structure ________________________________________________________________________ 27
3.1.1 Message Header ____________________________________________________________________________________ 27
3.1.2 Message Type Identifier ___________________________________________________________________________ 27
3.1.2.1 Position 1- Version Number_________________________________________________________________ 27
3.1.2.2 Position 2 – Message Class __________________________________________________________________ 27
List of Figures
Figure 1 SMS Transaction Flow _______________________________________________________________________ 22
Figure 2 DMS Transaction Flow _______________________________________________________________________ 23
Figure 3 Biometric Transaction Flow _________________________________________________________________ 24
Figure 4: Master Initiated Key Exchange _____________________________________________________________ 36
Figure 5: On Member Request Key Exchange ________________________________________________________ 37
Figure 6 Authorization Normal Completion__________________________________________________________ 41
Figure 7 Message Validation Failure – NPCI _________________________________________________________ 41
Figure 8 System Failure – Authorization Request/ Financial Request _____________________________ 42
Figure 9 System Failure – Authorization Response/ Financial Response _________________________ 43
Figure 10 Late response from issuer _________________________________________________________________ 44
Figure 11 Stand-in Processing, Late Response from Issuer _________________________________________ 47
Figure 12 Stand-in Processing, No Response from Issuer __________________________________________ 48
Figure 13 Stand-in Processing, Node Offline or Issuer Signed-off __________________________________ 49
Figure 14 Stand-In processing, for Small Ticket size ________________________________________________ 50
Figure 15 Maximum Response Time for Acquirer ___________________________________________________ 54
Figure 16 Normal Completion of an Authorization Message/ Financial Message_________________ 54
Figure 17 System failure - Acquirer Aware - Authorization / Financial Request _________________ 55
Figure 18 System Failure - Acquirer Unaware - Authorization / Financial Request ______________ 56
Figure 19 Message Validity Failure at NPCI - Authorization / Financial Request _________________ 56
Figure 20 Incomplete Transactions in case of Terminal Failure ___________________________________ 57
Figure 21 System Failure - NPCI Aware - Authorization / Financial Response ___________________ 58
Figure 22 System Failure - NPCI Unaware - Authorization / Financial Response_________________ 59
Figure 23 Advice Messages getting Completed Normally ___________________________________________ 60
Figure 24 Advice Delivery Crossing Time Limits ____________________________________________________ 60
List of Tables
Table 1 Version History ________________________________________________________________________________ 12
Table 2 Document Revision History __________________________________________________________________ 19
Table 3 Document Convention ________________________________________________________________________ 20
Table 4 Components of Message Structure___________________________________________________________ 27
Table 5 Version Number ISO 8583 Message _________________________________________________________ 27
Table 6 Message Class ISO 8583 Message ____________________________________________________________ 28
Table 7 Message Function ISO 8583 Message ________________________________________________________ 28
Table 8 Message Source ISO 8583 Message __________________________________________________________ 28
Table 9 RuPay Implementation of ISO 8583 _________________________________________________________ 30
Table 10 Private Fields Used in RuPay _______________________________________________________________ 30
Table 11 Message Supported by Issuer _______________________________________________________________ 40
Table 12 Message Supported by Acquirer____________________________________________________________ 53
Table 13 Key Data Elements ___________________________________________________________________________ 63
Table 14 Symbols used in Message Format __________________________________________________________ 64
Table 15 Purchase Message – Issuer __________________________________________________________________ 66
Table 16 Purchase with Cashback Message – Issuer ________________________________________________ 68
Table 17 RuPay E-Commerce Message – Issuer _____________________________________________________ 69
Table 18 E-Commerce 3D Message – Issuer__________________________________________________________ 70
Table 19 IVR Request (from PaySecure) to Issuer ___________________________________________________ 72
Table 20 Cash at PoS– Issuer __________________________________________________________________________ 73
Table 21 Cash Withdrawal - ATM Message – Issuer _________________________________________________ 75
Table 22 Balance Inquiry Message – Issuer __________________________________________________________ 76
Table 23 Reversal Message – Issuer __________________________________________________________________ 77
Table 24 Decline Message _____________________________________________________________________________ 79
Table 25 Network Management Message – Issuer___________________________________________________ 79
Table 26 Pin Change Message – Issuer _______________________________________________________________ 80
Table 27 Mini Statement Message – Issuer ___________________________________________________________ 81
Table 28 Card to Card Fund Transfer-Debit leg to the issuer _______________________________________ 83
Table 29 Card to Card Fund transfer-Credit to the beneficiary _____________________________________ 84
Table 30 Mobile Number Update – Issuer ____________________________________________________________ 85
Table 31 Cheque Book Request – Issuer______________________________________________________________ 86
Table 32 Statement Request – Issuer _________________________________________________________________ 87
Table 33 Decline Advice Message (Quick EMV) – Issuer ____________________________________________ 89
Table 34: International e-Commerce to Issuer_______________________________________________________ 91
Table 35: STIP Advice Request to Issuer _____________________________________________________________ 92
Table 36 File Update Message – Issuer _______________________________________________________________ 93
Table 37 OCT Message To Issuer ______________________________________________________________________ 94
Table 38 Money Load Transaction Message – Issuer ________________________________________________ 95
Table 39 Service Creation Message – Issuer _________________________________________________________ 96
Table 40 Aadhar Number Inquiry Message – Issuer_________________________________________________ 97
Table 41 ARQC Validation and ARPC Generation- Onus ____________________________________________ 99
Table 42 Purchase Message – Acquirer_____________________________________________________________ 101
Table 43 Purchase with Cashback Message – Acquirer ___________________________________________ 103
This document is of restricted use. No part of this document may be reproduced in any form by
any means without prior written authorization of National Payment Corporation of India (NPCI).
Document Control
Document name: RuPay Online Switching Interface Specifications
Version History:
1.1 Audience
This manual is intended for technical staff and managers and customer support personnel of the
member banks.
Chapter 3, Message structure – This chapter contains message structure supported by NPCI
Chapter 4, Message definitions– This chapter contains various types of messages supported by
NPCI
Chapter 5, NPCI system functionalities – This chapter contains various functionalities of the
NPCI online authorization system.
Chapter 6, Member responsibilities - This chapter contains responsibilities of the issuing and
acquiring bank
Chapter 7, Message formats – This chapter contains NPCI message formats for various
transactions
Chapter 8, Data element description – This chapter defines the data element description for
NPCI online messages
Chapter 9, Compliance – This section defines the compliance requirements for members.
1.3 Exclusion
The current specification version excludes the following items:
Chapter 2 Introduction
As a part of the RuPay Switching Service, the ‘NPCI Network’ will collect transactions from a
trusted source (an acquirer) and deliver it to a trusted destination (an issuer). The trusted
destination will use this information to validate the transaction to the cardholder’s account and
further authenticate the transaction back to the trusted source through ‘NPCI Network’. ‘NPCI
Network’ further facilitates the process of clearing a valid authenticated transaction and provides
the settlement service. A settlement service is a facility within which funds are exchanged
between members and NPCI to settle transactions and fee amounts.
The RuPay Switching Service will facilitate POS and ATM transactions among all member banks
participating in the ‘NPCI network’. The RuPay Switching Service operates on a continuous basis,
ensuring that cardholders in India can use their card anytime and that Acquirers and Issuers in
India always have access to NPCI RuPay Switching Service facility.
The NPCI SMS system will perform real time transaction processing as well as exception or offline
transaction processing offline. Transaction flow in SMS environment is as follows:
Merchant Central Switch
Acquirer Issuer
0200 0200
0210 0210
RGCS
2.3.1 Authorization
Authorization is the process where the card issuing bank notifies the acquirer and the merchant
of the availability of funds for a cardholder, and issues an authorization code for the transaction
2.3.2 Clearing
The movement of transaction information from the member to NPCI network and NPCI network
to members is referred to as Clearing. In the clearing process, the funds are claimed from member
parties using the NPCI network by exchanging clearing files. Clearing activities facilitate the
settlement process.
2.3.3 Settlement
Settlement is the process used to exchange funds between members for the net value of the
monetary transactions cleared for the specific processing day.
Acquirer Issuer
0100 0100
0110 0110
POS transaction
downloaded
from Central
Clearing Clearing
Switch for
and and
processing after
settlement settlement
cutover
files files
RGCS
This document defines the Host-to-Host RuPay online message specifications for both single
message system and dual message system. Messages to be used for the connection between the
NPCI host, issuer and acquirer will be based on the ISO-8583 standard. This document outlines
the detailed usages of the ISO-8583 protocol between the two host systems and the data format
to be used in individual data elements.
Note: The word POS here encompasses all the transaction types other than ATM transactions like
POS/IVR/E-Comm.
Acquiring Bank
NFS Switch Issuing Bank Switch
Switch
Process Flow:
1. Card Holder inserts the card for ATM / POS Transactions. Card holder to be
prompted with the following two options to select the mode of Authentication
a. PIN
b. Biometrics
If the cardholder selects ‘PIN’ as the mode of authentication, current
transaction flow shall continue.
If the cardholder selects ‘Biometric’ as the mode of authentication,
customer will be prompted to provide his/her biometrics. Once the
transaction details are entered and biometrics is provided by the
cardholder the transaction is sent by the ATM / POS to Acquirer switch.
2. Acquirer Switch will send the transaction request to NPCI with the authentication
indicator for routing the transaction to the respective Issuing bank.
3. NPCI will send the transaction request to the Issuing Bank switch for fetching the
Aadhaar number mapped against the card number.
4. Issuing bank to respond to NPCI with the Aadhaar number of the cardholder for
authentication.
5. On successful receipt of Aadhaar number from the Issuing Bank switch, NPCI will
send the authentication request to UIDAI along with Aadhaar number and the
encrypted biometrics as per UIDAI specifications.
6. Once the authentication response is received by NPCI from UIDAI.
7. For successful authentication response from UIDAI, NPCI will send the transaction
request to FRM for rule evaluation.
8. FRM will respond with “Fraud score”
9. Based on the certification, the fraud score or the default score along with
approved authentication response will be sent to the Issuing Bank Switch for
processing the transaction.
10. Issuing bank switch will send the request to CBS.
11. The response will be sent by CBS to Issuer Bank Switch.
12. Issuer Bank Switch will send the response to NPCI.
13. NPCI will send the response received from Issuing Bank switch to Acquirer
Switch.
14. Acquirer switch will send the response to the ATM / POS. Device shall process the
transaction request based on the response received and display it on the screen
to the cardholder.
2.5 Routing
Routing is the process of moving information across an inter-network from a source to a
destination. The NPCI RuPay Switching service supports routing of interbank POS and ATM
transactions through NPCI network.
NPCI system will support the routing for authorization for both SMS and DMS system. The
clearing and settlement of DMS transaction is carried through RuPay Global Clearing and
settlement system (RGCS)
The central switch of the NPCI system validates the request message from the acquirer
and prepares it for processing. This processing and validation include identifying the
message type, identifying the Issuing bank, checking of structural, format and value
validation, and Liquidity Management Module (LMM) checking.
If the central switch encounters an error condition at any point in the process then further
processing is halted. Messages rejected or declined by NPCI are sent back to the acquirer with a
proper response code indicating occurrence of an error condition wherever possible and the
message is not forwarded to the issuer. For e.g. if a message does not contain a mandatory field
in the request, or a field contains an alphabet in place of a number then that message would be
rejected at the NPCI’s end.
3rd position of the MTI specifies the message function which defines how the message will flow
within the system.
MTI Signifies RuPay Implementation
xx00 Request
xx10 Request response
xx20 Advice
xx30 Advice response
xx40 Notification
Table 7 Message Function ISO 8583 Message
Following are the valid message type identifiers for RuPay online specifications
3.1.3 Bitmap
Within an ISO 8583 message, a bitmap is a field or subfield that indicates which data elements
may be present elsewhere in a message. The message text segment of all messages transmitted
through NPCI Host is of variable length. For this segment, bit maps specify the fields that are
present and those that are missing.
Primary bitmap
Primary and secondary bitmap
Primary, secondary and third bitmap
If a bit is 0, the field related to that bit is not present in the message.
If a bit is 1, the field related to that bit is present in the message.
Data field number 1 does not exist. The first bit of the primary map is used to indicate if another
bitmap called the second bitmap (see the next section) immediately follows this primary one.
The second bitmap is present only when the message contains information in any field from 66
through 128. When present, the secondary map immediately follows the primary bitmap and
precedes the data fields.
The third bitmap is aligned at the beginning of the message, directly following the first two
bitmaps. The data elements follow the bitmaps. The third bitmap is reserved for future use.
Note: The message exchanged between member switch and the NPCI switch will use ASCII character
set. Message header will be in binary.
For example: Bit value 2 is assigned to Primary Account Number, 3 is assigned to Processing Code,
4 is for Transaction Amount similarly bit value 128 is for message authentication code field and
so on. For each data element there is specific data format, size, constraints and description, which
are been mentioned in Chapter 8.
Variations Descriptions
Message Header NPCI uses 2 byte header which indicates the length of the
message minus header.
DE 22 – POS entry mode NPCI uses five private values 80, 81, 90, 91, 95 ,99 for PAN entry
mode and two private values 6, 9,8 for PIN entry mode of DE 22
DE 25 -POS Condition code NPCI defines three private values 51, 59, 71 for this field
DE 44 – Additional response NPCI defines additional response data to indicate the reject
data code in case if the message fails to comply with the rules
Table 9 RuPay Implementation of ISO 8583
Variations Descriptions
DE 48 -Additional data NPCI uses DE 48 which is reserved by ISO for “Private use”
DE 60 – Advice reason code NPCI uses DE 60 which is reserved by ISO for “Private use”
DE 61 – POS data code NPCI uses DE 61 which is reserved by ISO for “Private use”
DE 62 – Private data field 1 NPCI uses DE 62which is reserved by ISO for “Private use”
DE 104 – OCT data NPCI uses DE 104which is reserved by ISO for “Private
use”
DE 111- to DE 119 Encrypted NPCI uses DE 111 to DE 119 which is reserved by ISO for
Personal Identity Data( “Private use”
FP/BFD/IRIS)
DE 120 – Private data field 3 NPCI uses DE 120which is reserved by ISO for “Private
use”
DE 121 to DE 122 – Private data NPCI uses DE 121 to DE 123which is reserved by ISO for
field 4 - 5 “Private use”
DE 123 to DE 125 mc attribute NPCI uses DE 123 to DE 125 which is reserved by ISO for
Data “Private use”
DE#126 Additional Data NPCI uses DE 126 which is reserved by ISO for “Private
use”
DE 127 – Private data field 7 NPCI uses DE 127which is reserved by ISO for “Private
use”
Table 10 Private Fields Used in RuPay
Note: For financial request message PIN (DE 52) is mandatory as an authentication parameter.
Financial request message without PIN will be declined with acquirer compliance and will not be
forwarded to issuer. The exception to this is non-secure E-Commerce transaction.
If, for any reason, these messages cannot be immediately delivered to their intended destination,
acquirer or NPCI stores these messages in SAF and forwards them to the intended destination
when communication is re-established with the appropriate destination processor. NPCI treats
all reversal messages as reversal advice messages. Acquirer needs to send 0420 message to NPCI
and NPCI will forward the same to the Issuer. Issuer needs to respond with a 0430 message. NPCI
generates reversals only for time-out cases for issuer responses. NPCI will also generate reversal,
if the response from issuer fails for format validation or issuer fails to respond within the allowed
time limit. It is important to mention that a reversal always needs to be acknowledged and the
response code in the reversal response 0430 message is ignored at NPCI. If any response comes
for 0420 message from the Issuer, NPCI treats that the reversal is completed and the same is not
be forwarded again, removed from SAF and take the affect in settlement.
Acquirer can generate reversal up to next 72 hours (3 cut over cycles). If a reversal is generated
after next 72 hours then NPCI will not validate the same will not be processed at NPCI.
processing transactions. They may also be used for other purposes such as validation of the
availability of the host session in case of low or no transaction traffic in the session, etc.
Network messages communicate with NPCI for the scenarios mentioned below.
It’s the member’s responsibility to generate sign-on (0800) message to establish connectivity to
NPCI. Member banks also have to support sign-on message sent by NPCI and respond accordingly.
Member Systems will connect to NPCI system using persistent socket connections.
Member will be responsible to generate the sign-on (0800 message type) message after every
successful TCP socket connection.
Member must fine tune its timers so that every disconnection is followed by connect request
without any delay.
In POS and ATM transactions, all PINs must be encrypted at the point of entry using the triple DES
(3DES) algorithm in the ANSI X9.8 Format (with PAN) PIN block format 1 which is equivalent to
ISO PIN block format 0. The PIN will remain encrypted until the issuer receives it for verification.
The NPCI central switch must receive the PIN encrypted with the ANSI X9.8 Format (with PAN)
PIN block format 1 or ISO PIN block format 0.
Members must execute all PIN encryption, translation, and decryption for the POS/ATM
transaction using hardware encryption through physically secure devices. Both the host and the
point of entry must use hardware security module.
Key exchange is a service that enables member banks to change working keys that are used to
protect cardholder PINs via online messages.
To utilize this service, members must obtain a Zone Master Key (ZMK). A ZMK is a key exchange
key. Members use a ZMK for encrypting the working key when they convey it in an online
message. A ZMK is used to protect a Zonal Pin Key (ZPK). ZPK is different for both an issuer and
an acquirer.
The key exchange service makes it practically convenient to change PIN encryption keys
frequently, thereby increasing the security of the payment system and reducing the chances of
key compromise. There are two types of PIN encryption keys: Acquirer ZPKs and Issuer ZPKs.
NPCI and an acquirer would share one ZPK and NPCI and issuer would share another ZPK.
Acquirers use their ZPK to encrypt the PIN while sending a message to NPCI. NPCI uses the issuer
ZPK to encrypt the PIN when it sends the message to the issuer.
Key exchange messages are used to exchange ZPK between members. ZPK Key exchange can be
accomplished in two ways: i.e. static and dynamic modes as configured for respective members.
NPCI Automated - One is to have the master (NPCI) send the key update message and
slave updating the key directly.
On Member Request - The other way is to have the slave (bank) request for a new key and
master shall send a new key in response which slave can update after validating it.
New Key
2
Accept
1. NPCI will act as a master and will send a new key message (0800 DE-70=184) with a
Triple DES double length key along with its 6 digit key check value which member bank
should use for encryption or decryption of PIN.
2. The new key (ZPK) details along with key check value will be sent in DE-48 and the key is
encrypted. The participant bank should decrypt the new ZPK key using the ZMK
(exchanged separately) and should respond back to NPCI with 0810 message with
response code as “00” along with DE-70=184.
New key
3 request
New key 4
response
1. Participant bank can send a new key request message 0800 with DE-70 = 164 to NPCI.
2. NPCI will respond to the participant bank with 0810 response having the response
code as “00” with DE-70 = 164.
3. NPCI will generate the new key and (0800 DE-70=184) with a Triple DES double
length key along with its 6 digit key check value which member bank should use for
encryption or decryption of PIN.
4. The new key (ZPK) details along with key check value will be sent in DE-48 and the
key is encrypted. The participant bank should decrypt the new ZPK key using the ZMK
(exchanged separately) and should respond back to NPCI with 0810 message with
response code as “00” along with DE-70=184.
Note: In the event of slave (bank) not responding successfully for the key exchange request (DE-
70=184) Master (NPCI) will keep on processing the transactions with the old key. Also in this
case NPCI will keep on initiating (re-trying) the key exchange request (each time with a newly
generated key and check value) until it receives a successful response.
1. Key exchange request from the member bank: Member bank can initiate key exchange
request either on ad hoc basis or after a definite time interval. Once the request from the
member bank is accepted, NPCI will initiate new key exchange.
2. Pre-configured time interval: A new key can be generated after a specific time interval.
The time interval is 24 hours during non-peak hours. Only NPCI may initiate this key
exchange.
3. On detection of cryptographic error: A new key will be generated in case NPCI detects a
cryptographic error. Only NPCI may initiate this key exchange.
Note: Response code ‘81’ should be used for identifying a cryptographic error both by member banks
and NPCI.
NPCI shall maintain the timer at the issuer end such that the timer will start ticking after
the transaction is sent to issuer node. This timer shall be applicable to all the messages
sent to issuer.
Acquirer and NPCI are expected to generate reversal after the expiry of timeout as
mentioned in chapter 6 Member Responsibilities.
In case the reversal or advice is originated by acquirer and acknowledgement is not
received from the issuer within the timeout period, NPCI shall store the advice in SAF and
the SAF shall be cleared from the system as and when the other host is online and is ready
to accept SAF advises. In case of SAF timing out, it will be retried for 3 times before getting
purged and the affect taken into settlement.
NPCI can set parameter in such a way that issuer member bank node can be set to offline on the
basis of consecutive number of messages timed out.
When NPCI receives an authorization (DMS) or a financial transaction (SMS) from the
member bank as acquirer, and before routing the transaction to the issuer, LMM module
adds transaction amount to the cumulative amount of issuer and compare with upper
limit amount.
If the cumulative amount is greater than upper limit of member bank, LMM module will
decline the transaction with specific response code decide by NPCI.
If the cumulative amount is less than upper limit of member bank, LMM module will allow
the transaction for the member bank.
If the cumulative amount is equal to upper limit of member bank, LMM module will allow
the transaction for the member bank.
Product wise limit checking is carried out i.e. ATM, POS, AEPS, and IMPS separately.
Limits for ATM, POS, AEPS, and IMPS are maintained separately. International
transactions are included.
The limits for ATM, POS, AEPS, and IMPS are always reset at 23:00 hrs. The limit for POS
is always reset at 03:00 hrs.
Note:
Any error in matching field will result in message reject. As per the MTI further action will be
initiated as mentioned below:
For an advice messages (0x2x messages) NPCI will continue sending the repeat advice for
three times.
NPCI will not check duplicate transactions at its own end and will route the message.
This section defines identifies key data fields for message matching and various responsibilities
of the issuer.
Key data fields enable NPCI system to match a response to the message initiator’s request. They
also enable NPCI system to associate a subsequent request or advice (and its responses) with the
original request message.
0100/0200 0100/0200
1 2
NPCI
Acquirer Issuer
0110/0210 4 0110/0210 3
0110/0210
3
0110/0210
4
Message Validation
Failure 5 0420
Acquirer Issuer
0430 6
3. The issuer performs the validation set proper response code (DE39=00/approved) and
generates an authorization response/financial response and sends it to NPCI.
4. After receiving of authorization response/ financial response, NPCI will validate response
and if it fails then the transaction will be logged as compliance declined with response
code as ‘CI’ (Issuer compliance). If the issuer authorization was successful (response
code=00), then NPCI will initiate reversal and put it into SAF.
5. NPCI sends a response message to the acquirer indicating a request denial, if the issuer
transaction authorization response fails at NPCI due to message validation failure.
6. NPCI sends a reversal advice message to the issuer with response code `CI’.
7. And the issuer responds with a reversal advice response.
Note:-In this case acquirer will not generate a reversal to NPCI. NPCI will respond to acquirer with
response code 91 (In case of message validation failure in DE2, DE 11, DE 32, DE37, DE 41) .NPCI
will generate the reversal towards issuer with response code-CI only if the authorization is successful
and populate DE 44 with reject reason code of response message (In case Issuer not sending DE
38/DE 39 /Format error in DE 38 or DE 39/DE 39 not from the table as defined in DE 39 description
in chapter “Data Elements Description”). It must be noted by the issuer that it may get multiple
reversal for the transaction and it is issuer’s responsibility to verify the reversal before posting the
same into customer account.
0100/0200
2
Cannot be
forwarded Failure
0110/0210 3
Acquirer Issuer
Device
No Reversal
5
Generated
Note: NPCI will respond to Acquirer with response code 91. Acquirer will not generate reversal for
the same.
Time-Out 3
Failure
0110/0210 5
6
Acquirer Issuer
7 0420
SAF
0430 8
1. The acquirer initiates an authorization request/ financial request and sends this to NPCI.
2. NPCI forwards the authorization Request/ financial request message to the issuer.
3. The issuer cannot return the authorization response / financial response message to NPCI
due to a communication failure between the issuer and NPCI.
4. NPCI detects a timeout condition for the expected message i.e. authorization request
response / financial response.
5. NPCI generates an authorization response/ financial response message and sends it to
the acquirer indicating a request denial response code 91
6. NPCI creates a reversal advice message indicating that no authorization transaction
request response/ financial response message was received. This message is placed in the
SAF for later delivery to the issuer.
7. When connection is established NPCI sends a reversal advice message to the issuer.
8. The issuer responds with a reversal advice response message.
Note: NPCI will respond to acquirer with response code 91. Acquirer will not generate reversal for
the same. NPCI will send reversal to Issuer with response code 91. It must be noted by the issuer that
it may get multiple reversal for the transaction and it is Issuer’s responsibility to verify the reversal
before posting the same to customer account.
Time-Out
0110/0210 4
5
Acquirer Issuer
0420
6
0110/0210
SAF 7
0430 8
1. The acquirer initiates an authorization request/ financial request and forwards this to
NPCI.
2. NPCI forwards the authorization request/ financial request message to the issuer.
3. NPCI detects a timeout condition on the authorization response/ financial response
message that are expected from the issuer.
4. NPCI generates an authorization request response/ financial response message to the
acquirer, indicating a request denial response code 91.
5. NPCI also creates an acquirer reversal advice/ message with response code 91 indicating
that no authorization response/ financial response message was received. This message
is placed in the SAF file for later delivery to the issuer.
6. NPCI sends reversal advice message to the issuer.
7. NPCI receives a late response from the Issuer and NPCI will reject the same.
8. The issuer responds with a reversal advice response message.
Note: NPCI will respond to acquirer with response code 91. Acquirer will not generate reversal for
the same. NPCI will send reversal to Issuer with response code 91. It must be noted by the issuer that
it may get multiple reversal for the transaction and it is Issuer’s responsibility to verify the reversal
before posting the same to customer account.
0100/0200 0100/0200
1 2
NPCI
3
Time-Out
0110/0210 Stand
5
In
Acquirer Issuer
6 0110/0210
7
0120/0220
8
0130/0230 9
SAF
Note: NPCI will not generate a reversal where stand-in is applicable. NPCI will send successful
response code i.e. 00 to acquirer in a response message authorized in stand-in. For successfully
authorized transaction in stand-in, NPCI will send 0120/0220 with response code 00 and DE 60
populated with 1002 to issuer. For transaction not authorized in stand-in NPCI will send declined
response code to acquirer and no advice will be issued to issuer. At the cut-over NPCI will generate
SAF report (which will contain successful and failed transactions) and will be available to issuer.
0100/0200 0100/0200
1 2
NPCI
3
Time-Out
0110/0210 Stand
5
In
Acquirer Issuer
6
0120/0220
7
0130/0230 8
SAF
Note: NPCI will not generate reversal wherever stand-in is applicable. NPCI will send successful
response code i.e. 00 to acquirer in a response message authorized in stand-in. For successfully
authorized transaction in stand-in, NPCI will send 0120/0220 with response code 00 and DE 60
populated with 1002 to issuer. For transaction not authorized in stand-in NPCI will send declined
response code to acquirer and no advice will be issued to issuer. At the cut-over NPCI will generate
SAF report (which will contain successful and failed transactions) and will be available to issuer
0100/0200
1
NPCI
0110/0210 Stand
4
In
Acquirer Issuer
5
0120/0220
6
0130/0230 7
SAF
Note: NPCI will not generate reversal wherever stand-in is applicable. NPCI will send successful
response code i.e. 00 to acquirer in a response 0110 message authorized successfully in stand-in. For
successfully authorized transaction in stand-in, NPCI will send 0120/ 0220 with response code 00
and DE 60 populated with 1001 /1002 to issuer. For transaction not authorized in stand-in NPCI
will send declined response code to acquirer and no advice will be issued to issuer. At the cut-over
NPCI will generate SAF report (which will contain of successful and failed transaction) and will be
available to issuer. Irrespective of node offline or member bank signed off or late response from
issuer, if issuer member bank receives 0120/ 0220 message it should always check for duplicate
processing before posting the same to customer account.
6.1.4.1.4 Stand-In processing, for Small Ticket Volume (if opted by a bank)
The following figure illustrates the stand-in processing for an authorization request for which the
transaction amount is below the small ticket size irrespective of whether the issuer node is
signed-off or in processing:
0100/0200
1
NPCI
0110/0210 Stand
4
In
Acquirer Issuer
5
0120/0220
6
0130/0230 7
SAF
To support PIN based STIP, PIN offset value will be stored at NPCI end and will be
validated during all STIP authorization approval.
All Issuing members need to pass the value to NPCI as part of EOD activity.
A Web-UI should be given to members to upload the batch file and the same will be
processed as part of EOD activity at NPCI end. Thus PIN offset value update at NPCI end
will have time gap and will not be a real time online activity.
After update of the offset value, all subsequent STIP authorization should be verified with
stored offset value on card wise manner for approving or declining authorizations.
System log should be generated after update of values for identification of successful and
rejected cases.
NPCI system will store the card wise PIN offset and will support the following options:
1. Set PIN to store appropriate PIN offset values
2. Change PIN to update appropriate PIN offset values
Issuer Banks should be able to provide PIN offset as batch file upload mode as part of EOD
activity for all newly created/updated PINs so that the same can be stored in NPCI system
post generation of PIN.
1. In case where file validation is unsuccessful due to checks mentioned above then RGCS
Web-UI system should reject the entire file. The rejection log should be available with
information of ‘file name’ and ‘reason of rejection’.
2. In case of file rejections, previously updated VCLF parameters should prevail during STIP
approvals.
3. For VIP card activity, links will be given to RGCS (and not in IRGCS) for the members.
4. For VIP card holders, all the checks which are to be executed or by-passed; will be based
on card wise file updating only.
This section defines identifies key data fields for message matching and various responsibilities
of the acquirer.
Key data fields enable NPCI system to match a response to the message initiator’s request. They
also enable NPCI system to associate a subsequent request or advice (and its responses) with the
original request message.
Device
Host
<=3 Seconds
5 4
1. The acquirer system delivers an authorization transaction request to NPCI and acquirer
starts the timer for 20 sec.
2. NPCI delivers this transaction request to the issuer and NPCI starts the timer for 15 sec.
3. The issuer system does the validation and generates a response and sends this response
to NPCI in ≤ 15 seconds.
4. NPCI will send this response to the acquirer system.
5. The acquirer switch will deliver this transaction to the POS terminal in ≤ 3 seconds.
Note: The acquirer is expected to keep the time out of transactions as 20 sec, NPCI will keep the
issuer time out parameter as 15 sec and it is the responsibility of issuer to respond to all transaction
within 15 sec
0100/0200 0100/0200
1 2
NPCI
Acquirer Issuer
0110/0210 4 0110/0210 3
1. System failure during acquirer authorization request/ financial request where acquirer is
aware of the failure.
2. System failure during acquirer authorization request/ financial request where acquirer is
unaware of the failure.
3. Validation failure at NPCI for acquirer message.
4. Acquirer is unable to complete a transaction due to the terminal failure.
5. System failure during NPCI (Unaware) authorization response/ financial response.
6. System failure during NPCI (Aware) authorization response/ financial response.
1
NPCI
Failure
Acquirer Issuer
Device
Note: In this case acquirer does not need to generate a reversal to NPCI.
Acquirer Issuer
Time-Out
2 SAF
Device 3 0420
0430 4
Note: Acquirer will send the reversal to NPCI with response code 68. NPCI will check the reversal
advice from the acquirer for matching with the original transaction, and in case if the original
transaction is not present; NPCI will not forward the reversal advice request to the issuer.
1 0100/0200
Message
Validation
Failure
Acquirer Issuer
0110/0210
2
2. NPCI validates the message and detects error in the message. In this case NPCI will
respond with a response message to the acquirer with declined response code indicating
format error as `CA’ (Acquirer Compliance)and DE44 will contain the reject reason code
Note: The response code for this condition will be CA Acquirer will not generate reversal for this case.
In case NPCI is not able to make a response message because of the format error, in mandatory data
elements acquirer will generate a reversal with response code 68. This needs to be handled by
operations team.
0100/0200 NPCI
1 0100/0200
2
0110/0210 3
0110/0210
4 Issuer
Acquirer
SAF
5 Failure
Device 6 0420
7 0420
0430 8
0430 9
Note: The acquirer will generate reversal with response code 22 indicating a full reversal. The Issuer
will respond with response code 00 in the reversal advice response. It must be noted by the issuer
that it may get multiple reversal for the transaction and it is issuer’s responsibility to verify the
reversal before posting the same into customer account. As mentioned in above if the authorization
response/ financial response is successful (`00’) then only acquirer should initiate a reversal to NPCI.
0100/0200 NPCI
1 0100/0200
2
0110/0210 3
4 Issuer
Acquirer
Failure
Time-Out
Device 5 0420
6 0420
0430 7
0430 8
Note: It is the responsibility of acquirer to generate the reversal for all acquirer time-out cases. In
the event of acquirer not generating the reversal the transaction may be settled as per the response
code. The acquirer will generate the reversal with response code 68 indicating acquirer timeout. The
issuer will respond with response code 00 in the reversal advice response. It must be noted by the
issuer that it may get multiple reversal for the transaction and it is issuer’s responsibility to verify
the reversal before posting the same into customer account.
0100/0200 NPCI
1 0100/0200
2
0110/0210 3
0110/0210
4 Issuer
Acquirer
Failure
Time-Out
SAF
5
Device 6 0420
7 0420
0430 8
0430 9
Note: The acquirer will generate the reversal with response code 68 indicating acquirer-timeout.
The issuer will respond with response code 00 in the reversal advice response. It must be noted by
the issuer that it may get multiple reversal for the transaction and it is issuers’ responsibility to verify
the reversal before posting the same into customer account.
1 0120/
0220/ 0420
0120/
2 0220/ 0420
NPCI
0130/ 4
0230/ 0430
Issuer
0120/
0220/ 0420 0120/
2 0220/ 0420
3
SAF
0130/ 0230
0130/ 0430 4
Remove Advice
0230/ 0430
from 5
SAF
Note: Acquirer can generate reversal up to next 3 cutover cycles. If a reversal is generated after next
3 cutover cycles then NPCI will not send it to the issuer.
Abbreviation Meaning
M Mandatory
M+ Mandatory, Echoed from the request
C Conditional
C+ Conditional, Echoed from request
C* Conditional, value changed by NPCI
O Optional
O+ Optional, Echoed from request
-- Not required
Pass the data element (DE) and no change
A Alphabetical
B Binary data
N Numeric value
S Special character
X Character C / D to indicate credit / debit
Z Track data
An Alphanumeric
Ans Alphanumeric with special characters
Table 14 Symbols used in Message Format
For domestic transaction data element 4 will be in INR and it can be identified by DE 19 value 356
and DE 49 value 356.
For a Purchase transaction initiated from service based application using contactless chip cards,
DE_48 Tag 079 should have a valid Service Identifier ID. The issuer has to validate the service ID
against the service marked for the card number before authentication. Service based transactions
are only allowed for chip cards.
Note: For SMS transactions which require surcharge and tips adjustments members can use SMS Tip
and Surcharge presentment in the clearing cycle.
The above message format also stands applicable for ‘Card + OTP’ method of RuPay e-Commerce
Implementation using PaySecure where in customer PIN is not captured by PaySecure. For ‘Card
+ OTP’ method, registration at PaySecure is not performed. OTP is continued to be generated,
captured and validated by Issuer’s Authentication system (in case ECI is ‘31’).
E-commerce refund is carried out offline and not online. This essentially means that
refund transaction is to be processed only in clearing and settlement cycle.
While a customer is doing an E-Commerce purchase, a Transaction Id is generated from
the merchant portal which gets stored in field 48. This transaction Id is unique to the
customer for the purchase made at the particular merchant portal.
When a customer wants to do the Refund of the previous transaction, he needs to
request/select for refund.
Once a customer initiates a refund, the merchant portal will provide the following details
to the Acquirer payment GW
Transaction ID(mandatory)
Original Transaction Date Time (Same as DE12 at acquirer end)
Refund Amount
Based on the above parameter acquirer will retrieve the original transaction and shall
ensure that the refund amount is less than original purchase amount. After all these
checks acquirer will generate a refund message for clearing cycle as described in NPCI
Clearing and Settlement manual.
The issuer by seeing the presentment data will process the refund and credit the
customer’s account.
Note: NPCI will not support cash @ POS transactions with signature
For domestic transaction data element 4 will be in INR and it can be identified by DE 19 value 356
and DE 49 value 356.
Note: In case of absence of DE 54 in the response, NPCI will send CI to the acquirer and DE 44 will
get logged as I054.
Note: RuPay will respond to acquirer with response code CI indicating request declined. RuPay will
generate reversal for issuer with response code CI indicating data format error in the response. In
the reversal data element 44 will contain an appropriate reason code for declining the authorized
authorization. Acquirer need not generate reversal for the same.
Note: DE-48 will be present in Key Exchange message when DE-70 value will be ‘184’.
Refer Annexure 1 for transaction flow and detailed explanation of Card to Card Transfer.
Note: For detailed explanation, it is requested to refer a separate specific document for card to card
fund transfer – “RuPay Interface Specification VAS Addendum Version 1.1.pdf”
Value in DE-39 shall show the reason of decline for the particular transaction.
The same message format with a specific action and file update codes will be applicable for File
Enquiry message.
This transaction is only allowed from service based terminals. The transaction has to be chip
based. This transaction should have DE-48 tag 079, also DE-55 should have DF15 as a mandatory
tag.
This transaction is only allowed from service based terminals. The transaction has to be chip
based. This transaction should have DE-48 tag 079, also DE-55 should have DF15 as a mandatory
tag.
This transaction type is only allowed for Biometric Based Authentication. In case of a successful
response, issuer should Populate DE-48 Tag 066 with Aadhar Number linked to that Card.
Note: In case of onus quick EMV scenario, the transaction type in DE-3 Processing Code ‘81xxxx’
will indicate issuer’s request for ARQC validation and ARPC generation. NPCI will respond back
with ARQC validation result in DE-48 Tag060 and ARPC in DE-55 Tag091. ARPC will be generated
basis the response code received in DE-48 Tag 081.
1. Issuer switch may choose to perform ARQC validation first and then proceed with
the authorization processing. In that case, issuer switch can send request with DE-
48 Tag 081 as 00.
1. If the authorization processing is successful (response code 00), issuer
switch can complete the transaction with terminal with ARPC received in
the earlier request.
2. If the authorization processing fails, issuer switch has to send another
request with DE-48 Tag 081 with respective response code (that will be
sent to terminal in DE-55 Tag 91). Issuer switch will have to complete the
transaction with terminal with ARPC received in this request.
Issuer switch may choose to perform authorization processing first. In that case, after
authorization processing, issuer switch can send request with DE-48 Tag 081 with respective
response code (that will be sent to terminal in DE-55 Tag 91). Issuer switch will have to complete
the transaction with terminal with ARPC received in this request.
Note: In case of onus Token Validation scenario, the transaction type in DE-3 Processing Code
‘81xxxx. NPCI switch will validate the Token details and send the response to issuer in DE-105.
Note: For SMS transactions which require surcharge and tips adjustments members can use SMS Tip
and Surcharge presentment in the clearing cycle. Refer RGCS document.
Acquirer must populate conversion rate in DE-48 Tag080 in case of transactions originating at
Dollar Terminals.
For a Purchase transaction initiated from service based application using contactless chip cards,
DE_48 Tag 079 should have a valid Service Identifier ID. The Acquire has to validate the service
ID against the merchant before sending the authentication to NPCI. Service based transactions
are only allowed for chip cards.
E-commerce refund is carried out offline and not online. This essentially means that
refund transaction is to be processed only in clearing and settlement cycle.
While a customer is doing an E-Commerce purchase, a Transaction Id is generated from
the merchant portal which gets stored in field 48. This transaction Id is unique to the
customer for the purchase made at the particular merchant portal.
When a customer wants to do the Refund of the previous transaction, he needs to
request/select for refund.
Once a customer initiates a refund, the merchant portal will provide the following details
to the Acquirer payment Gateway
Transaction ID (mandatory)
Original Transaction Date Time (Same as DE12 at acquirer end)
Refund Amount
Based on the above parameter acquirer will retrieve the original transaction and shall
ensure that the refund amount is less than original purchase amount. After all these
checks acquirer will generate a refund message for clearing cycle as described in NPCI
Clearing and Settlement manual.
The issuer by seeing the presentment data will process the refund and credit the
customer’s account.
Note: NPCI will not support cash @ POS transactions with signature
Acquirer must populate conversion rate in DE-48 Tag080 in case of transactions originating at
Dollar Terminals.
Note: In case of absence of DE 54 in the response, NPCI will send CI to the acquirer and DE 44 will
get logged as I054.
7.3.1.10 Reversal
This message format reverses the action of a previous authorization. It notifies NPCI Host and the
issuer of an error condition regarding an earlier financial transaction. The table below describes
the reversal message.
Note: NPCI will respond to acquirer with response code CA indicating message format errors. Data
element 44 will contain the appropriate reason code for declining the transaction. Acquirer need not
generate reversal for the same. It may also happen that NPCI is not able to prepare the response due
to error in mandatory data element. In this case multiple reversal from acquirer is expected, which
has to be handled by the operations team.
Note: DE-48 will be present in Key Exchange message when DE-70 value will be ‘184’.
Refer Annexure 1 for transaction flow and detailed explanation of Card to Card Transfer
Note: For detailed explanation, it is requested to refer a separate specific document for card to card
fund transfer – “RuPay Interface Specification VAS Addendum Version 1.1.pdf”
This transaction is only allowed from service based terminals. The transaction has to be chip
based. This transaction should have DE-48, tag 079 and tag 082, also DE-55 should have DF15 as
a mandatory tag.
This transaction is only allowed from service based terminals. The transaction has to be chip
based. This transaction should have DE-48 tag 079, also DE-55 should have DF15 as a mandatory
tag.
Abbreviation Meaning
A Alphabetical
B Binary data
N Numeric value
S Special character
X Character C / D to indicate credit / debit
Z Track data
An Alphanumeric
Ans Alpha numeric with special characters
Field Type Meaning
Fixed No field length used
LLVAR or (...xx) Where LL<100, means 2 leading digits LL specify the length of field
VAR
LLLVAR or (…xxx) Where LLL<1000, means 3 leading digits LLL specify the length of
field VAR
Table 63 Abbreviation used in Data Element Description
Notation Description
MM month (two digits, 01–12)
DD day (two digits, 01–31)
YY year (last two digits of calendar year, 00–99)
HH hour (two digits, 00–23)
MM minute (two digits, 00–59)
SS second (two digits, 00–59)
Table 64 Date and Time Attribute
Field Edits This remains same for a particular transaction and cannot be
changed.
Constraints When present, it should be echoed in response and all
Subsequent messages.
Validation It should be a 12-19 digit PAN number and should not be less
than 12 and not more than 19.
Compliance Card number in request and response should always be same.
In reversal, the Card number should be the same as original
request message.
Conditional-None
Optional-None
20 Credit/Refund
21 Deposit
22 Credit Adjustment
26 Original Credit Transaction (OCT)
27 Loyalty Redemption
28 Money Load Transaction (qSPARC)
31 Balance Enquiry
36 Loyalty Inquiry
37 Aadhar Inquiry
40 Fund Transfer
81 ARQC Validation and ARPC Generation –
Onus Scenario
83 Service Creation (qSPARC)
90 Extended Transaction Type (used for
Mini Statement and Pin Change, Card to
Card Funds transfer)
Digit 3 and 4 From Account Type
00 Unspecified/Unknown
10 Savings
20 Checking
30 Credit card
Digit 5 and 6 To Account Type
00 Unspecified/Unknown
10 Savings
20 Checking
30 Credit Card
This remains same for a particular transaction and cannot be
Field Edits
changed.
When present, it should be echoed in response and all
Constraint
Subsequent messages.
Validation Processing code should be from the list above.
Transaction code in request and response should be same. In
reversal it should be the same as original request.
Compliance
For Mini Statement and Pin Change DE 3 should contain
900000
Presence Mandatory-This field is mandatory across all the messages
except Network management and file update message.
Conditional-None
Optional-None
Optional-None
Optional-None
Optional-None
Conditional-None
Optional-None
Optional-None
Optional-None
Conditional-.None
Optional-None
Conditional-None
Optional-None
Conditional-None
Optional-None
Optional- None
Optional-None
Optional-None
Conditional-None
Optional-None
Conditional-None
Optional-None
Conditional-None
Optional-None
Optional-None
Value Meaning
00 Normal
01 Customer Not present
02 Unattended Terminal
03 Merchant suspicious
05 Customer present, card not present
Conditional-None
Optional-None
Optional-None
Conditional-None
Optional-None
Note: For Sponsor bank model, during settlement this field should come under the sponsor bank.
Optional-None
Optional-None
Conditional-None
Optional-None
Optional-None
Conditional-None
Optional-None
Action Meaning
A Approved
D Decline
C Capture
Code Description
CI Compliance error code for issuer
CA Compliance error code for acquirer
Code Description
M6 Compliance error code for LMM
ED E-commerce decline
Table 67 Compliance Reject Response Code
When NPCI receives 0100/0200 request from Acquirer member bank and at the time of data
validation if NPCI detects an error, then NPCI would decline the transaction and respond back to
acquirer with response code ‘CA’ in 0110 / 0210 response message and DE-44 specifying data
element in error.. For this response code member acquirer bank should not send a reversal.
When NPCI receives 0110 / 0210 response from Issuer member bank and at the time of data
validation in response if NPCI detects an error, then NPCI would decline the transaction and
respond back to acquirer with response code ‘CI’ in 0110 / 0210 response message. At same time
NPCI would generate a reversal to member issuer bank with response code ‘CI’ with DE-44
specifying data element in error.
If NPCI receives 0420 reversal from Acquirer member bank and at the time of data validation if
NPCI detects error, then NPCI would respond with 0430 back to acquirer with response code ‘00’
and DE-44 specifying the data element in error only for presence of DE 14/35/45/52/63 and
absence of DE 39. For this response code member acquirer bank should not raise repeat reversal.
Acquirer has to rectify their message and settle those specific transaction offline.
When NPCI sends 0100 / 0200 request to Issuer member bank and do not receive response
within the stipulated time, NPCI response back to acquirer with response code ‘91’and sends
reversal to issuing member bank with response code ‘91’ indicating a full reversal.
If Issuer member bank is in offline/signed off and NPCI receives 0100 / 0200 request from the
acquirer and if issuer member bank is not a part of STIP, then NPCI will response back with ‘91’
response code to Acquirer member bank. Acquirer need not generate reversal for this
transaction.
Acquirer Time-out
When an acquirer sends a 0100/ 0200 message to NPCI but do not receive the response within
the stipulated time, then acquirer sends a reversal 0420 message with response code ‘68’.
Terminal Failure
When an acquirer has received an approved response 0110/ 0210 with a valid DE-38 but fails to
send the response to the terminal, then acquirer sends a reversal 0420 message with response
code ‘22’. For ATM transactions response code may be ’21.
Customer Cancellation
When an acquirer sends a 0100 and has received an approved response 0110 with a valid DE-38
but customer cancels the transaction by sending a void transaction at POS terminal, then acquirer
sends this void as reversal with response code ‘17’ to NPCI.
Scenario 2:
Scenario 3:
Scenario 4:
Scenario 2:
Scenario3:
Scenario 4:
Issuer can use the ECI (DE-48 Tag056) with value ‘31’ or ‘32’ to identify the ‘Card + OTP’ method.
The ‘Card Authentication Method’ i.e. DE-61 SF-8 for ‘Card + OTP’ method will be ‘G’.
OTP is continued to be generated, captured and validated by Issuer’s Authentication system (in
case ECI is ‘31’).
‘08’ when CVD2 is absent in request along with ‘Cardholder Authentication method’
Issuer may also receive e-Commerce Indicator Tag056 in DE-48 as ‘06’ in case the same is
received by NPCI in request from acquirer (international).
Issuer can identify an e-commerce transaction from value ‘810’ in ‘PoS Entry Mode’ DE-22 and
value ’59’ in ‘PoS Condition Code’ DE-25.
Issuer from values in data fields, like DE-6 ‘Card Holder Billing Amount’, DE-51 ‘Card Holder
Billing Currency’, DE-19 ‘Acquiring Country Code’, Merchant Country Code in DE-43, can identify
the transaction as International.
In case of OCT transaction, the merchant acquirer bank will reject the transaction with response
code 03 in case of incorrect merchant PAN or merchant (merchant account) status. Merchant
acquirer bank shall not populate response code 71 (deemed acceptance) in any case. In case the
originator is receiving response code 71 from NPCI, originator bank shall not reverse the debit to
the consumer. In case the originator bank times out with NPCI, originator should mark the
transaction with response code 71. Originator has to reconcile the OCT messages having response
code 71 with the raw data file / settlement report received from NPCI.
In case of transaction initiated with biometric Data and if response code is sent as WZ. To
acquirer then DE-44 will have the exact reason code by which the same was rejected from UIDAI.
Optional-None
Conditional-None
Optional-None
Conditional-None
Optional-None
Conditional-None
Optional-None
Optional-None
UIDAI Response
Description
Code
Optional-None
N- Not matched
054 C a1 CVD/iCVD Match result M – Match
code
N – Not matched.
055 C N2 CAVV Match Result Code 01=CAVV passed verification-
authentication
02=CAVV failed verification -
authentication
03=CAVV passed validation—
attempt
04=CAVV failed validation—
attempt
05=CAVV not validated, issuer
not participating in CAVV
validation
06=CAVV Unable to perform
authentication
056 C n2 ECI indicators 05—Secure Ecommerce with 3D
Secure
06—Not authenticated.
Merchant attempted to
authenticate using 3D secure
07—Non-secure transactions
with data encrypted.
15-Secure E-Commerce
transaction registration with
OTP
16-Secure E-commerce
transaction registration with
Internet banking
17-Secure E- commerce
transaction registration with
other method
21 – Secure E- commerce
transaction with valid Image
select or valid OTP
50 – Quick Checkout,
Authenticated by Issuer IAS
(Card + OTP)
51 – Quick Checkout
Authenticated by Issuer (Card +
Online Pin)
52 – Quick Checkout
Authenticated by NPCI
(Username + Password)
09 - Authentication failed
058 C an5 Fraud Score To be populated by NPCI
NPCI will send 00999 to the
issuer. 00999 indicate that
online fraud checking is not
performed by NPCI
059 C n26 EMI AMOUNT 1- 12 EMI Amount.
25-26 No of Instalments
(EMI amount)* number of
instalments + margin amount
should be equal to the
transaction amount(DE 4)
060 C n1 Transaction 1- If it is authorized
Authorization Indicator SUCCESSFULLY in STIP. Only
available in STIP for EMV FULL
Populated by NPCI
CHIP Issuers in STIP mode.
during request for chip
transactions in case
2-- If it is authorized in STIP.
issuer has availed for on-
behalf or EMV STIP Only available for MAGNETIC/
Fall-back STIP.
services with RuPay.
Also used to indicate
Magnetic Card STIP 3-- If it is authorized successfully
transactions and UIDAI / in STIP. Only available in STIP
Aadhaar authenticated for Quick EMV Issuance.
transactions.
4—Decline in STIP
Network reference
number
Should be present for all 'Card Not Present' scenarios and value should
be 'N' in response, in case of a failed CVD2 verification by Issuer
Should be present for all 'Card Present' scenarios and value should be
'N' in response, in case of a failed CVD/iCVD verification by Issuer
The product code Tag051 value should be ‘POS01’ for the following transactions:
1. POS transactions (including transactions originating both at PoS and mPoS terminals)
2. All e-Commerce variants (including International non-secure transactions)IVR
transactions (using PaySecure)
RuPay provides Tag078 (Encryption Technique Indicator) as an option for its acquirers to
populate and indicate the support of following encryption and security techniques
1. TLE (Terminal Line Encryption)
2. UKPT (Unique Key per Terminal)
3. DUKPT (Derived Unique Key per Transaction)
Tag078 uses a byte map whose first three bits denote the encryption indicators as mentioned
below:
Bit Indicator
Bit 1 TLE
Bit 2 UKPT
Bit 3 DUKPT
Table 77: Bit representation for Encryption Indicator
Value ‘1’ for a bit would imply ‘Compliant’ whereas ‘0’ would imply ‘Non-compliant’
Value Meaning
1 Compliant
0 Non-compliant
Table 78: Meaning of Bit Value in Byte map
Below are the two possible scenarios depicting values of Encryption Technique Indicator that will
be forwarded by the acquirer and will be forwarded by NPCI to issuer? The following scenarios
will comply with the condition – TLE and (DUKPT or UKPT) compliant.
Byte
B8 B7 B6 B5 B4 B3 B2 B1 Meaning
0 0 0 0 0 - - - RFU
- - - - - 0 - - DUKPT
- - - - - - 1 - UKPT
- - - - - - - 1 TLE
Table 79: Scenario - TLE and UKPT compliant
Value of Tag078:
Tag Value TLV in DE-48
078 03 07800203
Table 80: ETI value - TLE and UKPT compliant
Inference: Acquirer has indicated that it is certified and compliant for TLE and
UKPT indicators.
Byte
B8 B7 B6 B5 B4 B3 B2 B1 Meaning
0 0 0 0 0 - - - RFU
- - - - - 1 - - DUKPT
- - - - - - 0 - UKPT
- - - - - - - 1 TLE
Table 81: Scenario - TLE and DUKPT compliant
Value of Tag078:
Tag Value TLV in DE-48
078 05 07800205
Table 82: ETI value - TLE and DUKPT compliant
Inference: Acquirer has indicated that it is certified and compliant for TLE and DUKPT
indicators
Note: NPCI will not validate the value of ETI indicator sent by the acquirer and will forward the
value in DE-48 Tag078 to issuer in ISO request message 0100/ 0200
Note: NPCI will not populate and send any default value of ETI indicator to issuer in case NPCI has
not received it from its acquirer in DE-48 in0100/ 0200 message
Note: Presence of ETI indicator is applicable for domestic transactions. Both acquirer and issuer
need to get certified for the presence of this field in 0100/ 0200 messages For international
transactions(acquired at RuPay affiliate’s territory), NPCI will not populate this field in request
0100/ 0200 to RuPay Issuers.
Note: It is entirely issuer’s responsibility to validate the ETI value in DE-48 Tag078. Issuer can use
the response code ‘93’ in case it decides to decline a transaction based on ETI validation.
e.g. - 0387783FEC8903C445237078FAE0AD4B166731EF7
04-52 an 48 Key
53-58 an 6 Check value
Table 84 Triple Length
Note: Currently only Double Length ZPKs are exchanged with member banks.
Conditional-None
Optional-None
Optional-None
Optional-None
Optional-None
Tag h
0130 / 0230
0110 / 0210
0120 / 0220
0420
0430
0100 / 0200
Tag h
0130 / 0230
0110 / 0210
0120 / 0220
0420
0430
(ARQC/TC/AAC)
calculation.
3 9F26 Application 8 b M - M - M - Cryptogram returned by the
Cryptogram ICC in response of the
GENERATE AC command
0100 / 0200
Tag h
0130 / 0230
0110 / 0210
0120 / 0220
0420
0430
16 72 Issuer Script Var. b - C - - - - Contains proprietary issuer
Template 2 up data for transmission to the
to ICC after completion of the
127 second GENERATE AC
command. Present if sent by
Issuer
17 9F09 Terminal 2 b O - O - O - Version number assigned
Application for the application
Version
Number
18 9F33 Terminal 3 b M - M - M - Indicates the capabilities of
Capabilities the terminal, like card data
input method, CVMs,
security functions etc.
19 9F1A Terminal 2 n3 M - M - M - Indicates the country of the
Country Code terminal, represented
according to ISO 3166
20 9F35 Terminal 1 n2 O - O - O - Indicates the environment
Type of the terminal, its
communications capability,
and its operational control
21 95 Terminal 5 b M - M - M - Status of the different
Verification functions as seen from the
Results (TVR) terminal
0100 / 0200
Tag h
0130 / 0230
0110 / 0210
0120 / 0220
0420
0430
28 DF15 Service 2 B C - C - C - Terminal uses this data
Management element in service based
info. transaction in order to
advice the card on the
request for service i.e.
update service data, create a
new service area etc.
Optional-None
1 Address/merchant telephone/mobile
number
ans 20(recommended right padded
with spaces)
Field Edits/ Compliance This field remains the same for a particular transaction.
Constraints This is not to be echoed back in response.
Validations This field should be of the format as described in the above
description
Compliance This is mandatory field and acquirer has to populate values in
this field as per the values mentioned above.
Presence Mandatory-Should be present for all messages
Conditional-None
Optional-None
** Note:
SF-2 value ‘1’ is also present (applicable) for Non-secure PaySecure e-commerce transaction.
Acquirer must populate conversion rate in DE-48 Tag080 in case of transactions originating at
Dollar Terminals.
Conditional- None
Optional-None
Conditional-None
Optional-None
Please note that currently double length key shall be applicable for static and dynamic key
exchange of ZPKs.
Position Description
1-4 Original message type
5-10 Original STAN number
11-20 Original Transmission date and time
21-31 Original acquirer ID
32-42 Original forwarding institution id
Field Edits This remains same for a particular transaction.
For reversal this field is required.
Constraints If present this is to be echoed in response as well.
Validation Original data elements should be of this format as described in
the description.
If DE 90 is absent in request /not matching with the original
transaction then the transaction will not be sent to the issuer
Compliance Values in this field should match with the original transaction
and use for matching purpose.
Presence Mandatory-Present in reversal messages
Conditional-None
Optional-None
Value Description
1 Add a new record if one does not exist
2 Change an existing record
3 Delete an existing record
4 Replace, Add is record does not exist
and replace in case record exists
5 Inquiry Message
Field Edits This remains same for a particular transaction.
For a file update message this field is required
Constraints If present this is to be echoed in response as well.
Validation Original data elements should be of this format as described in
the description
Compliance For file update message this field should be present.
Presence Mandatory-For a file update message this should be present
Conditional-None
Optional-None
Position Description
1-12 Actual amount, transaction
13-24 Actual amount, settlement
25 Actual transaction fee sign
26-33 Actual transaction fee
34 Actual settlement fee sign
35-42 Actual settlement fee
Optional-None
Conditional-None
Conditional-None
Conditional-None
MasterCard. Any
increment to the version
number would be jointly
agreed between the
participants. The first
version should be
numbered “01”.
014 M N2 Point of initiation In this two digit field, first
method character indicates the
method by which the data
is presented by the
merchant. The second
character indicates if the
data is static or dynamic.
1st character :
1 = QR
2 = BLE
3 = NFC
4-9:Reserved for future
use
2nd character :
1=static,
2=dynamic
3-9:Reserved for future
use
015 C N2 Tip or Convenience 01 : Indicates Consumer
fee indicator should be prompted to
enter tip
02 : Indicates that
merchant would
mandatorily charge a flat
convenience fee
03 : Indicates that merchant
would charge a percentage
convenience fee
016 C N12 Tip or Convenience Tip OR Convenience fee
fee – amount amount
017 C ANS5 Convenience fee The Convenience Fee
percentage Percentage is specified as
whole integers between
000 (for 0%) to 100 (100%).
E.g. “11.95”
Note: 0 or 100 is not a valid
value.
018 C ANS100 NPCI reserved field 1
019 C ANS100 NPCI reserved field 2
020 C ANS100 NPCI reserved field 3
Example:
In Case of PID in Protobuff format having data is of 3760 bytes, below defined is the
sample structure for this field.
IRIS
DE#111- IRS3760<Encrypted biometric data of total length 992>
DE#112 till DE#119- <Encrypted biometric data of total length 999>
Note: 999 is the maximum data length which can be passed.
FP
DE#111- FPD1760<Encrypted biometric data of total length 992>
DE#112 till DE#119- <Encrypted biometric data of total length 999>
Note: 999 is the maximum data length which can be passed.
Note: FP authentication packet will max fit in to 3 data elements, FIG has to populate
the data accordingly in above format.
Conditional- None
0200 Request will contain the following details for Fund Transfer transaction.
0210 Response will contain the following details for Fund Transfer transaction.
For Transfer Debit Transaction from NPCI to issuer and issuer to NPCI
0200 Request will contain the following details for Fund Debit transaction.
0210 response will contain the following details for Fund Debit transaction:
For Transfer Credit Transaction from NPCI to beneficiary and from beneficiary to NPCI
0200 Request will contain the following details for Fund Credit transaction.
0210 response will contain the following details for Fund Credit transaction:
0200 will contain the following details for Cheque Book Request Transaction
0210 will contain the following details for Cheque Book Request Transaction
0200 will contain the following details for Statement Request Transaction
0210 will contain the following details for Statement Request Transaction
0200 will contain the following details for Mobile Number Update Transaction
0210 will contain the following details for Mobile Number Update Transaction
Conditional-None
Note: De-hot listing functionality will be available for all the action codes
Note: NPCI will respond back with the action code in DE-124 associated with the existing (current)
status of the card in NPCI switch in case a file update is declined for an inquiry request or for a
request for adding a card
In Case of Authorization with biometric data below is the data element definition for this field
014 48 Variable Varchar mi(Registered device model ID) Returned by RD Service when
using biometric authentication
Tag 001
1 2 3 4 5 6 7
Pi Pa Pfa Bio Bt Pin Otp
y' or 'n' y' or 'n' y' or 'n' y' or 'n' FMR or FIR y' or 'n' y' or 'n'
or IIR
003 As per the Fixed An Hmac(for description on Hmac SHA -256 Hash
process please refer to of PID XML and
http://uidai.gov.in/images/ then encrypted
FrontPageUpdates/aadhaar_
authentication_api_1_5_rev1_
1.pdf)
Example:
Let’s assume that skey length is 256 bytes, ci length is 8 bytes, Hmac is 48 bytes, ac is 10 bytes,
sa is 10 bytes and lk is 64 bytes. The structure of DE127 is shown below:
432001256<skey>002008<ci>003048<Hmac>004010<ac>005010<sa>006064<lk>
Parsing of field is done as follows:
432 is the total length of the string for DE 127.
Tag 001 represents skey which is of length 256 char.
Tag 002 represents ci which is of length 8 char.
Tag 003 represents Hmac which is of length 48 char
Tag 004 represents ac which is of length 10 char
Tag 005 represents sa which is of length 10 char
Tag 006 represents lk which is of length 64 char
Usage:
The generic description of DE127 is as follows:
Chapter 9 Compliance
9.1 Member Compliance Acquirer
The following section describes various compliances for acquirers.
Purchase Message
E-Commerce Purchase
Balance Inquiry
For balance inquiry transaction the transaction amount (DE-4) must contain value 0.
For all CNP transactions, DE 14 should be mandatory.
For all chip based transactions DE 55(all mandatory tags) and DE 23 should be
mandatory.
Biometric data must be encrypted and put in DE 63 by the encryption standards specified
by UIDAI for UID transaction.
For all Card present transactions, track 2 data or track 1 data must be present.
For an UID based transaction Track 1 data should be present.
For ATM Cash Withdrawal transaction the transaction amount (DE-4) should NOT contain
value all zeros.
For all chip based transactions DE 55(all mandatory tags) and DE 23 should be
mandatory.
For all Card present transactions, track 2 data or track 1 data must be present.
For a balance enquiry loyalty, (DE 48 tag-063) should be mandatory as field will be
populated with loyalty points. Acquirer has to generate appropriate slip showing loyalty
points.
.For all CNP transactions, DE 14 should be mandatory.
For all chip based transactions DE 55(all mandatory tags) and DE 23 should be
mandatory.
For an UID based transaction Track 1 data should be present.
It is only used for domestic transactions.
EMI Purchase
For EMI transaction acquirer needs to populate custom data in DE 48 (tag – 059) like,
margin amount, number of instalment and EMI amount.
It is only used for domestic transactions.
For an UID based transaction Track 1 data should be present.
For all CNP transactions, DE 14 should be mandatory.
For all chip based transactions DE 55(all mandatory tags) and DE 23 should be
mandatory.
For all Card present transactions, track 2 data or track 1 data must be present.
Biometric data must be encrypted and put in DE 63 by the encryption standards specified
by UIDAI for UID transaction.
Loyalty Redemption
For loyalty transaction acquirer must ensure to populate loyalty points for debit (DE 48
tag - 062).
It is only used for domestic transactions.
For an UID based transaction Track 1 data should be present.
For all Card present transactions, track 2 data or track 1 data must be present.
For all CNP transactions, DE 14 and DE 48(tag 052) should be mandatory.
For all chip based transactions DE 55(all mandatory tags) and DE 23 should be
mandatory.
Biometric data must be encrypted and put in DE 63 by the encryption standards specified
by UIDAI for UID transaction.
Reversal
For a reversal transaction acquirer should not populate DE 14, DE 35, DE 52, DE 45, DE
61, and DE 63.
A reversal transaction should always be send as an advice.
A reversal must be generated within next 3 cutover from the date of transaction with the
original transaction detail like RRN, date, time, amount, PAN, currency code.
Acquirer should send STAN & RRN of original transaction in reversal messages.
For partial reversal Replacement Amount DE-95 should be less than DE-4 transaction
amount.
Authorization Advice
Authorization advices should not carry DE 35, DE 52, DE 14, DE 63, and DE 45.OCT Message
Purchase Transaction
Issuer need to populate approval code DE 38 for all approved transaction (DE 39 = 00);
failing which NPCI may reject the transaction.
For cashback transaction or a purchase with cashback transaction the cash amount is to
be populated in DE 54.
For all purchase transactions, DE 14, DE 18, DE 22, DE 23, DE 25, DE 35, DE 45, DE 52, DE
61, DE 63 should not be sent in the response.
For a CNP transaction DE 48 tag 053 should be present.
E-Commerce Purchase
For all E-commerce transactions, DE 14, DE 18, DE 22, DE 23, DE 25, DE 35, DE 45, DE 52,
DE 61, DE 63 should not be sent in the response.
Balance Inquiry
If a transaction is a loyalty balance enquiry then DE 48 tag – 063 will be populated with
loyalty points.
For all balance enquiry transactions, DE 14, DE 18, DE 22, DE 23, DE 25DE 35, DE 45, DE
52,DE 61, DE 63 should not be sent in the response.
EMI Purchase
For all EMI purchase transactions, the issuer need to process taking into consideration
various tags in DE48 tag 059 like EMI amount, number of instalments etc.
For all CNP transactions, DE 14 should be mandatory.
Loyalty Redemption
If a transaction has loyalty indicator set then the issuer is expected to debit the customer
for transaction amount and then credit the customer with the amount equivalent to
loyalty point’s redeemed DE 48 tag 062.
Reversal
For all reversal transactions, DE 14, DE 18, DE 22, DE 23, DE 25, should not be sent in the
response.
Issuer should always send a reversal advice response.
Authorization Advice
Issuer need to check all the advice (authorization and reversal) before posting the same
to customer account to avoid duplicate posting.
For all authorization advice transactions, DE 14, DE 18, DE 22, DE 23, DE 25, should not
be sent in the response.
In case of an authorization advice message sent by RuPay to a FULL CHIP issuer (for
RuPay Chip transaction/s authorized by RuPay in STIP mode) the issuer, while building
the response, should check the CHIP Transaction Authorization Indicator (DE 48 tag 060).
The value of this indicator must be equal to 1 for an approved transaction.
OCT Message
Once the cardholder enters proceed, a new fund transfer message will be initiated from
the ATM.
The Acquirer switch will forward the fund transfer to NPCI irrespective of initiator or
remitter card is onus or off us.
Depending on the cardholder bin NPCI will initiate a debit leg to the issuer bank.
Issuer bank will debit the cardholder account for the transfer amount and respond to
NPCI with the successful response.
On receiving a successful response from issuer NPCI will initiate a credit leg to the
beneficiary bank.
Beneficiary bank will credit the beneficiary account with the transfer amount and
respond to NPCI with successful response.
On receiving successful response from the beneficiary NPCI will respond to the acquirer
switch with successful response.
Cardholder will be provided with the appropriate receipt at the ATM saying that the und
transfer transaction went successful.
Step Description
1 Consumer initiates the merchant payment transaction using QR code from the
Mobile device. Mobile device sends the request to the originator system.
2 Originator MBS/switch system sends the debit request to Remitter Bank (either
directly with remitter system OR via NPCI Paysecure as Ecom purchase [with card +
OTP] for auth processing via RuPay Switch).
3 Remitter Bank debits the consumer account and passes the confirmation to the
originator system.
4 On successful debit processing, the originating processing system initiates the SMS
OCT (0200) message to the RuPay Switch.
5 Based on the BIN that Merchant PAN belongs to, RuPay routes the SMS OCT (0200)
to the merchant acquirer’s switch.
5 a/b The Acquirer’s switch receives OCT request and processes it. The acquirer system
approves the transaction successfully and notifies the merchant.
6 The Acquirer’s switch responds with a 0210 approval and sends it to RuPay.
7 RuPay routes the response to the originator system using 0210 message.
8 Originating system notifies the Consumer over the mobile device indicating
successful transaction.
Exception Handling
Transaction Flow for Decline
Step Description
1 Consumer initiates the merchant payment transaction using QR code from the
Mobile device. Mobile device sends the request to the originator system.
2 Originator MBS/switch system sends the debit request to Remitter Bank (either
directly with remitter system OR via NPCI Paysecure as Ecom purchase [with card
+ OTP] for auth processing via RuPay Switch).
3 Remitter Bank debits the consumer account and passes the confirmation to the
originator system.
4 On successful debit processing, the originating processing system initiates the SMS
OCT (0200) message to the RuPay Switch.
5 Based on the BIN that Merchant PAN belongs to, RuPay routes the SMS OCT (0200)
to the merchant acquirer’s switch.
5 a/b The Acquirer’s switch receives OCT messages and processes it. The acquirer
system declines the transaction. Acquirer may notify the merchant.
6 The Acquirer’s switch responds with a 0210 decline and sends it to RuPay.
7 RuPay routes the response to the originator system using 0210 message.
Originator system should reverse the customer for any decline response code
except 71 (deemed acceptance).
8 Originator sends the reversal request for the debit to the Remitter Bank.
9 Remitter Bank will process the reversal transaction, will credit the customer
account and send the response to the originator.
10 Originating system notifies the Consumer over the mobile device indicating the
transaction is declined.
Step Description
1 Consumer initiates the merchant payment transaction using QR code from the
Mobile device. Mobile device sends the request to the originator system.
2 Originator MBS/switch system sends the debit request to Remitter Bank (either
directly with remitter system OR via NPCI Paysecure as Ecom purchase [with card +
OTP] for auth processing via RuPay Switch).
3 Remitter Bank debits the consumer account and passes the confirmation to the
originator system.
4 On successful debit processing, the originating processing system initiates the SMS
OCT (0200) message to the RuPay Switch.
5 Based on the BIN that Merchant PAN belongs to, RuPay routes the SMS OCT (0200)
to the merchant acquirer’s switch.
5 a/b The Acquirer’s switch receives OCT messages and processes it. The acquirer system
approves the transaction successfully and notifies the merchant.
6 The Acquirer’s switch responds with a 0210 to RuPay. But the transactions times
out at RuPay Switch because of Network Disconnect / Latency.
7 RuPay routes the response to the originator system using 0210 message with
deemed acceptance response code (71). Originator system should not reverse to the
remitter. Originator has to reconcile these transactions basis the raw data file /
settlement reports from RuPay.
8 Originating system notifies the Consumer over the mobile device indicating deemed
acceptance.
Step Description
1 Consumer initiates the merchant payment transaction using QR code from the
Mobile device. Mobile device sends the request to the originator system.
2 Originator MBS/switch system sends the debit request to Remitter Bank (either
directly with remitter system OR via NPCI Paysecure as Ecom purchase [with card +
OTP] for auth processing via RuPay Switch).
3 Remitter Bank debits the consumer account and passes the confirmation to the
originator system.
4 On successful debit processing, the originating processing system initiates the SMS
OCT (0200) message to the RuPay Switch.
5 Based on the BIN that Merchant PAN belongs to, RuPay routes the SMS OCT (0200)
to the merchant acquirer’s switch.
5 a/b The Acquirer’s switch receives OCT messages and processes it. The acquirer system
approves the transaction successfully and notifies the merchant.
6 The Acquirer’s switch responds with a 0210 approval and sends it to RuPay.
7 RuPay routes the response to the originator system using 0210 message, but the
transactions times out at Originator system because of Network Disconnect /
Latency. Originator system should treat the transaction as deemed acceptance.
Originator system should not pass the reversal to the consumer. Originator has to
reconcile these transactions basis the raw data file / settlement reports from RuPay.
8 Originating system notifies the Consumer over the mobile device indicating deemed
acceptance.
Annexure 4 -Glossary
Abbreviation Description
ACQID Acquirer Id
AEPS Aadhaar Enabled Payment System
AES Advance Encryption Standards
AID Application Identifier
AIP Application interchange Profile
ATC Application Transaction Counter
ANSI American National Standards Institute
ARPC Authorization Response Cryptogram
ARQC Authorization Request Cryptogram
ATC Application Transaction Counter
ATM Automated Teller Machine
AUA Authentication User Agency (used in Aadhaar authentication)
CAD Card Acceptor Device
CID Cryptogram Information Data
CNP Card Not Present
CP Card Present
CPS Custom Payment Service
CVM Card Verification Method
CVD Card Verification Data
CVD2 Card Verification Data 2
CVR Card Verification Result
DE Data Element
DES Data Encryption Standard
DMS Dual Messaging System
DUKPT Derived Unique Key per Transaction
E-COMM Electronic Commerce
EMI Equated Monthly Instalment
EMV Euro- pay, MasterCard and VISA
FRM Fraud and Risk Management
GMT/UTC Greenwich Mean Time
GW Gateway
IAD Issuer Application Data
IFD Interface Device Serial Number
ICC Integrated Circuit Card
ICS International Card Scheme
iCVD Card Verification Data for integrated circuit cards
IMPS Interbank Mobile Payment Service
INT Internet banking
ISO International Organization for Standardization
IVR Interactive Voice Response
JCB Japan Credit Bureau
KIO Kiosk
LMM Liquidity Management Module
LRC Longitudinal Redundancy checking
MCC Merchant Category Code
MOTO Mail Order/Telephone Order
MTI Message Type Identifier
Abbreviation Description
NBIN National Bank Identification number
NPCI National Payments Corporation Of India
NPCI host The master connection that will route or process transactions for
participants.
Off-Us Inter-bank transactions
On-Us Intra-bank transactions
OTP One time Password
PAN Primary Account Number
PCI DSS Payment Card Industry Data Security Standard
PIN Primary Identification Number
PVV PIN Verification Value
RFU Reserved for future use
RRN Retrieval Reference Number
RQ Request
RS Response
SA Sub – AUA (used in Aadhaar authentication)
SAF Store and Forward
SMS Single Messaging System
STAN System Trace Audit Number
STIP Stand In Processing
TCP Transfer Control Protocol
TDES Triple DES
TID Terminal Id
TLE Terminal Line Encryption
TLV Tag-length-value
TVR Terminal Verification Results
TXN Transaction
UID Unique Identification
UIDAI Unique Identification Authority of India
UKPT Unique Key Per Terminal
UTC Coordinated Universal Time
ZPK Zone Pin Key
ZMK Zone Master Key
Table 106: Glossary
Annexure 5 -Definition
Terms Meaning
Acquirer The Participant or a trusted source that originates the message
Approve Transaction is authorized. Issuer is authorized the transaction as
reported by the acquirer for purchase of goods or services.
Balance Enquiry It is a request from the POS terminal for the account balance.
Cardholder can initiate a balance inquiry at point of sale. In this case
issuer responds with the balance of the cardholder account.
Biometric The use of biometric technology significantly increases security
level of systems because it eliminates such problems as lost, stolen
or loaned ID cards, and forgotten or guessed PINs.
Barcode Reader A barcode reader (or barcode scanner) is an electronic device for
reading printed barcodes.
Bit Map A bitmap is a field or a subfield within a message which indicates
which data elements are present elsewhere in a message
Card Holder An individual to whom a card is issued or who is authorized to use
the card.
Cash at POS Cash at POS transaction is a variation of the purchase transaction
that permits the cardholder to get cash at POS terminal.
It is defined as Cash given to the cardholder at the point of sale.
Client Service requestors are called as clients
Compliance Compliance is a transaction processing requirements for routed
messages to contain certain key information to provide a more
complete picture of the POS conditions and help validate cardholder
authenticity.
Credit Card Credit card Is a small plastic card issued to users as a system of
payment. It allows its holder to buy goods and services based on the
holder's promise to pay for these goods and services
Credit Adjustment Acquirer credits the issuers account
Cutover message Cut over message indicates the business date change over
Debit card A debit card (also known as a bank card or check card) is a plastic
card that provides the cardholder electronic access to his or
her bank account/s at a financial institution. The card can be used
as an alternative
Decline Transaction is not authorized. Merchant is not allowed to proceed
with the transaction.
Domestic routing Routing done within a country
E-Commerce These are non-face to face online transactions that use the electronic
media over a network. Cardholder may initiate this transaction from
personal PC or Mobile etc. for purchasing the goods or services on
the internet.
For ECOM transactions, authentication system must support
authenticating the cardholder during online purchase.
Echo message Echo messages are used validate the availability of the host session
in case of low or no transaction traffic in the session
EMI amount Amount that is to be paid in instalments
E-Commerce indicator This indicates the security level of an electronic commerce
transaction.
Fall-back For a chip based card, when the chip is not working then the card is
swiped using magnetic stripe.
Terms Meaning
Fraud Score Score populated by Risk and Fraud Management System. Value to be
used by issuer before issuer approves a transactions.
Instalment Payments No. of instalments decided for an EMI transaction
ISO 8583 International Standards Organization standards for messaging
supported by the host. Unless specified otherwise, it refers to ISO-
8583:1987 version.
Issuer The participant that receives and authenticates the message.
Julian Date Representing Date in YDDD format
Key Management The activities involving the handling of cryptographic keys and
other related security parameters during the entire life cycle of the
keys, including their generation, storage, distribution, loading and
use, deletion, destruction and archiving.
Loyalty Balance Loyalty Balance will show the number of loyalty points accumulated
Loyalty Points Number Of points accumulated while doing a purchase transaction
Manual Manual entry and no card required
Margin Amount Amount paid by the cardholder during the purchase
Member Bank or other institution connecting to NPCI central switch via
HOST to HOST connection
Merchant An entity that contracts with an acquirer to originate transactions
Message Header Contains the length of the message
Message Logging After the validation of the message, system will log the message.
Logging of the message is required for billing purpose, data files &
reports preparation, testing, troubleshooting, audits and research
purposes etc.
Micro-ATM transactions Transaction done
MTI Message Type Indicator – 4-digit field which classifies the high-level
function of the ISO 8583 message (consisting of Message Version,
Message Class, Message Function, Message Origin)
NPCI Central Switch The master connection that will route or process transaction for
participants
Onus Issuer and the acquirer are same
Off-Us Issuer and Acquirer are different
Optical Card Reader An optical card reader for reading marks made on the face of a pre-
printed card utilizes a video camera and a memory device to capture
and store an image of at least a portion of the card.
Pick up card On receiving the pickup response, merchant should try its best to
retain the card by peaceful means.
Pin (Personal Identification Number) A numeric personal identification
code that authenticates a cardholder in an authorization request
that originates at a terminal with authorization only or data capture
only capability. A PIN consists only of decimal digits.
POS Point-of-Sale/Point-of-Service. Physical location of terminal at the
merchant (‘card present’ transactions) – figuratively, any device
usable for e-commerce or other ‘card not present’ transactions (PC,
phone, etc.).
Preauthorization Transactions which are used to authorize transactions in advance of
the actual purchase before the final amount of the purchase is
known
Product code A code that identifies the channel of the transaction that whether it
is a POS,ATM,E-commerce transaction
Purchase A purchase transaction is a standard purchase request to authorize
post and settle a transaction for the sale of goods or services.
Terms Meaning
Purchase with cash back A purchase with cash back transaction is a variation of the purchase
transaction that permits the cardholder to get cash in addition to
goods or services. The cash-back amount will be identified
separately in online financial messages
Recurring Payments A pre-authorized recurring transaction charged to a cardholder’s
account
Reversal message The message reverses the action of a previous authorization.
Refund A refund is a financial transaction initiated at the point of sale that
instructs the issuer to credit the cardholder’s account for the return
of goods
Reject code A message will be rejected if due to error conditions, NPCI network
is not able to process it, then a reject code will be send to the
acquirer or to the issuer
Sign On message This message is used to re-establish a session or connectivity that
has been closed or signed off by the other party
Sign Off message This message is used to close a session or connectivity that has been
established or signed on by the other party
Server The server component provides a function or service to one or many
clients, which initiate requests for such services
Stand-In NPCI authorizes the transaction on behalf of the issuer host system
Telephone Request Transaction initiated using Telephone
Terminal A device/system that initiates a transaction
Time-Out Time required by the acquirer, NPCI or issuer to complete a
transaction
Track 1 The information encoded on Track 1 of the magnetic stripe of the
plastic card (per ISO 7813) used for the transaction, excluding start
and end sentinel and LRC characters. It also includes the cardholder
name which is not present in the track 2 data
Track 2 The information encoded on Track 2 of the magnetic stripe of the
plastic card (per ISO 7813) used for the transaction, excluding start
and end sentinel and LRC characters.
Transaction Id A unique Id used for e-commerce transaction
Unattended Terminal A terminal placed in an unattended environment. e.g. ATM
Originator The Bank Switch which initiates the Transaction for SMS OCT
OCT Original Credit Transaction
MBS Mobile Banking System