๐งฉ What is ISO 8583?
ISO 8583 is the international messaging standard for financial transaction card-originated messages. It is used in ATMs, POS terminals, mobile wallets, and banking switches to securely exchange payment messages.
It defines the format for request/response messages used between:
- Acquirer โ Issuer
- Terminal โ Switch
- Gateway โ Bank
๐ฆ Structure of an ISO 8583 Packet
Each ISO 8583 message consists of the following components:
| Part | Description |
|---|---|
| MTI | Message Type Indicator (e.g., 0200, 0420) |
| Bitmap | 64-bit or 128-bit bitmap indicating present fields |
| Data Elements | Fields like PAN, Amount, STAN, etc. (DE1โDE128) |
๐งพ Message Type Indicator (MTI)
MTI is a 4-digit numeric field that classifies the message.
| MTI | Meaning |
|---|---|
0100 | Authorization Request |
0110 | Authorization Response |
0200 | Financial Transaction Request |
0210 | Financial Transaction Response |
0420 | Reversal Advice |
0430 | Reversal Response |
0800 | Network Management Request |
0810 | Network Management Response |
๐ข ISO 8583 Data Elements (Important Fields)
Here are key fields commonly used in transaction packets:
| DE # | Field Name | Format | Example/Use Case |
|---|---|---|---|
| 2 | Primary Account Number (PAN) | LLVAR N | 16-digit card number |
| 3 | Processing Code | N 6 | 000000 (Purchase), 200000 (Refund) |
| 4 | Amount | N 12 | 000000010000 = โน100.00 |
| 7 | Transmission Date & Time | N 10 | MMDDhhmmss |
| 11 | STAN | N 6 | Unique transaction ID |
| 12 | Local Time | N 6 | hhmmss |
| 13 | Local Date | N 4 | MMDD |
| 14 | Expiry Date | N 4 | YYMM (e.g., 2608) |
| 17 | Capture Date | N 4 | MMDD (used for settlement) |
| 24 | Network International ID | N 3 | 000 = Visa, 001 = MC, 024 = RuPay |
| 35 | Track 2 Data | LLVAR Z | Encrypted card track info |
| 37 | Retrieval Ref. Number | AN 12 | Unique txn reference |
| 38 | Authorization Code | AN 6 | Issuer-approved code |
| 39 | Response Code | AN 2 | 00 = Approved, 51 = Insufficient funds |
| 41 | Terminal ID | AN 8 | POS or ATM ID |
| 42 | Merchant ID | AN 15 | Merchant account number |
| 49 | Currency Code | N 3 | 356 = INR |
| 55 | EMV Data | LLLVAR B | ICC tags (chip transactions) |
| 60โ63 | National/Private Use Fields | LLLVAR | Often used in RuPay, UPI, BharatQR |
๐งฎ DE39 โ Response Codes (Success or Failure)
| Code | Description |
|---|---|
00 | Approved/Completed |
01 | Refer to card issuer |
05 | Do not honor |
12 | Invalid transaction |
13 | Invalid amount |
14 | Invalid card number |
33 | Expired card |
51 | Insufficient funds |
54 | Expired card |
55 | Incorrect PIN |
57 | Transaction not permitted |
91 | Issuer or switch inoperative |
96 | System malfunction |
๐ How to Convert (Parse) ISO 8583 Messages
โ 1. Extract MTI
E.g., 0200 = Purchase transaction request.
โ 2. Read the Bitmap (HEX โ Binary)
Bitmap F23C048188E08000 = bits that indicate which DEs are present.
โ 3. Parse Fields
Using known formats (fixed or variable), extract fields like DE2, DE3, DE4, etc.
Example:
makefileCopyEditMTI: 0200
Bitmap: F23C...
DE2 = 6221234567890123
DE3 = 000000
DE4 = 000000005000
DE14 = 2608 (Card expiry: Aug 2026)
DE17 = 0701 (Capture Date: July 1st)
DE24 = 024 (Network: RuPay)
DE39 = 00 (Approved)
DE41 = POS12345
DE42 = MERCHANT123456
๐ Tools to Build or Validate ISO 8583
| Tool | Use Case | Link / Info |
|---|---|---|
| jPOS | Java-based ISO 8583 engine | jpos.org |
| Python iso8583 | ISO parsing & decoding | PyPi: iso8583 |
| Hex to Binary Converters | Decode bitmap | Any online HEX-to-BIN tool |
| KaNest, FIME, Paragon | Paid simulators for UAT | Industry standard fintech labs |
๐ Why No Public ISO 8583 Validation URL?
ISO 8583 packets often contain sensitive card/payment data, hence:
- Not exposed to public validators
- Must comply with PCI-DSS
- Validation is done using secure test simulators or switch environments
๐ก Common Use Cases
| Scenario | MTI | Notes |
|---|---|---|
| POS Purchase | 0200 | DE3 = 000000, DE4 = Amount |
| ATM Withdrawal | 0200 | DE3 = 010000 |
| UPI/QR Transaction | 0200 | DE62 contains QR reference |
| Reversal after timeout | 0420 | DE90 = Original DE3, DE11, DE7, etc. |
| Authorization only | 0100 | Pre-auth or hotel booking |
๐ Sample Python Decoder (Basic)
pythonCopyEditfrom iso8583 import iso8583
msg = b'0200F23C048188E08000...'
parsed, _ = iso8583.decode(msg)
print(parsed)
๐ What is “Host Receive” & “Response from Host” in ISO 8583?
๐น 1. Host Receive
This means the host (e.g., issuing bank or switch) receives a message from the acquirer (POS/ATM) such as:
- MTI:
0200(Financial transaction request) - Along with fields like DE2 (Card Number), DE4 (Amount), DE3 (Processing Code), DE11 (STAN), etc.
โ Common field values seen at host receive:
| Field | Field Name | Example Value | Meaning |
|---|---|---|---|
| 2 | PAN | 6221234567890123 | Card number from POS/ATM |
| 3 | Processing Code | 000000 | Purchase |
| 4 | Transaction Amount | 000000010000 | โน100.00 |
| 7 | Transmission Date/Time | 0701123045 | MMDDhhmmss |
| 11 | STAN | 123456 | Unique ID from terminal |
| 14 | Expiry Date | 2608 | YYMM = Aug 2026 |
| 24 | Network ID | 024 | RuPay |
| 41 | Terminal ID | POS12345 | From where transaction originated |
| 42 | Merchant ID | MERCH1234567 | Unique merchant |
| 55 | ICC Data | TLV encoded EMV data | Required for chip transactions |
๐น 2. Response from Host
The host processes the transaction and returns a response message โ usually with MTI = 0210 (response to 0200) or 0110 (for 0100).
โ Fields returned in “response from host”:
| Field | Name | Example | Purpose |
|---|---|---|---|
| 39 | Response Code | 00 | 00 = Approved, 05 = Declined, etc. |
| 38 | Authorization Code | 123456 | Issuer-provided approval code |
| 37 | Retrieval Ref. Number | XYZ789456123 | Unique transaction reference |
| 48/63 | Additional Private Data | … | Can include loyalty, surcharge info, etc. |
| 55 | EMV Response Data | TLV | ARQC/ARPC returned by chip |
๐ Example Flow: POS to Host and Back
๐น POS โ Host (MTI: 0200)
yamlCopyEditDE2: 6221234567890123
DE3: 000000
DE4: 000000005000
DE7: 0701123456
DE11: 654321
DE14: 2608
DE24: 024
DE41: POS12345
DE42: MERCH123456
๐น Host โ POS (MTI: 0210)
makefileCopyEditDE11: 654321 (same STAN)
DE37: XYZ789456123
DE38: 123456
DE39: 00 (Approved)
DE55: EMV response
๐งฉ Summary of Key Field Values for Host Communication
| Field | Direction | Purpose |
|---|---|---|
| 2 | Receive | PAN/card number |
| 3 | Receive | Transaction type |
| 4 | Receive | Amount |
| 11 | Both | Transaction identifier |
| 14 | Receive | Card expiration |
| 24 | Receive | Network ID |
| 38 | Response | Approval code from issuer |
| 39 | Response | Final transaction result |
| 55 | Both (EMV) | ICC data (tag-length-value) |
๐ ISO 8583: Reversal & Void Sale Packet (Settlement & Processing Code)
โ 1. Void Sale Transaction
๐ What is a Void Sale?
- Used to cancel a financial transaction before it is settled.
- Typically performed same day by merchant or terminal.
- It does not reverse a settled transaction, only prevents it from being settled.
๐ง ISO 8583 MTI:
0200โ Financial Transaction Request (Void)0210โ Response from Host
๐ง Processing Code (DE3):
| Value | Meaning |
|---|---|
200000 | Void Sale |
220000 | Void Refund |
๐งพ Important Fields in Void Sale Packet:
| Field | Meaning | Notes |
|---|---|---|
| DE3 | Processing Code | 200000 |
| DE4 | Amount | Same as original transaction |
| DE11 | STAN (New) | Unique for void txn |
| DE37 | Original Retrieval Ref No. | From sale |
| DE38 | Original Auth Code | Required |
| DE41 | Terminal ID | From POS |
| DE90 | Original Data Elements | MTI+STAN+Date+RRN+Acquirer ID |
๐ 2. Reversal Transaction
๐ What is a Reversal?
- Used when a transaction failed at the terminal but the issuer may have already approved it.
- Done to reverse or cancel a financially approved transaction that wasn’t completed (e.g., timeout, GPRS error, crash).
- Can also be auto-triggered after timeout or failure.
๐ง ISO 8583 MTI:
0420โ Reversal Advice0430โ Response
๐ง Processing Code (DE3):
- Same as original transaction (e.g.,
000000for purchase)
๐งพ Important Fields in Reversal Packet:
| Field | Meaning | Notes |
|---|---|---|
| DE3 | Processing Code | Same as sale |
| DE4 | Amount | Same as original txn |
| DE7 | New date/time | For reversal |
| DE11 | New STAN | New trace number |
| DE37 | Original RRN | Matches sale |
| DE38 | Original Auth Code | Must match |
| DE39 | Response Code | 00 = Success, 12 = Invalid txn |
| DE90 | Original Data Elements | Referred MTI, STAN, Date, RRN |
๐ Field DE90 (Original Data Elements) Format
DE90 is critical in reversal and void. It identifies the original transaction.
| Subfield | Length | Example |
|---|---|---|
| Original MTI | 4 | 0200 |
| Original STAN | 6 | 123456 |
| Original DateTime | 10 | 0630123456 |
| Acquirer ID (DE32) | 11 | 12345678901 |
| RRN | 12 | XYZ789123456 |
๐ Difference: Void vs. Reversal
| Feature | Void Sale | Reversal |
|---|---|---|
| MTI | 0200 | 0420 |
| Use Case | Cancel a sale before settlement | Undo txn due to failure/timeouts |
| Triggered By | Merchant/manual | Auto/system/manual |
| DE3 | 200000 | Same as sale (e.g., 000000) |
| DE90 | Yes | Yes |
| DE38 | Required | Required |
| DE37 | Original RRN | Original RRN |
โ Sample: Void Sale Packet
yamlCopyEditMTI: 0200
DE3: 200000
DE4: 000000005000
DE11: 987654
DE37: 123456789012
DE38: 789456
DE41: POS12345
DE42: MERCHANT456
DE90: 02001234560630123045ABC1234567890
โ Sample: Reversal Packet
yamlCopyEditMTI: 0420
DE3: 000000
DE4: 000000005000
DE7: 0701131515
DE11: 654321
DE37: 123456789012
DE38: 123456
DE90: 02001234560630123456ABC1234567890
โ Final Thoughts
Understanding ISO 8583 messaging is critical in designing and testing POS, ATM, and eCommerce financial systems. This includes:
- Correct use of processing codes
- Building and interpreting reversal and void packets
- Mapping host behavior via MTI and DEs
Use secure simulators or environments to test and never expose live packets on the internet.