Issuu on Google+

Payments Basic Training Module 1: EFT Overview

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Module Introduction • • • •

Introduction to Payments Basic Training (PBT) EFT Concepts

Payments System Overview Course duration o ½ day (3 hours)

Copyright © 2009. S1 Global Ltd. All rights reserved.


Section 1: Introduction to PBT • Overview • Training structure • Module scope

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Training Structure

Overview Three types of courses

• Payments Basic Training (PBT) • Payments Specialized Training (PST) • Payments Development Training (PDT)

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Training Structure

Core Modules • • • •

Module 1: EFT Overview Module 2: Realtime Module 3: PostCard Module 4: Office

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Training Structure

Elective Modules Additional modules — environment specific

• Module 5: ATM Driving • Module 6: eSocket.POS • Module 7: TermApp

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Module Scope

Main Sections EFT Concepts • EFT concepts (incl. S1-specific concepts) • Payment cards (PANs and routing) • Payment flows (consumer transactions and settlement) • EFT protocols (draft capture and ISO 8583 messages)

Payments System Overview • S1 payments product family • S1 payments solutions

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Evaluation and Certification

Evaluation and Certification • PBT Certificate o Questions from modules 1–5

• Scoring o Less than 64% — Attendance o Between 65% and 84% — Competence o 85% and greater — Achievement

Copyright © 2009. S1 Global Ltd. All rights reserved.


Section 2: EFT Concepts • • • • • • • •

Introductory concepts Point-of-sale environment ATM environment

Cards and routing Payment cycle Basic S1 payments terminology

EFT protocols Transaction integrity Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Introduction

Terminology — 1 • • • • •

Electronic funds transfer (EFT) Card acceptor (merchant) Acquirer (merchant account provider) Card association (≈ EFT network) Issuer

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Introduction

Terminology — 2 • • • • • •

Authorization and capture Downstream versus upstream

On-us, not-on-us, remote on-us Protocol Primary account number (PAN)

Bank identification number (BIN)

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Point-of-Sale Environment

Entities in a Point-of-Sale (POS) Environment

Cardholder

Merchant (or card acceptor)

Acquirer (or merchant Account provider)

Card association (or network)

Issuer

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview ATM Environment

Entities in an ATM Environment

Cardholder

Card acceptor

Acquirer

Network

Issuer

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview ATM Environment

On-us Transactions

Cardholder

Issuer-owned ATM

Issuer

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview ATM Environment

Not-on-us Transactions

Cardholder

Acquirerowned ATM

Acquirer

Network

Issuer

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Routing • Routing o Acquirer: on-us or not-on-us? o Network: which issuer? o Issuer: which account?

• Routing mechanism o Primary Account Number (PAN)

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Cards — PAN

PAN

• PAN — primary account number • Usually 16 or 19 digits

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Cards — BIN

BIN

• • • •

BIN — bank identification number First 6 digits Identifies card issuer Issued by card association or national standards body Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Cards — IID

IID

• IID — individual account ID • Remaining digits (excluding the last digit)

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Cards — Check Digit

• Luhn formula (Modulus 10) • Primarily of use in manual PAN entry • Detects single-digit errors and transpositions of adjacent digits Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Cards — Tracks Track 1

• Track 1 o Cardholder details (name and courtesy title) o Used by terminals — not used by EFT processors Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Cards — Tracks

Track 3

• Track 3 o Seldom used

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Cards — Tracks Track 2

• Track 2 o PAN + essential EFT data o Numeric; Maximum 37 digits Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Cards — Track 2

5412345678901234

=

0612

101

PAN (max 19 digits) Field separator Expiry date (YYMM) Service restriction code Additional data (PVV/CVV)

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Credit Card Statistics

• 2008 Global market share (in terms of purchase volumes) o Visa – 60.25% o MasterCard – 28.33% o Amex – 10.04% o JCB – 0.94%

o Diners – 0.44%

• 2008 Visa Transactions in US o Purchase volume $823.7 billion (2003: $540 billion)

o Purchase transactions 9.2 billion (2003: 6.5 billion)

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Chip Cards — 1 • Integrated circuit chip (ICC) • Bigger storage capacity • Perform cryptographic calculations o Offline PIN verification

• Also known as EMV cards o Europay o MasterCard o Visa

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Chip Cards — 2 • Same basic information o PAN o Expiry date o Service restriction code

• Supports the same routing mechanism as magnetic stripe cards

• Compatible with existing EFT network structure

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Cards and Routing

Chip Card Statistics

• As of May 2008 o 622 million chip cards issued

o MasterCard: 310 million (¹⁄₅ of global portfolio) o Visa: 262 million o 8.2 million EMV acceptance points globally o 68% of European POS points

o 56% of European ATMs

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Payment Cycle

Introduction • How money (value) flows between EFT entities • Two phases o Consumer

   

Value flows to the consumer. Consumer receives cash or goods/services. EFT processors (e.g. S1 payments system) EFT protocols (ISO 8583)

o Settlement

 Value flows from the consumer (closes the cycle)  Merchant or terminal owner receives payment  Automated clearing houses or similar

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Payment Cycle

Not-on-us ATM Transaction 1: Cardholder’s account debited

Request: Amount + surcharge

Cardholder (Bank B)

Card acceptor

Acquirer (Bank A)

Network

Issuer (Bank B)

2: Money dispensed 3: Amount + surcharge + interchange (switch) fee

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Payment Cycle

Not-on-us POS Transaction 1: Cardholder’s account debited

Request: Transaction amount

Cardholder (Bank B)

2: Goods

Acquirer (Bank A)

Network

Issuer (Bank B)

4: Amount Merchant

3: Amount – merchant fee (discount rate)

5: Interchange

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Basic S1 Payments Terminology

Realtime and External Entities

Downstream

POS device

Source interface

Store server (source entity)

Upstream

Sink interface

Realtime

Network (sink entity)

Issuer

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

ISO 8583 • ISO 8583 o Most widely used EFT protocol o Used by Realtime

• Specifies o Message content o Message Format o Rules of exchange — draft capture protocols

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Draft Capture Protocols • Consumer phase — two components o Authorization

 Verifies cardholder has sufficient funds  Funds reservation  Adjusts available balance (not ledger balance)

o Capture

 Cardholder’s account debited  Ledger balance adjusted  Transaction completed/secured

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Draft Capture Protocols • Four draft capture protocols (DCP) o Paper o Batch o Store-and-forward o Online

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Paper Draft Capture

Auth request

Auth response Terminal

Acquirer

Issuer

End of day: File

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Batch Draft Capture

Auth request

Auth response Batched advices End of day

Advice responses Merchant

Acquirer

Issuer

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Store-and-Forward Draft Capture

Auth request

Auth response Advice End of day

Advice response Merchant

Acquirer

Issuer

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Online Draft Capture — Single Message Pair

Tran request

Tran response

ATM

Acquirer

Issuer

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Online Draft Capture — Dual Message Pair

Tran request

Tran response Completion

ATM

Completion response

Acquirer

Issuer

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Summary of Draft Capture Flows Batch

Store and Forward

Online

Time

Paper

EOD

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

ISO 8583 Messages • • • •

Flexible message format Accommodates new requirements

Multiple variants Protocol translation required between variants

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

ISO 8583 Messages

0200 4 Bytes

101100110101‌ 8 (or 16) Bytes

MAC Variable length

Message type identifier Bitmap

Data elements

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Message Classes Message class (first 2 digits)

• • • • • • •

01xx

authorization

02xx

transaction

03xx

file update

04xx

reversal

05xx

reconciliation

06xx

administration

08xx

network management

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Message Functions Message function (last 2 digits) • xx00 request • xx20 advice • xx02 completion

Add 10 for response

Add 1 for repeat

• xx10 request response

• xx21 advice repeat

• xx30 advice response

• xx03 completion repeat

• xx12 completion response

See page 1–23 Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Message Type Categories • Real-time messages o Cardholder waits for transaction to complete

 e.g. transaction requests o No response — time out

• Store-and-forward messages o Transaction complete from cardholder’s point-of-view

 e.g. advices, completions, and reversals o No response — message repeated till response is received o Inform recipient of final state of transaction

o Placed in S&F queue

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Bitmaps 10110010101… 1st bit indicates presence of bitmap 2 3rd bit Indicates presence of field 3, etc.

String of bits (ones or zeros) indicating the presence or absence of data elements

Each bitmap is 8 bytes (64 bits) long

Bitmap 1 relates to fields 2–64

Bit 1 of bitmap 1 indicates the presence/absence of bitmap 2

Bit 2 indicates the presence of field 2, etc.

Bitmap 2 relates to fields 65–128 Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Data Elements • Fields may be o Fixed length (e.g. Field 3 — processing code) o Variable length (e.g. Field 2 — PAN)

 Length indicated by first 1–3 digits o Numeric (e.g. Field 4 — tran amount) o Alphanumeric (Field 45 — track 1 data)

o Mandatory (e.g. Field 7 — transmission date/time) o Conditional (e.g. Field 35 — track 2 data)

o Optional (e.g. Field 28 — transaction fee)

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Important Fields Field number

Description

2

Primary Account Number

3

Processing Code

4

Amount, Transaction

7

Transmission Date and Time

11

Systems Trace Audit Number

35

Track 2 data

39

Response Code

49

Currency Code, Transaction

52

Personal Identification Number (PIN) Data

127

Reserved for Private Use (S1-specific) Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview EFT Protocols

Field 127 • • • •

Up to 999,999 bytes long Used extensively by Realtime Divided into subfields (2–39 sequentially) Bitmap indicates which subfields are present

See page 1–28 for a list of more commonly used S1-specific subfields Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Transaction Integrity

Introduction to Transaction Integrity • Customer’s view of a transaction = issuer’s view

• ISO 8583 ensures transaction integrity in two situations: o Lost responses o Protocol translation

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Transaction Integrity

Transaction Integrity: Lost Response • Downstream EFT Entities are primarily responsible for recovery from failure upstream o Comms failures en route to upstream entity o Failure of upstream entity o Comms failure affecting response message

• If failure occurs downstream, responsibility usually lies with the entity further downstream

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Transaction Integrity

Upstream Failure Online, no stand-in authorization

Processor 0200 Timed out

0210 Declined

0420 Timed out

Upstream entity 0200

Downstream entity

0420

 0421 0430

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Transaction Integrity

Upstream Failure Online, with stand-in processing

Processor

Timed out

0210 Approved

0420

Upstream entity 0200

0200

0420 0430

0220

Downstream entity

0220 0230

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Transaction Integrity

Late Response Online, no stand-in authorization

Processor

Downstream entity 0200 0210

Timed out

Upstream entity 0200

0420

Declined

Late rsp ignored

0420 0210

0430

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Transaction Integrity

Downstream Failure Online Upstream entity

0200

0200

0210

0210

0420 0430

0420

Timed out

Processor

Downstream entity

0420 0430

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Transaction Integrity

EFT Protocol Translation — 1 Online

Store-and-forward Processor

Downstream entity

Upstream entity

0200

0100

0210

0110

Potential loss of transaction integrity when performing protocol translation Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview Transaction Integrity

EFT Protocol Translation — 2 Online

Store-and-forward

Processor

Downstream entity 0200

0100

0110

0220

0210

Upstream entity

0220 0230

Copyright © 2009. S1 Global Ltd. All rights reserved.


Section 3: S1 Payments System Overview • S1 payments product family • S1 payments solutions

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

The S1 Payments Product Family ATM

POS

File loads

Voice

Internet

Reconciliation files

File imports

PostCard eSocket.POS

eSocket.ATM

Realtime

Office General ledger

eSocket.web

Network Host systems

File extracts

Reports Card production company

ACH

File extracts

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

Business Environments • Payments product family suited to several environments: o Financial Institutions o Retailers o Telecom operators (mobile and fixed-line) o Processors o Networks

o Independent sales organizations (ISOs)

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

Business Solutions • • • • • • •

Driving ATMs Performing card processing

Authorizing transactions (stand-in and full authorization) Managing card production and PIN generation Driving point-of-sale devices

Providing mobile and internet payment/banking Switching transactions

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

Realtime • Core of installation

• Realtime manages o Online transaction processing o Transaction security o Integrity management o Routing o Card processing o Currency conversion o Batch reconciliation

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

Realtime Interfaces • Interact with external entities • Provide protocol translation • Provide terminal driving capability o Source interfaces only o AtmApp — Diebold and NCR ATMs o TermApp — POS terminals

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

Realtime Consoles • • • •

Transaction querying Terminal monitoring

Event logging Transaction tracing

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

PostCard • Card management system

• Provides the following services to issuers o Card production management o PIN management o Card activation o Validation and authorization services o Risk profile management o Not an account management system

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

Office • Transfers transaction data from Realtime to its own database

• Provides post-transaction processing: o Automatic reconciliation (match-and-kill) o Extraction of transaction data o Multi-party settlement including creation of payment (ACH) files o Report generation

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Product Family

eSocket • Provides easy integration of third-parties with the S1 payments system

• Components installed on “foreign” systems • Web servers and IVR — eSocket.Web • Web-enabled ATMs — eSocket.ATM • POS devices — eSocket.POS

• Enables systems to • Process EFT transactions (including EMV) • Switch transactions to Realtime Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Solutions

Example Payments Solutions • ATM driving • Retail payments

• Mobile prepay

Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Solutions

ATM Driving Monitoring and configuration Advanced-function ATMs

Pager alerts

Issuing banks

Realtime

WAN

Office Conventional ATMs: •Diebold 911/912 •Triton •Tranax •NCR NDC+ •Tidel

Networks Reports

ATM processor’s payments system Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Solutions

Retail Payments Monitoring and configuration Pager alerts

Issuing banks

Realtime

WAN

Office

Networks Reports

POS with eSocket.POS

Retailer’s payments system Copyright © 2009. S1 Global Ltd. All rights reserved.


Introduction | EFT Concepts | Payments System Overview S1 Payments Solutions

Mobile Prepay Monitoring and configuration Pager alerts

Issuing banks

POS terminal

Realtime

WAN Prepay host Mobile Network

Office

Reports Mobile phone

Mobile operator’s payments system Copyright Š 2009. S1 Global Ltd. All rights reserved.


EFT OVERVIEW