Page 1

Payments Basic Training Module 3: PostCard

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Module introduction • Introduction to using PostCard • PostCard provide services to issuers

Copyright © 2009. S1 Global Ltd. All rights reserved.


Agenda • PostCard Overview • Getting Started • Authorization Services

Copyright © 2009. S1 Global Ltd. All rights reserved.


Section 1: PostCard Overview • PostCard Concepts • Architecture • PostCard Services to Issuers

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Concepts

Fundamental Concepts • • • • •

PostCard owner Issuer Card program Customer Cardholder

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Concepts

Fundamental Concepts • Multiple cardholders can access an account: o Primary and secondary cards — identical cards o Alternate cards — same PAN, different sequence number o Distinct cards — different PANs

• Customers o Can be distinct from a cardholder o Host CIF files o Required for:

 Card production  AVS and similar functionality  Call center functionality

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Architecture

Architecture • Deployment scenarios o Processor with multiple issuers

 One processor (owner) — multiple card issuers  Processor performs certain configuration and management centrally  Individual member institutions perform other tasks o Single-issuer

 Issuer owns PostCard system  Issuer has control over all functionality

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Architecture

Architecture PostCard Sink interface

Issuer host system

Transaction Manager

Issuer workstation with Navigator / Web browser

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Architecture

Payments Portal • Web based interface o Deployed on Apache Tomcat o Commonly used by CSRs o Accessed using a Web browser (e.g. Internet Explorer)

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Architecture

Navigator • • • •

Application used to access PostCard user interfaces Resides on each client computer

Provides centralized view of user interfaces Owner/Issuers user interfaces o Different views for issuers and owner o Both use interface to configure and update system o Provides appropriate user access

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Architecture

PostCard System • Owner o Configures and manages services offered o Specifies issuer access levels

• Issuers o Provide data to configure services

o Manage card bases

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

PostCard Services to Issuers • • • • • •

Card production PIN management

Card status management Authorization and validation services Risk profile management

Account product management

Services largely independent of one another o Issuer can use PIN management without authorization services

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

PostCard Key Features • Support for: o Multiple cards per account o Multiple accounts per card

• • • • •

Provides different PIN management methods Provides services to multiple issuers — remote access Authorizes transactions — synchronizes with host system Automates card production process Applies risk management to transaction processing

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Not Account Management System • PostCard DOES NOT perform: o Interest payments o Month-end statements o Risk-scoring o Card applications o Merchant settlement

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Card Production • Actual creation of plastic cards: o Specialized card production companies o Issuer provides file to company

• PostCard: o Provides issuer with functionality to generate required files o Supports production of:

 Anonymous cards  Personalized cards  Temporary cards

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Generating Card Production File • Two-step process o Staging the card production o Creating the card production files

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Staging Card Production • Scan PostCard system identifying cards with the following characteristics: o Newly defined by issuer o Flagged for PIN production only o Re-issued by issuer (lost, stolen, or damaged) o Card nearing expiry date — re-issue required

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Creating Card Production Files • Files built for particular card production company • Plug-in used to create files from data in PostCard database • Plug-in used is dependent on file format required

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

PIN Management • PostCard facilitates the generation of: o PINs o PIN codes (PVVs or PIN offsets)

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

PINs and PIN codes • Generating PIN numbers o PAN of card o Secret PIN verification key (KVP)

• • • •

PIN sent to cardholder PIN code encrypted on track 2 or stored in database KVP distributed to entities trusted to verify PIN PIN code and KVP enable entities to verify PIN and allow customer PIN changes

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

PostCard PIN Management methods • • • •

PostCard generates PIN and PIN code Card production company generates PIN and PIN code

Card production company generates natural PIN Customer selects PIN o Card not sent via secure mailer o Cardholder specifies PIN on issuer premises — using secure PIN pad o PIN pad generates PIN code o PIN code displayed/printed for issuer operator o Value entered into PostCard system

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

PostCard PIN management methods •• •• • ••

PostCard PIN andand PINPIN code PostCardgenerates PostCard generates generates PIN PIN and PINcode code • PIN block and company PIN code sent to cardPIN production company Card generates and PIN code Cardproduction Card production productioncompany company generates generates PIN PIN and and PIN PIN Part of production rungenerates natural PIN Card company code•production code •• PIN block encrypted using PIN export key given to Customer selects PIN with PIN code Provides PostCard Card production generates natural PINPIN Card productioncompany company generates natural company • PIN sent to cardholder • Company determines PIN from value for mailer • IBM PIN scheme • Customer selects PIN • Natural PIN = PIN offset all zeros • Card not sent via secure mailer • PostCard sets PIN offsets to zero • Cardholder specifies PIN on issuer premises — using • No needPIN to load secure pad PIN offsets from Card production company •• Cardholder can change the PIN at a later point PIN pad generates PIN code • PIN code displayed/printed for issuer operator • Value entered into PostCard system Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

PostCard PIN Management methods Track 2 (incl PIN code)

Card and PIN

Track 2 Card and PIN PIN code

Track 2

Card

PIN

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Card Status Management • Activate new/re-issued cards, deactivate old cards • Depends on PIN management: • No PIN: First transaction activates cards issued with no PIN associated (e.g. credit cards)

• PIN scenarios: o On first successful transaction, if PIN mailer sent with card o Immediately, if PIN selected in-branch o PIN change required with first PIN-based transaction

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Card Status Management • PostCard activates card on first successful transaction performed

• Old cards with same PAN and sequence number are disabled • Anonymous/temporary cards disabled on activation of new card

• Disabled cards o Transactions declined o Retained in PostCard database – can be added to hotcard lists

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Authorization Services • Four authorization configurations: o No authorization

 No transaction authorization performed  All transactions declined if issuer down o Velocity stand-in authorization o Balances stand-in authorization

o Full authorization

 Without advices  With advices

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Velocity Stand-in Authorization • Configured using limits (velocity limits) o Number and value of offline debit transactions o Per day, per week, per month, per transaction o Per card or account

• Risk falls on issuer • Only performed if issuer is unavailable • Depending on other validation services account balance information is not required

• No file extracts • Simple to administer Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Full Authorization • PostCard authorizes all transactions o Transactions never sent to issuer

• Issuer sends PostCard the card, account and account balances (load)

• PostCard sends issuer authorized transactions file (extract) • Issuer updates account balances • Send new balances to PostCard (load)

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Balances Stand-in Authorization • • • •

Stand-in performed against actual account balances Stand-in only if issuer is not available

Issuer supplies balances for every account of each cardholder New account balances provided every day o Maintain transaction integrity across databases

• Issuer authorizes transactions if available • Balances kept in sync o PostCard force-posts transaction advices

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Validation Services • May be optional or enforced by PostCard — depending on configuration

• Performed before forwarding transaction or providing stand-in • Transactions declined if validation fails o Even when issuer is available o Reduce load on issuer

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Validation Sequence • • • • • • • • •

Check card status Check if card on hold

Check if account on hold Check expiry date PIN verification

Card verification EMV authentication Validation data matching

Track 2 value matching Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Additional Validation Services • Address verification service (AVS) • Retrieve linked accounts (always with full authorization) • Velocity checking (always with velocity stand-in)

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Risk Profile Management • PostCard enables issuers to apply risk management to their transaction processing: o Decline transactions from certain countries o Decline transactions for specific account types o Decline transactions for certain merchant category codes o Decline stand-in authorization for specific card programs

o Configure transaction types for which stand-in authorization should not

be permitted o Configure extended response codes

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services PostCard Services to Issuers

Risk Profile Management • Configuring risk management involves: 1. Creating risk transaction groups 2. Specifying risk transaction rules 3. Configuring risk profiles Risk Profile Risk Profile Risk transaction rule

Risk transaction Risk Transaction group group

Actions to be Risk Transaction taken Rule

Account or card program associations

Copyright Š 2009. S1 Global Ltd. All rights reserved.


Section 2: Getting Started • • • • •

Services Security and Access Configuring Users and Roles

Help Documentation Scheduled Jobs

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Getting Started

Getting Started • Basic PostCard operations: o Starting services required by PostCard o Logging in to Navigator o Adding users and configuring roles o Accessing consoles and documentation o Scheduling and running jobs

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Services

Services • Required services: o Microsoft SQL Server o Postilion Certificate Manager o Postilion Transaction Manager o Postilion Scheduler o Postilion User Interfaces Service

o Apache Tomcat o Source and sink interfaces

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Security and Access

Security and Access • Multiple issuer access: o Central processor owner of S1 payments system and PostCard o Owner controls owner domain o Owner creates issuer administrator login o Issuer operators have limited access o Each issuer owns domain

o Issuer administrator creates users and assign roles

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Security and Access

Security and Access • Single issuer access: o Issuer is the owner o Owner creates issuer and issuer domain o Only owner can log in to PostCard o Login defined during installation:

 Administrator creates users and assign roles in owner domain

 Administrator creates issuers and assign roles o Issuer can now log-in

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Security and Access

Security Precautions • PostCard accessed from remote workstations — imposes greater security requirement

• Precautions: o Passwords should be changed regularly o Usernames and passwords must be kept secret o Access to PostCard should be restricted

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Configuring Users and Roles

Issuer Configuration • Process identical to one detailed for owners • If logged in as owner operator: o Expand Postilion Owner o Expand relevant issuer node o Expand Framework and User management

• If logged in as issuer operator: o Expand issuer node o Expand Framework and User management

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Help Documentation

Help Documentation • Open Realtime Management Console • Expand Documentation • Expand PostCard

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Scheduled Jobs

Scheduled Jobs • Use jobs to perform scheduled tasks: o Clean out aged data o Periodically reset velocity limits o Load card and account information o Extract card and account information

• Access jobs: o In Navigation pane, expand Postilion Owner > PostCard > Scheduled

Jobs o Click Scheduled Jobs

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Scheduled Jobs

SQL Server Management Studio • Used to check if Jobs ran successfully o Jobs: Console Root > MS SQL Server > SQL Server Group > Your Server

> SQL Server Agent > Jobs o Right-click job to be checked o Click View History o Check Last Run Status is Succeeded

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Scheduled Jobs

Navigator • Used to view and alter schedule of job: o Select job o Click Properties o Click Schedule to open schedules page o Modify the schedule if necessary, click Update o Click Close

Copyright Š 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Scheduled Jobs

Tracing • Tracing is useful in troubleshooting PostCard • Open Postilion Trace Viewer: o In Realtime Management Console, expand Tools > Realtime Framework o Click Trace Viewer

• In Trace Viewer: o Expand PostCard o Click on a job o Click a trace associated with the job

Copyright © 2009. S1 Global Ltd. All rights reserved.


Section 4: Authorization Services • Velocity Stand-in Authorization • Full Authorization

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Velocity Stand-in Authorization

Velocity Stand-in Authorization • Most commonly used stand-in o Realtime stands-in when authorizing entity is unavailable o Authorizes transaction using limits defined by issuer o Limits reflect issuer’s risk assessment

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Velocity Stand-in Authorization

Definable Limits • Daily velocities o Number of purchases o Number of cash withdrawals o Purchase amount o Cash amount o Card-not-present amount

o Deposit available limit

• Weekly — similar to daily limits • Monthly — similar to daily limits • Per transaction — apply to each transaction Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Velocity Stand-in Authorization

Limits configured on three levels • Card program o Specified when configuring card program o Apply to each card in program at card level

• Card o Limits for individual cards o Override any card program limits

• Account o Limits for specific accounts

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Velocity Stand-in Authorization

Velocity Stand-in: Type 1 Services used

• • • •

Information required

• No specific card information required • Configured BIN

Velocity Stand-in No retrieval of linked accounts No account-level authorization Optional: • EMV authentication • Card verification • PIN verification with PIN code on track 2

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Velocity Stand-in Authorization

Velocity Stand-in: Type 2 Services used

• • • •

Information required

Information about each card but not account information

Velocity Stand-in No retrieval of linked accounts No account-level authorization Any validation services

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Velocity Stand-in Authorization

Velocity Stand-in: Type 3 Services used

• Velocity Stand-in • Retrieval of linked accounts • Account-level authorization

Information required

Information about each card and each account

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Velocity Stand-in Authorization

Card and Account Information • Available from two sources: o PostCard database

 PostCard used for card production file generation  Operator captures new cards and account info  Uses PostCard’s New Card Wizard and New Account Wizard else uses the Portal if the Portal is configured o Externally generated files

 PostCard not used  Card and account details maintained by issuer host system  Sent to PostCard in specified format

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Full Authorization • PostCard authorizes all EFT transactions • Two types of full authorization: o Without advices o With advices

• End point for transactions • PostCard maintains: o Cards and accounts o Account balances

• Issuer system not receive EFT transactions • PostCard and issuer host synchronized by load-extract cycle

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load-Extract cycle • Core banking system send loads to PostCard • Load-extract cycle necessary when: o Core banking system may provide card management:

 Informs PostCard of new cards issued or cards de-activated o Core banking system handles non-EFT transactions

 Informs PostCard of affect of these transactions on account balances o PostCard adjusts account balances of approved transactions

 Changes fed to core banking system

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Types • • • • • •

Full load Full accounts load

Full balances load Partial load Update load

Account balances adjustment load

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Types — Full Load • Used to create initial baseline • Overwrites any existing records • Files needed: o Cards.txt o Accounts.txt o CardAccounts.txt o AccountBalances.txt o CardOverrideLimits.txt o AccountOverrideLimits.txt o Statements.txt

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Types — Full Accounts Load • Replaces account and account balance information • Optionally updates: o Statement information o Override limits

• Files needed: o Accounts.txt

o Accountbalances.txt o Accountoverridelimits.txt o Statements.txt o Customers.txt

o Customeraccounts.txt

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Types — Full Balances Load • Similar to full load — no account information • Replaces only balances • Optionally updates: o Statement information

• Files needed: o Accountbalances.txt o Statements.txt

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Types — Partial Load • • • •

Selectively update/delete/insert records Used to keep existing records synchronized

Same files as full load Each record in a files preceded with: o U — indicates an update o D — indicates a deletion

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Types — Update Load • Modify information held by PostCard • Not considered part of load-extract cycle o Not used to modify account balances o Used to update card and account details, e.g. PIN changes

• Applied using files or 0320/0322 (file update) messages

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Types — Update Load files • Files needed for update load: o Cards.txt o Accounts.txt o Cardaccounts.txt o Accountbalances.txt o Statements.txt

o Accountoverridelimits.txt o Cardoverridelimits.txt

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Types —Account Balances update load • • • • •

Used typically to load cash onto stored value cards Only specifies amount to be added to current account balance

Not part of the load-extract cycle Applied using files or 0320/0322 (file update) messages Files needed: o Accountbalanceadjustments.txt o Statements.txt

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load Sequences — No Card Management • PostCard: o Not used to manage cards o Not the source of card and account information o Records overwritten as required

• Sequence used: o Initially — Full load

o Daily — Partial load and full accounts load o Weekly (optional) — Full load o Periodically — Update load

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Load sequences — Card Management • PostCard: o Used to manage cards o Source of all card and account information o Records must not be overwritten

• Sequence used: o Initially — Full load

o Daily — Partial load and full accounts load o Periodically — Update load

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Extracts • • • • •

PostCard provides feedback to core banking system Achieved using extracts

One extract configured per issuer PostCard extracts transaction information for specific issuer Two time periods associated with extracts: o Extract period

 Transaction information extracted (batch cutover) o Extract file production period

 Extract files produced

Copyright © 2009. S1 Global Ltd. All rights reserved.


PostCard Overview | Getting Started | Using the Portal | Authorization Services Full Authorization

Extracts • Extract jobs schedule: o Advance extract period

 One extract period closed; a new one opened immediately o Extract files

 Control production of files; must follow advance extract period job

• Two files extracted: o Accountbalancedeltas.txt o Statementdeltas.txt

Copyright © 2009. S1 Global Ltd. All rights reserved.

PostCard Overview  

Postcard module overview

Read more
Read more
Similar to
Popular now
Just for you