EMV — Banking and Retail
NBX- CAPO Application Interface Specification (AIS)
FUJ00002066
FUJ00002066
RoLe NAME AREA OF I SIGNATURE Date
RESPONSIBILITY
Authors Business
Architecture
Chris Bailey on behalf I Product
of Post Office Ltd
Deployment
Technical
Architecture
DA Sign-off Richard Cowan Design
(Peer Reviewer) Authority
Project James Keenan Project
Manager Delivery
Fujitsu John Burton
Services Sign-
off
Project:
CAPO Application
Interface Specification Doc Ref:
COMMERCIAL IN CONFIDENCE
FUJ00002066
FUJ00002066
EMV - Banking and Retail
NB/IFS/025
1 Document Control
1.1 Document Information
Horizon Release No:
T86
Document Title:
EMV Banking and Retail: NBX — CAPO Application Interface Specification
Document Type:
Application Interface Specification
Abstract:
This document details the application interface between the Horizon
domain and Post Office Card Account, including the interface to the ICC
Document Status: Approved
Originator & Richard Cowan
Department:
Design Authority
Contributors:
Post Office
Distribution:
Design Authority — Richard Cowan
POL Document Control — Post Office Programme Office
Supplier Distribution:
EDS: Mark Geldart
Fujitsu Services: John Burton
Client Distribution:
N/A
Table 1: Document Information
1.2 Document History
Version Date Reason for Issue I Associated
-WP/CT
0.1 8 Oct 2003 First working draft. Based on document
produced by IBM for NBE interfaces and
including the interface between Horizon and
the ICC
1.0 15 Oct 2003 First issued version.
1.1 12 Nov 2003 Updated following comments from Citibank,
also update section 1.7 and removal section
2.5
1.2 02 Dec 2003 Updated following joint review on 27 Nov
1.3 26 Jan 2004 Updated following actions from joint review
27/11/03, responses to questions and
discussions with Citibank on reversals and
Appendix B
1.4 7 Apr 2004 Updated following series of clarifications
1.5 12 May 2004 I Updated following clarification from Citibank
1.6 17 Aug 2004 I Updated with latest agreed changes
Created on 30/06/2008 Version 4.0 Page 2 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
G&G Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
2.0 08 Oct 2004 Issued for Sign-off
2.1 25 May 2005 I Updated for minor corrections discovered
during testing prior to initial release at
Horizon release S75
2.2 04 Aug 2005 Version ready for Sign-off
3.0 15 Aug 2005 Issued for Sign-off
3.1 28 Apr 2008 Updated to include Withdrawal Corrections
3.2 19 May 2008 I Names of approvers and reviewers amended
to reflect changes of personnel in external
organisations.
3.3 29 May 2008 I Amended to Chip and PIN to reflect CAPO
card's insistence on pin entry for all
transactions.
Corrections to some tables.
3.4 9 Jun 2008 Correction to Reviewers and Approvers.
4.0 25 Jun 2008 Issued for approval
Corrections from review of 3.4
Table 2: Document History
1.3 Change Process
Any changes to this issued version of this document will be made, controlled and distributed by: -
Richard Cowan via Post Office Document Management
[IT.Controlled.Document.Revie\ j
1.4 Review Details
Review
Comments by :
Review Chris Bailey, Fujitsu Services
Comments to :
Mandatory Review Authority Name
Post Office Ltd James Keenan, Richard Cowan
Fujitsu Services Ltd
Solution Design Peter Ambrose
ssc Mik Peach
Application Architecture Dave Johns
Test Design Peter J. Robinson
JPMorgan Europe Limited Mary McMichael
EDS Mark Geldart
Created on 30/06/2008 Version 4.0 Page 3 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Optional Review / Issued for Information
Post Office Ltd
Bob Booth, Marc Reardon
Fujitsu Services Ltd
Release Manager
John Burton
DU Design
Mark Jarosz,
Alex Robinson
Andy Williams
Gareth Jenkins
JPMorgan Europe Limited
Derek Smallworth
EDS
Keith Peers
1.5 Changes in this Version
Version Changes
4.0 Issued for Approval
4.2.3.2 Correction to 052 entry in table to remove shading
4.2.3.2 Entry 054, now conditional, returned if authorised or one of the following error
codes - 83 - 86, 14 & 58
1.6 Key Contacts
Table 3: Changes in this Version
Name Position I Phone Number
Bob Booth Solutions Architect i GRO
Table 4: Key Contacts
1.7 Associated Documents
Created on 30/06/2008 Version 4.0 Page 4 of 52
© Post Office™ 2004-2008
DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Reference I Version I Date Title Source
1S08583:1987(E) Aug 1987 I Bank Card Originated Messages Iso
SU/PLA/O16 0.3 NBX Volume Model Comparisons. Post Office
NB/IFS/031 Horizon — Card Account Mapping Post Office
NB/IFS/030 NBX — FI Reconciliation and Post Office
Settlement File Format AlS
NB/IFS/027 NBX - POCA Technical Interface Post Office
Specification (TIS)
NB/OLA/001 Horizon — EDS Operational Level Post Office
Agreement
NB/IFS/035 NBX Business Parameters Post Office
ATCRM 424645- I July 2003 I Atalla Banking Command Hewlett
002 Reference Manual Packard
1SO8583- 15 Jun Financial transaction card Iso
1:2003(E) 2003 originated messages —
Interchange message specifications
Part 1: Messages, data elements
and code values
Table 5: Associated Documents
Unless a specific version is referred to above, reference should be made to the current approved versions
of the documents.
Created on 30/06/2008
© Post Office™ 2004-2008
Version 4.0
DRAFT
Page 5 of 52
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Table of Contents
1 DOCUMENT CONTROL 2
1.1. Document Information 2
1.2 Document History 2
1.3. Change Process 3
1.4 Review Details 3
1.5. Changes in this Version 3
1.6 Key Contacts 3
1.7. Associated Documents 3
2 INTRODUCTION 3
2.1. Purpose 3
2.2 Scope 3
2.3. Structure 3
2.4 Terms and Abbreviations 3
3 OVERVIEW OF THE INTERFACE 3
3.1. Data Description 3
3.2 Derivation and Use of Data 3
3.3. Non Computer Data 3
4 DATAITEMS 3
4.1 Data Item List 3
4.1.1 General Message Element Definitions and Abbreviations 3
4. Messages Data Elements 3
4.2 Data Interpretations 3
4.2.1 [R3] - Balance Enquiry 3
4.2.2 [R3] - Financial Transaction Request - Withdrawal 3
4.2.3 [R3] - Financial Transaction Request — Withdrawal Correction 3
4.2.4 [R3]- PIN Change 3
4.2.5 [A1] - Balance Enquiry Response 3
4.26 [A1] - Financial Transaction Response - Withdrawal 3
4.2.7 [A1] - Financial Transaction Response — Withdrawal Correction 3
4.2.8 [A1] - PIN Change Response 3
4.2.9 [E1] - Reversal Request 3
4.2.10 [E2] - Reversal Request Response 3
4.2.11 Administration Advice (0620) 3
Created on 30/06/2008 Version 4.0 Page 6 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
& Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.12 Network Management Messages (0800 / 0810) 3
4.2.13 REC — NBX Reconciliation File Format 3
5 TRANSFER STRUCTURE 3
5.1. Transfer Grouping 3
5.2 Transfer Structure 3
5.3. Record Structure 3
5.4 Sequences 3
5.5 Data Volumes 3
5.6 Data Authentication 3
5.7 Data Dictionary 3
6 SECURITY OF TRANSMITTED DATA 3
6.1 Protected Data 3
6.2 Encryption and Decryption Methods 3
6.3 Session Establishment 3
6.4 Key Management 3
6.4.1 Acquirer Working Key Distribution 3
7 OPERATIONAL PROCEDURES 3
71 Processing Cycles 3
7.2 Security Procedures 3
7.3. Fallback Procedures 3
7.4 Control 3
8 APPENDIXA 3
8.1 Response Codes 3
8.2 Reversal Reason Codes 3
9 APPENDIX B 3
Created on 30/06/2008 Version 4.0 Page 7 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
2 Introduction
2.1 Purpose
The purpose of this document is:
e To specify the interface between the NBX and CAPO systems using ISO 8583 (1987), [Ref. 1].
* To provide the development teams with sufficient detail to develop the NBX - CAPO interface.
* To provide a consistent communications vehicle amongst the development teams who have
responsibility for developing the various components comprising the application.
2.2 Scope
This document applies to the interface between the NBX and CAPO only. It includes only those financial
transaction messages and network messages sufficient to support the financial services being delivered by
CAPO via the NBX.
2.3 Structure
Section 3 contains a high level overview of the NBX — CAPO interface and its context.
Section 4 contains a detailed description of the messages to be exchanged, and the derivation and use of the
exchanged data items. All data items exchanged are specified in ISO 8583 (1987), [Ref. 1].
Section 5 contains details of the data transfer.
Section 6 contains details of security of the exchanged data items. This section identifies the security needed
for each data item (e.g. encryption) and details of the method to be used.
Section 7 contains any relevant details of operational procedures relating to the interface.
2.4 Terms and Abbreviations
Not used.
Created on 30/06/2008 Version 4.0 Page 8 of 52
© Post Office™ 2004-2008 DRAFT
CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project:
Doc Ref:
FUJ00002066
FUJ00002066
EMV - Banking and Retail
NB/IFS/025
3 Overview of the Interface
3.1 Data Description
The following messages are exchanged over the NBX - CAPO interface:
NBX
Message ID
Description
Direction
IR3]
Authorisation / Financial Transaction Request:
* Balance Enquiry (0100)
« Withdrawal with Balance (0200)
e Withdraw Limit (0200). Also sometimes referred
to as “Withdraw All”.
« Withdrawal Correction (0200)
* PIN Change (0100)
NBX > CAPO
(A1]
Authorisation/Financial Transaction Request
Response:
e Balance Enquiry Response (0110)
e Withdrawal with Balance Response (0210)
e Withdraw Limit Response (0210)
e Withdrawal Correction Response (0210)
« PIN Change Response (0110)
Each of the above will have a response code that
indicates approve or decline with reason and any
required action (e.g. card retention).
CAPO -> NBX
(E1]
Reversal Request:
e Acquirer Reversal Request (0420)
e Acquirer Reversal Request Repeat (0421)
NBX -> CAPO
{E2]
Acquirer Reversal Request Response Message
(0430)
CAPO -> NBX
0500/0510
Reconciliation control messages.
These messages are to be excluded.
NBX -> CAPO
CAPO > NBX
Created on 30/06/2008
© Post Office™ 2004-2008
Version 4.0
DRAFT
Page 9 of 52
CAPO Application Project:
Interface Specification
COMMERCIAL IN CONFIDENCE
Doc Ref:
FUJ00002066
FUJ00002066
EMV - Banking and Retail
NB/IFS/025
0620
Administration Advice (0620)
Administration Advice messages (0620) are sent
to/from CAPO when a received message cannot be
de-blocked, in order to initiate manual investigation
of a problem by either CAPO or the NBX
NBX
CAPO
>
CAPO
NBX
0800
Network Management Request (0800):
e Handshake (also known as Echo tests)
e Logon / Logoff (also known as Sign on / Sign off)
e Security Key Change
NBX
>
CAPO
0810
Network Management Request Response (0810)
CAPO
NBX
REC
Reconciliation File
(The REC settlement file and the conditions under
which it is sent from the NBX to CAPO are
addressed in the NBX — FI Reconciliation and
Settlement, [Ref. 4]. )
NBX
>
CAPO
Created on 30/06/2008 Version 4.0
© Post Office™ 2004-2008 DRAFT
Page 10 of 52
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
3.2 Derivation and Use of Data
The messages listed in section 3.1 are generally exchanged as a result of a transaction initiated either by a
clerk at a Post Office outlet or by CAPO. The NBX acts as a message router, filtering messages based on
business rules and transforming received messages into the appropriate format for forwarding to the next
system in the message sequence.
The following table shows the derivation and use of each message exchanged between the NBX and CAPO in
terms of the received message that causes each NBX - CAPO message to be exchanged, and the transmitted
message resulting from the NBX - CAPO message exchange:
Message Sequence
Horizon Horizon NBX CAPO
Outlet Campus
IR]> [R2] > 0100/0200
[R3] >
< [A3] < [A2] =
0110/0210
[At]
[Co] > Expedi 0420/0421
ted {E1]>
[c2] >
< 0430
{E2)
The messages exchanged over this interface relating to reconciliation and settlement are initiated by the NBX.
Security key exchange messages are initiated by the NBX and acknowledged by CAPO. The NBX will send a
new working key, for each of its Pls, to CAPO at least once in every 24-hour period. The business processes
with respect to these messages are addressed in section 6.4. The following table shows a high-level
description of the security messages exchanged between CAPO and the NBX. The full list of 0800 messages
initiated by the NBX, and acknowledged by a 0810 response from CAPO, can be found in section 4.2.12.
Message Sequence
Horizon Horizon NBX CAPO
Outlet Campus
0800 (Logon >
071)
0810
+It
0800 (Key
Change -
Acquirer
zone code
161)
0810
+ft
0800 (Key
Change -
Created on 30/06/2008 Version 4.0 Page 11 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specification
Pt Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Acquirer
zone code
161)
< 0810
Logoff messages are initiated by the NBX and acknowledged by CAPO, as shown in the following table.
Message Sequence
Horizon
Outlet
Horizon
Campus
NBX
CAPO
0800 (Logoff
072)
0810
Handshake messages are ini
itiated by the NBX and
acknowledged by CAPO, as shown in the following table.
Message Sequence
Horizon Horizon NBX CAPO
Outlet Campus
0800
(Handshake
361)
= 0810
Administration Advice messages are sent from NBX to CAPO when a received message cannot be deblocked
or when a message fails syntax checking, in order to initiate manual investigation of a problem by either
CAPO or the NBX. CAPO will not generate Administration Advice messages, but NBX will correctly handle
their receipt. The following table shows the possible message flows.
Message Sequence
Horizon
Outlet
Horizon
Campus
NBX
CAPO
0620
+It
3.3 Non Computer Data
All data being transported across this interface is originated/received from a connected computer system or
from reference data (supplied by the Post Office Limited RDS or held internally within the NBX).
Created on 30/06/2008
© Post Office™ 2004-2008
Version 4.0
DRAFT
Page 12 of 52
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4 Data Items
4.1 Data Item List
4.1.1. General Message Element Definitions and Abbreviations
The following section summarises the list of CAPO Message Elements for each group of transactions, together
with which message(s) they are present in. Each message is classified and identified using the RAC (Request
/ Authorise / Confirm) model. Each message element references the corresponding ISO 8583 bitmap position.
The ISO 8583 bit map reference has been included for ease of reference.
The abbreviations used to describe the format and attribute of each data element (DE) and Data Sub-
elements are shown in the following table (taken from ISO 8583 (1987), [Ref. 1]):
Notation IExplanation
a Alphabetic characters only (mixed case)
in Numeric Digits only
is Special characters
an Alphabetic (mixed case) or Numeric characters
as Alphabetic (mixed case) or Special characters
ins Numeric or Special characters
ans Alphabetic (mixed case), Numeric or Special characters only
DDB Day
IMM. Month
had Year
hh Hour
mm Minutes
Iss. Seconds
LL Length of variable field that follows represented using two characters
LLL Length of variable field that follows represented using three characters
VAR, Variable length field
3 Fixed length field (e.g. 3 characters in this example)
10 Variable length field (e.g. up to a maximum of 10 characters in this example). LL
‘or LLL to indicate the actual length of the field will prefix all variable length fields.
Ih hexadecimal representation of the data
iz track 2 data as defined by ISO 7811 and ISO 7813
x Sign — C (credit) or D (debit)
The Field Size column gives the number of characters (octets) required for the data item, as shown in the
table below.
Abbreviation I Description
3 Fixed Length field. Numeric fixed length fields are right justified and zero
padded. Fixed length string fields are left justified and space padded.
10 Variable length field (up to a maximum of 10 characters in this example).
Notes:
e Fixed length numeric fields are unpacked, right justified and zero filled.
e Fixed length alphanumeric fields are left justified and space filled.
The “Required” column indicates whether the field is Mandatory or Conditional for the messages defined in this
AIS. For conditional fields, the field description should indicate under what circumstances the data for the field
should be populated or omitted from the message.
Created on 30/06/2008 Version 4.0 Page 13 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
° CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
The “Description” column contains a brief description of the field, as used in the messages defined in this AIS,
together with any additional comments.
CAPO will operate in Mixed case, and will not validate the Alphabetic characters for case in any field.
However, where data is echoed or copied in messages, the echoed/copied fields should be in the same case
as the original field.
The POCA Servers and the NBX Servers both use the ASCII English character set (CCSID = 437).
Created on 30/06/2008 Version 4.0 Page 14 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
4.1.2. Messages Data Elements
The ISO 8583 (1987) Data Elements exchanged within messages over this interface are listed below. A fuller description is given in the ISO 8583 (1987)
Standard, [Ref. 1]. Note that data elements pertaining to the tertiary bitmap are not used on this interface.
1SO 8583 (1987) Data IBitmapI Format I Attribute] Field I Source IDescription Required
Element Ref. Size
{R3] I [R3] I [At] {A1] I [E1] I {€2] I 0620 I 0800 I 0810
0100 I 0200] 0110 I 0210 I 0420 I 0430
10421
JAccount Identification 1 102 ans 28 Not used by NBX
IAccount Identification 2 103 ans 28 Not used by NBX
/Acquiring Institution 019 n 3 Not required for NBX transactions
Country Code
JAcquiring institution 032 I LLvaRI on 11. I NBX from ICode identifying the Acquirer (Post Office Limited), set to um IuI om m [mu]
Identification Code Ref Data 2200040000
IAdditional Amounts 054 ILLLVARI an 120 I Bank IThe Ledger and Available balances if the request was c c
lauthorised (Response Code=00), or declined because of
insufficient funds (Response Code=51), in the following
format:
Account Type (n2) = 00 (Funding (default) account)
Amount Type (n2) = 01 (Account ledger balance)
ICurrency Code (n3) = 826 (GB Pounds) or 978 (Euros)
Amount (x+n12), where x = 0, C (Credit amount) or D (Debit
lamount)
IAccount Type (n2) = 00 (Funding (default) account)
Amount Type (n2) = 02 (Account available balance)
ICurrency Code (n3) = 826 (GB Pounds) or 978 (Euros)
Amount (x+n12), where x = 0, C (Credit amount) or D (Debit
lamount)
Not required for PIN Change transaction
[This usage of the field is an extension to the base ISO
18583(1987) standard, (Ref. 1].
CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002066
FUJ00002066
Additional Response Data 044 I LLVAR an 25 Bank I Mandatory if Response Code=30. Positions 1-3 are the bit
number of the field in error.
This usage of the field is an extension to the base ISO
18583(1987) standard, (Ref. 1]
Advice / Reversal Reason 060 I LLLVAR an =) NBX __IThis field will only be used for reversal reason.
Cod
° Bytes 1-2 will always be set to 80
Bytes 3-4 will be used to give a meaningful reason for the
reversal. See Appendix A for the list of Reversal Reason
ICodes.
The remaining bytes will not be transmitted
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1]
Amount, Cardholder Billing I 008 n 8 Not required
Fee
/Amount, Settlement 005 n 12 Not required.
Amount, Transaction 004 n 12 I Clerk at [Decimal amount in smallest unit of the specified currency
Outlet I(ie. GBP pence or EUR cents)
Not required for Balance Enquiry or PIN Change.
For Withdraw Limit, this will be set to the Product Limit,
passed by Horizon in the Maximum_Withdrawal message
lelement
Amount, TransactionFee I 028 I x+n8 I an 9 Not required.
Amount, Transaction 030 I x+n8 I an 9 Bank Used to indicate the fee charged by CAPO. If no fee is to be
Processing Fee Icharged, the field will be set to zero
This usage of the field is an extension to the base ISO
18583(1987) standard, (Ref. 1]
[Approval Code Length 027 n 1 Not required.
JAuthorisation Identification I 038 an 6 ICAPO will issue an authorisation number for every
Response {transaction processed, and will want it returned in 0420/0421
processing requests.
lAuthorisation Identification I 027 n 1 Not required as the Authorisation Identification Response
Response Length length is to always be set to 6 characters.
Created on 30/06/2008 Version 4.0 Page 16 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
Interface Specification
i Doc Ref: —_NB/IFS/025
COMMERCIAL IN CONFIDENCE
ICard Acceptor Name / 043 ans 40 I NBX from IFirst 40 characters of outlet address in format: mM I M M
Location Ref Data [01.23 first 23 characters of Name and Address
(= first 23 chars of ADDRESS 1)
124-36 first 13 characters of City
(= first 13 characters of ADDRESS 4)
37-38 spaces
139-40 spaces
Icard Acceptor Terminal I 041 ans 8 [Outlet fromIComprises 6 digit outlet id (group_id) + 2 digit terminal id ui[u[ mu [uM] uM I
Identification system I(node_id)
Card Sequence Number I 023 n 3 Not required
Conversion Rate, 009 n 8 Not required
[Settlement
Currency Code, Settlement I 050 an 3 Not required
Currency Code, 049 an 3 I Clerk at [Only 826 (GBP) will be accepted by CAPO initially. NBX wil I wo I m I wc I mM I mM I M
Transaction outlet translate GBP code received from Horizon to 826 (using ISO
14217 standard) for CAPO. Other values (e.g. 978/EUR) may
lbe added to Currency Code CPF Table if required at a later
date, and willbe translated in the same way.
Date, Conversion 016 n 4 Not required
Date, Expiration 014 n 4 Not required
Date, Local Transaction I 013 I MMDDI n 4 IOutiet fromIAs printed on receipt, transaction request date in Local Time.I M I mM I m I mM I mM I M
System
Date, Settlement os I MMDD I on 4 NBX —_NBX always set the Settlement Date. Set to system date if M mM I mio
before settlement cutover time (from Ref Data), or system
date +1 if after settlement cutover time.
This usage of the field is an extension to the base ISO
8583(1987) standard, (Ref. 1].
Forwarding Institution 021 n 3 Not required.
Country Code
Forwarding Institution 033 n 14 INot required, since NBX is an Acquirer
identification Code
‘ Conditional on ICC point of service
Created on 30/06/2008 Version 4.0 Page 17 of 52
© Post Office™ 2004-2008 DRAFT
CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002066
FUJ00002066
ICC Data 055 h 510 Mandatory where point of service entry mode (bit 022), digits I 'C
4 and 2 = 05
ICC Data elements for this bit field are in Appendix B.
Info Text 124 ILLLVARI ans 255 I Sender IContains the first 255 bytes of the message rejected by the
Isender (either NBX or CAPO).
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1]
Message Security Code I 096 an 8 Sender IPassword to network management requests c
Required for key change, logon and logoff
Note — Not used by CAPO
Network Intemational 024 n 3 Not required.
identifier
Network Management 125 ILLLVARI ans 60 I Sender IAdditional information required for key change and c
Information Verification. Positions 01-32=32 byte working key (encrypted
lunder the Acquirer Zone Master Key using Atalla variant 1),
133-36=check value (4 bytes), 37-38 check value padding
(zeroes),39-60 Spaces (optional)
[Note - 4 byte check value used because Atalla only returns
4 bytes)
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1]
Network Management 070 n 3 ICodes to be used for 0800/0810 messages are defined in M IoM
Information Code section 4.2.12
New PIN (Reserved for 123 ILLLVARI ans 999 I Customer IThis field will be used to hold the Customer choice of new c
Private Use) at Outlet IPIN on PIN Change. Positions 1-2 set to Authorization
'Type=NP, positions 3-18 set to the new PIN (encrypted usingI
ISO 9564-1 Format 0 as defined in ANSI X9.8).
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1]
* Conditional on ICC point of service
Created on 30/06/2008 Version 4.0 Page 18 of 52
© Post Office™ 2004-2008 DRAFT
CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002066
FUJ00002066
Original Data Elements 090 n 42 NBX — ISet by NBX to be a concatenation of the following five data
lelements from the original 0100/0200 message:
Message Type Identifier (n4),
Systems Trace Audit Number (n6),
Transmission Date and Time (n10),
[Acquiring Institution Identification Code (n11),
Forwarding Institution Identification Code (n11, and set to
100000000000 for CAPO)
Personal Identification 052 h 16 IOutlet fromICustomer PIN Entered by customer & encrypted using ISO
Number (PIN) Data. customer I9564-1 Format 0 as defined in ANSI X9.8.
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 4].
Point of Service Condition I 025 n 2 Outlet [The value should initially always be 00.
Code
Point of Service Data 061 ans 20 Nor eae
Point of Service Entry Mode] 022 n 3 Outlet fromIDigits 1-2 will be
system I, (Manual entry) or
105 (ICC entry (including track 2 read and transmitted) or
190 (Mag Stripe, Track 2 read and fully transmitted)
Digit 3 = 1 (PIN entry capability),
Point of Service PIN 026 n 2 Not appropriate to messages passed on this interface - POS
Capture Code Transactions Only
Primary Account Number 002 I LLVAR n 19 ‘System or IEither extracted from Track 2 data or entered manually.
Clerk at
Outlet
Primary Account Number, 034 ns 28 INot required.
Extended
Primary Account Number I 020 a a Not required - foreign currency transactions are not
Extended, Country Code supported by NBX
Created on 30/06/2008 Version 4.0 Page 19 of 52
© Post Office™ 2004-2008
DRAFT
CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002066
FUJ00002066
Processing Code
003
6 NBX
Derived by NBX from Txn_type passed by Horizon, NBX will
set digits 1 and 2 to 01 for Withdrawal with Balance, 91 for
Withdraw Limit, 90 for PIN Change and 31 for Balance
Enquiry. Digits 3 to 6 will be set to zero (default). For
Withdrawal Correction will be set to 210909. All 6 digits
passed by NBX and CAPO.
Receiving Institution
Country Code
068
INot required - foreign currency transactions are not
supported by NBX
Receiving Institution
identification Code
100
Not required.
Response Code
039
an
ICode indicating transaction step outcome. Source dependent
lon transaction type. See Appendix A for the list of Response
Codes.
Retrieval Reference
Number
037
an
12 NBX
IAdditional transaction identifier, assigned by NBX. It will be
lunique for a terminal ID, at least within 10 years.
Bytes 01-04 set to date (YDDD)
Byte 05 set to value A or B (upper or lower case) to record
which of two agents processed the message (the case
differentiates between instances of the agent)
Digit 06 set to value 0 through 3 (being agent hash value
lused in routing transactions)
Digits 07-12 set to a 6-digit cycling number generated at each
counter
ISystems Trace Audit
Number
ont
6 NBX
Transaction identifier, assigned by NBX within the request,
and included in all subsequent messages relating to that
transaction ({A1] response and [E1] / [£2] reversal
messages)
The STAN is a 6 digit numeric field 0 to 999999. Each PI
Imanages its own STAN which increments by one to provide aI
[sequential identifier for each message. The STAN may cycle
within the day but will be unique within the period of the NBX
PI context fle
EBT does not use this field directly, but it is used by
Citibank’s back office operations’ tracking systems.
IGaps in the STAN sequence have no significance (and thus
will not cause alerts in EBT)
Time, Local Transaction
012
hhmmss
6 Outlet from
System
[As printed on receipt, transaction request time in Local Time
Created on 30/06/2008
© Post Office™ 2004-2008
Version 4.0
DRAFT
Page 20 of 52
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specification
i Doc Ref: —_NB/IFS/025
COMMERCIAL IN CONFIDENCE
Transmission Date and 007 IMMDDhI on 10 I Sender IDate and time of transmission of the message (not carried MfoM
Time hmmss forward from previous messages)
Track 2 Data 035 I LLVAR z 37 I Outlet fromIMandatory if track 2 data available (card successfully swiped
card or ICC processed).
Track 2 data does not include the start/end sentinels nor the
LC (longitudinal redundancy check)
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1]
Created on 30/06/2008 Version 4.0 Page 21 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
4.2 Data Interpretations
This section contains the definition of each message type to be sent over this interface. The Message
Element column lists those elements required for the message, and relate to the list in Section 4.1.2.
The Required column in the message definition tables within this section contain the following codes:
Code Meaning
M The element is mandatory and must be present in this message
c The element is conditional for this message, and the condition to be applied is
stated in the Conditions column. If the condition is true, the element must be
present in the message; otherwise the element must not be present in the
message. It should be noted that the receiving system may not be able to
assess whether the condition has been met, in which case it must be able to
interpret the presence or non-presence of the element according to appropriate
business rules.
The Conditions column lists the conditions for inclusion of a conditional message element; inclusion of the
element may depend on details of the transaction type, or simply whether the data is available to the sending
system.
Where Message Elements exist in the ISO8583 standard (1987 Version), [Ref. 1] as either Mandatory or
Conditional, but are not required for the CAPO interface, they have been included in the message definition
tables, but have been shaded out and labelled as “Not required”.
It is essential that developers of this interface also refer to ISO 8583 (1987), [Ref. 1] and the Horizon - Card
Account Mapping, [Ref. 3] for further details of data derivation and use. The message definitions do not
explicitly show the bitmaps as individual message elements, because they are an essential part of the ISO
8583 (1987) transfer structure. However, all messages passed over this interface will include bitmap 1.
Bitmaps will be formatted as binary.
CAPO Application
Interface Specification
FUJ00002066
FUJ00002066
Project: EMV - Banking and Retail
Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.1
4.2.1.2
4.2.1.1 Overview
[R3] - Balance Enquiry
This message is sent by the NBX to CAPO. The message requests a Balance Enquiry transaction.
The [R3] Balance Enquiry message maps to the following ISO message:
e 0100 - Authorisation Request
Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number 002 M
Processing Code 003 310000 for Balance Enquiry.
‘Amount, Transaction (004 Not required
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration 014 Not required
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Point of Service Entry Mode 022 M
Card Sequence Number 023 Not required
Point of Service Condition Code 025 M
Point of Service PIN capture code 026 Not required.
‘Approval Code Length 027 Not required
‘Amount Transaction Fee 028 Not required.
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required,
Code
Primary Account Number, Extended 034 Not required,
Track-2 Data 035 c Mandatory if track data is available (ICC processed or
card successfully swiped)
Retrieval Reference Number 037 M
Card Acceptor Terminal Identification 041 M
Card Acceptor Name / Location 043 M
Curreney Code, Transaction 049 M
Personal Identification Number (PIN) 052 M
Data
ICC Data 055 Cc Mandatory if ICC processed
Point of Service Data 061 Not required,
Receiving Institution Country Code 068 Not required
Receiving Institution Identification 100 Not required.
Code
Created on 30/06/2008 Version 4.0 Page 23 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.2 [R3] - Financial Transaction Request - Withdrawal
4.2.2.1 Overview
This message is sent by the NBX to CAPO. The message requests a financial transaction of one of
the following types:
¢ Withdrawal with Balance.
¢ = Withdraw Limit.
The [R3] Financial Transaction Request message maps to the following ISO message:
e 0200 - Financial Transaction Request.
4.2.2.2 Message Definition
Message Element Bitmap Required I Notes/ Conditions
Reference
Primary Account Number (002 M
Processing Code 003 M 010000 for Withdrawal with Balance.
910000 for Withdraw Limit.
‘Amount, Transaction 004 M Requested Amount for “Withdrawal with Balance”.
For “Withdraw Limit’, this will be set to the Product
Limit
Amount, Settlement 005 Not required.
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required,
‘Systems Trace Audit Number on M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration 014 Not required,
Date, Settlement 015 M
Date, Conversion 016 Not required,
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding institution Country Code 021 Not required.
Point of Service Entry Mode 022 M
Card Sequence Number 023 Not required,
Point of Service Condition Code 025 M
Point of Service PIN Capture Code 026 Not required,
‘Authorisation Identification Response 027 Not required.
Length
‘Amount, Transaction Fee 028 Not required.
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required
Code
Primary Account Number, Extended 034 Not required
Track-2 Data 035 c Mandatory if track data is available (ICC processed or
card successfully swiped),
Retrieval Reference Number 037 M
Response Code 039 Not required,
Card Acceptor Terminal Identification 044 M
Card Acceptor Name / Location 043 M
Currency Code, Transaction 049 M
Currency Code, Settlement 050 Not required.
Personal Identification Number (PIN) 052 M
Data
ICC Data 055 Cc Mandatory if ICC processed
Point of Service Data 061
Receiving Institution Country Code 068 Not required.
Created on 30/06/2008 Version 4.0 Page 24 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specification
Pt Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Receiving Institution Identification 700 Not required,
Code
Account Identification 4 102 Not required,
Account Identification 2 103, Not required.
Created on 30/06/2008 Version 4.0 Page 25 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.3 [R3] - Financial Transaction Request -— Withdrawal Correction
4.2.3.1 Overview
This message is sent by the NBX to CAPO. The message requests a cash deposit transaction —
known at the counter as Withdrawal Correction. It is intended for use as a correction of a previous
withdrawal, but no dependencies are imposed on the interface with respect to the ordering of such
transactions. Entry of the PIN by the customer is required.
The [R3] Financial Transaction Request message maps to the following ISO message:
e 0200 - Financial Transaction Request.
Note, however, the processing code specifies deposit, but with non-standard source and destination
accounts. Both are selected as 09, which is “default - reserved for private use” per ISO 8583-1:2003;
see A17.2, table A.23.
4.2.3.2 Message Definition
Message Element Bitmap Required] Notes / Conditions
Reference
Primary Account Number (002 M
Processing Code (003 M 210909 for cash deposit.
Amount, Transaction 004 M
‘Amount, Settlement 005 Not required.
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required,
Systems Trace Audit Number on M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration 14 Not required.
Date, Settlement 015 M
Date, Conversion 016 Not required:
Acquiring institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 024 Not required.
Point of Service Entry Mode 022 M
Card Sequence Number 023 Not required.
Point of Service Condition Code 025 M
Point of Service PIN Capture Code 026 Not required.
‘Authorisation Identification Response 027 Not required.
Length
‘Amount, Transaction Fee 028 Not required.
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required,
Code
Primary Account Number, Extended 034 Not required,
Track-2 Data 035 Cc Mandatory if track data is available (ICC processed or
card successfully swiped).
Retrieval Reference Number 037 M
Response Code 039 Not required
Card Acceptor Terminal Identification 041 M
Card Acceptor Name / Location 043 M
Currency Code, Transaction 049 M
Currency Code, Settlement 050 Notrequired
Personal Identification Number (PIN) 052 M
Data
ICC Data 055 ¢c Mandatory if ICC processed
Point of Service Data 061
Receiving Institution Country Code 068 Not required
Receiving Institution Identification 100 Not required.
Code
Created on 30/06/2008 Version 4.0 Page 26 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interfe Ss ificatic
ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
‘Account Identification 4 702 Not required,
Account Identification 2 103, Not required.
Created on 30/06/2008 Version 4.0 Page 27 of 52
© Post Office™ 2004-2008 DRAFT
CAPO Application
Interface Specification
FUJ00002066
FUJ00002066
Project: EMV - Banking and Retail
Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.4
4.2.4.2
[R3] - PIN Change
4.2.4.1 Overview
This message is sent by the NBX to CAPO. The message requests a PIN Change transaction.
The [R3] PIN Change message maps to the following ISO message:
e 0100 - Authorisation Request.
Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number 002 M
Processing Code (003 900000 for PIN Change
‘Amount, Transaction 004 Not required,
Transmission Date and Time 007 M
‘Systems Trace Audit Number On M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration 014 Not required
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Point of Service Entry Mode 022 M
‘Card Sequence Number 023 Not required,
Point of Service Condition Code 025 M
Point of Service PIN capture code 026 Not required.
‘Approval Code Length 027 Not required.
‘Amount, Transaction Fee 028 Not required
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required.
Code
Primary Account Number, Extended 034 Not required.
Track-2 Data 035 Cc Mandatory if track 2 data is available (ICC processed
or card successfully swiped).
Retrieval Reference Number 037 M
Card Acceptor Terminal Identification 4 M
Card Acceptor Name / Location 043 M
Currency Code, Transaction 049 ie) Omitted by NBX.
Personal Identification Number (PIN) 052 M The “old” PIN
Data
ICC Data 055 Cc Mandatory if ICC processed
Point of Service Data 061
Receiving Institution Country Code 068 Not required.
Receiving Institution Identification 100 Not required.
Code
New PIN (Reserved for Private Use) 123, M The "new" PIN.
Created on 30/06/2008 Version 4.0 Page 28 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specification
Pt Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.5 [A1] - Balance Enquiry Response
4.2.5.1 Overview
This message is sent by CAPO to the NBX. The message contains a Balance Enquiry request
response.
The [A1] Balance Enquiry Response message maps to the following ISO message:
e 0110 - Authorisation Request Response.
4.2.5.2 Message Definition
Message Element Bitmap Required I Noles / Conditions
Reference
Primary Account Number 002 M Echoed from the request message.
Processing Code 003 M Echoed from the request message.
‘Amount, Transaction 004 Not required.
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M Echoed from the request message.
Time, Local Transaction 012 M Echoed from the request message.
Date, Local Transaction 013 M Echoed from the request message.
‘Acquiring institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required
Country Code
Forwarding Institution Country Code 021 Not required
‘Network international identifier 024 Not required.
Point of Service Condition Code 025 M Echoed from the request message.
‘Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M Echoed from the request message.
Code
Forwarding Institution Identification 033 Not required,
Code
Primary Account Number, Extended 034 Not required.
Retrieval Reference Number 037 M Echoed from the request message.
Authorisation Identification Response 038 M
Response Code 039 M
Card Acceptor Terminal Identification 041 M Echoed from the request message.
Additional Response Data 04a Cc Mandatory if Response Code=30 (field in error)
Currency Code, Transaction 049 M
‘Additional Amounts 054 c The Available and Ledger balances if request was
successful
Receiving Institution Country Code 068 Not required.
Receiving institution identification 100 Not required.
code
Created on 30/06/2008 Version 4.0 Page 29 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.6 [A1] - Financial Transaction Response - Withdrawal
4.2.6.1 Overview
This message is sent by CAPO to the NBX. The message contains a Financial Transaction request
response.
The [A1] Financial Transaction Request Response message maps to the following ISO message:
e 0210 - Financial Transaction Request Response.
4.2.6.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number. 002 M Echoed from the request message.
Processing Code 003 M Echoed from the request message.
‘Amount, Transaction 004 M Echoed from the request message, except for an
approved “Withdraw Limit” transaction, where this will
be set to the amount authorised by CAPO
Amount, Settlement 005, Not required.
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required.
Systems Trace Audit Number O11 M Echoed from the request message.
Time, Local Transaction 012 M Echoed from the request message.
Date, Local Transaction 013 M Echoed from the request message.
Date, Settlement 015 M Echoed from the request message.
Date, Conversion 016 Not required.
Acquiring Institution Country Code. 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Card Sequence Number 023 Not required.
Network International identifier 024 Not required.
Point of Service Condition Code 025, M Echoed from the request message.
Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M Echoed from the request message.
Code
Forwarding Institution Identification 033 Not required.
Code
Primary Account Number, Extended 034 Not required.
Retrieval Reference Number 037 M Echoed from the request message.
Authorisation Identification Response 038 M
Response Code 039 M.
Card Acceptor Terminal Identification 041 M Echoed from the request message.
Additional Response Data 044 Cc Mandatory if Response Code=30 (field in error)
Currency Code, Transaction 049 M Echoed from the request message.
Currency Code, Settlement 050 Not required.
Additional Amounts 054 c The Available and Ledger balance information if the
request was authorised, or declined because of
insufficient funds.
Receiving Institution Identification 100 Not required.
Code
Account Identification 1 102 Not required.
Account Identification 2 103 Not required.
4.2.7. [A1] - Financial Transaction Response — Withdrawal Correction
4.2.7.1 Overview
This message is sent by CAPO to the NBX. The message contains a Financial Transaction request
response.
Created on 30/06/2008 Version 4.0 Page 30 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
The [A1] Financial Transaction Request Response message maps to the following ISO message:
e 0210 - Financial Transaction Request Response.
4.2.7.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number 002 M Echoed from the request message.
Processing Code 003 M Echoed from the request message.
‘Amount, Transaction 004 M Echoed from the request message.
‘Amount, Settlement 005 Not required.
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required,
‘Systems Trace Audit Number on M Echoed from the request message.
Time, Local Transaction 012 M Echoed from the request message.
Date, Local Transaction 013 M Echoed from the request message.
Date, Settlement 015 M Echoed from the request message.
Date, Conversion 016 Not required.
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Card Sequence Number 023 Not required,
‘Network international Identifier 024 Not required.
Point of Service Condition Code 025 M Echoed from the request message.
‘Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M Echoed from the request message.
Code
Forwarding Institution Identification 033 Not required.
Code
Primary Account Number, Extended 034 Not required
Retrieval Reference Number 037 M Echoed from the request message.
‘Authorisation Identification Response 038 M
Response Code 039 M
Card Acceptor Terminal Identification 041 M Echoed from the request message.
‘Additional Response Data 044 Cc Mandatory if Response Code=30 (field in error)
‘Currency Code, Transaction 049 M Echoed from the request message.
Currency Code, Settlement 050 Not required.
‘Additional Amounts 054 c ‘The Available and Ledger balance information if the
request was authorised or the following errors
returned: 83 - 86, 14 & 58.
Receiving Institution Identification 100 Not required
Code
Account Identification 1 102 Not required.
Account Identification 2 103 Not required.
Created on 30/06/2008 Version 4.0 Page 31 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.8 [A1]- PIN Change Response
4.2.8.1 Overview
This message is sent by CAPO to the NBX. The message contains a PIN Change request response.
The [A1] PIN Change Response message maps to the following ISO message:
e 0110 - Authorisation Request Response.
4.2.8.2 Message Definition
Message Element Bitmap Required] Notes / Conditions
Reference
Primary Account Number 002 M Echoed from the request message.
Processing Code (003 M Echoed from the request message.
‘Amount, Transaction 004 Not required.
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M Echoed from the request message.
Time, Local Transaction 012 M Echoed from the request message.
Date, Local Transaction 013 M Echoed from the request message.
Acquiring Institution Country Code: 019 Not required.
Primary Account Number Extended, 020 Not required
Country Code
Forwarding Institution Country Code 021 Not required.
‘Network international Identifier 024 Not required.
Point of Service Condition Code 025 M Echoed from the request message.
‘Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M Echoed from the request message.
Code
Forwarding Institution Identification 033 Not required,
Code
Primary Account Number, Extended 034 Not required.
Retrieval Reference Number 037 M Echoed from the request message.
Authorisation Identification Response 038 M
Response Code 039 M
Card Acceptor Terminal Identification 041 M Echoed from the request message.
Additional Response Data 04a Cc Mandatory if Response Code=30 (field in error)
Currency Code, Transaction 049 Cc Echoed from the request message if present.
Receiving Institution Country Code 068 Not required.
Created on 30/06/2008 Version 4.0 Page 32 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
° CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.9 [E41] - Reversal Request
4.2.9.1 Overview
This message is sent by the NBX to CAPO when a financial transaction that has been processed by
the issuer needs to be reversed.
The [E1] message maps to the following ISO messages:
e 0420 - Reversal Request
e 0421 - Reversal Repeat.
Reversal [E1] messages are generated by the NBX. These are only sent to the Fl to reverse a previously
authorised Accept transaction (i.e. [A1]) according to the following conditions:
e The Authorisation [A‘] is late (i.e. is received after the Agent timeout period has been exceeded)
e The transaction outcome at the counter is different to the Authorisation response received at the
counter ([A3]) (e.g. clerk declines to proceed due to suspected fraud)
e The transaction outcome at the counter is indeterminate (e.g. counter has timed out waiting for
response, or ICC failed to complete any script processing)
Reversals [E1] can only be generated when the [A1] message to be reversed can be matched against a
[R3] request.
The NBX prevents duplicate 0420 messages being sent to the Fl.
Reversal Requests may be sent up to a period, which shall be configurable and shall be set initially to
5 days, after the original transaction to which it refers.
Note that partial reversals are not supported over this interface. PIN Change reversals are also not
supported.
4.2.9.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number 002 M
Processing Code (003 M Copied from the [Aq]
‘Amount, Transaction 004 M
‘Amount, Settlement (005 Not required,
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required,
‘Systems Trace Audit Number O11 M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration 014 Not required
Date, Settlement 015 M Copied from the [R3]
Date, Conversion 016 Not required
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Point of Service Entry Mode 022 M
Card Sequence Number 023 Not required.
Point Of Service Condition Code 025 M
Point Of Service PIN Capture Code 026 Not required.
Created on 30/06/2008 Version 4.0 Page 33 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
‘ CAPO Application Project: EMV - Banking and Retail
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
‘Amount Transaction Fee 028 Not required,
‘Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required
Code
Primary Account Number, Extended 034 Not required
Track-2 Data 035 c Mandatory if track data is available (ICC processed or
card successfully swiped),
Retrieval Reference Number 037 M
Authorisation Identification Response 038 M
Card Acceptor Terminal Identification 041 M
Card Acceptor Name/Location 043 M
Currency Code, Transaction 049 M
Curreney Code, Settlement 050 Not required.
Personal Identification Number (PIN) 052 Not required
Data
ICC Data 055 May be present but is not required.
Advice/Reversal Reason Code 060 M
(Reserved Private)
Point of Service Data 061
Receiving Institution Country Code 068 Not required.
Original Data Elements. (090 M
Replacement Amounts (095 Not required.
Receiving Institution Identification 100 Not required
Code
Account Identification 1 102 Not required.
Account Identification 2 103, Not required.
Created on 30/06/2008 Version 4.0 Page 34 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.10 [E2] - Reversal Request Response
4.2.10.1 Overview
This message is sent by CAPO to the NBX in response to a reversal request from the NBX.
Reversal [E1] messages are “must deliver” messages. If an [E2] Reversal Response from the FI is not
received within a configurable period, a [E1] Reversal Repeat is sent subject to not exceeding a
configurable number of retries / elapsed time.
The [E2] message maps to the ISO message 0430 — Reversal Request Response.
4.2.10.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Processing Code 003 M Echoed from the 042x message.
‘Amount, Transaction 004 M
Transmission Date and Time (007 M
Conversion Rate, Settlement 009 Not required
‘Systems Trace Audit Number on M Echoed from the 042x message.
Time, Local Transaction 012 M Echoed from the 042x message.
Date, Local Transaction 013 M Echoed from the 042x message.
Date, Settlement 015 M Echoed from the 042x message.
Date, Conversion 016 Not required.
‘Acquiring institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 024 Not required.
Card Sequence Number 023 Not required
‘Network International Identifier 024 Not required,
Point of Service Condition Code 025 M Echoed from the 042x message.
‘Amount, Transaction Fee 028 Not required.
‘Acquiring Institution Identification 032 M Echoed from the 042x message.
Code
Forwarding Institution Identification 033 Not required
Code
Primary Account Number, Extended 034 Not required,
Retrieval Reference Number 037 M Echoed from the 042x message.
Response Code 039 M Will be set to either 00 — Approved, or 30 — Field in
error.
Card Acceptor Terminal Identification Oa M Echoed from the 042x message.
Additional Response Data 04a Cc Mandatory if Response Code=30 (field in error)
Currency Code, Transaction 049 M Echoed from the 042x message.
Currency Code, Settlement 050 Not required.
Receiving Institution Country Code 068 Not required.
Original Data Elements (090 M Echoed from the 042x message.
Replacement Amounts 095 Not required
Receiving Institution Identification 100 Not required
Code
Account Identification 1 102 Not required
Account Identification 2 103, Not required.
Created on 30/06/2008 Version 4.0 Page 35 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
Interfe Ss ificatic
ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.11 Administration Advice (0620)
4.2.11.1 Overview
Administration Advice messages are sent from NBX to CAPO when a received message cannot be
deblocked or when a message fails syntax checking, in order to initiate manual investigation of a
problem by either CAPO or the NBX. CAPO will not generate Administration Advice messages, but
NBX will correctly handle their receipt.
The Administration Advice message maps to ISO message 0620.
4.2.11.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Transmission Date and Time 007 M
‘Systems Trace Audit Number O17 M
Network Management Information 070 M Set to be 900
Code
Info Text 124 M
Created on 30/06/2008 Version 4.0 Page 36 of 52
© Post Office™ 2004-2008 DRAFT
CAPO Application
Interface Specification
FUJ00002066
FUJ00002066
Project: EMV - Banking and Retail
Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.12 Network Management Messages (0800 / 0810)
The following Network Management Messages will be exchanged between CAPO and the NBX:
*® 0800 - Network Management Request Message
e® 0810 - Network Management Response Message
They are used for the following purposes (followed by associated Network Management Information Code):
= Logon, i
= Log off,
tiated by NBX (071)
jated by NBX (072)
= Handshake, initiated by NBX (361)
= Key Change - Acquirer zone from NBX (161)
The conditions under which these messages, except for Handshakes, are sent for each of the specified
purposes are described in section 6.4. The use of Handshakes is described in the NBX — POCA Technical
Interface Specification, [Ref. 5].
4.2.12.1
Network Management Request (0800)
Message Element Bitmap Required I Notes / Conditions
Reference
Transmission Date and Time 007 M.
Systems Trace Audit Number O11 M Set for this transaction
Network Management Information 070 M Values will depend on message purpose, as described
Code above
Message Security Code 096 Cc Required for key change, logon and logoff
Network Management Information 125 Cc Required for key change. Positions 01-32=32 byte
working key (encrypted under the Acquirer Zone
Master Key using Atalla variant 1), 33-38=check value,
39-60 Spaces (optional)
4.2.12.2
Network Management Request Response (0810)
Message Element Bitmap] Required I Notes / Conditions
Referenc
e
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M Copied from the 0800
Response Code 039) M
Network Management information Code 070. M This is copied from the 0800 received message.
Created on 30/06/2008 Version 4.0 Page 37 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.13 REC -NBX Reconciliation File Format
The REC reconciliation file, and the conditions under which it is sent to CAPO from the NBX are addressed in
the NBX — FI Reconciliation and Settlement File Format AIS, [Ref. 4]. The file transfer mechanism and
conditions of transfer are described in the NBX — POCA Technical Interface Specification, [Ref. 5].
Created on 30/06/2008 Version 4.0 Page 38 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
5 Transfer Structure
5.1 Transfer Grouping
The following figure shows the end-to-end message sequences, using the RACE (Request / Authorise /
Confirm / Exception) model, for all application messages between the NBX and CAPO.
CAPO
[ 0800 I [osto REC
oa
Horizon DRS POL
Campus Settlement
Gateway
Figure 1 - CAPO Message Flows in the Network Banking Environment
A 0620 message may be issued by the NBX in response to all messages from CAPO (for simplicity, only one
such flow is shown on the diagram). Note also that CAPO will not send 0620 messages to NBX; however, the
diagram shows that NBX will correctly process any that it receives.
Reversals (0420 messages) are not sent from NBX to CAPO unless and until an approved response (0210
message) has been received from CAPO.
In the event that NBX does not receive a reversal response within the allotted time interval then the NBX may
send EBT repeat reversals (0421 messages). CAPO will ensure that a reversal is not applied to an account
more than once.
The interface should be resilient to the transfer of duplicate messages; in practice, however, this should only
happen after failure and recovery of either end of the interface.
CAPO will not validate transmission date and time in messages against the date and time that messages are
received.
The interface details are also described in the NBX — POCA Technical Interface Specification, [Ref. 5].
5.2 Transfer Structure
The messages defined in this AIS will be exchanged in accordance with ISO 8583 (1987), [Ref. 1], which
describes the use of Message Type Identifier, Bit Map and Data Elements in the message structure. Note that
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
the messages exchanged over this interface do not use the third bit map or any of its supported data
elements. Note also that the Bit Maps are transferred in binary.
Messages for one transaction may be interleaved with messages for any other transaction. Requests (0100
and 0200 messages) may continue to be sent during a key change, using the existing key until the Key
Change response has been received.
5.3 Record Structure
The record structure for the REC file passed over this interface is described in the NBX — FI Reconciliation
and Settlement File Format AIS, [Ref. 4]. The details are not repeated here.
5.4 Sequences
Figure 1 above (see Section 5.1) shows the end-to-end message sequences of all the messages supported by
this AIS, from the PO Outlet to CAPO. Further detail relating specifically to the NBX-CAPO connection can be
found in the NBX - POCA Technical Interface Specification (Ref. [5]). The interface must be resilient to the
disconnection or loss of any part of the total network-banking environment for short or extended periods.
5.5 Data Volumes
Data Rates and Volumes over this interface are addressed within NBX Volume Model Comparisons, [Ref. 2].
5.6 Data Authentication
Message Authentication Codes (MACs) are not sent between CAPO and the NBX.
5.7 Data Dictionary
The Data Elements used on this interface are defined and described within ISO 8583 (1987), [Ref. 1].
Created on 30/06/2008 Version 4.0 Page 40 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
6 Security of Transmitted Data
The security standards for the NBX — CAPO interface are described in the NBX — POCA Technical Interface
Specification, [Ref. 5].
6.1 Protected Data
PIN blocks that pass across the interface from NBX to CAPO are encrypted under an Acquirer Working Key
(AWK). This key is used in the NBX - CAPO shared security zone. PIN Blocks encryption is translated from
the other security zone keys to protection under this shared key using a hardware encryption module. The PIN
blocks are never rendered in clear outside the hardware module.
Acquirer Working Keys (AWKs) are exchanged electronically encrypted under an Acquirer Zone Master Key
(AZMk) shared between NBX and CAPO. To facilitate import of the AWK into the CAPO systems, the AWK
is encrypted using Atalla variant 1 as defined in [ATCRM]. The AZMK is generated and owned by CAPO. The
AWK is owned and generated by the NBX.
6.2 Encryption and Decryption Methods
PIN Block and Acquirer Working Key transmission is protected by Triple DES double length keys, 112bit plus
key check data.
All data transmitted on communication lines between the NBX and CAPO as described in the NBX - POCA
Technical Interface Specification, [Ref. 5].
6.3 Session Establishment
Session Establishment will be initiated by the NBX. Initial Logon message exchanges are followed by
transmission of a new AWK by the NBX to CAPO, with a key check value protected by encryption under the
shared current AZMK.
CAPO verifies the key and acknowledges it to NBX. All PIN Block data is protected by this AWK until the
session ends or the AWK is renewed.
The only messages categorised as “must deliver” are Reversal Request (0420/0421).
6.4 Key Management
Key ownership is described in section 10 of the document Horizon - EDS Operational Level Agreement, [Ref.
6]. See also section 6.7 of the document NBX - POCA TIS, [Ref. 5]. NBX - CAPO Zone Management Keys
are managed in NBX.
CAPO:
e Generates three new AZMK components
e« AZMK components will be generated in a secure manner
e Key components will contain
« Akey identifier (visible)
e Akey generation date (visible)
Created on 30/06/2008 Version 4.0 Page 41 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
« Acomponent number (visible)
e 32 hex characters in two groups of sixteen characters — Triple DES key component, VISA method
e Four hex character Key Check Value, VISA method, printed securely and on separate sheet for the Key
Manager.
NBX:
e Manages secure logon of key holders & the key manager
e Accepts entry of key components & verifies component check digits
e Generates the AZMK from the key components & verifies the key check digits
Keys component documents must be stored and transported separately and securely.
The CAPO — NBX AZMK is renewed every six months by the process described above. The AZMK, having
been produced as described above, is securely transported to the NBX. The NBX and CAPO operations will
agree a time for key promotion. Promotion by both parties will be preceded by telephone coordination. After
promotion of the new AZMK the NBX operator will initiate an AWK exchange under the new AZMK using the
AWK Key Change sequence. This will provide online key verification of the AZMK. If this online key
verification procedure is successful the promoted AZMK will be confirmed as the current AZMK. If the AWK.
exchange is unsuccessful manual procedures initiated by NBX and CAPO operators will revert to the old
AZMK.
CAPO requires more than one Processor Interface (PI) to support the transaction throughput for the NBX. For
this configuration each PI will be configured to support two TCP/IP socket connections. A logical session will
be initiated by a logon, and data for that session will flow over both socket connections belonging to that PI
(see the NBX - POCA Technical Interface Specification, [Ref. 5] for further details). Each P] generates a NBX
— CAPO Acquirer Working Key (AWK) which it sends to CAPO for validation. This AWK, if validated by
CAPO, is used by both socket connections between CAPO and the NBX PI that generated it. Logical sessions
for a different PI will use the AWK generated by that PI. All NBX Pls will protect their AWK in transit to CAPO
by encryption using the same AZMK, during its six months of currency. The AWKs are changed under the
following conditions (note that it is not necessary to change the AWKs as soon as the AZMK is changed).
e Every 24 hours where the session remains active (an AWK may be changed at a set (configurable) clock
time and will remain valid until it is changed)
e At-session initiation by NBX
* Onreceipt by CAPO of a 6" invalid PIN block on a session
e When an NBX operator requests a key change.
Work Load Distribution between the Pls will be performed by the NBX at the application level. To ensure that
the correct AWK is used, PIN block translation must occur after PI selection.
The Acquirer Zone Master Key is verified electronically after it has been transferred manually in component
form. The Acquirer Working Keys are exchanged and verified electronically. The network management
(0800/0810) messages used to perform these functions are described in detail in the following sections:
Created on 30/06/2008 Version 4.0 Page 42 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
Interfe Ss ificatic
ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
6.4.1 Acquirer Working Key Distribution
NBX owns and generates AWKs. New AWks are distributed and verified electronically.
6.4.1.1 NBX Initiated Log On
1. Successful Log On
NBX CAPO
Logon ——— 0800 (071) ———_>
«——— 0810 (071) OK (Response
Code 00 —
Completed
successfully)
Key Change —_ 0800 (161) ———>
(AWK)
<—— 0810 (161) OK (Response
Code 00 —
Completed
successfully)
2. Bad AWK
NBX CAPO
Logon ——— 0800 (071) ———_>
<——— 0810 (071) ————_ OK (Response
Code 00 —
Completed
successfully)
Key Change ———— 0800 (161) ———_
(AWk) New Key
<——— 0810 (161) ————_ Denied
(Response
Code 76 - Key
synchronisation
error)
The NBX will resend the same AWK a configurable number of times
(currently set to 6). On the 6" 76 code, the NBX will generate and
send a new AWK, and the retry count will be reset. In the event of
multiple key synchronization errors, NBX operations should verify
that the key management system and application configuration
parameters are correctly set for the current AZMK tag. If no fault is
found, NBX/CAPO operations should be contacted to investigate the
problem (e.g. establish whether the ZMK has just been changed,
whether either system has been restarted, when the last successful
message transfer was etc.).
Created on 30/06/2008 Version 4.0 Page 43 of 52
© Post Office™ 2004-2008
DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV ~ Banking and Retail
Interfe Ss ificatic
ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
3. No response to AWK
NBX CAPO
Logon 0800 (071) ———_>
<——— 0810 (071) ————_ OK (Response
Code 00 —
Completed
successfully)
Key Change ———— 0800 (161) ———
(AWK)
No response
NBX will resend the message a configurable number of times.
(currently set to 5). If there is still no response, NBX operations
should initiate investigation of the problem. e.g. If consultation
indicated a communication failure, Network Management should be
alerted.
6.4.1.2 Key Change due to PIN validation errors detected by CAPO
1. More than 5 PIN errors in a session.
NBX CAPO
Business ———— 0100/0200-__
message
<—— 0100/0200-———_ Error
(Response
Code 76 —- Key
synchronisation
error)
(6" occurrence)
Key Change ——— 0800 (161) ———>
(AWK)
<—— 0810 (161) OK (Response
Code 00 —
Completed
successfully)
NBX will expedite the Key Change to minimise the number of
messages rejected due to PIN errors (code 76). In the event of an
unsuccessful Key Change, the PI should be stopped to allow
NBX/CAPO operations to investigate the problem.
6.4.1.3 Key Change NBX Operator request or 24hr use limit
1. Successful key change.
NBX CAPO
Key Change ———— 0800 (161) ———_>
(AWk)
<—— 0810 (161) OK (Response
Code 00 —
Completed
successfully)
Created on 30/06/2008 Version 4.0 Page 44 of 52
© Post Office™ 2004-2008 DRAFT
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
FUJ00002066
FUJ00002066
2. Bad AWK
NBX CAPO
Key Change ——— 0800 (161) ——>
(AWk)
<—— 0810 (161) ————_ Denied
(Response
Code 76 - Key
synchronisation
error)
The NBX will resend the same AWK a configurable number of times
(currently set to 6). On the 6" 76 code, the NBX will generate and
send a new AWK, and the retry count will be reset. In the event of
multiple key synchronization errors, NBX operations should verify
that the key management system and application configuration
parameters are correctly set for the current ZMK tag. If no fault is
found, NBX/CAPO operations should be contacted to investigate the
problem (e.g. establish whether the ZMK just been changed,
whether either system has been restarted, when the last successful
message transfer was etc.).
3. No response to AWK Request
NBX CAPO
Key Change ——— 0800 (161) ———>
(AWk)
No response
NBX will resend the message a configurable number of times
(currently set to 5). If there is still no response, NBX operations
should initiate investigation of the problem. e.g. If consultation
indicated a communication failure, Network Management should be
alerted.
Created on 30/06/2008 Version 4.0 Page 45 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
7 Operational Procedures
7.1 Processing Cycles
This interface relates to online and batch message exchange to support real time financial transactions, and to
the daily transmission to CAPO of the REC file.
Stale messages are logged and discarded before transmission or on receipt, as appropriate and no further
processing takes place.
The timeout associated with each message type is addressed in NBX Business Parameters, [Ref. 7].
“Must deliver” messages are retransmitted at parameter intervals until delivery is successful, as described in
NBX Business Parameters, [Ref. 7].
Transfer Initiation
All transfers defined in this AIS are automatic.
7.2 Security Procedures
Manual Procedures are required to support the above key management protocol, as described in Section 6
above.
7.3 Fallback Procedures
Fallback procedures are described in the NBX — POCA Technical Interface Specification, [Ref. 5]. Each
system is responsible for its own recovery after failure. Restoration of the interface and the disposal of stale
messages (other than “must deliver” messages) is expected to be automatic. 0100, 0200, 0110 and 0210 ([R]
and [A]), 0620, 0800 and 0810 messages awaiting transmission at the time of failure can safely be discarded,
as the integrity of the transaction is protected by timeouts. However, 0420 and 0421 ([E]) messages are to be
treated as “must deliver” and therefore must be transmitted on recovery.
7.4 Control
The interface must be resilient to duplicate messages, which may occur after recovery of any element in the
system, but are not otherwise expected to occur.
Lost or discarded messages are handled by timeout processing at every stage of the message sequence, to
ensure that incomplete transactions are declined if unauthorised or reversed if authorised.
The NBX will log events affecting this interface (e.g. response indicating receipt by CAPO of an invalid PIN
block) to an Event Log. These events will be managed by Tivoli for escalation to the relevant Help Desk, as
appropriate to the code associated with the event.
Created on 30/06/2008 Version 4.0 Page 46 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interfe Ss ificatic
ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
8 Appendix A
8.1 Response Codes
The response codes are defined in the document Horizon — Card Account Mapping, [Ref. 3].
Created on 30/06/2008 Version 4.0 Page 47 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
8.2 Reversal Reason Codes
The reasons that may be provided with Reversal Request [E1] messages sent by the NBX to CAPO are
defined in Horizon — Card Account Mapping [3].
Created on 30/06/2008 Version 4.0 Page 48 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
9 APPENDIX B
NBX-EBT Interface — ICC Data Field
Field 055 - ICC Data
Format
h.. 510
LLLVAR
Des
n
ICC Data (Field 055) is used to transport chip-specific data over the network. It will be present in all
authorisation requests, if POS Entry Mode (Field 022) indicates that the transaction was chip-initiated (value
05’).
Structure
Field 055 has its own generic structure and may contain one or more Private Data Sub-elements (PDSs), as
shown in the figure below.
‘LLL’ 'VAR' - up to 510 bytes
one or more PDS occurrences
3 bytes 2 or 4 bytes 2 bytes variable length
Data PDS Tag PDS Length PDS Data
Element
Length
Length Data Zone
Data Element Length specifies the total number of bytes in the Data Zone immediately following it.
Data Zone contains the ASCII representation of each hexadecimal digit (i.e. nibble) of the chip data to be
transferred; this comprises one or more PDS occurrences.
Each PDS corresponds to an EMV data element/object and comprises the following sub-fields.
PDS Tag 2 or 4 byte ‘tag' value (ASCII hexadecimal), identifying the EMV data object contained in
the PDS. The second two bytes are present only if the first byte is odd (‘1’, ‘3’,.....’B’, ‘D’,
‘F’) and the second byte is 'F’.
PDS Length 2 bytes, specifying the length (in bytes) of the PDS Data immediately following it,
expressed as an ASCII representation of a decimal number (e.g. ‘12’ means the integer 12)
in the range 1 to 99.
Created on 30/06/2008 Version 4.0 Page 49 of 52
© Post Office™ 2004-2008 DRAFT
FUJ00002066
FUJ00002066
Project: EMV - Banking and Retail
NB/IFS/025
CAPO Application
Interface Specification Doc Ref:
COMMERCIAL IN CONFIDENCE
PDS Data Variable between 1 and 99 bytes, containing the actual data from the corresponding EMV
data object (as identified by the PDS Tag).
The PDS structure is referred to as Tag-Length-Value (TLV), as defined in the EMV standards.
Note that PDS's may appear in any order in Data Zone. The order shown in the table below corresponds to
that in which the relevant fields are input to the ARQC verification algorithm.
PDS's for Card Account
The PDS's required for Card Account transactions (passed in the NBX-EBT On-line Interface) are listed in the
following table. Note that the lengths shown in the table assume that all PDS Data is ASCII representation of
either hexadecimal digits, or decimal digits.
PDS Tag I Length I Comments
(Bytes)
Application Cryptogram 9F26 16 Contains an ARQC (ASCII hexadecimal)
Cryptogram Information Data 9F27 2 ASCII hexadecimal
Transaction Amount 9FO2 12 Format n12 (ASCII numeric), set as follows:
e Requested Amount for Withdrawal with
Balance
e — Product Limit for Withdraw Limit
e ‘000000000000’ for Balance Enquiry and
PIN Change
Terminal Country Code 9F1A 4 Format n4 (ASCII numeric, set to ‘0826’)
Terminal Verification Results (TVR) 95 10 ASCII hexadecimal
Transaction Currency Code 5F2A 4 Format n4 (ASCII numeric. 1* character
always ‘0’)
Transaction Date 9A 6 Format n6 (ASCII numeric YYMMDD)
Transaction Type 9c 2 Format n2 (ASCII numeric)
Unpredictable Number 9F37 8 (ASCII hexadecimal)
Application Interchange Profile (AIP) 82 4 (ASCII hexadecimal)
Application Transaction Counter (ATC) I 9F36 4 (ASCII hexadecimal)
Issuer Application Data (IAD) 9F10 12 This PDS comprises the following:
e Derivation Key Index (2 bytes) (ASCII
numeric)
e Cryptogram Version Number (2 bytes)
(ASCII hexadecimal)
e Card Verification Results (CVR) (8
bytes) (ASCII hexadecimal)
Maximum Total PDS Data length 84
The total length of Field 055 is 151 bytes, calculated as follows:
Field 055 Data Element Length 3
PDS Tags 40
PDS Lengths 24
PDS Data 84
Total 151
Created on 30/06/2008
© Post Office™ 2004-2008
END OF DOCUMENT
Version 4.0
DRAFT
Page 50 of 52