EMV — Banking and Retail
NBS - CAPO Application Interface Specification
FUJ00002240
FUJ00002240
RoLe Name AREA OF I SIGNATURE Date
RESPONSIBILITY
Authors Chris Bailey on behalf I Business
of Post Office Ltd Architecture
Product
Deployment
Technical
Architecture
DA Sign-off lan Trundell Design
(Peer Reviewer) Authority
Project Paul Summers Project
Manager Deliver
Fujitsu Amit Apte
Services Sign-
off
Project:
NBS - CAPO Application
Interface Specification Doc Ref:
@
COMMERCIAL IN CONFIDENCE
FUJ00002240
FUJ00002240
EMV - Banking and Retail
NB/IFS/025
1 Document Control
1.1 Document Information
Horizon Release No:
XR2+
Document Title:
EMV Banking and Retail: NBS - CAPO Application Interface Specification
Document Type:
Application Interface Specification
Abstract:
This document details the application interface between the Horizon
domain and the JPM EBT which hosts both Post Office Card Account,
including the interface to the ICC
Document Status: Draft
Originator & lan Trundell
Department:
Design Authority
Contributors:
Post Office Design Authority - lan Trundell
Distribution: POL Document Control — Post Office Programme Office
Supplier Distribution: I HP: Tony Boys
Fujitsu Services: Amit Apte
Client Distribution:
N/A
Table 1: Document Information
1.2 Document History
Version Date Reason for Issue I Associated
/WP/CT
0.1 8 Oct 2003 First working draft. Based on document
produced by IBM for NBE interfaces and
including the interface between Horizon and
the ICC
1.0 15 Oct 2003 First issued version.
11 12 Nov 2003 Updated following comments from Citibank,
also update section 1.7 and removal section
25
1.2 02 Dec 2003 Updated following joint review on 27 Nov
1.3 26 Jan 2004 Updated following actions from joint review
27/11/03, responses to questions and
discussions with Citibank on reversals and
Appendix B
1.4 7 Apr 2004 Updated following series of clarifications
1.5 12 May 2004 I Updated following clarification from Citibank
Created on 27-Aug-2010 Version 5.0 Page 2 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
. NBS - CAPO Application — Project: EMV - Banking and Retail
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
1.6 17 Aug 2004 Updated with latest agreed changes
2.0 08 Oct 2004 Issued for Sign-off
2.1 25 May 2005 I Updated for minor corrections discovered
during testing prior to initial release at
Horizon release S75
2.2 04 Aug 2005 I Version ready for Sign-off
3.0 15 Aug 2005 Issued for Sign-off
3.1 28 Apr 2008 Updated to include Withdrawal Corrections
3.2 19 May 2008 I Names of approvers and reviewers amended
to reflect changes of personnel in external
organisations.
3.3 29 May 2008 I Amended to Chip and PIN to reflect CAPO
card's insistence on pin entry for all
transactions.
Corrections to some tables.
3.4 9 Jun 2008 Correction to Reviewers and Approvers.
4.0 25 Jun 2008 Issued for approval
Corrections from review of 3.4
41 12 May 2010 I Updated for Saving Gateway
Approvers and reviewers amended
4.2 19 May 2010 I Corrections identified as part of review
4.3 27 July 2010 Following the withdrawal of Saving Gateway
project, removal of changes for Saving
Gateway, but retaining amendments to bring
the document up to date with HNGX and-RC}
changes.
44 12 Aug 2010 I Amend diagram as a result of review
comment
Add Terms and Abbreviations
Revise 4.3 document history to remove
inaccurate wording (struck through).
5.0 27-Aug-2010 I Approval version
Table 2: Document History
1.3 Change Process
Any changes to this issued version of this document will be made, controlled and distributed by: -
lan Trundell via Post Office Document Management
[IT.Controlled. Document.Review: 3
1.4 Review Details
Created on 27-Aug-2010 Version 5.0 Page 3 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
. NBS - CAPO Application Project: EMV ~ Banking and Retell
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Review
Comments by :
Review Chris Bailey, Fujitsu Services
Comments to :
Mandatory Review Authority Name
Post Office Ltd
Project Manager Paul Summers
Design Authority lan Trundell
Security Manager Sue Lowther
Fujitsu Services Ltd
Architecture Pete Jobson
Security Architect Tom Lillywhite
Solution Design Andy Williams
ssc Steve Parker
JPMorgan Europe Limited
Project Manager Gerrard Burras
Architecture Derek Smallworth
HP Tony Boys
Optional Review / Issued for Information
Post Office Ltd
Test Manager Paul Cherry
Fujitsu Services Ltd
Release Manager David Court
Application Architecture Gareth Jenkins
Network Architecture Mark Jarosz,
Security & Risk Team CSPOA.Security{ i
Infrastructure Design Pat Lywood (or nominees)
HNG-X R1 Programme Manager Geoff Butts
Testing Manager Debbie Richardson
RV Manager James Brett (POL, JTT)
LST Manager Sheila Bamber
LST John Rogers
SV&l Manager Chris Maving
Test Design George Zolkiewka
VI Manager Mark Ascott
veraer es and Acceptance Dave Cooke (from version 5.0)
Created on 27-Aug-2010 Version 5.0 Page 4 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
1.5 Changes in this Version
Version Changes
5.0 Status changed to approved.
44 Review comments incorporated.
4.3 Project Manager amended to Paul Summers
Remove details associated with intended but now cancelled Saving Gateway
42 Corrected entries for Additional Amounts to add balance type 19.
Corrected reviewers and approvers in line with Post Office requirements.
NBX is now referred to as NBS, with the exception of external document titles.
44 New sections added for Deposit Transaction and for Response.
2.2 Commentary added to explain position re ICC and Magnetic cards.
Reviewers updated. Approvers Amended
Table 3: Changes in this Version
1.6 Key Contacts
Name I Position Phone Number
lan Trundell Solutions Architect H ~
Graham Bevan Programme Manager
Table 4: Key Contacts
1.7 Associated Documents
Created on 27-Aug-2010 Version 5.0 Page 5 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
. NBS - CAPO Application — Project: EMV - Banking and Retail
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Reference Version I Date Title
I iso8se3:1987(E) Aug 1987 I Bank Card Originated Messages
SU/PLA/O16 0.3 NBX Volume Mode! Comparisons. Post Office
NB/IFS/031 Horizon — Card Account Mapping Post Office
NB/IFS/030 NBX — FI Reconciliation and Post Office
Settlement File Format AIS
DEV/NET/TIS/0006 I Card Account Post Office - HNG-X I Dimensions
TECHNICAL INTERFACE
SPECIFICATION
NB/OLA/001 Horizon — EDS Operational Level Post Office
Agreement
NB/IFS/035 NBX Business Parameters Post Office
ATCRM 424645- I July 2003 Atalla Banking Command Hewlett
002 Reference Manual Packard
1S08583-1:2003(E) 15 Jun Financial transaction card Iso
2003 originated messages —
Interchange message specifications
Part 1: Messages, data elements
and code values
NB/IFS/027 I NBX — POCA Technical Interface I Post Office
Specification (TIS)
Table 5: Associated Documents
Unless a specific version is referred to above, reference should be made to the current approved versions
of the documents.
Created on 27-Aug-2010 Version 5.0 Page 6 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV - Banking and Retail
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Table of Contents
1 DOCUMENT CONTROL 2
1.1. Document Information 2
1.2 Document History 2
1.3. Change Process 3
1.4 Review Details 4
1.5. Changes in this Version 5
1.6 Key Contacts 5
1.7. Associated Documents 6
2 INTRODUCTION 9
2.1. Purpose 9
2.2 Scope 9
2.3. Structure 9
2.4 Terms and Abbreviations 9
3 OVERVIEW OF THE INTERFACE 10
3.1. Data Description 10
3.2 Derivation and Use of Data 12
3.3. Non Computer Data 13
4 DATAITEMS 14
4.1 Data Item List 14
4.1.1 General Message Element Definitions and Abbreviations 14
4. Messages Data Elements 16
4.2 Data Interpretations 24
4.2.1 [R3] - Balance Enquiry 25
4.2.2 [R3] - Financial Transaction Request - Withdrawal 26
4.2.3 [R3] - Financial Transaction Request — Withdrawal Correction 28
4.2.4 [R3]- PIN Change 30
4.2.5 [A1] - Balance Enquiry Response 31
4.26 [A1] - Financial Transaction Response - Withdrawal 32
4.2.7 [A1] - Financial Transaction Response — Withdrawal Correction 33
4.2.8 [A1] - PIN Change Response 34
4.2.9 [E1] - Reversal Request 35
4.2.10 [E2] - Reversal Request Response 37
4.2.11 Administration Advice (0620) 38
Created on 27-Aug-2010 Version 5.0 Page 7 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application Project: EMV — Banking and Retail
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.12 Network Management Messages (0800 / 0810) 39
4.2.13 REC —NBS Reconciliation File Format 40
5 TRANSFER STRUCTURE 4
5.1. Transfer Grouping 41
5.2 Transfer Structure 41
5.3. Record Structure 42
5.4 Sequences 42
5.5 Data Volumes 42
5.6 Data Authentication 42
5.7 Data Dictionary 42
6 SECURITY OF TRANSMITTED DATA 43
6.1 Protected Data 43
6.2 Encryption and Decryption Methods 43
6.3 Session Establishment 43
6.4 Key Management 43
6.4.1 Acquirer Working Key Distribution 45
7 OPERATIONAL PROCEDURES 48
71 Processing Cycles 48
7.2 Security Procedures 48
7.3. Fallback Procedures 48
7.4 Control 48
8 APPENDIXA 49
8.1 Response Codes 49
8.2 Reversal Reason Codes 50
9 APPENDIX B 51
Created on 27-Aug-2010 Version 5.0 Page 8 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
2 Introduction
2.1 Purpose
The purpose of this document is:
e To specify the interface between the NBS and CAPO systems using ISO 8583 (1987), [Ref. 1].
e To provide the development teams with sufficient detail to develop the NBS - CAPO interface.
* To provide a consistent communications vehicle amongst the development teams who have
responsibility for developing the various components comprising the application.
2.2 Scope
This document applies to the interface between the NBS and CAPO only. It includes only those financial
transaction messages and network messages sufficient to support the financial services being delivered by
CAPO via the NBS.
2.3 Structure
Section 3 contains a high level overview of the NBS — CAPO interface and its context.
Section 4 contains a detailed description of the messages to be exchanged, and the derivation and use of the
exchanged data items. All data items exchanged are specified in ISO 8583 (1987), [Ref. 1].
Section 5 contains details of the data transfer.
Section 6 contains details of security of the exchanged data items. This section identifies the security needed
for each data item (e.g. encryption) and details of the method to be used.
Section 7 contains any relevant details of operational procedures relating to the interface.
2.4 Terms and Abbreviations
Term Definition
NBS Network Banking System - the collective term for the Fujitsu data centre systems
supporting the banking service
CAPO The system supporting POca
POca Post Office Card Account
Created on 27-Aug-2010 Version 5.0 Page 9 of 52
© Post Office™ 2004-2010 APPROVED
@
NBS - CAPO Application Project:
Interface Specification Doc Ref:
COMMERCIAL IN CONFIDENCE
FUJ00002240
FUJ00002240
EMV - Banking and Retail
NB/IFS/025
3 Overview of the Interface
3.1 Data Description
The following messages are exchanged over the NBS - CAPO interface:
NBS
Message ID
Description
Direction
IR3]
Authorisation / Financial Transaction Request:
* Balance Enquiry (0100)
« Withdrawal with Balance (0200)
e Withdraw Limit (0200). Also sometimes referred
to as “Withdraw All”.
Withdrawal Correction (0200)
* Deposit (0200)
* PIN Change (0100)
NBS
CAPO
(A1]
Authorisation/Financial Transaction Request
Response:
e Balance Enquiry Response (0110)
e Withdrawal with Balance Response (0210)
e Withdraw Limit Response (0210)
e Withdrawal Correction Response (0210)
e Deposit Response (0210)
e PIN Change Response (0110)
Each of the above will have a response code that
indicates approve or decline with reason and any
required action (e.g. card retention).
CAPO
NBS
(E1]
Reversal Request:
e Acquirer Reversal Request (0420)
e Acquirer Reversal Request Repeat (0421)
NBS
>
CAPO
{E2]
Acquirer Reversal Request Response Message
(0430)
CAPO
NBS
Created on 27-Aug-2010 Version 5.0
© Post Office™ 2004-2010 APPROVED
Page 10 of 52
@
NBS - CAPO Application Project:
Interface Specification
COMMERCIAL IN CONFIDENCE
Doc Ref:
FUJ00002240
FUJ00002240
EMV - Banking and Retail
NB/IFS/025
0500/0510
Reconciliation control messages
These messages are to be excluded
NBS
CAPO
>
CAPO
NBS
0620
Administration Advice (0620)
Administration Advice messages (0620) are sent
to/from CAPO when a received message cannot be
de-blocked, in order to initiate manual investigation
of a problem by either CAPO or the NBS.
NBS
CAPO
CAPO
NBS
0800
Network Management Request (0800):
e Handshake (also known as Echo tests)
e Logon / Logoff (also known as Sign on / Sign off)
e Security Key Change
NBS
>
CAPO
0810
Network Management Request Response (0810)
CAPO
NBS
REC
Reconciliation File
(The REC settlement file and the conditions under
which it is sent from the NBS to CAPO are
addressed in the NBS — FI Reconciliation and
Settlement, [Ref. 4]. )
NBS
>
CAPO
Created on 27-Aug-2010 Version 5.0
© Post Office™ 2004-2010 APPROVED
Page 11 of 52
FUJ00002240
FUJ00002240
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
3.2 Derivation and Use of Data
The messages listed in section 3.1 are generally exchanged as a result of a transaction initiated either by a
clerk at a Post Office outlet or by CAPO.
The following table shows the derivation and use of each message exchanged between Horizon NBS and
CAPO in terms of the received message that causes each NBS - CAPO message to be exchanged, and the
transmitted message resulting from the NBS - CAPO message exchange:
Message Sequence
Horizon Horizon CAPO
Outlet NBS
[Ri]> 0100/0200 [R3] —>
<[A3] € 0110/0210 [A1]
[Co] > 0420/0421 [E1] >
< 0430 [E2]
The messages exchanged over this interface relating to reconciliation and settlement are initiated by the NBS.
Security key exchange messages are initiated by the NBS and acknowledged by CAPO. The NBS will send a
new working key, for each of its Pls, to CAPO at least once in every 24-hour period. The business processes
with respect to these messages are addressed in section 6.4. The following table shows a high-level
description of the security messages exchanged between CAPO and the NBS. The full list of 0800 messages
initiated by the NBS, and acknowledged by a 0810 response from CAPO, can be found in section 4.2.12.
Message Sequence
Horizon Horizon CAPO
Outlet NBS
0800 (Logon 071) >
< 0810
0800 (Key Change - >
Acquirer zone code
161)
<< 0810
0800 (Key Change - Bee
Acquirer zone code
161)
< 0810
Logoff messages are initiated by the NBS and acknowledged by CAPO, as shown in the following table.
Message Sequence
Horizon Horizon CAPO
Outlet NBS
0800 (Logoff 072)
2S
= 0810
Handshake messages are initiated by the NBS and acknowledged by CAPO, as shown in the following table.
Created on 27-Aug-2010 Version 5.0 Page 12 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Message Sequence
Horizon Horizon CAPO
Outlet NBS
0800 (Handshake >
361)
<= 0810
Administration Advice messages are sent from NBS to CAPO when a received message cannot be deblocked
or when a message fails syntax checking, in order to initiate manual investigation of a problem by either
CAPO or the NBS. CAPO will not generate Administration Advice messages, but NBS will correctly handle
their receipt. The following table shows the possible message flows.
Message Sequence
Horizon Horizon CAPO
Outlet NBS
oe XXXX
0620 >
3.3 Non Computer Data
All data being transported across this interface is originated/received from a connected computer system or
from reference data (supplied by the Post Office Limited RDS or held internally within the NBS).
Created on 27-Aug-2010
© Post Office™ 2004-2010
Version 5.0
APPROVED
Page 13 of 52
FUJ00002240
FUJ00002240
- NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4 Data Items
4.1 Data Item List
4.1.1. General Message Element Definitions and Abbreviations
The following section summarises the list of CAPO Message Elements for each group of transactions, together
with which message(s) they are present in. Each message is classified and identified using the RAC (Request
/ Authorise / Confirm) model. Each message element references the corresponding ISO 8583 bitmap position.
The ISO 8583 bit map reference has been included for ease of reference.
The abbreviations used to describe the format and attribute of each data element (DE) and Data Sub-
elements are shown in the following table (taken from ISO 8583 (1987), [Ref. 1]):
Notation IExplanation
a Alphabetic characters only (mixed case)
in Numeric Digits only
is Special characters
an Alphabetic (mixed case) or Numeric characters
as Alphabetic (mixed case) or Special characters
ins Numeric or Special characters
ans Alphabetic (mixed case), Numeric or Special characters only
DDB Day
IMM. Month
had Year
hh Hour
mm Minutes
Iss. Seconds
LL Length of variable field that follows represented using two characters
LLL Length of variable field that follows represented using three characters
VAR, Variable length field
3 Fixed length field (e.g. 3 characters in this example)
10 Variable length field (e.g. up to a maximum of 10 characters in this example). LL
‘or LLL to indicate the actual length of the field will prefix all variable length fields.
Ih hexadecimal representation of the data
iz track 2 data as defined by ISO 7811 and ISO 7813
x Sign — C (credit) or D (debit)
The Field Size column gives the number of characters (octets) required for the data item, as shown in the
table below.
Abbreviation I Description
3 Fixed Length field. Numeric fixed length fields are right justified and zero
padded. Fixed length string fields are left justified and space padded.
10 Variable length field (up to a maximum of 10 characters in this example).
Notes:
e Fixed length numeric fields are unpacked, right justified and zero filled.
e Fixed length alphanumeric fields are left justified and space filled.
The “Required” column indicates whether the field is Mandatory or Conditional for the messages defined in this
AIS. For conditional fields, the field description should indicate under what circumstances the data for the field
should be populated or omitted from the message.
Created on 27-Aug-2010 Version 5.0 Page 14 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
- NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
The “Description” column contains a brief description of the field, as used in the messages defined in this AIS,
together with any additional comments.
CAPO will operate in Mixed case, and will not validate the Alphabetic characters for case in any field.
However, where data is echoed or copied in messages, the echoed/copied fields should be in the same case
as the original field.
The POCA Servers and the NBS Servers both use the ASCII English character set (CCSID = 437).
Created on 27-Aug-2010 Version 5.0 Page 15 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
4.1.2. Messages Data Elements
The ISO 8583 (1987) Data Elements exchanged within messages over this interface are listed below. A fuller description is given in the ISO 8583 (1987)
Standard, [Ref. 1]. Note that data elements pertaining to the tertiary bitmap are not used on this interface.
1SO 8583 (1987) Data [Bitmap] Format I Attribute] Field I Source IDescription Required
Element Ref. Size
1R3] I R31] A I atl I ten I (2 I 0620 I 0800 I o810
0100 I 0200} 0110 I 0210 I 0420 I 0430
10421
IAccount Identification 1 102 ans 28 Not used by NBS
IAccount Identification 2 103 ans 28 Not used by NBS
lAcquiring Institution 019 n 3 Not required for NBS transactions
Country Code
/Acquiring Institution 032 I LLVAR n 11 I NBS from ICode identifying the Acquirer (Post Office Limited), set to mM iM M M M M
Identification Code Ref Data I2200040000
IAdditional Amounts 054 }LLLVARI an 120 I Bank IThe Ledger and Available balances if the request was c c
authorised (Response Code=00), or declined because of
insufficient funds (Response Code=51), in the following
format:
Account Type (n2) = 00 (Funding (default) account)
Amount Type (n2) = 01 (Account ledger balance)
Currency Code (n3) = 826 (GB Pounds) or 978 (Euros)
Amount (x+n12), where x = 0, C (Credit amount) or D (Debit
amount)
Account Type (n2) = 00 (Funding (default) account)
Amount Type (n2) = 02 (Account available balance)
Currency Code (n3) = 826 (GB Pounds) or 978 (Euros)
Amount (x+n12), where x = 0, C (Credit amount) or D (Debit
amount)
Not required for PIN Change transaction
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1]
Additional Response Data I 044 I LLVAR I an 25 Bank _IMandatory if Response Code=30. Positions 1-3 are the bit c c c
number of the field in error.
This usage of the field is an extension to the base ISO
{8583(1987) standard, [Ref. 1]
NBS - CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002240
FUJ00002240
Advice / Reversal Reason I 060 I LLLVAR an 9 NBS __IThis field will only be used for reversal reason.
Cod
° Bytes 1-2 will always be set to 80
Bytes 3-4 will be used to give a meaningful reason for the
reversal. See Appendix A for the list of Reversal Reason
Codes
The remaining bytes will not be transmitted.
This usage of the field is an extension to the base ISO.
18583(1987) standard, [Ref. 1]
JAmount, Cardholder Billing I 008 n 8 Not required.
Fee
jAmount, Settlement 005 n 12 Not required.
Amount, Transaction 004 n 12 I Clerk at IDecimal amount in smallest unit of the specified currency
Outlet I(ie. GBP pence or EUR cents)
Not required for Balance Enquiry or PIN Change.
For Withdraw Limit, this will be set to the Product Limit,
passed by Horizon in the Maximum _Withdrawal message
lelement.
jAmount, Transaction Fee 028 x+n8 an 9 Not required.
Amount, Transaction 030 I x+n8 an 9 Bank — IUsed to indicate the fee charged by CAPO. If no fee is to be
Processing Fee charged, the field will be set to zero.
This usage of the field is an extension to the base ISO
}8583(1987) standard, [Ref. 1]
/Approval Code Length 027 n 1 Not required.
JAuthorisation Identification I 038 an 6 CAPO will issue an authorisation number for every
Response {transaction processed, and will want it returned in 0420/0421
processing requests,
JAuthorisation Identification I 027 n 1 Not required as the Authorisation Identification Response
Response Length length is to always be set to 6 characters.
Created on 27-Aug-2010 Version 5.0 Page 17 of 52
© Post Office™ 2004-2010 APPROVED
NBS - CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002240
FUJ00002240
ICard Acceptor Name / 043 ans 40 I NBS from IFirst 40 characters of outlet address in format: M
Location Ref Data 101-23 first 23 characters of Name and Address
( first 23 chars of ADDRESS 1)
24-36 first 13 characters of City
(= first 13 characters of ADDRESS 4)
37-38 spaces
39-40 spaces
Card Acceptor Terminal I 041 ans 8 I Outlet fromIComprises 6 digit outlet id (group_id) + 2 digit terminal id M M
Identification system I(node_id)
Card Sequence Number I 023 n & Not required
Conversion Rate, 009 n 8 Not required
Settlement
Currency Code, Settlement I 050 an 3 Not required.
Currency Code, 049 an 3 Clerk at_IOnly 826 (GBP) will be accepted by CAPO initially. NBS will I M/O wc
Transaction outlet translate GBP code received from Horizon to 826 (using ISO
4217 standard) for CAPO. Other values (e.g. 978/EUR) may
be added to Currency Code CPF Table if required at a later
date, and will be translated in the same way.
Date, Conversion 016 n 4 Not required.
Date, Expiration 014 n 4 Not required.
Date, Local Transaction I 013 I MMDD I n 4 [Outlet fromIAs printed on receipt, transaction request date in Local Time. I M M
System
Date, Settlement 015 I MMDD I on 4 NBS NBS always set the Settlement Date. Set to system date if
before settlement cutover time (from Ref Data), or system
date + 1 if after settlement cutover time.
This usage of the field is an extension to the base ISO
8583(1987) standard, [Ref. 1]
Forwarding Institution 021 n 3 Not required.
Country Code
Forwarding Institution 033 n "1 Not required, since NBS is an Acquirer
identification Code
* Conditional on ICC point of service
Created on 27-Aug-2010 Version 5.0 Page 18 of 52
© Post Office™ 2004-2010
APPROVED
NBS - CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002240
FUJ00002240
ICC Data 055 h 510 Mandatory where point of service entry mode (bit 022), digits I *C
tand 2 =05
ICC Data elements for this bit field are in Appendix B.
Info Text 124 ILLLVARI ans 255 I Sender IContains the first 255 bytes of the message rejected by the
sender (either NBS or CAPO).
This usage of the field is an extension to the base ISO
'8583(1987) standard, [Ref. 1]
Message Security Code I 096 an 8 Sender Password to network management requests c
Required for key change, logon and logoff
Note — Not used by CAPO
Network Intemational 024 n 3 Not required.
identifier
Network Management 125 ILLLVARI ans 60 I Sender IAdditional information required for key change and c
Information verification. Positions 01-32=32 byte working key (encrypted
lunder the Acquirer Zone Master Key using Atalla variant 1),
/33-36=check value (4 bytes), 37-38 check value padding
Izeroes),39-60 Spaces (optional)
[Note - 4 byte check value used because Atalla only returns
4 bytes}
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1]
Network Management 070 n 3 Codes to be used for 0800/0810 messages are defined in mM foM
Information Code section 4.2.12
New PIN (Reserved for 123 ILLLVARI ans 999 I Customer IThis field will be used to hold the Customer choice of new c
Private Use) at Outlet IPIN on PIN Change. Positions 1-2 set to Authorization
Type=NP, positions 3-18 set to the new PIN (encrypted
lusing ISO 9564-1 Format 0 as defined in ANSI X9.8).
This usage of the field is an extension to the base ISO
18583(1987) standard, (Ref. 1].
* Conditional on ICC point of service
Created on 27-Aug-2010 Version 5.0 Page 19 of 52
© Post Office™ 2004-2010 APPROVED
NBS - CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002240
FUJ00002240
[Original Data Elements 090 n 42 NBS ISet by NBS to be a concatenation of the following five data M M
elements from the original 0100/0200 message:
Message Type Identifier (n4),
Systems Trace Audit Number (n6),
Transmission Date and Time (n10),
Acquiring Institution Identification Code (n11),
Forwarding Institution Identification Code (n11, and set to
100000000000 for CAPO)
Personal Identification 052 h 16 I Outlet fromICustomer PIN Entered by customer & encrypted using ISO
Number (PIN) Data. customer I9564-1 Format 0 as defined in ANSI X9.8.
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1].
Point of Service Condition I 025 n 2 Outlet IThe value should initially always be 00. mM I oM
Code
Point of Service Data 061 ans 20 Noe eee
Point of Service Entry Mode] 022 n 3 [Outlet from] Digits 1-2 will be: M
system I, (Manual entry) or
105 (ICC entry (including track 2 read and transmitted) or
190 (Mag Stripe, Track 2 read and fully transmitted)
Digit 3 = 1 (PIN entry capability).
Point of Service PIN 026 n 2 Not appropriate to messages passed on this interface - POS
Capture Code Transactions Only
Primary Account Number 002 I LLVAR n 19 I System or IEither extracted from Track 2 data or entered manually. M
Clerk at
Outlet
Primary Account Number, I 034 ns 28 Not required.
Extended
Primary Account Number 020 n 3 Not required - foreign currency transactions are not
Extended, Country Code supported by NBS
Created on 27-Aug-2010 Version 5.0 Page 20 of 52
© Post Office™ 2004-2010
APPROVED
NBS - CAPO Application
Interface Specification
COMMERCIAL IN CONFIDENCE
Project: EMV - Banking and Retail
Doc Ref: NB/FS/025
FUJ00002240
FUJ00002240
Processing Code
003
6 NBS.
Derived by NBS from Txn_type passed by Horizon. NBS will
set digits 1 and 2 to 01 for Withdrawal with Balance, 91 for
Withdraw Limit, 90 for PIN Change and 31 for Balance
Enquiry. Digits 3 to 6 will be set to zero (default), For
Withdrawal Correction will be set to 210909. All 6 digits
passed by NBS and CAPO.
Receiving Institution
Country Code
068
INot required - foreign currency transactions are not
supported by NBS
Receiving Institution
identification Code
1
Not required.
Response Code
039
an
ICode indicating transaction step outcome. Source dependent
lon transaction type. See Appendix A for the list of Response
Codes.
Retrieval Reference
Number
037
an
12 NBS
[Additional transaction identifier, assigned by NBS. It will be
lunique for a terminal ID, at least within 10 years.
Bytes 01-04 set to date (YDDD)
Byte 05 set to value A or B (upper or lower case) to record
which of two agents processed the message (the case
differentiates between instances of the agent)
Digit 06 set to value 0 through 3 (being agent hash value
lused in routing transactions)
Digits 07-12 set to a 6-digit cycling number generated at
leach counter
ISystems Trace Audit
Number
ont
6 NBS
‘Transaction identifier, assigned by NBS within the request,
and included in all subsequent messages relating to that
transaction ({A1] response and [E1] / [E2] reversal
messages).
The STAN is a 6 digit numeric field 0 to 999999. Each PI
manages its own STAN which increments by one to provide
fa sequential identifier for each message. The STAN may
cycle within the day but will be unique within the period of the
NBS PI context file
EBT does not use this field directly, but it is used by
Citibank’s back office operations’ tracking systems
IGaps in the STAN sequence have no significance (and thus
will not cause alerts in EBT)
Time, Local Transaction
012
hhmmss
6 Outlet from
System
As printed on receipt, transaction request time in Local Time
Created on 27-Aug-2010
© Post Office™ 2004-2010
Version 5.0
APPROVED
Page 21 of 52
FUJ00002240
FUJ00002240
NBS - CAPO Application Project: EMV - Banking and Retail
Interface Specification
i Doc Ref: —_NB/IFS/025
COMMERCIAL IN CONFIDENCE
Transmission Date and 007 }IMMDDh} on 10 I Sender IDate and time of transmission of the message (not carried Mf oM
Time hmmss forward from previous messages)
Track 2 Data 035 I LLVAR z 37 I Outlet fromIMandatory if track 2 data available (card successfully swiped
card Jor ICC processed).
Track 2 data does not include the start/end sentinels nor the
LRC (longitudinal redundancy check)
This usage of the field is an extension to the base ISO
18583(1987) standard, [Ref. 1]
Created on 27-Aug-2010 Version 5.0 Page 22 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
4.2 Data Interpretations
This section contains the definition of each message type to be sent over this interface. The Message
Element column lists those elements required for the message, and relate to the list in Section 4.1.2.
The Required column in the message definition tables within this section contain the following codes:
Code Meaning
M The element is mandatory and must be present in this message
c The element is conditional for this message, and the condition to be applied is
stated in the Conditions column. If the condition is true, the element must be
present in the message; otherwise the element must not be present in the
message. It should be noted that the receiving system may not be able to
assess whether the condition has been met, in which case it must be able to
interpret the presence or non-presence of the element according to appropriate
business rules.
The Conditions column lists the conditions for inclusion of a conditional message element; inclusion of the
element may depend on details of the transaction type, or simply whether the data is available to the sending
system.
Where Message Elements exist in the ISO8583 standard (1987 Version), [Ref. 1] as either Mandatory or
Conditional, but are not required for the CAPO interface, they have been included in the message definition
tables, but have been shaded out and labelled as “Not required”.
It is essential that developers of this interface also refer to ISO 8583 (1987), [Ref. 1] and the Horizon - Card
Account Mapping, [Ref. 3] for further details of data derivation and use. The message definitions do not
explicitly show the bitmaps as individual message elements, because they are an essential part of the ISO
8583 (1987) transfer structure. However, all messages passed over this interface will include bitmap 1.
Bitmaps will be formatted as binary.
NBS - CAPO Application
Interface Specification
FUJ00002240
FUJ00002240
Project: EMV - Banking and Retail
Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.1
4.2.1.1 Overview
[R3] - Balance Enquiry
This message is sent by the NBS to CAPO. The message requests a Balance Enquiry transaction.
The [R3] Balance Enquiry message maps to the following ISO message:
e 0100 - Authorisation Request
4.2.1.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number 002 M
Processing Code 003 310000 for Balance Enquiry.
‘Amount, Transaction (004 Not required
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration O14 Not required
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Point of Service Entry Mode 022 M
Card Sequence Number 023 Not required
Point of Service Condition Code 025 M
Point of Service PIN capture code 026 Not required.
‘Approval Code Length 027 Not required
‘Amount Transaction Fee 028 Not required.
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required,
Code
Primary Account Number, Extended 034 Not required,
Track-2 Data 035 c Mandatory if track data is available (ICC processed or
card successfully swiped)
Retrieval Reference Number 037 M
Card Acceptor Terminal Identification 041 M
Card Acceptor Name / Location 043 M
Curreney Code, Transaction 049 M
Personal Identification Number (PIN) 052 M
Data
ICC Data 055 Cc Mandatory if ICC processed
Point of Service Data 061 Not required,
Receiving Institution Country Code 068 Not required
Receiving Institution Identification 100 Not required.
Code
Created on 27-Aug-2010 Version 5.0 Page 24 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.2 [R3] - Financial Transaction Request - Withdrawal
4.2.2.1 Overview
This message is sent by the NBS to CAPO. The message requests a financial transaction of one of
the following types:
¢ Withdrawal with Balance.
¢ = Withdraw Limit.
The [R3] Financial Transaction Request message maps to the following ISO message:
e 0200 - Financial Transaction Request.
4.2.2.2 Message Definition
Message Element Bitmap Required I Notes/ Conditions
Reference
Primary Account Number (002 M
Processing Code 003 M 010000 for Withdrawal with Balance.
910000 for Withdraw Limit.
‘Amount, Transaction 004 M Requested Amount for “Withdrawal with Balance”.
For “Withdraw Limit’, this will be set to the Product
Limit
Amount, Settlement 005 Not required.
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required,
‘Systems Trace Audit Number on M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration 014 Not required,
Date, Settlement 015 M
Date, Conversion 016 Not required,
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding institution Country Code 021 Not required.
Point of Service Entry Mode 022 M
Card Sequence Number 023 Not required,
Point of Service Condition Code 025 M
Point of Service PIN Capture Code 026 Not required,
‘Authorisation Identification Response 027 Not required.
Length
‘Amount, Transaction Fee 028 Not required.
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required
Code
Primary Account Number, Extended 034 Not required
Track-2 Data 035 c Mandatory if track data is available (ICC processed or
card successfully swiped),
Retrieval Reference Number 037 M
Response Code 039 Not required,
Card Acceptor Terminal Identification 044 M
Card Acceptor Name / Location 043 M
Currency Code, Transaction 049 M
Currency Code, Settlement 050 Not required.
Personal Identification Number (PIN) 052 M
Data
ICC Data 055 Cc Mandatory if ICC processed
Point of Service Data 061
Receiving Institution Country Code 068 Not required.
Created on 27-Aug-2010 Version 5.0 Page 25 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV - Banking and Retail
Interface Specification
Pt Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Receiving Institution Identification 700 Not required,
Code
Account Identification 4 102 Not required,
Account Identification 2 103, Not required.
Created on 27-Aug-2010 Version 5.0 Page 26 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.3. [R3] - Financial Transaction Request -— Withdrawal Correction
4.2.3.1 Overview
This message is sent by the NBS to CAPO. The message requests a cash deposit transaction —
known at the counter as Withdrawal Correction. It is intended for use as a correction of a previous
withdrawal, but no dependencies are imposed on the interface with respect to the ordering of such
transactions. Entry of the PIN by the customer is required.
The [R3] Financial Transaction Request message maps to the following ISO message:
e 0200 - Financial Transaction Request.
Note, however, the processing code specifies deposit, but with non-standard source and destination
accounts. Both are selected as 09, which is “default - reserved for private use” per ISO 8583-1:2003;
see A17.2, table A.23.
4.2.3.2 Message Definition
Message Element Bitmap Required] Notes / Conditions
Reference
Primary Account Number (002 M
Processing Code (003 M 2710909 for withdrawal correction
Amount, Transaction 004 M
‘Amount, Settlement 005 Not required.
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required,
Systems Trace Audit Number on M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration 14 Not required.
Date, Settlement 015 M
Date, Conversion 016 Not required:
Acquiring institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 024 Not required.
Point of Service Entry Mode 022 M
Card Sequence Number 023 Not required.
Point of Service Condition Code 025 M
Point of Service PIN Capture Code 026 Not required.
‘Authorisation Identification Response 027 Not required.
Length
‘Amount, Transaction Fee 028 Not required.
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required,
Code
Primary Account Number, Extended 034 Not required,
Track-2 Data 035 Cc Mandatory if track data is available (ICC processed or
card successfully swiped).
Retrieval Reference Number 037 M
Response Code 039 Not required
Card Acceptor Terminal Identification 041 M
Card Acceptor Name / Location 043 M
Currency Code, Transaction 049 M
Currency Code, Settlement 050 Notrequired
Personal Identification Number (PIN) 052 M
Data
ICC Data 055 ¢c Mandatory if ICC processed
Point of Service Data 061
Receiving Institution Country Code 068 Not required
Receiving Institution Identification 100 Not required.
Code
Created on 27-Aug-2010 Version 5.0 Page 27 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
' NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
‘Account Identification 4 702 Not required,
Account Identification 2 103, Not required.
Created on 27-Aug-2010 Version 5.0 Page 28 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV ~ Banking and Retail
Interface Specification
Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.4
4.2.4.2
[R3] - PIN Change
4.2.4.1 Overview
This message is sent by the NBS to CAPO. The message requests a PIN Change transaction.
The [R3] PIN Change message maps to the following ISO message:
e 0100 - Authorisation Request.
Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number 002 M
Processing Code (003 900000 for PIN Change
‘Amount, Transaction 004 Not required,
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration O14 Not required
‘Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 024 Not required.
Point of Service Entry Mode 022 M
‘Card Sequence Number 023 Not required,
Point of Service Condition Code 025 M
Point of Service PIN capture code 026 Not required.
‘Approval Code Length 027 Not required.
‘Amount, Transaction Fee 028 Not required
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required.
Code
Primary Account Number, Extended 034 Not required.
Track-2 Data 035 Cc Mandatory if track 2 data is available (ICC processed
or card successfully swiped).
Retrieval Reference Number 037 M
Card Acceptor Terminal Identification 4 M
Card Acceptor Name / Location 043 M
Currency Code, Transaction 049 ie) Omitted by NBS.
Personal Identification Number (PIN) 052 M The “old” PIN
Data
ICC Data 055 Cc Mandatory if ICC processed
Point of Service Data 061
Receiving Institution Country Code 068 Not required.
Receiving Institution Identification 100 Not required.
Code
New PIN (Reserved for Private Use) 123, M The "new" PIN.
Created on 27-Aug-2010 Version 5.0 Page 29 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV - Banking and Retail
Interface Specification
Pt Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.5 [A1] - Balance Enquiry Response
4.2.5.1 Overview
This message is sent by CAPO to the NBS. The message contains a Balance Enquiry request
response.
The [A1] Balance Enquiry Response message maps to the following ISO message:
e 0110 - Authorisation Request Response.
4.2.5.2 Message Definition
Message Element Bitmap Required I Noles / Conditions
Reference
Primary Account Number 002 M Echoed from the request message.
Processing Code 003 M Echoed from the request message.
‘Amount, Transaction 004 Not required.
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M Echoed from the request message.
Time, Local Transaction 012 M Echoed from the request message.
Date, Local Transaction 013 M Echoed from the request message.
‘Acquiring institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required
Country Code
Forwarding Institution Country Code 021 Not required
‘Network international identifier 024 Not required.
Point of Service Condition Code 025 M Echoed from the request message.
‘Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M Echoed from the request message.
Code
Forwarding Institution Identification 033 Not required,
Code
Primary Account Number, Extended 034 Not required.
Retrieval Reference Number 037 M Echoed from the request message.
Authorisation Identification Response 038 M
Response Code 039 M
Card Acceptor Terminal Identification 041 M Echoed from the request message.
Additional Response Data 04a Cc Mandatory if Response Code=30 (field in error)
Currency Code, Transaction 049 M
‘Additional Amounts 054 c The Available and Ledger balances if request was
successful
Receiving Institution Country Code 068 Not required.
Receiving institution identification 100 Not required.
code
Created on 27-Aug-2010 Version 5.0 Page 30 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.6 [A1] - Financial Transaction Response - Withdrawal
4.2.6.1 Overview
This message is sent by CAPO to the NBS. The message contains a Financial Transaction request
response.
The [A1] Financial Transaction Request Response message maps to the following ISO message:
e 0210 - Financial Transaction Request Response.
4.2.6.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number. 002 M Echoed from the request message.
Processing Code 003 M Echoed from the request message.
‘Amount, Transaction 004 M Echoed from the request message, except for an
approved “Withdraw Limit” transaction, where this will
be set to the amount authorised by CAPO
Amount, Settlement 005, Not required.
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required.
Systems Trace Audit Number O11 M Echoed from the request message.
Time, Local Transaction 012 M Echoed from the request message.
Date, Local Transaction 013 M Echoed from the request message.
Date, Settlement 015 M Echoed from the request message.
Date, Conversion 016 Not required.
Acquiring Institution Country Code. 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Card Sequence Number 023 Not required.
Network International identifier 024 Not required.
Point of Service Condition Code 025, M Echoed from the request message.
Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M Echoed from the request message.
Code
Forwarding Institution Identification 033 Not required.
Code
Primary Account Number, Extended 034 Not required.
Retrieval Reference Number 037 M Echoed from the request message.
Authorisation Identification Response 038 M
Response Code 039 M.
Card Acceptor Terminal Identification 041 M Echoed from the request message.
Additional Response Data 044 Cc Mandatory if Response Code=30 (field in error)
Currency Code, Transaction 049 M Echoed from the request message.
Currency Code, Settlement 050 Not required.
Additional Amounts 054 c The Available and Ledger balance information if the
request was authorised, or declined because of
insufficient funds.
Receiving Institution Identification 100 Not required.
Code
Account Identification 1 102 Not required.
Account Identification 2 103 Not required.
4.2.7. [A1] - Financial Transaction Response — Withdrawal Correction
4.2.7.1 Overview
This message is sent by CAPO to the NBS. The message contains a Financial Transaction request
response.
Created on 27-Aug-2010 Version 5.0 Page 31 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV - Banking and Retail
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
The [A1] Financial Transaction Request Response message maps to the following ISO message:
e 0210 - Financial Transaction Request Response.
4.2.7.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number 002 M Echoed from the request message.
Processing Code 003 M Echoed from the request message.
‘Amount, Transaction 004 M Echoed from the request message.
‘Amount, Settlement 005 Not required.
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required,
‘Systems Trace Audit Number on M Echoed from the request message.
Time, Local Transaction 012 M Echoed from the request message.
Date, Local Transaction 013 M Echoed from the request message.
Date, Settlement 015 M Echoed from the request message.
Date, Conversion 016 Not required.
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Card Sequence Number 023 Not required,
‘Network international Identifier 024 Not required.
Point of Service Condition Code 025 M Echoed from the request message.
‘Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M Echoed from the request message.
Code
Forwarding Institution Identification 033 Not required.
Code
Primary Account Number, Extended 034 Not required
Retrieval Reference Number 037 M Echoed from the request message.
‘Authorisation Identification Response 038 M
Response Code 039 M
Card Acceptor Terminal Identification 041 M Echoed from the request message.
‘Additional Response Data 044 Cc Mandatory if Response Code=30 (field in error)
‘Currency Code, Transaction 049 M Echoed from the request message.
Currency Code, Settlement 050 Not required.
‘Additional Amounts 054 c ‘The Available and Ledger balance information if the
request was authorised or the following errors
returned: 83 - 86, 14 & 58.
Receiving Institution Identification 100 Not required
Code
Account Identification 1 102 Not required.
Account Identification 2 103 Not required.
Created on 27-Aug-2010 Version 5.0 Page 32 of 52
© Post Office™ 2004-2010 APPROVED
NBS - CAPO Application
Interface Specification
Project:
Doc Ref:
COMMERCIAL IN CONFIDENCE
FUJ00002240
FUJ00002240
EMV - Banking and Retail
NB/IFS/025
4.2.8
4.2.8.1
4.2.8.2
Overview
[A1] - PIN Change Response
This message is sent by CAPO to the NBS. The message contains a PIN Change request response.
The [A1] PIN Change Response message maps to the following ISO message:
e 0110 - Authorisation Request Response.
Message Definition
Message Element Bitmap Required] Notes / Conditions
Reference
Primary Account Number 002 M Echoed from the request message.
Processing Code (003 Echoed from the request message.
‘Amount, Transaction 004 Not required.
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M Echoed from the request message.
Time, Local Transaction 012 M Echoed from the request message.
Date, Local Transaction 013 M Echoed from the request message.
Acquiring Institution Country Code: 019 Not required.
Primary Account Number Extended, 020 Not required
Country Code
Forwarding Institution Country Code 021 Not required.
‘Network international Identifier 024 Not required.
Point of Service Condition Code 025 M Echoed from the request message.
‘Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M Echoed from the request message.
Code
Forwarding Institution Identification 033 Not required,
Code
Primary Account Number, Extended 034 Not required.
Retrieval Reference Number 037 M Echoed from the request message.
Authorisation Identification Response 038 M
Response Code 039 M
Card Acceptor Terminal Identification 041 M Echoed from the request message.
Additional Response Data 04a Cc Mandatory if Response Code=30 (field in error)
Currency Code, Transaction 049 Cc Echoed from the request message if present.
Receiving Institution Country Code 068 Not required.
Created on 27-Aug-2010 Version 5.0 Page 33 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
- NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.9 [E41] - Reversal Request
4.2.9.1 Overview
This message is sent by the NBS to CAPO when a financial transaction that has been processed by
the issuer needs to be reversed.
The [E1] message maps to the following ISO messages:
e 0420 - Reversal Request
e 0421 - Reversal Repeat.
Reversal [E1] messages are generated by the NBS. These are only sent to the Fl to reverse a previously
authorised Accept transaction (i.e. [A1]) according to the following conditions:
e The Authorisation [A‘] is late (i.e. is received after the Agent timeout period has been exceeded)
e The transaction outcome at the counter is different to the Authorisation response received at the
counter ([A3]) (e.g. clerk declines to proceed due to suspected fraud)
e The transaction outcome at the counter is indeterminate (e.g. counter has timed out waiting for
response, or ICC failed to complete any script processing)
Reversals [E1] can only be generated when the [A1] message to be reversed can be matched against a
[R3] request.
The NBS prevents duplicate 0420 messages being sent to the Fl.
Reversal Requests may be sent up to a period, which shall be configurable and shall be set initially to
5 days, after the original transaction to which it refers.
Note that partial reversals are not supported over this interface. PIN Change reversals are also not
supported.
4.2.9.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Primary Account Number 002 M
Processing Code (003 M Copied from the [Aq]
‘Amount, Transaction 004 M
‘Amount, Settlement (005 Not required,
Transmission Date and Time 007 M
Conversion Rate, Settlement 009 Not required,
‘Systems Trace Audit Number O11 M
Time, Local Transaction 012 M
Date, Local Transaction 013 M
Date, Expiration 014 Not required
Date, Settlement 015 M Copied from the [R3]
Date, Conversion 016 Not required
Acquiring Institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 021 Not required.
Point of Service Entry Mode 022 M
Card Sequence Number 023 Not required.
Point Of Service Condition Code 025 M
Point Of Service PIN Capture Code 026 Not required.
Created on 27-Aug-2010 Version 5.0 Page 34 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV - Banking and Retail
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
‘Amount Transaction Fee 028 Not required,
‘Amount, Transaction Processing Fee 030 M
‘Acquiring Institution Identification 032 M
Code
Forwarding Institution Identification 033 Not required
Code
Primary Account Number, Extended 034 Not required
Track-2 Data 035 c Mandatory if track data is available (ICC processed or
card successfully swiped),
Retrieval Reference Number 037 M
Authorisation Identification Response 038 M
Card Acceptor Terminal Identification 041 M
Card Acceptor Name/Location 043 M
Currency Code, Transaction 049 M
Curreney Code, Settlement 050 Not required.
Personal Identification Number (PIN) 052 Not required
Data
ICC Data 055 May be present but is not required.
Advice/Reversal Reason Code 060 M
(Reserved Private)
Point of Service Data 061
Receiving Institution Country Code 068 Not required.
Original Data Elements. (090 M
Replacement Amounts (095 Not required.
Receiving Institution Identification 100 Not required
Code
Account Identification 1 102 Not required.
Account Identification 2 103, Not required.
Created on 27-Aug-2010 Version 5.0 Page 35 of 52
© Post Office™ 2004-2010 APPROVED
Project:
NBS - CAPO Application
Interface Specification Doc Ref:
COMMERCIAL IN CONFIDENCE
FUJ00002240
FUJ00002240
EMV - Banking and Retail
NB/IFS/025
4.2.10
4.2.10.1 Overview
[E2] - Reversal Request Response
This message is sent by CAPO to the NBS in response to a reversal request from the NBS.
Reversal [E1] messages are “must deliver” messages. If an [E2] Reversal Response from the FI is not
received within a configurable period, a [E1] Reversal Repeat is sent subject to not exceeding a
configurable number of retries / elapsed time.
The [E2] message maps to the ISO message 0430 — Reversal Request Response.
4.2.10.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Processing Code 003 M Echoed from the 042x message.
‘Amount, Transaction 004 M
Transmission Date and Time (007 M
Conversion Rate, Settlement 009 Not required
‘Systems Trace Audit Number on M Echoed from the 042x message.
Time, Local Transaction 012 M Echoed from the 042x message.
Date, Local Transaction 013 M Echoed from the 042x message.
Date, Settlement 015 M Echoed from the 042x message.
Date, Conversion 016 Not required.
‘Acquiring institution Country Code 019 Not required.
Primary Account Number Extended, 020 Not required.
Country Code
Forwarding Institution Country Code 024 Not required.
Card Sequence Number 023 Not required
‘Network International Identifier 024 Not required,
Point of Service Condition Code 025 M Echoed from the 042x message.
‘Amount, Transaction Fee 028 Not required.
‘Acquiring Institution Identification 032 M Echoed from the 042x message.
Code
Forwarding Institution Identification 033 Not required
Code
Primary Account Number, Extended 034 Not required,
Retrieval Reference Number 037 M Echoed from the 042x message.
Response Code 039 M Will be set to either 00 — Approved, or 30 — Field in
error.
Card Acceptor Terminal Identification Oa M Echoed from the 042x message.
Additional Response Data 04a Cc Mandatory if Response Code=30 (field in error)
Currency Code, Transaction 049 M Echoed from the 042x message.
Currency Code, Settlement 050 Not required.
Receiving Institution Country Code 068 Not required.
Original Data Elements (090 M Echoed from the 042x message.
Replacement Amounts 095 Not required
Receiving Institution Identification 100 Not required
Code
Account Identification 1 102 Not required
Account Identification 2 103, Not required.
Created on 27-Aug-2010 Version 5.0 Page 36 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
. NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.11 Administration Advice (0620)
4.2.11.1 Overview
Administration Advice messages are sent from NBS to CAPO when a received message cannot be
deblocked or when a message fails syntax checking, in order to initiate manual investigation of a
problem by either CAPO or the NBS. CAPO will not generate Administration Advice messages, but
NBS will correctly handle their receipt.
The Administration Advice message maps to ISO message 0620.
4.2.11.2 Message Definition
Message Element Bitmap Required I Notes / Conditions
Reference
Transmission Date and Time 007 M
‘Systems Trace Audit Number O17 M
Network Management Information 070 M Set to be 900
Code
Info Text 124 M
Created on 27-Aug-2010 Version 5.0 Page 37 of 52
© Post Office™ 2004-2010 APPROVED
@
NBS - CAPO Application
Interface Specification
FUJ00002240
FUJ00002240
Project: EMV - Banking and Retail
Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.12 Network Management Messages (0800 / 0810)
The following Network Management Messages will be exchanged between CAPO and the NBS:
*® 0800 - Network Management Request Message
e® 0810 - Network Management Response Message
They are used for the following purposes (followed by associated Network Management Information Code):
= Logon, i
= Log off,
tiated by NBS (071)
jated by NBS (072)
= Handshake, initiated by NBS (361)
= Key Change - Acquirer zone from NBS (161)
The conditions under which these messages, except for Handshakes, are sent for each of the specified
purposes are described in section 6.4. The use of Handshakes is described in the NBS — POCA Technical
Interface Specification, [Ref. 10] which replaces [Ref. 10].
4.2.12.1
Network Management Request (0800)
Message Element Bitmap Required I Notes / Conditions
Reference
Transmission Date and Time 007 M.
Systems Trace Audit Number O11 M Set for this transaction
Network Management Information 070 M Values will depend on message purpose, as described
Code above
Message Security Code 096 Cc Required for key change, logon and logoff
Network Management Information 125 Cc Required for key change. Positions 01-32=32 byte
working key (encrypted under the Acquirer Zone
Master Key using Atalla variant 1), 33-38=check value,
39-60 Spaces (optional)
4.2.12.2
Network Management Request Response (0810)
Message Element Bitmap] Required I Notes / Conditions
Referenc
e
Transmission Date and Time 007 M
‘Systems Trace Audit Number on M Copied from the 0800
Response Code 039) M
Network Management information Code 070. M This is copied from the 0800 received message.
Created on 27-Aug-2010 Version 5.0 Page 38 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
- NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
4.2.13 REC -NBS Reconciliation File Format
The REC reconciliation file, and the conditions under which it is sent to CAPO from the NBS are addressed in
the NBS — FI Reconciliation and Settlement File Format AIS, [Ref. 4]. The file transfer mechanism and
conditions of transfer are described in the NBS — POCA Technical Interface Specification, [Ref. 10].
Created on 27-Aug-2010 Version 5.0 Page 39 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
5 Transfer Structure
5.1 Transfer Grouping
The following figure shows the end-to-end message sequences, using the RACE (Request / Authorise /
Confirm / Exception) model, for all application messages between the NBS and CAPO.
woeezeee-Lieout
pon, CAPO of Se ,
i
o100 ott0/ H
0800 0810 0200 0620 02100620 } REC
[R3] (At) H I
Nenana? ; ?
NBS H
powe{C2}o—p!
Leica} TES
Rt] 13]
Horizon Online
Counter Systems
Figure 1 - CAPO Message Flows in the Network Banking Environment
A 0620 message may be issued by the NBS in response to all messages from CAPO (for simplicity, only one
such flow is shown on the diagram). Note also that CAPO will not send 0620 messages to NBS; however, the
diagram shows that NBS will correctly process any that it receives.
Reversals (0420 messages) are not sent from NBS to CAPO unless and until an approved response (0210
message) has been received from CAPO.
In the event that NBS does not receive a reversal response within the allotted time interval then the NBS may
send EBT repeat reversals (0421 messages). CAPO will ensure that a reversal is not applied to an account
more than once.
The interface should be resilient to the transfer of duplicate messages; in practice, however, this should only
happen after failure and recovery of either end of the interface.
CAPO will not validate transmission date and time in messages against the date and time that messages are
received.
The interface details are also described in the NBS — POCA Technical Interface Specification, [Ref. 10].
5.2 Transfer Structure
The messages defined in this AIS will be exchanged in accordance with ISO 8583 (1987), [Ref. 1], which
describes the use of Message Type Identifier, Bit Map and Data Elements in the message structure. Note that
the messages exchanged over this interface do not use the third bit map or any of its supported data
elements. Note also that the Bit Maps are transferred in binary.
FUJ00002240
FUJ00002240
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
Messages for one transaction may be interleaved with messages for any other transaction. Requests (0100
and 0200 messages) may continue to be sent during a key change, using the existing key until the Key
Change response has been received.
5.3 Record Structure
The record structure for the REC file passed over this interface is described in the NBS — FI Reconciliation
and Settlement File Format AIS, [Ref. 4]. The details are not repeated here.
5.4 Sequences
Figure 1 above (see Section 5.1) shows the end-to-end message sequences of all the messages supported by
this AIS, from the PO Outlet to CAPO. Further detail relating specifically to the NBS-CAPO connection can
be found in the NBS - POCA Technical Interface Specification (Ref. [10]). The interface must be resilient to
the disconnection or loss of any part of the total network-banking environment for short or extended periods.
5.5 Data Volumes
Data Rates and Volumes over this interface are addressed within NBS Volume Model Comparisons, [Ref. 2].
5.6 Data Authentication
Message Authentication Codes (MACs) are not sent between CAPO and the NBS.
5.7 Data Dictionary
The Data Elements used on this interface are defined and described within ISO 8583 (1987), [Ref. 1].
Created on 27-Aug-2010 Version 5.0 Page 41 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
6 Security of Transmitted Data
The security standards for the NBS — CAPO interface are described in the NBS — POCA Technical Interface
Specification, [Ref. 10].
6.1 Protected Data
PIN blocks that pass across the interface from NBS to CAPO are encrypted under an Acquirer Working Key
(AWK). This key is used in the NBS - CAPO shared security zone. PIN Blocks encryption is translated from
the other security zone keys to protection under this shared key using a hardware encryption module. The PIN
blocks are never rendered in clear outside the hardware module.
Acquirer Working Keys (AWKs) are exchanged electronically encrypted under an Acquirer Zone Master Key
(AZMk) shared between NBS and CAPO. To facilitate import of the AWK into the CAPO systems, the AWK
is encrypted using Atalla variant 1 as defined in [ATCRM]. The AZMK is generated and owned by CAPO. The
AWK is owned and generated by the NBS.
6.2 Encryption and Decryption Methods
PIN Block and Acquirer Working Key transmission is protected by Triple DES double length keys, 112bit plus
key check data.
All data transmitted on communication lines between the NBS and CAPO as described in the NBS - POCA
Technical Interface Specification, [Ref. 10].
6.3 Session Establishment
Session Establishment will be initiated by the NBS. Initial Logon message exchanges are followed by
transmission of a new AWK by the NBS to CAPO, with a key check value protected by encryption under the
shared current AZMK.
CAPO verifies the key and acknowledges it to NBS. All PIN Block data is protected by this AWK until the
session ends or the AWK is renewed.
The only messages categorised as “must deliver” are Reversal Request (0420/0421).
6.4 Key Management
Key ownership is described in section 10 of the document Horizon - EDS Operational Level Agreement, [Ref.
6]. See also section 6.7 of the document NBX - POCA TIS, [Ref. 10]. NBS - CAPO Zone Management Keys
are managed in NBS.
CAPO:
e Generates three new AZMK components
e« AZMK components will be generated in a secure manner
e Key components will contain
« Akey identifier (visible)
e Akey generation date (visible)
Created on 27-Aug-2010 Version 5.0 Page 42 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
- NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
« Acomponent number (visible)
e 32 hex characters in two groups of sixteen characters — Triple DES key component, VISA method
e Four hex character Key Check Value, VISA method, printed securely and on separate sheet for the Key
Manager.
NBS:
e Manages secure logon of key holders & the key manager
e Accepts entry of key components & verifies component check digits
e Generates the AZMK from the key components & verifies the key check digits
Keys component documents must be stored and transported separately and securely.
The CAPO — NBS AZMK is renewed every six months by the process described above. The AZMK, having
been produced as described above, is securely transported to the NBS. The NBS and CAPO operations will
agree a time for key promotion. Promotion by both parties will be preceded by telephone coordination. After
promotion of the new AZMK the NBS operator will initiate an AWK exchange under the new AZMK using the
AWK Key Change sequence. This will provide online key verification of the AZMK. If this online key
verification procedure is successful the promoted AZMK will be confirmed as the current AZMK. If the AWK
exchange is unsuccessful manual procedures initiated by NBS and CAPO operators will revert to the old
AZMK.
CAPO requires more than one Processor Interface (PI) to support the transaction throughput for the NBS. For
this configuration each PI will be configured to support two TCP/IP socket connections. A logical session will
be initiated by a logon, and data for that session will flow over both socket connections belonging to that PI
(see the NBS - POCA Technical Interface Specification, [Ref. 10] for further details). Each PI generates a
NBS — CAPO Acquirer Working Key (AWK) which it sends to CAPO for validation. This AWK, if validated by
CAPO, is used by both socket connections between CAPO and the NBS PI that generated it. Logical sessions
for a different PI will use the AWK generated by that PI. All NBS Pls will protect their AWK in transit to CAPO
by encryption using the same AZMK, during its six months of currency. The AWKs are changed under the
following conditions (note that it is not necessary to change the AWKs as soon as the AZMK is changed).
e Every 24 hours where the session remains active (an AWK may be changed at a set (configurable) clock
time and will remain valid until it is changed)
e At-session initiation by NBS
* Onreceipt by CAPO of a 6" invalid PIN block on a session
e When an NBS operator requests a key change.
Work Load Distribution between the Pls will be performed by the NBS at the application level. To ensure that
the correct AWK is used, PIN block translation must occur after PI selection.
The Acquirer Zone Master Key is verified electronically after it has been transferred manually in component
form. The Acquirer Working Keys are exchanged and verified electronically. The network management
(0800/0810) messages used to perform these functions are described in detail in the following sections:
Created on 27-Aug-2010 Version 5.0 Page 43 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
~ NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
6.4.1. Acquirer Working Key Distribution
NBS owns and generates AWKs. New AWKs are distributed and verified electronically.
6.4.1.1 NBS Initiated Log On
1. Successful Log On
NBS CAPO
Logon ——— 0800 (071) ———_>
«——— 0810 (071) OK (Response
Code 00 —
Completed
successfully)
Key Change —_ 0800 (161) ———>
(AWK)
<—— 0810 (161) OK (Response
Code 00 —
Completed
successfully)
2. Bad AWK
NBS CAPO
Logon ——— 0800 (071) ———_>
<——— 0810 (071) ————_ OK (Response
Code 00 —
Completed
successfully)
Key Change ———— 0800 (161) ———_
(AWk) New Key
<——— 0810 (161) ————_ Denied
(Response
Code 76 - Key
synchronisation
error)
The NBS will resend the same AWK a configurable number of times
(currently set to 6). On the 6"" 76 code, the NBS will generate and
send a new AWK, and the retry count will be reset. In the event of
multiple key synchronization errors, NBS operations should verify
that the key management system and application configuration
parameters are correctly set for the current AZMK tag. If no fault is
found, NBS/CAPO operations should be contacted to investigate the
problem (e.g. establish whether the ZMK has just been changed,
whether either system has been restarted, when the last successful
message transfer was etc.).
Created on 27-Aug-2010 Version 5.0 Page 44 of 52
© Post Office™ 2004-2010
APPROVED
FUJ00002240
FUJ00002240
NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
3. No response to AWK
NBS CAPO
Logon — 0800 (071) ———>
<——— 0810 (071) ————_ OK (Response
Code 00 —
Completed
successfully)
Key Change ———— 0800 (161) ———
(AWK)
No response
NBS will resend the message a configurable number of times
(currently set to 5). If there is still no response, NBS operations
should initiate investigation of the problem. e.g. If consultation
indicated a communication failure, Network Management should be
alerted.
6.4.1.2 Key Change due to PIN validation errors detected by CAPO
1. More than 5 PIN errors in a session.
NBS CAPO
Business ———— 0100/0200-__
message
<—— 0100/0200-———_ Error
(Response
Code 76 —- Key
synchronisation
error)
(6" occurrence)
Key Change ——— 0800 (161) ———>
(AWK)
<—— 0810 (161) OK (Response
Code 00 —
Completed
successfully)
NBS will expedite the Key Change to minimise the number of
messages rejected due to PIN errors (code 76). In the event of an
unsuccessful Key Change, the PI should be stopped to allow
NBS/CAPO operations to investigate the problem.
6.4.1.3 Key Change NBS Operator request or 24hr use limit
1. Successful key change.
NBS CAPO
Key Change 0800 (161) ———>
(AWk)
<—— 0810 (161) OK (Response
Code 00 —
Completed
successfully)
Created on 27-Aug-2010 Version 5.0 Page 45 of 52
© Post Office™ 2004-2010 APPROVED
@
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
FUJ00002240
FUJ00002240
2. Bad AWK
NBS CAPO
Key Change ——— 0800 (161) ——>
(AWk)
<—— 0810 (161) ————_ Denied
(Response
Code 76 - Key
synchronisation
error)
The NBS will resend the same AWK a configurable number of times
(currently set to 6). On the 6"" 76 code, the NBS will generate and
send a new AWK, and the retry count will be reset. In the event of
multiple key synchronization errors, NBS operations should verify
that the key management system and application configuration
parameters are correctly set for the current ZMK tag. If no fault is
found, NBS/CAPO operations should be contacted to investigate the
problem (e.g. establish whether the ZMK just been changed,
whether either system has been restarted, when the last successful
message transfer was etc.).
3. No response to AWK Request
NBS CAPO
Key Change ——— 0800 (161) ———>
(AWk)
No response
NBS will resend the message a configurable number of times
(currently set to 5). If there is still no response, NBS operations
should initiate investigation of the problem. e.g. If consultation
indicated a communication failure, Network Management should be
alerted.
Created on 27-Aug-2010 Version 5.0 Page 46 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
NBS -CAPO Application Project: EMV - Banking and Retail
Interface Specificati
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
7 Operational Procedures
7.1 Processing Cycles
This interface relates to online and batch message exchange to support real time financial transactions, and to
the daily transmission to CAPO of the REC file.
Stale messages are logged and discarded before transmission or on receipt, as appropriate and no further
processing takes place.
The timeout associated with each message type is addressed in NBX Business Parameters, [Ref. 7].
“Must deliver” messages are retransmitted at parameter intervals until delivery is successful, as described in
NBX Business Parameters, [Ref. 7].
Transfer Initiation
All transfers defined in this AIS are automatic.
7.2 Security Procedures
Manual Procedures are required to support the above key management protocol, as described in Section 6
above.
7.3 Fallback Procedures
Fallback procedures are described in the NBX — POCA Technical Interface Specification, [Ref. 10]. Each
system is responsible for its own recovery after failure. Restoration of the interface and the disposal of stale
messages (other than “must deliver” messages) is expected to be automatic. 0100, 0200, 0110 and 0210 ([R]
and [A]), 0620, 0800 and 0810 messages awaiting transmission at the time of failure can safely be discarded,
as the integrity of the transaction is protected by timeouts. However, 0420 and 0421 ([E]) messages are to be
treated as “must deliver” and therefore must be transmitted on recovery.
7.4 Control
The interface must be resilient to duplicate messages, which may occur after recovery of any element in the
system, but are not otherwise expected to occur.
Lost or discarded messages are handled by timeout processing at every stage of the message sequence, to
ensure that incomplete transactions are declined if unauthorised or reversed if authorised.
The NBS will log events affecting this interface (e.g. response indicating receipt by CAPO of an invalid PIN
block) to an Event Log. These events will be managed by Tivoli for escalation to the relevant Help Desk, as
appropriate to the code associated with the event.
Created on 27-Aug-2010 Version 5.0 Page 47 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
. NBS - CAPO Application — Project: EMV - Banking and Retail
E Interface Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
8 Appendix A
8.1 Response Codes
The response codes are defined in the document Horizon — Card Account Mapping, [Ref. 3].
Created on 27-Aug-2010 Version 5.0 Page 48 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
- NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
8.2 Reversal Reason Codes
The reasons that may be provided with Reversal Request [E1] messages sent by the NBS to CAPO are
defined in Horizon — Card Account Mapping [3].
Created on 27-Aug-2010 Version 5.0 Page 49 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
- NBS - CAPO Application — Project: EMV - Banking and Retail
Interfe Ss ificatic
E ni face Specification Doc Ref: NB/IFS/025
COMMERCIAL IN CONFIDENCE
9 APPENDIX B
NBS-EBT Interface — ICC Data Field
Field 055 - ICC Data
Format
h.. 510
LLLVAR
Des
n
ICC Data (Field 055) is used to transport chip-specific data over the network. It will be present in all
authorisation requests, if POS Entry Mode (Field 022) indicates that the transaction was chip-initiated (value
05’).
Structure
Field 055 has its own generic structure and may contain one or more Private Data Sub-elements (PDSs), as
shown in the figure below.
‘LLL’ 'VAR' - up to 510 bytes
one or more PDS occurrences
3 bytes 2 or 4 bytes 2 bytes variable length
Data PDS Tag PDS Length PDS Data
Element
Length
Length Data Zone
Data Element Length specifies the total number of bytes in the Data Zone immediately following it.
Data Zone contains the ASCII representation of each hexadecimal digit (i.e. nibble) of the chip data to be
transferred; this comprises one or more PDS occurrences.
Each PDS corresponds to an EMV data element/object and comprises the following sub-fields.
PDS Tag 2 or 4 byte ‘tag' value (ASCII hexadecimal), identifying the EMV data object contained in
the PDS. The second two bytes are present only if the first byte is odd (‘1’, ‘3’,.....’B’, ‘D’,
‘F’) and the second byte is 'F’.
PDS Length 2 bytes, specifying the length (in bytes) of the PDS Data immediately following it,
expressed as an ASCII representation of a decimal number (e.g. ‘12’ means the integer 12)
in the range 1 to 99.
Created on 27-Aug-2010 Version 5.0 Page 50 of 52
© Post Office™ 2004-2010 APPROVED
FUJ00002240
FUJ00002240
Project: EMV - Banking and Retail
NB/IFS/025
NBS - CAPO Application
Interface Specification Doc Ref:
@
COMMERCIAL IN CONFIDENCE
PDS Data Variable between 1 and 99 bytes, containing the actual data from the corresponding EMV
data object (as identified by the PDS Tag).
The PDS structure is referred to as Tag-Length-Value (TLV), as defined in the EMV standards.
Note that PDS's may appear in any order in Data Zone. The order shown in the table below corresponds to
that in which the relevant fields are input to the ARQC verification algorithm.
PDS's for Card Account
The PDS's required for Card Account transactions (passed in the NBS-EBT On-line Interface) are listed in the
following table. Note that the lengths shown in the table assume that all PDS Data is ASCII representation of
either hexadecimal digits, or decimal digits.
PDS Tag I Length I Comments
(Bytes)
Application Cryptogram 9F26 16 Contains an ARQC (ASCII hexadecimal)
Cryptogram Information Data 9F27 2 ASCII hexadecimal
Transaction Amount 9FO2 12 Format n12 (ASCII numeric), set as follows:
e Requested Amount for Withdrawal with
Balance, Withdrawal Correction and
Deposit
e — Product Limit for Withdraw Limit
e ‘000000000000’ for Balance Enquiry and
PIN Change
Terminal Country Code 9F1A 4 Format n4 (ASCII numeric, set to ‘0826’)
Terminal Verification Results (TVR) 95 10 ASCII hexadecimal
Transaction Currency Code 5F2A 4 Format n4 (ASCII numeric. 1* character
always ‘0’)
Transaction Date 9A 6 Format n6 (ASCII numeric YYMMDD)
Transaction Type 9c 2 Format n2 (ASCII numeric)
Unpredictable Number 9F37 8 (ASCII hexadecimal)
Application Interchange Profile (AIP) 82 4 (ASCII hexadecimal)
Application Transaction Counter (ATC) I 9F36 4 (ASCII hexadecimal)
Issuer Application Data (IAD) 9F10 12 This PDS comprises the following:
e Derivation Key Index (2 bytes) (ASCII
numeric)
e Cryptogram Version Number (2 bytes)
(ASCII hexadecimal)
e Card Verification Results (CVR) (8
bytes) (ASCII hexadecimal)
Maximum Total PDS Data length 84
The total length of Field 055 is 151 bytes, calculated as follows:
Field 055 Data Element Length 3
PDS Tags 40
PDS Lengths 24
PDS Data 84
Total 151
Created on 27-Aug-2010
© Post Office™ 2004-2010
END OF DOCUMENT
Version 5.0
APPROVED
Page 51 of 52