AMEX Merchant/Acquirer Specs Are Online
American Express is another card-issuing and/or gateway organization that puts its ISO8583 spec online. I suggest you grab a copy. Look for it here: http://www.americanexpress.com/merchantspecs. The AMEX spec is a good reference in terms of being able to review and study a well-tested, widely-used spec which is inherently multi-national. There are a lot of good practices in there that you can adapt for your own usage. It's also a good idea to start assembling a repository of different specs for your reference. Speaking from experience, I know I can address a lot of the questions that appear on the jPOS.org mailing lists** by being able to reference our spec repository to see how major players like AMEX have addressed a particular issue.
My direct experience working with American Express is that the people you deal with in certifications and testing are top-notch. It's a pleasure to work with people who really seem to understand the task at hand, as opposed to being just professional project managers who really don't understand the underlying task. The Amex crew in Phoenix has always impressed me as having the best team in the payment industry in that regard.
Amex has entitled its auth spec “Global
Credit Authorization Guide (v3.1).” The v3.x-level
designation is notable because it is the version level that lays out a series
of small enhancements related to Amex’s Card Acceptance Processing Network
(‘CAPN’) initiative, which are:
Additional point of sale security – See Amex spec ISO Field 53
regarding the option of passing the key-entered, four-digit ‘CID’ (from face of card) if card
number itself is manually entered. [Implementing this change would require store system changes
and special certification from Amex.]
The Amex Spec discusses how this field ties into subsequent
data capture effort:
“The value in this field must be retained by the merchant’s system and returned to American Express in the (transaction detail) financial settlement records that correspond to this authorization response.”
** The jPOS mailing lists are:
jpos-dev@yahoogroups.com (the developers' mailing list)
jpos-users@googlegroups.com (the users' mailing list)
Love the spec references, post any other interesting ones that you have that are publicly available.
Posted by: Anthony Schexnaildre | Wednesday, March 22, 2006 at 00:39
Hi,
TLV means tag, length, value. It comes from ASN.1 BER-TLV a telecom spec from ITU-T (see http://en.wikipedia.org/wiki/Basic_encoding_rules). It is widely adopted in EMV and some iso8583 like the one we have in Italy (see http://www.cogeban.it/ufficiotecnico/inside.asp?id=25&show=14&id_ramo=8) the specs are free to download after registration. Unfortunately the are in Italian :) Interesting thing is they are based on iso8583 for the terminal - payment gatewya interface and on iso 8583 87 for the gateway to acquirer interface.
Cheers
Mirco
Posted by: Mirco | Friday, October 24, 2008 at 00:52