Authorization Manual

27 November 2013
Notices
Following are policies pertaining to proprietary rights, trademarks, translations, and details about
the availability of additional information online.

Proprietary Rights

The information contained in this document is proprietary and confidential to MasterCard International
Incorporated, one or more of its affiliated entities (collectively “MasterCard”), or both.
This material may not be duplicated, published, or disclosed, in whole or in part, without the prior
written permission of MasterCard.
Trademarks

Trademark notices and symbols used in this document reflect the registration status of MasterCard
trademarks in the United States. Please consult with the Customer Operations Services team or the
MasterCard Law Department for the registration status of particular product, program, or service names
outside the United States.
All third-party product and service names are trademarks or registered trademarks of their respective
owners.
Disclaimer

MasterCard makes no representations or warranties of any kind, express or implied, with respect to
the contents of this document. Without limitation, MasterCard specifically disclaims all representations
and warranties with respect to this document and any intellectual property rights subsisting therein or
any part thereof, including but not limited to any and all implied warranties of title, non-infringement,
or suitability for any purpose (whether or not MasterCard has been advised, has reason to know, or is
otherwise in fact aware of any information) or achievement of any particular result. Without limitation,
MasterCard specifically disclaims all representations and warranties that any practice or implementation of
this document will not infringe any third party patents, copyrights, trade secrets or other rights.
Translation

A translation of any MasterCard manual, bulletin, release, or other MasterCard document into a language
other than English is intended solely as a convenience to MasterCard customers. MasterCard provides any
translated document to its customers “AS IS” and makes no representations or warranties of any kind
with respect to the translated document, including, but not limited to, its accuracy or reliability. In no
event shall MasterCard be liable for any damages resulting from reliance on any translated document.
The English version of any MasterCard document will take precedence over any translated version in
any legal proceeding.
Information Available Online

MasterCard provides details about the standards used for this document—including times expressed,
language use, and contact information—on the Publications Support page available on MasterCard
Connect™. Go to Publications Support for centralized information.

©1983–2013 MasterCard. Proprietary. All rights reserved.

AP 27 November 2013 • Authorization Manual

Summary of Changes, 27 November 2013
This document reflects changes associated with Release 13.Q4.

Description of Change Where to Look

Chapter 4 Acquirer and Issuer Responsibilities

Updated Acquirer Responsibilities to incorporate the following changes:

Updated the Support Multiple Authorization Processing for Travel & Support Multiple
Entertainment Merchant to specify that acquirers globally must begin Authorization Processing
providing new data in incremental authorization messages for T&E for Travel & Entertainment
transactions. Merchants

Added information about supporting preauthorization and final Support Preauthorization

authorization transactions. and Final Authorization
Transactions

Updated Issuer Responsibilities to include the following changes:

Updated the Support Multiple Authorizations from Travel & Entertainment Support Multiple
Merchants to specify that issuers processing T&E transactions through Authorizations from Travel &
the Dual Message System must support DE 48 (Additional Data—Private Entertainment Merchants
Use), subelement 63 (Trace ID) in the Authorization Request/0100,
Authorization Advice/0120—Acquirer-generated, and Authorization
Advice/0120—System-generated messages.

Added information about supporting identification of final authorizations. Support Identification of Final
Authorizations
Chapter 5 Online Authorization Messages

Updated the Routing Timers Values topic to provide an explanation about Routing Timer Values
the difference between MasterCard Credit-POS and MasterCard POS-PIN
for Credit.

Added information about the Authorization Reversal Mandate in the Authorization Reversal
Europe Region. Mandate in the Europe
Region
Chapter 7 Setting Stand-In Parameters

Updated the How to Complete this Section topic in the Expanded How to Complete this Section
Parameter Combinations section to clarify that you cannot expand
parameter limits of the specific home country for that particular bank
identification number (BIN); however, all other individual countries can
be used.
Chapter 9 Authorization Services Details

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 1
Description of Change Where to Look

Updated Account Status Inquiry Service section to support the following Purchase Account Status
changes: Inquiry
• Included a Purchase Account Status Inquiry Service topic. This Payment Account Status
information was previously provided in the Account Status Inquiry Inquiry
Service. Product Inquiry Service
• Added a new Payment Account Status Inquiry Service topic in the
Account Status Inquiry Service section.
• Updated the Product Inquiry service topic to specify that issuers
can also respond to these transactions with value 00 (Approved or
completed successfully).

Updated the AVS Process in the Address Verification Service section to AVS Process
clarify that when submitting AVS requests, the Authorization Request/0100
message should always contain DE 120, subfield 01 (AVS Service Indicator
1).
Added information about Authorization and Preauthorization Standards Authorization and
for Europe Region. In addition, information about authorization and Preauthorization Processing
preauthorization processing is included. Standards for Europe Region
Authorization and
Preauthorization Processing

In the Gaming Transaction Processing section, updated the Internet Internet Gambling
Gambling Transactions in the U.S. Region topic to include non-sports Transactions in the U.S.
intrastate Internet gambling transactions. Region

Updated the Maestro Preauthorized Transaction Processing section to Maestro Preauthorized

include changes to processing preauthorizations. Transaction Processing

Updated the M/Chip Advance section to clarify that MasterCard® M/Chip™ M/Chip Advance
Advance supports new third-party transit, loyalty, voucher programs, and
ticketing (for example, music concerts, cinema, theatre, or sports events).

Added information about the new MasterCard Digital Enablement Service. MasterCard Digital
Enablement Service

Updated the following information about MasterCard transit transactions to Post-authorized Aggregated
support transit agencies globally that are migrating to open-loop payments: PayPass Transit Transactions
• Post-authorized Aggregated PayPass Transit Transactions Post-authorized Aggregated
Maestro PayPass Transit
• Post-authorized Aggregated Maestro PayPass Transit Transactions Transactions
• Aggregated Transit Transactions Criteria Aggregated Transit
Transactions Criteria
• Differences Between Post-authorized Aggregated and
Authorized-aggregated Split Clearing Transit Transaction Rules Differences Between
Post-authorized Aggregated
and Authorized-aggregated
Split Clearing Transit
Transaction Rules

Updated the Travel & Entertainment—Incremental Authorizations section Travel & Entertainment—In-
to include information about the extended payment guarantee for issuers cremental Authorizations
in the Europe region.

©1983–2013 MasterCard. Proprietary. All rights reserved.

2 27 November 2013 • Authorization Manual
 Description of Change Where to Look

Removed information about the Private Label Merchant Verification service Private Label Transaction
and the Co-brand Proprietary Transaction Management Service from the Processing
Private Label Transaction Processing section.

Renamed the “MasterCard-acquired Visa Transactions section” to “Visa Indicators

Transaction Processing.” In addition, updated the Mail/Telephone or Visa Product ID
Electronic Commerce Indicator table and Visa Product ID topic to reflect
recent changes.
Chapter 10 Reports

Updated report sample and field descriptions for the Authorization Authorization Parameter
Parameter Summary Report (SI737010-AA) to include the new MasterCard Summary Report
Digital Enablement Service Participation indicator and remove Merchant (SI737010-AA)
Verification Service (Private Label) field name and description from the
Global Parameters section.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 3
Table of Contents

Chapter 1 System Overview ................................................................ 1-i

About the MasterCard Authorization Platform ......................................................................... 1-1
MIP .................................................................................................................................... 1-2
MasterCard Network .......................................................................................................... 1-2
Acquirer Interfaces............................................................................................................. 1-2
Issuer Interfaces................................................................................................................. 1-2
Stand-In System Processing ............................................................................................... 1-3
Gateways ........................................................................................................................... 1-3
Features of the Platform........................................................................................................... 1-3
Access to All Customers 24 Hours a Day, 365 Days a Year ............................................... 1-4
Fast and Cost Effective Authorization Processing .............................................................. 1-4
Interfaces to Support Non-MasterCard Card Processing .................................................... 1-4
Backup to Primary Routing and Authorizing Paths............................................................ 1-5
Currency Conversion Processing ....................................................................................... 1-5
Support of Security Functions............................................................................................ 1-5
Reporting ........................................................................................................................... 1-9
EMV Chip Card Technology .................................................................................................... 1-9
Related Information ............................................................................................................... 1-10

Chapter 2 Basic Authorization Concepts............................................. 2-i

Participants in Authorization Processing.................................................................................. 2-1
Other Participants .............................................................................................................. 2-2
Accessing the Authorization Platform ...................................................................................... 2-4
Acquirer Methods .............................................................................................................. 2-4
Issuer Methods................................................................................................................... 2-5
Authorization Responses.......................................................................................................... 2-7
Limit-1 Processing .................................................................................................................... 2-8
Limit-1 Limits ..................................................................................................................... 2-9
“Nth” Transaction............................................................................................................. 2-10
Stand-In System Tests ...................................................................................................... 2-10
Limit-1 Processing Flow ................................................................................................... 2-10
Limit-1 Processing Results................................................................................................ 2-11
X-Code Processing................................................................................................................. 2-12
Acquirer Host X-Code Processing.................................................................................... 2-12
Acquirer MIP X-Code Processing ..................................................................................... 2-13

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 i
Table of Contents

X-Code Processing of Non-MasterCard Card Programs ......................................................... 2-18

Chapter 3 MasterCard Authorization Message Flows ....................... 3-i

Basic Authorization Flow ......................................................................................................... 3-1
Variations on the Basic Authorization Flow for MasterCard Cards........................................... 3-2
Authorization Processing Occurs at the Acquirer MIP ....................................................... 3-2
Issuer Is Online but the Transaction Cannot Follow the Primary Path .............................. 3-3
Issuer is a CAPS Issuer....................................................................................................... 3-7

Chapter 4 Acquirer and Issuer Responsibilities .................................. 4-i

Acquirer Responsibilities.......................................................................................................... 4-1
Processing Authorization Requests .................................................................................... 4-1
Assisting in Investigation of Counterfeits and Criminal Cases.......................................... 4-10
Billing .............................................................................................................................. 4-11
Issuer Responsibilities............................................................................................................ 4-11
Encoding and Validating the CVC 1 Value ....................................................................... 4-12
Encoding and Validating the Chip CVC ........................................................................... 4-12
Imprinting and Validating the CVC 2 Value ..................................................................... 4-12
Personalizing and Validating the CVC 3 Value................................................................. 4-13
Generating and Validating Accountholder Authentication Value ..................................... 4-13
Issuing and Validating PIN Data ...................................................................................... 4-13
Validating the ARQC and Generating the ARPC .............................................................. 4-14
Processing Authorization Requests .................................................................................. 4-14
Supporting Point-of-Sale Balance Inquiries...................................................................... 4-19
Call Referral Responses.................................................................................................... 4-19
File Maintenance.............................................................................................................. 4-20
Billing .............................................................................................................................. 4-21

Chapter 5 Online Authorization Messages......................................... 5-i

Message Types......................................................................................................................... 5-1
Authorization Data Accuracy Initiative Mandate ...................................................................... 5-2
Using Authorization Messages ................................................................................................. 5-3
Routing Timer Values......................................................................................................... 5-4
Processing Authorization Transactions..................................................................................... 5-5
Authorization Request/0100 and Authorization Request Response/0110 Messages ........... 5-5
Authorization Advice/0120 and Authorization Advice Response/0130 Messages .............. 5-5
Acquirer Response Acknowledgement/0180 Messages.................................................... 5-12
Authorization Response Negative Acknowledgement/0190 Messages ............................. 5-13

©1983–2013 MasterCard. Proprietary. All rights reserved.

ii 27 November 2013 • Authorization Manual
 Table of Contents

Processing Issuer File Update Messages ................................................................................ 5-14

Processing Reversal Request/Advice Messages ...................................................................... 5-14
Reversal Request/0400 and Reversal Request Response/0410 Messages ......................... 5-15
Reversal Advice/0420 and Reversal Advice Response/0430 Messages............................. 5-16
Authorization Reversal Mandate in the U.S. Region......................................................... 5-17
Authorization Reversal Mandate in the Europe Region ................................................... 5-18
Processing Administrative Request/Advice Messages ............................................................ 5-18
Administrative Request/0600 and Administrative Request Response/0610
Messages.......................................................................................................................... 5-18
Administrative Advice/0620 and Administrative Advice Response/0630 Messages........... 5-21
Using Network Management Request Messages .................................................................... 5-23
Standard Network Management/08xx Messages .............................................................. 5-23
Authorization Sign In/Sign Out ....................................................................................... 5-24
Session Management........................................................................................................ 5-25
Store-and-Forward (SAF) Message Retrieval (Issuers)...................................................... 5-28
RiskFinder Sign In/Sign Out by Prefix and RiskFinder SAF Retrieval (Issuers)................ 5-28
Dynamic PIN Encryption Key (PEK) Exchange ............................................................... 5-29

Chapter 6 Stand-In Processing ............................................................. 6-i

Stand-In Processing Service ..................................................................................................... 6-1
How Stand-In Processing Works.............................................................................................. 6-2
Range Blocks ..................................................................................................................... 6-3
Account Listings................................................................................................................. 6-3
Stand-In Processing Parameters ......................................................................................... 6-3
Stand-In Processing Security Services ................................................................................ 6-4
Decision Matrix.................................................................................................................. 6-4
Stand-In Tests .......................................................................................................................... 6-5
Range Blocks Test.............................................................................................................. 6-6
Stand-In Account File Test ................................................................................................. 6-7
Expiration Date Test .......................................................................................................... 6-7
M/Chip Cryptogram Validation Test................................................................................... 6-7
PIN Verification Test .......................................................................................................... 6-8
CVC 1 Test ......................................................................................................................... 6-9
CVC 3 Test ......................................................................................................................... 6-9
AAV Verification Test........................................................................................................ 6-10
Merchant Suspicious Test................................................................................................. 6-10
Transaction Limits Test..................................................................................................... 6-10
Accumulative Limits Test ................................................................................................. 6-16

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 iii
Table of Contents

Cash Disbursement Accumulator Test ............................................................................. 6-17

Stand-In Response ........................................................................................................... 6-17
Exceptions and Additions to the Stand-In Process................................................................. 6-17
Online Transactions ......................................................................................................... 6-18
Premium Listings.............................................................................................................. 6-18
CAPS Accounts ................................................................................................................ 6-18
Purchase with Cash Back Transactions............................................................................ 6-19
Card Level Support ................................................................................................................ 6-20
Card Validation Code 1 Verification in Stand-In Processing................................................... 6-20
Stand-In Investigation Service................................................................................................ 6-22
SIS Attack......................................................................................................................... 6-23
SIS Warning ..................................................................................................................... 6-24
SIS Monitoring ................................................................................................................. 6-25
Fees ................................................................................................................................. 6-25
Action Required ............................................................................................................... 6-25
Stand-In Investigation Service BIN Blocking ......................................................................... 6-26

Chapter 7 Setting Stand-In Parameters............................................... 7-i

Establishing Parameters ........................................................................................................... 7-1
To Complete the Worksheet .............................................................................................. 7-1
Default Values.................................................................................................................... 7-2
On Every Page................................................................................................................... 7-2
When Changes are Effective .............................................................................................. 7-3
New or Existing Account Ranges............................................................................................. 7-3
Brand Product Categories ........................................................................................................ 7-3
Important Dates ....................................................................................................................... 7-3
Telephone Numbers ................................................................................................................ 7-4
How to Complete this Section ........................................................................................... 7-4
How MasterCard Uses this Information ............................................................................. 7-4
Hours of Operation for Call Referral Center ............................................................................ 7-4
How to Complete this Section ........................................................................................... 7-5
How Stand-In Processing Uses this Information................................................................ 7-8
Noncompliance Assessments ............................................................................................. 7-8
Holidays for Call Referral Center ............................................................................................. 7-8
Transaction Category Code Global Parameters........................................................................ 7-9
How to Complete this Section ......................................................................................... 7-10
How Stand-In Processing Uses this Information.............................................................. 7-10

©1983–2013 MasterCard. Proprietary. All rights reserved.

iv 27 November 2013 • Authorization Manual
 Table of Contents

Country Level Authorization Service...................................................................................... 7-11

Transaction Category Code Local Use Parameters ................................................................. 7-11
How to Complete this Section ......................................................................................... 7-12
How Stand-In Processing Uses this Information.............................................................. 7-12
Accumulative Limits ............................................................................................................... 7-13
How to Complete this Section ......................................................................................... 7-13
How Stand-In Processing Uses this Information.............................................................. 7-14
Decision Matrix...................................................................................................................... 7-15
How to Complete this Section ......................................................................................... 7-15
How Stand-In Processing Uses this Information.............................................................. 7-16
Premium Listings.................................................................................................................... 7-16
How to Complete this Section ......................................................................................... 7-17
How Stand-In Processing Uses this Information.............................................................. 7-18
Range Blocking...................................................................................................................... 7-18
How to Complete this Section ......................................................................................... 7-18
How On–behalf Processing Uses this Information .......................................................... 7-19
Expanded Parameter Combinations....................................................................................... 7-19
How to Complete this Section ......................................................................................... 7-19
How Stand-In Processing Uses this Information.............................................................. 7-21
Stand-In Processing Options for Purchase with Cash Back ................................................... 7-21
Limit-1 Processing .................................................................................................................. 7-22
Customer Specific Index (CSI) Parameters for Product Graduation....................................... 7-23
How to Complete This Section ........................................................................................ 7-23
How Stand-In Processing Uses this Information.............................................................. 7-25
Accumulative Customer Specific Index (CSI) Limits for Product Graduation......................... 7-25
How to Complete this Section ......................................................................................... 7-26
How Stand-In Processing Uses this Information.............................................................. 7-27
Store-and-Forward Delivery Parameters ................................................................................ 7-27
How to Complete this Section ......................................................................................... 7-28
How Stand-In Processing Uses this Information.............................................................. 7-28

Chapter 8 Central Authorization Processing Service ......................... 8-i

About CAPS ............................................................................................................................. 8-1
Who Are CAPS Customers? ................................................................................................ 8-1
How Do CAPS Customers Send Account Data to MasterCard? .......................................... 8-1
How Do CAPS Customers Update CAPS Parameters? ........................................................ 8-1
What Data Does MasterCard Provide for Customers? ........................................................ 8-2

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 v
Table of Contents

CAPS Features.......................................................................................................................... 8-2

CAPS Account File Maintenance Overview.............................................................................. 8-3
Effective Dates ................................................................................................................... 8-4
Purge Dates ....................................................................................................................... 8-4
Interface with Stand-In ...................................................................................................... 8-4
Online, MasterCard eService, and Manual File Maintenance ................................................... 8-4
Bulk File Maintenance ............................................................................................................. 8-4
Procedures ......................................................................................................................... 8-5
AMS File Updates Header Record...................................................................................... 8-5
AMS File Updates Trailer Record ....................................................................................... 8-6

Chapter 9 Authorization Services Details ........................................... 9-i

Account Balance Response ...................................................................................................... 9-1
Account Level Management..................................................................................................... 9-2
Account Management System .................................................................................................. 9-3
Stand-In Account File......................................................................................................... 9-3
Electronic Warning Bulletin File ........................................................................................ 9-4
Local Stoplist File ............................................................................................................... 9-4
Recurring Payment Cancellation Service File ..................................................................... 9-4
PAN Mapping File .............................................................................................................. 9-4
MasterCard Enhanced Value File ....................................................................................... 9-5
MasterCard Product Graduation File.................................................................................. 9-5
MasterCard High Value ...................................................................................................... 9-6
PayPass Application Transaction Counter File................................................................... 9-6
Blocking Ranges of Accounts ............................................................................................ 9-6
For More Information ........................................................................................................ 9-7
Account Status Inquiry Service ................................................................................................ 9-7
Purchase Account Status Inquiry ....................................................................................... 9-7
Payment Account Status Inquiry ........................................................................................ 9-9
Product Inquiry Service ................................................................................................... 9-11
Address Verification Service................................................................................................... 9-12
Participation Requirements .............................................................................................. 9-12
Indicating AVS Participation During Sign-in..................................................................... 9-13
AVS Process ..................................................................................................................... 9-13
Address Key..................................................................................................................... 9-14
Issuer Procedures............................................................................................................. 9-17
For More Information ...................................................................................................... 9-17

©1983–2013 MasterCard. Proprietary. All rights reserved.

vi 27 November 2013 • Authorization Manual
 Table of Contents

ATM Bill Payment Service...................................................................................................... 9-18

ATM Credit Card Cash Advance in Installments..................................................................... 9-20
Credit Card Cash Advance Installment Payment Transaction Processing......................... 9-21
Alternate Processing ........................................................................................................ 9-22
To Participate................................................................................................................... 9-22
For More Information ...................................................................................................... 9-22
Authorization and Preauthorization Processing Standards for Europe Region....................... 9-22
Authorization and Preauthorization Processing ............................................................... 9-26
Balance Inquiries ................................................................................................................... 9-30
ATM and Point-of-Sale Terminal Balance Inquiries.......................................................... 9-30
Short Message Service Balance Inquiry Service ............................................................... 9-32
Mobile Remote Payments Balance Inquiries .................................................................... 9-33
Cardholder-Activated Terminals............................................................................................. 9-33
Automated Fuel Dispensers ............................................................................................. 9-33
IFC Blocked Gaming File................................................................................................. 9-34
Card Validation Code 2 Verification ....................................................................................... 9-35
CVC 2............................................................................................................................... 9-35
Conditions for CVC 2 Verification .................................................................................... 9-35
Participation Requirements .............................................................................................. 9-35
Card Validation Code 3 (CVC 3) Verification ......................................................................... 9-37
CVC 3............................................................................................................................... 9-37
CVC 3 On-behalf Services................................................................................................ 9-37
Optional Non–valid CVC 3 Processing ............................................................................ 9-39
PayPass Application Transaction Counter (ATC) File (MCC109)...................................... 9-39
Alternate Processing ........................................................................................................ 9-41
Authorization Reports ...................................................................................................... 9-41
To Participate................................................................................................................... 9-41
For More Information ...................................................................................................... 9-42
Card Validation Code Verification for Emergency Card Replacements................................... 9-42
Cirrus and Maestro Transaction Processing............................................................................ 9-42
Country Level Authorization .................................................................................................. 9-44
Currency Conversion Processing ........................................................................................... 9-45
Currency Conversion Rates.............................................................................................. 9-46
Currency Conversion Calculation..................................................................................... 9-46
Amount-related Data Element Usage ............................................................................... 9-46
Currency Conversion Form.............................................................................................. 9-51
For More Information ...................................................................................................... 9-51

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 vii
Table of Contents

Electronic Commerce............................................................................................................. 9-51

Process for an Electronic Commerce Transaction ............................................................ 9-52
Security of Electronic Commerce Transactions ................................................................ 9-52
Universal Cardholder Authentication Field ...................................................................... 9-52
MasterCard SecureCode ................................................................................................... 9-54
MasterCard and Maestro Advance Registration Programs ................................................ 9-55
MasterCard Utility Payment Program ............................................................................... 9-56
E-Commerce Fraud Alerts for Issuers............................................................................... 9-58
Comparison of Security Protocols.................................................................................... 9-59
Expert Monitoring Solutions Hosted by MasterCard .............................................................. 9-60
Expert Monitoring Compromised Account Service .......................................................... 9-60
Expert Monitoring Real-time Fraud Scoring and Fraud Rule Manager Services ............... 9-63
Expert Monitoring Real-time Fraud Scoring Service for Merchants .................................. 9-64
Expired Card Override........................................................................................................... 9-66
System Definition of an Expired Card ............................................................................. 9-66
Expired Card Tests........................................................................................................... 9-67
Fleet Card Transactions.......................................................................................................... 9-70
Gambling Transaction Processing .......................................................................................... 9-72
Internet Gambling Transactions in the U.S. Region ......................................................... 9-72
Gaming Payment Transaction Processing in the Europe Region ..................................... 9-73
Global Automated Referral Service ........................................................................................ 9-74
Benefits............................................................................................................................ 9-74
GARS Process................................................................................................................... 9-75
Acquirer Use of GARS...................................................................................................... 9-77
Issuer Use of GARS.......................................................................................................... 9-80
Monitoring Call Referral Activity ...................................................................................... 9-82
Requesting GARS or Changing GARS Parameters ............................................................ 9-83
M/Chip Processing Services ................................................................................................... 9-83
Chip to Magnetic Stripe Conversion ................................................................................ 9-84
U.S. Chip-Enabled Travel Card Program .......................................................................... 9-85
M/Chip Cryptogram Pre-validation Service...................................................................... 9-86
Combined Service Option................................................................................................ 9-87
M/Chip Cryptogram Validation in Stand-In Processing .................................................... 9-87
M/Chip Advance .............................................................................................................. 9-87
Maestro Preauthorized Transaction Processing ...................................................................... 9-88
MasterCard ATM Network...................................................................................................... 9-90
Data Security.................................................................................................................... 9-91

©1983–2013 MasterCard. Proprietary. All rights reserved.

viii 27 November 2013 • Authorization Manual
 Table of Contents

Global ATM Locator......................................................................................................... 9-91

Location Administration Tool .......................................................................................... 9-91
Benefits............................................................................................................................ 9-92
Supported Transactions ................................................................................................... 9-92
Restrict Cash Access and ATM Balance Inquiry Transactions .......................................... 9-93
Interfaces to the MasterCard ATM Network ..................................................................... 9-93
ATM Processing for Europe Region Acquirers ................................................................. 9-95
MasterCard Hosted Mobile Phone Top-up ATM Transactions.......................................... 9-96
MasterCard Digital Enablement Service ................................................................................. 9-97
How It Works .................................................................................................................. 9-98
Authorization Processing Flow ........................................................................................ 9-98
MasterCard Digital Enablement Service Chip Pre-Validation or Dynamic CVC 3
Pre-Validation Failure......................................................................................................9-100
MasterCard Digital Enablement Service PAN Mapping Failure........................................9-102
Authorization Reports .....................................................................................................9-103
For More Information .....................................................................................................9-103
MasterCard inControl Services ..............................................................................................9-104
MasterCard inControl Purchase Controls ........................................................................9-104
MasterCard inControl Real Card Spend Control Services ................................................9-108
MasterCard inControl Virtual Card Mapping and Spend Control Service........................9-111
MasterCard MoneySend.........................................................................................................9-113
MasterCard MoneySend Funding Transactions................................................................9-114
MasterCard MoneySend Payment Transactions ...............................................................9-114
To Participate..................................................................................................................9-116
For More Information .....................................................................................................9-116
MasterCard PayPass Mapping Service...................................................................................9-117
PayPass Mapping Service Description ............................................................................9-117
PayPass Mapping Service Availability .............................................................................9-118
PayPass Mapping Service Components ..........................................................................9-118
Alternate Processing .......................................................................................................9-121
Authorization Reports .....................................................................................................9-122
For More Information .....................................................................................................9-122
MasterCard Payment Gateway ..............................................................................................9-122
MasterCard Pay with Rewards Service ..................................................................................9-124
MasterCard Transit Transactions ...........................................................................................9-126
Pre-funded Transit Transactions......................................................................................9-126
Real-time Authorized Transit Transactions ......................................................................9-127

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 ix
Table of Contents

Post-authorized Aggregated PayPass Transit Transactions..............................................9-127

Authorized-aggregated Split Clearing Transactions .........................................................9-127
Post-authorized Aggregated Maestro PayPass Transit Transactions ................................9-128
Aggregated Transit Transactions Criteria.........................................................................9-129
Differences Between Post-authorized Aggregated and Authorized-aggregated Split
Clearing Transit Transaction Rules ..................................................................................9-131
ATC Update Request.......................................................................................................9-132
Transit Debt Recovery Transactions................................................................................9-132
Support for U.K. Transit Transactions .............................................................................9-133
PAN-Association Requirements for Transit ......................................................................9-134
MasterPass Transactions........................................................................................................9-134
Member-defined Data ...........................................................................................................9-135
Merchant Advice Codes ........................................................................................................9-136
DE 48, Subelement 84 Values .........................................................................................9-136
Common DE 39 Values ...................................................................................................9-137
DE 48, Subelement 84 with DE 39..................................................................................9-137
Mobile Remote Payments .....................................................................................................9-138
Partial Approvals...................................................................................................................9-140
Payment Transactions ...........................................................................................................9-142
Payment Transaction Mandate ........................................................................................9-143
Payment Transaction Blocking........................................................................................9-144
Alternate Processing .......................................................................................................9-144
PIN Management Services.....................................................................................................9-145
Chip PIN Management Service .......................................................................................9-146
Magnetic Stripe PIN Management Service.......................................................................9-150
PIN Processing for Non-Europe Region Customers ..............................................................9-152
Acquirer Requirements ...................................................................................................9-152
Issuer Requirements........................................................................................................9-153
Support for Both Acquiring and Issuing Processing .......................................................9-154
Authorization Platform Security Requirements................................................................9-154
PIN Verification...............................................................................................................9-159
PIN Verification in Stand-In Processing...........................................................................9-159
Portfolio Sales Support .........................................................................................................9-161
Full BIN Transfer ............................................................................................................9-161
Partial BIN Transfer.........................................................................................................9-162
Fees ................................................................................................................................9-162
Private Label Transaction Processing ....................................................................................9-163

©1983–2013 MasterCard. Proprietary. All rights reserved.

x 27 November 2013 • Authorization Manual
 Table of Contents

Private Label Processing .................................................................................................9-163

Private Label Account Range Registration.......................................................................9-164
Activation and Initial Load of Private Label Prepaid Cards .............................................9-165
For More Information .....................................................................................................9-166
Private Label Non-Financial Service......................................................................................9-167
Promotion Code....................................................................................................................9-167
Proximity Payments ..............................................................................................................9-168
Purchase of Goods or Services with Cash Back Transactions...............................................9-169
“Purchase Amount Only” Approval Response Code.......................................................9-169
Alternate Processing .......................................................................................................9-170
Reversals of Purchase of Goods or Services with Cash Back Transactions.....................9-170
India Intracountry Cash Back Transactions.....................................................................9-171
South Africa Intracountry Cash Back Transactions .........................................................9-171
For More Information .....................................................................................................9-172
Real-time Substantiation........................................................................................................9-172
Background ....................................................................................................................9-172
Merchant Validation for Real-time Substantiated Transactions ........................................9-173
Merchant Terminal Verification .......................................................................................9-174
Real-time Substantiation Amounts ..................................................................................9-174
Examples ........................................................................................................................9-175
Authorization Reports .....................................................................................................9-177
To Participate..................................................................................................................9-178
For More Information .....................................................................................................9-178
Recurring Payments ..............................................................................................................9-178
Indicating a Recurring Payment ......................................................................................9-178
Recurring Payment Test Transactions .............................................................................9-179
Maestro Recurring Payments Program ............................................................................9-179
Recurring Payment Cancellation Service...............................................................................9-180
RiskFinder .............................................................................................................................9-181
Sweden Domestic Authorization Switching Service ..............................................................9-182
ATM Additional Data ......................................................................................................9-182
Forgotten Card at ATM....................................................................................................9-183
Receipt Free Text ............................................................................................................9-183
Refund Transactions........................................................................................................9-184
Third Party Processor Identification .....................................................................................9-185
Transaction Blocking Services...............................................................................................9-186
Transaction Blocking ......................................................................................................9-186

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 xi
Table of Contents

Transaction Blocking for Inactive BINs ..........................................................................9-189

Transaction Research Request...............................................................................................9-189
About the Transaction Research Tool .............................................................................9-190
About the Transaction Research Request Form ..............................................................9-192
About Fees for Transaction Research Requests...............................................................9-193
Travel & Entertainment—Incremental Authorizations...........................................................9-193
Visa Transaction Processing..................................................................................................9-195
Issuer Options.................................................................................................................9-195
Custom Payment Service Request Transactions ..............................................................9-195
Indicators ........................................................................................................................9-195
Retail Key Entry Program................................................................................................9-197
Secure Electronic Commerce Verification Service ...........................................................9-198
Visa Product ID...............................................................................................................9-198
Visa Commercial Card Inquiry ........................................................................................9-199
Visa Fleet Card................................................................................................................9-199
Visa-Assigned Merchant Verification Value .....................................................................9-199

Chapter 10 Reports ............................................................................... 10-i

Related Reports in Other Manuals ......................................................................................... 10-1
Presentation of Reports.......................................................................................................... 10-1
Report Header Information.................................................................................................... 10-1
Authorization Summary Report (AB505010-AA) .................................................................... 10-2
Report Sample ................................................................................................................. 10-3
Field Descriptions ............................................................................................................ 10-8
Authorization Parameter Summary Report (SI737010-AA) ....................................................10-15
Report Sample ................................................................................................................10-16
Field Descriptions ...........................................................................................................10-19
Transaction Blocking ICA Level Block Summary (SI738010–AA)..........................................10-33
Report Sample ................................................................................................................10-34
Field Descriptions ...........................................................................................................10-34
Authorization Summary by CAT Level Report (SI458010-AA) ...............................................10-36
Report Sample ................................................................................................................10-37
Field Descriptions ...........................................................................................................10-38
Daily Activity Report (SI441010-A)........................................................................................10-40
Report Sample ................................................................................................................10-40
Field Descriptions ...........................................................................................................10-41

©1983–2013 MasterCard. Proprietary. All rights reserved.

xii 27 November 2013 • Authorization Manual
 Table of Contents

Chapter 11 EMV Transactions .............................................................. 11-i

Introduction to Chip Card Technology .................................................................................. 11-1
Transaction Flow ................................................................................................................... 11-1
Online Authorization ....................................................................................................... 11-2
Issuers.................................................................................................................................... 11-4
Full Chip Grade Issuing ................................................................................................... 11-4
Magnetic Stripe Grade Issuing ......................................................................................... 11-5
Acquirers................................................................................................................................ 11-6
X-Code Processing........................................................................................................... 11-6
Acquirer Authorization Below International Floor Limit .................................................. 11-7
Refer to Card Issuer ......................................................................................................... 11-7
Online Reversal Advices .................................................................................................. 11-7
M/Chip Processing Services ................................................................................................... 11-8
Chip to Magnetic Stripe Conversion Service .................................................................... 11-8
M/Chip Cryptogram Pre-validation Service...................................................................... 11-8
Combined Service Option................................................................................................ 11-9
M/Chip Cryptogram Validation in Stand-In Processing .................................................... 11-9
Limit–1 Processing ................................................................................................................11-10
MIP X-Code Processing.........................................................................................................11-10
Impact of Chip Technology on the Network Message..........................................................11-10
DE 22—Point-of-Service [POS] Entry Mode ....................................................................11-10
DE 23—Card Sequence Number.....................................................................................11-11
DE 35 Track 2 Data.........................................................................................................11-11
DE 48—Additional Data—Private Use ............................................................................11-12
DE 55—Integrated Circuit Card [ICC] System-related Data .............................................11-13
DE 61—Point-of-Service [POS] Data ...............................................................................11-16

Chapter 12 PIN Processing for Europe Region Customers ................. 12-i

About PIN Processing for Europe Region Customers ............................................................ 12-1
Static Key Definition ........................................................................................................ 12-1
PIN Block Formats........................................................................................................... 12-1
PIN Validation Services .................................................................................................... 12-1
PIN Translation ...................................................................................................................... 12-3
PIN Validation Processing ...................................................................................................... 12-3
PIN Key Management ............................................................................................................ 12-4
PIN Verification Value (PVV)/PIN Offset on File Service ....................................................... 12-4
Benefits............................................................................................................................ 12-4

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 xiii
Table of Contents

Processing Transactions Using PVV/PIN Offset ............................................................... 12-4

Processing Parameters ..................................................................................................... 12-5
Alternate Processing .............................................................................................................. 12-5
Authorization Reports ............................................................................................................ 12-6
For More Information ............................................................................................................ 12-6

Chapter 13 Transaction Routing Service ............................................. 13-i

About Transaction Routing .................................................................................................... 13-1
Transaction-based Routing Preferences ................................................................................. 13-1
Network Management Request/0800 Message Sign-On/Sign-Off Options............................. 13-3
Primary Route Only Configuration......................................................................................... 13-3
Alternate Issuer Host Routing ................................................................................................ 13-4
Alternate Processing ........................................................................................................ 13-4
Routing Timers ...................................................................................................................... 13-4
For More Information ............................................................................................................ 13-5

Appendix A Non-MasterCard Authorization Message Flows .............. A-i

Authorization Flows for Visa Cards..........................................................................................A-1
Flows for a Peer-to-Peer Visa Issuer—Transaction Does Not Qualify for Visa Custom
Payment Service Request ...................................................................................................A-1
Flows for a Peer-to-Peer Visa Issuer—Transaction Qualifies for Visa Custom Payment
Service Request..................................................................................................................A-3
Flows for a Non–Peer-to-Peer Visa Issuer..........................................................................A-5
Authorization Flows for Non-MasterCard, Non-Visa Cards ......................................................A-7
Primary Path—Direct to Designated Endpoint...................................................................A-7
Secondary Path—X-Code Processing.................................................................................A-8

Appendix B File Layouts ..........................................................................B-i

Daily Payment Acceptance Table File Information .................................................................B-1
PVV/PIN Offset File .................................................................................................................B-2
In-flight Commerce Blocked Gaming File................................................................................B-4

©1983–2013 MasterCard. Proprietary. All rights reserved.

xiv 27 November 2013 • Authorization Manual
Chapter 1 System Overview
This section provides basic information about the MasterCard Authorization Platform: what
it is, what it does, and whom it serves. The section highlights features of the Authorization
Platform that contribute to its flexibility, usefulness, and adaptability to customer needs. It
also directs you to additional sources of information regarding specific topics related to
authorization.

About the MasterCard Authorization Platform ............................................................................... 1-1

MIP .......................................................................................................................................... 1-2
MasterCard Network ................................................................................................................ 1-2
Acquirer Interfaces................................................................................................................... 1-2
Issuer Interfaces....................................................................................................................... 1-2
Stand-In System Processing ..................................................................................................... 1-3
Gateways ................................................................................................................................. 1-3
Features of the Platform................................................................................................................. 1-3
Access to All Customers 24 Hours a Day, 365 Days a Year ..................................................... 1-4
Fast and Cost Effective Authorization Processing .................................................................... 1-4
Interfaces to Support Non-MasterCard Card Processing .......................................................... 1-4
Backup to Primary Routing and Authorizing Paths.................................................................. 1-5
Currency Conversion Processing ............................................................................................. 1-5
Support of Security Functions.................................................................................................. 1-5
Account Management System ............................................................................................ 1-6
Address Verification ........................................................................................................... 1-6
Card Validation Code Verification ...................................................................................... 1-6
Expert Monitoring Solutions Hosted by MasterCard .......................................................... 1-7
Global Automated Referral Service .................................................................................... 1-7
M/Chip Cryptogram Pre-validation .................................................................................... 1-7
M/Chip Cryptogram Validation in Stand-In Processing ...................................................... 1-7
MasterCard PayPass Mapping Service................................................................................ 1-8
MasterCard inControl Mapping Service.............................................................................. 1-8
MasterCard SecureCode AAV Verification........................................................................... 1-8
MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing ....................... 1-8
PIN Verification.................................................................................................................. 1-8
RiskFinder .......................................................................................................................... 1-8
Reporting ................................................................................................................................. 1-9
EMV Chip Card Technology .......................................................................................................... 1-9
Related Information ..................................................................................................................... 1-10

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 1-i
 System Overview
About the MasterCard Authorization Platform

About the MasterCard Authorization Platform

The MasterCard Authorization Platform is an international message processing
system that serves all MasterCard principals, affiliates, and associations: large
and small, automated and non-automated. The Authorization Platform transmits
authorization validation data among issuers, acquirers, and points of interaction.

The Authorization Platform refers to both hardware (the physical

communications lines of the MasterCard Network and MasterCard interface
processors [MIPs]) and software (the MasterCard Network authorization
application).
NOTE
Throughout this manual, functional references to ”online” indicate an acquirer
or issuer that is directly connected to a MasterCard MIP, and does not imply any
web-based or Internet connotation.

MasterCard Network Components

This diagram illustrates the MasterCard Network components and interfaces.

NOTE
MasterCard reserves the right to record, store, and use all data transmitted via
the MasterCard Authorization Platform in online electronic transactions, subject
to MasterCard privacy and security compliance policies and applicable laws and
regulations, without further notice.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 1-1
System Overview
About the MasterCard Authorization Platform

MIP
The MasterCard interface processor (MIP) is a front-end communications
processor placed on-site at a MasterCard customer’s facility or at a processor or
hub site. The MIP provides access to the MasterCard Network.

MIPs provide access to all MasterCard electronic funds transfer (EFT) products
and to a wide variety of other EFT services via MasterCard gateways. MIP
software supports issuing and acquiring functions, including routing MasterCard
transactions to issuers, acquirers, and Stand-In System processing and switching
non-MasterCard transactions to appropriate destinations via the gateways.

MasterCard is the sole and exclusive owner of the MIP and all MIP components,
including all hardware, software, systems, and documentation placed by
MasterCard at a customer’s facility or other customer-designated location.

A customer may apply for use of a MIP by submitting a written request to

MasterCard. If approved, effective as of the placement of the MIP at the
facility identified by the customer, the customer is granted a non-exclusive,
non-assignable license to use the MIP.

MasterCard Network
The MasterCard Network is the telecommunications and data transport
mechanism that facilitates the routing and processing of financial transactions.
The network links all MasterCard customers and data processing centers into a
single online financial network.

Acquirer Interfaces
Most acquirers access the MasterCard Authorization Platform via the online
method, through connectivity between the acquirer host and a MIP.

MasterCard offers other interfaces to acquirers that do not have online

connectivity. MasterCard converts messages sent through these other interfaces
into online messages.

Issuer Interfaces
Most issuers access the MasterCard Authorization Platform online, through
connectivity between the issuer host and a MIP.

MasterCard also performs authorization processing on behalf of issuers that do

not have online connectivity, through the Central Authorization Processing
Service (CAPS).

©1983–2013 MasterCard. Proprietary. All rights reserved.

1-2 27 November 2013 • Authorization Manual
 System Overview
Features of the Platform

Stand-In System Processing

The Stand-In host contains the issuer information necessary to perform
authorization processing for online issuers that are unavailable or that cannot
be reached, and for all CAPS customers.

The Stand-In System also performs the following functions:

• Processes file maintenance to the Stand-In Account File, Electronic Warning

Bulletin, or Local Stoplist
• Processes network management messages for online customers
• Generates Authorization Advice/0120 (store-and-forward) messages to
advise online issuers of authorizations processed on their behalf

Gateways
The MasterCard Network authorization application has interfaces called
gateways that permit processing between the MasterCard Network and other
networks.

Authorization Gateways

The following diagram illustrates MasterCard Network gateways.

Features of the Platform

To support customers, MasterCard developed and continues to enhance features
of the Authorization Platform to meet customers’ current and future needs.

The Authorization Platform provides the following features:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 1-3
System Overview
Features of the Platform

• Access to all customers 24 hours a day, 365 days a year

• Fast and cost-effective authorization processing
• Interfaces to support non−MasterCard card processing
• Backup to primary routing and authorizing paths
• Multiple currency conversion capability
• Support of security functions
• Reporting

Access to All Customers 24 Hours a Day, 365 Days a Year

The MasterCard Authorization Platform operates on a continuous basis, ensuring
that cardholders can use a MasterCard card program anytime and that acquirers
and issuers always have access to MasterCard authorization processing facilities.

Fast and Cost Effective Authorization Processing

The structure of the MasterCard Network enhances fast and cost-effective
processing by allowing transactions to travel the shortest route to their
destinations.

The network’s design consists of redundant paths guaranteeing that there are
always two or more paths to a given destination. If for some reason part of
the network is down, this multiple routing structure of the MasterCard Network
allows the transaction to continue to travel the next shortest route, eliminating
congestion on the network.

Interfaces to Support Non-MasterCard Card Processing

The Authorization Platform supports MasterCard card products and
non-MasterCard card products. Acquirers, therefore, can process a wide variety
of card brands via their access to the MasterCard Network.

In addition to MasterCard products, the Authorization Platform supports

processing of the following types of cards:

• American Express
• Diners Club
• Discover
• JCB
• Private label cards
• Proprietary cards
• Visa

©1983–2013 MasterCard. Proprietary. All rights reserved.

1-4 27 November 2013 • Authorization Manual
 System Overview
Features of the Platform

Backup to Primary Routing and Authorizing Paths

At times, customers may experience internal communication problems,
scheduled down times, or network problems. The MasterCard Authorization
Platform provides backup authorization alternatives ensuring that an
authorization response occurs for every authorization transaction.

Routing and authorizing alternatives include the following:

• The network routes transactions via multiple paths, decreasing the impact
of trouble spots on the network.
• Stand-In processing uses issuer-established parameters to process
authorization transactions at the St. Louis Operations Center on behalf of
online issuers that are unavailable or cannot be reached.
• X-Code processing processes authorization transactions at the MIP or at the
acquirer’s host for transactions that cannot travel beyond that point.

MasterCard also provides routing and authorization alternatives that customers

select ahead of time to enhance their productivity and the usefulness of the
Authorization Platform to them. These alternatives include the following:

• Limit-1 processing allows issuers to establish parameters by transaction

category, instructing MasterCard to process on behalf of the issuer without
forwarding the transaction.
• Floor limit values allow the merchant to authorize certain transactions at
the point of interaction without requesting authorization from the issuer.
For a list of current floor limit values, see the Quick Reference Booklet.
• Special routing gives issuers the option of having authorization requests
for cards within a particular bank identification number (BIN) range routed
according to the parameters and endpoint established for some other BIN.
For example, after acquiring a portfolio, an issuer can request special
routing to ensure that authorization requests for the cards in the new
portfolio are processed using the Stand-In limits, Limit-1 parameters, and
established endpoint for the issuer’s other BINs.

Currency Conversion Processing

The Authorization Platform automatically provides a currency conversion
service to acquirers and issuers to allow processing of online 01xx authorization
and 04xx reversal transaction messages in the customer’s preferred currency.

Support of Security Functions

In conjunction with authorization processing, MasterCard offers security services
to minimize risk.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 1-5
System Overview
Features of the Platform

• Account Management System (AMS)

• Address Verification Service (AVS)
• Card Validation Code (CVC) verification
• Expert Monitoring Solutions Hosted by MasterCard
• Global Automated Referral Service (GARS)
• M/Chip Cryptogram Pre-validation Service
• M/Chip Cryptogram Validation in Stand-In Processing
• MasterCard® PayPass™ Mapping Service
• MasterCard® inControl Mapping Service
• MasterCard® SecureCode™ Accountholder Authentication Value (AAV)
Verification
• MasterCard® SecureCode™ Dynamic AAV Verification in Stand-In Processing
• Personal Identification Number (PIN) verification
• RiskFinder™

For more information about AMS, see the Account Management System User
Manual. For detailed information about the remaining services listed above,
see “Authorization Services.”

Account Management System

Account Management System (AMS) provides issuers with the ability to
identify and to flag specific accounts that require special handling for services
such as the Electronic Warning Bulletin, PayPass™ Mapping Service, Product
Graduation, and Enhanced Value.

Address Verification
The Address Verification Service (AVS) reduces the risk of non–face-to-face
transactions through validation of the cardholder’s billing address. AVS supports
transmission of address data, allowing the user to compare the billing address
requested for the transaction with the billing address on file for the cardholder.

Card Validation Code Verification

Card Validation Code (CVC) is a card security feature.

CVC 1 is a code algorithmically derived by the issuer and encoded in the

magnetic stripe. This code helps the issuer determine if the card is genuine
or counterfeit.

CVC 2 is a three-digit code algorithmically derived by the issuer and indent

printed on the signature panel to the right of the account number.

©1983–2013 MasterCard. Proprietary. All rights reserved.

1-6 27 November 2013 • Authorization Manual
 System Overview
Features of the Platform

CVC 3 is a code algorithmically derived by a MasterCard® PayPass™ magnetic

stripe profile card or device. This code is used by the issuer to validate the
PayPass card or device that submitted the transaction as genuine. MasterCard
supports validation services for static and dynamic CVC 3.

Chip CVC is a code algorithmically derived by the issuer and encoded in the
Track 2 Equivalent Data field contained in the chip.

CVC 1, CVC 2, and CVC 3 validation services are optional.

Expert Monitoring Solutions Hosted by MasterCard

Expert Monitoring Solutions hosted by MasterCard provide issuers with a
comprehensive suite of fraud solutions designed to detect and prevent
fraudulent transactions and provide U.S. region acquirers with a real-time fraud
scoring solution for merchants on U.S.-issued, dual message card-not-present
(CNP) authorization transactions.

Global Automated Referral Service

Global Automated Referral Service (GARS) supports issuer call referrals by
providing the acquirer with a single phone number to respond to any call
referral. This increases the completion rate of call referrals issued.

M/Chip Cryptogram Pre-validation

The M/Chip Cryptogram Pre-validation service is for issuers that use the M/Chip
Select 2.0, M/Chip Lite 2.1, M/Chip 4.0 (MasterCard, EMV CSK, and EMV2000
session key derivation methods), M/Chip™ Advance, and EMV CCD-compliant
chip cards.

This service validates the Authorization Request Cryptogram (ARQC) and

generates the Authorization Response Cryptogram (ARPC) on behalf of an issuer.

M/Chip Cryptogram Validation in Stand-In Processing

M/Chip Cryptogram Validation in Stand-In Processing service is available for
issuers that use the M/Chip Select 2.0, M/Chip Lite 2.1, M/Chip 4.0 (MasterCard,
EMV CSK, and EMV2000 session key derivation methods), M/Chip™ Advance,
and EMV CCD-compliant chip cards.

The M/Chip Cryptogram Validation in Stand-In Processing service supports

issuers that process chip transactions on an ongoing basis, including the
validation of the Authorization Request Cryptogram (ARQC) and generation
of the Authorization Response Cryptogram (ARPC) on their hosts when the
issuer is signed out, the transaction cannot be delivered to the issuer, or the
issuer timed out.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 1-7
System Overview
Features of the Platform

MasterCard PayPass Mapping Service

MasterCard offers the PayPass Mapping Service as an optional service that
helps issuers process PayPass transactions by translating a unique PayPass
account number into a primary account number that issuers can process with
minimal impact.

The PayPass Mapping service is not available to issuers that support the use of
online PIN with a card or device product. If PAN mapping is performed in a
transaction using online PIN, the PIN validation will fail.

MasterCard inControl Mapping Service

MasterCard® inControl provides capabilities using virtual card numbers at the
point of interaction. MasterCard inControl leverages the same data elements for
mapping a virtual card number (VCN) and a real card number (RCN).

MasterCard SecureCode AAV Verification

MasterCard offers a MasterCard SecureCode dynamic and static Accountholder
Authentication Value (AAV) verification service on every authorization
transaction that contains the Universal Cardholder Authentication Field
(UCAF™) data regardless of whether the issuer’s host system is available or
unavailable to respond to the Authorization Request/0100 message.

MasterCard SecureCode Dynamic AAV Verification in Stand-In

Processing
MasterCard offers AAV verification service for authorization transactions
processed by the Stand-In System that contain AAV data in DE 48 (Additional
Data—Private Use), subelement 43 (Universal Cardholder Authentication Field
[UCAF™]) of the Authorization Request/0100 message.

Issuers may request that Stand-In System processing only perform the AAV
verification test when the issuer’s host system is unavailable to respond to the
Authorization Request/0100 message containing AAV data.

PIN Verification
Personal identification number (PIN) is a proven technology for authenticating
the identity of the cardholder. MasterCard provides an optional PIN verification
service for all purchase transactions that contain a PIN. A PIN Verification in
Stand-In System processing service also is available.

RiskFinder
RiskFinder™ is an optional service that MasterCard offers to help issuers more
effectively predict fraudulent card use. RiskFinder uses a state-of-the-art neural
network to evaluate authorization transactions and produce a transaction score
relative to the potential fraudulent use of the card.

©1983–2013 MasterCard. Proprietary. All rights reserved.

1-8 27 November 2013 • Authorization Manual
 System Overview
EMV Chip Card Technology

Reporting
MasterCard produces a variety of authorization-related reports that display
customer authorization activity and that help customers plan and manage their
authorization process.

For more information about reports and sample report layouts, see “Reports.”

EMV Chip Card Technology

EMV chip card technology offers substantial benefits and unique transaction
features. EMV chip cards offer a secure means to authenticate both the card
and the cardholder.

Business Benefits of EMV Chip Card Technology

EMV chip card technology offers four major business benefits to the payment
business:

• Reduces fraud—both counterfeit and “lost, stolen, never received” fraud

• Enhances credit control
• Reduces operational costs
• Provides a platform for added-value opportunities

Functions Unique to EMV Chip Card Technology

M/Chip cards and EMV chip cards offer unique transaction features, such as:

• Fully offline—Through card and terminal interaction, an EMV transaction

may take place in a fully offline mode
• Offline personal identification number (PIN)—Depending on product rules
and thus EMV chip card personalization and terminal capabilities, the PIN
may be checked offline
• Offline and Online CAM—Allows verification if an EMV chip card is genuine
• Control of offline spending—Allows a method of controlling the maximum
number of consecutive offline transactions, maximum cumulative amount,
and risk assessment of the transaction
NOTE
EMV chip card is a generic name for all EMV card applications (for example,
M/Chip, SECCOS [Germany], CPA [EMVCo], UKIS [UK], VSDC [Visa], and APSS
[Austria]). M/Chip is the MasterCard recommended EMV application (that is,
the MasterCard chip card application that supports the EMV transaction flow
with the terminal). M/Chip is designed to support specific MasterCard products
features/requirements.

For more information about EMV transactions, see “EMV Transactions.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 1-9
System Overview
Related Information

Related Information
The CPV Process Guide provides information related to the Card Personalization
Validation process itself and is available on MasterCard Connect, in the Chip
Information Center.

Guides help with personalization of data elements support for M/Chip profiles
and PayPass profiles.

The following guides are available on MasterCard Connect and will provide
help with M/Chip profiles.

• M/Chip Requirements
• M/Chip Personalization Data Specifications and Profiles
• M/Chip Card Personalization Standard Profiles

The following guides are available on www.paypass.com and provide help

with PayPass profiles.

• PayPass M/Chip Requirements

• PayPass Personalization Data Specifications
• M/Chip Card Personalization Standard Profiles including PayPass

©1983–2013 MasterCard. Proprietary. All rights reserved.

1-10 27 November 2013 • Authorization Manual
Chapter 2 Basic Authorization Concepts
This section presents basic and alternative authorization concepts used by the MasterCard
Authorization Platform.

Participants in Authorization Processing ........................................................................................ 2-1

Other Participants .................................................................................................................... 2-2
Accessing the Authorization Platform ............................................................................................ 2-4
Acquirer Methods .................................................................................................................... 2-4
Issuer Methods......................................................................................................................... 2-5
Authorization Responses................................................................................................................ 2-7
Limit-1 Processing .......................................................................................................................... 2-8
Limit-1 Limits ........................................................................................................................... 2-9
“Nth” Transaction................................................................................................................... 2-10
Stand-In System Tests ............................................................................................................ 2-10
Limit-1 Processing Flow ......................................................................................................... 2-10
Limit-1 Processing Results...................................................................................................... 2-11
X-Code Processing ....................................................................................................................... 2-12
Acquirer Host X-Code Processing.......................................................................................... 2-12
Acquirer MIP X-Code Processing ........................................................................................... 2-13
MIP X-Code Limits ........................................................................................................... 2-14
X-Code Processing of Non-MasterCard Card Programs ............................................................... 2-18

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-i
 Basic Authorization Concepts
Participants in Authorization Processing

Participants in Authorization Processing

There are entities that participate in a typical authorization transaction in
relation to each other and the MasterCard Network.

Participants in a Typical Authorization Transaction

The following diagram illustrates participants in a typical authorization

transaction.

Cardholder

A cardholder is a person to whom a card has been issued or a person who is

authorized to use the card. In an authorization transaction, the cardholder
presents the card or cardholder account number as payment in exchange for
goods or services.

Merchant

The merchant is a retailer, or any other person, firm, or corporation that

(pursuant to a merchant agreement) agrees to accept credit cards, debit cards,
or both, when properly presented.

Acquirer

An acquirer is a licensed customer that acquires the data relating to a transaction

from the card acceptor or merchant and submits that data for authorization.
The acquirer also supports clearing and settlement functions to exchange funds
between the issuer and the merchant.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-1
Basic Authorization Concepts
Participants in Authorization Processing

Issuer

An issuer is a licensed customer that issues cards and is responsible for

approving or declining authorization requests. The issuer also bills cardholders
and supports clearing and settlement functions to exchange funds between the
cardholder and the acquirer.

Other Participants
Other entities may participate in the authorization transaction in place of the
issuer and acquirer.

Other Participants in a Typical Authorization Transaction

This diagram illustrates other entities that may participate in the authorization
transaction in place of the issuer and acquirer. It shows these entities in relation
to each other and to the cardholder, merchant, and the MasterCard Network.

As this diagram shows, an issuer or acquirer may contract with an agent to

perform any of a variety of authorization functions on behalf of the customer.
The agent may assist a customer in such activities as issuing cards, processing
authorization transactions, or processing card portfolios.
NOTE
Throughout this manual, functional references to “issuers” and “acquirers” also
refer to others acting as authorized agents for issuers or acquirers. MasterCard
customers are responsible for the acts and omissions of their agents, including
those with respect to MasterCard rules, regulations, policies, and procedures.

MasterCard Acting On-behalf of Issuers

These diagrams show that MasterCard can act on behalf of the issuers.

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-2 27 November 2013 • Authorization Manual
 Basic Authorization Concepts
Participants in Authorization Processing

MasterCard Stand-In System Processing Acting in Issuing Capacity

MasterCard Stand-In System acts on behalf of the issuers by receiving

authorization requests and generating authorization responses based on the
issuer’s predetermined parameters.

MasterCard X-Code Processing Acting in Issuing Capacity

MasterCard X-Code System performs issuer functions by receiving and

responding to authorization requests at the acquirer MIP.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-3
Basic Authorization Concepts
Accessing the Authorization Platform

Accessing the Authorization Platform

To process authorization activity, acquirers and issuers must access the
MasterCard Network. This network is the path by which they send and receive
authorization messages and related data.

Selecting a particular authorization processing access method depends on a

number of factors, including:

• Physical installations present at the point of interaction and at the customer

site
• Volume of incoming and outgoing authorizations
• Customer location

For help in selecting an appropriate access method, contact a Customer

Implementation Services specialist.

Acquirer Methods
Online host-to-MIP access is available to acquirers. There are several
confirmations for connectivity to a MIP or MIPs for online access.
NOTE
MasterCard discontinued support of telex call referrals. customers that
previously used telex services must register to use Global Automated Referral
Service (GARS). For more information about GARS, see “Global Automated
Referral Service.”

Online Host-to-MIP Access

The following diagrams show configurations for connectivity to a MIP or MIPS

for online access.

Acquirer Online—Direct Host to MIP Connectivity

To have direct connectivity to a MIP, the acquirer must have a host computer
that can support this type of connectivity.

Acquirer Online—Direct Host to Multiple MIP Connectivity

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-4 27 November 2013 • Authorization Manual
 Basic Authorization Concepts
Accessing the Authorization Platform

Acquirer Online—Shared MIP Connectivity

When several acquirers have connectivity to a shared MIP, the MIP is located at
the site of one of the acquirers. Other acquirers access the MIP via a dedicated
phone line. The acquirer with the MIP on-site controls the MIP console.

Issuer Methods
Issuers may choose either of the following authorization options: online
host-to-MIP access to the MasterCard Network or Central Authorization
Processing Service (CAPS).

Online Host-to-MIP Access

Online host-to-MIP issuers receive authorization requests from the Authorization

Platform via a MIP connected to the issuer’s host. They format and return
authorization request responses directly using the messages outlined in the
Customer Interface Specification manual.

The following diagrams show configurations for connectivity to a MIP or MIPs

for online access.

Issuer Online—Direct Host to MIP Connectivity

To have direct connectivity to a MIP, the issuer must have a host computer that
can support this type of connectivity.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-5
Basic Authorization Concepts
Accessing the Authorization Platform

Issuer Online—Direct Host to Multiple MIP Connectivity

Issuer Online—Shared MIP Connectivity

When several issuers have connectivity to a shared MIP, the MIP is located at
the site of one of the issuers. Other issuers access the MIP via a dedicated
phone line. The issuer with the MIP on-site controls the MIP console.

CAPS

CAPS issuers use Stand-In System processing for all of their authorization
processing. These issuers do not have an online connection to the MasterCard
Network. They connect to the MasterCard Network using MasterCard File
Express, a MasterCard communications software package.

Through MasterCard File Express, CAPS customers provide MasterCard with a

file containing all accounts in the issuer’s cardholder base. They send this
file as often as necessary to provide MasterCard with current account listings
and the associated available-to-buy. MasterCard sends CAPS customers a daily
Sequential Response File, which contains a record of all authorization requests
that MasterCard processed on the customer’s behalf. They may also receive
the Daily Activity Report via fax or mail. This report contains supplemental
information not found in the file.

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-6 27 November 2013 • Authorization Manual
 Basic Authorization Concepts
Authorization Responses

Each CAPS customer must complete the Stand-In Processing Worksheet (Form
041) to designate limits and range blocks.

Authorization Responses
Every authorization request receives an authorization response that directs the
acquirer or the merchant on how to proceed with the transaction.

The response received is typically a code that identifies the action that the
merchant should take. The format of the authorization response depends on
the acquirer’s access method.

If the acquirer is online, the Authorization Request Response/0110 message

includes a two-digit response code in DE 39 (Response Code). This code
informs the acquirer of the action to be taken (approve, decline, refer to
card issuer, capture card, or valid). For a complete list of all possible DE 39
response codes and the actions they should prompt, see the Customer Interface
Specification manual.

Regardless of the format in which the authorization response is received,

the response always prompts one of the following actions on the part of the
merchant:

• Approve
• Decline
• Refer to card issuer
• Capture card
• Valid (not declined)—used for non-financial transaction types only

Approve

The transaction is authorized as reported.

For magnetic stripe, chip, and key-entered transactions, the issuer provides a
six-digit authorization code to the acquirer when it approves a transaction for
the purchase of goods or services or cash disbursement.

The merchant still must perform its normal review process (steps such as
verifying the signature on the card are often included) before completing the
transaction.

Decline

The merchant may not complete the transaction. The merchant may return
the card, but may not accept the card in payment for the program or service
for that transaction amount.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-7
Basic Authorization Concepts
Limit-1 Processing

Refer to Card Issuer

The acquirer or merchant must contact the card issuer for further instructions.
(The call referral is a fraud prevention tool that the issuer should use when it
suspects or is attempting to prevent fraud at the point of interaction.) Acquirers
may use the Global Automated Referral Service (GARS). GARS will route
acquirer calls to the Stand-In System if the issuer is not registered to receive
GARS calls. A Stand-In approval response will be a valid response to the call
referral.

MasterCard encourages effective issuer use of the “refer to card issuer”

authorization response through a tiered pricing structure for excess call referral
transactions. Higher charges apply for lower transaction amounts, and lower
charges apply for higher transaction amounts. For more information, see the
MasterCard Consolidated Billing System manual.

MasterCard Stand-In System processing never generates a “refer to card issuer”

response in the following situations:

• When the transaction is a mail order/telephone order (MO/TO) or electronic

commerce transaction
• When the acquirer is responding to a “refer to card issuer” response, the
issuer is unavailable, and Stand-In System processes the GARS transaction
• When the transaction is an ATM transaction
• When the issuer’s call center is closed

Capture Card

The acquirer or merchant must use its best efforts to retain the card by
reasonable and peaceful means. For instructions on how to return a recovered
card to the issuer, see the Security Rules and Procedures manual.

Valid

Issuers provide a valid response when processing balance inquiry, account

status inquiry, or other non-financial types of requests. The valid response
indicates to the acquirer or merchant that the request was completed
successfully by the issuer, that is, the balance returned, address verification
response information provided, if requested, and so on. Merchants use the
information returned in the response message to provide information to the
cardholder or to determine if further authorization decisioning is required.

Limit-1 Processing
If the issuer is online and chooses to truncate a certain percentage of transactions
to reduce the number of transactions that the issuer must process, the issuer
can establish Limit-1 transaction limits using the Stand-In Processing Worksheet.

For details about establishing these limits, see “Setting Stand-In Parameters.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-8 27 November 2013 • Authorization Manual
 Basic Authorization Concepts
Limit-1 Processing

Limit-1 processing does not apply to the following types of transactions:

• Account Status Inquiry Service

• Address Verification Service
• ATM transactions
• Balance Inquiry
• CAT Self-service Terminals/Level 2
• CAT Automated Dispensing Machines/Level 1
• Chip transactions
• On-behalf services transactions
• Payment Transactions
• PIN Management transactions
• Product Inquiry Service
• Recurring payment test transaction
• Transactions that contain a “merchant suspicious” indicator
• Transactions that contain card validation code 2 (CVC 2) data
• Unique transactions (including In-flight Commerce Terminal/Level 4 gaming
transactions)

For all other transactions, Limit-1 processing applies to the following checks:

1. Checks for the Nth transaction and sends Nth transactions directly to the
issuer for processing.
2. Compares the transaction amount to the Limit-1 amounts established by
the issuer on the Stand-In Processing Worksheet. Limit-1 processing sends
transactions with transaction amounts greater than the Limit-1 amounts
directly to the issuer for processing.
3. Applies all of the usual Stand-In System tests to remaining transactions.

Limit-1 Limits
Limit-1 processing forwards transactions with transaction amounts greater than
the established limit to the issuer for approval.

MasterCard has established a default Limit-1 limit of USD 0; all transactions are
automatically forwarded to the issuer for issuers that do not designate separate
limits.

Online acquirers can override issuer Limit-1 values and forward MO/TO and
electronic commerce transactions from their MIP to issuers to reduce the risk of
Limit-1 approval for MO/TO and electronic commerce transactions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-9
Basic Authorization Concepts
Limit-1 Processing

“Nth” Transaction
Limit-1 processing forwards one transaction (the “Nth” transaction) to the issuer
at established intervals, regardless of the transaction amount. A counter on each
acquiring MIP maintains the transaction count for each issuer. For example,
MasterCard has established a default of 9,999 for the Nth value.

At each acquiring MIP, every 9,999th transaction received for each issuer for
Limit-1 processing automatically goes to the issuer for authorization unless the
issuer designates a different “Nth” value on the Stand-In Processing Worksheet.

Stand-In System Tests

The Authorization Platform applies Stand-In System test to Limit-1 transactions
that are less than or equal to the Limit-1 transaction limit and that are not the
Nth transaction.

Customers that establish Limit-1 values should review their limits for the Stand-In
Accumulative Limits test. These limits must be sufficient to accommodate
Limit-1 transaction volumes in Stand-In System processing. Stand-In processing
applies the customer-defined Accumulative Limits test to all transactions
(including Limit-1 transactions) that the Stand-In System processes.

Limit-1 Processing Flow

Limit-1 processing follows one of two possible flows.

• The transaction amount in the Authorization Request/0100 is greater than

the Limit-1 transaction amount limit or the transaction is the Nth transaction.
The Authorization Platform forwards these transactions to the issuer.
• The transaction amount in the Authorization Request/0100 is less than
or equal to the Limit-1 transaction amount limit. The Stand-In System
processes these transactions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-10 27 November 2013 • Authorization Manual
 Basic Authorization Concepts
Limit-1 Processing

Limit-1: Transaction Amount is Greater than Limit or Transaction is Nth

Transaction

Limit-1: Transaction Amount is Less than or Equal to Limit

Limit-1 Processing Results

Online issuers can see the result of Limit-1 processing.

• On the X-Code and Limit-1 Weekly Detail Authorizations Report

(AB110010-AA). For a sample of the report, see the MasterCard Consolidated
Billing System manual.
• In the Authorization Advice/0120 (Store-and-Forward) messages, which the
Authorization Platform creates for each Limit-1 transaction.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-11
Basic Authorization Concepts
X-Code Processing

X-Code Processing
X-Code processing applies only when the acquirer is online. It can occur at
either of the following locations: acquirer host or acquirer MIP.

These descriptions apply only to MasterCard card programs. For X-Code

processing of all other card brands, see “X-Code Processing of Non-MasterCard
Card Programs.”

Acquirer Host X-Code Processing

Acquirer host X-Code processing occurs when the acquirer host cannot
communicate with the acquirer MIP.

Acquirer Host X-Code Flow

1. The acquirer creates an authorization request; however, the acquirer host

cannot communicate with the acquirer MIP.
2. The acquirer responds to the authorization request based on the rules for
acquirer host X-Code processing.
3. The acquirer may be required to phone the issuer for approval based on
the rules for X-Code processing.

Rules for Acquirer Host X-Code Processing

For acquirer host X-Code processing, the acquirer must approve and bear
liability for the transaction, after validating that the account is not listed as
restricted on the Electronic Warning Bulletin file, when the transaction amount
is less than or equal to USD 300, except in the circumstances listed below.

The issuer bears liability for authorization requests that it approves. The
acquirer must phone the issuer for approval in any of the following instances:

• The transaction amount is more than USD 300.

• The card is not present.
• The merchant suspects that the card may be stolen or counterfeit, or the
transaction or the customer causes the merchant to be suspicious.
• The transaction type is one of the following: PIN transactions, unique, mail
order/telephone order, electronic commerce order, Payment Transaction, or
non-financial transactions (such as balance inquiry, PIN management).

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-12 27 November 2013 • Authorization Manual
 Basic Authorization Concepts
X-Code Processing

If the transaction amount is more than USD 300 and the acquirer cannot reach
the issuer, the acquirer may do any of the following:

• Approve the transaction (and bear liability for the total amount)
• Decline the transaction
• Continue attempting to reach the issuer

If the acquirer has not phoned the issuer for approval, the acquirer can create
an Authorization Advice/0120—Acquirer-generated message to notify the issuer
of the approved authorization based on the previously stated rules for X-Code
processing.

Acquirer MIP X-Code Processing

Acquirer MIP X-Code processing occurs when the acquirer MIP cannot
communicate with the MasterCard Network or the acquirer MIP does not
receive a response from the issuer or the Stand-In System within the time frame
established by MasterCard.

Acquirer MIP X-Code Flow

1. The authorization request is routed to the acquirer MIP on its way to the
issuer. However, one of the following scenarios occurs:

• The acquirer MIP cannot communicate with the MasterCard Network.

• The MasterCard Network cannot communicate with the issuer MIP and
the MasterCard Network cannot communicate with the Stand-In MIP.
• The MasterCard Network cannot communicate with the issuer MIP and
the Stand-In MIP cannot communicate with the Stand-In host.
• The MasterCard Network cannot communicate with the Stand-In MIP
and the issuer MIP cannot communicate with the issuer host.
2. The acquirer MIP generates an authorization response as follows:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-13
Basic Authorization Concepts
X-Code Processing

MIP X-Code Authorization

Response Type of Transaction

Decline • Account Status Inquiry Service requests

• ATM Installment Inquiry
• AVS transactions
• Balance inquiries
• Internet gambling transactions (MCC
7995 and CAT Level 6) involving U.S.
region-issued cards
• Product Inquiry Service
• Recurring payment test transaction
requests
• Transactions that contain a PIN
• Transactions that contain the “merchant
suspicious” indicator
• Transactions that occur at a
cardholder-activated terminal
(CAT)/Level 1
• Transactions using a MasterCard card
not eligible for X-Code processing

Refer to Card Issuer • Cash disbursement

• Payment Transaction
• Unique
• Transactions using a MasterCard card
that is eligible for X-Code processing
and the transaction exceeds the
MasterCard X-Code limits

Capture Card Transactions for accounts that are listed on

the Electronic Warning Bulletin file
Approve Transactions that are less than or equal to
the MasterCard X-Code limits and do not
meet any of the criteria listed above

The Authorization Platform generates Authorization Advice/0120 messages

to report the results of X-Code processing. Online issuers can retrieve the
messages using the process described in “Online Messages.”

MIP X-Code Limits

The following table shows established X-Code limits. Transactions must be less
than or equal to these limits to be approved.

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-14 27 November 2013 • Authorization Manual
 Basic Authorization Concepts
X-Code Processing

Type of Transaction MIP X-Code Limits

Transactions using: USD 2,500
• MBK—MasterCard Black® Card
• MCW—World MasterCard™ Card
• MFB—Flex Credit World Elite
• MFE—Flex Charge World Elite
• MFH—Flex Credit World
• MFW—Flex Charge World
• MHW—HELOC World MasterCard
• MUW—MasterCard World Domestic Affluent
• MWD—World Deferred
• MWE—MasterCard World Elite
• MWR—World Retailer Centric Payment
• TCW—World Signia MasterCard Card—Imme-
diate Debit
• TNW—MasterCard New World—Immediate
Debit
• WBE—MasterCard World Black Edition

Transactions using: USD 1,500

• DAP—Platinum Debit MasterCard® Salary
• DLP—Debit MasterCard Platinum—Delayed
Debit
• MCH—MasterCard Premium Charge
• MCT—Titanium MasterCard
• MHM—HELOC Debit Platinum
• MDP—Debit MasterCard Platinum®
• MEP—Premium Debit MasterCard Embossed
• MFD—Flex Credit Platinum
• MFL—MasterCard Flex Charge Platinum
• MHN—HELOC Debit Premium
• MHP—HELOC Platinum MasterCard
• MPL—Platinum MasterCard® Card
• MUP—Platinum Debit MasterCard Unembossed
• SAP—Platinum MasterCard® Salary—Immediate
Debit
• TPL—Platinum MasterCard—Immediate Debit

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-15
Basic Authorization Concepts
X-Code Processing

Type of Transaction MIP X-Code Limits

Transactions using: USD 1,000
• MAB—World Elite™ MasterCard® Business
• MAC—MasterCard® Corporate World Elite®
• MCB—MasterCard BusinessCard® Card
MasterCard Corporate Card™
• MCO—MasterCard Corporate
• MCM—MasterCard Corporate Meeting Card
• MDB—Debit MasterCard BusinessCard Card
• MDQ—Middle Market Corporate Card
• MEB—MasterCard Executive BusinessCard Card
• MEO—MasterCard Corporate Executive Card®
• MLA—MasterCard Central Travel Solutions Air
• MLC—MasterCard Micro-Business Card
• MLD—MasterCard Distribution Card
• MLL—MasterCard Central Travel Solutions Land
• MPB—MasterCard Preferred BusinessCard
• MPC—MasterCard Professional Card
• MWB—World MasterCard for Business
• MWO—MasterCard Corporate World
• TCB—MasterCard BusinessCard—Immediate
Debit
• TCO—MasterCard Corporate—Immediate Debit
• TCP—MasterCard Purchasing Card—Immediate
Debit
• TCS—MasterCard Standard Card—Immediate
Debit
• TEB—MasterCard Executive BusinessCard
Card—Immediate Debit
• TEO—MasterCard Corporate Executive
Card—Immediate Debit
• TLA—MasterCard Central Travel Solutions
Air—Immediate Debit
• TPB—MasterCard Preferred BusinessCard—Im-
mediate Debit
• TPC—MasterCard Professional Card—Immediate
Debit
• SAS—Standard MasterCard® Salary—Immediate
Debit

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-16 27 November 2013 • Authorization Manual
 Basic Authorization Concepts
X-Code Processing

Type of Transaction MIP X-Code Limits

• SOS—Standard MasterCard Social®—Immediate

Debit

Transactions using all other MasterCard cards eligible USD 600

for X-Code processing.

In-flight Commerce Terminal/Level 4 gaming USD 350

transaction (TCC is U and MCC is 7995). For CAT
Level 4 non-gaming transactions, X–Code limits
apply.
Transactions using all other MasterCard cards not USD 0
eligible for X-Code processing:
• DLU—Debit MasterCard Unembossed Delayed
Debit
• MBF—Prepaid MasterCard Food
• MBM—Prepaid MasterCard Meal
• MBD—MasterCard Professional Debit
BusinessCard
• MCU—MasterCard Unembossed
• MDU—Debit MasterCard Unembossed (U.S.)
• MFR—MasterCard Commercial Reward Funding
• MHB—HSA Substantiated
• MHH—HSA Non-Substantiated
• MHK—MGMA HAC Program
• MID—MasterCard Debit Unembossed Student
Card
• MIG—MasterCard Credit Unembossed Student
Card
• MIJ—MasterCard Debit Unembossed Non-U.S.
Student Card
• MIU—Debit MasterCard Unembossed Non-U.S.
• MPK—Prepaid MasterCard Government
Commercial Card
• MRH—MasterCard Platinum Prepaid Travel Card
• MSD—MasterCard Deferred Debit Consumer
• TIU—MasterCard Unembossed Immediate Debit
• Maestro products
• MasterCard Electronic products
• MasterCard Prepaid products

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 2-17
Basic Authorization Concepts
X-Code Processing of Non-MasterCard Card Programs

Liability for X-Code Transactions

The issuer is liable for transactions that are approved under acquirer MIP
X-Code, up to the MIP X-Code limits specified in previous table.

The acquirer may raise the X-Code limits at its own risk via the MIP console.
For more information about how to do this, see the MasterCard Interface
Processor Member Manual.

If the acquirer raises the limits, it is liable for the entire amount of any
transaction greater than the MasterCard default limits. For example, suppose
that the acquirer raises the USD 600 limit for all other MasterCard cards to
USD 1,000. If a transaction is approved for USD 900 under the raised X-Code
limit, the acquirer is liable for the entire USD 900. The acquirer is liable
under chargeback reason code 4808 (Requested/Required Authorization Not
Obtained). The issuer is liable only for transaction amounts that are less than or
equal to the MasterCard default amounts.

X-Code Processing of Non-MasterCard Card Programs

Acquirer Host X-Code processing of non-MasterCard cards is subject to the
guidelines of the individual card brand.

Acquirer MIP X-Code processing of non-MasterCard cards is the same as for

MasterCard cards with the following exceptions and clarifications.

This table shows MIP X-Code limits for non-MasterCard cards.

Response if the transaction is

Type of Transaction MIP X-Code Limit greater than the limit

All Visa 0 Decline

Non-MasterCard, non-Visa 0 Decline

MO/TO, electronic
commerce, ATM, and
“merchant suspicious”

All other non-MasterCard, 0 Refer to Card Issuer

non-Visa

©1983–2013 MasterCard. Proprietary. All rights reserved.

2-18 27 November 2013 • Authorization Manual
Chapter 3 MasterCard Authorization Message Flows
This section explains the flow of authorization messages that involve a MasterCard card.

Basic Authorization Flow ............................................................................................................... 3-1

Variations on the Basic Authorization Flow for MasterCard Cards................................................. 3-2
Authorization Processing Occurs at the Acquirer MIP ............................................................. 3-2
Issuer Is Online but the Transaction Cannot Follow the Primary Path .................................... 3-3
Secondary Path for Online Customers—Stand-In System Processing ................................ 3-4
No Secondary Path for Online Customers ......................................................................... 3-5
Tertiary Path for Online Customers—X-Code Processing .................................................. 3-7
Issuer is a CAPS Issuer............................................................................................................. 3-7

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 3-i
 MasterCard Authorization Message Flows
Basic Authorization Flow

Basic Authorization Flow

Although the authorization process contains many variables for routing and
authorizing, it is helpful to have an understanding of the basic flow of an
authorization request.

The following diagram illustrates the basic authorization flow. This flow
assumes that the card involved is a MasterCard® card, that the issuer and
acquirer are online customers, and that the issuer has instructed MasterCard to
forward all requests.

1. The cardholder presents the card to the merchant for a face-to-face

transaction or provides the card number, expiration date, name, and address
when placing a mail, phone, or electronic commerce (e-commerce) order.
2. The merchant forwards the transaction to the acquirer for approval.
3. The acquirer requests authorization for the transaction by generating an
authorization request message. The authorization request travels through
an acquiring MasterCard interface processor (MIP) to the MasterCard
Network, through an issuer MIP, and then to the issuer’s host.
4. The issuer returns an authorization response message to the acquirer to
indicate what action the merchant should take for the transaction. The
authorization response travels through the MasterCard Network to the
acquirer.
5. Online acquirers may send an authorization acknowledgement message
confirming receipt of the response.
6. The acquirer responds to the merchant.
7. The merchant completes the transaction according to the authorization
response returned.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 3-1
MasterCard Authorization Message Flows
Variations on the Basic Authorization Flow for MasterCard Cards

NOTE
Throughout the remainder of this section, diagrams omit reference to the
cardholder and merchant.

Variations on the Basic Authorization Flow for MasterCard

Cards
Authorization flows will vary from the basic authorization flow when certain
situations apply.

• Authorization processing occurs at the acquirer MIP.

• Limit-1 processing applies.
• The issuer is online but the transaction cannot follow the primary path.
• The issuer is a Central Authorization Processing Service (CAPS) issuer.
• The EMV chip card authorizes the transaction offline.
NOTE
Throughout this manual, the acquirer MIP in the diagrams refers to whichever
MIP accepts the authorization request and forwards it through the MasterCard
Network.

Authorization Processing Occurs at the Acquirer MIP

The acquirer MIP (and not the issuer) processes the authorization transaction
when any of these situations occurs.

• MIP edits at the acquirer MIP cause an error response

• Limit-1 processing applies
• X-Code processing applies
• On-behalf processing applies

MIP Edits Cause an Error Response by the Acquirer MIP

The acquirer MIP performs certain editing functions to ensure validity and
inclusion of required fields. If the transaction does not pass certain edits, the
authorization request goes no further than the MIP, which returns an error
response. To determine which fields are mandatory, which are dependent
on specific conditions, and which are optional, see the Customer Interface
Specification manual.

Limit-1 and X-Code Processing Applies

See “Basic Authorization Concepts.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

3-2 27 November 2013 • Authorization Manual
 MasterCard Authorization Message Flows
Variations on the Basic Authorization Flow for MasterCard Cards

On-behalf Processing Applies

MIP performs on-behalf services and may reject transactions per issuer or
issuer- or cardholder-established criteria such as for inControl processing.

For more information about on-behalf processing, see “Authorization Services

Details.”

Issuer Is Online but the Transaction Cannot Follow the Primary

Path
If a transaction involving an online issuer cannot follow the basic authorization
flow, it follows a secondary path or a tertiary path.

If the Authorization Platform cannot route these transactions via the primary
path to the issuer, it may result in a response indicating the requested service is
not available. This can occur for any of the following services:

• Transactions that contain an Account Status Inquiry Service or Product

Inquiry Service request receive a response of “service not available.”
• Transactions that contain an authorization request and an AVS request—the
authorization request receives the appropriate authorization response and
the AVS request receives a response of “service not available.”
• Balance inquiry transactions at ATM and POS receive a response of “service
not available.”
• ATM Credit Card Cash Advance in Installments transactions receive a
response of “service not available.”
• PIN management transactions receive a response of “service not available.”
• Funding transactions with a credit card at an ATM receive a response of
“service not available.”
• Mobile Phone Top-up ATM transactions receive a response of “service not
available.”
• Private label prepaid card activation plus initial load transactions receive a
response of “service not available.”
• Refund transactions receive a response of “service not available.”
• Recurring payment test transactions, which contains a zero value transaction
amount, receive a response of “service not available.”

For details about processing flows and transaction responses for these services,
see the Customer Interface Specification manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 3-3
MasterCard Authorization Message Flows
Variations on the Basic Authorization Flow for MasterCard Cards

Secondary Path for Online Customers—Stand-In System Processing

Stand-In System processing is mandatory for MasterCard credit products in
all regions, except for customers in the Europe region with existing alternate
back-up authorization processing. Issuers may choose to block Stand-In System
processing for debit products in all regions, except in the U.S. region.

If any of the following conditions apply for online issuers that support the
Stand-In System as their secondary path, the system routes the transaction
to Stand-In processing:

• The issuer is not signed in.

• The transaction could not be delivered to the issuer.
• The issuer does not respond with an Authorization Request Response/0110
message in the allotted amount of time, causing a “time out” at the acquiring
MIP. For more information about response times, see “Routing Timer
Values.”
• The issuer’s response message contains invalid formatting or information
resulting in an issuer edit error.

In these cases, the transaction follows the flow depicted in the following
diagram.

Secondary Path for Online Customers—To Stand-In System Processing

1. After receiving the merchant request for authorization, the acquirer generates
an authorization request, which travels through the MasterCard Network.
2. The MasterCard Network, unable to route the authorization request to the
online issuer, routes it to Stand-In processing.
3. Stand-In processing generates an authorization response, based on the
issuer’s parameters. Stand-In processing also generates authorization advice

©1983–2013 MasterCard. Proprietary. All rights reserved.

3-4 27 November 2013 • Authorization Manual
 MasterCard Authorization Message Flows
Variations on the Basic Authorization Flow for MasterCard Cards

messages, as appropriate, and stores them in a store-and-forward (SAF)

queue.
4. The MasterCard Network routes the Stand-In authorization response to
the acquirer.
5. Online acquirers may send an authorization acknowledgement message
confirming receipt of the response.
6. When issuer connectivity is reestablished, the issuer will retrieve the
SAF messages generated by Stand-In processing to adjust cardholder
available-to-buy positions appropriately. For the format and contents of a
SAF message, see the Customer Interface Specification manual.

No Secondary Path for Online Customers

If a secondary authorization path does not exist for an issuer or is not allowed
based on program or service rules and the online issuer does not respond
or responds late to an Authorization Request/0100 message, which causes a
“time out,” the Authorization Platform responds to the acquirer with a decline
response.

No Secondary Path for Online Customers—No Issuer Response

The transaction follows the flows depicted in the following diagrams.

1. The acquirer sends the Authorization Request/0100 message to the

Authorization Platform, and the Authorization Platform forwards the
Authorization Request/0100 message to the issuer.
2. The Authorization Platform does not receive the issuer’s Authorization
Request Response/0110 within the response time allowed for the issuer.
3. The Authorization Platform sends the Authorization Request Response/0110
to the acquirer where DE 39 (Response Code) = 91 (Issuer Authorization
System or Issuer Inoperative).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 3-5
MasterCard Authorization Message Flows
Variations on the Basic Authorization Flow for MasterCard Cards

4. The Authorization Platform sends a Reversal Advice/0420 message

containing the following values to the issuer because no issuer response
is received:

• DE 39 = 82 (Time out at issuer)

• DE 60, subfield 1 = 402 (Banknet advice: IPS time-out error)
5. When the issuer receives the Reversal Advice/0420 message, it must
generate a Reversal Advice Response/0430 message to acknowledge receipt
of the Reversal Advice/0420 message.

No Secondary Path for Online Customers—Late Issuer Response

1. The acquirer sends the Authorization Request/0100 message to the

Authorization Platform, and the Authorization Platform forwards the
Authorization Request/0100 message to the issuer.
2. The Authorization Platform does not receive the Authorization Request
Response/0110 message within the time limits from the issuer.
3. The Authorization Platform generates an Authorization Request
Response/0110 message where DE 39 (Response Code) = 91 (Issuer
Authorization System or Issuer Inoperative) and forwards it to the acquirer.
4. The Authorization Platform sends a Reversal Advice/0420 message
containing the following values to the issuer because no issuer response
is received:

• DE 39 = 82 (Time out at issuer)

• DE 60, subfield 1 = 402 (Banknet advice: IPS time-out error)
5. When the issuer receives the Reversal Advice/0420 message, it must
generate a Reversal Advice Response/0430 message to acknowledge receipt
of the Reversal Advice/0420 message.
6. The Authorization Platform receives a “late” Authorization Request
Response/0110 message from the issuer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

3-6 27 November 2013 • Authorization Manual
 MasterCard Authorization Message Flows
Variations on the Basic Authorization Flow for MasterCard Cards

7. The Authorization Platform sends an Authorization Response Negative

Acknowledgement/0190 message to the issuer, indicating it has no record
of a corresponding Authorization Request/0100 message.
NOTE
A response is not necessary from the issuer after the Authorization Platform
sends an Authorization Response Negative Acknowledgement/0190 message.

Tertiary Path for Online Customers—X-Code Processing

If neither the primary path nor the secondary path is available for the
transaction, X-Code processing is performed at the acquirer MIP.

Issuer is a CAPS Issuer

If a transaction involves a CAPS issuer, there are two paths this transaction can
follow: a primary and a secondary path.

Primary Path for CAPS Customers—Stand-In System Processing

If the issuer is a CAPS customer, the transaction follows this flow. This flow
does not apply to transactions that require unique response data that is not
available to CAPS.

Primary Path for CAPS Customers—Stand-In System Processing Flow

1. After receiving the merchant request for authorization, the acquirer generates
an authorization request, which travels through the MasterCard Network.
2. The Authorization Platform automatically routes the request to Stand-In
processing.
3. Stand-In processing generates an authorization response based on CAPS
parameters.
4. The MasterCard Network routes the Stand-In authorization response to
the acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 3-7
MasterCard Authorization Message Flows
Variations on the Basic Authorization Flow for MasterCard Cards

5. Online acquirers may send an authorization acknowledgement message

confirming receipt of the response.

Secondary Path for CAPS Customers—X-Code Processing

If the primary path is not available for the transaction, X-Code processing is
performed at the acquirer MIP.

©1983–2013 MasterCard. Proprietary. All rights reserved.

3-8 27 November 2013 • Authorization Manual
Chapter 4 Acquirer and Issuer Responsibilities
This section discusses acquirer and issuer responsibilities relating to participation in the
MasterCard Authorization Platform.

Acquirer Responsibilities................................................................................................................ 4-1

Processing Authorization Requests .......................................................................................... 4-1
Access the MasterCard Network ........................................................................................ 4-1
Create and Send Authorization Requests ........................................................................... 4-2
Bank Identification Number and Issuing Account Range Management ....................... 4-2
Card-Read Data Storage Standards............................................................................... 4-3
Cash Disbursement ...................................................................................................... 4-3
Electronic Commerce Transactions .............................................................................. 4-3
Expired Card................................................................................................................ 4-3
Invalid BIN .................................................................................................................. 4-3
Mail Order/Telephone Order Batch Authorization Request/0100 Messages ................ 4-4
Support Preauthorization and Final Authorization Transactions .................................. 4-4
Voice Authorization Requests ...................................................................................... 4-4
Receive the Authorization Response.................................................................................. 4-4
Call Referral Responses................................................................................................ 4-4
Minimum Authorization Response Wait Time.............................................................. 4-5
Maintain Authorization Logs .............................................................................................. 4-5
Support Partial Approvals .................................................................................................. 4-6
Support Reversal Request Messages .................................................................................. 4-6
Support Account Balance Responses................................................................................. 4-6
Support Multiple Authorization Processing for Travel & Entertainment Merchants ........... 4-7
Support Point-of-Sale Balance Inquiries ............................................................................ 4-7
Send Authorization Completion Advices ........................................................................... 4-7
Table 1: Acquirer Mandate to Support Partial Approvals, Reversal Requests, and
Account Balance Responses (U.S. Region Only) ............................................................... 4-8
Table 2: Effective Dates for Acquirer Mandate to Support Partial Approvals and
Account Balance Responses Globally .............................................................................. 4-10
Assisting in Investigation of Counterfeits and Criminal Cases................................................ 4-10
Billing .................................................................................................................................... 4-11
Issuer Responsibilities.................................................................................................................. 4-11
Encoding and Validating the CVC 1 Value ............................................................................. 4-12
Encoding and Validating the Chip CVC ................................................................................. 4-12
Imprinting and Validating the CVC 2 Value ........................................................................... 4-12

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-i
Acquirer and Issuer Responsibilities

Personalizing and Validating the CVC 3 Value....................................................................... 4-13

Generating and Validating Accountholder Authentication Value ........................................... 4-13
Issuing and Validating PIN Data ............................................................................................ 4-13
Validating the ARQC and Generating the ARPC .................................................................... 4-14
Processing Authorization Requests ........................................................................................ 4-14
Establish Stand-In Processing Authorization Parameters.................................................. 4-15
Maintain an Authorization Log......................................................................................... 4-15
Support AVS Requests for U.S. Issuers ............................................................................. 4-15
Support Partial Approvals ................................................................................................ 4-15
Support Reversal Request Messages ................................................................................ 4-16
Support Account Balance Responses............................................................................... 4-16
Support Authorization Advice Completion Messages ...................................................... 4-17
Support Multiple Authorizations from Travel & Entertainment Merchants....................... 4-17
Support Account Status Inquiry Service Responses ......................................................... 4-18
Support Identification of Final Authorizations ................................................................. 4-18
Supporting Point-of-Sale Balance Inquiries............................................................................ 4-19
Call Referral Responses.......................................................................................................... 4-19
File Maintenance.................................................................................................................... 4-20
Billing .................................................................................................................................... 4-21

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-ii 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Acquirer Responsibilities

Acquirer Responsibilities
As MasterCard customers, acquirers enter into written agreements with their
merchants. These acquirer-merchant agreements must in substance contain
certain provisions described in the MasterCard Rules.
NOTE
The acquirer is responsible for making applicable MasterCard rules, regulations,
procedures, and policies known to its merchants and is responsible for merchant
violations of them.

Acquirers must provide adequate and reasonable authorization services to their

merchants, regardless of their location. Acquirers that have entered into an
agreement with merchants also have responsibilities regarding the following:

• Processing authorization requests

• Assisting in investigation of counterfeits and criminal cases
• Billing

Processing Authorization Requests

To process authorization requests, acquirers must be able to perform certain
tasks.

• Access the MasterCard Network

• Create and send authorization request messages
• Receive the authorization response
• Maintain authorization transaction logs
• Support partial approvals
• Support reversal request messages
• Support account balance responses
• Support multiple authorization processing for T&E merchants
• Support point-of-sale balance inquiries
• Send authorization completion advices
• Support preauthorization and final authorization transactions (Europe
region acquirers)

Access the MasterCard Network

Acquirers must have access to the MasterCard Network to generate authorization
requests and receive authorization responses.

Acquirer options for establishing access to the network are addressed in “Basic
Authorization Concepts” and in the Data Communications Manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-1
Acquirer and Issuer Responsibilities
Acquirer Responsibilities

Create and Send Authorization Requests

For all transactions other than On-Us (any transaction in which the acquirer
and issuer are the same customer), the acquirer formats and sends an
authorization request. Acquirers must forward authorization requests under all
conditions identified in the Chargeback Guide and according to the following
specifications.

Acquirers must route all authorization transactions for Account Level

Management, MasterCard inControl Virtual Card Number (VCN), MasterCard
inControl Real Card Spend Control, PayPass Mapping Service, and Pay with
Rewards account ranges to the Dual Message System for processing. Account
Level Management, MasterCard inControl, PayPass Mapping Service, and
Pay with Rewards service account ranges are identified in the IPM Member
Parameter Extract Table IP0040T1 Issuer Account Range.

Bank Identification Number and Issuing Account Range Management

Acquirers must use consistent MasterCard bank identification number (BIN)

and issuing account range maintenance procedures to maintain a positive
acceptance experience for cardholders. Consistent BIN and issuing account
range maintenance procedures allow merchants to successfully accept and
process MasterCard transactions, thereby preventing valid accounts from being
declined at the point of interaction.

Acquirers can comply with this mandate by ensuring that their merchants submit
all authorization requests containing a MasterCard issuing account number
within the 510000–559999 BIN range. Alternatively, acquirers can comply with
this mandate by maintaining accurate records of all active MasterCard issuing
account ranges and ensuring these records are updated on their merchants’
systems within six calendar days of MasterCard notification.

To comply with this mandate, acquirers can use one of the following methods:

• Acquirers can use the Member Parameter Extract (MPE) file, specifically
Table IP0040T1 Issuer Account Range, to update their merchants. This file
is replaced in its entirety with each Global Clearing Management System
release (bi-annually) and supplemented by a daily update file that contains
add, change, and delete records. In addition, an acquirer can request a full
replacement file by contacting the Customer Operations Services team.
• Acquirers can use the Daily Payment Acceptance Table—File Information
to update their merchants. The Daily Payment Acceptance Table—File
Information is an optional, daily full file account range replacement file.
For information about the Daily Payment Acceptance—File Information
transmission and layout, see “File Layouts.”

Acquirers that use the MPE file or the Daily Payment Acceptance Table—File
Information must ensure that the file is deployed on their merchants’ systems
within six calendar days from the date that MasterCard distributes each updated
file.

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-2 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Acquirer Responsibilities

This mandate applies to authorization processing in dual message (01xx)

environments used for MasterCard®, Debit MasterCard®, and MasterCard™
Electronic transactions. MasterCard will monitor acceptance compliance. Failure
to comply with one of the methods listed above may result in noncompliance
assessments as described for Category A of the compliance framework set out
in Rule 3.1.2.1, “Noncompliance Categories” of the MasterCard Rules.

Card-Read Data Storage Standards

No card-read data may be displayed, replicated or stored by any acquirer,

merchant, point-of-interaction (POI) terminal or other device, or representative
of the acquirer or merchant (including Third Party Processors [TPPs] and Data
Storage Entities [DSEs]), except card account number, expiration date, service
code, and cardholder name, if present. See the MasterCard Rules and the
Security Rules and Procedures manual for the detailed rules and noncompliance
assessments that apply.

Cash Disbursement

The Chargeback Guide contains specific procedures related to processing cash

disbursement.

Electronic Commerce Transactions

MasterCard monitors authorization data originating from electronic commerce

(e-commerce) merchants. Acquirers with merchants that fail to identify
e-commerce transactions properly are subject to noncompliance assessments.

MasterCard also monitors and identifies merchants and acquirers to verify

that they do not resubmit declined Authorization Request/0100 messages
with different values in these data elements. Merchants and acquirers should
not present Authorization Request/0100 messages using one card acceptor
business code (MCC) or with e-commerce transaction identifiers and then,
when declined, subsequently resubmit the transaction with different MCCs or
with e-commerce transaction identifiers to bypass issuer strategies and obtain
issuer approval.

Expired Card

Acquirers should forward, and not decline, any transactions with an expired
expiration date. Issuer-approved expired card transactions are not eligible for
chargeback if the Authorization Request/0100 message accurately presents the
expiration date. For more information about chargeback rights associated with
expired cards, see the Chargeback Guide.

Invalid BIN

Acquirers must forward an authorization request even if the bank identification

number (BIN) appears to be invalid. An acquirer may not decline a
transaction unless it has received a response of “invalid card number” from the
Authorization Platform.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-3
Acquirer and Issuer Responsibilities
Acquirer Responsibilities

Mail Order/Telephone Order Batch Authorization Request/0100 Messages

Unless agreed to otherwise by the acquirer and issuer, under no circumstances

can an acquirer or its merchant submit batch Authorization Request/0100
messages presorted in BIN order.

Support Preauthorization and Final Authorization Transactions

Acquirers in the Europe region must be able to support properly coding

authorization requests as preauthorization and final authorization transactions.

Effective for authorizations submitted on or after 5 November 2013, acquirers in

the Europe region must ensure that any authorization request for an amount
greater than zero must be properly coded as either preauthorization or final
authorization according to message coding requirements.

Acquirers must submit the clearing presentment for an approved final

authorization transaction within four business days of the authorization date.

Non-Europe region acquirers may optionally identify authorizations as final

authorization. In such cases, they must meet all the requirements applicable
to final authorizations as Europe region acquirers.

Voice Authorization Requests

Acquirers that initiate an authorization request based on a phone call from the
merchant must verify the account number with the merchant to ensure that it
was correctly relayed before declining an authorization.

Receive the Authorization Response

When the acquirer receives the authorization response, the acquirer passes the
response on to the merchant.

The acquirer bears responsibility for application of the response. If, in response
to an authorization request, the acquirer is instructed to obtain or to hold on
to a card or is given other instructions, the acquirer must inform the merchant
that it shall use its best efforts, by reasonable and peaceful means, to comply
with such instructions.

For the authorization responses that acquirers may receive, see “Basic
Authorization Concepts.”

Call Referral Responses

Acquirers have the following additional responsibilities regarding call referral

responses.

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-4 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Acquirer Responsibilities

• Establish a merchant call referral response rate of 60 percent.

• Monitor individual merchant performance.
• Encourage, where possible or appropriate, three-way communication to
allow merchants, cardholders, and issuers to exchange information during
a call referral response call.
• Develop and distribute educational materials for merchants.
• Apply all call referral standards to the rules governing Member Service
Providers (MSPs). The MasterCard Rules describes MSP responsibilities.

Minimum Authorization Response Wait Time

For MasterCard and Debit MasterCard POS transactions, there are minimum
authorization response wait times.

For MasterCard and Debit MasterCard POS transactions, when sending an

Authorization Request/0100, Authorization Advice/0120—Acquirer-generated,
or Reversal Request/0400 message, acquirers in Brazil, the Canada region,
Netherlands, U.K., and the U.S. region must wait at least 10 seconds for the
authorization response.

For MasterCard and Debit MasterCard POS transactions, when sending an

Authorization Request/0100, Authorization Advice/0120—Acquirer-generated,
or Reversal Request/0400 message, acquirers in all other countries must wait
at least 12 seconds for the authorization response.

The acquirer must ensure that its host does not apply authorization response
wait time parameters that time out before the minimum authorization response
wait time has elapsed.

Maintain Authorization Logs

Acquirers that process authorizations must maintain, for at least 120 days, a
record or log of all authorization transactions. The log must include all data
files pertinent to each request and corresponding authorization response.

If an authorization transaction occurred at an electronic terminal, the acquirer

must maintain a log containing the following information:

• Authorization code given by the issuer or the transaction certificate (TC)

given by the EMV chip card.
• Substitute number generated by the acquirer and printed on the terminal
receipt, if not the same as the authorization code.
• Number of days allowed for a presentment, in the case of a delayed delivery
because of a partial payment.
• Indication that the merchant reported that the card may be stolen or
counterfeit or that the transaction caused the merchant to be suspicious, if
this situation occurred.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-5
Acquirer and Issuer Responsibilities
Acquirer Responsibilities

Support Partial Approvals

Acquirers must be able to support partial approvals.

As indicated in Table 1: Acquirer Mandate to Support Partial Approvals,

Reversal Requests, and Account Balance Responses (U.S. Region Only),
MasterCard mandates that acquirers providing authorization services for U.S.
region merchants in the MCCs listed, and merchants in the MCCs listed, must
support partial approvals for all Debit MasterCard® account ranges they
acquire, including all prepaid Debit MasterCard accounts. This requirement
applies only to card present transactions occurring at attended terminals
and at cardholder-activated terminals (CATs) identified with MCC 5542 (Fuel
Dispenser, Automated).

Effective 2020 with Release 20.Q2, an acquirer of a merchant included in any of

the MCCs listed in Table 2: Effective Dates for Acquirer Mandate to Support
Partial Approvals and Account Balance Responses Globally, for card present
transactions conducted at attended terminals only) or MCC 5542 must support
partial approvals for all Debit MasterCard, Maestro, and prepaid MasterCard
card account ranges. Acquirers in the United Kingdom must support this
mandate by 2014 (Release 14.Q2). MasterCard reserves the right to expand the
number of markets that may be required to support prior to 2020.

Support Reversal Request Messages

Acquirers must be able to support reversal request messages.

As indicated in Table 1: Acquirer Mandate to Support Partial Approvals,

Reversal Requests, and Account Balance Responses (U.S. Region Only),
MasterCard mandates that acquirers providing authorization services for U.S.
region merchants in the MCCs listed must support full and partial reversals for
all MasterCard® and Debit MasterCard® account ranges they acquire, including
all prepaid Debit MasterCard accounts (with certain MCCs initially exempted).

For more information about the authorization reversal mandate in the U.S.
region, see “Authorization Reversal Mandate in the U.S. Region.” For more
information about reversal request messages, see “Online Authorization
Messages.”

Support Account Balance Responses

Acquirers must support account balance responses.

As indicated in Table 1: Acquirer Mandate to Support Partial Approvals,

Reversal Requests, and Account Balance Responses (U.S. Region Only,
MasterCard mandates that acquirers providing authorization services for U.S.
region merchants in the MCCs listed must support account balance response
for transactions initiated at point-of-sale (POS) terminals for all prepaid Debit
MasterCard accounts they acquire. This requirement applies only to card
present transactions occurring at attended terminals.

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-6 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Acquirer Responsibilities

Effective in 2020 with Release 20.Q2, the acquirer of a merchant included

in any of the MCCs listed in Table 2: Effective Dates for Acquirer Mandate
to Support Partial Approvals and Account Balance Responses Globally, (for
card present transactions conducted at attended terminals only) must support
account balance responses for all prepaid card account ranges (MasterCard,
Debit MasterCard, and Maestro). Acquirers in the United Kingdom must support
this mandate by 2014 (Release 14.Q2). MasterCard reserves the right to expand
the number of markets that may be required to support prior to 2020.

Support Multiple Authorization Processing for Travel &

Entertainment Merchants
Effective 18 October 2013, acquirers processing T&E incremental authorization
transactions on the Dual Message System are required to use DE 48 (Additional
Data—Private Use), subelement 63 (Trace ID) in Authorization Request/0100
and Authorization Advice/0120—Acquirer-generated messages.

This initiative applies to the following merchant categories:

• MCCs 3351 through 3441 (Car Rental Agencies)

• MCCs 3501 through 3999 (Lodging—Hotels, Motels, Resorts)
• MCC 4411 (Cruise Lines)
• MCC 7011 (Lodging—Hotels, Motels, Resorts—not elsewhere classified)
• MCC 7512 (Automobile Rental Agency—not elsewhere classified)

For more information about incremental authorization transactions, see “Travel

& Entertainment—Incremental Authorizations.”

Support Point-of-Sale Balance Inquiries

U.S. region acquirers must support point-of-sale (POS) balance inquiry
transactions for all prepaid Debit MasterCard and prepaid Maestro card accounts.

Send Authorization Completion Advices

Acquirers must be able to send authorization completion advices.

Acquirers of automated fuel dispenser (AFD) merchants located in the U.S. and
Canada regions must send an Authorization Advice/0120 message containing
DE 60 (Advice Reason Code), subfield 1 (Advice Reason Code), value 191
(Acquirer Processing System [APS] Completed Authorization Transaction) to
the issuer providing the actual transaction amount for each approved AFD
transaction no more than 60 minutes after the issuer approved its original
Authorization Request/0100 message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-7
Acquirer and Issuer Responsibilities
Acquirer Responsibilities

Acquirers in the Europe region are required to send Authorization

Advice/0120—Acquirer-generated messages containing DE 60 (Advice Reason
Code), subfield 1 (Advice Reason Code), value 191 (Acquirer Processing System
[APS] Completed Authorization Transaction) no more than 20 minutes after the
completion of Maestro CAT Level 1 petrol transactions.

For incomplete AFD transactions, acquirers in the Europe region have the
option to send a zero value in DE 4 (Amount, Transaction), along with value
191 (Acquirer Processing System (APS) Completed Authorization Transaction) in
DE 60 (Advice Reason Code) in Authorization Advice/0120—Acquirer-generated
messages, which serves as a notification to the issuer to remove any
unnecessary holds to the cardholder’s open-to-buy balance. Acquirers outside
the Europe region should submit a Reversal Request/0400 message to reverse
an incomplete AFD transaction.

Table 1: Acquirer Mandate to Support Partial Approvals, Reversal

Requests, and Account Balance Responses (U.S. Region Only)
The MCCs listed in the following table should now support the acquirer
mandate requirements for partial approvals, full and partial reversals, and
account balance responses in the U.S. region.

MCC Description

4111 Transportation—Suburban and Local Commuter Passenger, including

Ferries

4812 Telecommunication Equipment including Telephone Sales

4814 Telecommunication Services

4816 Computer Network/Information Services

4899 Cable, Satellite, and Other Pay Television and Radio Services
5111 Stationery, Office Supplies
5200 Home Supply Warehouse Stores
5300 Wholesale Clubs
5310 Discount Stores
5311 Department Stores
5331 Variety Stores
5399 Miscellaneous General Merchandise Stores

5411 Grocery Stores, Supermarkets

5499 Miscellaneous Food Stores—Convenience Stores, Markets, Specialty Stores

and Vending Machines

5541 Service Stations (with or without Ancillary Services)

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-8 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Acquirer Responsibilities

MCC Description

5542 Fuel Dispenser, Automated

5732 Electronic Sales

5734 Computer Software Stores

5735 Record Shops
5812 Eating Places, Restaurants

5814 Fast Food Restaurants

5912 Drug Stores, Pharmacies
5921 Package Stores, Beer, Wine, and Liquor

5941 Sporting Goods Stores

5942 Book Stores

5943 Office, School Supply and Stationery Stores

5999 Miscellaneous and Specialty Retail Stores
7829 Motion Picture-Video Tape Production-Distribution
7832 Motion Picture Theaters

7841 Video Entertainment Rental Stores

7996 Amusement Parks, Carnivals, Circuses, Fortune Tellers

7997 Clubs—Country Membership
8011 Doctors—not elsewhere classified
8021 Dentists, Orthodontists

8041 Chiropractors

8042 Optometrists, Ophthalmologists

8043 Opticians, Optical Goods, and Eyeglasses

8062 Hospitals
8099 Health Practitioners, Medical Services—not elsewhere classified
7999 Recreation services—not elsewhere classified
8999 Professional Services—not elsewhere classified
9399 Government Services—not elsewhere classified

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-9
Acquirer and Issuer Responsibilities
Acquirer Responsibilities

Acquirers of merchants in the MCCs listed in this table should now support
these requirements across their terminal base. For merchants with newly
deployed stand-alone terminals, this software should be the standard. Upgrades
to existing stand-alone terminals are required to support at this time. For
the purposes of this section, stand-alone terminals are terminals that are not
integrated into a merchant’s POS system, such that the transaction amount must
be manually entered into the terminal.

Table 2: Effective Dates for Acquirer Mandate to Support Partial

Approvals and Account Balance Responses Globally
The following table shows effective dates by MCC for the acquirer mandate
to support partial approvals and account balance responses in all regions
outside the U.S. Acquirers in the United Kingdom must support this mandate by
2014 (Release 14.Q2). MasterCard reserves the right to expand the number of
markets that may be required to support prior to 2020.

Effective Date MCC Description

2020 (Release 5310 Discount Stores

20.Q2)1
5311 Department Stores

5411 Grocery Stores, Supermarkets

5541 Service Stations (with or without Ancillary Services)

5542 Automated Fuel Dispenser (partial approval support

only)

5621 Women’s Ready to Wear Stores

5691 Men’s and Women’s Clothing Stores

5732 Electronic Sales

5812 Eating Places, Restaurants

5814 Fast Food Restaurants

5912 Drug Stores, Pharmacies
5999 Miscellaneous and Specialty Retail Stores

Assisting in Investigation of Counterfeits and Criminal Cases

See the Security Rules and Procedures manual for information about a
customer’s responsibility to provide assistance as necessary to MasterCard and
other customers that are performing investigations.

1. Acquirers in the United Kingdom must support this mandate by 2014 (Release 14.Q2).

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-10 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Issuer Responsibilities

Billing
All authorization processing activities are billed through the MasterCard
Consolidated Billing System (MCBS). Charges and credits to the acquirer are
listed as “billing events,” and include the following categories of authorization
activity.

• Use of the network (acquirer access fees).

• Use of value-added services.
• Call referrals (calls to the issuer):

– The acquirer receives a credit for responding to call referrals within

established time frames. This applies only if the acquirer uses the
Global Automated Referral Service (GARS).
– The acquirer may request a credit for call referral responses that did not
use GARS. The credit covers the costs of contacting the issuer. The
acquirer requests the credit via a Fee Collection/1740 message.

For a description of these value-added services and information about GARS, see
“Authorization Services Details.” For a complete description of billing events for
authorization services, see the MasterCard Consolidated Billing System manual.

Issuer Responsibilities
Issuers have responsibilities regarding aspects of participation in the MasterCard
Authorization Platform.

Issuers are responsible for:

• Encoding and validating the card validation code 1 (CVC 1) value

• Encoding and validating the Chip CVC
• Imprinting and validating the card validation code 2 (CVC 2) value
• Personalizing and validating the card validation code 3 (CVC 3) value
• Generating and validating Accountholder Authentication Value (AAV)
• Issuing and validating personal identification number (PIN) data
• Validating the authorization request cryptogram (ARQC) and generating the
authorization response cryptogram (ARPC)
• Processing authorization requests
• Supporting point-of-sale balance inquiries (U.S. region prepaid card issuers
only)
• Call referral responses
• File maintenance
• Billing

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-11
Acquirer and Issuer Responsibilities
Issuer Responsibilities

Encoding and Validating the CVC 1 Value

Issuers must encode the magnetic stripe on all cards with the CVC 1 value.

Online issuers also must validate the CVC 1 value when they receive the
Authorization Request/0100 message if the Authorization Request/0100 message
contains value 80 or 90 in subfield 1 of the Point-of-Service (POS) Entry Mode
field.

Issuers must indicate a CVC 1 validation failure by placing a value of Y in

subelement 87 of the Additional Data field in the Authorization Request
Response/0110 message.

For information about the placement of the CVC 1 value within the magnetic
stripe, see “Authorization Services Details.”

Encoding and Validating the Chip CVC

Full chip issuers must ensure that the CVC stored on the chip (the Chip CVC) in
the Track 2 Equivalent Data (tag 57) has a different value than stored on the
card’s magnetic stripe (the CVC 1).

For chip transactions (DE 22 [Point-of-Service (POS) Entry Mode], subfield 1

[POS Terminal PAN Entry Mode] = value 05 [PAN auto-entry via chip]), full chip
issuers validate the chip cryptogram included in DE 55 (Integrated Circuit Card
(ICC) System-related Data), instead of the CVC included in DE 35 (Track 2
Data). If that chip transaction does not include DE 55 ICC system-related data,
issuers validate the CVC included in DE 35.

Magnetic stripe grade issuers and issuers using the Chip to Magnetic Stripe
Conversion service that want to leave their host systems completely unchanged
may use the same CVC in the chip and on the magnetic stripe.

Magnetic stripe grade issuers and issuers that want to leave their host systems
completely unchanged may use the same CVC in the chip and on the magnetic
stripe.

For more information on the Chip CVC and related requirements, see the
M/Chip Requirements document and the Security Rules and Procedures manual.

Imprinting and Validating the CVC 2 Value

Issuers must imprint the CVC 2 value on the signature panel of the card.

For information about the verification process performed by the issuer, see
“Authorization Services Details.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-12 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Issuer Responsibilities

Personalizing and Validating the CVC 3 Value

All PayPass cards and devices must be personalized to support the generation
of a dynamic CVC 3 value when performing a PayPass magnetic stripe profile
transaction. For PayPass transactions containing a CVC 3 value, issuers must
verify the CVC 3 value when processing the authorization received from a
PayPass transaction or use one of the MasterCard PayPass CVC 3 Pre-validation
services.

Issuers must verify the CVC 3 value when processing the authorization received
from a PayPass Transaction

If there is an issue with the CVC 3, issuers may optionally provide DE 48

(Additional Data—Private Use), subelement 87 (Card Validation Code Result)
containing value E (Length of unpredictable number was not a valid length),
value P (Unable to process), or value Y (Invalid) in their Authorization Request
Response/0110 messages.

Generating and Validating Accountholder Authentication Value

Issuers are required to establish a secure operational facility for performing
cardholder authentication processing and Accountholder Authentication Value
(AAV) generation for e-commerce transactions under requirements of the
MasterCard® SecureCode™ program.

All facilities must adhere to MasterCard security requirements regarding

operations of cardholder authentication processing platforms. For more
information, see the SecureCode ACS Security Requirements and the SecureCode
Member Enrollment and Implementation Guide.

MasterCard recommends, but does not require, that issuers validate the
Secure Payment Application (SPA) AAV in real-time before generating the
authorization response. In support of this activity, MasterCard has made
available an “on-behalf-of” SPA AAV validation service. This service is invoked
as transactions flow through the authorization network and can be configured
to perform validation on all transactions or only during Stand-In processing.

At a minimum, issuers are required to maintain the SPA AAV and all information
required to perform the validation for the requisite transaction in the event of a
customer chargeback or other dispute involving the transaction. MasterCard
recommends a storage period of at least 180 days.

Issuing and Validating PIN Data

Issuers must be able to receive and process MasterCard authorizations that
contain a PIN.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-13
Acquirer and Issuer Responsibilities
Issuer Responsibilities

For more information about preparing issuers’ systems to receive and to

process PIN authorization requests, see “Authorization Services Details” and for
information about PIN translation processing capabilities for Europe region
customers, see “PIN Processing for Europe Region Customers.”

Validating the ARQC and Generating the ARPC

Issuers must validate the Authorization Request Cryptogram (ARQC) that the
EMV chip card generates to indicate that the transaction must go online to
the issuer for authorization.

Issuers also must generate the Authorization Response Cryptogram (ARPC),

which contains the decision to approve or decline the online authorization
request (used for non–face-to-face EMV chip card transactions completed from
cardholder-controlled remote devices).

For more information about M/Chip Processing services that can validate the
ARQC and generate the ARPC on behalf of an issuer, see “ Authorization
Services.”

Processing Authorization Requests

Issuers receive authorization requests from acquirers and provide authorization
responses directing acquirers about how to handle the transactions. Each issuer
is responsible for the provision of authorization service 24 hours a day, every
day of the year at its own expense.

In addition, each issuer participating in the MasterCard Authorization Platform

or any local or regional message switching service with other customers must
have adequate back-up procedures and personnel. The issuer must be able
to process incoming and outgoing interchange authorizations if the customer’s
connection with the MasterCard Authorization Platform or the local or regional
service becomes inoperable for any reason. Each issuer also is responsible for
the authorizations that it or its agent generates, including gratuities included
in the total transaction amount and any transaction resulting from a variance
granted by MasterCard pursuant to the MasterCard Rules.

To provide authorization responses, most issuers access the MasterCard

Authorization Platform online, through connectivity between the issuer host
and a MIP.

MasterCard also performs authorization processing on behalf of customers that

do not have online connectivity, through the Central Authorization Processing
Service (CAPS).

To process authorization requests, issuers must be able to perform the following.

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-14 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Issuer Responsibilities

• Establish Stand-In processing authorization parameters

• Maintain an authorization log
• Support AVS requests for U.S. issuers
• Support partial approvals
• Support reversal request messages
• Support account balance responses
• Support authorization advice completion messages
• Support multiple authorizations from T&E merchants
• Support identification of preauthorizations and final authorizations

Establish Stand-In Processing Authorization Parameters

All issuers must complete the Stand-In Processing Worksheet (Form 041) to
establish parameters for Stand-In authorization processing. Online issuers also
may establish parameters for Limit-1 processing on this worksheet.

For more information about Stand-In processing and completing the Stand-In
Processing Worksheet, see “Stand-In Processing” and “Setting Stand-In
Parameters.”
NOTE
Stand-In System processing is mandatory for MasterCard credit products in all
regions, except for customers in the Europe region with existing alternate
back-up authorization processing. Issuers may choose to block Stand-In System
processing for debit products in all regions, except in the U.S. region.

Maintain an Authorization Log

Issuers must maintain written records, logs, or computer records of all
authorizations granted showing the date of issue for at least 120 days.

Support AVS Requests for U.S. Issuers

MasterCard mandates that all issuers in the U.S. region must support Address
Verification Service (AVS) processing. Issuers must test their ability to accept
and to transmit AVS messages. For online processing formats for AVS, see the
Customer Interface Specification manual.

Support Partial Approvals

MasterCard mandates that all issuers in the U.S. region must support partial
approvals for all Debit MasterCard account ranges they issue, including all
prepaid Debit MasterCard accounts. Issuers can test their abilities to transmit
partial approval messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-15
Acquirer and Issuer Responsibilities
Issuer Responsibilities

Effective in 2020 with Release 20.Q2, issuers globally must support partial
approvals for Debit MasterCard, Maestro, and prepaid MasterCard card account
ranges. Issuers in the United Kingdom are required to support partial approvals
by 2014 (Release 14.Q2) for all Debit MasterCard, Maestro and Prepaid
MasterCard card account ranges. MasterCard reserves the right to expand the
number of markets that may be required to support prior to 2020.

For more information about partial approvals, see “Authorization Services

Details.”

Support Reversal Request Messages

MasterCard mandates that all issuers in the U.S. region must support both full
and partial reversals for all MasterCard® and Debit MasterCard account ranges
they issue, including all prepaid Debit MasterCard accounts (with certain MCCs
initially exempted). Issuers can test their abilities to process reversal request
messages.

Effective 15 April 2011, for all MasterCard and Debit MasterCard account ranges
including prepaid, a U.S. region issuer receiving a Reversal Request/0400
message or Reversal Advice/0420 message must release any hold placed on the
cardholder’s account for the amount specified within 60 minutes of matching
the reversal message to a previous authorization request message.

For more information about the authorization reversal mandate in the U.S.
region, see “Authorization Reversal Mandate in the U.S. Region.” For more
information about reversal request messages, see “Online Authorization
Messages.”

Support Account Balance Responses

MasterCard mandates that all issuers in the U.S. region must support account
balance response for transactions initiated at point-of-sale (POS) terminals for
all Debit MasterCard prepaid account ranges they issue (excluding when the
prepaid product is flex benefits, government, and payroll).

Issuers can test their abilities to transmit available balances in the appropriate
fields of response messages.

Effective in 2020 with Release 20.Q2, issuers must support account balance
response for prepaid card account ranges (MasterCard, Debit MasterCard,
and Maestro). Issuers in the United Kingdom must support account balance
response for prepaid card account ranges (MasterCard, Debit MasterCard, and
Maestro) by 2014 (Release 14.Q2). MasterCard reserves the right to expand the
number of markets that may be required to support prior to 2020.

For information about account balance responses, see “Authorization Services

Details.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-16 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Issuer Responsibilities

Support Authorization Advice Completion Messages

MasterCard and Debit MasterCard issuers in the U.S. and Canada regions must
release any excess hold amount placed on the cardholder’s open-to-buy (OTB),
if any, no more than 60 minutes after receiving the Authorization Advice/0120
completion message for an automated fuel dispenser transaction.

Issuers globally must receive a zero value in DE 4 (Amount, Transaction) in the

Authorization Advice/0120 messages for incomplete AFD transactions acquired
in the Europe region. MasterCard recommends that issuers identify zero
amount AFD transactions from merchants in the Europe region using DE 61
(Point-of-Service [POS] Data), subfield 13 (POS Country Code), when populated
by the acquirer. Issuers will receive a Reversal Request/0400 message to reverse
an incomplete AFD transaction from acquirers outside the Europe region.

Support Multiple Authorizations from Travel & Entertainment

Merchants
Effective 18 October 2013, issuers processing T&E transactions through the
Dual Message System must support DE 48 (Additional Data—Private Use),
subelement 63 (Trace ID) in the following message types.

• Authorization Request/0100
• Authorization Advice/0120—Acquirer-generated
• Authorization Advice/0120—System-generated

This initiative applies to the following MCCs:

• MCCs 3351 through 3441 (Car Rental Agencies)

• MCCs 3501 through 3999 (Lodging—Hotels, Motels, Resorts)
• MCC 4411 (Cruise Lines)
• MCC 7011 (Lodging—Hotels, Motels, Resorts—not elsewhere classified)
• MCC 7512 (Automobile Rental Agency—not elsewhere classified)

Issuers will match all authorizations resulting from one T&E event to a single
clearing record:

• Upon receipt of the transaction clearing record, the issuer must use the
unique identifier provided by the acquirer in the clearing record to match
the original authorization and any additional approved authorizations to
the transaction.
• Upon matching all authorizations to the clearing record, the issuer must
release any hold placed on the cardholder’s account in connection with the
original authorization and any additional approved authorizations that is in
excess of the transaction amount.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-17
Acquirer and Issuer Responsibilities
Issuer Responsibilities

Issuers are not expected to support and recognize DE 48, subelement 63 or

recognize incremental authorizations for transactions that are not for T&E
merchants. If an issuer receives DE 48, subelement 63 for MCCs other than
T&E, they can choose to ignore the data.

For more information about incremental authorization transactions, see “Travel

& Entertainment—Incremental Authorizations.”

Support Account Status Inquiry Service Responses

Issuers must respond to Account Status Inquiry Service requests with an
applicable response in DE 39 (Response Code) of the Authorization Request
Response/0110 message.

Issuers must be able to receive and to process the CVC 2 value when present
in DE 48, subelement 92 of the Authorization Request/0100 message, and to
provide a valid CVC 2 response in DE 48, subelement 87 of the Authorization
Request Response/0110 message as specified in “Card Validation Code 2
Verification.” If presented, issuers in the U.S. region must validate the cardholder
address. Issuers should not place cardholder funds on hold when receiving
a request under this service.

For information about Account Status Inquiry Service responses, see “Account
Status Inquiry Service.”

Support Identification of Final Authorizations

Issuers globally must be able to clearly distinguish a final authorization for
authorizations originated by Europe region card acceptors/acquirers and
optionally by non-Europe region card acceptors/acquirers.

Issuers must recognize values 0 (Normal Authorization/Undefined Finality) and

1 (Final Authorization) in DE 48 (Additional Data—Private Use), subelement 61
(POS Data Extended Condition Codes), subfield 5 (Final Authorization Indicator)
to distinguish a final authorization from a normal authorization/undefined
finality in Authorization Request/0100 and Authorization Advice/0120 messages.

Issuers in the Europe region must release any hold that they may have placed
on the cardholder’s account after expiry of the payment guarantee period for
the particular authorization, at the latest. The payment guarantee period is 30
days for MasterCard preauthorizations and 7 days for all other authorizations
and pre-authorizations. Transactions submitted for clearing after the payment
guarantee period has expired may be charged back by a global issuer under
reason code 4808 (Request/Required Authorization Not Obtained) if the card
account is permanently closed.

Issuers in the Europe region must also ensure they no longer block the
cardholders account for any amount in excess of the approval amount.

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-18 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Issuer Responsibilities

Supporting Point-of-Sale Balance Inquiries

U.S. region issuers must support point-of-sale (POS) balance inquiries for
prepaid Debit MasterCard and prepaid Maestro card accounts.

Call Referral Responses

Issuers have the following responsibilities regarding call referral responses.

• Be available to respond to all call referrals at the time of issuance.

• Process an Authorization Advice/0120 message that informs the issuer that
Stand-In Processing responded to the Authorization Request/0100 message
that prompted a call referral response.
• Not issue call referrals to merchant categories that represent unattended
point-of-interaction (POI) transactions including:

– Automated teller machines (MCC 6011)

– Cardholder-activated terminals (CAT) (including MCC 5542)
• Not issue call referrals under any circumstances to the following merchant
categories:

– Fast food (quick service) restaurants (MCC 5814)

– Mail order and direct marketing (MCCs 5960–5969)
• Apply all call referral standards to Member Service Providers (MSPs). The
MasterCard Rules describes MSPs.
• Not use call referrals as a primary method for activating new or reissued
cards to minimize the impact on cardholders and merchants at the point of
interaction.
• Adhere to the following minimum standards for all call referrals,
domestic and international, whether processed through GARS or direct
customer-to-customer communications. The standards apply to the amount
of time the issuer has to respond to incoming referral calls from acquirers
and to the average monthly duration of each referral call:
On an incoming phone call (voice or GARS) from an acquirer, the issuer
must answer the call within 30 seconds. Then the issuer must retrieve the
call from its queue and initiate discussion with the acquirer within the next
30 seconds. The issuer also must limit the duration of each call to five
minutes, measured as a monthly average

Issuers that use card activation programs are encouraged to:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-19
Acquirer and Issuer Responsibilities
Issuer Responsibilities

• Place stickers on the front of new cards and send them with mailing inserts
instructing cardholders to activate their accounts.
• Call cardholders who have not activated their accounts one week after
cards are mailed.
• Respond to an authorization request on an inactivated card with a call
referral.

All phone calls processed through GARS that are not answered by the issuer
within the required time frames are routed to the MasterCard Stand-In System
for processing. MasterCard uses the issuer-defined Stand-In parameters to
complete the transaction.

Charges to the issuer apply for the following:

• Completed GARS calls initiated by the acquirer

• Noncompliance assessment for Stand-In processing if the issuer fails to
answer a GARS call within 30 seconds
• Reimbursement to the acquirer for call referral responses that did not use
GARS (requested in the Fee Collection/1740 message)

Contact the Customer Operations Services team for any of the following:

• Questions or problems concerning GARS

• Billing inquiries
• Requests for a Stand-In Processing Worksheet to update Stand-In processing
parameters or phone numbers
NOTE
MasterCard discontinued support of telex call referrals. Customers that
previously used telex services must register to use Global Automated Referral
Service (GARS). For more information about GARS, see “Global Automated
Referral Services.”

File Maintenance
Issuers maintain the account listings of restricted, negative, and positive cards
used by Stand-In processing for online and CAPS customers.

Issuers can list accounts in the following files:

• Premium Listings
• Stand-In Account File, Electronic Warning Bulletin, or Local Stoplist

Issuers also maintain account listings if they participate in Recurring Payment

Cancellation, PayPass Mapping Service, Dynamic CVC 3 Validation Services
for the PayPass Application Transaction Counter (ATC), Enhanced Value, or
Product Graduation services.

©1983–2013 MasterCard. Proprietary. All rights reserved.

4-20 27 November 2013 • Authorization Manual
 Acquirer and Issuer Responsibilities
Issuer Responsibilities

For more information about these files, including how to access the files, record
formats, and detailed instructions for performing file maintenance, see the
Account Management System User Manual.

Billing
All authorization processing activities are billed through the MasterCard
Consolidated Billing System (MCBS).

Charges to the issuer include the following categories of authorization activity:

• Use of the MasterCard Network (issuer access fees)

• Use of value-added services
• Call referrals (charge to the issuer for issuing call referral responses and for
receiving response calls from acquirers)

For a complete description of billing events for authorization services, see the
MasterCard Consolidated Billing System manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 4-21
Chapter 5 Online Authorization Messages
This section outlines the authorization messages that online issuers and acquirers use to
process authorizations. CAPS customers do not use these messages, and should see Stand-In
Processing and Setting Stand-In Parameters for information about authorization processing
by the Stand-In System.

Message Types............................................................................................................................... 5-1

Authorization Data Accuracy Initiative Mandate ............................................................................ 5-2
Using Authorization Messages ....................................................................................................... 5-3
Routing Timer Values............................................................................................................... 5-4
Processing Authorization Transactions........................................................................................... 5-5
Authorization Request/0100 and Authorization Request Response/0110 Messages ................. 5-5
Authorization Advice/0120 and Authorization Advice Response/0130 Messages .................... 5-5
Authorization Advice/0120—Acquirer-generated............................................................... 5-6
Authorization Advice/0120—Acquirer-generated (Issuer Available) .................................. 5-6
Authorization Advice/0120—Acquirer-generated (No Response from Issuer) ................... 5-7
Authorization Advice/0120—Acquirer-generated (Automated Fuel Dispenser
Completion)....................................................................................................................... 5-8
Authorization Advice/0120—Acquirer-generated when Authorization Request
Response/0110 Responded to by Stand-In System ............................................................ 5-9
Authorization Advice/0120—Issuer-generated ................................................................. 5-10
Authorization Advice/0120—System-generated ............................................................... 5-11
Acquirer Response Acknowledgement/0180 Messages.......................................................... 5-12
Authorization Response Negative Acknowledgement/0190 Messages ................................... 5-13
Processing Issuer File Update Messages ...................................................................................... 5-14
Processing Reversal Request/Advice Messages ............................................................................ 5-14
Reversal Request/0400 and Reversal Request Response/0410 Messages ............................... 5-15
Reversal Advice/0420 and Reversal Advice Response/0430 Messages................................... 5-16
Authorization Reversal Mandate in the U.S. Region............................................................... 5-17
Authorization Reversal Mandate in the Europe Region ......................................................... 5-18
Processing Administrative Request/Advice Messages................................................................... 5-18
Administrative Request/0600 and Administrative Request Response/0610 Messages............. 5-18
Administrative Request/0600 Message ............................................................................. 5-19
Administrative Request Response/0610 Message ............................................................. 5-20
Administrative Advice/0620 and Administrative Advice Response/0630 Messages ................ 5-21
Using Network Management Request Messages .......................................................................... 5-23
Standard Network Management/08xx Messages .................................................................... 5-23

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-i
Online Authorization Messages

Authorization Sign In/Sign Out ............................................................................................. 5-24

Session Management.............................................................................................................. 5-25
Session Activation/Deactivation ....................................................................................... 5-25
Session-based Network Routing ...................................................................................... 5-25
Session Activation and Transaction Routing .................................................................... 5-26
Network Connection Status ............................................................................................. 5-27
Best Practices ................................................................................................................... 5-27
Store-and-Forward (SAF) Message Retrieval (Issuers)............................................................ 5-28
RiskFinder Sign In/Sign Out by Prefix and RiskFinder SAF Retrieval (Issuers)...................... 5-28
Dynamic PIN Encryption Key (PEK) Exchange ..................................................................... 5-29

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-ii 27 November 2013 • Authorization Manual
 Online Authorization Messages
Message Types

Message Types
The following table lists the message types supported by the Authorization
Platform. Check marks (Ö) indicate who initiates the message.

Online issuers and acquirers should use this information in conjunction with
the Customer Interface Specification manual. For debit transactions (02xx
messages), see the Single Message System Specifications manual.

Message Category Message Initiator

MasterCard Issuer Acquirer

Authorization/01xx Messages

0100 Authorization Request Ö

0110 Authorization Request Ö Ö
Response
0120 Authorization Advice Ö Ö Ö
0130 Authorization Advice Ö Ö
Response
0180 Authorization Acknowledge- Ö (optional
ment for acquirers)
0190 Authorization Response Ö
Negative Acknowledgement
Issuer File Update/03xx Messages

0302 Issuer File Update Request Ö

0312 Issuer File Update Request Ö
Response
Reversal/04xx Messages

0400 Reversal Request Ö

0410 Reversal Request Response Ö Ö

0420 Reversal Advice Ö

0430 Reversal Advice Response Ö

Administrative/06xx Messages

0600 Administrative Request Ö

0610 Administrative Request Ö

Response

0620 Administrative Advice Ö Ö Ö

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-1
Online Authorization Messages
Authorization Data Accuracy Initiative Mandate

Message Category Message Initiator

0630 Administrative Advice Ö Ö Ö

Response
Network Management/08xx Messages

0800 Network Management Ö Ö Ö

Request
0810 Network Management Ö Ö Ö
Request Response
0820 Network Management Advice Ö

Authorization Data Accuracy Initiative Mandate

Accurate information in the authorization message is critical in evaluating the
risk of fraud associated with a transaction. Investigation of the present quality
of the data and customer feedback has indicated that improving the quality of
data in specific authorization and clearing messages will help improve fraud
prediction, prevention, detection, and research.

All acquirers processing transactions must provide accurate information in DE 7

(Transmission Date and Time), DE 41 (Card Acceptor Terminal ID), and DE 61
(Point-of-Sale [POS] Data), subfield 14 (POS Postal Code).

Monitoring Approach

The MasterCard Data Integrity Monitoring Program will be used to monitor

compliance to the Standards. Compliance level requirements within the Data
Integrity program range from 0 to 98 percent depending on the acquirer
volumes.

Compliance mandates for the Authorization Platform are as follows:

• 14 October 2011—Monitoring and customer reporting of DE 7, DE 41, and

DE 61, subfield 14 begins
• 12 October 2012—MasterCard will begin enforcement of DE 7 and DE 61,
subfield 14
• 19 April 2013—MasterCard will begin enforcement of DE 41

The monitoring period is longer than past edits introduced in the Data Integrity
Program to provide customers with the needed time to modify their systems
and procedures.

DE 7—Transmission Date and Time

DE 7 is the date and time that a message is entered into the MasterCard Network.
Date and time must be expressed in Coordinated Universal Time (UTC). Each
message initiator must assign a value in DE 7 to the originating request message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-2 27 November 2013 • Authorization Manual
 Online Authorization Messages
Using Authorization Messages

Effective 12 October 2012, the transmission date and time provided in DE

7 must be within three minutes of the Coordinated Universal Time (UTC)
recorded by the MasterCard Network.

DE 41—Card Acceptor Terminal ID

Effective for transactions occurring on or after 19 April 2013, MasterCard will be

enforcing the requirement to provide Card Acceptor Terminal ID information
with all card-read transactions at card acceptor locations with multiple POS
devices. This requirement is currently defined in the “Application Notes” for DE
41, as stated in the Customer Interface Specification manual.

DE 61—Point-of-Service [POS] Data, Subfield 14 (POS Postal Code)

To validate the postal code in the authorization message, MasterCard will

compare it to the postal code in the related clearing record. The content, format,
and presentation of the postal code must match between DE 61, subfield 14 in
the authorization message and DE 43 (Card Acceptor Name/Location), subfield
4 (Card Acceptor postal [ZIP] Code) in the clearing message.

MasterCard will begin enforcing compliance with this requirement beginning 12

October 2012. Exemptions from this validation are transactions at merchants
in countries or provinces that do not have postal codes, and card-not-present
transactions.

For More Information

• For more information about the Standards used for compliance, see the
Data Integrity Monitoring Program manual.
• For details about data requirements, see the Customer Interface Specification
manual.

Using Authorization Messages

The messages shown in the previous table are used to perform standard
authorization functions and are described in the following topics. For
information about exception processing, see the Customer Interface
Specification manual.

Authorization messages are not intended for posting to the cardholder’s account
for billing purposes. Customers should delay posting to the cardholder’s
account until clearing and settlement are complete. For detailed information
about clearing and settlement, see the GCMS Reference Manual and the
Settlement Manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-3
Online Authorization Messages
Using Authorization Messages

Routing Timer Values

The following table shows routing timer values that apply to acquirer-generated
Authorization Request/0100, Authorization Advice/0120, and Reversal
Request/0400 messages. All Network Management/08xx, Issuer File
Update/03xx, Administrative/06xx, and system-generated Authorization Advice
messages remain unchanged and retain their current timer attributes.

Alternate
Issuer Authorization Acquirer Minimum
Product and Response Time Service Provider Wait Time (in
Transaction Type (in seconds) (if applicable) seconds)

MasterCard 9* 3 12*
Credit—POS
MasterCard—POS 18 6 24
PIN for Credit**

MasterCard—ATM 12 6 18

Debit Same as MasterCard Credit—POS

MasterCard—POS

Maestro—All 18*** 6 24

Cirrus—ATM 18 6 24

Private Label—POS 12 6 18

AMEX—POS 12 6 18

Visa—POS 12 6 18

* For MasterCard and Debit MasterCard POS transactions acquired in the

countries of Brazil, Canada, the United Kingdom, and the United States,
MasterCard has reduced the timers by 2 additional seconds. In these countries,
the maximum time MasterCard will wait before invoking alternate authorization
provider processing is reduced to 7 seconds and the minimum time that an
acquirer must wait is reduced to 10 seconds.

** A transaction is considered to be PIN for Credit if it is Dual Message System

acquired, but the issuer keys are managed by the Single Message System. If the
issuer is Dual Message System managed, the transaction is not flagged as being
PIN for Credit and defaults to the standard POS timer of 9 seconds.

*** For Maestro POS transactions acquired in the Netherlands, MasterCard has
reduced the timer to 7 seconds, which is the maximum time MasterCard will
wait before invoking alternate authorization provider processing. If no response
is received within 10 seconds, MasterCard will send a time-out response to
the acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-4 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Authorization Transactions

MasterCard reserves the right to adjust local market timer values based on
specific market conditions and as additional exception countries are added,
they will be announced in the Global Operations Bulletins.

Processing Authorization Transactions

Issuers receive authorization-related messages from acquirers for transactions
for their cardholders. They must respond to these messages with response
messages. Issuers that use on-behalf services also receive messages from
MasterCard.

Authorization Request/0100 and Authorization Request

Response/0110 Messages
When issuers receive Authorization Request/0100 messages, they must decide
whether to approve or decline a transaction. Issuers may use a variety of
checks using the data contained in the request and the spending limits in the
cardholder’s activity file. After issuers perform the validation checks appropriate
for the transaction, they send back an Authorization Request Response/0110
message.

Authorization Request/0100 and Authorization Request Response/0110

Flow

The following diagram illustrates the standard authorization transaction process.

1. The acquirer initiates an Authorization Request/0100 message and sends it

to the Authorization Platform.
2. The Authorization Platform forwards the Authorization Request/0100
message to the issuer.
3. The issuer generates an appropriate Authorization Request Response/0110
message and sends it to the Authorization Platform.
4. The Authorization Platform forwards the Authorization Request
Response/0110 message to the acquirer.

Authorization Advice/0120 and Authorization Advice

Response/0130 Messages
The following diagrams illustrate the Authorization Advice/0120 and
Authorization Advice Response/0130 message process.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-5
Online Authorization Messages
Processing Authorization Transactions

Authorization Advice/0120—Acquirer-generated
Acquirers can send the Authorization Advice/0120 message when the following
situations occur.

• The acquirer approves the Authorization Request/0100 message using

acquirer host X-Code rules when the Authorization Request/0100 message
cannot be sent to the Authorization Platform or when the Authorization
Request Response/0110 message is not received from the Authorization
Platform.
• The dual message acquirer completes a pre-authorized automated fuel
dispenser (AFD) transaction.
• Europe region acquirers complete a pre-authorized petrol transaction
(Maestro transactions only). For information about Maestro pre-authorized
petrol transaction processing for Europe region customers, see the Customer
Interface Specification manual.

Authorization Advice/0120—Acquirer-generated (Issuer Available)

The following flow illustrates an Authorization Advice/0120 message when
the issuer is available to receive the Authorization Advice/0120 message and
respond with an Authorization Advice Response/0130—Issuer-generated
message.

Authorization Advice/0120—Acquirer-generated and Authorization

Advice Response/0130—Issuer-generated (Issuer Available) Flow

1. The acquirer initiates an Authorization Advice/0120—Acquirer-generated

message containing DE 60, subfield 1, value 190 (Acquirer Processing System
[APS] Approved) or 191 (Acquirer Processing System [APS] Completion
Authorization Transaction), and then passes the 0120 message to the
Authorization Platform. The Authorization Platform inserts DE 48 (Additional
Data—Private Use), subelement 15 (Authorization System Advice Date and
Time), and then sends the Authorization Advice/0120—Acquirer-generated
messages to the issuer.
2. The issuer returns an Authorization Advice Response/0130—Issuer-generated
message to the acquirer to indicate positive receipt of the Authorization
Advice/0120—Acquirer-generated message. The issuer’s advice response
message will contain DE 48, subelement 15.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-6 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Authorization Transactions

Authorization Advice/0120—Acquirer-generated (No Response

from Issuer)
The following flow illustrates an Authorization Advice/0120—Acquirer-generated
message when no response is received from the issuer.

Authorization Advice/0120—Acquirer-generated and Authorization

Advice Response/0130—System-generated (Issuer Unavailable)

1. The acquirer initiates an Authorization Advice/0120—Acquirer-generated

message containing DE 60, subfield 1, value 190 (Acquirer Processing System
[APS] Approved) or 191 (Acquirer Processing System [APS] Completion
Authorization Transaction), and then forwards the 0120 message to the
Authorization Platform. The Authorization Platform inserts DE 48 (Additional
Data—Private Use), subelement 15 (Authorization System Advice Date
and Time) and sends the Authorization Advice/0120—Acquirer-generated
messages to the issuer.
2. The Authorization Platform determines that the Authorization
Advice/0120—Acquirer-generated message cannot be delivered to the
issuer or the issuer did not respond. The Authorization Platform routes the
Authorization Advice/0120—Acquirer-generated message to the Stand-In
System.
3. The Stand-In System places the Authorization Advice/0120—Acquirer-
generated message into the store-and-forward (SAF) queue for guaranteed
delivery to the issuer. The Stand-In System responds to the acquirer
with an Authorization Advice Response/0130—System-generated message
containing DE 48, subelement 15 (Authorization System Advice Date and
Time).
NOTE
Customers in the Europe region that route to an alternate issuer host for
alternate processing, instead of Stand-In processing, will continue to receive
advices. Alternate issuer host processing does not send Authorization
Advice/0120 or Reversal Request/0400 messages to the alternate host.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-7
Online Authorization Messages
Processing Authorization Transactions

Authorization Advice/0120—Acquirer-generated (Automated Fuel

Dispenser Completion)
Acquirers of Automated Fuel Dispenser (AFD) merchants located in the U.S. and
Canada regions must send an Authorization Advice/0120 message to the issuer
providing the actual transaction amount for each approved AFD transaction
no more than 60 minutes after the original Authorization Request/0100
message was submitted. Acquirers in the Europe region are required to
send Authorization Advice/0120—Acquirer-generated messages to the issuer
in no more than 20 minutes after the completion of Maestro CAT Level 1
petrol transactions. Global acquirers may optionally support this message for
MasterCard and Debit MasterCard AFD transactions.

Customers should be aware of the critical requirements for proper processing

of card acceptor business code (MCC) 5542 (Fuel Dispenser, Automated)
transactions.

Critical AFD Advice Message Data

The following information provides a summary of the critical acquirer

requirements for processing AFD transactions:

• Authorization Advice/0120 (Automated Fuel Dispenser Completion)

messages must contain DE 60 (Advice Reason Code), subfield 1 (Advice
Reason Code), value 191 (completed authorization) for AFD transactions
with an original Authorization Request/0100 message.
• The following Authorization Advice/0120 message data elements must
match the value submitted within the original Authorization Request/0100
message for issuer transaction matching purposes:

– DE 2 (Primary Account Number)

– DE 7 (Transmission Date and Time)
– DE 11 (System Trace Audit Number [STAN])
– DE 32 (Acquiring Institution ID Code)
– DE 33 (Forwarding Institution ID Code), if present in the Authorization
Request/0100 message
– DE 38 (Authorization ID Response) and DE 39 (Response Code) with
the same value as received in the original Authorization Request
Response/0110 message
– DE 48 (Additional Data), subelement 98 (MasterCard Corporate Fleet
Card® ID/Driver Number) and/or subelement 99 (MasterCard Corporate
Fleet Card® Vehicle Number), with the same values as submitted in the
original Authorization Request/0100 message, if present
– DE 121 (Authorizing Agent ID Code), with same value as was received
in the original Authorization Request Response/0110 message, if present

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-8 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Authorization Transactions

Track Data in AFD Advice Message—Acquirers

The Authorization Advice/0120 message layout shows DE 35 (Track 2 Data) and

DE 45 (Track 1 Data) as optional. Acquirers of AFD merchants are reminded
that presence of track data in the card-present Authorization Request/0100
message does not necessitate inclusion within the AFD Advice message. This
data is not needed by issuers for matching an AFD advice to an original
authorization, and storage of track data for submission of the AFD Advice may
not be PCI compliant.

Track Data in AFD Advice Message—Issuers

Issuers are reminded that Authorization Advice/0120—Acquirer-generated

messages are not card-activated and may not contain card-present data,
regardless of a card-present Point-of-Service (POS) entry mode value in DE 22.
The AFD advice message contains the completion amount and other reference
data from the original Authorization Request/0100 message data. The inclusion
of card-present DE 35 and DE 45 track data is optional. As such, the absence or
presence of track data in the AFD Advice message should not result in a format
error from issuers for card-present fuel purchases.

Authorization Advice/0120—Acquirer-generated when

Authorization Request Response/0110 Responded to by Stand-In
System
The following flow illustrates an Authorization Advice/0120—Acquirer-generated
message when the Authorization Request Response/0110 message was
responded to by the Stand-In System.

Authorization Advice/0120—Acquirer-generated when Authorization

Request Response/0110 Responded to by Stand-In System Flow

1. The acquirer initiates an Authorization Advice/0120—Acquirer-generated

message containing DE 60, subfield 1, value 190 (Acquirer Processing
System [APS] Approved) or 191 (Acquirer Processing System [APS]
Completion Authorization Transaction), and then passes the 0120 message
to the Authorization Platform. The Authorization Platform inserts DE 48
(Additional Data—Private Use), subelement 15 (Authorization System
Advice Date and Time).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-9
Online Authorization Messages
Processing Authorization Transactions

2. The Authorization Platform determines that the Authorization

Advice/0120—Acquirer-generated message contains value 000001 in DE
121 indicating that the Authorization Request Response/0110 message
was responded to by the Stand-In System. The Authorization Platform
forwards the Authorization Advice/0120—Acquirer-generated message to
the Stand-In System.
3. The Stand-In System places the Authorization Advice/0120—Acquirer-
generated message into the store-and-forward (SAF) queue for guaranteed
delivery to the issuer. This ensures that the issuer receives the acquirer
advice after the Authorization Advice/0120—System-generated message.
The Stand-In System responds to the acquirer with an Authorization Advice
Response/0130-System-generated message containing DE 48, subelement 15
(Authorization System Advice Date and Time).

Authorization Advice/0120—Issuer-generated
Authorization Request/0100 messages can contain bank identification numbers
(BINs) that customers have selected for scoring. For these transactions, issuers
create and send Authorization Advice/0120 messages to the RiskFinder™ scoring
system. The RiskFinder scoring system sends to the issuer an Authorization
Advice Response/0130 to acknowledge receipt of the Authorization Advice/0120
message.

Authorization Advice/0120—Issuer-generated and Authorization Advice

Response/0130—System-generated Flow

1. The issuer initiates an Authorization Advice/0120—Issuer-generated

message and sends it to the Authorization Platform. The Authorization
Platform forwards the message to the RiskFinder™ scoring system.
2. The RiskFinder scoring system creates an Authorization Advice
Response/0130—System-generated message and sends it to the
Authorization Platform. The Authorization Platform forwards the
Authorization Advice Response/0130—System-generated message
to the issuer to indicate positive receipt of the Authorization
Advice/0120—Issuer-generated message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-10 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Authorization Transactions

Authorization Advice/0120—System-generated
When MasterCard responds to an Authorization Request/0100 message on
behalf of the issuer, the Authorization Platform generates an authorization
response based on the issuer’s parameters. The Authorization Platform also
generates an Authorization Advice/0120—System-generated message.

Authorization Advice/0120—System-generated messages may be generated with

on-behalf processing that occurred for the following services:

• Stand-In System (including Limit-1 processing)

• X-Code System
• MasterCard inControl processing services
• Pre-validation services
• Transaction blocking services
• Recurring Payment Cancellation Service (RPCS)
• Pay with Rewards On-behalf service

Authorization Advice/0120—System-generated and Authorization Advice

Response/0130—Issuer-generated Flow

1. On-behalf processing generates an Authorization Advice/0120—System-

generated message and sends it to the issuer.
2. The issuer returns an Authorization Advice Response/0130—Issuer-generated
message.
3. The Authorization Platform receives the Authorization Advice
Response/0130—Issuer-generated to indicate positive receipt of the
Authorization Advice/0120—System-generated message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-11
Online Authorization Messages
Processing Authorization Transactions

Issuers can differentiate between the acquirer-generated or system-generated

Authorization Advice/0120 messages by examining the values in DE 60 (Advice
Reason Code).

When issuers receive an advice, they should determine whether to adjust

the cardholder’s open-to-buy balance. For specific requirements related to
advice messages arising from U.S. and Canada region automated fuel dispenser
transactions, see “Cardholder-Activated Terminals.”

Acquirer Response Acknowledgement/0180 Messages

The Authorization Platform provides an optional response acknowledgement
for authorization messages. This process uses Authorization
Acknowledgement/0180 messages.

Acquirers are not required to support Authorization Acknowledgement/0180

messages; however, MasterCard encourages acquirers to support these
messages. Acquirers can select this option at network configuration time.

Acquirer Response Acknowledgement/0180 Flow

The following diagram illustrates the Acquirer Response Acknowledgement

process that is used to support authorization-related messages.

1. The acquirer initiates an Authorization Request/0100 message and sends it

to the Authorization Platform.
2. The Authorization Platform forwards the Authorization Request/0100
message to the issuer.
3. The issuer creates the appropriate Authorization Request Response/0110
message and sends it to the Authorization Platform.
4. The Authorization Platform forwards the Authorization Request
Response/0110 message to the acquirer.
5. The acquirer sends an Authorization Acknowledgement/0180 message back
to the Authorization Platform, indicating that the acquirer received and
secured the preceding Authorization Request Response/0110 message at the
application level. In most cases, the acquirer should send the Authorization
Acknowledgement/0180 message to the Authorization Platform:

• Immediately after it secures (or logs) the Authorization Request

Response/0110 message
• Before the transaction actually is completed at the point of interaction

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-12 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Authorization Transactions

An Authorization Acknowledgement/0180 message does not necessarily indicate

that the transaction was successfully completed at the point of interaction.

Authorization Response Negative Acknowledgement/0190

Messages
If the issuer host generates an invalid or late Authorization Request
Response/0110 message, the Stand-In System (if applicable for the issuer) or
the Authorization Platform processes the transaction and generates a response
on behalf of the issuer. The Authorization Platform also sends an Authorization
Response Negative Acknowledgement/0190 message.

Issuer’s 0110 Could Not Be Successfully Processed Flow

The following diagram illustrates the sequence if the issuer generates an invalid
or late response.

1. The acquirer sends the Authorization Request/0100 message.

2. The issuer generates an invalid or late Authorization Request Response/0110
message and forwards it to the Authorization Platform. The Authorization
Platform routes the Authorization Request/0100 message to Stand-In
processing.
3. The Authorization Platform sends an Authorization Response Negative
Acknowledgement/0190 message to the issuer. If the issuer response is late,
the Authorization Platform sends a Reversal Advice/0420 message prior
to sending the Authorization Response Negative Acknowledgement/0190
message.
4. The Authorization Platform or the Stand-In System (when applicable)
generates the Authorization Request Response/0110 and sends it to the
acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-13
Online Authorization Messages
Processing Issuer File Update Messages

Processing Issuer File Update Messages

Issuers use the Issuer File Update Request/0302 message to update individual
data files that the Authorization Platform maintains on their behalf.

The Authorization Platform uses these data files to control the operation of
standard and optional features that customers can select when they participate
in one or more of the MasterCard program and service offerings.

Issuer File Update Request/0302 and Issuer File Update Request

Response/0312 Flow

The following diagram illustrates the standard Issuer File Update Request/0302
and Issuer File Update Request Response/0312 message process.

1. The issuer initiates an Issuer File Update Request/0302 message.

2. The Authorization Platform performs the requested issuer file update task
and issues an Issuer File Update Request Response/0312 message back
to the issuer. A Response Code field in the Issuer File Update Request
Response/0312 message indicates whether the issuer file update was
completed successfully.

Processing Reversal Request/Advice Messages

The Authorization Platform supports two types of reversals: system-generated
and acquirer-generated.

Acquirer-generated messages include the Reversal Request/0400 and the

Reversal Request Response/0410. System-generated messages include the
Reversal Advice/0420 and the Reversal Advice Response/0430.

The Authorization Platform supports both full reversal and partial reversal
functionality using the Reversal/04xx messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-14 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Reversal Request/Advice Messages

Reversal Request/0400 and Reversal Request Response/0410

Messages
An acquirer may choose to use reversal functionality based on certain
conditions.

• The response message cannot be delivered to the merchant.

• The response message contains errors.
• A response message was not received.
• The response message was received too late.

A merchant may choose to use full reversal functionality to reverse the full
amount of the original authorization amount. Partial reversal functionality is
useful in adjusting a portion of the original authorization amount. For example:

• A merchant ships only a portion of merchandise.

• A cardholder returns a rental vehicle earlier than originally reserved.
• A cardholder checks out of a hotel earlier than originally reserved.
• A cardholder cancels a portion of the transaction.
• The chip card declined a transaction that was approved by the issuer.

The Reversal Request Response/0410 message is sent in response to a Reversal

Request/0400 message and denotes the disposition of the Reversal Request/0400
message.

When processing a Reversal Request/0400 or Reversal Advice/0420 message,

issuers must appropriately adjust the cardholder's open-to-buy balance.

For full reversals, issuers should adjust the open-to-buy balance using the
original approved amount stored in DE 6 (Amount, Cardholder Billing).

For partial reversals, issuers should adjust the open-to-buy balance by removing
the original approved amount and applying the replacement amount stored in
DE 95 (Replacement Amounts).

Reversal Request/0400 and Reversal Request Response/0410 Flow

The following diagram illustrates the flow of the Reversal Request/0400

and Reversal Request Response/0410 messages to reverse the Authorization
Request/0100 message.

1. The acquirer initiates a Reversal Request/0400 message and submits it to

the Authorization Platform.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-15
Online Authorization Messages
Processing Reversal Request/Advice Messages

2. The Authorization Platform forwards the Reversal Request/0400 message

to the issuer.
3. The issuer generates an appropriate Reversal Request Response/0410
message and submits it to the Authorization Platform.
4. The Authorization Platform forwards the Reversal Request Response/0410
message to the acquirer.

Additionally, if the issuer host generates an invalid or late Reversal Request

Response/0410 message, the Authorization Platform sends an Authorization
Response Negative Acknowledgement/0190 message to the issuer.

Reversal Advice/0420 and Reversal Advice Response/0430

Messages
The Authorization Platform supports system-generated reversals that reverse
the effect of a previous authorization transaction.

When the Authorization Platform determines that no issuer Authorization

Request Response/0110 is received or the issuer’s approved Authorization
Request Response/0110 was unused or was undelivered, it generates a Reversal
Advice/0420 message and sends it to the issuer. The issuer responds to a
Reversal Advice/0420 message with a Reversal Advice Response/0430 message
to indicate positive receipt of the Reversal Advice/0420 message.

When the Authorization Platform determines that it cannot deliver a Reversal

Request/0400 message to the issuer because the issuer is signed out or
unavailable, or when no issuer Reversal Request Response/0410 is received or
the issuer’s Reversal Request Response/0410 was unused, the Authorization
Platform creates a Store-and-Forward (SAF) Reversal Advice/0420 message. The
issuer responds to a Reversal Advice/0420 message with a Reversal Advice
Response/0430 message to indicate positive receipt of the Reversal Advice/0420
message.

If the reversal is a partial reversal, the Authorization Platform provides the

Reversal Advice/0420 message where DE 95 (Replacement Amounts), subfield 1
(Actual Amount, Transaction) contains a value other than all zeros and contains
a value less than the amount in DE 4 (Amount Transaction).
NOTE
Customers in the Europe region that route to an alternate issuer host for
alternate processing, instead of Stand-In processing, will continue to receive
advices. Alternate issuer host processing does not send Authorization
Advice/0120 or Reversal Request/0400 messages to the alternate host.

Reversal Advice/0420 and Reversal Advice Response/0430 Flow

The following diagram illustrates the standard Reversal Advice/0420 message

process.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-16 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Reversal Request/Advice Messages

1. The Authorization Platform sends a Reversal Advice/0420 message to the

issuer.
2. The issuer responds to the Authorization Platform with a Reversal Advice
Response/0430 message to acknowledge positive receipt of the Reversal
Advice/0420 message.

Authorization Reversal Mandate in the U.S. Region

The acquirer of a U.S. region merchant assigned any MCC other than the
travel-related MCCs listed below must ensure that for any approved amount
that will not be included in a First Presentment/1240 message, the merchant
initiates, as applicable, a partial or full reversal for MasterCard and Debit
MasterCard (including prepaid) account ranges.

In such event, the merchant and acquirer must submit a full or partial reversal,
as applicable:

• Within 24 hours of the original Authorization Request/0100 message in a

card present environment.
• Within 72 hours of the original Authorization Request/0100 message in a
card-not-present environment. This requirement applies if, for example:

– The cardholder cancels or chooses not to complete all or part of the

transaction.
– The authorization was submitted in error (for example, a duplicate
request).
– All or a portion of the goods or services could not be provided (for
example, out-of-stock items).
– The final transaction amount was less than the authorized amount.

Effective 18 October 2013, the acquirer of a U.S. region merchant assigned any
of the following travel-related MCCs must ensure that any approved amount not
included in a First Presentment/1240 message is reversed within 20 calendar
days for MasterCard and Debit MasterCard (including prepaid) account ranges:

• MCCs 3351 through 3441 (Car Rental Agencies)

• MCCs 3501 through 3999 (Lodging—Hotels, Motels, Resorts)
• MCC 4411 (Cruise Lines)
• MCC 7011 (Lodging—Hotels, Motels, Resorts—not elsewhere classified)
• MCC 7512 (Automobile Rental Agency—not elsewhere classified)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-17
Online Authorization Messages
Processing Administrative Request/Advice Messages

Effective 19 April 2013, the T&E MCCs will be included in the Processing
Integrity Fee program. The processing integrity fee for these transactions will
be listed in the report at a rate of zero. Acquirers of T&E transactions in the
U.S. region are encouraged to request the Processing Integrity Fee report,
which will include T&E transactions. To sign up for these reports, contact the
Customer Operations Services team.

Effective 18 October 2013, the processing integrity fee will go into effect for
these transactions. Customers will be charged the same rate as other processing
integrity fees for the U.S. Region Authorization Reversal Mandate, and the report
will list the effective rate, instead of a rate of zero for transactions authorized
on and after this date.

Authorization Reversal Mandate in the Europe Region

Effective 5 November 2013, the acquirer must ensure that a merchant submits
a reversal message to the issuer within 24 hours of the cancellation of a
previously authorized transaction or of the finalization of a transaction with
a lower amount than previously approved. The reversal may be a full or
partial reversal, as appropriate. In the case of finalization of a transaction
with a lower amount, a partial reversal is not required if the clearing message
is submitted within 24 hours of finalization of the transaction. The reversal
requirement does not apply to card acceptor business code (MCC) 5542 (Fuel
Dispenser, Automated) Transactions or to MasterCard Contactless (PayPass)
transit aggregated or transit debt recovery transactions.

This mandate enables issuers to more accurately manage the card’s open-to-buy
and addresses cardholders’ and regulators’ concerns with current practices.

Processing Administrative Request/Advice Messages

The Authorization Platform supports the following Administrative
Request/Advice messages.

• Administrative Request/0600
• Administrative Request Response/0610
• Administrative Advice/0620
• Administrative Advice Response/0630

Administrative Request/0600 and Administrative Request

Response/0610 Messages
Administrative Request/06xx—Customer Data messages allow participating
customers to transmit customer data. customers can use the Administrative
Request/06xx messages for MasterCard, private label, and other eligible card
products.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-18 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Administrative Request/Advice Messages

This optional processing can provide the following benefits to customers:

• Private label issuers may reduce or eliminate the costs of maintaining

multiple connections for each private label merchant.
• MasterCard issuers obtain an additional channel to secure applications,
which is especially useful for instant credit.
• Acquirers can experience increased transaction volumes.

While there are many potential uses for Administrative Request/06xx—Customer

Data messages, the following usages support the exchange of customer
application and account data:

• Credit application request and response

• Credit application inquiry and response
• Account lookup inquiry and response
• Account maintenance request and response
• User lookup inquiry and response
• Counteroffer reply and response
• Preapproved offer inquiry and response
NOTE
Administrative Request/06xx—Customer Data messages should be used only for
these intended purposes, as defined in DE 60 of the 0600 message.

Issuers that choose to participate in the exchange of Administrative

Request/06xx—Customer Data messages are assigned an account range by
MasterCard that can only be used for these messages and not used in any
authorization, reversal, or administrative advice messages.

To participate in Administrative Request/06xx messaging, customers must

complete the Administrative Requests—Customer Data Participation (Form
860), and submit the form to the Customer Operations Services team.

Administrative Request/0600 Message

The Authorization Platform receives an Administrative Request/0600 message
from an acquirer and applies applicable processing.

The Administrative Request/0600 message contains customer data in DE 113–119

(Reserved for National Use) and the usage type in DE 60 (Advice Reason
Code). Any eligible Administrative Request/0600 message is routed to the
issuer associated to the account range within DE 2 (Primary Account Number
[PAN]) and the appropriate response timer is set for the issuer Administrative
Request Response/0610 message. The response timer is configured by each
DE 60 usage type and initially is set at a default of 30 seconds, except DE 60 =
6500090 (Business application request) is set at 45 seconds.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-19
Online Authorization Messages
Processing Administrative Request/Advice Messages

Administrative Request Response/0610 Message

The Authorization Platform applies applicable processing if the issuer sends
an Administrative Request Response/0610 message.

The Authorization Platform provides an Administrative Request Response/0610

message to the acquirer that contains one of the following responses:

• The issuer’s response data, if the issuer provided a timely response

• A system-generated response provided by the Authorization Platform
NOTE
Issuers must be signed in to the Authorization Platform to receive Administrative
Request/0600 messages. Issuers use Network Management/08xx messages
for Authorization Platform sign in. For more information about Network
Management/08xx messages, see the Customer Interface Specification manual.

MasterCard logs the Administrative Request/06xx—Customer Data messages

for audit, billing, operational, reporting, and statistical purposes. MasterCard
does not log any of the customer information contained in DE 113–DE 119
(Reserved for National Use) of Administrative Request/06xx—Customer Data
messages. These data elements are passed through the MasterCard Network
and no processing occurs on the content of the data elements.

Administrative Request/0600 and Administrative Request Response/0610

Flow

The following diagram illustrates the standard Administrative Request—Customer

Data process.

1. The acquirer initiates an Administrative Request/0600 message and sends it

to the Authorization Platform.
2. The Authorization Platform forwards the Administrative Request/0600
message to the issuer based on the account range contained in DE 2 (PAN).
3. The issuer sends an Administrative Request Response/0610 message to
the Authorization Platform.
4. The Authorization Platform forwards the Administrative Request
Response/0610 message to the acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-20 27 November 2013 • Authorization Manual
 Online Authorization Messages
Processing Administrative Request/Advice Messages

Administrative Advice/0620 and Administrative Advice

Response/0630 Messages
Administrative Advice/0620 and Administrative Advice Response/0630 messages
are administrative messages that two parties participating in a given MasterCard
program or service offering can use when using the Authorization Platform.

The Authorization Platform routes messages from an originator to a receiver

and, in general, does not distinguish whether the originator or receiver is an
issuer or an acquirer.

Administrative advice messages are used for the following reasons:

• To return indecipherable messages to a message originator with an

appropriate error condition code indicating the point at which the
Authorization Platform terminated message parsing or message processing.
In general, messages returned in Administrative Advice/0620 messages
will have improperly coded or garbled Message Type Indicators (MTIs) or
improperly coded bit maps.
• To transmit risk scores generated by the RiskFinder™ scoring system to
an issuer.
• To transmit administrative (free-format) textual messages between any two
parties participating as customers on the Authorization Platform.

In all cases, DE 60 (Advice Reason Code) within the Administrative Advice/0620

message determines the specific reason for the advice message.

Invalid Message—Administrative Advice/0620 and Administrative Advice

Response/0630 Flow

The following diagram illustrates the administrative advice message process

used to return an invalid message.

1. A customer processor system (CPS) generates an invalid message and

forwards it to the Authorization Platform.
2. The Authorization Platform returns an Administrative Advice/0620 message
to the CPS, with an appropriate error condition code indicating the point at
which the Authorization Platform terminated message parsing or message
processing.
3. The CPS acknowledges receipt of the Administrative Advice/0620 message
and returns an Administrative Advice Response/0630 message to the
Authorization Platform.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-21
Online Authorization Messages
Processing Administrative Request/Advice Messages

Administrative Advice/0620 and Administrative Advice

Response/0630—RiskFinder Flow

The following diagram illustrates the administrative advice message process

used to transmit risk scores generated by the RiskFinder™ scoring system to
an issuer.

1. The RiskFinder scoring system sends an Administrative Advice/0620

message to the Authorization Platform for delivery to the issuer originating
an Authorization Advice/0120—RiskFinder message.
2. The issuer acknowledges receipt of the Administrative Advice/0620 message
and returns an Administrative Advice Response/0630 message to the
Authorization Platform for delivery back to the RiskFinder scoring system.

Administrative Advice/0620 and Administrative Advice Response/0630

Flow

The following diagram illustrates the administrative advice message process

used to transmit administrative (free-format) textual messages between any two
parties participating as customers on the Authorization Platform.

1. A customer processor system (CPS) generates an Administrative Advice/0620

message and forwards it to the Authorization Platform. Note that the “CPS”
may be an issuer, an acquirer, or any other customer processing facility
communicating via the MasterCard Network.
2. The Authorization Platform acknowledges receipt of the Administrative
Advice/0620 message by returning an Administrative Advice Response/0630
message to the originating CPS.
3. The Authorization Platform forwards the Administrative Advice/0620
message to the receiving destination CPS.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-22 27 November 2013 • Authorization Manual
 Online Authorization Messages
Using Network Management Request Messages

4. The receiving CPS acknowledges receipt of the Administrative Advice/0620

message by returning an Administrative Advice Response/0630 message to
the Authorization Platform.
NOTE
Customers should not use Administrative Advice/0620 messages in lieu of
available 0100, 0120, and 0400 messages.

Using Network Management Request Messages

The Authorization Platform uses network management messages to coordinate
system or network events or tasks. These messages also are used to
communicate network status conditions. Network management messages can
be customer-initiated or Authorization Platform-initiated.

Typical uses of customer-initiated network management messages include the

following:

• Sign in to and sign out from the Authorization Platform

• Activate or deactivate socket connections
• Request network connection status
• Sign-in to and sign-out from RiskFinder by prefix
• Request RiskFinder SAF message transmission
• Perform encryption key management tasks

Typical uses of system-initiated network management messages include the

following:

• Request network connection status

• Advise of RiskFinder end-of-file/end-of-transmission conditions
• Perform encryption key management tasks

Standard Network Management/08xx Messages

The following diagrams illustrate the exchange of Network Management
Request/0800 and Network Management Request Response/0810 messages.

Network Management/0800—Customer-initiated Flow

1. The customer sends a Network Management Request/0800 message to the

Authorization Platform. DE 70 (Network Management Information Code)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-23
Online Authorization Messages
Using Network Management Request Messages

indicates the type of customer-initiated network management request

message.
2. The Authorization Platform generates a Network Management
Response/0810 message to acknowledge receipt of the Network
Management Request/0800 message.

Network Management/0800—System-initiated Flow

1. The Authorization Platform generates the Network Management

Request/0800 message. DE 70 indicates the type of system-initiated network
management request message.
2. The customer generates a Network Management Response/0810 message to
acknowledge receipt of the Network Management Request/0800 message.

Network Management Advice/0820—System-initiated Flow

The following diagram illustrates the standard Network Management

Advice/0820 message process between the Authorization Platform and the
customer. The Network Management Advice/0820 message does not require a
response.

Authorization Sign In/Sign Out

A Network Management Request/0800 message is used to carry out an
Authorization Platform sign in that allows issuers to manage the activities and
the status of a given routing destination for a group of account ranges.

A routing destination is a predefined set that consists of MasterCard Interface

Processors (MIPs) and the issuer host connections available for transaction
processing. Each routing destination is assigned a Group Sign-in ID (GSI).

To identify the issuer’s readiness to receive authorization messages, the

Authorization Platform requires a sign-in message or a sign-out message to be
delivered to the Authorization Platform. The sign in signifies the readiness of
the issuer to receive transactions for all the account ranges over all the MIPs
and issuer host connections in the group.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-24 27 November 2013 • Authorization Manual
 Online Authorization Messages
Using Network Management Request Messages

Session Management
The MasterCard Network offers the following two options to verify the status of
network connections using network management messages.

• At the MasterCard Interface Processor (MIP) level using a session activation

request
• At the Authorization Platform application level using an echo test message

MasterCard also supports use of zero length probe messages to detect broken
sockets or Transmission Control Protocol/Internet Protocol (TCP/IP) sessions
that no longer exist. The customer and the MIP can send a zero length message
to an idle socket that contains a two-byte header set to 0x0000. For more
information about managing socket connections, see the Data Communications
Manual.

Session Activation/Deactivation
Session activation (and deactivation) allows the issuer to control when an
established socket connection is ready to receive transactions. This provides
the ability for the issuer to make a TCP/IP socket connection and to indicate
that the connection is ready to receive traffic (activate) or to stop receiving
traffic (deactivate).

This level of session management is not relevant for acquirers as the MasterCard
Network will always accept and respond to acquired transactions on established
sockets. The session activation process is only relevant to acquirers for
performing a local probe of the sockets connected to the MIP.

Issuers that choose to perform session management at this level are required to
send an activation request using the Network Management Request/0800—Host
Session Activation message for each socket connection before receiving
authorization message traffic. If an issuer does not participate in Enhanced
Session Management, all host connections for that issuer are considered “active”
(that is, ready to receive transactions) once the issuer’s sockets are open.

Session-based Network Routing

MasterCard supports a configurable option on the MasterCard Network that uses
the TCP/IP to automatically manage load balancing of transactions between
MIPs with available connections.

This feature is typically used when an issuer is load balancing message traffic
across multiple MIPs, potentially at different sites, and MasterCard needs to
detect when a given MIP should be considered disabled so that no further
transactions are routed to that MIP until it is enabled.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-25
Online Authorization Messages
Using Network Management Request Messages

Upon receiving the transaction from the acquirer MIP, the issuer MIP tries to
deliver the transaction to the issuer host. If the MIP detects that all the socket
connections to the issuer host are de-activated, the corresponding MIP is
disabled. Once the MIP is disabled, it no longer receives traffic for that MIP
until it is enabled. The MIP will not be re-enabled until an issuer host activates
a socket connection with the MIP.

Session-based Network Routing Flow

The following diagram illustrates the Session-based Network Routing option.

Session Activation and Transaction Routing

Session activation and session-based network routing can be used by customers
to control the delivery of the issuer traffic.

For example, an issuer with a primary and backup host may want to control
the distribution of its traffic to one or to the other host. The prerequisite is
that both hosts and related MIPs are defined in the same destination route.
The customer must activate at least one session from the primary, and then
sign on with its GSI from the host. If the issuer wants to put its primary host
in maintenance and get the traffic on the backup host, the issuer will need to
de-activate the primary host session and activate at least one of the backup
host sessions. Combined with session-based network routing, traffic will be
automatically routed to the backup host.

Session Activation and Transaction Routing Flow

The following diagrams illustrate session activation and transaction routing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-26 27 November 2013 • Authorization Manual
 Online Authorization Messages
Using Network Management Request Messages

To participate in Enhanced Session Management and Session-based Network

Routing options, customers must complete the Session Management Member
Participation Enrollment Form (Form 868), and submit the form to the
Customer Operations Services team.

Network Connection Status

Network connection status (echo test) messages allow issuers and acquirers
to check the status of their connection to the MasterCard Network. Issuers
and acquirers that choose to perform session management at this level
are required to send an activation request using a Network Management
Request/0800—Network Connection Status message.

Best Practices
As a best practice, MasterCard recommends that customers use any one or a
combination of these network connectivity management options, as illustrated
in the following diagram. These varying levels of probes are recommended in
place of using a repeat sign-in Network Management Request/0800 message to
verify host connectivity to MasterCard.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-27
Online Authorization Messages
Using Network Management Request Messages

Network Connectivity Management Options

Store-and-Forward (SAF) Message Retrieval (Issuers)

The Authorization Platform places advice messages into the SAF queue. The
SAF queue retains all of these messages for four days for the issuer to retrieve.

Issuers receive SAF messages after signing on to the MasterCard Network

using a Network Management Request/0800 message containing DE 70 with
value 001 (Sign on [by prefix]) or 061 (Group Sign on [by MasterCard group
sign-on]) or when the Authorization Platform SAF processing recognizes that
the issuer is available.

When an issuer has a large number of SAF records (for example, because
of an extended outage) and they are not able to process them through the
preferred method of multiple SAF sessions with MasterCard due to a technical
problem, issuers can contact their Customer Service Representative to request
the retention and restoration of their SAF messages beyond the current four-day
limitation.

RiskFinder Sign In/Sign Out by Prefix and RiskFinder SAF

Retrieval (Issuers)
Customers use Network Management Request/0800 messages to notify the
RiskFinder scoring system of the following events.

• They are ready to receive scored Administrative Advice/0620 messages on a

near real-time basis.
• They do not want to receive their real-time scored messages, and RiskFinder
should put all its held scored messages in the RiskFinder SAF queue.
• They are ready to retrieve Administrative Advice/0620 messages from the
RiskFinder SAF queue.

©1983–2013 MasterCard. Proprietary. All rights reserved.

5-28 27 November 2013 • Authorization Manual
 Online Authorization Messages
Using Network Management Request Messages

In all three scenarios, the RiskFinder scoring system responds with a Network
Management Response/0810. In the third scenario, customers receive a Network
Management Advice/0820 message when RiskFinder completes the SAF process.

Dynamic PIN Encryption Key (PEK) Exchange

The dynamic PEK exchange process is facilitated between the Authorization
Platform and customers via the Network Management/08xx messages.

The Authorization Platform randomly generates dynamic PEKs for each

customer based on a configurable elapsed time or by the number of transactions
processed, whichever occurs first. The Authorization Platform sends a Network
Management Request/0800 message to the customer to change the PEK. The
customer responds with a Network Management Request Response/0810
message to indicate receipt of the PEK. The Authorization Platform then
completes the key exchange process by sending a Network Management
Advice/0820 message to notify the customer that the PEK is active and
operational.

The customer also can initiate the key exchange process by sending a Network
Management Request/0800 message to the Authorization Platform where DE 70
contains value 162 (Solicitation for key exchange request). This is an optional
feature. When the Authorization Platform receives the Network Management
Request/0800 message to initiate the key exchange, the Authorization Platform
responds with a Network Management Request Response/0810 message, and
then immediately starts the normal key exchange sequence.

Possible PEK Exchange Triggers

Possible PEK exchange triggers include the following:

• Customer requests generation of new key via online 0800/0810 Network

Management message
• Transaction counter threshold reached (default 2,500 transactions)
• Error counter threshold reached
• 24 hours elapsed since a new key was issued
• Operator initiated
NOTE
The Dynamic PIN Encryption Key (PEK) Exchange service is not available in the
Europe region.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 5-29
Chapter 6 Stand-In Processing
This section describes the Stand-In processing facility at MasterCard. It explains the tests
that Stand-In System processing performs and the order in which Stand-In processing
performs them to ensure appropriate authorization responses.

Stand-In Processing Service ........................................................................................................... 6-1

How Stand-In Processing Works.................................................................................................... 6-2
Range Blocks ........................................................................................................................... 6-3
Account Listings....................................................................................................................... 6-3
Stand-In Processing Parameters ............................................................................................... 6-3
Stand-In Processing Security Services ...................................................................................... 6-4
Decision Matrix........................................................................................................................ 6-4
Stand-In Tests ................................................................................................................................ 6-5
Range Blocks Test.................................................................................................................... 6-6
Stand-In Account File Test ....................................................................................................... 6-7
Expiration Date Test ................................................................................................................ 6-7
M/Chip Cryptogram Validation Test......................................................................................... 6-7
PIN Verification Test ................................................................................................................ 6-8
CVC 1 Test ............................................................................................................................... 6-9
CVC 3 Test ............................................................................................................................... 6-9
AAV Verification Test.............................................................................................................. 6-10
Merchant Suspicious Test....................................................................................................... 6-10
Transaction Limits Test........................................................................................................... 6-10
Parameter Combinations.................................................................................................. 6-11
Examples of Parameter Combinations ....................................................................... 6-12
Mandatory MasterCard Parameter Combinations ............................................................. 6-13
MasterCard Processing ..................................................................................................... 6-14
Examples of Application of Transaction Limits Parameter Combinations .................. 6-14
Accumulative Limits Test ....................................................................................................... 6-16
Accumulative Limit Parameters ........................................................................................ 6-16
Cash Disbursement Accumulator Test ................................................................................... 6-17
Stand-In Response ................................................................................................................. 6-17
Exceptions and Additions to the Stand-In Process....................................................................... 6-17
Online Transactions ............................................................................................................... 6-18
Premium Listings.................................................................................................................... 6-18
CAPS Accounts ...................................................................................................................... 6-18

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-i
Stand-In Processing

Purchase with Cash Back Transactions .................................................................................. 6-19

Card Level Support ...................................................................................................................... 6-20
Card Validation Code 1 Verification in Stand-In Processing......................................................... 6-20
Stand-In Investigation Service...................................................................................................... 6-22
SIS Attack............................................................................................................................... 6-23
SIS Warning............................................................................................................................ 6-24
SIS Monitoring ....................................................................................................................... 6-25
Fees ....................................................................................................................................... 6-25
Action Required ..................................................................................................................... 6-25
Stand-In Investigation Service BIN Blocking ............................................................................... 6-26

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-ii 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Processing Service

Stand-In Processing Service

Stand-In processing is a standard MasterCard service that responds to
authorization requests that have been routed to the MasterCard Network on
behalf of the issuer.

Stand-In processing and the Stand-In Investigation Service (SIS) are mandatory
for MasterCard credit products in all regions, except for customers in the Europe
region with existing alternate back-up authorization processing. Issuers may
choose to block Stand-In System processing for debit products in all regions,
except in the U.S. region.

Stand-In processing is available to all issuers 24 hours a day, 365 days a year.
However, Stand-In processing responds only when the issuer does not respond,
is unavailable, cannot be reached, or provides an invalid response resulting as
follows:

• Stand-In processing responds for online issuers only when the issuer is
not signed in, the transaction cannot be delivered to the issuer, the issuer
MIP times out (does not receive an authorization response within specified
time limits), or the issuer’s response message contains invalid formatting
or information resulting in an issuer edit error.
• Stand-In processing responds for Central Authorization Processing Service
(CAPS) issuers 100 percent of the time or during planned outages.

Stand-In processing does not apply to the following types of transactions.

Authorization Response from

Transaction Type Stand-In Processing
Account Status Inquiry Service Service not available

ATM Credit Card Cash Advance in Service not available

Installments transactions

Balance inquiry transactions at ATM and Service not available

POS
PIN management transactions Service not available

Product Inquiry Service Service not available

Funding transactions with a credit card at Service not available

an ATM
Note: This is limited to non-Europe
acquired funding transactions. If the
transaction is Europe acquired, it could be
processed in the Stand-In System.

MasterCard Hosted Mobile Phone Top-up Service not available

ATM transactions
Recurring payment test transaction Service not available

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-1
Stand-In Processing
How Stand-In Processing Works

Authorization Response from

Transaction Type Stand-In Processing

Private label prepaid card activation plus Service not available

initial load transactions

Refund transactions Service not available

Card activation transactions Decline

For information about the Stand-In Investigation Service, see “Stand-In

Investigation Service.”

For details about transaction processing for each of the above transaction types,
see the Customer Interface Specification manual.

How Stand-In Processing Works

Stand-In processes authorization requests according to a series of tests.

To determine an authorization response, these tests rely on data in the

authorization message and some or all of the following data provided by the
issuer:

• Range Blocks
• Account Listings (Negative or Premium)
• Stand-In Processing Parameters
• Stand-In Processing Security Services
• Decision Matrix

Data Used by Stand-In Processing

The following illustration shows how data is used by the Stand-In System.

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-2 27 November 2013 • Authorization Manual
 Stand-In Processing
How Stand-In Processing Works

Range Blocks
Issuers may list a range of account numbers to indicate that they have not
issued the numbers to cardholders.

Account Listings
Issuers may list accounts in the Stand-In Account File as Negative
(lost/stolen/fraud) or Premium Listings for valued/preferred cardholders.

Issuers may list individual card numbers to identify exception accounts that are
processed differently than regular accounts. They can list these accounts with
either higher limits to ensure approval, such as the limits for Premium Listings
or as Negative for lost/stolen/fraud or unpaid/over limit accounts that must be
declined or captured.

If Stand-In processing determines that an account is listed in the Stand-In

Account File, Electronic Warning Bulletin, or Local Stoplist, Stand-In processing
is modified, as described in “Stand-In Account File Test.” For a description of
how to list accounts, see the Account Management System User Manual.

Stand-In Processing Parameters

Issuers use the Stand-In Processing Worksheet to establish MasterCard with the
parameters for processing authorization requests.

Issuers define:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-3
Stand-In Processing
How Stand-In Processing Works

• Amount limits that apply for a particular combination of parameters in the

authorization request
• Accumulative number and amount limits that are calculated over a
specified number of days

Stand-In processing is based on limits and transaction amounts in U.S. dollars

or the issuer’s cardholder billing currency.

For more information about the Stand-In Processing Worksheet to provide

parameters, see “Setting Stand-In Parameters.”

Stand-In Processing Security Services

The issuer provides the key components from the issuer’s security service
calculation. For transactions that meet the criteria, Stand-In processing validates
the security service for the services the issuer has chosen.

For issuers that choose to participate in an optional security service, Stand-In

processing applies the appropriate service test.

Online and CAPS issuers that want to take advantage of one of the optional
security services must use the Key Validation Service Specification Form (Form
735).
NOTE
Only Europe region customers’ PIN keys are managed via OBKM. Non-Europe
region customers’ PIN keys are managed using the Hard Copy Key Exchange
(Form 723), which is processed through Key Management Services (KMS) in
Waterloo, Belgium.

Issuers may choose from the following security services:

• M/Chip Cryptogram Validation in Stand-In Processing

• Personal Identification Number (PIN) Verification in Stand-In Processing
• Card Validation Code 1 (CVC 1) Verification
• Card Validation Code 3 (CVC 3) Verification
• MasterCard® SecureCode™ Dynamic AAV Verification in Stand-In Processing

Decision Matrix
The issuer defines which authorization response Stand-In processing should
use if an authorization request fails a particular test.

On the Stand-In Processing Worksheet, issuers complete a decision matrix. The

decision matrix advises Stand-In processing of the authorization response to
return when a transaction fails certain tests.

In the decision matrix, issuers specify authorization responses for when:

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-4 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Tests

• The issuer’s authorization center is open versus when it is closed

• The issuer’s authorization system is signed in versus when it is signed out
(for online issuers)

The following table provides a schematic representation of the decision matrix.

Stand-In Transac- Accumula- Premium

Account tion Limits tive Limits Limits
File Test Test Test Test

Within Issuer is N or C N or C N or C N or C
Hours of signed in
Operation and down or
timed out
Issuer is N or C N or C N or C N or C
signed out

Outside Issuer is N N or A N N
Hours of signed in
Operation and down or
timed out
Issuer is N N or A N N
signed in

A = Skip the Transaction Limits test (go to the next test even if the transaction
is over the limit)
N = Decline request

C = Call referral (verbal contact required to complete the transaction)

NOTE
Only Europe region customers’ PIN keys are managed via OBKM. Non-Europe
region customers’ PIN keys are managed using the Hard Copy Key Exchange
(Form 723), which is processed through Key Management Services (KMS) in
Waterloo, Belgium.

During Stand-In processing, whenever an authorization request fails one of the

tests that requires the decision matrix to determine an authorization response,
Stand-In processing refers to these issuer-defined choices.

If Stand-In processing is invoked during the call referral process, Stand-In

processing will not generate a second response of “call referral.”

Stand-In Tests
The Stand-In tests systematically review the authorization request to determine
an appropriate authorization response.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-5
Stand-In Processing
Stand-In Tests

Stand-In Tests (listed in the order in which they are performed)

The following illustration shows the Stand-In tests in the order in which the
Stand-In System performs them.

Stand-In processing performs the tests only until it reaches a test result that
allows it to generate an authorization response. If Stand-In processing performs
the Range Blocks test, for example, and the authorization request fails that test,
Stand-In processing immediately generates the authorization response and does
not perform any of the subsequent tests.

Range Blocks Test

Issuers may block a range of account numbers to indicate that they have not
issued the numbers to cardholders. Issuers establish range blocks on the
Stand-In Processing Worksheet.

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-6 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Tests

The Range Blocks test determines whether the account number in the
transaction falls within a blocked range. If it does, Stand-In processing can
issue a response of refer to card issuer, capture card, do not honor, invalid
transaction, or invalid card number (regardless of the acquiring country) for
any authorization request within the blocked ranges.

Setting up range blocks for Stand-In processing is optional.

Stand-In Account File Test

The Stand-In Account File test determines whether the Stand-In Account File
lists the account number in the transaction as an exception account.

Stand-In processing returns an authorization response based on the entry

reason and the Stand-In processing decision matrix, as follows:

• If Stand-In processing determines that an account is listed in the Stand-In

Account File with entry reason F (fraud), P (capture card), or X (counterfeit),
it immediately generates a capture card response.
• Negative accounts listed in the Electronic Warning Bulletin or Local Stoplist
files generate an authorization response of capture card.
• If the account is listed with entry reason C (credit), L (lost), O (other), S
(stolen), or U (unauthorized use), Stand-In processing returns a response
based on the issuer’s Decision Matrix for the Stand-In Account File test.
• If the account is listed in the Stand-In Account File with entry reason
V (Premium Listings), Stand-In processing continues testing. Stand-In
processing uses the tests that are applicable for these types of
premium/preferred accounts.

For information about exceptions and additions to Stand-In processing, see

“Exceptions and Additions to the Stand-In Process.”

Expiration Date Test

The expiration date test determines whether the expiration date provided in
the request message is less than the current year and month, or is more than
20 years in the future. Signature-based non-expiring cards (YY/MM of 4912)
are excluded from this test.

M/Chip Cryptogram Validation Test

M/Chip Cryptogram Validation in Stand-In Processing is an optional M/Chip
processing service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-7
Stand-In Processing
Stand-In Tests

The M/Chip Cryptogram Validation in Stand-In Processing service supports

issuers that process chip transactions on an on-going basis, including the
validation of the authorization request cryptogram (ARQC) and generation of
the authorization response cryptogram (ARPC) on their hosts when the issuer
is signed out, the transaction cannot be delivered to the issuer, or the issuer
timed out.

MasterCard performs the cryptographic support and provides authorization

processing for issuers that use the M/Chip Select 2.0, M/Chip Lite 2.1, M/Chip
4.0 (MasterCard, EMV CSK, and EMV2000 session key derivation methods),
and M/Chip™ Advance.

MasterCard also supports EMV Common Core Definition (CCD), which specifies
a minimum common set of card application implementation options, card
application behaviors, and data element definitions to create a transaction that
complies with EMV standards.

Stand-In processing performs this test only if the transaction meets the following
criteria:

• The issuer has requested participation in this service.

• The transaction contains chip card data elements.

For transactions that qualify for this service, Stand-In processing:

• Validates the ARQC and the TVR/CVR fields according to issuer-defined

patterns
• Approves or declines the transaction
• Generates the ARPC
• Creates the Authorization Request Response/0110 message
• Creates the Authorization Advice/0120 message

For more information about the M/Chip Cryptogram Validation in Stand-In

Processing service, see “Authorization Services Details.”

PIN Verification Test

MasterCard offers a PIN verification service for transactions processed by the
Stand-In System that contain unverified PIN data in Authorization Request/0100
messages. Issuers that want MasterCard to verify the PIN on transactions
processed by Stand-In must provide PIN processing parameters to MasterCard.

Stand-In processing will bypass the PIN Verification Test and proceed to the
next sequential Stand-In test, unless the issuer participates in either a PIN
pre-validation or PIN validation in Stand-In service.

For more information about the PIN Verification in Stand-In processing service,
see “Authorization Services Details.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-8 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Tests

CVC 1 Test
The card validation code 1 (CVC 1) test is an optional service.

Stand-In processing performs the test only if the transaction meets the following
criteria:

• The issuer has requested participation in this service.

• The authorization request contains full-unaltered Track 1 or Track 2 data
and value 80 or 90 in Point-of-Service (POS) Entry Mode field.

A value of 80 indicates that a chip-capable terminal was unable to process a

chip card transaction using data on the chip; therefore, the terminal defaulted
to the magnetic stripe-read PAN. The full track data has been read from the data
encoded on the card and transmitted within the Authorization Request/0100 in
DE 45 (Track 1 Data) or DE 35 (Track 2 Data) without alteration or truncation.
To use this value, the acquirer must be qualified to use value 90.

A value of 90 indicates that the PAN was entered via magnetic stripe. The full
track data has been read from the data encoded on the card and transmitted
within the authorization request in DE 35 (Track 2 Data) or DE 45 (Track 1
Data) without alteration or truncation.

If the issuer participates in the CVC 1 validation service and the transaction
meets the criteria for the CVC 1 test, the Stand-In System considers the results
of the CVC 1 validation in DE 48 (Additional Data—Private Use), subelement
87 (Card Validation Code Result) when responding to the Authorization
Request/0100 message. The issuer can control the response that the Stand-In
System uses when the CVC 1 value is invalid or validation cannot be performed.
The default value is 05 (Do Not Honor). To change these values, contact Key
Management Services at [email protected].

Stand-In processing does not verify CVC 2 values.

CVC 3 Test
CVC 3 validation in Stand-In processing services are optional. Stand-In
processing performs these tests only if the issuer has requested participation
in these services.

CVC 3 validation in Stand-In processing services (Static CVC 3 Validation

in Stand-In Service and Dynamic CVC 3 Validation in Stand-In Service) are
available for transactions that derive from proximity chip functionality with
magnetic stripe Track 1 or Track 2 data containing a CVC 3 value.

MasterCard supports issuers participating in CVC 3 validation in Stand-In

processing services by responding to the authorization message on behalf of
the issuer. MasterCard considers the results of the CVC 3 validation in DE 48,
subelement 71 (On-behalf Services) when responding to the Authorization
Request/0100 message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-9
Stand-In Processing
Stand-In Tests

If the issuer participates in one of the CVC 3 pre-validation services and is

unavailable to respond to the authorization request, MasterCard considers the
results of the CVC 3 pre-validation when the transaction is processed by the
Stand-In System.

For information about the CVC 3 validation in Stand-In processing services,

see “Authorization Services Details.”

AAV Verification Test

The MasterCard® SecureCode™ Dynamic AAV Verification in Stand-In
Processing test is an optional service.

Issuers may request that Stand-In processing perform the AAV verification test
when the issuer’s host system is unavailable to respond to the Authorization
Request/0100 message containing AAV data.

For more information about the MasterCard SecureCode Dynamic AAV

Verification in Stand-In processing service, see “Authorization Services Details.”

Merchant Suspicious Test

To perform this test, Stand-In processing examines the authorization request to
determine whether the merchant suspicious indicator is present.

If Stand-In processing finds a merchant suspicious indicator in the request,

it generates a response of “decline.” See DE 61 (Point-of-Service [POS]
Data), subfield 8 (POS Transaction Security) field in the Customer Interface
Specification manual for the code representing the merchant suspicious
indicator.

Transaction Limits Test

To perform the Transaction Limits Test, Stand-In processing compares the
applicable amount in the authorization request to the transaction limit
designated by the issuer on the Stand-In Processing Worksheet.

If a mail order/telephone order (MO/TO) transaction exceeds the established

transaction limit, Stand-In processing issues a response of “decline.”

For any other type of transaction, if the transaction exceeds the established
transaction limit, Stand-In processing refers to the issuer’s Decision Matrix to
determine an authorization response. Based on the Decision Matrix, Stand-In
processing either:

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-10 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Tests

• Generates a response of “refer to card issuer” or “decline.” If the account is a

Premium Listing with higher transaction limits, Stand-In processing uses the
Premium Limits Test section of the Decision Matrix to determine a response
based on the number of transactions the issuer sets for Premium Listings.
• Continues to the next Stand-In test.

Issuers designate transaction limits by combinations of the transaction limits

parameters. Combinations may include any or all of the following parameters:

• Country Code—The country code is a three-digit, numeric code that

identifies the country. Issuers may use these codes to establish higher or
lower transaction limits for a country or countries where the transaction
is acquired.
• Promotion Code—The promotion code is a six-character, alphanumeric
code that the issuer establishes to identify transactions that meet the
requirements for an issuer’s promotional program. Issuers may use these
codes to establish particular transaction limits for transactions that meet
their program requirements.
• Cardholder-activated terminal (CAT) level indicator—CAT level indicator
is a one-digit, numeric code that identifies transactions that occur at one
of the four types of CATs or that use electronic commerce or transponder
technology (described in ). Issuers may use these codes to establish
particular transaction limits for CAT transactions.
• Transaction Category Code (TCC)—TCC is a one-character, alphabetic
code that identifies the type of transaction. Issuers may use these codes to
establish particular transaction limits based on the type of transaction.
• Card Acceptor Business Code (MCC)—MCC is a four-digit, numeric code
that identifies the card acceptor business/merchant category that best
describes the business conducted. Issuers may use these codes to establish
higher or lower transaction limits for certain merchants.

For a list of valid numeric country codes, valid TCCs, and valid MCCs, see
the Quick Reference Booklet. For more information about promotion code
requirements in authorization messages and CAT level values (DE 61, subfield
10), see the Customer Interface Specification manual.

Parameter Combinations
Parameter combinations are established by BIN or ICA number.

Each combination may include some or all of the following:

• One promotion code

• One cardholder-activated terminal (CAT) level indicator
• Up to 10 specific TCCs or up to 10 specific MCCs
• Up to 10 specific country codes

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-11
Stand-In Processing
Stand-In Tests

Issuers may establish as many as 19 of these parameter combinations.

MasterCard requires that two of these combinations be established as CAT 4
(In-flight Commerce Gaming) and Transaction Category Code Global parameter
combinations.

Issuers also sequence their parameter combinations to instruct Stand-In

processing of the order in which it should apply the specific transaction limits.

Examples of Parameter Combinations

The following examples show parameter combinations that a customer can

establish.

Example 1

The issuer instructed Stand-In processing to use a transaction limit of USD 2,000
when the card is present and USD 500 when the card is not present, when the
Authorization Request/0100 message also contains promotion code PM0111 and
card acceptor business code (MCC) 5511. Country code 000 instructs Stand-In
processing to apply these limits globally—regardless of the country where
the transaction takes place.

Country Promotion CAT

Code Code Level TCC MCC Transaction Limit

Card Present Card Not Present

000 PM0111 5511 USD 2,000 USD 500

Example 2

The issuer instructed Stand-In processing to use a transaction limit of USD 40

when the card is present and USD 0 when the card is not present, when the
Authorization Request/0100 message also contains country code 454, CAT level
indicator 2, and MCC 5542.

Country Promotion CAT

Code Code Level TCC MCC Transaction Limit

Card Present Card Not Present

454 2 5542 USD 40 USD 0

Example 3

The issuer instructed Stand-In processing to use a transaction limit of USD 1,000
when the card is present and USD 450 when the card is not present, when the
Authorization Request/0100 message also contains Transaction Category Code
(TCC) O and country code 626. The issuer also instructed Stand-In processing
to use a transaction limit of USD 1,000 when the card is present and USD 750
when the card is not present, when the Authorization Request/0100 message
contains TCC H and country code 626.

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-12 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Tests

Country Promotion CAT

Code Code Level TCC MCC Transaction Limit

Card Present Card Not Present

626 O USD 1,000 USD 450

H USD 1,000 USD 750

Mandatory MasterCard Parameter Combinations

Issuers must have certain transaction limit parameter combinations to ensure
compliance with MasterCard established transaction limits. The required
parameter combinations are described on the following pages. These parameter
combinations apply to a specific BIN and use one of the 19 combinations
available to the issuer.

CAT Level 4 In-flight Commerce Gaming Parameter (MasterCard

established mandatory limits)

MasterCard limits apply only to in-flight commerce gaming, and not to other
in-flight commerce activity.

The following table shows the MasterCard mandated transaction limits for
In-flight Commerce Gaming transactions (CAT level indicator 4 with MCC
7995). MasterCard instructs Stand-In processing to use a transaction limit of
USD 350 when the card is present and USD 0 when the card is not present,
when the Authorization Request/0100 message contains CAT level indicator 4
and MCC 7995. Country code 000 shows that Stand-In processing applies these
transaction limits globally.

Coun-
try Promo- CAT
Code tion Code Level TCC MCC Transaction Limit

Card Card Not

Present Present
000 4 7995 USD 350 USD 0

Transaction Category Code Parameter (MasterCard-established minimum

limits or higher issuer-defined limits)

All issuers must have transaction limits by TCC. MasterCard has established
minimum TCC limits, which are defined in Chapter 7. Issuers may establish
higher limits for some or all TCCs, and they may establish different limits for
card present and card-not-present point-of-interaction situations.

Current issuer-defined TCC limits are reported by BIN to each issuer weekly on
the Authorization Parameter Summary Report (SI737010-AA).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-13
Stand-In Processing
Stand-In Tests

MasterCard Processing
To apply transaction limits parameters, MasterCard maintains a matrix for
each issuer that contains all of the parameter combinations for that issuer (up
to 19 combinations).

Each time an authorization request is forwarded to Stand-In processing,

the system sequentially reviews the matrix, stopping on the first parameter
combination that has matching criteria in the Authorization Request/0100
message, and using the limits established for that combination to process the
request.

Examples of Application of Transaction Limits Parameter Combinations

The following table shows parameter combinations established by an issuer for

a particular BIN.

This issuer chose to define three new parameter combinations (the first three in
the matrix), in addition to the two required parameter combinations (the last
two in the matrix). The fifth parameter combination in the matrix shows that
the issuer is using MasterCard default transaction limits for online issuers (see
“Setting Stand-In Parameters” for default limits) except for a higher limit defined
for TCC A when the card is present.

Sample Matrix

Se-
quence Country Promotion CAT TCC Transaction MCC Transaction
Number Code Code Level TCC Limit MCC Limit
Card
Card Card Not Card
Not
Present Present Present
Present
1 000 PM0111 5511 USD USD 500
2,000
2 454 2 5542 USD 40 USD 0

3 626 O USD 1,000 450

H USD 1,000 750

4 000 4 7995 USD 350 USD 0

5 000 T USD 250 USD 250

R USD 650 USD 650
F USD 300 USD 300
O USD 600 USD 600
H USD 1000 USD 1000
A USD 700 USD 500

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-14 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Tests

Se-
quence Country Promotion CAT TCC Transaction MCC Transaction
Number Code Code Level TCC Limit MCC Limit
Card
Card Card Not Card
Not
Present Present Present
Present
X USD 1,500 USD
1,500
Z USD 0 USD 0
U USD 250 USD 250
C USD 300 USD 300
P USD 0 USD 0

Example 1

Incoming Authorization Request/0100 message contains the BIN corresponding

to this matrix, country code 626, an indicator that the card is present, TCC O,
MCC 8062, and a transaction amount of USD 750.

For the Transaction Limits section of Stand-In processing, Stand-In reviews

the matrix line by line:

• Because the authorization request does not contain promotion code PM0111
and MCC 5511, processing continues past the first line.
• Because the request does not contain country code 454, CAT level indicator
2, and MCC 5542, it also continues past the second line.
• On the third line, country code 626 and TCC O in the matrix match
the country code and TCC in the Authorization Request/0100 message.
Because the matrix does not contain an MCC, processing uses the TCC in
the authorization request and disregards MCC 8062. Therefore, Stand-In
processing applies the transaction limits for this parameter combination.

Because the card is present, Stand-In processing applies a transaction limit of

USD 1,000 to this transaction. The transaction amount of USD 750 is less than
the limit, so it will pass this transaction limit test.

Example 2

Incoming Authorization Request/0100 message contains the BIN corresponding

to this matrix, country code 454, an indicator that the card is not present,
TCC A, MCC 3360, and a transaction amount of USD 550.

Stand-In processing reviews the matrix line by line:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-15
Stand-In Processing
Stand-In Tests

• Because the authorization request does not contain promotion code PM0111
and MCC 5511, processing continues past the first line.
• Although the request does contain country code 454, it does not contain
a CAT level indicator 2 or MCC 5542, and therefore it continues past the
second line.
• Because the request does not contain country code 626 and TCC O or H, it
also continues past the third line.
• Because the request does not contain CAT level indicator 4 and MCC 7995,
processing continues past the fourth line.
• On the fifth line, the country code is global (applies to any country), and
limits by TCC in the matrix match TCC A in the authorization request.
Therefore, Stand-In processing applies the transaction limits for this
parameter combination.

Because the card is not present and the authorization request contains TCC A,
Stand-In processing applies a transaction limit of USD 500 to this transaction.
The transaction amount of USD 550 is more than the limit, so it will fail this
transaction limit test.

Accumulative Limits Test

To perform the Accumulative Limits test, Stand-In processing compares the
cumulative number of transactions approved on the current day and over the
previous two, three, and four groups of days with the parameters for those
numbers designated by the issuer.

Stand-In processing also compares the cumulative amount of all transactions

approved on the current day and over the past two, three, and four groups of
days with the parameters for those amounts designated by the issuer.

Accumulative Limit Parameters

All issuers must have accumulative limits defined.

MasterCard has established minimum Accumulative limits, which are defined

in “Setting Stand-In Parameters.” Issuers may set limits that differ from the
MasterCard default limits, and may also define a separate subset of Cash
Disbursement Accumulative limits.

For example, assume the issuer designated the following accumulative limits:

Current Day four transactions and USD 1,200

Day 2 six transactions and USD 1,200
Day 3 six transactions and USD 1,200

Day 4 six transactions and USD 1,200

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-16 27 November 2013 • Authorization Manual
 Stand-In Processing
Exceptions and Additions to the Stand-In Process

A cardholder that had two transactions approved by Stand-In processing for a

total dollar amount of USD 500 on Day 1 would have available a maximum of
four more transactions and USD 700 that could be approved through Stand-In
during the following three days.

For an MO/TO request, if the cumulative number or dollar amount in the

request exceeds the limit established by the issuer, Stand-In processing
generates a response of “decline.”

For any other type of transaction, if the cumulative number or dollar amount
in the request exceeds the limit established by the issuer, Stand-In processing
generates a response of either “refer to card issuer” or “decline,” based on the
Decision Matrix.

Cash Disbursement Accumulator Test

Setting up the cash disbursement accumulator is optional.

To perform this test, Stand-In processing compares the cumulative amount of

approved cash disbursement transactions (with transaction category code C) for
the particular account with the issuer-established limits.

If the transaction amount plus the cumulative amount of cash disbursements

for the account exceed the established limits, Stand-In processing returns a
response of either “refer to card issuer” or “decline,” based on the Decision
Matrix (Accumulative Limits Test column).

Stand-In Response
If Stand-In processing performs all of the Stand-In tests without generating
a response of “decline,” “refer to card issuer,” or “capture card,” Stand-In
processing approves the authorization request. It also adds the transaction
amount to the cardholder’s accumulative record in preparation for the next
comparison with the Accumulative Limits.

Exceptions and Additions to the Stand-In Process

Stand-In processing performs the tests as described earlier in the order listed,
until it generates an authorization response.

For the following types of transactions, however, Stand-In processing modifies

processing or performs additional steps:

• Online Transactions
• Premium Listings
• Central Authorization Processing Service (CAPS) Accounts
• Purchase with Cash Back Transactions (PWCB)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-17
Stand-In Processing
Exceptions and Additions to the Stand-In Process

Online Transactions
Stand-In processing performs all steps of the testing process as described.

In addition, for online issuers, when Stand-In processing generates an

authorization response of “approved,” “decline,” or “capture card,” it also creates
a store-and-forward (SAF) advice message, which contains the transaction data
for the authorization request. The issuer can retrieve these SAF messages online
(described in “Online Authorization Messages.”

Premium Listings
To identify Premium Listings, issuers establish transaction limits and
accumulative limits in the Premium Listings Controls section of the Stand-In
Processing Worksheet.

1. If the transaction fails the Transaction Limits Test, Stand-In processing

applies the response designated in the Premium Limits Test section of
the Decision Matrix. If the transaction passes the Transaction Limits Test,
Stand-In processing proceeds to the Accumulative Limits Test.
2. During the Accumulative Limits Test, Stand-In processing applies the Days
and Count Limit parameters designated by the issuer in the Premium Listings
Controls section of the Stand-In Processing Worksheet.
3. If the transaction fails the Accumulative Limits Test, Stand-In processing
applies the response designated in the Premium Limits Test section of the
Decision Matrix.
4. If the transaction passes the Accumulative Limits Test, Stand-In processing
adds the transaction amount to the Premium Listings accumulation
amount for that cardholder. Stand-In processing compares the sum to
the Premium Listings amount designated in the Stand-In Account File. If
the transaction fails the Accumulative Amount Test for Premium Listings,
Stand-In processing applies the response designated in the Premium Limits
Test section of the Decision Matrix.
5. If the transaction passes the Accumulative Amount Test, Stand-In processing
applies the next test.

For more information, see “Setting Stand-In Parameters.”

CAPS Accounts
CAPS issuers list all of their positive accounts as Premium Listing accounts.

If Stand-In processing does not find a CAPS account listed in the Account
File with entry reason V, P, or R, during the Account File test, it generates a
response of “decline.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-18 27 November 2013 • Authorization Manual
 Stand-In Processing
Exceptions and Additions to the Stand-In Process

In addition, for CAPS issuers, whenever Stand-In processing generates an

authorization response of “decline,” it also creates a record for the CAPS
Sequential Response File with an R in the Response Indicator field and a space
in the Reject Reason field.

For more information, see “Setting Stand-In Parameters.”

Purchase with Cash Back Transactions

Issuers have the option to choose whether Purchase with Cash Back (PWCB)
transactions are eligible for processing by the Stand-In System. An issuer may
choose to allow PWCB for only PIN-based transactions, only signature-based
transactions, or allow both PIN and signature-based transactions to be processed
by the Stand-In System.

If the issuer chooses not to allow PIN-based transactions, signature-based

transactions, or both, PWCB transactions to be processed by the Stand-In
System, the Authorization Platform declines the transaction and generates an
Authorization Request Response/0110 message containing DE 39 (Response
Code), value 91 (Authorization System or Issuer system inoperative).

If the issuer allows Stand-In processing of PWCB transactions, the following

applies.

Transaction Limits Test

The purchase and cash portions of a PWCB transaction are tested against
separate transaction limits:

• The purchase portion (DE 4 [Amount, Transaction] minus the cash amount
in DE 54 [Additional Amounts]) is tested against the Transaction Category
Code Global Parameters or Expanded Parameters established by the issuer.
• The cash portion (cash amount in DE 54) is tested against the Transaction
Category Code Global Parameters for PWCB established by the issuer.

Accumulative Limits Test

The purchase and cash portions of a PWCB transaction are tested against
separate accumulative limit tests:

• The purchase portion (DE 4 [Amount, Transaction] minus the cash amount
in DE 54 [Additional Amounts]) is tested against the Accumulative Limit
amount established by the issuer.
• The cash portion (cash amount in DE 54) is tested against the Cash
Disbursement Accumulative Limit amount established by the issuer.

Stand-In processing refers to the issuer’s Decision Matrix to determine the

authorization response. If an acquirer can process a purchase amount only
response, Stand-In processing may provide DE 39 (Response Code), value 87
(Purchase Amount Only, No Cash Back Allowed) when the purchase portion of
the PWCB transaction passes a given limit test and the cash portion fails.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-19
Stand-In Processing
Card Level Support

Card Level Support

Card level support for transactions processed by the Stand-In System allow
issuers to distinguish between individual cards when the same primary account
number (PAN) is used for multiple cards.

Card level support allows issuers to list accounts in the Stand-In Account File
at the individual card level for a particular entry reason such as lost, stolen,
premium account. Card level support also allows issuers to have the Stand-In
System process accumulative limits at the individual card level.

Issuers must notify MasterCard for each account range for which they want to
participate in card level support using the Card Level Support Form (Form 760).

Issuers that participate in card level support must ensure that the following card
level information is present on cards within the specified range:

• Card Sequence Number—Three-position card sequence number

distinguishes between cards that use the same PAN. This three-position
number is located in the discretionary data field of Track 2 data in the
magnetic stripe on the back of each card. For chip cards, the number is
encoded on the chip in the EMV data element 5F34 (Application PAN
Sequence Number).
• Card Expiration Date—Expiration date of the listed card.

Stand-In processing requires the presence of the following data elements in

authorization requests associated with account ranges that participate in card
level support:

• Card Sequence Number—DE 35 (Track 2 Data) contains the card sequence

number.
• Card Expiration Date—DE 14 (Date, Expiration), DE 35 (Track 2 Data)
may contain the card expiration date.

WHEN… THEN Stand-In processing…

The card sequence number or card Rejects the Authorization Request/0100

expiration date is not present in message by returning a DE 39 (Response
Authorization Request/0100 messages Code) of 05 (Do not honor) in the
that are sent to Stand-In for authorization Authorization Request Response/0110
processing message.

Card Validation Code 1 Verification in Stand-In Processing

Card validation code 1 (CVC 1) verification in Stand-In processing provides
additional protection during Stand-In processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-20 27 November 2013 • Authorization Manual
 Stand-In Processing
Card Validation Code 1 Verification in Stand-In Processing

When the issuer times out or is unavailable, normal Stand-In processing runs
through a series of tests to determine an authorization response. If the issuer is
signed up for CVC 1 verification, Stand-In processing performs an additional
test to verify that the CVC 1 is valid.

MasterCard requires that participating issuers provide confidential security data

known as Data Encryption Standard (DES) keys to MasterCard for each account
range that participates in CVC 1 verification in Stand-In processing.

MasterCard offers the following options for CVC 1 verification in Stand-In

processing:

• Allow issuers to assign multiple sets of DES keys to an account range.

• Allow issuers to assign a single set of DES keys to an account range.

The issuer will receive DE 48 (Additional Data—Private Use), subelement

87 (Card Validation Code Result) in the Stand-In Authorization Advice/0120
message when the CVC 1 validation result was not valid.

CVC 1 verification in Stand-In processing is an optional service.

NOTE
The CVC 2 value does not apply to CVC 1 verification in Stand-In processing.

Reporting CVC 1 Verification in Stand-In Processing

Regardless of the CVC 1 verification method you are using—multiple sets of

DES keys or a single set of DES keys—the results of CVC 1 verification in
Stand-In processing appear on the following reports:

All Customers

• Authorization Summary Report (AB505010-AA)—The Fail Reason category

“Invalid Chip/CVC” on the Stand-In section of this report lists transactions
that failed because any of the following occurred:

– Invalid CVC (failed the CVC 1 test)

– Invalid chip (failed the M/Chip Validation test)
– Magnetic stripe CVC errors in DE 48 (failed at the MIP)
• Authorization Parameter Summary Report (SI737010-AA)—Participation in
CVC 1 Verification in Stand-In processing displays in the On-behalf Services
section of the report.

Online Customers

Store-and-forward records contain value 0028 in positions 4–7 of DE 60 (Advice

Detail Code) and the MCBS Issuer Authorization Detail Report contains value
0028 under “FAIL RSN.”

CAPS Customers

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-21
Stand-In Processing
Stand-In Investigation Service

Stand-In Daily Activity Report (SI441010-A)—The fail reason code 28 on this

report indicates an authorization transaction that contained either an invalid
CVC 1 or magnetic stripe CVC 1 errors.

For a complete list of magnetic stripe CVC errors, see the Customer Interface
Specification manual.

To Participate

To implement the CVC 1 service, complete the Key Validation Service

Specification Form (Form 735).

For More Information

For more information about the DES keys, see the On-behalf Key Management
(OBKM) Procedures and On-behalf Key Management (OBKM) Interface
Specifications manuals.

Stand-In Investigation Service

The Stand-In Investigation Service (SIS) detects suspicious authorization
requests processed by the Stand-In System through the Dual Message System.
All issuers that use MasterCard Stand-In processing services must use Stand-In
Investigation Service.

About Stand-In Investigation Service

SIS is a proprietary analytical tool that alerts MasterCard when authorization

requests processed by the Stand-In System through the Dual Message System
indicate certain risk factors. The nature of these MasterCard fraud alerts and
the limited cardholder-specific information available during Stand-In processing
makes it necessary for MasterCard to investigate suspicious authorization
requests to determine if there may be suspicious activity and whether further
action is necessary.

How It Works

MasterCard uses SIS to detect and advise issuers about suspicious authorization
requests.

When SIS alerts MasterCard about a suspicious authorization request,

MasterCard:

• Determines whether the suspicious authorization request is high-risk.

• Sends an email message to the issuer’s Authorization and Security Contacts
listed in the Member Information tool to request additional information
about the suspicious authorization request.
• Requests the issuer to confirm that the suspicious transactions are fraudulent
and to provide MasterCard with further instructions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-22 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Investigation Service

Time is critical in resolving these SIS alerts because Stand-In processing will
continue to approve authorization requests that meet the issuer’s approval
criteria unless and until blocked by the issuer or by MasterCard. Once alerted
by SIS, MasterCard will monitor authorization requests for the affected issuer
on a daily basis until the vulnerabilities are fully resolved in collaboration with
the issuer.

If MasterCard concludes that the issuer’s authorization requests remain highly

suspicious, MasterCard may exercise its authority to block further Stand-In
authorization requests (such as by BIN range blocking, or blocking specific
countries, types of transactions, or accounts) until the concern is resolved with
the affected issuer.
NOTE
While MasterCard strives to detect suspicious authorization requests, it may not
detect all of them. Issuers remain responsible for all approved authorization
requests involving accounts that they have issued.

Description of Services

SIS includes the following services.

Service Requirement Description

SIS Attack Mandatory MasterCard investigates suspicious
authorization requests and works with the
affected issuers to verify and help eliminate
identified vulnerabilities.
SIS Warning Mandatory MasterCard monitors the Stand-In System
authorization requests for early signs of
fraudulent activity. In addition, MasterCard
investigates and works with the affected
issuers to verify and help eliminate
identified vulnerabilities.
SIS Monitoring Optional This optional service allows issuers to
request customized monitoring of their
Stand-In transactions by MasterCard
using customized transaction monitoring
parameters.

SIS Attack
The SIS Attack service detects and scores suspicious authorization requests
processed by the Stand-In System through the Dual Message System, followed
by a MasterCard investigation of these authorization requests.

The scope of the investigation depends on the nature of the fraudulent activity.
In situations where time is critical, MasterCard may implement fraud prevention
measures on the issuer’s behalf.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-23
Stand-In Processing
Stand-In Investigation Service

During this investigative stage, MasterCard fraud investigators may perform any
one or more of the following:

• Create a case to document and manage this suspicious activity investigation

• Give priority to the highest scoring Stand-In transactions
• Perform an investigation of the transaction

If MasterCard determines the activity to be high risk, MasterCard will:

• Send a SIS Attack notification to the issuer’s Authorization and Security

Contacts listed in the Member Information tool1
The “Subject” line of the SIS Attack email notification will read as follows:
URGENT! Stand-In Investigation Service (SIS) Attack Notification—Imme-
diate Action Required—Country: xxxxx; ICA xxxx; Ticket# xxxxx
• Await issuer instructions to resolve the situation
• Continue to monitor the issuer’s transactions to determine if the suspicious
transactions escalate
• Should MasterCard deem it necessary or appropriate, and with or without
issuer input, take action to eliminate or minimize fraudulent activity,
which could include BIN range blocking, blocking specific countries,
types of transactions or accounts, or other actions that MasterCard deems
appropriate.
• Monitor the issuer’s transactions to determine the impact of the short-term
solution
• Perform monitoring of further authorization activity
• Continue to attempt to contact the issuer if it has not responded, escalating
if necessary
• Work with the issuer to resolve the concern
• Close out the case, review for lessons learned, and revise fraud detection
rules as needed

SIS Warning
For the SIS Warning service, MasterCard created different monitoring parameters
to detect fraudulent activity at the earliest stages of the suspicious activity.
These investigative parameters are designed to verify the original suspicions
and cause MasterCard to notify the issuer.

1. An analyst for the issuer must review the SIS email notification to determine whether further action is
warranted and instruct MasterCard regarding the next actions to take.

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-24 27 November 2013 • Authorization Manual
 Stand-In Processing
Stand-In Investigation Service

SIS Monitoring
An issuer may also request customized pro-active monitoring of its Stand-In
authorizations using customized monitoring parameters.

An issuer may find the SIS Monitoring service useful when it expects to see an
unusually large number of authorization requests routing through Stand-In
processing. MasterCard will meet with the issuer to develop a monitoring plan
and criteria that aligns with the issuer’s risk tolerance.

MasterCard will subsequently use the issuer’s risk tolerance to create automated
monitoring criteria. Typically, these criteria will supplement the issuer’s Stand-In
parameters. The issuer benefits from having a MasterCard fraud investigator
ready to review any transactions meeting its fraud criteria. The issuer will
receive daily and weekly status reports about its Stand-In processing. To request
this optional service, please contact the Customer Operations Services team.

Fees
MasterCard will only charge fees to issuers that receive MasterCard notifications
of its investigation into suspicious authorization requests.

Issuers can minimize or eliminate the MasterCard daily monitoring fee by

responding to a MasterCard fraud notification by the close of the next business
day (St. Louis, Missouri, USA time). Stand-In processing transaction fees remain
unchanged.

See the MasterCard Consolidated Billing System manual for fees and billing
information.

Action Required
Issuers should review their Authorization and Security Contacts in the Member
Information tool to ensure that the information is complete and accurate.
Issuers should also have processes in place that ensure that the contact
information remains current.

Internal procedures should be in place that enable issuer staff to promptly

review the fraud-related information provided by MasterCard. Issuers should
be responsive to MasterCard contact requests when suspicious authorization
activity occurs and provide the best course of action to prevent additional
fraud losses.
NOTE
Responding within 24 hours of the MasterCard request is the best business
practice.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 6-25
Stand-In Processing
Stand-In Investigation Service BIN Blocking

Stand-In Investigation Service BIN Blocking

Issuers can protect their accounts throughout the various stages of the BIN
lifecycle. If fraudulent activity is detected within Stand-In by the Stand-In
Investigation Service (SIS), MasterCard will activate Stand-In and X-Code Range
Blocking on BIN(s) as appropriate based on SIS procedures, and notify the
issuer’s security and authorization contact of the activation, unless the issuer
opts out.

An issuer that does not want MasterCard to automatically activate Range

Blocking to prevent detected fraud attacks in Stand-In processing must
notify MasterCard in writing by completing the Stand-In Investigation
Service BIN Blocking—Refusal Form (Form 1100) and submitting the form to
[email protected] or via fax.

©1983–2013 MasterCard. Proprietary. All rights reserved.

6-26 27 November 2013 • Authorization Manual
Chapter 7 Setting Stand-In Parameters
This section outlines the responsibilities of online issuers and CAPS issuers to establish
Stand-In parameters and the procedures for doing so.

Establishing Parameters ................................................................................................................. 7-1

To Complete the Worksheet .................................................................................................... 7-1
Default Values.......................................................................................................................... 7-2
On Every Page......................................................................................................................... 7-2
When Changes are Effective .................................................................................................... 7-3
New or Existing Account Ranges ................................................................................................... 7-3
Brand Product Categories .............................................................................................................. 7-3
Important Dates ............................................................................................................................. 7-3
Telephone Numbers ...................................................................................................................... 7-4
How to Complete this Section ................................................................................................. 7-4
How MasterCard Uses this Information ................................................................................... 7-4
Hours of Operation for Call Referral Center .................................................................................. 7-4
How to Complete this Section ................................................................................................. 7-5
One Opening and One Closing Within One Day .............................................................. 7-5
Two Openings and Closings Within One Day................................................................... 7-6
Daylight Saving Time Date Range ..................................................................................... 7-7
Coordinated Universal Time (UTC) Offset......................................................................... 7-7
How Stand-In Processing Uses this Information...................................................................... 7-8
Noncompliance Assessments ................................................................................................... 7-8
Holidays for Call Referral Center ................................................................................................... 7-8
Transaction Category Code Global Parameters .............................................................................. 7-9
How to Complete this Section ............................................................................................... 7-10
How Stand-In Processing Uses this Information.................................................................... 7-10
Country Level Authorization Service............................................................................................ 7-11
Transaction Category Code Local Use Parameters ....................................................................... 7-11
How to Complete this Section ............................................................................................... 7-12
How Stand-In Processing Uses this Information.................................................................... 7-12
Accumulative Limits ..................................................................................................................... 7-13
How to Complete this Section ............................................................................................... 7-13
Accumulative Limits Example .......................................................................................... 7-14
How Stand-In Processing Uses this Information.................................................................... 7-14
Decision Matrix............................................................................................................................ 7-15

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-i
Setting Stand-In Parameters

How to Complete this Section ............................................................................................... 7-15

How Stand-In Processing Uses this Information.................................................................... 7-16
Premium Listings.......................................................................................................................... 7-16
How to Complete this Section ............................................................................................... 7-17
How Stand-In Processing Uses this Information.................................................................... 7-18
Range Blocking............................................................................................................................ 7-18
How to Complete this Section ............................................................................................... 7-18
How On–behalf Processing Uses this Information ................................................................ 7-19
Expanded Parameter Combinations............................................................................................. 7-19
How to Complete this Section ............................................................................................... 7-19
How Many Limits You Can Establish ............................................................................... 7-20
How Stand-In Processing Uses this Information.................................................................... 7-21
Stand-In Processing Options for Purchase with Cash Back ......................................................... 7-21
Limit-1 Processing ........................................................................................................................ 7-22
Customer Specific Index (CSI) Parameters for Product Graduation ............................................. 7-23
How to Complete This Section .............................................................................................. 7-23
How Stand-In Processing Uses this Information.................................................................... 7-25
Accumulative Customer Specific Index (CSI) Limits for Product Graduation............................... 7-25
How to Complete this Section ............................................................................................... 7-26
Accumulative Limits Example .......................................................................................... 7-26
How Stand-In Processing Uses this Information.................................................................... 7-27
Store-and-Forward Delivery Parameters ...................................................................................... 7-27
How to Complete this Section ............................................................................................... 7-28
How Stand-In Processing Uses this Information.................................................................... 7-28

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-ii 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Establishing Parameters

Establishing Parameters
To generate authorization responses, Stand-In processing must have issuer
parameters on file.

The Stand-In Processing Worksheet (Form 041) is used to establish parameters,

and should only be used if sent by your Customer Implementation Services
project manager.

To modify current Stand-In parameters, issuers must use Manage My Accounts

> Modify Stand-In Parameters on MasterCard Connect™. The Manage
My Accounts application is available to all MasterCard customers through
MasterCard Connect.

The Stand-In Processing Worksheet is required for all issuers. Issuers must
complete at least one worksheet for each issuing ICA number. Once MasterCard
BINs are assigned to an issuer, all transactions occurring on accounts within the
BIN are the responsibility of the issuer.

Issuers may list multiple account ranges on one worksheet if both of the
following statements are true:

• You are available to respond to call referrals for all listed account ranges
at the phone numbers that you list during the times that you list on the
worksheet.
• You want to establish the same parameters for all listed account ranges.

If different account ranges have different hours of operation for referral

handling or different parameters, you must complete a separate worksheet
for each account range.

To Complete the Worksheet

To complete the Stand-In Processing Worksheet, follow these steps. Complete
this worksheet only when sent by your Customer Implementation Services
project manager.

1. Determine how much of the form you need to complete.

IF you are filling out the

form… THEN you must complete…

For the first time The entire form

To update your existing Only the applicable pages of the form

parameters

2. Copy the appropriate pages of the form.

3. Complete the appropriate pages of the form.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-1
Setting Stand-In Parameters
Establishing Parameters

4. On each page that you complete, print your name (the person who
completed the form) on the Contact Name line, sign your name on the
Contact Signature line, write your Phone number, and provide the
Completed date.
5. Fax or mail the completed pages to:

MasterCard Worldwide
Attention: Customer Operations Services
2200 MasterCard Boulevard
O’Fallon MO 63368-7263
USA
Fax:1-636-722-7192

Default Values
MasterCard has established minimum and maximum values for certain
parameters. The form lists these minimum and maximum values.

• If you do not establish higher limits by writing your higher limits on the
form, MasterCard applies the minimum limits as default values for your
limits.
• If you want MasterCard to set the minimum limits as your limits, select the
default check box on the form above the place to establish your limits.

Setting Limits Lower than the MasterCard Minimums

MasterCard has set Franchise Standard default limit values by product type. The
default values for single transaction limits by category and accumulative limits
can be found on page 4 and page 6 of the Stand-In Processing Worksheet (Form
041), respectively. These default limit parameter standards are mandatory for
all U.S. issuers of MasterCard credit and Debit MasterCard cards, as well as
non-U.S. MasterCard credit card issuers observing only the following exceptions
that are allowed to be lower:

• Card not present values

• MO/TO and electronic commerce (TCC T) and Cash Disbursement (TCC
C) values
• Expanded Parameter Combination limits (records containing CAB, Promo
Code, CAT Level, or country specific)

For questions about Stand-In limits, contact the Customer Operations Services
team.

On Every Page
This information should be included on each page of the worksheet, with
the exception of the following pages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-2 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
New or Existing Account Ranges

• Customer Specific Index Parameters for Product Graduation

• Accumulative Customer Specific Index Limits for Product Graduation
• Store-and-Forward Delivery Parameters

Account Range: Enter the account range.

ICA: Enter the six-digit ICA number.

Card Program: Enter the three-digit product code for which the values on
this worksheet apply. For a complete list of valid values, refer to DE 63
(Network Data), subfield 1 (Financial Network Code) in the Customer Interface
Specification manual.

When Changes are Effective

Changes submitted in these sections will be effective after Customer Operations
Services receives complete, accurate, and legible information. Confirm the
effective date of these changes with the Customer Operations Services team.

New or Existing Account Ranges

You must specify if this request is for a new account range or an existing
account range.

IF this request is for… THEN…

A new account range Select the check box before a new account range.
An existing account range Select the check box before an existing account
range.

You should use a separate form for new or existing account ranges.

Brand Product Categories

For information about brand product categories and associated card products,
see the Stand-In Processing Worksheet—Brand Product Categories Addendum
(Form 041a). Customers can use this addendum when completing the
Transaction Category Code Global Parameters, Accumulative Limits, and
Accumulative Customer Specific Index (CSI) Limits for Product Graduation
sections of the worksheet.

Important Dates
The important dates section is required.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-3
Setting Stand-In Parameters
Telephone Numbers

The important dates section allows you to inform the Customer Operations
Services team of the dates you want the requested account range and ICA
number to be live. Additionally, you can inform the Customer Operations
Services team of the date you intend to begin issuing cards with the requested
account range and ICA number.

How MasterCard Uses this Information

MasterCard will attempt to accommodate your requested live date. Customer

Operations Services will confirm this date, dependent on the receipt of
complete, accurate, and legible information.

Telephone Numbers
The telephone numbers section is required.

This section allows you to designate the phone numbers for departments within
your organization that support authorization processes.

How to Complete this Section

To designate the phone number for the Call Referral Center and processor
name, complete the following fields.

Phone Number for Call Referral Center (for the center that will receive the
call referral phone call): Enter the phone number that acquirers use to call for
authorization when you (or Stand-In processing) issue call referral responses.
This is the phone number to which Global Automated Referral Service (GARS)
calls are connected

Processor Name (if applicable): If you use a processor, enter its name.

How MasterCard Uses this Information

The Global Automated Referral Service (GARS) and the Customer Operations
Services team use these phone numbers when contacting the issuer.

Hours of Operation for Call Referral Center

The hours of operation for call referral center section is required.

This section allows you to specify the times when your call referral center is
available to accept call referrals.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-4 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Hours of Operation for Call Referral Center

How to Complete this Section

If you are available for call referral handling 24 hours a day, 7 days a week,
select the Check this box for default of open 24 hours, 7 days a week check
box.

If you are not available for call referral handling 24 hours a day, 7 days a week,
read the following explanations:

• The times specified between “Open” and “Close” must include all of the
times that you are available for call referral handling within the hours
00:00–24:00 on each day. If your call center was open Monday night and is
still open Tuesday morning until 01:00, for example, you must show the
first Open/Close times on Tuesday as: 00:00–01:00.
• The Open time for each associated Close time must be less than the Close
time. If your call center opens at 05:00, for example, it must close later than
05:00. If the Open time is 05:00, a Close time of 24:00 is valid. If the Open
time is 05:00, a Close time of 01:00 is not valid.

Complete each column as described below. The time in any Open column
may not be earlier than 00:00, and the time in any Close column may not be
later than 24:00.

1. In the first column (Open), enter the first time (beginning at 00:00, which is
midnight) that your facility is available to handle call referrals. This could
be as early as 00:00, which may mean that your facility is still open from
the previous night.
2. In the second column (Close), enter the first time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility is unavailable to
handle call referrals.
3. In the third column (Open), enter the second time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility opens to handle
call referrals. This time must be greater than the time in the second column.
4. In the fourth column (Close), enter the next time during that 24-hour day
(between the hours of 00:00 and 24:00) that your facility stops being
available to handle call referrals. If your facility stays open through the night
and into the next day, you must still enter 24:00 (midnight) as the closing
time for this day. In this case, the next day opens at 00:00 (also midnight).

One Opening and One Closing Within One Day

If you open your facility once and close it once within the same day, between
the hours of 00:00 and 24:00, use the first two columns to record your hours
of operation.

The following example illustrates sample hours of operation for a facility that is
available at these times:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-5
Setting Stand-In Parameters
Hours of Operation for Call Referral Center

• From 05:00 to 24:00 every day except Sunday

• From 10:00 to 17:00 on Sunday

Example—One Opening and One Closing

Open (HH:MM) Close (HH:MM) Open (HH:MM) Close (HH:MM)

Monday 05:00 24:00 : :

Tuesday 05:00 24:00 : :

Wednesday 05:00 24:00 : :

Thursday 05:00 24:00 : :

Friday 05:00 24:00 : :

Saturday 05:00 24:00 : :

Sunday 10:00 17:00 : :

Two Openings and Closings Within One Day

If you open and close your facility more than once between the hours of 00:00
and 24:00 on any given day, use all four columns to record your hours of
operation. Remember to show all of the times that you are available for call
referral handling within the hours 00:00–24:00 on each day.

The following example illustrates sample hours of operation for a facility that is
available to handle call referrals during these times:

• Open from 07:00 Monday to 01:00 Tuesday

• Open from 07:00 Tuesday to 01:00 Wednesday
• Open from 07:00 Wednesday to 01:00 Thursday
• Open from 07:00 Thursday to 01:00 Friday
• Open from 07:00 Friday to 01:00 Saturday
• Open from 07:00 Saturday to 01:00 Sunday
• Closed between 01:00 Sunday and 07:00 Monday

Example—Two Openings and Two Closings

Open (HH:MM) Close (HH:MM) Open (HH:MM) Close (HH:MM)

Monday 07:00 24:00 : :

Tuesday 00:00 01:00 07:00 24:00

Wednesday 00:00 01:00 07:00 24:00

Thursday 00:00 01:00 07:00 24:00

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-6 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Hours of Operation for Call Referral Center

Open (HH:MM) Close (HH:MM) Open (HH:MM) Close (HH:MM)

Friday 00:00 01:00 07:00 24:00

Saturday 00:00 01:00 07:00 24:00

Sunday 00:00 01:00 : :

Daylight Saving Time Date Range

The daylight saving time date range does not apply if the call referral center
is open 24 hours, 7 days a week with no holidays.

If the call referral center is not open 24 hours, 7 days a week with no holidays,
follow these steps:

1. Specify whether your call referral center uses daylight saving time.

IF the local time of your

Call Referral Center… THEN...

Does not use daylight Select the Check this box if the local time for the Call
saving time Referral Center does not use daylight saving time
check box.
Do not fill out the rest of this section.

Uses daylight saving time Go to step 2.

2. After From: provide the month, day, and year (MMDDYY) and the hour
and minute (HH:MM) that daylight saving time begins (in your local time).
3. After To: provide the month, day, year, hour, and minute that it ends (in
your local time).

Coordinated Universal Time (UTC) Offset

The UTC offset does not apply if the call referral center is open 24 hours, 7
days a week with no holidays.

If the call referral center is not open 24 hours, 7 days a week with no holidays,
follow these steps:

1. Specify whether the local time for your Call Referral Center is behind or
ahead UTC.

IF local time for your Call

Referral Center is… THEN…

Behind UTC Select the check box before Behind (“-”) UTC.

Ahead UTC Select the check box before Ahead (“+”) UTC.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-7
Setting Stand-In Parameters
Holidays for Call Referral Center

2. On the same line that you selected the check box, enter the amount of
time difference (in hours and minutes) between the local time for your
call referral center and UTC.

How Stand-In Processing Uses this Information

If Stand-In processes a transaction, Stand-In processing issues call referrals
only during the hours that you establish as “open” on this form. Your call
referral center must be available to take call referrals during the hours that
you establish as open on this form.

Noncompliance Assessments
Issuers must be available to take call referrals during the hours that they
establish as “open” on the Stand-In Processing Worksheet. MasterCard examines
issuer transactions for the week and compares them to the Hours of Operation
that the issuer indicates on this worksheet. Stand-In processing issues call
referrals only during the hours that the issuer establishes as “open.”
NOTE
The issuer is charged a fee for each day that it issues call referrals during the
hours that it establishes as “closed” on the Stand-In Processing Worksheet.

The issuer also is charged a fee for each call referral that it issues during the
hours that it establishes as “closed” on the Stand-In Processing Worksheet.

For more information about noncompliance assessments and for a complete

description of the billing events for authorization services, see the MasterCard
Consolidated Billing System manual.

Holidays for Call Referral Center

The holidays for call referral center section is required.
NOTE
Issuers must complete and submit this section of the worksheet every year.

This section tells MasterCard the times when your call referral center availability
differs from the schedule that you provided in the hours of operation for call
referral center section.

How to Complete this Section

To provide information for the holidays for call referral center section, follow
these steps.

1. After For Year at the top of the page, enter the year for which these
holidays apply.
2. Specify whether your call referral center is closed for holidays.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-8 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Transaction Category Code Global Parameters

IF your Call Referral

Center... THEN…

Does not close for any Select the Check this box for default of no holidays
holidays check box.
Do not complete any more of this section.

Closes for holidays Go to step 3.

3. For each day that you will not be available as stated under Call Referral
Center Hours of Operation, enter the month and day under MM/DD.
4. If you can accept call referrals for part of a holiday, enter the times that you
will be available under Open and Close.

How Stand-In Processing Uses this Information

Stand-In processing issues call referrals only during the hours that you establish
as open in this section. Stand-In processing will not issue call referrals when
your call referral center is closed for a holiday.

Transaction Category Code Global Parameters

The transaction category code (TCC) global parameters section is required.
Provide information in this section only if your account range is a global use
account range.
NOTE
You should only complete page 4 of the worksheet if the account range you are
completing the worksheet for is not a Local Use Only Account Range. If it is a
Local Use Only Account Range, provide information about your TCC parameters
on page 5, “Transaction Category Code Local Use Parameters” and “Transaction
Category Code Global Parameters.”

The TCC global parameters section allows you to set dollar limits for
authorization transactions, based on a variety of parameters, which apply to
all countries. If you want to set Stand-In processing limits in a currency other
than U.S. dollars and you have not already provided the issuer’s cardholder
billing currency to MasterCard, you must complete the Currency Conversion
Parameters—Acquirer and Issuer Usage form.

For More Information

For more information about:

• Global limits—see the MasterCard Consolidated Billing System manual.

• Brand product categories and associated card products—see “Brand Product
Categories.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-9
Setting Stand-In Parameters
Transaction Category Code Global Parameters

How to Complete this Section

The worksheet allows you either to choose default limits, which MasterCard
has already established, or to specify your own limits in U.S. dollars or the
issuer’s cardholder billing currency.

You can establish distinct transaction limits for:

• Transaction category codes (TCCs)

• Card present at the point of interaction or card not present at the point
of interaction (POI)

IF you want to… THEN…

Use the MasterCard default limits for this Select the Check this box to use the
global parameter combination minimum/default values in U.S. dollars
(same values for card present and card not
present) check box.

Establish transaction limits that are
greater than the default limits shown on
the form
−Or−
Establish different limits for card present
and card-not-present POI situations
Enter the dollar amounts under the Card
Present and Card Not Present columns.
Note: Issuers may not designate
transaction limits that are less than the
MasterCard defaults.

Define limits for Stand-In processing in Enter the three-digit currency code.
U.S. dollars or issuer’s cardholder billing
currency

Have Stand-In processing skip the
Transaction Limits test
Enter value A for the Transaction Limits
test in the Decision Matrix on page 7 of
the worksheet.
Note: Stand-In processing will apply only
Accumulative Limits if value A appears in
the Decision Matrix for the Transaction
Limits test.

Establish different limits than the Use card program CBP, and then set dollar
assigned default limits for Purchase with limits in the Card Present column.
Cash Back transactions Note: Purchase with Cash Back is not
valid for card-not-present transactions.

How Stand-In Processing Uses this Information

Stand-In processing uses these limits during the Transaction Limits test.

Stand-In applies the limits based on the characteristics of each authorization

request. If the characteristics of the authorization request, for example, are
TCC O and card not present, Stand-In processing applies the limits that you
established for that particular situation.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-10 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Country Level Authorization Service

Country Level Authorization Service

The country level authorization service is an optional service.

This section allows issuers of local-use-only cards to have the Authorization

Platform automatically decline all local-use-only authorization outside of their
country.

How to Complete this Section

The worksheet allows you to choose an option that will allow the Authorization
Platform to decline all traffic acquired outside of the home country.

IF you want to… THEN…

Authorize transactions to be blocked in Do not select the Local Traffic Only check
Stand-In only at the values defined in box.
the Transaction Category Code Local
Use Parameters section

Allow the Authorization Platform to Select the Local Traffic Only check box.
decline all traffic acquired outside of the
home country

How Stand-In Processing Uses this Information

Stand-In uses this information to determine whether to authorize transactions to

be blocked in Stand-In at the values defined in the Transaction Category Code
Local Use Parameters section or allow the Authorization Platform to decline all
traffic acquired outside of the home country.

Transaction Category Code Local Use Parameters

The transaction category code (TCC) local use parameters section is required
for customers using Local Use Only Account Ranges. Provide information in
this section only if your account range is a Local Use Only Account Range.
NOTE
You should only complete page 5 of the worksheet if the account range you are
completing the worksheet for is a Local Use Only Account Range. If it is a global
use account range, provide information about your TCC parameters on page 4,
“Transaction Category Code Global Parameters.”

The TCC local use parameters section allows you to set limits for authorization
transactions, based on a variety of parameters, that apply to the home country
assigned for your Local Use Only Account Range. Global Parameters will be set
to zero automatically for Local Use Only Account Ranges.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-11
Setting Stand-In Parameters
Transaction Category Code Local Use Parameters

If you want to set Stand-In processing limits in a currency other than U.S. dollars
and you have not already provided the issuer’s cardholder billing currency to
MasterCard, you must complete the Currency Conversion Parameters—Acquirer
and Issuer Usage (Form 391).

For information about charges for global limits, see the MasterCard Consolidated
Billing System manual.

How to Complete this Section

The worksheet allows you to specify your own limits for your Local Use Only
Account Range.

You can establish distinct transaction limits for:

• Transaction category codes (TCCs)

• Card present at the point of interaction or card not present at the point
of interaction (POI)

IF you want to… THEN…

Establish distinct transaction limits for
different TCCs
−Or−
Establish different limits for card present
and card-not-present POI situations
Enter the amounts under the Card Present
and Card Not Present columns.
Note: TCC limits lower than the MasterCard
defined defaults for card-not- present
transactions are allowed.

Define limits for Stand-In processing in Enter the three-digit currency code.
U.S. dollars or issuer’s cardholder billing
currency

Have Stand-In processing skip the
Transaction Limits test
Enter value A for the Transaction Limits
test in the Decision Matrix on page 7 of
the form.
Note: Stand-In processing will apply only
Accumulative Limits if value A appears in
the Decision Matrix for the Transaction
Limits test.

How Stand-In Processing Uses this Information

Stand-In processing uses these amount limits during the Transaction Limits test.

Stand-In applies the limits based on the data in each authorization request.
If the data in the authorization request is TCC O and card not present, for
example, Stand-In processing applies the limits that you established for that
particular situation.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-12 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Accumulative Limits

Accumulative Limits
The accumulative limits section is required.

This section allows you to establish the cumulative number and amount of
transactions allowed over a range of four days.

If you want to set Stand-In processing limits in a currency other than U.S. dollars
and you have not already provided the issuer’s cardholder billing currency to
MasterCard, you must complete the Currency Conversion Parameters—Acquirer
and Issuer Usage form.

For More Information

For more information about brand product categories and associated card
products, see “Brand Product Categories.

How to Complete this Section

The worksheet allows you either to choose default values, which MasterCard
has already established, or to specify your own values.
NOTE
Carefully select the values for these fields because a cardholder can easily reach
the limits without spending a large amount.

IF you want to… THEN…

Use the MasterCard default values Select the Check this box to use the
minimum/default values listed below
check box.

Define limits for Stand-In processing in Enter the three-digit currency code.
U.S. dollars or issuer’s cardholder billing
currency

Establish issuer-specific accumulative Enter the limits in the spaces provided,

limits under Number of Approved Transactions
Allowed and Accumulative Approved
Allowed. Enter an amount for each
column and for each of the Day Ranges
(1, 2, 3, and 4).
Note: Issuers may not designate
accumulative limits that are less than the
MasterCard defaults.

NOTE
Day 1 of the issuer’s accumulative limit must be equal to or greater than the
issuer’s highest TCC global limit.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-13
Setting Stand-In Parameters
Accumulative Limits

Accumulative Limits Example

This example shows a completed set of accumulative limits.

In this example, which uses the MasterCard default amounts, Stand-In

processing will approve a maximum of four transactions within any span of
four days. Stand-In processing will approve as many as:

• Four transactions on the current day

• Six transactions between the previous day and the current day
• Six transactions across a three-day span
• Six transactions across any four days

Therefore, a cardholder that has had four transactions approved by Stand-In

processing on day 1 could have a maximum of two more transactions approved
by Stand-In processing over the next three days.

In this example, Stand-In processing also can authorize as much as USD 1,800
in transactions. Stand-In processing will approve as much as:

• USD 1,800 on the current day

• USD 1,800 between the previous day and the current day
• USD 1,800 across a three-day span
• USD 1,800 across any four days

Therefore, a cardholder charging USD 1,000 during the first two days would
have access to USD 800 during the next two days.

Number of Approved Accumulative Approved Amount

Transactions Allowed Allowed (Maximum equivalent of
Day Range (Maximum of 99) USD 99,999)
1 4 1800

2 6 1800

3 6 1800

4 6 1800

How Stand-In Processing Uses this Information

Stand-In processing uses these limits during the Accumulative Limits test.

If an authorization request exceeds any of these limits, Stand-In processing

responds according to the parameters that you established in the Decision
Matrix, Accumulative Limit Test column.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-14 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Decision Matrix

If the issuer has not established accumulative limits, Stand-In processing uses
the MasterCard default amounts shown on the worksheet.

Decision Matrix
The decision matrix section is required.

This section allows you to specify how Stand-In processing will respond when
a transaction fails any of the following Stand-In processing tests:

• Stand-In Account File test

• Transaction Limits test
• Accumulative Limits test
• Premium Limits test

This section defines the authorization response that Stand-In processing will
generate in response to an authorization request.

How to Complete this Section

The worksheet allows you either to choose default values, which MasterCard
has already established, or to specify your own values.

If you want to use the MasterCard default values for the decision matrix, select
the Check this box to use the default values listed below check box.

To specify your own values, designate the following Stand-In responses.

Value Description
C Refer to card issuer.
N • Decline—If the test fails and the entry reason in the Stand-In Account
File is C (credit), L (lost), O (other), S (stolen), or U (unauthorized use).
• Capture Card:
– If the test fails and the entry reason in the Stand-In Account File is
P (capture card), F (fraud), or X (counterfeit).
– If the test fails and the account is listed in the Electronic Warning
Bulletin or Local Stoplist Files.
A Continue Stand-In processing. Skip the Transaction Limits test and go to
the next Stand-In test.

Stand-In Account File Test: Enter a value to indicate the authorization response
that you want Stand-In processing to generate when one of the following is true:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-15
Setting Stand-In Parameters
Premium Listings

• The account is listed on the Stand-In Account File with an entry reason of C
(credit), L (lost), O (other), S (stolen), or U (unauthorized use).
• The transaction failed the CVC 1 test.

Entry reasons of F (fraud), P (capture card), or X (counterfeit) always result

in a “capture card” response.

Transaction Limits Test: Enter a value to indicate the authorization response

that you want Stand-In processing to generate when it receives an authorization
request that exceeds the Transaction Limits.
NOTE
If you enter value A for the Transaction Limits test, Stand-In skips the Expanded
Parameter Combinations and the Transaction Category Code Global Parameters.
Stand-In applies only Accumulative Limits.

Accumulative Limits Test: Enter a value to indicate the authorization response

that you want Stand-In processing to generate when it receives an authorization
request that exceeds the Accumulative Limits.

Premium Limits Test: Enter a value to indicate the authorization response that
you want Stand-In processing to generate when it receives an authorization
request that exceeds the Premium limits.

How Stand-In Processing Uses this Information

Stand-In processing uses the instructions in this section when a transaction fails
one of these Stand-In processing tests.
NOTE
If you enter value A for the Transaction Limits test, Stand-In processing skips the
Expanded Parameters and the Global Limits. As a result, Stand-In processing
will test only the Accumulative Limits.

Premium Listings
The Premium Listings section is optional.

The section allows you to identify cardholder accounts that should have higher
authorization limits than standard limits for the card type. For example, the
default dollar amount Stand-In processing can approve for a standard card used
at a merchant category of Restaurant is USD 300. If an issuer has identified a
preferred cardholder that may easily exceed the card type default limit of USD
300, the issuer should consider using the Premium Listings service to provide
special handling and higher limits during a Stand-In authorization response.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-16 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Premium Listings

How to Complete this Section

To designate an account as Premium, the issuer enters entry reason V when
listing the account in the Stand-In Account File. See the Account Management
System User Manual for listing procedures.

If you are supporting Premium accounts, you must complete the following
fields in this section:

• Accumulative Limits: Days: Enter the maximum number of days to be

accumulated. Enter U for unlimited number of days.
• Number of Transactions: Enter the maximum number of transactions
involving a Premium account that you want Stand-In processing to
authorize. You must indicate a value in this field if you are supporting
Premium accounts. To allow an unlimited number of transactions, enter U.
Do not enter zero in this field. Entering zero will cause all transactions
to fail this test.

Single Transaction Limit or Transaction Category Code (TCC) Limits

You also must establish either a single transaction limit to cover all transactions
or specify unique limits for card present and card-not-present transactions
by completing the Transaction Category Code (TCC) Limits section. If you
complete the Single Transaction Limit field, you do not need to complete the
transaction category code (TCC) limits section.

Single Transaction Limit: To set a single transaction limit to cover all

transactions, enter the maximum amount that you want Stand-In processing to
authorize for any single transaction involving a Premium account. To allow an
unlimited dollar amount, enter U. Do not enter zero in this field. Entering
zero will cause all transactions to fail this test. To set expanded parameter
combination limits for issuers’ premium, affluent cardholders, see page 10 and
indicate “VIP” as the card program.

Transaction Category Code (TCC) Limits: To establish distinct transaction limits

for TCCs and card present at the point of interaction or card not present at
the point of interaction.

IF you want to… THEN…

Define limits for Stand-In processing in Enter the three-digit currency code.
U.S. dollars or issuer’s cardholder billing
currency

Establish distinct transaction limits for Enter the amounts under the Card Present
different TCCs and Card Not Present columns.
−Or−
Establish different limits for card
present and card-not-present,
point-of-interaction situations

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-17
Setting Stand-In Parameters
Range Blocking

How Stand-In Processing Uses this Information

During the Accumulative Limits test for Premium accounts, Stand-In processing
applies the Days and Count Limit parameters designated in this section of the
form.

Range Blocking
The Range Blocking section is optional. Issuers can block ranges to help
avoid fraud losses during Stand-In and X-Code processing. Issuers can use
this section to identify a range of card numbers within an account range that
they want to block or unblock.
NOTE
Range Blocking is the default setting for newly assigned BINs. Issuers should
remove blocked ranges as cards are issued.

The Range Blocking section identifies ranges of card numbers within your
account ranges that you:

• Have not issued to cardholders (and that should be blocked)

• Blocked previously and now want to unblock

For information about the charges for Range Blocking, see the MasterCard
Consolidated Billing System manual.

How to Complete this Section

To complete the Range Blocking section, follow these steps.

1. In the From account number column, enter the first 11 digits of the account
number at the beginning of the range. (The first six of the 11 digits must
be the BIN.)
2. In the Through account number column, enter the first 11 digits of the
account number at the end of the range. (The first six of the 11 digits must
be the BIN.)
3. Select the Block check box or Unblock check box to indicate whether this
range of card numbers should be blocked or unblocked.
4. Select the appropriate response check box to indicate the response to issue
on blocked ranges.
NOTE
Remember to submit this section of the form again to MasterCard when you
decide to issue cards within these blocked ranges.

Because the most current form entirely replaces all previously requested range
blocks, you must list all range blocks that you require each time you submit
the form.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-18 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Expanded Parameter Combinations

To unblock a portion of a range that is currently blocked, submit the form

unblocking the entire range that is blocked and submit the new range to be
blocked on the same form.

How On–behalf Processing Uses this Information

Stand-In and X-Code processing will issue a response of refer to card issuer,
capture card, do not honor, invalid transaction, or invalid card number
(regardless of the acquiring country) for all authorization request within the
blocked ranges.
NOTE
Range Blocking only applies for transactions processed by Stand-In and X-Code
processing when the transaction cannot be processed by the issuer. Card
numbers within the blocked ranges do not automatically appear in the Account
Management System (AMS) Electronic Warning Bulletin file.

Expanded Parameter Combinations

The expanded parameters section is optional. Issuers use expanded parameters
to help reduce fraud or for special promotional programs.

The expanded parameters section allows you to set limits for authorization
transactions based on a variety of transactions.

If you want to set Stand-In processing limits in a currency other than U.S. dollars
and you have not already provided the issuer’s cardholder billing currency to
MasterCard, you must complete the Currency Conversion Parameters—Acquirer
and Issuer Usage form.

How to Complete this Section

The worksheet allows you either to choose default limits, which MasterCard has
already established, or to specify your own limits.

Country Codes: You can designate as many as 10 individual countries for

which these transaction limits will apply. You cannot expand parameter limits
of the specific home country for that particular bank identification number
(BIN); however, all other individual countries can be used. Use the three-digit
country codes listed in the Quick Reference Booklet. Designate 000 to establish
limits that apply to all countries. If you do not enter a country code, MasterCard
uses 000 as the default.

Promotion Code: A promotion code is an alphanumeric code that can be

included in the Authorization Request/0100 message. Stand-In processing
can use the code to identify transactions that apply to an issuer’s promotion
program. The promotion code allows the issuer to use different criteria to
determine authorization responses for transactions that occur at the participating
merchants.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-19
Setting Stand-In Parameters
Expanded Parameter Combinations

IF you… THEN…
Want these transaction limits to apply to Enter the promotion code.
a specific promotion code

Do not want these transaction limits to Leave these spaces blank.

apply to a specific promotion code

CAT Level: A cardholder-activated terminal (CAT) is a bankcard reading remote

device (usually unattended) that dispenses a product or provides a service. A
CAT must be one of the following types of terminals:

• Automated Dispensing Machine/Level 1

• Self-service Terminal/Level 2
• Limited Amount Terminal/Level 3
• In-flight Commerce Terminal/Level 4
• Electronic Commerce/Level 6
• Transponder/Level 7

IF you… THEN…

Want these transaction limits to apply to Enter the CAT level.

a specific CAT level
Do not want to restrict these transaction Leave this space blank.
limits to a particular CAT level

Currency Code: Enter the three-digit currency code.

Transaction Category Codes or Card Acceptor Business Code/Merchant

Category Codes: Enter values for up to 10 TCCs or up to 10 MCCs. You cannot
enter both TCC and MCC limits. If you enter values only for card present,
MasterCard applies these values to both card present and card not present
situations.

How Many Limits You Can Establish

You can establish as many as 17 sets of limits. To create additional sets of limits,
copy the form as many as 17 times and send it with different combinations
of limits.

In addition, MasterCard also has established two required sets of limits.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-20 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Stand-In Processing Options for Purchase with Cash Back

Using the Expanded Parameter Combinations

IF you want to… THEN…

Raise Stand-In processing limits to • Enter the Country Code of that

accommodate a seasonal adjustment, specific country. Enter the transaction
such as a holiday shopping season, in limits by TCC for that country
one country
• On a separate page, enter a Country
and
Code of 000. Enter the transaction
Retain the default limits for all other limits by TCC that apply to all other
acquiring countries acquiring countries.

Set limits for local-use-only cards, that
is, cards that can be used only within a
particular country
• Enter the account range, ICA
number, and card program of the
local-use-only cards.
• Enter the Country Code of the specific
countries in which the cards may be
used. Enter the transaction limits by
TCC for that country.

How Stand-In Processing Uses this Information

Stand-In processing uses these amount limits during the Transaction Limits test.

Stand-In processing applies the limits based on the characteristics of each

authorization request. For example, if you establish transaction limits for
country 454, Stand-In processing applies your established limits to all
authorization requests from country 454.

Stand-In Processing Options for Purchase with Cash Back

The Stand-In Processing Options for Purchase with Cash Back section is
optional.

This section allows you to choose whether the Stand-In System processes
Purchase with Cash Back transactions that are PIN-based, signature-based, or
both for Debit MasterCard® and Maestro® cards.

How to Complete this Section

To request the preferred level of account range participation in the Purchase

with Cash Back Stand-In processing service, select the appropriate check box.
You can select one or both of the following options:

PIN-based Transactions: The transaction criteria for this category include any
transaction with DE 52 (Personal ID Number [PIN] Data).

Signature-based Transactions: The transaction criteria for this category include

any transaction without DE 52 (Personal ID Number [PIN] Data).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-21
Setting Stand-In Parameters
Limit-1 Processing

How Stand-In Processing Uses this Information

If you choose one or both of the Purchase with Cash Back options (PIN-based
transactions or signature-based transactions), you must define the Transaction
Category Code Global Parameters for Purchase with Cash Back on page 4,
“Transaction Category Code Global Parameters” of the worksheet.

Stand-In processing uses Transaction Category Code Global Parameters

for Purchase with Cash Back (PWCB) to test the cash portion of a PWCB
transaction. The purchase portion of a PWCB transaction is tested against
the Transaction Category Code Global Parameters or Expanded Parameters
established by the issuer.

If you do not choose one or both of the PWCB options (PIN-based transactions
or signature-based transactions), the Authorization Platform declines the PWCB
transaction using Authorization Request Response/0110 message containing
DE 39 (Response Code), value 91 (Authorization System or Issuer system
inoperative) when you are unable to respond to the authorization request.

Limit-1 Processing
The Limit-1 processing section is optional. Issuers should complete this section
only if you want Limit-1 processing.

Limit-1 processing allows the issuer to:

• Route transactions that have small dollar amounts to Stand-In processing.

• Apply all of the Stand-In tests to these transactions.

Issuers most often use Limit-1 processing to control their volume of transactions.
For more information about Limit-1 processing, see “Basic Authorization
Concepts.”

How to Complete this Section

Enter dollar amounts to establish limits for Travel, Retail, Mail/Telephone/

Electronic Commerce, and Cash Disbursement transactions.

Issuer Floor Limit-1 in USD: The values established in this category reside on
all acquirer MIPs.

The MIP sends transactions to Stand-In processing if the amount is less than or
equal to the Issuer Floor Limit-1 and all of the following are true:

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-22 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Customer Specific Index (CSI) Parameters for Product Graduation

• The card number is not listed as a restricted card on the Electronic Warning
Bulletin file.
• The transaction does not include an Address Verification Service Request.
• The transaction was not generated at a cardholder-activated terminal
Self-Service Terminal/Level 2.
• The transaction is not an ATM transaction.
• The transaction does not contain a “merchant suspicious” indicator.
• The transaction is not a chip transaction.

Nth Transaction: This value tells the acquiring MIP that for every Nth
transaction less than the Issuer Floor Limit-1, the MIP routes the transaction
directly to the issuer for approval. Enter the desired numeric value to establish
the Nth transaction.

How Stand-In Processing uses this Information

Limit-1 processing determines when transactions will be routed to Stand-In

processing based on the U.S. dollar limit and the Nth transaction indicated in
this section of the form.
NOTE
Stand-In processing counts Limit-1 transactions when determining cumulative
amounts. If you establish Limit-1 values, ensure that your Accumulative Limits
support the volume of Limit-1 transactions.

Customer Specific Index (CSI) Parameters for Product

Graduation
The Customer Specific Index Parameters for Product Graduation section is
optional.

This section allows Account Level Management Product Graduation issuers to

define CSI Stand-In limits for accounts that will be registered to participate
in the Product Graduation program. You must define CSI parameters before
registering an account for Product Graduation using a CSI value; otherwise, the
entry will be rejected.

How to Complete This Section

To complete the CSI parameters for Product Graduation section, use the
following information.

Primary ICA Number: Enter the six-digit ICA number of the first ICA number
assigned to a customer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-23
Setting Stand-In Parameters
Customer Specific Index (CSI) Parameters for Product Graduation

CSI: Enter the issuer-defined, seven-position alphanumeric value that will also
be provided when registering accounts for Product Graduation. This value
ensures MasterCard recognizes the issuer-defined CSI when used in Product
Graduation account registration.

Card Program: (Optional) Enter the three-digit product code for which the
values on this worksheet apply. For a complete list of valid values, refer to
DE 63 (Network Data), subfield 1 (Financial Network Code) in the Customer
Interface Specification manual.

Country Codes: Enter the three-digit country code. You can designate as many
as 10 individual countries for which these transaction limits will apply. For
a list of country codes, see the Quick Reference Booklet. Designate 000 to
establish limits that apply to all countries. If you do not enter a country code,
MasterCard uses 000 as the default.

Promotion Code: Enter the six-character alphanumeric codes that an issuer

establishes to identify transactions that meet requirements for an issuer’s
promotional program for a card range.

IF you… THEN…

Want these transaction limits to apply to Enter the promotion code.

a specific promotion code

Do not want these transaction limits to Leave these spaces blank.

apply to a specific promotion code

CAT Level: Enter the one-character numeric code that identifies transactions
that occur at a CAT. A CAT must be one of the following types of terminals:

• Automated Dispensing Machine/Level 1

• Self-service Terminal/Level 2
• Limited Amount Terminal/Level 3
• In-flight Commerce Terminal/Level 4
• Electronic Commerce/Level 6
• Transponder/Level 7

IF you… THEN…
Want these transaction limits to apply to Enter the CAT level.
a specific CAT level

Do not want to restrict these transaction Leave this space blank.

limits to a particular CAT level

Currency Code: Enter the three-digit currency code.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-24 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Accumulative Customer Specific Index (CSI) Limits for Product Graduation

Transaction Category Codes or Card Acceptor Business Code/Merchant

Category Codes: Enter values for up to 10 TCCs or up to 10 MCCs. You cannot
enter both TCC and MCC limits. If you enter values only for card present,
MasterCard applies these values to both card present and card not present
situations.

How Stand-In Processing Uses this Information

Stand-In processing supports Product Graduation. For product graduated
accounts, Stand-In processing uses the product code in DE 63 (Network Data),
subfield 1 (Financial Network Code), instead of the product code associated
with the authorization account range when applying Stand-In limits at the
product code level.

If the issuer has registered the graduated account with a CSI, the Stand-In
System uses the unique Stand-In limits defined by the issuer for the given CSI.

If the issuer has not registered the graduated account with a CSI, and the
product associated with the primary account number (PAN) does not match the
product associated with the authorization account range, the Stand-In System
applies limits, as defined on the issuer's Stand-In Processing Worksheet, which
could include account range limits for the graduated product or ICA level limits.
If the issuer has not established these other limits, the Stand-In System applies
the MasterCard default limits for the graduated product.

Accumulative Customer Specific Index (CSI) Limits for

Product Graduation
The accumulative customer specific index limits for Product Graduation section
is optional.

This section allows you to establish the cumulative number and amount of
transactions allowed over a range of four days for transactions matching the
same CSI value defined on the TCC/MCC Customer Specific Index Parameters
worksheet page.

If you want to set Stand-In processing limits in a currency other than U.S. dollars
and you have not already provided the issuer’s cardholder billing currency to
MasterCard, you must complete the Currency Conversion Parameters—Acquirer
and Issuer Usage form.

For More Information

For more information about brand product categories and associated card
products, see “Brand Product Categories.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-25
Setting Stand-In Parameters
Accumulative Customer Specific Index (CSI) Limits for Product Graduation

How to Complete this Section

The worksheet allows you either to choose default values, which MasterCard
has already established, or to specify your own values.
NOTE
Carefully select the values for these fields because a cardholder can easily reach
the limits without spending a large amount.

IF you want to… THEN…

Use the MasterCard default values Select the Check this box to use the
minimum/default values listed below
check box.

Define limits for Stand-In processing in Enter the three-digit currency code.
U.S. dollars or issuer’s cardholder billing
currency

Establish issuer-specific accumulative Enter the limits in the spaces provided,

limits under Number of Approved Transactions
Allowed and Accumulative Approved
Allowed. Enter an amount for each
column and for each of the Day Ranges
(1, 2, 3, and 4).
Note: Issuers may not designate
accumulative limits that are less than the
MasterCard defaults.

NOTE
Day 1 of the issuer’s accumulative limit must be equal to or greater than the
issuer’s highest TCC global limit.

Accumulative Limits Example

The following example shows a completed set of accumulative limits.

In this example, which uses the MasterCard default amounts, Stand-In

processing will approve a maximum of four transactions within any span of
four days. Stand-In processing will approve as many as:

• Four transactions on the current day

• Six transactions between the previous day and the current day
• Six transactions across a three-day span
• Six transactions across any four days

Therefore, a cardholder that has had four transactions approved by Stand-In

processing on day 1 could have a maximum of two more transactions approved
by Stand-In processing over the next three days.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-26 27 November 2013 • Authorization Manual
 Setting Stand-In Parameters
Store-and-Forward Delivery Parameters

In this example, Stand-In processing also can authorize as much as USD 1,800
in transactions. Stand-In processing will approve as much as:

• USD 1,800 on the current day

• USD 1,800 between the previous day and the current day
• USD 1,800 across a three-day span
• USD 1,800 across any four days

Therefore, a cardholder charging USD 1,000 during the first two days would
have access to USD 800 during the next two days.

Number of Approved Accumulative Approved Amount

Transactions Allowed Allowed (Maximum equivalent of
Day Range (Maximum of 99) USD 99,999)
1 4 1800

2 6 1800

3 6 1800

4 6 1800

How Stand-In Processing Uses this Information

Stand-In processing supports Product Graduation. For product graduated
accounts, Stand-In processing uses the product code in DE 63 (Network Data),
subfield 1 (Financial Network Code), instead of the product code associated
with the authorization account range when applying Stand-In accumulative
limits at the product code level.

If the issuer has registered the graduated account with a CSI, the Stand-In
System uses the unique Stand-In limits defined by the issuer for the given CSI.

If the issuer has not registered the graduated account with a CSI, and the
product associated with the primary account number (PAN) does not match the
product associated with the authorization account range, Stand-In will apply
limits as defined on the issuer's Stand-In Processing Worksheet, which could
include account range limits for the graduated product or ICA level limits. If the
issuer has not established these other limits, the Stand-In System applies the
MasterCard default limits for the graduated product.

Store-and-Forward Delivery Parameters

The Store-and-Forward (SAF) Delivery Parameters section is optional.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 7-27
Setting Stand-In Parameters
Store-and-Forward Delivery Parameters

Issuers receive SAF messages after signing on to the MasterCard Network

using a Network Management Request/0800 message containing DE 70 with
value 001 (Sign on [by prefix]) or 061 (Group Sign on [by MasterCard group
sign-on]) or when the Authorization Platform SAF processing recognizes that
the issuer is available.

If you do not complete this section, MasterCard will use the default values noted.

How to Complete this Section

Indicate your preferences for the SAF delivery parameters.

SAF Delivery Parameters

Choose the appropriate parameters and indicate preferences.

Automatic Deletion Option: Specifies whether the Stand-In System should

delete the SAF message from the SAF queue when Stand-In processing exceeds
the number of times the issuer requested Stand-In to resend a SAF message
when no response is received from the issuer. The Stand-In System will
attempt to resend the SAF message from the SAF queue until a response is
received, the resend limit has been reached, or the advice is on file for four
days. (Default is No.)

No Response Resend Limit (1-20): Specifies the number of times that the
Stand-In System attempts to resend a SAF message without receiving a response
from the issuer before auto-deleting SAF messages. Used when the Automatic
Deletion Option is selected. (Default is 3).

If the Automatic Deletion Option is not selected, the resend limit does not
apply and the same advice may be sent multiple times over a four-day period
until the issuer responds.

Advice Response Wait Time: Specifies the advice response wait time in
seconds (30-180 seconds). (Default is 30 seconds.)

Number of Simultaneous Advice Messages (1-10): Specifies the number of

advice messages that can be processed simultaneously. A maximum of 10
advice messages can be processed simultaneously. (Default is 10.)

How Stand-In Processing Uses this Information

When SAF messages are available for the issuer, Stand-In processing uses this
information to determine how the issuer is prepared to receive SAF messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

7-28 27 November 2013 • Authorization Manual
Chapter 8 Central Authorization Processing Service
This section describes the Central Authorization Processing Service (CAPS).

About CAPS ................................................................................................................................... 8-1

Who Are CAPS Customers? ...................................................................................................... 8-1
How Do CAPS Customers Send Account Data to MasterCard? ................................................ 8-1
How Do CAPS Customers Update CAPS Parameters? .............................................................. 8-1
What Data Does MasterCard Provide for Customers? .............................................................. 8-2
CAPS Features................................................................................................................................ 8-2
CAPS Account File Maintenance Overview.................................................................................... 8-3
Effective Dates ......................................................................................................................... 8-4
Purge Dates ............................................................................................................................. 8-4
Interface with Stand-In ............................................................................................................ 8-4
Online, MasterCard eService, and Manual File Maintenance ......................................................... 8-4
Bulk File Maintenance ................................................................................................................... 8-4
Procedures ............................................................................................................................... 8-5
AMS File Updates Header Record............................................................................................ 8-5
AMS File Updates Trailer Record ............................................................................................. 8-6

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 8-i
 Central Authorization Processing Service
About CAPS

About CAPS
Central Authorization Processing Service (CAPS) provides certain customers with
a 24-hour authorization service called Stand-In processing. Stand-In processing
provides authorization responses to acquirers on behalf of the issuer.

Stand-In processing uses the following two types of data that the issuer provides:

• Issuer cardholder listings and available-to-buy amounts that are maintained

in the Stand-In Account File.
• Issuer-defined parameters for approving authorization transactions.

CAPS customers list positive and negative card accounts in the Account File
for authorization responses that prompt the merchant to approve, decline, or
capture the card. All positive card accounts have entry reason V (Premium
Listings Card) for CAPS listing purposes, including accounts that have standard
authorization limits.

Stand-In performs all steps of the testing process. In addition, for CAPS
issuers, it will keep track of the cumulative count and amount and reference
the Stand-In Account File to validate against the cardholder’s available-to-buy
amount. CAPS customers also may list restricted accounts in the Electronic
Warning Bulletin or Local Stoplist to direct the merchant to capture the card.
For more information, see the Account Management System User Manual.

Who Are CAPS Customers?

A CAPS customer is any issuer that chooses to have Stand-In process on their
behalf either full time or only when they have planned outages. Choosing CAPS
allows the issuer to maintain the cardholder available-to-buy amounts for the
transactions processed by Stand-In.

How Do CAPS Customers Send Account Data to MasterCard?

Issuers transmit the CAPS Account File (RC25) to MasterCard to add, update, or
delete both positive and negative records from the Account File.

MasterCard updates the Account File immediately after it receives the file.
For more details about transmitting files to MasterCard, see the File Transfer
Manual. Issuers can also update the Account File manually via MasterCard
eService. For more information about updating the Account File, see the
Account Management System User Manual.

How Do CAPS Customers Update CAPS Parameters?

Issuers establish their CAPS parameters on the Stand-In Processing Worksheet
(Form 041), and should only be used if sent by their Customer Implementation
Services project manager.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 8-1
Central Authorization Processing Service
CAPS Features

To modify current Stand-In parameters, CAPS issuers must use Manage My

Accounts > Modify Stand-In Parameters on MasterCard Connect™. The
Manage My Accounts application is available to all MasterCard customers
through MasterCard Connect.

Flow of Data Between the Issuer and Stand-In Processing

What Data Does MasterCard Provide for Customers?

MasterCard provides the Daily Activity Report (SI441010-A) that contains
supplemental transaction information, such as reversal transactions performed
on behalf of the issuer; detailed fail codes indicating the reason why Stand-In
processing or X-Code processing declined a transaction; and the authorization
approval code if the transaction was approved.

The transaction detail can also be delivered via store-and-forward (SAF) advice
messages. The issuer can retrieve these SAF messages any time online as
described in “Online Authorization Messages.”

CAPS Features
CAPS offers customers the following features.

©1983–2013 MasterCard. Proprietary. All rights reserved.

8-2 27 November 2013 • Authorization Manual
 Central Authorization Processing Service
CAPS Account File Maintenance Overview

• Provision of 100 percent of authorization responses—CAPS is available to

respond to authorization requests on behalf of the issuer 24 hours a day, 7
days a week. Issuers can choose to have CAPS process all of their activity
or only process transactions when they have a planned outage.
• Adjustment of cardholder credit—CAPS keeps track of the cumulative
number and amount of transactions it approves. It adjusts available
cardholder credit by this amount before comparing the next authorization
request to the available credit. Whenever the issuer updates the credit
available via the CAPS Account File, CAPS resets the cumulative tally to zero.
• Easy and secure access to the service—CAPS customers transmit the CAPS
Account File (RC25) to MasterCard via MasterCard file or CTC. MasterCard
security allows only authorized personnel to access and transfer CAPS data
through file exchanges.
• Account File maintenance as needed—Customers can transmit requests to
add, update, or delete accounts from the Account File as often as they like
to maintain the files—weekly, daily, or multiple times during the day—via
the CAPS Account File (RC25). MasterCard updates the Account File upon
receipt of the request.
• Emergency file maintenance—Customers can use MasterCard eService to
maintain their Account File Listings at any time. For more information, see
the Account Management System User Manual.
• Edited data—MasterCard edits the data submitted by the customer to
ensure that the data is valid and that required data elements are present.
• Information to maintain issuer account records—MasterCard makes
the editing results and Account File maintenance available, including
emergency file maintenance, to enable the issuer to keep its own records
current. MasterCard creates the Daily Activity Report (AM700010-AA) for
this purpose. For more information about this report, see the Account
Management System User Manual.
NOTE
When positive accounts are updated via MasterCard eService or manually, CAPS
does not adjust the cumulative tally to zero.

CAPS Account File Maintenance Overview

Issuers are responsible for the content and maintenance of accounts listed in the
MCC 102 (Stand-In Account File). After reviewing information in this overview,
proceed to the selected media procedures for submitting maintenance requests
to the Stand-In Account File.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 8-3
Central Authorization Processing Service
Online, MasterCard eService, and Manual File Maintenance

Effective Dates
Online maintenance to the Stand-In Account File (including file maintenance
performed using MasterCard eService or hard copy) is effective immediately.
Cumulative transaction tallies stored for each account within CAPS are not set to
zero when issuers use the online method to update the positive account listings.

Batch file RC25 is processed immediately. Cumulative transaction tallies stored

for each account within CAPS will be set to zero when issuers use this method
to update the positive account listings.

Purge Dates
Positive CAPS Account Listings remain in the file until the issuer purges
(deletes) them. MasterCard automatically will purge account numbers added to
the Stand-In Account File with a soft or hard negative entry reason according to
the purge date on file.

Interface with Stand-In

The Stand-In Account File interfaces with CAPS processing. CAPS processing
accesses the Stand-In Account File as one of a series of tests performed in
response to an authorization request. CAPS processing also checks accounts
listed in the Electronic Warning Bulletin (EWB) and Local Stoplist in AMS.

Online, MasterCard eService, and Manual File Maintenance

File maintenance of the CAPS account file can be performed via online 0302
message, MasterCard eService, or hard copy request. These procedures are the
same for CAPS as defined in the Account Management System User Manual.

Bulk File Maintenance

Bulk file transmission of Stand-In Account File maintenance requests involves
“batching” transactions and sending them to MasterCard. There is one bulk
type available for CAPS Account File maintenance—CAPS Account File Updates
(RC25). For information about how to transmit a bulk file, see the File Transfer
Manual.

Bulk files must meet the following specifications to pass MasterCard edits.

Bulk File Specifications… MasterCard Edits For…

Bulk ID RC25

Record Length 300

©1983–2013 MasterCard. Proprietary. All rights reserved.

8-4 27 November 2013 • Authorization Manual
 Central Authorization Processing Service
Bulk File Maintenance

Bulk File Specifications… MasterCard Edits For…

Blocked Yes

Block Size 900

Procedures
To create and transmit the bulk file using the MasterCard Network, complete
these steps.

1. Create a Header record by entering information in the fields as shown in

“AMS File Updates Header Record.
2. Create detail records to add, update, or delete as shown in “AMS File
Updates Detail Record.”
3. Create a Trailer record by entering information in the fields as shown in
“AMS File Updates.”
WARNING!
Incorrect header or trailer data results in rejection of the entire batch.

AMS File Updates Header Record

The following table shows Account Management System File Updates header
record.

Field Name Attributes Valid Values/Comments

Record Type n-4 Code indicating the type of record.

Identifier Valid value: 0001
Customer ID n-6 Customer ID code assigned by MasterCard.
Identifies the institution submitting this file
maintenance request. Must match DE 33 in the
detail record and the customer ID in the trailer
record.
Transmission Date n-6 Date the file was sent to MasterCard.
Format: YYMMDD
• YY—year
• MM—month
• DD—day
Transmission Time n-4 Time the file was sent to MasterCard.
Format: HHMM
• HH—hour
• MM—minute

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 8-5
Central Authorization Processing Service
Bulk File Maintenance

Field Name Attributes Valid Values/Comments

Input File Type an-1 Type of maintenance activity included in the file.
Valid value: U (update)

Filler an-279 Valid values: spaces

AMS File Updates Trailer Record

The following table shows AMS File Updates trailer record.

Field Name Attributes Valid Values/Comments

Record Type n-4 Code indicating the type of record.

Identifier Valid value: 9999
Customer ID n-6 Customer ID assigned by MasterCard. Identifies
the institution submitting this file maintenance
request.

Number of Detail n-6 Total number of records in the file, including

Records in File header and trailer records.

Filler an-284 Valid values: spaces

©1983–2013 MasterCard. Proprietary. All rights reserved.

8-6 27 November 2013 • Authorization Manual
Chapter 9 Authorization Services Details
This section describes MasterCard services that interface with and add value to the
MasterCard Authorization Platform. This section also includes information about
requesting and using these services.

Account Balance Response ............................................................................................................ 9-1

Account Level Management........................................................................................................... 9-2
Account Management System ........................................................................................................ 9-3
Stand-In Account File............................................................................................................... 9-3
Electronic Warning Bulletin File .............................................................................................. 9-4
Local Stoplist File ..................................................................................................................... 9-4
Recurring Payment Cancellation Service File ........................................................................... 9-4
PAN Mapping File .................................................................................................................... 9-4
MasterCard Enhanced Value File.............................................................................................. 9-5
MasterCard Product Graduation File........................................................................................ 9-5
MasterCard High Value ............................................................................................................ 9-6
PayPass Application Transaction Counter File......................................................................... 9-6
Blocking Ranges of Accounts .................................................................................................. 9-6
For More Information .............................................................................................................. 9-7
Account Status Inquiry Service ...................................................................................................... 9-7
Purchase Account Status Inquiry ............................................................................................. 9-7
Payment Account Status Inquiry .............................................................................................. 9-9
Product Inquiry Service ......................................................................................................... 9-11
Address Verification Service ......................................................................................................... 9-12
Participation Requirements .................................................................................................... 9-12
Indicating AVS Participation During Sign-in........................................................................... 9-13
AVS Process ........................................................................................................................... 9-13
Address Key........................................................................................................................... 9-14
Issuer Procedures................................................................................................................... 9-17
For More Information ............................................................................................................ 9-17
ATM Bill Payment Service............................................................................................................ 9-18
ATM Credit Card Cash Advance in Installments........................................................................... 9-20
Credit Card Cash Advance Installment Payment Transaction Processing............................... 9-21
Alternate Processing .............................................................................................................. 9-22
To Participate......................................................................................................................... 9-22
For More Information ............................................................................................................ 9-22

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-i
Authorization Services Details

Authorization and Preauthorization Processing Standards for Europe Region............................. 9-22

Authorization and Preauthorization Processing ..................................................................... 9-26
Preauthorization and Final Authorization Transactions.................................................... 9-26
DE 61—DE 48 Comparison ............................................................................................. 9-28
For More Information ...................................................................................................... 9-30
Balance Inquiries ......................................................................................................................... 9-30
ATM and Point-of-Sale Terminal Balance Inquiries................................................................ 9-30
Short Message Service Balance Inquiry Service ..................................................................... 9-32
Mobile Remote Payments Balance Inquiries .......................................................................... 9-33
Cardholder-Activated Terminals................................................................................................... 9-33
Automated Fuel Dispensers ................................................................................................... 9-33
IFC Blocked Gaming File....................................................................................................... 9-34
Card Validation Code 2 Verification ............................................................................................. 9-35
CVC 2..................................................................................................................................... 9-35
Conditions for CVC 2 Verification .......................................................................................... 9-35
Participation Requirements .................................................................................................... 9-35
Card Validation Code 3 (CVC 3) Verification ............................................................................... 9-37
CVC 3..................................................................................................................................... 9-37
CVC 3 On-behalf Services...................................................................................................... 9-37
Optional Non–valid CVC 3 Processing .................................................................................. 9-39
PayPass Application Transaction Counter (ATC) File (MCC109)............................................ 9-39
Alternate Processing .............................................................................................................. 9-41
Authorization Reports ............................................................................................................ 9-41
To Participate......................................................................................................................... 9-41
For More Information ............................................................................................................ 9-42
Card Validation Code Verification for Emergency Card Replacements......................................... 9-42
Cirrus and Maestro Transaction Processing.................................................................................. 9-42
Country Level Authorization ........................................................................................................ 9-44
Currency Conversion Processing ................................................................................................. 9-45
Currency Conversion Rates.................................................................................................... 9-46
Currency Conversion Calculation........................................................................................... 9-46
Amount-related Data Element Usage ..................................................................................... 9-46
Currency Conversion Form.................................................................................................... 9-51
For More Information ............................................................................................................ 9-51
Electronic Commerce................................................................................................................... 9-51
Process for an Electronic Commerce Transaction .................................................................. 9-52
Security of Electronic Commerce Transactions ...................................................................... 9-52

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-ii 27 November 2013 • Authorization Manual
 Authorization Services Details

Universal Cardholder Authentication Field ............................................................................ 9-52

MasterCard SecureCode ......................................................................................................... 9-54
MasterCard SecureCode AAV Verification Service............................................................. 9-54
MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing ..................... 9-54
SecureCode Authentication Platforms .............................................................................. 9-55
Licensing SecureCode Specifications................................................................................ 9-55
For More Information ...................................................................................................... 9-55
MasterCard and Maestro Advance Registration Programs ...................................................... 9-55
MasterCard Utility Payment Program ..................................................................................... 9-56
E-Commerce Fraud Alerts for Issuers..................................................................................... 9-58
Comparison of Security Protocols.......................................................................................... 9-59
Expert Monitoring Solutions Hosted by MasterCard .................................................................... 9-60
Expert Monitoring Compromised Account Service ................................................................ 9-60
Expert Monitoring Real-time Fraud Scoring and Fraud Rule Manager Services ..................... 9-63
Expert Monitoring Real-time Fraud Scoring Service for Merchants ........................................ 9-64
Expired Card Override................................................................................................................. 9-66
System Definition of an Expired Card.................................................................................... 9-66
Expired Card Tests................................................................................................................. 9-67
Alternate Processing ........................................................................................................ 9-68
Fleet Card Transactions................................................................................................................ 9-70
Gambling Transaction Processing ................................................................................................ 9-72
Internet Gambling Transactions in the U.S. Region ............................................................... 9-72
Gaming Payment Transaction Processing in the Europe Region ........................................... 9-73
Global Automated Referral Service .............................................................................................. 9-74
Benefits.................................................................................................................................. 9-74
GARS Process......................................................................................................................... 9-75
Acquirer Use of GARS............................................................................................................ 9-77
Issuer Use of GARS................................................................................................................ 9-80
Monitoring Call Referral Activity ............................................................................................ 9-82
Requesting GARS or Changing GARS Parameters .................................................................. 9-83
M/Chip Processing Services ......................................................................................................... 9-83
Chip to Magnetic Stripe Conversion ...................................................................................... 9-84
U.S. Chip-Enabled Travel Card Program ................................................................................ 9-85
M/Chip Cryptogram Pre-validation Service............................................................................ 9-86
Combined Service Option...................................................................................................... 9-87
M/Chip Cryptogram Validation in Stand-In Processing .......................................................... 9-87
M/Chip Advance .................................................................................................................... 9-87
Maestro Preauthorized Transaction Processing ............................................................................ 9-88

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-iii
Authorization Services Details

MasterCard ATM Network............................................................................................................ 9-90

Data Security.......................................................................................................................... 9-91
Global ATM Locator............................................................................................................... 9-91
Location Administration Tool ................................................................................................ 9-91
Benefits.................................................................................................................................. 9-92
Supported Transactions ......................................................................................................... 9-92
Restrict Cash Access and ATM Balance Inquiry Transactions ................................................ 9-93
Interfaces to the MasterCard ATM Network ........................................................................... 9-93
Direct Interface ................................................................................................................ 9-94
Interface via the MasterCard Network ............................................................................. 9-94
ATM Processing for Europe Region Acquirers ....................................................................... 9-95
MasterCard Hosted Mobile Phone Top-up ATM Transactions................................................ 9-96
MasterCard Digital Enablement Service ....................................................................................... 9-97
How It Works......................................................................................................................... 9-98
Authorization Processing Flow .............................................................................................. 9-98
MasterCard Digital Enablement Service Chip Pre-Validation or Dynamic CVC 3
Pre-Validation Failure............................................................................................................9-100
MasterCard Digital Enablement Service PAN Mapping Failure..............................................9-102
Authorization Reports ...........................................................................................................9-103
For More Information ...........................................................................................................9-103
MasterCard inControl Services ....................................................................................................9-104
MasterCard inControl Purchase Controls ..............................................................................9-104
MasterCard inControl Real Card Spend Control Services ......................................................9-108
MasterCard inControl Virtual Card Mapping and Spend Control Service..............................9-111
MasterCard MoneySend...............................................................................................................9-113
MasterCard MoneySend Funding Transactions......................................................................9-114
MasterCard MoneySend Payment Transactions .....................................................................9-114
MasterCard MoneySend Transaction Criteria ...................................................................9-114
MasterCard MoneySend Transaction Blocking Criteria....................................................9-115
To Participate........................................................................................................................9-116
For More Information ...........................................................................................................9-116
MasterCard PayPass Mapping Service.........................................................................................9-117
PayPass Mapping Service Description ..................................................................................9-117
PayPass Mapping Service Availability ...................................................................................9-118
PayPass Mapping Service Components ................................................................................9-118
PAN Mapping File (MCC106) ..........................................................................................9-119
PayPass Account Number...............................................................................................9-119
Alternate Processing .............................................................................................................9-121

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-iv 27 November 2013 • Authorization Manual
 Authorization Services Details

Authorization Reports ...........................................................................................................9-122

For More Information ...........................................................................................................9-122
MasterCard Payment Gateway ....................................................................................................9-122
MasterCard Pay with Rewards Service ........................................................................................9-124
MasterCard Transit Transactions .................................................................................................9-126
Pre-funded Transit Transactions............................................................................................9-126
Real-time Authorized Transit Transactions ............................................................................9-127
Post-authorized Aggregated PayPass Transit Transactions....................................................9-127
Authorized-aggregated Split Clearing Transactions ...............................................................9-127
Post-authorized Aggregated Maestro PayPass Transit Transactions ......................................9-128
Aggregated Transit Transactions Criteria...............................................................................9-129
Differences Between Post-authorized Aggregated and Authorized-aggregated Split
Clearing Transit Transaction Rules ........................................................................................9-131
ATC Update Request.............................................................................................................9-132
Transit Debt Recovery Transactions......................................................................................9-132
Support for U.K. Transit Transactions ...................................................................................9-133
PAN-Association Requirements for Transit ............................................................................9-134
MasterPass Transactions..............................................................................................................9-134
Member-defined Data .................................................................................................................9-135
Merchant Advice Codes ..............................................................................................................9-136
DE 48, Subelement 84 Values ...............................................................................................9-136
Common DE 39 Values .........................................................................................................9-137
DE 48, Subelement 84 with DE 39........................................................................................9-137
Mobile Remote Payments ...........................................................................................................9-138
Partial Approvals.........................................................................................................................9-140
Payment Transactions .................................................................................................................9-142
Payment Transaction Mandate ..............................................................................................9-143
Payment Transaction Blocking..............................................................................................9-144
Alternate Processing .............................................................................................................9-144
PIN Management Services...........................................................................................................9-145
Chip PIN Management Service .............................................................................................9-146
Chip PIN Management Transactions ...............................................................................9-146
Magnetic Stripe PIN Management Service.............................................................................9-150
PIN Processing for Non-Europe Region Customers ....................................................................9-152
Acquirer Requirements .........................................................................................................9-152
Issuer Requirements..............................................................................................................9-153
Support for Both Acquiring and Issuing Processing .............................................................9-154
Authorization Platform Security Requirements......................................................................9-154

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-v
Authorization Services Details

PIN Verification.....................................................................................................................9-159
PIN Verification in Stand-In Processing.................................................................................9-159
Portfolio Sales Support ...............................................................................................................9-161
Full BIN Transfer ..................................................................................................................9-161
Partial BIN Transfer...............................................................................................................9-162
Fees ......................................................................................................................................9-162
Private Label Transaction Processing ..........................................................................................9-163
Private Label Processing .......................................................................................................9-163
Private Label Account Range Registration.............................................................................9-164
Activation and Initial Load of Private Label Prepaid Cards ...................................................9-165
For More Information ...........................................................................................................9-166
Private Label Non-Financial Service............................................................................................9-167
Promotion Code..........................................................................................................................9-167
Proximity Payments ....................................................................................................................9-168
Purchase of Goods or Services with Cash Back Transactions.....................................................9-169
“Purchase Amount Only” Approval Response Code.............................................................9-169
Alternate Processing .............................................................................................................9-170
Reversals of Purchase of Goods or Services with Cash Back Transactions...........................9-170
India Intracountry Cash Back Transactions...........................................................................9-171
South Africa Intracountry Cash Back Transactions ...............................................................9-171
For More Information ...........................................................................................................9-172
Real-time Substantiation..............................................................................................................9-172
Background ..........................................................................................................................9-172
Merchant Validation for Real-time Substantiated Transactions ..............................................9-173
Merchant Terminal Verification .............................................................................................9-174
Real-time Substantiation Amounts ........................................................................................9-174
Examples ..............................................................................................................................9-175
Authorization Reports ...........................................................................................................9-177
To Participate........................................................................................................................9-178
For More Information ...........................................................................................................9-178
Recurring Payments ....................................................................................................................9-178
Indicating a Recurring Payment ............................................................................................9-178
Recurring Payment Test Transactions ...................................................................................9-179
Maestro Recurring Payments Program ..................................................................................9-179
Recurring Payment Cancellation Service.....................................................................................9-180
RiskFinder ...................................................................................................................................9-181
Sweden Domestic Authorization Switching Service ....................................................................9-182

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-vi 27 November 2013 • Authorization Manual
 Authorization Services Details

ATM Additional Data ............................................................................................................9-182

Forgotten Card at ATM..........................................................................................................9-183
Receipt Free Text ..................................................................................................................9-183
Refund Transactions..............................................................................................................9-184
Third Party Processor Identification ...........................................................................................9-185
Transaction Blocking Services.....................................................................................................9-186
Transaction Blocking ............................................................................................................9-186
Transaction Blocking for Inactive BINs.................................................................................9-189
Transaction Research Request.....................................................................................................9-189
About the Transaction Research Tool ...................................................................................9-190
Requesting the Transaction Research Tool .....................................................................9-190
Accessing the Transaction Research Tool .......................................................................9-191
Researching an Authorization Request............................................................................9-191
Verifying CVC Data .........................................................................................................9-192
About the Transaction Research Request Form ....................................................................9-192
About Fees for Transaction Research Requests.....................................................................9-193
Travel & Entertainment—Incremental Authorizations.................................................................9-193
Visa Transaction Processing ........................................................................................................9-195
Issuer Options.......................................................................................................................9-195
Custom Payment Service Request Transactions ....................................................................9-195
Indicators ..............................................................................................................................9-195
Retail Key Entry Program......................................................................................................9-197
Secure Electronic Commerce Verification Service .................................................................9-198
Visa Product ID.....................................................................................................................9-198
Visa Commercial Card Inquiry ..............................................................................................9-199
Visa Fleet Card......................................................................................................................9-199
Visa-Assigned Merchant Verification Value ...........................................................................9-199

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-vii
 Authorization Services Details
Account Balance Response

Account Balance Response

The account balance response enables issuers to include account balance
information as part of the response to a financial authorization request.
Issuers can add account balance response information when responding to
authorization requests for prepaid accounts and in ATM transactions. The
account balance response is an “unsolicited” transmission of account balance
data to the point-of-sale (POS) terminal or ATM.

The account balance response provides cardholders with up-to-date balance

information on their prepaid cards.

Issuers must provide account balance information for both approved and
declined authorization responses.

When the issuer provides the available balance in the authorization response,
POS and ATM terminals that are programmed to accept account balance data
can display or print the available balance.

• Approved Responses—The available balance on an approved response is

the account balance after the transaction amount has been deducted from
the account.
• Declined Responses—The account balance response is used on a declined
response to expedite split-tender purchases. For POS transactions where a
prepaid card is used, this feature gives the cardholder and the merchant
the information needed to process a split-tender transaction. The merchant
can submit another authorization request for the purchase using a lower
amount that can be approved by the prepaid issuer, and ask the cardholder
to provide another form of payment for the remaining purchase amount.
The available balance returned in a declined response identifies the current
account balance, without deducting the declined transaction amount.
NOTE
Issuers in the United Kingdom (U.K.) may provide a maximum of two account
balances, the ledger balance in addition to the available balance, when
responding to intracountry ATM transactions.

MasterCard limits the account balance response to use on prepaid accounts

and in ATM transactions. MasterCard advises issuers that they must not use
the unsolicited account balance response for credit or debit accounts in POS
transactions. Issuers that provide unsolicited credit or debit account balance
information in POS transactions increase the potential for fraudulent activity
and concerns for cardholder privacy.

The Authorization Platform forwards the account balance response provided

by the issuer to the acquirer only when it is returned in an ATM transaction or
in a POS transaction for a prepaid account. Issuers must not transmit balance
information for credit or debit accounts, unless it is for an ATM transaction.
MasterCard also will remove balance information from all Maestro® and Debit
MasterCard® POS purchase transactions that are initiated with a debit card
(not identified to be prepaid related).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-1
Authorization Services Details
Account Level Management

All prepaid Debit MasterCard® issuers in the U.S. region must support account
balance responses.

Prepaid Debit MasterCard card issuers must provide the cardholder's account
balance information in DE 54 (Additional Amounts) of the Authorization Request
Response/0110 message for approved and declined authorization responses.
NOTE
The available balance returned on an approved response is the prepaid account
balance after the transaction amount has been deducted. The available balance
on a declined response indicates the current account balance, without deducting
the declined amount.

All acquirers in the U.S. region that support merchants within select card
acceptor business codes (MCCs) must support account balance responses for
transactions initiated at point-of-sale (POS) terminals for all prepaid Debit
MasterCard account ranges. This requirement applies only to card present
transactions occurring at attended terminals. For more information about
effective dates for acquirers in the U.S. region to begin supporting partial
approvals, full and partial reversals, and account balance by MCC, see “Acquirer
Mandate to Support Partial Approvals, Reversal Requests, and Account Balance
Responses (U.S. Region Only).”

Effective in 2020 with Release 20.Q2, issuers must support account balance
response for prepaid card account ranges (MasterCard, Debit MasterCard, and
Maestro). The acquirer of a merchant included in any of the MCCs listed
in “Effective Dates for Acquirer Mandate to Support Partial Approvals and
Account Balance Responses Globally” (for card present transactions conducted
at attended terminals only) must support account balance responses for all
prepaid card account ranges (MasterCard, Debit MasterCard, and Maestro).
Issuers in the U.K. must support account balance response for prepaid card
account ranges (MasterCard, Debit MasterCard, and Maestro) by 2014 (Release
14.Q2). MasterCard reserves the right to expand the number of markets that
may be required to support prior to 2020.

Account Level Management

MasterCard Account Level Management is a platform that enables specialized
processing so that MasterCard can manage capabilities at the individual card
account level.

MasterCard Account Level Management provides issuers the flexibility of

qualifying cardholder accounts for competitive interchange as well as upgrading
cardholder accounts to a different card product. The following are the key
capabilities of Account Level Management functionality. Availability of, and
distinctions of, are based on location:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-2 27 November 2013 • Authorization Manual
 Authorization Services Details
Account Management System

• Enhanced Value (United States, Canada, and select European countries)

• Product Graduation (United States and Australia)
• High Value (United States)
• Spend Shortfall (World MasterCard and World Elite MasterCard) (United
States)
• Small Business Spend Processing (United States)

Refer to the Account Level Management User Manual for detailed information.

Account Management System

Account Management System (AMS) services include account-level services
that issuers use to designate special handling during authorization. Issuers
can list cardholder accounts as exception accounts that receive Stand-In or
chargeback protection.

Issuers can identify accounts with a preferred status in Premium Listings,

providing higher dollar and transaction limits for Stand-In processing; or
identify accounts that participate in services such as Electronic Warning Bulletin,
Recurring Payment Cancellation Service, PayPass Mapping Services, MasterCard
inControl, Enhanced Value, Product Graduation, and High Value.

Stand-In Account File

The Stand-In Account File (MCC102) contains a list of negative accounts,
restricted accounts, and preferred (Premium Listings) accounts.

The Stand-In Account File provides information about negative accounts,

restricted accounts, and preferred (Premium Listing) accounts for Stand-In
processing to use when making an authorization decision on behalf of the
issuer.

Issuers list the following types of accounts in the Stand-In Account File:

• Premium Listings that designate higher authorization limits for preferred

cardholders
• Negative accounts that require a Stand-In authorization response of decline,
refer to card issuer, or capture card for lost, stolen, fraud or accounts
with credit issues
• Electronic Warning Bulletin listings for lost, stolen, fraudulent accounts,
which are distributed daily to all acquirers available from AMS

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-3
Authorization Services Details
Account Management System

Electronic Warning Bulletin File

The Electronic Warning Bulletin File (MCC103) allows issuers to define specific
accounts for special handling, such as exception accounts that should be
declined when listed in the Electronic Warning Bulletin (EWB).

AMS allows customers to identify and manage restricted accounts. AMS collects
and distributes MasterCard restricted account listings in the Electronic Warning
Bulletin File for use in authorization processing.

Generally, issuers list the following kinds of accounts in AMS:

• Lost
• Stolen
• Counterfeit
• Severe credit problems with continued activity

Listing in AMS provides issuers with the following benefits:

• Warning bulletin chargeback rights

• “Capture card” response for Stand-In, Limit-1, and X-Code processing

Local Stoplist File

The Local Stoplist File (MCC104) allows participating issuers to list exception
accounts at the country and subcountry levels (such as merchant category).

This gives issuers the opportunity to select the geographical area covered by
each listing to target the specific fraud problem.

• The country level listing allows issuers to list in a single country.

• The subcountry level listing allows issuers to list in a defined area such as a
card acceptor business code (MCC) within a country.

Recurring Payment Cancellation Service File

The Recurring Payment Cancellation Service File (MCC105) supports the
MasterCard Recurring Payment Cancellation Service (RPCS) and recurring
payment transactions.

RPCS allows issuers to specify criteria to block recurring payment transactions

identified in authorization messages and clearing records.

PAN Mapping File

The PAN Mapping File (MCC106) supports the following services.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-4 27 November 2013 • Authorization Manual
 Authorization Services Details
Account Management System

PayPass Mapping Service

The PayPass Mapping Service leverages the PAN Mapping File (MCC106).
MCC106 contains the service-eligible PayPass account number and the
associated cardholder PAN. Each PayPass account number is unique and several
PayPass account numbers can be associated with a single PAN (a family with
the same PAN can have multiple PayPass cards or devices).

The PayPass Mapping service is not available to issuers that support the use of
online PIN with a card or device product. If PAN mapping is performed in a
transaction using online PIN, the PIN validation will fail.

MasterCard supports listing accounts for MCC106 with AMS using the following
methods:

• Online File Maintenance

• Bulk File Maintenance
• MasterCard eService Maintenance
• MasterCard web services

MCC106 maintenance requests submitted via the Issuer File Update

Request/0302 message, MasterCard eService, or MasterCard web services are
applied immediately. Maintenance requests submitted by bulk file are applied
two times per day at 08:00 and 18:00 hours (St. Louis time).

MasterCard Enhanced Value File

MasterCard Enhanced Value (MCC107) supports differentiated interchange
for cards registered with a specific level of rewards. MCC107 supports the
following account registration files.

• Consumer Enhanced Value

• Consumer High Spend in Canada
• Premium High Spend in Canada

For detailed information, refer to the Account Level Management User Manual.

MasterCard Product Graduation File

MasterCard Product Graduation (MCC108) supports the migration of cardholders
to different card products without changing the primary account number
(for example, an issuer upgrades a Gold MasterCard® card to a World
MasterCard™ card; the account is now recognized by the MCW product code
and not the Gold BIN).

For detailed information, refer to the Account Level Management User Manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-5
Authorization Services Details
Account Management System

MasterCard High Value

MasterCard High Value (High Value) supports differentiated interchange for
cards registered with a specific level of rewards and also meeting a specific
account level spend requirement.

• Consumer High Value

• Enhanced Value for Small Business

For detailed information, refer to the Account Level Management User Manual.

PayPass Application Transaction Counter File

The PayPass Application Transaction Counter (ATC) File (MCC109) contains the
most recent ATC values for PayPass cards or devices that were personalized
using dynamic values in the ATC and unpredictable number (UN).

Issuers participating in the CVC 3 Validation in Stand-In Service or in the CVC 3

Pre-validation Service may provide this file to MasterCard.

Blocking Ranges of Accounts

MasterCard provides customers two ways to list account ranges to stop the
acceptance of a range of cards.

The following table explains how to create two types of blocked listings.

Type of Listing How to List Where it Goes

Group or Series The issuer requests the Group or MasterCard adds the
Series in writing. listing to AMS.

Range Block The issuer establishes the range MasterCard adds the
block on the Stand-In Processing listing to the Account File.
Worksheet.

The following table compares the levels of protection provided by the listing
types.

Type of Listing Levels of Protection

Under
Stand- Merchant Chargeback Rights under
In/Limit-1 X-Code Floor Limit Reason Code 4807
Group or Series Yes Yes Yes Only in catastrophic
situations when approved
by MasterCard

Range Block Yes Yes No No

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-6 27 November 2013 • Authorization Manual
 Authorization Services Details
Account Status Inquiry Service

For More Information

For more information about AMS and AMS services, see the Account
Management System User Manual.

For more information about blocking ranges, see “Stand-In Processing” and
“Setting Stand-In Parameters.”

Account Status Inquiry Service

Account Status Inquiry Service allows acquirers to send Account Status Inquiry
transactions to validate aspects of a cardholder account.

The Account Status Inquiry Service supports purchase account status inquiry
transactions and payment account status inquiry transactions for MasterCard®
credit, Debit MasterCard®, and Maestro® acceptance brands.

In addition to MasterCard products, Account Status Inquiry Service transaction

processing supports the following types of acceptance brands:

• American Express
• Diners
• Discover
• JCB
• Private label cards
• Visa

The Account Status Inquiry service does not provide any chargeback rights in
the event of a dispute.

Purchase Account Status Inquiry

The Account Status Inquiry service for purchase transactions is an optional
service that allows merchants to validate that a cardholder account is open and
the account is not listed in the Electronic Warning Bulletin—without negatively
affecting a cardholder’s funds availability when establishing a recurring or
bill payment relationship or validating a card-not-present purchase before
fulfillment.

Account Status Inquiry Transaction Process

1. The acquirer submits an Account Status Inquiry transaction request in the

Authorization Request/0100 message containing:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-7
Authorization Services Details
Account Status Inquiry Service

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code),

value 00 (Purchase)
• DE 4 (Amount, Transaction) with a transaction amount of zero
• DE 48 (Additional Data—Private Use), subelement 82 (Address
Verification Service Request), value 52 (AVS and Authorization
Request/0100) for AVS requests (optional)
• DE 48, subelement 92 (CVC 2 Value), CVC 2 value (optional)
• DE 61 (Point-of-Service [POS] Data), subfield 7 (POS Transaction Status),
value 8 (Account Status Inquiry Service)
2. The issuer, at its discretion, sends the acquirer an Authorization Request
Response/0110 message where DE 39 (Response Code) may contain either
value 00 (Approved or completed successfully), 05 (Do not honor), 85
(Not declined), or other valid business decline responses. Invalid business
declines include values 03 (Invalid merchant), 12 (Invalid transaction),
13 (Invalid amount), 30 (Format error) on DE 4 (Transaction Amount),
51 (Insufficient funds/over credit limit), 57 (Transaction not permitted to
issuer/cardholder), and 58 (Transaction not permitted to acquirer/terminal).
If the issuer is unable to reply, the acquirer will receive a response code of
91 (Authorization System or issuer system inoperative).
NOTE
The acquirer should consider any DE 39 value, other than 00 or 85, a decline
response.
3. If applicable, the issuer provides the applicable AVS response in DE 48,
subelement 83 (Address Verification Service Response), and provides a valid
CVC 2 response in DE 48, subelement 87 (Card Validation Code Result) in
the Authorization Request Response/0110 message.

Acquirers are prohibited from placing a value of one major unit of currency
or any other nominal test amount (including equivalent units of local currency
such as EUR 1 or JPY 1) that does not represent an actual purchase amount in
DE 4 of the Authorization Request/0100 message.

Transactions occurring at an automated fuel dispenser in the U.S. region

identified with MCC 5542 and CAT 2 may continue to submit USD 1 (or local
currency equivalent) authorization requests.

Post-Authorized Aggregated MasterCard® PayPass™ transit transactions

generated by the transit authority and held for a period of time before being
cleared may continue to submit an authorization request for USD 1 or an
amount up to the cardholder verification method (CVM) limit amount published
in the Chargeback Guide on the day of the transaction (or local currency
equivalent) authorization requests.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-8 27 November 2013 • Authorization Manual
 Authorization Services Details
Account Status Inquiry Service

Payment Account Status Inquiry

A Payment Account Status Inquiry (Payment ASI) enables payers to verify that
issuers will accept a Payment Transaction on behalf of a payee (recipient) for
the actual transaction amount for a particular recipient card account before
collecting funds from the sender and initiating the Payment Transaction
authorization to credit an account.

Benefits

Issuers can provide a response to an inquiry sent by the payer, indicating

whether the issuer will accept a subsequent Payment Transaction authorization
for a particular recipient account and amount. Obtaining a successful Payment
ASI helps to eliminate the need for a payer to return funds to the sender and can
be useful in cases where returning funds to the sender is impractical or difficult.

The Payment ASI helps improve the payer’s experience when confirming a
recipient’s card account for future use. Issuers can clearly identify:

• The difference between a Payment ASI transaction and a Payment

Transaction authorization, so that they can respond and act accordingly.
• The difference between a Payment ASI transaction and a Purchase ASI
transaction.

How It Works

Acquirers can submit an ASI transaction for a payment to determine whether

an issuer will post the specified amount to a particular card account before
collecting funds from the sender.

Payment ASI transactions are non-financial transactions. Issuers must not

credit the receiving cardholder account based on the amount provided in the
Payment ASI request.

• When an issuer receives a Payment ASI transaction of zero, the issuer

should confirm that the recipient’s card account exists and can be used in
the future for receiving funds.
• When an issuer receives a Payment ASI transaction for greater than zero, the
issuer should confirm that the amount specified does not exceed a prepaid
load limit or other types of limits they may have for Payment Transactions.
• When the issuer provides an approval response to the Payment ASI for the
receiving account, the issuer is indicating that it is expecting to approve a
subsequent Payment Transaction request message when it is received for
the account.
NOTE
The receiving issuer may reject the subsequent Payment Transaction if
circumstances for the account have changed.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-9
Authorization Services Details
Account Status Inquiry Service

WHEN... THEN the Authorization Platform...

A Payment ASI qualifies for a MoneySend Applies regular MoneySend Payment

Payment Transaction edits.

A Payment ASI request response from the Sends the acquirer an Authorization
issuer is either not provided or the issuer Request Response/0110 message where
is not available DE 39 = 91 (Authorization Platform or
issuer system inoperative).

An acquirer advice Payment ASI is Sends the acquirer an Authorization

initiated Advice/0130 message where DE 39 = 12
(Invalid transaction).

An acquirer reversal of a Payment ASI is Sends the acquirer a Reversal Request

initiated Response/0410 message where DE 39
=12 (Invalid transaction).

Payment Account Status Inquiry Transaction Messages

Following is a list of the data elements and values applicable to Payment ASI
Authorization Request/0100 messages.

Data Element Value Comment

DE 3 (Processing Code), subfield 1 28 Payment

(Cardholder Transaction Type Code)

DE 4 (Amount, Transaction) Equal to or greater Equal to or greater

than 0 than zero

DE 48 (Additional Data Private Use), C01, C02, C03, C04,

subelement 77 (Payment Transaction C05, C06, C09
Type Indicator)

DE 48 (Additional Data Private Use), 52 Optional AVS

subelement 82 (Address Verification
Service Request)

DE 48 (Additional Data—Private CVC 2 Optional CVC 2

Use), subelement 92 (CVC 2)

DE 61 (Point-of-Service [POS] Data), 8 Account Status

subfield 7 (POS Transaction Status) Inquiry Service

MoneySend Payment ASI Transaction Messages

Following is a list of the data elements and values applicable to MoneySend

Payment ASI Authorization Request/0100 messages.

Data Element Value Comment

DE 3 (Processing Code), subfield 1 28 Payment

(Cardholder Transaction Type Code)

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-10 27 November 2013 • Authorization Manual
 Authorization Services Details
Account Status Inquiry Service

DE 4 (Amount, Transaction) Equal to or greater Equal to or greater

than 0 than zero

DE 18 (Merchant Type) MCC 6536, MCC 6537 Intracountry and

Intercountry MCC

DE 48 (Additional Data Private Use), C07 MasterCard

subelement 77 (Payment Transaction MoneySend
Type Indicator)

DE 48 (Additional Data Private Use), 52 Optional AVS

subelement 82 (Address Verification
Service Request)

DE 48 (Additional Data Private Use), CVC 2 Optional CVC 2

subelement 92 (CVC 2)

DE 61 (Point-of-Service [POS] Data), 8 Account Status Inquiry

subfield 7 (POS Transaction Status) Service

DE 61 (Point-of-Service [POS] Data), 0

subfield 10 (Cardholder-Activated
Terminal Level)

DE 124, subfields 1–4 Mandatory

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Product Inquiry Service

The Product Inquiry Service allows an acquirer to send a product inquiry
authorization request message to MasterCard.
NOTE
Applies only to the U.S. region.

As part of the authorization response to an acquirer, MasterCard will provide

the product code associated with the particular MasterCard card number.
Additionally, because product codes for MasterCard® Standard Card, Gold
MasterCard® Card, Platinum MasterCard® Card, or World MasterCard® Card
programs potentially fall under different interchange rate structures, MasterCard
will also populate the authorization response message with the applicable
account category code, as defined by Account Level Management.

The information received by the acquirer through a Product Inquiry Service

request, along with the published MasterCard interchange rate schedule and
rate criteria, can be used by an acquirer and merchant to determine the product
and associated interchange rate that may be applied to a purchase transaction
for that particular card.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-11
Authorization Services Details
Address Verification Service

Acquirers

Acquirers that choose to support Product Inquiry Service transactions must send
Authorization Request/0100 messages containing DE 61 (Point-of-Service [POS]
Data), subfield 7 (POS Transaction Status), value 8 (Account Status Inquiry
Service) and DE 4 (Amount, Transaction) with a transaction amount of zero
when submitting Product Inquiry Service transaction requests.
NOTE
Product Inquiry Service messages that include address verification and/or CVC
2 validation requests will be deemed to be an attempt to mitigate fraud. As
such, they will be designated as an Account Status Inquiry Service transaction
and billed accordingly.

Issuers

Issuers will receive Authorization Request/0100 messages containing DE 61,

subfield 7, value 8, and DE 4 with a transaction amount of zero. Issuers
must respond to these transactions with value 00 (Approved or completed
successfully), 85 (Not Declined), 05 (Do Not Honor) or other valid business
decline responses in DE 39 (Response Code). Invalid business declines include
values 03 (Invalid merchant), 12 (Invalid transaction), 13 (Invalid amount),
30 (Format error), 51 (Insufficient funds/over credit limit), 57 (Transaction
not permitted to issuer/cardholder), and 58 (Transaction not permitted to
acquirer/terminal).

For More Information

For more information about the Product Inquiry Service, contact the Customer
Operations Services team.

Address Verification Service

The Address Verification Service (AVS) is a service for online customers that
verifies the cardholder’s billing address. This service protects against the
fraudulent use of cards in non–face-to-face transactions.

Participation Requirements
You must have online access to participate in AVS.

IF the customer… AND is located… THEN participation is…

Issues cards In the U.S. region Required

Issues cards In a region other than the Optional, unless

U.S. that supports AVS use mandated by local
for the region country

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-12 27 November 2013 • Authorization Manual
 Authorization Services Details
Address Verification Service

Indicating AVS Participation During Sign-in

When the issuer signs into the MasterCard Network, the issuer can choose AVS
participation options.

• Indicate that it does not participate in AVS using AVS Service Indicator 0
• Receive AVS data in non-condensed format using AVS Service Indicator 1
• Receive AVS data in condensed format using AVS Service Indicator 2
• Receive AVS data in condensed format using AVS Service Indicator 3
• Receive AVS data in condensed format using AVS Service Indicator 4

For more information about signing on to the MasterCard Network, see “Online
Authorization Messages.”

AVS Process
Stages of the AVS transaction process.

1. The acquirer generates an Authorization Request/0100 message with

non-condensed address data included in DE 120 (Record Data). When
submitting AVS requests, the Authorization Request/0100 message should
always contain DE 120, subfield 01 (AVS Service Indicator 1).

2. The issuer MIP applies an algorithm to construct the address key, which
the issuer uses to verify the address.

3. The issuer host compares the address key in DE 120 to the address key in
the issuer database.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-13
Authorization Services Details
Address Verification Service

4. The issuer generates an Authorization Request Response/0110 message

with the AVS response included in DE 48 (Additional Data—Private Use),
subelement 83 (Address Verification Service Response).

Address Key
The address key is the part of the Authorization Request/0100 message that
contains the address data.

To achieve a complete match, the key that AVS sends in DE 120 (Record Data)
must be the same as the key in the issuer’s database. The address key consists
of the following subelements in DE 120:

• Cardholder postal/ZIP code

• Cardholder address (condensed or non-condensed)

Cardholder Postal/ZIP Code

The cardholder postal/ZIP code has a fixed length of 9 bytes.

Using AVS Service Indicator 4, AVS will condense the cardholder postal/ZIP
code to contain only numeric values, with a maximum of nine values.

Cardholder Address

The length of the cardholder address depends on whether it is condensed or

non-condensed.

Non-condensed Using AVS Service Indicator 1—A non-condensed cardholder

address includes the address data exactly as the acquirer provides it in DE 120.
A non-condensed address key includes both the cardholder postal/ZIP code and
the cardholder address data exactly as the acquirer provided them in DE 120.

The Authorization Platform will not truncate the address data passed from the
acquirer if greater than 29 positions. DE 120 is an LLLVAR field; therefore, it
will indicate the length of the data being passed.
NOTE
Some merchants or acquirers currently are limited to supporting only numeric
data.

Condensed Using AVS Service Indicator 2—A condensed cardholder address

using AVS Service Indicator 2 includes the first five numeric values at the
beginning of the cardholder address (when scanning the address from left to
right) provided by the acquirer in DE 120.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-14 27 November 2013 • Authorization Manual
 Authorization Services Details
Address Verification Service

The condensed address key (cardholder postal/ZIP code plus cardholder

address) is a fixed length of 14 bytes. It includes the entire cardholder
postal/ZIP code and the condensed cardholder address. MasterCard left-justifies
and blank-fills both portions of the key, as needed.

Stages of the process to condense the address key:

1. The condensing algorithm begins condensing with the numeric value in

the left-most position.
2. The algorithm extracts the first five numeric values of the cardholder
address (when scanning the address from left to right).
The condensing algorithm ignores all special characters (such as hyphens
[-], slashes [/ or \], and number signs [#]).
3. AVS constructs the condensed AVS key.

Condensed Using AVS Service Indicator 3—A condensed cardholder address

includes as many as five numeric values at the beginning of the cardholder
address provided by the acquirer in DE 120.

The condensed address key (cardholder postal/ZIP code plus cardholder

address) is a fixed length of 14 bytes. It includes the entire cardholder
postal/ZIP code and the condensed cardholder address. MasterCard left-justifies
and blank-fills both portions of the key, as needed.

Stages of the process to condense the address key:

1. The condensing algorithm begins condensing with the numeric value in

the left-most position.
2. The algorithm extracts up to five numeric values that appear before the
first alphabetic character or space. The condensing algorithm:

• Ignores all special characters (such as hyphens [-], slashes [/ or \], and
number signs [#])
• Excludes the portions of the address that could be open to
misinterpretation, such as apartment numbers
3. When AVS finds a space or an alphabetic character, it stops examining the
cardholder billing address.
4. AVS constructs the condensed AVS key.

Condensed Using AVS Service Indicator 4—A condensed cardholder address

using AVS Service Indicator 4 includes only the numeric values in the cardholder
postal/ZIP code (with a maximum of nine values), as well as the first five
numeric values in the cardholder address received (when scanning the address
from left to right) before forwarding the message to the issuer.

Stages of the process to condense the post/ZIP code and address data:

1. The condensing algorithm begins condensing with the numeric value in

the left-most position.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-15
Authorization Services Details
Address Verification Service

2. The algorithm extracts up to nine numeric values in the cardholder

postal/ZIP code and up to five numeric values in cardholder address (when
scanning the address from left to right). The condensing algorithm ignores
all special characters (such as hyphens [-], slashes [/ or \], and number
signs [#])
3. AVS constructs the condensed AVS key.

Non-condenses versus Condensed

The following table provides an example of a non-condensed address key

compared to a condensed address key.

Condensed Using AVS Condensed Using AVS Condensed Using AVS

Non-condensed Service Indicator 2 Service Indicator 3 Service Indicator 4

4J235 1520 Main Street, 4J235 _ _ _ _ 15203 4J235 _ _ _ _ 1520 4235 _ _ _ _ 15203
Apartment 3

Example 1—Complete Match

The cardholder billing address is 1520 Main Street, Apartment 3. The issuer is
using a condensed address key using AVS Service Indicator 3.

The cardholder neglects to provide the merchant with the apartment number 3,
so the merchant omits the apartment number from the AVS request. However,
the matching algorithm still finds a complete match.

Merchant enters...

Postal/ZIP Cardholder
Code Address AVS Address Key Issuer’s Address Key Result/Explanation

63110 1520 Main 63110_ _ _ _ 1520 63110_ _ _ _ 1520 Complete Match

Street The issuer builds its address key
based on the AVS algorithm.
Both the issuer’s address key
and the AVS algorithm extract
only the numeric values that
precede the first space in this
example (1520). Therefore,
when the merchant does not
enter the apartment number,
this still results in a complete
AVS match.

Example 2—No Match

The cardholder’s address is 54 East Street; however, the cardholder provides the
merchant with the address of 59 East Street.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-16 27 November 2013 • Authorization Manual
 Authorization Services Details
Address Verification Service

Merchant enters...

Postal/ZIP Cardholder
Code Address AVS Address Key Issuer’s Address Key Result/Explanation

63110 59 East Street 63110_ _ _ _ 59 _ _ 63110_ _ _ _ 54_ _ _ No Match

_ The issuer’s address key does
not match the cardholder
address given by the cardholder.

Issuer Procedures
Stages of the process that issuers follow to receive and respond to AVS requests.

1. The issuer signs on to the Authorization Platform using a Sign-In

Request/0800 message.

IF the issuer
receives… THEN the issuer signs on with value…
Non-condensed AVS 1 in DE 94, byte 3.
data

Condensed AVS data 2 in DE 94, byte 3.

using AVS Service
Indicator 2

Condensed AVS data 3 in DE 94, byte 3.

using AVS Service
Indicator 3

Condensed AVS data 4 in DE 94, byte 3.

using AVS Service
Indicator 4

For customers using group sign-in, the value chosen applies to all BINs in the
group.

2. When the issuer receives an AVS request, the issuer verifies the cardholder
billing address, matching it against the issuer’s address file.
3. The issuer generates an Authorization Request Response/0110 that includes
the AVS response (and an authorization response, if the AVS request
accompanied an authorization request).

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-17
Authorization Services Details
ATM Bill Payment Service

ATM Bill Payment Service

Bill Payment transactions at the ATM help increase the acquirer’s transaction
volume by providing a convenient method for cardholders to initiate bill pay
request transactions.

ATM Bill Payment service supports:

• Non-Europe acquired ATM Bill Payment transactions

• Europe-acquired ATM Bill Payment transactions

Non-Europe Acquired ATM Bill Payment Processing

The ATM Bill Payment service allows cardholders to use their MasterCard®
credit card or Debit MasterCard® card at any ATM to pay utilities and other bills
when the service is supported domestically.

Stages describing authorization processing when a cardholder requests an ATM

Bill Payment transaction:

1. The service is initiated by the cardholder at an ATM with a need to pay a

bill (for example, electric bill, cable bill, phone bill).
2. The cardholder inputs biller account information, including the ATM bill pay
code to identify the biller company, and then submits the bill pay request.
3. The ATM acquirer submits the payment request as a POS transaction to the
Single Message System in a Financial Transaction Request/0200 message
containing:

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code),

value 00 (Purchase)
• DE 18 (Merchant Type) with a MCC data value 6539 (Funding
Transaction [Excluding MoneySend]). MCC 6539 is limited for use only
in certain countries where the service is supported domestically.
• DE 61 (Point of Service [POS] Data), subfield 10 (Cardholder-Activated
Terminal Level Indicator), with one of the following values:

– 1 (Authorized Level 1 CAT: automated dispensing machine with PIN)

– 2 (Authorized Level 2 CAT: self service terminal)
• DE 124 (Member Defined Data) contains details relating to the bill being
paid (optional)
4. The Single Message System converts the Financial Transaction Request/0200
message, and then forwards an Authorization Request/0100 message via the
MasterCard Network to the issuer.
5. The issuer sends the Authorization Request Response/0110 message back to
the Single Message System via the MasterCard Network.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-18 27 November 2013 • Authorization Manual
 Authorization Services Details
ATM Bill Payment Service

6. The Single Message System converts the Authorization Request

Response/0110 message, and then sends a Financial Transaction Request
Response/0210 message to the ATM acquirer.
7. The Single Message System forwards the Financial Transaction Request
Response/0210 message to the acquirer. The acquirer provides a receipt to
the cardholder that contains the bill payment information (such as amount
paid, date paid, and ATM bill pay code).
8. The acquirer initiates the bill paying process, paying funds directly to the
biller (such as electric company, phone company).
9. The cardholder sees the bill payment transaction in his or her monthly
bankcard statement.

Non-Europe acquired ATM Bill Payment transactions are not processed by

the Stand-In System or X-Code System. Transactions are declined using the
Authorization Request Response/0110 message containing DE 39 (Response
Code), value 91 (Authorization System or issuer system inoperative).

Europe-Acquired ATM Bill Payment Processing

The ATM Bill Payment service allows cardholders to use their MasterCard®,
Debit MasterCard®, Cirrus®, or Maestro® card at any ATM to pay utilities and
other bills where the service is supported domestically for the Europe region.

Stages describing authorization processing when a cardholder requests an ATM

Bill Payment transactions:

1. The service is initiated by the cardholder at an ATM with a need to pay a

bill (for example, electric bill, cable bill, phone bill).
2. The cardholder inputs biller account information, including the ATM bill pay
code to identify the biller company, and then submits the bill pay request.
3. The ATM acquirer submits the payment request as a POS transaction to
Authorization Request/0100 message containing:

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code),

value 00 (Purchase)
• DE 18 (Merchant Type) with MCC data value 6050 (Quasi-Cash—Member
Financial Institution) or a more precise MCC related to the nature of
the bill that is being paid. For example, MCC 4900 (Utilities—Electric,
Gas, Heating Oil, Sanitary, Water) for utilities bills. MCC 6011 (Member
Financial Institution—Automated Cash Disbursements) must not be
used.
• DE 61 (Point of Service [POS] Data), subfield 10 (Cardholder-Activated
Terminal Level Indicator), value 1 (Authorized Level 1 CAT: automated
dispensing machine with PIN)
• DE 124 (Member Defined Data) contains details relating to the bill being
paid (optional)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-19
Authorization Services Details
ATM Credit Card Cash Advance in Installments

4. The Authorization Platform forwards the Authorization Request/0100

message to the issuer.
5. The issuer sends the Authorization Request Response/0110 message to
the acquirer.
6. The acquirer provides a receipt to the cardholder that contains the bill
payment information (such as amount paid, date paid, ATM bill pay code).
7. The acquirer initiates the bill paying process, paying funds directly to the
biller (such as electric company, phone company).
8. The cardholder sees the bill payment transaction in his or her monthly
bankcard statement.

To Participate

Contact your regional office for information about implementation of the ATM
Bill Payment service for your local market.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

ATM Credit Card Cash Advance in Installments

The ATM Credit Card Cash Advance in Installments service supports installment
payments on MasterCard® credit card cash advance transactions performed
at the ATM.

This service allows a cardholder to initiate an inquiry at the ATM requesting a

credit card cash advance to be repaid in monthly installments (for example,
6, 12, or 18 months). The issuer can accept the installment terms requested
by the cardholder, decline the request, or decline the request and offer an
alternate installment schedule. The cardholder has the option to accept or
reject the issuer's terms and conditions for the installment payments. If the
cardholder accepts the issuer's terms and conditions for repayment, the issuer
will then approve or decline the cash advance transaction. If approved, the
cardholder will receive the funds, along with the installment payment details
printed on the ATM receipt. The issuer will bill the cardholder for the amount
of the transaction in the agreed-upon installments.

Acquirers entering this market must be able to provide ATM screens that offer
an installment payment option and provide the ability to print the issuer’s
installment payment details on the ATM receipt. Issuers that process domestic
ATM transactions may optionally support this service unless mandated by
country regulations.

The ATM Credit Card Cash Advance in Installments service is available to only
be acquired as single message transactions. The ATM Credit Card Cash Advance
in Installments service is not available to ATM acquirers in the Europe region.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-20 27 November 2013 • Authorization Manual
 Authorization Services Details
ATM Credit Card Cash Advance in Installments

This service is optional for issuers that process domestic ATM transactions on
the Dual Message System, unless mandated by country regulations.

Credit Card Cash Advance Installment Payment Transaction

Processing
Credit card cash advance installment payment transactions consist of two
transaction types: ATM installment inquiry and ATM installment withdrawal.

ATM Installment Inquiry

The ATM installment inquiry occurs when the cardholder requests a cash
advance amount with an installment period for repayment.

Stages describing ATM installment inquiry authorization processing:

1. The cardholder requests an ATM cash advance transaction and selects an

installment option for repayment.
2. The acquirer sends an ATM installment inquiry to the Single Message System
as a Financial Transaction Request/0200 message.
3. The Single Message System converts the Financial Transaction Request/0200
message to an Authorization Request/0100 message, and then forwards the
message to the Authorization Platform for processing.
4. The Authorization Platform forwards the installment inquiry to the issuer
for approval.
5. The issuer accepts the cardholder’s request, declines the request and
proposes an alternate installment schedule, or declines the request. The
issuer responds with an Authorization Request Response/0110 message
indicating the terms and conditions of the installment payment.

• If the issuer does not accept the cardholder’s requested number of

installments, but proposes an alternate installment schedule, DE 39
(Response Code) will contain value 00 (Approved or completed
successfully).
• If the issuer does not accept the requested terms or offer alternative
terms, DE 39 will contain the issuer’s choice of decline response, such
as 05 (Do not honor).
6. The Authorization Platform forwards the Authorization Request
Response/0110 message to the Single Message System.
7. The Single Message System converts the Authorization Request
Response/0110 message to a Financial Transaction Request Response/0210
message, and then forwards the message to the acquirer.
8. The acquirer displays the issuer's terms and conditions on the ATM receipt.
9. The cardholder accepts or rejects the terms. If the cardholder accepts the
terms, the cardholder can request withdrawal of the funds; otherwise, the
transaction is canceled.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-21
Authorization Services Details
Authorization and Preauthorization Processing Standards for Europe Region

ATM Installment Withdrawal

Once a cardholder approves the terms and conditions of the issuer’s installment
payments, the acquirer initiates an ATM installment withdrawal transaction.

Stages describing ATM installment withdrawal authorization processing:

1. The acquirer sends an ATM installment withdrawal request to the Single

Message System as a Financial Transaction Request/0200 message.
2. The Single Message System converts the Financial Transaction Request/0200
message to an Authorization Request/0100 message, and then forwards the
message to the Authorization Platform for processing.
3. The issuer approves the request and responds with an Authorization
Request Response/0110 message.
4. The Authorization Platform forwards the Authorization Request
Response/0110 message to the Single Message System for processing.
5. The Single Message System converts the Authorization Request
Response/0110 message to a Financial Transaction Request Response/0210
message, and then forwards the message to the acquirer.
6. The cardholder receives the funds and a copy of the terms and conditions is
printed on the ATM receipt.

Alternate Processing
ATM Credit Card Cash Advance in Installments services are not processed by
the Stand-In System or X-Code System. Transactions are declined using the
Authorization Request Response/0110 message containing DE 39 (Response
Code), value 91 (Authorization System or Issuer System inoperative).

To Participate
Contact your regional office for information about implementation of the ATM
Credit Card Cash Advance in Installments services for your local market.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Authorization and Preauthorization Processing Standards

for Europe Region
Preauthorization volumes are expected to continue to grow at steady rates in the
near future, fueled by continued growth of international travel and e-commerce.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-22 27 November 2013 • Authorization Manual
 Authorization Services Details
Authorization and Preauthorization Processing Standards for Europe Region

Effective on or after 5 November 2013, all authorizations initiated at Europe

region card acceptors must clearly distinguish a final authorization from a
preauthorization.

Benefits

MasterCard introduced a number of authorization improvements to achieve the

following objectives:

• Enable a more accurate and transparent management of the card account’s

“open-to-buy,” in order to improve cardholder satisfaction and address
regulatory concerns with the current situation
• Redefine the issuer payment guarantee that is engaged when authorizing a
transaction by introducing a maximum time limit in place of the currently
unlimited duration and by defining it based on characteristics of the
authorization or preauthorization request
• Permit acquirers and issuers to identify and clearly distinguish a
preauthorization from a final authorization, thus giving them the option to
treat them differently, to the ultimate benefit of their cardholders

Reversal Requirement

Authorizations that are acquired in the Europe region must be reversed within
24 hours of a transaction cancellation or of a finalization of the transaction for
an amount lower than the authorized amount. Any authorized amount not
reversed must correspond to the transaction amount. An acquirer will not be
required to submit a partial reversal if a clearing message for a lower amount is
submitted within 24 hours of finalization of the transaction.

This mandate enables issuers to more accurately manage the card’s open-to-buy
and addresses cardholders’ and regulators’ concerns with current practices. The
reversal requirement does not apply to card acceptor business code (MCC)
5542 (Fuel Dispenser, Automated) transactions, aggregated transit transactions,
transit debt recovery transactions, or to preauthorizations or authorizations
with an expired payment guarantee.

For more information about this requirement, see “Authorization Reversal

Mandate in the Europe Region.”

Requirement to Inform Cardholder of Preauthorization Amount

For MasterCard transactions, merchants in the Europe region must inform

the cardholder of the estimated amount for which preauthorization will be
requested and must obtain the cardholder’s consent before processing the
preauthorization request. This requirement enables cardholders to more
effectively manage their open-to-buy and addresses cardholders’ and regulators’
concerns with current preauthorization practices.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-23
Authorization Services Details
Authorization and Preauthorization Processing Standards for Europe Region

The information requirement is automatically met when the terminal displays

the amount to be authorized or when the amount to be authorized corresponds
to an amount otherwise approved by the cardholder as the final transaction
amount.

The merchant may also use any appropriate and effective manner of its
choice to inform the cardholder (for example, verbal communication, or
appropriate and visible written signage near the terminal). The amount may
be communicated as a precise currency amount (for example, EUR 250).
Alternatively, the merchant can explain how the amount is calculated, using a
simple-to-understand formula (for example, the room-rate plus 15 percent).

This requirement does not apply to pre-authorizations of MCC 5542 transactions

or to Post-Authorized Aggregated MasterCard PayPass Transactions.

Elimination of Some Tolerances

MasterCard lodging, vehicle rental, cruise lines, and repair transactions

completed at card acceptors in the Europe region will no longer benefit from
the 15 percent tolerance between the authorized amount and the clearing
amount for MasterCard transactions completed at Europe region merchants. In
addition, MasterCard transactions completed at card acceptors in the Europe
region that are chip/PIN, PayPass or card-not-present will no longer benefit
from the 20 percent tolerance between authorization and clearing for gratuities.

The tolerance for gratuities continues to be available for card present

transactions that are neither chip/PIN or PayPass and provided that the
authorization is coded as a preauthorization.

Where these tolerances are eliminated, issuers in the Europe region must ensure
they no longer block the cardholder’s account for any amount in excess of the
approved amount. These rules changes enable a more accurate management of
the card account’s open-to-buy.

The 20 percent tolerance for gratuities remains applicable for card present
transactions, which are neither chip/PIN nor PayPass, in view of the established
market practice of adding the gratuity after the authorization on signature-based
transactions.

In all other scenarios (for example, gratuities on chip/PIN transactions and

provision for incidentals), the practice of including the gratuity or an estimated
provision for incidentals directly into the amount to be authorized continues to
be supported. MasterCard reminds acquirers of the prohibition on including
amounts to cover loss, theft, or damage in the provision for incidentals.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-24 27 November 2013 • Authorization Manual
 Authorization Services Details
Authorization and Preauthorization Processing Standards for Europe Region

Time Limit for Payment Guarantee Related to Authorization

The issuer payment guarantee period for transactions completed at Europe

region card acceptors is redefined and its duration is limited to a maximum
period counting from the authorization or preauthorization date. This
maximum period is 30 days for MasterCard authorizations properly coded as
preauthorizations and is seven days for all other MasterCard authorizations
and for all Maestro and Cirrus authorizations and preauthorizations. This
rule change does not require issuers to hold the approved amount on the
cardholder’s account for seven or 30 days; only limits the maximum duration of
any such hold to a maximum duration of 30 or 7 days.

Transactions presented for clearing after the payment guarantee period

has expired can be charged back by the issuer under reason code 4808
(Requested/Required Authorization Not Obtained) if the card account is
permanently closed. This chargeback right is available to issuers in all regions.
It applies to transactions for which the authorization or preauthorization was
processed on or after 5 November 2013.

At the latest when the payment guarantee period expires, Europe region issuers
must release any block they may have placed on the cardholder’s account in
relation to the authorization.

This rule change clearly defines the issuer payment guarantee exposure period
for all transaction scenarios and limits the maximum period of issuer exposure
(which is currently unlimited).

The expiry of the payment guarantee does not affect other types of chargeback
rights. For example, a transaction cannot be charged back under reason
codes 4837 (No Cardholder Authorization) or 4863 (Cardholder Does Not
Recognize—Potential Fraud) just because the transaction presentment was made
after the payment guarantee has expired. Acquirer-financed installment billing
transactions are exempt from the MasterCard rules providing for expiry of the
payment guarantee. When the full transaction amount has been authorized, the
merchant must be able to submit the corresponding installments according to
the agreed payment schedule, which may be longer than 30 days.

Increasing the Effective Duration of the Payment Guarantee Period

To increase the effective duration of the payment guarantee period, the

merchant can submit incremental preauthorization requests. If approved by the
issuer and when properly coded, these requests give rise to approved amounts
that may be cleared under the conditions that would apply to the security
parameters that applied to the original authorization to the extent that:

• Interchange levels are determined by the security parameters of the

authorization, then the parameters of the original authorization will be
taken into account.
• If chargebacks take into account the security parameters of the authorization,
the parameters of the original authorization will be taken into account.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-25
Authorization Services Details
Authorization and Preauthorization Processing Standards for Europe Region

NOTE
These requirements do not apply to MasterCard Contactless (PayPass) transit
aggregated or transit debt recovery transactions.

Authorization and Preauthorization Processing

Final authorization processing is mandated for transactions initiated at card
acceptors in the Europe region that enable issuers globally to distinguish a
final authorization from a preauthorization. Clear and reliable identification
of authorizations provides better information about the nature of each
authorization and allows issuers to optionally apply different processing to
different types of authorizations, ultimately benefiting cardholders.

Preauthorization and Final Authorization Transactions

An authorization for an amount greater than zero at a Europe region card
acceptor must be identified as either preauthorization or final authorization,
using the following requirements.

Preauthorization

A preauthorization is an authorization for an amount greater than zero that

meets one or both of the following two conditions:

• Authorization is requested for an estimated amount.

• Transaction may no longer be completed for reasons other than technical
failure (such as telecommunications failure or terminal failure) or lack of
full issuer approval.

For example, the transaction might not be completed when the cardholder is
offered the choice to complete the transaction with another payment means
at a later time, such as, when checking out of a hotel or returning a rental
car, or when the goods ordered by the cardholder might be later found to
be out of stock.

The authorization request is identified as a preauthorization when DE 61

(Point-of-Service [POS] Data), subfield 7 (POS Transaction Status) contains value
4 (Pre-authorized request).

Scenarios

The following scenarios are examples in which card acceptors can use a
preauthorization to benefit from its greater processing flexibility or from its
more generous payment guarantee terms:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-26 27 November 2013 • Authorization Manual
 Authorization Services Details
Authorization and Preauthorization Processing Standards for Europe Region

• A hotel wants to obtain a payment guarantee at check-in for the room rate,
plus a provision for possible additional expenses related to the minibar or
breakfast—the hotel uses a preauthorization because it supports estimated
amounts.
• Another hotel wants to obtain a payment guarantee at check-in for a hotel
stay of 10 days—the hotel uses a preauthorization because the associated
payment guarantee is valid for up to 30 days and the clearing presentment
will take longer than four business days.
• An airline wants to obtain a payment guarantee at flight-booking time for
certain types of flights where the ticket may take several days to issue—the
airline uses a preauthorization because the associated payment guarantee
is valid for up to 30 days and the clearing presentment may take longer
than four business days.
• An e-commerce merchant wants to obtain a payment guarantee at order
time, before it can confirm that the goods are actually available in
stock—the merchant uses a preauthorization because the transaction may
still be canceled if the goods are later found to be out of stock.
• Another e-commerce merchant wants to obtain a payment guarantee
at order time but the items ordered may take several days to ship—the
merchant uses a preauthorization because the associated payment guarantee
is valid for up to 30 days and the clearing presentment may take longer
than four business days.
NOTE
Maestro preauthorizations are permitted only for automated fuel dispenser
(AFD), Maestro PayPass transit aggregated, and card-not-present (CNP)
transactions. In addition, for CNP preauthorizations, the transaction amount
must equal the approved authorization amount.

Final Authorization

A final authorization is an authorization request for an amount greater than zero

that meets the following conditions:

• Authorization is requested for the final transaction amount that is expected

to be presented for clearing.
• The transaction may no longer be canceled after the authorization request is
approved in full (excluding non-completion for reasons of technical failure,
such as telecommunications failure or terminal failure).

Any transaction corresponding to an authorization identified as a final

authorization must be presented for clearing within four business days of the
authorization approval date.

The authorization request is identified as a final authorization when DE 61

(Point-of-Service [POS] Data), subfield 7 (POS Transaction Status) contains value
0 (Normal Request) and DE 48 (Additional Data), subelement 61 (POS Data
Extended Condition Codes), subfield 5 (Final Authorization Indicator) contains
value 1 (Final Authorization).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-27
Authorization Services Details
Authorization and Preauthorization Processing Standards for Europe Region

NOTE
Acquirers outside of the Europe region may optionally submit final
authorizations, but must comply with requirements of clearing for the amount
authorized and within four business days if they choose to do so.

DE 61—DE 48 Comparison
Issuers globally must recognize values 0 (Normal Authorization/Undefined
Finality) and 1 (Final Authorization) in DE 48, subelement 61, subfield 5 to
distinguish a final authorization from a normal authorization/undefined finality
in Authorization Request/0100 and Authorization Advice/0120 messages.

The following table illustrates the relationship between DE 61 and DE 48 and

provides recommendation on the usage of DE 48, subelement 61, subfield 5
under various transaction conditions.

Defini-
DE 61, SF DE 48, SE tion/Com-
7 61, SF 5 DE 4 DE 3 ment Acquirer Issuer

0 (Normal 1 >0 All Final Permitted. Must be able to

Request) Authorization receive.
0 1 0 00, 01, 09, Not permitted Not permitted. Not applicable.
17, 20, 28 Authorization No transaction
Platform will received.
reject (existing
edit).
0 1 0 30, 91, 92 Not permitted Not permitted May ignore DE
(not rejected by 48, SE 61, SF 5.
Authorization
Platform).
0 0, not 0 00, 01, 09, Not permitted Not permitted. Not applicable.
present 17,20, 28 Authorization No transaction
Platform will received.
reject (existing
edit).
0 0, not 0 30, 91, 92 Normal Permitted. May ignore DE
present Authorization 48, SE 61, SF 5 if
present.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-28 27 November 2013 • Authorization Manual
 Authorization Services Details
Authorization and Preauthorization Processing Standards for Europe Region

Defini-
DE 61, SF DE 48, SE tion/Com-
7 61, SF 5 DE 4 DE 3 ment Acquirer Issuer
0 0, not >0 All Authorization Permitted for Must be able to
present with card acceptors receive.
Undefined outside the
Finality Europe region;
not permitted for
card acceptors
in the Europe
region (not
rejected by the
Authorization
Platform).

4 (Preau- 1, 0, not 0 00 Not permitted Not permitted. No transaction

thorized present (except for Authorization received (except
request) Recurring Platform will for Recurring
Payment Test reject when Payment Test
Transactions) not permitted Transactions).
(existing edit).

4 1 >0 00 Not permitted Not permitted May ignore DE

(not rejected by 48, SE 61, SF 5.
the Authorization
Platform).

4 0, not >0 00 Preauthoriza- Permitted. Must be able to

present tion receive. May
ignore DE 48,
SE 61, SF 5 if
present.

2 (Sec- 0, 1, not 0 00 Not permitted Not permitted. Not applicable.

ureCode present Authorization No transaction
Phone Platform will received.
Order) reject (existing
edit).
2 0, 1, not >0 00 SecureCode Permitted. Ignore DE 48,
present Phone Order SE 61, SF 5 if
present.

3 (ATM 0, 1, not 0 01 Not permitted Not permitted. Not applicable.

Install- present Authorization No transaction
ment In- Platform will received.
quiry) reject (existing
edit).
3 0, 1, not >0 01 ATM Permitted. Ignore DE 48,
present Installment SE 61, SF 5 if
Inquiry present.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-29
Authorization Services Details
Balance Inquiries

Defini-
DE 61, SF DE 48, SE tion/Com-
7 61, SF 5 DE 4 DE 3 ment Acquirer Issuer

6 (ATC 0, 1, not 0 00 ATC Update Permitted. Ignore DE 48,

Update) present SE 61, SF 5 if
present.

6 0, 1, not >0 00 Not permitted Not permitted. Not applicable.

present Authorization No transaction
Platform will received.
reject (existing
edit).
8 0, 1, not 0 00, 28 Purchase Permitted. Ignore DE 48,
(Account present and Payment SE 61, SF 5 if
Status Account Status present.
Inquiry) Inquiry Service
8 0, 1, not >0 28 Payment Permitted. Ignore DE 48,
present Account Status SE 61, SF 5 if
Inquiry Service present.
8 0, 1, not >0 00 Not permitted Not permitted. Not applicable.
present Authorization No transaction
Platform will received.
reject (existing
edit).

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Balance Inquiries
MasterCard supports the several types of balance inquiry requests for
cardholders to perform balance inquiries.

• ATM and point-of-sale (POS) terminal balance inquiries

• Short Message Service balance inquiries
• Mobile Remote Payments balance inquiries

The balance inquiry service is optional for issuers.

ATM and Point-of-Sale Terminal Balance Inquiries

The following information describes ATM balance inquiries and point-of-sale
(POS) terminal balance inquiries.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-30 27 November 2013 • Authorization Manual
 Authorization Services Details
Balance Inquiries

ATM Balance Inquiries

The ATM balance inquiry allows MasterCard cardholders to perform a balance

inquiry on the MasterCard® ATM Network.

Upon receipt of an ATM balance inquiry request, participating issuers return

the available balance in the authorization response. The Authorization Platform
performs any applicable currency conversion and forwards the available
balance to the acquirer. The acquirer provides the available balance to the ATM
terminal for display at the ATM and on the customer’s printed receipt.
NOTE
Issuers in the United Kingdom (UK) may provide a maximum of two account
balances, the ledger balance in addition to the available balance, when
responding to intracountry ATM balance inquiry requests.

Point-of-Sale Terminal Balance Inquiries

The point-of-sale (POS) balance inquiry enables cardholders and acquirers

to check the remaining amount of funds on a MasterCard prepaid card or
private label prepaid card. This feature makes it easier for the cardholder to
completely redeem the funds on the prepaid card and reduces the potential
of a declined authorization request because the purchase amount exceeds
the funds available on the card. Therefore, this feature can help to reduce
checkout times and lost sales.

Upon receipt of a POS balance inquiry, participating issuers return the available
balance in the authorization response. The Authorization Platform performs
any applicable currency conversion and forwards the available balance to the
acquirer. The acquirer provides the available balance to the merchant for
display on the customer’s printed receipt.

There are two types of POS terminal balance inquiries:

• Cardholder-initiated balance inquiry—Cardholders can ask the cashier to

check a card’s remaining balance before making a purchase. The cardholder
and cashier can then determine whether the entire purchase amount can be
funded by the prepaid card or whether a supplemental payment method
(split tender) is needed to complete the purchase.
• Automated balance inquiry—Acquirers can expedite sales by sending an
automatic POS balance inquiry on a specified range of prepaid accounts
issued by the issuer. The cashier can then inform customers in advance
whether they will need to use a split tender to complete the purchase.

Alternate Processing

The Authorization Platform does not support Limit–1 processing for ATM or POS
balance inquiries. If the issuer participates in ATM and POS balance inquiries,
all ATM and POS balance inquiries are forwarded to the issuer for processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-31
Authorization Services Details
Balance Inquiries

ATM and POS balance inquiries are not eligible for processing by the Stand-In
System or X-Code System. If the issuer is unavailable, the Authorization
Platform returns an “Authorization System or issuer system inoperative”
response to the acquirer.

Reversals of Balance Inquiry Transactions

MasterCard supports reversals of balance inquiry transactions using Reversal

Request/0400 and Reversal Advice/0420 messages containing DE 3 (Processing
Code), subfield 1 (Cardholder Transaction Type Code), value 30 (Balance
Inquiry). In balance inquiry transactions, DE 4 (Amount, Transaction) contains
a value of all zeros.

A balance inquiry reversal is generally initiated when the balance inquiry

request is not completed at the point of interaction. An acquirer may submit
a reversal in an effort to recoup any fee that may be assessed as a result of
the original balance inquiry request.

To Participate

Issuers can complete the Point-of-Sale (POS) and ATM Balance Inquiry
Participation (Form 771).

For More Information

For details about data requirements see the Customer Interface Specification
manual.

Short Message Service Balance Inquiry Service

The Short Message Service (SMS) Balance Inquiry service allows cardholders
with SMS-enabled mobile devices to request and receive balance information
on their registered cards via their mobile phone devices.

The SMS Balance Inquiry service positions card issuers to be more competitive
by providing their cardholders with convenient real-time access to their
account balance information via their mobile devices. Issuers participating
in the SMS Balance Inquiry service receive these balance inquiries with DE
22 (Point-of-Service [POS] Entry Mode), subfield 1 (POS Terminal PAN Entry
Mode), value 81 (PAN entry via electronic commerce, including chip).

This service is only available to issuers of MasterCard® and Debit MasterCard®

cards in the U.S. and Europe regions.

To Participate

Issuers that want to participate in the SMS Balance Service Program must
support balance inquiries.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-32 27 November 2013 • Authorization Manual
 Authorization Services Details
Cardholder-Activated Terminals

Issuers that want to participate in the SMS Balance Service Program must
complete a contract and registration form. For more detailed information and
inquiries about the SMS Balance Inquiry Service, send an email message to
[email protected].

For More Information

For details about data requirements see the Customer Interface Specification
manual.

Mobile Remote Payments Balance Inquiries

The Mobile Remote Payments program provides participating cardholders with
access to their account balance information via an application on their mobile
device. Issuers participating in the Mobile Remote Payments program will
receive these balance inquiries in DE 22 (Point of Service [POS] Entry Mode),
subfield 1 (POS Terminal PAN Entry Mode), value 82 (PAN auto entry via server).

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Cardholder-Activated Terminals
Cardholder-activated terminals (CATs) are usually unattended terminals that
accept bankcards, debit, charge, and proprietary cards. These terminals are
frequently installed at rail ticketing stations, gasoline stations, toll roads, parking
garages, and other merchant locations.

For procedures related to authorization and other processing requirements

related to each CAT level, see the MasterCard Rules.

Automated Fuel Dispensers

If an issuer approves an authorization request for a cardholder-activated
automated fuel dispenser transaction identified with MCC 5542 and CAT level 2
(an AFD transaction) occurring at a merchant located in the United States or
Canada, within 60 minutes of the time that the authorization request message
was sent, the acquirer must send an authorization advice message advising
the issuer of the transaction amount.

If after approving an authorization request for an AFD transaction, an issuer in

the United States or Canada has placed a hold on cardholder funds in excess
of USD 1 or CAD 1 respectively, then within 60 minutes of receiving the
acquirer’s Authorization Advice/0120 or Reversal Request/0400 message, the
issuer must release any hold amount that exceeds the completed transaction
amount specified.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-33
Authorization Services Details
Cardholder-Activated Terminals

For requirements about intra-European Maestro transactions that occur at

unattended POS terminals located at petrol stations, see section 9.22.2,
Processing Requirements—Unattended Petrol POS Terminals in Chapter 13,
Europe Region of the Maestro Global Rules.

IFC Blocked Gaming File

Issuers have the option to block their cardholders from participating in In-flight
Commerce (IFC) gaming (CAT level 4) by listing their BINs in the IFC Blocked
Gaming File. Acquirers must ensure timely delivery and installation of the IFC
Blocked Gaming File to gambling service providers. IFC Blocked Gaming File
access is required before every gaming transaction.

Gaming transactions are not permitted at IFC terminals acquired within Europe.
NOTE
The IFC Blocked Gaming File applies only to in-flight commerce gaming, and
not to other IFC activity.

How to List BINS in the IFC Blocked Gaming File

To list BINs in this file, complete the IFC Range Blocking for Gaming
Transactions (Form 161).

Effective Dates for the IFC Blocked Gaming File

Effective dates for the IFC Blocked Gaming File are the first and 15th day of
each month. MasterCard must receive issuer listings at least two weeks before
the effective date to be included in the file.

Distribution of the IFC Blocked Gaming File

Distribution of the IFC Blocked Gaming File occurs two times each month.
MasterCard provides it either via a MasterCard bulk file or via MasterCard File
Express. For the file layout, see the IFC Blocked Gaming Transactions (Form
161).

1. MasterCard creates the IFC Blocked Gaming File at approximately 13:00 (St.
Louis time) and distributes it to acquirers’ MIPs.
2. Acquirers stage the file for unloading and distribute it to their gaming
service providers.
3. Gaming service providers must ensure timely delivery and installation of
the IFC Blocked Gaming File to the on-board servers that monitor IFC
transactions.
NOTE
Because MasterCard requires IFC Blocked Gaming File access before every
gaming transaction, acquirers and gaming service providers must distribute and
install the file when they receive it.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-34 27 November 2013 • Authorization Manual
 Authorization Services Details
Card Validation Code 2 Verification

MasterCard Processing of IFC Gaming Transactions

In-flight commerce gaming transactions bypass Limit-1 processing (that is, they
go directly to the issuer).

Card Validation Code 2 Verification

Card validation code 2 (CVC 2) verification provides added security for the card
authentication process in authorization requests.

CVC 2
CVC 2 is a three-digit code algorithmically derived by the issuer and indent-
printed on the signature panel to the right of the account number.

CVC 2 is one of several card authentication methods currently used by

MasterCard to combat fraud. The use of CVC 2 deters fraudulent use of an
account number.
NOTE
Stand-In processing does not verify CVC 2 values.

Conditions for CVC 2 Verification

CVC 2 verification allows acquirers to receive online verification of CVC 2
values from issuers when the certain conditions apply.

• The acquirer transmits the CVC 2 value that the cardholder provided to the
merchant in DE 48 (Additional Data—Private Use), subelement 92 (CVC 2)
of the Authorization Request/0100 message.
• The issuer provides a valid response in DE 48, subelement 87 (Card
Validation Code Result) of the Authorization Request Response/0110
message to indicate that the CVC 2 value was verified (value M or N) or not
processed (value P).

Participation Requirements
Following are the participation requirements for acquirers and issuers using
CVC 2 verification.

Acquirers

When cardholders provide merchants with the CVC 2 value for transactions,
acquirers must include the CVC 2 value in DE 48, subelement 92 of the
Authorization Request/0100 message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-35
Authorization Services Details
Card Validation Code 2 Verification

To participate in CVC 2 verification, acquirers must be able to receive the

following CVC 2 values in DE 48, subelement 87 of the Authorization Request
Response/0110 message.

Subelement 87 Value Description

M Valid CVC 2—match
N Invalid CVC 2—non-match
P CVC 2 not processed—issuer temporarily unavailable
U CVC 2 unverified—MasterCard use only

The acquirer is responsible for ensuring that the merchant receives the CVC
2 response code provided by the issuer in DE 48, subelement 87 of the
Authorization Request Response/0110 message.

Issuers

Issuers must be able to receive and to process the CVC 2 value when present
in DE 48, subelement 92 of the Authorization Request/0100 message, and to
provide a valid CVC 2 response in DE 48, subelement 87 of the Authorization
Request Response/0110 message.

CVC 2 values M, N, and P are considered valid when used by issuers. Only
MasterCard can use CVC 2 value U.

The Authorization Platform places a value of U in DE 48, subelement 87 of the

Authorization Request Response/0110 message to indicate that the CVC 2 value
was not verified, at the issuer’s request, as the issuer was temporarily unable
to receive the CVC 2 value.

Issuers should note that if an acquirer transmits both CVC 1 and CVC 2 data,
CVC 1 processing takes precedence over CVC 2 processing.

WHEN the CVC 1 value is… THEN…

Invalid Issuers should respond with value Y (Invalid CVC 1)

in DE 48, subelement 87. Issuers should not verify
the CVC 2 value.

Valid Issuers must verify the CVC 2 value and send the
appropriate response to the acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-36 27 November 2013 • Authorization Manual
 Authorization Services Details
Card Validation Code 3 (CVC 3) Verification

NOTE
At this time, the MasterCard Card Validation Code 2 (CVC 2) Validation Program
is only applicable to merchants in the U.S. region. When a U. S. region merchant
is registered in the MasterCard CVC 2 Validation Program, issuers may use
chargeback message reason 4837 (No Cardholder Authorization) to charge back
a face-to-face, key-entered transaction if proper CVC 2 validation was received
instead of card imprint. In lieu of obtaining a card imprint to remedy chargeback
message reason code 4837, the MasterCard CVC 2 Validation Program allows
registered merchants in the program to process a key-entered, face-to-face
transaction containing a CVC 2 value that is an acceptable proof of card presence.

Card Validation Code 3 (CVC 3) Verification

Card validation code 3 (CVC 3) verification provides added security to validate
whether a MasterCard® PayPass™ card or device is legitimate.

CVC 3
CVC 3 is a code algorithmically derived by a PayPass card or device.

CVC 3 On-behalf Services

MasterCard provides several CVC 3 on-behalf services to support the PayPass
product. The CVC 3 on-behalf services are available for transactions that derive
from proximity chip functionality with magnetic stripe Track 1 or Track 2 data
containing a CVC 3 value.

To support PayPass product on-behalf processing, the following CVC 3

on-behalf services are available:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-37
Authorization Services Details
Card Validation Code 3 (CVC 3) Verification

• Static CVC 3 Validation in Stand-In Service—This is an optional service for

issuers with PayPass-enabled authorization systems that support static CVC
3 validation (using the CVC 1 algorithm and key type) and want MasterCard
to provide static CVC 3 validation when the issuer is not available and the
transaction is processed by the Stand-In System. If the issuer is unavailable,
MasterCard considers the results of the static CVC 3 validation when the
transaction is processed by the Stand-In System.
• Dynamic CVC 3 Pre-validation Service—This is an optional, stand-alone
service for issuers with PayPass-enabled authorization systems that do not
support dynamic CVC 3 validation. The PayPass Mapping Service may be
used with the Dynamic CVC 3 Pre-validation Service.
MasterCard will perform the dynamic CVC 3 validation on behalf of the
issuer before forwarding the Authorization Request/0100 message. If the
issuer is unavailable, MasterCard will consider the results of the dynamic
CVC 3 validation when the transaction is processed by the Stand-In System.
• Dynamic CVC 3 Validation in Stand-In Service—This service is available to
issuers with PayPass-enabled authorization systems that support dynamic
CVC 3 validation in-house and want MasterCard to provide dynamic CVC 3
validation when the issuer is not available and the transaction is processed
by the Stand-In System.

The issuer receives the following information in the Authorization Request/0100

message:

• The result of the CVC 3 validation inserted in DE 48 (Additional

Data—Private Use), subelement 71 (On-behalf Services), subfield 2 (OB
Result 1) with one of the following values:

– A (ATC outside allowed range) for dynamic CVC 3 pre-validation only

– E (CVC 3 ATC Replay) for dynamic CVC 3 only
– I (CVC 3 Invalid)
– N (Unpredictable Number Mismatch) for dynamic CVC 3 only
– U (Unable to process)
– V (Valid CVC 3)
• ATC information inserted in DE 48, subelement 34 (Dynamic CVC 3 ATC
Information) only for the dynamic CVC 3 services and if DE 48, subelement
71 is value V, A, or E.

Participation in any CVC 3 on-behalf service is defined by the combination

of an account range and the floor expiry date. Validation is facilitated by
information the issuer provides to MasterCard. Unless MasterCard arranges
for devices to be sent to cardholders on behalf of issuers, issuers will be
requested to provide confidential key data to MasterCard that will be critical
in the validation process. For information about CVC 3 validation, issuers
should reference the Key Management Services (KMS) interface section in the
On-behalf Key Management (OBKM) Procedures, On-behalf Key Management
(OBKM) Interface Specifications, and PayPass On-behalf Services Guide.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-38 27 November 2013 • Authorization Manual
 Authorization Services Details
Card Validation Code 3 (CVC 3) Verification

The acquirer receives the following CVC 3 data in the Authorization Request
Response/0110 message containing DE 48, subelement 87 (Card Validation
Code Result):

• E (Length of unpredictable number was not a valid length)

• P (Unable to process)
• Y (Invalid or ATC Outside of Allowed Range or ATC Replay)

If the CVC 3 data is valid, the Authorization Platform will not include DE 48,
subelement 87 in the Authorization Request Response/0110 message to the
acquirer.

The issuer receives the following information in the Authorization Advice/0120

message when the Stand-In System responded on behalf of the issuer or when
the issuer requested the Optional Non-valid CVC 3 Processing:

• DE 48, subelement 71 (On-behalf Services) identifies the service performed

and the result.
• DE 48 (Additional Data—Private Use), subelement 34 (Dynamic CVC 3 ATC
Information) is present when the on-behalf service result in subelement 71,
subfield 2 (On-behalf Result 1) was value A, E, or V.
• DE 48, subelement 87 (Card Validation Code Result) is present when the
CVC 3 validation result was not valid.
• DE 60 (Advice Reason Code) identifies the specific reason for the advice
message.

Optional Non–valid CVC 3 Processing

MasterCard provides issuers the option to have the Authorization Platform
respond to the Authorization Request/0100 messages on their behalf
when the CVC 3 value is not valid. Issuers receive an Authorization
Advice/0120—System-generated message when the Authorization Platform
responds.

This option only is available to issuers, which are connected to the MasterCard
Network, participating in the PayPass Mapping Service or the Dynamic CVC 3
Pre-validation Service.

PayPass Application Transaction Counter (ATC) File (MCC109)

The PayPass Application Transaction Counter (ATC) file (MCC109) contains the
most recent ATC values for PayPass cards or devices that were personalized
using dynamic values in the ATC and unpredictable number (UN). Issuers
participating in the CVC 3 Validation in Stand-In Service or in the CVC 3
Pre-validation Service may provide this file to MasterCard.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-39
Authorization Services Details
Card Validation Code 3 (CVC 3) Verification

Updating a PayPass ATC File

Issuers may need to update the ATC file when:

• Migrating an existing PayPass account range to one of the PayPass

On-behalf Services.
• Using one of the PayPass On-behalf Services for PayPass EMV Cards.
• Using the CVC 3 Validation in Stand-In Service.
• Using one of the PayPass On-behalf Services for a subset of all transactions
generated by a PayPass card or device (for example, an issuer may only
use the service for Signature Debit transactions of the Debit® MasterCard
cards they issue).

MasterCard supports entry of the ATC data in DE 101 (File Name), value
MCC109 via the following methods:

• Issuer File Update/0302 messages

• Bulk file request (R311)
• MasterCard eService

Submitting a PayPass ATC File Deletion Request

Issuers can request deletion of a PayPass MCC109 record, including all historical
ATC values associated with the record, from the ATC database by submitting a
R311 bulk file maintenance request.

Issuers must delete an existing record if the account number associated to the
record is reissued because the PayPass card or device is lost/stolen, canceled,
damaged, or it has expired.

Issuers must include the following Detail Record fields when submitting a
PayPass ATC File deletion request:

• DE 91 (Issuer File Update), value 3 (Delete)

• DE 101 (File Name), value MCC109 (PayPass Application Transaction
Counter [ATC] File)
• DE 120 (Record Data), MCC109, fields 1 through 4. Field 4 must contain all
zeros for a deletion request.

To determine the record detail, issuers can submit a RH51 ATC Data File
Request identifying the account range for which the issuer wants to see all
accounts and their ATC values. The current record details are provided in
the ATC Data File Outbound (TM44). For PayPass ATC file formats, see the
Account Management System User Manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-40 27 November 2013 • Authorization Manual
 Authorization Services Details
Card Validation Code 3 (CVC 3) Verification

MCC109 Maintenance Requests

MCC109 maintenance requests submitted via the online Issuer File Update
Request/0302 message or MasterCard eService are applied immediately.
Maintenance requests submitted by bulk file are applied one time per day at
18:00 hours (St. Louis, Missouri USA time).

For more information about MCC109 maintenance requests, see the Account
Management System User Manual.

Alternate Processing
MasterCard considers the results of the CVC 3 validation in DE 48, subelement
71 (On-behalf Services) when responding to the Authorization Request/0100
message for issuers participating in pre-validation services or in the Stand-In
validation services. If the results are invalid, MasterCard uses the issuer’s
instructions from the decision matrix as set in the key file.

Issuers participating in one of the CVC 3 on-behalf services should reference

the KMS interface section defined in the On-behalf Key Management (OBKM)
Procedures and On-behalf Key Management (OBKM) Interface Specifications
manuals for information about dynamic CVC 3 validation keys.

Authorization Reports
The following reports provide information about CVC 3 on-behalf services.

• The Authorization Parameter Summary Report (SI737010-AA) lists the name

of the on-behalf service in which the issuer is participating for an account
range and displays the issuer selection for participating in the optional,
non-valid CVC 3 processing service.
• The Daily Account File Activity Report (AM700010-DD) contains the PayPass
Application Transaction Counter (ATC) File activity.

For a sample of the Authorization Parameter Summary Report (SI737010-AA),

see “Reports.” For a sample of the Daily Account File Activity Report
(AM700010-DD), see the Account Management System User Manual.

To Participate
CVC 3 on-behalf services are currently available to issuers that process through
the Dual Message System.

For more information about CVC 3 on-behalf services and how to participate,
see the PayPass On-behalf Services Guide.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-41
Authorization Services Details
Card Validation Code Verification for Emergency Card Replacements

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Card Validation Code Verification for Emergency Card

Replacements
Card validation code (CVC) for emergency card replacements is a service
that provides a way for MasterCard to encode a CVC on the Emergency Card
Replacement Service (ECR Service). The MasterCard Global Service Center
provides this service for customers.

CVC verification for ECR Service is optional.

How to Request CVC Verification for ECR Service

Customers that use MasterCard ECR Service can request this service by
completing the CVC Verification Specification Form for Emergency Card
Replacements (Form 566/567).
NOTE
Customers that do not currently use MasterCard ECR Service can request the
ECR Service by completing the Global Service questionnaire, available from the
Customer Operations Services team.

Use of CVC Keys

To produce ECRs with CVC technology, MasterCard either must obtain CVC
keys from issuers or receive permission from issuers to use CVC keys that they
provided to MasterCard for CVC verification in Stand-In processing.

To provide MasterCard with CVC keys and specifications, complete the CVC
Specification Form for Emergency Card Replacements (Form 566/567).

MasterCard securely stores these keys and components, allowing access to the
information only to generate CVC coding for the ECRs processed through the
Global Service Center.

Cirrus and Maestro Transaction Processing

This information explains Cirrus and Maestro transaction processing.
NOTE
Applies only to the Europe region.

The Authorization Platform supports Cirrus® (CIR) and Maestro® (MSI)

transaction processing. MasterCard supports both acquiring and issuing activity
on the Authorization Platform for CIR and MSI card products.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-42 27 November 2013 • Authorization Manual
 Authorization Services Details
Cirrus and Maestro Transaction Processing

Both acquiring and issuing CIR and MSI transactions are limited to Europe
region acquirers and issuers that process through the MasterCard Network.

Cirrus

Cirrus (CIR), as a brand, is a MasterCard card brand designed exclusively

for use at an ATM. Cirrus, as a network, is a wholly owned subsidiary of
MasterCard International Incorporated that operates the international ATM
sharing association known as the MasterCard® ATM Network. CIR is one of the
brands accepted by the Cirrus® network.

The following transaction types can be initiated at the ATM and are indicated
by the contents of DE 3 (Processing Code), subfield 1 (Cardholder Transaction
Type Code) for CIR transactions:

• 00 (Purchase)
• 01 (Withdrawal)
• 28 (Payment Transaction)
• 30 (Balance Inquiry)
• 91 (PIN Unblock)
• 92 (PIN Change)

Although the Authorization Platform supports CIR transaction acquiring, only

specified acquirers have this functionality. To ensure transactions are submitted
by eligible acquirers, the Authorization Platform verifies the acquirer parameter
when an authorization transaction is branded as CIR.

Maestro

Maestro (MSI) is a MasterCard brand for debit card products that may be used
both at an ATM and a point-of-service (POS) terminal. POS transactions include
face-to-face and electronic commerce (e-commerce) transactions. Following are
the valid values for DE 3 (Processing Code), subfield 1 (Cardholder Transaction
Type Code) for MSI transactions:

• 00 (Purchase)
• 01 (Withdrawal)
• 09 (Purchase with Cash Back)
• 20 (Purchase Return/Refund)
• 28 (Payment Transaction)
• 30 (Balance Inquiry)
• 91 (PIN Unblock)
• 92 (PIN Change)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-43
Authorization Services Details
Country Level Authorization

For POS processing, MasterCard has defined specific POS processing criteria for
MSI transactions. DE 35 (Track 2 Data) must be present in the POS transaction.
For Maestro e-commerce transactions, if the acquirer could not construct DE
35, the Authorization Platform will build DE 35 using the contents of DE 2
(Primary Account Number [PAN]) and DE 14 (Date, Expiration). Although
the Authorization Platform supports MSI transaction acquiring, only specified
acquirers have this functionality. To ensure transactions are submitted by
eligible acquirers, the Authorization Platform verifies the acquirer parameter
when an authorization transaction is branded as MSI.

Alternate Processing

Alternate processing is optional for CIR and MSI transactions.

For issuers that choose to use the Stand-In System for alternate processing,
Stand-In uses either the product or account range issuer–defined limits to
determine how to respond to an Authorization Request/0100 message. If an
issuer does not specify account range level processing, the Stand-In System
uses the MasterCard defined product level defaults.

For the current definition of minimum transaction limits, see the Cirrus
Worldwide Operating Rules and the Maestro Global Rules.

WHEN… THEN the Authorization Platform…

The issuer or the Stand-In System is not Returns an Authorization Request

available to respond to the Authorization Response/0110 message where:
Request/0100 message DE 39 = 91 (Authorization System or
issuer system inoperative)

CIR and MSI transactions are not processed by the X-Code System.

For More Information

Specific processing rules and Standards have been defined for CIR ATM
processing and MSI ATM processing. For more information, see “ATM
Processing for Europe Region Acquirers.”

Country Level Authorization

Country level authorization is an optional service that allows issuers of
local-use-only cards to have the Authorization Platform automatically decline
all local-use-only authorization outside of their country. The Authorization
Platform compares the data in the point-of-service (POS) country code
field with the issuer’s country. The Authorization Platform only forwards
authorizations acquired within the issuer’s country to the issuer for processing.
The Authorization Platform declines all other transactions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-44 27 November 2013 • Authorization Manual
 Authorization Services Details
Currency Conversion Processing

Country Level Authorization Process

Stages of the process that the Authorization Platform follows if the issuer
designates the BIN for local-use only:

1. When the acquirer MIP receives an Authorization Request/0100 message,

the Authorization Platform checks whether the issuer designated the BIN
for local-use-only.
2. For BINs for which the issuer designated the BIN for local-use-only, the
Authorization Platform compares:

• The issuer’s country on file at MasterCard to

• The POS Country Code, DE 61 (Point-of-Service [POS] Data), positions
14–16 of the Authorization Request/0100 message.
• An accurate match depends on acquirers including the correct data
in this field.

WHEN the issuer’s

country… THEN the Authorization Platform…

Matches the POS Continues with normal processing.

Country Code

Does not match the Returns a response of 62 (Restricted Card) in DE 39

POS Country Code (Response Code) of the Authorization Request
Response/0110 message.

NOTE
Use of the Country Level Authorization service does not alter a customer’s
responsibility for the use of local-use-only cards outside the country of issuance,
including liability for all authorized and all below-the-floor-limit transactions.

In addition, MasterCard assumes no liability for improper authorizations of such

transactions that may result from issuer, acquirer, or merchant errors, or from
Authorization Platform or Country Level Authorization service outages.

Currency Conversion Processing

The Authorization Platform automatically provides a currency conversion
service to acquirers and issuers to allow processing of online 01xx authorization
and 04xx reversal transaction messages in the customer’s preferred currency.

Acquirers may submit online messages in any valid local transaction currency.
Acquirers and issuers will receive amount-related data elements in the acquirer’s
transaction currency and issuer’s cardholder billing currency even if they use the
same currency. Acquirers and issuers have the option to receive amount-related
data elements in the settlement currency (always U.S. dollars).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-45
Authorization Services Details
Currency Conversion Processing

Acquirers and issuers that want to change the option to receive settlement
amount-related data elements must complete the Currency Conversion
Parameters—Acquirer and Issuer Usage (Form 391). Issuers that submit
online RiskFinder™ scoring requests must be set up to receive settlement
amount-related data elements because RiskFinder requires U.S. dollar currency
within the scoring request.

CAPS issuers receive the Daily Activity Report in the issuer’s specified currency.

Currency Conversion Rates

The Authorization Platform uses wholesale mid rates to perform currency
conversion between two currencies. The wholesale mid rates are obtained from
the Member Profile 5—Currency Conversion Values, ISO code, ISO Rate, and
Rate Exponent record in the daily Member Profile Extract (MPE) File (bulk ID
T007). These wholesale mid rates are denominated against the U.S. dollar.

Currency Conversion Calculation

The Authorization Platform converts from a source currency to a destination
currency using the wholesale mid rates of the two currencies.

For example:

Source currency rate vs. U.S. dollars = 2.000000

USD rate = 1.000000

Destination currency rate vs. U.S. = 3.000000

dollars
Source amount = 1,000
USD amount = 500 (1000 x 1.000000/2.000000)

Destination amount = 1,500 (1000 x 3.000000/2.000000)

Amount-related Data Element Usage

The following table lists how acquirers and issuers send and receive
amount-related data elements in online messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-46 27 November 2013 • Authorization Manual
 Authorization Services Details
Currency Conversion Processing

Data
Element Acquirer Sends Issuer Receives Issuer Returns Acquirer Receives

DE 4 In acquirer’s In acquirer’s In acquirer’s In acquirer’s

transaction currency transaction currency transaction currency transaction currency
(echo except when
responding with
partial approval or
purchase amount
only–no cash back
allowed)
DE 5 N/A In U.S. dollars if issuer In U.S. dollars In U.S. dollars
receives settlement if issuer receives if acquirer
amount-related data settlement amounts receives settlement
elements (echo except when amount-related data
Not present if responding with elements
issuer does not partial approval or Not present if
receive settlement purchase amount acquirer does not
amount-related data only–no cash back receive settlement
elements allowed) amount-related data
Not present if elements.
issuer does not This data will
receive settlement be present, as
amount-related data defined, except when
elements the Authorization
Platform has declined
an Authorization
Request/0100
message and was
unable to complete
currency conversion
processing.

DE 6 N/A In issuer’s cardholder In issuer’s cardholder In issuer’s cardholder

billing currency billing currency billing currency.
(echo except when This data will
responding with be present, as
partial approval or defined, except when
purchase amount the Authorization
only—no cash back Platform has declined
allowed) an Authorization
Request/0100
message and was
unable to complete
currency conversion
processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-47
Authorization Services Details
Currency Conversion Processing

Data
Element Acquirer Sends Issuer Receives Issuer Returns Acquirer Receives
DE 9 N/A Rate used to convert Rate used to convert Rate used to convert
DE 4 amount from DE 4 amount DE 4 amount from the
acquirer’s transaction from acquirer’s acquirer’s transaction
currency to U.S. transaction currency currency to U.S.
dollars, if issuer to U.S. dollars, dollars, if acquirer
receives settlement if issuer receives receives settlement
amount-related data amount-related data amount-related data
elements elements (echo) elements
Not present if Not present if Not present if
issuer does not issuer does not acquirer does not
receive settlement receive settlement receive settlement
amount-related data amount-related data amount-related data
elements elements elements.
This data will
be present, as
defined, except when
the Authorization
Platform has declined
an Authorization
Request/0100
message and was
unable to complete
currency conversion
processing.
DE 10 N/A Rate used to convert Rate used to convert Rate used to convert
DE 4 amount from DE 4 amount from DE 4 amount from
acquirer’s transaction acquirer’s transaction acquirer’s transaction
currency to issuer’s currency to issuer’s currency to issuer’s
cardholder billing cardholder billing cardholder billing
currency currency (echo) currency.
This data will
be present, as
defined, except when
the Authorization
Platform has declined
an Authorization
Request/0100
message and was
unable to complete
currency conversion
processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-48 27 November 2013 • Authorization Manual
 Authorization Services Details
Currency Conversion Processing

Data
Element Acquirer Sends Issuer Receives Issuer Returns Acquirer Receives

DE 16 N/A Month and day Month and day Month and day
conversion rate is conversion rate is conversion rate is
effective effective (echo) effective.
This data will
be present, as
defined, except when
the Authorization
Platform has declined
an Authorization
Request/0100
message and was
unable to complete
currency conversion
processing.
DE 28 In acquirer’s In acquirer’s In acquirer’s In acquirer’s
transaction currency transaction currency transaction currency transaction currency
(echo)

DE 49 Acquirer’s transaction Acquirer’s transaction Acquirer’s transaction Acquirer’s transaction

currency code currency code currency code (echo) currency code
DE 50 N/A Settlement currency Settlement currency Settlement currency
code (840) if issuer code (840) if issuer code (840) if acquirer
receives settlement receives settlement receives settlement
amount-related data amount-related data amount-related data
elements elements (echo) elements
Not present if Not present if Not present if
issuer does not issuer does not acquirer does not
receive settlement receive settlement receive settlement
amount-related data amount-related data amount-related data
elements elements elements.
This data will
be present, as
defined, except when
the Authorization
Platform has declined
an Authorization
Request/0100
message and was
unable to complete
currency conversion
processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-49
Authorization Services Details
Currency Conversion Processing

Data
Element Acquirer Sends Issuer Receives Issuer Returns Acquirer Receives
DE 51 N/A Issuer’s cardholder Issuer’s cardholder Issuer’s cardholder
billing currency code billing currency code billing currency code.
(echo) This data will
be present, as
defined, except when
the Authorization
Platform has declined
an Authorization
Request/0100
message and was
unable to complete
currency conversion
processing.

DE 54 If applicable to the One occurrence of If applicable to the One occurrence of

transaction, one each amount type in transaction, one each amount type in
occurrence of each acquirer’s transaction occurrence of each acquirer’s transaction
amount type in currency amount type in currency
acquirer’s transaction One occurrence of issuer’s cardholder One occurrence of
currency each amount type in billing currency (not each amount type in
issuer’s cardholder an echo of what the issuer’s cardholder
billing currency acquirer sent) billing currency
DE 95 If applicable, DE 95, subfield 1 in Same values as DE 95, subfield 1 in
DE 95, subfield 1 in acquirer’s transaction received (echo) acquirer’s transaction
acquirer’s transaction currency currency
currency; DE 95, DE 95, subfield 2 in DE 95, subfield 2 in
subfields 2–4 contain U.S. dollars if issuer U.S. dollars if acquirer
zeros receives settlement receives settlement
amount-related data amount-related data
elements elements
DE 95, subfield DE 95, subfield
2 zero-filled if 2 zero-filled if
issuer does not acquirer does not
receive settlement receive settlement
amount-related data amount-related data
elements elements
DE 95, subfield 3 in DE 95, subfield 3 in
issuer’s cardholder issuer’s cardholder
billing currency billing currency
DE 95, subfield 4 DE 95, subfield 4
zero-filled zero-filled

Issuers should echo amount-related data elements in response messages

as they were received in the request messages. The exception is when an
issuer provides DE 39 (Response Code), value 10 (Partial approval) or 87
(Purchase amount only, no cash back allowed) in an Authorization Request
Response/0110 message. When providing either of these responses, the issuer
is required to provide DE 6 and DE 51 according to the specifications for partial
approvals and purchase of goods or services with cash back.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-50 27 November 2013 • Authorization Manual
 Authorization Services Details
Electronic Commerce

DE 5, DE 6, DE 9, DE 10, DE 16, DE 50, or DE 51 will be present, as defined,

except when the Authorization Platform has declined an Authorization
Request/0100 message and was unable to complete currency conversion
processing.

Currency Conversion Form

Issuers must complete the Currency Conversion Parameters—Acquirer and
Issuer Usage (Form 391) to specify their cardholder billing currency and to
indicate if they want to receive amount-related data elements in the settlement
currency (U.S. dollars) in authorization and reversal messages.

Additionally, acquirers must complete the Currency Conversion

Parameters—Acquirer and Issuer Usage form to indicate if they want to receive
amount-related data elements in the settlement currency (U.S. dollars) in
authorization and reversal messages.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Electronic Commerce
Electronic commerce (e-commerce) transactions are non–face-to-face, online
transactions that use electronic media over any public network such as the
Internet, or private network such as an extranet. E-commerce processing allows
transactions to be initiated from a cardholder-controlled device, such as a PC or
mobile phone, for purchasing goods and services on the Internet.

Customer Requirements

To process e-commerce transactions:

• All issuers must be able to receive and process all e-commerce data present
in the Authorization Request/0100 messages.
• All acquirers must properly identify e-commerce messages within the
Authorization Request/0100. They must be able to receive and to process
e-commerce Authorization Request Response/0110 messages.

For detailed transaction flows and requirements associated with participation

in the MasterCard® SecureCode™ program, see the SecureCode Member
Enrollment and Implementation Guide. For details about data requirements and
transaction processing specifications, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-51
Authorization Services Details
Electronic Commerce

Process for an Electronic Commerce Transaction

The following diagram illustrates the flow of a typical e-commerce transaction.

Electronic Commerce Transaction Flow

1. The cardholder accesses a merchant’s website via the Internet and requests
to make a purchase.
2. The merchant submits the cardholder’s information to the acquirer.
3. The acquirer sends an Authorization Request/0100 message via the
MasterCard Network to the issuer.
4. The issuer makes the authorization decision and replies using an
Authorization Request Response/0110 message.
5. The acquirer responds to the merchant.
6. The merchant completes the transaction according to the authorization
response returned.

Security of Electronic Commerce Transactions

There are various methods for securing e-commerce transactions that customers
may process through the MasterCard Network.

MasterCard messaging requirements regarding e-commerce may vary depending

on the security protocol involved in the transactions. Security protocols may
include:

• No security protocol
• Channel encryption, which is a security layer that resides between an
application and its transport layers, for example, SSL (Secure Sockets Layer)
and HTTPS (Hypertext Transfer Protocol Secure)
• SecureCode transaction using the Universal Cardholder Authentication
Field (UCAF™)

For more information about SecureCode, including detailed transaction flows

and participation requirements, see the SecureCode Member Enrollment and
Implementation Guide.

Universal Cardholder Authentication Field

The Universal Cardholder Authentication Field (UCAF™) is a standard, globally
interoperable method of collecting cardholder authentication data at the point
of interaction.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-52 27 November 2013 • Authorization Manual
 Authorization Services Details
Electronic Commerce

Within the MasterCard authorization networks, UCAF™ is a universal,

multipurpose data transport infrastructure that is used to communicate
authentication information between cardholders, merchants, issuers, and
acquirers.

Accountholder Authentication Value

The Accountholder Authentication Value (AAV) is a SecureCode-specific

implementation of UCAF™ related to issuer authentication platforms that
incorporate the Secure Payment Application (SPA) algorithm. SPA is a
MasterCard security method designed to authenticate cardholders when they
pay online.

AAV is generated by the issuer and presented to the merchant for placement in
the authorization request upon successful authentication of the cardholder.

UCAF is used to transmit the AAV from the merchant to the issuer for
authentication purposes during the authorization process.

Merchants participating in the Maestro Advance Registration Program or the

MasterCard® Advance Registration Program submit the first transaction with
SecureCode dynamic AAV for a primary account number (PAN). Subsequent
transactions for that PAN can be submitted with the MasterCard assigned static
AAV.

Issuers that want to use AAV verification may implement the following AAV
verification services:

• MasterCard SecureCode AAV Verification

• MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing

The MasterCard SecureCode AAV Verification service and MasterCard

SecureCode Dynamic AAV Verification in Stand-In Processing will not be
performed on Maestro e-commerce transactions that are processed under the
Maestro Advance Registration Program.

The MasterCard SecureCode AAV Verification Service and MasterCard

SecureCode Dynamic AAV Verification in Stand-In Processing service will not be
performed on MasterCard or Debit MasterCard® e-commerce transactions that
are processed under the MasterCard® Advance Registration Program.

To implement the MasterCard SecureCode AAV Verification service, complete

the Key Validation Service Specification Form (Form 735).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-53
Authorization Services Details
Electronic Commerce

MasterCard SecureCode
MasterCard® SecureCode™ builds upon the infrastructure requirements for
channel encryption with the additional benefit of cardholder authentication.
When used in conjunction with components of the MasterCard payment
infrastructure, this program provides a mechanism for online merchants to
potentially receive an enhanced payment guarantee similar to what retailers
(non-Internet) receive with qualifying physical point-of-sale transactions.

MasterCard requires authorization requests for MasterCard Electronic™ cards

acquired in e-commerce environments to be fully authenticated through
SecureCode. MasterCard Electronic issuers that want to process e-commerce
transactions must participate in SecureCode and provide UCAF™ data for
e-commerce transactions for a MasterCard Electronic card. MasterCard electronic
acquirers and merchants that want to process e-commerce transactions must
participate in SecureCode and be UCAF enabled.

MasterCard SecureCode AAV Verification Service

MasterCard offers a SecureCode dynamic and static AAV verification service
on every authorization transaction that contains the Universal Cardholder
Authentication Field (UCAF™) data regardless of whether the issuer’s host
system is available or unavailable to respond to the Authorization Request/0100
message.

MasterCard SecureCode AAV Verification service is an optional on-behalf service.

Neither MasterCard SecureCode AAV Verification or MasterCard SecureCode

Dynamic AAV Verification in Stand-In Processing are performed on transactions
submitted under the Maestro® Advance Registration Program or MasterCard®
Advance Registration Program, as these programs contain a static AAV.

For more information about using the MasterCard SecureCode AAV Verification
service, see the Customer Interface Specification manual.

MasterCard SecureCode Dynamic AAV Verification in Stand-In

Processing
MasterCard offers AAV verification service for authorization transactions
processed by Stand-In processing that contain AAV data in DE 48, subelement
43 (Universal Cardholder Authentication Field [UCAF]) of the Authorization
Request/0100 message.

MasterCard SecureCode Dynamic AAV Verification in Stand-In Processing is an

optional service.

For more information about using the service, see the MasterCard SecureCode
Dynamic AAV Verification in Stand-In Processing Customer Interface
Specification manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-54 27 November 2013 • Authorization Manual
 Authorization Services Details
Electronic Commerce

SecureCode Authentication Platforms

MasterCard SecureCode offers a flexible and robust solution for cardholder
authentication. Recognizing that one size does not fit all, MasterCard places
a premium on flexibility, enabling issuers to choose from a broad array of
security solutions for authenticating their cardholders, which includes both
password and smart card-based approaches.

Based on the MasterCard implementation of the 3-D Secure protocol issuers

may use issuer-assigned or cardholder-selected passwords to authenticate their
cardholders. The Chip Authentication Program (CAP), also based on the 3-D
Secure protocol, provides a seamless integration of both Europay, MasterCard,
Visa Specifications (EMV) and 3-D Secure technologies that result in stronger
authentication than traditional static password solutions.

Licensing SecureCode Specifications

The design specifications associated with MasterCard SecureCode are based
on MasterCard intellectual property. MasterCard licenses the specification to
technology vendors and customers to integrate into their current authentication
security solutions and platforms.

Technology vendors that want to integrate MasterCard SecureCode functionality

into current or future products first must establish licensing agreements with
MasterCard.

For More Information

For more information about MasterCard SecureCode, including detailed
transaction flows and participation requirements, see the SecureCode Member
Enrollment and Implementation Guide.

For additional information about the data elements required to support the use
of UCAF™, see the Customer Interface Specification manual.

MasterCard and Maestro Advance Registration Programs

The Authorization Platform supports e-commerce transactions processed under
the MasterCard® and Maestro® Advance Registration Programs.

The MasterCard and Maestro Advance Registration Programs enable enrolled

merchants that have met specific qualification criteria to accept MasterCard
cards and Maestro cards for electronic commerce (e-commerce) transactions
without using MasterCard® SecureCode™ to authenticate every transaction.
Merchants are required to perform full SecureCode authentication on the first
transaction they perform for any individual cardholder.

Acquirers in the Europe region that process MasterCard and Maestro

e-commerce transactions may optionally participate in the MasterCard and
Maestro Advance Registration Programs.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-55
Authorization Services Details
Electronic Commerce

MasterCard Electronic Commerce Transactions

MasterCard e-commerce transactions processed under the MasterCard and

Maestro Advance Registration Programs must contain DE 48 (Additional
Data—Private Use), subelement 42 (Electronic Commerce Indicators), subfield 1
(Electronic Commerce Security Level Indicator and UCAF Collection Indicator),
position 3 (UCAF Collection Indicator), value 3 in Authorization Request/0100
and Authorization Advice/0120—Acquirer-generated messages.

Static Accountholder Authentication Value

MasterCard assigns participating merchants one static Accountholder

Authentication Value (AAV) that corresponds to the program or programs in
which the merchant participates (that is, the Maestro Advance Registration
Program, MasterCard Advance Registration Program, or both).

The Authorization Platform uses the value in DE 48 (Additional Data—Private

Use), subelement 43 (Static AAV for Maestro or MasterCard Advance Registration
Program), position 1 to distinguish the acceptance brand for which a merchant
is eligible to process transactions based on participation in the Maestro Advance
Registration Program, MasterCard Advance Registration Program, or both. The
Authorization Platform verifies whether the value in DE 48, subelement 43,
position 1 matches the acceptance brand for which the transaction is processed.

Issuers may chargeback transactions that are processed without MasterCard

SecureCode™ authentication under the MasterCard and Maestro Advance
Registration Programs when there is no cardholder authorization.

To Participate

To enroll merchants in these programs, acquirers must complete a MasterCard

and Maestro Advance Registration Programs Participation Request Form (Form
900), available in the e-Commerce section (under e-Business on the main
menu) and on the Publications page on MasterCard Connect™.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

MasterCard Utility Payment Program

The MasterCard Utility Payment Program is a specific utility/bill payment
program that leverages existing MasterCard® and Maestro® Advance
Registration programs and the Maestro® Recurring Payments program.

The MasterCard Utility Payment Program is maintained as a separate program

to address potential differences associated with bill payments in areas such as
fraud risk and registration requirements. The technical and implementation
requirements for the MasterCard Utility Payment Program are consistent with
the MasterCard and Maestro Advance Registration Programs and the Maestro®
Recurring Payments program.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-56 27 November 2013 • Authorization Manual
 Authorization Services Details
Electronic Commerce

This program is available for registered billers and restricted to the following
utility and bill payment card acceptor business codes (MCCs):

• MCC 4814, MCC 4816, MCC 4899 (Telecommunication, Internet Access,

Cable and Satellite television services)
• MCC 4900 (Utilities)
• MCC 6300 (Insurances)
• MCC 6050 (Quasi Cash—Member Financial Institution)
• MCC 6051 (Quasi Cash Merchant)

Program Details

The MasterCard Utility Payment Program offers enrolled billers:

• Recurring card payments for automating bill payments—The cardholder

establishes a relationship with a merchant to receive ongoing services and
gives permission to the merchant to bill his or her account on a recurring
basis. The merchant periodically initiates transactions that may be a fixed
amount or may vary with each billing.
• E-billing integration, optimizing the payment experience of electronically
presented bills—Billers can optimize the payment experience of electronic
bills by integrating a card based payment option. The program enables
billers to add a payment button to the electronic invoice providing
cardholders with a one-click bill payment experience. The biller provides
an environment where the electronic bill will be presented and invites the
consumer to register. The consumer registers a Maestro or MasterCard card
number and credentials allowing cardholder authentication.

Implementation Requirements

For recurring payments, the first transaction can either be a face-to-face

transaction at a point-of-sale (POS) terminal (where PIN is required) or an
online e-commerce transaction (requiring MasterCard® SecureCode™). If the
first payment from the cardholder is authorized by the issuer, the biller can
submit subsequent payments by the same cardholder using the same card
account without the use of MasterCard SecureCode.

For e-billing integration, the first transaction must be submitted as an

e-commerce transaction and the biller must request MasterCard SecureCode
authentication. If the first payment from the cardholder is authorized by the
issuer, the biller can submit subsequent payments by the same cardholder using
the same card account without the use of MasterCard SecureCode.

All payments under the MasterCard Utility Payment Program are identified
by a specific Accountholder Authentication Value (AAV) in DE 48 (Additional
Data—Private Use), subelement 43 (Universal Cardholder Authentication Field
[UCAF] in the Authorization Request/0100 message:

5MUPPPROGRAM9999999999999999

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-57
Authorization Services Details
Electronic Commerce

Enrolled billers receive a MasterCard Assigned ID and are allowed to process

MasterCard® and Maestro® transactions without the use of MasterCard
SecureCode once an initial transaction is successfully verified with either
MasterCard SecureCode or PIN.

Where a transaction is submitted with a static AAV, the issuer will have a
chargeback right for reasons of fraud, which would be resolved via standard
procedures.

To Participate

Participants need to demonstrate bill payment activity and must guarantee

minimum security requirements. To enroll billers in this program, the acquirer
must complete a participation request form, available in the e-Commerce
section (under e-Business on the main menu) and on the Publications page on
MasterCard Connect™.

E-Commerce Fraud Alerts for Issuers

E-commerce Fraud Alerts for Issuers requires acquirers to inform issuers when a
merchant or acquirer has decided not to complete an approved card-not-present
(CNP) transaction because of high-fraud risk. This information will enable
issuers to appropriately monitor or block those cards to prevent future fraud.

This service will be required for CNP transactions, including e-commerce, mail
order/telephone order (MOTO), and recurring payment transactions.

Benefits

E-commerce Fraud Alerts for Issuers provides the following benefits:

• Provides issuers with a very predictive indicator about cards that need to be
monitored due to suspicious behavior
• Allows issuers, acquirers, and merchants to reduce fraud losses,
chargebacks, and associated costs by enabling issuers to intervene early on
alerted card accounts
• Enables increased collaboration and communications between merchants
and issuers to take fraud out of the system and ultimately increase
cardholder confidence in the system

How It Works

When an acquirer or merchant has decided not to complete an approved CNP

transaction because of high-fraud risk, the acquirer must send the Authorization
Platform a Reversal Request/0400 message containing DE 39 (Response Code),
value 34 (Suspect Fraud).

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-58 27 November 2013 • Authorization Manual
 Authorization Services Details
Electronic Commerce

The issuer must be prepared to receive DE 39 (Response Code), value 34

(Suspect Fraud) in Reversal Request/0400 or Reversal Advice/0420 messages
and generate appropriate Reversal Request Response/0410 or Reversal Advice
Response/0430 messages. Issuers must release any hold placed on the
cardholder’s account for the amount of the original, approved Authorization
Request/0100 message.

Fees

See the MasterCard Consolidated Billing System manual for fees and billing
information.

Reports

The Issuer Authorization Detail report (AB201010-A2) will be used to support

analysis of the reversal messages containing the new code. The Stand-In Detail
Authorization report (AB111010–AA) will also be modified to support the new
reason code value in DE 39. See the MasterCard Consolidated Billing System
manual for samples of these reports.

An issuer E-commerce Fraud Alerts for Issuers report will be available for Dual
Message System transactions that contains detail transaction information. This
report can be requested through PortfolioAnalytics.

Comparison of Security Protocols

The following table provides a comparison of security protocols.

Type of Security Protocol

SecureCode (using UCAF;
Feature None Channel Encryption dynamic AAV)

Protection of Unprotected Protected Protected

information over
the Internet

Protection of Payment information Payment information Payment information

information at unprotected. (Merchant unprotected. (Merchant unprotected unless used
the merchant sees all cardholder sees all cardholder in conjunction with
site information.) information.) pseudo–account number
solution. (Merchant sees
all cardholder information.
Merchant should encrypt
all sensitive data behind
a firewall in compliance
with the Payment Card
Industry (PCI) Data Security
Standard.

Authentication No authentication No authentication No authentication

of Acquirer

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-59
Authorization Services Details
Expert Monitoring Solutions Hosted by MasterCard

Type of Security Protocol

SecureCode (using UCAF;
Feature None Channel Encryption dynamic AAV)
Authentication No authentication No authentication No authentication
of Merchant for
payment

Authentication No authentication No authentication Reliable authentication

of Cardholder provided by the MasterCard
for payment issuer or by MasterCard
on-behalf of the issuer

Expert Monitoring Solutions Hosted by MasterCard

Expert Monitoring Solutions hosted by MasterCard provide issuers with a
comprehensive suite of fraud solutions designed to detect and prevent
fraudulent transactions and provide U.S. region acquirers with a real-time fraud
scoring solution for merchants on U.S.-issued, dual message, card-not-present
(CNP) authorization transactions.

Effective fraud mitigation requires advanced functionality in the authorization

process. The Expert Monitoring System monitors authorization transactions and
alerts participating financial institutions of at-risk transactions. This enables
issuers to improve profitability and cardholder satisfaction, while protecting the
integrity of MasterCard transactions.

Expert Monitoring Compromised Account Service

The Expert Monitoring Compromised Account service provides participating
issuers with account data compromise (ADC) event information in authorization
messages.

This optional service notifies issuers through authorization messages when

cardholder account data has been reported in MasterCard® Alerts™ as
potentially compromised. Issuers can integrate this real-time data into their
existing fraud monitoring process and make decisions based on an account’s
exposure to fraudulent activity.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-60 27 November 2013 • Authorization Manual
 Authorization Services Details
Expert Monitoring Solutions Hosted by MasterCard

How It Works

When an account has been reported under MasterCard Alerts as potentially

compromised, the card issuer will be provided additional data points regarding
the account data that has been compromised and the MasterCard Alerts case
numbers under which the account has been exposed. MasterCard will also
provide an ADC Threat Score within the authorization message indicating the
likelihood that the compromised account will experience fraud as a result
of the compromise. Because the risk of fraud resulting from a compromise
continues for an extended period of time following an ADC event, MasterCard
makes the Compromised Account service data points available for a period
of three years after an account data compromise is published via MC Alerts.
Whenever a transaction takes place on the potentially exposed account during
the three-year period, ADC event information is provided to the issuer in the
authorization request message.

The ADC Threat Score provided with the Expert Monitoring Compromised
Account service provides participating issuers with valuable insights into the
risk of fraud occurring on each of their exposed accounts. This score provides
issuers with another key data point to assist them in determining when or if an
account should be reissued to avoid ADC-related fraud. Other data provided
with this service includes the Threat Score Days Elapsed, which specifies the
number of days since the threat score was refreshed; Case Key Codes #1, #2,
and #3, which identifies the case IDs that have been tagged to the account by
MasterCard Alerts; and ADC data type that have been potentially exposed such
as account number, magnetic stripe, personal identification number (PIN), CVC
2, personal information, and expiration date.

This service complements the Expert Monitoring Real-time Fraud Scoring

service, as well as Fraud Rule Manager service. When used together, these
services provide issuers with a comprehensive solution for fraud detection
and prevention.

Authorization Processing

The following stages describe authorization processing for a transaction that

contains a primary account number (PAN) participating in the ADC Event
Messages service.

1. The acquirer sends an Authorization Request/0100 message containing the

issuer PAN via the MasterCard Network.
2. The Authorization Platform verifies that the PAN is part of an issuer account
range that participates in the ADC Event Messaging service, and then
searches the database for an ADC event match.
3. If the issuer account range participates in the service and an ADC event
match is found, the Authorization Platform inserts the following values in
the Authorization Request/0100 message:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-61
Authorization Services Details
Expert Monitoring Solutions Hosted by MasterCard

• DE 48 (Additional Data—Private Use), subelement 39 (Expert Monitoring

Compromised Account Service Information) containing the account data
compromise event information. DE 48, subelement 39 contains multiple
pieces of information, including up to three case key codes (unique
key to identify case).
Case key codes can be used to locate the MasterCard Alerts Full Case
ID associated with a particular ADC event (for example, MCAlert Full
Case ID: MCA2101-US-09). In this example, the case key code in DE
48, subelement 39 is displayed in the following format: 021019, which
displays five positions for the alert number and the first digit of the year
(right justify and pad string with spaces if needed).
• DE 48, subelement 71 (On-behalf Services), subfield 1 (On-behalf
[OB] Service), value 25 (Expert Monitoring Compromised Account
Service Information), subfield 2 (On-behalf [OB] Result 1), value Y
(Compromised Event Data Found), and subfield 3 (On-behalf [OB]
Result 2), space filled
4. If the issuer account range participates in the service and an ADC event
match is not found, the Authorization Platform inserts DE 48, subelement
71, subfield 1, value 25, subfield 2, value N (Compromised Event Data Not
Found) and subfield 3, spaced filled in the Authorization Request/0100
message. DE 48, subelement 39 is not present in the Authorization
Request/0100 message.
5. The Authorization Platform forwards the Authorization Request/0100
message to the issuer.
6. The issuer approves or declines the authorization request by sending
an Authorization Request Response/0110 message to the Authorization
Platform.

Authorization Reports

The Authorization Parameter Summary Report (SI737010-AA) includes an ADC

Event (Expert Monitoring Compromised Account service) participant parameter
in the Global Parameters section to indicate issuer account range participation
in this service. For a sample of the Authorization Parameter Summary Report
(SI737010-AA), see “Reports.”

To Participate

Issuers that want to participate in the Expert Monitoring Compromised Account

service must complete a contract and registration form. For information
about the service and to start the registration process, issuers may contact
their MasterCard representative or the Risk Solutions team directly at
[email protected].

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-62 27 November 2013 • Authorization Manual
 Authorization Services Details
Expert Monitoring Solutions Hosted by MasterCard

Expert Monitoring Real-time Fraud Scoring and Fraud Rule

Manager Services
The Expert Monitoring System® Real-time Fraud Scoring and Fraud Rule
Manager services represent the latest innovation to the MasterCard suite of
fraud prevention services.

Using state-of-the-art predictive modeling technology, the Real-time Fraud

Scoring service provides issuers with a real-time fraud score on all dual message
transactions at the time of the authorization request. The score measures
the likelihood that the transaction contained in the authorization request is
fraudulent or high-risk. This service also provides issuers with a fraud score
reason code, which will identify factors that influenced the fraud score.

The Fraud Rule Manager service is an optional service that allows participating
issuers to publish and enact business rules specific to their portfolio of
accounts. The outcome of the rules may be to introduce a Rule Adjusted Score,
Rule Reason Codes, or both into the authorization message when rule criteria
authorized by the issuer is met. This service may operate as a stand-alone
service or in partnership with the Expert Monitoring System.

Benefits

Expert Monitoring Real-time Fraud Scoring and Fraud Rule Manager services
provide the following benefits:

• Delivers information about potential fraud in real-time, so card issuers can

factor the increased risk level into their authorization process.
• Offers a network-hosted service which drastically cuts the issuer total cost
of ownership for predictive fraud modeling capabilities.
• Reduces fraud detection costs by prioritizing transactions by fraud
probability, so issuers can focus their attention on higher-risk authorization
transactions.
• Allows issuers to publish and enact business rules specific to their portfolio
of accounts.

Authorization Processing

MasterCard uses the following values in DE 48 (Additional Data—Private Use),

subelement 71 (On-behalf Services) and subelement 75 (Fraud Scoring Data) of
Authorization Request/0100 and Authorization Advice/0120—System-generated
messages to support fraud scoring service transactions.

The Authorization Platform inserts subelement 75 when Expert Monitoring

Real-time Fraud Scoring service is performed or when both Expert Monitoring
Real-time Fraud Scoring and Fraud Rule Manager services are performed on the
transaction. When a rule adjusted score is provided in subfield 3, at least one or
more rule reason code values will be provided in subfields 4–5. However, rule
reason code values may be provided in subfields 4 or 5 with or without a rule
adjusted score in subfield 3.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-63
Authorization Services Details
Expert Monitoring Solutions Hosted by MasterCard

• Subelement 71 (On-behalf Services):

– Subfield 1 (On-behalf [OB] Service), value 18 (Fraud Scoring Service)

– Subfield 2 (On-behalf [OB] Result 1), value C (Successful) and U
(Unable)
Subelement 75 will not be populated when U (Unable) is the result.
• Subelement 75 (Fraud Scoring Data):

– Subfield 1 (Fraud Score)

– Subfield 2 (Score Reason Code)
– Subfield 3 (Rules Adjusted Score)
– Subfield 4 (Rules Reason Code 1)
– Subfield 5 (Rules Reason Code 2)
NOTE
Participating issuers may contact the MasterCard Risk Solutions Team for a list
of the specific score reason codes and rule reason codes that apply to their
institution.

Alternate Processing

The Stand-In System and X-Code System do not consider Expert Monitoring
System information when processing an authorization request.

The Authorization Platform will send the issuer an Authorization

Advice/0120—System-generated message containing the Real-time Fraud
Scoring Service information that was provided in the original Authorization
Request/0100 message.

To Participate

Issuers that want to participate in these services must complete a contract

and registration form. Issuers interested in registering for this service should
contact their MasterCard representative or the MasterCard Risk Solutions Team
at [email protected].

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Expert Monitoring Real-time Fraud Scoring Service for

Merchants
The Expert Monitoring Solutions (EMS) Real-time Fraud Scoring Service for
Merchants provides participating acquirers with a real-time fraud score on
U.S.-issued, dual message, card-not-present (CNP) authorization transactions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-64 27 November 2013 • Authorization Manual
 Authorization Services Details
Expert Monitoring Solutions Hosted by MasterCard

Benefits

The Expert Monitoring Real-time Fraud Scoring Service for Merchants provides
the following benefits:

• Provides CNP merchants with a real-time behavior-based fraud score at

the time of transaction authorization
• Delivers a predictive fraud score on MasterCard transactions to merchants
within the authorization response message
• Uniquely scores transactions using a targeted fraud model that evaluates
the current transaction against a comprehensive view of the cardholder’s
transaction history
• Enables merchants to use the fraud score as a highly predictive data point
in their current fraud detection solution to increase fraud detection while
reducing chargebacks, fraud losses, and manual review costs

How It Works

Using state-of-the-art predictive modeling technology, EMS provides merchants

with a fraud risk score on CNP transactions at the time of transaction
authorization. The EMS score indicates the likelihood that the transaction on
the associated card account is fraudulent.

MasterCard scores CNP transactions for merchants by using a regionally specific

CNP fraud detection model and evaluating the current CNP transaction against a
comprehensive view of the cardholder’s transaction behavior history.

The fraud score, which is prompted for in the authorization request message
and provided within the authorization response message, is a three-digit
number ranging from 001 to 998. The higher the score, the more likely it is that
the transaction is fraudulent.

The EMS fraud score can be used as a highly predictive data point and integrated
into a merchant’s fraud screening process. EMS fraud scores will be available
for all CNP transactions originating from accounts issued in the U.S. region.

Authorization Processing

The following stages describe the merchant fraud scoring process:

1. At the time of the transaction request, the merchant prompts the acquirer to
request the EMS fraud score.
2. The acquirer requests the fraud score in the Authorization Request/0100
message and sends it to the Authorization Platform.
3. The Authorization Platform forwards the Authorization Request/0100
message to the MasterCard Expert Monitoring System.
4. The Expert Monitoring System scores the transaction, using a regionally
specific CNP fraud detection model, generates the scores, and then provides
the score to the Authorization Platform.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-65
Authorization Services Details
Expired Card Override

5. The Authorization Platform forwards the EMS fraud score results to the
acquirer in the Authorization Request Response/0110 message, along with
the issuer’s approval/decline.
6. The acquirer sends a response containing the EMS fraud score results to
the merchant.

To Participate

Acquirers that want to participate in the Expert Monitoring Real-time

Fraud Scoring for Merchants must complete a contract and registration
form. For information about this service, acquirers should contact their
MasterCard representative or the MasterCard Risk Solutions Team at
[email protected].

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Expired Card Override

Overriding expired card tests allows issuers to override possible expiration
date keying errors, to support reissued cards, and to identify transactions they
may otherwise approve.

Issuers will receive all Authorization Request/0100 and Reversal Request/0400

messages containing expired expiration dates. Issuers will have the opportunity
to review each transaction, and subsequently approve or decline each
transaction.
NOTE
MasterCard automatically enables issuers for Expired Card Override. Issuers that
want MasterCard to reject MasterCard Authorization Request/0100 and Reversal
Request/0400 messages containing expired expiration dates must complete the
Expiration Date Test Form (Form 379).

System Definition of an Expired Card

The Authorization Platform defines an expired card as a card with an expiration
date of one of the following criteria.

• Earlier than the current processing year and month

• 20 years later than the current processing year

Customers can locate the expiration date in DE 14 (Date, Expiration), and from
the magnetic stripe track, in DE 45 (Track 1 Data), or DE 35 (Track 2 Data).

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-66 27 November 2013 • Authorization Manual
 Authorization Services Details
Expired Card Override

Expired Card Tests

The expired card tests occur at the acquirer MIP.

The following table provides examples of MasterCard expired card test logic.

Authorization
Card Request Authorization
Transaction Expiration Expiration Date Platform
Date Date (MM/YY) (YY/MM) Response Explanation of Logic
0910 1010 (October 1010 (October Accept October 2010 is later than the
(September 2010) 2010) current processing year and
2010) month. The system accepts the
date as valid.
0910 0209 (February 0902 (February Decline February 2009 is earlier than
(September 2009) 2009) the current processing year and
2010) month. The system declines the
date as expired.
0910 0830 (August 3008 (August 2030) Accept August 2030 is less than 20
(September 2030) years from September 2010. The
2010) system accepts the date as valid,
because 2030 is still within 20
years from 2010.
0910 0131 (January 3001 (January 2031) Decline January 2031 is 20 years and
(September 2031) four months from September
2010) 2010. The system declines the
dates as expired, because 2031
is more than 20 years from 2010.

NOTE
The Authorization Platform uses DE 14 (Date, Expiration), if present, for the
expired card test; otherwise, DE 35 (Track 2 Data), if available; otherwise, DE
45 (Track 1 Data), if available. If both DE 14 and track data are present, the
Authorization Platform uses DE 14 only.

Issuer is Enabled for Expired Card Override

When a transaction fails the expired card tests and the issuer is enabled for
Expired Card Override, the Authorization Platform forwards the Authorization
Request/0100 or Reversal Request/0400 message to the issuer for processing.

Issuer is Not Enabled for Expired Card Override

If the issuer is not enabled for Expired Card Override and the transaction fails
the expired card test, the Authorization Platform generates an “expired card”
authorization response 54 (Expired Card) in DE 39 (Response Code) of the
Authorization Request Response/0110 or Reversal Request Response/0410
message sent to the acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-67
Authorization Services Details
Expired Card Override

Potential Inappropriate Declines

If the issuer is not enabled for Expired Card Override, the Authorization
Platform may decline cardholder transactions that the issuer would have
approved if the Authorization Request/0100 and Reversal Request/0400
messages were sent to the issuer.

Expired Data Errors

Expired card tests at the acquirer MIP assume that the expiration date in the
authorization message is correct. However, improper keying, misunderstanding
of the date, or other human error can cause the expiration date listed in the
authorization message to be incorrect.

The following table provides an example of a reason a merchant might receive

an incorrect expired card authorization response.

Authorization
Card Request Authorization
Transaction Expiration Expiration Date Platform
Date Date (MM/YY) (YY/MM) Response Explanation of Error
0910 05/31/11 3105 (merchant Decline May 2011 is eight months from
(September entered 0531 September 2010. However,
2010) instead of 0511) the merchant entered the
month (05) and the day (31),
but not the year (11). The
Authorization Platform reads
the expiration date as May
2031.

The system declines the date as expired, because 2031 is more than 20 years
from 2010. However, the expiration date is valid, and perhaps the issuer would
have accepted the transaction.

Alternate Processing
If the issuer is enabled for Expired Card Override and is unavailable, the
Authorization Platform performs the expired card tests, either in Stand-In
processing or during X-Code processing.

Stand-In Processing

Stand-In performs an expired card test. For transactions that fail the expired
card test, Stand-In processing:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-68 27 November 2013 • Authorization Manual
 Authorization Services Details
Expired Card Override

• Returns to the acquirer code 54 (Expired card) in DE 39 (Response Code) of

the Authorization Request Response/0110 message.
• Stores the transaction in the Store-and-Forward queue with value code 0029
in DE 60, subfield 2 of the Authorization Advice/0120 message, available
for issuer retrieval. (Code 0029 indicates that Stand-In processing returned
code 54 in the Authorization Request Response/0110 message.)
• Identifies transactions with code 54 in the RESPONSE column or code 0029
in the FAIL RSN column on the following reports:

– AB201010-AA (Authorization Detail)

– AB111010-AA (Stand-In Detail Authorization)
– AB517010-AA (Issuer Call Referral Tiered Detail)

See the MasterCard Consolidated Billing System manual for samples of these
reports.

Expired Card Override—Stand-In Processing Flow

X-Code Processing

X-Code processing performs an expired card test. For transactions that fail
the expired card test, X-Code processing returns to the acquirer code 54 in
DE 39 of the Authorization Request Response/0110, and sends an Authorization
Advice/0120 to the issuer.

Expired Card Override—X-Code Processing Flow

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-69
Authorization Services Details
Fleet Card Transactions

Fleet Card Transactions

The MasterCard Corporate Fleet Card® is designed to monitor and control fuel
and maintenance expenses. A MasterCard Corporate Fleet Card program can be
assigned to an individual employee or to a vehicle.

MasterCard Corporate Fleet Card transactions are identified with the following
card acceptor business codes (MCCs): MCC 4468, 5499, 5541, 5542, 5983, or
7511. For more information about MCCs, see the Quick Reference Booklet.
NOTE
MCC 7511 is being life cycled and replaced with MCC 5541 (Service Stations
[with or without Ancillary Services]).

Incentive Interchange Rates

Acquirers receive incentive interchange rates for transactions that support the
data collection requirements of MasterCard Corporate Fleet Card® transactions.

To receive the incentive interchange rates for Fleet Card transactions, acquirers
must capture specific data to support submission requirements for clearing
records.

For clearing record requirements, see the GCMS Reference Manual.

Transmitting Fleet Card Data in Authorization Request/0100 Messages

To support Fleet Card transactions, acquirers must include specific data in

Authorization Request/0100 messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-70 27 November 2013 • Authorization Manual
 Authorization Services Details
Fleet Card Transactions

To determine which data to include, the merchant terminal must recognize the
Product Type Code on the magnetic stripe. The Product Type Code determines
the:

• Terminal prompt at the POI location

• Data that the acquirer must include in the DE 48 (Additional Data—Private
Use) field of the Authorization Request/0100 message

Terminal Prompt at the POI Location

When the merchant terminal reads the Product Type Code, the terminal
responds by prompting for certain information.

Product Type
Code Value Terminal Prompt—Acquirer May Receive from Merchant
1 ID Number and Odometer
2 Vehicle Number and Odometer
3 Driver Number and Odometer

4 Odometer Only
5 No Prompt

Data in the Authorization Request/0100 Message

When the acquirer receives the Fleet Card data from the merchant, the acquirer
must include some of the data in the DE 48 (Additional Data—Private Use) field
of the Authorization Request/0100 message.

Product Type Acquirer Must Include in the Position in the Authorization

Code Value 0100 Message Request/0100 Message

1 ID Number DE 48, subelement 98

2 Vehicle Number DE 48, subelement 99

3 Driver Number DE 48, subelement 98

4 None None
5 None None

Fleet Card Authorization Response

Acquirers that support the Fleet Card program must also be able to interpret the
additional data provided by the issuer in DE 44 of the Authorization Request
Response/0110 message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-71
Authorization Services Details
Gambling Transaction Processing

If the issuer declines a transaction because of an invalid driver, ID, or vehicle

number, the issuer returns an Authorization Request Response/0110 message
with value 12 in DE 39. The issuer will return additional data in DE 44 that
explains the reason for the decline. The terminal at the point of interaction
must display this additional data.

Initiating Fleet Card Support

To learn more about supporting the Fleet Card program, contact the Customer
Operations Services team.

Gambling Transaction Processing

U.S. region MasterCard and Maestro issuers must block online gambling
transactions in accordance with the Standards and applicable U.S. law. Such
potentially illegal online gambling transactions are declined during Stand-In
System processing.

The Authorization Platform supports Gaming Payment Transaction processing

for the MasterCard and Maestro card brands in Europe region countries where
the crediting of gambling winnings is permitted by law.

Internet Gambling Transactions in the U.S. Region

Internet gambling transactions are identified in Authorization Request/0100
messages by these values.

• DE 18 (Merchant Type), MCC 7995 (Gambling Transactions)

• DE 61 (Point of Service [POS] Data), subfield 10 (Cardholder-Activated
Terminal Level Indicator), value 6 (Authorized Level 6 CAT: Electronic
commerce)

The presence of both these values in an Authorization Request/0100 message

indicates that the acquirer has coded the transaction as an Internet gambling
transaction, and possibly a restricted transaction (that is, a payment in
connection with a gambling transaction that is illegal in the U.S region).

U.S. region MasterCard and Maestro issuers must use a method of transaction
blocking or decline all such transactions on an individual basis.

Issuers may approve, on an individual basis, any Internet gambling transaction

authorization requests identified with MCC 9754 (Gambling—Horse Racing,
Dog Racing, Non-Sports Intrastate Internet Gambling) that involve a U.S. region
cardholder. In using MCC 9754, the acquirer asserts that the transaction involves
gambling activity deemed by the acquirer to be legal in the U.S. region.

Issuers are not required to validate the transaction category code (TCC) value
for this purpose.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-72 27 November 2013 • Authorization Manual
 Authorization Services Details
Gambling Transaction Processing

Specific processing rules and Standards for Internet gambling transactions

have been defined in MasterCard Rules and Maestro Global Rules. For more
information, see Rule 3.10, “Integrity of Brand and Network” of the MasterCard
Rules and Rule 3.11, “Integrity of Brand and Network” of the Maestro Global
Rules.

Stand-In System Processing

The Stand-In System limits of zero will apply for the following parameter
combinations:

• MCC 7995 (Gambling Transactions)

• Cardholder-activated terminal (CAT) level 6 (Electronic Commerce
Transaction)

If this parameter combination is sent to the Stand-In System for processing,

the Stand-In System will reject the Authorization Request/0100 message by
returning DE 39 (Response Code), value 57 (Transaction not permitted to
issuer/cardholder).

These blocking parameters are also established for account range setup.

Gaming Payment Transaction Processing in the Europe Region

The Authorization Platform supports Gaming Payment Transactions in
Authorization Request/0100 and Reversal Request/0400 messages for the
MasterCard® and Maestro® card brands in the Europe region, where online
gaming and the crediting of gaming winnings on cards is permitted by law.

Acquirers submit their online Gaming Payment Transaction Authorization

Request/0100 and Reversal Request/0400 messages with the following values:

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type), value 28

(Payment Transaction)
• DE 4 (Amount, Transaction), maximum EUR 50,000 if an acquirer provides
a transaction amount exceeding EUR 50,000 or its currency equivalent,
the Authorization Platform will decline the request with DE 39 (Response
Code), value 13 (Invalid amount).
• DE 18 (Merchant Type), MCC 7995 (Gambling Transactions)
• DE 22 (Point-of-Service [POS] Entry Mode), subfield 1, value 81 (PAN entry
via electronic commerce)
• DE 48 (Additional Data—Private Use), TCC value P (Payment Transaction)
• DE 48, subelement 77, value C04 (Gaming Re-pay)

If an acquirer has not completed an implementation project to submit Gaming

Payment Transactions and sends a Gaming Payment Transaction authorization
request, the Authorization Platform declines the request with DE 39 (Response
Code), value 58 (Transaction not permitted to acquirer or terminal).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-73
Authorization Services Details
Global Automated Referral Service

Issuers may receive Gaming Payment Transactions if they are located in Europe
region countries where online gaming and crediting of gaming winnings
on cards is permitted by law. For a list of these Europe region countries,
see Rule 8.12.1 in Chapter 12, “Europe Region Rules,” of the MasterCard
Rules. If an issuer’s country is not one of the listed countries that allows
gaming, the Authorization Platform declines the Gaming Payment Transaction
request with DE 39 (Response Code), value 57 (Transaction not permitted
to issuer/cardholder).

Alternate Processing

Gaming Payment Transactions are routed to an alternate issuer host. Gaming

Payment Transactions are not routed to the Stand-In System or X-Code System.

When there is either no alternate issuer host or no response from an alternate

issuer host, the Authorization Platform will decline the transaction with DE 39
(Response Code), value 91 (Authorization System or issuer system inoperative).

Acquirer Implementation

Acquirers must complete an implementation project to submit Payment

Transactions for gaming winnings. For more information about registering
for this service, contact your MasterCard regional representative or your CIS
Implementation Project Manager.

For More Information

For details about data requirements, see the Customer Interface Specification
manual and MasterCard Rules.

Global Automated Referral Service

The Global Automated Referral Service (GARS) is a service that streamlines the
process of responding to call referrals for both acquirers and issuers.

GARS is mandatory in the U.S. region and optional for customers outside the
U.S. region.

Benefits
GARS reduces the processing time for call referrals from an average of 20
minutes to an average of five minutes or less.

It includes the following features:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-74 27 November 2013 • Authorization Manual
 Authorization Services Details
Global Automated Referral Service

• A toll-free phone number connecting acquirers to issuers worldwide.

Routing is based on the card account number entered by the acquirer. (For
the toll-free phone number that applies to your area, contact the Customer
Operations Services team.)
• Issuer response time parameters to support the timely provision of
authorization responses
• Stand-In processing for calls not answered within the required time frame
or for issuers not registered for GARS, to guarantee a timely response to
the acquirer
• Tracking and reporting of issuer and acquirer performance
• Performance monitoring and pricing that motivate call referral completion
and eliminate unnecessary issuance of call referrals

GARS Process
When the merchant receives a “refer to card issuer” authorization response, the
merchant calls the acquirer.

The acquirer calls GARS, which uses one of the following paths to obtain an
authorization response:

• GARS connects the acquirer to the issuer

• GARS connects the acquirer to Stand-In processing

GARS Connects Acquirer to Issuer Flow

GARS connects the acquirer to the issuer. The acquirer receives the
authorization response from the issuer and relays the response to the merchant.

GARS Connects Acquirer to Stand-In Processing Flow

If the issuer does not respond to the phone call within 30 seconds or for issuers
not registered for GARS, GARS connects the acquirer to MasterCard Stand-In
processing. The acquirer receives the authorization response from MasterCard
Stand-In processing. The acquirer relays the response to the merchant.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-75
Authorization Services Details
Global Automated Referral Service

GARS Process Flow

The following diagram illustrates the entire GARS process.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-76 27 November 2013 • Authorization Manual
 Authorization Services Details
Global Automated Referral Service

Acquirer Use of GARS

GARS helps acquirers to more quickly receive a response to a call referral
from issuers.

Acquirer Procedures

Acquirers receiving a “refer to card issuer” authorization response should use

the following procedure to receive an authorization decision from the issuer.

IF… THEN…

You receive an authorization response of Dial the GARS phone number for your
“refer to card issuer.” country (provided when you sign up for
GARS) after issuance of the “refer to card
issuer” message.

GARS says, “Welcome to the MasterCard Enter your six-digit billing ICA number,
Global Automated Referral Service. If you followed by the pound/hash sign (#).
make an error entry at any time, press the
star key. Please enter the Acquiring ICA
number followed by the pound sign.”

GARS says, “The ICA number entered is Press either the one (1) or two (2) key.
XXXXXX. If correct, press one. If not
correct, press two.”

GARS says, “Please enter the MasterCard Enter the 16-digit MasterCard cardholder
account number followed by the pound account number followed by the
sign.” pound/hash sign (#).

GARS validates the MasterCard account Discuss the authorization transaction.

number, dials the issuer, and the issuer
comes on the line.

The issuer provides you with an Provide the merchant with the issuer’s
authorization response. authorization response.

Stand-In Processing Procedures

If the issuer does not connect with the call within 30 seconds, GARS connects
you to Stand-In processing. Use the following procedure to receive an
authorization decision from Stand-In processing.

IF… THEN you should…

GARS says, “We appreciate your Follow the instructions given by GARS.
patience. The issuer is not available at
this time. Your call will now be serviced
by MasterCard Stand-In processing.”

GARS says “Please enter the MCC Enter the MCC number and the
number, followed by the pound sign.” pound/hash sign (#).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-77
Authorization Services Details
Global Automated Referral Service

IF… THEN you should…

GARS says “Please enter the merchant Enter the merchant number and the
number, followed by the pound sign.” pound/hash sign.

GARS says “Please enter the four digit
expiration date in MM/YY format,
followed by the pound sign.”
GARS says “Please enter the transaction
amount in U.S. dollars and cents,
followed by the pound sign.”
Enter the four-digit expiration date in
MM/YY format and the pound/hash sign.
Enter the transaction amount in U.S.
dollars and cents and the pound/hash
sign.

GARS says, “You entered X dollars and X Press 2 to repeat this step.
cents. If correct, press 1. If not correct,
press 2.”

GARS says “Please choose one of the Enter the number for the transaction type
following transaction types: of this transaction.
• For retail, press 1.
• For phone, mail order, or electronic
commerce, press 2.
• For cash advance, press 3.
• For travel, press 4.
• For all other transaction types, press
5.”

If 5 is entered in the previous step, Enter the number for the transaction type
GARS will offer additional options: of this transaction.
• “For automobiles, press 1.
• For food, press 2.
• For hotel, press 3.
• For tuition or hospital, press 4.
• For unique, press 5.
• For payment, press 6.”

GARS provides one of the following Provide the merchant with Stand-In
authorization responses: processing’s authorization response.
• “The approval code is XXXXXX. To
repeat the approval code, press 1.
To end this call, press 2.”
• “This transaction has been declined.
Thank you for calling MasterCard
International. Goodbye.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-78 27 November 2013 • Authorization Manual
 Authorization Services Details
Global Automated Referral Service

Acquirer Best Practices

MasterCard recommends that acquirers promote efficient and accurate

processing of call referrals by using the following practices when talking to
issuers’ agents:

• Be prepared to provide the following authorization request information

to the issuer’s agent:

– Card account number

– Expiration date
– Card acceptor business code (MCC)
– Transaction amount in U.S. dollars
If the acquirer chooses to receive DE 5 (Amount, Settlement) in the
Authorization Request Response/0110 message, the acquirer may
use that amount, which is stated in U.S. dollars; or the acquirer may
determine the USD amount in DE 4 (Amount, Transaction) or DE 6
(Amount, Cardholder Billing). If the USD amount is not provided, the
acquirer must perform currency conversion to U.S. dollars.
– Acquirer ICA number
• Initiate the conversation with slow, distinct pronunciation. Be aware that
the issuer’s agent might not be comfortable with the acquirer’s primary
language.
• Request clarification when uncertain of the communication.

If the issuer or its agent cannot respond to the call referral in a timely manner,
GARS routes the call referral to the MasterCard Stand-In processing. Acquirers
should allow additional time to complete the call and be prepared to provide
additional authorization information, as required by Stand-In processing.

Acquirers should monitor call referral response rates to identify merchants that
do not comply with the call referral process.

Acquirers receive reimbursement automatically when they use GARS in

response to a “refer to card issuer” authorization response.
NOTE
Reimbursement to acquirers using GARS is automatic. If acquirers use non-GARS
methods of communication, they must request reimbursement through the
667 record (usage code 100).

Methods Acquirers Can Use to Improve GARS Performance

The acquirer can improve GARS performance and ensure that it qualifies for
reimbursement by doing the following:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-79
Authorization Services Details
Global Automated Referral Service

• Test your phone system to ensure that it generates true touch-tones on

outbound calls. The GARS connection to the issuer is dependent on
touch-tones.
• Communicate the GARS procedures to your agents. MasterCard is available
to assist you in your training efforts.
• Consider adding a conference call feature to your phone system so that you,
your merchant, the cardholder, and the issuer can interact directly.
• Consider adding speed dialing to your phone system to save time when
calling GARS.
• Communicate the GARS procedures and the importance of GARS to your
merchants. Encourage them to call you (rather than request another form of
payment) when a call referral message appears on their POI devices.

Issuer Use of GARS

GARS helps issuers because it provides them with a method to more quickly
respond to acquirers requesting authorizations for call referral responses.

Issuer Procedures

When you issue a response of “refer to card issuer” and the acquirer contacts
you via GARS, use the following procedure.

IF… THEN you should…

GARS says, “Incoming MasterCard referral
call. Press the zero key and the pound key
now.”
Press the required zero (0) and pound
(#) keys within 30 seconds.
If you do not enter “0#” within
30 seconds, GARS connects the
acquirer to Stand-In processing for
the authorization response.

GARS connects you with the acquirer to Obtain the necessary authorization
discuss the transaction. information from the acquirer and
communicate your authorization
response to the acquirer.

Issuer Best Practices

MasterCard recommends that issuers promote efficient and accurate processing

of call referrals by using the following practices when talking to acquirers’
agents:

• Initiate the conversation with slow, distinct pronunciation. Be aware that

the acquirer’s agent might not be comfortable with the issuer’s primary
language.
• Request clarification when uncertain of the communication.

To improve their call referral processes, issuers should monitor:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-80 27 November 2013 • Authorization Manual
 Authorization Services Details
Global Automated Referral Service

• The number of call referrals they generate in response to Authorization

Request/0100 messages. Issuers should use call referrals only for high-risk
situations because call referrals result in an expensive and time-consuming
process, which can be detrimental to cardholder relationships.
• The rate of call referrals going to Stand-In processing. Issuers should ensure
that they have sufficient call center staff and a stable telecommunications
infrastructure to be able to support the number of call referrals they
generate. MasterCard strongly urges issuers to register for GARS. Acquirer
GARS calls will be routed to the Stand-In System for issuers not registered.
• The average duration of call referrals. Issuers should try to meet the goal of
keeping call referrals to five minutes or less. Short call durations result in
reduced transaction times, improve the call referral process for merchants
and cardholders, and provide the best use of resources.

Issuers should establish Stand-In processing transaction limits that are specific
to transactions approved through GARS call referrals. The MasterCard Stand-In
processing facility ensures a timely authorization decision when the issuer
is not available.

MasterCard suggests that GARS issuers establish two phone numbers for GARS
call referral processing. Issuers can have all intracountry call referrals routed to
one phone number and all intercountry call referrals routed to another phone
number. Issuers can better anticipate potential language differences and offer
enhanced services to cardholders traveling outside of their countries.

Charges to the issuer apply for issuing each call referral and for completed GARS
calls initiated by the acquirer. Issuers also pay a noncompliance assessment for
Stand-In processing if they fail to answer a GARS call within 30 seconds.

Methods Issuers Can Use to Improve GARS Performance

Issuers can use the following methods to improve GARS performance:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-81
Authorization Services Details
Global Automated Referral Service

• Ensure that your phone system can generate true touch-tone signals. If
you use an automated system such as a Voice Response Unit to answer
incoming calls, be sure the system responds with a zero key followed by a
pound key (0, #). This allows the acquirer’s agent to hear the instruction of
your automated system to expedite your call referral response.
• Ensure that your system is prepared to answer phone calls within 30
seconds. Calls not answered within these time frames will be routed to
the Stand-In System.
• Determine whether to establish specific Stand-In transaction limits for GARS.
Complete the GARS Initiation and Change Form (Form 334) to establish
specific limits.
• Determine whether to establish one phone number for all incoming GARS
calls or two phone numbers: one for GARS requests from acquirers located
outside of the issuer country and one for domestic GARS requests. Indicate
the phone numbers on the GARS Initiation and Change Form (Form 334).
• Review the information you provided to Stand-In processing either online
or on the Stand-In Processing Worksheet. In particular, check the following:

– Referral phone number provided. GARS uses this number to route calls
to you.
– Stand-In processing parameters

Submit any changes to your customer representative at least 15 days before

using a new phone number or new parameters:

• Determine your ability to handle the volume of completed call referrals

using GARS. Because GARS call referrals are fast and easy, there may be an
increase in the ratio of calls completed to referrals issued. You may want to
consider adjusting staffing and equipment levels to ensure higher control
and risk reduction and avoid excessive Stand-In processing fees.
• Communicate to your employees the importance of answering GARS calls
quickly to avoid additional Stand-In processing fees. MasterCard is available
to assist you in your training efforts.

Monitoring Call Referral Activity

The minimum response and talk-time standards apply to all call
referrals—domestic and international—whether processed through GARS or
direct customer-to-customer communications.

Issuer and Acquirer Performance Reports

Issuers and acquirers can monitor call referrals completed through GARS using
the following reports:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-82 27 November 2013 • Authorization Manual
 Authorization Services Details
M/Chip Processing Services

• Issuer Authorization Detail Report and Issuer Call Referral Detail

Report—shows issuer charges for call referrals
• Acquirer Authorization Detail Report and Acquirer Call Referral Detail
Report—shows acquirer reimbursement for completed call referrals
• Call Referral Summary Report—shows tiered pricing for excessive issuer
call referral activity
• Guaranteed Issuer Availability Report

Samples of these reports showing charges or reimbursements associated with

GARS appear in the MasterCard Consolidated Billing System manual.

Store and Forward Messages

Issuers also can monitor call referrals completed through GARS via
store-and-forward (SAF) messages. MasterCard generates Authorization
Advice/0120 messages for GARS transactions that Stand-In processes.
MasterCard uses a promotion code of MCGARS to identify GARS Stand-In
activity.

Requesting GARS or Changing GARS Parameters

To begin to use GARS or to change GARS parameters, complete the GARS
Initiation and Change Form (Form 334).

M/Chip Processing Services

MasterCard provides M/Chip processing services to help issuers that want to
migrate to MasterCard M/Chip technology without having to make an initial
investment to completely upgrade their host systems for M/Chip processing.

The M/Chip processing services support issuers using M/Chip technology by

performing all or part of the M/Chip-related authorization processing on behalf
of the issuer for a designated account range.

The M/Chip processing services are available to all brands—MasterCard,

Maestro, Cirrus, Debit MasterCard, and MasterCard Electronic. There are three
M/Chip processing services:

• Chip to Magnetic Stripe Conversion

• M/Chip Cryptogram Pre-validation
• M/Chip Cryptogram Validation in Stand-In Processing

The Chip to Magnetic Stripe Conversion and the M/Chip Cryptogram

Pre-validation services are provided on a permanent basis. The M/Chip
Cryptogram Validation in Stand-In Processing service is provided on a dynamic
basis if an issuer is not able to respond to an authorization request.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-83
Authorization Services Details
M/Chip Processing Services

In addition to these three services, issuers can combine the M/Chip Cryptogram
Pre-validation Service and the Chip to Magnetic Stripe Conversion Service
(referred to as the Combined Service Option).

Issuers that participate in the M/Chip Cryptogram Pre-validation service, the

M/Chip Cryptogram Validation in Stand-In Processing service, or the Combined
Service Option may optionally support M/Chip Advance.

For more detailed information about these M/Chip processing services,

including information about the Chip Processing Services Member Requirements
and Parameters Form, see the M/Chip Processing Services—Service Description
guide. For supporting data requirements, see the Customer Interface
Specification manual.

Chip to Magnetic Stripe Conversion

MasterCard provides Chip to Magnetic Stripe Conversion to issuers by
performing all or part of the M/Chip-related authorization processing on behalf
of the issuer for a designated account range.

MasterCard removes designated M/Chip-related data elements and alters others

before forwarding the transaction to the issuer. MasterCard notifies the issuer
that the transaction was an M/Chip transaction and that MasterCard altered the
transaction information before sending it to the issuer.

When the Chip to Magnetic Stripe Conversion service processing is performed

on a transaction, the original method used to enter the primary account
number (PAN) in the Authorization Platform is indicated in DE 48 (Additional
Data—Private Use), subelement 71 (On-behalf [OB] Services), subfield 2
(On-behalf Result 1) before sending Authorization Request/0100, Authorization
Advice/0120, and Reversal Request/0400 messages to the issuer for processing.

The source of the track data provided is from Track 2 Equivalent Data (tag
57). Issuers should be aware that the CVC value contained therein is the Chip
CVC and not CVC 1; therefore, will impact any CVC validation that an issuer
performs.

Providing this information allows the issuer to make the authorization decision
based on information remaining in the authorization request, without having to
reject the transaction because it does not currently process M/Chip transactions.
For issuers that participate in the Chip to Magnetic Stripe Conversion service
and do not want to receive the service results, see “U.S. Chip-Enabled Travel
Card Program.”

The Chip to Magnetic Stripe Conversion service is optional.

NOTE
The Global Clearing Management System (GCMS) also offers the Chip to
Magnetic Stripe Conversion service. For information about this optional service,
issuers should reference the GCMS Reference Manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-84 27 November 2013 • Authorization Manual
 Authorization Services Details
M/Chip Processing Services

U.S. Chip-Enabled Travel Card Program

The U.S. Chip-Enabled Travel Card program leverages the functionality of the
Chip to Magnetic Stripe Conversion service, and allows issuers that participate
in the Chip to Magnetic Stripe Conversion service the option not to receive
notification that the conversion has taken place (service results) in authorization
and financial request messages.

Benefits

The U.S. Chip-Enabled Travel Card program benefits include the following:

• Creates new revenue streams and greater operational efficiency

• Provides the opportunity to capture more payments in new markets,
displacing many cash purchases made around the world
• Promotes the globalization of EMV chip technology

How It Works

Issuers have the option not to receive notification that the Chip to Magnetic
Stripe Conversion has taken place, removing the impact to their authorization
and clearing systems when implementing chip. Existing functionality of
the Chip to Magnetic Stripe Conversion service, as well as the Combined
Service Option (Chip to Magnetic Stripe Conversion and M/Chip Cryptogram
Pre-validation services) are not affected. Service results are retained by
MasterCard for billing and reporting purposes.

Transactions are tracked at the account range. The source of the track data
provided is from Track 2 Equivalent Data (tag 57). Issuers should be aware that
the CVC value contained therein is the Chip CVC and not CVC 1; therefore, will
impact any CVC validation that an issuer performs.

For a chip transaction received for an account within the account range, the
chip transaction is converted to the magnetic stripe equivalent. Although
participation is set at the account range, instead of at the specific account, other
accounts that the issuer does not want to participate will not be chip enabled.

Chip-enabled U.S. travel cards include a hybrid chip and magnetic stripe card
with signature, as the card verification method and online PIN capabilities.
Chip-enabled U.S. Travel cards allow chip acceptance and continue to function
similar to existing issuer magnetic stripe cards.

Authorization Processing

The following information describes the Authorization Platform of U.S.

chip-enabled travel cards transaction processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-85
Authorization Services Details
M/Chip Processing Services

WHEN... THEN the Authorization Platform...

The Chip to Magnetic Stripe Conversion
Service is requested for a transaction
Verifies whether the issuer wants
to receive Chip to Magnetic
Stripe Conversion Service results
in Authorization Request/0100,
Authorization Advice/0120, and Reversal
Request/0400 messages for an account
range that is eligible to participate in the
service.

The issuer for the account range does
not want to receive the Chip to Magnetic
Stripe Conversion Service results in the
Authorization Request/0100 message
Removes the Chip to Magnetic Stripe
Conversion Service results contained in
DE 48 (Additional Data—Private Use),
subelement 71 (On-behalf Services
[OBS]), subfield 1 (On-behalf [OB]
Service) and subfield 2 (On-behalf
Result 1) from the Authorization
Request/0100, Authorization Advice/0120,
or Reversal Request/0400 message. The
Chip to Magnetic Stripe Conversion
service removes chip-related data in
DE 55 (Integrated Circuit Card [ICC]
System-Related Data) and DE 23 (Card
Sequence Number) if present when DE
14 (Date Expiration) is greater than or
equal to the floor expiration date.

The issuer for the account range Follows business-as-usual processing

wants to receive the Chip to Magnetic
Stripe Conversion Service results in the
Authorization Request/0100 message
by providing the Chip to Magnetic
Stripe Conversion Service results
in the Authorization Request/0100,
Authorization Advice/0120, or Reversal
Request/0400 message.

To Participate

Issuers that want to participate in the U.S. chip-enabled travel card program
must register for the Chip to Magnetic Stripe Conversion Service. In addition,
issuers must contact their regional MasterCard representative to request this
service and identify the account range for which the Chip to Magnetic Stripe
Conversion service will support.

M/Chip Cryptogram Pre-validation Service

The M/Chip Cryptogram Pre-validation service is for issuers that use the M/Chip
Select 2.0, M/Chip Lite 2.1, M/Chip 4.0 (MasterCard, EMV CSK, and EMV2000
session key derivation methods), M/Chip™ Advance, and EMV CCD-compliant
chip cards.

This service:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-86 27 November 2013 • Authorization Manual
 Authorization Services Details
M/Chip Processing Services

• Validates the Authorization Request Cryptogram (ARQC) and Transaction

Certificate Cryptogram (TC), and generates the Authorization Response
Cryptogram (ARPC) on behalf of an issuer.
• Validates critical chip information included in the Card Verification Results
(CVR) and Terminal Verification Results (TVR).

After performing this service, MasterCard notifies issuers of the results of the
cryptogram validation. Issuers may use these results in the authorization
approval process.

For more information about using the M/Chip Cryptogram Pre-validation

service, see the Customer Interface Specification manual.

The M/Chip Cryptogram Pre-validation service is optional.

Combined Service Option

Issuers can choose an option that combines the Chip to Magnetic Stripe
Conversion and M/Chip Cryptogram Pre-validation services.

This option allows two M/Chip processing services to be performed on a single

transaction, providing issuers with a bridge to maximize the benefits of chip
card processing capabilities while minimizing impacts on their authorization
systems. These two services also are available individually.

The Combined Service Option is optional.

M/Chip Cryptogram Validation in Stand-In Processing

M/Chip Cryptogram Validation in Stand-In Processing is available for issuers
that use the M/Chip Select 2.0, M/Chip Lite 2.1, and M/Chip 4.0 (MasterCard,
EMV CSK, and EMV2000 session key derivation methods), M/Chip Advance,
and EMV CCD-compliant chip cards.

This service authorizes M/Chip transactions within Stand-In processing when

an issuer host is not available. When Stand-In processing authorizes M/Chip
transactions, MasterCard validates the ARQC, TC, and critical (CVR and TVR)
chip information, processes the authorization request based on the issuer’s
Stand-In parameters, and generates the ARPC.

Issuers should consider participating in PIN Validation services for successful

Stand-In processing of chip transactions with online PIN.

M/Chip Cryptogram Validation in Stand-In Processing is optional.

M/Chip Advance
MasterCard® M/Chip™ Advance is a dual interface chip card specification for
credit, debit, prepaid, and MasterCard® PayPass™ programs.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-87
Authorization Services Details
Maestro Preauthorized Transaction Processing

M/Chip Advance:

• Integrates PayPass—Fully integrates contact and contactless cards and

simplifies the adoption and implementation of PayPass.
• Provides enhanced on-card risk management—Increases the volume of
approved transactions with more informed card risk management decision
making.
• Supports new third-party transit, loyalty, voucher programs, and ticketing
(for example, music concerts, cinema, theatre, or sports events)—Provides
the functionality to extend card payment services into new markets.
• Provides enhanced payment features. M/Chip 2 and M/Chip 4 have a
single set of counters to manage the risk of all offline transactions. This
means that the risk management functionality of the application is not able
to differentiate between CVM and no-CVM transactions or Contact and
Contactless transactions.
• Provides backwards compatibility with existing M/Chip platforms—Facilitates
the migration from M/Chip 2 and M/Chip 4 to M/Chip Advance.

The M/Chip Advance card application specification is available to card

developers under a specific MasterCard development agreement.

With M/Chip Advance, DE 55 (Integrated Circuit Card [ICC] System-Related

Data), subelement 9F10 (Issuer Application Data [IAD]) contains expanded
counters. These expanded counters are used in the ARQC when the value
of the right-most bit of the CVN is 1. The IAD can be configured to include
accumulators, counters, or both, in plain text or encrypted. The value of an
accumulator or counter included in the IAD may be either its absolute value
(for example, Accumulator Amount or Counter Number) or the value of their
balance. If so, the IAD is extended with one or two, 8 byte fields.

M/Chip issuers may optionally choose to support M/Chip Advance but are not
required to migrate to M/Chip Advance specifications to continue using these
services.

Issuers that participate in the M/Chip Cryptogram Pre-validation service, the

M/Chip Cryptogram Validation in Stand-In Processing service, or the Combined
Service Option may optionally support M/Chip Advance.

Maestro Preauthorized Transaction Processing

The following information explains Maestro preauthorized transaction
processing.
NOTE
Applies only to the Europe region.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-88 27 November 2013 • Authorization Manual
 Authorization Services Details
Maestro Preauthorized Transaction Processing

The Authorization Platform allows Europe region acquirers to request

preauthorization on transactions for which the final transaction amount is not
yet determined. For automated fuel dispenser (AFD) transactions, once the
issuer approves the preauthorization request and after the transaction completes
at the point-of-interaction and the final amount is determined, the acquirer
sends an authorization advice message to the issuer. For card-not-present
(CNP) and post-authorized aggregated Maestro PayPass transit transactions if
the final amount is not equal to the preauthorized amount, a partial reversal
is required and clearing must be submitted for the new amount identified in
the partial reversal.

The Clearing message must contain the final amount, which is equal to the
amount contained the authorization advice message or in the new amount
of a partial reversal message.

Pre-authorization on Maestro transactions is permitted only at unattended

point-of-sale (POS) terminals at petrol stations (MCC 5542, Fuel Dispenser,
Automated). Effective 5 November 2013, preauthorization on Maestro
transactions are also permitted for CNP transactions and for post-authorized
aggregated Maestro transactions. Preauthorizations must not be used in any
other acceptance environment.

Acquirers must ensure that an authorization request for an amount greater

than zero is properly identified as a preauthorization when a CNP transaction
might not be completed for reasons other than technical failure or lack of full
issuer approval. For example, the transaction might not be completed when the
cardholder will be offered the choice at a later time to complete the transaction
with another payment means, or when the goods ordered by the cardholder
might be later found to be out of stock. The risk of technical failures such as
telecommunications failure or POI terminal failure should not be taken into
account to determine if an authorization must be coded as a preauthorization.

For a CNP transaction, the transaction amount must equal the preauthorized
amount. Pre-authorizations for an estimated amount are only permitted for
unattended petrol terminal (MCC 5524) Transactions.

How It Works

Maestro preauthorized transaction processing for works as follows:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-89
Authorization Services Details
MasterCard ATM Network

• The acquirer submits an Authorization Request/0100 (preauthorization

format) message containing the maximum amount determined by the
acquirer or the merchant where DE 61 (Point-of-Service [POS] Data),
subfield 7 (POS Transaction Status) contains value 4 (Pre-authorized
request). Each approved preauthorization has a payment guarantee period
of seven calendar days from the authorization approval date.
• The issuer generates an Authorization Request Response/0110 message for
the full amount of the preauthorization or for a lesser amount, as determined
by the issuer, if the merchant's terminal supports partial approval. The
transaction is guaranteed up to the amount authorized by the issuer.
• The acquirer must send Authorization Advice/0120—Acquirer-generated
messages containing DE 60 (Advice Reason Code), subfield 1 (Advice
Reason Code), value 191 (Acquirer Processing System [APS] Completed
Authorization Transaction) at the completion of Maestro CAT Level 1 petrol
transactions.
• The issuer acknowledges the transaction using an Authorization Advice
Response/0130 message.
• The acquirer must send Reversal Request/0400 messages containing DE 4
(Amount, Transaction) from the Authorization Request/0100 message or
DE 4 from the Authorization Request Response/0110 message if a partial
approval response and DE 95 (Replacement Amounts) that contains the
“actual amount” subfield necessary to perform a partial reversal if the final
amount is less than the preauthorized amount for card-not-present (CNP)
and post-authorized aggregated Maestro PayPass transit transactions.
• If any transaction is terminated after the preauthorization, the acquirer must
send the issuer a Reversal Request/0400 message containing DE 4 (Amount,
Transaction) from the Authorization Request/0100 message or DE 4 from
the Authorization Request Response/0110 message if a partial approval
response.
• The issuer acknowledges full and partial reversal requests using a Reversal
Request Response/0410 message.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

MasterCard ATM Network

The MasterCard® ATM Network provides cash access around the world to
credit and ATM debit cardholders by accepting cards bearing the MasterCard,
Maestro, and Cirrus logos.

All MasterCard issuers must participate in the MasterCard ATM Network to

provide cash access to their cardholders. For more information about ATM
participation, see the Security Rules and Procedures.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-90 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard ATM Network

Where permitted, issuers may provide to their cardholders the option of

conducting various transactions, such as balance inquiries and merchandise
purchases, using the MasterCard ATM Network.

The MasterCard ATM Network is the world’s largest global ATM network. It has
more ATMs, in more countries, accessed by more cardholders, conducting the
most transactions than any other ATM network. The MasterCard ATM Network
and processors continue to provide a superior percentage of completed
transactions. Cardholders using MasterCard®, Maestro®, and Cirrus® cards
know that they can expect to receive the cash they requested.

For information about ATM transaction processing capabilities for Europe region
acquirers that process through the MasterCard Network, see “ATM Processing
for Europe Region Acquirers.”

Data Security
The MasterCard ATM Network rules require that all ATMs migrate to Triple Data
Encryption Standard (Triple DES) for encryption of cardholder-entered personal
identification number (PIN). The Triple DES encryption technology reduces the
likelihood of fraud losses by making it more difficult for criminals to discover
sensitive account information.

Global ATM Locator

The MasterCard Global ATM Locator is a set of websites and toll-free automated
voice recognition systems that cardholders use to search for ATMs.

Cardholders access the MasterCard Global ATM Locator using:

• The Internet
• Mobile phones
• Personal digital assistants
• Voice response telephone numbers
• Onboard vehicle navigation systems
• Bank websites

Maps and directions to ATMs are available in many countries.

Location Administration Tool

The Location Administration Tool enables customers and processors
to efficiently manage and market their ATM location information and
service-related terminal attributes to help drive transaction volume and increase
revenue at the point of interaction. Services include ATMs, MasterCard®
PayPass™ terminals, Pre-Paid Travel, and MasterCard® rePower™.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-91
Authorization Services Details
MasterCard ATM Network

Benefits
The MasterCard ATM Network provides numerous benefits to cardholders,
acquirers, and issuers.

• Cardholders benefit from the MasterCard ATM Network because the

network provides:

– Worldwide access to cash 24 hours a day, seven days a week

– No need to carry large sums of cash
– Favorable currency conversion exchange rate
• Acquirers benefit from the MasterCard ATM Network because the network
provides:

– Interchange income each time a MasterCard or Cirrus cardholder uses

an ATM owned by that acquirer that displays the MasterCard and Cirrus
logos
– Competitive advantage by accepting MasterCard, Maestro, and Cirrus
cards having worldwide recognition and acceptance
– More transactions from more cardholders, lowering the cost per
transaction
• Issuers benefit from the MasterCard ATM Network because the network
provides:

– Competitive advantage by offering MasterCard®, Maestro®, and

Cirrus® cards having worldwide recognition and acceptance
– Fee revenue opportunities

Supported Transactions
The MasterCard ATM Network supports a variety of transactions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-92 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard ATM Network

• Cash withdrawal from debit accounts

• Cash disbursement from credit accounts
• Account balance inquiry from debit accounts
• Available balance inquiry from credit accounts
• Chip PIN management transactions (PIN Change and PIN Unblock for
Chip cards)
• Magnetic Stripe PIN management (PIN Change only) transactions
• Merchandise purchase from debit accounts for items, such as postage
stamps and other items approved by MasterCard.
Acquirers must successfully complete testing for ATM merchandise
transaction before submitting merchandise purchase transactions to
MasterCard.
• MasterCard® MoneySend™ transactions.
• Mobile Phone Top-up available for Europe region acquirers and issuers.
• ATM Bill Payment is allowed for domestic transactions only when the service
is offered domestically. When ATM Bill Payment is not allowed, acquirers
will receive a response of Transaction not permitted to acquirer/terminal.
• Credit Card Cash Advance in Installments transactions at the ATM are
allowed when the service is offered domestically.

Restrict Cash Access and ATM Balance Inquiry Transactions

Issuers can restrict cash access at the ATM to align the processing systems
with MasterCard product rules. When the issuer has restricted cash access,
acquirers receive DE 39 (Response Code), value 57 (Transaction not permitted
to issuer/cardholder) in the Authorization Request Response/0110 message.

In addition to cash access restrictions, MasterCard allows issuers to restrict

ATM balance inquiry transactions. When the issuer has restricted ATM balance
inquiries, acquirers receive DE 39, value 57 in the Authorization Request
Response/0110 message.

Interfaces to the MasterCard ATM Network

MasterCard issuers can choose either of the following options to receive
authorization requests for ATM transactions.

• A direct interface to the MasterCard ATM Network

• An interface via the MasterCard Network to the MasterCard ATM Network

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-93
Authorization Services Details
MasterCard ATM Network

Direct Interface
Issuers that choose to interface directly with the MasterCard ATM Network
receive ATM transactions via a Financial Transaction Request/0200 message.

For a description of the 0200 messages, see the Single Message System
Specifications manual and the Cirrus Worldwide Operating Rules.

Interface via the MasterCard Network

If the issuer chooses to receive ATM transactions via the MasterCard Network,
the issuer receives ATM transactions in an Authorization Request/0100 message.

Choosing to receive ATM transactions via the MasterCard Network in

Authorization Request/0100 messages gives issuers the following additional
options:

• MasterCard validation of the PIN

• Application of MasterCard Stand-In processing when the issuer is
unavailable (only if MasterCard also validates the PIN)

PIN Validation

Issuers can choose to have MasterCard validate the PINs or to validate the
PINs themselves.

WHEN… THEN…

MasterCard validates the PIN MasterCard performs this service before forwarding
the Authorization Request/0100 message to the
issuer.

The issuer validates the PIN MasterCard forwards the PIN to the issuer with the
Authorization Request/0100 message.

Issuers that validate their own PINs must send to MasterCard the encryption key
to translate encrypted PINs in the online request message.

Issuers that choose to have MasterCard validate PINs for ATM transactions
must complete the PIN Processing Profile (Form 269) and must provide PIN
verification keys by completing the Hard Copy Key Exchange (Form 723).

Stand-In Processing

Issuers can choose whether to have Stand-In processing process online request
ATM transactions when they are not available. Issuers may choose whether to
allow transactions with unverified PINs to be processed in the Stand-In System
or to have MasterCard validate a PIN if a PIN is present in an online request
message when the issuer is unavailable.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-94 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard ATM Network

WHEN the issuer requests that… THEN MasterCard…

MasterCard allow transactions with an Processes the online request message.

unverified PIN in Stand-In processing

MasterCard perform Stand-In processing and Processes the online request message
PIN validation and validates the PIN.

MasterCard not allow transactions with Returns a response of “decline” when

unverified PINs and not perform PIN the issuer is unavailable.
validation during Stand-In processing

ATM Processing for Europe Region Acquirers

MasterCard provides ATM transaction processing capabilities for Europe region
acquirers that process through the MasterCard Network.
NOTE
Applies only to the Europe region.

Acquirers using the MasterCard Network submit transactions using Customer

Interface Specification (CIS), which is a dual message format. This processing
only allows Europe region acquirers to submit ATM transactions via their dual
message connection to the MasterCard Network.

ATM transactions are identified by:

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code)

containing one of the following values:

– 00 (Purchase)
– 01 (Withdrawal)
– 30 (Balance Inquiry)
– 91 (PIN Unblock)
– 92 (PIN Change)
• DE 48 (Additional Data—Private Use), position 1 (Transaction Category
Code [TCC]) containing value Z (ATM Cash Disbursement)

Only specified acquirers have this functionality. To ensure the transactions are
submitted by eligible acquirers, the Authorization Platform verifies the acquirer
parameter when an Authorization Request/0100 transaction is determined to
originate from an ATM. ATM transactions provided by eligible acquirers are
forwarded to the issuer. The Authorization Platform will respond to all other
requests with an Authorization Request Response/0110 message containing DE
39 (Response Code), value 58 (Transaction not permitted to acquirer/terminal).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-95
Authorization Services Details
MasterCard ATM Network

ATM Access Fee

Acquirers in approved Europe region countries may optionally apply an ATM

access fee to domestic cash withdrawal transactions. Acquirers may charge ATM
access fees on MasterCard, Maestro, or Cirrus cross-border transactions, as long
as the access fee charged on those transactions is not higher than the access fee
charged in connection with a transaction of any network accepted at that ATM.
If another network accepted at the ATM prohibits the acquirer from charging an
ATM access fee on cross-border ATM transactions, the acquirer must not charge
an ATM access fee on MasterCard, Maestro or Cirrus cross-border transactions
at the ATM. If all other networks accepted at the ATM permit the acquirer to
charge access fees on cross-border ATM transactions, the acquirer will be
permitted to charge an ATM access fee on cross-border MasterCard, Maestro,
and Cirrus ATM transactions.

Acquirers include the transaction amount and access fee in DE 4 (Amount,

Transaction) and the access fee amount (if applicable) in DE 28 (Amount,
Transaction Fee) of Authorization Request/0100 and Reversal Request/0400
messages.

MasterCard Hosted Mobile Phone Top-up ATM Transactions

The Authorization Platform hosts a Mobile Phone Top-up solution that supports
Maestro®, Debit MasterCard®, and MasterCard® card transactions performed
via ATMs. Mobile phone top-up functionality enables customers to top-up (that
is, add credit to) their prepaid mobile phone service.
NOTE
Applies only to the Europe region.

The MasterCard Mobile Phone Top-up hosted solution enables acquirers to

seamlessly provide cardholders the ability to “pay as you go” at the ATM for
additional mobile phone minutes.

Participation for acquirers that are connected to the MasterCard Network is

optional.

How It Works

1. A cardholder performs a mobile phone top-up request via an ATM that

supports mobile phone top-up transactions.
2. The acquirer sends the issuer an Authorization Request/0100 message
containing DE 48 (Additional Data—Private Use), subelement 13 (Mobile
Phone Top-up Request Data).
3. The issuer approves the request and sends the Authorization Platform
an Authorization Request Response/0110 message containing DE 48,
subelement 13 with the same value as in the original Authorization
Request/0100 message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-96 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Digital Enablement Service

4. The Authorization Platform processes the mobile phone top-up request and
forwards the confirmation to the acquirer. MasterCard notifies the provider
to top-up the mobile phone.
5. The acquirer forwards the response to the ATM, notifying the cardholder
that the request has been forwarded to his or her mobile phone service
provider and that the provider should top-up the phone within 15 minutes.

If the issuer declines the request, the Authorization Platform forwards the
Authorization Request Response/0110 message to the acquirer. The acquirer
forwards the response to the ATM, and then notifies the cardholder that his or
her request has been declined.

If the mobile phone top-up request cannot be completed, the Authorization

Platform generates a Reversal Advice/0420 message to the issuer and an
Authorization Request Response/0110 message to the acquirer containing DE 39
(Response Code), value 57 (Transaction not permitted to issuer/cardholder).
NOTE
Acquirers are not permitted to submit Authorization Advice/0120—Acquirer
Generated or Reversal Request/0400 messages for MasterCard hosted Mobile
Phone Top-up transactions.

Alternate Processing

Mobile phone top-up requests are not eligible for alternate (Stand-In or alternate
issuer host routing) or X-Code processing. If the primary issuer is not available
to respond to a top-up request, an Authorization Request Response/0110
message is returned to the acquirer with DE 39 (Response Code), value 91
(Authorization System or issuer system inoperative).

MasterCard Digital Enablement Service

MasterCard is leading the marketplace with a number of initiatives that
recognize that the consumer of tomorrow will live in a world beyond plastic.
The rapid growth of smart devices worldwide is providing a unique opportunity
for issuers to digitize cardholder accounts to increase customer satisfaction
and provide a secure, streamlined purchasing experience. In order for issuers
to digitize card accounts into smart devices, MasterCard is implementing the
MasterCard Digital Enablement Service. With this service, issuers will be able to
support proximity and remote payments from smart devices without having to
make extensive upgrades to their systems.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-97
Authorization Services Details
MasterCard Digital Enablement Service

How It Works
The MasterCard Digital Enablement Service generates account numbers for use
in smart devices. When the cardholder uses the device account number to
initiate a transaction, such as at a contactless terminal, MasterCard will validate
the accompanying chip or dynamic CVC 3 data and map the device account
number to the cardholder’s funding account number before forwarding the
request to the issuer.

Authorization Processing Flow

The following process explains an authorization request when a transaction is
generated from a mobile device using a device account number.

1. When a cardholder taps a mobile device with a device account number to

a contactless terminal, the device account number and associated chip or
dynamic CVC 3 data are transmitted to the terminal.
2. The acquirer initiates an authorization request containing the device account
number and sends it to the MasterCard Network. The acquirer provides
DE 22 (POS Entry Mode), subfield 1 (POS Terminal PAN Entry Mode),
value 07 (PAN auto-entry via contactless M/Chip) or 91 (PAN auto-entry via
contactless magnetic stripe—the full track data has been read from the data
on the card and transmitted within the authorization request in DE 35 [Track
2 Data] or DE 45 [Track 1 Data] without alteration or truncation).
3. The Authorization Platform performs either chip or dynamic CVC 3 data
pre-validation, and then maps the device account number to the funding
account number.
4. If the cryptography validation and PAN mapping are successful, the
Authorization Platform sends the issuer the authorization request containing:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-98 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Digital Enablement Service

• DE 2 (Primary Account Number [PAN]) with the cardholder’s funding

account number
• DE 14 (Date, Expiration) with the funding account number’s expiration
date
• DE 22, subfield 1, value 82 (PAN Auto Entry via Server [issuer, acquirer,
or third party vendor system]) (The Authorization Platform converts
value 07 or value 91 provided by the acquirer to value 82.)
• DE 48, subelement 33 containing:

– Subfield 1, value C (MasterCard Digital Enablement Service Device

Account Number)
– Subfield 2 containing the device account number
– Subfield 3 containing the device account number expiration date
• An occurrence of DE 48, subelement 71, subfield 1, value 50 (MasterCard
Digital Enablement Service PAN Mapping) and subfield 2, value C
(Conversion of Device Account Number to Funding Account Number
was completed.)
• An additional occurrence of DE 48, subelement 71 with either subfield
1, value 51 (MasterCard Digital Enablement Service Chip Pre-Validation)
and subfield 2, value V (Valid), or subfield 1, value 52 (MasterCard
Digital Enablement Service Dynamic CVC 3 Pre-Validation) and subfield
2, value V (Valid).
• The issuer will not receive DE 23 (Card Sequence Number), DE 35
(Track 2 Data), DE 45 (Track 1 Data), or DE 55 because MasterCard
has validated the chip or dynamic CVC 3 data on behalf of the issuer.
In addition, the issuer will not receive DE 48, subelement 72 (Issuer
Chip Authentication) or DE 48, subelement 79 (Chip CVR/TVR Bit
Error Results) when MasterCard has performed chip pre-validation as
part of the MasterCard Digital Enablement Service, nor will the issuer
receive DE 48, subelement 34 (Dynamic CVC 3 ATC Information) when
MasterCard has performed dynamic CVC 3 pre-validation as part of the
MasterCard Digital Enablement Service.
5. The issuer responds with an authorization response message, and the
Authorization Platform provides the response to the acquirer containing
the following:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-99
Authorization Services Details
MasterCard Digital Enablement Service

• DE 2 with the device account number

• DE 48, subelement 33, subfield 1, value M (Primary Account Number);
subfield 2 with the cardholder’s funding account number; subfield 3
with the funding account number expiration date.
• If MasterCard Digital Enablement Service chip pre-validation has
been performed, the Authorization Platform will also provide DE 55
(Integrated Circuit Card [ICC] System-Related Data), subelement 91
(Issuer Authentication Data) because an ARPC will be generated when
the MasterCard Digital Enablement Service chip pre-validation produces
a valid result.
6. The acquirer forwards the authorization response to the contactless terminal.

MasterCard Digital Enablement Service Chip Pre-Validation or

Dynamic CVC 3 Pre-Validation Failure
The following process describes authorization processing for a transaction that
was declined by the service because chip pre-validation or dynamic CVC 3
pre-validation failed for technical reasons.

1. When a cardholder taps a mobile device with a device account number to

the contactless terminal, the device account number and associated chip or
dynamic CVC 3 data are transmitted to the terminal.
2. The acquirer initiates an authorization request containing the device account
number and sends it to the MasterCard Network.
3. If chip pre-validation or dynamic CVC 3 pre-validation fails, the
Authorization Platform sends the acquirer an authorization response with
DE 39, value 05 (Do not honor).

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-100 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Digital Enablement Service

• For chip pre-validation, acquirers receive DE 48, subelement 74

(Additional Processing Information), subfield 1 (Processing Indicator)
value 02 (MasterCard On-behalf Service—M/Chip Cryptogram
Pre-validation) and subfield 2 (Processing Information) containing one
of the following values:

– F (Format error in DE 55)

– G (Application Cryptogram is valid but is not an ARQC)
– I (Application Cryptogram Invalid)
– T (Application Cryptogram is valid but TVR/CVR was invalid)
– U (Application Cryptogram could not be validated due to technical
error)
• Acquirers receive DE 55, subelement 91 when an ARPC has been
generated, which occurs when the validation result is one of the
following:

– Application Cryptogram is valid but is not an ARQC

– Application Cryptogram is valid, but TVR/CVR was invalid
• For dynamic CVC 3 pre-validation, acquirers receive one of the
following DE 48, subelement 87 values:

– E = Length of unpredictable number was not a valid length

– P = Unable to process
– Y = Invalid
4. The Authorization Platform sends an authorization advice message to the
issuer containing:

• DE 2 containing the cardholder’s funding account number

• DE 22, subfield 1 containing the value provided by the acquirer
• DE 23, DE 35, DE 45, DE 55 as provided by the acquirer (if applicable)
• DE 48, subelement 33, subfield 1, value C, subfield 2 containing the
device account number, and subfield 3 with the device account number
expiration date.
• An occurrence of DE 48, subelement 71, subfield 1, value 50 and
subfield 2, value C
• DE 48, subelement 71, subfield 1, value 51 and subfield 2 containing
one of the following existing values:

– G (Application cryptogram is valid but not an ARQC, status of

TVR/CVR unknown)
– I (Invalid)
– T (Valid ARQC, TVR/CVR invalid)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-101
Authorization Services Details
MasterCard Digital Enablement Service

– U (Unable to process)
• DE 60, subfield 1, value 141 and subfield 2 containing one of the
following existing values:

– 0032 (Reject: Chip technical failure)

– 0034 (Reject: Chip validation failed)
– 0035 (Reject: TVR/CVR validation failed)
– 0039 (Reject: Cryptogram not ARQC)
Or
• DE 48, subelement 71, subfield 1, value 52 and subfield 2 containing
one of the following existing values:

– A (ATC outside allowed range (applicable when ATC value is

dynamic [varying] value)
– E (CVC 3 ATC Replay)
– I (Invalid)
– N (Unpredictable number mismatch)
– U (Unable to process)
• DE 60, subfield 1, value 141 and subfield 2 containing one the following
existing values:

– 0042 (Reject: CVC 3 Unable to process)

– 0043 (Reject: CVC 3 ATC outside allowed range)
– 0044 (Reject: CVC 3 Invalid)
– 0045 (Reject: CVC 3 Unpredictable number mismatch)
– 0046 (Reject: CVC 3 ATC Replay)

MasterCard Digital Enablement Service PAN Mapping Failure

The following process describes authorization processing for a transaction that
was declined by the service because PAN mapping was unsuccessful.

1. When a cardholder taps a mobile device with a device account number at

a contactless terminal, the device account number and associated chip or
dynamic CVC 3 data are transmitted to the terminal.
2. The acquirer initiates an authorization request containing the device account
number and sends it to the MasterCard Network.
3. If the service is unable to map the device account number to the funding
account number, the Authorization Platform sends the acquirer an
authorization response with DE 39 (Response Code), value 14 (Invalid card
number). If the PAN mapping service cannot be performed for technical
reasons, the Authorization Platform sends the acquirer an authorization

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-102 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Digital Enablement Service

response with DE 39, value 96 (System error). DE 48, subelement 33 will

not be present.
4. The Authorization Platform sends an authorization advice message to the
issuer containing:

• DE 2 containing the device account number

• DE 39 value that the Authorization Platform sent to the acquirer
• DE 48, subelement 71, subfield 1, value 50 and subfield 2 containing
one of the following existing values:

– I (Invalid Device Account Number to Funding Account Number

Mapping Relationship)
– U (Unable to Process)
• DE 60 containing subfield 1, value 141 (MasterCard Digital Enablement
Service Advice to Issuer) and subfield 2, value 0201 (Reject: Invalid
Device Account Number–Funding Account Number Mapping
Relationship)

Authorization Reports
The following reports contain information about the MasterCard Digital
Enablement Service.

• The Authorization Parameter Summary Report (SI737010-AA) includes a

MasterCard Digital Enablement Service participant parameter in the Global
Parameters section.
• The Daily Account File Activity Report (AM700010–AA) includes activity
for the MasterCard Digital Enablement Service as a separate report,
AM700010-CC (for example, AM700010–AA format, but separate report file).
• The Detail Account Report (AM730010-AA) includes a section for MasterCard
Digital Enablement accounts.

For a sample of the Authorization Parameter Summary Report (SI737010-AA),

see “Reports.” For samples of the Daily Account File Activity Report
(AM700010-CC) and Detail Account Report (AM730010-AA), see the Account
Management System User Manual.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-103
Authorization Services Details
MasterCard inControl Services

MasterCard inControl Services

The MasterCard® inControl™ platform provides for a number of advanced
authorization, transaction routing, and alert notification capabilities designed
to assist issuers in creating new and enhanced payment products for their
consumer and commercial cardholders.

MasterCard inControl fully integrates patented payment technologies with

unparalleled global processing capabilities. With the integration of this
capability into MasterCard core processing, issuers can benefit from cost
efficiencies and speed to market for new product development.

Participation in MasterCard inControl is optional.

MasterCard inControl Purchase Controls

The MasterCard® inControl™ Purchase Controls service platform provides
cardholders the ability to establish spend control rules for their pre-existing
payment cards that are enforced during the authorization process.

These rules can be defined for both card present and card-not-present
transaction environments, and depending on the cardholder's pre-defined
response rules, may result in an alert notification being generated to the
cardholder or the transaction being declined on their behalf.

Benefits

The MasterCard inControl Purchase Controls service platform allows issuers to

leverage “off-the-shelf” solutions and create customized offerings depending on
the needs of their customers.

The commercialization of the MasterCard inControl services platform offers

issuers the following features to support their commercial card portfolios:

• Enhanced authorization controls that direct how, when, and where cards
may be used to a greater level of specificity than previously supported. .
• Robust alert functionality that provides personalized real-time
communication about transaction activities.
• A limited use number feature that allows authorization, spending limits, and
usability controls to be set on a transaction-by-transaction basis, providing
enhanced levels of security, control, data capture, and traceability on every
purchase
NOTE
Purchase Controls is the first application that is specific for commercial
cards, featuring virtual card numbers (VCNs) and usage controls. Additional
applications will be added in the future.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-104 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard inControl Services

Authorization Processing

MasterCard inControl platform leverages the same authorization and clearing

data elements for mapping virtual card numbers and real card numbers.

For a MasterCard inControl authorization transaction that was successfully

mapped and met control specifications:

1. The acquirer sends the Dual Message System an Authorization Request/0100,

Authorization Advice/0120—Acquirer-generated, or a Reversal Request/0400
message containing the inControl virtual card number in DE 2 (Primary
Account Number [PAN]).
2. The Authorization Platform applies unique controls for the inControl virtual
card number and performs mapping to the cardholder's primary account
number (PAN).
3. The Authorization Platform sends the Authorization Request/0100 message
and performs mapping via the Authorization Request/0100, Authorization
Advice/0120—Acquirer-generated, or a Reversal Request/0400 message to
the issuer containing:

• DE 2 (Primary Account Number [PAN]) and DE 14 (Date, Expiration)

contain the cardholder's real account number and associated expiration
date.
• DE 48 (Additional Data—Private Use), subelement 33 (PAN Mapping
File Information) where subfield 1 (Account Number Indicator) = value
V (Virtual Card Number), subfield 2 (Account Number) = VCN (Virtual
card number). and subfield 3 (Expiration Date) = VCN expiration date).
• DE 48, subelement 71 (On-behalf Services), subfield 1 (On-behalf
Services) = value 17 (inControl Virtual Card Service) and subfield 2
(On-behalf [OB] Result 1) = value V (Valid).
4. The issuer approves or declines the authorization request by sending
an Authorization Request Response/0110, Authorization Advice
Response/0130—Issuer-generated, or a Reversal Request Response/0410
message.
5. The Authorization Platform maps the cardholder's primary account number
back to the inControl virtual card number, places it in DE 2 (Primary
Account number [PAN]), and then forwards the Authorization Request
Response/0110, Authorization Advice Response/0130, and Reversal Request
Response/0410 messages to the acquirer.
6. The acquirer forwards the virtual card number and the authorization
response information to the merchant. If inControl processing cannot be
completed, the Authorization Platform sends the acquirer an Authorization
Request Response/0110, Authorization Advice Response/0130, or Reversal
Request Response/0410 containing DE 39 (Response Code), value 96
(System error).
7. If MasterCard inControl processing cannot be completed, the Authorization
Platform sends the acquirer an Authorization Request Response/0110,

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-105
Authorization Services Details
MasterCard inControl Services

Authorization Advice Response/0130, or Reversal Request Response/0410

containing DE 39 (Response Code), value 96 (System error).

Exception Processing

For a MasterCard inControl authorization transaction that was declined by

inControl processing:

1. The acquirer sends the Dual Message System an Authorization Request/0100,

Authorization Advice/0120—Acquirer-generated, or a Reversal Request/0400
message containing the inControl virtual card number in DE 2 (Primary
Account Number [PAN]).
2. The Authorization Platform applies unique controls for the inControl virtual
card number and performs mapping to the cardholder's PAN.
3. If the transaction fails mapping, the Authorization Platform declines the
request, and sends the acquirer an Authorization Request Response/0110,
Authorization Advice Response/0130—System-generated, or a Reversal
Request Response/0410 message containing DE 39 (Response Code), value
14 (Invalid card number).
4. If PAN mapping of the transaction is successful, but the transaction fails
spend control rules, the Authorization Platform sends an Authorization
Advice/0120—System-generated message to the issuer containing:

• DE 2 (Primary Account Number [PAN])

• DE 39 (Response Code) with a value other than 00 (Approved or
completed successfully)
• DE 48 (Additional Data—Private Use), subelement 33 (PAN Mapping
File Information)
• DE 48, subelement 71 (On-behalf Services), subfield 1 (On-behalf
Services), value 17 (inControl Virtual Card Service) and subfield 2
(On-behalf [OB] Result 1) containing the appropriate result value
• DE 60 (Advice Reason Code) where:

– Subfield 1 (Advice Reason Code) = 200 (inControl Processing Advice

to Issuer)
– Subfield 2 (Advice Detail Code) = appropriate advice reason code

Authorization Reports

The following reports provide information about the MasterCard inControl

service:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-106 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard inControl Services

• The Authorization Parameter Summary Report (SI737010-AA) includes

a MasterCard inControl Mapping participant parameter in the Global
Parameters section.
• The Daily Account File Activity Report includes a separate report for the
MasterCard inControl service. The Daily Account File Activity Report
(AM700010-EE) displays activity associated with MasterCard inControl.
• The Detail Account Report (AM730010-AA) displays MasterCard inControl
accounts.

For a sample of the Authorization Parameter Summary Report (SI737010-AA),

see “Reports.” For a sample of the Daily Account File Activity Report
(AM700010-EE) and Detail Account Report (AM730010-AA), see the Account
Management System User Manual.

To Participate

Issuers that want to participate in the MasterCard inControl Purchase Controls

initiative can contact the Customer Operations Services team for more
information.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-107
Authorization Services Details
MasterCard inControl Services

MasterCard inControl Real Card Spend Control Services

The MasterCard® inControl™ Real Card Spend Control service targets the
consumer cardholder segment and offers a broad suite of authorization control
categories that provide increased security and budgetary monitoring capabilities
coupled with an optional Short Message Service (SMS) alerting service.

Benefits

The MasterCard inControl Real Card Spend Control service provides cardholders
the ability to establish spend control rules for their pre-existing payment
cards that are enforced during the authorization process. These rules can be
defined for both card present and card-not-present transaction environments,
and depending on the cardholder's pre-defined response rules, may result in
an alert notification being generated to the cardholder or the transaction being
declined on their behalf.

How It Works

The following illustration provides a high-level overview of the MasterCard

inControl Real Card Spend Control services registration process.

1. Participating issuers create a website that provides a secure interface to

MasterCard inControl and enables cardholders to register for one of the real
card spend control services.
2. The issuer’s website passes account information, associated spend control
rules, and accompanying actions such as decline instructions and alert
notifications to MasterCard inControl.
3. The MasterCard inControl service submits a real-time registration request
to the Account Management System. Activation of the initial registration of
the first card within an eligible account range may take up to 48 hours;
activation of subsequent accounts will occur within 24 hours.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-108 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard inControl Services

4. The Account Management System sends a confirmation message to

MasterCard inControl.
5. MasterCard inControl notifies the issuer website that the cardholder controls
have been established.
6. The issuer notifies the cardholder that their spend control rules have been
set up.
7. Cardholders can revisit their issuer’s website to modify or delete their
spend control rules.

Authorization Processing
NOTE
Spend control rules can only be applied to transactions that flow through the
MasterCard Network.

Spend control rules are not applied to Authorization Advice/0120—Acquirer-

generated and Reversal Request/0400 messages.

1. The acquirer sends the Authorization Request/0100 message containing the

MasterCard inControl real card number in DE 2 (Primary Account Number
[PAN]) to the Dual Message System.
2. The Authorization Platform sends the transaction to MasterCard inControl
for verification against the cardholder's registered spend control rules.

WHEN the transaction... THEN MasterCard inControl...

Meets the control rules established
by the cardholder
Sends the issuer the Authorization
Request/0100 message where DE 48
(Additional Data—Private Use), subelement
71 (On-behalf Services), subfield 1
(On-behalf [OB] Service) contains value 20
(inControl RCN Spend Control) and subfield
2 (On-behalf [OB] Result 1) contains value
V (Valid).

Does not meet the control rules
established by the cardholder
and
The cardholder has registered an
action response of “decline and
alert notification” upon rule failure
Declines the transaction and sends
the acquirer an Authorization Request
Response/0110 message where DE 39
(Response Code) contains a decline
response.
and
Sends the issuer an Authorization
Advice/0120—System-generated message
where:
• DE 48, subelement 71:
– Subfield 1 contains value 20
– Subfield 2 contains the spend
control rule that failed
• DE 60 (Advice Reason Code):

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-109
Authorization Services Details
MasterCard inControl Services

WHEN the transaction... THEN MasterCard inControl...

– Subfield 1 (Advice Reason Code)

contains value 200 (inControl
Processing Advice to issuer)
– Subfield 2 (Advice Detail Code)
contains a valid advice reason code
and
Sends the cardholder an alert notification
indicating rule failure.

Does not meet the spend control
rules established by the cardholder
and
The cardholder has registered
an action response of “alert
notification only” upon rule failure,
but no decline action
Sends the issuer an Authorization
Request/0100 message where DE 48,
subelement 71, subfield 1 is value 20 and
subfield 2 indicates the spend control rule
that failed.
and
Sends the cardholder an alert notification
indicating rule failure.

NOTE
If the transaction is declined (by the issuer, alternate issuer, Stand-In processing,
or X-Code processing), or the issuer/alternate issuer performs a partial
approval or purchase amount only approval, the Authorization Platform sends
an Authorization Advice/0120—System-generated message to MasterCard
inControl to update the disposition of the transaction.

WHEN... THEN the Authorization Platform...

MasterCard inControl is unavailable or Populates DE 48, subelement 71 with

responds late subfield 1, value 20 and subfield 2, value
or U (Unable to process) and forwards the
transaction to issuer.
The spend control rules have recently
been removed

Authorization Reports

The following reports provide information about the MasterCard inControl Real
Card Spend Control service:

• The Global Parameters section of the Authorization Parameter Summary

Report (SI737010-AA) includes a MasterCard inControl Real Card Spend
Control participant parameter to indicate issuer account range participation
in MasterCard inControl Real Card Spend Control services.
• The Daily Account File Activity Report (AM700010-EE) includes activity
associated with the MasterCard inControl Real Card Spend Control service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-110 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard inControl Services

For a sample of the Authorization Parameter Summary Report (SI737010-AA),

see “Reports.” For a sample of the Daily Account File Activity Report
(AM700010-EE) and Detail Account Report (AM730010-AA), see the Account
Management System User Manual.

To Participate

Issuers that want to participate in the MasterCard inControl Real Card Spend
Control service can contact their Account Management team for more
information.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

MasterCard inControl Virtual Card Mapping and Spend Control

Service
The MasterCard inControl Virtual Card Mapping and Spend Control Service is
for consumer cardholders to request a virtual card number, and optionally
establish spend controls on that virtual card, and receive alerts.

The MasterCard® inControl™ platform leverages the same authorization and

clearing data elements for mapping virtual card numbers to their real card
account numbers as in the MasterCard inControl Purchase Control Service and
the MasterCard PayPass Mapping Service. Issuers currently supporting the
MasterCard PayPass Mapping Service need only to recognize new data values
in existing data elements to support the MasterCard inControl Virtual Card
Mapping and Spend Control Service.

MasterCard inControl Virtual Card Mapping and Spend Control Service

authorization transactions are identified by:

• DE 2 (Primary Account Number [PAN]) contains the real card number

• DE 48 (Additional Data—Private use), subelement 33 (PAN Mapping File
Information) contains the virtual account data
• DE 48, subelement 71 (On-Behalf Services) contains the on-behalf service
performed on the transaction

The following information describes exception processing for a MasterCard

inControl Virtual Card Mapping and Spend Control Service authorization
transaction that was declined by inControl processing. Other possible scenarios
for a virtual card number and virtual card number with spend controls are
also described.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-111
Authorization Services Details
MasterCard inControl Services
Virtual Card Number Scenarios
WHEN the...
Virtual card number successfully
mapped and a valid expiration date and
CVC 2 are included
Virtual card number was not successfully
mapped
Virtual card number successfully
mapped, but contains an invalid
expiration date or invalid CVC 2
Virtual Card Number with Spend Controls Scenarios
WHEN the...
Virtual card number successfully
mapped, valid expiration date and CVC
2 are included, and the transaction
passes spend controls
Virtual card number was not successfully
mapped
Virtual card number successfully
mapped, but contains an invalid
expiration date or CVC 2
And
The cardholder wants optional alerts
Virtual card number successfully
mapped, valid expiration date and CVC
2 are included, but the transaction fails
spend controls
And
The cardholder wants optional alerts,
but does not want the transaction
rejected
Virtual card number successfully
mapped, valid expiration date and CVC
2 are included, but the transaction fails
spend controls
And
©1983–2013 MasterCard. Proprietary. All rights reserved.
9-112
THEN the Authorization Platform...
Forwards the Authorization Request/0100
message to the issuer.
Rejects the Authorization Request/0100
message sent by the acquirer,
and then sends an Authorization
Advice/0120—System-generated message
to the issuer.
Rejects the Authorization Request/0100
message sent by the acquirer,
and then sends an Authorization
Advice/0120—System-generated message
to the issuer.
THEN the Authorization Platform...
Forwards the Authorization Request/0100
message to the issuer.
Rejects the Authorization Request/0100
message sent by the acquirer,
and sends an Authorization
Advice/0120—System-generated message
to the issuer.
Rejects the Authorization Request/0100
message sent by the acquirer, sends
an Authorization Advice/0120—System-
generated message to the issuer, and then
sends an optional alert to the cardholder.
Forwards the Authorization Request/0100
message to the issuer, and then sends an
optional alert to the cardholder.
Rejects the Authorization Request/0100
message sent by the acquirer, sends
an Authorization Advice/0120—System-
27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard MoneySend

WHEN the... THEN the Authorization Platform...

generated message to the issuer, and then
The cardholder wants optional alerts,
sends an optional alert to the cardholder.
but wants the transaction rejected

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

MasterCard MoneySend
The MasterCard® MoneySend™ service enables person-to-person money
transfers by allowing consumers to use their MasterCard®, Debit MasterCard®,
MasterCard Electronic™, Cirrus®, or Maestro® card to send and access funds.

Receiving payment inflows to a MasterCard card account is considered a

core product capability and fundamental to any financial account. The
MasterCard MoneySend Payment Transaction continues to enable funds to be
transferred from cash or any approved account by an Originating Institution
to any MasterCard®, Debit MasterCard®, MasterCard Electronic™, Cirrus®, or
Maestro® Card account held at a Receiving Institution.

The MasterCard MoneySend service also allows use of multiple channels to

initiate transactions such as an ATM, a bank branch, a stand-alone kiosk,
mobile, or over the Internet.

Financial institutions offering the MasterCard MoneySend service may need

to engage in two transactions to accommodate the funds transfer between
the sender and the recipient:

• The first transaction, referred to as the “Funding Transaction,” moves funds

within an originating financial institution (“On-Us”) to work within the
MasterCard acquirer/issuer construct. The originating financial institution
(OFI) is both the acquirer and issuer of a MasterCard MoneySend transaction
for the sender to enable the movement of money via the MasterCard
Network. The Funding Transaction is optional because the OFI may have
the ability to perform this function internally (for example, if the funding
mechanism is a demand deposit account [DDA] instead of a card).
• The second transaction, referred to as the “Payment Transaction,” moves
funds from the OFI, via the MasterCard Network, to the recipient of the
funds and into a MasterCard®, Debit MasterCard®, Maestro®, or Cirrus®
account (the “Receiving Account”) at the receiving financial institution (RFI).

For participation requirements or for more information about this optional

service, refer to the MasterCard MoneySend Global Platform Guide.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-113
Authorization Services Details
MasterCard MoneySend

MasterCard MoneySend Funding Transactions

MasterCard MoneySend Funding Transactions are identified in Authorization
Request/0100, Authorization Advice/0120—Acquirer-generated, Reversal
Request/0400 messages by the following values.

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code),

value 00 (Purchase Transaction)
• DE 18 (Merchant Type), MCC 6538 (MasterCard MoneySend Funding
Transaction) to identify a MoneySend Funding Transaction
• DE 48 (Additional Data—Private Use), transaction category code (TCC),
value U (Unique). (Effective 13 April 2012, the TCC will change to R (Retail
Sale) or T (Phone, Mail, or Electronic Commerce Order) as appropriate to
the transaction environment.)

OFIs may optionally send DE 124 (Member-defined Data) when submitting a

MasterCard MoneySend Funding Transaction.

MasterCard requires originating financial institution (OFI) participation when

submitting a MasterCard MoneySend Funding Transaction.

MasterCard MoneySend Payment Transactions

The MasterCard MoneySend Payment Transaction provides a unique message
to facilitate remittances between two parties: a sender (person, business,
government, or non-government entity) using the services of a financial
institution acting on the sender's behalf, referred to as the originating financial
institution (OFI)—the Payment Transaction acquirer—and the recipient who
receives the funds when they are deposited into his or her MasterCard or
Maestro account at another financial institution, referred to as the receiving
financial institution (RFI)—the recipient’s card issuer.

MasterCard requires that OFIs register in the MasterCard MoneySend service to

participate. OFI registration in the MasterCard MoneySend service helps to
ensure that only institutions, which have been approved for these types of
money transfers, are attempting to process them. OFI registration also helps
to protect RFIs from receiving these types of transactions from merchants and
OFIs that do not meet the MoneySend program guidelines.

If an OFI attempts to submit a MasterCard MoneySend transaction, but has

not registered for the MasterCard MoneySend service, the Authorization
Platform rejects the transaction and sends the OFI an Authorization Request
Response/0110 or Reversal Request Response/0410 message containing DE 39
(Response Code), value 58 (Transaction not permitted to acquirer/terminal).

MasterCard MoneySend Transaction Criteria

MasterCard MoneySend Payment Transactions must meet the following criteria.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-114 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard MoneySend

• The originating financial institution must be a registered participant.

• The Authorization Request/0100 or Reversal Request/0400 message must
contain:

– DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code),

value 28 (Payment Transaction)
– DE 18 (Merchant Type), MCC 6536 (MasterCard MoneySend Intracountry)
or MCC 6537 (MasterCard MoneySend Intercountry)
– DE 48 (Additional Data—Private Use), subelement 77 (Payment
Transaction Type Indicator), value C07 (MasterCard MoneySend)
– DE 61 (Point-of-Service [POS] Data), subfield 10 (Cardholder-Activated
Terminal Level) contains one of the valid values that indicate the
location where the transaction was initiated
– DE 124 (MasterCard MoneySend, Sender Identification Data), subfield 2
(Sender/payer Name/User ID) and subfield 3 (Sender/Payer Address)
• The MasterCard MoneySend transaction amount is less than or equal to USD
2,500. The Authorization Platform validates the Authorization Request/0100
message against the MasterCard MoneySend maximum transaction amount
limit (USD 2,500). Currency conversion on the MoneySend transaction will
be completed before comparing it to the maximum transaction amount limit.

The Authorization Platform will reject an Authorization Request/0100 or a

Reversal Request/0400 message that does not meet the edits for a properly
formatted MoneySend transaction.

MasterCard MoneySend Transaction Blocking Criteria

The Dual Message System supports transaction blocking for MasterCard®
MoneySend™ Payment Transactions at the country and receiving financial
institution (RFI).

Transaction blocking may occur at the following levels:

• Country—When MasterCard has determined that processing via MasterCard

MoneySend will not be supported in a particular country, the Authorization
Platform automatically declines all MasterCard MoneySend Payment
Transaction authorization requests sent to or received from that country.
• Receiving financial institution—When MasterCard has determined that an
RFI or associated RFI account range is not eligible to process transactions
via MasterCard MoneySend , the Authorization Platform automatically
declines all MasterCard MoneySend Payment Transaction authorization
requests with that RFI.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-115
Authorization Services Details
MasterCard MoneySend

Authorization Report

The Authorization Parameter Summary Report (SI737010-AA) includes a

MoneySend Blocking flag in the Global Parameters section that identifies
whether an RFI’s account range is blocked from processing transactions via
the MasterCard MoneySend platform.

For a sample of the Authorization Parameter Summary Report (SI737010-AA),

see “Reports.”

To Participate
Originating financial institutions are required to register and be approved
to participate as originating financial institutions for MasterCard MoneySend
transactions.

Before launching the MasterCard MoneySend program, originating financial

institutions must:

• Register their programs by submitting the MasterCard MoneySend

Originating Financial Institution Registration Form to their regional
MasterCard Franchise Development representative.
• Receive written confirmation from MasterCard that their participation is
approved. Once approved by MasterCard, an authorized MasterCard
representative signs the form and returns it to the originating financial
institution’s contact person.

Receiving financial institutions must support MasterCard MoneySend Payment

Transactions in authorization processing, unless their country of origin prohibits
it legally. If the receiving financial institution does not want to allow the
cardholder to receive money via MasterCard MoneySend Payment Transactions,
the issuer should decline the authorization.

Receiving financial institutions that participate in the MasterCard MoneySend

program must adhere to requirements for Payment Transactions and the
MasterCard MoneySend program.

For More Information

For more information about implementing the MasterCard MoneySend program,
see the MasterCard MoneySend Global Platform Guide or contact the Customer
Operations Services team.

For more information about supporting data requirements, see the Customer
Interface Specification manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-116 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard PayPass Mapping Service

MasterCard PayPass Mapping Service

MasterCard® PayPass™ cards and devices that contain a proximity chip offer
consumers a fast and convenient way to pay.

Using proximity chip payment technology, consumers can pay for their
purchases at the point of sale by simply tapping their PayPass card or device on
a PayPass terminal. The PayPass card or device transmits the card information
to the terminal. The PayPass terminal interacts with existing authorization
mechanisms to initiate and complete the authorization. The increased speed
and convenience make PayPass an attractive way to pay, especially in
high-traffic environments such as mass transit stations, movie theaters, and
fast food restaurants.

The PayPass Mapping service is not available to issuers that support the use of
online PIN with a card or device product. If PAN mapping is performed in a
transaction using online PIN, the PIN validation will fail.

PayPass Mapping Service Description

MasterCard recommends that a unique account number be used for PayPass
transactions. This added layer of security protects issuers and cardholders
against the risk of fraudulent acquisitions and use of a PayPass account number.

One cardholder account is assigned two numbers:

• A primary account number (PAN), which is encoded on the magnetic stripe

and embossed on the front of the card.
• A different PayPass account number (PPAN), which is personalized on the
contactless chip of the same card or on a companion PayPass device.

Implementation of a separate PayPass account number requires the issuer to:

• Allocate a PPAN to provide PayPass Mapping functionality for an existing

PAN.
• Establish and maintain a cross-reference or mapping database between the
PAN and the PPAN.
• Upgrade the issuer host system to recognize that both account numbers
must debit the same cardholder account and that:

– The PPAN must be accepted only when the transaction is originated at

a PayPass terminal.
– The PAN must be accepted only when the card is swiped or when the
PAN is provided by manual entry on a POS, on the Internet, or over
the phone.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-117
Authorization Services Details
MasterCard PayPass Mapping Service

DEFINITION
A PayPass account number (PPAN) is a unique number encoded on the proximity
chip of a PayPass card or device that the PayPass Mapping Service associates
to a PAN. A primary account number (PAN) is the number that is embossed,
encoded, or both, on a MasterCard card that identifies the issuer and the
particular cardholder account.

MasterCard recognizes that the use of a separate PayPass account number for
some issuers may not be viable. For this reason, MasterCard offers the PayPass
Mapping Service—an optional service that helps issuers process PayPass
transactions by translating PayPass account numbers into primary account
numbers that issuers can process with minimal impact.

MasterCard offers two participating options for the PayPass Mapping Service:

• Processing-only Participation Only—At setup, the participating issuer

provides MasterCard with a mapping file of PANs and PayPass account
numbers that it created and personalized on PayPass cards or devices.
• Processing and PayPass Mobile Over-the-Air Provisioning—MasterCard
offers secure web services that allow issuers to request both the PayPass
personalization of a near-field communication (NFC) mobile phone and its
activation. Through the activation process, the registered PAN and PayPass
account number are mapped together.

Processing that is common to both participation options consists of the

Authorization Platform translating PayPass authorization requests into messages
that the issuers’ non–PayPass-enabled authorization systems can understand
and process.

PayPass Mapping Service Availability

PayPass Mapping Service availability is as follows.

• Processing Only—Available to PayPass Mag Stripe-only cards or devices

and PayPass M/Chip and Contact M/Chip devices (and cards under certain
conditions)
• Processing and PayPass Mobile Over-the-Air Provisioning—Available
depending on the issuer market.

PayPass Mapping Service Components

The PayPass Mapping Service consists of the following Authorization Platform
components.

• PAN Mapping File (MCC106)

• Processing of PayPass account number
• Transaction history

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-118 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard PayPass Mapping Service

NOTE
Dynamic CVC 3 pre-validation is used when the PayPass Mapping Service is
performed on PayPass Mag Stripe transactions.

PAN Mapping File (MCC106)

The PayPass Mapping Service leverages the PAN Mapping File (MCC106).
MCC106 contains the service-eligible PayPass account number and the
associated cardholder PAN. Each PayPass account number is unique and several
PayPass account numbers can be associated to a single PAN (a family with the
same PAN can have multiple PayPass cards or devices).

MasterCard supports listing accounts for MCC106 with the Account Management
System (AMS) via the following methods:

• Online File Maintenance

• MasterCard eService
• MasterCard File Express
• MasterCard Web services

MCC106 maintenance requests submitted via the online Issuer File Update
Request/0302 message, MasterCard eService, or MasterCard web services are
applied immediately. Maintenance requests submitted by bulk file are applied
two times per day at 08:00 and 18:00 hours (St. Louis time).

PayPass Account Number

After performing a few edits, the Authorization Platform maps the PayPass
account number to the cardholder’s PAN if indicated for the service-eligible
PayPass account range.

The following information provides the Authorization Platform processing

details when the PayPass account number is in a PayPass Mapping Service
eligible account range and listed or not listed in the PAN Mapping File
(MCC106).

When the PAN Mapping File (MCC106) Contains a PayPass Account

Number

If the PayPass account number is found in the PAN Mapping File (MCC106),
the Authorization Platform performs the following actions on Authorization
Request/0100, Authorization Advice/0120, Reversal Request/0400, and Reversal
Advice/0420 messages forwarded to the issuer, the Stand-In System, or X-Code
System:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-119
Authorization Services Details
MasterCard PayPass Mapping Service

• Inserts the cardholder’s PAN in DE 2 (Primary Account Number [PAN])

• Inserts the PAN card expiration date in DE 14 (Date, Expiration) if available;
otherwise, DE 14 is not present
• Performs dynamic CVC 3 pre-validation using CVC 3 validation key and
algorithm only on the Authorization Request/0100 message where DE 22
(Point-of-Service [POS] Entry Mode), subfield 1 (POS Terminal PAN Entry
Mode) contains value 91 (PAN auto entry via contactless magnetic stripe)
• Performs Chip Cryptogram pre-validation (if the issuer is signed up for it)
on the Authorization Request/0100 message where DE 22 (Point-of-Service
[POS] Entry Mode), subfield 1 (POS Terminal PAN Entry Mode) contains
value 07 (PAN auto entry via contactless m/chip)
• Inserts the result of the CVC 3 validation in DE 48 (Additional Data—Private
Use), subelement 71 (On-behalf Services) if DE 22, subfield 1 contains value
91 or, if applicable, the result of the Chip Cryptogram if DE 22, subfield
1 contains value 07
• If DE 22, subfield 1 contains value 91, inserts DE 48, subelement 34
(Dynamic CVC 3 ATC Information) when the CVC 3 validation result was
value V (Valid), A (ATC outside allowed range), or E (CVC 3 ATC Replay)
• Changes DE 22, subfield 1, value 91 (PAN auto entry via contactless
magnetic stripe) to value 92 (Contactless input, PayPass Mapping Service
applied); or value 07 (PAN auto-entry via contactless M/Chip) to 08 (PAN
auto-entry via contactless M/Chip PayPass Mapping Service applied)
• Removes DE 35 (Track 2 Data) or DE 45 (Track 1 Data) or both
• Inserts DE 48, subelement 71 (On-behalf Services) results for PayPass
Mapping Service
NOTE
In the PayPass Mag Stripe Authorization Request/0100 message to the issuer,
DE 48, subelement 71 contains two occurrences: one for the Dynamic CVC 3
Pre-validation service and one for the PayPass Mapping Service.

For Authorization Request Response/0110, Authorization Advice Response/0130,

and Reversal Request Response/0410 messages forwarded to acquirers, the
Authorization Platform:

• Inserts DE 48, subelement 33 (PAN Mapping File Information)

• Inserts DE 48, subelement 87 (Card Validation Code Result) only in the
PayPass Mag Stripe Authorization Request Response/0110 response if there
were issues with the validation of the CVC 3

Acquirer response messages contain the same DE 2 value that was submitted
by the acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-120 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard PayPass Mapping Service

When the PAN Mapping File (MCC106) Does Not Contain a PayPass
Account Number

If the PayPass account number is not found in the PAN Mapping File (MCC106),
the Authorization Platform:

• Rejects the acquirer message and sends the acquirer the response in
Authorization Request Response/0110, Authorization Advice Response/0130,
and Reversal Request Response/0410 messages with DE 39 (Response
Code), value 14 (Invalid card number)
• Creates an Authorization Advice/0120 message with DE 60 (Advice Reason
Code), value 140 (Unable to Convert PayPass Account Number) and sends
to the issuer

Alternate Processing
When applied to PayPass Mag Stripe or PayPass M/Chip transactions, the
PayPass Mapping Service is performed before any alternate routing to the
Stand-In System or the X-Code System.

MasterCard supports issuers that are not available to respond to the

Authorization Request/0100 message by considering the results of the CVC 3 or
Chip Cryptogram validation in DE 48, subelement 71 when the Stand-In System
responds to the Authorization Request/0100 message. The options available
for Stand-In System processing of CVC 3 results are detailed in the On-behalf
Key Management (OBKM) Procedures and On-behalf Key Management (OBKM)
Interface Specifications manuals.

If the Stand-In System rejects a PayPass Mag Stripe Authorization Request/0100

message because of issuer instructions based on CVC 3 validation results,
Stand-In includes in the PayPass Mag Stripe Authorization Advice/0120 message
sent to the issuer the following values in DE 60, subfield 2:

• 0042 (CVC 3 Unable to Process)

• 0043 (CVC 3 ATC outside allowed range)
• 0044 (CVC 3 Invalid)
• 0045 (CVC 3 Unpredictable number mismatch)
• 0046 (CVC 3 ATC Replay)

In addition, the PayPass Mag Stripe Authorization Advice/0120 message will

include:

• DE 48, subelement 71
• DE 48, subelement 34, if DE 48, subelement 71 contains value V, A, or E
• DE 48, subelement 33
• DE 48, subelement 87, if there was a problem with the CVC validation

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-121
Authorization Services Details
MasterCard Payment Gateway

For more information about additional values sent if the Stand-In System rejects
a PayPass M/Chip Authorization Request/0100 messages because of issuer
instructions based on the Chip Cryptogram validation results, see the M/Chip
Processing Services—Service Description guide.

MasterCard will not consider the CVC 3 or Chip Cryptogram validation results in
X-Code processing and may approve an authorization request with an invalid
CVC 3 or Chip Cryptogram.

Authorization Reports
The following reports provide information that supports the PayPass Mapping
Service.

• The Authorization Parameter Summary Report (SI737010-AA) provides an

indicator in the Global Parameters section to identify the account ranges
that are participating in the PayPass Mapping Service. Additionally, the
On-behalf Services section lists the Dynamic CVC 3 Pre-validation Service
for the participating PayPass Mapping Service account ranges and one of
the Chip Cryptogram Validation Services if the issuer is signed up for one
of these services.
• The Daily Account File Activity Report (AM700010-DD) contains the PAN
Mapping File activity.

For a sample of the Authorization Parameter Summary Report (SI737010-AA),

see “Reports.” For a sample of the Daily Account File Activity Report
(AM700010-DD), see the Account Management System User Manual.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

MasterCard Payment Gateway

The MasterCard Payment Gateway (Payment Gateway) is a MasterCard hosted,
centralized, modular gateway for routing commercial payments between buyers
and suppliers.
NOTE
Applies only to the U.S. region.

The Payment Gateway collects, transforms, and routes commercial payment

instruction orders. The Payment Gateway accepts files containing payment
instructions and remittance advice information from commercial buyers.
Payment instructions are generated directly from the buyer’s Enterprise
Resource Planning (ERP) or Accounts Payable system.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-122 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Payment Gateway

Benefits

Key features of the Payment Gateway include:

• Data translation and routing

• Bank connectivity that is available anywhere and anytime
• Universal supplier directory
• Remittance advices to buyers and suppliers
• Payment views and reports
• Straight Through Payment Processing
• Web-based portal

How It Works

The Payment Gateway supports two payment types:

• Payables Account (virtual Purchasing Card) payments

• Electronic Funds Transfer (EFT) payments

The authorization blocking feature supports Payables Account (virtual

Purchasing Card) payments only.

The Payment Gateway does not replace the financial institution’s existing
commercial payment offerings. Rather, it provides the entryway for receiving
a buyer’s payment files, thus providing a single destination or interface for
business-to-business payment processing. In this way, MasterCard does all the
work of file translation and data mapping, but the actual payment processing
remains the domain of the financial institutions.

The Payment Gateway uses a modular approach. Financial institutions can

market and package distinct modules to augment their existing payment
services.

Issuers that offer commercial cards may choose to restrict the authorization of
certain account ranges to occur through the Payment Gateway by participating
in the MasterCard Payment Gateway Authorization Blocking service.

The Authorization Platform determines whether to continue processing or reject

Payment Gateway authorization requests based on the presence of DE 48
(Additional Data—Private Use), subelement 47 (MasterCard payment Gateway
Transaction Indicator), value MC-MPG/W and the issuer’s participation in the
MasterCard Payment Gateway Authorization Blocking service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-123
Authorization Services Details
MasterCard Pay with Rewards Service

Authorization Reports

The Authorization Parameter Summary Report (SI737010-AA) includes a

MasterCard Payment Gateway participant parameter in the Global Parameters
section, which indicates when an issuer participates in the MasterCard Payment
Gateway Authorization Blocking service. For a sample of this report and field
descriptions, see “Reports.”

MasterCard Payment Gateway Authorization Blocking Service

The MasterCard Payment Gateway Authorization Blocking service allows issuers

to restrict the authorization of transactions to only those originating from the
MasterCard Payment Gateway platform.

To participate in the MasterCard Payment Gateway Authorization Blocking

service, issuers can send their requests to MasterCard via email at:
[email protected].

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

MasterCard Pay with Rewards Service

The MasterCard Pay with Rewards™ service enables cardholders to redeem their
loyalty points as payment for purchases of goods and services at MasterCard
accepting merchants.

This service enables a consumer participating in a rewards program to have the

ultimate choice of reward—with a simple swipe of the Pay with Rewards card,
points can be used for the purchase of goods or services at any merchant that
accepts MasterCard payment cards, without any modifications to the merchant’s
point-of-sale (POS) systems.

Benefits

Benefits of the MasterCard Pay with Rewards service are as follows:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-124 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Pay with Rewards Service

• This service provides an enriched cardholder experience offering rewards

redemption choices outside of the issuer’s direct offering.
• Merchants of all sizes can reap benefit from issuers’ attractive loyalty
programs, without impact or changes to their POS system.
• Unlike alternatives in the market, the MasterCard Pay with Rewards service
enables real-time redemption of points at the POS, at any MasterCard
accepting merchant.
• More rewards redemption options and real-time capabilities can help issuers
to attract new cardholders, activate their active cardholders, and retain
high-profit cardholders.
• Merchants will see reinforcement of consumer loyalty behavior as consumers
increasingly view points as currency and use them for store purchases.
• Issuer profitability can be enhanced because MasterCard Pay with Rewards
redemptions do not have traditional costs associated with fulfillment, and
issuers may be able to recognize new revenue opportunities.

How It Works

Participating issuers registers redemption cards into the MasterCard Pay with
Rewards service. At the time of redemption, a Pay with Rewards cardholder
presents his or her redemption card as any other payment card today. At
the moment of the transaction, MasterCard Rewards System (MRS) calculates
the number of points necessary to cover the transaction, by converting the
cash value of the transaction into a points-equivalent using a conversion rate
determined by the issuer. If there are sufficient points to pay for the transaction,
MasterCard will approve the transaction and reduce the cardholder’s points
balance accordingly. The Authorization Platform coordinates the routing of
MasterCard Pay with Rewards service transactions to MRS in real-time during
authorization.

The physical Pay with Rewards card will solely represent a mechanism for
cardholders to access their loyalty accounts and pay for purchases; however,
the purchase will be “paid for” by a funding source determined by the
issuer. MasterCard will perform dynamic account mapping in real-time during
authorization processing to route the Pay with Rewards transaction to an
appropriate funding source. Issuers will designate an account range exclusively
as a MasterCard Pay with Rewards redemption portfolio. The MasterCard Pay
with Rewards service cannot be combined with any other dynamic mapping
service.

MasterCard will map the Pay with Rewards card to the issuer’s or the Loyalty
Program Operator’s (LPO) Corporate Funding Account. This is the Pay with
Rewards funding account provided by the issuer or the LPO. The Pay with
Rewards card is mapped to the issuer’s or the LPO’s corporate card/account
when there are sufficient points to pay for the transaction. The issuer will
receive information in the authorization request message that details the Pay
with Rewards service provided. This information can then be used when
responding to the authorization request.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-125
Authorization Services Details
MasterCard Transit Transactions

As an optional service to consumers, MasterCard can send text messages or

emails to cardholders to notify them of the result of their Pay with Rewards
transaction, including the number of points used and remaining in their rewards
account. MasterCard will also notify the issuer of the results from the Pay with
Rewards transaction processing.

Authorization Processing

The cardholder initiates a points redemption transaction by presenting the

Pay with Rewards card as a mode of payment. The acquirer routes the
corresponding Authorization Request/0100 message to the Authorization
Platform.

The Authorization Platform processes the Pay with Rewards transaction, and
then routes the Authorization Request/0100 transaction to the issuer.

The Authorization Platform supports Authorization Request/0100 and full and

partial Reversal Request/0400 processing for the Pay with Rewards service.

To Participate

Issuers that either sponsor their own consumer loyalty rewards programs or
collaborate with a loyalty program provider/operator may optionally participate
in this service. Issuers must complete MasterCard Pay with Rewards service
registration before accounts can be enrolled into this service.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

MasterCard Transit Transactions

MasterCard transit transactions are limited to transit MCCs and can
be pre-funded, real-time authorized, post-authorized aggregated, or
authorized-aggregated split clearing.

Pre-funded Transit Transactions

A pre-funded transit transaction occurs when the cardholder purchases value
redeemable for future travel with a transit merchant. The purchased value is
held by the transit merchant in an account linked to the cardholder’s card or
device. Any usage of the card or device following the purchase of value will
reduce the value held with the transit merchant.

The transit merchant follows its usual authorization procedures by generating

an Authorization Request/0100 message for the full amount of the transaction.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-126 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Transit Transactions

Real-time Authorized Transit Transactions

A real-time authorized transit transaction occurs when the transit merchant
generates an Authorization Request/0100 message each time a cardholder uses
his or her card or device at the transit merchant’s terminal.

The transit merchant follows its usual authorization procedures by generating

an Authorization Request/0100 message for the full amount of the transaction.

Post-authorized Aggregated PayPass Transit Transactions

A post-authorized aggregated PayPass transit transaction occurs when the
transit merchant generates a First Presentment/1240 message combining one or
more PayPass taps performed with one PayPass account number and occurring
with one transit merchant.

For the PayPass transit merchant to receive chargeback protection all of the
following must occur:

• The transit merchant must send a properly identified Authorization

Request/0100 message, which can be for any amount not exceeding
the cardholder verification method (CVM) limit amount, as published in
Chargeback Guide on the day of the transaction.
• The issuer must have approved the transaction.
• The combined amount of the PayPass taps must be equal to, or less than,
the cardholder verification method (CVM) limit amount, as published in
the Chargeback Guide.
• The maximum time period from the first PayPass tap until the First
Presentment/1240 message is generated must be 14 calendar days or less.
NOTE
These transit transactions are limited to MCCs 4111 and 4131.

Upon the cardholder’s request, the transit merchant must provide a list of the
PayPass taps that were combined into a First Presentment/1240 message.
NOTE
The phrases “tap the PayPass card or device” and “PayPass tap” refer to the
same series of actions: a cardholder touching the PayPass card or device to a
PayPass terminal, the PayPass terminal reading the card data, and then the
PayPass terminal flashing a light and making a sound to indicate the outcome
of the tap to the cardholder.

Authorized-aggregated Split Clearing Transactions

An authorized-aggregated split clearing transaction is subject to the following
restrictions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-127
Authorization Services Details
MasterCard Transit Transactions

NOTE
Applies only to domestic United Kingdom (U.K.) transactions

• The PayPass-enabled card or device must indicate that an M/Chip profile

is supported.
• Tag 5F28 (Issuer Country Code) must have a value of 826.
• The denominated primary currency is GBP.
• The transaction is properly identified in the same manner as described
in “Post-authorized Aggregated PayPass Transit Transactions,” with the
exception that the value in the transit indicator field is value 4, instead of
value 3.
NOTE
These transit transactions are limited to MCCs 4111 and 4131.

Post-authorized Aggregated Maestro PayPass Transit

Transactions
A post-authorized aggregated Maestro PayPass transit transaction occurs when
the acquirer generates an Authorization Request/0100 message for an estimated
or maximum amount in connection with the use of one Maestro PayPass
account number at one transit merchant.

The transit merchant can combine multiple Maestro PayPass taps into a single
transaction amount and reverse any unused funds by the cardholder at the
end of the aggregation time period.

The transactions are processed as follows:

• The transit merchant sends an Authorization Request/0100 (Europe-acquired

only) message containing value 06 in DE 48, subelement 64, subfield 1
(Transit Transaction Type Indicator) for an estimated or maximum amount
not to exceed the applicable Maestro PayPass transit transaction ceiling limit
amount (or post-authorized aggregated Maestro PayPass transit transaction
ceiling limit amount, if established for the transit merchant’s country. If not,
the existing Maestro PayPass transit transaction ceiling limit amount for
that country applies).
• The issuer must have approved the transaction.
• The cardholder may make subsequent taps for additional rides. These taps
will not be sent to the issuer for authorization. The combined amount
of the taps must be equal to or less than the applicable Maestro PayPass
transaction ceiling limit amount.
• When the authorized amount is reached or within three calendar days
(two days in Mexico), the transit merchant totals the value of all taps and
generates a partial Reversal Request/0400 or an Authorization Advice/0120
message to reverse any unused funds. The Authorization Advice/0120
message option is only available for Europe region acquirers.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-128 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Transit Transactions

The transaction ceiling limit values for post-authorized aggregated Maestro

PayPass transactions will take the same values as the existing published Maestro
PayPass ceiling limits, except for select countries in the Latin America and
the Caribbean region.

The transaction is properly identified in the same manner as described in

“Post-authorized Aggregated PayPass Transit Transactions,” with the exception
that the value in the transit transaction type identifier (in DE 48, subelement
64) has value 06.
NOTE
These transit transactions are limited to MCCs 4111 and 4131.

Aggregated Transit Transactions Criteria

All post-authorized aggregated and authorized aggregated split clearing PayPass
transit transactions must be properly identified.

Acquirers must ensure that all post-authorized aggregated and authorized

aggregated split clearing PayPass transit transactions are properly identified.
Properly identified post-authorized aggregated and authorized aggregated split
clearing PayPass transit transactions occur when the following values are
present in the Authorization Request/0100 message.

Data Element Subfield Value

DE 4 (Amount, Transaction) N/A For post-authorized aggregated and

authorized-aggregated split clearing
transactions, the authorization can be for
any amount. Amount not exceeding the
cardholder verification method (CVM) limit
amount as published in the Chargeback
Guide on the day of the transaction.
For Maestro Aggregation rule, this amount
would be the Maestro transit cardholder
verification method (CVM) limit amount.

DE 18 (Merchant Type) N/A One of the following values:

• 4111 (Transportation—Suburban and
Local Commuter Passenger, including
Ferries)
• 4131 (Bus Lines)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-129
Authorization Services Details
MasterCard Transit Transactions

Data Element Subfield Value

DE 22 (Point-of-Service 1 (POS Terminal PAN Entry One of the following values:

[POS] Entry Mode) Mode)
• 07 (PAN auto-entry via contactless
M/Chip)
• 08 (PAN Auto-entry via Contactless
M/Chip PayPass Mapping Service
Applied)
• 91 (PAN auto-entry via contactless
magnetic stripe)
• 92 (Contactless input, PayPass Mapping
Service applied when acquirer DE 22,
subfield 1 = 91)
Note: For authorized aggregated split
clearing transactions, only value 07 or 08 is
valid. For Maestro aggregation transactions,
value 91 and 92 only apply to domestic
Maestro transactions in Brazil.

DE 48 (Additional 1 (Transaction Category Code X (Airline and Other Transportation Services)

Data—Private Use) [TCC])

DE 48 (Additional 1 (Transit Transaction Type One of the following values:

Data—Private Use), Indicator)
• 03 (Post-Authorized Aggregated)
Subelement 64 (Transit
Program) • 04 (Authorized Aggregated Split
Clearing)
• 06 (Post-Authorized Aggregated Maestro)

DE 61 (Point-of-Service 1 (POS Terminal Attendance) 1 (Unattended terminal)

[POS] Data)

3 (POS Terminal Location) 0 (On premises of card acceptor facility)

4 (POS Cardholder Presence) 0 (Cardholder present)

5 (POS Card Presence) 0 (Card present)

6 (POS Card Capture 0 (Terminal/operator has no card capture

Capabilities) capability)

7 (POS Transaction Status) One of the following values:

• 0 (Normal request)
• 4 (Preauthorized request)
Note: Value 4 is only for Europe region
acquired transactions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-130 27 November 2013 • Authorization Manual

Data Element Subfield
10 (Cardholder-Activated
Terminal Level)
11 (POS Card Data Terminal
Input Capability)
Differences Between Post-authorized Aggregated and
Authorized-aggregated Split Clearing Transit Transaction Rules
This table explains the differences between the current MasterCard
post-authorized aggregated transit rule and the authorized-aggregated split
clearing transit rule for U.K. transit transactions.
Post-authorized Aggregated Transit
Transaction Rule
The transit agency receives no
chargeback protection in the event that
an issuer declines the authorization.
Each aggregation period (up to 14 days)
is initiated by a single authorization and
completed by a single clearing message.
The aggregation period when processing
Maestro transactions will be different.
Time periods range from 1-3 days,
depending on the region and country
the transaction is being acquired.
©1983–2013 MasterCard. Proprietary. All rights reserved.
Authorization Manual • 27 November 2013
Authorization Services Details
MasterCard Transit Transactions
Value
0 (Not a CAT transaction)
One of the following values:
• 3 (Contactless M/Chip
• 4 (Contactless Magnetic Stripe)
Note: For authorized aggregated split
clearing transactions, only value 03 is valid.
Authorized-aggregated Split Clearing
Transaction Rule in the U.K.
Extends the transit agency’s chargeback
protection rights to include transactions for
which the authorization on a U.K. issued
credit, debit or prepaid card or device
is declined, provided the authorization
and clearing amounts are GBP 6 or less
(commercial cards are currently excluded
from this additional liability).
Note: Cards that do not meet the criteria to
be eligible for this liability protection follow
the Post-Authorized Aggregated Transit
Transaction Rule, that is, an overseas issuer,
issuing cards not denominated in GBP
would not have any additional liability.
Accommodates the UKCA transaction
model by allowing the transit agency
to submit a clearing message at the
end of every day on which the card
incurred transit spend (subject to either
an approved authorization message or a
declined authorization message and the
spend being up to and including GBP
6.00).
Therefore, there may be multiple clearing
messages submitted between successive
authorizations for the same card.
9-131
Authorization Services Details
MasterCard Transit Transactions

ATC Update Request

Authorization Request/0100 messages containing DE 61 (Point-of-Service [POS]
Data), subfield 7 (POS Transaction Status), value 6 (ATC Update) are used to
notify the issuer of the most recent ATC (Application Transaction Counter)
value for the PayPass card or device.

All ATC Update authorization requests will have a zero value for the transaction
amount. ATC update transactions may be sent on a regular basis, and issuers
must ensure that these transactions do not affect the issuer’s velocity checks. In
addition, issuers should authorize these transactions using DE 39 (Response
Code), value 00 (Approved or completed successfully) or 85 (Not declined), or
decline these transactions using DE 39, value 05 (Do not honor) based on the
fact that the ATC provided is within or outside of the issuer’s ATC tolerance.

For approved transactions where the application cryptogram has been

successfully validated, issuers should keep a record of the “last seen ATC”
and set a feasible range. Subsequent transactions received which contain an
ATC outside of this range should be treated as suspicious, but should not be
routinely declined.

Acquirers supporting merchants that implement the MasterCard PayPass

aggregated models may support zero amount Application Transaction Counter
(ATC) update Authorization Request/0100 messages to notify issuers of the most
recent ATC values for the offline cardholder aggregation activity.

Transit Debt Recovery Transactions

Today, transit merchants typically work solely in a pre-paid environment in
which the passenger purchases a ticket or a prepaid balance prior to travel.
With transit merchants migrating to open loop payments where the card
presented for payment is also used as a token at the point of entry, transit
merchants may take some risk in allowing a cardholder to travel before
receiving payment for his or her travel or even knowing if the account linked to
the card being presented for travel is in good standing.

MasterCard Rules allow transit merchants to recover an amount owed to

them (a transit debt recovery transaction) following a declined authorization
request. A transit debt recovery transaction occurs when transit fare spend has
been incurred, in granting a PayPass card access to travel, and as a result of
the issuer declining the authorization request, the transit merchant is initially
unable to collect payment for the fare spend. When this situation occurs, the
transit merchant may add the card to a Deny List, thereby blocking that card
from access to travel until such time as the money owed by the cardholder has
been recovered.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-132 27 November 2013 • Authorization Manual
 Authorization Services Details
MasterCard Transit Transactions

A mechanism in which a cardholder’s debt is cleared in order for the cardholder

to access the transit system to resume travel is through debt recovery
transactions. The PayPass Transit Rules create the opportunity for this situation
to arise:

• Post-authorized aggregated (Global)

• Authorized aggregated split clearing (U.K. and Republic of Ireland only
• Post-authorized aggregated Maestro
• Any other transit implementation where the cardholder is allowed to travel
prior to the authorization taking place (deferred authorization)

There are several methods of debt recovery that a transit merchant can
implement and each method allows debt recovery transactions to recover a
debt from a card or device.

Support for U.K. Transit Transactions

Effective April 2012, MasterCard® and Maestro® PayPass™ customers that
choose to implement PayPass cards and devices in the U.K. must process
transit transactions according to the “U.K. Cards Association Transit Transaction
Model,” published in U.K. and Republic of Ireland Operations Bulletin , No.
6 7 September 2011 and “Revised Standards for MasterCard PayPass Transit
Transactions in the UK,” U.K. and Republic of Ireland Operations Bulletin No.
8, 6 September 2012.

All MasterCard PayPass issuers globally (excluding those in the U.K.) will
begin to process transactions according to global PayPass Transit Rule 8.7.1
in MasterCard Rules.

Customers must ensure that their contactless cardholders are able to use their
cards successfully for travel on public transport operated by Transport for
London and other U.K. transit operators.

The U.K. Transit Transactions Issuer Implementation Guide provides

information about the U.K. Cards Association Transit Transaction Model. The
scope of the implementation guide is limited to PayPass transactions processed
according to the Authorized Aggregated Split Clearing Model in the U.K. on
U.K. issued cards. In addition, the guide provided the following implementation
information:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-133
Authorization Services Details
MasterPass Transactions

• U.K. Cards Association Transit Transaction Model

• Relevant MasterCard Rules
• Technical and business information on the transaction model, including:

– Transaction flow
– Implications and implementation requirements for card issuers—Liability
and risk implications of the transaction model
– Authorization and clearing messages
• Dispute processing

The U.K. Transit Transactions Issuer Implementation Guide and the U.K. Transit
Terminal Simulator Test Tool can be accessed on the PayPass Information
Management System on MasterCard Connect.

PAN-Association Requirements for Transit

Issuers that issue alternate account numbers for PayPass and respond to
Authorization Request/0100 messages from MCCs 4111, 4131, 4784, and 7523
must provide the following values in DE 48 (Additional Data—Private Use),
subelement 33 (PAN Mapping File Information) when sending the Authorization
Response/0110 message.

• Subfield 1 (Account Number Indicator), value E (Embossed Account

Number Provided by Issuer)
• Subfield 2 (Account Number), embossed PAN
• Subfield 3 (Expiration Date), expiration date of the embossed PAN

For issuers participating in the MasterCard® PayPass™ Mapping Service,

the Authorization Platform will provide these values on their behalf in the
authorization response messages. This helps ensure that the pre-purchased
fares by cardholders using the embossed PAN are properly associated with their
turnstile requests. This will also help ensure proper customer service.

Acquirers processing for merchants belonging to MCC 4111, 4131, 4784, and
7523 must provide the DE 48, subelement 33 details when present in the
authorization response message back to the merchants belonging to these
MCCs upon their request.

MasterPass Transactions
MasterPass™ is a secure and convenient method for consumers to conduct
e-commerce wallet transactions or transactions originated from other wallets.
MasterPass enables e-commerce merchants to convert browsing customers into
buyers by providing a fast, convenient, and secure checkout experience.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-134 27 November 2013 • Authorization Manual
 Authorization Services Details
Member-defined Data

How It Works

The following information provides a high-level overview of the MasterPass

wallet transaction process:

1. The consumer clicks the Buy with MasterPass button on a merchant’s

website to go the MasterPass sign-in page.
2. The consumer chooses the integrated MasterPass digital wallet he or she
wants to use, and then successfully completes authentication.
3. The consumer selects the preferred payment card and shipping address.
4. MasterPass securely transfers the consumer’s payment and shipping
information to the merchant’s website confirmation page, where the
merchant completes checkout process.
5. The consumer’s payment information is submitted to the merchant’s
acquirer for processing.

Authorization Processing

MasterPass transactions submitted to the MasterPass platform for processing are

identified by DE 48 (Additional Data—Private Date), subelement 26 (Wallet
Program Data), subfield 1 (Wallet Identifier) containing a three-digit value.

MasterPass transactions are identified in the following messages:

• Authorization Request/0100
• Authorization Advice/0120—Acquirer-generated
• Authorization Advice/0120—System-generated

The data values are generated by the MasterPass platform and passed to the
merchant along with the consumer’s checkout information (for example, card
credentials, shipping address, and email address).

There will not be an edit to determine if these values are present; however, if a
value exists, it will be validated and rejected if it consists of special characters,
all zeros, or spaces.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Member-defined Data
MasterCard allows customers to exchange as many as 199 bytes of
member-defined data to and from another customer in authorization messages.

Customers may use member-defined data to transmit information such as:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-135
Authorization Services Details
Merchant Advice Codes

• Loyalty program information

• Promotional information
• Details about a purchase or money transfer
• Any other business-related data

Structure of Member-defined Data

Acquirers may provide as many as 199 bytes of member-defined data in DE 124

of the Authorization Request/0100 message.

Issuers may provide as many as 199 bytes of member-defined data in DE 124

of the Authorization Request Response/0110 message. Issuers will receive
DE 124 in Authorization Advice/0120 messages if DE 124 was present in the
Authorization Request/0100 sent by the acquirer and the transaction was
processed by Stand-In, Limit-1, or X-Code processing.

The Authorization Platform will not edit the content of DE 124 as long as it is
alphanumeric/special character data and is only as many as 199 bytes in length.
The Authorization Platform will limit the length of the member-defined data
in DE 124 to 199 bytes in Authorization Request/0100 messages and 199 bytes
in Authorization Request Response/0110 messages.

For additional details on providing member-defined data in DE 124, see the

Customer Interface Specification manual.

Merchant Advice Codes

MasterCard supports the use of Merchant Advice codes for issuers to
communicate clearly with merchants.

• The reason for approving or declining a transaction

• The actions merchants can take to continue to serve their customers

Issuers can use Merchant Advice codes to provide specific direction to acquirers.

DE 48, Subelement 84 Values

Issuers can use the following values to indicate Merchant Advice codes in
Authorization Request Response/0110 messages, DE 48, subelement 84.

Value Description
01 New Account Information Available
02 Cannot Approve at This Time
03 Do Not Try Again
21 Recurring Payment Cancellation Service (Authorization System use only)

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-136 27 November 2013 • Authorization Manual
 Authorization Services Details
Merchant Advice Codes

Common DE 39 Values
The following table lists the most common values for DE 39 that issuers send in
conjunction with the Merchant Advice codes.

Value Description
00 Approved
05 Do not honor

14 Invalid card number

51 Insufficient funds/over credit limit

54 Expired card

DE 48, Subelement 84 with DE 39

In conjunction with existing values in DE 39 in Authorization Request
Response/0110 messages, issuers should use the Merchant Advice codes
provided in DE 48, subelement 84 to communicate which actions merchants
can take to best support cardholders.

The following table provides examples of how issuers and acquirers should use
the combination of DE 48, subelement 84 and DE 39.

DE 48, Merchant Suggested

subelement Advice Examples of Merchant
DE 39 84 Description Reasons Action
00 01 New account • Expired card Obtain new
05 information account
available • Account information
14 upgrade before next
51 billing cycle
• Portfolio sale
54
• Conversion
51 02 Cannot Approve • Over credit limit Recycle
at This Time transaction 72
• Insufficient hours later
funds

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-137
Authorization Services Details
Mobile Remote Payments

DE 48, Merchant Suggested

subelement Advice Examples of Merchant
DE 39 84 Description Reasons Action
05 03 Do not try again • Account closed Obtain another
14 type of payment
• Fraudulent from customer
51
54
05 21 Recurring Cardholder canceled Do not submit
Payment agreement
Cancellation
Service
(Authorization
System use only)

Mobile Remote Payments

Mobile Remote Payments is a payment functionality that is initiated by
an enrolled cardholder from the cardholder’s mobile device to facilitate a
transaction through a service manager.
NOTE
Applies only in countries where Mobile Remote Payments transactions are
supported. The applicability in a country to support this functionality will be
announced in a regional bulletin, a country-specific bulletin, or both.

A cardholder may choose to enroll in a remote payment service that is accessed

using a mobile device, which is a cardholder-controlled mobile phone that has
been registered with the cardholder’s issuer and which is used for entry of the
cardholder’s PIN or mobile-specific credentials.

Acquirer and Issuer Domains

The Mobile Remote Payments program is structured into two primary domains,
the acquirer domain and the issuer domain. For both domains, the service
manager role is central to the delivery of the Mobile Remote Payments program.
The following information describes the business functions related to the
service manager role.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-138 27 November 2013 • Authorization Manual
 Authorization Services Details
Mobile Remote Payments

• Acquirer Domain—In the acquirer domain, the Service Manager acts on

behalf of acquirers. The role of Service Manager may be filled by an
acquirer or by a third-party registered with MasterCard by the acquirer as its
Service Provider. Liability does not shift from merchants to issuers under
the acquirer domain as cardholder verification is performed either by the
acquirer or by the Service Manager acting on behalf of the acquirer.
• Issuer Domain—In the issuer domain, the Service Manager acts on behalf
of issuers. The role of Service Manager may be filled by a third-party
registered with MasterCard by the issuer as its Service Provider. Liability
shifts from merchants to issuers under the issuer domain as cardholder
verification is performed either by the issuer or by the Service Manager
acting on behalf of the issuer.

Customer Requirements

To process Mobile Remote Payments transactions:

• Issuers may use a service manager to provide the Mobile Remote Payments
program services.
• Acquirers may use a service manager to provide the Mobile Remote
Payments program services.
• All issuers must be able to receive and process all Mobile Remote Payments
data present in Authorization Request/0100 messages.
• All acquirers must properly identify Mobile Remote Payments transactions
in Authorization Request/0100 messages, and receive and process Mobile
Remote Payment transaction Authorization Request Response/0110
messages.
• Mobile Remote Payments transactions have a zero floor limit and must be
authorized by the issuer or its agent.

To Participate

Issuers and acquirers must register with MasterCard to participate in the Mobile
Remote Payments program, as described in the Mobile Remote Payments
Program Guide.

For More Information

For more information about:

• Operational processes, security requirements, and guidelines for the Mobile

Remote Payments program, see the Mobile Remote Payments Program
Guide.
• Supporting data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-139
Authorization Services Details
Partial Approvals

Partial Approvals
The partial approval enables an issuer to approve a portion of the transaction
amount in the authorization request when the transaction amount exceeds the
amount of funds available on the debit card or prepaid card and the merchant
terminal supports partial approvals.

An issuer can choose to provide a partial approval response amount that is less
than or equal to the requested amount. An issuer can provide a partial approval
response equal to the amount requested when the cardholder’s account does
not have a sufficient balance to cover any allowed amount over the requested
amount for tips or service charges. The following scenario demonstrates the
successful completion of a partial approval equal to the requested amount.

A cardholder pays USD 50 at a restaurant with a debit card that has an available
balance of USD 50. The gratuity allowance for the restaurant MCC transaction
is 20 percent. The issuer may use a partial approval response in the amount
of USD 50 to indicate there are no additional funds and to obtain chargeback
protection for any clearing amount submitted above USD 50 that was partially
approved. The merchant must request another form of payment for any amount
the cardholder may want to provide.
NOTE
For automated fuel dispenser (AFD) transactions (MCC 5542), an issuer may
respond with a partial approval amount that is less than, equal to, or greater
than the requested amount.

When the acquirer transmits an indicator in the authorization request that

the merchant terminal supports partial approvals, the issuer has the option
to respond with the partial approval amount and partial approval response
code. The cardholder can then choose to use a supplemental payment method
(split tender) to pay the balance and complete the purchase when the final
transaction amount exceeds the partial approval amount.

All Debit MasterCard® card issuers (including prepaid) in the U.S. region must
support partial approvals and updates to the cardholder's open-to-buy balance
upon receipt of a reversal (full or partial).

All acquirers in the U.S. region that support merchants within select card
acceptor business codes (MCCs) must support partial approvals for all Debit
MasterCard® account ranges, including all prepaid Debit MasterCard account
ranges. This requirement applies only to card present transactions occurring at
attended terminals and at cardholder-activated terminals (CATs) identified with
MCC 5542 (Fuel Dispenser, Automated).

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-140 27 November 2013 • Authorization Manual
 Authorization Services Details
Partial Approvals

Effective in 2020 with Release 20.Q2, issuers must support partial approvals
for Debit MasterCard, Maestro, and prepaid MasterCard card account ranges.
The acquirer of a merchant included in any of the MCCs listed in “Effective
Dates for Acquirer Mandate to Support Partial Approvals and Account Balance
Responses Globally” (for card present transactions conducted at attended
terminals only) must support account balance responses for all prepaid card
account ranges (MasterCard, Debit MasterCard, and Maestro). Acquirers in
the United Kingdom must support account balance response for prepaid card
account ranges (MasterCard, Debit MasterCard, and Maestro) by 2014 (Release
14.Q2). MasterCard reserves the right to expand the number of markets that
may be required to support prior to 2020.

Benefits

The partial approval feature:

• Enables merchants and cardholders to successfully complete a higher

percentage of debit card (including prepaid) purchases.
• Reduces checkout time when the cardholder uses a debit card (including
prepaid) with an available balance that is less than the transaction amount.
• Provides acquirers to manage their financial risk by enabling them to only
accept the approved amount, followed by a request for a different type of
payment for a tip or service charge amount.
• Allows issuers to use the current chargeback rules to prevent the approval
amount from exceeding the cardholder’s available balance. To use the
chargeback rights, issuers will be required to respond with a partial
approval amount that is less than or equal to the requested amount.

How It Works

When a merchant terminal indicates support of partial approval transactions,

the acquirer sends an Authorization Request/0100 message containing DE 48
(Additional Data—Private Use), subelement 61 (POS Data, Extended Condition
Codes), subfield 1 (Partial Approval Terminal Support Indicator), value 1
(Merchant terminal supports receipt of partial approvals).

When a merchant terminal indicates support of partial approval transactions

and the cardholder's open-to-buy balance does not cover the full transaction
amount, the issuer may respond to the authorization request with an
Authorization Request Response/0110 message containing data elements
necessary for a partial approval response, with DE 6 (Amount, Cardholder
Billing) representing the cardholder's available purchase amount:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-141
Authorization Services Details
Payment Transactions

• DE 6 (Amount, Cardholder Billing) with the partial approval amount

specified in the issuer's cardholder billing currency
• DE 38 (Authorization ID Response)
• DE 39 (Response Code), value 10 (Partial Approval)
When the issuer responds with DE 39, value 10 and the transaction is an
AFD transaction, the amount in DE 6 may be less than, greater than, or
equal to the requested amount in DE 6 of the Authorization Request/0100
message.
• DE 51 (Currency Code, Cardholder Billing)

Upon receipt of a partial approval, acquirers often send a balance due message
to the integrated terminal. This message indicates the difference between the
original purchase amount and the partial amount approved by the issuer. By
displaying the remaining balance due amount, the cashier can quickly and
accurately prompt the consumer to complete the split-tender purchase.

Acquirers should also advise the merchant of a partial approval that is equal to
the request amount, so that the merchant does not add any gratuity.

Alternate Processing

The Stand-In processing and X-Code processing do not provide partial approval
responses to authorization requests because these systems do not maintain
card balances.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Payment Transactions
A Payment Transaction facilitates the movement of funds between two
parties—a payer (sender) and a payee (recipient). This transaction can be used
to support several business opportunities, such as person-to-person payments,
merchant rebates and rewards, loading value to a debit or prepaid account, or
issuer rebates and rewards.

The Payment Transaction is identified by DE 3 (Processing Code), subfield 1

(Cardholder Transaction Type Code), value 28 (Payment Transaction), DE 48
(Additional Data—Private Use), Transaction Category Code (TCC), value P
(Payment Transaction), and the presence of DE 48, subelement 77 (Payment
Transaction Type Indicator).

Payment Transactions are identified in the following messages:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-142 27 November 2013 • Authorization Manual
 Authorization Services Details
Payment Transactions

• Authorization Request/0100
• Authorization Advice/0120—System-generated
• Reversal Request/0400
• Reversal Advice/0420

Using the Payment Transaction Type indicator, acquirers can identify specific
types of Payment Transactions in authorization messages. DE 48, subelement
77 will contain one of the following values:

• C01—Person-to-Person
• C02—Rebate
• C03—Load Value
• C04—Gaming Re-pay (available to Europe region customers only)
• C05—Payment Transaction for a reason other than those defined in values
C01–C04
• C06—Payment of a Credit Card Balance with cash or check
• C07—MasterCard MoneySend
• C09—Card Activation (available for Private Label card programs in the
Europe region only)

For information about:

• Payment Transaction type indicator value C04 used to support Gaming

Payment Transactions (available to Europe region customers only), see
“Gaming Payment Transaction Processing in the Europe Region.”.
• Payment Transaction type indicator value C07 used to support the
MasterCard® MoneySend™ Payment Transaction, see “MasterCard
MoneySend Payment Transactions.”
• Payment Transaction type indicator value C09 used for activation of private
label prepaid cards at the point-of-sale terminal, see “Activation and Initial
Load of Private Label Prepaid Cards.”

Payment Transaction Mandate

MasterCard has mandated that all acquirers and issuers support Payment
Transactions.

Acquirers must support Payment Transactions according to the specifications

documented in the Customer Interface Specification manual.

Issuers that have legal restrictions that prevent them from receiving authorization
requests for Payment Transactions can request to block Payment Transactions.
For issuers that meet this criteria, see “Payment Transaction Blocking.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-143
Authorization Services Details
Payment Transactions

Effective 19 April 2013, the following requirements apply to issuers in Italy.

• An issuer must support, process, and provide a valid authorization response

to each Payment Transaction authorization request received, for all prepaid
MasterCard®, Debit MasterCard® (including prepaid), and Maestro® card
programs and all MasterCard charge card programs (revolving credit card
programs are excluded).
• Except with respect to non-reloadable prepaid cards, an issuer must not
automatically decline Payment Transactions.

For all other issuers, issuers can approve or decline Payment Transactions at
their discretion.

For information about Payment Account Status Inquiry (Payment ASI)

transactions, see “Payment Account Status Inquiry.”

Payment Transaction Blocking

Issuers that have legal restrictions that would prevent their participation in
Payment Transactions can request to block Payment Transactions by completing
and submitting the Payment Transaction Blocking Form (Form 530).

MasterCard must approve all issuer requests to block Payment Transaction

authorizations.

For account ranges that issuers have arranged to have blocked, the Authorization
Platform rejects Payment Transactions containing any account number within
the account range listed in the Payment Transaction Blocked BIN file. The
Authorization Platform returns a response code of “Transaction not permitted
to issuer/cardholder” (DE 39 = 57) to the acquirer.

Issuers can block Payment Transaction authorizations at the account number

range level (as many as 11 digits).

Optional Acquirer Use of the Payment Transaction Blocked BIN File

Acquirers also have the option to receive the Payment Transaction Blocked BIN
file (T114 [Payment Transaction Blocked BIN File] and T115 [Test—Payment
Transaction Blocked BIN File]) and may deny Payment Transactions to
cardholders with accounts in the blocked account ranges.

Alternate Processing
Customers can choose to use Stand-In processing for Payment Transactions.
Customers cannot use Limit-1 processing or X-Code processing for Payment
Transactions.
NOTE
MasterCard does not encourage customers to use Stand-In processing for
Payment Transaction authorizations.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-144 27 November 2013 • Authorization Manual
 Authorization Services Details
PIN Management Services

Stand-In Processing

If customers choose to use Stand-In processing for Payment Transaction

authorizations, MasterCard recommends that customers use discretion for these
transactions.

Parameters

Issuers may specify Stand-In processing parameters for Payment Transactions,

including TCC global parameters and expanded parameter combinations with
a TCC of P. The minimum/default value for Payment Transaction limits in
Stand-In processing is USD 0.
NOTE
Stand-In processing declines Payment Transactions for issuers that do not specify
a higher Stand-In processing limit for Payment Transactions. To set higher
Stand-In processing limits, use the Stand-In Processing Worksheet (Form 041) to
submit your requested limits.

Velocity Testing

Stand-In processing does not accumulate Payment Transaction activity for

velocity testing. Stand-In processing does not add Payment Transactions to the
cumulative number of approved transactions allowed or to the cumulative
approved amounts allowed by the issuer.

Limit-1 Processing

Limit-1 processing cannot be established for Payment Transactions.

X-Code Processing

Acquirer MIP X-Code processing will not approve Payment Transactions.

When X-Code processing processes the authorization, it will generate an

authorization response of “refer to card issuer” (DE 39 = 01) for the Payment
Transaction. During acquirer host X-Code processing, the acquirer must issue
a “refer to card issuer” response to the merchant for Payment Transaction
authorizations.

PIN Management Services

MasterCard supports two PIN management services.

• Chip PIN Management Service—Supports both PIN change and PIN unblock
functionality
• Magnetic Stripe PIN Management Service—Supports PIN change
functionality only

Issuers that participate in the Chip PIN Management Service also must support
the Magnetic Stripe PIN Management service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-145
Authorization Services Details
PIN Management Services

Acquirers in the Europe region that process dual message transactions and that
participate in the PIN Management service may optionally choose to support
PIN change transactions for magnetic stripe cards.

Chip PIN Management Service

The Chip PIN Management service allows cardholders to perform the following
transactions at ATMs that support MasterCard, Maestro, or Cirrus chip cards.

• PIN change—Allows cardholders to change the PIN code on their chip card.
• PIN unblock—Allows cardholders to unblock the PIN code on their chip
card by resetting the PIN try counter.

The Chip PIN Management service is available only to full grade acquirers
and chip grade issuers. For example, the Chip PIN Management service is
not available for:

• Magnetic stripe-only cards.

• Transactions initiated with a chip card using magnetic stripe technology.
• Issuers that use the Chip to Magnetic Stripe Conversion service.
NOTE
Only Europe region acquirers are allowed to submit PIN change and PIN unblock
transactions to the Dual Message System.

The Chip PIN Management service is an optional service.

Chip PIN Management Transactions

A cardholder can request a PIN change or PIN unblock only if submitting a valid
online PIN. The online PIN is always transmitted to the issuer for validation.
NOTE
Participating issuers must define their own policies for handling forgotten PINs.

PIN Change Process

1. The cardholder enters a valid, online PIN at an ATM that supports

MasterCard, Maestro, or Cirrus chip cards.
2. The cardholder must enter the new PIN twice. The ATM/acquirer compares
the two new PIN blocks and sends a single encrypted new PIN block in
DE 125 along with the old PIN encrypted in DE 52 to the issuer as part
of the authorization request.
3. The ATM initiates an EMV chip transaction with the card requesting an
Application Cryptogram (AC) for a transaction value of zero, unless an
access fee has been applied by the acquirer for an ATM transaction in
countries where application of an ATM access fee is allowed.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-146 27 November 2013 • Authorization Manual
 Authorization Services Details
PIN Management Services

4. The acquirer sends the issuer an Authorization Request/0100 message

containing DE 3, subfield 1, value 92 and the data from steps 2 and 3.
5. The issuer validates the online PIN and cryptogram, and then checks any
other required information (for example, whether the “unblock PIN” status
is set for the card in their system).
6. The issuer sends an Authorization Request Response/0110 message
containing DE 39 (Response Code), which indicates whether to approve or
decline the request. If the issuer approves the request, the 0110 message
contains DE 39, value 85 (Not declined). In addition, the 0110 message may
contain DE 55 with an issuer script. The issuer script contains instructions
to the chip card:

• If the issuer approves the PIN change request, the script message
instructs the chip card to change the PIN on the card.
• If the issuer declines the PIN change request, the issuer may optionally
provide additional instructions to the chip card (for example, to block
the card or the card application) using the related script.
7. The ATM confirms the status of the cardholder’s request and the transaction
is complete (that is, the script is applied successfully to the card). The
cardholder will be advised if the transaction did not complete properly so
that the cardholder understands the status of his or her card.
NOTE
For PIN change requests, it is important that incomplete transactions are
properly reversed. A Reversal Request/0400 message must be initiated when
the issuer times out or when the script is not successfully processed by the
card. If not, there is a risk that the offline PIN on the card, the online PIN in the
issuer host system, and the PIN thought to be correct by the cardholder become
unsynchronized.

PIN Unblock Process

1. The cardholder enters a valid, online PIN at an ATM that supports

MasterCard, Maestro, or Cirrus chip cards.
2. The ATM initiates an EMV chip transaction with the card, requesting
an Application Cryptogram (AC) for a transaction value of zero, unless
an access fee has been applied by the acquirer for an ATM transaction
in countries where application of an ATM access fee is allowed. The
Authorization Request/0100 message must include DE 52 to transmit the
online PIN.
3. The issuer validates the online PIN and cryptogram, and then checks any
other required information (for example, whether the “unblock PIN” status
is set for the card in their system).
4. The issuer generates an Authorization Request Response/0110 message
containing DE 39 (Response Code) that indicates whether to approve or
decline the request. If the issuer approves the request, the 0110 message
contains DE 39, value 85 (Not declined). In addition, the 0110 message
will contain DE 55 with the system-generated Authorization Response

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-147
Authorization Services Details
PIN Management Services

Cryptogram (ARPC). Depending on the card application, DE 55 may contain

an issuer script. The script message contains instructions to the chip card:

• If the issuer approves the PIN unblock request, the script message
instructs the chip card to unblock the PIN on the card.
• If the issuer declines the PIN unblock request, the issuer may optionally
provide additional instructions to block the chip card (for example,
block the card or the card application) using the related issuer script.
5. The ATM confirms the status of the cardholder’s request and the transaction
is complete.
The cardholder will be advised if the transaction did not complete properly
so that the cardholder understands the status of his or her card.

Alternate Processing

The Authorization Platform does not support alternate processing via an

alternate issuer host, the Stand-In System, or X-Code Processing for Chip PIN
Management transactions.

Authorization Reports

The following reports provide information that supports the Chip PIN
Management service:

• The Authorization Parameter Summary Report (SI737010-AA) includes a

Chip PIN Management participant parameter in the Global Parameters
section.
• The Authorization Summary Report (AB505010-AA) includes the Chip PIN
Management Service values in the Response Code “Decline” category.

For a sample of the Authorization Summary Report (AB505010-AA) and

Authorization Parameter Summary Report (SI737010-AA), see “Reports.”

Acquirer Requirements

Acquirers using the service are responsible for:

• Offering the PIN change option on their ATMs for chip cards.
• Offering the PIN unblock option on their ATMs for chip cards.
• Implementing the appropriate dialog between ATMs, chip cards, and
cardholders to support the Chip PIN management options.

Acquirers must ensure that the new PIN entered by the cardholder is correct.
The new PIN is entered twice at the ATM, and the two encrypted PIN blocks
must be compared either at the ATM or in the acquirer system. Acquirers only
send one new encrypted PIN block to the issuer. If the two PIN blocks do not
agree, the acquirer should invite the cardholder to re-enter their new PIN twice.

Acquirers must follow the normal EMV transaction flow at the ATM. The ATM is
not expected to process the offline PIN in any way.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-148 27 November 2013 • Authorization Manual
 Authorization Services Details
PIN Management Services

Acquirers must support script messages of any length, up to the maximum

of 128 bytes.

Acquirers must ensure that the cardholder is accurately advised of the outcome
of the PIN change or unblock transaction whether successful or not. This advice
must take into account the response from the issuer, the network, and/or the
response from the chip card once the script has been delivered to the terminal.

Acquirers send a Reversal Request/0400 message when the issuer times out or
when the script is not successfully processed by the chip card.

Issuer Requirements

Issuers using the Chip PIN Management service must validate the ARQC
(Authorization Request Cryptogram) transmitted in the Authorization
Request/0100. Issuers should also check that the:

• Transaction amount is zero, unless an access fee has been applied by the
acquirer for an ATM transaction in countries where application of an ATM
access fee is allowed.
• ATC (Application Transaction Counter) is greater than the last one received.

An Authorization Request/0100 for a PIN unblock transaction may contain an

AAC (Application Authentication Cryptogram) instead of an ARQC (depending
on the issuer chip card application and card setup). The issuer must carry out
the same validation checks on the AAC.

To Participate

Participating issuers and acquirers must notify MasterCard to participate in the

Chip PIN Management service. To request participation, contact the Customer
Operations Services team.

Acquirers and issuers must complete the PIN Management Service Request
(Form 888), and provide the form to the Customer Operations Services team.

When the acquirer does not participate in the PIN Management service,
the Authorization Platform sends the acquirer an Authorization Request
Response/0110 message containing DE 39 (Response Code), value 58
(Transaction not permitted to acquirer/terminal). When the issuer does not
participate in the service, the Authorization Platform sends the acquirer an
Authorization Request Response/0110 message containing, DE 39, value 57
(Transaction not permitted to issuer/cardholder).

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-149
Authorization Services Details
PIN Management Services

Magnetic Stripe PIN Management Service

MasterCard® credit, Debit MasterCard®, Maestro®, or Cirrus® cardholders can
change their PINs at any participating ATM for non-chip (magnetic stripe) cards
that originate from the MasterCard Network.

Issuers that currently support PIN change for chip cards must support receiving
PIN change transactions for magnetic stripe cards. Acquirers in the Europe
region that currently support PIN change for chip cards and process dual
message transactions may optionally choose to support PIN change transactions
for magnetic stripe cards.

PIN Change Process

Participating acquirers in the Europe region that process transactions through

the Dual Message System and issuers that choose to support ATM PIN change
for magnetic stripe cards must process Authorization Request/0100 messages
containing:

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code),

value 92 (PIN Change)
• DE 3, subfields 2 (Cardholder “From Account” Type Code) and 3
(Cardholder “To Account” Type Code), value 00 (Default Account [not
specified or not applicable])
• DE 4 (Amount, Transaction) must contain a value of zero for PIN change
transactions. When ATM transaction fees are allowed, DE 4 may have
a value other than zero. In this case, the amount in DE 28 (Amount,
Transaction Fee) is included in DE 4.
• DE 22 (Point-of-Service [POS] Entry Mode), subfield 1 (POS Terminal PAN
Entry Mode) may contain a value of either:

– 02 (PAN auto-entry via magnetic stripe—track data is not required).

Value 02 is acceptable, as long as the track data is present.
– 90 (PAN auto-entry via magnetic stripe—the full track data has been
read)
• DE 52 (Personal ID Number [PIN] Data)
• DE 125 (New PIN Data) will consist of a binary block containing a derived
encrypted value that corresponds with the cardholder’s new PIN.

PIN Change Transactions

For PIN change transactions, the issuer may respond using one of the following
methods:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-150 27 November 2013 • Authorization Manual
 Authorization Services Details
PIN Management Services

• If the card is a non-chip (magnetic stripe) card or if the card is a chip card
not supporting offline PIN and the issuer approves, the issuer sends an
Authorization Request Response/0110 message containing DE 39 (Response
Code), value 00 (Approved or completed successfully) or DE 39, value 85
(Not declined).
NOTE
When approving a PIN change transaction, MasterCard recommends that
issuers send DE 39, value 85 in the Authorization Request Response/0110
message.
• If the card is a non-chip (magnetic stripe) card or if the card is a chip card
not supporting offline PIN and the issuer declines, the issuer sends an
Authorization Request Response/0110 message containing DE 39, value 70
(Contact Card Issuer), DE 39, value 71 (PIN Not Changed), or DE 39, value
89 (Unacceptable PIN—Transaction Declined—Retry).
• If the card is a chip card supporting offline PIN, the issuer must decline and
send an Authorization Request Response/0110 message containing DE 39,
value 57 (Transaction not permitted to issuer/cardholder).

Issuers that have chip cards personalized with both online and offline PIN must
not approve PIN change transactions when DE 22 (Point of Service [POS] Entry
Mode, subfield 1 (POS Terminal PAN Entry Mode) contains value 80 (Chip
fallback) or value 90. If these transactions are approved, the offline PIN will be
out-of-sync with the online PIN, and subsequent offline transactions may be
declined due to invalid PIN.

If an issuer’s account range participates in Chip to Magnetic Stripe Conversion

or M/Chip Cryptogram Pre-validation on-behalf services, that account range
cannot participate in the Chip PIN Management service, even if the account
range also contains magnetic stripe cards.

Alternate Processing

The Authorization Platform does not support alternate processing via an

alternate issuer host, the Stand-In System, or X-Code System processing for PIN
change transactions performed on magnetic stripe cards.

To Participate

Registration to participate in the Magnetic Stripe PIN Management service is

not required for issuers and acquirers currently participating in the Chip PIN
Management service. However, changes to add or delete account ranges must
be submitted on the PIN Management Service Request (Form 888).

Acquirers in the Europe region and issuers that do not currently support PIN
change transactions, but choose to support PIN change transactions performed
at the ATM for magnetic stripe cards, must complete the PIN Management
Service Request (Form 888). For more information about registration and testing,
contact the Customer Operations Service team.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-151
Authorization Services Details
PIN Processing for Non-Europe Region Customers

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

PIN Processing for Non-Europe Region Customers

The Authorization Platform supports processing of MasterCard purchase
transactions that contain a personal identification number (PIN).

Cardholders may enter a PIN at the point of interaction as an alternative to

signing a sales slip. The information in this section describes processing
capabilities for non-Europe region acquirers and issuers that process through
the MasterCard Network.

For information about PIN processing capabilities for Europe region acquirers
and issuers that process through the MasterCard Network, see “PIN Processing
for Europe Region Customers.”

Acquirer Requirements
Acquirers that choose to support PIN authorization requests must use their
existing MasterCard MIP Authorization Platform interface connections with no
changes in authorization message routing. Acquirers must comply with the
following steps before processing MasterCard purchase transactions that contain
a PIN in Authorization/01xx messages.

1. Determine whether to support static or dynamic PEK exchanges.

The Authorization Platform and customers’ systems use PEKs to encrypt or
decrypt PINs. PEKs provide a secure means of passing PIN information in
Authorization/01xx messages. Acquirers must determine whether they will
support either static or dynamic PEK exchanges. For increased security,
MasterCard strongly recommends using dynamic PEK exchanges.
2. Only acquirers that provide complete and unaltered track data in their
Authorization Request/0100 messages can support PIN processing.
3. Ensure that applicable data elements are present in Authorization
Request/0100 messages. For PIN authorization requests, Authorization
Request/0100 messages must contain the following data elements:

• DE 22 (Point-of-Service [POS] Entry Mode)

• DE 26 (POS PIN Capture Code) (conditional)
• DE 45 (Track 1 Data) or DE 35 (Track 2 Data)
• DE 52 (PIN Data)
4. Ensure the ability to process applicable data elements in Authorization
Request Response/0110 messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-152 27 November 2013 • Authorization Manual
 Authorization Services Details
PIN Processing for Non-Europe Region Customers

For detailed data element descriptions, see the Customer Interface Specification
manual.

Issuer Requirements
Issuers must comply with the following steps before verifying the PINs
in MasterCard purchase transactions that contain a PIN in Authorization
Request/0100 messages.

1. Determine the method for receiving purchase transactions that contain

a PIN from the following options:

• Through a Dual Message System Authorization Request/0100 message

interface—This method is the default method for issuers that currently
receive their MasterCard ATM cash disbursement and ATM balance
inquiry activity using this interface. Static PEKs that are already active
and operational at the Dual Message System will be used for each of
the issuer’s bank identification number (BIN)/card ranges. Issuers may
choose to support dynamic PEK exchanges instead.
• Through a Single Message System Financial Transaction Request/0200
message interface—This method is the default method for issuers that
currently receive their Debit MasterCard® card activity, ATM activity,
or both using this interface. These transactions are identified as
“preauthorization requests” with value 4 in position 7 of DE 61 because
they must be cleared through the MasterCard clearing facility (the
Global Clearing Management System) with all other purchase activity.
PEKs that are already active and operational at the Dual Message System
will be used for each of the issuer’s BIN/card ranges.
2. Determine whether to support dynamic PEK exchanges.
For dynamic PEK exchanges, the Authorization Platform and the issuer must
establish a new single Key Encryption Key (KEK) for all BINs that the issuer
will process. This new KEK must be associated with the issuer’s Member
Group ID that the issuer uses for sign-on, sign-off, and store-and-forward
(SAF) sessions for the associated BINs.
For increased security, MasterCard strongly recommends using dynamic
PEKs.
3. Ensure the ability to process applicable data elements in Authorization
Request/0100 messages.
4. Ensure the ability to process applicable data elements in Authorization
Advice/0120 messages.
5. Ensure the ability to process applicable data elements in Reversal
Advice/0420 messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-153
Authorization Services Details
PIN Processing for Non-Europe Region Customers

NOTE
If an issuer does not comply with the requirements for verifying PIN data, the
Authorization Platform will forward all authorization requests for purchase
transactions that contain a PIN to the issuer with PIN data containing zeros. The
issuer can then make the authorization decision based on other data within the
authorization message.

For detailed data element descriptions, see the Customer Interface Specification
manual.

Stand-In, Limit-1, and Acquirer MIP X-Code Processing

Issuers may choose to have the Authorization Platform verify PIN data
on their behalf. If the Authorization Platform performs PIN verification, it
can perform Stand-In, Limit-1, and X-Code processing using the existing
authorization-qualifying criteria (issuer or MasterCard), when applicable.

If the Authorization Platform does not verify the PIN data and the issuer is
unavailable or unable to process the Authorization Request/0100 message,
the Authorization Platform responds to the acquirer with an Authorization
Request Response/0110 message indicating the issuer could not process the
Authorization Request/0100 message, except in situations where an issuer
chooses to allow transactions with unverified PINs in Stand-In processing. For
more information about the option to allow transactions with unverified PINs in
Stand-In processing, contact the Customer Operations Services team.

Support for Both Acquiring and Issuing Processing

Customers that support both acquiring and issuing authorization processing
may use the same PEK for all purchase transactions that contain a PIN.

To use the same PEK, customers must use the same Customer ID as follows:

• As the Member Group ID for establishing the static PEK or the KEK.
• In DE 32 or DE 33 in all acquired transactions.
• In Member Group ID (DE 2) and DE 33 of the Network Management
Request (PEK Exchange—On Demand)/0800 message.
• In DE 2 of the Network Management Request/0800 group sign-in message.

Authorization Platform Security Requirements

Within the Authorization Platform environment, security includes ensuring
message security and integrity as well as protection against cardholder PIN
disclosure. MasterCard uses secure PIN encryption in the Authorization Platform
to protect all PINs.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-154 27 November 2013 • Authorization Manual
 Authorization Services Details
PIN Processing for Non-Europe Region Customers

Encryption

The approach that the Authorization Platform uses for network security
management is PIN encryption using data encryption standard (DES). Customers
must use Triple DES. The acquirer must send the entered PIN to the Single
Message System, encrypted in an ANSI block format, as illustrated in the ANSI
PIN Block Format diagram.

For more information about PIN encryption, see the Single Message System
Specifications manual.

ANSI PIN Block Format

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-155
Authorization Services Details
PIN Processing for Non-Europe Region Customers

Security

Security using DES depends on the secrecy of the keys used, and therefore
on the management of the keys, as illustrated in the Zone Key Management
diagram. The Authorization Platform implements the “zone” approach rather
than the “end-to-end” approach to key management.

The following table describes the difference between the two types of key
management.

Zone End-to-End

Encryption of data between zones using
a PEK unique to the Authorization
Platform/customer pair. Data that must
be transmitted through several zones
is decrypted and re-encrypted at each
entity. For dynamic PEK exchanges, the
Authorization Platform/customer pair
must also maintain a unique KEK.
Encryption of data between its origination
point and final destination using a key
unique to the end-to-end pair. Data is
encrypted at the source and not decrypted
until reaching the final destination. Each
point of origin must maintain a unique
key for each final destination to which it
transmits, and each final destination must
maintain a unique key for each point of
entry from which it can receive.

MasterCard chose the zone approach instead of the end-to-end approach for
the following reasons:

• Key exchange is required only between issuers and acquirers connected to

the Authorization Platform.
• The approach does not require loading keys to the terminal for every card
that processes MasterCard purchase transactions containing a PIN.

For MasterCard purchase transactions that contain a PIN, all PINs must be
encrypted at the point of entry (the terminal). The PIN remains encrypted until
the issuer receives it for verification. It is translated from one zone’s PEK to
another zone’s PEK as it is passed from one customer to another through the
Authorization Platform. When the customer passes the PIN to the Authorization
Platform, the Authorization Platform translates it using the ANSI PIN block
format. The ANSI PIN block is the only format that the Authorization Platform
supports.

Zone Key Management

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-156 27 November 2013 • Authorization Manual
 Authorization Services Details
PIN Processing for Non-Europe Region Customers

Establishing PEKs

The Authorization Platform shares a PEK with each customer during PIN
transaction processing. The Authorization Platform and customer use ANSI PIN
block formatting for encryption and decryption.

The customer may use the same or a separate PEK for issuing and acquiring
transactions.

PEK Storage

Customers are responsible for safely storing their PEKs by encrypting them
under a proprietary Master File Key using hardware security procedures.
Customers must store PEKs within a Tamper Resistant Security Module (TRSM).

PEK Implementation

When new PEKs are created, the customer has five minutes to implement the
new PEK. During that period, the Authorization Platform attempts decryption
using the previous PEK in the event that the new PEK is in error.

PEK Exchange Methods

The Authorization Platform and customers exchange PEKs in two manners:

statically and dynamically. Acquirers and issuers connected to the MasterCard
Network that are processing MasterCard purchase transactions that contain a PIN
may use either static or dynamic key encryption to translate the PIN in DE 52.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-157
Authorization Services Details
PIN Processing for Non-Europe Region Customers

NOTE
For increased security, MasterCard strongly recommends using dynamic PEKs.

Static PEK

The Authorization Platform and the customer do not exchange the static PEK
online; they create it through a manual (offline) process. Customers must use
the Customer Initiated Key Part Exchange Form (Form 536) to create the static
PEK with MasterCard. The MasterCard and Customer Key Officers1 must adhere
to the strict procedure described in the Single Message System Specifications
manual to establish the static PEK.

Dynamic PEK

The Authorization Platform randomly generates dynamic PEKs for each

customer. Only the Authorization Platform can send a new dynamic PEK;
however, a customer may request a new PEK at any time.

The Authorization Platform will create a new dynamic PEK automatically online
every 24 hours or every 2,500 transactions, whichever occurs first. It will also
create a new dynamic PEK after five consecutive Sanity Check errors.

Establishing KEKs

The Authorization Platform sends new dynamic PEKs online using Network
Management (08xx) messages. The customer must establish the Key Exchange
Key (KEK) with the Authorization Platform before exchanging dynamic PEKs.

The Authorization Platform and the customer use a shared KEK to encrypt and
decrypt each PEK. The Authorization Platform and each customer are jointly
responsible for generating the unique KEKs used to exchange and encrypt PEKs.

Customers must use the Customer Initiated Key Part Exchange Form (Form
536) to create the KEK with MasterCard. The MasterCard and Customer Key
Officers1 must adhere to the strict procedure described in the Single Message
System Specifications manual to establish the KEK.

The Authorization Platform uses the following process to create and

communicate dynamic PEKs:

1. The Authorization Platform uses the KEK to encrypt the new PEK and
check value.
2. The Authorization Platform sends the new PEK to the issuer in an online
Network Management Request (PEK Exchange)/0800 message.
3. The customer validates the check value and loads the new PEK.
4. The customer uses the check values to ensure that the Authorization
Platform generated the new PEK from the same unique KEK established
between the customer and the Authorization Platform.

1. MasterCard recommends that Customer Key Officers not have extensive technical backgrounds.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-158 27 November 2013 • Authorization Manual
 Authorization Services Details
PIN Processing for Non-Europe Region Customers

Sanity Check Errors

The Authorization Platform changes the PEK after five consecutive Sanity Check
errors. Sanity Check errors are those that the PSD detects as possible PEK
corruption by verifying that the cleartext PIN block is in the expected format.

Master Key File

MasterCard recommends that each customer establish a Master File Key (MFK)
to encrypt PEKs and KEKs for secure storage on a database. MFKs work in a
similar manner to PEKs and KEKs in that they are comprised of key parts. Each
customer is responsible to generate and securely maintain its proprietary MFK.

PIN Verification
MasterCard provides a PIN verification service for all purchase transactions
that contain a PIN. There are two PIN verification methods to choose from:
DES/IBM 3624 or ABA.

The PIN verification service is an optional service.

NOTE
Track data must be present for MasterCard to perform PIN verification because
the Authorization Platform must have a means to obtain offset data from the
issuer.

If the issuer chooses to have the Authorization Platform perform PIN

verification, it must provide PIN processing parameters to MasterCard. These
parameters determine placement of PIN verification track data.

If the issuer currently uses the PIN Verification Service that the Single Message
System provides for ATM transactions, the issuer may choose to have the
Authorization Platform perform PIN verification on all PIN-based purchase
activity using the same parameters. Issuers that choose to use the PIN
Verification service must use the PIN Processing Profile Form (Form 269) to
provide their PIN processing Parameters to MasterCard.

PIN Verification in Stand-In Processing

MasterCard provides a PIN verification service for transactions processed
by Stand-In processing that contain unverified PIN data in Authorization
Request/0100 messages. There are two PIN verification methods to choose
from: DES/IBM 3624 or ABA.

The Stand-In System will not perform the PIN Verification Test, unless issuers
participate in a PIN validation service. If no PIN validation is performed on
a transaction, the Stand-In System will bypass the PIN Verification Test and
proceed to the next sequential Stand-In Test.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-159
Authorization Services Details
PIN Processing for Non-Europe Region Customers

Issuers that want MasterCard to perform the optional PIN Verification on

transactions processed by the Stand-In System must participate in a PIN
Pre-validation or PIN Validation in Stand-In service.

Issuers that want MasterCard to verify the PIN provided in DE 52 (Personal ID

Number [PIN] Data) on transactions processed by Stand-In processing must
provide PIN processing parameters to MasterCard.

WHEN the PIN data is… THEN Stand-In processing…

Valid Proceeds to the next appropriate Stand-In processing
test.

Invalid Sends a response of decline in the Authorization

Request Response/0110 message to the acquirer.

MasterCard uses DE 48, subelement 80 (PIN Service Code) and DE 60 (Advice

Reason Code), subfield 2 (Advice Detail Code) in the Authorization Advice/0120
message to communicate the results of the PIN verification test to the issuer.

THEN DE 48, subelement AND DE 60, subfield 2

WHEN… 80 contains… contains…

The PIN is valid PV (the Authorization Not applicable

Platform verified the PIN)
The PIN is invalid PI (the Authorization 0004 (Reject: Invalid PIN)
Platform was unable to
verify the PIN)

The Authorization Platform PI (the Authorization 0030 (Reject: Unable to

is unable to perform PIN Platform was unable to verify PIN data)
verification verify the PIN)

Issuers that want to use the PIN Verification in Stand-In Processing service can
request this service by completing the PIN Processing Profile Form (Form 269)
and by sending the PIN verification keys using the Hard Copy Key Exchange
Form (Form 723).

MasterCard will perform the PIN Verification in Stand-In service using track data
provided in the message, unless the issuer has chosen to participate in the PIN
Verification Value (PVV) on File Service. For more information about the PVV
service, see Debit MasterCard for the Single Message System Guide.

Authorization Report

The Authorization Parameter Summary Report (SI737010-AA) includes a

Stand-In PIN Verification Bypass indicator that identifies whether the Stand-In
System will bypass the PIN Verification Test or perform the PIN Verification Test.

This indicator will be present on the report for all customers, not just those
customers that elect to participate in a PIN validation service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-160 27 November 2013 • Authorization Manual
 Authorization Services Details
Portfolio Sales Support

Portfolio Sales Support

MasterCard offers the following support for customers when they buy or sell a
portfolio.

Service Available for

Full BIN Partial BIN
Service Transfer Transfer

Transfer of BINs from one customer to another. After Ö Ö

MasterCard transfers the BIN, the Authorization Platform
processes all transactions within the BIN under the new
ICA.

Transfer of AMS account listings from one customer to Ö

another. After MasterCard transfers the listings, the new
ICA maintains the listings.

Full BIN Transfer

To transfer an entire BIN from one ICA number to another, contact the Customer
Operations Services team and request support for a portfolio transfer.

You will need to provide the following information:

• Old ICA number

• New ICA number
• Time and date on which the transfer will be effective
• BIN that you are buying or selling

Automatic AMS Transfer

If you are requesting an automatic AMS transfer as part of the BIN transfer,
complete section “e” of the Member Conversion Questionnaire. (The Customer
Operations Services team will provide the questionnaire.)

For examples of the automatic transfer of AMS accounts and for billing
information for that service, see the Account Management System User Manual.

The following table shows the transfer of BINs and AMS accounts.

When it Occurs Description

Before the planned transfer date The customer (new ICA number or old ICA
number) requests support for a portfolio
transfer.

At the time and date when the transfer The Authorization Platform moves
is effective authorization processing from the old ICA
to the new ICA.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-161
Authorization Services Details
Portfolio Sales Support

When it Occurs Description

On the transfer effective date, after the MasterCard automatically transfers the
authorization processing transfer ownership of the AMS accounts from the
old ICA to the new ICA.

On the evening of the transfer effective The Daily Account File Activity Report for
date the new ICA shows the account listings
under the new ICA.

Partial BIN Transfer

To transfer a part of a BIN from one customer to another, notify the Customer
Operations Services team in writing.

You will need to provide the following information:

• Old ICA number

• New ICA number
• Time and date on which the transfer will be effective
• Which portion of the BIN requires the new routing

Transfer Process for a Partial BIN

The following table shows the transfer process for a partial transfer of a BIN.

When it Occurs Description

Before the planned transfer date The customer (new ICA or old ICA)
requests support for the transfer.

At the time and date when the transfer
is effective
• The Authorization Platform routes
authorization requests for the
transferred part of the BIN to the new
endpoint.
• The Limit-1 and Stand-In parameters of
the new ICA number and BIN govern
processing for the transferred part of
the BIN.
• MasterCard bills all issuing
authorization charges to the new
ICA number.
• The new ICA number can add accounts
within the BIN to AMS and to the
Account File.

Fees
The following fees apply to portfolio sales services.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-162 27 November 2013 • Authorization Manual
 Authorization Services Details
Private Label Transaction Processing

Service Fee

Full BIN—Authorization Flat fee, billed to the requesting customer.

Processing

Full BIN—AMS account transfer • Flat fee, billed at ICA number/BIN level
• Per-account fee, billed at the account level
for each account transfer

Partial BIN—Authorization Flat fee per portfolio and BIN, billed to the
Processing requesting customer

The customers involved in the portfolio sale may decide which of them will
receive the charges for the Full BIN—AMS account transfer fees. MasterCard
can bill one customer for both fees, or MasterCard can bill one customer for the
flat fee and another customer for the per-account fee.

Private Label Transaction Processing

The MasterCard Private Label Program leverages the existing MasterCard
payment system infrastructure to provide efficient authorization, clearing, and
settlement services for private label card transactions, in addition to value-added
products and services that issuers may use in conjunction with their private
label programs.

MasterCard has extensive network reach, acceptance, and standardized formats

that provide issuers with a robust network processing solution for private
label card transactions, thereby addressing the infrastructure limitations of a
closed-loop processing model.

In addition to providing a superior private label transaction processing solution,

the MasterCard Private Label Program provides issuers with the ability to
use many of the world-class, value-added services offered by MasterCard.
Issuers may optionally benefit from the array of MasterCard risk management
solutions, enhanced transaction processing services, and portfolio performance
management expertise to facilitate financial improvement of their portfolios.

In conjunction with the Private Label Program, issuers can use the Activation
and Initial Load of Private Label Prepaid Card service, which is provided
exclusively for transactions originating from the approved private label card
portfolios of MasterCard issuers.

Private Label Processing

Under the MasterCard Private Label Program, private label issuers may use
MasterCard account ranges (account range within 51–55) or a reserved Maestro
range. The use of a MasterCard account range on an approved private label
program facilitates the seamless switching of private label transactions via the
four-party model (issuer, acquirer, merchant, MasterCard).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-163
Authorization Services Details
Private Label Transaction Processing

Private Label Account Range Registration

Issuers that participate in the Private Label Merchant Verification Service are
required to register their private label or co-brand proprietary account range
and valid participating merchants for the range.

Two methods of merchant recognition supported for the account range

registration for Private Label Merchant Verification Service are:

• Account range and participating merchants identified by acquirer-assigned

Card Acceptor ID Code (DE 42)
• Account range and participating merchant/corporation identified by a
MasterCard Assigned ID (DE 48, subelement 32)

MasterCard uses this information in the Private Label Merchant Verification

Service to validate the merchants at the private label store locations for the
account.

For more information about identifying participating account ranges and

participating merchants for the Private Label Merchant Verification Service,
contact your MasterCard representative.

Acquirers submitting the transactions as private label that participate in the

Private Label Merchant Verification Service will be notified by their merchant or
the merchant's private label issuer whether to submit the transaction using an
acquirer-assigned card acceptor ID (DE 42) or MasterCard Assigned ID (DE 48
subelement 32). If the acquirer has not been notified to submit the MasterCard
Assigned ID, the acquirer must submit the acquirer-assigned card acceptor ID
(DE 42) with each private label transaction that participates in the Private Label
Merchant Verification Service. When submitting private label transactions using
the MasterCard Assigned ID, acquirers must obtain the ID from their merchant
or private label issuers, or contact their MasterCard representative.

The presence of DE 42 is mandatory in transactions containing DE 3 (Processing

Code), subfield 1 (Cardholder Transaction Type Code), values 00 (Purchase),
09 (Purchase with Cash Back), and 28 (Payment Transaction). However, if the
issuer registers the account range using DE 48, subelement 32 (MasterCard
Assigned ID), DE 48, subelement 32 must be present in addition to DE 42 for
the Merchant Verification service to be performed.
NOTE
The cardholder accounts within the co-brand proprietary account range can
optionally participate in Account Level Management, as well. If participating in
Account Level Management, issuers must adhere to the current Account Level
Management processing rules and must register individual accounts according
to current Account Level Management guidelines.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-164 27 November 2013 • Authorization Manual
 Authorization Services Details
Private Label Transaction Processing

Activation and Initial Load of Private Label Prepaid Cards

The Authorization Platform supports card activation or deactivation requests
between acquirers and private label issuers in the Europe region. Private label
issuers that issue private label prepaid cards can offer card activation and initial
load at the point-of-sale (POS) terminal. This allows issuers to keep prepaid
accounts inactive until an activation request is received from the merchant
and to help reduce fraud by enabling the activation of prepaid cards with or
without a predefined amount.
NOTE
Applies only to the Europe region for private label card programs.

Benefits

The benefits of providing private label issuers with the ability to allow their
cardholders to activate and to set the amount to load on their private label
prepaid cards at the moment of purchase and activation at the POS terminal
are as follows:

• Allows merchants to:

– Activate prepaid cards over the Authorization Platform as cards are

being sold
– Provide refunds to consumers with a private label prepaid card (typically
a gift card) loaded with the full amount of the refund, rather than giving
cash that could be spent at another merchant location.
• Allows issuers to keep prepaid accounts inactive until an activation request
is received from the merchant and to help reduce fraud by enabling the
activation of prepaid cards with or without a predefined amount.
• Provides a security measure to ensure that prepaid cards cannot be used
before activation.

Payment Transaction Type Indicator C09

The Authorization Platform supports Payment Transaction type indicator value

C09 (Card Activation) to specify private label prepaid card activation and initial
load requests.

Authorization Processing

For private label prepaid cards, the Authorization Platform processes one
transaction for both activating and initially loading a card. The activation
request uses an Authorization Request/0100 message with a Payment Type
processing code and a valid amount in DE 4 (Transaction Amount) for private
label prepaid card activation authorization messages. The activation also can
be canceled by a Reversal Request/0400 message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-165
Authorization Services Details
Private Label Transaction Processing

Based on the issuer’s private label prepaid card program, the private label
prepaid cards can be magnetic stripe or chip and may or may not require
the entry of a PIN.

Stages for prepaid card activation at the POS terminal:

1. The cardholder purchases a private label prepaid card and requests to have
it activated at the POS terminal.
2. The merchant enters a request to activate a private label prepaid card from
the POS terminal.
3. The POS terminal sends an Authorization Request/0100 message to the
acquirer.
4. The acquirer forwards the Authorization Request/0100 message via the
MasterCard Network to the issuer for a private label prepaid card activation
request.
5. The issuer validates the request and sends an approval in an Authorization
Request Response/0110 message via the MasterCard Network to the
acquirer. MasterCard suggests private label issuers approve card activation
transactions using response code 00 (Approved or completed successfully).
6. The acquirer delivers the response to the POS terminal.
7. The issuer activates the private label prepaid card on its system.

Acquirers supporting the private label prepaid card activation request message
must be able to send a Reversal Request/0400 message to deactivate the
card if they are not able to deliver the Authorization Request Response/0110
message to the merchant’s terminal or time-out waiting for a response from the
Authorization Platform.

Private label issuers may want to define policies and rules with their merchants
for governing exceptions that may occur during the activation process, such as
what actions to take if there is a decline response.

Alternate Processing

Private label prepaid card activation plus initial load transactions are not eligible
for alternate (Stand-In or alternate issuer host routing) or X-Code processing.
If the primary issuer is not available to respond to a card activation request,
an Authorization Request Response/0110 message is returned to the acquirer
with DE 39 (Response Code), value 91 (Authorization System or issuer system
inoperative).

For More Information

For more information about Private Label programs.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-166 27 November 2013 • Authorization Manual
 Authorization Services Details
Private Label Non-Financial Service

• Supporting data requirements, see the Customer Interface Specification

manual.
• GCMS processing of private label transaction processing, see the GCMS
Reference Manual.

Private Label Non-Financial Service

The Private Label Non-Financial Service leverages the capabilities of the
MasterCard Network in combination with the MasterCard Private Label Program
to offer a non-financial service using the Authorization Platform.

The Private Label Non-Financial Service provides purchase point-of-sale (POS)

information to manufacturers of luxury goods for use in various applications,
such as warranty registration or inventory forecasting.

Authorization Processing

The Authorization Request/0100 message that is triggered by this event includes

all mandatory data elements needed to carry the product information. The
Authorization Request/0100 message, capturing the purchase POS information,
is initiated for purchased goods of participating merchants regardless of what
form of payment was used to purchase the goods.

Product code PVA (Private Label A) is used for identification of POS information
from luxury goods transactions. Product code PVA is set up in account ranges
for authorization processing only. Any clearing messages received with product
code PVA will be rejected.

Alternate Processing

The Authorization Request/0100 message containing value PVA in DE 63

(Network Data), subfield 1 (Financial Network Code) is routed to and declined
by Stand-In processing with a response code of 05 (Do Not Honor) in DE 39
(Response Code). The X-Code System also responds with value 05 in the event
that authorization cannot be obtained from Stand-In processing.

For More Information

For more information about the MasterCard Private Label Non-Financial Service,
contact the Customer Operations Services team.

Promotion Code
The promotion code is an alphanumeric code that customers can include in the
Authorization Request/0100 message.

The promotion code service is an optional service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-167
Authorization Services Details
Proximity Payments

About Promotion Codes

Issuers may decide to offer a promotion to merchants. This promotion may

require issuers to use different authorization criteria than they do with most
transactions. The promotion code allows the issuer to recognize that this
transaction uses the different criteria to determine authorization responses for
transactions that occur at the participating merchants.

MasterCard may also specify other uses of the promotion code. When
MasterCard specifies these other uses, the Customer Interface Specification
manual provides details about them.

How It Works

1. The merchant includes the promotion code when it sends transaction data
to the acquirer.
2. The acquirer sends the promotion code in DE 48 (Additional Data—Private
Use) of the Authorization Request/0100 message to the issuer for the
authorization decision.
3. The issuer can use the promotion code to identify transactions that occur at
a merchant that participates in that issuer’s promotion program.

For details about data requirements, see the Customer Interface Specification
manual.

To Participate

To participate in the Promotion Code service, issuers must notify MasterCard

to participate in this service. To participate, contact the Customer Operations
Services team.

Proximity Payments
The MasterCard Proximity Payments solution, which includes PayPass™ mag
stripe and PayPass™ M/Chip, is part of the global Proximity Payments Program
and is designed to enrich the traditional card with a new contactless interface.

The contactless interface provides cardholder and merchant benefits that are
particularly relevant in environments such as:

• Unattended point-of-service (POS) devices (for example, gas pumps and

vending machines)
• High-traffic environments (for example, quick service and drive-through
restaurants)

Proximity payments do not require cardholders holding a contactless MasterCard

chip card to “swipe” or insert the card into a card reader or terminal. Instead,
cardholders place the contactless card in “proximity” of a specially equipped
merchant terminal to make a payment.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-168 27 November 2013 • Authorization Manual
 Authorization Services Details
Purchase of Goods or Services with Cash Back Transactions

Purchase of Goods or Services with Cash Back Transactions

MasterCard supports Purchase of Goods or Services with Cash Back transactions
for Debit MasterCard® and Maestro® cards. This feature allows acquirers and
issuers to globally process Debit MasterCard non-ATM purchase with cash back
transactions through their MasterCard Network connection. This feature also
allows Europe region acquirers and issuers to additionally process Maestro
non-ATM purchase with cash back transactions through their MasterCard
Network connection.

All issuers of Debit MasterCard and Maestro cards are required to support the
receipt of authorization and reversal requests for Purchase of Goods or Services
with Cash Back transactions. This service is active for all Debit MasterCard
and Maestro account ranges.

Issuers can approve or decline Purchase of Goods or Services with Cash Back
transactions at their discretion.

“Purchase Amount Only” Approval Response Code

DE 39 (Response Code), value 87 (Purchase amount only, no cash back
allowed) provides issuers the option of approving the purchase amount of
the transaction but not the cash back amount on purchase with cash back
transactions.

The Authorization Platform allows acquirers to indicate whether the merchant

terminal supports receipt of the new purchase amount only approval response
code in an authorization message.

DE 39, value 87 only is applicable to purchase of goods or services with cash

back transactions.

The Authorization Request/0100 message must contain:

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code),

value 09 (Purchase with Cash Back)
• DE 48 (Additional Data—Private Use), subelement 61 (POS Data, Extended
Condition Codes), subfield 2 (Purchase Amount Only Terminal Support
Indicator), value 1 (Merchant terminal supports receipt of purchase only
approval).

DE 39, value 87 is an approval code, and applicable in the following messages:

• Authorization Request Response/0110

• Authorization Advice/0120—Issuer-generated
• Reversal Request/0400
• Reversal Advice/0420

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-169
Authorization Services Details
Purchase of Goods or Services with Cash Back Transactions

Alternate Processing
Issuers have the option to choose whether Purchase with Cash Back (PWCB)
transactions are eligible for processing by the Stand-In System. An issuer may
choose to allow PWCB for only PIN–based transactions, only Signature-based
transactions, or allow both PIN and signature-based transactions be processed
by the Stand-In System.

If the issuer identifies that PIN, signature, or both PWCB transactions are not
allowed to be processed by the Stand-In System, the Authorization Platform
declines the transaction using Authorization Request Response/0110 message
containing DE 39 (Response Code), value 91 (Authorization System or Issuer
system inoperative).

If the issuer allows Stand-In processing of PIN-based PWCB transactions, DE

52 (Personal ID Number [PIN] Data) must be present in the Authorization
Request/0100 message. If DE 52 is not present in the authorization request
message, the transaction will be categorized as a signature-based transaction
and processed based on whether the issuer allows signature-based PWCB
transactions to be processed by the Stand-In System.

Stand-In processing refers to the issuer’s Decision Matrix to determine

the authorization response. If an acquirer can process a purchase amount
only response, Stand-In processing may provide an Authorization Request
Response/0110 message containing DE 39 (Response Code), value 87 (Amount
Only, No Cash Back Allowed) when the purchase portion of the PWCB
transaction passes a given limit test and the cash portion fails.

Purchase with Cash Back transactions are not eligible for X-Code processing.
If the transaction cannot be processed by the issuer or the Stand-In System,
the Authorization Platform provides the acquirer an Authorization Request
Response/0110 message containing DE 39 (Response Code), value 91
(Authorization System or Issuer system inoperative).

Reversals of Purchase of Goods or Services with Cash Back

Transactions
MasterCard provides DE 54 (Additional Amounts), subfield 2 (Amount Type),
value 40 (Amount Cash Back) to issuers in the Reversal Request/0400 message
if DE 54, subfield 2, value 40 was contained in the Reversal Request/0400
message from the acquirer.

Acquirers provide DE 4 (Amount, Transaction) in the Reversal Request/0400

message for the full, original amount of the Authorization Request/0100
transaction. With Purchase of Goods and Services with Cash Back transactions,
DE 4 contains the cash back amount, as defined in DE 54.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-170 27 November 2013 • Authorization Manual
 Authorization Services Details
Purchase of Goods or Services with Cash Back Transactions

As with Authorization Request/0100 message processing, the Authorization

Platform will apply an edit to the Reversal Request/0400 message when DE 54,
subfield 2, value 40 is present. In this case, the Authorization Platform checks
to ensure that DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type
Code) contains value 09 (Purchase with Cash Back).

When DE 54, subfield 2, value 40 is not present, the Authorization Platform

performs an additional check to ensure that the Reversal Request/0400 message
contains DE 39 (Response Code), value 87 (Purchase only, no cash back
allowed).

When an acquirer submits a full or partial reversal for a Purchase Amount

Only approval where DE 39 (Response Code) of the Authorization Request
Response/0110 message contains a value of 87, MasterCard recommends that
the acquirer not send DE 54 in the reversal message. If the acquirer intends the
0400 message as a partial reversal, DE 95 (Replacement Amount) will also be
present, containing the adjusted amount of the original authorization.

DE 54, subfield 2, value 40 is the only instance of DE 54 that MasterCard will

forward to issuers in a Reversal Request/0400 message. All other instances
of DE 54 will be removed from the Reversal Request/0400 message before
forwarding the message to the issuer.

DE 54, subfield 2, value 40 also may be included in the Reversal Advice/0420

message.

India Intracountry Cash Back Transactions

MasterCard supports India intracountry Cash Back transactions (that is, Cash
Back without Purchase and Purchase with Cash Back) at the point of sale
(POS) conducted with Debit MasterCard and Maestro cards. This functionality
eliminates the need for acquirers to manage Cash Back processing at the BIN
level on their host systems.

Cash Back without Purchase and Purchase with Cash Back for Debit MasterCard
and Maestro transactions acquired in India are valid only for India domestic
cardholders (that is, cardholders with accounts issued outside of India will be
rejected if they request a cash back transaction).

South Africa Intracountry Cash Back Transactions

MasterCard supports intracountry Debit MasterCard® purchase with cash back
transactions conducted with or without an accompanying purchase at South
African merchant locations.

PIN verification is required for all Debit MasterCard purchase with cash back
transactions conducted without an accompanying purchase.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-171
Authorization Services Details
Real-time Substantiation

Customers that want to implement purchase with cash back transactions

conducted with or without an accompanying purchase for South Africa should
contact the Customer Operations team for guidance and support on the
implementation requirements.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Real-time Substantiation
The Real-time Substantiation (formerly referred to as Auto Substantiation)
service supports substantiation at the point-of-sale (POS) for qualified expenses
incurred on a Flexible Spending Account (FSA) and Healthcare Reimbursement
Arrangement (HRA) cards when used at a merchant with a qualifying Inventory
Information Approval System (IIAS).
NOTE
Applies only to the U.S. region.

Background
Internal Revenue Service Notice 2006-69 requires flexible spending account
plan administrators to block card transactions occurring at non-medical MCCs
(for example, grocery stores, discount stores, wholesale clubs), unless the
merchant has implemented an Inventory Information Approval System (IIAS).

If FSA/HRA plan administrators allowed a transaction to be approved that

contained non-verified and non-eligible merchandise, they run the risk of
having their entire plan disqualified by the IRS. Beginning January 2008 all
grocery stores, discount stores, and online pharmacies that accept FSA debit
cards must reference an IIAS at the point of sale.

Internal Revenue Service Notice 2006-69 also requires strict recordkeeping

of IIAS-processed transactions. Health plan sponsors and administrators
must negotiate agreements with merchants for the merchant to maintain the
transaction amount, date the expense was incurred, and nature of the expense,
and make this information accessible upon request, or alternatively send the
information to the employer, administrator, or other applicable entity.

Affected acquirers are responsible for determining which merchants are

IIAS-compliant, as defined by SIGIS.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-172 27 November 2013 • Authorization Manual
 Authorization Services Details
Real-time Substantiation

Merchant Validation for Real-time Substantiated Transactions

The Authorization Platform performs a real-time authorization check to
ensure that an Authorization Request/0100 message is from an IIAS-compliant
merchant.

The Authorization Platform identifies whether a transaction submitted as

real-time substantiated is coming from a SIGIS (Special Interest Group for
IIAS Standards)-compliant merchant. The Internal Revenue Service (IRS)
placed additional requirements on merchants that do not use a healthcare card
acceptor business code (MCC) to accept healthcare cards requiring transaction
substantiation.

IIAS-Compliant Merchants

MasterCard supports the issuance of MasterCard Assigned IDs for merchants.

To indicate an IIAS-compliant merchant, acquirers must provide DE 48

(Additional Data—Private Use), subelement 32 (MasterCard Assigned ID)
in Authorization Request/0100, Authorization Advice/0120, and Reversal
Request/0400 messages when the transaction is indicated as real-time
substantiated (DE 48, subfield 61 position 3 contains value 1).

To obtain MasterCard Assigned IDs for IIAS merchant validation, acquirers

should send an email message to [email protected].
The request should specify if it is an addition or update of the MasterCard
Assigned ID, and at a minimum include the acquirer name, telephone number,
email address, acquirer ID, processor ID, merchant parent/owner name (if
applicable), MasterCard Assigned ID (if the request is for an update to the
existing MasterCard Assigned ID), and merchant contact information.

Acquirers with existing MasterCard Assigned IDs for their merchants should
continue to use those values, but must notify MasterCard that those merchants
are SIGIS compliant.

Non-IIAS Compliant Merchants

To indicate to issuers participating in real-time substantiation that the transaction

was submitted as IIAS, but from a non-IIAS compliant merchant, MasterCard will
define DE 48, subelement 61 (POS Data, Extended Condition Codes), subfield 3
(Real-time Substantiation Indicator) as value 4 (Transaction was submitted as
real-time substantiated but from a non-IIAS certified merchant).

If the issuer is not participating in real-time substantiation, the original value of 1

(Merchant terminal verified the purchased items against the IIAS) is changed to
value 0 (Merchant terminal did not verify the purchased items against the IIAS).

90% Rule Merchant Exemption

If the merchant generated 90 percent of its total sales from

FSA/HSA/HRA-certified healthcare products in the previous fiscal year, that
merchant is exempt from IIAS rules.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-173
Authorization Services Details
Real-time Substantiation

To indicate that the merchant is exempt from the IIAS rule based on the 90%
rule, the acquirer must provide DE 48, subelement 61, subfield 3, value 2
(Merchant claims exemption from using an IIAS based on the IRS 90 percent
rule) in Authorization Request/0100, Authorization Advice/0120, and Reversal
Request/0400 messages.

Merchant Terminal Verification

MasterCard defines DE 48 (Additional Data—Private Use), subelement 61 (POS
Data, Extended Condition Codes), subfield 3 (Real-time Substantiation Indicator)
for use in the Authorization Request/0100 message to allow merchants to
indicate whether the merchant terminal verified the purchased items against
an IIAS.

For accurate processing of IIAS real-time substantiated transactions, MasterCard

recommends that issuers validate the card acceptor business code (MCC) (DE
18) and Real-time Substantiation Indicator (DE 48, subelement 61, subfield 3).

When the merchant terminal has verified the purchased items against an IIAS,
the acquirer should populate the Authorization Request/0100 message with
DE 48, subelement 61 and the following subfield values:

• Subfield 1 (Partial Approval Terminal Support Indicator) and subfield 2

(Purchase Amount Only Terminal Support Indicator) must contain values
of zero or 1
• Subfield 3 must contain a value of 1
• Subfields 4 and 5 are reserved for future use and must contain values of zero

Acquirers do not receive DE 48, subelement 61 in the Authorization Request

Response/0110 message.

When an acquirer creates an Authorization Advice/0120 message to advise

the issuer of an approved authorization performed by the acquirer, DE 48,
subelement 61 should be present if it was present in the original Authorization
Request/0100 message.

Real-time Substantiation Amounts

MasterCard has redefined DE 54 (Additional Amounts), subfield 2 (Amount
Type), value 10 (Healthcare Eligibility Amount). When the acquirer provides
the real-time substantiation indicator in DE 48, subelement 61, subfield 3, this
redefined amount type allows the acquirer to indicate the portion of DE 4
(Amount, Transaction) that is eligible for real-time substantiation.

In addition to the Healthcare Eligibility Amount, MasterCard supports DE 54,

subfield 2, value 11 (Prescription Eligibility Amount), which allows the acquirer
to indicate the portion of the healthcare eligibility amount that includes the
amount spent for prescriptions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-174 27 November 2013 • Authorization Manual
 Authorization Services Details
Real-time Substantiation

Subfield 2, value 11 must only be present when the acquirer provides subfield 2,
value 10 in the Authorization Request/0100 or the Authorization Advice/0120
message. In addition, the amount in subfield 2, value 11 must be less than or
equal to the amount of subfield 2, value 10.

DE 54 occurrences with subfield 2, values 10 and 11 are not returned to

the acquirer in the Authorization Request Response/0110 message or the
Authorization Advice Response/0130 message.

Examples
The following tables provide examples of Real-time Substantiation transaction
processing.

The examples only show one occurrence of DE 54 amounts in USD. However,

standard currency conversion rules will apply. Therefore, acquirers and issuers
will always receive amount-related data elements in the acquirer’s transaction
currency and the issuer’s cardholder billing currency for DE 54.

Because Real-time Substantiation transactions can be used in combination with

partial approvals, when the issuer receives an Authorization Request/0100
message containing DE 48, subelement 61, subfield 1, value 1, the issuer has
the option to:

• Approve the entire transaction amount.

• Decline the entire transaction amount.
• Respond with a partial approval.
• For the issuer to respond with a partial approval, DE 48, subelement 61,
subfield 1 must contain a value of 1; otherwise, the issuer must approve or
decline the entire transaction amount.
• Partial approvals are not valid for Authorization Advice/0120 messages and
will be rejected with a format error.

Example 1—Partial Approval: Entire Healthcare Eligibility Amount

This example illustrates that the issuer approved the entire Healthcare Eligibility
Amount, which in this case is a partial approval of the total transaction amount.
In this scenario, the merchant would ask the cardholder to use another form of
payment for the remaining USD 60 or remove some items from the purchase.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-175
Authorization Services Details
Real-time Substantiation

Authorization Request/0100 Authorization Request Response/0110

From Issuer To Acquirer

• DE 48, subelement 61 = • DE 6 = USD 40 • DE 4 = USD 40

10100 (indicates terminal
• DE 39 = 10 • DE 54, subfield 2,
can handle partial approvals
value 57 (Original
and has verified against
Amount) = USD 100
IIAS)
• DE 39 = 10
• DE 4 = USD 100
• DE 54, subfield 2, value 10
= USD 40

Example 2—Partial Approval: Partial Healthcare Eligibility Amount

This example illustrates that the issuer approved only a portion of the
Healthcare Eligibility Amount, which in this case is a partial approval of the total
transaction amount. In this scenario, the merchant would ask the cardholder
to use another form of payment for the remaining USD 80 or remove some
items from the purchase.

Authorization Request/0100 Authorization Request Response/0110

From Issuer To Acquirer

• DE 48, subelement 61 = • DE 6 = USD 20 • DE 4 = USD 20

10100
• DE 39 = 10 • DE 54, subfield 2,
• DE 4 = USD 100 value 57 = USD 100
• DE 54, subfield 2, value 10 • DE 39 = 10
= USD 40

Example 3—Full Approval: Entire Healthcare Eligibility Amount

In this example, the merchant terminal is indicating that they do not support
partial approvals; therefore, a full approval or decline is required. The issuer
approves the full transaction; thereby approving the entire Healthcare Eligibility
Amount.

Authorization Request/0100 Authorization Request Response/0110

From Issuer To Acquirer

• DE 48, subelement 61 = • DE 4 = USD 100 • DE 4 = USD 100

00100
• DE 39 = 00 • DE 39 = 00
• DE 4 = USD 100
No DE 54, subfield
• DE 54, subfield 2, value 10 2, value 57 (Original
= USD 100 Amount) is provided in
this scenario because the
issuer responded with
DE 39 = 00

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-176 27 November 2013 • Authorization Manual
 Authorization Services Details
Real-time Substantiation

Example 4—Partial Approval: Partial Healthcare Eligibility Amount,

including Prescriptions

This example illustrates that the issuer approved only a portion of the
Healthcare and Prescription Eligibility amounts. In this scenario, the merchant
would ask the cardholder use another form of payment for the remaining USD
80 or remove some items from the purchase.

Authorization Request/0100 Authorization Request Response/0110

From Issuer To Acquirer

• DE 48, subelement 61 = • DE 6 = USD 20 • DE 4 = USD 20

10100
• DE 39 = 10 • DE 54, subfield 2,
• DE 4 = USD 100 value 57 = USD 100
• DE 54, subfield 2, value 10 • DE 39 = 10
= USD 40
• DE 54, subfield 2, value 11
= USD 30

Example 5—Full Approval: Entire Healthcare Eligibility Amount, including

Prescriptions

In this example, the merchant terminal is indicating that they do not support
partial approvals; therefore, a full approval or decline is required. The issuer
approves the full transaction; thereby approving the entire Healthcare Eligibility
Amount, including the Prescription Eligibility Amount.

Authorization Request/0100 Authorization Request Response/0110

From Issuer To Acquirer

• DE 48, subelement 61 = • DE 4 = USD 100 • DE 4 = USD 100

00100
• DE 39 = 00 • DE 39 = 00
• DE 4 = USD 100
No DE 54, subfield
• DE 54, subfield 2, value 10 2, value 57 (Original
= USD 100 Amount) is provided in
this scenario since the
• DE 54, subfield 2, value 11 issuer responded with
= USD 60 DE 39=00

Authorization Reports
The Authorization Parameter Summary Report (SI737010-AA) includes a
Real-time Substantiation participant parameter in the Global Parameters section.

For a sample of this report and field descriptions, see “Reports.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-177
Authorization Services Details
Recurring Payments

To Participate
Issuers must notify MasterCard if they want to support real-time substantiation
processing by completing the Real-time Substantiation Participation (Form 834)
and providing the form to the Customer Operations Services team.

Participation authorizes MasterCard to provide the issuer with real-time

substantiation information in the Authorization Request/0100 or the
Authorization Advice/0120 message. The Authorization Platform removes
healthcare related amounts from the Authorization Request/0100 or the
Authorization Advice/0120 message for non–participating issuers.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Recurring Payments
Recurring payments are payments by an issuer to an acquirer on behalf of a
cardholder who authorizes a merchant to bill the cardholder’s account on a
continued, periodic basis (such as monthly, quarterly, or annually) without a
specified end date. The amount of each payment may be the same or may
fluctuate.

Recurring payments are not installment billing. For example, a cardholder

contracted to pay USD 25 on a monthly basis for one year for membership in
a health club. This transaction would not qualify as a recurring transaction
because there is a beginning and ending time specified for the membership.

Indicating a Recurring Payment

Acquirers can indicate to issuers that a transaction is a recurring payment
by including a value of 4 (Standing order/recurring transactions) in DE
61 (Point-of-Service [POS] Data), subfield 4 (POS Cardholder Presence) in
Authorization Request/0100 messages.
NOTE
The recurring payment indicator in DE 61, subfield 4 is required for all recurring
payment transactions whether the transaction is the first payment made to
the card acceptor pursuant to the recurring payment arrangement or any
subsequent payment.

For more information about recurring payments, see “Merchant Advice Codes.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-178 27 November 2013 • Authorization Manual
 Authorization Services Details
Recurring Payments

Recurring Payment Test Transactions

Before submitting an authorization request for the full amount of a recurring
payment, the card acceptor may use a recurring payment “test transaction” to
determine the status of the cardholder account. Test transactions are available
for the first payment of a recurring payment arrangement, if occurring in a
card-not-present environment or any subsequent payment.

Recurring payment test transactions must comply with all existing recurring
payment transaction identification requirements. In addition to complying
with all existing recurring payment transaction identification requirements, the
acquirer must ensure that each recurring payment Authorization Request/0100
message test transaction contains DE 61 (Point-of-Service [POS] Data), subfield 7
(POS Transaction Status), value 4 (Preauthorized Request), and DE 4 (Amount,
Transaction) is a zero value transaction amount.

Maestro Recurring Payments Program

The Maestro® Recurring Payments program allows enrolled merchants to
begin accepting Maestro cards for recurring payment electronic commerce
(e-commerce) transactions. The initial transaction of a recurring payment
arrangement may be completed face-to-face, with the subsequent transactions
being submitted as standard non–face-to-face recurring payment transactions.

Acquirers in the Europe region that process Maestro e-commerce transactions

may optionally participate in the Maestro Advance Registration Program.
Acquirers registered for the Maestro Advance Registration Program automatically
will be able to participate in the Maestro Recurring Payments Programs.
For more information about the Maestro Advance Registration program, see
“MasterCard and Maestro Advance Registration Programs.”

Maestro recurring payment e-commerce transactions are identified in

Authorization Request/0100, Authorization Advice/0120—Acquirer-generated,
and Reversal Request/0400—Acquirer-generated messages by DE 48 (Additional
Data—Private Use), subelement 42 (Electronic Commerce Indicators), subfield 1
(Electronic Commerce Security Level Indicator and UCAF Collection Indicator),
position 3 (UCAF Collection Indicator), value 3 (UCAF data collection is
supported by the merchant, and UCAF (MasterCard Assigned Static AAV). In
addition, DE 61 (Point-of-Service [POS] Data), subfield 4 (POS Cardholder
Presence), value 4 (Standing order/recurring transactions) identifies Maestro
e-commerce recurring payment transactions.

If the first transaction of a recurring payment arrangement is completed

face-to-face, it must be identified as a face-to-face transaction and must contain
the recurring payment indicator in DE 61.

Issuers must not validate DE 48, subelement 43 (Universal Cardholder

Authentication Field [UCAF™]), as that validation is performed during
authorization processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-179
Authorization Services Details
Recurring Payment Cancellation Service

DE 48, subelement 32 (MasterCard Assigned ID) must be present, and the

Authorization Platform edits DE 48, subelement 32 and subelement 43 (Static
AAV for Maestro or MasterCard Advance Registration Program) for valid values.

Alternate Processing

The MasterCard® SecureCode™ AAV Verification Service and MasterCard®

SecureCode™ Dynamic AAV Verification in Stand-In processing service will not
be performed on Maestro e-commerce transactions that are processed under
the Maestro Recurring Payments Program for e-commerce transactions.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Recurring Payment Cancellation Service

The Recurring Payment Cancellation Service (RPCS) is an optional service
that allows issuers to specify criteria to block recurring payment transactions
identified in authorization messages and clearing records.

Benefits

RPCS provides the following benefits to the parties involved in processing

recurring payment transactions:

• Increases cardholder confidence to engage in preauthorized recurring

payment transactions
• Promotes recurring payments to increase cardholder transaction volume
• Reduces cardholder dissatisfaction due to being charged after terminating a
recurring payment arrangement with a merchant
• Reduces chargebacks and costs of chargeback handling

How It Works

Issuers participating in RPCS may submit recurring payment blocking criteria to

the MasterCard RPCS File database using one of the following methods:

• Online Issuer File Update/03xx messages (MCC105)

• MasterCard eService
• NICS™

The Authorization Platform uses the issuer payment blocking criteria to decline
online authorization requests for recurring payments, and the Global Clearing
Management System (GCMS) uses the same issuer criteria to reject clearing
records.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-180 27 November 2013 • Authorization Manual
 Authorization Services Details
RiskFinder

Acquirers receive Authorization Request Response/0110 messages containing

DE 48 (Additional Data—Private Use), subelement 84 (Merchant Advice Code)
with value 21 (Recurring Payment Cancellation Service) indicating RPCS service.
NOTE
The Authorization Platform—not the issuer—sends the Authorization Request
Response/0110 message containing DE 48, subelement 84, value 21.

Issuers receive a store-and-forward Authorization Advice/0120 message

indicating that the authorization request was blocked by the Authorization
Platform.

Authorization Reports

The following reports provide information that support RPCS:

• The Authorization Parameter Summary Report (SI737010-AA) includes a

RPCS participant parameter in the Global Parameters section.
• The Daily Account File Activity Report (AM700010-AA) includes a section to
report the RPCS account maintenance activity. This section groups RPCS
activity by rejected, accepted, and purged.
• The Delete Preview Report (AM710010-AA) includes a section to report the
RPCS accounts that are due to be deleted in the next three weeks. A total
field by ICA of RPCS accounts to be purged also will display.

For a sample of the Authorization Parameter Summary Report (SI737010-AA),

see “Reports.” For a sample of the Daily Account File Activity Report
(AM700010-AA) and Delete Preview Report (AM710010-AA), see the Account
Management System User Manual.

To Participate

Issuers must notify MasterCard to participate in the Recurring Payment

Cancellation Service. To request participation, contact the Customer Operations
Services team.

For More Information

For more information about:

• Data requirement details, see the Customer Interface Specification manual.

• The Recurring Payment Cancellation Service, see the Recurring Payment
Cancellation Service Program Guide.

RiskFinder
RiskFinder™ is a service that MasterCard offers to help issuers more effectively
predict fraudulent card use. RiskFinder uses a state-of-the-art neural network to
evaluate authorization transactions and produce a transaction score relative to
the potential fraudulent use of the card.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-181
Authorization Services Details
Sweden Domestic Authorization Switching Service

RiskFinder is an optional service.

About Risk Finder

RiskFinder bases scores on merchant and cardholder data available to the

issuer’s RiskFinder scoring system. This global information complements
customers’ current account-based fraud prediction systems. For customers
not currently using any fraud predictive model, this package provides a
comprehensive tool to help issuers potentially reduce fraudulent card use.

To Participate

Issuers must notify MasterCard to participate in the RiskFinder service. To

request participation, contact the Customer Operations Services team.

For More Information

Customers can obtain more information about RiskFinder from the Customer
Interface Specification manual or by contacting the Customer Operations
Services team.

Sweden Domestic Authorization Switching Service

The Authorization Platform supports the authorization processing for customers
that participate in Sweden Domestic Authorization Switching Service (SASS).
NOTE
Applies only to the Europe region.

The Authorization Platform supports the following authorization processing

for customers that participate in SASS:

• ATM Additional Data

• Forgotten Card at ATM
• Receipt Free Text
• Refund Transactions

ATM Additional Data

DE 48 (Additional Data—Private Use), subelement 58 (ATM Additional Data)
may contain ATM watermark information. Watermark is a card authentication
technology supported by Swedish ATMs. The watermark card verification
method is used to increase security of the card; therefore, making counterfeit
cards harder to manufacture. The watermark verification only applies when
there is a watermark on the card.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-182 27 November 2013 • Authorization Manual
 Authorization Services Details
Sweden Domestic Authorization Switching Service

The acquirer sends an ATM Authorization Request/0100 or a Reversal

Request/0400 message with watermark data provided by the terminal. The
issuer validates the watermark data and decides whether to approve or to
decline the ATM transaction.

Watermark data can only be present in Authorization Request/0100 and Reversal

Request/0400 messages for ATM withdrawal transactions (DE 3, subfield 1,
value 01) or balance inquiry transactions (DE 3, subfield 1, value 30).

If the issuer does not support watermark data, the Authorization Platform
removes subelement 58 (ATM Additional Data) before forwarding the
Authorization Request/0100 message to the issuer.

Forgotten Card at ATM

Forgotten card at ATM covers two specific cases of when a cardholder initiates
an ATM withdrawal or a balance inquiry service.

• The cardholder leaves the terminal without taking the card.

• The cardholder cannot retrieve the card from the terminal for technical
reasons.

The card has been read by the terminal and an Authorization Request/0100
message has or has not been sent to the issuer. Either the terminal retains the
card or the cardholder leaves his or her card in the terminal without bank
notes being distributed.

If no Authorization Request/0100 message was sent for the ATM withdrawal or

balance inquiry, the acquirer sends a Reversal Request/0400 message with a
zero transaction amount and appropriate reason code in DE 48, subelement 58.

If the issuer does not support subelement 58, the Authorization Platform
provides a Reversal Request Response/0410 message to the acquirer with DE 39
(Response Code), value 57 (Transaction not permitted to issuer/cardholder).

Receipt Free Text

Free text data allows issuers to provide acquirers information that can be
printed on receipts at Swedish ATMs.

Issuers provide the free text data to be printed on ATM receipts in DE 123
(Receipt Free Text) of Authorization Request Response/0110 messages.

Receipt free text data can only be present in Authorization Request

Response/0110 messages for ATM withdrawal (DE 3, subfield 1, value 01) and
balance inquiry (DE 3, subfield 1, value 30) transactions.

If the acquirer does not support free text data, the Authorization Platform
removes DE 123 (Receipt Free Text) before forwarding the Authorization
Request Response/0110 message to the acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-183
Authorization Services Details
Sweden Domestic Authorization Switching Service

Refund Transactions
A refund transaction allows a cardholder to return goods or services previously
purchased from a merchant. The refund decreases the cardholder’s activity and
credits the cardholder's open-to-buy.

The Authorization Platform accepts refund transactions for MasterCard and

Maestro® transactions, in addition to Private Label transactions.

An acquirer sends an Authorization Request/0100 or Authorization Advice/0120

message with DE 3, subfield 1 containing value 20xx00 for the refund (where
xx indicates the type of account to be credited).

The issuer approves or declines the refund transaction using an Authorization

Request Response/0110 message or acknowledges the refund transaction using
an Authorization Advice Response/0130 message.

Both the refund Authorization Request/0100 and Authorization Advice/0120

messages can be reversed using a Reversal Request/0400 message.

If the issuer does not support refund transactions, the Authorization Platform
sends an Authorization Request Response/0110 message or a Reversal Request
Response/0410 message to the acquirer with DE 39 (Response Code), value 57
(Transaction not permitted to issuer/cardholder). Authorization Advice/0120
messages are acknowledged by the Authorization Platform but not forwarded
to the issuer.

All refund transactions are routed to the same issuer host as for point-of-service
(POS) transactions.

Refund transactions are not processed by the Stand-In System or X-Code

alternate processing.

• If the issuer is not available to respond to a refund Authorization

Request/0100 message, the Authorization Platform sends an Authorization
Request Response/0110 message to the acquirer with DE 39 (Response
Code), value 91 (Authorization System or Issuer System Inoperative).
• If the issuer is not available to respond to a refund Reversal Request/0400
message, the Authorization Platform sends a Reversal Request
Response/0410 message to the acquirer with DE 39, value 00 (approved
or completed successfully).
The Authorization Platform also sends a Reversal Advice/0420 message to
the issuer as notification of the reversal that was responded to on their
behalf.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-184 27 November 2013 • Authorization Manual
 Authorization Services Details
Third Party Processor Identification

Third Party Processor Identification

The Third Party Processor (TPP) Identification service assists issuers in
identifying an acquirer’s third-party processor. This optional service provides
issuers additional information in their fraud analysis during an account data
compromise event.

Issuers that choose to register for this service will receive additional information
to identify the entity involved in acquiring the transaction and presenting the
transaction to the acquiring MIP.

How It Works

The Authorization Platform requires acquirers to submit DE 32 (Acquiring

Institution ID Code) in all Authorization Request/0100 transactions. DE 32
contains the ICA number for the institution acting as the “acquiring bank” or
“merchant bank” for the transaction. If an institution is acting as a processor
for the acquiring bank, DE 32 should represent the acquiring bank and DE
33 (Forwarding Institution ID Code) should contain the ICA number for the
forwarding or processing institution.

In addition to the values in DE 32 and DE 33 provided by the acquirer or

processor in Authorization Request/0100 and Authorization Advice/0120
messages, the Authorization Platform includes the additional entity identifier
submitting the message to the Dual Message System in DE 48 (Additional
Data—Private Use), subelement 16 (Processor Pseudo ICA). DE 48, subelement
16 contains a unique identifier from the MasterCard Registration Program
(MRP) database for the TPP processing the Authorization Request/0100 or
Authorization Advice/0120 message.

This data is sent in the Authorization Request/0100 and Authorization

Advice/0120 messages only for participating account ranges.

Authorization Reports

The Authorization Parameter Summary Report (SI737010-AA) includes a TTP

participant parameter in the Global Parameters section to indicate issuers that
have registered to receive unique identifiers for TTPs. For a sample of the
Authorization Parameter Summary Report (SI737010-AA), see “Reports.”

To Participate

Issuers must register for this optional service. To request participation, contact
the Customer Operations Services team.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-185
Authorization Services Details
Transaction Blocking Services

Transaction Blocking Services

MasterCard offers the following transaction blocking services to assist issuers in
managing and protecting their accounts at various stages of the BIN lifecycle.

• Transaction Blocking
• Transaction Blocking for Inactive BINs

Transaction Blocking
Transaction Blocking provides issuers with easy-to-manage, flexible controls
that supplement their authorization strategy. Transaction Blocking extends
an issuer’s authorization capabilities, augmenting their defenses to protect
portfolios from fraud attacks, as well as manage specialized payment programs
with ease. An issuer’s participation in the Transaction Blocking Service is
optional.

This service may not have the effect of causing the acquirer to be in
noncompliance with any MasterCard Standard, including Rule 6.2, Selective
Authorization.

Issuers may want to apply transaction blocking to:

• Prevent the authorization of fraudulent transactions for compromised

account ranges
• Prevent the authorization of transactions due to operational emergencies
(for example, the issuer encounters problems supporting certain processing
codes or POS PAN entry modes).
• Decline authorizations for an account range in combination with the
point-of-interaction (POI) country in the event of local issues that
necessitate preventing transactions from being authorized until those issues
are resolved.

Transaction Blocking provides issuers the ability to decline authorizations

based upon the issuing ICA number or account range, and one or more of
the following transaction parameters:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-186 27 November 2013 • Authorization Manual
 Authorization Services Details
Transaction Blocking Services

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code)

• DE 4 (Amount, Transaction)
• DE 5 (Amount, Settlement)
• DE 6 (Amount, Cardholder Billing)
• DE 18 (Merchant Type)
• DE 22 (Point-of-Service [POS] Entry Mode), subfield 1 (POS Terminal PAN
Entry Mode)
• DE 32 (Acquiring Institution ID Code)
• DE 41 (Card Acceptor Terminal ID)
• DE 42 (Card Acceptor ID Code)
• Chip Present derived flag from the existence of DE 55 (Integrated Circuit
Card [ICC]) System-Related Data) in the record
• DE 61 (Point-of-Service (POS) Data), subfield 4 (POS Cardholder Presence)
• DE 61 (Point-of-Service (POS) Data), subfield 5 (POS Card Presence)
• DE 61 (Point-of-Service [POS] Data), subfield 10 (Card Activated Terminal
Level [CAT])
• DE 61 (Point-of-Service [POS] Data), subfield 13 (POS Country Code)
• Velocity counters and summarized values
NOTE
Although this list represents the most commonly requested criteria, other
data elements within the authorization message are also available. If other
functionality is required, please contact the Customer Operations Services team
for system availability.

Information can be stored as counts and calculated values during processing

and retrieved for use on following transactions. The summarized values
from previous transactions can be analyzed during the current transaction
processing. This allows for historical information to be used for interpretation
in the Transaction Blocking.

Transaction Block Setup

The following information is required for each transaction block setup:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-187
Authorization Services Details
Transaction Blocking Services

• ICA and account range selection

• The data elements identifying the type of transaction to be blocked
• Effective date
• The response code that will be returned in the Authorization Request
Response/0110 message to the acquirer when the transaction matches the
blocking criteria. Issuers may choose a response code from the following
list:

– 03 (Invalid merchant)
– 04 (Capture card)
– 05 (Do not honor)
– 12 (Invalid transaction)
– 57 (Transaction not permitted to issuer/cardholder)
– 58 (Transaction not permitted to acquirer/terminal)
NOTE
If issuers do not specify a decline response code, the default response code
is 05 (Do not honor).
• Registration for the optional Transaction Blocking ICA Level Block Summary
(SI738010–AA) and delivery endpoint.

Additional Advice Message Information Provided

Issuers should be prepared to receive an Authorization Advice/0120 message

for any transaction that MasterCard blocks on behalf of the issuer with the
criteria added in May 2012. The advice message will include the following
values in already existing fields:

• DE 39 (Response Code)
• DE 60 (Advice Reason Code), subfield 1 (Advice Reason Code), value 120
(Transaction Processed by Transaction Blocking Service)
• DE 121 (Authorizing Agent ID Code), value 000003 (Decline occurred due
to an on-behalf service)

Transaction Blocking ICA Level Block Summary (SI738010–AA)

The Transaction Blocking ICA Level Block Summary (SI738010–AA) is an

optional report showing each ICA level block for the issuer and the account
ranges associated to that block. The ICA Blocking Summary report will assist
issuers in determining the account ranges that are blocked via ICA level
Transaction Blocking records.

To Participate

Issuers may choose to participate in and customize their Transaction Blocking

settings by selecting one of the following options:

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-188 27 November 2013 • Authorization Manual
 Authorization Services Details
Transaction Research Request

• Completing the Transaction Blocking Service (Form 810) and submitting the
form to the Customer Operations Services team.
• Completing the requirements online through the Manage My Accounts
> Update a Product on MasterCard Connect™. If submitted online, the
application enables approved users to track submitted participation requests
and view previous submissions.

For questions about participating in Transaction Blocking, contact the Customer

Operations Services team.

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

Transaction Blocking for Inactive BINs

The Transaction Blocking for Inactive BINs service blocks authorization requests
for an entire BIN range or a segment of a BIN range, defined up to 11 digits.

Through this service, issuers can protect assigned BIN ranges before they go
into production. Issuers also can protect account ranges in production that
are not actively used. Transaction Blocking for Inactive BINs will decline any
authorization request in the identified account range with response code 14
(Invalid card number).

The Transaction Blocking for Inactive BINs service is available globally on the
Dual Message System. This service is recommended when a BIN has been
assigned by MasterCard for use by the issuer, but that is not yet supported
by the issuer’s authorization system.

Participation in the Transaction Blocking for Inactive BINs service is optional.

Benefits

Issuers may want to apply authorization blocking for inactive BINs to:

• Block an entire BIN range or a segment of a BIN range.

• Combat fraud attacks on inactive BIN ranges, defined as “live” on
MasterCard systems but not in production on the issuer host system.

To Participate

To sign up for the Transaction Blocking for Inactive BINs, issuers must complete
the Transaction Blocking Service Request Form for Inactive BINs (Form 835).

Transaction Research Request

A transaction research request is a request by a customer for MasterCard to
provide information about a transaction.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-189
Authorization Services Details
Transaction Research Request

Customers can use either of the following two methods to research information
about previous transactions:

• Transaction Research tool to conduct research about specific transactions

or a range of transactions for an account number. The report generated
provides customers with transactional data such as card number, card
validation code 2 (CVC 2) response, point-of-sale entry mode, cardholder
present information, merchant advice code, and message type identifier
(MTI).
• If the transaction is over 180 days, customers can submit a request using
the Authorization Research Request (Form 074). The Customer Operations
Services team will perform the research for you. The team provides
information about authorization transactions, duplicate reports, microfiche
re-creation, currency conversion rates, BIN ICA numbers, and conversions.

About the Transaction Research Tool

The Transaction Research tool allows users to search the MasterCard data
warehouse for transactions that a customer has processed as either an issuer or
an acquirer.

This capability:

• Provides secure access to proprietary authorization information

• Retrieves 17 relevant transaction data elements online with the option to
view all available data elements for a transaction.
• Returns the data within seconds after the customer electronically submits
the request for research

In addition, users can print the transaction data or export the information into a
Microsoft® Excel file.

The transaction data is stored in the MasterCard data warehouse and is available
to customers for 180 days. Most transactions are available within six to 12
hours of the transaction time.

Requesting the Transaction Research Tool

To request the Transaction Research Tool, follow these steps.

Procedure
1. Log on to MasterCard Connect™.
2. Enter your User ID and Password.
3. Click Store on the main menu (located in the upper right corner) on the
MasterCard Connect home page.
4. Scroll to or search for Transaction Research.
5. Click Add to Cart. A confirmation message appears.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-190 27 November 2013 • Authorization Manual
 Authorization Services Details
Transaction Research Request

6. Click Cart to display the cart, and then click Check Out to display the Order
Details window.
7. Under Order Details, click Review Order > Place Order.

Once the Security Administrator approves the request, Transaction Research

will appear under the Applications menu on the MasterCard Connect home
page.

Accessing the Transaction Research Tool

To access the Transaction Research Tool, follow these steps.

1. Log on to MasterCard Connect™.

2. On the Applications menu, click Transaction Research. The MasterCard
Authorization Transaction Research page appears.

Researching an Authorization Request

To research an authorization request, follow these steps.

Procedure
1. In the Card Number box, enter the cardholder account number that you
want to research.

Note: MasterCard uses the optional ICA number for your tracking purposes
only. If you enter an ICA number, it appears on your billing report to help
you identify transactions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-191
Authorization Services Details
Transaction Research Request

2. In the Data Range area, enter a starting transaction date and an ending
transaction date using a MM/DD/YYYY format or click the Calendar link
to select a date.
3. To identify a transaction more specifically by its approval code, enter the
Authorization Code.
4. To identify a transaction more specifically by its amount, select one of the
following options:

• Click All Transactions to retrieve all transactions.

• Click Single Transaction, and then enter the amount in U.S. dollars to
identify a single transaction.
• Click Transaction Range, and then enter a starting transaction amount
in U.S. dollars and the ending transaction amount in U.S. dollars to
identify a range of transactions.
5. To view recurring payments only, select the View Only Recurring Payments
check box.
6. Click Search. The search results page displays.
7. To display the detailed results for a specific transaction, select the
transaction you want, and then click Detail.

Results

The Authorization Transaction Research tool displays a presence indicator for

the following data elements in which they are present: DE 35 (Track 2 Data),
DE 45 (Track 1 Data), and CVC 2 values in DE 48 (Additional Data—Private
Use, subelement 92 (CVC 2).

Verifying CVC Data

You can enter CVC 2 values to determine whether it matches the actual value
in the transaction.

Procedure

To verify CVC data, follow these steps:

1. On the Detail Results screen, click Verify CVC Data.
2. In the CVC 2 box, enter the appropriate CVC 2 code, and then click Check.
3. Depending on your CVC data validation results, a message appears
indicating a Match or No Match. For example, if the results of your CVC
data validation indicated a match, the message that displays would look
similar to the following illustration.

About the Transaction Research Request Form

Customers can use the Transaction Research Request (Form 074) to request the
Customer Operations Services team to perform research for you.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-192 27 November 2013 • Authorization Manual
 Authorization Services Details
Travel & Entertainment—Incremental Authorizations

If you submit a transaction research request by completing and sending the

Transaction Research Request (Form 074) to MasterCard, MasterCard sends you
a letter, with the authorization information, that you can use for chargeback
purposes. If you request the services informally via a customer representative,
you will not receive a letter.

About Fees for Transaction Research Requests

A general research fee applies to each customer inquiry requesting information
that is readily available to the customer in a MasterCard publication, report,
service, or other source.

See the MasterCard Consolidated Billing System manual for fees and billing
information.

Travel & Entertainment—Incremental Authorizations

Incremental authorization transaction processing for merchants in the car rental,
lodging, and cruise line card acceptor business codes (MCCs) allows acquirers
and issuers to associate multiple authorizations together.

Issuers can match all authorizations resulting from one T&E event to a single
clearing record, providing a more accurate method of managing a cardholders'
open-to-buy.

Incremental Authorization Transaction Processing

Each incremental authorization transaction associated with a single cardholder

event must reference the original authorization. When incremental (additional)
Authorization Request/0100 messages are sent for the same T&E transaction,
acquirers must include CIS DE 63 (Network data) and DE 15 (Date, Settlement)
information from the original Authorization Response/0110 message in DE 48
(Additional Data—Private Use), subelement 63 (Trace ID) as follows:

• Positions 1–3 = value from DE 63, subfield 1 (Financial Network Code)

• Positions 4–9 = value from DE 63, subfield 2 (Banknet Reference Number)
• Positions 10–13 = value from DE 15 (Date, Settlement)
• Positions 14-15 = blank filled

The First Presentment/1240 message submitted by the acquirer must include

information from the original Authorization Request Response/0110 message in
IPM DE 63 (Transaction Life Cycle ID), subfield 2 (Trace ID). Upon receipt of
the clearing record, the issuer must release holds created by all authorizations
properly related to the original authorization.

The card acceptor business codes (MCCs) that apply to this Standard are:

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-193
Authorization Services Details
Travel & Entertainment—Incremental Authorizations

• MCCs 3351 through 3441 (Car Rental Agencies)

• MCCs 3501 through 3999 (Lodging—Hotels, Motels, Resorts)
• MCC 4411 (Cruise Lines)
• MCC 7011 (Lodging—Hotels, Motels, Resorts—not elsewhere classified)
• MCC 7512 (Automobile Rental Agency—not elsewhere classified)
NOTE
For issuers in the Europe region, each approved preauthorization has an
extended payment guarantee period of 30 days from the authorization approval
date. The issuer payment guarantee period for transactions completed at
Europe region card acceptors is limited to a maximum period counting from the
authorization or preauthorization date. This maximum period is 30 days for
MasterCard authorizations properly coded as preauthorizations and is seven
days for all other MasterCard authorizations and for all Maestro and Cirrus
authorizations and preauthorizations.

Incremental Authorization Reversals

Effective for transactions occurring on or after 18 October 2013, U.S. region

acquirers of merchants of the specified T&E card acceptor business codes
must send a full or partial reversal within 20 calendar days of the original
authorization for MasterCard® or Debit MasterCard® account ranges if the
merchant will not submit all or part of a transaction for clearing.

Effective Dates

Effective 18 October 2013, acquirers must provide new data in incremental

authorization messages for T&E transactions and issuers must manage the data
in incremental authorization messages to release holds on cardholder accounts
that can occur as a result of T&E transactions.

• The acquirer must use a unique identifier from the original approved
authorization of a transaction in any additional authorizations requested in
connection with the same transaction. The unique identifier must also be
included in the transaction clearing record. This unique identifier is the
Trace ID value from the original authorization, which must be included
in DE 48 (Additional Data—Private Use), subfield 63 of each additional
authorization and in DE 63, subfield 2 of the First Presentment/1240
message.
• Upon receipt of the transaction clearing record, the issuer must use the
unique identifier to match the original and any additional approved
authorizations to the transaction.
• Upon matching all authorizations to the clearing record, the issuer must
release any hold placed on the cardholder’s account in connection with
the original and any additional approved authorizations that is in excess
of the transaction amount

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-194 27 November 2013 • Authorization Manual
 Authorization Services Details
Visa Transaction Processing

Visa Transaction Processing

The MasterCard Authorization Platform allows acquirers to process Visa
transactions via the MasterCard Network. It supports both transactions that
qualify for the Visa Custom Payment Service Request and transactions that
do not.

For diagrams that show the routing of these transactions, see “Non-MasterCard
Authorization Message Flows.”

Issuer Options
Issuers may choose to accept Visa activity using their connection to the
MasterCard Network. This connection is called “peer-to-peer.” If the issuer is
not peer-to-peer, MasterCard routes authorization requests to the Visa network.

Custom Payment Service Request Transactions

For Visa transactions that indicate Custom Payment Service Request, MasterCard
routes the authorization request to the Visa network.

MasterCard-acquired Custom Payment Service Request transactions have

particular requirements for the Authorization Request/0100 and the
Authorization Request Response/0110 messages.

For the data requirements as they apply to the authorization message formats,
see the Customer Interface Specification manual.

Alternate Processing

If the Visa network is unavailable to authorize a Custom Payment Service

Request transaction through the MasterCard gateway, MasterCard processes the
authorization request using the MasterCard X-Code System.

Indicators
MasterCard provides support of various Visa programs by the use of specific
indicators in Authorization Request/0100 messages.

Authorization Characteristics Indicator

MasterCard customers that acquire Visa transactions can receive valid Visa
response values for the Authorization Characteristics Indicator (ACI).

MasterCard forwards the ACI value provided by Visa in DE 48 (Additional

Data—Private Use), subelement 90 (Visa Custom Payment Service Request) of
Authorization Request Response/0110 messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-195
Authorization Services Details
Visa Transaction Processing

Mail/Telephone or Electronic Commerce Indicator

Visa allows acquirers to participate in its interregional interchange

reimbursement fee (IRF) program in cases where the merchant and acquirer
met and complied with certificate serial number requirements even though
the cardholder did not.

MasterCard acquirers forwarding Visa e-commerce transactions must have the

following values in Authorization Request/0100 messages.

Data Element Value Description

DE 61, subfield 10 6 Electronic Commerce

DE 48, subelement 40, Variable binary To indicate that the merchant is

subfield 01 value 1–16 certificate-compliant
positions

DE 48, subelement 40, Not present To indicate that the cardholder is not
subfield 02 certificate-compliant

DE 48, subelement 42, 1 To indicate cardholder certificate not

subfield 01, position 2 used. For details about Visa usage
for subelement 42, see the Customer
Interface Specification manual

DE 48, subelement 43, For details about Visa usage for

44, 45 subelements 43, 44, and 45, see
the Customer Interface Specification
manual.

Market-specific Data Identifier (Visa-only)

The Visa Market-Specific Data Identifier is a value used in Visa transactions to

show the market-specific data identifier. Acquirers provide the appropriate
Visa market-specific data identifier in DE 48 (Additional Data—Private Use),
subelement 96 (Visa Market-Specific Data Identifier).

Prestigious Properties Indicator

The Prestigious Properties Indicator is a value used in Visa transactions to

specify participants in the Visa Prestigious Lodging program. Acquirers provide
the appropriate Visa Prestigious properties indicator in DE 48 (Additional
Data—Private Use), subelement 97 (Prestigious Properties Indicator).

Relationship Participant Indicator

The Relationship Participant Indicator is a value used in Visa transactions to

show that merchants have had long-term relationships with a cardholder from
whom they regularly collect recurring payments.

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-196 27 November 2013 • Authorization Manual
 Authorization Services Details
Visa Transaction Processing

MasterCard acquirers forwarding Visa transactions with a Relationship

Participant Indicator must have value R (Merchant/Cardholder Relationship)
or value I (Installment Payment) in DE 48 (Additional Data—Private Use),
subelement 86 (Relationship Participant Indicator [Visa Only]) of Authorization
Request/0100 messages.

Transponder Indicator

Cardholders may use transponders, which use radio frequency signals, to

exchange identification information with cardholder-activated terminals or
other point-of-interaction (POI) devices to initiate a transaction. These
non–face-to-face transactions occur when the card is not present (when the
transponder is the device activating the transaction).

MasterCard customers acquiring Visa transactions with a transponder must have

value 7 in DE 61 (Point-of-Service [POS] Data), subfield 10 (Cardholder-Activated
Terminal Level) in Authorization Request/0100 messages. This value indicates
that a transponder was used to exchange authorization information.

U.S. Deferred Billing Indicator

The U.S. Deferred Billing Indicator is a value used by U.S. acquirers in Visa
transactions to notify U.S. issuers that the transaction is being submitted to bill
the cardholder for merchandise that was received within the past 90 days.

MasterCard acquirers forwarding Visa transactions with the U.S. Deferred

Billing Indicator must have value D in DE 48 (Additional Data—Private
Use), subelement 78 (Visa U.S. Deferred Billing Indicator) in Authorization
Request/0100 messages.

U.S. Existing Debt Indicator

When MasterCard acquirers in the U.S. region forward to Visa, through the
MasterCard Network, transactions that pay an existing debt, they must indicate
such in Authorization Request/0100 messages.

Acquirers must include value 9 in DE 48, subelement 85 (Visa U.S. Existing Debt
Indicator) to indicate that the transaction is a payment for an existing debt.

Retail Key Entry Program

MasterCard acquirers forwarding Visa Retail Key Entry transactions must have
the following values in Authorization Request/0100 messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-197
Authorization Services Details
Visa Transaction Processing

Data Element Value Description

DE 22 (Point-of-Service [POS] Entry 01 Indicates that the card number

Mode), subfield 1 (POS Terminal was keyed into the POS device
PAN Entry Mode)

DE 61 (Point-of-Service [POS] 0 Indicates that the cardholder is

Data), subfield 4 (POS Cardholder present
Presence)

DE 61, subfield 5 (POS Card 0 Indicates that the card is present

Presence)

DE 61, subfield 11 (POS Card Data 2, 5, 7, or 8 Indicates that the POS terminal
Terminal Input Capability) can transmit magnetic stripe data

NOTE
For a transaction to be forwarded automatically to the Visa gateway, acquirers
must identify transactions as Visa Custom Payment Services transactions.
Meeting Retail Key Entry criteria will not force a transaction to the Visa gateway
if the issuer is a MasterCard peer-to-peer participant.

Secure Electronic Commerce Verification Service

The MasterCard Authorization Platform supports the Visa secure electronic
commerce verification service.

MasterCard will forward to the Visa gateway Authorization Request/0100

messages including secure e-commerce data that also contain a Visa account
number in DE 2 (Primary Account Number [PAN]).

To participate, acquirers must provide all e-commerce data elements, including

the data elements for the secure e-commerce verification, in Authorization
Request/0100 messages.

Acquirers must use DE 48 (Additional Data—Private Use), subelement 43

(UCAF), and subelement 44 (Electronic Commerce Transaction Identifier) to
send the secure e-commerce data in Authorization Request/0100 messages.
If Visa responds with a Cardholder Authentication Verification Value (CAVV)
Results Code, MasterCard forwards the code values to the acquirer in DE
48, subelement 45 (Electronic Commerce Transaction Response Code) of the
Authorization Request Response/0110 message.

Visa Product ID
Acquirers that process Visa transactions through the Authorization Platform
receive DE 48 (Additional Data—Private Use), subelement 46 (Product ID) in
Authorization Request Response/0110 and Reversal Request Response/0410
messages. The associated Visa field for DE 48, subelement 46 is field 62.23
(Product ID).

©1983–2013 MasterCard. Proprietary. All rights reserved.

9-198 27 November 2013 • Authorization Manual
 Authorization Services Details
Visa Transaction Processing

Visa Commercial Card Inquiry

Acquirers can inquire on Visa Commercial Cards using specific values in DE 48
(Additional Data—Private Use), subelement 94 (Visa Commercial Card inquiry
request and response indicator). These values are described in the Customer
Interface Specification manual.

Visa Fleet Card

MasterCard supports processing of Visa Fleet Card transactions through the
Dual Message System in DE 48, subelement 93 (Visa Fleet Card ID Request
Data) indicator. For more detailed information, see the Customer Interface
Specification manual.

Visa-Assigned Merchant Verification Value

MasterCard supports the Visa mandate requiring that the Merchant Verification
Value (MVV) be populated in all processing messages when an MVV has been
assigned to the merchant by Visa.

MasterCard only includes the Visa-assigned MVV value on those transactions

that are routed to the Visa network using the MasterCard Visa Gateway.

Acquirers of Visa-branded transactions will provide, when applicable, an

alphanumeric Merchant Verification Value (MVV) in DE 48 (Additional
Data—Private Use), subelement 36 (Visa Defined Data), subfield 1 in
Authorization Request/0100 and Reversal Request/0400 messages. If it is
provided in any other message types, the Dual Message System will remove it
before sending the transaction to the Visa network.

MasterCard is not aware of which merchants are assigned an MVV by Visa,

and therefore will not know which acquirers provide or not provide the MVV
in a message. If present, the MasterCard Network forwards the value in the
transaction to the Visa network.

The Dual Message System removes DE 48, subelement 36, subfield 1 from any
transaction provided by an acquirer that is not a Visa-branded transaction.

The MVV is not provided back to the acquirer in any messages. If DE 48,
subelement 36, subfield 1 is provided in any response messages, the Dual
Message System will remove it before sending the message to the acquirer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 9-199
Chapter 10 Reports
This section contains information about the reports and logs related to the MasterCard
Authorization Platform.

Related Reports in Other Manuals ............................................................................................... 10-1

Presentation of Reports................................................................................................................ 10-1
Report Header Information.......................................................................................................... 10-1
Authorization Summary Report (AB505010-AA) .......................................................................... 10-2
Report Sample ....................................................................................................................... 10-3
Field Descriptions .................................................................................................................. 10-8
Authorization Parameter Summary Report (SI737010-AA) ..........................................................10-15
Report Sample ......................................................................................................................10-16
Field Descriptions .................................................................................................................10-19
Header Information ........................................................................................................10-20
Global Parameters...........................................................................................................10-20
Stand-In Parameters ........................................................................................................10-28
Transaction Blocking ICA Level Block Summary (SI738010–AA)................................................10-33
Report Sample ......................................................................................................................10-34
Field Descriptions .................................................................................................................10-34
Authorization Summary by CAT Level Report (SI458010-AA) .....................................................10-36
Report Sample ......................................................................................................................10-37
Field Descriptions .................................................................................................................10-38
Daily Activity Report (SI441010-A)..............................................................................................10-40
Report Sample ......................................................................................................................10-40
Field Descriptions .................................................................................................................10-41
Issuer Information...........................................................................................................10-41
Acquirer Information ......................................................................................................10-43
Currency Conversion Information...................................................................................10-44

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-i
 Reports
Related Reports in Other Manuals

Related Reports in Other Manuals

Information about layouts of authorization detail and billing reports and layouts
of all reports related to listing accounts or merchants listed in the Merchant File
provided in other manuals.

For information about authorization details and billing reports, including the
following reports, see the MasterCard Consolidated Billing System manual.

Report Name Report Number

Issuer Authorization Detail Report AB201010-A2

Acquirer Authorization Detail Report AB202010-A1

Billable Customer Summary GB071010-AA

Customer Service Summary GB073010-AA

Customer Service Roll-Up GB074010-AA

Please refer to the Account Management System User Manual for layouts of all
reports related to listing accounts in the Account Management System (AMS) or
merchants listed in the Merchant File.

Presentation of Reports
Each authorization report is introduced with an overview that contains the
following information.

• Title—Name or title of the report

• Generated by—System generating the report
• Purpose—Reason for providing the report
• Description—Kind of information included in the report
• Frequency—How often the report is generated
• Distribution Methods—Distribution alternatives and associated bulk file or
MasterCard File Express application identification numbers

A sample of the report follows each overview description. Field descriptions for
the report follow the report sample.

Report Header Information

Report header information is contained in all reports generated by the
Authorization Platform. This information is not described with the individual
report descriptions.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-1
Reports
Authorization Summary Report (AB505010-AA)

• The report number appears in the upper left-hand corner of each report
and identifies the report by number.
• The report header is located in the upper center of each report and
identifies the report by name.
• The page number appears in the upper right-hand corner of each report
and identifies the page number within the report.
• The date appears in the upper right-hand corner of each report and
identifies the date the report was generated. All are St. Louis dates.
• The time, when it appears, is in the upper right-hand corner of each report
and identifies the time the report was generated. All are St. Louis times.

Authorization Summary Report (AB505010-AA)

The following information provides an overview of the Authorization Summary
Report (AB505010-AA).

Title Authorization Summary Report

Generated by MasterCard Authorization Platform
Purpose To provide customers with a tool for analyzing authorization
performance.
Description This report shows authorization transaction processing volumes
and percentages by BIN for the week. It reflects transactions
that use the Dual Message System and billable items.
Frequency Weekly
Distribution Paper (Sent to the authorization contact established on
Methods the Principal Member Questionnaire); MasterCard eService,
MasterCard File Express, complex-to-complex, bulk ID (T829)

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-2 27 November 2013 • Authorization Manual
 Reports
Authorization Summary Report (AB505010-AA)

Report Sample
Report sample of the Authorization Summary Report (AB505010-AA).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-3
Reports
Authorization Summary Report (AB505010-AA)

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-4 27 November 2013 • Authorization Manual
 Reports
Authorization Summary Report (AB505010-AA)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-5
Reports
Authorization Summary Report (AB505010-AA)

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-6 27 November 2013 • Authorization Manual
 Reports
Authorization Summary Report (AB505010-AA)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-7
Reports
Authorization Summary Report (AB505010-AA)

Field Descriptions
Descriptions of the fields on the Authorization Summary Report (AB505010-AA).

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-8 27 November 2013 • Authorization Manual
 Reports
Authorization Summary Report (AB505010-AA)

Field Description
Member Processed Activity Summary of all authorization activity received and
processed by the issuer, listed by the following
response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
Member Volume Total transaction volume processed by the customer
that generated the specific response and the
percentage it represents of total member transaction
volume.
Member YTD Volume Summary of the customer’s authorization volume
(member year-to-date for the calendar year-to-date (by response category)
volume) and the percentage it represents of total member
volume for the year-to-date.
System Volume Volume of authorization transactions processed by
the entire membership that week and the percentage
it represents of total volume for the membership
for the week.
System YTD Volume Volume of authorization transactions processed by
(system year-to-date the entire membership for the calendar year-to-date
volume). and the percentage it represents of total volume for
the membership for the year-to-date.
Weekly Rank Ranking by bank identification number (BIN) of
member volume within the membership (compared
to total system volume). This field shows where
each BIN stands in relation to other BINs. In the
sample, the Weekly Rank column at the Accept
Category line shows 00017/07153. This indicates
that this BIN ranks 17th out of a total of 7,153 BINs
in issuing approvals; 16 BINs issued more approvals
and 7,136 BINs issued fewer approvals.
Member Approvals by Summary of all “approved” responses returned,
Transaction Type broken down by the following transaction categories:
• Mail/Telephone
• Retail
• Cash Advance
• College/Hospital
• Hotel/Motel
• Vehicle Rental
• Transportation
• Restaurant

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-9
Reports
Authorization Summary Report (AB505010-AA)

Field Description

• Cirrus/ATM
• Unique
• Payment Transaction
Average Dollars Average dollar amount approved for the week, listed
by transaction type.
Total Dollars Total dollar amount approved for the week, listed
by transaction type
Total Volume Total transaction volume processed by the customer
for the week, listed by transaction type. In the
sample, the total volume for MO/TO transactions is
72,276. This indicates that out of a total of 564,630
approved transactions, 72,276 were for MO/TO.
YTD Average Dollars Average U.S. dollar amount approved, by transaction
(year-to-date average type, for the calendar year-to-date. This amount is
dollars) the result of dividing the YTD TOTAL DOLLARS by
the YTD TOTAL VOLUME.
YTD Total Dollars Total U.S. dollar amount approved by the customer,
(year-to-date total listed by transaction type, for the calendar
dollars) year-to-date.
YTD Total Volume Total transaction volume approved by the customer,
(year-to-date total listed by transaction type, for the calendar
volume) year-to-date.
Total Member Average U.S. dollar amount, total U.S. dollar amount,
Approvals total transaction volume, and year-to-date totals for
all transactions approved by the customer.
Stand-In Processed Activity Summary of all authorization activity received and
processed by Stand-In processing, listed by the
following response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume,
System YTD Volume, and Weekly Rank. All values
are for authorization activity processed by Stand-In
processing on behalf of the customer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-10 27 November 2013 • Authorization Manual
 Reports
Authorization Summary Report (AB505010-AA)

Field Description
Timed Out (Percent of Number of times the MasterCard Network
Total) authorization application sent the original
authorization request to the issuer for processing
but the acquiring MIP did not receive a response in
the allocated time. The second line indicates the
percentage of total authorization requests that timed
out in this manner.
Member Down Number of authorization requests sent to Stand-In
(Percent of Total) processing because the MasterCard Network
authorization application recognized that the issuer’s
host was down. Transactions that left the acquiring
node but did not reach the issuing MIP, or did reach
the issuing MIP but could not communicate with the
issuer’s host, are included in this count. The second
line indicates the percentage of total authorization
requests sent that the application handled in this
manner.
Signed Out (Percent of Number of transactions sent to Stand-In processing
Total) because the issuer was signed out. The second
line indicates the percentage of total authorization
requests sent that went to Stand-In processing for
this reason.
Non-accepted Authorizations Summary of all authorization activity processed by
by Fail Reason Stand-In that Stand-In did not approve because it
failed the indicated tests performed during Stand-In
processing.
Fail Reason List of the Stand-In tests that authorization requests
must pass to be approved.
Note: The Fail Reason INVALID CHIP/CVC includes
both transactions that failed for invalid CHIP/CVC in
Stand-In and transactions that failed for magnetic
stripe/CVC error (codes A–J) at the MIP.
Member Volume Total volume of transactions declined authorization
because of failure to pass the Stand-In test listed.
Dollar Volume Total U.S. dollar amount declined authorization
because of failure to pass the Stand-In test listed.
Accepted Dollars Total U.S. dollar amount that Stand-In authorized on
behalf of the issuer for the week reported.
Non-Accepted Dollars Total U.S. dollar amount that Stand-In did not
authorize when processing on behalf of the issuer
for the week reported.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-11
Reports
Authorization Summary Report (AB505010-AA)

Field
Limit-1 MIP Processed Activity
X-Code MIP Processed Activity
Description
Summary of all authorization activity processed on
the customer’s behalf using Limit-1, broken down by
the following response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
The second part of this page breaks down Limit-1
activity by the four Limit-1 categories:
• Mail/Telephone
• Cash Advance (cash disbursement)
• Retail
• Travel/Entertainment
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume,
System YTD Volume, and Weekly Rank. All values
are for authorization activity processed using Limit-1
parameters.
Summary of all authorization activity processed
as X-Code transactions at the acquirer MIP. These
transactions are transactions that were more than
Limit-1 and should have gone to the issuer or
to Stand-In for processing, but the authorization
application could not obtain a response from either
one.
Transactions are listed by the following response
categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume,
System YTD Volume, and Weekly Rank. All values
are for authorization activity processed at the
acquirer MIP using X-Code parameters.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-12 27 November 2013 • Authorization Manual

Field
MIP Processed Activity
Weekly Total Activity
Acquirer Reversal Processed
Activity
Reversal Volume
Reversal YTD Volume
(reversal year-to-date
volume)
System Volume
©1983–2013 MasterCard. Proprietary. All rights reserved.
Authorization Manual • 27 November 2013
Reports
Authorization Summary Report (AB505010-AA)
Description
Summary of all authorization activity involving
certain cardholder-activated terminals processed at
the MIP that would not be processed by an issuer
or Stand-In.
Transactions are listed by the following response
categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume,
System YTD Volume, and Weekly Rank. All values
are for authorization activity processed at the MIP
using X-Code parameters or those transactions
declined by the Transaction Blocking service.
Summary of total transaction volume processed
by the customer, Stand-In, Limit-1, X-Code, MIP,
and BAT on behalf of the customer for the week
reported.
See field descriptions for an explanation of Member
Volume, Member YTD Volume, System Volume,
System YTD Volume, and Weekly Rank.
Summary of Reversal Request/0400 message activity
received and processed by the issuer, listed by the
following response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
Total reversal volume processed by the customer that
generated the specific response and the percentage
it represents of total member transaction volume.
Summary of the customer’s reversal volume for the
calendar year-to-date (by response category) and
the percentage it represents of total member volume
for the year-to-date.
Volume of reversal transactions processed by the
entire membership that week and the percentage
it represents of total volume for the membership
for the week.
10-13
Reports
Authorization Summary Report (AB505010-AA)

Field Description
System YTD Volume Volume of reversal transactions processed by the
(system year-to-date entire membership for the calendar year-to-date and
volume) the percentage it represents of total volume for the
membership for the year-to-date.
Weekly Rank Ranking by bank identification number (BIN) of
member volume within the membership (compared
to total system volume). This field shows where
each BIN stands in relation to other BINs.
Total Reversal Average U.S. dollar amount, total U.S. dollar amount,
Processed total transaction volume, and year-to-date totals for
all transactions approved by the customer.
Reversal Approvals by Summary of all “approved” responses returned,
Transaction Type broken down by the following transaction categories:
• Mail/Telephone
• Retail
• Cash Advance
• College/Hospital
• Hotel/Motel
• Vehicle Rental
• Transportation
• Restaurant
• Cirrus/ATM
• Unique
• Payment Transaction
Average Dollars Average dollar amount approved for the week, listed
by transaction type.
Total Dollars Total dollar amount approved for the week, listed
by transaction type
Total Volume Total transaction volume processed by the customer
for the week, listed by transaction type.
YTD Average Dollars Average U.S. dollar amount approved, by transaction
(year-to-date average type, for the calendar year-to-date. This amount is
dollars) the result of dividing the YTD TOTAL DOLLARS by
the YTD TOTAL VOLUME.
YTD Total Dollars Total U.S. dollar amount approved by the customer,
(year-to-date total listed by transaction type, for the calendar
dollars) year-to-date.
YTD Total Volume Total transaction volume approved by the customer,
(year-to-date total listed by transaction type, for the calendar
volume) year-to-date.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-14 27 November 2013 • Authorization Manual
 Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
Total Reversals Average U.S. dollar amount, total U.S. dollar amount,
Approvals total transaction volume, and year-to-date totals for
all transactions approved by the customer.
MIP Reversal Processed Activity Summary of all reversal activity received and
processed by Stand-In, listed by the following
response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
See field descriptions for an explanation of Reversal
Volume, Reversal YTD Volume, System Volume,
System YTD Volume, and Weekly Rank. All values
are for authorization activity processed by Stand-In
processing on behalf of the customer.
Total MIP Reversal Total reversal transaction volume, and year-to-date
Processed totals for all reversals approved by the customer.
Weekly Total Activity Summary of total reversal transaction volume
processed by the customer, Stand-In, Limit-1,
X-Code, MIP, and BAT on behalf of the customer for
the week reported.
See field descriptions for an explanation of Reversal
Volume, Reversal YTD Volume, System Volume,
System YTD Volume, and Weekly Rank.

Authorization Parameter Summary Report (SI737010-AA)

The following information provides an overview of the Authorization Parameter
Summary Report (SI737010-AA).

Title Authorization Parameter Summary Report

Generated by MasterCard Authorization Platform
Purpose To provide customers with a list of authorization parameters.
Description This report includes a comprehensive list of the parameters that
the customer uses. It includes global parameters and Stand-In
parameters.
MasterCard provides updates to this report when customers’
parameters change.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-15
Reports
Authorization Parameter Summary Report (SI737010-AA)

Frequency Weekly
Distribution Paper (Sent to the authorization contact established on the
Methods Principal Member Questionnaire); MasterCard eService, MasterCard
File Express, complex-to-complex, bulk ID (T300)

Report Sample
Report sample of the Authorization Parameter Summary Report (SI737010-AA).

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-16 27 November 2013 • Authorization Manual
 Reports
Authorization Parameter Summary Report (SI737010-AA)

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-17
Reports
Authorization Parameter Summary Report (SI737010-AA)

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-18 27 November 2013 • Authorization Manual
 Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Descriptions
Descriptions of the fields on the Authorization Parameter Summary Report
(SI737010-AA).

The Authorization Parameter Summary Report (SI737010-AA) includes:

• Header Information
• Global Parameters
• Stand-In Parameters
NOTE
MasterCard provides an updated version of this report for customers when
their parameters change.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-19
Reports
Authorization Parameter Summary Report (SI737010-AA)

Header Information
Descriptions of the header information fields in the Authorization Parameter
Summary Report (SI737010-AA).

The Authorization Parameter Summary Report (SI737010-AA) header

information includes the following data.

ICA Unique six-digit ID number assigned by MasterCard to

identify a customer or processing end-point. (Sequenced
by ICA.)
Acquirer For future use.
Parameters—N/A

Issuer Parameters All parameters relating to that issuer.

Account Range Range of accounts within “From…Thru.” These range
numbers are associated with the customer’s ICA number.
From: Thru: Range of account numbers for the issuer’s parameters. The
report shows the first 19 digits of each range.

Global Parameters
Descriptions of the Global Parameters fields on the Authorization Parameter
Summary Report (SI737010-AA).

The Authorization Parameter Summary Report (SI737010-AA) global parameters

may include the following data.

Field Description
Product Code Three-position field that identifies Financial Network
Code.
Cardholder Billing Currency Three-digit number that identifies the participant’s
Code currency code.
CVC 2 Participant A one-character flag that indicates whether a customer
participates in CVC 2. CVC 2 is a three-digit numeric
character code that is indent-printed into the signature
panel in the back of a card.
• Y—Customer participates in CVC 2.
• N—Customer does not participate in CVC 2.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-20 27 November 2013 • Authorization Manual

Field
AVS Level Participant
RPCS Participant
PAN Mapping Participant
Expiration Date Participant
POS Balance Inquiry
Participant
©1983–2013 MasterCard. Proprietary. All rights reserved.
Authorization Manual • 27 November 2013
Reports
Authorization Parameter Summary Report (SI737010-AA)
Description
A one-position field that indicates a customer’s AVS
service level.
• 0—AVS not supported.
• 1—Issuer provides AVS, receives full address data.
• 2—Issuer provides AVS, receives condensed address
data. (This level supports the algorithm that uses
the first five numeric digits in an address [when
scanning the address from left to right].)
• 3—Issuer provides AVS, receives condensed address
data. (This level supports the algorithm that uses
the first five numeric digits in an address. This
algorithm stops searching for numbers after it
encounters an alphabetic character or space [when
scanning the address from left to right.])
• 4—Issuer provides AVS, receives condensed
postal/ZIP code and address data. (This level
supports the algorithm that uses only numeric digits
(with a maximum of nine digits) in the cardholder
postal/ZIP code, and the first five numeric digits in
an address [when scanning the address from left
to right]).
A one-character flag that indicates whether a customer
participates in the Recurring Payment Cancellation
Service (RPCS).
• Y—Customer participates in RPCS.
• N—Customer does not participate in RPCS.
A one-character flag that indicates whether a customer
participates in the PayPass Mapping Service.
• Y—Customer participates in PayPass Mapping.
• N—Customer does not participate in PayPass
Mapping.
A one-character flag that indicates whether a customer
participates in the Expired Card Override service.
• Y—Customer participates in the Expired Card
Override service.
• N—Customer does not participate in the Expired
Card Override service.
A one-character flag that indicates whether the account
range participates in POS balance inquiries.
• Y—Account range participates in POS balance
inquiries.
• N—Account range does not participate in POS
balance inquiries.
10-21
Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
Acquirer Reversal Message A one-character flag that indicates whether the issuer
Participation participates in the reversal request message functionality:
• Y—Issuer receives the 0400 message.
• N—Issuer does not receive the 0400 message.
Real-time Substantiation A one-character flag that indicates whether the issuer
supports real-time substantiation at the point of service.
• Y—Issuer supports real-time substantiation.
• N—Issuer does not support real-time substantiation.
InControl Real Card Spend A one-character flag that indicates whether the issuer
Control participates in the MasterCard inControl Real Card
Spend Control services.
• Y—Issuer participates in MasterCard inControl Real
Card Spend Control services.
• N—Issuer does not participate in MasterCard
inControl Real Card Spend Control services.
Receive Settlement A one-character flag that indicates whether the issuer
Amounts receives settlement amount-related data elements.
• Y—Issuer receives settlement amount-related data
elements.
• N—Issuer does not receive settlement
amount-related data elements.
MPG Blocking Participant A one-character flag that indicates whether the issuer
participates in the MasterCard Payment Gateway (MPG)
Authorization Blocking service.
• Y—Issuer participates in the MPG Blocking service.
• N—Issuer does not participate in the MPG Blocking
service.
Optional Non-Valid CVC 3 A one-character flag that indicates whether the issuer
Processing participates in Optional Non-Valid CVC 3 Processing.
• Y—Issuer participates in the Optional Non-Valid
CVC 3 Processing.
• N—Issuer does not participate in the Optional
Non-Valid CVC 3 Processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-22 27 November 2013 • Authorization Manual
 Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
CVC 3 Truncation Ind A one-character flag that indicates whether the
CVC 3 transaction is valid (that is, the value in DE
48 (Additional Data—Private Use), subelement 71
(On-behalf Services), subfield 2 (On-behalf [OB] Result
1). This indicator is available to issuers participating in
the Non-Valid CVC Processing option and participating
in one of the CVC 3 services:
• Y—CVC 3 transaction is valid.
• N—CVC 3 transaction is not valid.
Issuer PIN Block Format Applies only to the Europe region. A two-position field
Code that indicates the issuer's PIN block format.
• 01 = ANSI 1
• 02 = ANSI 2
• 03 = ANSI 2
• 10 = ISO Format 0
• 11 = ISO Format 1
• 19 = ISO Format 0 or ISO Format 1
Banknet PIN Processing A one-position field that indicates the service platform
on which an issuer’s PIN processing will be performed.
• B = Banknet PIN processing
• M = MDS PIN processing
PVV On-File Participation Applies only to the Europe region. Supports PIN
Validation using PVV on-file that issuers submit as basis
to override PVV data provided in the card’s magnetic
stripe. Valid values are as follows:
• No = Does not participate in PVV/PIN Offset on
File service.
• Optional = On File, the Authorization Platform
retrieves the PVV value. If the PVV value is found,
validates using that value. If the PVV value is not
found, the data in the track is used.
• Mandatory = On File, the Authorization Platform
uses the data on file if found to validate the PIN.
If the PVV value is not found, PIN validation indicates
mandatory PVV not on file as result.
MasterCard InControl A one-character flag that indicates whether the issuer
Mapping participates in the MasterCard inControl service.
• Y—Issuer participates in the MasterCard inControl
service.
• N—Issuer does not participate in the MasterCard
inControl service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-23
Reports
Authorization Parameter Summary Report (SI737010-AA)
Field
MasterCard Online
Checkout Service
ADC Event Participation
(Expert Monitoring
Compromised Account
Service)
TPP Identification Service
inControl Flex Card
inControl Enhanced
Routing
MoneySend Blocking
©1983–2013 MasterCard. Proprietary. All rights reserved.
10-24
Description
A one-character flag that indicates whether the issuer
participates in MasterCard online checkout service.
N—Issuer does not participate in MasterCard online
checkout service.
A one-character flag that indicates whether the issuer
participates in the Expert Monitoring Compromised
Account service.
• Y—Issuer participates in the Expert Monitoring
Compromised Account service.
• N—Issuer does not participate in the Expert
Monitoring Compromised Account service.
A one-character flag that indicates whether the issuer
participates in the Third Party Processor (TPP) service.
• Y—Issuer participates in the TPP service.
• N—Issuer does not participate in the TPP service.
A one-character flag that indicates whether the issuer
participates in the MasterCard inControl Flex Card
service.
N—Issuer does not participate in MasterCard inControl
Flex Card service.
Note: Reserved for future use.
A one-character flag that indicates whether the issuer
participates in the MasterCard inControl Enhanced
Routing Control service.
N—Issuer does not participate in the MasterCard
inControl Enhanced Routing Control service.
Note: Reserved for future use.
A one-character flag that identifies whether a receiving
financial institution (RFI) account range is blocked from
processing transactions via the MasterCard MoneySend
platform.
Y—MoneySend Payment Transactions are not allowed
because the country, RFI, or RFI’s account range
associated with the ICA/account range is blocked from
processing transactions via the MasterCard MoneySend
platform.
N—MoneySend Payment Transactions are allowed to
the ICA/account range.
27 November 2013 • Authorization Manual
 Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
Pay with Rewards A one-character flag that indicates whether the issuer
participates in the MasterCard Pay with Rewards service.
• Y—Issuer participates in the Pay with Rewards
service.
• N—Issuer does not participate in the Pay with
Rewards service.
IPC Fraud Control A one-character flag that indicates whether the issuer
participates in IPC Fraud Control service:
• Y—Issuer participates in the IPC Fraud Control
service
• N—Issuer does not participate in the IPC Fraud
Control service
Receive ATM Additional Applies only to the Europe region. A one-character flag
Data that indicates support of ATM additional data in DE 48,
subelement 58 (ATM Additional Data) by customers
participating in the Sweden Domestic Authorization
Switching Service (SASS).
• Y—Issuer supports ATM additional data in DE 48,
subelement 58.
• N—Issuer does not support ATM additional data
in DE 48, subelement 58.
Refund Participant Applies only to the Europe region. A one-character
flag that indicates whether the issuer participates in
the Refund Transactions service. (Supports Sweden
Domestic Authorization Switching Service [SASS] only).
• Y—Issuer participates in the optional Refund
Transactions service.
• N—Issuer does not participate in the optional
Refund Transactions service.
PIN Management A one-character flag that indicates whether the issuer
Participant participates in the Chip PIN Management service.
• Y—Issuer participates in the PIN Management
service.
• N—Issuer does not participate in the PIN
Management service.
Domestic Debit ATM A one-character flag that indicates whether the issuer
Processing participates in domestic Debit ATM processing.
• Y—Issuer participates in the domestic Debit ATM
processing.
• N—Issuer does not participate in the domestic Debit
ATM processing.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-25
Reports
Authorization Parameter Summary Report (SI737010-AA)

Field
In-Flight Commerce Blocked
Range
Stand-In PIN Verification
Bypass
MasterCard Digital
Enablement Service
Participation
Payment Transaction
Blocked Range
Transaction Blocking
Service
Range From Range To
Description
Two 19-digit account range numbers that indicate the
“from” and the “to” account ranges to block for in flight
commerce service.
In-flight commerce (IFC) is a service that identifies
transactions conducted via interactive video terminals
by passengers on a long-distance airplane flight.
A one-character flag indicating whether the Stand-In
System will bypass or perform a PIN Verification Test.
Issuers that want Stand-In to perform this test are
required to participate in a PIN validation service.
• Y—Stand-In System will bypass PIN Verification Test
• N—Stand-In System will perform PIN Verification
Test
A one-character flag indicating whether the issuer
participates in the MasterCard Digital Enablement
Service:
• Y—Issuer participates in the MasterCard Digital
Enablement Service
• N—Issuer does not participate in the MasterCard
Digital Enablement Service
Two 19-digit numeric account range numbers that
indicate the “from” and the “to” account ranges to block
for this transaction type.
A Payment Transaction is a transaction in which a
Payment Service Provider facilitates the transfer of funds
to an issuer for posting to a cardholder’s MasterCard
account.
Transaction Blocking is a service that enables an issuer
to decline specified types of transaction requests by
issuer ICA number or account range, in combination
with additional transaction parameters.
Two 11-digit account range numbers that indicate the
“from” and the “to” account ranges to block for the
Transaction Blocking service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-26 27 November 2013 • Authorization Manual
 Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
Response Code Indicates the response code applicable to the transaction
block, based on the response codes available for the
Authorization Request Response/0110 message. The
following list identifies the valid response code values:
• 03 (Invalid merchant)
• 04 (Capture card)
• 05 (Do not honor)
• 12 (Invalid transaction)
• 57 (Transaction not permitted to issuer/cardholder)
• 58 (Transaction not permitted to acquirer/terminal)
Scope Indicates whether transactions are blocked for all routes
or transactions are only blocked from going to the
Stand-In System when the issuer is unavailable.
• All
• Stand-In
Blocking Criteria Transaction blocking criteria. Indicates that transactions
will be block based on the issuing ICA number or
account range, and one or more of the following
transaction parameters:
• DE 3 (Processing Code), subfield 1 (Cardholder
Transaction Type Code)
• DE 18 (Merchant Type)
• DE 22 (Point-of-Service [POS] Entry Mode), subfield
1 (POS Terminal PAN Entry Mode)
• DE 61 (Point-of Service [POS] Data), subfield 10
(Card Activated Terminal Level [CAT])
• DE 61 (Point-of Service [POS] Data), subfield 13
(POS Country Code)
In the first example, the report sample shows that the
Merchant Type, value 5555 is the transaction blocking
criteria; in the second example, POS Terminal PAN Entry
Mode, value 02 is the transaction blocking criteria.
GARS Participant A one-character flag that indicates whether the
customer is a Global Automated Referral System (GARS)
participant.
• Y—Customer participates in the GARS service.
• N—Customer does not participate in the GARS
service.
Authorization Referral Indicates the phone number GARS uses to contact the
issuer on domestic-call referral responses.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-27
Reports
Authorization Parameter Summary Report (SI737010-AA)

Field
International GARS
Security Number
Lost/Stolen
Customer Service
Description
Indicates the phone number GARS uses to contact the
issuer on international call referral responses.
This phone number is not displayed.
This phone number is not displayed.
This phone number is not displayed.

Stand-In Parameters
Descriptions of the Stand-In Parameter fields in the Authorization Parameter
Summary Report (SI737010-AA).

The Authorization Parameter Summary Report (SI737010-AA) Stand-In

parameters include the following data.

Field Description
Hours of Operation Indicates the hours of operations for the issuer’s
authorization system.
UTC Offset Time difference between the customer’s local time
and Coordinated Universal Time (UTC—formerly GMT
[Greenwich mean time]).
UTC Offset represents whether the local time is ahead
(+) or behind (-) UTC by the number of hours indicated
in the UTC Offset field.
D.S.T. Daylight Saving Time (D.S.T.) represents the
daylight-saving time start and end dates and times for
the customer.
Local Time Indicates the open and close local time for the customer.
Holidays for Call Referral Definition of 26 holidays for the issuer’s Call Referral
Center Center, with up to two openings and closings per
holiday.
Decision Matrix A matrix that contains values that represent a customer’s
choice of Stand-In processing responses to transactions if
a transaction goes to Stand-In processing in a given state.
• C—Call referral
• N—Decline
• A—Continue with Stand-In processing
• P—Capture card

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-28 27 November 2013 • Authorization Manual
 Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
Open Signed In, Closed Indicates times when the issuer’s authorization center is
Signed In open versus when it is closed.
Open Signed Out, Indicates times when the issuer’s authorization center
Closed Signed Out is signed in versus when it is signed out (for online
issuers).
Card Level Support A one-character flag that indicates if the customer is a
Participant Card Level Support participant.
• Y—Customer participates in Card Level Support.
• N—Customer does not participate in Card Level
Support.
Multi-Currency Limits A one-character flag that indicates if the customer
Participant participates in multi-currency limits in Stand-In
processing.
• Y—Customer participates in multi-currency limits.
• N—Customer does not participate in multi-currency
limits.
Stand-In PIN Retries Applies only to the Europe region. Indicates the number
of invalid PIN attempts allowed using a value of 1–5.
This parameter applies only to the Online PIN Validation
in Stand-In.

Store-and-Forward (SAF) Additional parameters by which issuers can receive their

Controls SAF messages.
Delivery Type Unsolicited—Issuer receives SAF messages after signing
on to the MasterCard Network using a Network
Management Request/0800 message containing DE 70
(Network Management Information), value 001 (Sign-on
[by BIN]) or value 061 (Group sign on [by MasterCard
group sign on]).
Number of Represents the Number of Simultaneous Advice
Simultaneous Sessions Messages that can be processed simultaneously. There is
a maximum of 10 advice messages that can be processed
simultaneously. Default is 10.
Advice Response Wait Advice response wait time in seconds (30–180 seconds)
Time before SAF session termination. (Default is 30 seconds.)
Automatic Deletion Indicates whether the Stand-In System should delete the
Option SAF message from the SAF queue when the Stand-In
System processing exceeds the number of times the
issuer requested Stand-In to resend a SAF message when
no response is received from the issuer. The Stand-In
System will attempt to resend the SAF message from
the SAF queue until a response is received, the resend
limit has been reached, or the advice is on file for four
days. (Default is No).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-29
Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
No Response Resend Number of times (1–20) that the Stand-In System
Limit attempts to resend a SAF message without response
from the issuer before auto-deleting SAF messages. If
Automatic Deletion Option is selected, default is 3.
Transaction Processing This section of the report depends on the number of
Parameters rules that apply to a customer. The report reflects all
rules that apply to that particular customer.
Target Country Indicates the acquirer country for which the limits are
applied.
MasterCard has established minimum and maximum
values for certain parameters. MasterCard will set the
minimum limits as default values to establish customer’s
limits.
• Foreign Default—Established limits outside of the
country of issuance.
• Global—Established limits for all customers by
product code, MCC, and/or CAT level.
Promo Code Indicates the promotion code for which the limits are
(Promotion Code) applied. Lists the six-character alphanumeric codes that
an issuer establishes to identify transactions that meet
requirements for an issuer’s promotional program for a
card range.
CAT Level Lists a one-character numeric code that identifies
transactions that occur at a CAT. A CAT is a
cardholder-activated terminal that is usually unattended
and accepts payment cards, debit, charge, and
proprietary cards for a card range. CATs are defined
by levels.
• 0—Not a CAT transaction
• 1—Automated dispensing machines with PIN
• 2—Self-service terminals
• 3—Limited-amount terminals
• 4—In-flight commerce terminals
• 6—Electronic commerce
• 7—Transponder
Product ID Lists the three-character code that identifies the type of
card program for an account, such as Gold MasterCard®
card.
MCC/TCC Lists the card acceptor business code (MCC) and the
transaction category code (TCC) for which limits are
applied.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-30 27 November 2013 • Authorization Manual
 Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
Currency Code Three-digit number that identifies the customer’s chosen
currency code for amount limits.
Card Present Amount Transaction amount limit when a card is present.
Card Not Present Transaction amount limit when a card is not present.
Amount

Product Graduation This section of the report depends on whether the

Transaction Limits account range has product graduated limits. If the
Processing Parameters account range does not have product graduated limits,
this section does not display.
For each account range that contains product graduated
cards to which a Customer Specific Index (CSI) is
assigned, a set of Stand-In processing limits for accounts
that are registered to participate in Product Graduation
displays.
Target Country Indicates the acquirer country for which the limits are
applied.
MasterCard has established minimum and maximum
values for certain parameters. MasterCard will set the
minimum limits as default values to establish customer’s
limits.
• Foreign Default—Established limits outside of the
country of issuance.
• Global—Established limits for all customers by
product code, MCC, and/or CAT level.
Promo Code Indicates the promotion code for which the limits are
(Promotion Code) applied. Lists the six-character alphanumeric codes that
an issuer establishes to identify transactions that meet
requirements for an issuer’s promotional program for a
card range.
CAT Level Lists a one-character numeric code that identifies
transactions that occur at a CAT. A CAT is a
cardholder-activated terminal that is usually unattended
and accepts bankcards, debit, charge, and proprietary
cards for a card range. CATs are defined by levels.
• 0—Not a CAT transaction
• 1—Automated dispensing machines with PIN
• 2—Self-service terminals
• 3—Limited-amount terminals
• 4—In-flight commerce terminals
• 6—Electronic commerce
• 7—Transponder

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-31
Reports
Authorization Parameter Summary Report (SI737010-AA)

Field Description
Product ID Lists the three-character code that identifies the type of
card program for an account, such as Gold MasterCard®
card.
MCC/TCC Lists the card acceptor business code (MCC) and the
transaction category code (TCC) for which limits are
applied.
Currency Code Three-digit number that identifies the customer’s chosen
currency code for amount limits.
CSI Code Seven-position alphanumeric value that is provided
when registering accounts for Product Graduation.
Card Present Amount Transaction amount limit when a card is present.
Card Not Present Transaction amount limit when a card is not present.
Amount

Product Graduation Limits This section of the report depends on whether the
Authorization Parameter account range has product graduated limits. If the
Summary account range does not have product graduated limits,
this section does not display.
For each account range that contains product graduated
cards to which a Customer Specific Index (CSI) is
assigned, a set of Stand-In processing limits for accounts
that are registered to participate in Product Graduation
displays.
CSI Code Seven-position alphanumeric value provided when
registering accounts for Product Graduation.
Accumulative Limits Four-day accumulative day and amount limits
established by the issuer. The accumulation limits are
for the number of transactions and amounts. Stand-In
processing will not approve any amount that raises
the accumulative amount already approved above the
specified limit for the specified period of days.
Currency Code Three-digit number that identifies the customer’s chosen
currency code for amount limits.
Premium Controls Indicates specific limits that Stand-In processing applies
to accounts listed in the Account File as Premium
Listings. The Premium Listings designation is a method
of identifying cardholder accounts that should have
higher authorization limits than standard limits for the
card type.
During the Accumulative Limits test for Premium
accounts, Stand-In processing applies the Days and
Count Limit parameters.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-32 27 November 2013 • Authorization Manual
 Reports
Transaction Blocking ICA Level Block Summary (SI738010–AA)

Field Description
Group and Series Identifies a range of card account numbers listed in the
Electronic Warning Bulletin file submitted by MasterCard
on behalf of an issuer to the Account Management
System for the purpose of notifying a merchant to
capture any card bearing an account number that falls
within that range.
Stand-In Blocked Range Identifies a range of card numbers within a BIN that
have not been issued to cardholders or card ranges
previously blocked and should be unblocked. Range
Blocking only applies for transactions processed by
Stand-In. Card numbers within blocked ranges do
not automatically appear in the Account Management
System (AMS) Electronic Warning Bulletin file.
Limit 1–Processing Processing that limits the number of transactions that the
Authorization Platform forwards to the issuer. Limit-1
processing is part of Stand-In processing, and it uses
issuer-defined parameters to return an authorization
response. Limit-1 processing responds to authorization
requests without forwarding them to the issuer when
the transaction amount is equal to or less than the
issuer-defined amount limits, and the transaction does
not fail any of the Stand-In tests.
Mail/Telephone Current Limit-1 value established by the issuer for
mail/telephone transactions.
Travel Current Limit-1 value established by the issuer for
transactions.
Cash-Disbursement Current Limit-1 value established by the issuer for cash
disbursement transactions.
Retail Current Limit-1 value established by the issuer for retail
transactions.
Nth Transaction Indicates how many transactions Limit-1 can process
before sending the next transaction to the issuer for
processing.
On-behalf Services Lists the on-behalf service description for the on-behalf
services that are enabled for an account range. There is
a maximum of 10 on-behalf services.

Transaction Blocking ICA Level Block Summary

(SI738010–AA)
The following information provides an overview of the Transaction Blocking
ICA Level Block Summary (SI738010–AA).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-33
Reports
Transaction Blocking ICA Level Block Summary (SI738010–AA)

Title Transaction Blocking ICA Level Block Summary

Generated by MasterCard Authorization Platform
Purpose To provide customers with a tool to identify all BINs that are
associated with ICAs that are subscribed to the Transaction
Blocking service.
Description This report includes a comprehensive list of the parameters for
each BIN when the Transaction Blocking Service is invoked at
the ICA level.
MasterCard provides updates to this report when customers’
parameters change.
Frequency Weekly
Distribution Paper (Sent to the authorization contact established on the
Methods Principal Member Questionnaire); MasterCard eService, MasterCard
File Express, complex-to-complex, bulk ID (T300)

Report Sample
Report sample of the Transaction Blocking ICA Level Block Summary
(SI738010-AA) report.

Field Descriptions
Descriptions of the fields on the Transaction Blocking ICA Level Block Summary
(SI738010–AA) report.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-34 27 November 2013 • Authorization Manual
 Reports
Transaction Blocking ICA Level Block Summary (SI738010–AA)

Field Description
Billing ICA ICA that is billed for the Issuer ICA Number
Transaction Blocking Service activity. This ICA may
be the same or different than the Issuer ICA number.
Issuer ICA Unique six-digit ID number assigned by MasterCard
to identify a customer or processing endpoint.
Sequenced by ICA and listed numerically. This ICA
may be the same or different than the Billing ICA
number.
Country Code A three-digit, numeric code that identifies the
country. Issuers may use these codes to establish
higher or lower transaction limits for a country or
countries where the transaction is acquired.
Merchant Type DE 18 (Merchant Type) is the classification (card
acceptor business code (MCC) of the merchant’s
type of business or service.
CAT Level Code DE 61 (Point-of Service [POS] Data), subfield 10
(Card Activated Terminal Level [CAT]) indicates
whether the cardholder activated the terminal with
the use of the card and the CAT security level.
POS Terminal PAN Entry Mode DE 22 (Point-of-Service [POS] Entry Mode), subfield
1 (POS Terminal PAN Entry Mode) indicates how the
PAN was entered at the terminal.
Response Code DE 39 (Response Code) defines the disposition of a
previous message or an action taken as a result of
receipt of a previous message.
Response codes also are used to indicate approval
or decline of a transaction. If an authorization is
declined, the response code indicates the reason for
rejection and may indicate an action to be taken at
the card acceptor.
Group ID Identifies a grouping of issuer account ranges that
use the same transaction criteria for routing to the
same destination route.
Scope Indicates where the block occurs.
Acquirer—Indicates the block occurred at the
acquirer MIP.
Stand-In—Indicates the block occurred during
Stand-In processing.
Associated BIN Ranges Identifies a range of card numbers within a BIN that
are associated to that blocking ICA. These blocks
occur at the MIP and not in Stand-In processing.
These ranges may or may not have been issued to
cardholders.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-35
Reports
Authorization Summary by CAT Level Report (SI458010-AA)

Authorization Summary by CAT Level Report (SI458010-AA)

The following information provides an overview of the Authorization Summary
by CAT Level Report (SI458010-AA).

Title Authorization Summary by CAT Level

Generated by MasterCard Authorization Platform
Purpose To provide customers with a tool for analyzing authorization
performance for cardholder-activated transactions.
Description MasterCard produces this report for each CAT level. The
report shows authorization transaction processing volumes and
percentages by BIN for the week for the CAT level of the report.
It reflects network usage (that is, transactions that travel across
the MasterCard Network, not only billable items, which are listed
apart from other transactions in the authorization detail reports
located in the MasterCard Consolidated Billing System manual.
The report displays activity by authorization response: Accept
(“approved”), Decline (“decline”), Call-Me (“refer to card issuer”),
and Pick-Up (“capture card”). It also displays transactions by
transaction category, such as mail/telephone and retail).
Frequency Weekly
Distribution Paper (Sent to the authorization contact established on the
Methods Principal Member Questionnaire); MasterCard eService

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-36 27 November 2013 • Authorization Manual
 Reports
Authorization Summary by CAT Level Report (SI458010-AA)

Report Sample
Report sample of the Authorization Summary by CAT Level Report

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-37
Reports
Authorization Summary by CAT Level Report (SI458010-AA)

Field Descriptions
Descriptions of the fields on the Authorization Summary by CAT Level Report
(SI458010-AA).

Field Description
CAT Processed Activity Summary of all authorization activity received and processed
by the issuer for the CAT level on the report, listed by the
following response categories:
• Accept (“approved”)
• Decline
• Call-Me (“refer to card issuer”)
• Pick-Up (“capture card”)
Member Volume Total CAT transaction volume processed by the customer
that generated the specific response and the percentage it
represents of total customer CAT transaction volume.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-38 27 November 2013 • Authorization Manual
 Reports
Authorization Summary by CAT Level Report (SI458010-AA)

Field Description
Member YTD Volume Summary of the customer’s CAT authorization volume for
(member year-to-date the calendar year-to-date (by response category) and the
volume) percentage it represents of total member CAT volume for
the year-to-date.
System Volume Volume of CAT authorization transactions processed by the
entire membership that week and the percentage it represents
of total CAT volume for the membership for the week.
System YTD Volume Volume of CAT authorization transactions processed by
(system year-to-date the entire membership for the calendar year-to-date and
volume) the percentage it represents of total CAT volume for the
membership for the year-to-date.
Total Member Total member CAT volume, year-to-date volume, system
Processed volume, and system year-to-date volume for all authorization
responses.
Approvals by Summary of all “approved” responses returned for CAT
Transaction Type transactions, divided by the following transaction categories:
• Mail/Telephone
• Retail
• Cash Advance
• College/Hospital
• Hotel/Motel
• Vehicle Rental
• Transportation
• Restaurant
• ATM
• Unique
• Payment Transaction
Average Dollars Average dollar amount approved for CAT transactions for the
week, listed by transaction type.
Total Dollars Total dollar amount approved for CAT transactions for the
week, listed by transaction type.
Total Volume Total CAT transaction volume processed by the customer
for the week, listed by transaction type. In the sample, the
total volume for Restaurant transactions is 3. This indicates
that out of a total of 86 approved CAT 2 transactions, 3 were
for Restaurant.
YTD Average Dollars Average U.S. dollar amount approved, by transaction type,
(year-to-date average for CAT transactions for the calendar year-to-date. This
dollars) amount is the result of dividing the YTD TOTAL DOLLARS
by the YTD TOTAL VOLUME.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-39
Reports
Daily Activity Report (SI441010-A)

Field Description
YTD Total Dollars Total U.S. dollar amount of CAT transactions approved by the
(year-to-date total customer for the calendar year-to-date.
dollars)

YTD Total Volume Total CAT transaction volume approved by the customer for
(year-to-date total the calendar year-to-date.
volume)

Total Member Average U.S. dollar amount, total U.S. dollar amount, total
Approvals transaction volume, and year-to-date totals for all CAT
transactions approved by the customer.
Total For All Prefixes Activity totals for all the customer’s BINs (all of the previous
pages of the report). Totals are listed by authorization
response (such as accept, decline, call-me, and pick-up) and
by transaction category (such as mail/telephone and retail).

Daily Activity Report (SI441010-A)

The following information provides an overview of the Daily Activity Report
(SI441010-A).

Title: Daily Activity Report (SI441010-A)

Generated by MasterCard Authorization Platform
Purpose To provide CAPS issuers with the information they need to
update their cardholder accounts and make updates to the
Stand-In system.
Description This report is generated by ICA number and contains information
pertaining to each authorization request.
Frequency Daily
Distribution Banknet bulk ID T829, MasterCard File Express, paper (mail or
Methods fax), MasterCard eService
MasterCard distributes this report according to the authorization
contact established on the Principal Member Questionnaire, or
by calling the Customer Operations Services team.

Report Sample
Report sample of the Daily Activity Report (SI441010-A).

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-40 27 November 2013 • Authorization Manual
 Reports
Daily Activity Report (SI441010-A)

Field Descriptions

Issuer Information
Descriptions of the issuer information fields on the Daily Activity Report
(SI441010-A).

Field Description
Tran Type If the transaction is a reversal of a prior authorization request,
(transaction type) this field contains “REV.” Otherwise, this field is blank.

ICA ICA number of the customer that issued the card for which
authorization was requested.
Cardholder No. Cardholder number contained in the original authorization
request received by Stand-In processing. See DE 2 in the
Customer Interface Specification manual.
Process Date Date the report was generated in MM/DD/YY
(month/day/year) format.
Activity Code Processing code of the authorization request. See DE 3 in the
Customer Interface Specification manual.
Process Amount Transaction amount contained in the original authorization
request, as requested and entered by the acquirer. This
amount is listed in settlement currency (U.S. dollars).
Transaction Date Date (St. Louis time) that the authorization request was
processed by Stand-In in MM/DD/YY (month/day/year)
format. This is the transmission date of the authorization
request. See DE 7 in the Customer Interface Specification
manual.
Transaction Time Time (St. Louis time) that the authorization request was
processed by Stand-In in HH:MM:SS (hour: minute: second)
format. This is the transmission time of the authorization
request. See DE 7 (Transmission Date and Time) in the
Customer Interface Specification manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-41
Reports
Daily Activity Report (SI441010-A)

Field Description
Advice Reason/Detail The reason for the advice, followed by the advice detail.
The advice reason indicates whether Stand-In, X-Code, or
Limit-1 processing at the MIP processed the transaction. The
advice detail gives the authorization response that Stand-In,
X-Code, or Limit-1 processing at the MIP returned on behalf
of the CAPS issuer
Fail Code Code indicating the reason why Stand-In, X-Code, or Limit-1
processing at the MIP did not approve the transaction.
01 Reject Decline
02 Reject Capture Card
03 Reject Issuer not participating

04 Reject Invalid PIN

05 Reject ATM

06 Reject Transaction limit test/Refer to card issuer

07 Reject Premium Listings (VIP) cumulative limit
test
08 Reject Merchant suspicious indicator test
09 Reserved
10 Reserved
11 Reject Day 1/number of transactions
12 Reject Day 2/number of transactions
13 Reject Day 3/number of transactions

14 Reject Day 4/number of transactions

15 Reject Day 1/amount

16 Reject Day 2/amount

17 Reject Day 3/amount
18 Reject Day 4/amount
19 Reject Extended Cash Disbursement cumulative
amount
20 Reject No procurement record
21 Reject Premium Listings (VIP) transaction limit
test
22 Reject No category record

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-42 27 November 2013 • Authorization Manual
 Reports
Daily Activity Report (SI441010-A)

Field Description
23 Reject Not authorized

24 Reject Single cash disbursement limit test

25 Reject Monthly cash disbursement limit test

26 Reject Single limit test

27 Reject Monthly limit test
28 Reject Invalid CVC

Acquirer Information
Descriptions of the acquirer information fields on the Daily Activity Report
(SI441010-A).

Field Description
REF Number Banknet reference number.
ICA ICA number (Member ID) of the acquirer that transmitted
the authorization request. See DE 32 (Acquiring Institution
ID Code) in the Customer Interface Specification manual.
Stand-In Response Authorization response that Stand-In processing sends to
the acquirer on behalf of the issuer. If the transaction
is an approval, a six-digit authorization approval code
beginning with “8” appears in this field. If X-Code or
Limit-1 processing at the MIP generates the authorization
response, this field is blank.

POS (point of sale) Numeric country code of the acquirer sending the
authorization request. See the list of country codes in the
Quick Reference Booklet.
Type Transaction category code. See DE 48 in the Customer
Interface Specification manual. Valid values include:
A = Automobile/Vehicle Rental
C = Cash Disbursement
F = Restaurant
H = Hotel/Motel and Cruise Ship Services
O = Hospitalization and College/School Expenses
P = Payment Transaction
R = Retail
T = Mail Order/Telephone Order

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 10-43
Reports
Daily Activity Report (SI441010-A)

Field Description
U = Unique Transaction
X = Transportation
Z = Automated Teller Machine (ATM) Cash
Disbursement

Currency Conversion Information

For participating issuers and acquirers, see the following fields on the Daily
Activity Report. These fields appear as a second line of data for each transaction
only if currency conversion occurred for the transaction. When present, all of
the fields in the second line of data will be populated.

Field Description
CH Amt/Curr/Rate The transaction amount in issuer currency, followed
(Cardholder by the currency code of the issuer currency, followed
Amount/Currency/Rate) by the conversion rate used to convert the amount in
acquirer currency into the amount in issuer currency.
See DE 6, DE 10, and DE 51 in the Customer Interface
Specification manual.
Tran Amt/Curr/Rate The transaction amount in acquirer currency, followed
(Transaction by the currency code of the acquirer currency, followed
Amount/Currency/Rate) by the conversion rate used to convert the amount in
acquirer currency into the amount in U.S. dollars (shown
in the Process Amount field). See DE 4 and DE 49 in
Customer Interface Specification manual.
Rate Date The month and day that the conversion rate is effective
to convert the transaction amount from the acquirer
currency into the currency of settlement (U.S. dollars).
See DE 16 in the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

10-44 27 November 2013 • Authorization Manual
Chapter 11 EMV Transactions
This section explains the impact of chip contact technology on the Authorization Platform.

Introduction to Chip Card Technology ........................................................................................ 11-1

Transaction Flow ......................................................................................................................... 11-1
Online Authorization ............................................................................................................. 11-2
Online Response.............................................................................................................. 11-3
Unable to Connect to the Issuer ...................................................................................... 11-4
Issuers.......................................................................................................................................... 11-4
Full Chip Grade Issuing ......................................................................................................... 11-4
Magnetic Stripe Grade Issuing ............................................................................................... 11-5
Acquirers...................................................................................................................................... 11-6
X-Code Processing................................................................................................................. 11-6
Acquirer Authorization Below International Floor Limit ........................................................ 11-7
Refer to Card Issuer ............................................................................................................... 11-7
Online Reversal Advices ........................................................................................................ 11-7
M/Chip Processing Services ......................................................................................................... 11-8
Chip to Magnetic Stripe Conversion Service .......................................................................... 11-8
M/Chip Cryptogram Pre-validation Service............................................................................ 11-8
Combined Service Option...................................................................................................... 11-9
M/Chip Cryptogram Validation in Stand-In Processing .......................................................... 11-9
Limit–1 Processing ......................................................................................................................11-10
MIP X-Code Processing...............................................................................................................11-10
Impact of Chip Technology on the Network Message................................................................11-10
DE 22—Point-of-Service [POS] Entry Mode ..........................................................................11-10
DE 23—Card Sequence Number...........................................................................................11-11
DE 35 Track 2 Data...............................................................................................................11-11
DE 48—Additional Data—Private Use ..................................................................................11-12
DE 55—Integrated Circuit Card [ICC] System-related Data ...................................................11-13
DE 55 in the Online Request ..........................................................................................11-13
Application Cryptogram Tag 9F26—Mandatory ........................................................11-13
Issuer Application Data Tag 9F10—Conditional .......................................................11-14
Terminal Verification Result Tag 95—Mandatory ......................................................11-14
Cryptogram Information Data Tag 9F27—Mandatory ...............................................11-14
Unpredictable Number Tag 9F37—Mandatory..........................................................11-15
Application Transaction Counter Tag 9F36—Mandatory...........................................11-15

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-i
EMV Transactions

Amount, Authorized (Numeric) Tag 9F02—Mandatory ............................................11-15

Transaction Currency Code Tag 5F2A—Mandatory ..................................................11-15
Amount, Other (Numeric) Tag 9F03—Conditional ...................................................11-15
Cardholder Verification Method Results Tag 9F34—Optional ...................................11-15
Dedicated File Name Tag 84—Optional ...................................................................11-16
DE 55 Data in the Online Response ...............................................................................11-16
Issuer Authentication Data Tag 91—Optional...........................................................11-16
Issuer Scripts.............................................................................................................11-16
DE 61—Point-of-Service [POS] Data .....................................................................................11-16

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-ii 27 November 2013 • Authorization Manual
 EMV Transactions
Introduction to Chip Card Technology

Introduction to Chip Card Technology

The following information provides a brief introduction to chip card technology.

The introduction of chip technology brings a dramatic increase to the

computing power available at the point of interaction (POI). Sophisticated cards
meet equally sophisticated terminals, all of which have been manufactured
by a large number of independent vendors throughout the world. The need
for interoperability is obvious.

EMV

In 1996, Europay (now MasterCard Europe sprl), MasterCard, and Visa

(EMV) developed standards for integrated circuit cards (ICCs), terminals,
and applications. EMVCo, LLC, established in 1999, is the organization that
oversees and maintains the EMV specifications. The EMV standard applies
to cards and to terminals and is intended to ensure that any compliant card
works in any compliant terminal, therefore the EMV specifications guarantee
the interoperability between card and the terminal.

Chip Terminals

A hybrid Automated Teller Machine (ATM), Point-of-Service (POS) terminal,

and Cardholder-Activated Terminal (CAT) support both contact EMV chip and
magnetic stripe technology.

The ATM, POS, and CAT terminals that accept MasterCard, Debit MasterCard®,
MasterCard Electronic™, Maestro®, and Cirrus® may be either hybrid, which
support both chip and magnetic stripe technology, or magnetic stripe only.
These terminals are not allowed to be chip-only because magnetic stripe only
cards would not be accepted.

MasterCard Branded Hybrid Cards

A hybrid MasterCard, Debit MasterCard, MasterCard Electronic, Maestro and

Cirrus card is a card that supports both contact EMV chip and magnetic stripe
technology. These cards are not allowed to be chip-only because they would
not be accepted at MasterCard merchants operating magnetic stripe only
terminals.

Transaction Flow
The magnetic stripe transaction uses the following process.

1. The terminal reads the Track 1 or Track 2 data from the magnetic stripe.
Although there may be different proprietary implementations, the terminal
usually identifies the payment system and the brand of the card from the
magnetic stripe’s PAN.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-1
EMV Transactions
Transaction Flow

2. The magnetic stripe terminal decides, based on the rules fixed by the
payment system, how to authenticate the cardholder either with a PIN,
signature, or no Cardholder Verification Method (CVM).
3. The magnetic stripe terminal also decides whether the transaction must
be authorized online or authorized offline. This decision is governed by
the floor limits.

Note: All magnetic stripe transactions performed on online capable terminals

should be online authorized, regardless of the transaction amount.

Contrary to magnetic stripe, a chip transaction allows more than one application
to be supported on the same card. The chip transaction uses the following
process:

1. The terminal determines the applications that are supported on both the
chip card and terminal.
2. If there is more than one application and if the terminal supports a dialog
with the cardholder, the terminal prompts the cardholder for his or her
choice.
3. After the terminal selects the application chosen by the cardholder, it reads
the data on the chip, and then performs a range of checks in combination
with the chip card.
4. The result of these tests is reported in EMV tag 95 (Terminal Verification
Result [TVR]).
5. Based on the result of these tests, the terminal and the card either decides to:

• Decline (the card replies Application Authentication Cryptogram [AAC],

or
• Accept offline (the card replies Transaction Certificate [TC]), or
• Go online (the card replies Authorization Request Cryptogram [ARQC]).

In the first decision, the transaction is terminated. In the second decision, the
transaction is accepted offline. In the third decision, the transaction is sent for
online authorization.

Online Authorization
The following information focuses on the third decision of the transaction
flow—the online authorization.

There are two scenarios with online authorization:

• The terminal receives an online response from the issuer.

• The terminal is unable to connect to the issuer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-2 27 November 2013 • Authorization Manual
 EMV Transactions
Transaction Flow

If the chip technology fails at any of the processes described earlier, the
magnetic stripe technology is used as fallback at the attended POS. Fallback to
magnetic stripe is not allowed on offline-only unattended terminals. Supporting
fallback to magnetic stripe on ATMs and unattended online terminals is also
required, except if it is prohibited by regional rules (for example in Europe).

Online Response
When the terminal receives an online response from the issuer, the online chip
transaction follows a path similar to a magnetic stripe transaction.

When authorizing the online transaction on the issuer’s host, the issuer
usually applies the same tests as for a magnetic stripe transaction. The
issuer also verifies additional chip data fields that include the Authorization
Request Cryptogram (ARQC), an Application Cryptogram (AC), and a
Transaction Certificate Cryptogram (TC) provided in DE 55, which is a Message
Authentication Code (MAC) over other data in DE 55. A correct ARQC proves
to the issuer that the card is genuine, and the other data in DE 55 that was used
as input to the ARQC was not altered.

Another chip data field is the Card Verification Result (CVR). The CVR, which is
a subset of the Issuer Application Data (EMV subelement 9F10), is calculated
by the chip. The CVR gives the issuer more information about the transaction.
Another important subelement in DE 55 is Terminal Verification Results (TVR).
The TVR provides issuers with the transaction processing results from the
terminal. MasterCard recommends that issuers verify both the CVR and the TVR.

To indicate in the online reply that the chip transaction is approved or declined,
the issuer uses the following process:

1. The issuer sends the authorization response message containing DE 39

(Response Code) with the same values as for magnetic stripe.
2. If the cryptogram validation fails, the issuer uses DE 48 (Additional Data),
subelement 74 (Additional Processing Information) to indicate the reason
why the ARQC or TC cryptogram validation failed to the acquirer.
3. For chip transactions, a full-chip issuer host sends DE 55 in the authorization
response message.
In this context, DE 55 contains the Issuer Authentication Data, a
cryptographic value that proves to the chip that the transaction is approved
by the genuine issuer. DE 55 in the authorization response message also
may contain ICC post-issuance commands (referred to as issuer scripts) to be
sent to the card by the issuer, for example to update a chip card parameter.
4. The terminal asks the card to approve or decline, according to the issuer’s
decision communicated, as for magnetic stripe in DE 39.
5. Together with the issuer’s decision, the terminal sends to the card the Issuer
Authentication Data present in DE 55 of the authorization response message.
6. If the transaction is approved, this confirms to the chip that the approval
comes from the genuine issuer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-3
EMV Transactions
Issuers

The card takes the final decision, and depending on internal parameters
decides whether to reset its offline cumulative counters. The transaction is
terminated.

For information about online responses from the issuer and data requirements,
see “Impact of Chip Technology on the Network Message.”

Unable to Connect to the Issuer

If the terminal did not get a valid reply from the acquirer, the terminal switches
to the EMV mode “Unable to go online.”

If the acquirer (or an intermediate processor) falls into time out on the online
authorization response message, the online authorization response message is
corrupted, or the acquirer cannot connect to online authorization, the acquirer
sends a response to the terminal to inform it of the problem. (How this
information is sent is proprietary.) Once the terminal receives this response
from the acquirer, it must continue the EMV transaction in the “Unable to Go
Online” EMV mode.

In the EMV mode “Unable to Go Online,” depending on the conditions set by

the issuer on the card in the IAC-Default and by the acquirer on the terminal in
the TAC-Default, the transaction may either be approved offline or declined.

Processing steps are as follows:

1. The terminal will ask the card to approve or decline. It is essential that the
authorization response code (a data element requested by the card) is set
by the terminal to the appropriate code Y3 (or Z3) to indicate “Approved
(or Declined)—Unable to Go Online.” Because the response is not initiated
by the issuer, no Issuer Authentication Data is sent to the card.
The absence of the Issuer Authentication Data in the reply from the acquirer
may not be considered a reason for the terminal to apply the EMV mode
“Unable to go online.” Only the proprietary flag described earlier instructs
the terminal to do so.
2. The card returns an Application Cryptogram that reflects its final decision.

Issuers
Issuers that want to make use of the chip-related information in the
authorization request can start with magnetic stripe grade issuing, and then
upgrade to Full Chip Grade issuing later.

Full Chip Grade Issuing

Full chip issuing is the term used to describe an issuer that has upgraded its
host system as follows.

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-4 27 November 2013 • Authorization Manual
 EMV Transactions
Issuers

• Verify the ARQC provided in DE 55 of the authorization request

• Send valid issuer authentication data in DE 55 of the authorization response

A full chip card normally is programmed to approve an online transaction if

and only if the Issuer Authentication Data is present and valid. If the Issuer
Authentication Data is either not present or present and incorrect, the standard
Full chip card is set to decline.

With full chip grade issuing:

• Full chip issuers must verify the ARQC and generate Issuer Authentication
Data.
• Full chip issuers must support the processing of DE 23 (Card Sequence
Number) and DE 55 on their online authorization host.
• Full chip issuers that subscribe to the M/Chip Cryptogram Pre-validation
service do not need to support the chip cryptography on their online
authorization host. These issuers also benefit from the pre-validation
service when their host is not available because Stand-In processing
considers the result of the cryptogram pre-validation when responding
to the authorization request.
• Full chip issuers that do not subscribe to the M/Chip Cryptogram
Pre-validation service must support the chip cryptography on their online
authorization host. To ensure successful chip transactions while their host is
not available, issuers must sign up for the M/Chip Cryptogram Validation in
Stand-In Processing service.
• Full chip issuers that request Stand-In processing must sign up for the
M/Chip Cryptogram Validation in Stand-In Processing service to guarantee
the success of the transaction.
• Cards issued with the chip grade issuing profile will decline chip transactions
when no Issuer Authentication Data is returned in the authorization
response message. MasterCard does not support Limit-1 processing for
chip transactions.

Magnetic Stripe Grade Issuing

Magnetic stripe grade issuing is the term used to describe an issuer that has not
upgraded its host system to perform chip cryptography. Although authorization
request messages contain DE 55, magnetic stripe grade issuers do not verify
the ARQC or TC; therefore do not use the data in DE 55. These issuers do not
generate DE 55 in the online response because they cannot provide Issuer
Authentication Data or send issuer scripts.

Magnetic stripe grade issuing provides the following benefits:

• Offline CAM
• Offline CVM (where applicable)
• Card risk management

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-5
EMV Transactions
Acquirers

Because magnetic stripe grade issuers do not verify the ARQC or TC, they
process the chip transaction as a magnetic stripe authorization (even though
chip technology was used).

By not supporting DE 55, there is:

• No guarantee that the data in DE 55 was not altered

• No online CAM
• No online mutual authentication
• No script processing, therefore no possibility to update the card

Magnetic stripe grade issuers must personalize their cards so that they do not
decline an online-authorized transaction because Issuer Authentication Data
is not provided.

Magnetic stripe grade issuers that subscribe to the Chip to Magnetic Stripe
Conversion service can support chip transactions without any change to their
online issuer authorization host to support chip.

Magnetic stripe grade issuers that do not subscribe to the Chip to Magnetic
Stripe Conversion service must support DE 23 and DE 55 on their online
authorization host.

Cards issued by magnetic stripe grade issuers are not affected by the Limit-1
processing.

Acquirers
Chip acquirers must be full grade, that is, they must support DE 55 in the online
authorization request message and response message.

X-Code Processing
If the transaction uses chip technology, the acquirer can perform acquirer host
X-Code processing only if the acquirer’s infrastructure is upgraded to instruct
the terminal to switch to “Unable to go online” EMV mode.

If the acquirer’s infrastructure is not able to instruct the terminal to process the
transaction in the mode “Unable to go online,” the acquirer must decline the
chip transaction.

An X-Code transaction is only approved if the terminal proposes to the card to

approve the transaction in the “Unable to go online” EMV mode and if the card
also accepts this proposal. Otherwise, the transaction is declined.

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-6 27 November 2013 • Authorization Manual
 EMV Transactions
Acquirers

Acquirer Authorization Below International Floor Limit

There may be situations where the terminal routinely goes online to the
acquirer host for a transaction, even if it is below the international floor limit
and could be approved in offline mode.

Although the terminal goes online to the acquirer, it is possible that the acquirer
does not want to send an online request to the issuer (for example, the
transaction is below the international floor limit, and the card is not effective in a
regional Warning Bulletin), and approves the transaction on behalf of the issuer.

The transaction is then an offline transaction. This processing is often referred

to as “acquirer truncation,” and in most countries is not allowed for magnetic
stripe transactions because their floor limit for such transactions is zero. In
addition, MasterCard does not recommend this process for chip transactions
because potentially valid transactions may be declined.

For offline transactions, the acquirer instructs the terminal to accept the
transaction using the “Unable to go online” EMV mode. As discussed earlier, the
terminal must set the authorization response code (a data element requested
by the card) to the appropriate value Y3 (or Z3), indicating “Approved (or
Declined)—Unable to Go Online.”

Care must be given when the chip application generates an ARQC, and the
acquirer does not want to go online to the issuer for transactions below
the international floor limit. It is not possible to know whether the chip
application’s Card Risk Management will subsequently approve that transaction
offline when instructed that the terminal was “Unable to Go Online.”

If the acquirer decides to authorize in offline mode, even if the result of

the Action Codes Default is to request a Transaction Certificate (TC), the
acquirer will be liable if the chip application responds with an Application
Authentication Cryptogram (AAC). If the acquirer does not take the liability, it
declines a transaction that could have been approved online by the issuer.

For this reason, MasterCard recommends that all transactions where an ARQC
was generated be sent to the issuer for online authorization.

Refer to Card Issuer

If the transaction uses chip technology and the issuer responds with “refer to
card issuer,” the terminal must terminate the chip transaction by requesting an
AAC to the card, and the merchant should follow the “refer to card issuer”
procedures, as for magnetic stripe.

Online Reversal Advices

In some circumstances, such as a terminal failure, terminals decline transactions
that were online approved. In such cases, the terminal should send an online
reversal advice to inform the issuer.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-7
EMV Transactions
M/Chip Processing Services

With chip technology, situations may occur due to the terminal or card chip
application being instructed to override the issuer’s decision. A reversal should
be sent as well; however, such situations should be exceptional.

M/Chip Processing Services

To assist issuers migrating to chip, MasterCard has several M/Chip processing
network services that allow issuers to migrate at their own pace. Although
these services are fully described in the M/Chip Processing Services—Service
Description guide, the following information provides a brief description of
each of these services.

Chip to Magnetic Stripe Conversion Service

The Chip to Magnetic Stripe Conversion service removes all the chip data from
authorization messages and passes them on to the issuer. Issuers can therefore
issue chip cards, but leave their host systems unchanged. An issuer that has
requested this service is a magnetic stripe issuer.

When the Chip to Magnetic Stripe Conversion service processing is performed

on a transaction, the original method used to enter the primary account number
(PAN) in the Authorization Platform will be indicated in DE 48 (Additional
Data—Private Use), subelement 71 (On-behalf [OB] Services), subfield 2
(On-behalf Result 1) before sending Authorization Request/0100, Authorization
Advice/0120, and Reversal Request/0400 messages to the issuer for processing.

M/Chip Cryptogram Pre-validation Service

The M/Chip Cryptogram Pre-validation service validates the Authorization
Request Cryptogram (ARQC) and Transaction Certificate Cryptogram (TC) in
the authorization message, verifies the Card Verification Results (CVR) and
the Terminal Verification Result (TVR), passes the result of the check in the
message on to the issuer host system, and generates on-behalf of the issuer an
Authorization Request Cryptogram (ARPC) for the response. It enables issuers
to begin using chip cards as full chip issuers without implementing full chip
cryptography on their host system.

These issuers also benefit from the pre-validation service when their host is not
available because Stand-In processing considers the result of the cryptogram
pre-validation when responding to the authorization request. MasterCard firmly
recommends that when issuers have developed full chip cryptography support
on their online authorization host, they subscribe to the M/Chip Cryptogram
Validation in Stand-In Processing service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-8 27 November 2013 • Authorization Manual
 EMV Transactions
M/Chip Processing Services

Combined Service Option

Issuers can choose an option that combines the Chip to Magnetic Stripe
Conversion and M/Chip Cryptogram Pre-validation services. This option allows
two M/Chip processing services to be performed on a single transaction,
providing issuers with a bridge to maximize the benefits of chip card processing
capabilities while minimizing impacts on their authorization systems. These two
services also are available individually.

When an authorization request containing chip data is submitted and the issuer
participates in this combined service, the Authorization Platform performs
the M/Chip Cryptogram Pre-validation service before performing the Chip to
Magnetic Stripe Conversion service. The Authorization Platform identifies
the services it performed, along with their validation results, by populating
separate occurrences within DE 48 (Additional Data—Private Use), subelement
71 (On-behalf Services), and forwards the authorization request to the issuer.
This allows the issuer to use the results of the cryptogram validation, along with
existing risk management logic, to approve or decline the transaction while
processing the authorization response as a normal magnetic stripe transaction.

Issuers that want to use both services must contact MasterCard and identify the
account range and expiry date that the service will support using the Chip
Processing Services Member Requirements and Parameters form, which is
available in Appendix A of the M/Chip Processing Services—Service Description
guide and in the Business Forms section of MasterCard Connect™. Issuers
also must provide the keys and parameters according to the On-behalf Key
Management (OBKM) Procedures and On-behalf Key Management (OBKM)
Interface Specifications manuals.

M/Chip Cryptogram Validation in Stand-In Processing

The M/Chip Cryptogram Validation in Stand-In Processing service authorizes
transactions based on the issuer’s parameters similar to the normal magnetic
stripe Stand-In processing. This service checks the ARQC and TC (to perform
online CAM), verifies the CVR and the TVR, and generates an ARPC so that the
card will authenticate the response correctly.

A full chip issuer that subscribes to the Stand-In processing service for magnetic
stripe must request the M/Chip Cryptogram Validation in Stand-In Processing
service.

A magnetic stripe grade issuer that subscribes to Stand-In processing does

not need to request the M/Chip Cryptogram Validation in Stand-In Processing
service.

When Stand-In processing performs the optional CVC 1 test on issuer’s request,
the CVC 1 test is done only for a magnetic stripe transaction. It is not done for
a chip transaction because the chip online dynamic CAM is done.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-9
EMV Transactions
Limit–1 Processing

Limit–1 Processing
Limit–1 processing is not allowed for chip transactions.

MIP X-Code Processing

A transaction approved by the MIP X-Code processing is identical to a
transaction approved by the issuer, except that there is no DE 55 in the reply.
Full chip cards decline the transaction while magnetic stripe grade cards are
not impacted.

Impact of Chip Technology on the Network Message

The following information explains the impact of chip technology on the
network message.

DE 22—Point-of-Service [POS] Entry Mode

Data requirements for DE 22 in network messages.

Subfield 1—POS Terminal PAN Entry Mode

DE 22, subfield 1, value 05 (PAN auto-entry via chip) indicates that chip contact
technology is used for the transaction. Acquirers must be certified with the full
grade profile to use this value. If DE 22, subfield 1 contains value 05, DE 55
(Integrated Circuit Card [ICC] System-related Data) must be present.

Partial Grade acquiring means that for a chip transaction, DE 55 is not present.
Although Partial Grade acquiring is no longer allowed, chip issuers must
continue to support Partial Grade acquired transactions (that is, transactions
where DE 22 = 05 without DE 55 present in the online request) until Partial
Grade acquirers have all rolled out to full grade acquiring.

DE 22, subfield 1, value 80 indicates that chip technology should have been
used because it is supported by both card and terminal, however due to a
failure of the chip technology magnetic stripe technology is used as fallback.
Acquirers must use value 80 as follows:

• The terminal and the acquirer are certified to accept a MasterCard card
with chip technology.
• MasterCard card supports chip technology, which is indicated by a service
code 2xx or 6xx on the mag stripe.

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-10 27 November 2013 • Authorization Manual
 EMV Transactions
Impact of Chip Technology on the Network Message

DE 22, subfield 1 also supports contactless chip technology. DE 22, subfield 1,

value 07 (PAN auto-entry via contactless M/Chip), value 91 (PAN auto-entry via
contactless magnetic stripe), and value 92 (Contactless input, PayPass Mapping
Service applied when acquirer DE 22, subfield 1 contains value 91) indicate
contactless chip technology is used for the transaction. For more information
about contactless chip technology, see PayPass On-behalf Services Guide.

Chip Technical Fallback

Authorization Request/0100 messages containing transactions submitted as chip

fallback (DE 22, subfield 1, value 80) are cross-referenced with the acquirer’s
chip testing level certification indicator stored at MasterCard. If the value
indicates that the acquirer is not certified to process these types of transactions,
the Authorization Platform downgrades (DE 22, subfield 1, value 90) the chip
transaction before forwarding it to the issuer for authorization. The values
in DE 48, subelement 74 (Additional Processing Information), subfield 1 and
subfield 2 notify acquirers whenever this occurs in Authorization Request
Response/0110 and Reversal Request Response/0410 messages.

Issuers also will receive downgraded chip transactions sent by non–chip

compliant acquirers in the following messages containing DE 22, subfield 1,
value 80:

• Authorization Advice/0120—Acquirer-generated
• Authorization Advice/0120—System-generated
• Reversal Request/0400
• Reversal Advice/0420

Subfield 2—POS Terminal PIN Entry Mode

Issuers should not edit this subfield. Acquirers must use values that reflect the
terminal capability. A terminal that supports PIN must use value 1 (Terminal has
PIN entry capability) to indicate the terminal has a PIN entry capability. Because
a Maestro terminal and an ATM support PIN, terminals always must use value 1.

DE 23—Card Sequence Number

Acquirers must populate DE 23 with the chip data Application PAN Sequence
Number (EMV tag 5F34) from the chip when given by the card to the terminal.
If there are several applications on the chip that have the same PAN, this field
allows the issuer to know which one is used.

DE 35 Track 2 Data
DE 35 (Track 2 Data) is not included with Debit MasterCard POS transactions
unless valid DE 35, DE 45 (Track 1 Data), or DE 14 (Expiration Date) data is
supplied by the acquirer and forwarded in the issuer Financial Transaction
Request/0200 message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-11
EMV Transactions
Impact of Chip Technology on the Network Message

The Single Message System generates DE 35 from other available data only
when the original message contains valid DE 14 or DE 45 data.

DE 48—Additional Data—Private Use

Data requirements for DE 48 in network messages. For more information about
the values in this subelement, see the Customer Interface Specification manual.

Subelement 71—On-behalf Services

This subelement identifies the on-behalf service performed on the transaction,

and the results when converting an M/Chip transaction to a magnetic stripe
transaction or when validating the Authorization Request Cryptogram (ARQC).

Subelement 72—Issuer Chip Authentication

Subelement 72 carries the Issuer Authentication Data calculated by the

on-behalf service.

Subelement 74—Additional Processing Information

Subelement 74 provides information when there is a chip cryptogram issue.

When issuers perform chip cryptogram validation and there is an issue with the
cryptogram, issuers should include DE 48, subelement 74. For chip cryptogram
issues, issuers should use DE 39 (Response Code), value 57 (Transaction not
permitted to issuer/cardholder).

Acquirers that process chip transactions must be prepared to receive DE 48,

subelement 74.

Acquirers also will see when a chip transaction has been downgraded to a
magnetic stripe transaction. When a chip transaction has been downgraded to a
magnetic stripe transaction, the transaction should be submitted to the Global
Clearing Management System (GCMS) as a magnetic stripe transaction.

Acquirers receiving subelement 74, subfield 1 (Processing Indicator), value 90

(Chip Fall-back Transaction Downgrade Processing) in Authorization Request
Response/0110 messages may be liable for disputes under the Chip Liability
Shift Program, even if the issuer approved the transaction. Acquirers receiving
subelement 74, subfield 1, value 90 must contact their MasterCard representative
in the region to cross check their chip certification status and to initiate, as
required, the relevant chip certification process.

Subelement 79—Chip CVR/TVR Bit Error Results Listing

Subelement 79 provides issuers that participate in M/Chip Cryptogram

Pre-validation and M/Chip Cryptogram Validation in Stand-In Processing
services with a list of specific bits within the Terminal Verification Results (TVR)
and Card Verification Results (CVR) that were found to have an unexpected
value provided by the issuer during the M/Chip Cryptogram Pre-validation
service or the M/Chip Cryptogram Validation in Stand-In Processing service.

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-12 27 November 2013 • Authorization Manual
 EMV Transactions
Impact of Chip Technology on the Network Message

DE 55—Integrated Circuit Card [ICC] System-related Data

DE 55 in the online request contains data elements that were exchanged on
the card terminal interface. The format of the data follows the value TLV (tag,
length, value) format.

MasterCard network interface specifications for DE 55 indicate that:

• Acquirers must send all data elements defined as mandatory by EMV in

DE 55. Additionally, acquirers must send data that is defined as conditional
by EMV if the condition is satisfied.
• Acquirers may send data that is defined as optional by EMV.
• Acquirers are not allowed to send any data other than mandatory,
conditional, or optional data.

The data in DE 55 in the online request must not be echoed in the online
response.

For more information about the format of the EMV data, see the following
documents:

• M/Chip Requirements document

• Customer Interface Specification manual
• EMV Specification version 4.1–Book 4–Cardholder, Attendant, and Acquirer
Interface Requirements

DE 55 in the Online Request

Usage of some of the chip data present in DE 55 in the online request message.

The value of data elements in DE 55 must contain the exact value—bit per
bit—that was present on the card to terminal interface. Padding data is not
allowed because it may cause Application Cryptogram verification to fail.

If the same data appears several times on the card to terminal interface, DE 55
must contain the last data value that was present on the card terminal interface
within a transaction.

Application Cryptogram Tag 9F26—Mandatory

The Application Cryptogram (AC) is a Message Authentication Code (MAC)

calculated by the chip application on data included in DE 55. A valid AC proves
to the issuer that the card is genuine. It also provides that the data used as
input to the AC has not been altered, and therefore is the same data that was
present on the card to terminal interface.

EMV recommends the list of data to be used as input to the AC. All existing
card platforms adhere to this EMV recommendation.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-13
EMV Transactions
Impact of Chip Technology on the Network Message

If a terminal data (for example, TVR) is an input to the AC and the AC is correct,
it guarantees to the issuer that the TVR in DE 55 is the identical to the TVR
present at the card to terminal interface.

In an authorization message, the AC must be an Authorization Request

Cryptogram (ARQC).

Issuer Application Data Tag 9F10—Conditional

According to EMV specifications, the presence of this data in DE 55 is

conditional because it is communicated by the chip application. Because all
chip applications support this data, it will be always present.

The format of the Issuer Application Data (IAD) is card application dependant.
EMV recently defined the format of the Issuer Application data in the Common
Core Definition (CCD) and Common Payment Application (CPA).

Issuers are required to understand the format of the Issuer Application Data
and to decode it.

The IAD is made of at least two subelements. One subelement provides

information about the card settings, such as the cryptographic key that is
used. Another subelement—Card Verification Results (CVR)—provides the
issuer information about the transaction, such as whether the offline PIN is
successfully verified.

For the M/Chip card applications, the CVR structure of the IAD is defined by
the chip application. As the issuer chooses the chip application to use, the
meaning of each bit of the CVR is known to the issuer.

The CVR is an input to the ARQC; therefore, if the ARQC is correct, it guarantees
to the issuer that the CVR is written by a genuine card and has not been altered
since it was delivered by the card to the terminal.

Terminal Verification Result Tag 95—Mandatory

The Terminal Verification Result (TVR) has a fixed structure of 5 bytes. Each bit
of the TVR is defined by EMV and contains information about events detected
by the terminal during the transaction. Those events signal the result of checks
(for example that offline CAM has failed).

EMV determines how the bits are set by the terminal in TVR. It is an input to
the ARQC for the M/Chip card applications.

Cryptogram Information Data Tag 9F27—Mandatory

The Cryptogram Information Data (CID) indicates the type of Application

Cryptogram (AC) carried in DE 55. For an authorization message, the AC
must be an ARQC. The CID is not an input to the ARQC for the M/Chip card
applications.

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-14 27 November 2013 • Authorization Manual
 EMV Transactions
Impact of Chip Technology on the Network Message

Unpredictable Number Tag 9F37—Mandatory

The Unpredictable Number (UN) is a random number generated by the terminal

for each transaction. It is an input to the ARQC.

Because the value of the UN is random, therefore unpredictable, it is impossible

to replay a previous transaction. It is an input to the ARQC for the M/Chip
card applications.

Application Transaction Counter Tag 9F36—Mandatory

The Application Transaction Counter (ATC) is a sequential counter internal

to the chip application. It is incremented by the chip application at each
transaction. In combination with the Unpredictable Number tag 9F37, it
guarantees that two different transactions will never have the same data. It
allows the issuer to link a transaction in the clearing with the corresponding
authorization. It is an input to the ARQC for the M/Chip card applications.

Amount, Authorized (Numeric) Tag 9F02—Mandatory

The Amount, Authorized is determined by the terminal and contains the amount
of the transaction, including the portion of the amount in cash (for Purchase
with Cash Back transactions). It is an input to the ARQC for the M/Chip card
applications.

Transaction Currency Code Tag 5F2A—Mandatory

The Transaction Currency Code is determined by the terminal and provides the
currency of the Amount, Authorized and Amount, Other, if present. It is an
input to the ARQC for the M/Chip card applications.

Amount, Other (Numeric) Tag 9F03—Conditional

The Amount, Other is determined by the terminal. With Purchase with Cash
Back transactions, Amount, Other provides the portion of cash in the Amount
Authorized.

If a cash back amount is part of the transaction, Amount, Other must be

provided in DE 55. If there is no cash back, the value of Amount, Other may be
zero, or Amount, Other may not be provided in DE 55. It is an input to the
ARQC for the M/Chip card applications.

Cardholder Verification Method Results Tag 9F34—Optional

The Cardholder Verification Method Results is set by the terminal to indicate

the Cardholder Verification Method (CVM) that was used for the transaction.
If the acquirer supports offline PIN, MasterCard strongly recommends that
acquirers include the CVM Results (tag 9F34) in DE 55 for acquirers to indicate
in an online authorization request whether they used offline PIN or signature
or No CVM.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 11-15
EMV Transactions
Impact of Chip Technology on the Network Message

Dedicated File Name Tag 84—Optional

The Dedicated File Name contains the Application Identifier (AID) of the chip
application that is used for the transaction.

DE 55 Data in the Online Response

Usage of some of the chip data present in DE 55 in the online response message.

Issuer Authentication Data Tag 91—Optional

Issuer Authentication Data is normally composed of the following two parts.

• A cryptogram calculated by the issuer, proving to the card that the instruction
comes from the genuine issuer. This cryptogram is known as the ARPC.
• A binary field known as the ARPC Response Code. The ARPC Response
Code can be used by the issuer to instruct the chip card to take specific
actions as a result of that transaction (for example, for M/Chip 4.0):

– Respond with TC or AAC

– Reset card risk management counters, if appropriate
– Take other action, for example update the PIN Try Count

Issuer Scripts

A script is a command or series of commands that instructs the chip card to

perform certain functions. The use of scripts is optional for issuers.

If issuers send scripts, they must send only one script template 71 or one script
template 72. Issuers that support scripts must support secure messaging.

Full grade acquirers must support at a minimum an authorization response

message that contains either one script template 71 or one script template 72.
EMV 4.1 states that terminals must be able to support scripts of 129 bytes. This
includes tag 71 or 72, and the length.

As a result, the maximum length of the script to be supported is 127 bytes.

• Issuer Script Template 1 Tag 71—Optional—Issuer script template 1 is sent

to the card before the final card decision.
• Issuer Script Template 2 Tag 72—Optional—Issuer script template 2, sent
to the card after the final card decision.

DE 61—Point-of-Service [POS] Data

Subfield 11 (POS Card Data Terminal Input Capability) indicates the terminal is
EMV chip if and only if the terminal and the acquirer are certified to accept a
MasterCard card with chip technology.

©1983–2013 MasterCard. Proprietary. All rights reserved.

11-16 27 November 2013 • Authorization Manual
Chapter 12 PIN Processing for Europe Region Customers
Europe Region. This section explains how the Authorization Platform supports PIN
translations for acquirers and issuers and issuer PIN validation on the Dual Message System.

About PIN Processing for Europe Region Customers .................................................................. 12-1

Static Key Definition .............................................................................................................. 12-1
PIN Block Formats................................................................................................................. 12-1
PIN Validation Services .......................................................................................................... 12-1
PIN Translation ............................................................................................................................ 12-3
PIN Validation Processing ............................................................................................................ 12-3
PIN Key Management .................................................................................................................. 12-4
PIN Verification Value (PVV)/PIN Offset on File Service ............................................................. 12-4
Benefits.................................................................................................................................. 12-4
Processing Transactions Using PVV/PIN Offset ..................................................................... 12-4
Processing Parameters ........................................................................................................... 12-5
Alternate Processing .................................................................................................................... 12-5
Authorization Reports .................................................................................................................. 12-6
For More Information .................................................................................................................. 12-6

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 12-i
 PIN Processing for Europe Region Customers
About PIN Processing for Europe Region Customers

About PIN Processing for Europe Region Customers

The Authorization Platform supports PIN translation for acquirers and issuers
and issuer magnetic stripe PIN validation for Track 1 and Track 2 on the
MasterCard Network.

Static Key Definition

MasterCard allows customers to provide multiple PIN keys that can be used
for PIN encryption. MasterCard uses the customer-specified PIN encryption
key for PIN translation.

MasterCard requires that acquirers use DE 53 (Security-related Control

Information) in Authorization Request/0100 messages to identify the key used
for PIN encryption. Issuers optionally provide DE 53 in Network Management
Request/0800 messages when signing on to the MasterCard Network to identify
the encryption key to use for transaction processing. Customers can define a
maximum of 99 keys.

PIN Block Formats

Translation of encrypted PINs is supported using any of the following PIN
block formats.

• 01 (ANSI 1)
• 02 (ANSI 2)
• 03 (ANSI 3)
• 10 (ISO Format 0)
• 11 (ISO Format 1)
• 19 (ISO Format 0 or ISO Format 1)

PIN Validation Services

PIN validation for both Track 1 and Track 2 is based on the track present in the
Authorization Request/0100 message. MasterCard offers the following on-behalf
services to issuers for PIN validation.

Online PIN Pre-validation

The Online PIN Pre-validation service is an optional service for issuers that are
not capable of validating PIN data.

Online PIN Pre-validation provides the results of the PIN validation to issuers in
DE 48 (Additional Data—Private Use), subelement 71 (On-behalf Services) of
the Authorization Request/0100 message and to acquirers in DE 48 Additional
Data—Private Use), subelement 80 (PIN Service Code) of the Authorization
Request Response/0110 message.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 12-1
PIN Processing for Europe Region Customers
About PIN Processing for Europe Region Customers

Issuers may provide a PIN Verification Value (PVV) file for use during PIN
validation.

The Stand-In System uses the result of the PIN pre-validation when the issuer is
not available. The Authorization Advice/0120—System-generated message will
contain the results of the PIN pre-validation in DE 48 (Additional Data—Private
Use), subelement 71 (On-behalf Services), and DE 60 (Advice Reason Code),
subfield 2 (Advice Detail Code).

The Authorization Platform supports five PIN failed attempts for the Online PIN
Pre-validation service.

Issuers participating in the Online PIN Pre-validation service are not required
to provide DE 53 in their Network Management Request/0800 messages when
signing on to the MasterCard Network.

For details about data requirements, see the Customer Interface Specification
manual.

Online PIN Validation in Stand-In

The Online PIN Validation in Stand-In service is an optional service for issuers
that perform PIN validation and want the Authorization Platform to provide PIN
validation when they are not available.

Online PIN Validation in Stand-In will provide the results of the PIN validation
to issuers in DE 48, subelement 71 and DE 60, subfield 2 of the Authorization
Advice/0120—System-generated message and to acquirers in DE 48, subelement
80 of the Authorization Request Response/0110 message.

The Authorization Platform will allow the issuer to provide a value less than
five for PIN failed attempts.

Issuers may provide a PVV file to use during PIN validation.

Issuers participating in the Online PIN Validation in Stand-In service are required
to provide DE 53 in their Network Management Request/0800 messages when
signing on to the MasterCard Network.

For details about data requirements, see the Customer Interface Specification
manual.
NOTE
Acquirers and issuers should reference the Key Management Services (KMS)
interface section in the On-behalf Key Management (OBKM) Procedures and
On-behalf Key Management (OBKM) Interface Specifications manuals for
security procedures, technical format of PIN encryption keys, and PIN validation
keys to exchange manually with the KMS.

©1983–2013 MasterCard. Proprietary. All rights reserved.

12-2 27 November 2013 • Authorization Manual
 PIN Processing for Europe Region Customers
PIN Translation

PIN Translation
The Authorization Platform performs PIN translation on DE 52 (Personal ID
Number [PIN] Data) and DE 125 (New PIN Data) for issuers and acquirers that
use the Dual Message System.

DE 53 (Security-related Control Information) provides more flexibility for those

customers that want to change the PIN encryption key frequently. Issuers use
DE 53 to specify the PIN key to use for processing PIN transactions using
the Network Management Request/0800 message when they perform PIN
processing in-house or when they participate in the Online PIN Validation in
Stand-In service. Acquirers can specify the key used to encrypt the PIN by
providing DE 53 in the Authorization Request/0100 message.

Each acquirer and issuer will associate the PIN key index number to identify a
specific security key and may define a maximum of 99 security keys for use
during PIN translation.

PIN Validation Processing

The Authorization Platform performs PIN validation on DE 52 for issuers
subscribing to the Online PIN Pre-validation service or the Online PIN
Validation in Stand-In service.

The Authorization Platform supports PIN validation using static validation keys
only. Issuers that subscribe to one of the PIN validation on-behalf services must
identify an expiration date range for the account range when supplying the PIN
validation information. MasterCard will forward to the issuer transactions for
cards with an expiration date outside the specified range without performing
the validation service.

The Authorization Platform supports the following PIN validation methods:

• IBM3624 (variable length)

• ABA (MasterCard/VISA PVV)

PIN validation results are provided in DE 48, subelement 71 (On-behalf

Services) in Authorization Request/0100, DE 48, subelement 80 (PIN Service
Code) in Authorization Request Response/0110 and DE 48, subelement 71, and
DE 60, subfield 2 in Authorization Advice/0120—System-generated messages
when PIN validation has been performed on-behalf of the issuer.

The Authorization Platform manages tracking the number of PIN failed attempts
at the card level (for example, PAN, card sequence number from the track
and expiration date).

DE 52 (Personal ID Number [PIN] Data) is not included in the Authorization

Request/0100 message when PIN validation is performed.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 12-3
PIN Processing for Europe Region Customers
PIN Key Management

PIN Key Management

The Key Management Services (KMS) group manages the security keys for
customers using the PIN translation and PIN validation services supported by
the Authorization Platform on the MasterCard Network.

PIN Verification Value (PVV)/PIN Offset on File Service

PVV/PIN Offset used in PIN validation is usually located on Track 1 or Track
2 of a card's magnetic stripe. MasterCard offers a service by which the issuer
may optionally send the PVV/PIN offsets in a file to MasterCard to override
the information encoded on the track.

Upon receipt of the file at MasterCard, the file will be processed and the
information available at the end of processing.

MasterCard activates the PVV/PIN Offset data from an issuer upon receipt of
the PVV/PIN Offset File at MasterCard. Issuers may send a full file replacement.

Benefits
The PVV/PIN Offset on File service offers issuers the following benefits.

• Issuers that do not encode a PVV/PIN Offset on their cards’ Track 1 or

Track 2 have access to PIN validation services.
• When PVV/PIN offsets are incorrectly encoded on Track 1 or Track 2, correct
PVV/PIN offsets can be provided by file rather than having to re-issue cards.
• Issuers can move their card portfolios away from service providers that
perform PIN validation services on their behalf.

Processing Transactions Using PVV/PIN Offset

Issuers that use the optional PVV/PIN Offset on File processing must request
participation in the service for each card range and (optionally) expiry date
range.

To process a transaction, the Authorization Platform checks that PVV/PIN Offset

details are held on file for the relevant card range and expiry date range. If
details are on file for the card range and expiry date range, the Authorization
Platform checks for the individual card’s details within the issuer’s stored file.

The Authorization Platform checks the entry in the PVV/PIN Offset file to
ensure that the card’s PAN, card sequence number, and expiry date match. If
they do match, the Authorization Platform can use the PVV value on file. If the
PAN, card sequence number, and expiry date do not match, the Authorization
Platform processes the transaction according to the processing parameters that
the issuer specifies for the relevant card range and expiry date.

©1983–2013 MasterCard. Proprietary. All rights reserved.

12-4 27 November 2013 • Authorization Manual
 PIN Processing for Europe Region Customers
Alternate Processing

Processing Parameters
MasterCard stores the issuer PVV/PIN Offset files for use in the Online PIN
Pre-validation and the Online PIN Validation in Stand-In on-behalf services.
When the Authorization Platform cannot find a matching entry (with the correct
PAN, card sequence number, and expiry date values) in the issuer PVV/PIN
Offset file, it needs further instructions to process the transaction properly.

The issuer must select one of the following processing options for each card
range and expiry date:

• Optional on file—With this option, if no matching PVV/PIN Offset entry is

found in the PVV/PIN Offset file, the Authorization Platform retrieves the
PVV value from Track 1 or Track 2 of the relevant card.
• Mandatory on file—With this option, the Authorization Platform, having
checked the Track 1 or Track 2 information for the issuer card against the
entries held in the issuer PVV/PIN Offset file, performs one of the following
actions:

– For Stand-In services, the Authorization Platform returns an Authorization

Request Response/0110 message to the acquirer and an Authorization
Advice/0120—System-generated message to the issuer with the
appropriate response code, detailing the result of the processing.
– For Pre-validation services, the Authorization Platform forwards
the results of the PIN validation to the issuer in an Authorization
Request/0100 message and to the acquirer in an Authorization Request
Response/0110 message.

The Global Parameters section of the Authorization Parameter Summary Report

provides an indicator to identify issuer participation.

Alternate Processing
MasterCard will support issuers subscribing to the Online PIN Pre-validation
service that are not available to respond to the Authorization Request/0100
message and issuers subscribing to the Online PIN Validation in Stand-In for
Magnetic Stripe service by responding to the Authorization Request/0100
message on behalf of the issuer. MasterCard will consider the results of the PIN
validation in DE 48, subelement 71 when responding to the Authorization
Request/0100 message.

Issuers participating in one of the PIN validation on-behalf services should

reference the KMS interface section defined in the On-behalf Key Management
(OBKM) Procedures and On-behalf Key Management (OBKM) Interface
Specifications manuals for information relating to PIN validation.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 12-5
PIN Processing for Europe Region Customers
Authorization Reports

Authorization Reports
The following reports provide information that supports the PIN processing:

• The Authorization Parameter Summary Report (SI737010-AA) includes an

indicator to identify issuer participation in the PVV/PIN Offset service in the
Global Parameters section. Additionally, participation in either the Online
PIN Pre-validation or Online PIN Validation in Stand-In displays in the
On-behalf Services section of the report.
• The Authorization Summary Report (AB505010-AA) includes appropriate
values in the Response Code “Decline” category.

For sample of these reports and field descriptions, see “Reports.”

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

For the PVV/PIN Offset file format, see “File Layouts.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

12-6 27 November 2013 • Authorization Manual
Chapter 13 Transaction Routing Service
Europe Region. This section explains the transaction routing service functionality on the
MasterCard Network.

About Transaction Routing .......................................................................................................... 13-1

Transaction-based Routing Preferences ....................................................................................... 13-1
Network Management Request/0800 Message Sign-On/Sign-Off Options................................... 13-3
Primary Route Only Configuration............................................................................................... 13-3
Alternate Issuer Host Routing ...................................................................................................... 13-4
Alternate Processing .............................................................................................................. 13-4
Routing Timers............................................................................................................................. 13-4
For More Information .................................................................................................................. 13-5

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 13-i
 Transaction Routing Service
About Transaction Routing

About Transaction Routing

The Transaction Routing service provides the following routing functionality.

• Allows issuers to define different destination route configurations based on

transaction criteria related to an account range.
• Using Network Management Request/0800 messages, supports options to
sign on or sign off a single destination route within an account range by
group sign-in ID (GSI) or to sign on or sign off an alternate route.
• Supports an account range routing configuration that allows a route to a
single destination—the primary issuer.
• Provides extended routing timers for processing Maestro® and Cirrus®
transactions on the MasterCard Network.
• Supports routing transactions to an alternate issuer host instead of the
Stand-In System.

Transaction-based Routing Preferences

The Authorization Platform allows issuers in the Europe region to configure
route destinations at the account range level based on one or more of the
following criteria present in the Authorization Request/0100, Authorization
Advice/0120—Acquirer-generated, and Reversal Request/0400 messages.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 13-1
Transaction Routing Service
Transaction-based Routing Preferences

• DE 3 (Processing Code), subfield 1 (Cardholder Transaction Type Code)

• DE 3, subfield 2 (Cardholder “From Account” Type Code)
• DE 3, subfield 3 (Cardholder “To Account” Type Code)
• DE 32 (Acquiring Institution ID Code)
• DE 61, subfield 13 (POS Country Code)
• Cardholder verification method based upon the presence of DE 52 (Personal
ID Number [PIN] Data) in the incoming message.

– Signature/offline PIN-based transactions—Authorization requests are

categorized as signature/offline PIN when DE 52 (PIN Data) is not
present in the Authorization Request/0100 message.
– Online PIN-based transactions—Authorization requests are categorized
as online PIN-based when DE 52 is present in the Authorization
Request/0100 message.
• To indicate the appropriate cardholder verification method for Authorization
Advice/0120—Acquirer-generated and Reversal Request/0400 messages,
acquirers must provide DE 48 (Additional Data—Private Use), subelement 20
(Cardholder Verification Method) and one of the following values:

– S for a signature/offline PIN-based transaction or if no CVM used.

– P for an online PIN-based transaction.
• If DE 48, subelement 20 is not present in either the Reversal Request/0400 or
Authorization Advice/0120—Acquirer-generated message, the Authorization
Platform provides a default value of P (Online PIN-based transaction) to
determine the route destination. The Authorization Platform removes DE
48, subelement 20 from the acquirer-generated advice or reversal request
message before forwarding the message to the issuer.
• Terminal Type—The Authorization Platform defines transactions as ATM or
POS by the values in DE 3, subfield 1 and DE 48, position 1.

The following table shows an example of how different destination routes can
be defined for an account range based on transaction criteria. Each destination
route is assigned its own Group Sign-in Identifier (GSI), and as a result, a single
account range is associated with multiple GSIs.

Destination Route # Criteria

1 (GSI 1) Retail and Online PIN-based transactions

2 (GSI 2) Retail and Signature/Offline PIN-based transactions

3 (GSI 3) ATM

©1983–2013 MasterCard. Proprietary. All rights reserved.

13-2 27 November 2013 • Authorization Manual
 Transaction Routing Service
Network Management Request/0800 Message Sign-On/Sign-Off Options

Network Management Request/0800 Message

Sign-On/Sign-Off Options
The Network Management Request/0800 message sign-on and sign-off options
include both the Group Sign-in identifier (GSI) and the account range prefix
in DE 2. This option allows customers that participate in transaction-based
routing to optionally sign on/sign off individual account ranges associated
to a group sign-on ID.

Customers that use this option must provide the following values in the
Network Management Request/0800 message:

• DE 2 (Primary Account Number [PAN]) with the 5-digit GSI, followed by the
11-digit account range prefix
• DE 70 (Network Management Information Code) with the following values:

– 063 (Group Sign-On Alternate Issuer Route)

– 064 (Group Sign-Off Alternate Issuer Route)
– 065 (Prefix Sign-On by GSI for Primary Route)
– 066 (Prefix Sign-Off by GSI for Primary Route)
– 067 (Prefix Sign-On by GSI for Alternate Issuer Route)
– 068 (Prefix Sign-Off by GSI for Alternate Issuer Route)

DE 70, values 063, 064, 067, and 068 are applicable to customers that use an
alternate issuer route instead of the Stand-In System.

The following table shows an example of how different route destinations for
an account range can have a different sign-on or sign-off status.

Destination Route # Criteria Route Status

1 (GSI 1) Retail and Online Signed on

PIN-based transactions

2 (GSI 2) Retail and Signed on

Signature/Offline
PIN-based transactions

3 (GSI 3) ATM Signed on

Primary Route Only Configuration

The Authorization Platform supports an account range routing configuration that
allows a route to a single destination—the primary issuer. When the primary
issuer is not available or does not provide a usable response in the allotted time,
the Authorization Platform declines authorization request messages with DE 39
(Response Code), value 91 (Authorization System or issuer system inoperative).

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 13-3
Transaction Routing Service
Alternate Issuer Host Routing

Alternate Issuer Host Routing

The Authorization Platform supports alternate issuer host routing that allows
issuers to use an alternate issuer authorization route instead of the Stand-In
System.

When an alternate issuer host is used instead of the Stand-In System:

• DE 48, subelement 12 (Routing Indicator), value A (Alternate issuer host

routing) is present in the Authorization Request/0100 message to indicate
that the message has been routed from the Dual Message System, where it
was acquired, to the issuer host for alternate route authorization processing.
• DE 48, subelement 12, value P (Primary issuer host routing) is present in
the Authorization Request/0100 message to indicate that the message has
been routed from the Dual Message System, where it was acquired, to the
issuer host for primary route authorization processing.
• DE 121 (Authorizing Agent ID Code), value 000002 is present in the
Authorization Advice/0120—System-generated and Reversal Advice/0420
messages to indicate that an alternate issuer route processed the original
authorization request.
NOTE
Customers in the Europe region that route to an alternate issuer host for
alternate processing, instead of Stand-In processing, will continue to receive
advices. Alternate issuer host processing does not send Authorization
Advice/0120 or Reversal Request/0400 messages to the alternate host.

Alternate Processing
If an issuer supports an alternate issuer host for alternate route processing and
the alternate host is signed out or unavailable, X-Code processing will apply
according to product rules.

If X-Code processing is not allowed for a given transaction, response code 91

(Authorization System or Issuer System Inoperative) will be provided in the
authorization response to the acquirer.

Routing Timers
The Authorization Platform has a standard, fixed configuration of timers for
routing Maestro® and Cirrus® ATM and POS transactions in accordance with
the global rules that are published for these brands.

For information about routing timer values, see “Routing Timer Values.”

©1983–2013 MasterCard. Proprietary. All rights reserved.

13-4 27 November 2013 • Authorization Manual
 Transaction Routing Service
For More Information

For More Information

For details about data requirements, see the Customer Interface Specification
manual.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 13-5
Appendix A Non-MasterCard Authorization Message
Flows
This section explains MasterCard support of non-MasterCard transactions and illustrates the
flows of authorization messages for those types of transactions.

Authorization Flows for Visa Cards................................................................................................A-1

Flows for a Peer-to-Peer Visa Issuer—Transaction Does Not Qualify for Visa Custom
Payment Service Request .........................................................................................................A-1
Primary Path—Direct to the Issuer ....................................................................................A-1
Secondary Path—Routing through the Visa Network ........................................................A-2
Tertiary Path—X-Code Processing .....................................................................................A-3
Flows for a Peer-to-Peer Visa Issuer—Transaction Qualifies for Visa Custom Payment
Service Request........................................................................................................................A-3
Primary Path—Routing through the Visa Network ............................................................A-4
Secondary Path—MasterCard X-Code Processing ..............................................................A-4
Flows for a Non–Peer-to-Peer Visa Issuer................................................................................A-5
Primary Path—Routing through the Visa Network ............................................................A-5
Secondary Path—MasterCard X-Code Processing ..............................................................A-6
Authorization Flows for Non-MasterCard, Non-Visa Cards ............................................................A-7
Primary Path—Direct to Designated Endpoint.........................................................................A-7
Secondary Path—X-Code Processing.......................................................................................A-8

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 A-i
 Non-MasterCard Authorization Message Flows
Authorization Flows for Visa Cards

Authorization Flows for Visa Cards

When an acquirer enters a Visa transaction into the MasterCard authorization
network, MasterCard provides one or more of the following paths to ensure
proper authorization.

• Direct to the Visa issuer (only when the Visa issuer has a direct connection
to the MasterCard Network [peer-to-peer] and the transaction does not
qualify for the Visa Custom Payment Service Request program.1
• Routing to the Visa issuer through the Visa network
• Routing to MasterCard X-Code processing

Primary paths are always the first path attempted. Secondary paths are followed
only if the primary path is unavailable. Tertiary paths are followed only if the
first two paths are unavailable.

Flows for a Peer-to-Peer Visa Issuer—Transaction Does Not

Qualify for Visa Custom Payment Service Request
If the transaction is for a peer-to-peer Visa issuer and does not qualify for the
Visa Custom Payment Service Request program, the transaction follows one
of the following flows.

• Primary Path—Direct to the Issuer

• Secondary Path—Routing through the Visa Network
• Tertiary Path—X-Code Processing

To receive Visa transactions via this direct connection, the Visa issuer must be
set up for peer-to-peer processing by a MasterCard Customer and Technology
Support representative and must complete testing. Contact a MasterCard
Customer Technology and Operations Services representative to arrange for
this service.

Primary Path—Direct to the Issuer

If the transaction can be delivered directly to the Visa issuer, the transaction
follows the flow depicted in the following diagram.

1. Custom Payment Service Request is a Visa interchange discount program that applies to certain
transactions routed through the Visa authorization network.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 A-1
Non-MasterCard Authorization Message Flows
Secondary Path—Routing through the Visa Network

Authorization Flow Peer-to-Peer Issuer Non-Visa Custom Payment Service

Request Transaction Direct to the Issuer

1. The acquirer creates an authorization request conforming to MasterCard

specifications for Visa transactions. The Authorization Platform routes the
Visa authorization request through the MasterCard Network to the Visa
issuer.
2. The Visa issuer formats an authorization response conforming to MasterCard
specifications. The request travels back to the MasterCard Network. The
MasterCard Network delivers the authorization response to the acquirer.
3. Online acquirers may generate an authorization acknowledgement message
to acknowledge receipt of the response.

Secondary Path—Routing through the Visa Network

If the MasterCard Network connectivity to the Visa issuer is not functioning,
the Authorization Platform routes the transaction to the Visa network via a
MasterCard gateway, as shown in the following diagram.

Authorization Flow Peer-to-Peer Issuer Non-Visa Custom Payment Service

Request Transaction to the Issuer via the Visa Network

1. The acquirer creates an authorization request conforming to MasterCard

specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the MasterCard Network.
2. The Authorization Platform, unable to route the authorization request to
the Visa issuer, routes it instead to the MasterCard gateway to the Visa
authorization network.

©1983–2013 MasterCard. Proprietary. All rights reserved.

A-2 27 November 2013 • Authorization Manual
 Non-MasterCard Authorization Message Flows
Tertiary Path—X-Code Processing

3. The Authorization Platform receives the authorization response from Visa.

4. The Authorization Platform delivers the authorization response to the
acquirer.

Tertiary Path—X-Code Processing

If MasterCard Network connectivity to both the Visa issuer and the Visa network
is down, MasterCard X-Code processing returns a response of “decline,” as
illustrated in the following diagram.

Authorization Flow Peer-to-Peer Issuer Non-Visa Custom Payment Service

Request Transaction X-Code Processing

1. The acquirer creates an authorization request conforming to MasterCard

specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the MasterCard Network.
2. The Authorization Platform is unable to deliver the request to the Visa
issuer or the Visa network. X-Code processing returns a response code
that indicates “Authorization System or issuer system inoperative” and that
prompts an acquirer response of “decline.”

Flows for a Peer-to-Peer Visa Issuer—Transaction Qualifies for

Visa Custom Payment Service Request
If the peer-to-peer Visa issuer chooses to receive Visa transactions via its
MasterCard Network connection and the transaction does qualify for the Visa
Custom Payment Service Request program, the transaction follows one of the
following flows.

• Primary Path—Routing through the Visa Network

• Secondary Path—MasterCard X-Code Processing

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 A-3
Non-MasterCard Authorization Message Flows
Primary Path—Routing through the Visa Network

Although the Visa issuer in this scenario is directly connected to the MasterCard
Network, MasterCard nevertheless attempts to route the transaction through
the Visa network to secure the Custom Payment Service Request discounts
for the issuer.

Primary Path—Routing through the Visa Network

The primary path for transactions that qualify for the Visa Custom Payment
Service Request program always leads to the Visa network.

Authorization Flow Peer-to-Peer Issuer Visa Custom Payment Service

Request Transaction to the Issuer via the Visa Network

1. The acquirer creates an authorization request conforming to MasterCard

specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the MasterCard Network.
2. The Authorization Platform routes the authorization request to the Visa
network.
3. Visa delivers an authorization response to the MasterCard Network.
4. The Authorization Platform delivers the authorization response to the
acquirer.
5. The acquirer has the option to return an acknowledgement message.

Secondary Path—MasterCard X-Code Processing

If MasterCard Network connectivity to the Visa network is not functional,
MasterCard X-Code processing returns a response of “decline,” as shown in
the following diagram.

©1983–2013 MasterCard. Proprietary. All rights reserved.

A-4 27 November 2013 • Authorization Manual
 Non-MasterCard Authorization Message Flows
Flows for a Non–Peer-to-Peer Visa Issuer

Authorization Flow Peer-to-Peer Issuer Visa Custom Payment Service

Request Transaction X-Code Processing

1. The acquirer creates an authorization request conforming to MasterCard

specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the MasterCard Network.
2. The Authorization Platform is unable to route the request to the Visa
network or Stand-In processing. X-Code processing at the acquirer MIP
returns a response code that indicates, “Authorization System or issuer
system inoperative” and that prompts an acquirer response of “decline.”

Flows for a Non–Peer-to-Peer Visa Issuer

If the Visa issuer is not connected to the MasterCard Network or chooses not to
receive Visa transactions via its MasterCard Network connection, the transaction
follows one of the flows depicted in the following illustrations.

Primary Path—Routing through the Visa Network

When the issuer does not have direct connectivity to the MasterCard Network,
the primary path for all transactions leads to the Visa network, as illustrated
in the following diagram. Visa issuers do not receive PIN data with Visa ATM
transactions that are routed to the gateway.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 A-5
Non-MasterCard Authorization Message Flows
Secondary Path—MasterCard X-Code Processing

Authorization Flows Non–Peer-to-Peer Issuer to the Issuer via the Visa

Network

1. The acquirer creates an authorization request conforming to MasterCard

specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the MasterCard Network.
2. The Authorization Platform routes the request to the Visa network.
3. The Visa network delivers an authorization response to the MasterCard
Network.
4. The Authorization Platform delivers the authorization response to the
acquirer.
5. The acquirer may return an authorization acknowledgement message.

Secondary Path—MasterCard X-Code Processing

If MasterCard Network connectivity to the Visa network is not functional,
MasterCard X-Code processing returns a response of “decline,” as shown in
the following diagram.

©1983–2013 MasterCard. Proprietary. All rights reserved.

A-6 27 November 2013 • Authorization Manual
 Non-MasterCard Authorization Message Flows
Authorization Flows for Non-MasterCard, Non-Visa Cards

Authorization Flow Non–Peer-to-Peer Issuer X-Code Processing

1. The acquirer creates an authorization request conforming to MasterCard

specifications for Visa transactions. The Visa authorization request flows
through the acquirer MIP to the MasterCard Network.
2. The Authorization Platform is unable to route the authorization request to
the Visa network or Stand-In processing. X-Code processing at the acquirer
MIP returns a response code that indicates, “Authorization System or issuer
system inoperative” and that prompts an acquirer response of “decline.”

Authorization Flows for Non-MasterCard, Non-Visa Cards

Acquirers can process any of the following card brands via the MasterCard
Network.

• American Express
• Diners Club
• Discover
• JCB

MasterCard also supports processing of a number of private label cards. If the

card is among those listed above or one of the supported private label cards, the
transaction follows one of the flows depicted in Figure A.10 and Figure A.11.
NOTE
Non-MasterCard ATM transactions are automatically declined at the acquirer MIP.

Primary Path—Direct to Designated Endpoint

The primary path for non-MasterCard, non-Visa transactions always leads
directly to the endpoint designated for the specific card brand, as illustrated in
the following diagram.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 A-7
Non-MasterCard Authorization Message Flows
Secondary Path—X-Code Processing

Authorization Flow Direct to Designated Endpoint

1. The acquirer creates an authorization request conforming to MasterCard

specifications for the particular card brand. The request flows through the
acquirer MIP to the MasterCard Network.
2. The Authorization Platform routes the authorization request to the
appropriate endpoint (such as a processor, card issuer, or other network).
3. The endpoint returns an authorization response to the MasterCard Network.
4. The Authorization Platform delivers the authorization response to the
acquirer.

Secondary Path—X-Code Processing

If connectivity to the proper endpoint does not exist, MasterCard performs
X-Code processing and issues a “refer to card issuer” response (except for
MO/TO and ATM transactions, which receive a “decline” response) as illustrated
in the following diagram.

©1983–2013 MasterCard. Proprietary. All rights reserved.

A-8 27 November 2013 • Authorization Manual
 Non-MasterCard Authorization Message Flows
Secondary Path—X-Code Processing

Authorization Flow X-Code Processing

1. The acquirer creates an authorization request conforming to MasterCard

specifications for the particular card brand. The request flows through the
acquirer MIP to the MasterCard Network.
2. The Authorization Platform, unable to route the request to the appropriate
endpoint, performs X-Code processing, returning authorization responses as
follows:

Response Transaction Type

Decline MO/TO, ATM, or merchant suspicious transactions

Refer to Card Issuer All other transactions

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 A-9
Appendix B File Layouts
This section provides various file layouts.

Daily Payment Acceptance Table File Information .......................................................................B-1

PVV/PIN Offset File .......................................................................................................................B-2
In-flight Commerce Blocked Gaming File......................................................................................B-4

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 B-i
 File Layouts
Daily Payment Acceptance Table File Information

Daily Payment Acceptance Table File Information

The Daily Payment Acceptance Table File Information file is a fixed-block
format with a record size of 70 bytes and a block size of 27930 bytes. The file
is identified as MCI.AR.TR52.

Each file consists of the following:

• Header Record
• Detail Record for each account range
• Trailer Record

The Daily Payment Acceptance Table File Information is sent to acquirers

either as a TR52 production bulk type or as a TR54 test bulk type. Standard
MasterCard Global File Transfer methods are used to distribute the Daily
Payment Acceptance Table File Information.

The Daily Payment Acceptance Table File Information file layout contains the
account ranges (low range and high range) along with the associated issuing
member ID (that is, ICA number).

Daily Payment Acceptance Table File Header Record

Field Name Attribute Comments

Record Type an-1 Code indicating the type of record.
Identifier Valid value: H (Header)
Transmission Date n-6 Date the file was created. Format: YYMMDD
YY = Year
MM = Month
DD = Day
Transmission Time n-4 Time the file was created. Format: HHMM
HH = Hour
MM = Minute

Filler ans-59 Valid values: spaces

Daily Payment Acceptance Table File Detail Record

Field Name Attribute Comments

Record Type an-1 Code indicating the type of record.

Identifier Valid value: D (Detail)
Low Primary an-19 The lowest possible account number that
Account Range would be identified within this range.

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 B-1
File Layouts
PVV/PIN Offset File

Field Name Attribute Comments

High Primary an-19 The highest possible account number that

Account Range would be identified within this range.

Member ID n-11 MasterCard ICA number associated with

this account range. Format: right justified,
leading zeros.
Filler ans-20 Valid values: spaces

Daily Payment Acceptance Table File Trailer Record

Field Name Attribute Comments

Record Type an-1 Code indicating the type of record.

Identifier Valid value: T (Trailer)

Number of Records n-12 Total number of records in the file, including

in File header and trailer records. Format: right
justified, leading zeros.

Filler ans-57 Valid values: spaces

PVV/PIN Offset File

The PVV/PIN Offset File has a fixed length of 64 characters.

Each file consists of the following:

• Header Record
• Detail Records
• Trailer Record

Issuers sending their files to the Dual Message System can use Bulk ID RA85 or
CONNECT:Direct to send the PVV/PIN Offset file to MasterCard.

Issuers sending their files to the Single Message System can use Bulk ID RM29
(Production), RM31 (MTF), or CONNECT:Direct to send the PVV/PIN Offset
file to MasterCard.

PVV/PIN Offset File Header Record

Field Name Attribute Length Comments/Values

Record type ID Alphanumeric 3 HDR—header record

File version Numeric 3 100 (initial version)

number

©1983–2013 MasterCard. Proprietary. All rights reserved.

B-2 27 November 2013 • Authorization Manual
 File Layouts
PVV/PIN Offset File

Field Name Attribute Length Comments/Values

Customer ID Alphanumeric 11 First six digits must contain ICA with
leading zeros
Seventh digit and beyond contains
trailing spaces
Transmission Alphanumeric 10 Member assigned transmission code.
code May contain all spaces or zeros.
Transmission Numeric 4 0000-9999
sequence Wraps at 9999
Transmission Numeric 6 YYMMDD in UTC
date
Transmission Numeric 6 hhmmss in UTC
time

Input file type Alphanumeric 1 F: Full file replace

U: Update (not supported)
Filler Alphanumeric 20 Spaces

PVV/PIN Offset File Detail Record

Field Name Attribute Length Comments/Values

Record type ID Alphanumeric 3 DTL—detail record

Update code Alphanumeric 1 A = add/update

D = delete (not supported)
PAN Alphanumeric 19 With trailing spaces

Card expiry date Numeric 4 YYMM (must contain a valid year

and month)

Card sequence Numeric 1 Must contain the sequence number

number associated with the PAN or 0. A
value of 0 indicates that the card
sequence number should not be
used as criteria when matching to
the PVV file.

PVV/PIN Offset Numeric 6 Trailing spaces

Filler Alphanumeric 30 Spaces

PVV/PIN Offset File Trailer Record

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 B-3
File Layouts
In-flight Commerce Blocked Gaming File

Field Name Attribute Length Comments/Values

Record type ID Alphanumeric 3 TRL—trailer record

Number of detail Numeric 11 Detail record count

records

Filler Alphanumeric 50 Spaces

In-flight Commerce Blocked Gaming File

The In-flight Commerce (IFC) Blocked Gaming File has the following
specifications.

Frequency: Generated twice per month

Media: Bulk File (bulk type T104) or MasterCard File Express (ID
AM005)
LRECL: 100
Format: Fixed block

Block Size: 1,000

Refer to the following file layouts for both bulk file and MasterCard File Express.

IFC Blocked Gaming File Header Record

Field Name Position Length Comments/Valid Values

Record Type 1–3 3 Constant RHD

Processing Date 4–11 8 Date of file creation.
Format: = YYYYMMDD
YYYY = Year
MM = month
DD = Day

Valid value: Must be numeric

Filler 12–100 89 Valid values: spaces

IFC Blocked Gaming File Financial Detail Record

©1983–2013 MasterCard. Proprietary. All rights reserved.

B-4 27 November 2013 • Authorization Manual
 File Layouts
In-flight Commerce Blocked Gaming File

Field Name Position Length Comments/Valid Values

Record Type 1–3 3 Constant DTL

From BIN 4–22 19 First account number in the BIN range
to be blocked.
Format: Numeric, left-justified; zero-filled.
To BIN 23–41 19 Last account number in the BIN range to
be blocked.
Format: Numeric, left-justified; nine-filled.
ICA 42–46 6 ICA number associated with the blocked
BIN.
Format: Numeric, left-justified; zero-filled.

Effective Date 47–54 8 Date the BIN should begin being blocked.
Format: = YYYYMMDD
YYYY = year
MM = month
DD = day

Valid value: Must be numeric

Filler 55–100 46 Valid values: spaces

IFC Blocked Gaming File Trailer Record

Field Name Position Length Comments/Valid Values

Record Type 1–3 3 Constant TRL

Record Count 4–12 9 Numeric

Filler 13–100 88 Valid values: spaces

©1983–2013 MasterCard. Proprietary. All rights reserved.

Authorization Manual • 27 November 2013 B-5