ISO 8583: What is it and what do merchants need to know?

ISO 8583 is a global standard that defines the structure of a transaction message involving a credit or debit card.

Link to the author's page
Laura Quijano
March 4, 2024
Link to the author's page
ISO 8583: What is it and what do merchants need to know?

As technology evolves, so do the standards that regulate it. 

So keeping on top of payment messaging protocols such as ISO 8583 is a way of life for those in the payments sector. If your business is looking to accept credit card payments and achieve PCI compliance, then you need a setup that’s ISO 8583 watertight.

Aside from avoiding non-compliance fines, ISO 8583 is necessary because electronic fund transfers can fail if your systems don’t align with it. Moreover, it’s beneficial because your business can improve security, efficiency, and resilience by choosing a payment services provider that adheres to it. 

Use this guide for need-to-knows on the ISO 8583 standard, and find out how it impacts your business.

What is ISO 8583?

ISO 8583 is a global standard that defines the structure of a transaction message involving a credit or debit card. It’s issued by the International Organization for Standardization (ISO) in Geneva, and regularly undergoes review and republication.

Specifically, ISO 8583 is a set of rules on how to arrange the string of numbers and letters that make up request types such as authorization, clearing and settlement. It’s favored by card schemes including Visa and Mastercard, making it almost universal.

Note: ISO 8583 has nothing to do with a payments ISO, meaning “independent sales organization”. The latter refers to a third-party reseller of merchant accounts. It’s a coincidence that these terms share an acronym. 

Example use cases for ISO 8583

The messaging standard is applied when electronic payment data involving a credit or debit card is sent between parties. For instance, in an authorization request (to deduct funds from an account) or a reversal response (to confirm a payment was voided).

Real world examples that use ISO 8583 messaging include: buying sneakers via an online payment gateway, swiping a credit card at the grocery store or withdrawing $50 at an ATM.

How errors in payment messaging can sink revenue

While the standard provides a template for overall structure, complexity arises as card issuers and networks apply their own variations. That means formatting payment messaging is no mean feat, given the nuances in requirements per context. 

For that reason, you need to work with experienced payments analysts to ensure your business transaction requests are correctly formatted when sent to banks and card issuers. Otherwise there’s a risk of lost revenue due to false declines – that is, legitimate payments which failed because of preventable errors.

Read more: Chasing basis points: How performance drives digital commerce

What’s happening to the ISO 8583 standard?

ISO 8583 exists in three major versions: 1987, 1993, and 2003. Although it undergoes regular revisions, these days many consider it somewhat limited. In certain areas, a gradual shift has begun: moving away from ISO 8583 and towards ISO/AWI 20022, particularly for cross-border payments. 

Nevertheless, ISO 8583 is still fundamental to the majority of modern payment systems. 

How does ISO 8583 work?

The ISO 8583 protocol determines the way data is structured during credit card processing

Below is a diagram for a typical payment flow. Each arrow represents a message that adheres to the ISO 8583 standard.

Benefits of the ISO 8583 protocol for merchants

Merchants should look for financial processing systems that are ISO 8583 compliant. Without it, there’s a risk that payments will go awry. That could mean false declines, unhappy customers, and lost revenue.

That said, there are three main benefits of adhering to the ISO 8583 protocol:

Interoperability between diverse parties

Because there are so many parties involved in a typical transaction, the standard is necessary to ensure each one can interpret messaging correctly. This leads to its main benefit:  interoperability between different card networks and acquiring institutions.

So a customer in El Salvador can enter their French credit card details on a Japanese website that uses a payment processor in the USA – and each party correctly parses the data.

Transaction security

Related to the principle of accurate data encoding is the second benefit: secure data processing. The uniformity of transaction message structure leaves little room for misinterpretation. That eliminates, for instance, the risk of the customer’s phone number being mistaken for the transaction request amount.

Security is strengthened by the fact that each message contains so much information, including how the card details were entered (for instance, by swiping the magnetic stripe or typing into a webform) and the exact timing of the transaction. This aids investigation into potential fraudulent activity, and can even trigger alerts if a transaction request is far outside the norm for a cardholder.

ISO 8583 also supports an extra security measure known as tokenization, which replaces the raw card details with a secure payment instrument.

Streamlined payment processing

If someone asked you a question in French and expected an answer in Japanese, it might take you a few moments to form a response. The same is true of sending payments data.

Thanks to ISO 8583, payment messages can travel faster because you don’t lose time translating each message into a different format at each stop along the way. 

Each message also contains information about its size, giving payment nodes the opportunity to accurately assign processing capacity. 

All of that adds up to payments going through in a matter of seconds, not minutes. Given conversion rates on fast websites are three times better than slower ones, speedy tech is clearly a boon to revenue.

Key components of an ISO 8583 message

Each character or digit in the message signifies information, and the entire message is divided into several distinct portions.

Messages may begin with a “Header” that indicates how long the message will be. Its structure is specific to each network.

The first main portion of the message is known as the “Message Type Indicator” and each numeral describes: the version of ISO 8583 being used (for example, 2003), the class (such as authorization), the function (such as request), and the sender (for instance, the acquirer).

The next portion is the “Bitmap” section with 16 characters. It indicates which data elements are included in the message. There may be a secondary bitmap section, too (containing another 16 characters) if there are more than 64 data elements. Typically, this part of the message has a hexadecimal format that’s converted into binary that represents the actual data. 

In this way, you can fit more information into fewer digits overall. So it’s a convenient and compact system.

The final section contains the message “Data Elements” also known as data fields. This is the substance of the message itself; it contains the Primary Account Number, timestamp, transaction amount, processing code, and so on.

This way of encoding transaction data is extremely useful because of its precision. If your PSP is knowledgeable about the scheme, acquirer and issuer preferences when it comes to ISO 8583 messaging variations, they can send and receive legible, auditable and traceable transaction messages.

Implement ISO 8583 in your business with Checkout.com

Now that you grasp the significance of the ISO 8583 standard, you’ll see why it’s vital to choose a payment services provider that implements it across all systems.

Implementing ISO 8583 correctly is not a one-and-done deal. Several variables influence how the standard must be applied per transaction event, including:

  • Card network preferences (eg from Mastercard, Visa, Amex, and so on)
  • Card issuer preferences (eg from Wells Fargo, Bank of America)
  • Variations in versions of the ISO 8583 standard itself 

What that means is the application of the ISO 5853 standard one month may no longer work next month. And it certainly cannot be used in exactly the same way across all transaction types.

For that reason, it pays to partner with an expert in the field who can grasp the nuances of this technical standard. At Checkout.com, our analysts are some of the best in the industry. We combine in-market with advanced machine learning to improve the efficiency and efficacy of business payments around the world.

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button
March 4, 2024 13:35
March 4, 2024 13:35