rupay - online switching interface specification

7/26/2019 RuPay - Online Switching Interface Specification

1/198

National Payments Corporation of India

RuPay - OnlineSwitching Interface

SpecificationVersion 1.6 Year 2013

Release Year 2013


2/198

Table of Contents

RuPay - Online Switching Interface Specification

Version 1.6 Year 2013 NPCI 2011 Confidential Page 1of 197

Table of Contents

Table of Contents __________________________________________________________________________________ 1

List of Figures ______________________________________________________________________________________ 7

List of Tables _______________________________________________________________________________________ 8

Confidentiality and Copyright Notice _________________________________________________________ 10

Document Control ________________________________________________________________________________ 11

Chapter 1 About This Manual _______________________________________________________________ 16

1.1 Audience ___________________________________________________________________________________ 16

1.2 Organization of the Manual _____________________________________________________________ 16

1.3 Exclusion ___________________________________________________________________________________ 16

1.4 Document Convention ____________________________________________________________________ 16

1.5 More Information _________________________________________________________________________ 17

1.5.1 Related Publication ________________________________________________________________________________ 17

1.5.1.1 RuPay Global Clearing and Settlement (RGCS) ____________________________________________ 17

1.5.1.2 Operating Rule _______________________________________________________________________________ 17

Chapter 2 Introduction _______________________________________________________________________ 18

2.1 RuPay Switching Service _________________________________________________________________ 18

2.2 Transaction Flow SMS ____________________________________________________________________ 18

2.3 Transaction Flow DMS ___________________________________________________________________ 18

2.3.1 Authorization ______________________________________________________________________________________ 19

2.3.2 Clearing _____________________________________________________________________________________________ 19

2.3.3 Settlement __________________________________________________________________________________________ 19

2.4 Routing _____________________________________________________________________________________ 20

Chapter 3 Message Structure ________________________________________________________________ 21

3.1 Message Structure ________________________________________________________________________ 21

3.1.1 Message Header ____________________________________________________________________________________ 21

3.1.2 Message Type Identifier ___________________________________________________________________________ 21

3.1.2.1 Position 1- Version Number _________________________________________________________________ 21

3.1.2.2 Position 2 Message Class __________________________________________________________________ 21

3.1.2.3 Position 3 Message Function ______________________________________________________________ 22

3.1.2.4 Position 4 Message Source ________________________________________________________________ 22

3.1.3 Bitmap ______________________________________________________________________________________________ 23

3.1.3.1 Primary Bitmap ______________________________________________________________________________ 23

3.1.3.2 Secondary Bitmap ___________________________________________________________________________ 23

3.1.3.3 Third Bitmap _________________________________________________________________________________ 23

3.1.4 Data Elements ______________________________________________________________________________________ 24

3.2 RuPay Implementation of ISO 8583 ____________________________________________________ 24

3.3 Private Use Fields _________________________________________________________________________ 24


3/198

Table of Contents



Chapter 4 Message Definition _______________________________________________________________ 25

4.1 Authorization Message ___________________________________________________________________ 25

4.1.1 Description of Authorization Message ___________________________________________________________ 25

4.1.2 Message Type Identifier for Authorization Message ____________________________________________ 25

4.2 Financial Message _________________________________________________________________________ 254.2.1 Description of Financial Message _________________________________________________________________ 25

4.2.2 Message Type Identifier for Financial Message _________________________________________________ 25

4.3 File Update Message ______________________________________________________________________ 25

4.3.1 Description of File Update Message ______________________________________________________________ 25

4.3.2 Message Type Identifier for File Update Message _______________________________________________ 26

4.4 Reversal Message _________________________________________________________________________ 26

4.4.1 Description of Reversal Message _________________________________________________________________ 26

4.4.2 Message Type Identifier ___________________________________________________________________________ 26

4.5 Network Management Message _________________________________________________________ 264.5.1 Description of Network Management Message __________________________________________________ 26

4.5.2 System Sign-On and Sign-Off ______________________________________________________________________ 27

4.5.3 Cutover Message ___________________________________________________________________________________ 27

4.5.4 Echo Message ______________________________________________________________________________________ 27

4.5.5 Message Type Identifier for Network Management Message __________________________________ 27

4.6 Advice Message ____________________________________________________________________________ 28

4.6.1 Description of Advice Message ___________________________________________________________________ 28

4.6.2 Message Type Identifier for Advice Message ____________________________________________________ 28

Chapter 5 NPCI System Functionalities ____________________________________________________ 29

5.1 Data Communication _____________________________________________________________________ 29

5.2 Message Logging at NPCI _________________________________________________________________ 29

5.3 Key Security and Management __________________________________________________________ 29

5.4 Static Key Exchange_______________________________________________________________________ 30

5.5 Dynamic Key Exchange___________________________________________________________________ 30

5.5.1 Master Sends a New Key __________________________________________________________________________ 30

5.5.2 Slave Send a New Key _____________________________________________________________________________ 31

5.6 Key Exchange Scenarios _________________________________________________________________ 31

5.7 PIN Encryption / Decryption Process __________________________________________________ 32

5.8 Time-Out Management ___________________________________________________________________ 32

5.9 Liquidity Management Module _________________________________________________________ 32

5.10 Matching Criteria Key Data Fields ____________________________________________________ 33

Chapter 6 Member Responsibility __________________________________________________________ 34

6.1 Issuer Responsibility _____________________________________________________________________ 34

6.1.1 Message Supported by Issuer _____________________________________________________________________ 34

6.1.2 Maximum Response Time _________________________________________________________________________ 34

6.1.3 Authorization Cycle and Failure Condition Involving Issuer ___________________________________ 34

6.1.3.1 Authorization normal completion __________________________________________________________ 34


4/198

Table of Contents



6.1.3.2 Failure Conditions ___________________________________________________________________________ 35

6.1.3.3 Message Validation Failure at NPCI for an Issuer Response ______________________________ 35

6.1.3.4 System Failure during Authorization Request/ Financial Request to Issuer ____________ 36

6.1.3.5 System Failure during Authorization Response/ Financial Response from Issuer _____ 37

6.1.3.6 Late Response from Issuer __________________________________________________________________ 38

6.1.4 Stand-in functionality _____________________________________________________________________________ 386.1.4.1 Stand in Processing, Late Response from Issuer (NPCI Stand In) ________________________ 39

6.1.4.2 Stand in Processing, No response from issuer (NPCI Stand In) __________________________ 40

6.1.4.3 Stand-in Processing, Node Offline or Issuer Signed-off ___________________________________ 41

6.2 Acquirer Responsibilities________________________________________________________________ 42

6.2.1 Message Supported by Acquirer __________________________________________________________________ 42

6.2.2 Maximum Response Time for Acquirer __________________________________________________________ 43

6.2.3 Authorization Cycle and Failure Conditions Involving Acquirer _______________________________ 43

6.2.3.1 Authorization Normal Completion _________________________________________________________ 43

6.2.3.2 Failure Conditions ___________________________________________________________________________ 44

6.2.3.3 System Failure Acquirer Authorization / Financial Request (Acquirer Aware) ________ 44

6.2.3.4 System Failure Acquirer Authorization / Financial Request (Acquirer Unaware) ______ 45

6.2.3.5 Validation Failure at NPCI for Acquirer Message __________________________________________ 45

6.2.3.6 Acquirer Unable to Complete a Transaction due to the Terminal Failure (POS) ________ 46

6.2.3.7 System Failure NPCI (Aware) Authorization /Financial Response ______________________ 47

6.2.3.8 System Failure NPCI (Unaware) Authorization / Financial Response ___________________ 47

6.2.4 Advice message scenarios for acquirer __________________________________________________________ 49

6.2.4.1 Advice message normal completion ________________________________________________________ 49

6.2.4.2 Advice Delivery from Acquirer following Timeout ________________________________________ 49

Chapter 7 Message Format ___________________________________________________________________ 51

7.1 Transaction Identification _______________________________________________________________ 51

7.1.1 Notations Used in Message Format _______________________________________________________________ 52

7.2 Message Format for Issuer ______________________________________________________________ 53

7.2.1 Current (Phase I) Requirements ________________________________________________________________ 53

7.2.1.1 Purchase ______________________________________________________________________________________ 53

7.2.1.2 Purchase with Cashback _____________________________________________________________________ 54

7.2.1.3 RuPay Implementation of E-Commerce Purchase (Secure / Non-Secure) ______________ 55

7.2.1.4 E-Commerce 3D Purchase (Secure / Non-Secure) ________________________________________ 57

7.2.1.5 E-Commerce Refund _________________________________________________________________________ 58

7.2.1.6 Cash at PoS ___________________________________________________________________________________ 58

7.2.1.7 Cash Withdrawal - ATM _____________________________________________________________________ 60

7.2.1.8 Balance Inquiry ______________________________________________________________________________ 617.2.1.9 Reversal Message ____________________________________________________________________________ 62

7.2.1.10 Decline Message______________________________________________________________________________ 63

7.2.1.11 Network Management _______________________________________________________________________ 65

7.2.1.12 Pin Change ____________________________________________________________________________________ 65

7.2.1.13 Mini Statement _______________________________________________________________________________ 66

7.2.1.14 Card to Card Fund Transfer _________________________________________________________________ 67

7.2.1.15 Mobile Number Update ______________________________________________________________________ 70

7.2.1.16 Cheque Book Request _______________________________________________________________________ 71

7.2.1.17 Statement Request ___________________________________________________________________________ 72

7.2.1.18 Declined Advice (Quick EMV) _______________________________________________________________ 73

7.2.2 Future (Phase II) Requirements __________________________________________________________________ 757.2.2.1 Equated Monthly Instalment (EMI) ________________________________________________________ 75


5/198

Table of Contents



7.2.2.2 Loyalty Redemption _________________________________________________________________________ 76

7.2.2.3 Authorization Advice ________________________________________________________________________ 77

7.2.2.4 File Update ___________________________________________________________________________________ 78

7.2.2.5 Loyalty Inquiry _______________________________________________________________________________ 79

7.2.2.6 Refund ________________________________________________________________________________________ 80

7.3 Message Format for Acquirer ___________________________________________________________ 81

7.3.1 Current (Phase I) Requirements __________________________________________________________________ 81

7.3.1.1 Purchase ______________________________________________________________________________________ 81

7.3.1.2 Purchase with Cashback _____________________________________________________________________ 83

7.3.1.3 RuPay E-Commerce Purchase (Secure / Non-Secure) ____________________________________ 84

7.3.1.4 E-Commerce 3D Purchase ___________________________________________________________________ 85

7.3.1.5 E-Commerce Refund _________________________________________________________________________ 86

7.3.1.6 Cash at PoS ___________________________________________________________________________________ 87

7.3.1.7 Cash Withdrawal - ATM _____________________________________________________________________ 88

7.3.1.8 Balance Inquiry ______________________________________________________________________________ 89

7.3.1.9 Reversal ______________________________________________________________________________________ 90

7.3.1.10 Decline Message______________________________________________________________________________ 91

7.3.1.11 Network Management _______________________________________________________________________ 92

7.3.1.12 Pin Change ____________________________________________________________________________________ 93

7.3.1.13 Mini Statement _______________________________________________________________________________ 94

7.3.1.14 Card to Card Funds Transfer ________________________________________________________________ 95

7.3.1.15 Biometric Onus Authentication _____________________________________________________________ 96

7.3.1.16 Mobile Number Update ______________________________________________________________________ 98

7.3.1.17 Cheque Book Request _______________________________________________________________________ 99

7.3.1.18 Statement Request __________________________________________________________________________ 100

7.3.2 Future (Phase II) Requirements _________________________________________________________________ 101

7.3.2.1 Equated Monthly Instalments (EMI) ______________________________________________________ 101

7.3.2.2 Loyalty Redemption ________________________________________________________________________ 1027.3.2.3 Loyalty Inquiry ______________________________________________________________________________ 104

7.3.2.4 Refund _______________________________________________________________________________________ 105

Chapter 8 Data Element Description _____________________________________________________ 107

8.1 Annotation Convention for Attributes ________________________________________________ 107

8.2 Data Elements Information Components ____________________________________________ 107

8.3 Detailed Description of Data Elements _______________________________________________ 108

8.3.1 DE 2 Primary Account Number ________________________________________________________________ 108

8.3.2 DE 3 Processing Code ___________________________________________________________________________ 109

8.3.3 DE 4 Amount, Transaction _____________________________________________________________________ 110

8.3.4 DE 5 Amount, Settlement _______________________________________________________________________ 111

8.3.5 DE 6 Amount, Cardholder Billing ______________________________________________________________ 112

8.3.6 DE 7 Date and Time Transmission_____________________________________________________________ 113

8.3.7 DE 9 Conversion Rate, Settlement _____________________________________________________________ 114

8.3.8 DE 10 Conversion Rate, Cardholder Billing ___________________________________________________ 115

8.3.9 DE 11 System Trace Audit Number ____________________________________________________________ 116

8.3.10 DE 12 Time, Local Transaction______________________________________________________________ 117

8.3.11 DE 13 Date, Local Transaction ______________________________________________________________ 118

8.3.12 DE 14 Date, Expiry ___________________________________________________________________________ 119

8.3.13 DE 15 Date, Settlement ______________________________________________________________________ 120

8.3.14 DE 16 Date, Conversion _____________________________________________________________________ 121

8.3.15 DE 18 Merchant Category Code _____________________________________________________________ 122


6/198

Table of Contents



8.3.16 DE 19 Acquiring Country Code______________________________________________________________ 123

8.3.17 DE 22 Point of Service Entry Mode _________________________________________________________ 124

8.3.18 DE 23 Card Sequence Number ______________________________________________________________ 125

8.3.19 DE 25 Point of Service Condition Code _____________________________________________________ 126

8.3.20 DE 28 Amount, Fees _________________________________________________________________________ 127

8.3.21 DE 32 Acquiring Institution Code ___________________________________________________________ 1288.3.22 DE 33 Forwarding Institution Code ________________________________________________________ 129

8.3.23 DE 35 Track 2 Data __________________________________________________________________________ 130

8.3.24 DE 37 Retrieval Reference Number ________________________________________________________ 131

8.3.25 DE 38 Authorization Identification Response _____________________________________________ 132

8.3.26 DE 39 Response Code ________________________________________________________________________ 133

8.3.26.1 Response code scenarios ___________________________________________________________________ 135

8.3.26.2 E-commerce 3 D Implementation _________________________________________________________ 136

8.3.26.3 RuPay Implementation of E-commerce ___________________________________________________ 136

8.3.27 DE 40 Service Condition Code ______________________________________________________________ 138

8.3.28 DE 41 Card Acceptor Terminal ID __________________________________________________________ 139

8.3.29 DE 42 Card Acceptor ID _____________________________________________________________________ 1408.3.30 DE 43 Card Acceptor Name / Location _____________________________________________________ 141

8.3.31 DE 44 Additional Response Data ___________________________________________________________ 142

8.3.32 DE 45 Track I Data ___________________________________________________________________________ 144

8.3.33 DE 48 Additional Data _______________________________________________________________________ 145

8.3.34 DE 49 Currency Code, Transaction _________________________________________________________ 151

8.3.35 DE 50 Currency Code, Settlement __________________________________________________________ 152

8.3.36 DE 51 Currency Code, Cardholder Billing __________________________________________________ 153

8.3.37 DE 52 PIN Data _______________________________________________________________________________ 154

8.3.38 DE 54 Additional Amount ___________________________________________________________________ 155

8.3.39 DE 55 Chip Data ______________________________________________________________________________ 157

8.3.39.1 Authorization Message DE 55 Presence Descriptions __________________________________ 1578.3.40 DE 60 Advice Reason Code __________________________________________________________________ 161

8.3.41 DE 61 PoS Data Code ________________________________________________________________________ 162

8.3.42 DE 62 Private Data 1-Biometric Data _______________________________________________________ 165

8.3.43 DE 63 Private Data 2, Encrypted Biometric Data __________________________________________ 166

8.3.44 DE 70 Network Management Information Code ___________________________________________ 167

8.3.45 DE 90 Original Data Element ________________________________________________________________ 168

8.3.46 DE 91 File Update Code ______________________________________________________________________ 169

8.3.47 DE 95 Replacement Amount ________________________________________________________________ 170

8.3.48 DE 101 File Name ____________________________________________________________________________ 171

8.3.49 DE 102 Account Identification 1 ____________________________________________________________ 172

8.3.50 DE 103 Account Identification 2 ____________________________________________________________ 1738.3.51 DE 120 Private Data 3 _______________________________________________________________________ 174

8.3.52 DE 121, 122, 123 Private Data 4 6 ________________________________________________________ 180

8.3.53 DE 124 File Action Record and Data ________________________________________________________ 181

8.3.54 DE 126 Additional Data-Biometric Data ___________________________________________________ 182

8.3.55 DE 127 Additional Data-Biometric Data ____________________________________________________ 184

Chapter 9 Compliance _______________________________________________________________________ 186

9.1 Member Compliance Acquirer _________________________________________________________ 186

9.1.1 General Compliance ______________________________________________________________________________ 186

9.1.2 Transaction Wise Compliance ___________________________________________________________________ 186

9.1.3 Standards related to Compliance ________________________________________________________________ 188

9.2 Member Compliance Issuer ____________________________________________________________ 188


7/198

Table of Contents



9.2.1 General Compliance ______________________________________________________________________________ 188

9.2.2 Transaction Wise Compliance ___________________________________________________________________ 189

9.2.3 Standards related to Compliance ________________________________________________________________ 190

Annexure 1-Card to Card Fund Transfer ___________________________________________________ 191

Transaction Flow for Card To Card Funds Transfer ____________________________________________________ 191

Maximum Response Time _________________________________________________________________________________ 191

Annexure 2 -State Code ________________________________________________________________________ 192

Annexure 3 -Glossary __________________________________________________________________________ 193

Annexure 4 -Definition ________________________________________________________________________ 195


8/198

List of Figures



List of Figures

Figure 1 SMS Transaction Flow _______________________________________________________________________ 18

Figure 2 DMS Transaction Flow _______________________________________________________________________ 19

Figure 3 ISO 8583 Message Structure ________________________________________________________________ 21

Figure 4 Master Send a New Key ______________________________________________________________________ 30

Figure 5 Slave Sends a New Key _______________________________________________________________________ 31

Figure 6 Authorization Normal Completion __________________________________________________________ 35

Figure 7 Message Validation Failure NPCI _________________________________________________________ 35

Figure 8 System Failure Authorization Request/ Financial Request _____________________________ 36

Figure 9 System Failure Authorization Response/ Financial Response _________________________ 37

Figure 10 Late response from issuer _________________________________________________________________ 38

Figure 11 Stand-in Processing, Late Response from Issuer _________________________________________ 39

Figure 12 Stand-in Processing, No Response from Issuer __________________________________________ 40

Figure 13 Stand-in Processing, Node Offline or Issuer Signed-off __________________________________ 41

Figure 14 Maximum Response Time for Acquirer ___________________________________________________ 43

Figure 15 Normal Completion of an Authorization Message/ Financial Message _________________ 43

Figure 16 System failure - Acquirer Aware - Authorization / Financial Request _________________ 44

Figure 17 System Failure - Acquirer Unaware - Authorization / Financial Request ______________ 45

Figure 18 Message Validity Failure at NPCI - Authorization / Financial Request _________________ 45

Figure 19 Incomplete Transactions in case of Terminal Failure ___________________________________ 46

Figure 20System Failure - NPCI Aware - Authorization / Financial Response ____________________ 47

Figure 21 System Failure - NPCI Unaware - Authorization / Financial Response _________________ 48

Figure 22 Advice Messages getting Completed Normally ___________________________________________ 49

Figure 23 Advice Delivery Crossing Time Limits ____________________________________________________ 49


9/198

List of Tables



List of Tables

Table 1 Version History ________________________________________________________________________________ 11

Table 2 Document Revision History __________________________________________________________________ 15

Table 3 Document Convention ________________________________________________________________________ 16

Table 4 Components of Message Structure ___________________________________________________________ 21

Table 5 Version Number ISO 8583 Message _________________________________________________________ 21

Table 6 Message Class ISO 8583 Message ____________________________________________________________ 22

Table 7 Message Function ISO 8583 Message ________________________________________________________ 22

Table 8 Message Source ISO 8583 Message __________________________________________________________ 22

Table 9 RuPay Implementation of ISO 8583 _________________________________________________________ 24

Table 10 Private Fields Used in RuPay _______________________________________________________________ 24

Table 11 Message Supported by Issuer _______________________________________________________________ 34

Table 12 Message Supported by Acquirer ____________________________________________________________ 42

Table 13 Key Data Elements ___________________________________________________________________________ 52

Table 14 Symbols used in Message Format __________________________________________________________ 53

Table 15 Purchase Message Issuer __________________________________________________________________ 54

Table 16 Purchase with Cashback Message Issuer ________________________________________________ 55

Table 17 RuPay E-Commerce Message Issuer _____________________________________________________ 57

Table 18 E-Commerce 3D Message Issuer __________________________________________________________ 58

Table 19 Cash at PoSIssuer __________________________________________________________________________ 59

Table 20 Cash Withdrawal - ATM Message Issuer _________________________________________________ 61

Table 21 Balance Inquiry Message Issuer __________________________________________________________ 62

Table 22 Reversal Message Issuer __________________________________________________________________ 63

Table 23 Decline Message _____________________________________________________________________________ 65

Table 24 Network Management Message Issuer ___________________________________________________ 65

Table 25 Pin Change Message Issuer _______________________________________________________________ 66

Table 26 Mini Statement Message Issuer ___________________________________________________________ 67

Table 27 Card to Card Fund Transfer-Debit leg to the issuer _______________________________________ 69

Table 28 Card to Card Fund transfer-Credit to the beneficiary _____________________________________ 70

Table 29 Mobile Number Update Issuer ____________________________________________________________ 71

Table 30 Cheque Book Request Issuer ______________________________________________________________ 72

Table 31 Statement Request Issuer _________________________________________________________________ 73

Table 32 Decline Advice Message (Quick EMV) Issuer ____________________________________________ 74

Table 33 EMI Message Issuer ________________________________________________________________________ 76

Table 34 Loyalty Redemption Message Issuer _____________________________________________________ 77

Table 35 Authorization Advice Message Issuer ___________________________________________________ 78

Table 36 File Update Message Issuer _______________________________________________________________ 79

Table 37 Loyalty Inquiry Message Issuer___________________________________________________________ 80

Table 38 Refund Message Issuer ____________________________________________________________________ 81

Table 39 Purchase Message Acquirer _______________________________________________________________ 82

Table 40 Purchase with Cashback Message Acquirer _____________________________________________ 84

Table 41 RuPay E-Commerce Purchase Message Acquirer _______________________________________ 85

Table 42 E-Commerce 3D Purchase Message Acquirer ___________________________________________ 86

Table 43 Cash at PoS / Cash Withdrawal Message Acquirer ______________________________________ 88


10/198

List of Tables



Table 44 Cash Withdrawal - ATM Message Acquirer ______________________________________________ 89

Table 45 Balance Inquiry Acquirer _________________________________________________________________ 90

Table 46 Reversal Message Acquirer _______________________________________________________________ 91

Table 47 Decline Message _____________________________________________________________________________ 92

Table 48 Network Management Message ____________________________________________________________ 93

Table 49 Pin Change Message Acquirer ____________________________________________________________ 94

Table 50 Mini Statement Message Acquirer ________________________________________________________ 95

Table 51 Card to Card Fund transfer _________________________________________________________________ 96

Table 52 Biometric Onus Authentication _____________________________________________________________ 97

Table 53 Mobile Number Update _____________________________________________________________________ 99

Table 54 Cheque Book Request _____________________________________________________________________ 100

Table 55 Statement Request _________________________________________________________________________ 101

Table 56 EMI Message Acquirer ___________________________________________________________________ 102

Table 57 Loyalty Redemption Message - Acquirer ________________________________________________ 103

Table 58 Loyalty Inquiry Message Acquirer _____________________________________________________ 105

Table 59 Refund Message Acquirer _______________________________________________________________ 106

Table 60 Abbreviation used in Data Element Description ________________________________________ 107

Table 61 Data and Time Attribute __________________________________________________________________ 107

Table 62 Data Element Information Components _________________________________________________ 107

Table 63 Response Code Table ______________________________________________________________________ 134

Table 64 Compliance Reject Response Code _______________________________________________________ 134

Table 65 Response Code for Advice Message ______________________________________________________ 134

Table 66 Response codes Supported for Reversal Response / Request Messages ______________ 135

Table 67 Response Code Supported for Reversal Response ______________________________________ 135

Table 68 Response Code Supported for Network Management Message ________________________ 135

Table 69 Acquirer Compliance Reject Reason code _______________________________________________ 143

Table 70 Acquirer Compliance Reject Reason code _______________________________________________ 143

Table 71 Product Code _______________________________________________________________________________ 149

Table 72 DE 55 Presence Descriptions _____________________________________________________________ 160

Table 73 State Code __________________________________________________________________________________ 192

Table 74 Glossary and Description _________________________________________________________________ 194

Table 75 Definition ___________________________________________________________________________________ 197


11/198

Confidentiality and Copyright Notice



Confidentiality and Copyright Notice

2011 by National Payments Corporation of India.

This document is of restricted use. No part of this document may be reproduced in any form by

any means without prior written authorization of National Payment Corporation of India

(NPCI).


12/198

Document Control



Document Control

Document name: RuPay Online Switching Interface Specifications

Security classification: Confidential

Distribution list: Member banks

Version History:

Version Issue Date Effective Date

Draft 1.0 01-Sep-2011 01-Sep-2011

Version 1.1 01-Nov-2011 01-Nov-2011

Version 1.2 12-Dec-2011 12-Dec-2011

Version 1.3 19-Jan-2012 19-Jan-2012Version 1.4 30-Jun-2012 30-Jun-2012

Version 1.5 12-Oct-2012 12-Oct-2012

Version 1.5.1 16-Oct-2012 16-Oct-2012

Version 1.5.2 22-Jul-2013 22-Jul-2013Table 1 Version History

Document Revision History

Sr.

No.Section

Description Version

1

7.3.1.16,7.3.1.17,

7.2.1.17,7.2.1.18,7.2.1.19

Card To Card Funds transfer message format added 1.5

2

Partial early issuer for Chip Transaction ,Full chippurchase, full early issuer purchase, reversal full chip,

reversal full chip early issuer, advice message for chiptransaction, fallback for issuer removed

1.5

3 8.3.33 Default risk score, Value 99999 changed to 00999 1.5

4 8.3.26.1,8.3.26.2 Explanation of response code ED added 1.5

5 8.3.26 Response code related to FRM added 1.5

68.3.42,8.3.53,8.3.54

DE 62, 126 and 127 defined for biometricauthentication

1.5

7 8.3.47 DE 95 updated for partial reversal 1.58 8.3.38

DE 54 updated for support of ledger and available

balance for ATM

1.5

9 8.3.44 DE 70 constraint modified 1.5

10 8.3.33Value 6, 8, 9 removed from DE 48 tag 060. Tag 60

value 9 redefined with UID authentication

1.5

11 8.3.50 DE 120 Updated 1.5

12 8.3.41 DE 61 Updated with new values in subfield 8 1.5

13 8.3.17 New values added for DE 22 1.5

14 7.2,7.3 DE 62 added for all biometric transactions 1.5

15 7.2DE 63 ,DE 126,DE 127 removed from all issuer

message formats

1.5

16 7.3DE 126,127 added in acquirer message formats for all

biometric transactions

1.5


13/198

Document Control



Sr.

No.Section

Description Version

17 8.3.33Type changed from n to an for tag 067 (Income Tax

PAN) in DE 48

1.5

18 8.3.17New values 99 added in PAN entry mode and 8 added

in Pin entry mode.

1.5

19 8.3.41DE 61 subfield 1 and value 1 updated(unknown

added)

1.5

20 8.3.38 DE 54 description updated 1.5

21 8.3.39 DE 55 tags and description updated 1.5

22 8.3.33 Default value added for tag 071 in DE 48 1.5

23 8.3.33 New value has been added in tag 060-value 9 in DE 48 1.5

24 7.3.1.15 Biometric Onus Authentication added 1.5

25 3.1.2.208xx network management message is in scope of

RuPay implementation

1.5.1

26 7.1 Biometric Verification added as transaction type 1.5.1

27 For ATM transaction CVD/iCVD match result codemade conditional in response.

1.5.1

28 DE-23 Quick EMV and Full chip issuer constraint updated 1.5.1

29 DE-37 Format update, Trace Number replaced with STAN 1.5.1

30 DE-38Explanation added and scenario for Acquirer Time-out,Terminal Failure and Customer Cancellation added

1.5.1

31 DE-44 A044, I023, I055 added 1.5.1

32 DE-48

Tag 60 Name changed from CHIP Transaction

Authorization Indicator to Transaction AuthorizationIndicator

1.5.1

33 DE-55Full Chip Issuer and Quick EMV issuer constraint

added

1.5.1

34 Glossary New items added in glossary 1.5.1

35 8.3.26Response Code 32 moved from Table 58 to Table 61as Table 61 is for reversal response codes.

1.6

36 7.2.1.9In reversal message format, DE-44 is made conditionalDE 55 in response has been changed to '--'

1.6

37 8.3.33DE 48 Additional Data, Tag 057 description, ICS1passed validation-authentication value changed to 02

1.6

38 8.3.38

The following statement has been added:

In case of Balance Enquiry, if acquirer is sending theprocessing code as unspecified then issuer can

respond back with balance from either Savings orCurrent account. But the account type in Processing

code and Additional should be same.

1.6

39 4.5.3

In section Cutover Message, 1st point has been

removed and the below point have been added:

NPCI will issue cutover message (0800 message withnet code=201 in DE70) at 23:00 Hrs indicating a

business date change for bot SMS & DMS transactions.

1.6

40 8.3.33 DE 48 Tag 055 Length changed from a1 to n2 1.6

41 8.3.39

DE 55 Tag 91 will not be present for 0430 and 0130. It

has been changed from C to -.

1.6


14/198

Document Control



Sr.

No.Section

Description Version

42 4.5.4

In the Echo Message (point 4), Member banks and

NPCI will also generate Echo message (0800 messagetype) to keep alive during no transaction time. Ideal

duration for the same changed from 10 minutes to 3minutes.

1.6

43 8.3.17In DE 22 Point of Service Entry Mode-

95 Chip card with unreliable CVD or iCVD(description changed)

1.6

44 5.9 More description added to LMM 1.6

45 Annexure 1

In the card to card fund transfer, Inquiry transactionhas been removed.

Transaction flow for Card to Card funds transferupdated.

1.6

46 8.3.51 DE 120 updated for Card to Card funds transfer 1.6

47 7.2.1.14Card to Card to funds transfer Inquiry has beenremoved.

1.6

48 7.2.1.14

DE 120 Tag 045 (credit transaction to beneficiary) and

DE 120 Tag 046 (debit transaction to sender / issuer)removed

1.6

49 7.3.1.14In the message format Card to Card Fund TransferDE120 Tag 045 and Tag 046 removed

1.6

507.2.1.15,7.2.1.16,

7.2.1.17

Mobile number update, Statement Request and Cheque

Book Request message format have been added

1.6

51 7.2.1.18New message format added for Declined Advice (QuickEMV)

1.6

52 8.3.33 New value introduced in DE 48 in Tag 060 value 6 andValue 8

1.6

53 8.3.33

New value introduced in DE 48 in Tag 071 length has

been changed from 15 to 42. This has been done tohave provision for IPv6

1.6

54 8.3.33New Tag introduced in DE 48 i.e. Tag 077. This tag isused by Issuer to pass unique value for E-Comm

Registration transaction

1.6

55 8.3.33New Tag introduced in DE 48 i.e. 078, 079, 080 and

081 as reserved for future use (RFU)

1.6

56 8.3.33Definition changed for Tag 056 Value 21

Definition changed for Tag 060 value 6, 7, and 8

1.6

57 8.3.41

SF 7 description of values 3 and 4 modified

SF 8 New value introduced. G Offline PINSF 10 description of value 0 changed to unknown

SF 14 explanation changed

1.6

58 4.5.3Para 2 changed to NPCI cut off time indicates the newsettlement date is considered for transactions after

cutover for SMS transactions

1.6

59 4.6.1

Description changed to When an advice message is

forwarded from Acquirer/NPCI to any destinationthen, forward the advice message to the destinedentity and if an advice message is not delivered

immediately due to some communication failure to thereceiving entity then the advice message is stored in

1.6


15/198

Document Control



Sr.

No.Section

Description Version

their appropriate SAF and is delivered to the

destination when communication is re-established.

60 5.5.1

Point 2 descriptions changed The new key details

along with key check value will be sent in DE 48 andthe key is encrypted. The participant bank should

decrypt the new ZPK key using the ZMK and store intotheir switch and should respond back to NPCI with

0810 message with response code as 00 along withDE70=184

1.6

61 5.5.2

Point 4 descriptions changed "The new key details will

be sent in DE48 and key be sentinDE48andkey

encrypted value under ZMK and key check value. Theparticipant bank should decrypt the new ZPK key

using the ZMK and store into their switch and should

respond back to 0810 message with response code as

00 along with DE70=184

1.6

62 6.1.3.3

Note updated "Note:-In this case acquirer will not

generate a reversal to NPCI. NPCI will respond toacquirer with response code 91 (In case of message

validation failure in DE2, DE 11, DE 32, DE37, DE 41)

.NPCI will generate the reversal towards issuer with

response code-CI only if the authorization is successfuland populate DE 44 with reject reason code of

response message (In case Issuer not sending DE

38/DE 39 /Format error in DE 38 or DE 39/DE 39 notfrom the table as defined in DE 39 description in

chapter Data Elements Description). It must be notedby the issuer that it may get multiple reversal for the

transaction and it is issuers responsibility to verify thereversal before posting the same into customer

account."

1.6

63 6.1.3.6

Point 5 updated "NPCI also creates an acquirer

reversal advice/ message with response code 91

indicating that no authorization response/ financial

response message was received This message is placedin the SAF file for later delivery to the issuer."

1.6

64 6.2.4.2

Note updated "Note: Acquirer can generate reversal upto next 3 cutover cycles. If a reversal is generated after

next 3 cutover cycles then NPCI will not validate thesame and send it to the issuer."

1.6

65 8.3.32

Track I description changed to "For UID basedtransaction DE 45 is required excluding start and end

sentinel and LRC characters. For international

transactions track 1 may be present.

1.6

66 8.3.39

DE 55 Chip Data handling of unexpected tag has beenadded as "Unexpected EMV Tags: This field may

contain tags that the receiving issuer or acquirer doesnot recognize or does not expect. The receiver must

ignore such tags and continue parsing the next tag in

DE 55"

1.6

67 8.3.49 DE 102 Account Identification 1 Type changed to 1.6


16/198

Document Control



Sr.

No.Section

Description Version

ans..19 from ans..28

68 8.3.50DE 103 Account Identification 1 Type changed toans..19 from ans..28

1.6

69 4.2.1 Note added 1.670 7.2.1.2 Note enhanced for clarity for DE 4, DE6 and DE49 1.6

71 7.2.1.7 Note enhanced for clarity on DE4, DE6 and DE 49 1.6

72 8.3.5 Compliance of Billing amount changed 1.6

73 8.3.31New value added in Acquirer Reject Reason Code

A090

1.6

74 7.3.1.9Reversal message format revised and DE 44 made

conditional in reversal response 0430

1.6

75 7.2.1.3 DE 48 Tag 077 added in the message format 1.6

76 7.3.1.3 DE 48 Tag 077 added in the message format 1.6Table 2 Document Revision History


17/198

About This Manual Audience



Chapter 1About This Manual

This manual documents the technical details of RuPay transaction processing. The manual

contains detailed specifications for RuPay message formats, field descriptions, codes, and files.

1.1AudienceThis manual is intended for technical staff and managers and customer support personnel of the

member banks.

1.2Organization of the ManualChapter 2, IntroductionThis chapter provides basic overview of the authorization system.

Chapter 3, Message structure This chapter contains message structure supported by NPCI

Chapter 4, Message definitionsThis chapter contains various types of messages supported

by NPCI

Chapter 5, NPCI system functionalities This chapter contains various functionalities of the

NPCI online authorization system.

Chapter 6,Member responsibilities- This chapter contains responsibilities of the issuing and

acquiring bank

Chapter 7, Message formats This chapter contains NPCI message formats for various

transactions

Chapter 8, Data element descriptionThis chapter defines the data element description for

NPCI online messages

Chapter 9, ComplianceThis section defines the compliance requirements for members.

Glossary Glossary of terms used in this manual.

Definition Definition of terms used in this manual.

1.3

ExclusionThe current specification version excludes the following items:

Micro ATM transactions

Mobile based transactions

1.4Document ConventionDocument Convention Purpose in the Manual

Italics For writing note

Note Providing more information about the preceding topicsTable 3 Document Convention


18/198

About This Manual More Information



1.5More Information

1.5.1Related Publication

1.5.1.1

RuPay Global Clearing and Settlement (RGCS)This document does not contain details about the RuPay Global Clearing and Settlement System

(RGCS). For information about this system, kindly refer Technical Specification RuPay Clearing

and Settlement System

1.5.1.2Operating Rule

For Operating Rule refer RuPay Operating Regulations.


19/198

Introduction RuPay Switching Service



Chapter 2Introduction

As a part of the RuPay Switching Service, the NPCI Network will collect transactions from a

trusted source (an acquirer) and deliver it to a trusted destination (an issuer). The trusted

destination will use this information to validate the transaction to the cardholders account and

further authenticate the transaction back to the trusted source through NPCI Network. NPCI

Network further facilitates the process of clearing a valid authenticated transaction and

provides the settlement service. A settlement service is a facility within which funds are

exchanged between members and NPCI to settle transactions and fee amounts.

The RuPay Switching Service will facilitate POS and ATM transactions among all member banks

participating in the NPCI network. The RuPay Switching Service operates on a continuous

basis, ensuring that cardholders in India can use their card anytime and that Acquirers and

Issuers in India always have access to NPCI RuPay Switching Service facility.

2.1

RuPay Switching ServiceNPCI Switching service supports routing of interbank POS and ATM transactions through NPCI

network. It supports both single message system (SMS) and dual Messaging Systems (DMS).

Transaction flow for SMS and DMS are described below.

2.2Transaction Flow SMSNPCI single message system will process full financial transactions. Full financial transactions

contain both authorization and clearing information in a single message.

Single message system environment uses a single exchange of messages between the acquirerand the issuer to

Authorize a financial transaction

Post a financial transaction to a cardholders account

The NPCI SMS system will perform real time transaction processing as well as exception or

offline transaction processing offline. Transaction flow in SMS environment is as follows:

IssuerAcquirer

RGCS

Central Switch

0200 0200

Merchant

0210 0210

ATM and SMS

POS transaction

downloaded

from Centralswitch for

processing after

cutover

Offline and

settlement

files

Offline andsettlement

files

Figure 1 SMS Transaction Flow

2.3

Transaction Flow DMSA dual message system comprises of authorization, clearing and settlement.


20/198

Introduction Transaction Flow DMS



2.3.1AuthorizationAuthorization is the process where the card issuing bank notifies the acquirer and the merchant

of the availability of funds for a cardholder, and issues an authorization code for the transaction

2.3.2

ClearingThe movement of transaction information from the member to NPCI network and NPCI network

to members is referred to as Clearing. In the clearing process, the funds are claimed from

member parties using the NPCI network by exchanging clearing files. Clearing activities

facilitate the settlement process.

2.3.3SettlementSettlement is the process used to exchange funds between members for the net value of the

monetary transactions cleared for the specific processing day.

Transaction flow in DMS environment is as follows:

IssuerAcquirer

RGCS

Central Switch

0100 0100

Merchant

0110 0110

POS transaction

downloaded

from Central

Switch for

processing after

cutover

Clearing

and

settlementfiles

Clearing

and

settlementfiles

Figure 2 DMS Transaction Flow

This document defines the Host-to-Host RuPay online message specifications for both single

message system and dual message system. Messages to be used for the connection between the

NPCI host, issuer and acquirer will be based on the ISO-8583 standard. This document outlines

the detailed usages of theISO-8583 protocol between the two host systems and the data format

to be used in individual data elements.

Note: The word POS here encompasses all the transaction types other than ATM transactions like

POS/IVR/E-Comm.


21/198

Introduction Routing



2.4RoutingRouting is the process of moving information across an inter-network from a source to a

destination. The NPCI RuPay Switching service supports routing of interbank POS and ATM

transactions through NPCI network.

NPCI system will support the routing for authorization for both SMS and DMS system.

The clearing and settlement of DMS transaction is carried through RuPay Global

Clearing and settlement system (RGCS)

The central switch of the NPCI system validates the request message from the acquirer

and prepares it for processing. This processing and validation include identifying the

message type, identifying the Issuing bank, checking of structural, format and value

validation, and Liquidity Management Module (LMM) checking.

If the central switch encounters an error condition at any point in the process then further

processing is halted. Messages rejected or declined by NPCI are sent back to the acquirer with aproper response code indicating occurrence of an error condition wherever possible and the

message is not forwarded to the issuer. For e.g. if a message does not contain a mandatory field

in the request, or a field contains an alphabet in place of a number then that message would be

rejected at the NPCIs end.


22/198

Message Structure Message Structure



Chapter 3Message Structure

3.1Message StructureNPCI online messages are based on Bank Card Organizational MessagesInterchange Message

SpecificationsContent for Financial Transactions, International Organization for

Standardization (ISO) 8583; 1987 (E). NPCI online messages have four basic components, as

shown below. The message structure is based on ISO 8583 standard as defined in the following

table.

Message Header MTI Bit Map Data ElementsFigure 3 ISO 8583 Message Structure

A message structure comprises of the following components:

Message Element Description

Message Header Contains the length of the message

MTI Message Type Identifier. Specifies general category of message

Bit Map Specifies which data elements are present

Data Element Concatenated data elementsTable 4 Components of Message Structure

3.1.1Message HeaderMessage header consists of 2 bytes binary value which contains the length of message excluding

the header length.

3.1.2

Message Type IdentifierThis is a 4 digit numeric field, whose each digit starting from the left indicates - ISO 8583

version, the message class, the message function, and the message origin.

3.1.2.1Position 1- Version Number

1stposition of the message type identifier (MTI) specifies the version of the ISO 8583 standard

used to transmit the message.

MTI Signifies RuPay Implementation

0xxx ISO 8583:1987 version

1xxx ISO 8583:1993 version

2xxx ISO 8583-1:2003 version

9xxx Reserved for ISO use Table 5 Version Number ISO 8583 Message

3.1.2.2Position 2 Message Class

2ndposition of the MTI specifies the class of the message.


01xx Authorization messages

02xx Financial transaction messages

03xx File update messages 04xx Reversal messages


23/198





08xx Network management messages Table 6 Message Class ISO 8583 Message

3.1.2.3Position 3 Message Function

3rd position of the MTI specifies the message function which defines how the message will flow

within the system.


xx00 Request

xx10 Request response

xx20 Advice

xx30 Advice response

xx40 Notification Table 7 Message Function ISO 8583 Message

3.1.2.4

Position 4

Message Source4thposition of the MTI defines the location of the message source.


xxx0 Acquirer

xxx1 Acquirer repeat

xxx2 Issuer

xxx3 Issuer repeat Table 8 Message Source ISO 8583 Message

Following are the valid message type identifiers for RuPay online specifications

0100 - Authorization Request

0110 - Authorization Response

0200 - Financial Transaction Request

0210 - Financial Transaction Response

0120 - Authorization Advice Request

0130 - Authorization Advice Response

0220 Financial advice request

0230 Financial advice response

0302 - Issuer File Update Request

0312 - Issuer File Update Response

0420 - Acquirer Reversal Request

0430 - Acquirer Reversal Response

0800 - Network Management Request

0810 - Network Management Response


24/198




3.1.3BitmapWithin an ISO 8583 message, a bitmap is a field or subfield that indicates which data elements

may be present elsewhere in a message. The message text segment of all messages transmitted

through NPCI Host is of variable length. For this segment, bit maps specify the fields that are

present and those that are missing.

The valid combinations of the bit maps are:

Primary bitmap

Primary and secondary bitmap

Primary, secondary and third bitmap

3.1.3.1Primary Bitmap

Each message includes the primary bitmap. It is a control field consisting of 64 bits (8 bytes)

located after the message type identifier. Except for the first bit, each bit in the bitmap relates to

the corresponding data field (fields 264) in the message. The value in the bit indicates whether

the data field is present in the message:

If a bit is 0, the field related to that bit is not present in the message.

If a bit is 1, the field related to that bit is present in the message.

Data field number 1 does not exist. The first bit of the primary map is used to indicate if another

bitmap called the second bitmap (see the next section) immediately follows this primary one.

3.1.3.2Secondary Bitmap

The first bit of the first bitmap indicates the presence or absence of a second map called thesecond bitmap. Like the primary map, the secondary map is a control field consisting of 64 bits

(8 bytes). It can be considered an extension of the primary map because it is associated with

fields 66 through 128. Data field 65 does not exist. This position, like that of field 1 in the

primary map, is used to indicate the presence of another bitmap. A 1 in this position indicates

the presence of a third bitmap.

The second bitmap is present only when the message contains information in any field from 66

through 128. When present, the secondary map immediately follows the primary bitmap and

precedes the data fields.

3.1.3.3

Third BitmapA tertiary, or third, bitmap can be used to indicate the presence or absence of fields 129 to 192.

A 1 in the first bit of the second bitmap (bit 65) indicates the presence of the third bitmap.

The third bitmap is aligned at the beginning of the message, directly following the first two

bitmaps. The data elements follow the bitmaps. The third bitmap is reserved for future use.

Note: The message exchanged between member switch and the NPCI switch will use ASCII

character set. Message header will be in binary.


25/198

Message Structure RuPay Implementation of ISO 8583



3.1.4Data ElementsData elements are fields carrying the information of the transaction itself. Each Data element

has a specified meaning and format. The detailed description of the data elements is described

in the Chapter 8.

For example: Bit value 2 is assigned to Primary Account Number, 3 is assigned to Processing

Code, 4 is for Transaction Amount similarly bit value 128 is for message authentication code

field and so on. For each data element there is specific data format, size, constraints and

description, which are been mentioned in Chapter 8.

3.2RuPay Implementation of ISO 8583The flowing table describes RuPay implementation of ISO 8583 messaging standard.

Variations Descriptions

Message Header NPCI uses 2 byte header which indicates the length of themessage minus header.

DE 22 POS entry mode NPCI uses five private values 80, 81, 90, 91, 95 ,99 for PAN entrymode and two private values 6, 9,8 for PIN entry mode of DE 22

DE 25 -POS Condition code NPCI defines three private values 51, 59, 71 for this field

DE 44 Additional response

data

NPCI defines additional response data to indicate the reject code

in case if the message fails to comply with the rulesTable 9 RuPay Implementation of ISO 8583

3.3Private Use Fields

The following table describes private fields used in RuPay implementation

Variations Descriptions

DE 48 -Additional data NPCI uses DE 48 which is reserved by ISO for Private use

DE 60 Advice reason code NPCI uses DE 60 which is reserved by ISO for Private use

DE 61 POS data code NPCI uses DE 61 which is reserved by ISO for Private use

DE 62 Private data field 1 NPCI uses DE 62which is reserved by ISO for Private use

DE 63 Encrypted biometric field NPCI uses DE 63which is reserved by ISO for Private use

DE 120 Private data field 3 NPCI uses DE 120which is reserved by ISO for Privateuse

DE 121 to DE 123 Private data

field 4 - 6

NPCI uses DE 121 to DE 123which is reserved by ISO for

Private useDE 127 Private data field 7 NPCI uses DE 127which is reserved by ISO for Private

useTable 10 Private Fields Used in RuPay


26/198

Message Definition Authorization Message



Chapter 4Message Definition

NPCI system messages generally consist of a pair of messages: a request message followed by a

response message. This section provides an overview and defines various types of messages

supported by the NPCI system.

4.1Authorization Message

4.1.1Description of Authorization MessageThis message authorizes a transaction before a final amount of the purchase is known. It

determines if funds are available, gets an approval and block the funds in the account. These

messages do not have a settlement impact hence, to clear and settle an approved transaction the

acquirer must submit the transaction to the clearing system.

4.1.2Message Type Identifier for Authorization MessageAuthorization request0100

Authorization response0110

Authorization advice request 0120

Authorization advice response 0130

4.2Financial Message

4.2.1

Description of Financial MessageThis message determines if funds are available, gets an approval and debits the account.

Financial messages have a settlement impact. No exchange of clearing file is done after this.

There should be an authentication parameter in the request.

Note: For financial request message PIN (DE 52) is mandatory as an authentication parameter.

Financial request message without PIN will be declined with acquirer compliance and will not

be forwarded to issuer. The exception to this is non-secure E-Commerce transaction.

4.2.2Message Type Identifier for Financial Message

Financial Request 0200Financial Response 0210

Financial Advice Request 0220

Financial Advice Response 0230

4.3File Update Message

4.3.1Description of File Update MessageFile update message is an issuer generated message. File update message is used to update the

cardholder records in NPCI database for negative list. This message will enable performing aSTIP authentication on behalf of the issuer.


27/198

Message Definition Reversal Message



4.3.2Message Type Identifier for File Update MessageFile update message request 0302

File updates message response 0312

4.4

Reversal Message

4.4.1Description of Reversal MessageThis message reverses the action of a previous authorization. It notifies NPCI Host and/or the

issuer of an error condition regarding an earlier financial transaction if:

An approved transaction is cancelled at the POS or ATM device.

Acquirer does not receive a response to a financial request.

Acquirer cannot send an approved response to the POS or ATM device.

If, for any reason, these messages cannot be immediately delivered to their intendeddestination, acquirer or NPCI stores these messages in SAF and forwards them to the intended

destination when communication is re-established with the appropriate destination processor.

NPCI treats all reversal messages as reversal advice messages. Acquirer needs to send 0420

message to NPCI and NPCI will forward the same to the Issuer. Issuer needs to respond with a

0430 message. NPCI generates reversals only for time-out cases for issuer responses. NPCI will

also generate reversal, if the response from issuer fails for format validation or issuer fails to

respond within the allowed time limit. It is important to mention that a reversal always needs to

be acknowledged and the response code in the reversal response 0430 message is ignored at

NPCI. If any response comes for 0420 message from the Issuer, NPCI treats that the reversal is

completed and the same is not be forwarded again, removed from SAF and take the affect insettlement.

Acquirer can generate reversal up to next 72 hours (3 cut over cycles). If a reversal is generated

after next 72 hours then NPCI will not validate the same will not be processed at NPCI.

4.4.2Message Type IdentifierReversal Message Advice 0420

Reversal Message Advice Response 0430

4.5

Network Management Message

4.5.1Description of Network Management MessageThis message is used to communicate with the NPCI. These messages can be initiated either by

members or by NPCI. These messages are used to communicate that the member is available for

processing transactions. They may also be used for other purposes such as validation of the

availability of the host session in case of low or no transaction traffic in the session, etc.

Network messages communicate with NPCI for the scenarios mentioned below.


28/198

Message Definition Network Management Message



4.5.2System Sign-On and Sign-Off

Either party (NPCI or Bank) can initiate a sign-on or sign-off message to establish or

close the host session.

Once a session has been closed (signed-off), the session should be re-established (sign-

on) by the party that closed the session. Neither system shall attempt to automatically re-establish a session that has been

signed-off by the other party.

Either party may sign-off a session regardless of whoinitially started (signed-on) the

session.

Bank/NPCI can either originate or receive 0800 sign-on /sign-off message (bit 070 =

001 / 002).

A 0810 request response message must acknowledge the 0800 request message.

Its the members responsibility to generate sign-on (0800) message to establish connectivity to

NPCI. Member banks also have to support sign-on message sent by NPCI and respond accordingly.

4.5.3Cutover Message

NPCI will issue cutover message (0800 message with net code=201 in DE70) at 23:00

hour indicating a business date change for both SMS & DMS transactions NPCI cut off

time indicates the new settlement date is considered for transactions after cutover for

SMS transactions.

The member needs to respond to the cutover message. In the event that a member does

not respond to the cutover message, NPCI will impose a forced cutover.

4.5.4

Echo Message Either party can send an echo message (0800 DE 70=301) to the other party.

The receiving party will respond to the echo message (0810 DE 70=301).

These echo messages are used to validate the availability of the host session in case of

low or no transaction traffic in the session.

Member banks and NPCI will also generate Echo message (0800 message type) to keep

alive during no transaction time. Ideal duration for the same should be 3 minutes (180

seconds).

NPCI will keep generating echo messages at regular intervals only if no transaction

processed on the node.

Banks must generate the echo message every 3 minutes (180 seconds) if no transaction

is processed on the network during the duration.

4.5.5Message Type Identifier for Network Management Message

Network Management Request 0800

Network Management Response 0810


29/198

Message Definition Advice Message



4.6Advice Message

4.6.1Description of Advice Message

This is a message that is from point to point i.e. from terminal to acquirer, from acquirer

to network, from network to issuer, with transmission guaranteed over each link, but

not necessarily immediately.

It is a message which cannot be rejected i.e. needs an acknowledgement at the

minimum.

Queued and Stored in a SAF(Store And Forward)

When an advice message is forwarded from Acquirer/NPCI to any destination and if an

advice message is not delivered immediately due to some communication failure to the

receiving entity then the advice message is stored in their appropriate SAF and is

delivered to the destination when communication is re-established.

4.6.2

Message Type Identifier for Advice Message Reversal advice request 0420

Reversal advice response 0430

Authorization advice request 0120

Authorization advice response 0130

Financial Advice Request 0220

Financial Advice Response 0230


30/198

NPCI System Functionalities Data Communication



Chapter 5NPCI System Functionalities

5.1Data CommunicationNPCI can only communicate with member banks using Transfer control protocol. Transfer

control protocol contains the message length of 2 bytes binary excluding header length.

Member Systems will connect to NPCI system using persistent socket connections.

Member will act as client and NPCI will act as server.

Member will be responsible to generate the sign-on (0800 message type) message after every

successful TCP socket connection.

Member must fine tune its timers so that every disconnection is followed by connect request

without any delay.

5.2Message Logging at NPCINPCI can do message logging at TCP level, Host-to-Host level and all the internal core module

levels. NPCI can also enable logging at module.

5.3Key Security and ManagementWithin the NPCI environment, security considerations include measures for ensuring message

security and integrity, as well as protection against disclosure of cardholder personal

identification number (PIN). The NPCI central switch uses secure PIN encryption to protect all

PINs.

In POS and ATM transactions, all PINs must be encrypted at the point of entry using the triple

DES (3DES) algorithm in the ANSI PIN block format 0 which is equivalent to ISO PIN block

format 0. The PIN will remain encrypted until the issuer receives it for verification. The NPCI

central switch must receive the PIN encrypted with the ANSI PIN block format 0 or ISO PIN

block format 0.

Members must execute all PIN encryption, translation, and decryption for the POS/ATM

transaction using hardware encryption through physically secure devices. Both the host and the

point of entry must use hardware security module.

Key exchange is a service that enables member banks to change working keys that are used to

protect cardholder PINs via online messages.

To utilize this service, members must obtain a Zone Master Key (ZMK). A ZMK is a key exchange

key. Members use a ZMK for encrypting the working key when they convey it in an online

message. A ZMK is used to protect a Zonal Pin Key (ZPK). ZPK is different for both an issuer and

an acquirer.

The key exchange service makes it practically convenient to change PIN encryption keys

frequently, thereby increasing the security of the payment system and reducing the chances of


31/198

NPCI System Functionalities Static Key Exchange



key compromise. There are two types of PIN encryption keys: Acquirer ZPKs and Issuer ZPKs.

NPCI and an acquirer would share one ZPK and NPCI and issuer would share another ZPK.

Acquirers use their ZPK to encrypt the PIN while sending a message to NPCI. NPCI uses the

issuer ZPK to encrypt the PIN when it sends the message to the issuer.

Key exchange messages are used to exchange ZPK between members. ZPK Key exchange can beaccomplished in two ways: i.e. static and dynamic modes as configured for respective members.

5.4Static Key ExchangeIn case of static mode, the Zonal PIN key is encrypted under Zonal Master Key and shall be sent

to bank nominated custodians and the bank is expected to enter those keys manually into their

system. These keys shall remain constant throughout the period for which the member bank is

connected to NPCI on static key mode.

5.5

Dynamic Key ExchangeIn case of dynamic keys the ZPK shall be changed on a periodic basis through a messageexchange between Banks system and NPCI system automatically.

Two ways of dynamic Key exchange is envisaged. One is to have the master send the key update

message and slave updating the key directly. The other way is to have the slave request for a

new key and master shall send a new key in response which slave can update.

Note: In the current implementation NPCI will always send the key to members and members

cannot request for key exchange.

Two ways of key exchange are described below:

Master directly sends the new key to the slave and the slave updates and responds back.

Slave can request a new key and master will send a new key to the slave.

5.5.1Master Sends a New Key

Master key

processor

Slave key

processor

1

2

New Key

Sent

New Key

Accept

Figure 4 Master Send a New Key

1. NPCI will act as a master and will send a new key message (0800 DE 70=184) which will

be the single key used for inbound and outbound messages.


32/198

NPCI System Functionalities Key Exchange Scenarios



2.

The new key details along with key check value will be sent in DE 48 and the key is

encrypted. The participant bank should decrypt the new ZPK key using the ZMK and

store into their switch and should respond back to NPCI with 0810 message with

response code as 00along with DE70=184.

Note: In the event of slave not responding successfully for the key change request, Master will keepprocessing the transaction with the current key.

5.5.2Slave Send a New Key

Master key

processor

Slave keyprocessor

2

1Key change request

from

slave

Key change respone

from

master

3 New keyrequest

4New keyresponse

Figure 5 Slave Sends a New Key

1.

Participant bank can send a new key request message 0800 with DE70 = 164 to NPCI.

2.

If the key request is accepted, NPCI will respond to the participant bank with 0810

response having the response code as 00with DE70 = 164.

3. NPCI will generate the new key and send the new key in (0800 bit 70= 184) request

message which will be single key used for inbound and outbound messages.

4.

The new key details will be sent in DE48 and key encrypted value under ZMK and key

check value. The participant bank should decrypt the new ZPK key using the ZMK and

store into their switch and should respond back to 0810 message with response code as

00along with DE70=184.

Note: In the current implementation NPCI will send the key change message to members who haveopted for the same. Members will not be allowed to ask for key change request.

5.6Key Exchange ScenariosNPCI will generate key exchange on the following scenarios:

Key request from the member bank: Member bank can initiate key exchange either on

ad hoc basis or after a definite time interval. Once the request from the member bank is

accepted, NPCI will initiate new key exchange. This facility will not be provided to

members currently.

Specific time interval: A new key can be generated after a specific time interval. The

suggested time interval is 24 hours. Only NPCI may initiate this key exchange.


33/198

NPCI System Functionalities PIN Encryption / Decryption Process



Specified usage count of key: A new key can be generated on the basis of the specific

usage count of a particular key. Only NPCI may initiate this key exchange.

On consecutive key sync errors: A new key can be generated after a specified number of

consecutive key synchronization errors. Only NPCI may initiate this key exchange

5.7

PIN Encryption / Decryption Process Cardholder enters PIN at point of entry.

The terminal encrypts the PIN in hardware and sends it to the acquirers host.

The acquirers host receives the encrypted PIN, which is then decrypted in hardware.

The acquirer host system then encrypts it in hardware under a different key (Acquirers

ZPK) that the acquirer and the NPCI share.

The NPCI central switch then receives the newly encrypted PIN.

The NPCI central switch performs PIN translation.

The issuer decrypts the PIN using the issuers ZPK key and verifies that the PIN is valid.

5.8Time-Out ManagementThere are different timeout scenarios in a transaction life cycle and as a central switch, NPCI is

expected to manage the timeout scenarios of the transaction in various stages.

NPCI shall maintain the timer at the issuer end such that the timer will start ticking after

the transaction is sent to issuer node. This timer shall be applicable to all the messages

sent to issuer.

Acquirer and NPCI are expected to generate reversal after the expiry of timeout as

mentioned in chapter 6 Member Responsibilities.

In case the reversal or advice is originated by acquirer and acknowledgement is not

received from the issuer within the timeout period, NPCI shall store the advice in SAF

and the SAF shall be cleared from the system as and when the other host is online and is

ready to accept SAF advises. In case of SAF timing out, it will be retried for 3 times

before getting purged and the affect taken into settlement.

NPCI can set parameter in such a way that issuer member bank node can be set to offline on the

basis of consecutive number of messages timed out.

5.9 Liquidity Management Module To keep control on transactions from the Member bank, NPCI wants to keep upper limit

on the transaction received from the Member bank. Using this provision NPCI can keep

control on transactions from member bank. The upper limit is always total of

transaction amount. Member bank can allow transactions equal to or less than the total

of transaction amount i.e. upper limit maintain at NPCI end.

The upper limit of member bank is always decided by banks.

This upper limit is always for the issuer transactions and not for the acquirer

transactions.

At NPCI end, NPCI always maintain cumulative amount and Upper limit amount of

member bank. At the beginning cumulative amount of member bank is always zero.


34/198

NPCI System Functionalities Matching Criteria Key Data Fields



When NPCI receives an authorization (DMS) or a financial transaction (SMS) from the

member bank as acquirer, and before routing the transaction to the issuer, LMM module

adds transaction amount to the cumulative amount of issuer and compare with upper

limit amount.

If the cumulative amount is greater than upper limit of member bank, LMM module will

decline the transaction with specific response code decide by NPCI.

If the cumulative amount is less than upper limit of member bank, LMM module will

allow the transaction for the member bank.

If the cumulative amount is equal to upper limit of member bank, LMM module will

a

rupay - online switching interface specification

Documents