ISO/IEC 8583

ISO/IEC 8583
Name	ISO/IEC 8583
Status	Published
Started	1987
Organization	International Organization for Standardization
Domain	Financial transaction card originated messages

ISO/IEC 8583

ISO/IEC 8583 is an international standard defining message formats and communication flow for systems that exchange electronic transaction information among Visa Inc., Mastercard Incorporated, American Express Company, JCB Co., Ltd., and other payment networks. It provides a framework adopted by SWIFT, PayPal Holdings, Inc., Alipay, UnionPay, and numerous financial institutions such as Citigroup, JPMorgan Chase & Co., Bank of America to enable interoperability between point-of-sale devices, automated teller machines, and back-end processors. The standard is used in conjunction with national payment schemes, card issuers like American Express Company, and acquirers such as First Data Corporation to route and clear transactions across networks.

Overview

ISO/IEC 8583 specifies message structure, bitmaps, data elements, and processing rules used by card-based transaction systems operated by entities including Europay International, Interac Association, China UnionPay, Discover Financial Services, and national switch operators like Nets Group. The standard describes how terminals such as devices produced by Ingenico Group, VeriFone Systems, Inc., and software platforms like Microsoft Azure or IBM middleware format messages for authorization, clearing, settlement, and reconciliation processes involving payment processors, acquirers, issuers, and gateways such as Worldpay and Stripe, Inc..

Message Structure and Data Elements

Messages under the standard use a Message Type Indicator and one or more bitmaps to declare the presence of up to 192 data elements; these elements include fields identified by card schemes like Visa Inc. and managed by institutions such as Federal Reserve System and European Central Bank. Data elements cover account numbers, track data, amounts, date/time, point-of-service entry mode, and authorization IDs used by networks including SWIFT, ACH Network, SEPA, and card associations like Mastercard Incorporated. Implementations refer to numeric element identifiers standardized by bodies such as International Electrotechnical Commission and regional operators including APACS and Payments Canada.

Message Types and Processing Codes

The Message Type Indicator (MTI) classifies messages such as authorization requests, advice, and reconciliation, which are used by acquirers like Global Payments Inc. and issuers like Capital One Financial Corporation. Processing codes indicate transaction characteristics and are interpreted by processors including Fiserv, Inc. and switch operators like SIA S.p.A. for handling reversals, refunds, balance inquiries, and settlement. The MTI and processing code conventions facilitate interoperability among point-of-sale vendors such as Poynt and ATM manufacturers like Diebold Nixdorf, and networks operated by Visa Inc. and Mastercard Incorporated.

Network and Transport Considerations

Although ISO/IEC 8583 specifies message format, transport is performed over protocols and networks operated by carriers and service providers such as AT&T Inc., Verizon Communications, Telstra Corporation Limited, and cloud providers like Amazon Web Services and Microsoft Azure. Implementations use transport layers including TCP/IP stacks in equipment from Cisco Systems, Inc. and Juniper Networks or dedicated leased lines managed by BT Group. Gateways and switches maintained by Equinix, Akamai Technologies, and regional processors handle routing, while interbank clearing leverages infrastructures such as TARGET2 and national central switches deployed by central banks like Bank of England.

Implementations and Variants

Commercial and open-source implementations exist from vendors such as IBM, Oracle Corporation, SAP SE, and projects maintained by communities around GitHub and firms like Red Hat, Inc.. Variants and profiles are produced by card schemes including Visa Inc. message specifications, Mastercard Incorporated implementations, and national profiles created by processors such as NRA RDI and associations like EMVCo. Integrated payments stacks offered by Stripe, Inc., Adyen N.V., Square, Inc., and legacy switch vendors like Fiserv, Inc. adapt the standard to emerging channels including mobile wallets from Apple Inc., Google LLC, and Samsung Electronics Co., Ltd..

Security and Compliance Considerations

Adoption of the standard intersects with security frameworks and compliance regimes administered by organizations such as Payment Card Industry Security Standards Council, National Institute of Standards and Technology, European Banking Authority, and regulators like the Financial Conduct Authority. Implementers layer cryptographic protections from standards bodies like IETF (TLS) and apply tokenization schemes advocated by EMVCo and card issuers including Visa Inc. for safeguarding cardholder data considered under mandates such as PCI DSS and laws enforced by agencies like the U.S. Securities and Exchange Commission and national data protection authorities like CNIL.

History and Standardization

Work on the standard was coordinated by International Organization for Standardization and International Electrotechnical Commission committees in the late 1980s, influenced by earlier electronic funds transfer initiatives involving banks such as Chase Bank, Barclays, and networks like SWIFT. Revisions reflect input from card schemes including Visa Inc., Mastercard Incorporated, American Express Company, and regional bodies like European Payments Council, with maintenance activities continuing within standards fora and stakeholder meetings attended by processors including First Data Corporation and technology firms like IBM.

Category:Financial message standards