PCI PA-DSS – Changes to Store and Forward processing

Payment Systems Blog | David D. Bergert

May

Posted (admin) in General, PA-DSS, PABP, PCI, Store and Forward on May-5-2008

If you read the PCI standards carefully and hang out with PCI geeks here or here you will notice that PCI applies to post-auth data and not necessarily pre-authorization data. — I think the official language is “subsequent to the authorization”

On May 1st, a payment processor modified their message formats as a part of their PCI compliance to not send Field 35 in SAF Advice transactions and would just send the PAN in field 2 and Expiration Date in field 14, instead of DE 35.

Also, from a forum post from “andrewj”

Another update on this (if you are from Australia) – there is a change being made to AS2805.2 to change the track 2 field from mandatory to optional in 04×0 messages. This should be released sometime this month.

This is a good trend in the industry, hopefully others will take this example and continue to trend.

No related posts.

Comments:

PCI Blog - Compliance Demystified » Blog Archive » Store and Forward PCI Compliance on May 7th, 2008 at 6:50 pm #

[...] we know that many merchants will use Store and Forward (SAF) for transactions, “typically ISO 400 messages with many of these containing field 35 (Track II Data)“. This is where a merchant is [...]

About

Recent Posts

Blogroll

Links

Categories

Archives

Meta