PCI PA-DSS - Changes to Store and Forward processing

May

Posted (admin) in General, PA-DSS, PABP, PCI, Store and Forward, jPOS on May-5-2008

A short while back my colleague Alejandro wrote a blog post about receiving messages from SAF (Store and Forward) typically ISO 400 messages with many of these containing field 35 (Track II Data).

If you read the PCI standards carefully and hang out with PCI geeks here or here you will notice that PCI applies to post-auth data and not necessarily pre-authorization data. — I think the official language is “subsequent to the authorization”

On May 1st, a payment processor modified their message formats as a part of their PCI compliance to not send Field 35 in SAF Advice transactions and would just send the PAN in field 2 and Expiration Date in field 14, instead of DE 35.

Also, from a forum post from “andrewj”

Another update on this (if you are from Australia) - there is a change being made to AS2805.2 to change the track 2 field from mandatory to optional in 04×0 messages. This should be released sometime this month.

This is a good trend in the industry, hopefully others will take this example and continue to trend.

Comments:

PCI Blog - Compliance Demystified » Blog Archive » Store and Forward PCI Compliance on May 7th, 2008 at 6:50 pm #

[...] we know that many merchants will use Store and Forward (SAF) for transactions, “typically ISO 400 messages with many of these containing field 35 (Track II Data)“. This is where a merchant is [...]

About

Recent Posts

Blogroll

Links

Categories

Archives

Meta