Here is a snapshot of what my desk looks like: you can see a magtek USB card reader and a few magnetic striped cards; expired pre-paid credit, gift and merchandise return cards that used for testing purposes here.

I’ve been developing some small tools that allows for us to send transactions via a swipe in a .NET windows based application as well as in a Java Web based version to a test instance of OLS.Switch. I used to (and still do) just pipe binary message dumps over netcat pointed to our OLS.Switch’s configured server port for this specific message format.

for example:

$ cat visa_credit_sale.dump | nc 192.168.1.50 33000

where visa_credit_sale.dump would just be a binary file of the message

$ hd visa_credit.sale.dump

would look like this (intentionally blurred and is a test card number)

Here is a shot of the Virtual Point of Sale System:

and a shot of the Virtual Terminal:

Basically you can swipe a card or key-enter a card on the virtual terminal and depending on the configuration of OLS.Switch – (I’m using bin based routing here in this test setup)

Cards that start with:

• 4 – Visa
• 5 – Mastercard
• 6011 – Discover

go to our FDR North (ChasePaymentTech) Simulator and and return a simulated response.

• 3 – Amex

go to our American Express Simulator

• 7 – Stored Value

go to our Stored Value Systems Simulator

• 6 – OLS Stored Value

get switched to our own instance of OLS.Issuer – our authorization host which is not a simulator.

The vPOS and VT are sending in messages in the Visa K/Visa D or otherwise known and Visa Gen II message format (one of the incoming message formats that we support from the device side) and depending on the card type, we are building the appropriate outbound message according to the interface specs (generally an ISO8583 variant), hitting our simulators to get different responses based on amount prompting or in the case of the OLS Stored Value cards, it uses the card files, velocity and limit checking, card status and other authorization rules to authorized the card.

The neat thing? an end-to end transaction take less then 50ms on a sub $1000.00 test server on a local lan.

Here is a link to a PDF that shows the full transaction flow.

The Payment Systems Podcast has created more then 3 recordings so I consider that a success   While we have a pretty specialized focus – we are getting some good feedback and we hope that everyone enjoys the podcasts, we have some good ideas for content, and will try to perform a recording when we are at the ATM Debit and Prepaid Forum or at least one that covers what we heard and saw at the show.

I was recently asked what equipment that I use to create and produce the podcast, my setup is pretty simple, my Macbook using GarageBand and a Samson C01U condenser microphone. The only problem that I’ve dealt with have been some volume issues (addressed in some sound preferences in GB) and setting the microphone as a stereo device rather then a mono – the last 2 recordings were left channel only because of this   Here is a snapshot from the recording of episode #2.

PCI DSS version 1.2 was released today, I blogged a little about the changes based upon a earlier PCI 1.2 summary document here and rather then duplicate the excellent work of others, I’ll point you to Mike over at www.pcianswers.com  who does a great breakdown on the changes between PCI DSS version 1.1 and PCI DSS version 1.2 audit procedures.

From the PCI SSC Press release on PCI 1.2:

This latest version is the culmination of two years of feedback and suggestions from its industry stakeholders and is designed to clarify and ease implementation of the foremost standard for cardholder account security. Version 1.2 is effective immediately and version 1.1 of the standard will sunset on Dec. 31, 2008.

Go read the changes here.