3

Our system receives ISO8583 messages which we decode and handle appropriately. Now we are getting invalid ISO messages in between which our system can't handle. In fact, it sends nothing in return. This causes a timeout on the other side. As a consequence, the (invalid) transaction is reverted which then causes quite a messup as there is nothing to be reverted.

Can anyone give me a clue on how to deal with/answer an invalid/undecodable ISO8583 message? Is there a standard answer (e.g. 'NAK' like)?

alzaimar
  • 4,572
  • 1
  • 16
  • 30

3 Answers3

3

According to the ISO-8583 spec, 6XX (or 16XX, if you're using the '93 version)-class messages are appropriate for administrative notifications. Generally, a 644 or 1644 MTI is prescribed for notifying the sender of a problem processing a message, where

  • X6XX - Indicates an administrative message, often containing the details of a failure

  • XX4X - Indicates that the message is a notification; the sender is not to repeat the message

  • XXX4 - Indicates the source of the message (acquirer/issuer/other); here, it's Other

Putting it all together, your message should have at least the following fields

  1. MTI: 1644
  2. DE-24 (Function code): 650 (Unable to parse message)

Of course, you're to include the standard message identification fields: DE-7,11,12,39. These fields will be necessary for the message sender to match your response with the request.

kolossus
  • 20,559
  • 3
  • 52
  • 104
  • Thanks for your answer. This sounds as logical as the answer from Stuart. To summarize: I do not have to answer, but if I decide to do so, I should use your proposal. – alzaimar Feb 03 '15 at 07:10
  • I beg to differ @alzaimar. I've worked with two commercial switches: Base24 and Postilion; they both *always* provide an admin response in case of a broken message. How else is the acquirer supposed know something went wrong with the transaction? How would *you* know something went wrong with processing the transaction if your switch silently ignored a broken message? Not to mention the reconciliation nightmare that will result from all the single-legged messaging. I believe you should make the best effort to respond. The specification included the admin-type messages for a reason – kolossus Feb 26 '15 at 13:38
2

I don't think there is a standard way of handling invalid ISO 8583 request messages. You didn't say why you are receiving invalid request messages, and without knowing that it is difficult to suggest how you should handle them.

Depending on the situation it may be best not to answer invalid ISO 8583 requests. In fact I know of systems that not only don't answer invalid request messages but will also blacklist the device that sent the invalid message and refuse to answer all other messages from it.

If you do decide not to respond to invalid request messages then as you have found out the client is likely to time out and then attempt to reverse the transaction. This is not usually a problem because servers will usually respond with an approval message to reversal request for transactions that don't exist. Remember that when a client times out after sending a request, it doesn't know if the request was processed or even if the request was received. So a server has to be prepared to handle both 1. a request that was received and processed (by undoing the transaction and then responding with an approval), and 2. a request that was never received/processed (by sending an approval). NOTE: In case 2 there is no need to undo the transaction because the transaction never took place.

Stuart
  • 1,428
  • 11
  • 20
  • 1
    Thanks for your answer. Do you have a link where it is described that a server must/should keep track of his transactions in order to decide whether to undo them or not? Sorry, I am not too familiar with ISO 8583 details. – alzaimar Feb 03 '15 at 07:13
  • Nope, sorry, I don't have such a link. – Stuart Feb 04 '15 at 23:34
  • 1
    @alzaimar It is described in detail in the actual [ISO standard](http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=31628) which do cost money though. – nos Feb 11 '15 at 15:33
2

From my experience with integrating ISO links, invalid ISO messages are usually, by industry standard, handled by a dropping down of the acquring host's connection followed by an angry mail from the acquirer's service provider accusing you of segfaulting down their mainframe.

Other than that different implementations, when implemented well, will handle invalid messages differently, from what @kolossus said in case the parser fails completely, to a normal **10 response with a specific response code such as RC 12 "Invalid transaction" when just some subfields don't make sense (such as problems with packaging of the complex subfields with tokens, track2 parsing etc)

The practical reason why @kolossus solution doesn't really make sense and why Stuard has a point is, if the client has issues of forming the ISO messages, then it almost certainly has a problem with parsing them too, so another ISO message doesn't really tell the client anything except provoking a parser exception on his side too.

End result will be the same - a technical reversal by the client, just not after a timeout. Basically, with iso8583, the best way to handle invalid messages is to not have them, there's no clean way.

bbozo
  • 7,075
  • 3
  • 30
  • 56