Decoding an ISO 8583 Payload

Goal: Understand the fixed‑position pieces that make up the ASCII string we receive in ISOFullMessage, so you can split it by eye or with any language / tool.

1. High‑level Structure

┌──────────────────────────────────────────────────────────────┐
│ Transport / Host header        (variable, host‑specific)     │
│ ──────────────────────────────────────────────────────────── │
│ MTI           4  n                                            │
│ Primary bitmap 16  n  (64 bits → 16 hex characters)          │
│ Secondary bitmap 16  n  (present only if bit 1 = 1)          │
│ Data elements  …   (1‑128, in ascending order)               │
└──────────────────────────────────────────────────────────────┘

All characters are ASCII.
Numeric fields (n) are right‑justified, zero‑padded.
Alphanumeric fields (ans) are left‑justified, space‑padded.
Variable‑length fields begin with a numeric length prefix:
- LLVAR → 2 digits (00‑99)
- LLLVAR → 3 digits (000‑999)

2. Example in the Wild

Below is the authorization message you saw (line‑wrapped & spaced):

ISO0260000700 | 0120 | B23AC4112EE1801C
0000000214000100 | 0000000000000000 | 0285
0724181349 | 863303 | 141300 | 0724 | 0724
554105 | 2C0000000006 | 12345621543464******6993=0000427704382626
185503 | 0000010003        | 127298000000000
EXXON UPPY'S #68 #2009CENTREVILLE  VA US
0100724141353840 | 0160000000
… (continues)

What those chunks are

Segment

Meaning

Why the spacing?

ISO0260000700

Transport header – prepended by the host to carry length, protocol version, routing info. Its size (12–20 bytes) is vendor‑defined.

Not part of ISO 8583 proper. Discard before parsing.

0120

MTI – 0 120 = Authorization Advice.

Always 4 numeric chars.

B23AC4112EE1801C

Primary bitmap (16 hex chars = 64 bits). Bit 1 is set (B = 1011), so a secondary bitmap follows.

Every 4 bits are packed into one hex char—no delimiter.

0000000214000100

Secondary bitmap (also 16 hex).

Present only because bit 1 in the primary bitmap = 1.

Remaining blocks

Data elements in ascending order (2, 3, 4, … ). Each occupies exactly its specified length, or LL/LLL prefix + value.

Padding (zeros / spaces) makes every fixed field keep its place so downstream systems can slice without delimiters.

3. Bitmap → Which Fields Follow?

Convert each hex char to binary. Example: B23A… → 1011 0010 0011 1010 …
Number bits 1‑64 (or 1‑128).
If a bit = 1, its corresponding field immediately follows the bitmap(s).
Move through the message in ascending field order, reading:

Field #

Format

Length

Notes

2 – PAN

LLVAR n

up to 19

LL tells you how many digits follow.

3 – Processing code

n

Always 000000 for POS sale in our messages.

4 – Amount, Txn

n

Right‑padded zeros: 00000000285 = $2.85

11 – STAN

n

185503 in the sample.

37 – Retrieval Ref # (RRN)

an

724181349863 – used to link auth ↔ purchase.

41 – Terminal ID

ans

00010003 (space‑padded if shorter).

…

(The complete ISO 8583 spec defines > 120 fields. Only the ones lit by the bitmap are present.)

4. Reading Variable‑length Fields

PAN (Field 2)  =  16  543464******6993
                 ──┘ └─────────────────
                 length indicator  (2 chars)

If the bitmap says Field 2 exists, take the next 2 chars, convert to an int (16), then read exactly that many chars for the PAN.
Immediately after that, continue with the next field (Field 3).

5. Padding Rules Cheat‑Sheet

Format

Justify

Pad with

Example

n (numeric)

right

0

00000000285

an, ans (alpha / alnum / special)

left

space (0x20)

00010003·· → becomes 00010003 <space><space>

Track / discretionary

fixed

F or = etc. as per card standards

543464******6993=...

Tip: When debugging, replace 0x20 with · so you can see trailing spaces.

6. Putting It All Together (Walk‑through)

Strip transport header (ISO0260000700).
Read MTI (0120).
Read Primary bitmap (16 hex).
Because bit 1 = 1, read Secondary bitmap (another 16 hex).
Iterate fields:
- bit 2 = 1 → Field 2 (LLVAR) → read length LL → read PAN.
- bit 3 = 1 → Field 3 (6 n) → read 6 chars.
- … continue until all 1 bits are consumed.
You should land exactly on the last byte of the message. Extras mean parsing error.

7. Where the Retrieval Reference Number Hides

Field 37 (RRN) always shows up after Field 35/36 (Track2/Track3) for our host.
Because we never carry field 70+ in auth/purchase, the RRN is usually < halfway down the message.
Example auth vs. purchase pair:

Auth  – … 185503 | **724181349863** | 0000010003 …
Purchase – … 583719 | **724181349863** | 895229592889 …

Same RRN → same transaction lifecycle.

8. Appendix – Field Directory (Common in Our Webhooks)

Field

Length

Format

Meaning

LLVAR (≤ 19)

Primary account number (PAN)

Processing code

Amount, transaction

System trace audit number (STAN)

Local Txn time (hhmmss)

Local Txn date (MMDD)

Retrieval reference number (RRN)

ans

Terminal ID

ans

Merchant ID (sometimes blank)

ans

Card acceptor name / location

LLLVAR (≤ 999)

EMV data (if e‑com / chip)

(Fields differ per processor; consult the host spec if something new appears.)

PreviousWebhook Examples NextConnecting Auth to Purchase

Last updated 6 months ago

hashtag1. High‑level Structure

hashtag2. Example in the Wild

hashtagWhat those chunks are

hashtag3. Bitmap → Which Fields Follow?

hashtag4. Reading Variable‑length Fields

hashtag5. Padding Rules Cheat‑Sheet

hashtag6. Putting It All Together (Walk‑through)

hashtag7. Where the Retrieval Reference Number Hides

hashtag8. Appendix – Field Directory (Common in Our Webhooks)

1. High‑level Structure

2. Example in the Wild

What those chunks are

3. Bitmap → Which Fields Follow?

4. Reading Variable‑length Fields

5. Padding Rules Cheat‑Sheet

6. Putting It All Together (Walk‑through)

7. Where the Retrieval Reference Number Hides

8. Appendix – Field Directory (Common in Our Webhooks)