Payments Basic Training

Payments Basic Training

Module 3: PostCard
Copyright © 2009. S1 Global Ltd. All rights reserved.

Module introduction
• Introduction to using PostCard
• PostCard provide services to issuers

Agenda
• PostCard Overview
• Getting Started
• Authorization Services

Section 1: PostCard Overview
• PostCard Concepts
• Architecture
• PostCard Services to Issuers

PostCard Overview | Getting Started | Using the Portal | Authorization Services
PostCard Concepts
Fundamental Concepts
• PostCard owner
• Issuer
• Card program
• Customer
• Cardholder

PostCard Concepts
Fundamental Concepts
• Multiple cardholders can access an account:
o Primary and secondary cards — identical cards
o Alternate cards — same PAN, different sequence number
o Distinct cards — different PANs
• Customers
o Can be distinct from a cardholder
o Host CIF files
o Required for:
 Card production
 AVS and similar functionality
 Call center functionality

PostCard Architecture
Architecture
• Deployment scenarios
o Processor with multiple issuers
 One processor (owner) — multiple card issuers
 Processor performs certain configuration and management centrally
 Individual member institutions perform other tasks
o Single-issuer
 Issuer owns PostCard system
 Issuer has control over all functionality

Architecture
PostCard
Sink
Issuer host
interface
system
Transaction
Manager
Issuer workstation with

Navigator / Web browser

Payments Portal
• Web based interface
o Deployed on Apache Tomcat
o Commonly used by CSRs
o Accessed using a Web browser (e.g. Internet Explorer)

Navigator
• Application used to access PostCard user interfaces
• Resides on each client computer
• Provides centralized view of user interfaces
• Owner/Issuers user interfaces
o Different views for issuers and owner
o Both use interface to configure and update system
o Provides appropriate user access

PostCard System
• Owner
o Configures and manages services offered
o Specifies issuer access levels
• Issuers
o Provide data to configure services
o Manage card bases

PostCard Services to Issuers

• Card production
• PIN management
• Card status management
• Authorization and validation services
• Risk profile management
• Account product management
Services largely independent of one another

o Issuer can use PIN management without authorization services

PostCard Key Features

• Support for:
o Multiple cards per account
o Multiple accounts per card
• Provides different PIN management methods

• Provides services to multiple issuers — remote access
• Authorizes transactions — synchronizes with host system
• Automates card production process
• Applies risk management to transaction processing

Not Account Management System

• PostCard DOES NOT perform:
o Interest payments
o Month-end statements
o Risk-scoring
o Card applications
o Merchant settlement

Card Production
• Actual creation of plastic cards:
o Specialized card production companies
o Issuer provides file to company
• PostCard:
o Provides issuer with functionality to generate required files
o Supports production of:
 Anonymous cards
 Personalized cards
 Temporary cards

Generating Card Production File

• Two-step process
o Staging the card production
o Creating the card production files

Staging Card Production

• Scan PostCard system identifying cards with the following
characteristics:
o Newly defined by issuer
o Flagged for PIN production only
o Re-issued by issuer (lost, stolen, or damaged)
o Card nearing expiry date — re-issue required

Creating Card Production Files

• Files built for particular card production company
• Plug-in used to create files from data in PostCard database
• Plug-in used is dependent on file format required

PIN Management
• PostCard facilitates the generation of:
o PINs
o PIN codes (PVVs or PIN offsets)

PINs and PIN codes

• Generating PIN numbers
o PAN of card
o Secret PIN verification key (KVP)
• PIN sent to cardholder

• PIN code encrypted on track 2 or stored in database
• KVP distributed to entities trusted to verify PIN
• PIN code and KVP enable entities to verify PIN and allow
customer PIN changes

PostCard PIN Management methods

• PostCard generates PIN and PIN code
• Card production company generates PIN and PIN code
• Card production company generates natural PIN
• Customer selects PIN
o Card not sent via secure mailer
o Cardholder specifies PIN on issuer premises — using secure PIN pad
o PIN pad generates PIN code
o PIN code displayed/printed for issuer operator
o Value entered into PostCard system

PostCard PIN management methods
••PostCard
PostCardgenerates
PostCard generates
generates PIN andand
PIN
PIN PINPIN
and code
PINcode
code
••• PIN block and company
Card
Cardproduction generates
PIN code sent to cardPIN and PIN
production code
company
Card production
productioncompany
company generates
generates PIN PIN
and and
PINPIN
code•production
•
Card
code Part of production
companyrungenerates natural PIN
•• PIN
••
Customer block encrypted using PIN export key given to
Providesselects PIN with PIN code
PostCard
Card
Card production
productioncompany
company company generates
generates natural PINPIN
natural
• PIN sent to cardholder
• Company
• IBM PIN schemedetermines PIN from value for mailer
• Customer selects PIN
• Natural PIN = PIN offset all zeros
• Card not sent via secure mailer
• PostCard sets PIN offsets to zero
• Cardholder specifies PIN on issuer premises — using
• No needPIN
secure to load
pad PIN offsets from Card production company
•• Cardholder can change
PIN pad generates the PIN at a later point
PIN code
• PIN code displayed/printed for issuer operator
• Value entered into PostCard system
PostCard PIN Management methods
Track 2 (incl
PIN code) Card and PIN
Track 2
Card and PIN
PIN code
Track 2 Card
PIN

Card Status Management

• Activate new/re-issued cards, deactivate old cards
• Depends on PIN management:
• No PIN: First transaction activates cards issued with no PIN
associated (e.g. credit cards)
• PIN scenarios:
o On first successful transaction, if PIN mailer sent with card
o Immediately, if PIN selected in-branch
o PIN change required with first PIN-based transaction

Card Status Management

• PostCard activates card on first successful transaction
performed
• Old cards with same PAN and sequence number are disabled
• Anonymous/temporary cards disabled on activation of new
card
• Disabled cards
o Transactions declined
o Retained in PostCard database – can be added to hotcard lists

Authorization Services
• Four authorization configurations:
o No authorization
 No transaction authorization performed
 All transactions declined if issuer down
o Velocity stand-in authorization
o Balances stand-in authorization
o Full authorization
 Without advices
 With advices

Velocity Stand-in Authorization

• Configured using limits (velocity limits)
o Number and value of offline debit transactions
o Per day, per week, per month, per transaction
o Per card or account
• Risk falls on issuer

• Only performed if issuer is unavailable
• Depending on other validation services account balance
information is not required
• No file extracts
• Simple to administer
Full Authorization
• PostCard authorizes all transactions
o Transactions never sent to issuer
• Issuer sends PostCard the card, account and account balances

(load)
• PostCard sends issuer authorized transactions file (extract)
• Issuer updates account balances
• Send new balances to PostCard (load)

Balances Stand-in Authorization

• Stand-in performed against actual account balances
• Stand-in only if issuer is not available
• Issuer supplies balances for every account of each cardholder
• New account balances provided every day
o Maintain transaction integrity across databases
• Issuer authorizes transactions if available

• Balances kept in sync
o PostCard force-posts transaction advices

Validation Services
• May be optional or enforced by PostCard — depending on
configuration
• Performed before forwarding transaction or providing stand-in
• Transactions declined if validation fails
o Even when issuer is available
o Reduce load on issuer

Validation Sequence
• Check card status
• Check if card on hold
• Check if account on hold
• Check expiry date
• PIN verification
• Card verification
• EMV authentication
• Validation data matching
• Track 2 value matching

Additional Validation Services

• Address verification service (AVS)
• Retrieve linked accounts (always with full authorization)
• Velocity checking (always with velocity stand-in)

Risk Profile Management

• PostCard enables issuers to apply risk management to their
transaction processing:
o Decline transactions from certain countries
o Decline transactions for specific account types
o Decline transactions for certain merchant category codes
o Decline stand-in authorization for specific card programs
o Configure transaction types for which stand-in authorization should not
be permitted
o Configure extended response codes

Risk Profile Management

• Configuring risk management involves:
1. Creating risk transaction groups

2. Specifying risk transaction rules
3. Configuring risk profiles
Risk Profile
Risk Profile
Risk transaction rule
Risk transaction Actions to be
Risk Transaction Risk Transaction
group taken
group Rule
Account or card program associations

Section 2: Getting Started
• Services
• Security and Access
• Configuring Users and Roles
• Help Documentation
• Scheduled Jobs

Getting Started
Getting Started
• Basic PostCard operations:
o Starting services required by PostCard
o Logging in to Navigator
o Adding users and configuring roles
o Accessing consoles and documentation
o Scheduling and running jobs

Services
Services
• Required services:
o Microsoft SQL Server
o Postilion Certificate Manager
o Postilion Transaction Manager
o Postilion Scheduler
o Postilion User Interfaces Service
o Apache Tomcat
o Source and sink interfaces

Security and Access
Security and Access

• Multiple issuer access:
o Central processor owner of S1 payments system and PostCard
o Owner controls owner domain
o Owner creates issuer administrator login
o Issuer operators have limited access
o Each issuer owns domain
o Issuer administrator creates users and assign roles

Security and Access
Security and Access

• Single issuer access:
o Issuer is the owner
o Owner creates issuer and issuer domain
o Only owner can log in to PostCard
o Login defined during installation:
 Administrator creates users and assign roles in owner domain
 Administrator creates issuers and assign roles
o Issuer can now log-in

Security and Access
Security Precautions
• PostCard accessed from remote workstations — imposes
greater security requirement
• Precautions:
o Passwords should be changed regularly
o Usernames and passwords must be kept secret
o Access to PostCard should be restricted

Configuring Users and Roles
Issuer Configuration
• Process identical to one detailed for owners
• If logged in as owner operator:
o Expand Postilion Owner
o Expand relevant issuer node
o Expand Framework and User management
• If logged in as issuer operator:

o Expand issuer node
o Expand Framework and User management

Help Documentation
Help Documentation
• Open Realtime Management Console
• Expand Documentation
• Expand PostCard

Scheduled Jobs
Scheduled Jobs
• Use jobs to perform scheduled tasks:
o Clean out aged data
o Periodically reset velocity limits
o Load card and account information
o Extract card and account information
• Access jobs:
o In Navigation pane, expand Postilion Owner > PostCard > Scheduled
Jobs
o Click Scheduled Jobs

Scheduled Jobs
SQL Server Management Studio

• Used to check if Jobs ran successfully
o Jobs: Console Root > MS SQL Server > SQL Server Group > Your Server
> SQL Server Agent > Jobs
o Right-click job to be checked
o Click View History
o Check Last Run Status is Succeeded

Scheduled Jobs
Navigator
• Used to view and alter schedule of job:
o Select job
o Click Properties
o Click Schedule to open schedules page
o Modify the schedule if necessary, click Update
o Click Close

Scheduled Jobs
Tracing
• Tracing is useful in troubleshooting PostCard
• Open Postilion Trace Viewer:
o In Realtime Management Console, expand Tools > Realtime Framework
o Click Trace Viewer
• In Trace Viewer:
o Expand PostCard
o Click on a job
o Click a trace associated with the job

Section 4: Authorization Services
• Velocity Stand-in Authorization
• Full Authorization


• Most commonly used stand-in
o Realtime stands-in when authorizing entity is unavailable
o Authorizes transaction using limits defined by issuer
o Limits reflect issuer’s risk assessment

Definable Limits
• Daily velocities
o Number of purchases
o Number of cash withdrawals
o Purchase amount
o Cash amount
o Card-not-present amount
o Deposit available limit
• Weekly — similar to daily limits

• Monthly — similar to daily limits
• Per transaction — apply to each transaction

Limits configured on three levels

• Card program
o Specified when configuring card program
o Apply to each card in program at card level
• Card
o Limits for individual cards
o Override any card program limits
• Account
o Limits for specific accounts

Velocity Stand-in: Type 1
Services used • Velocity Stand-in

• No retrieval of linked accounts
• No account-level authorization
• Optional:
• EMV authentication
• Card verification
• PIN verification with PIN code on track 2
Information required • No specific card information required
• Configured BIN


• No retrieval of linked accounts
• No account-level authorization
• Any validation services
Information required Information about each card but not account

information


• Retrieval of linked accounts
• Account-level authorization
Information required Information about each card and each account

Card and Account Information

• Available from two sources:
o PostCard database
 PostCard used for card production file generation
 Operator captures new cards and account info
 Uses PostCard’s New Card Wizard and New Account Wizard else uses the
Portal if the Portal is configured
o Externally generated files
 PostCard not used
 Card and account details maintained by issuer host system
 Sent to PostCard in specified format

Full Authorization
Full Authorization
• PostCard authorizes all EFT transactions
• Two types of full authorization:
o Without advices
o With advices
• End point for transactions

• PostCard maintains:
o Cards and accounts
o Account balances
• Issuer system not receive EFT transactions

• PostCard and issuer host synchronized by load-extract cycle

Full Authorization
Load-Extract cycle
• Core banking system send loads to PostCard
• Load-extract cycle necessary when:
o Core banking system may provide card management:
 Informs PostCard of new cards issued or cards de-activated
o Core banking system handles non-EFT transactions
 Informs PostCard of affect of these transactions on account balances
o PostCard adjusts account balances of approved transactions
 Changes fed to core banking system

Full Authorization
Load Types
• Full load
• Full accounts load
• Full balances load
• Partial load
• Update load
• Account balances adjustment load

Full Authorization
Load Types — Full Load

• Used to create initial baseline
• Overwrites any existing records
• Files needed:
o Cards.txt
o Accounts.txt
o CardAccounts.txt
o AccountBalances.txt
o CardOverrideLimits.txt
o AccountOverrideLimits.txt
o Statements.txt

Full Authorization
Load Types — Full Accounts Load

• Replaces account and account balance information
• Optionally updates:
o Statement information
o Override limits
• Files needed:
o Accounts.txt
o Accountbalances.txt
o Accountoverridelimits.txt
o Statements.txt
o Customers.txt
o Customeraccounts.txt

Full Authorization
Load Types — Full Balances Load

• Similar to full load — no account information
• Replaces only balances
• Optionally updates:
o Statement information
• Files needed:
o Statements.txt

Full Authorization
Load Types — Partial Load

• Selectively update/delete/insert records
• Used to keep existing records synchronized
• Same files as full load
• Each record in a files preceded with:
o U — indicates an update
o D — indicates a deletion

Full Authorization
Load Types — Update Load

• Modify information held by PostCard
• Not considered part of load-extract cycle
o Not used to modify account balances
o Used to update card and account details, e.g. PIN changes
• Applied using files or 0320/0322 (file update) messages

Full Authorization
Load Types — Update Load files

• Files needed for update load:
o Cards.txt
o Accounts.txt
o Cardaccounts.txt
o Statements.txt
o Accountoverridelimits.txt
o Cardoverridelimits.txt

Full Authorization
Load Types —Account Balances update load

• Used typically to load cash onto stored value cards
• Only specifies amount to be added to current account balance
• Not part of the load-extract cycle
• Applied using files or 0320/0322 (file update) messages
• Files needed:
o Accountbalanceadjustments.txt
o Statements.txt

Full Authorization
Load Sequences — No Card Management

• PostCard:
o Not used to manage cards
o Not the source of card and account information
o Records overwritten as required
• Sequence used:
o Initially — Full load
o Daily — Partial load and full accounts load
o Weekly (optional) — Full load
o Periodically — Update load

Full Authorization
Load sequences — Card Management

• PostCard:
o Used to manage cards
o Source of all card and account information
o Records must not be overwritten
• Sequence used:
o Initially — Full load
o Daily — Partial load and full accounts load
o Periodically — Update load

Full Authorization
Extracts
• PostCard provides feedback to core banking system
• Achieved using extracts
• One extract configured per issuer
• PostCard extracts transaction information for specific issuer
• Two time periods associated with extracts:
o Extract period
 Transaction information extracted (batch cutover)
o Extract file production period
 Extract files produced

Full Authorization
Extracts
• Extract jobs schedule:
o Advance extract period
 One extract period closed; a new one opened immediately
o Extract files
 Control production of files; must follow advance extract period job
• Two files extracted:

o Accountbalancedeltas.txt
o Statementdeltas.txt

Uploaded by

Uploaded by

Payments Basic Training

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Issuer workstation with

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

PostCard Services to Issuers

Services largely independent of one another

Copyright © 2009. S1 Global Ltd. All rights reserved.

PostCard Key Features

• Provides different PIN management methods

Copyright © 2009. S1 Global Ltd. All rights reserved.

Not Account Management System

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Generating Card Production File

Copyright © 2009. S1 Global Ltd. All rights reserved.

Staging Card Production

Copyright © 2009. S1 Global Ltd. All rights reserved.

Creating Card Production Files

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

PINs and PIN codes

• PIN sent to cardholder

Copyright © 2009. S1 Global Ltd. All rights reserved.

PostCard PIN Management methods

Copyright © 2009. S1 Global Ltd. All rights reserved.

PostCard PIN management methods

PostCard PIN Management methods

Copyright © 2009. S1 Global Ltd. All rights reserved.

Card Status Management

Copyright © 2009. S1 Global Ltd. All rights reserved.

Card Status Management

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Velocity Stand-in Authorization

• Risk falls on issuer

• Issuer sends PostCard the card, account and account balances

Copyright © 2009. S1 Global Ltd. All rights reserved.

Balances Stand-in Authorization

• Issuer authorizes transactions if available

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Additional Validation Services

Copyright © 2009. S1 Global Ltd. All rights reserved.

Risk Profile Management

Copyright © 2009. S1 Global Ltd. All rights reserved.

Risk Profile Management

1. Creating risk transaction groups

Account or card program associations

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Security and Access

Copyright © 2009. S1 Global Ltd. All rights reserved.

Security and Access

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

• If logged in as issuer operator:

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

SQL Server Management Studio

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Copyright © 2009. S1 Global Ltd. All rights reserved.

Velocity Stand-in Authorization

Copyright © 2009. S1 Global Ltd. All rights reserved.