STS’ G8 EFT client can be used with a number of different switches and Payment Service Providers (PSPs). Here, we describe how G8 can be used with the MasterCard Payment Gateway Services (MPGS).
MasterCard Payment Gateway is a multi-channel payment service provider (PSP) whose MasterCard Payment Gateway service can accept card payments across all of a merchant’s channels with a unified reporting portal: online, mail-order/telephone-order, mobile, SMS and interactive TV. DPG also supports bank transfers, e-wallets, gift cards, pre-paid cards and Direct Debit. G8 allows merchants to accept card-present payments in-store or on the road through the sameMasterCard Payment Gateway Service.
The MasterCard Payment Gateway is, in G8 terms, an EFT Server that provides authorisation and settlement capabilities. It provides a flexible interface that can support online-capable and offline-only authorisation and optionally a public-key-based encryption mechanism.
The MasterCard Payment Gateway has evolved over time with different mechanisms for handling online authorisation and settlement, and most recently by adding a public-key encryption-based mechanism. This evolution showcases G8’s flexibility in the face of changing requirements and specifications, while maintaining compatibility with existing systems. This snippet describes some of the options that G8 users have if they have chosen to use the DataCash switch.
Options
When using G8 with the MasterCard Payment Gateway, integrators have one main choice, which is whether online authorisation is required. Most integrators would probably prefer to have online authorisation, but that may not be available for on-board scenarios such as on planes, trains and ships.
“datacash” online-capable driver
• Online capability
• Offline capability when connection unavailable
• Transaction data stored encrypted
• Transaction data can only be decrypted by DPG
• Trickle feed
• Keys updated automatically
“datacash.offlineonly” offline-only driver
• No online authorisation capability
• Transaction data stored encrypted
• Transaction data can only be decrypted by DPG
• Transaction data sent to DPG on demand
• Keys updated by integrator
Integrators might also choose to use the deprecated “batch-only” driver, or the “online-only” driver, but these have limitations that make them unsuitable for most integrators.
Using DataCash drivers
To use the DataCash drivers, you must have an account on the DataCash Payment Gateway. This may be a test account during development, or a live account. DataCash provide access details for the DataCash Payment Gateway itself and the Reporting Portal. G8 must be configured with the DataCash Payment Gateway credentials. The Reporting Portal credentials should be kept secret by the account holder, and used for logging in to the reporting portal only. Integrators must also be aware of the consequences of the DataCash Encryption system. See below for more details.
Using the online-capable driver
Most integrators will choose the online-capable “datacash” driver, which provides online authorisation capability, resilience when an online connection is not available, and secure encryption of stored data. Once configured as above, this driver use usable with minimum maintenance, although integrators should be aware of the consequences of the encryption mechanism (see below).
Integrators who wish to support PKE and Magnetic Stripe payments should configure offline BIN ranges such that online authorisation is always required (i.e. the floor limit is zero for all ranges). Then, the BIN range file can contain large ranges that provide basic information such as the card label (MasterCard, Visa, American Express etc.). The offline-authorisation system should be configured to decline all transactions where online authorisation failed.
Using the offline-only driver
Where online authorisation is not available, integrators may wish to configure the EMV kernel with Terminal Type 23 (offline-only, merchant-controlled, attended), and to use the “datacash.offlineonly” driver. Setting up G8 for offline-only authorisation is a subject for a separate article, and can vary from acquirer to acquirer and merchant to merchant based on each stakeholder’s appetite for risk. However, some basic rules follow:
• MasterCard have specific rules for on-board terminals that allow additional transactions to be accepted without merchant liability
• Merchants may wish to accept further transactions at their own risk, and with agreement from the acquirer
• Details BIN ranges and hot-card lists should be configured to allow magnetic stripe transactions to be accepted, and the risk of these transactions should be understood. Fallback from Chip to magnetic stripe should be disallowed.
In an offline-only environment, G8 must be made to settle regularly when a network connection is available, and the encryption key must be updated regularly by the integrator’s systems.
Encryption
The DataCash system allows for transactions to be stored encrypted offline such that they can only be decrypted by the DataCash Payment Gateway itself. This is achieved using public-key encryption similar to that used with the standard G8 EFT driver.
The system is designed such that G8 or an integrator will periodically retrieve a key from DataCash, and this key will be used as the basis for encryption until it is replaced. These keys have a hard 14-day lifetime (this lifetime is set by DataCash). After this date, DataCash deletes the key and any transactions encrypted with that key can never be recovered and settled. With the offline-only driver, the integrator must provide a mechanism to update the key.
G8 will not accept transactions when the encryption key is older than 7 days, with an error clearly indicating that the keys are no longer usable. This provides a safety margin of a further 7 days in which time files should be settled and a new key downloaded. If G8 reports this error when using the online-capable driver, it indicates that there is a severe ongoing issue with network connectivity or configuration that must be investigated quickly.
Summary
G8’s flexible support for many payment service providers has been extended with its support for the DataCash Payment Gateway. G8 with DataCash can be used with any card reader on STS’ extensive list of supported card readers, and may also be used in many different environments including attended, unattended, online-capable or offline-only. Existing customers of DataCash in card-not-present environments can add card-present support using G8, without fragmenting payments and reporting across different service providers. Merchants may also wish to use G8 with DataCash if they also want to add card-not-present payments at a later date using the same service, or alternatively to give the merchant the flexibility to switch to other PSPs without replacing their entire payments infrastructure.